Filestore roles and permissions
Stay organized with collections Save and categorize content based on your preferences.

This page lists the IAM roles and permissions for Filestore. To search through all roles and permissions, see the role and permission index.

Filestore roles

Role Permissions

Role	Permissions
Cloud Filestore Editor ^Beta (`roles/file.editor`) Read-write access to Filestore instances and related resources.	`file.*` `file.backups.create` `file.backups.createTagBinding` `file.backups.delete` `file.backups.deleteTagBinding` `file.backups.get` `file.backups.list` `file.backups.listEffectiveTags` `file.backups.listTagBindings` `file.backups.update` `file.instances.create` `file.instances.createTagBinding` `file.instances.delete` `file.instances.deleteTagBinding` `file.instances.get` `file.instances.list` `file.instances.listEffectiveTags` `file.instances.listTagBindings` `file.instances.restore` `file.instances.revert` `file.instances.update` `file.locations.get` `file.locations.list` `file.operations.cancel` `file.operations.delete` `file.operations.get` `file.operations.list` `file.snapshots.createTagBinding` `file.snapshots.deleteTagBinding` `file.snapshots.listEffectiveTags` `file.snapshots.listTagBindings`
Cloud Filestore Service Agent (`roles/file.serviceAgent`) Gives Cloud Filestore service account access to managed resources. Warning: Do not grant service agent roles to any principals except service agents.	`compute.globalOperations.get` `compute.networks.addPeering` `compute.networks.get` `compute.networks.removePeering` `compute.networks.update` `compute.networks.updatePeering` `compute.routes.list` `monitoring.metricDescriptors.create` `monitoring.metricDescriptors.get` `monitoring.metricDescriptors.list` `monitoring.monitoredResourceDescriptors.*` `monitoring.monitoredResourceDescriptors.get` `monitoring.monitoredResourceDescriptors.list` `monitoring.timeSeries.create` `resourcemanager.projects.get` `resourcemanager.projects.list`
Cloud Filestore Viewer ^Beta (`roles/file.viewer`) Read-only access to Filestore instances and related resources.	`file.backups.get` `file.backups.list` `file.backups.listEffectiveTags` `file.backups.listTagBindings` `file.instances.get` `file.instances.list` `file.instances.listEffectiveTags` `file.instances.listTagBindings` `file.locations.*` `file.locations.get` `file.locations.list` `file.operations.get` `file.operations.list` `file.snapshots.listEffectiveTags` `file.snapshots.listTagBindings`

Cloud Filestore Editor ^Beta

(roles/file.editor)

Read-write access to Filestore instances and related resources.

file.*

file.backups.create
file.backups.createTagBinding
file.backups.delete
file.backups.deleteTagBinding
file.backups.get
file.backups.list
file.backups.listEffectiveTags
file.backups.listTagBindings
file.backups.update
file.instances.create
file.instances.createTagBinding
file.instances.delete
file.instances.deleteTagBinding
file.instances.get
file.instances.list
file.instances.listEffectiveTags
file.instances.listTagBindings
file.instances.restore
file.instances.revert
file.instances.update
file.locations.get
file.locations.list
file.operations.cancel
file.operations.delete
file.operations.get
file.operations.list
file.snapshots.createTagBinding
file.snapshots.deleteTagBinding
file.snapshots.listEffectiveTags
file.snapshots.listTagBindings

Cloud Filestore Service Agent

(roles/file.serviceAgent)

Gives Cloud Filestore service account access to managed resources.

compute.globalOperations.get

compute.networks.addPeering

compute.networks.get

compute.networks.removePeering

compute.networks.update

compute.networks.updatePeering

compute.routes.list

monitoring.metricDescriptors.create

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

monitoring.monitoredResourceDescriptors.get
monitoring.monitoredResourceDescriptors.list

monitoring.timeSeries.create

resourcemanager.projects.get

resourcemanager.projects.list

Cloud Filestore Viewer ^Beta

(roles/file.viewer)

Read-only access to Filestore instances and related resources.

file.backups.get

file.backups.list

file.backups.listEffectiveTags

file.backups.listTagBindings

file.instances.get

file.instances.list

file.instances.listEffectiveTags

file.instances.listTagBindings

file.locations.*

file.locations.get
file.locations.list

file.operations.get

file.operations.list

file.snapshots.listEffectiveTags

file.snapshots.listTagBindings

Filestore permissions

Permission	Included in roles
`file.backups.create`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Filestore Editor (`roles/file.editor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`file.backups.createTagBinding`	Owner (`roles/owner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Cloud Filestore Editor (`roles/file.editor`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`file.backups.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Filestore Editor (`roles/file.editor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`file.backups.deleteTagBinding`	Owner (`roles/owner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Cloud Filestore Editor (`roles/file.editor`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`file.backups.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Filestore Editor (`roles/file.editor`) Cloud Filestore Viewer (`roles/file.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`file.backups.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Filestore Editor (`roles/file.editor`) Cloud Filestore Viewer (`roles/file.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`file.backups.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Cloud Filestore Editor (`roles/file.editor`) Cloud Filestore Viewer (`roles/file.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`file.backups.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Cloud Filestore Editor (`roles/file.editor`) Cloud Filestore Viewer (`roles/file.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`file.backups.update`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Filestore Editor (`roles/file.editor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`file.instances.create`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Filestore Editor (`roles/file.editor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`file.instances.createTagBinding`	Owner (`roles/owner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Cloud Filestore Editor (`roles/file.editor`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`file.instances.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Filestore Editor (`roles/file.editor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`file.instances.deleteTagBinding`	Owner (`roles/owner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Cloud Filestore Editor (`roles/file.editor`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`file.instances.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Filestore Editor (`roles/file.editor`) Cloud Filestore Viewer (`roles/file.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`file.instances.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Filestore Editor (`roles/file.editor`) Cloud Filestore Viewer (`roles/file.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`file.instances.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Cloud Filestore Editor (`roles/file.editor`) Cloud Filestore Viewer (`roles/file.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`file.instances.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Cloud Filestore Editor (`roles/file.editor`) Cloud Filestore Viewer (`roles/file.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`file.instances.restore`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Filestore Editor (`roles/file.editor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`file.instances.revert`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Filestore Editor (`roles/file.editor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`file.instances.update`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Filestore Editor (`roles/file.editor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`file.locations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Filestore Editor (`roles/file.editor`) Cloud Filestore Viewer (`roles/file.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`file.locations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Filestore Editor (`roles/file.editor`) Cloud Filestore Viewer (`roles/file.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`file.operations.cancel`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Filestore Editor (`roles/file.editor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`file.operations.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Filestore Editor (`roles/file.editor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`file.operations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Filestore Editor (`roles/file.editor`) Cloud Filestore Viewer (`roles/file.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`file.operations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Filestore Editor (`roles/file.editor`) Cloud Filestore Viewer (`roles/file.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`file.snapshots.createTagBinding`	Owner (`roles/owner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Cloud Filestore Editor (`roles/file.editor`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`file.snapshots.deleteTagBinding`	Owner (`roles/owner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Cloud Filestore Editor (`roles/file.editor`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`file.snapshots.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Cloud Filestore Editor (`roles/file.editor`) Cloud Filestore Viewer (`roles/file.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`file.snapshots.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Cloud Filestore Editor (`roles/file.editor`) Cloud Filestore Viewer (`roles/file.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)

Filestore roles and permissions
Stay organized with collections Save and categorize content based on your preferences.

Filestore roles

Cloud Filestore Editor ^Beta

Cloud Filestore Service Agent

Cloud Filestore Viewer ^Beta

Filestore permissions

`file.backups.create`

`file.backups.createTagBinding`

`file.backups.delete`

`file.backups.deleteTagBinding`

`file.backups.get`

`file.backups.list`

`file.backups.listEffectiveTags`

`file.backups.listTagBindings`

`file.backups.update`

`file.instances.create`

`file.instances.createTagBinding`

`file.instances.delete`

`file.instances.deleteTagBinding`

`file.instances.get`

`file.instances.list`

`file.instances.listEffectiveTags`

`file.instances.listTagBindings`

`file.instances.restore`

`file.instances.revert`

`file.instances.update`

`file.locations.get`

`file.locations.list`

`file.operations.cancel`

`file.operations.delete`

`file.operations.get`

`file.operations.list`

`file.snapshots.createTagBinding`

`file.snapshots.deleteTagBinding`

`file.snapshots.listEffectiveTags`

`file.snapshots.listTagBindings`

Filestore roles and permissions Stay organized with collections Save and categorize content based on your preferences.

Filestore roles

Cloud Filestore Editor Beta

Cloud Filestore Service Agent

Cloud Filestore Viewer Beta

Filestore permissions

file.backups.create

file.backups.createTagBinding

file.backups.delete

file.backups.deleteTagBinding

file.backups.get

file.backups.list

file.backups.listEffectiveTags

file.backups.listTagBindings

file.backups.update

file.instances.create

file.instances.createTagBinding

file.instances.delete

file.instances.deleteTagBinding

file.instances.get

file.instances.list

file.instances.listEffectiveTags

file.instances.listTagBindings

file.instances.restore

file.instances.revert

file.instances.update

file.locations.get

file.locations.list

file.operations.cancel

file.operations.delete

file.operations.get

file.operations.list

file.snapshots.createTagBinding

file.snapshots.deleteTagBinding

file.snapshots.listEffectiveTags

file.snapshots.listTagBindings

Filestore roles and permissions
Stay organized with collections Save and categorize content based on your preferences.

Cloud Filestore Editor ^Beta

Cloud Filestore Viewer ^Beta

`file.backups.create`

`file.backups.createTagBinding`

`file.backups.delete`

`file.backups.deleteTagBinding`

`file.backups.get`

`file.backups.list`

`file.backups.listEffectiveTags`

`file.backups.listTagBindings`

`file.backups.update`

`file.instances.create`

`file.instances.createTagBinding`

`file.instances.delete`

`file.instances.deleteTagBinding`

`file.instances.get`

`file.instances.list`

`file.instances.listEffectiveTags`

`file.instances.listTagBindings`

`file.instances.restore`

`file.instances.revert`

`file.instances.update`

`file.locations.get`

`file.locations.list`

`file.operations.cancel`

`file.operations.delete`

`file.operations.get`

`file.operations.list`

`file.snapshots.createTagBinding`

`file.snapshots.deleteTagBinding`

`file.snapshots.listEffectiveTags`

`file.snapshots.listTagBindings`