Method: roles.list

Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project.

HTTP request


The URL uses gRPC Transcoding syntax.

Query parameters



The parent parameter's value depends on the target resource for the request, namely roles, projects, or organizations. Each resource type's parent value format is described below:

  • roles.list: An empty string. This method doesn't require a resource; it simply returns all predefined roles in IAM. Example request URL:

  • projects.roles.list: projects/{PROJECT_ID}. This method lists all project-level custom roles. Example request URL:{PROJECT_ID}/roles

  • organizations.roles.list: organizations/{ORGANIZATION_ID}. This method lists all organization-level custom roles. Example request URL:{ORGANIZATION_ID}/roles

Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.

Authorization requires the following IAM permission on the specified resource parent:

  • iam.roles.list


Optional limit on the number of roles to include in the response.

The default is 300, and the maximum is 1,000.



Optional pagination token returned in an earlier ListRolesResponse.


enum (RoleView)

Optional view for the returned Role objects. When FULL is specified, the includedPermissions field is returned, which includes a list of all permissions in the role. The default value is BASIC, which does not return the includedPermissions field.



Include Roles that have been deleted.

Request body

The request body must be empty.

Response body

If successful, the response body contains an instance of ListRolesResponse.

Authorization scopes

Requires one of the following OAuth scopes:


For more information, see the Authentication Overview.