API Gateway roles and permissions

This page lists the IAM roles and permissions for API Gateway. To search through all roles and permissions, see the role and permission index.

API Gateway roles

Role Permissions

(roles/apigateway.admin)

Full access to ApiGateway and related resources.

apigateway.*

  • apigateway.apiconfigs.create
  • apigateway.apiconfigs.delete
  • apigateway.apiconfigs.get
  • apigateway.apiconfigs.getIamPolicy
  • apigateway.apiconfigs.list
  • apigateway.apiconfigs.setIamPolicy
  • apigateway.apiconfigs.update
  • apigateway.apis.create
  • apigateway.apis.createTagBinding
  • apigateway.apis.delete
  • apigateway.apis.deleteTagBinding
  • apigateway.apis.get
  • apigateway.apis.getIamPolicy
  • apigateway.apis.list
  • apigateway.apis.listEffectiveTags
  • apigateway.apis.listTagBindings
  • apigateway.apis.setIamPolicy
  • apigateway.apis.update
  • apigateway.gateways.create
  • apigateway.gateways.createTagBinding
  • apigateway.gateways.delete
  • apigateway.gateways.deleteTagBinding
  • apigateway.gateways.get
  • apigateway.gateways.getIamPolicy
  • apigateway.gateways.list
  • apigateway.gateways.listEffectiveTags
  • apigateway.gateways.listTagBindings
  • apigateway.gateways.setIamPolicy
  • apigateway.gateways.update
  • apigateway.locations.get
  • apigateway.locations.list
  • apigateway.operations.cancel
  • apigateway.operations.delete
  • apigateway.operations.get
  • apigateway.operations.list

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.get

monitoring.timeSeries.list

resourcemanager.projects.get

resourcemanager.projects.list

servicemanagement.services.get

serviceusage.services.get

serviceusage.services.list

(roles/apigateway.serviceAgent)

Gives Cloud API Gateway service account access to Service Management check and reports as well as impersonation on user-specified service accounts.

iam.serviceAccounts.getAccessToken

iam.serviceAccounts.getOpenIdToken

servicemanagement.services.check

servicemanagement.services.quota

servicemanagement.services.report

(roles/apigateway.viewer)

Read-only access to ApiGateway and related resources.

apigateway.apiconfigs.get

apigateway.apiconfigs.getIamPolicy

apigateway.apiconfigs.list

apigateway.apis.get

apigateway.apis.getIamPolicy

apigateway.apis.list

apigateway.apis.listEffectiveTags

apigateway.apis.listTagBindings

apigateway.gateways.get

apigateway.gateways.getIamPolicy

apigateway.gateways.list

apigateway.gateways.listEffectiveTags

apigateway.gateways.listTagBindings

apigateway.locations.*

  • apigateway.locations.get
  • apigateway.locations.list

apigateway.operations.get

apigateway.operations.list

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.get

monitoring.timeSeries.list

resourcemanager.projects.get

resourcemanager.projects.list

servicemanagement.services.get

serviceusage.services.get

serviceusage.services.list

(roles/apigateway_management.serviceAgent)

Gives Cloud API Gateway service account access to retrieve a Service configuration.

iam.serviceAccounts.get

servicemanagement.services.create

servicemanagement.services.delete

servicemanagement.services.get

servicemanagement.services.list

servicemanagement.services.update

serviceusage.services.get

API Gateway permissions

Permission Included in roles

Owner (roles/owner)

Editor (roles/editor)

ApiGateway Admin (roles/apigateway.admin)

Owner (roles/owner)

Editor (roles/editor)

ApiGateway Admin (roles/apigateway.admin)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

ApiGateway Admin (roles/apigateway.admin)

ApiGateway Viewer (roles/apigateway.viewer)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

ApiGateway Admin (roles/apigateway.admin)

ApiGateway Viewer (roles/apigateway.viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

ApiGateway Admin (roles/apigateway.admin)

ApiGateway Viewer (roles/apigateway.viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Owner (roles/owner)

ApiGateway Admin (roles/apigateway.admin)

Security Admin (roles/iam.securityAdmin)

Owner (roles/owner)

Editor (roles/editor)

ApiGateway Admin (roles/apigateway.admin)

Owner (roles/owner)

Editor (roles/editor)

ApiGateway Admin (roles/apigateway.admin)

Owner (roles/owner)

ApiGateway Admin (roles/apigateway.admin)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Tag User (roles/resourcemanager.tagUser)

Owner (roles/owner)

Editor (roles/editor)

ApiGateway Admin (roles/apigateway.admin)

Owner (roles/owner)

ApiGateway Admin (roles/apigateway.admin)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Tag User (roles/resourcemanager.tagUser)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

ApiGateway Admin (roles/apigateway.admin)

ApiGateway Viewer (roles/apigateway.viewer)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

ApiGateway Admin (roles/apigateway.admin)

ApiGateway Viewer (roles/apigateway.viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

ApiGateway Admin (roles/apigateway.admin)

ApiGateway Viewer (roles/apigateway.viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

ApiGateway Admin (roles/apigateway.admin)

ApiGateway Viewer (roles/apigateway.viewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

ApiGateway Admin (roles/apigateway.admin)

ApiGateway Viewer (roles/apigateway.viewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

Owner (roles/owner)

ApiGateway Admin (roles/apigateway.admin)

Security Admin (roles/iam.securityAdmin)

Owner (roles/owner)

Editor (roles/editor)

ApiGateway Admin (roles/apigateway.admin)

Owner (roles/owner)

Editor (roles/editor)

ApiGateway Admin (roles/apigateway.admin)

Owner (roles/owner)

ApiGateway Admin (roles/apigateway.admin)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Tag User (roles/resourcemanager.tagUser)

Owner (roles/owner)

Editor (roles/editor)

ApiGateway Admin (roles/apigateway.admin)

Owner (roles/owner)

ApiGateway Admin (roles/apigateway.admin)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Tag User (roles/resourcemanager.tagUser)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

ApiGateway Admin (roles/apigateway.admin)

ApiGateway Viewer (roles/apigateway.viewer)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

ApiGateway Admin (roles/apigateway.admin)

ApiGateway Viewer (roles/apigateway.viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

ApiGateway Admin (roles/apigateway.admin)

ApiGateway Viewer (roles/apigateway.viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

ApiGateway Admin (roles/apigateway.admin)

ApiGateway Viewer (roles/apigateway.viewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

ApiGateway Admin (roles/apigateway.admin)

ApiGateway Viewer (roles/apigateway.viewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

Owner (roles/owner)

ApiGateway Admin (roles/apigateway.admin)

Security Admin (roles/iam.securityAdmin)

Owner (roles/owner)

Editor (roles/editor)

ApiGateway Admin (roles/apigateway.admin)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

ApiGateway Admin (roles/apigateway.admin)

ApiGateway Viewer (roles/apigateway.viewer)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

ApiGateway Admin (roles/apigateway.admin)

ApiGateway Viewer (roles/apigateway.viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Owner (roles/owner)

Editor (roles/editor)

ApiGateway Admin (roles/apigateway.admin)

Owner (roles/owner)

Editor (roles/editor)

ApiGateway Admin (roles/apigateway.admin)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

ApiGateway Admin (roles/apigateway.admin)

ApiGateway Viewer (roles/apigateway.viewer)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

ApiGateway Admin (roles/apigateway.admin)

ApiGateway Viewer (roles/apigateway.viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)