Dataproc Resource Manager roles and permissions

This page lists the IAM roles and permissions for Dataproc Resource Manager. To search through all roles and permissions, see the role and permission index.

Dataproc Resource Manager roles

Role Permissions

Role	Permissions
Dataproc Resource Manager Admin ^Beta (`roles/dataprocrm.admin`) Grants full access to all Dataproc Resource Manager resources. Intended for users that need to create and delete any Dataproc Resource Manager resources.	`dataprocrm.*` `dataprocrm.locations.get` `dataprocrm.locations.list` `dataprocrm.nodePools.create` `dataprocrm.nodePools.delete` `dataprocrm.nodePools.deleteNodes` `dataprocrm.nodePools.get` `dataprocrm.nodePools.list` `dataprocrm.nodePools.resize` `dataprocrm.nodes.get` `dataprocrm.nodes.heartbeat` `dataprocrm.nodes.list` `dataprocrm.nodes.mintOAuthToken` `dataprocrm.nodes.update` `dataprocrm.operations.cancel` `dataprocrm.operations.delete` `dataprocrm.operations.get` `dataprocrm.operations.list` `dataprocrm.workloads.cancel` `dataprocrm.workloads.create` `dataprocrm.workloads.delete` `dataprocrm.workloads.get` `dataprocrm.workloads.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataproc Resource Manager Node Service Agent (`roles/dataprocrm.nodeServiceAgent`) Dataproc Resource Manager Node Service Agent used to run managed resources in user project with restricted permissions. Warning: Do not grant service agent roles to any principals except service agents.	`dataprocrm.nodes.get` `dataprocrm.nodes.heartbeat` `dataprocrm.nodes.mintOAuthToken` `logging.logEntries.create` `logging.logEntries.route` `monitoring.metricDescriptors.create` `monitoring.metricDescriptors.get` `monitoring.metricDescriptors.list` `monitoring.monitoredResourceDescriptors.*` `monitoring.monitoredResourceDescriptors.get` `monitoring.monitoredResourceDescriptors.list` `monitoring.timeSeries.create` `serviceusage.services.use`
Dataproc Resource Manager Viewer ^Beta (`roles/dataprocrm.viewer`) Grants read access to all Dataproc Resource Manager resources. Intended for users that need read-only access to Dataproc Resource Manager resources.	`dataprocrm.locations.*` `dataprocrm.locations.get` `dataprocrm.locations.list` `dataprocrm.nodePools.get` `dataprocrm.nodePools.list` `dataprocrm.nodes.get` `dataprocrm.nodes.list` `dataprocrm.nodes.mintOAuthToken` `dataprocrm.operations.get` `dataprocrm.operations.list` `dataprocrm.workloads.get` `dataprocrm.workloads.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

Dataproc Resource Manager Admin ^Beta

(roles/dataprocrm.admin)

Grants full access to all Dataproc Resource Manager resources. Intended for users that need to create and delete any Dataproc Resource Manager resources.

dataprocrm.*

dataprocrm.locations.get
dataprocrm.locations.list
dataprocrm.nodePools.create
dataprocrm.nodePools.delete
dataprocrm.nodePools.deleteNodes
dataprocrm.nodePools.get
dataprocrm.nodePools.list
dataprocrm.nodePools.resize
dataprocrm.nodes.get
dataprocrm.nodes.heartbeat
dataprocrm.nodes.list
dataprocrm.nodes.mintOAuthToken
dataprocrm.nodes.update
dataprocrm.operations.cancel
dataprocrm.operations.delete
dataprocrm.operations.get
dataprocrm.operations.list
dataprocrm.workloads.cancel
dataprocrm.workloads.create
dataprocrm.workloads.delete
dataprocrm.workloads.get
dataprocrm.workloads.list

resourcemanager.projects.get

resourcemanager.projects.list

Dataproc Resource Manager Node Service Agent

(roles/dataprocrm.nodeServiceAgent)

Dataproc Resource Manager Node Service Agent used to run managed resources in user project with restricted permissions.

dataprocrm.nodes.get

dataprocrm.nodes.heartbeat

dataprocrm.nodes.mintOAuthToken

logging.logEntries.create

logging.logEntries.route

monitoring.metricDescriptors.create

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

monitoring.monitoredResourceDescriptors.get
monitoring.monitoredResourceDescriptors.list

monitoring.timeSeries.create

serviceusage.services.use

Dataproc Resource Manager Viewer ^Beta

(roles/dataprocrm.viewer)

Grants read access to all Dataproc Resource Manager resources. Intended for users that need read-only access to Dataproc Resource Manager resources.

dataprocrm.locations.*

dataprocrm.locations.get
dataprocrm.locations.list

dataprocrm.nodePools.get

dataprocrm.nodePools.list

dataprocrm.nodes.get

dataprocrm.nodes.list

dataprocrm.nodes.mintOAuthToken

dataprocrm.operations.get

dataprocrm.operations.list

dataprocrm.workloads.get

dataprocrm.workloads.list

resourcemanager.projects.get

resourcemanager.projects.list

Dataproc Resource Manager permissions

Permission	Included in roles
`dataprocrm.locations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Dataproc Resource Manager Viewer (`roles/dataprocrm.viewer`)
`dataprocrm.locations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Dataproc Resource Manager Viewer (`roles/dataprocrm.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`)
`dataprocrm.nodePools.create`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Serverless Node. (`roles/dataproc.serverlessNode`) Dataproc Worker (`roles/dataproc.worker`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`)
`dataprocrm.nodePools.delete`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Serverless Node. (`roles/dataproc.serverlessNode`) Dataproc Worker (`roles/dataproc.worker`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`)
`dataprocrm.nodePools.deleteNodes`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Serverless Node. (`roles/dataproc.serverlessNode`) Dataproc Worker (`roles/dataproc.worker`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`)
`dataprocrm.nodePools.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Serverless Node. (`roles/dataproc.serverlessNode`) Dataproc Worker (`roles/dataproc.worker`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Dataproc Resource Manager Viewer (`roles/dataprocrm.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`)
`dataprocrm.nodePools.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Serverless Node. (`roles/dataproc.serverlessNode`) Dataproc Worker (`roles/dataproc.worker`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Dataproc Resource Manager Viewer (`roles/dataprocrm.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`)
`dataprocrm.nodePools.resize`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Serverless Node. (`roles/dataproc.serverlessNode`) Dataproc Worker (`roles/dataproc.worker`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`)
`dataprocrm.nodes.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Worker (`roles/dataproc.worker`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Dataproc Resource Manager Viewer (`roles/dataprocrm.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`) Dataproc Resource Manager Node Service Agent (`roles/dataprocrm.nodeServiceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`)
`dataprocrm.nodes.heartbeat`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Worker (`roles/dataproc.worker`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`) Dataproc Resource Manager Node Service Agent (`roles/dataprocrm.nodeServiceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`)
`dataprocrm.nodes.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Serverless Node. (`roles/dataproc.serverlessNode`) Dataproc Worker (`roles/dataproc.worker`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Dataproc Resource Manager Viewer (`roles/dataprocrm.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`)
`dataprocrm.nodes.mintOAuthToken`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Dataproc Worker (`roles/dataproc.worker`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Dataproc Resource Manager Viewer (`roles/dataprocrm.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Resource Manager Node Service Agent (`roles/dataprocrm.nodeServiceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`)
`dataprocrm.nodes.update`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`)
`dataprocrm.operations.cancel`	Owner (`roles/owner`) Editor (`roles/editor`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`)
`dataprocrm.operations.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`)
`dataprocrm.operations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Dataproc Resource Manager Viewer (`roles/dataprocrm.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`)
`dataprocrm.operations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Dataproc Resource Manager Viewer (`roles/dataprocrm.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`)
`dataprocrm.workloads.cancel`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`)
`dataprocrm.workloads.create`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`)
`dataprocrm.workloads.delete`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`)
`dataprocrm.workloads.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Dataproc Resource Manager Viewer (`roles/dataprocrm.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`)
`dataprocrm.workloads.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Dataproc Resource Manager Viewer (`roles/dataprocrm.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`)

Dataproc Resource Manager roles and permissions