BigQuery roles and permissions
Stay organized with collections Save and categorize content based on your preferences.

This page lists the IAM roles and permissions for BigQuery. To search through all roles and permissions, see the role and permission index.

BigQuery roles

Role Permissions

Role	Permissions
BigQuery Admin (`roles/bigquery.admin`) Provides permissions to manage all resources within the project. Can manage all data within the project, and can cancel jobs from other users running within the project. Lowest-level resources where you can grant this role: Datasets Row access policies Tables Views	`bigquery.bireservations.` `bigquery.bireservations.get` `bigquery.bireservations.update` `bigquery.capacityCommitments.` `bigquery.capacityCommitments.create` `bigquery.capacityCommitments.delete` `bigquery.capacityCommitments.get` `bigquery.capacityCommitments.list` `bigquery.capacityCommitments.update` `bigquery.config.` `bigquery.config.get` `bigquery.config.update` `bigquery.connections.` `bigquery.connections.create` `bigquery.connections.delegate` `bigquery.connections.delete` `bigquery.connections.get` `bigquery.connections.getIamPolicy` `bigquery.connections.list` `bigquery.connections.setIamPolicy` `bigquery.connections.update` `bigquery.connections.updateTag` `bigquery.connections.use` `bigquery.dataPolicies.create` `bigquery.dataPolicies.delete` `bigquery.dataPolicies.get` `bigquery.dataPolicies.getIamPolicy` `bigquery.dataPolicies.list` `bigquery.dataPolicies.setIamPolicy` `bigquery.dataPolicies.update` `bigquery.datasets.` `bigquery.datasets.create` `bigquery.datasets.createTagBinding` `bigquery.datasets.delete` `bigquery.datasets.deleteTagBinding` `bigquery.datasets.get` `bigquery.datasets.getIamPolicy` `bigquery.datasets.link` `bigquery.datasets.listEffectiveTags` `bigquery.datasets.listSharedDatasetUsage` `bigquery.datasets.listTagBindings` `bigquery.datasets.setIamPolicy` `bigquery.datasets.update` `bigquery.datasets.updateTag` `bigquery.jobs.` `bigquery.jobs.create` `bigquery.jobs.delete` `bigquery.jobs.get` `bigquery.jobs.list` `bigquery.jobs.listAll` `bigquery.jobs.listExecutionMetadata` `bigquery.jobs.update` `bigquery.models.` `bigquery.models.create` `bigquery.models.delete` `bigquery.models.export` `bigquery.models.getData` `bigquery.models.getMetadata` `bigquery.models.list` `bigquery.models.updateData` `bigquery.models.updateMetadata` `bigquery.models.updateTag` `bigquery.objectRefs.` `bigquery.objectRefs.read` `bigquery.objectRefs.write` `bigquery.readsessions.` `bigquery.readsessions.create` `bigquery.readsessions.getData` `bigquery.readsessions.update` `bigquery.reservationAssignments.` `bigquery.reservationAssignments.create` `bigquery.reservationAssignments.delete` `bigquery.reservationAssignments.list` `bigquery.reservationAssignments.search` `bigquery.reservations.` `bigquery.reservations.create` `bigquery.reservations.delete` `bigquery.reservations.get` `bigquery.reservations.list` `bigquery.reservations.listFailoverDatasets` `bigquery.reservations.update` `bigquery.reservations.use` `bigquery.routines.` `bigquery.routines.create` `bigquery.routines.delete` `bigquery.routines.get` `bigquery.routines.list` `bigquery.routines.update` `bigquery.routines.updateTag` `bigquery.rowAccessPolicies.create` `bigquery.rowAccessPolicies.delete` `bigquery.rowAccessPolicies.get` `bigquery.rowAccessPolicies.getIamPolicy` `bigquery.rowAccessPolicies.list` `bigquery.rowAccessPolicies.overrideTimeTravelRestrictions` `bigquery.rowAccessPolicies.setIamPolicy` `bigquery.rowAccessPolicies.update` `bigquery.savedqueries.` `bigquery.savedqueries.create` `bigquery.savedqueries.delete` `bigquery.savedqueries.get` `bigquery.savedqueries.list` `bigquery.savedqueries.update` `bigquery.tables.` `bigquery.tables.create` `bigquery.tables.createIndex` `bigquery.tables.createSnapshot` `bigquery.tables.createTagBinding` `bigquery.tables.delete` `bigquery.tables.deleteIndex` `bigquery.tables.deleteSnapshot` `bigquery.tables.deleteTagBinding` `bigquery.tables.export` `bigquery.tables.get` `bigquery.tables.getData` `bigquery.tables.getIamPolicy` `bigquery.tables.list` `bigquery.tables.listEffectiveTags` `bigquery.tables.listTagBindings` `bigquery.tables.replicateData` `bigquery.tables.restoreSnapshot` `bigquery.tables.setCategory` `bigquery.tables.setColumnDataPolicy` `bigquery.tables.setIamPolicy` `bigquery.tables.update` `bigquery.tables.updateData` `bigquery.tables.updateIndex` `bigquery.tables.updateTag` `bigquery.transfers.` `bigquery.transfers.get` `bigquery.transfers.update` `bigquerymigration.translation.translate` `cloudkms.keyHandles.` `cloudkms.keyHandles.create` `cloudkms.keyHandles.get` `cloudkms.keyHandles.list` `cloudkms.operations.get` `cloudkms.projects.showEffectiveAutokeyConfig` `dataform.*` `dataform.commentThreads.create` `dataform.commentThreads.delete` `dataform.commentThreads.get` `dataform.commentThreads.list` `dataform.commentThreads.update` `dataform.comments.create` `dataform.comments.delete` `dataform.comments.get` `dataform.comments.list` `dataform.comments.update` `dataform.compilationResults.create` `dataform.compilationResults.get` `dataform.compilationResults.list` `dataform.compilationResults.query` `dataform.config.get` `dataform.config.update` `dataform.locations.get` `dataform.locations.list` `dataform.releaseConfigs.create` `dataform.releaseConfigs.delete` `dataform.releaseConfigs.get` `dataform.releaseConfigs.list` `dataform.releaseConfigs.update` `dataform.repositories.commit` `dataform.repositories.computeAccessTokenStatus` `dataform.repositories.create` `dataform.repositories.delete` `dataform.repositories.fetchHistory` `dataform.repositories.fetchRemoteBranches` `dataform.repositories.get` `dataform.repositories.getIamPolicy` `dataform.repositories.list` `dataform.repositories.queryDirectoryContents` `dataform.repositories.readFile` `dataform.repositories.setIamPolicy` `dataform.repositories.update` `dataform.workflowConfigs.create` `dataform.workflowConfigs.delete` `dataform.workflowConfigs.get` `dataform.workflowConfigs.list` `dataform.workflowConfigs.update` `dataform.workflowInvocations.cancel` `dataform.workflowInvocations.create` `dataform.workflowInvocations.delete` `dataform.workflowInvocations.get` `dataform.workflowInvocations.list` `dataform.workflowInvocations.query` `dataform.workspaces.commit` `dataform.workspaces.create` `dataform.workspaces.delete` `dataform.workspaces.fetchFileDiff` `dataform.workspaces.fetchFileGitStatuses` `dataform.workspaces.fetchGitAheadBehind` `dataform.workspaces.get` `dataform.workspaces.getIamPolicy` `dataform.workspaces.installNpmPackages` `dataform.workspaces.list` `dataform.workspaces.makeDirectory` `dataform.workspaces.moveDirectory` `dataform.workspaces.moveFile` `dataform.workspaces.pull` `dataform.workspaces.push` `dataform.workspaces.queryDirectoryContents` `dataform.workspaces.readFile` `dataform.workspaces.removeDirectory` `dataform.workspaces.removeFile` `dataform.workspaces.reset` `dataform.workspaces.searchFiles` `dataform.workspaces.setIamPolicy` `dataform.workspaces.writeFile` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
BigQuery Connection Admin (`roles/bigquery.connectionAdmin`)	`bigquery.connections.*` `bigquery.connections.create` `bigquery.connections.delegate` `bigquery.connections.delete` `bigquery.connections.get` `bigquery.connections.getIamPolicy` `bigquery.connections.list` `bigquery.connections.setIamPolicy` `bigquery.connections.update` `bigquery.connections.updateTag` `bigquery.connections.use`
BigQuery Connection User (`roles/bigquery.connectionUser`)	`bigquery.connections.get` `bigquery.connections.getIamPolicy` `bigquery.connections.list` `bigquery.connections.use`
BigQuery Data Editor (`roles/bigquery.dataEditor`) When applied to a table or view, this role provides permissions to: Read and update data and metadata for the table or view. Delete the table or view. This role cannot be applied to individual models or routines. When applied to a dataset, this role provides permissions to: Read the dataset's metadata and list tables in the dataset. Create, update, get, and delete the dataset's tables. The BigQuery Data Editor role is mapped to the `WRITER` BigQuery basic role. When you grant the BigQuery Data Editor role to a principal at the dataset level, the principal is granted `WRITER` access to the dataset. When applied at the project or organization level, this role can also create new datasets. Lowest-level resources where you can grant this role: Table View	`bigquery.config.get` `bigquery.datasets.create` `bigquery.datasets.get` `bigquery.datasets.getIamPolicy` `bigquery.datasets.updateTag` `bigquery.models.` `bigquery.models.create` `bigquery.models.delete` `bigquery.models.export` `bigquery.models.getData` `bigquery.models.getMetadata` `bigquery.models.list` `bigquery.models.updateData` `bigquery.models.updateMetadata` `bigquery.models.updateTag` `bigquery.routines.` `bigquery.routines.create` `bigquery.routines.delete` `bigquery.routines.get` `bigquery.routines.list` `bigquery.routines.update` `bigquery.routines.updateTag` `bigquery.tables.create` `bigquery.tables.createIndex` `bigquery.tables.createSnapshot` `bigquery.tables.delete` `bigquery.tables.deleteIndex` `bigquery.tables.export` `bigquery.tables.get` `bigquery.tables.getData` `bigquery.tables.getIamPolicy` `bigquery.tables.list` `bigquery.tables.replicateData` `bigquery.tables.restoreSnapshot` `bigquery.tables.update` `bigquery.tables.updateData` `bigquery.tables.updateIndex` `bigquery.tables.updateTag` `cloudkms.keyHandles.*` `cloudkms.keyHandles.create` `cloudkms.keyHandles.get` `cloudkms.keyHandles.list` `cloudkms.operations.get` `cloudkms.projects.showEffectiveAutokeyConfig` `resourcemanager.projects.get` `resourcemanager.projects.list`
BigQuery Data Owner (`roles/bigquery.dataOwner`) When applied to a table or view, this role provides permissions to: Read and update data and metadata for the table or view. Share the table or view. Delete the table or view. This role cannot be applied to individual models or routines. When applied to a dataset, this role provides permissions to: Read, update, and delete the dataset. Create, update, get, and delete the dataset's tables. The BigQuery Data Owner role is mapped to the `OWNER` BigQuery basic role. When you grant the BigQuery Data Owner role to a principal at the dataset level, the principal is granted `OWNER` access to the dataset. When applied at the project or organization level, this role can also create new datasets. Lowest-level resources where you can grant this role: Table View	`bigquery.config.get` `bigquery.dataPolicies.create` `bigquery.dataPolicies.delete` `bigquery.dataPolicies.get` `bigquery.dataPolicies.getIamPolicy` `bigquery.dataPolicies.list` `bigquery.dataPolicies.setIamPolicy` `bigquery.dataPolicies.update` `bigquery.datasets.` `bigquery.datasets.create` `bigquery.datasets.createTagBinding` `bigquery.datasets.delete` `bigquery.datasets.deleteTagBinding` `bigquery.datasets.get` `bigquery.datasets.getIamPolicy` `bigquery.datasets.link` `bigquery.datasets.listEffectiveTags` `bigquery.datasets.listSharedDatasetUsage` `bigquery.datasets.listTagBindings` `bigquery.datasets.setIamPolicy` `bigquery.datasets.update` `bigquery.datasets.updateTag` `bigquery.models.` `bigquery.models.create` `bigquery.models.delete` `bigquery.models.export` `bigquery.models.getData` `bigquery.models.getMetadata` `bigquery.models.list` `bigquery.models.updateData` `bigquery.models.updateMetadata` `bigquery.models.updateTag` `bigquery.routines.` `bigquery.routines.create` `bigquery.routines.delete` `bigquery.routines.get` `bigquery.routines.list` `bigquery.routines.update` `bigquery.routines.updateTag` `bigquery.rowAccessPolicies.create` `bigquery.rowAccessPolicies.delete` `bigquery.rowAccessPolicies.get` `bigquery.rowAccessPolicies.getIamPolicy` `bigquery.rowAccessPolicies.list` `bigquery.rowAccessPolicies.setIamPolicy` `bigquery.rowAccessPolicies.update` `bigquery.tables.` `bigquery.tables.create` `bigquery.tables.createIndex` `bigquery.tables.createSnapshot` `bigquery.tables.createTagBinding` `bigquery.tables.delete` `bigquery.tables.deleteIndex` `bigquery.tables.deleteSnapshot` `bigquery.tables.deleteTagBinding` `bigquery.tables.export` `bigquery.tables.get` `bigquery.tables.getData` `bigquery.tables.getIamPolicy` `bigquery.tables.list` `bigquery.tables.listEffectiveTags` `bigquery.tables.listTagBindings` `bigquery.tables.replicateData` `bigquery.tables.restoreSnapshot` `bigquery.tables.setCategory` `bigquery.tables.setColumnDataPolicy` `bigquery.tables.setIamPolicy` `bigquery.tables.update` `bigquery.tables.updateData` `bigquery.tables.updateIndex` `bigquery.tables.updateTag` `cloudkms.keyHandles.*` `cloudkms.keyHandles.create` `cloudkms.keyHandles.get` `cloudkms.keyHandles.list` `cloudkms.operations.get` `cloudkms.projects.showEffectiveAutokeyConfig` `resourcemanager.projects.get` `resourcemanager.projects.list`
BigQuery Data Viewer (`roles/bigquery.dataViewer`) When applied to a table or view, this role provides permissions to: Read data and metadata from the table or view. This role cannot be applied to individual models or routines. When applied to a dataset, this role provides permissions to list all of the resources in the dataset (such as tables, views, snapshots, models, and routines) and to read their data and metadata with applicable APIs and in queries. The BigQuery Data Viewer role is mapped to the `READER` BigQuery basic role. When you grant the BigQuery Data Viewer role to a principal at the dataset level, the principal is granted `READER` access to the dataset. When applied at the project or organization level, this role can also enumerate all datasets in the project. Additional roles, however, are necessary to allow the running of jobs. Lowest-level resources where you can grant this role: Table View	`bigquery.datasets.get` `bigquery.datasets.getIamPolicy` `bigquery.models.export` `bigquery.models.getData` `bigquery.models.getMetadata` `bigquery.models.list` `bigquery.routines.get` `bigquery.routines.list` `bigquery.tables.createSnapshot` `bigquery.tables.export` `bigquery.tables.get` `bigquery.tables.getData` `bigquery.tables.getIamPolicy` `bigquery.tables.list` `bigquery.tables.replicateData` `resourcemanager.projects.get` `resourcemanager.projects.list`
BigQuery Filtered Data Viewer (`roles/bigquery.filteredDataViewer`) Access to view filtered table data defined by a row access policy	`bigquery.rowAccessPolicies.getFilteredData`
BigQuery Job User (`roles/bigquery.jobUser`) Provides permissions to run jobs, including queries, within the project. Lowest-level resources where you can grant this role: Project	`bigquery.config.get` `bigquery.jobs.create` `dataform.locations.*` `dataform.locations.get` `dataform.locations.list` `dataform.repositories.create` `dataform.repositories.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
BigQuery Metadata Viewer (`roles/bigquery.metadataViewer`) When applied to a table or view, this role provides permissions to: Read metadata from the table or view. This role cannot be applied to individual models or routines. When applied to a dataset, this role provides permissions to: List tables and views in the dataset. Read metadata from the dataset's tables and views. When applied at the project or organization level, this role provides permissions to: List all datasets and read metadata for all datasets in the project. List all tables and views and read metadata for all tables and views in the project. Additional roles are necessary to allow the running of jobs. Lowest-level resources where you can grant this role: Table View	`bigquery.datasets.get` `bigquery.datasets.getIamPolicy` `bigquery.models.getMetadata` `bigquery.models.list` `bigquery.routines.get` `bigquery.routines.list` `bigquery.tables.get` `bigquery.tables.getIamPolicy` `bigquery.tables.list` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
BigQuery ObjectRef Admin (`roles/bigquery.objectRefAdmin`) Administer ObjectRef resources that includes read and write permissions	`bigquery.objectRefs.*` `bigquery.objectRefs.read` `bigquery.objectRefs.write`
BigQuery ObjectRef Reader (`roles/bigquery.objectRefReader`) Role for reading referenced objects via ObjectRefs in BigQuery	`bigquery.objectRefs.read`
BigQuery Read Session User (`roles/bigquery.readSessionUser`) Provides the ability to create and use read sessions. Lowest-level resources where you can grant this role: Project	`bigquery.readsessions.*` `bigquery.readsessions.create` `bigquery.readsessions.getData` `bigquery.readsessions.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
BigQuery Resource Admin (`roles/bigquery.resourceAdmin`) Administers BigQuery workloads, including slot assignments, commitments, and reservations.	`bigquery.bireservations.` `bigquery.bireservations.get` `bigquery.bireservations.update` `bigquery.capacityCommitments.` `bigquery.capacityCommitments.create` `bigquery.capacityCommitments.delete` `bigquery.capacityCommitments.get` `bigquery.capacityCommitments.list` `bigquery.capacityCommitments.update` `bigquery.jobs.get` `bigquery.jobs.list` `bigquery.jobs.listAll` `bigquery.jobs.listExecutionMetadata` `bigquery.reservationAssignments.` `bigquery.reservationAssignments.create` `bigquery.reservationAssignments.delete` `bigquery.reservationAssignments.list` `bigquery.reservationAssignments.search` `bigquery.reservations.` `bigquery.reservations.create` `bigquery.reservations.delete` `bigquery.reservations.get` `bigquery.reservations.list` `bigquery.reservations.listFailoverDatasets` `bigquery.reservations.update` `bigquery.reservations.use` `recommender.bigqueryCapacityCommitmentsInsights.` `recommender.bigqueryCapacityCommitmentsInsights.get` `recommender.bigqueryCapacityCommitmentsInsights.list` `recommender.bigqueryCapacityCommitmentsInsights.update` `recommender.bigqueryCapacityCommitmentsRecommendations.` `recommender.bigqueryCapacityCommitmentsRecommendations.get` `recommender.bigqueryCapacityCommitmentsRecommendations.list` `recommender.bigqueryCapacityCommitmentsRecommendations.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
BigQuery Resource Editor (`roles/bigquery.resourceEditor`) Manages BigQuery workloads, but is unable to create or modify slot commitments.	`bigquery.bireservations.get` `bigquery.capacityCommitments.get` `bigquery.capacityCommitments.list` `bigquery.jobs.get` `bigquery.jobs.list` `bigquery.jobs.listAll` `bigquery.jobs.listExecutionMetadata` `bigquery.reservationAssignments.` `bigquery.reservationAssignments.create` `bigquery.reservationAssignments.delete` `bigquery.reservationAssignments.list` `bigquery.reservationAssignments.search` `bigquery.reservations.` `bigquery.reservations.create` `bigquery.reservations.delete` `bigquery.reservations.get` `bigquery.reservations.list` `bigquery.reservations.listFailoverDatasets` `bigquery.reservations.update` `bigquery.reservations.use` `resourcemanager.projects.get` `resourcemanager.projects.list`
BigQuery Resource Viewer (`roles/bigquery.resourceViewer`) Can view BigQuery workloads, but cannot create or modify slot reservations or commitments.	`bigquery.bireservations.get` `bigquery.capacityCommitments.get` `bigquery.capacityCommitments.list` `bigquery.jobs.get` `bigquery.jobs.list` `bigquery.jobs.listAll` `bigquery.jobs.listExecutionMetadata` `bigquery.reservationAssignments.list` `bigquery.reservationAssignments.search` `bigquery.reservations.get` `bigquery.reservations.list` `bigquery.reservations.listFailoverDatasets` `resourcemanager.projects.get` `resourcemanager.projects.list`
BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Combination role of BigQuery Admin, Dataform Admin, Notebook Runtime Admin and Dataproc Serverless Editor.	`aiplatform.notebookRuntimeTemplates.` `aiplatform.notebookRuntimeTemplates.apply` `aiplatform.notebookRuntimeTemplates.create` `aiplatform.notebookRuntimeTemplates.delete` `aiplatform.notebookRuntimeTemplates.get` `aiplatform.notebookRuntimeTemplates.getIamPolicy` `aiplatform.notebookRuntimeTemplates.list` `aiplatform.notebookRuntimeTemplates.setIamPolicy` `aiplatform.notebookRuntimeTemplates.update` `aiplatform.notebookRuntimes.` `aiplatform.notebookRuntimes.assign` `aiplatform.notebookRuntimes.delete` `aiplatform.notebookRuntimes.get` `aiplatform.notebookRuntimes.list` `aiplatform.notebookRuntimes.start` `aiplatform.notebookRuntimes.update` `aiplatform.notebookRuntimes.upgrade` `aiplatform.operations.list` `bigquery.bireservations.` `bigquery.bireservations.get` `bigquery.bireservations.update` `bigquery.capacityCommitments.` `bigquery.capacityCommitments.create` `bigquery.capacityCommitments.delete` `bigquery.capacityCommitments.get` `bigquery.capacityCommitments.list` `bigquery.capacityCommitments.update` `bigquery.config.` `bigquery.config.get` `bigquery.config.update` `bigquery.connections.` `bigquery.connections.create` `bigquery.connections.delegate` `bigquery.connections.delete` `bigquery.connections.get` `bigquery.connections.getIamPolicy` `bigquery.connections.list` `bigquery.connections.setIamPolicy` `bigquery.connections.update` `bigquery.connections.updateTag` `bigquery.connections.use` `bigquery.dataPolicies.create` `bigquery.dataPolicies.delete` `bigquery.dataPolicies.get` `bigquery.dataPolicies.getIamPolicy` `bigquery.dataPolicies.list` `bigquery.dataPolicies.setIamPolicy` `bigquery.dataPolicies.update` `bigquery.datasets.` `bigquery.datasets.create` `bigquery.datasets.createTagBinding` `bigquery.datasets.delete` `bigquery.datasets.deleteTagBinding` `bigquery.datasets.get` `bigquery.datasets.getIamPolicy` `bigquery.datasets.link` `bigquery.datasets.listEffectiveTags` `bigquery.datasets.listSharedDatasetUsage` `bigquery.datasets.listTagBindings` `bigquery.datasets.setIamPolicy` `bigquery.datasets.update` `bigquery.datasets.updateTag` `bigquery.jobs.` `bigquery.jobs.create` `bigquery.jobs.delete` `bigquery.jobs.get` `bigquery.jobs.list` `bigquery.jobs.listAll` `bigquery.jobs.listExecutionMetadata` `bigquery.jobs.update` `bigquery.models.` `bigquery.models.create` `bigquery.models.delete` `bigquery.models.export` `bigquery.models.getData` `bigquery.models.getMetadata` `bigquery.models.list` `bigquery.models.updateData` `bigquery.models.updateMetadata` `bigquery.models.updateTag` `bigquery.objectRefs.` `bigquery.objectRefs.read` `bigquery.objectRefs.write` `bigquery.readsessions.` `bigquery.readsessions.create` `bigquery.readsessions.getData` `bigquery.readsessions.update` `bigquery.reservationAssignments.` `bigquery.reservationAssignments.create` `bigquery.reservationAssignments.delete` `bigquery.reservationAssignments.list` `bigquery.reservationAssignments.search` `bigquery.reservations.` `bigquery.reservations.create` `bigquery.reservations.delete` `bigquery.reservations.get` `bigquery.reservations.list` `bigquery.reservations.listFailoverDatasets` `bigquery.reservations.update` `bigquery.reservations.use` `bigquery.routines.` `bigquery.routines.create` `bigquery.routines.delete` `bigquery.routines.get` `bigquery.routines.list` `bigquery.routines.update` `bigquery.routines.updateTag` `bigquery.rowAccessPolicies.create` `bigquery.rowAccessPolicies.delete` `bigquery.rowAccessPolicies.get` `bigquery.rowAccessPolicies.getIamPolicy` `bigquery.rowAccessPolicies.list` `bigquery.rowAccessPolicies.overrideTimeTravelRestrictions` `bigquery.rowAccessPolicies.setIamPolicy` `bigquery.rowAccessPolicies.update` `bigquery.savedqueries.` `bigquery.savedqueries.create` `bigquery.savedqueries.delete` `bigquery.savedqueries.get` `bigquery.savedqueries.list` `bigquery.savedqueries.update` `bigquery.tables.` `bigquery.tables.create` `bigquery.tables.createIndex` `bigquery.tables.createSnapshot` `bigquery.tables.createTagBinding` `bigquery.tables.delete` `bigquery.tables.deleteIndex` `bigquery.tables.deleteSnapshot` `bigquery.tables.deleteTagBinding` `bigquery.tables.export` `bigquery.tables.get` `bigquery.tables.getData` `bigquery.tables.getIamPolicy` `bigquery.tables.list` `bigquery.tables.listEffectiveTags` `bigquery.tables.listTagBindings` `bigquery.tables.replicateData` `bigquery.tables.restoreSnapshot` `bigquery.tables.setCategory` `bigquery.tables.setColumnDataPolicy` `bigquery.tables.setIamPolicy` `bigquery.tables.update` `bigquery.tables.updateData` `bigquery.tables.updateIndex` `bigquery.tables.updateTag` `bigquery.transfers.` `bigquery.transfers.get` `bigquery.transfers.update` `bigquerymigration.translation.translate` `cloudkms.keyHandles.` `cloudkms.keyHandles.create` `cloudkms.keyHandles.get` `cloudkms.keyHandles.list` `cloudkms.operations.get` `cloudkms.projects.showEffectiveAutokeyConfig` `compute.projects.get` `compute.regions.` `compute.regions.get` `compute.regions.list` `compute.reservations.get` `compute.reservations.list` `compute.zones.` `compute.zones.get` `compute.zones.list` `dataform.` `dataform.commentThreads.create` `dataform.commentThreads.delete` `dataform.commentThreads.get` `dataform.commentThreads.list` `dataform.commentThreads.update` `dataform.comments.create` `dataform.comments.delete` `dataform.comments.get` `dataform.comments.list` `dataform.comments.update` `dataform.compilationResults.create` `dataform.compilationResults.get` `dataform.compilationResults.list` `dataform.compilationResults.query` `dataform.config.get` `dataform.config.update` `dataform.locations.get` `dataform.locations.list` `dataform.releaseConfigs.create` `dataform.releaseConfigs.delete` `dataform.releaseConfigs.get` `dataform.releaseConfigs.list` `dataform.releaseConfigs.update` `dataform.repositories.commit` `dataform.repositories.computeAccessTokenStatus` `dataform.repositories.create` `dataform.repositories.delete` `dataform.repositories.fetchHistory` `dataform.repositories.fetchRemoteBranches` `dataform.repositories.get` `dataform.repositories.getIamPolicy` `dataform.repositories.list` `dataform.repositories.queryDirectoryContents` `dataform.repositories.readFile` `dataform.repositories.setIamPolicy` `dataform.repositories.update` `dataform.workflowConfigs.create` `dataform.workflowConfigs.delete` `dataform.workflowConfigs.get` `dataform.workflowConfigs.list` `dataform.workflowConfigs.update` `dataform.workflowInvocations.cancel` `dataform.workflowInvocations.create` `dataform.workflowInvocations.delete` `dataform.workflowInvocations.get` `dataform.workflowInvocations.list` `dataform.workflowInvocations.query` `dataform.workspaces.commit` `dataform.workspaces.create` `dataform.workspaces.delete` `dataform.workspaces.fetchFileDiff` `dataform.workspaces.fetchFileGitStatuses` `dataform.workspaces.fetchGitAheadBehind` `dataform.workspaces.get` `dataform.workspaces.getIamPolicy` `dataform.workspaces.installNpmPackages` `dataform.workspaces.list` `dataform.workspaces.makeDirectory` `dataform.workspaces.moveDirectory` `dataform.workspaces.moveFile` `dataform.workspaces.pull` `dataform.workspaces.push` `dataform.workspaces.queryDirectoryContents` `dataform.workspaces.readFile` `dataform.workspaces.removeDirectory` `dataform.workspaces.removeFile` `dataform.workspaces.reset` `dataform.workspaces.searchFiles` `dataform.workspaces.setIamPolicy` `dataform.workspaces.writeFile` `dataplex.projects.search` `dataproc.batches.` `dataproc.batches.analyze` `dataproc.batches.cancel` `dataproc.batches.create` `dataproc.batches.delete` `dataproc.batches.get` `dataproc.batches.list` `dataproc.batches.sparkApplicationRead` `dataproc.batches.sparkApplicationWrite` `dataproc.operations.cancel` `dataproc.operations.delete` `dataproc.operations.get` `dataproc.operations.list` `dataproc.sessionTemplates.` `dataproc.sessionTemplates.create` `dataproc.sessionTemplates.delete` `dataproc.sessionTemplates.get` `dataproc.sessionTemplates.list` `dataproc.sessionTemplates.update` `dataproc.sessions.` `dataproc.sessions.create` `dataproc.sessions.delete` `dataproc.sessions.get` `dataproc.sessions.list` `dataproc.sessions.sparkApplicationRead` `dataproc.sessions.sparkApplicationWrite` `dataproc.sessions.terminate` `dataprocrm.nodePools.` `dataprocrm.nodePools.create` `dataprocrm.nodePools.delete` `dataprocrm.nodePools.deleteNodes` `dataprocrm.nodePools.get` `dataprocrm.nodePools.list` `dataprocrm.nodePools.resize` `dataprocrm.nodes.get` `dataprocrm.nodes.heartbeat` `dataprocrm.nodes.list` `dataprocrm.nodes.update` `dataprocrm.operations.get` `dataprocrm.operations.list` `dataprocrm.workloads.` `dataprocrm.workloads.cancel` `dataprocrm.workloads.create` `dataprocrm.workloads.delete` `dataprocrm.workloads.get` `dataprocrm.workloads.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
BigQuery Studio User (`roles/bigquery.studioUser`) Combination role of BigQuery Job User, BigQuery Read Session User, Dataform Code Creator, Notebook Runtime User and Dataproc Serverless Editor.	`aiplatform.notebookRuntimeTemplates.apply` `aiplatform.notebookRuntimeTemplates.get` `aiplatform.notebookRuntimeTemplates.getIamPolicy` `aiplatform.notebookRuntimeTemplates.list` `aiplatform.notebookRuntimes.assign` `aiplatform.notebookRuntimes.get` `aiplatform.notebookRuntimes.list` `aiplatform.operations.list` `bigquery.config.get` `bigquery.jobs.create` `bigquery.readsessions.` `bigquery.readsessions.create` `bigquery.readsessions.getData` `bigquery.readsessions.update` `compute.projects.get` `compute.regions.` `compute.regions.get` `compute.regions.list` `compute.zones.` `compute.zones.get` `compute.zones.list` `dataform.commentThreads.get` `dataform.commentThreads.list` `dataform.comments.get` `dataform.comments.list` `dataform.locations.` `dataform.locations.get` `dataform.locations.list` `dataform.repositories.create` `dataform.repositories.list` `dataplex.projects.search` `dataproc.batches.` `dataproc.batches.analyze` `dataproc.batches.cancel` `dataproc.batches.create` `dataproc.batches.delete` `dataproc.batches.get` `dataproc.batches.list` `dataproc.batches.sparkApplicationRead` `dataproc.batches.sparkApplicationWrite` `dataproc.operations.cancel` `dataproc.operations.delete` `dataproc.operations.get` `dataproc.operations.list` `dataproc.sessionTemplates.` `dataproc.sessionTemplates.create` `dataproc.sessionTemplates.delete` `dataproc.sessionTemplates.get` `dataproc.sessionTemplates.list` `dataproc.sessionTemplates.update` `dataproc.sessions.` `dataproc.sessions.create` `dataproc.sessions.delete` `dataproc.sessions.get` `dataproc.sessions.list` `dataproc.sessions.sparkApplicationRead` `dataproc.sessions.sparkApplicationWrite` `dataproc.sessions.terminate` `dataprocrm.nodePools.` `dataprocrm.nodePools.create` `dataprocrm.nodePools.delete` `dataprocrm.nodePools.deleteNodes` `dataprocrm.nodePools.get` `dataprocrm.nodePools.list` `dataprocrm.nodePools.resize` `dataprocrm.nodes.get` `dataprocrm.nodes.heartbeat` `dataprocrm.nodes.list` `dataprocrm.nodes.update` `dataprocrm.operations.get` `dataprocrm.operations.list` `dataprocrm.workloads.*` `dataprocrm.workloads.cancel` `dataprocrm.workloads.create` `dataprocrm.workloads.delete` `dataprocrm.workloads.get` `dataprocrm.workloads.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
BigQuery User (`roles/bigquery.user`) When applied to a dataset, this role provides the ability to read the dataset's metadata and list tables in the dataset. When applied to a project, this role also provides the ability to run jobs, including queries, within the project. A principal with this role can enumerate their own jobs, cancel their own jobs, and enumerate datasets within a project. Additionally, allows the creation of new datasets within the project; the creator is granted the BigQuery Data Owner role (`roles/bigquery.dataOwner`) on these new datasets. Lowest-level resources where you can grant this role: Dataset	`bigquery.bireservations.get` `bigquery.capacityCommitments.get` `bigquery.capacityCommitments.list` `bigquery.config.get` `bigquery.datasets.create` `bigquery.datasets.get` `bigquery.datasets.getIamPolicy` `bigquery.jobs.create` `bigquery.jobs.list` `bigquery.models.list` `bigquery.readsessions.` `bigquery.readsessions.create` `bigquery.readsessions.getData` `bigquery.readsessions.update` `bigquery.reservationAssignments.list` `bigquery.reservationAssignments.search` `bigquery.reservations.get` `bigquery.reservations.list` `bigquery.reservations.listFailoverDatasets` `bigquery.reservations.use` `bigquery.routines.list` `bigquery.savedqueries.get` `bigquery.savedqueries.list` `bigquery.tables.list` `bigquery.transfers.get` `bigquerymigration.translation.translate` `cloudkms.keyHandles.` `cloudkms.keyHandles.create` `cloudkms.keyHandles.get` `cloudkms.keyHandles.list` `cloudkms.operations.get` `cloudkms.projects.showEffectiveAutokeyConfig` `dataform.locations.*` `dataform.locations.get` `dataform.locations.list` `dataform.repositories.create` `dataform.repositories.list` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`

BigQuery Admin

(roles/bigquery.admin)

Provides permissions to manage all resources within the project. Can manage all data within the project, and can cancel jobs from other users running within the project.

Lowest-level resources where you can grant this role:

Datasets
Row access policies
Tables
Views

bigquery.bireservations.*

bigquery.bireservations.get
bigquery.bireservations.update

bigquery.capacityCommitments.*

bigquery.capacityCommitments.create
bigquery.capacityCommitments.delete
bigquery.capacityCommitments.get
bigquery.capacityCommitments.list
bigquery.capacityCommitments.update

bigquery.config.*

bigquery.config.get
bigquery.config.update

bigquery.connections.*

bigquery.connections.create
bigquery.connections.delegate
bigquery.connections.delete
bigquery.connections.get
bigquery.connections.getIamPolicy
bigquery.connections.list
bigquery.connections.setIamPolicy
bigquery.connections.update
bigquery.connections.updateTag
bigquery.connections.use

bigquery.dataPolicies.create

bigquery.dataPolicies.delete

bigquery.dataPolicies.get

bigquery.dataPolicies.getIamPolicy

bigquery.dataPolicies.list

bigquery.dataPolicies.setIamPolicy

bigquery.dataPolicies.update

bigquery.datasets.*

bigquery.datasets.create
bigquery.datasets.createTagBinding
bigquery.datasets.delete
bigquery.datasets.deleteTagBinding
bigquery.datasets.get
bigquery.datasets.getIamPolicy
bigquery.datasets.link
bigquery.datasets.listEffectiveTags
bigquery.datasets.listSharedDatasetUsage
bigquery.datasets.listTagBindings
bigquery.datasets.setIamPolicy
bigquery.datasets.update
bigquery.datasets.updateTag

bigquery.jobs.*

bigquery.jobs.create
bigquery.jobs.delete
bigquery.jobs.get
bigquery.jobs.list
bigquery.jobs.listAll
bigquery.jobs.listExecutionMetadata
bigquery.jobs.update

bigquery.models.*

bigquery.models.create
bigquery.models.delete
bigquery.models.export
bigquery.models.getData
bigquery.models.getMetadata
bigquery.models.list
bigquery.models.updateData
bigquery.models.updateMetadata
bigquery.models.updateTag

bigquery.objectRefs.*

bigquery.objectRefs.read
bigquery.objectRefs.write

bigquery.readsessions.*

bigquery.readsessions.create
bigquery.readsessions.getData
bigquery.readsessions.update

bigquery.reservationAssignments.*

bigquery.reservationAssignments.create
bigquery.reservationAssignments.delete
bigquery.reservationAssignments.list
bigquery.reservationAssignments.search

bigquery.reservations.*

bigquery.reservations.create
bigquery.reservations.delete
bigquery.reservations.get
bigquery.reservations.list
bigquery.reservations.listFailoverDatasets
bigquery.reservations.update
bigquery.reservations.use

bigquery.routines.*

bigquery.routines.create
bigquery.routines.delete
bigquery.routines.get
bigquery.routines.list
bigquery.routines.update
bigquery.routines.updateTag

bigquery.rowAccessPolicies.create

bigquery.rowAccessPolicies.delete

bigquery.rowAccessPolicies.get

bigquery.rowAccessPolicies.getIamPolicy

bigquery.rowAccessPolicies.list

bigquery.rowAccessPolicies.overrideTimeTravelRestrictions

bigquery.rowAccessPolicies.setIamPolicy

bigquery.rowAccessPolicies.update

bigquery.savedqueries.*

bigquery.savedqueries.create
bigquery.savedqueries.delete
bigquery.savedqueries.get
bigquery.savedqueries.list
bigquery.savedqueries.update

bigquery.tables.*

bigquery.tables.create
bigquery.tables.createIndex
bigquery.tables.createSnapshot
bigquery.tables.createTagBinding
bigquery.tables.delete
bigquery.tables.deleteIndex
bigquery.tables.deleteSnapshot
bigquery.tables.deleteTagBinding
bigquery.tables.export
bigquery.tables.get
bigquery.tables.getData
bigquery.tables.getIamPolicy
bigquery.tables.list
bigquery.tables.listEffectiveTags
bigquery.tables.listTagBindings
bigquery.tables.replicateData
bigquery.tables.restoreSnapshot
bigquery.tables.setCategory
bigquery.tables.setColumnDataPolicy
bigquery.tables.setIamPolicy
bigquery.tables.update
bigquery.tables.updateData
bigquery.tables.updateIndex
bigquery.tables.updateTag

bigquery.transfers.*

bigquery.transfers.get
bigquery.transfers.update

bigquerymigration.translation.translate

cloudkms.keyHandles.*

cloudkms.keyHandles.create
cloudkms.keyHandles.get
cloudkms.keyHandles.list

cloudkms.operations.get

cloudkms.projects.showEffectiveAutokeyConfig

dataform.*

dataform.commentThreads.create
dataform.commentThreads.delete
dataform.commentThreads.get
dataform.commentThreads.list
dataform.commentThreads.update
dataform.comments.create
dataform.comments.delete
dataform.comments.get
dataform.comments.list
dataform.comments.update
dataform.compilationResults.create
dataform.compilationResults.get
dataform.compilationResults.list
dataform.compilationResults.query
dataform.config.get
dataform.config.update
dataform.locations.get
dataform.locations.list
dataform.releaseConfigs.create
dataform.releaseConfigs.delete
dataform.releaseConfigs.get
dataform.releaseConfigs.list
dataform.releaseConfigs.update
dataform.repositories.commit
dataform.repositories.computeAccessTokenStatus
dataform.repositories.create
dataform.repositories.delete
dataform.repositories.fetchHistory
dataform.repositories.fetchRemoteBranches
dataform.repositories.get
dataform.repositories.getIamPolicy
dataform.repositories.list
dataform.repositories.queryDirectoryContents
dataform.repositories.readFile
dataform.repositories.setIamPolicy
dataform.repositories.update
dataform.workflowConfigs.create
dataform.workflowConfigs.delete
dataform.workflowConfigs.get
dataform.workflowConfigs.list
dataform.workflowConfigs.update
dataform.workflowInvocations.cancel
dataform.workflowInvocations.create
dataform.workflowInvocations.delete
dataform.workflowInvocations.get
dataform.workflowInvocations.list
dataform.workflowInvocations.query
dataform.workspaces.commit
dataform.workspaces.create
dataform.workspaces.delete
dataform.workspaces.fetchFileDiff
dataform.workspaces.fetchFileGitStatuses
dataform.workspaces.fetchGitAheadBehind
dataform.workspaces.get
dataform.workspaces.getIamPolicy
dataform.workspaces.installNpmPackages
dataform.workspaces.list
dataform.workspaces.makeDirectory
dataform.workspaces.moveDirectory
dataform.workspaces.moveFile
dataform.workspaces.pull
dataform.workspaces.push
dataform.workspaces.queryDirectoryContents
dataform.workspaces.readFile
dataform.workspaces.removeDirectory
dataform.workspaces.removeFile
dataform.workspaces.reset
dataform.workspaces.searchFiles
dataform.workspaces.setIamPolicy
dataform.workspaces.writeFile

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

BigQuery Connection Admin

(roles/bigquery.connectionAdmin)

bigquery.connections.*

bigquery.connections.create
bigquery.connections.delegate
bigquery.connections.delete
bigquery.connections.get
bigquery.connections.getIamPolicy
bigquery.connections.list
bigquery.connections.setIamPolicy
bigquery.connections.update
bigquery.connections.updateTag
bigquery.connections.use

BigQuery Connection User

(roles/bigquery.connectionUser)

bigquery.connections.get

bigquery.connections.getIamPolicy

bigquery.connections.list

bigquery.connections.use

BigQuery Data Editor

(roles/bigquery.dataEditor)

When applied to a table or view, this role provides permissions to:

Read and update data and metadata for the table or view.
Delete the table or view.

This role cannot be applied to individual models or routines.

When applied to a dataset, this role provides permissions to:

Read the dataset's metadata and list tables in the dataset.
Create, update, get, and delete the dataset's tables.

The BigQuery Data Editor role is mapped to the WRITER BigQuery basic role. When you grant the BigQuery Data Editor role to a principal at the dataset level, the principal is granted WRITER access to the dataset.

When applied at the project or organization level, this role can also create new datasets.

Lowest-level resources where you can grant this role:

Table
View

bigquery.config.get

bigquery.datasets.create

bigquery.datasets.get

bigquery.datasets.getIamPolicy

bigquery.datasets.updateTag

bigquery.models.*

bigquery.models.create
bigquery.models.delete
bigquery.models.export
bigquery.models.getData
bigquery.models.getMetadata
bigquery.models.list
bigquery.models.updateData
bigquery.models.updateMetadata
bigquery.models.updateTag

bigquery.routines.*

bigquery.routines.create
bigquery.routines.delete
bigquery.routines.get
bigquery.routines.list
bigquery.routines.update
bigquery.routines.updateTag

bigquery.tables.create

bigquery.tables.createIndex

bigquery.tables.createSnapshot

bigquery.tables.delete

bigquery.tables.deleteIndex

bigquery.tables.export

bigquery.tables.get

bigquery.tables.getData

bigquery.tables.getIamPolicy

bigquery.tables.list

bigquery.tables.replicateData

bigquery.tables.restoreSnapshot

bigquery.tables.update

bigquery.tables.updateData

bigquery.tables.updateIndex

bigquery.tables.updateTag

cloudkms.keyHandles.*

cloudkms.keyHandles.create
cloudkms.keyHandles.get
cloudkms.keyHandles.list

cloudkms.operations.get

cloudkms.projects.showEffectiveAutokeyConfig

resourcemanager.projects.get

resourcemanager.projects.list

BigQuery Data Owner

(roles/bigquery.dataOwner)

When applied to a table or view, this role provides permissions to:

Read and update data and metadata for the table or view.
Share the table or view.
Delete the table or view.

This role cannot be applied to individual models or routines.

When applied to a dataset, this role provides permissions to:

Read, update, and delete the dataset.
Create, update, get, and delete the dataset's tables.

The BigQuery Data Owner role is mapped to the OWNER BigQuery basic role. When you grant the BigQuery Data Owner role to a principal at the dataset level, the principal is granted OWNER access to the dataset.

When applied at the project or organization level, this role can also create new datasets.

Lowest-level resources where you can grant this role:

Table
View

bigquery.config.get

bigquery.dataPolicies.create

bigquery.dataPolicies.delete

bigquery.dataPolicies.get

bigquery.dataPolicies.getIamPolicy

bigquery.dataPolicies.list

bigquery.dataPolicies.setIamPolicy

bigquery.dataPolicies.update

bigquery.datasets.*

bigquery.datasets.create
bigquery.datasets.createTagBinding
bigquery.datasets.delete
bigquery.datasets.deleteTagBinding
bigquery.datasets.get
bigquery.datasets.getIamPolicy
bigquery.datasets.link
bigquery.datasets.listEffectiveTags
bigquery.datasets.listSharedDatasetUsage
bigquery.datasets.listTagBindings
bigquery.datasets.setIamPolicy
bigquery.datasets.update
bigquery.datasets.updateTag

bigquery.models.*

bigquery.models.create
bigquery.models.delete
bigquery.models.export
bigquery.models.getData
bigquery.models.getMetadata
bigquery.models.list
bigquery.models.updateData
bigquery.models.updateMetadata
bigquery.models.updateTag

bigquery.routines.*

bigquery.routines.create
bigquery.routines.delete
bigquery.routines.get
bigquery.routines.list
bigquery.routines.update
bigquery.routines.updateTag

bigquery.rowAccessPolicies.create

bigquery.rowAccessPolicies.delete

bigquery.rowAccessPolicies.get

bigquery.rowAccessPolicies.getIamPolicy

bigquery.rowAccessPolicies.list

bigquery.rowAccessPolicies.setIamPolicy

bigquery.rowAccessPolicies.update

bigquery.tables.*

bigquery.tables.create
bigquery.tables.createIndex
bigquery.tables.createSnapshot
bigquery.tables.createTagBinding
bigquery.tables.delete
bigquery.tables.deleteIndex
bigquery.tables.deleteSnapshot
bigquery.tables.deleteTagBinding
bigquery.tables.export
bigquery.tables.get
bigquery.tables.getData
bigquery.tables.getIamPolicy
bigquery.tables.list
bigquery.tables.listEffectiveTags
bigquery.tables.listTagBindings
bigquery.tables.replicateData
bigquery.tables.restoreSnapshot
bigquery.tables.setCategory
bigquery.tables.setColumnDataPolicy
bigquery.tables.setIamPolicy
bigquery.tables.update
bigquery.tables.updateData
bigquery.tables.updateIndex
bigquery.tables.updateTag

cloudkms.keyHandles.*

cloudkms.keyHandles.create
cloudkms.keyHandles.get
cloudkms.keyHandles.list

cloudkms.operations.get

cloudkms.projects.showEffectiveAutokeyConfig

resourcemanager.projects.get

resourcemanager.projects.list

BigQuery Data Viewer

(roles/bigquery.dataViewer)

When applied to a table or view, this role provides permissions to:

Read data and metadata from the table or view.

This role cannot be applied to individual models or routines.

When applied to a dataset, this role provides permissions to list all of the resources in the dataset (such as tables, views, snapshots, models, and routines) and to read their data and metadata with applicable APIs and in queries.

The BigQuery Data Viewer role is mapped to the READER BigQuery basic role. When you grant the BigQuery Data Viewer role to a principal at the dataset level, the principal is granted READER access to the dataset.

When applied at the project or organization level, this role can also enumerate all datasets in the project. Additional roles, however, are necessary to allow the running of jobs.

Lowest-level resources where you can grant this role:

Table
View

bigquery.datasets.get

bigquery.datasets.getIamPolicy

bigquery.models.export

bigquery.models.getData

bigquery.models.getMetadata

bigquery.models.list

bigquery.routines.get

bigquery.routines.list

bigquery.tables.createSnapshot

bigquery.tables.export

bigquery.tables.get

bigquery.tables.getData

bigquery.tables.getIamPolicy

bigquery.tables.list

bigquery.tables.replicateData

resourcemanager.projects.get

resourcemanager.projects.list

BigQuery Filtered Data Viewer

(roles/bigquery.filteredDataViewer)

Access to view filtered table data defined by a row access policy

bigquery.rowAccessPolicies.getFilteredData

BigQuery Job User

(roles/bigquery.jobUser)

Provides permissions to run jobs, including queries, within the project.

Lowest-level resources where you can grant this role:

Project

bigquery.config.get

bigquery.jobs.create

dataform.locations.*

dataform.locations.get
dataform.locations.list

dataform.repositories.create

dataform.repositories.list

resourcemanager.projects.get

resourcemanager.projects.list

BigQuery Metadata Viewer

(roles/bigquery.metadataViewer)

When applied to a table or view, this role provides permissions to:

Read metadata from the table or view.

This role cannot be applied to individual models or routines.

When applied to a dataset, this role provides permissions to:

List tables and views in the dataset.
Read metadata from the dataset's tables and views.

When applied at the project or organization level, this role provides permissions to:

List all datasets and read metadata for all datasets in the project.
List all tables and views and read metadata for all tables and views in the project.

Additional roles are necessary to allow the running of jobs.

Lowest-level resources where you can grant this role:

Table
View

bigquery.datasets.get

bigquery.datasets.getIamPolicy

bigquery.models.getMetadata

bigquery.models.list

bigquery.routines.get

bigquery.routines.list

bigquery.tables.get

bigquery.tables.getIamPolicy

bigquery.tables.list

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

BigQuery ObjectRef Admin

(roles/bigquery.objectRefAdmin)

Administer ObjectRef resources that includes read and write permissions

bigquery.objectRefs.*

bigquery.objectRefs.read
bigquery.objectRefs.write

BigQuery ObjectRef Reader

(roles/bigquery.objectRefReader)

Role for reading referenced objects via ObjectRefs in BigQuery

bigquery.objectRefs.read

BigQuery Read Session User

(roles/bigquery.readSessionUser)

Provides the ability to create and use read sessions.

Lowest-level resources where you can grant this role:

Project

bigquery.readsessions.*

bigquery.readsessions.create
bigquery.readsessions.getData
bigquery.readsessions.update

resourcemanager.projects.get

resourcemanager.projects.list

BigQuery Resource Admin

(roles/bigquery.resourceAdmin)

Administers BigQuery workloads, including slot assignments, commitments, and reservations.

bigquery.bireservations.*

bigquery.bireservations.get
bigquery.bireservations.update

bigquery.capacityCommitments.*

bigquery.capacityCommitments.create
bigquery.capacityCommitments.delete
bigquery.capacityCommitments.get
bigquery.capacityCommitments.list
bigquery.capacityCommitments.update

bigquery.jobs.get

bigquery.jobs.list

bigquery.jobs.listAll

bigquery.jobs.listExecutionMetadata

bigquery.reservationAssignments.*

bigquery.reservationAssignments.create
bigquery.reservationAssignments.delete
bigquery.reservationAssignments.list
bigquery.reservationAssignments.search

bigquery.reservations.*

bigquery.reservations.create
bigquery.reservations.delete
bigquery.reservations.get
bigquery.reservations.list
bigquery.reservations.listFailoverDatasets
bigquery.reservations.update
bigquery.reservations.use

recommender.bigqueryCapacityCommitmentsInsights.*

recommender.bigqueryCapacityCommitmentsInsights.get
recommender.bigqueryCapacityCommitmentsInsights.list
recommender.bigqueryCapacityCommitmentsInsights.update

recommender.bigqueryCapacityCommitmentsRecommendations.*

recommender.bigqueryCapacityCommitmentsRecommendations.get
recommender.bigqueryCapacityCommitmentsRecommendations.list
recommender.bigqueryCapacityCommitmentsRecommendations.update

resourcemanager.projects.get

resourcemanager.projects.list

BigQuery Resource Editor

(roles/bigquery.resourceEditor)

Manages BigQuery workloads, but is unable to create or modify slot commitments.

bigquery.bireservations.get

bigquery.capacityCommitments.get

bigquery.capacityCommitments.list

bigquery.jobs.get

bigquery.jobs.list

bigquery.jobs.listAll

bigquery.jobs.listExecutionMetadata

bigquery.reservationAssignments.*

bigquery.reservationAssignments.create
bigquery.reservationAssignments.delete
bigquery.reservationAssignments.list
bigquery.reservationAssignments.search

bigquery.reservations.*

bigquery.reservations.create
bigquery.reservations.delete
bigquery.reservations.get
bigquery.reservations.list
bigquery.reservations.listFailoverDatasets
bigquery.reservations.update
bigquery.reservations.use

resourcemanager.projects.get

resourcemanager.projects.list

BigQuery Resource Viewer

(roles/bigquery.resourceViewer)

Can view BigQuery workloads, but cannot create or modify slot reservations or commitments.

bigquery.bireservations.get

bigquery.capacityCommitments.get

bigquery.capacityCommitments.list

bigquery.jobs.get

bigquery.jobs.list

bigquery.jobs.listAll

bigquery.jobs.listExecutionMetadata

bigquery.reservationAssignments.list

bigquery.reservationAssignments.search

bigquery.reservations.get

bigquery.reservations.list

bigquery.reservations.listFailoverDatasets

resourcemanager.projects.get

resourcemanager.projects.list

BigQuery Studio Admin

(roles/bigquery.studioAdmin)

Combination role of BigQuery Admin, Dataform Admin, Notebook Runtime Admin and Dataproc Serverless Editor.

aiplatform.notebookRuntimeTemplates.*

aiplatform.notebookRuntimeTemplates.apply
aiplatform.notebookRuntimeTemplates.create
aiplatform.notebookRuntimeTemplates.delete
aiplatform.notebookRuntimeTemplates.get
aiplatform.notebookRuntimeTemplates.getIamPolicy
aiplatform.notebookRuntimeTemplates.list
aiplatform.notebookRuntimeTemplates.setIamPolicy
aiplatform.notebookRuntimeTemplates.update

aiplatform.notebookRuntimes.*

aiplatform.notebookRuntimes.assign
aiplatform.notebookRuntimes.delete
aiplatform.notebookRuntimes.get
aiplatform.notebookRuntimes.list
aiplatform.notebookRuntimes.start
aiplatform.notebookRuntimes.update
aiplatform.notebookRuntimes.upgrade

aiplatform.operations.list

bigquery.bireservations.*

bigquery.bireservations.get
bigquery.bireservations.update

bigquery.capacityCommitments.*

bigquery.capacityCommitments.create
bigquery.capacityCommitments.delete
bigquery.capacityCommitments.get
bigquery.capacityCommitments.list
bigquery.capacityCommitments.update

bigquery.config.*

bigquery.config.get
bigquery.config.update

bigquery.connections.*

bigquery.connections.create
bigquery.connections.delegate
bigquery.connections.delete
bigquery.connections.get
bigquery.connections.getIamPolicy
bigquery.connections.list
bigquery.connections.setIamPolicy
bigquery.connections.update
bigquery.connections.updateTag
bigquery.connections.use

bigquery.dataPolicies.create

bigquery.dataPolicies.delete

bigquery.dataPolicies.get

bigquery.dataPolicies.getIamPolicy

bigquery.dataPolicies.list

bigquery.dataPolicies.setIamPolicy

bigquery.dataPolicies.update

bigquery.datasets.*

bigquery.datasets.create
bigquery.datasets.createTagBinding
bigquery.datasets.delete
bigquery.datasets.deleteTagBinding
bigquery.datasets.get
bigquery.datasets.getIamPolicy
bigquery.datasets.link
bigquery.datasets.listEffectiveTags
bigquery.datasets.listSharedDatasetUsage
bigquery.datasets.listTagBindings
bigquery.datasets.setIamPolicy
bigquery.datasets.update
bigquery.datasets.updateTag

bigquery.jobs.*

bigquery.jobs.create
bigquery.jobs.delete
bigquery.jobs.get
bigquery.jobs.list
bigquery.jobs.listAll
bigquery.jobs.listExecutionMetadata
bigquery.jobs.update

bigquery.models.*

bigquery.models.create
bigquery.models.delete
bigquery.models.export
bigquery.models.getData
bigquery.models.getMetadata
bigquery.models.list
bigquery.models.updateData
bigquery.models.updateMetadata
bigquery.models.updateTag

bigquery.objectRefs.*

bigquery.objectRefs.read
bigquery.objectRefs.write

bigquery.readsessions.*

bigquery.readsessions.create
bigquery.readsessions.getData
bigquery.readsessions.update

bigquery.reservationAssignments.*

bigquery.reservationAssignments.create
bigquery.reservationAssignments.delete
bigquery.reservationAssignments.list
bigquery.reservationAssignments.search

bigquery.reservations.*

bigquery.reservations.create
bigquery.reservations.delete
bigquery.reservations.get
bigquery.reservations.list
bigquery.reservations.listFailoverDatasets
bigquery.reservations.update
bigquery.reservations.use

bigquery.routines.*

bigquery.routines.create
bigquery.routines.delete
bigquery.routines.get
bigquery.routines.list
bigquery.routines.update
bigquery.routines.updateTag

bigquery.rowAccessPolicies.create

bigquery.rowAccessPolicies.delete

bigquery.rowAccessPolicies.get

bigquery.rowAccessPolicies.getIamPolicy

bigquery.rowAccessPolicies.list

bigquery.rowAccessPolicies.overrideTimeTravelRestrictions

bigquery.rowAccessPolicies.setIamPolicy

bigquery.rowAccessPolicies.update

bigquery.savedqueries.*

bigquery.savedqueries.create
bigquery.savedqueries.delete
bigquery.savedqueries.get
bigquery.savedqueries.list
bigquery.savedqueries.update

bigquery.tables.*

bigquery.tables.create
bigquery.tables.createIndex
bigquery.tables.createSnapshot
bigquery.tables.createTagBinding
bigquery.tables.delete
bigquery.tables.deleteIndex
bigquery.tables.deleteSnapshot
bigquery.tables.deleteTagBinding
bigquery.tables.export
bigquery.tables.get
bigquery.tables.getData
bigquery.tables.getIamPolicy
bigquery.tables.list
bigquery.tables.listEffectiveTags
bigquery.tables.listTagBindings
bigquery.tables.replicateData
bigquery.tables.restoreSnapshot
bigquery.tables.setCategory
bigquery.tables.setColumnDataPolicy
bigquery.tables.setIamPolicy
bigquery.tables.update
bigquery.tables.updateData
bigquery.tables.updateIndex
bigquery.tables.updateTag

bigquery.transfers.*

bigquery.transfers.get
bigquery.transfers.update

bigquerymigration.translation.translate

cloudkms.keyHandles.*

cloudkms.keyHandles.create
cloudkms.keyHandles.get
cloudkms.keyHandles.list

cloudkms.operations.get

cloudkms.projects.showEffectiveAutokeyConfig

compute.projects.get

compute.regions.*

compute.regions.get
compute.regions.list

compute.reservations.get

compute.reservations.list

compute.zones.*

compute.zones.get
compute.zones.list

dataform.*

dataform.commentThreads.create
dataform.commentThreads.delete
dataform.commentThreads.get
dataform.commentThreads.list
dataform.commentThreads.update
dataform.comments.create
dataform.comments.delete
dataform.comments.get
dataform.comments.list
dataform.comments.update
dataform.compilationResults.create
dataform.compilationResults.get
dataform.compilationResults.list
dataform.compilationResults.query
dataform.config.get
dataform.config.update
dataform.locations.get
dataform.locations.list
dataform.releaseConfigs.create
dataform.releaseConfigs.delete
dataform.releaseConfigs.get
dataform.releaseConfigs.list
dataform.releaseConfigs.update
dataform.repositories.commit
dataform.repositories.computeAccessTokenStatus
dataform.repositories.create
dataform.repositories.delete
dataform.repositories.fetchHistory
dataform.repositories.fetchRemoteBranches
dataform.repositories.get
dataform.repositories.getIamPolicy
dataform.repositories.list
dataform.repositories.queryDirectoryContents
dataform.repositories.readFile
dataform.repositories.setIamPolicy
dataform.repositories.update
dataform.workflowConfigs.create
dataform.workflowConfigs.delete
dataform.workflowConfigs.get
dataform.workflowConfigs.list
dataform.workflowConfigs.update
dataform.workflowInvocations.cancel
dataform.workflowInvocations.create
dataform.workflowInvocations.delete
dataform.workflowInvocations.get
dataform.workflowInvocations.list
dataform.workflowInvocations.query
dataform.workspaces.commit
dataform.workspaces.create
dataform.workspaces.delete
dataform.workspaces.fetchFileDiff
dataform.workspaces.fetchFileGitStatuses
dataform.workspaces.fetchGitAheadBehind
dataform.workspaces.get
dataform.workspaces.getIamPolicy
dataform.workspaces.installNpmPackages
dataform.workspaces.list
dataform.workspaces.makeDirectory
dataform.workspaces.moveDirectory
dataform.workspaces.moveFile
dataform.workspaces.pull
dataform.workspaces.push
dataform.workspaces.queryDirectoryContents
dataform.workspaces.readFile
dataform.workspaces.removeDirectory
dataform.workspaces.removeFile
dataform.workspaces.reset
dataform.workspaces.searchFiles
dataform.workspaces.setIamPolicy
dataform.workspaces.writeFile

dataplex.projects.search

dataproc.batches.*

dataproc.batches.analyze
dataproc.batches.cancel
dataproc.batches.create
dataproc.batches.delete
dataproc.batches.get
dataproc.batches.list
dataproc.batches.sparkApplicationRead
dataproc.batches.sparkApplicationWrite

dataproc.operations.cancel

dataproc.operations.delete

dataproc.operations.get

dataproc.operations.list

dataproc.sessionTemplates.*

dataproc.sessionTemplates.create
dataproc.sessionTemplates.delete
dataproc.sessionTemplates.get
dataproc.sessionTemplates.list
dataproc.sessionTemplates.update

dataproc.sessions.*

dataproc.sessions.create
dataproc.sessions.delete
dataproc.sessions.get
dataproc.sessions.list
dataproc.sessions.sparkApplicationRead
dataproc.sessions.sparkApplicationWrite
dataproc.sessions.terminate

dataprocrm.nodePools.*

dataprocrm.nodePools.create
dataprocrm.nodePools.delete
dataprocrm.nodePools.deleteNodes
dataprocrm.nodePools.get
dataprocrm.nodePools.list
dataprocrm.nodePools.resize

dataprocrm.nodes.get

dataprocrm.nodes.heartbeat

dataprocrm.nodes.list

dataprocrm.nodes.update

dataprocrm.operations.get

dataprocrm.operations.list

dataprocrm.workloads.*

dataprocrm.workloads.cancel
dataprocrm.workloads.create
dataprocrm.workloads.delete
dataprocrm.workloads.get
dataprocrm.workloads.list

resourcemanager.projects.get

resourcemanager.projects.list

BigQuery Studio User

(roles/bigquery.studioUser)

Combination role of BigQuery Job User, BigQuery Read Session User, Dataform Code Creator, Notebook Runtime User and Dataproc Serverless Editor.

aiplatform.notebookRuntimeTemplates.apply

aiplatform.notebookRuntimeTemplates.get

aiplatform.notebookRuntimeTemplates.getIamPolicy

aiplatform.notebookRuntimeTemplates.list

aiplatform.notebookRuntimes.assign

aiplatform.notebookRuntimes.get

aiplatform.notebookRuntimes.list

aiplatform.operations.list

bigquery.config.get

bigquery.jobs.create

bigquery.readsessions.*

bigquery.readsessions.create
bigquery.readsessions.getData
bigquery.readsessions.update

compute.projects.get

compute.regions.*

compute.regions.get
compute.regions.list

compute.zones.*

compute.zones.get
compute.zones.list

dataform.commentThreads.get

dataform.commentThreads.list

dataform.comments.get

dataform.comments.list

dataform.locations.*

dataform.locations.get
dataform.locations.list

dataform.repositories.create

dataform.repositories.list

dataplex.projects.search

dataproc.batches.*

dataproc.batches.analyze
dataproc.batches.cancel
dataproc.batches.create
dataproc.batches.delete
dataproc.batches.get
dataproc.batches.list
dataproc.batches.sparkApplicationRead
dataproc.batches.sparkApplicationWrite

dataproc.operations.cancel

dataproc.operations.delete

dataproc.operations.get

dataproc.operations.list

dataproc.sessionTemplates.*

dataproc.sessionTemplates.create
dataproc.sessionTemplates.delete
dataproc.sessionTemplates.get
dataproc.sessionTemplates.list
dataproc.sessionTemplates.update

dataproc.sessions.*

dataproc.sessions.create
dataproc.sessions.delete
dataproc.sessions.get
dataproc.sessions.list
dataproc.sessions.sparkApplicationRead
dataproc.sessions.sparkApplicationWrite
dataproc.sessions.terminate

dataprocrm.nodePools.*

dataprocrm.nodePools.create
dataprocrm.nodePools.delete
dataprocrm.nodePools.deleteNodes
dataprocrm.nodePools.get
dataprocrm.nodePools.list
dataprocrm.nodePools.resize

dataprocrm.nodes.get

dataprocrm.nodes.heartbeat

dataprocrm.nodes.list

dataprocrm.nodes.update

dataprocrm.operations.get

dataprocrm.operations.list

dataprocrm.workloads.*

dataprocrm.workloads.cancel
dataprocrm.workloads.create
dataprocrm.workloads.delete
dataprocrm.workloads.get
dataprocrm.workloads.list

resourcemanager.projects.get

resourcemanager.projects.list

BigQuery User

(roles/bigquery.user)

When applied to a dataset, this role provides the ability to read the dataset's metadata and list tables in the dataset.

When applied to a project, this role also provides the ability to run jobs, including queries, within the project. A principal with this role can enumerate their own jobs, cancel their own jobs, and enumerate datasets within a project. Additionally, allows the creation of new datasets within the project; the creator is granted the BigQuery Data Owner role (roles/bigquery.dataOwner) on these new datasets.

Lowest-level resources where you can grant this role:

Dataset

bigquery.bireservations.get

bigquery.capacityCommitments.get

bigquery.capacityCommitments.list

bigquery.config.get

bigquery.datasets.create

bigquery.datasets.get

bigquery.datasets.getIamPolicy

bigquery.jobs.create

bigquery.jobs.list

bigquery.models.list

bigquery.readsessions.*

bigquery.readsessions.create
bigquery.readsessions.getData
bigquery.readsessions.update

bigquery.reservationAssignments.list

bigquery.reservationAssignments.search

bigquery.reservations.get

bigquery.reservations.list

bigquery.reservations.listFailoverDatasets

bigquery.reservations.use

bigquery.routines.list

bigquery.savedqueries.get

bigquery.savedqueries.list

bigquery.tables.list

bigquery.transfers.get

bigquerymigration.translation.translate

cloudkms.keyHandles.*

cloudkms.keyHandles.create
cloudkms.keyHandles.get
cloudkms.keyHandles.list

cloudkms.operations.get

cloudkms.projects.showEffectiveAutokeyConfig

dataform.locations.*

dataform.locations.get
dataform.locations.list

dataform.repositories.create

dataform.repositories.list

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

BigQuery permissions

Permission	Included in roles
`bigquery.bireservations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Resource Admin (`roles/bigquery.resourceAdmin`) BigQuery Resource Editor (`roles/bigquery.resourceEditor`) BigQuery Resource Viewer (`roles/bigquery.resourceViewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery User (`roles/bigquery.user`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.bireservations.update`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Resource Admin (`roles/bigquery.resourceAdmin`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.capacityCommitments.create`	Owner (`roles/owner`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Resource Admin (`roles/bigquery.resourceAdmin`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.capacityCommitments.delete`	Owner (`roles/owner`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Resource Admin (`roles/bigquery.resourceAdmin`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.capacityCommitments.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Resource Admin (`roles/bigquery.resourceAdmin`) BigQuery Resource Editor (`roles/bigquery.resourceEditor`) BigQuery Resource Viewer (`roles/bigquery.resourceViewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery User (`roles/bigquery.user`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.capacityCommitments.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Resource Admin (`roles/bigquery.resourceAdmin`) BigQuery Resource Editor (`roles/bigquery.resourceEditor`) BigQuery Resource Viewer (`roles/bigquery.resourceViewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery User (`roles/bigquery.user`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.capacityCommitments.update`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Resource Admin (`roles/bigquery.resourceAdmin`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.config.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Editor (`roles/bigquery.dataEditor`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Job User (`roles/bigquery.jobUser`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) BigQuery User (`roles/bigquery.user`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Enterprise Knowledge Graph Service Agent (`roles/enterpriseknowledgegraph.serviceAgent`) FleetEngine Service Agent (`roles/fleetengine.serviceAgent`) Looker Service Agent (`roles/looker.serviceAgent`) BigQuery Data Transfer Service Agent (`roles/bigquerydatatransfer.serviceAgent`)
`bigquery.config.update`	Owner (`roles/owner`) Editor (`roles/editor`) Assured Workloads Administrator (`roles/assuredworkloads.admin`) Assured Workloads Editor (`roles/assuredworkloads.editor`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.connections.create`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Connection Admin (`roles/bigquery.connectionAdmin`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`bigquery.connections.delegate`	Owner (`roles/owner`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Connection Admin (`roles/bigquery.connectionAdmin`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataplex Discovery BigLake Publishing Service Agent (`roles/dataplex.discoveryBigLakePublishingServiceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Datastream Service Agent (`roles/datastream.serviceAgent`) Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`bigquery.connections.delete`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Connection Admin (`roles/bigquery.connectionAdmin`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`bigquery.connections.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Connection Admin (`roles/bigquery.connectionAdmin`) BigQuery Connection User (`roles/bigquery.connectionUser`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Data Catalog Admin (`roles/datacatalog.admin`) Data Catalog Viewer (`roles/datacatalog.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Datastream Service Agent (`roles/datastream.serviceAgent`) Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`bigquery.connections.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Connection Admin (`roles/bigquery.connectionAdmin`) BigQuery Connection User (`roles/bigquery.connectionUser`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`bigquery.connections.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Connection Admin (`roles/bigquery.connectionAdmin`) BigQuery Connection User (`roles/bigquery.connectionUser`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`bigquery.connections.setIamPolicy`	Owner (`roles/owner`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Connection Admin (`roles/bigquery.connectionAdmin`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Security Admin (`roles/iam.securityAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.connections.update`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Connection Admin (`roles/bigquery.connectionAdmin`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`bigquery.connections.updateTag`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Connection Admin (`roles/bigquery.connectionAdmin`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Data Catalog Admin (`roles/datacatalog.admin`) Data Catalog Tag Editor (`roles/datacatalog.tagEditor`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`bigquery.connections.use`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Connection Admin (`roles/bigquery.connectionAdmin`) BigQuery Connection User (`roles/bigquery.connectionUser`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataplex Discovery BigLake Publishing Service Agent (`roles/dataplex.discoveryBigLakePublishingServiceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`bigquery.dataPolicies.create`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Data Policy Admin (`roles/bigquerydatapolicy.admin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.dataPolicies.delete`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Data Policy Admin (`roles/bigquerydatapolicy.admin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.dataPolicies.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Data Policy Admin (`roles/bigquerydatapolicy.admin`) BigQuery Data Policy Viewer (`roles/bigquerydatapolicy.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.dataPolicies.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Data Policy Admin (`roles/bigquerydatapolicy.admin`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.dataPolicies.getRawData`	Raw Data Reader (`roles/bigquerydatapolicy.rawDataReader`)
`bigquery.dataPolicies.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Data Policy Admin (`roles/bigquerydatapolicy.admin`) BigQuery Data Policy Viewer (`roles/bigquerydatapolicy.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.dataPolicies.maskedGet`	Masked Reader (`roles/bigquerydatapolicy.maskedReader`)
`bigquery.dataPolicies.setIamPolicy`	Owner (`roles/owner`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Data Policy Admin (`roles/bigquerydatapolicy.admin`) Security Admin (`roles/iam.securityAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.dataPolicies.update`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Data Policy Admin (`roles/bigquerydatapolicy.admin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.datasets.create`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Editor (`roles/bigquery.dataEditor`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery User (`roles/bigquery.user`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Custom Code Service Agent (`roles/aiplatform.customCodeServiceAgent`) Vertex AI Model Monitoring Service Agent (`roles/aiplatform.modelMonitoringServiceAgent`) Vertex AI RAG Data Service Agent (`roles/aiplatform.ragServiceAgent`) Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) AutoML Service Agent (`roles/automl.serviceAgent`) Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`) Chronicle Service Agent (`roles/chronicle.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Contact Center AI Insights Service Agent (`roles/contactcenterinsights.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Data Labeling Service Agent (`roles/datalabeling.serviceAgent`) Dataplex Discovery Publishing Service Agent (`roles/dataplex.discoveryPublishingServiceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Datastream Service Agent (`roles/datastream.serviceAgent`) Dialogflow Service Agent (`roles/dialogflow.serviceAgent`) Discovery Engine Service Agent (`roles/discoveryengine.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Enterprise Knowledge Graph Service Agent (`roles/enterpriseknowledgegraph.serviceAgent`) Firebase Service Management Service Agent (`roles/firebase.managementServiceAgent`) Firebase Crashlytics Service Agent (`roles/firebasecrashlytics.serviceAgent`) FleetEngine Service Agent (`roles/fleetengine.serviceAgent`) Cloud Logging Service Agent (`roles/logging.serviceAgent`) AI Platform Service Agent (`roles/ml.serviceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Spectrum SAS Service Agent (`roles/spectrumsas.serviceAgent`) StorageInsights Service Agent (`roles/storageinsights.serviceAgent`) Cloud Vision AI Service Agent (`roles/visionai.serviceAgent`) Vertex AI Batch Prediction Service Agent (`roles/aiplatform.batchPredictionServiceAgent`)
`bigquery.datasets.createTagBinding`	Owner (`roles/owner`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) DSPM Service Agent (`roles/dspm.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.datasets.delete`	Owner (`roles/owner`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`bigquery.datasets.deleteTagBinding`	Owner (`roles/owner`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) DSPM Service Agent (`roles/dspm.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.datasets.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Editor (`roles/bigquery.dataEditor`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Data Viewer (`roles/bigquery.dataViewer`) BigQuery Metadata Viewer (`roles/bigquery.metadataViewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery User (`roles/bigquery.user`) Data Catalog Admin (`roles/datacatalog.admin`) Data Catalog Viewer (`roles/datacatalog.viewer`) Dataplex Storage Data Owner (`roles/dataplex.storageDataOwner`) Dataplex Storage Data Reader (`roles/dataplex.storageDataReader`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) SLZ BQDW Blueprint Project Level Remediator (`roles/securedlandingzone.bqdwProjectRemediator`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Custom Code Service Agent (`roles/aiplatform.customCodeServiceAgent`) Vertex AI Model Monitoring Service Agent (`roles/aiplatform.modelMonitoringServiceAgent`) Vertex AI RAG Data Service Agent (`roles/aiplatform.ragServiceAgent`) Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) Audit Manager Auditing Service Agent (`roles/auditmanager.serviceAgent`) AutoML Service Agent (`roles/automl.serviceAgent`) Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`) Cloud Asset Service Agent (`roles/cloudasset.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud Security Compliance Service Agent (`roles/cloudsecuritycompliance.serviceAgent`) Contact Center AI Insights Service Agent (`roles/contactcenterinsights.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Data Labeling Service Agent (`roles/datalabeling.serviceAgent`) Dataplex Discovery Publishing Service Agent (`roles/dataplex.discoveryPublishingServiceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Datastream Service Agent (`roles/datastream.serviceAgent`) Discovery Engine Service Agent (`roles/discoveryengine.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Enterprise Knowledge Graph Service Agent (`roles/enterpriseknowledgegraph.serviceAgent`) Firebase Service Management Service Agent (`roles/firebase.managementServiceAgent`) Firebase Crashlytics Service Agent (`roles/firebasecrashlytics.serviceAgent`) FleetEngine Service Agent (`roles/fleetengine.serviceAgent`) Cloud Logging Service Agent (`roles/logging.serviceAgent`) Looker Service Agent (`roles/looker.serviceAgent`) AI Platform Service Agent (`roles/ml.serviceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Security Center Control Service Agent (`roles/securitycenter.controlServiceAgent`) Security Health Analytics Service Agent (`roles/securitycenter.securityHealthAnalyticsServiceAgent`) Security Center Service Agent (`roles/securitycenter.serviceAgent`) Cloud Vision AI Service Agent (`roles/visionai.serviceAgent`) Vertex AI Batch Prediction Service Agent (`roles/aiplatform.batchPredictionServiceAgent`)
`bigquery.datasets.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Editor (`roles/bigquery.dataEditor`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Data Viewer (`roles/bigquery.dataViewer`) BigQuery Metadata Viewer (`roles/bigquery.metadataViewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery User (`roles/bigquery.user`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) SLZ BQDW Blueprint Project Level Remediator (`roles/securedlandingzone.bqdwProjectRemediator`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`bigquery.datasets.link`	Owner (`roles/owner`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Cloud Logging Service Agent (`roles/logging.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.datasets.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) DSPM Service Agent (`roles/dspm.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.datasets.listSharedDatasetUsage`	Owner (`roles/owner`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.datasets.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) DSPM Service Agent (`roles/dspm.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.datasets.setIamPolicy`	Owner (`roles/owner`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Security Admin (`roles/iam.securityAdmin`) SLZ BQDW Blueprint Project Level Remediator (`roles/securedlandingzone.bqdwProjectRemediator`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.datasets.update`	Owner (`roles/owner`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) SLZ BQDW Blueprint Project Level Remediator (`roles/securedlandingzone.bqdwProjectRemediator`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Firebase Service Management Service Agent (`roles/firebase.managementServiceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`bigquery.datasets.updateTag`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Editor (`roles/bigquery.dataEditor`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Data Catalog Admin (`roles/datacatalog.admin`) Data Catalog Tag Editor (`roles/datacatalog.tagEditor`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.jobs.create`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Job User (`roles/bigquery.jobUser`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) BigQuery User (`roles/bigquery.user`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Custom Code Service Agent (`roles/aiplatform.customCodeServiceAgent`) Vertex AI Model Monitoring Service Agent (`roles/aiplatform.modelMonitoringServiceAgent`) Vertex AI RAG Data Service Agent (`roles/aiplatform.ragServiceAgent`) Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) AutoML Service Agent (`roles/automl.serviceAgent`) Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`) BigQuery Data Transfer Service Agent (`roles/bigquerydatatransfer.serviceAgent`) BigQuery Omni Service Agent (`roles/bigqueryomni.serviceAgent`) Chronicle Service Agent (`roles/chronicle.serviceAgent`) Cloud Asset Service Agent (`roles/cloudasset.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Contact Center AI Insights Service Agent (`roles/contactcenterinsights.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Data Labeling Service Agent (`roles/datalabeling.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Datastream Service Agent (`roles/datastream.serviceAgent`) Data Studio Service Agent (`roles/datastudio.serviceAgent`) Dialogflow Service Agent (`roles/dialogflow.serviceAgent`) Discovery Engine Service Agent (`roles/discoveryengine.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) DSPM Service Agent (`roles/dspm.serviceAgent`) Enterprise Knowledge Graph Service Agent (`roles/enterpriseknowledgegraph.serviceAgent`) FleetEngine Service Agent (`roles/fleetengine.serviceAgent`) Looker Service Agent (`roles/looker.serviceAgent`) AI Platform Service Agent (`roles/ml.serviceAgent`) Monitoring Service Agent (`roles/monitoring.notificationServiceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Spectrum SAS Service Agent (`roles/spectrumsas.serviceAgent`) Cloud Vision AI Service Agent (`roles/visionai.serviceAgent`) Vertex AI Batch Prediction Service Agent (`roles/aiplatform.batchPredictionServiceAgent`)
`bigquery.jobs.delete`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Datastream Service Agent (`roles/datastream.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.jobs.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Resource Admin (`roles/bigquery.resourceAdmin`) BigQuery Resource Editor (`roles/bigquery.resourceEditor`) BigQuery Resource Viewer (`roles/bigquery.resourceViewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Custom Code Service Agent (`roles/aiplatform.customCodeServiceAgent`) Vertex AI Model Monitoring Service Agent (`roles/aiplatform.modelMonitoringServiceAgent`) Vertex AI RAG Data Service Agent (`roles/aiplatform.ragServiceAgent`) Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`) Chronicle Service Agent (`roles/chronicle.serviceAgent`) Cloud Asset Service Agent (`roles/cloudasset.serviceAgent`) Contact Center AI Insights Service Agent (`roles/contactcenterinsights.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Data Labeling Service Agent (`roles/datalabeling.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Datastream Service Agent (`roles/datastream.serviceAgent`) Discovery Engine Service Agent (`roles/discoveryengine.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) AI Platform Service Agent (`roles/ml.serviceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Cloud Vision AI Service Agent (`roles/visionai.serviceAgent`) Vertex AI Batch Prediction Service Agent (`roles/aiplatform.batchPredictionServiceAgent`)
`bigquery.jobs.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Resource Admin (`roles/bigquery.resourceAdmin`) BigQuery Resource Editor (`roles/bigquery.resourceEditor`) BigQuery Resource Viewer (`roles/bigquery.resourceViewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery User (`roles/bigquery.user`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Datastream Service Agent (`roles/datastream.serviceAgent`) Discovery Engine Service Agent (`roles/discoveryengine.serviceAgent`) AI Platform Service Agent (`roles/ml.serviceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`)
`bigquery.jobs.listAll`	Owner (`roles/owner`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Resource Admin (`roles/bigquery.resourceAdmin`) BigQuery Resource Editor (`roles/bigquery.resourceEditor`) BigQuery Resource Viewer (`roles/bigquery.resourceViewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.jobs.listExecutionMetadata`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Resource Admin (`roles/bigquery.resourceAdmin`) BigQuery Resource Editor (`roles/bigquery.resourceEditor`) BigQuery Resource Viewer (`roles/bigquery.resourceViewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.jobs.update`	Owner (`roles/owner`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Datastream Service Agent (`roles/datastream.serviceAgent`) Discovery Engine Service Agent (`roles/discoveryengine.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) AI Platform Service Agent (`roles/ml.serviceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`)
`bigquery.models.create`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Editor (`roles/bigquery.dataEditor`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Dataplex Storage Data Owner (`roles/dataplex.storageDataOwner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Vertex AI Batch Prediction Service Agent (`roles/aiplatform.batchPredictionServiceAgent`)
`bigquery.models.delete`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Editor (`roles/bigquery.dataEditor`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Dataplex Storage Data Owner (`roles/dataplex.storageDataOwner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.models.export`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Editor (`roles/bigquery.dataEditor`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Data Viewer (`roles/bigquery.dataViewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Dataplex Storage Data Owner (`roles/dataplex.storageDataOwner`) Dataplex Storage Data Reader (`roles/dataplex.storageDataReader`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Looker Service Agent (`roles/looker.serviceAgent`) Cloud Vision AI Service Agent (`roles/visionai.serviceAgent`) Vertex AI Batch Prediction Service Agent (`roles/aiplatform.batchPredictionServiceAgent`)
`bigquery.models.getData`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Editor (`roles/bigquery.dataEditor`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Data Viewer (`roles/bigquery.dataViewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Dataplex Storage Data Owner (`roles/dataplex.storageDataOwner`) Dataplex Storage Data Reader (`roles/dataplex.storageDataReader`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Looker Service Agent (`roles/looker.serviceAgent`) Vertex AI Batch Prediction Service Agent (`roles/aiplatform.batchPredictionServiceAgent`)
`bigquery.models.getMetadata`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Editor (`roles/bigquery.dataEditor`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Data Viewer (`roles/bigquery.dataViewer`) BigQuery Metadata Viewer (`roles/bigquery.metadataViewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Data Catalog Admin (`roles/datacatalog.admin`) Data Catalog Viewer (`roles/datacatalog.viewer`) Dataplex Storage Data Owner (`roles/dataplex.storageDataOwner`) Dataplex Storage Data Reader (`roles/dataplex.storageDataReader`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Looker Service Agent (`roles/looker.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.models.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Editor (`roles/bigquery.dataEditor`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Data Viewer (`roles/bigquery.dataViewer`) BigQuery Metadata Viewer (`roles/bigquery.metadataViewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery User (`roles/bigquery.user`) Dataplex Storage Data Owner (`roles/dataplex.storageDataOwner`) Dataplex Storage Data Reader (`roles/dataplex.storageDataReader`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Looker Service Agent (`roles/looker.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.models.updateData`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Editor (`roles/bigquery.dataEditor`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Dataplex Storage Data Owner (`roles/dataplex.storageDataOwner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.models.updateMetadata`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Editor (`roles/bigquery.dataEditor`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Dataplex Storage Data Owner (`roles/dataplex.storageDataOwner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.models.updateTag`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Editor (`roles/bigquery.dataEditor`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Data Catalog Admin (`roles/datacatalog.admin`) Data Catalog Tag Editor (`roles/datacatalog.tagEditor`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.objectRefs.read`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery ObjectRef Admin (`roles/bigquery.objectRefAdmin`) BigQuery ObjectRef Reader (`roles/bigquery.objectRefReader`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Vertex AI Service Agent (`roles/aiplatform.serviceAgent`)
`bigquery.objectRefs.write`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Admin (`roles/bigquery.admin`) BigQuery ObjectRef Admin (`roles/bigquery.objectRefAdmin`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.readsessions.create`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Read Session User (`roles/bigquery.readSessionUser`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) BigQuery User (`roles/bigquery.user`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Custom Code Service Agent (`roles/aiplatform.customCodeServiceAgent`) Vertex AI RAG Data Service Agent (`roles/aiplatform.ragServiceAgent`) Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Enterprise Knowledge Graph Service Agent (`roles/enterpriseknowledgegraph.serviceAgent`) Cloud Vision AI Service Agent (`roles/visionai.serviceAgent`) Vertex AI Batch Prediction Service Agent (`roles/aiplatform.batchPredictionServiceAgent`)
`bigquery.readsessions.getData`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Read Session User (`roles/bigquery.readSessionUser`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) BigQuery User (`roles/bigquery.user`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Custom Code Service Agent (`roles/aiplatform.customCodeServiceAgent`) Vertex AI RAG Data Service Agent (`roles/aiplatform.ragServiceAgent`) Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Enterprise Knowledge Graph Service Agent (`roles/enterpriseknowledgegraph.serviceAgent`) Vertex AI Batch Prediction Service Agent (`roles/aiplatform.batchPredictionServiceAgent`)
`bigquery.readsessions.update`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Read Session User (`roles/bigquery.readSessionUser`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) BigQuery User (`roles/bigquery.user`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.reservationAssignments.create`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Resource Admin (`roles/bigquery.resourceAdmin`) BigQuery Resource Editor (`roles/bigquery.resourceEditor`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.reservationAssignments.delete`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Resource Admin (`roles/bigquery.resourceAdmin`) BigQuery Resource Editor (`roles/bigquery.resourceEditor`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.reservationAssignments.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Resource Admin (`roles/bigquery.resourceAdmin`) BigQuery Resource Editor (`roles/bigquery.resourceEditor`) BigQuery Resource Viewer (`roles/bigquery.resourceViewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery User (`roles/bigquery.user`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.reservationAssignments.search`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Resource Admin (`roles/bigquery.resourceAdmin`) BigQuery Resource Editor (`roles/bigquery.resourceEditor`) BigQuery Resource Viewer (`roles/bigquery.resourceViewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery User (`roles/bigquery.user`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.reservations.create`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Resource Admin (`roles/bigquery.resourceAdmin`) BigQuery Resource Editor (`roles/bigquery.resourceEditor`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.reservations.delete`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Resource Admin (`roles/bigquery.resourceAdmin`) BigQuery Resource Editor (`roles/bigquery.resourceEditor`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.reservations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Resource Admin (`roles/bigquery.resourceAdmin`) BigQuery Resource Editor (`roles/bigquery.resourceEditor`) BigQuery Resource Viewer (`roles/bigquery.resourceViewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery User (`roles/bigquery.user`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.reservations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Resource Admin (`roles/bigquery.resourceAdmin`) BigQuery Resource Editor (`roles/bigquery.resourceEditor`) BigQuery Resource Viewer (`roles/bigquery.resourceViewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery User (`roles/bigquery.user`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.reservations.listFailoverDatasets`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Resource Admin (`roles/bigquery.resourceAdmin`) BigQuery Resource Editor (`roles/bigquery.resourceEditor`) BigQuery Resource Viewer (`roles/bigquery.resourceViewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery User (`roles/bigquery.user`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.reservations.update`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Resource Admin (`roles/bigquery.resourceAdmin`) BigQuery Resource Editor (`roles/bigquery.resourceEditor`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.reservations.use`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Resource Admin (`roles/bigquery.resourceAdmin`) BigQuery Resource Editor (`roles/bigquery.resourceEditor`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery User (`roles/bigquery.user`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.routines.create`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Editor (`roles/bigquery.dataEditor`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Dataplex Storage Data Owner (`roles/dataplex.storageDataOwner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`bigquery.routines.delete`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Editor (`roles/bigquery.dataEditor`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Dataplex Storage Data Owner (`roles/dataplex.storageDataOwner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.routines.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Editor (`roles/bigquery.dataEditor`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Data Viewer (`roles/bigquery.dataViewer`) BigQuery Metadata Viewer (`roles/bigquery.metadataViewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Data Catalog Admin (`roles/datacatalog.admin`) Data Catalog Viewer (`roles/datacatalog.viewer`) Dataplex Storage Data Owner (`roles/dataplex.storageDataOwner`) Dataplex Storage Data Reader (`roles/dataplex.storageDataReader`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`bigquery.routines.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Editor (`roles/bigquery.dataEditor`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Data Viewer (`roles/bigquery.dataViewer`) BigQuery Metadata Viewer (`roles/bigquery.metadataViewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery User (`roles/bigquery.user`) Dataplex Storage Data Owner (`roles/dataplex.storageDataOwner`) Dataplex Storage Data Reader (`roles/dataplex.storageDataReader`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.routines.update`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Editor (`roles/bigquery.dataEditor`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Dataplex Storage Data Owner (`roles/dataplex.storageDataOwner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`bigquery.routines.updateTag`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Editor (`roles/bigquery.dataEditor`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Data Catalog Admin (`roles/datacatalog.admin`) Data Catalog Tag Editor (`roles/datacatalog.tagEditor`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.rowAccessPolicies.create`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.rowAccessPolicies.delete`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.rowAccessPolicies.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.rowAccessPolicies.getFilteredData`	BigQuery Filtered Data Viewer (`roles/bigquery.filteredDataViewer`)
`bigquery.rowAccessPolicies.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.rowAccessPolicies.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.rowAccessPolicies.overrideTimeTravelRestrictions`	BigQuery Admin (`roles/bigquery.admin`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.rowAccessPolicies.setIamPolicy`	Owner (`roles/owner`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Security Admin (`roles/iam.securityAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.rowAccessPolicies.update`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.savedqueries.create`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.savedqueries.delete`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.savedqueries.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery User (`roles/bigquery.user`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.savedqueries.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery User (`roles/bigquery.user`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.savedqueries.update`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.tables.create`	BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Editor (`roles/bigquery.dataEditor`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Dataplex Storage Data Owner (`roles/dataplex.storageDataOwner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Custom Code Service Agent (`roles/aiplatform.customCodeServiceAgent`) Vertex AI Model Monitoring Service Agent (`roles/aiplatform.modelMonitoringServiceAgent`) Vertex AI RAG Data Service Agent (`roles/aiplatform.ragServiceAgent`) Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) AutoML Service Agent (`roles/automl.serviceAgent`) Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`) Chronicle Service Agent (`roles/chronicle.serviceAgent`) Cloud Asset Service Agent (`roles/cloudasset.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Contact Center AI Insights Service Agent (`roles/contactcenterinsights.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Data Labeling Service Agent (`roles/datalabeling.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Datastream Service Agent (`roles/datastream.serviceAgent`) Dialogflow Service Agent (`roles/dialogflow.serviceAgent`) Discovery Engine Service Agent (`roles/discoveryengine.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Enterprise Knowledge Graph Service Agent (`roles/enterpriseknowledgegraph.serviceAgent`) Firebase Crashlytics Service Agent (`roles/firebasecrashlytics.serviceAgent`) Looker Service Agent (`roles/looker.serviceAgent`) AI Platform Service Agent (`roles/ml.serviceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Spectrum SAS Service Agent (`roles/spectrumsas.serviceAgent`) Cloud Vision AI Service Agent (`roles/visionai.serviceAgent`) Vertex AI Batch Prediction Service Agent (`roles/aiplatform.batchPredictionServiceAgent`)
`bigquery.tables.createIndex`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Editor (`roles/bigquery.dataEditor`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.tables.createSnapshot`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Editor (`roles/bigquery.dataEditor`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Data Viewer (`roles/bigquery.dataViewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Dataplex Storage Data Owner (`roles/dataplex.storageDataOwner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI RAG Data Service Agent (`roles/aiplatform.ragServiceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Looker Service Agent (`roles/looker.serviceAgent`) Vertex AI Batch Prediction Service Agent (`roles/aiplatform.batchPredictionServiceAgent`)
`bigquery.tables.createTagBinding`	Owner (`roles/owner`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) DSPM Service Agent (`roles/dspm.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.tables.delete`	BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Editor (`roles/bigquery.dataEditor`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Dataplex Storage Data Owner (`roles/dataplex.storageDataOwner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Asset Service Agent (`roles/cloudasset.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`bigquery.tables.deleteIndex`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Editor (`roles/bigquery.dataEditor`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.tables.deleteSnapshot`	Owner (`roles/owner`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Dataplex Storage Data Owner (`roles/dataplex.storageDataOwner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI RAG Data Service Agent (`roles/aiplatform.ragServiceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Vertex AI Batch Prediction Service Agent (`roles/aiplatform.batchPredictionServiceAgent`)
`bigquery.tables.deleteTagBinding`	Owner (`roles/owner`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) DSPM Service Agent (`roles/dspm.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.tables.export`	BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Editor (`roles/bigquery.dataEditor`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Data Viewer (`roles/bigquery.dataViewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Dataplex Storage Data Owner (`roles/dataplex.storageDataOwner`) Dataplex Storage Data Reader (`roles/dataplex.storageDataReader`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Custom Code Service Agent (`roles/aiplatform.customCodeServiceAgent`) Vertex AI Model Monitoring Service Agent (`roles/aiplatform.modelMonitoringServiceAgent`) Vertex AI RAG Data Service Agent (`roles/aiplatform.ragServiceAgent`) Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) AutoML Service Agent (`roles/automl.serviceAgent`) Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Discovery Engine Service Agent (`roles/discoveryengine.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Looker Service Agent (`roles/looker.serviceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Cloud Vision AI Service Agent (`roles/visionai.serviceAgent`) Vertex AI Batch Prediction Service Agent (`roles/aiplatform.batchPredictionServiceAgent`)
`bigquery.tables.get`	BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Editor (`roles/bigquery.dataEditor`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Data Viewer (`roles/bigquery.dataViewer`) BigQuery Metadata Viewer (`roles/bigquery.metadataViewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Data Catalog Admin (`roles/datacatalog.admin`) Data Catalog Viewer (`roles/datacatalog.viewer`) Dataplex Storage Data Owner (`roles/dataplex.storageDataOwner`) Dataplex Storage Data Reader (`roles/dataplex.storageDataReader`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Custom Code Service Agent (`roles/aiplatform.customCodeServiceAgent`) Vertex AI Model Monitoring Service Agent (`roles/aiplatform.modelMonitoringServiceAgent`) Vertex AI RAG Data Service Agent (`roles/aiplatform.ragServiceAgent`) Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) AutoML Service Agent (`roles/automl.serviceAgent`) Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`) Chronicle Service Agent (`roles/chronicle.serviceAgent`) Cloud Asset Service Agent (`roles/cloudasset.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Contact Center AI Insights Service Agent (`roles/contactcenterinsights.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Data Labeling Service Agent (`roles/datalabeling.serviceAgent`) Datapipelines Service Agent (`roles/datapipelines.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Datastream Service Agent (`roles/datastream.serviceAgent`) Dialogflow Service Agent (`roles/dialogflow.serviceAgent`) Discovery Engine Service Agent (`roles/discoveryengine.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Enterprise Knowledge Graph Service Agent (`roles/enterpriseknowledgegraph.serviceAgent`) Firebase Crashlytics Service Agent (`roles/firebasecrashlytics.serviceAgent`) Looker Service Agent (`roles/looker.serviceAgent`) AI Platform Service Agent (`roles/ml.serviceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Cloud Vision AI Service Agent (`roles/visionai.serviceAgent`) Vertex AI Batch Prediction Service Agent (`roles/aiplatform.batchPredictionServiceAgent`)
`bigquery.tables.getData`	BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Editor (`roles/bigquery.dataEditor`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Data Viewer (`roles/bigquery.dataViewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Dataplex Storage Data Owner (`roles/dataplex.storageDataOwner`) Dataplex Storage Data Reader (`roles/dataplex.storageDataReader`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Custom Code Service Agent (`roles/aiplatform.customCodeServiceAgent`) Vertex AI Model Monitoring Service Agent (`roles/aiplatform.modelMonitoringServiceAgent`) Vertex AI RAG Data Service Agent (`roles/aiplatform.ragServiceAgent`) Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) AutoML Service Agent (`roles/automl.serviceAgent`) Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Data Labeling Service Agent (`roles/datalabeling.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Datastream Service Agent (`roles/datastream.serviceAgent`) Dialogflow Service Agent (`roles/dialogflow.serviceAgent`) Discovery Engine Service Agent (`roles/discoveryengine.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) DSPM Service Agent (`roles/dspm.serviceAgent`) Enterprise Knowledge Graph Service Agent (`roles/enterpriseknowledgegraph.serviceAgent`) Firebase Crashlytics Service Agent (`roles/firebasecrashlytics.serviceAgent`) FleetEngine Service Agent (`roles/fleetengine.serviceAgent`) Looker Service Agent (`roles/looker.serviceAgent`) AI Platform Service Agent (`roles/ml.serviceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Cloud Vision AI Service Agent (`roles/visionai.serviceAgent`) Vertex AI Batch Prediction Service Agent (`roles/aiplatform.batchPredictionServiceAgent`)
`bigquery.tables.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Editor (`roles/bigquery.dataEditor`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Data Viewer (`roles/bigquery.dataViewer`) BigQuery Metadata Viewer (`roles/bigquery.metadataViewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.tables.list`	BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Editor (`roles/bigquery.dataEditor`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Data Viewer (`roles/bigquery.dataViewer`) BigQuery Metadata Viewer (`roles/bigquery.metadataViewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery User (`roles/bigquery.user`) Dataplex Storage Data Owner (`roles/dataplex.storageDataOwner`) Dataplex Storage Data Reader (`roles/dataplex.storageDataReader`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Datastream Service Agent (`roles/datastream.serviceAgent`) Discovery Engine Service Agent (`roles/discoveryengine.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) DSPM Service Agent (`roles/dspm.serviceAgent`) Enterprise Knowledge Graph Service Agent (`roles/enterpriseknowledgegraph.serviceAgent`) Looker Service Agent (`roles/looker.serviceAgent`) AI Platform Service Agent (`roles/ml.serviceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`)
`bigquery.tables.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) DSPM Service Agent (`roles/dspm.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.tables.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) DSPM Service Agent (`roles/dspm.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.tables.replicateData`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Editor (`roles/bigquery.dataEditor`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Data Viewer (`roles/bigquery.dataViewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.tables.restoreSnapshot`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Editor (`roles/bigquery.dataEditor`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Dataplex Storage Data Owner (`roles/dataplex.storageDataOwner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI RAG Data Service Agent (`roles/aiplatform.ragServiceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Vertex AI Batch Prediction Service Agent (`roles/aiplatform.batchPredictionServiceAgent`)
`bigquery.tables.setCategory`	BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`bigquery.tables.setColumnDataPolicy`	BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.tables.setIamPolicy`	Owner (`roles/owner`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Security Admin (`roles/iam.securityAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.tables.update`	BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Editor (`roles/bigquery.dataEditor`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Dataplex Storage Data Owner (`roles/dataplex.storageDataOwner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Custom Code Service Agent (`roles/aiplatform.customCodeServiceAgent`) Vertex AI Model Monitoring Service Agent (`roles/aiplatform.modelMonitoringServiceAgent`) Vertex AI RAG Data Service Agent (`roles/aiplatform.ragServiceAgent`) Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) AutoML Service Agent (`roles/automl.serviceAgent`) Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`) Chronicle Service Agent (`roles/chronicle.serviceAgent`) Cloud Asset Service Agent (`roles/cloudasset.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Contact Center AI Insights Service Agent (`roles/contactcenterinsights.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Datastream Service Agent (`roles/datastream.serviceAgent`) Discovery Engine Service Agent (`roles/discoveryengine.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Enterprise Knowledge Graph Service Agent (`roles/enterpriseknowledgegraph.serviceAgent`) Firebase Crashlytics Service Agent (`roles/firebasecrashlytics.serviceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Cloud Vision AI Service Agent (`roles/visionai.serviceAgent`) Vertex AI Batch Prediction Service Agent (`roles/aiplatform.batchPredictionServiceAgent`)
`bigquery.tables.updateData`	BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Editor (`roles/bigquery.dataEditor`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Dataplex Storage Data Owner (`roles/dataplex.storageDataOwner`) Dataplex Storage Data Writer (`roles/dataplex.storageDataWriter`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Custom Code Service Agent (`roles/aiplatform.customCodeServiceAgent`) Vertex AI Model Monitoring Service Agent (`roles/aiplatform.modelMonitoringServiceAgent`) Vertex AI RAG Data Service Agent (`roles/aiplatform.ragServiceAgent`) Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) AutoML Service Agent (`roles/automl.serviceAgent`) Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`) BigQuery Omni Service Agent (`roles/bigqueryomni.serviceAgent`) Chronicle Service Agent (`roles/chronicle.serviceAgent`) Cloud Asset Service Agent (`roles/cloudasset.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Contact Center AI Insights Service Agent (`roles/contactcenterinsights.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Datastream Service Agent (`roles/datastream.serviceAgent`) Dialogflow Service Agent (`roles/dialogflow.serviceAgent`) Discovery Engine Service Agent (`roles/discoveryengine.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Enterprise Knowledge Graph Service Agent (`roles/enterpriseknowledgegraph.serviceAgent`) Firebase Crashlytics Service Agent (`roles/firebasecrashlytics.serviceAgent`) AI Platform Service Agent (`roles/ml.serviceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Spectrum SAS Service Agent (`roles/spectrumsas.serviceAgent`) Cloud Vision AI Service Agent (`roles/visionai.serviceAgent`) Vertex AI Batch Prediction Service Agent (`roles/aiplatform.batchPredictionServiceAgent`)
`bigquery.tables.updateIndex`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Editor (`roles/bigquery.dataEditor`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.tables.updateTag`	BigQuery Admin (`roles/bigquery.admin`) BigQuery Data Editor (`roles/bigquery.dataEditor`) BigQuery Data Owner (`roles/bigquery.dataOwner`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Data Catalog Admin (`roles/datacatalog.admin`) Data Catalog Tag Editor (`roles/datacatalog.tagEditor`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.transfers.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery User (`roles/bigquery.user`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Firebase Service Management Service Agent (`roles/firebase.managementServiceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`bigquery.transfers.update`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Admin (`roles/bigquery.admin`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Firebase Service Management Service Agent (`roles/firebase.managementServiceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)

BigQuery roles and permissions Stay organized with collections Save and categorize content based on your preferences.

BigQuery roles

BigQuery Admin

BigQuery Connection Admin

BigQuery Connection User

BigQuery Data Editor

BigQuery Data Owner

BigQuery Data Viewer

BigQuery Filtered Data Viewer

BigQuery Job User

BigQuery Metadata Viewer

BigQuery ObjectRef Admin

BigQuery ObjectRef Reader

BigQuery Read Session User

BigQuery Resource Admin

BigQuery Resource Editor

BigQuery Resource Viewer

BigQuery Studio Admin

BigQuery Studio User

BigQuery User

BigQuery permissions

bigquery.bireservations.get

bigquery.bireservations.update

bigquery.capacityCommitments.create

bigquery.capacityCommitments.delete

bigquery.capacityCommitments.get

bigquery.capacityCommitments.list

bigquery.capacityCommitments.update

bigquery.config.get

bigquery.config.update

bigquery.connections.create

bigquery.connections.delegate

bigquery.connections.delete

bigquery.connections.get

bigquery.connections.getIamPolicy

bigquery.connections.list

bigquery.connections.setIamPolicy

bigquery.connections.update

bigquery.connections.updateTag

bigquery.connections.use

bigquery.dataPolicies.create

bigquery.dataPolicies.delete

bigquery.dataPolicies.get

bigquery.dataPolicies.getIamPolicy

bigquery.dataPolicies.getRawData

bigquery.dataPolicies.list

bigquery.dataPolicies.maskedGet

bigquery.dataPolicies.setIamPolicy

bigquery.dataPolicies.update

bigquery.datasets.create

bigquery.datasets.createTagBinding

bigquery.datasets.delete

bigquery.datasets.deleteTagBinding

bigquery.datasets.get

bigquery.datasets.getIamPolicy

bigquery.datasets.link

bigquery.datasets.listEffectiveTags

bigquery.datasets.listSharedDatasetUsage

bigquery.datasets.listTagBindings

bigquery.datasets.setIamPolicy

bigquery.datasets.update

bigquery.datasets.updateTag

bigquery.jobs.create

bigquery.jobs.delete

bigquery.jobs.get

bigquery.jobs.list

bigquery.jobs.listAll

bigquery.jobs.listExecutionMetadata

bigquery.jobs.update

bigquery.models.create

bigquery.models.delete

bigquery.models.export

bigquery.models.getData

bigquery.models.getMetadata

bigquery.models.list

bigquery.models.updateData

bigquery.models.updateMetadata

bigquery.models.updateTag

bigquery.objectRefs.read

bigquery.objectRefs.write

BigQuery roles and permissions
Stay organized with collections Save and categorize content based on your preferences.

`bigquery.bireservations.get`

`bigquery.bireservations.update`

`bigquery.capacityCommitments.create`

`bigquery.capacityCommitments.delete`

`bigquery.capacityCommitments.get`

`bigquery.capacityCommitments.list`

`bigquery.capacityCommitments.update`

`bigquery.config.get`

`bigquery.config.update`

`bigquery.connections.create`

`bigquery.connections.delegate`

`bigquery.connections.delete`

`bigquery.connections.get`

`bigquery.connections.getIamPolicy`

`bigquery.connections.list`

`bigquery.connections.setIamPolicy`

`bigquery.connections.update`

`bigquery.connections.updateTag`

`bigquery.connections.use`

`bigquery.dataPolicies.create`

`bigquery.dataPolicies.delete`

`bigquery.dataPolicies.get`

`bigquery.dataPolicies.getIamPolicy`

`bigquery.dataPolicies.getRawData`

`bigquery.dataPolicies.list`

`bigquery.dataPolicies.maskedGet`

`bigquery.dataPolicies.setIamPolicy`

`bigquery.dataPolicies.update`

`bigquery.datasets.create`

`bigquery.datasets.createTagBinding`

`bigquery.datasets.delete`

`bigquery.datasets.deleteTagBinding`

`bigquery.datasets.get`

`bigquery.datasets.getIamPolicy`

`bigquery.datasets.link`

`bigquery.datasets.listEffectiveTags`

`bigquery.datasets.listSharedDatasetUsage`

`bigquery.datasets.listTagBindings`

`bigquery.datasets.setIamPolicy`

`bigquery.datasets.update`

`bigquery.datasets.updateTag`

`bigquery.jobs.create`

`bigquery.jobs.delete`

`bigquery.jobs.get`

`bigquery.jobs.list`

`bigquery.jobs.listAll`

`bigquery.jobs.listExecutionMetadata`

`bigquery.jobs.update`

`bigquery.models.create`

`bigquery.models.delete`

`bigquery.models.export`

`bigquery.models.getData`

`bigquery.models.getMetadata`

`bigquery.models.list`

`bigquery.models.updateData`

`bigquery.models.updateMetadata`

`bigquery.models.updateTag`

`bigquery.objectRefs.read`

`bigquery.objectRefs.write`

`bigquery.readsessions.create`

`bigquery.readsessions.getData`

`bigquery.readsessions.update`

`bigquery.reservationAssignments.create`

`bigquery.reservationAssignments.delete`

`bigquery.reservationAssignments.list`

`bigquery.reservationAssignments.search`

`bigquery.reservations.create`

`bigquery.reservations.delete`

`bigquery.reservations.get`

`bigquery.reservations.list`

`bigquery.reservations.listFailoverDatasets`

`bigquery.reservations.update`

`bigquery.reservations.use`

`bigquery.routines.create`

`bigquery.routines.delete`

`bigquery.routines.get`

`bigquery.routines.list`

`bigquery.routines.update`

`bigquery.routines.updateTag`