AlloyDB for PostgreSQL roles and permissions
Stay organized with collections Save and categorize content based on your preferences.

This page lists the IAM roles and permissions for AlloyDB for PostgreSQL. To search through all roles and permissions, see the role and permission index.

AlloyDB for PostgreSQL roles

Role Permissions

Role	Permissions
Cloud AlloyDB Admin ^Beta (`roles/alloydb.admin`) Full access to Cloud AlloyDB all resources.	`alloydb.` `alloydb.backups.create` `alloydb.backups.createTagBinding` `alloydb.backups.delete` `alloydb.backups.deleteTagBinding` `alloydb.backups.get` `alloydb.backups.list` `alloydb.backups.listEffectiveTags` `alloydb.backups.listTagBindings` `alloydb.backups.update` `alloydb.clusters.create` `alloydb.clusters.createTagBinding` `alloydb.clusters.delete` `alloydb.clusters.deleteTagBinding` `alloydb.clusters.export` `alloydb.clusters.generateClientCertificate` `alloydb.clusters.get` `alloydb.clusters.import` `alloydb.clusters.list` `alloydb.clusters.listEffectiveTags` `alloydb.clusters.listTagBindings` `alloydb.clusters.promote` `alloydb.clusters.switchover` `alloydb.clusters.update` `alloydb.clusters.upgrade` `alloydb.databases.list` `alloydb.instances.connect` `alloydb.instances.create` `alloydb.instances.delete` `alloydb.instances.executeSql` `alloydb.instances.failover` `alloydb.instances.get` `alloydb.instances.injectFault` `alloydb.instances.list` `alloydb.instances.restart` `alloydb.instances.update` `alloydb.locations.get` `alloydb.locations.list` `alloydb.operations.cancel` `alloydb.operations.delete` `alloydb.operations.get` `alloydb.operations.list` `alloydb.supportedDatabaseFlags.get` `alloydb.supportedDatabaseFlags.list` `alloydb.users.create` `alloydb.users.delete` `alloydb.users.get` `alloydb.users.list` `alloydb.users.login` `alloydb.users.update` `cloudaicompanion.entitlements.get` `cloudkms.keyHandles.` `cloudkms.keyHandles.create` `cloudkms.keyHandles.get` `cloudkms.keyHandles.list` `cloudkms.operations.get` `cloudkms.projects.showEffectiveAutokeyConfig` `recommender.alloydbClusterPerformanceInsights.` `recommender.alloydbClusterPerformanceInsights.get` `recommender.alloydbClusterPerformanceInsights.list` `recommender.alloydbClusterPerformanceInsights.update` `recommender.alloydbClusterPerformanceRecommendations.` `recommender.alloydbClusterPerformanceRecommendations.get` `recommender.alloydbClusterPerformanceRecommendations.list` `recommender.alloydbClusterPerformanceRecommendations.update` `recommender.alloydbClusterReliabilityInsights.` `recommender.alloydbClusterReliabilityInsights.get` `recommender.alloydbClusterReliabilityInsights.list` `recommender.alloydbClusterReliabilityInsights.update` `recommender.alloydbClusterReliabilityRecommendations.` `recommender.alloydbClusterReliabilityRecommendations.get` `recommender.alloydbClusterReliabilityRecommendations.list` `recommender.alloydbClusterReliabilityRecommendations.update` `recommender.alloydbInstanceSecurityInsights.` `recommender.alloydbInstanceSecurityInsights.get` `recommender.alloydbInstanceSecurityInsights.list` `recommender.alloydbInstanceSecurityInsights.update` `recommender.alloydbInstanceSecurityRecommendations.` `recommender.alloydbInstanceSecurityRecommendations.get` `recommender.alloydbInstanceSecurityRecommendations.list` `recommender.alloydbInstanceSecurityRecommendations.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Cloud AlloyDB Client ^Beta (`roles/alloydb.client`) Connectivity access to Cloud AlloyDB instances.	`alloydb.clusters.generateClientCertificate` `alloydb.clusters.get` `alloydb.instances.connect` `alloydb.instances.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Cloud AlloyDB Database User ^Beta (`roles/alloydb.databaseUser`) Role allowing access to login as a database user.	`alloydb.clusters.get` `alloydb.instances.executeSql` `alloydb.instances.get` `alloydb.users.login` `resourcemanager.projects.get` `resourcemanager.projects.list`
AlloyDB Service Agent (`roles/alloydb.serviceAgent`) Gives the AlloyDB service account permission to manage customer resources Warning: Do not grant service agent roles to any principals except service agents.	`alloydb.clusters.list`
Cloud AlloyDB Viewer ^Beta (`roles/alloydb.viewer`) Read-only access to Cloud AlloyDB all resources.	`alloydb.backups.get` `alloydb.backups.list` `alloydb.backups.listEffectiveTags` `alloydb.backups.listTagBindings` `alloydb.clusters.export` `alloydb.clusters.get` `alloydb.clusters.list` `alloydb.clusters.listEffectiveTags` `alloydb.clusters.listTagBindings` `alloydb.databases.list` `alloydb.instances.get` `alloydb.instances.list` `alloydb.locations.` `alloydb.locations.get` `alloydb.locations.list` `alloydb.operations.get` `alloydb.operations.list` `alloydb.supportedDatabaseFlags.` `alloydb.supportedDatabaseFlags.get` `alloydb.supportedDatabaseFlags.list` `alloydb.users.get` `alloydb.users.list` `cloudaicompanion.entitlements.get` `recommender.alloydbClusterPerformanceInsights.get` `recommender.alloydbClusterPerformanceInsights.list` `recommender.alloydbClusterPerformanceRecommendations.get` `recommender.alloydbClusterPerformanceRecommendations.list` `recommender.alloydbClusterReliabilityInsights.get` `recommender.alloydbClusterReliabilityInsights.list` `recommender.alloydbClusterReliabilityRecommendations.get` `recommender.alloydbClusterReliabilityRecommendations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

Cloud AlloyDB Admin ^Beta

(roles/alloydb.admin)

Full access to Cloud AlloyDB all resources.

alloydb.*

alloydb.backups.create
alloydb.backups.createTagBinding
alloydb.backups.delete
alloydb.backups.deleteTagBinding
alloydb.backups.get
alloydb.backups.list
alloydb.backups.listEffectiveTags
alloydb.backups.listTagBindings
alloydb.backups.update
alloydb.clusters.create
alloydb.clusters.createTagBinding
alloydb.clusters.delete
alloydb.clusters.deleteTagBinding
alloydb.clusters.export
alloydb.clusters.generateClientCertificate
alloydb.clusters.get
alloydb.clusters.import
alloydb.clusters.list
alloydb.clusters.listEffectiveTags
alloydb.clusters.listTagBindings
alloydb.clusters.promote
alloydb.clusters.switchover
alloydb.clusters.update
alloydb.clusters.upgrade
alloydb.databases.list
alloydb.instances.connect
alloydb.instances.create
alloydb.instances.delete
alloydb.instances.executeSql
alloydb.instances.failover
alloydb.instances.get
alloydb.instances.injectFault
alloydb.instances.list
alloydb.instances.restart
alloydb.instances.update
alloydb.locations.get
alloydb.locations.list
alloydb.operations.cancel
alloydb.operations.delete
alloydb.operations.get
alloydb.operations.list
alloydb.supportedDatabaseFlags.get
alloydb.supportedDatabaseFlags.list
alloydb.users.create
alloydb.users.delete
alloydb.users.get
alloydb.users.list
alloydb.users.login
alloydb.users.update

cloudaicompanion.entitlements.get

cloudkms.keyHandles.*

cloudkms.keyHandles.create
cloudkms.keyHandles.get
cloudkms.keyHandles.list

cloudkms.operations.get

cloudkms.projects.showEffectiveAutokeyConfig

recommender.alloydbClusterPerformanceInsights.*

recommender.alloydbClusterPerformanceInsights.get
recommender.alloydbClusterPerformanceInsights.list
recommender.alloydbClusterPerformanceInsights.update

recommender.alloydbClusterPerformanceRecommendations.*

recommender.alloydbClusterPerformanceRecommendations.get
recommender.alloydbClusterPerformanceRecommendations.list
recommender.alloydbClusterPerformanceRecommendations.update

recommender.alloydbClusterReliabilityInsights.*

recommender.alloydbClusterReliabilityInsights.get
recommender.alloydbClusterReliabilityInsights.list
recommender.alloydbClusterReliabilityInsights.update

recommender.alloydbClusterReliabilityRecommendations.*

recommender.alloydbClusterReliabilityRecommendations.get
recommender.alloydbClusterReliabilityRecommendations.list
recommender.alloydbClusterReliabilityRecommendations.update

recommender.alloydbInstanceSecurityInsights.*

recommender.alloydbInstanceSecurityInsights.get
recommender.alloydbInstanceSecurityInsights.list
recommender.alloydbInstanceSecurityInsights.update

recommender.alloydbInstanceSecurityRecommendations.*

recommender.alloydbInstanceSecurityRecommendations.get
recommender.alloydbInstanceSecurityRecommendations.list
recommender.alloydbInstanceSecurityRecommendations.update

resourcemanager.projects.get

resourcemanager.projects.list

Cloud AlloyDB Client ^Beta

(roles/alloydb.client)

Connectivity access to Cloud AlloyDB instances.

alloydb.clusters.generateClientCertificate

alloydb.clusters.get

alloydb.instances.connect

alloydb.instances.get

resourcemanager.projects.get

resourcemanager.projects.list

Cloud AlloyDB Database User ^Beta

(roles/alloydb.databaseUser)

Role allowing access to login as a database user.

alloydb.clusters.get

alloydb.instances.executeSql

alloydb.instances.get

alloydb.users.login

resourcemanager.projects.get

resourcemanager.projects.list

AlloyDB Service Agent

(roles/alloydb.serviceAgent)

Gives the AlloyDB service account permission to manage customer resources

alloydb.clusters.list

Cloud AlloyDB Viewer ^Beta

(roles/alloydb.viewer)

Read-only access to Cloud AlloyDB all resources.

alloydb.backups.get

alloydb.backups.list

alloydb.backups.listEffectiveTags

alloydb.backups.listTagBindings

alloydb.clusters.export

alloydb.clusters.get

alloydb.clusters.list

alloydb.clusters.listEffectiveTags

alloydb.clusters.listTagBindings

alloydb.databases.list

alloydb.instances.get

alloydb.instances.list

alloydb.locations.*

alloydb.locations.get
alloydb.locations.list

alloydb.operations.get

alloydb.operations.list

alloydb.supportedDatabaseFlags.*

alloydb.supportedDatabaseFlags.get
alloydb.supportedDatabaseFlags.list

alloydb.users.get

alloydb.users.list

cloudaicompanion.entitlements.get

recommender.alloydbClusterPerformanceInsights.get

recommender.alloydbClusterPerformanceInsights.list

recommender.alloydbClusterPerformanceRecommendations.get

recommender.alloydbClusterPerformanceRecommendations.list

recommender.alloydbClusterReliabilityInsights.get

recommender.alloydbClusterReliabilityInsights.list

recommender.alloydbClusterReliabilityRecommendations.get

recommender.alloydbClusterReliabilityRecommendations.list

resourcemanager.projects.get

resourcemanager.projects.list

AlloyDB for PostgreSQL permissions

Permission	Included in roles
`alloydb.backups.create`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud AlloyDB Admin (`roles/alloydb.admin`)
`alloydb.backups.createTagBinding`	Owner (`roles/owner`) Cloud AlloyDB Admin (`roles/alloydb.admin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Tag User (`roles/resourcemanager.tagUser`)
`alloydb.backups.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud AlloyDB Admin (`roles/alloydb.admin`)
`alloydb.backups.deleteTagBinding`	Owner (`roles/owner`) Cloud AlloyDB Admin (`roles/alloydb.admin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Tag User (`roles/resourcemanager.tagUser`)
`alloydb.backups.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud AlloyDB Admin (`roles/alloydb.admin`) Cloud AlloyDB Viewer (`roles/alloydb.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`)
`alloydb.backups.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud AlloyDB Admin (`roles/alloydb.admin`) Cloud AlloyDB Viewer (`roles/alloydb.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`)
`alloydb.backups.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud AlloyDB Admin (`roles/alloydb.admin`) Cloud AlloyDB Viewer (`roles/alloydb.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`)
`alloydb.backups.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud AlloyDB Admin (`roles/alloydb.admin`) Cloud AlloyDB Viewer (`roles/alloydb.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`)
`alloydb.backups.update`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud AlloyDB Admin (`roles/alloydb.admin`)
`alloydb.clusters.create`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud AlloyDB Admin (`roles/alloydb.admin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Database Migration Service Agent (`roles/datamigration.serviceAgent`)
`alloydb.clusters.createTagBinding`	Owner (`roles/owner`) Cloud AlloyDB Admin (`roles/alloydb.admin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Tag User (`roles/resourcemanager.tagUser`)
`alloydb.clusters.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud AlloyDB Admin (`roles/alloydb.admin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Database Migration Service Agent (`roles/datamigration.serviceAgent`)
`alloydb.clusters.deleteTagBinding`	Owner (`roles/owner`) Cloud AlloyDB Admin (`roles/alloydb.admin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Tag User (`roles/resourcemanager.tagUser`)
`alloydb.clusters.export`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud AlloyDB Admin (`roles/alloydb.admin`) Cloud AlloyDB Viewer (`roles/alloydb.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Discovery Engine Service Agent (`roles/discoveryengine.serviceAgent`)
`alloydb.clusters.generateClientCertificate`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud AlloyDB Admin (`roles/alloydb.admin`) Cloud AlloyDB Client (`roles/alloydb.client`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Database Migration Service Agent (`roles/datamigration.serviceAgent`)
`alloydb.clusters.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud AlloyDB Admin (`roles/alloydb.admin`) Cloud AlloyDB Client (`roles/alloydb.client`) Cloud AlloyDB Database User (`roles/alloydb.databaseUser`) Cloud AlloyDB Viewer (`roles/alloydb.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Database Migration Service Agent (`roles/datamigration.serviceAgent`)
`alloydb.clusters.import`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud AlloyDB Admin (`roles/alloydb.admin`)
`alloydb.clusters.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud AlloyDB Admin (`roles/alloydb.admin`) Cloud AlloyDB Viewer (`roles/alloydb.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Database Migration Service Agent (`roles/datamigration.serviceAgent`) AlloyDB Service Agent (`roles/alloydb.serviceAgent`)
`alloydb.clusters.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud AlloyDB Admin (`roles/alloydb.admin`) Cloud AlloyDB Viewer (`roles/alloydb.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`)
`alloydb.clusters.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud AlloyDB Admin (`roles/alloydb.admin`) Cloud AlloyDB Viewer (`roles/alloydb.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`)
`alloydb.clusters.promote`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud AlloyDB Admin (`roles/alloydb.admin`)
`alloydb.clusters.switchover`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud AlloyDB Admin (`roles/alloydb.admin`)
`alloydb.clusters.update`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud AlloyDB Admin (`roles/alloydb.admin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Database Migration Service Agent (`roles/datamigration.serviceAgent`)
`alloydb.clusters.upgrade`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud AlloyDB Admin (`roles/alloydb.admin`)
`alloydb.databases.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud AlloyDB Admin (`roles/alloydb.admin`) Cloud AlloyDB Viewer (`roles/alloydb.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Discovery Engine Service Agent (`roles/discoveryengine.serviceAgent`)
`alloydb.instances.connect`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud AlloyDB Admin (`roles/alloydb.admin`) Cloud AlloyDB Client (`roles/alloydb.client`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Database Migration Service Agent (`roles/datamigration.serviceAgent`)
`alloydb.instances.create`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud AlloyDB Admin (`roles/alloydb.admin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Database Migration Service Agent (`roles/datamigration.serviceAgent`)
`alloydb.instances.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud AlloyDB Admin (`roles/alloydb.admin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Database Migration Service Agent (`roles/datamigration.serviceAgent`)
`alloydb.instances.executeSql`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud AlloyDB Admin (`roles/alloydb.admin`) Cloud AlloyDB Database User (`roles/alloydb.databaseUser`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`)
`alloydb.instances.failover`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud AlloyDB Admin (`roles/alloydb.admin`)
`alloydb.instances.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud AlloyDB Admin (`roles/alloydb.admin`) Cloud AlloyDB Client (`roles/alloydb.client`) Cloud AlloyDB Database User (`roles/alloydb.databaseUser`) Cloud AlloyDB Viewer (`roles/alloydb.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Discovery Engine Service Agent (`roles/discoveryengine.serviceAgent`) Database Migration Service Agent (`roles/datamigration.serviceAgent`)
`alloydb.instances.injectFault`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud AlloyDB Admin (`roles/alloydb.admin`)
`alloydb.instances.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud AlloyDB Admin (`roles/alloydb.admin`) Cloud AlloyDB Viewer (`roles/alloydb.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Database Migration Service Agent (`roles/datamigration.serviceAgent`)
`alloydb.instances.restart`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud AlloyDB Admin (`roles/alloydb.admin`)
`alloydb.instances.update`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud AlloyDB Admin (`roles/alloydb.admin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Database Migration Service Agent (`roles/datamigration.serviceAgent`)
`alloydb.locations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud AlloyDB Admin (`roles/alloydb.admin`) Cloud AlloyDB Viewer (`roles/alloydb.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`)
`alloydb.locations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud AlloyDB Admin (`roles/alloydb.admin`) Cloud AlloyDB Viewer (`roles/alloydb.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`)
`alloydb.operations.cancel`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud AlloyDB Admin (`roles/alloydb.admin`)
`alloydb.operations.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud AlloyDB Admin (`roles/alloydb.admin`)
`alloydb.operations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud AlloyDB Admin (`roles/alloydb.admin`) Cloud AlloyDB Viewer (`roles/alloydb.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Discovery Engine Service Agent (`roles/discoveryengine.serviceAgent`) Database Migration Service Agent (`roles/datamigration.serviceAgent`)
`alloydb.operations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud AlloyDB Admin (`roles/alloydb.admin`) Cloud AlloyDB Viewer (`roles/alloydb.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Database Migration Service Agent (`roles/datamigration.serviceAgent`)
`alloydb.supportedDatabaseFlags.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud AlloyDB Admin (`roles/alloydb.admin`) Cloud AlloyDB Viewer (`roles/alloydb.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`)
`alloydb.supportedDatabaseFlags.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud AlloyDB Admin (`roles/alloydb.admin`) Cloud AlloyDB Viewer (`roles/alloydb.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`)
`alloydb.users.create`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud AlloyDB Admin (`roles/alloydb.admin`)
`alloydb.users.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud AlloyDB Admin (`roles/alloydb.admin`)
`alloydb.users.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud AlloyDB Admin (`roles/alloydb.admin`) Cloud AlloyDB Viewer (`roles/alloydb.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`)
`alloydb.users.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud AlloyDB Admin (`roles/alloydb.admin`) Cloud AlloyDB Viewer (`roles/alloydb.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`)
`alloydb.users.login`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud AlloyDB Admin (`roles/alloydb.admin`) Cloud AlloyDB Database User (`roles/alloydb.databaseUser`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`)
`alloydb.users.update`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud AlloyDB Admin (`roles/alloydb.admin`)

AlloyDB for PostgreSQL roles and permissions Stay organized with collections Save and categorize content based on your preferences.