Cloud Build roles and permissions

This page lists the IAM roles and permissions for Cloud Build. To search through all roles and permissions, see the role and permission index.

Cloud Build roles

Role Permissions

(roles/cloudbuild.builds.approver)

Can approve or reject pending builds.

cloudbuild.builds.approve

cloudbuild.builds.get

cloudbuild.builds.list

cloudbuild.locations.*

  • cloudbuild.locations.get
  • cloudbuild.locations.list

cloudbuild.operations.*

  • cloudbuild.operations.get
  • cloudbuild.operations.list

remotebuildexecution.blobs.get

resourcemanager.projects.get

resourcemanager.projects.list

(roles/cloudbuild.builds.builder)

Provides access to perform builds.

artifactregistry.aptartifacts.create

artifactregistry.attachments.create

artifactregistry.attachments.get

artifactregistry.attachments.list

artifactregistry.dockerimages.*

  • artifactregistry.dockerimages.get
  • artifactregistry.dockerimages.list

artifactregistry.files.download

artifactregistry.files.get

artifactregistry.files.list

artifactregistry.files.update

artifactregistry.files.upload

artifactregistry.kfpartifacts.create

artifactregistry.locations.*

  • artifactregistry.locations.get
  • artifactregistry.locations.list

artifactregistry.mavenartifacts.*

  • artifactregistry.mavenartifacts.get
  • artifactregistry.mavenartifacts.list

artifactregistry.npmpackages.*

  • artifactregistry.npmpackages.get
  • artifactregistry.npmpackages.list

artifactregistry.packages.get

artifactregistry.packages.list

artifactregistry.packages.update

artifactregistry.projectsettings.get

artifactregistry.pythonpackages.*

  • artifactregistry.pythonpackages.get
  • artifactregistry.pythonpackages.list

artifactregistry.repositories.createOnPush

artifactregistry.repositories.deleteArtifacts

artifactregistry.repositories.downloadArtifacts

artifactregistry.repositories.get

artifactregistry.repositories.list

artifactregistry.repositories.listEffectiveTags

artifactregistry.repositories.listTagBindings

artifactregistry.repositories.readViaVirtualRepository

artifactregistry.repositories.uploadArtifacts

artifactregistry.rules.get

artifactregistry.rules.list

artifactregistry.tags.create

artifactregistry.tags.get

artifactregistry.tags.list

artifactregistry.tags.update

artifactregistry.versions.get

artifactregistry.versions.list

artifactregistry.yumartifacts.create

cloudbuild.builds.create

cloudbuild.builds.get

cloudbuild.builds.list

cloudbuild.builds.update

cloudbuild.locations.*

  • cloudbuild.locations.get
  • cloudbuild.locations.list

cloudbuild.operations.*

  • cloudbuild.operations.get
  • cloudbuild.operations.list

cloudbuild.workerpools.use

containeranalysis.occurrences.create

containeranalysis.occurrences.delete

containeranalysis.occurrences.get

containeranalysis.occurrences.list

containeranalysis.occurrences.update

logging.logEntries.create

logging.logEntries.list

logging.views.access

pubsub.topics.create

pubsub.topics.publish

remotebuildexecution.blobs.get

resourcemanager.projects.get

resourcemanager.projects.list

source.repos.get

source.repos.list

storage.buckets.create

storage.buckets.get

storage.buckets.list

storage.objects.create

storage.objects.delete

storage.objects.get

storage.objects.list

storage.objects.update

(roles/cloudbuild.builds.editor)

Provides access to create and cancel builds.

Lowest-level resources where you can grant this role:

  • Project

cloudbuild.builds.create

cloudbuild.builds.get

cloudbuild.builds.list

cloudbuild.builds.update

cloudbuild.locations.*

  • cloudbuild.locations.get
  • cloudbuild.locations.list

cloudbuild.operations.*

  • cloudbuild.operations.get
  • cloudbuild.operations.list

remotebuildexecution.blobs.get

resourcemanager.projects.get

resourcemanager.projects.list

(roles/cloudbuild.builds.viewer)

Provides access to view builds.

Lowest-level resources where you can grant this role:

  • Project

cloudbuild.builds.get

cloudbuild.builds.list

cloudbuild.locations.*

  • cloudbuild.locations.get
  • cloudbuild.locations.list

cloudbuild.operations.*

  • cloudbuild.operations.get
  • cloudbuild.operations.list

remotebuildexecution.blobs.get

resourcemanager.projects.get

resourcemanager.projects.list

(roles/cloudbuild.connectionAdmin)

Can manage connections and repositories.

cloudbuild.connections.*

  • cloudbuild.connections.create
  • cloudbuild.connections.delete
  • cloudbuild.connections.fetchLinkableRepositories
  • cloudbuild.connections.get
  • cloudbuild.connections.getIamPolicy
  • cloudbuild.connections.list
  • cloudbuild.connections.setIamPolicy
  • cloudbuild.connections.update

cloudbuild.operations.*

  • cloudbuild.operations.get
  • cloudbuild.operations.list

cloudbuild.repositories.create

cloudbuild.repositories.delete

cloudbuild.repositories.fetchGitRefs

cloudbuild.repositories.get

cloudbuild.repositories.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/cloudbuild.connectionViewer)

Can view and list connections and repositories.

cloudbuild.connections.fetchLinkableRepositories

cloudbuild.connections.get

cloudbuild.connections.getIamPolicy

cloudbuild.connections.list

cloudbuild.repositories.fetchGitRefs

cloudbuild.repositories.get

cloudbuild.repositories.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/cloudbuild.integrationsEditor)

Can update Integrations

cloudbuild.integrations.get

cloudbuild.integrations.list

cloudbuild.integrations.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/cloudbuild.integrationsOwner)

Can create/delete Integrations

cloudbuild.integrations.*

  • cloudbuild.integrations.create
  • cloudbuild.integrations.delete
  • cloudbuild.integrations.get
  • cloudbuild.integrations.list
  • cloudbuild.integrations.update

compute.firewalls.create

compute.firewalls.get

compute.firewalls.list

compute.networks.get

compute.networks.updatePolicy

compute.regions.get

compute.subnetworks.get

compute.subnetworks.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/cloudbuild.integrationsViewer)

Can view Integrations

cloudbuild.integrations.get

cloudbuild.integrations.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/cloudbuild.loggingServiceAgent)

Gives the Cloud Build logging-specific service account access to write logs.

logging.buckets.write

(roles/cloudbuild.readTokenAccessor)

Can view the connection and access its read-only token.

cloudbuild.connections.get

cloudbuild.repositories.accessReadToken

cloudbuild.repositories.get

(roles/cloudbuild.serviceAgent)

Gives Cloud Build service account access to managed resources.

artifactregistry.aptartifacts.create

artifactregistry.attachments.create

artifactregistry.attachments.get

artifactregistry.attachments.list

artifactregistry.dockerimages.*

  • artifactregistry.dockerimages.get
  • artifactregistry.dockerimages.list

artifactregistry.files.download

artifactregistry.files.get

artifactregistry.files.list

artifactregistry.files.update

artifactregistry.files.upload

artifactregistry.kfpartifacts.create

artifactregistry.locations.*

  • artifactregistry.locations.get
  • artifactregistry.locations.list

artifactregistry.mavenartifacts.*

  • artifactregistry.mavenartifacts.get
  • artifactregistry.mavenartifacts.list

artifactregistry.npmpackages.*

  • artifactregistry.npmpackages.get
  • artifactregistry.npmpackages.list

artifactregistry.packages.get

artifactregistry.packages.list

artifactregistry.packages.update

artifactregistry.projectsettings.get

artifactregistry.pythonpackages.*

  • artifactregistry.pythonpackages.get
  • artifactregistry.pythonpackages.list

artifactregistry.repositories.createOnPush

artifactregistry.repositories.deleteArtifacts

artifactregistry.repositories.downloadArtifacts

artifactregistry.repositories.get

artifactregistry.repositories.list

artifactregistry.repositories.listEffectiveTags

artifactregistry.repositories.listTagBindings

artifactregistry.repositories.readViaVirtualRepository

artifactregistry.repositories.uploadArtifacts

artifactregistry.rules.get

artifactregistry.rules.list

artifactregistry.tags.create

artifactregistry.tags.get

artifactregistry.tags.list

artifactregistry.tags.update

artifactregistry.versions.get

artifactregistry.versions.list

artifactregistry.yumartifacts.create

binaryauthorization.attestors.create

binaryauthorization.attestors.delete

binaryauthorization.attestors.get

binaryauthorization.attestors.list

binaryauthorization.attestors.update

binaryauthorization.attestors.verifyImageAttested

cloudbuild.builds.create

cloudbuild.builds.get

cloudbuild.builds.list

cloudbuild.builds.update

cloudbuild.connections.get

cloudbuild.locations.*

  • cloudbuild.locations.get
  • cloudbuild.locations.list

cloudbuild.operations.*

  • cloudbuild.operations.get
  • cloudbuild.operations.list

cloudbuild.repositories.accessReadToken

cloudbuild.repositories.accessReadWriteToken

cloudbuild.repositories.get

cloudbuild.repositories.list

cloudbuild.workerpools.use

compute.firewalls.get

compute.firewalls.list

compute.networkAttachments.get

compute.networkAttachments.update

compute.networks.get

compute.regionOperations.get

compute.subnetworks.get

containeranalysis.notes.attachOccurrence

containeranalysis.notes.create

containeranalysis.notes.delete

containeranalysis.notes.get

containeranalysis.notes.list

containeranalysis.notes.update

containeranalysis.occurrences.create

containeranalysis.occurrences.delete

containeranalysis.occurrences.get

containeranalysis.occurrences.list

containeranalysis.occurrences.update

developerconnect.connections.get

developerconnect.gitRepositoryLinks.fetchReadToken

developerconnect.gitRepositoryLinks.fetchReadWriteToken

developerconnect.gitRepositoryLinks.get

iam.serviceAccounts.get

iam.serviceAccounts.getAccessToken

iam.serviceAccounts.getOpenIdToken

logging.buckets.create

logging.buckets.get

logging.buckets.list

logging.logEntries.create

logging.logEntries.list

logging.views.access

pubsub.subscriptions.create

pubsub.subscriptions.delete

pubsub.subscriptions.get

pubsub.subscriptions.update

pubsub.topics.attachSubscription

pubsub.topics.create

pubsub.topics.get

pubsub.topics.publish

remotebuildexecution.blobs.get

resourcemanager.projects.get

resourcemanager.projects.list

servicedirectory.endpoints.get

servicedirectory.endpoints.getIamPolicy

servicedirectory.endpoints.list

servicedirectory.locations.*

  • servicedirectory.locations.get
  • servicedirectory.locations.list

servicedirectory.namespaces.get

servicedirectory.namespaces.getIamPolicy

servicedirectory.namespaces.list

servicedirectory.networks.access

servicedirectory.services.get

servicedirectory.services.getIamPolicy

servicedirectory.services.list

servicedirectory.services.resolve

serviceusage.services.use

source.repos.get

source.repos.list

storage.buckets.create

storage.buckets.get

storage.buckets.list

storage.objects.create

storage.objects.delete

storage.objects.get

storage.objects.list

storage.objects.update

(roles/cloudbuild.tokenAccessor)

Can view the connection and access its read/write and read-only tokens.

cloudbuild.connections.get

cloudbuild.repositories.accessReadToken

cloudbuild.repositories.accessReadWriteToken

cloudbuild.repositories.get

cloudbuild.repositories.list

(roles/cloudbuild.workerPoolEditor)

Can update and view WorkerPools

cloudbuild.workerpools.get

cloudbuild.workerpools.list

cloudbuild.workerpools.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/cloudbuild.workerPoolOwner)

Can create, delete, update, and view WorkerPools

cloudbuild.workerpools.create

cloudbuild.workerpools.delete

cloudbuild.workerpools.get

cloudbuild.workerpools.list

cloudbuild.workerpools.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/cloudbuild.workerPoolUser)

Can run builds in the WorkerPool

cloudbuild.workerpools.use

(roles/cloudbuild.workerPoolViewer)

Can view WorkerPools

cloudbuild.workerpools.get

cloudbuild.workerpools.list

resourcemanager.projects.get

resourcemanager.projects.list

Cloud Build permissions

Permission Included in roles

Owner (roles/owner)

Editor (roles/editor)

Cloud Build Approver (roles/cloudbuild.builds.approver)

Owner (roles/owner)

Editor (roles/editor)

Cloud Build Service Account (roles/cloudbuild.builds.builder)

Cloud Build Editor (roles/cloudbuild.builds.editor)

Composer Worker (roles/composer.worker)

Dataflow Admin (roles/dataflow.admin)

Dataflow Developer (roles/dataflow.developer)

Cloud Run Source Developer (roles/run.sourceDeveloper)

Cloud Run Service Agent (roles/serverless.serviceAgent)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud Build Approver (roles/cloudbuild.builds.approver)

Cloud Build Service Account (roles/cloudbuild.builds.builder)

Cloud Build Editor (roles/cloudbuild.builds.editor)

Cloud Build Viewer (roles/cloudbuild.builds.viewer)

Cloud Functions Admin (roles/cloudfunctions.admin)

Cloud Functions Developer (roles/cloudfunctions.developer)

Cloud Functions Viewer (roles/cloudfunctions.viewer)

Composer Worker (roles/composer.worker)

Dataflow Admin (roles/dataflow.admin)

Dataflow Developer (roles/dataflow.developer)

Firebase Admin (roles/firebase.admin)

Firebase Develop Admin (roles/firebase.developAdmin)

Firebase Develop Viewer (roles/firebase.developViewer)

Firebase Viewer (roles/firebase.viewer)

Cloud Run Source Developer (roles/run.sourceDeveloper)

Cloud Run Source Viewer (roles/run.sourceViewer)

Cloud Run Service Agent (roles/serverless.serviceAgent)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud Build Approver (roles/cloudbuild.builds.approver)

Cloud Build Service Account (roles/cloudbuild.builds.builder)

Cloud Build Editor (roles/cloudbuild.builds.editor)

Cloud Build Viewer (roles/cloudbuild.builds.viewer)

Cloud Functions Admin (roles/cloudfunctions.admin)

Cloud Functions Developer (roles/cloudfunctions.developer)

Cloud Functions Viewer (roles/cloudfunctions.viewer)

Composer Worker (roles/composer.worker)

Dataflow Admin (roles/dataflow.admin)

Dataflow Developer (roles/dataflow.developer)

Firebase Admin (roles/firebase.admin)

Firebase Develop Admin (roles/firebase.developAdmin)

Firebase Develop Viewer (roles/firebase.developViewer)

Firebase Viewer (roles/firebase.viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Cloud Run Source Developer (roles/run.sourceDeveloper)

Cloud Run Source Viewer (roles/run.sourceViewer)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Cloud Build Service Account (roles/cloudbuild.builds.builder)

Cloud Build Editor (roles/cloudbuild.builds.editor)

Composer Worker (roles/composer.worker)

Dataflow Admin (roles/dataflow.admin)

Dataflow Developer (roles/dataflow.developer)

Cloud Run Source Developer (roles/run.sourceDeveloper)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Cloud Build Connection Admin (roles/cloudbuild.connectionAdmin)

Owner (roles/owner)

Editor (roles/editor)

Cloud Build Connection Admin (roles/cloudbuild.connectionAdmin)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud Build Connection Admin (roles/cloudbuild.connectionAdmin)

Cloud Build Connection Viewer (roles/cloudbuild.connectionViewer)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud Build Connection Admin (roles/cloudbuild.connectionAdmin)

Cloud Build Connection Viewer (roles/cloudbuild.connectionViewer)

Cloud Build Read Only Token Accessor (roles/cloudbuild.readTokenAccessor)

Cloud Build Token Accessor (roles/cloudbuild.tokenAccessor)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud Build Connection Admin (roles/cloudbuild.connectionAdmin)

Cloud Build Connection Viewer (roles/cloudbuild.connectionViewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud Build Connection Admin (roles/cloudbuild.connectionAdmin)

Cloud Build Connection Viewer (roles/cloudbuild.connectionViewer)

Cloud Infrastructure Manager Agent (roles/config.agent)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Owner (roles/owner)

Cloud Build Connection Admin (roles/cloudbuild.connectionAdmin)

Security Admin (roles/iam.securityAdmin)

Owner (roles/owner)

Editor (roles/editor)

Cloud Build Connection Admin (roles/cloudbuild.connectionAdmin)

Owner (roles/owner)

Editor (roles/editor)

Cloud Build Integrations Owner (roles/cloudbuild.integrationsOwner)

Owner (roles/owner)

Editor (roles/editor)

Cloud Build Integrations Owner (roles/cloudbuild.integrationsOwner)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud Build Integrations Editor (roles/cloudbuild.integrationsEditor)

Cloud Build Integrations Owner (roles/cloudbuild.integrationsOwner)

Cloud Build Integrations Viewer (roles/cloudbuild.integrationsViewer)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud Build Integrations Editor (roles/cloudbuild.integrationsEditor)

Cloud Build Integrations Owner (roles/cloudbuild.integrationsOwner)

Cloud Build Integrations Viewer (roles/cloudbuild.integrationsViewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Owner (roles/owner)

Editor (roles/editor)

Cloud Build Integrations Editor (roles/cloudbuild.integrationsEditor)

Cloud Build Integrations Owner (roles/cloudbuild.integrationsOwner)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud Build Approver (roles/cloudbuild.builds.approver)

Cloud Build Service Account (roles/cloudbuild.builds.builder)

Cloud Build Editor (roles/cloudbuild.builds.editor)

Cloud Build Viewer (roles/cloudbuild.builds.viewer)

Cloud Functions Admin (roles/cloudfunctions.admin)

Cloud Functions Developer (roles/cloudfunctions.developer)

Cloud Functions Viewer (roles/cloudfunctions.viewer)

Composer Worker (roles/composer.worker)

Dataflow Admin (roles/dataflow.admin)

Dataflow Developer (roles/dataflow.developer)

Firebase Admin (roles/firebase.admin)

Firebase Develop Admin (roles/firebase.developAdmin)

Firebase Develop Viewer (roles/firebase.developViewer)

Firebase Viewer (roles/firebase.viewer)

Cloud Run Source Developer (roles/run.sourceDeveloper)

Cloud Run Source Viewer (roles/run.sourceViewer)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud Build Approver (roles/cloudbuild.builds.approver)

Cloud Build Service Account (roles/cloudbuild.builds.builder)

Cloud Build Editor (roles/cloudbuild.builds.editor)

Cloud Build Viewer (roles/cloudbuild.builds.viewer)

Cloud Functions Admin (roles/cloudfunctions.admin)

Cloud Functions Developer (roles/cloudfunctions.developer)

Cloud Functions Viewer (roles/cloudfunctions.viewer)

Composer Worker (roles/composer.worker)

Dataflow Admin (roles/dataflow.admin)

Dataflow Developer (roles/dataflow.developer)

Firebase Admin (roles/firebase.admin)

Firebase Develop Admin (roles/firebase.developAdmin)

Firebase Develop Viewer (roles/firebase.developViewer)

Firebase Viewer (roles/firebase.viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Cloud Run Source Developer (roles/run.sourceDeveloper)

Cloud Run Source Viewer (roles/run.sourceViewer)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud Build Approver (roles/cloudbuild.builds.approver)

Cloud Build Service Account (roles/cloudbuild.builds.builder)

Cloud Build Editor (roles/cloudbuild.builds.editor)

Cloud Build Viewer (roles/cloudbuild.builds.viewer)

Cloud Build Connection Admin (roles/cloudbuild.connectionAdmin)

Cloud Functions Admin (roles/cloudfunctions.admin)

Cloud Functions Developer (roles/cloudfunctions.developer)

Cloud Functions Viewer (roles/cloudfunctions.viewer)

Composer Worker (roles/composer.worker)

Dataflow Admin (roles/dataflow.admin)

Dataflow Developer (roles/dataflow.developer)

Firebase Admin (roles/firebase.admin)

Firebase Develop Admin (roles/firebase.developAdmin)

Firebase Develop Viewer (roles/firebase.developViewer)

Firebase Viewer (roles/firebase.viewer)

Cloud Run Source Developer (roles/run.sourceDeveloper)

Cloud Run Source Viewer (roles/run.sourceViewer)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud Build Approver (roles/cloudbuild.builds.approver)

Cloud Build Service Account (roles/cloudbuild.builds.builder)

Cloud Build Editor (roles/cloudbuild.builds.editor)

Cloud Build Viewer (roles/cloudbuild.builds.viewer)

Cloud Build Connection Admin (roles/cloudbuild.connectionAdmin)

Cloud Functions Admin (roles/cloudfunctions.admin)

Cloud Functions Developer (roles/cloudfunctions.developer)

Cloud Functions Viewer (roles/cloudfunctions.viewer)

Composer Worker (roles/composer.worker)

Dataflow Admin (roles/dataflow.admin)

Dataflow Developer (roles/dataflow.developer)

Firebase Admin (roles/firebase.admin)

Firebase Develop Admin (roles/firebase.developAdmin)

Firebase Develop Viewer (roles/firebase.developViewer)

Firebase Viewer (roles/firebase.viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Cloud Run Source Developer (roles/run.sourceDeveloper)

Cloud Run Source Viewer (roles/run.sourceViewer)

Service agent roles

Owner (roles/owner)

Cloud Build Read Only Token Accessor (roles/cloudbuild.readTokenAccessor)

Cloud Build Token Accessor (roles/cloudbuild.tokenAccessor)

Cloud Infrastructure Manager Agent (roles/config.agent)

Service agent roles

Owner (roles/owner)

Cloud Build Token Accessor (roles/cloudbuild.tokenAccessor)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Cloud Build Connection Admin (roles/cloudbuild.connectionAdmin)

Owner (roles/owner)

Editor (roles/editor)

Cloud Build Connection Admin (roles/cloudbuild.connectionAdmin)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud Build Connection Admin (roles/cloudbuild.connectionAdmin)

Cloud Build Connection Viewer (roles/cloudbuild.connectionViewer)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud Build Connection Admin (roles/cloudbuild.connectionAdmin)

Cloud Build Connection Viewer (roles/cloudbuild.connectionViewer)

Cloud Build Read Only Token Accessor (roles/cloudbuild.readTokenAccessor)

Cloud Build Token Accessor (roles/cloudbuild.tokenAccessor)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud Build Connection Admin (roles/cloudbuild.connectionAdmin)

Cloud Build Connection Viewer (roles/cloudbuild.connectionViewer)

Cloud Build Token Accessor (roles/cloudbuild.tokenAccessor)

Cloud Infrastructure Manager Agent (roles/config.agent)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Cloud Build WorkerPool Owner (roles/cloudbuild.workerPoolOwner)

Owner (roles/owner)

Editor (roles/editor)

Cloud Build WorkerPool Owner (roles/cloudbuild.workerPoolOwner)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud Build WorkerPool Editor (roles/cloudbuild.workerPoolEditor)

Cloud Build WorkerPool Owner (roles/cloudbuild.workerPoolOwner)

Cloud Build WorkerPool Viewer (roles/cloudbuild.workerPoolViewer)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud Build WorkerPool Editor (roles/cloudbuild.workerPoolEditor)

Cloud Build WorkerPool Owner (roles/cloudbuild.workerPoolOwner)

Cloud Build WorkerPool Viewer (roles/cloudbuild.workerPoolViewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Owner (roles/owner)

Editor (roles/editor)

Cloud Build WorkerPool Editor (roles/cloudbuild.workerPoolEditor)

Cloud Build WorkerPool Owner (roles/cloudbuild.workerPoolOwner)

Owner (roles/owner)

Editor (roles/editor)

Cloud Build Service Account (roles/cloudbuild.builds.builder)

Cloud Build WorkerPool User (roles/cloudbuild.workerPoolUser)

Composer Worker (roles/composer.worker)

Service agent roles