Cloud Monitoring roles and permissions
Stay organized with collections Save and categorize content based on your preferences.

This page lists the IAM roles and permissions for Cloud Monitoring. To search through all roles and permissions, see the role and permission index.

Cloud Monitoring roles

Role Permissions

Role	Permissions
Monitoring Admin (`roles/monitoring.admin`) Provides full access to Cloud Monitoring. Lowest-level resources where you can grant this role: Project	`cloudnotifications.activities.list` `monitoring.` `monitoring.alertPolicies.create` `monitoring.alertPolicies.createTagBinding` `monitoring.alertPolicies.delete` `monitoring.alertPolicies.deleteTagBinding` `monitoring.alertPolicies.get` `monitoring.alertPolicies.list` `monitoring.alertPolicies.listEffectiveTags` `monitoring.alertPolicies.listTagBindings` `monitoring.alertPolicies.update` `monitoring.dashboards.create` `monitoring.dashboards.delete` `monitoring.dashboards.get` `monitoring.dashboards.list` `monitoring.dashboards.update` `monitoring.groups.create` `monitoring.groups.delete` `monitoring.groups.get` `monitoring.groups.list` `monitoring.groups.update` `monitoring.metricDescriptors.create` `monitoring.metricDescriptors.delete` `monitoring.metricDescriptors.get` `monitoring.metricDescriptors.list` `monitoring.metricsScopes.link` `monitoring.monitoredResourceDescriptors.get` `monitoring.monitoredResourceDescriptors.list` `monitoring.notificationChannelDescriptors.get` `monitoring.notificationChannelDescriptors.list` `monitoring.notificationChannels.create` `monitoring.notificationChannels.delete` `monitoring.notificationChannels.get` `monitoring.notificationChannels.getVerificationCode` `monitoring.notificationChannels.list` `monitoring.notificationChannels.sendVerificationCode` `monitoring.notificationChannels.update` `monitoring.notificationChannels.verify` `monitoring.services.create` `monitoring.services.delete` `monitoring.services.get` `monitoring.services.list` `monitoring.services.update` `monitoring.slos.create` `monitoring.slos.delete` `monitoring.slos.get` `monitoring.slos.list` `monitoring.slos.update` `monitoring.snoozes.create` `monitoring.snoozes.get` `monitoring.snoozes.list` `monitoring.snoozes.update` `monitoring.timeSeries.create` `monitoring.timeSeries.list` `monitoring.uptimeCheckConfigs.create` `monitoring.uptimeCheckConfigs.delete` `monitoring.uptimeCheckConfigs.get` `monitoring.uptimeCheckConfigs.list` `monitoring.uptimeCheckConfigs.update` `opsconfigmonitoring.` `opsconfigmonitoring.resourceMetadata.list` `opsconfigmonitoring.resourceMetadata.write` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.services.enable` `serviceusage.services.get` `stackdriver.*` `stackdriver.projects.edit` `stackdriver.projects.get` `stackdriver.resourceMetadata.list` `stackdriver.resourceMetadata.write`
Monitoring AlertPolicy Editor (`roles/monitoring.alertPolicyEditor`) Read/write access to alerting policies.	`monitoring.alertPolicies.*` `monitoring.alertPolicies.create` `monitoring.alertPolicies.createTagBinding` `monitoring.alertPolicies.delete` `monitoring.alertPolicies.deleteTagBinding` `monitoring.alertPolicies.get` `monitoring.alertPolicies.list` `monitoring.alertPolicies.listEffectiveTags` `monitoring.alertPolicies.listTagBindings` `monitoring.alertPolicies.update`
Monitoring AlertPolicy Viewer (`roles/monitoring.alertPolicyViewer`) Read-only access to alerting policies.	`monitoring.alertPolicies.get` `monitoring.alertPolicies.list` `monitoring.alertPolicies.listEffectiveTags` `monitoring.alertPolicies.listTagBindings`
Monitoring Cloud Console Incident Editor ^Beta (`roles/monitoring.cloudConsoleIncidentEditor`) Read/write access to incidents from Cloud Console.
Monitoring Cloud Console Incident Viewer ^Beta (`roles/monitoring.cloudConsoleIncidentViewer`) Read access to incidents from Cloud Console.
Monitoring Dashboard Configuration Editor (`roles/monitoring.dashboardEditor`) Read/write access to dashboard configurations.	`monitoring.dashboards.*` `monitoring.dashboards.create` `monitoring.dashboards.delete` `monitoring.dashboards.get` `monitoring.dashboards.list` `monitoring.dashboards.update`
Monitoring Dashboard Configuration Viewer (`roles/monitoring.dashboardViewer`) Read-only access to dashboard configurations.	`monitoring.dashboards.get` `monitoring.dashboards.list`
Monitoring Editor (`roles/monitoring.editor`) Provides full access to information about all monitoring data and configurations. Lowest-level resources where you can grant this role: Project	`cloudnotifications.activities.list` `monitoring.alertPolicies.` `monitoring.alertPolicies.create` `monitoring.alertPolicies.createTagBinding` `monitoring.alertPolicies.delete` `monitoring.alertPolicies.deleteTagBinding` `monitoring.alertPolicies.get` `monitoring.alertPolicies.list` `monitoring.alertPolicies.listEffectiveTags` `monitoring.alertPolicies.listTagBindings` `monitoring.alertPolicies.update` `monitoring.dashboards.` `monitoring.dashboards.create` `monitoring.dashboards.delete` `monitoring.dashboards.get` `monitoring.dashboards.list` `monitoring.dashboards.update` `monitoring.groups.` `monitoring.groups.create` `monitoring.groups.delete` `monitoring.groups.get` `monitoring.groups.list` `monitoring.groups.update` `monitoring.metricDescriptors.` `monitoring.metricDescriptors.create` `monitoring.metricDescriptors.delete` `monitoring.metricDescriptors.get` `monitoring.metricDescriptors.list` `monitoring.monitoredResourceDescriptors.` `monitoring.monitoredResourceDescriptors.get` `monitoring.monitoredResourceDescriptors.list` `monitoring.notificationChannelDescriptors.` `monitoring.notificationChannelDescriptors.get` `monitoring.notificationChannelDescriptors.list` `monitoring.notificationChannels.create` `monitoring.notificationChannels.delete` `monitoring.notificationChannels.get` `monitoring.notificationChannels.list` `monitoring.notificationChannels.sendVerificationCode` `monitoring.notificationChannels.update` `monitoring.notificationChannels.verify` `monitoring.services.` `monitoring.services.create` `monitoring.services.delete` `monitoring.services.get` `monitoring.services.list` `monitoring.services.update` `monitoring.slos.` `monitoring.slos.create` `monitoring.slos.delete` `monitoring.slos.get` `monitoring.slos.list` `monitoring.slos.update` `monitoring.snoozes.` `monitoring.snoozes.create` `monitoring.snoozes.get` `monitoring.snoozes.list` `monitoring.snoozes.update` `monitoring.timeSeries.` `monitoring.timeSeries.create` `monitoring.timeSeries.list` `monitoring.uptimeCheckConfigs.` `monitoring.uptimeCheckConfigs.create` `monitoring.uptimeCheckConfigs.delete` `monitoring.uptimeCheckConfigs.get` `monitoring.uptimeCheckConfigs.list` `monitoring.uptimeCheckConfigs.update` `opsconfigmonitoring.` `opsconfigmonitoring.resourceMetadata.list` `opsconfigmonitoring.resourceMetadata.write` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.services.enable` `serviceusage.services.get` `stackdriver.*` `stackdriver.projects.edit` `stackdriver.projects.get` `stackdriver.resourceMetadata.list` `stackdriver.resourceMetadata.write`
Monitoring Metric Writer (`roles/monitoring.metricWriter`) Provides write-only access to metrics. This provides exactly the permissions needed by the Cloud Monitoring agent and other systems that send metrics. Lowest-level resources where you can grant this role: Project	`monitoring.metricDescriptors.create` `monitoring.metricDescriptors.get` `monitoring.metricDescriptors.list` `monitoring.monitoredResourceDescriptors.*` `monitoring.monitoredResourceDescriptors.get` `monitoring.monitoredResourceDescriptors.list` `monitoring.timeSeries.create`
Monitoring Metrics Scopes Admin ^Beta (`roles/monitoring.metricsScopesAdmin`) Access to add and remove monitored projects from metrics scopes.	`monitoring.metricsScopes.link` `resourcemanager.projects.get` `resourcemanager.projects.list`
Monitoring Metrics Scopes Viewer ^Beta (`roles/monitoring.metricsScopesViewer`) Read-only access to metrics scopes and their monitored projects.	`resourcemanager.projects.get` `resourcemanager.projects.list`
Monitoring NotificationChannel Editor ^Beta (`roles/monitoring.notificationChannelEditor`) Read/write access to notification channels.	`monitoring.notificationChannelDescriptors.*` `monitoring.notificationChannelDescriptors.get` `monitoring.notificationChannelDescriptors.list` `monitoring.notificationChannels.create` `monitoring.notificationChannels.delete` `monitoring.notificationChannels.get` `monitoring.notificationChannels.list` `monitoring.notificationChannels.sendVerificationCode` `monitoring.notificationChannels.update` `monitoring.notificationChannels.verify`
Monitoring NotificationChannel Viewer ^Beta (`roles/monitoring.notificationChannelViewer`) Read-only access to notification channels.	`monitoring.notificationChannelDescriptors.*` `monitoring.notificationChannelDescriptors.get` `monitoring.notificationChannelDescriptors.list` `monitoring.notificationChannels.get` `monitoring.notificationChannels.list`
Monitoring Service Agent (`roles/monitoring.notificationServiceAgent`) Grants permissions to deliver notifications directly to resources within the target project, such as delivering to Pub/Sub topics within the project. Warning: Do not grant service agent roles to any principals except service agents.	`bigquery.jobs.create` `cloudfunctions.functions.get` `cloudtrace.traces.patch` `logging.links.list` `monitoring.metricDescriptors.get` `monitoring.metricDescriptors.list` `monitoring.monitoredResourceDescriptors.*` `monitoring.monitoredResourceDescriptors.get` `monitoring.monitoredResourceDescriptors.list` `monitoring.timeSeries.list` `run.routes.invoke` `servicedirectory.networks.access` `servicedirectory.services.resolve` `serviceusage.services.use`
Monitoring Services Editor (`roles/monitoring.servicesEditor`) Read/write access to services.	`monitoring.services.` `monitoring.services.create` `monitoring.services.delete` `monitoring.services.get` `monitoring.services.list` `monitoring.services.update` `monitoring.slos.` `monitoring.slos.create` `monitoring.slos.delete` `monitoring.slos.get` `monitoring.slos.list` `monitoring.slos.update`
Monitoring Services Viewer (`roles/monitoring.servicesViewer`) Read-only access to services.	`monitoring.services.get` `monitoring.services.list` `monitoring.slos.get` `monitoring.slos.list`
Monitoring Snooze Editor (`roles/monitoring.snoozeEditor`)	`monitoring.snoozes.*` `monitoring.snoozes.create` `monitoring.snoozes.get` `monitoring.snoozes.list` `monitoring.snoozes.update`
Monitoring Snooze Viewer (`roles/monitoring.snoozeViewer`)	`monitoring.snoozes.get` `monitoring.snoozes.list`
Monitoring Uptime Check Configuration Editor ^Beta (`roles/monitoring.uptimeCheckConfigEditor`) Read/write access to uptime check configurations.	`monitoring.uptimeCheckConfigs.*` `monitoring.uptimeCheckConfigs.create` `monitoring.uptimeCheckConfigs.delete` `monitoring.uptimeCheckConfigs.get` `monitoring.uptimeCheckConfigs.list` `monitoring.uptimeCheckConfigs.update`
Monitoring Uptime Check Configuration Viewer ^Beta (`roles/monitoring.uptimeCheckConfigViewer`) Read-only access to uptime check configurations.	`monitoring.uptimeCheckConfigs.get` `monitoring.uptimeCheckConfigs.list`
Monitoring Viewer (`roles/monitoring.viewer`) Provides read-only access to get and list information about all monitoring data and configurations. Lowest-level resources where you can grant this role: Project	`cloudnotifications.activities.list` `monitoring.alertPolicies.get` `monitoring.alertPolicies.list` `monitoring.alertPolicies.listEffectiveTags` `monitoring.alertPolicies.listTagBindings` `monitoring.dashboards.get` `monitoring.dashboards.list` `monitoring.groups.get` `monitoring.groups.list` `monitoring.metricDescriptors.get` `monitoring.metricDescriptors.list` `monitoring.monitoredResourceDescriptors.` `monitoring.monitoredResourceDescriptors.get` `monitoring.monitoredResourceDescriptors.list` `monitoring.notificationChannelDescriptors.` `monitoring.notificationChannelDescriptors.get` `monitoring.notificationChannelDescriptors.list` `monitoring.notificationChannels.get` `monitoring.notificationChannels.list` `monitoring.services.get` `monitoring.services.list` `monitoring.slos.get` `monitoring.slos.list` `monitoring.snoozes.get` `monitoring.snoozes.list` `monitoring.timeSeries.list` `monitoring.uptimeCheckConfigs.get` `monitoring.uptimeCheckConfigs.list` `opsconfigmonitoring.resourceMetadata.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `stackdriver.projects.get` `stackdriver.resourceMetadata.list`
Ops Config Monitoring Resource Metadata Viewer ^Beta (`roles/opsconfigmonitoring.resourceMetadata.viewer`) Read-only access to resource metadata.	`opsconfigmonitoring.resourceMetadata.list`
Ops Config Monitoring Resource Metadata Writer ^Beta (`roles/opsconfigmonitoring.resourceMetadata.writer`) Write-only access to resource metadata. This provides exactly the permissions needed by the Ops Config Monitoring metadata agent and other systems that send metadata.	`opsconfigmonitoring.resourceMetadata.write`
Stackdriver Accounts Editor (`roles/stackdriver.accounts.editor`) Read/write access to manage Stackdriver account structure.	`resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.services.enable` `serviceusage.services.get` `stackdriver.projects.*` `stackdriver.projects.edit` `stackdriver.projects.get`
Stackdriver Accounts Viewer (`roles/stackdriver.accounts.viewer`) Read-only access to get and list information about Stackdriver account structure.	`resourcemanager.projects.get` `resourcemanager.projects.list` `stackdriver.projects.get`
Stackdriver Resource Metadata Writer ^Beta (`roles/stackdriver.resourceMetadata.writer`) Write-only access to resource metadata. This provides exactly the permissions needed by the Stackdriver metadata agent and other systems that send metadata.	`stackdriver.resourceMetadata.write`

Monitoring Admin

(roles/monitoring.admin)

Provides full access to Cloud Monitoring.

Lowest-level resources where you can grant this role:

Project

cloudnotifications.activities.list

monitoring.*

monitoring.alertPolicies.create
monitoring.alertPolicies.createTagBinding
monitoring.alertPolicies.delete
monitoring.alertPolicies.deleteTagBinding
monitoring.alertPolicies.get
monitoring.alertPolicies.list
monitoring.alertPolicies.listEffectiveTags
monitoring.alertPolicies.listTagBindings
monitoring.alertPolicies.update
monitoring.dashboards.create
monitoring.dashboards.delete
monitoring.dashboards.get
monitoring.dashboards.list
monitoring.dashboards.update
monitoring.groups.create
monitoring.groups.delete
monitoring.groups.get
monitoring.groups.list
monitoring.groups.update
monitoring.metricDescriptors.create
monitoring.metricDescriptors.delete
monitoring.metricDescriptors.get
monitoring.metricDescriptors.list
monitoring.metricsScopes.link
monitoring.monitoredResourceDescriptors.get
monitoring.monitoredResourceDescriptors.list
monitoring.notificationChannelDescriptors.get
monitoring.notificationChannelDescriptors.list
monitoring.notificationChannels.create
monitoring.notificationChannels.delete
monitoring.notificationChannels.get
monitoring.notificationChannels.getVerificationCode
monitoring.notificationChannels.list
monitoring.notificationChannels.sendVerificationCode
monitoring.notificationChannels.update
monitoring.notificationChannels.verify
monitoring.services.create
monitoring.services.delete
monitoring.services.get
monitoring.services.list
monitoring.services.update
monitoring.slos.create
monitoring.slos.delete
monitoring.slos.get
monitoring.slos.list
monitoring.slos.update
monitoring.snoozes.create
monitoring.snoozes.get
monitoring.snoozes.list
monitoring.snoozes.update
monitoring.timeSeries.create
monitoring.timeSeries.list
monitoring.uptimeCheckConfigs.create
monitoring.uptimeCheckConfigs.delete
monitoring.uptimeCheckConfigs.get
monitoring.uptimeCheckConfigs.list
monitoring.uptimeCheckConfigs.update

opsconfigmonitoring.*

opsconfigmonitoring.resourceMetadata.list
opsconfigmonitoring.resourceMetadata.write

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.services.enable

serviceusage.services.get

stackdriver.*

stackdriver.projects.edit
stackdriver.projects.get
stackdriver.resourceMetadata.list
stackdriver.resourceMetadata.write

Monitoring AlertPolicy Editor

(roles/monitoring.alertPolicyEditor)

Read/write access to alerting policies.

monitoring.alertPolicies.*

monitoring.alertPolicies.create
monitoring.alertPolicies.createTagBinding
monitoring.alertPolicies.delete
monitoring.alertPolicies.deleteTagBinding
monitoring.alertPolicies.get
monitoring.alertPolicies.list
monitoring.alertPolicies.listEffectiveTags
monitoring.alertPolicies.listTagBindings
monitoring.alertPolicies.update

Monitoring AlertPolicy Viewer

(roles/monitoring.alertPolicyViewer)

Read-only access to alerting policies.

monitoring.alertPolicies.get

monitoring.alertPolicies.list

monitoring.alertPolicies.listEffectiveTags

monitoring.alertPolicies.listTagBindings

Monitoring Cloud Console Incident Editor ^Beta

(roles/monitoring.cloudConsoleIncidentEditor)

Read/write access to incidents from Cloud Console.

Monitoring Cloud Console Incident Viewer ^Beta

(roles/monitoring.cloudConsoleIncidentViewer)

Read access to incidents from Cloud Console.

Monitoring Dashboard Configuration Editor

(roles/monitoring.dashboardEditor)

Read/write access to dashboard configurations.

monitoring.dashboards.*

monitoring.dashboards.create
monitoring.dashboards.delete
monitoring.dashboards.get
monitoring.dashboards.list
monitoring.dashboards.update

Monitoring Dashboard Configuration Viewer

(roles/monitoring.dashboardViewer)

Read-only access to dashboard configurations.

monitoring.dashboards.get

monitoring.dashboards.list

Monitoring Editor

(roles/monitoring.editor)

Provides full access to information about all monitoring data and configurations.

Lowest-level resources where you can grant this role:

Project

cloudnotifications.activities.list

monitoring.alertPolicies.*

monitoring.alertPolicies.create
monitoring.alertPolicies.createTagBinding
monitoring.alertPolicies.delete
monitoring.alertPolicies.deleteTagBinding
monitoring.alertPolicies.get
monitoring.alertPolicies.list
monitoring.alertPolicies.listEffectiveTags
monitoring.alertPolicies.listTagBindings
monitoring.alertPolicies.update

monitoring.dashboards.*

monitoring.dashboards.create
monitoring.dashboards.delete
monitoring.dashboards.get
monitoring.dashboards.list
monitoring.dashboards.update

monitoring.groups.*

monitoring.groups.create
monitoring.groups.delete
monitoring.groups.get
monitoring.groups.list
monitoring.groups.update

monitoring.metricDescriptors.*

monitoring.metricDescriptors.create
monitoring.metricDescriptors.delete
monitoring.metricDescriptors.get
monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

monitoring.monitoredResourceDescriptors.get
monitoring.monitoredResourceDescriptors.list

monitoring.notificationChannelDescriptors.*

monitoring.notificationChannelDescriptors.get
monitoring.notificationChannelDescriptors.list

monitoring.notificationChannels.create

monitoring.notificationChannels.delete

monitoring.notificationChannels.get

monitoring.notificationChannels.list

monitoring.notificationChannels.sendVerificationCode

monitoring.notificationChannels.update

monitoring.notificationChannels.verify

monitoring.services.*

monitoring.services.create
monitoring.services.delete
monitoring.services.get
monitoring.services.list
monitoring.services.update

monitoring.slos.*

monitoring.slos.create
monitoring.slos.delete
monitoring.slos.get
monitoring.slos.list
monitoring.slos.update

monitoring.snoozes.*

monitoring.snoozes.create
monitoring.snoozes.get
monitoring.snoozes.list
monitoring.snoozes.update

monitoring.timeSeries.*

monitoring.timeSeries.create
monitoring.timeSeries.list

monitoring.uptimeCheckConfigs.*

monitoring.uptimeCheckConfigs.create
monitoring.uptimeCheckConfigs.delete
monitoring.uptimeCheckConfigs.get
monitoring.uptimeCheckConfigs.list
monitoring.uptimeCheckConfigs.update

opsconfigmonitoring.*

opsconfigmonitoring.resourceMetadata.list
opsconfigmonitoring.resourceMetadata.write

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.services.enable

serviceusage.services.get

stackdriver.*

stackdriver.projects.edit
stackdriver.projects.get
stackdriver.resourceMetadata.list
stackdriver.resourceMetadata.write

Monitoring Metric Writer

(roles/monitoring.metricWriter)

Provides write-only access to metrics. This provides exactly the permissions needed by the Cloud Monitoring agent and other systems that send metrics.

Lowest-level resources where you can grant this role:

Project

monitoring.metricDescriptors.create

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

monitoring.monitoredResourceDescriptors.get
monitoring.monitoredResourceDescriptors.list

monitoring.timeSeries.create

Monitoring Metrics Scopes Admin ^Beta

(roles/monitoring.metricsScopesAdmin)

Access to add and remove monitored projects from metrics scopes.

monitoring.metricsScopes.link

resourcemanager.projects.get

resourcemanager.projects.list

Monitoring Metrics Scopes Viewer ^Beta

(roles/monitoring.metricsScopesViewer)

Read-only access to metrics scopes and their monitored projects.

resourcemanager.projects.get

resourcemanager.projects.list

Monitoring NotificationChannel Editor ^Beta

(roles/monitoring.notificationChannelEditor)

Read/write access to notification channels.

monitoring.notificationChannelDescriptors.*

monitoring.notificationChannelDescriptors.get
monitoring.notificationChannelDescriptors.list

monitoring.notificationChannels.create

monitoring.notificationChannels.delete

monitoring.notificationChannels.get

monitoring.notificationChannels.list

monitoring.notificationChannels.sendVerificationCode

monitoring.notificationChannels.update

monitoring.notificationChannels.verify

Monitoring NotificationChannel Viewer ^Beta

(roles/monitoring.notificationChannelViewer)

Read-only access to notification channels.

monitoring.notificationChannelDescriptors.*

monitoring.notificationChannelDescriptors.get
monitoring.notificationChannelDescriptors.list

monitoring.notificationChannels.get

monitoring.notificationChannels.list

Monitoring Service Agent

(roles/monitoring.notificationServiceAgent)

Grants permissions to deliver notifications directly to resources within the target project, such as delivering to Pub/Sub topics within the project.

bigquery.jobs.create

cloudfunctions.functions.get

cloudtrace.traces.patch

logging.links.list

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

monitoring.monitoredResourceDescriptors.get
monitoring.monitoredResourceDescriptors.list

monitoring.timeSeries.list

run.routes.invoke

servicedirectory.networks.access

servicedirectory.services.resolve

serviceusage.services.use

Monitoring Services Editor

(roles/monitoring.servicesEditor)

Read/write access to services.

monitoring.services.*

monitoring.services.create
monitoring.services.delete
monitoring.services.get
monitoring.services.list
monitoring.services.update

monitoring.slos.*

monitoring.slos.create
monitoring.slos.delete
monitoring.slos.get
monitoring.slos.list
monitoring.slos.update

Monitoring Services Viewer

(roles/monitoring.servicesViewer)

Read-only access to services.

monitoring.services.get

monitoring.services.list

monitoring.slos.get

monitoring.slos.list

Monitoring Snooze Editor

(roles/monitoring.snoozeEditor)

monitoring.snoozes.*

monitoring.snoozes.create
monitoring.snoozes.get
monitoring.snoozes.list
monitoring.snoozes.update

Monitoring Snooze Viewer

(roles/monitoring.snoozeViewer)

monitoring.snoozes.get

monitoring.snoozes.list

Monitoring Uptime Check Configuration Editor ^Beta

(roles/monitoring.uptimeCheckConfigEditor)

Read/write access to uptime check configurations.

monitoring.uptimeCheckConfigs.*

monitoring.uptimeCheckConfigs.create
monitoring.uptimeCheckConfigs.delete
monitoring.uptimeCheckConfigs.get
monitoring.uptimeCheckConfigs.list
monitoring.uptimeCheckConfigs.update

Monitoring Uptime Check Configuration Viewer ^Beta

(roles/monitoring.uptimeCheckConfigViewer)

Read-only access to uptime check configurations.

monitoring.uptimeCheckConfigs.get

monitoring.uptimeCheckConfigs.list

Monitoring Viewer

(roles/monitoring.viewer)

Provides read-only access to get and list information about all monitoring data and configurations.

Lowest-level resources where you can grant this role:

Project

cloudnotifications.activities.list

monitoring.alertPolicies.get

monitoring.alertPolicies.list

monitoring.alertPolicies.listEffectiveTags

monitoring.alertPolicies.listTagBindings

monitoring.dashboards.get

monitoring.dashboards.list

monitoring.groups.get

monitoring.groups.list

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

monitoring.monitoredResourceDescriptors.get
monitoring.monitoredResourceDescriptors.list

monitoring.notificationChannelDescriptors.*

monitoring.notificationChannelDescriptors.get
monitoring.notificationChannelDescriptors.list

monitoring.notificationChannels.get

monitoring.notificationChannels.list

monitoring.services.get

monitoring.services.list

monitoring.slos.get

monitoring.slos.list

monitoring.snoozes.get

monitoring.snoozes.list

monitoring.timeSeries.list

monitoring.uptimeCheckConfigs.get

monitoring.uptimeCheckConfigs.list

opsconfigmonitoring.resourceMetadata.list

resourcemanager.projects.get

resourcemanager.projects.list

stackdriver.projects.get

stackdriver.resourceMetadata.list

Ops Config Monitoring Resource Metadata Viewer ^Beta

(roles/opsconfigmonitoring.resourceMetadata.viewer)

Read-only access to resource metadata.

opsconfigmonitoring.resourceMetadata.list

Ops Config Monitoring Resource Metadata Writer ^Beta

(roles/opsconfigmonitoring.resourceMetadata.writer)

Write-only access to resource metadata. This provides exactly the permissions needed by the Ops Config Monitoring metadata agent and other systems that send metadata.

opsconfigmonitoring.resourceMetadata.write

Stackdriver Accounts Editor

(roles/stackdriver.accounts.editor)

Read/write access to manage Stackdriver account structure.

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.services.enable

serviceusage.services.get

stackdriver.projects.*

stackdriver.projects.edit
stackdriver.projects.get

Stackdriver Accounts Viewer

(roles/stackdriver.accounts.viewer)

Read-only access to get and list information about Stackdriver account structure.

resourcemanager.projects.get

resourcemanager.projects.list

stackdriver.projects.get

Stackdriver Resource Metadata Writer ^Beta

(roles/stackdriver.resourceMetadata.writer)

Write-only access to resource metadata. This provides exactly the permissions needed by the Stackdriver metadata agent and other systems that send metadata.

stackdriver.resourceMetadata.write

Cloud Monitoring permissions

Permission	Included in roles
`monitoring.alertPolicies.create`	Owner (`roles/owner`) Editor (`roles/editor`) Monitoring Admin (`roles/monitoring.admin`) Monitoring AlertPolicy Editor (`roles/monitoring.alertPolicyEditor`) Monitoring Editor (`roles/monitoring.editor`) Quota Administrator (`roles/servicemanagement.quotaAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`monitoring.alertPolicies.createTagBinding`	Owner (`roles/owner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Monitoring Admin (`roles/monitoring.admin`) Monitoring AlertPolicy Editor (`roles/monitoring.alertPolicyEditor`) Monitoring Editor (`roles/monitoring.editor`) Tag User (`roles/resourcemanager.tagUser`) Quota Administrator (`roles/servicemanagement.quotaAdmin`)
`monitoring.alertPolicies.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Monitoring Admin (`roles/monitoring.admin`) Monitoring AlertPolicy Editor (`roles/monitoring.alertPolicyEditor`) Monitoring Editor (`roles/monitoring.editor`) Quota Administrator (`roles/servicemanagement.quotaAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`monitoring.alertPolicies.deleteTagBinding`	Owner (`roles/owner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Monitoring Admin (`roles/monitoring.admin`) Monitoring AlertPolicy Editor (`roles/monitoring.alertPolicyEditor`) Monitoring Editor (`roles/monitoring.editor`) Tag User (`roles/resourcemanager.tagUser`) Quota Administrator (`roles/servicemanagement.quotaAdmin`)
`monitoring.alertPolicies.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) App Management Viewer (`roles/apphub.appManagementViewer`) Cloud Hub Operator (`roles/cloudhub.operator`) Monitoring Admin (`roles/monitoring.admin`) Monitoring AlertPolicy Editor (`roles/monitoring.alertPolicyEditor`) Monitoring AlertPolicy Viewer (`roles/monitoring.alertPolicyViewer`) Monitoring Editor (`roles/monitoring.editor`) Monitoring Viewer (`roles/monitoring.viewer`) Quota Administrator (`roles/servicemanagement.quotaAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Chronicle Service Agent (`roles/chronicle.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Edge Container Cluster Service Agent (`roles/edgecontainer.clusterServiceAgent`) Anthos Multi-Cloud Container Service Agent (`roles/gkemulticloud.containerServiceAgent`) Healthcare Service Agent (`roles/healthcare.serviceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`)
`monitoring.alertPolicies.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) App Management Viewer (`roles/apphub.appManagementViewer`) Cloud Hub Operator (`roles/cloudhub.operator`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Monitoring Admin (`roles/monitoring.admin`) Monitoring AlertPolicy Editor (`roles/monitoring.alertPolicyEditor`) Monitoring AlertPolicy Viewer (`roles/monitoring.alertPolicyViewer`) Monitoring Editor (`roles/monitoring.editor`) Monitoring Viewer (`roles/monitoring.viewer`) Quota Administrator (`roles/servicemanagement.quotaAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`) Chronicle Service Agent (`roles/chronicle.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud Security Compliance Service Agent (`roles/cloudsecuritycompliance.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Edge Container Cluster Service Agent (`roles/edgecontainer.clusterServiceAgent`) Anthos Multi-Cloud Container Service Agent (`roles/gkemulticloud.containerServiceAgent`) Healthcare Service Agent (`roles/healthcare.serviceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Security Center Control Service Agent (`roles/securitycenter.controlServiceAgent`) Security Health Analytics Service Agent (`roles/securitycenter.securityHealthAnalyticsServiceAgent`) Security Center Service Agent (`roles/securitycenter.serviceAgent`) Audit Manager Auditing Service Agent (`roles/auditmanager.serviceAgent`)
`monitoring.alertPolicies.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) App Management Viewer (`roles/apphub.appManagementViewer`) Cloud Hub Operator (`roles/cloudhub.operator`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Monitoring Admin (`roles/monitoring.admin`) Monitoring AlertPolicy Editor (`roles/monitoring.alertPolicyEditor`) Monitoring AlertPolicy Viewer (`roles/monitoring.alertPolicyViewer`) Monitoring Editor (`roles/monitoring.editor`) Monitoring Viewer (`roles/monitoring.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Quota Administrator (`roles/servicemanagement.quotaAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Edge Container Cluster Service Agent (`roles/edgecontainer.clusterServiceAgent`) Anthos Multi-Cloud Container Service Agent (`roles/gkemulticloud.containerServiceAgent`) Healthcare Service Agent (`roles/healthcare.serviceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`)
`monitoring.alertPolicies.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) App Management Viewer (`roles/apphub.appManagementViewer`) Cloud Hub Operator (`roles/cloudhub.operator`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Monitoring Admin (`roles/monitoring.admin`) Monitoring AlertPolicy Editor (`roles/monitoring.alertPolicyEditor`) Monitoring AlertPolicy Viewer (`roles/monitoring.alertPolicyViewer`) Monitoring Editor (`roles/monitoring.editor`) Monitoring Viewer (`roles/monitoring.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Quota Administrator (`roles/servicemanagement.quotaAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Edge Container Cluster Service Agent (`roles/edgecontainer.clusterServiceAgent`) Anthos Multi-Cloud Container Service Agent (`roles/gkemulticloud.containerServiceAgent`) Healthcare Service Agent (`roles/healthcare.serviceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`)
`monitoring.alertPolicies.update`	Owner (`roles/owner`) Editor (`roles/editor`) Monitoring Admin (`roles/monitoring.admin`) Monitoring AlertPolicy Editor (`roles/monitoring.alertPolicyEditor`) Monitoring Editor (`roles/monitoring.editor`) Quota Administrator (`roles/servicemanagement.quotaAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`monitoring.dashboards.create`	Owner (`roles/owner`) Editor (`roles/editor`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Dashboard Configuration Editor (`roles/monitoring.dashboardEditor`) Monitoring Editor (`roles/monitoring.editor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Edge Container Cluster Service Agent (`roles/edgecontainer.clusterServiceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`monitoring.dashboards.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Dashboard Configuration Editor (`roles/monitoring.dashboardEditor`) Monitoring Editor (`roles/monitoring.editor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Edge Container Cluster Service Agent (`roles/edgecontainer.clusterServiceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`monitoring.dashboards.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) App Management Viewer (`roles/apphub.appManagementViewer`) Cloud Hub Operator (`roles/cloudhub.operator`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Dashboard Configuration Editor (`roles/monitoring.dashboardEditor`) Monitoring Dashboard Configuration Viewer (`roles/monitoring.dashboardViewer`) Monitoring Editor (`roles/monitoring.editor`) Monitoring Viewer (`roles/monitoring.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Edge Container Cluster Service Agent (`roles/edgecontainer.clusterServiceAgent`) Anthos Multi-Cloud Container Service Agent (`roles/gkemulticloud.containerServiceAgent`) Healthcare Service Agent (`roles/healthcare.serviceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`)
`monitoring.dashboards.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) App Management Viewer (`roles/apphub.appManagementViewer`) Cloud Hub Operator (`roles/cloudhub.operator`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Dashboard Configuration Editor (`roles/monitoring.dashboardEditor`) Monitoring Dashboard Configuration Viewer (`roles/monitoring.dashboardViewer`) Monitoring Editor (`roles/monitoring.editor`) Monitoring Viewer (`roles/monitoring.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Edge Container Cluster Service Agent (`roles/edgecontainer.clusterServiceAgent`) Anthos Multi-Cloud Container Service Agent (`roles/gkemulticloud.containerServiceAgent`) Healthcare Service Agent (`roles/healthcare.serviceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`)
`monitoring.dashboards.update`	Owner (`roles/owner`) Editor (`roles/editor`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Dashboard Configuration Editor (`roles/monitoring.dashboardEditor`) Monitoring Editor (`roles/monitoring.editor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Edge Container Cluster Service Agent (`roles/edgecontainer.clusterServiceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`monitoring.groups.create`	Owner (`roles/owner`) Editor (`roles/editor`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`monitoring.groups.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`monitoring.groups.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) App Management Viewer (`roles/apphub.appManagementViewer`) Cloud Hub Operator (`roles/cloudhub.operator`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Monitoring Viewer (`roles/monitoring.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Edge Container Cluster Service Agent (`roles/edgecontainer.clusterServiceAgent`) Anthos Multi-Cloud Container Service Agent (`roles/gkemulticloud.containerServiceAgent`) Healthcare Service Agent (`roles/healthcare.serviceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`)
`monitoring.groups.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) App Management Viewer (`roles/apphub.appManagementViewer`) Cloud Hub Operator (`roles/cloudhub.operator`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Monitoring Viewer (`roles/monitoring.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Edge Container Cluster Service Agent (`roles/edgecontainer.clusterServiceAgent`) Anthos Multi-Cloud Container Service Agent (`roles/gkemulticloud.containerServiceAgent`) Healthcare Service Agent (`roles/healthcare.serviceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`)
`monitoring.groups.update`	Owner (`roles/owner`) Editor (`roles/editor`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`monitoring.metricDescriptors.create`	Owner (`roles/owner`) Editor (`roles/editor`) Composer Worker (`roles/composer.worker`) Kubernetes Engine Default Node Service Account (`roles/container.defaultNodeServiceAccount`) Dataproc Worker (`roles/dataproc.worker`) Anthos Multi-cloud Telemetry Writer (`roles/gkemulticloud.telemetryWriter`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Monitoring Metric Writer (`roles/monitoring.metricWriter`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Notebook Service Agent (`roles/aiplatform.notebookServiceAgent`) Vertex AI Reasoning Engine Service Agent (`roles/aiplatform.reasoningEngineServiceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`) Apigee Service Agent (`roles/apigee.serviceAgent`) Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`) BigQuery Connection Service Agent (`roles/bigqueryconnection.serviceAgent`) Gemini for Google Cloud Service Agent (`roles/cloudaicompanion.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Connectors Platform Service Agent (`roles/connectors.serviceAgent`) Kubernetes Engine Default Node Service Agent (`roles/container.defaultNodeServiceAgent`) [Deprecated] Kubernetes Engine Node Service Agent (`roles/container.nodeServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataproc Resource Manager Node Service Agent (`roles/dataprocrm.nodeServiceAgent`) Discovery Engine Service Agent (`roles/discoveryengine.serviceAgent`) Edge Container Cluster Service Agent (`roles/edgecontainer.clusterServiceAgent`) Cloud Filestore Service Agent (`roles/file.serviceAgent`) Anthos Multi-Cloud Container Service Agent (`roles/gkemulticloud.containerServiceAgent`) Healthcare Service Agent (`roles/healthcare.serviceAgent`) Managed Flink Service Agent (`roles/managedflink.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Cloud Memorystore Memcached Service Agent (`roles/memcache.serviceAgent`) Cloud Memorystore Service Agent (`roles/memorystore.serviceAgent`) Mesh Managed Control Plane Service Agent (`roles/meshcontrolplane.serviceAgent`) Mesh Data Plane Service Agent (`roles/meshdataplane.serviceAgent`) RMA Service Agent (`roles/rapidmigrationassessment.serviceAgent`) Cloud Memorystore Redis Service Agent (`roles/redis.serviceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Cloud TPU API Service Agent (`roles/tpu.serviceAgent`) Cloud Vision AI Service Agent (`roles/visionai.serviceAgent`) Vertex AI Custom Code Service Agent (`roles/aiplatform.customCodeServiceAgent`)
`monitoring.metricDescriptors.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`monitoring.metricDescriptors.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) App Management Viewer (`roles/apphub.appManagementViewer`) Bigtable Administrator (`roles/bigtable.admin`) Bigtable Reader (`roles/bigtable.reader`) Bigtable User (`roles/bigtable.user`) Bigtable Viewer (`roles/bigtable.viewer`) Cloud Hub Operator (`roles/cloudhub.operator`) Composer Worker (`roles/composer.worker`) Dataproc Worker (`roles/dataproc.worker`) Anthos Multi-cloud Telemetry Writer (`roles/gkemulticloud.telemetryWriter`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Monitoring Metric Writer (`roles/monitoring.metricWriter`) Monitoring Viewer (`roles/monitoring.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Notebook Service Agent (`roles/aiplatform.notebookServiceAgent`) Vertex AI Reasoning Engine Service Agent (`roles/aiplatform.reasoningEngineServiceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`) Apigee Service Agent (`roles/apigee.serviceAgent`) Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`) BigQuery Connection Service Agent (`roles/bigqueryconnection.serviceAgent`) Gemini for Google Cloud Service Agent (`roles/cloudaicompanion.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Connectors Platform Service Agent (`roles/connectors.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataproc Resource Manager Node Service Agent (`roles/dataprocrm.nodeServiceAgent`) Discovery Engine Service Agent (`roles/discoveryengine.serviceAgent`) Edge Container Cluster Service Agent (`roles/edgecontainer.clusterServiceAgent`) Cloud Filestore Service Agent (`roles/file.serviceAgent`) Anthos Multi-Cloud Container Service Agent (`roles/gkemulticloud.containerServiceAgent`) Healthcare Service Agent (`roles/healthcare.serviceAgent`) Managed Flink Service Agent (`roles/managedflink.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Cloud Memorystore Memcached Service Agent (`roles/memcache.serviceAgent`) Cloud Memorystore Service Agent (`roles/memorystore.serviceAgent`) Mesh Managed Control Plane Service Agent (`roles/meshcontrolplane.serviceAgent`) Mesh Data Plane Service Agent (`roles/meshdataplane.serviceAgent`) Monitoring Service Agent (`roles/monitoring.notificationServiceAgent`) Cloud Memorystore Redis Service Agent (`roles/redis.serviceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Cloud TPU API Service Agent (`roles/tpu.serviceAgent`) Cloud Vision AI Service Agent (`roles/visionai.serviceAgent`) Workload Manager Service Agent (`roles/workloadmanager.serviceAgent`) Vertex AI Custom Code Service Agent (`roles/aiplatform.customCodeServiceAgent`)
`monitoring.metricDescriptors.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) ApiGateway Admin (`roles/apigateway.admin`) ApiGateway Viewer (`roles/apigateway.viewer`) App Management Viewer (`roles/apphub.appManagementViewer`) Bigtable Administrator (`roles/bigtable.admin`) Bigtable Reader (`roles/bigtable.reader`) Bigtable User (`roles/bigtable.user`) Bigtable Viewer (`roles/bigtable.viewer`) Cloud Hub Operator (`roles/cloudhub.operator`) Composer Worker (`roles/composer.worker`) Kubernetes Engine Default Node Service Account (`roles/container.defaultNodeServiceAccount`) Dataproc Worker (`roles/dataproc.worker`) Anthos Multi-cloud Telemetry Writer (`roles/gkemulticloud.telemetryWriter`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Monitoring Metric Writer (`roles/monitoring.metricWriter`) Monitoring Viewer (`roles/monitoring.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Notebook Service Agent (`roles/aiplatform.notebookServiceAgent`) Vertex AI Reasoning Engine Service Agent (`roles/aiplatform.reasoningEngineServiceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`) Apigee Service Agent (`roles/apigee.serviceAgent`) Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`) BigQuery Connection Service Agent (`roles/bigqueryconnection.serviceAgent`) Gemini for Google Cloud Service Agent (`roles/cloudaicompanion.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Connectors Platform Service Agent (`roles/connectors.serviceAgent`) Kubernetes Engine Default Node Service Agent (`roles/container.defaultNodeServiceAgent`) [Deprecated] Kubernetes Engine Node Service Agent (`roles/container.nodeServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataproc Resource Manager Node Service Agent (`roles/dataprocrm.nodeServiceAgent`) Discovery Engine Service Agent (`roles/discoveryengine.serviceAgent`) Edge Container Cluster Service Agent (`roles/edgecontainer.clusterServiceAgent`) Cloud Filestore Service Agent (`roles/file.serviceAgent`) Anthos Multi-Cloud Container Service Agent (`roles/gkemulticloud.containerServiceAgent`) Healthcare Service Agent (`roles/healthcare.serviceAgent`) Managed Flink Service Agent (`roles/managedflink.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Cloud Memorystore Memcached Service Agent (`roles/memcache.serviceAgent`) Cloud Memorystore Service Agent (`roles/memorystore.serviceAgent`) Mesh Managed Control Plane Service Agent (`roles/meshcontrolplane.serviceAgent`) Mesh Data Plane Service Agent (`roles/meshdataplane.serviceAgent`) Monitoring Service Agent (`roles/monitoring.notificationServiceAgent`) RMA Service Agent (`roles/rapidmigrationassessment.serviceAgent`) Cloud Memorystore Redis Service Agent (`roles/redis.serviceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Cloud TPU API Service Agent (`roles/tpu.serviceAgent`) Cloud Vision AI Service Agent (`roles/visionai.serviceAgent`) Workload Manager Service Agent (`roles/workloadmanager.serviceAgent`) Vertex AI Custom Code Service Agent (`roles/aiplatform.customCodeServiceAgent`)
`monitoring.metricsScopes.link`	Owner (`roles/owner`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Metrics Scopes Admin (`roles/monitoring.metricsScopesAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. GKE Hub Service Agent (`roles/gkehub.serviceAgent`)
`monitoring.monitoredResourceDescriptors.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) ApiGateway Admin (`roles/apigateway.admin`) ApiGateway Viewer (`roles/apigateway.viewer`) App Management Viewer (`roles/apphub.appManagementViewer`) Cloud Hub Operator (`roles/cloudhub.operator`) Composer Worker (`roles/composer.worker`) Dataproc Worker (`roles/dataproc.worker`) Anthos Multi-cloud Telemetry Writer (`roles/gkemulticloud.telemetryWriter`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Monitoring Metric Writer (`roles/monitoring.metricWriter`) Monitoring Viewer (`roles/monitoring.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Notebook Service Agent (`roles/aiplatform.notebookServiceAgent`) Vertex AI Reasoning Engine Service Agent (`roles/aiplatform.reasoningEngineServiceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`) Apigee Service Agent (`roles/apigee.serviceAgent`) Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`) BigQuery Connection Service Agent (`roles/bigqueryconnection.serviceAgent`) Gemini for Google Cloud Service Agent (`roles/cloudaicompanion.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Connectors Platform Service Agent (`roles/connectors.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataproc Resource Manager Node Service Agent (`roles/dataprocrm.nodeServiceAgent`) Discovery Engine Service Agent (`roles/discoveryengine.serviceAgent`) Edge Container Cluster Service Agent (`roles/edgecontainer.clusterServiceAgent`) Cloud Filestore Service Agent (`roles/file.serviceAgent`) Anthos Multi-Cloud Container Service Agent (`roles/gkemulticloud.containerServiceAgent`) Healthcare Service Agent (`roles/healthcare.serviceAgent`) Managed Flink Service Agent (`roles/managedflink.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Cloud Memorystore Memcached Service Agent (`roles/memcache.serviceAgent`) Cloud Memorystore Service Agent (`roles/memorystore.serviceAgent`) Mesh Managed Control Plane Service Agent (`roles/meshcontrolplane.serviceAgent`) Mesh Data Plane Service Agent (`roles/meshdataplane.serviceAgent`) Monitoring Service Agent (`roles/monitoring.notificationServiceAgent`) Cloud Memorystore Redis Service Agent (`roles/redis.serviceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Cloud TPU API Service Agent (`roles/tpu.serviceAgent`) Cloud Vision AI Service Agent (`roles/visionai.serviceAgent`) Workload Manager Service Agent (`roles/workloadmanager.serviceAgent`) Vertex AI Custom Code Service Agent (`roles/aiplatform.customCodeServiceAgent`)
`monitoring.monitoredResourceDescriptors.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) App Management Viewer (`roles/apphub.appManagementViewer`) Cloud Hub Operator (`roles/cloudhub.operator`) Composer Worker (`roles/composer.worker`) Dataproc Worker (`roles/dataproc.worker`) Anthos Multi-cloud Telemetry Writer (`roles/gkemulticloud.telemetryWriter`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Monitoring Metric Writer (`roles/monitoring.metricWriter`) Monitoring Viewer (`roles/monitoring.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Notebook Service Agent (`roles/aiplatform.notebookServiceAgent`) Vertex AI Reasoning Engine Service Agent (`roles/aiplatform.reasoningEngineServiceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`) Apigee Service Agent (`roles/apigee.serviceAgent`) Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`) BigQuery Connection Service Agent (`roles/bigqueryconnection.serviceAgent`) Gemini for Google Cloud Service Agent (`roles/cloudaicompanion.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Connectors Platform Service Agent (`roles/connectors.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataproc Resource Manager Node Service Agent (`roles/dataprocrm.nodeServiceAgent`) Discovery Engine Service Agent (`roles/discoveryengine.serviceAgent`) Edge Container Cluster Service Agent (`roles/edgecontainer.clusterServiceAgent`) Cloud Filestore Service Agent (`roles/file.serviceAgent`) Anthos Multi-Cloud Container Service Agent (`roles/gkemulticloud.containerServiceAgent`) Healthcare Service Agent (`roles/healthcare.serviceAgent`) Managed Flink Service Agent (`roles/managedflink.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Cloud Memorystore Memcached Service Agent (`roles/memcache.serviceAgent`) Cloud Memorystore Service Agent (`roles/memorystore.serviceAgent`) Mesh Managed Control Plane Service Agent (`roles/meshcontrolplane.serviceAgent`) Mesh Data Plane Service Agent (`roles/meshdataplane.serviceAgent`) Monitoring Service Agent (`roles/monitoring.notificationServiceAgent`) Cloud Memorystore Redis Service Agent (`roles/redis.serviceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Cloud TPU API Service Agent (`roles/tpu.serviceAgent`) Cloud Vision AI Service Agent (`roles/visionai.serviceAgent`) Workload Manager Service Agent (`roles/workloadmanager.serviceAgent`) Vertex AI Custom Code Service Agent (`roles/aiplatform.customCodeServiceAgent`)
`monitoring.notificationChannelDescriptors.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) App Management Viewer (`roles/apphub.appManagementViewer`) Cloud Hub Operator (`roles/cloudhub.operator`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Monitoring NotificationChannel Editor (`roles/monitoring.notificationChannelEditor`) Monitoring NotificationChannel Viewer (`roles/monitoring.notificationChannelViewer`) Monitoring Viewer (`roles/monitoring.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Edge Container Cluster Service Agent (`roles/edgecontainer.clusterServiceAgent`) Anthos Multi-Cloud Container Service Agent (`roles/gkemulticloud.containerServiceAgent`) Healthcare Service Agent (`roles/healthcare.serviceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`)
`monitoring.notificationChannelDescriptors.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) App Management Viewer (`roles/apphub.appManagementViewer`) Cloud Hub Operator (`roles/cloudhub.operator`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Monitoring NotificationChannel Editor (`roles/monitoring.notificationChannelEditor`) Monitoring NotificationChannel Viewer (`roles/monitoring.notificationChannelViewer`) Monitoring Viewer (`roles/monitoring.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Edge Container Cluster Service Agent (`roles/edgecontainer.clusterServiceAgent`) Anthos Multi-Cloud Container Service Agent (`roles/gkemulticloud.containerServiceAgent`) Healthcare Service Agent (`roles/healthcare.serviceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`)
`monitoring.notificationChannels.create`	Owner (`roles/owner`) Editor (`roles/editor`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Monitoring NotificationChannel Editor (`roles/monitoring.notificationChannelEditor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`monitoring.notificationChannels.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Monitoring NotificationChannel Editor (`roles/monitoring.notificationChannelEditor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`monitoring.notificationChannels.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) App Management Viewer (`roles/apphub.appManagementViewer`) Cloud Hub Operator (`roles/cloudhub.operator`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Monitoring NotificationChannel Editor (`roles/monitoring.notificationChannelEditor`) Monitoring NotificationChannel Viewer (`roles/monitoring.notificationChannelViewer`) Monitoring Viewer (`roles/monitoring.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Edge Container Cluster Service Agent (`roles/edgecontainer.clusterServiceAgent`) Anthos Multi-Cloud Container Service Agent (`roles/gkemulticloud.containerServiceAgent`) Healthcare Service Agent (`roles/healthcare.serviceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Vertex AI Model Monitoring Service Agent (`roles/aiplatform.modelMonitoringServiceAgent`)
`monitoring.notificationChannels.getVerificationCode`	Owner (`roles/owner`) Monitoring Admin (`roles/monitoring.admin`)
`monitoring.notificationChannels.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) App Management Viewer (`roles/apphub.appManagementViewer`) Cloud Hub Operator (`roles/cloudhub.operator`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Monitoring NotificationChannel Editor (`roles/monitoring.notificationChannelEditor`) Monitoring NotificationChannel Viewer (`roles/monitoring.notificationChannelViewer`) Monitoring Viewer (`roles/monitoring.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Edge Container Cluster Service Agent (`roles/edgecontainer.clusterServiceAgent`) Anthos Multi-Cloud Container Service Agent (`roles/gkemulticloud.containerServiceAgent`) Healthcare Service Agent (`roles/healthcare.serviceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`)
`monitoring.notificationChannels.sendVerificationCode`	Owner (`roles/owner`) Editor (`roles/editor`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Monitoring NotificationChannel Editor (`roles/monitoring.notificationChannelEditor`)
`monitoring.notificationChannels.update`	Owner (`roles/owner`) Editor (`roles/editor`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Monitoring NotificationChannel Editor (`roles/monitoring.notificationChannelEditor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`monitoring.notificationChannels.verify`	Owner (`roles/owner`) Editor (`roles/editor`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Monitoring NotificationChannel Editor (`roles/monitoring.notificationChannelEditor`)
`monitoring.services.create`	Owner (`roles/owner`) Editor (`roles/editor`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Monitoring Services Editor (`roles/monitoring.servicesEditor`)
`monitoring.services.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Monitoring Services Editor (`roles/monitoring.servicesEditor`)
`monitoring.services.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) App Management Viewer (`roles/apphub.appManagementViewer`) Cloud Hub Operator (`roles/cloudhub.operator`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Monitoring Services Editor (`roles/monitoring.servicesEditor`) Monitoring Services Viewer (`roles/monitoring.servicesViewer`) Monitoring Viewer (`roles/monitoring.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Edge Container Cluster Service Agent (`roles/edgecontainer.clusterServiceAgent`) Anthos Multi-Cloud Container Service Agent (`roles/gkemulticloud.containerServiceAgent`) Healthcare Service Agent (`roles/healthcare.serviceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`)
`monitoring.services.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) App Management Viewer (`roles/apphub.appManagementViewer`) Cloud Hub Operator (`roles/cloudhub.operator`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Monitoring Services Editor (`roles/monitoring.servicesEditor`) Monitoring Services Viewer (`roles/monitoring.servicesViewer`) Monitoring Viewer (`roles/monitoring.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Edge Container Cluster Service Agent (`roles/edgecontainer.clusterServiceAgent`) Anthos Multi-Cloud Container Service Agent (`roles/gkemulticloud.containerServiceAgent`) Healthcare Service Agent (`roles/healthcare.serviceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`)
`monitoring.services.update`	Owner (`roles/owner`) Editor (`roles/editor`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Monitoring Services Editor (`roles/monitoring.servicesEditor`)
`monitoring.slos.create`	Owner (`roles/owner`) Editor (`roles/editor`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Monitoring Services Editor (`roles/monitoring.servicesEditor`)
`monitoring.slos.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Monitoring Services Editor (`roles/monitoring.servicesEditor`)
`monitoring.slos.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) App Management Viewer (`roles/apphub.appManagementViewer`) Cloud Hub Operator (`roles/cloudhub.operator`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Monitoring Services Editor (`roles/monitoring.servicesEditor`) Monitoring Services Viewer (`roles/monitoring.servicesViewer`) Monitoring Viewer (`roles/monitoring.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Edge Container Cluster Service Agent (`roles/edgecontainer.clusterServiceAgent`) Anthos Multi-Cloud Container Service Agent (`roles/gkemulticloud.containerServiceAgent`) Healthcare Service Agent (`roles/healthcare.serviceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`)
`monitoring.slos.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) App Management Viewer (`roles/apphub.appManagementViewer`) Cloud Hub Operator (`roles/cloudhub.operator`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Monitoring Services Editor (`roles/monitoring.servicesEditor`) Monitoring Services Viewer (`roles/monitoring.servicesViewer`) Monitoring Viewer (`roles/monitoring.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Edge Container Cluster Service Agent (`roles/edgecontainer.clusterServiceAgent`) Anthos Multi-Cloud Container Service Agent (`roles/gkemulticloud.containerServiceAgent`) Healthcare Service Agent (`roles/healthcare.serviceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`)
`monitoring.slos.update`	Owner (`roles/owner`) Editor (`roles/editor`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Monitoring Services Editor (`roles/monitoring.servicesEditor`)
`monitoring.snoozes.create`	Owner (`roles/owner`) Editor (`roles/editor`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Monitoring Snooze Editor (`roles/monitoring.snoozeEditor`)
`monitoring.snoozes.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) App Management Viewer (`roles/apphub.appManagementViewer`) Cloud Hub Operator (`roles/cloudhub.operator`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Monitoring Snooze Editor (`roles/monitoring.snoozeEditor`) Monitoring Snooze Viewer (`roles/monitoring.snoozeViewer`) Monitoring Viewer (`roles/monitoring.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Edge Container Cluster Service Agent (`roles/edgecontainer.clusterServiceAgent`) Anthos Multi-Cloud Container Service Agent (`roles/gkemulticloud.containerServiceAgent`) Healthcare Service Agent (`roles/healthcare.serviceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`)
`monitoring.snoozes.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) App Management Viewer (`roles/apphub.appManagementViewer`) Cloud Hub Operator (`roles/cloudhub.operator`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Monitoring Snooze Editor (`roles/monitoring.snoozeEditor`) Monitoring Snooze Viewer (`roles/monitoring.snoozeViewer`) Monitoring Viewer (`roles/monitoring.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Edge Container Cluster Service Agent (`roles/edgecontainer.clusterServiceAgent`) Anthos Multi-Cloud Container Service Agent (`roles/gkemulticloud.containerServiceAgent`) Healthcare Service Agent (`roles/healthcare.serviceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`)
`monitoring.snoozes.update`	Owner (`roles/owner`) Editor (`roles/editor`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Monitoring Snooze Editor (`roles/monitoring.snoozeEditor`)
`monitoring.timeSeries.create`	Owner (`roles/owner`) Editor (`roles/editor`) Bigtable Administrator (`roles/bigtable.admin`) Bigtable Reader (`roles/bigtable.reader`) Bigtable User (`roles/bigtable.user`) Composer Worker (`roles/composer.worker`) Kubernetes Engine Default Node Service Account (`roles/container.defaultNodeServiceAccount`) Dataflow Worker (`roles/dataflow.worker`) Dataproc Worker (`roles/dataproc.worker`) Anthos Multi-cloud Telemetry Writer (`roles/gkemulticloud.telemetryWriter`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Monitoring Metric Writer (`roles/monitoring.metricWriter`) Cloud Spanner Admin (`roles/spanner.admin`) Cloud Spanner Database Admin (`roles/spanner.databaseAdmin`) Cloud Spanner Database Reader (`roles/spanner.databaseReader`) Cloud Spanner Database Reader with DataBoost (`roles/spanner.databaseReaderWithDataBoost`) Cloud Spanner Database User (`roles/spanner.databaseUser`) Storage Transfer Agent (`roles/storagetransfer.transferAgent`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Notebook Service Agent (`roles/aiplatform.notebookServiceAgent`) Vertex AI Reasoning Engine Service Agent (`roles/aiplatform.reasoningEngineServiceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`) Apigee Service Agent (`roles/apigee.serviceAgent`) Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`) BigQuery Connection Service Agent (`roles/bigqueryconnection.serviceAgent`) Gemini for Google Cloud Service Agent (`roles/cloudaicompanion.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Connectors Platform Service Agent (`roles/connectors.serviceAgent`) Kubernetes Engine Default Node Service Agent (`roles/container.defaultNodeServiceAgent`) [Deprecated] Kubernetes Engine Node Service Agent (`roles/container.nodeServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Dataproc Resource Manager Node Service Agent (`roles/dataprocrm.nodeServiceAgent`) Discovery Engine Service Agent (`roles/discoveryengine.serviceAgent`) Edge Container Cluster Service Agent (`roles/edgecontainer.clusterServiceAgent`) Eventarc Service Agent (`roles/eventarc.serviceAgent`) Cloud Filestore Service Agent (`roles/file.serviceAgent`) Anthos Multi-Cloud Container Service Agent (`roles/gkemulticloud.containerServiceAgent`) Healthcare Service Agent (`roles/healthcare.serviceAgent`) KubeRun Events Data Plane Service Agent (`roles/kuberun.eventsDataPlaneServiceAgent`) Managed Flink Service Agent (`roles/managedflink.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Cloud Memorystore Memcached Service Agent (`roles/memcache.serviceAgent`) Cloud Memorystore Service Agent (`roles/memorystore.serviceAgent`) Mesh Managed Control Plane Service Agent (`roles/meshcontrolplane.serviceAgent`) Mesh Data Plane Service Agent (`roles/meshdataplane.serviceAgent`) RMA Service Agent (`roles/rapidmigrationassessment.serviceAgent`) Cloud Memorystore Redis Service Agent (`roles/redis.serviceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Cloud TPU API Service Agent (`roles/tpu.serviceAgent`) Cloud Vision AI Service Agent (`roles/visionai.serviceAgent`) Vertex AI Custom Code Service Agent (`roles/aiplatform.customCodeServiceAgent`)
`monitoring.timeSeries.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) ApiGateway Admin (`roles/apigateway.admin`) ApiGateway Viewer (`roles/apigateway.viewer`) Apigee Organization Admin (`roles/apigee.admin`) Apigee Read-only Admin (`roles/apigee.readOnlyAdmin`) App Management Viewer (`roles/apphub.appManagementViewer`) Bigtable Administrator (`roles/bigtable.admin`) Bigtable Reader (`roles/bigtable.reader`) Bigtable User (`roles/bigtable.user`) Bigtable Viewer (`roles/bigtable.viewer`) Capacity Planner Usage Viewer (`roles/capacityplanner.viewer`) Cloud Hub Operator (`roles/cloudhub.operator`) Cloud Quotas Admin (`roles/cloudquotas.admin`) Cloud Tasks Admin (`roles/cloudtasks.admin`) Cloud Tasks Viewer (`roles/cloudtasks.viewer`) Composer Worker (`roles/composer.worker`) Cloud Infrastructure Manager Agent (`roles/config.agent`) Kubernetes Engine Default Node Service Account (`roles/container.defaultNodeServiceAccount`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase Develop Viewer (`roles/firebase.developViewer`) Firebase Grow Admin (`roles/firebase.growthAdmin`) Firebase Grow Viewer (`roles/firebase.growthViewer`) Firebase Quality Admin (`roles/firebase.qualityAdmin`) Firebase Quality Viewer (`roles/firebase.qualityViewer`) Firebase Viewer (`roles/firebase.viewer`) Fleet Project-level Scope Editor (`roles/gkehub.scopeEditorProjectLevel`) Fleet Project-level Scope Viewer (`roles/gkehub.scopeViewerProjectLevel`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Monitoring Viewer (`roles/monitoring.viewer`) reCAPTCHA Enterprise Admin (`roles/recaptchaenterprise.admin`) reCAPTCHA Enterprise Viewer (`roles/recaptchaenterprise.viewer`) Firewall Recommender Admin (`roles/recommender.firewallAdmin`) Firewall Recommender Viewer (`roles/recommender.firewallViewer`) Service Management Administrator (`roles/servicemanagement.admin`) Quota Administrator (`roles/servicemanagement.quotaAdmin`) Quota Viewer (`roles/servicemanagement.quotaViewer`) Service Usage Admin (`roles/serviceusage.serviceUsageAdmin`) Service Usage Consumer (`roles/serviceusage.serviceUsageConsumer`) Service Usage Viewer (`roles/serviceusage.serviceUsageViewer`) Cloud Spanner Admin (`roles/spanner.admin`) Cloud Spanner Backup Admin (`roles/spanner.backupAdmin`) Cloud Spanner Database Admin (`roles/spanner.databaseAdmin`) Cloud Spanner Restore Admin (`roles/spanner.restoreAdmin`) Cloud Spanner Viewer (`roles/spanner.viewer`) Telco Automation Admin (`roles/telcoautomation.admin`) Workload Manager Admin (`roles/workloadmanager.admin`) Workload Manager Deployment Admin (`roles/workloadmanager.deploymentAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`) Blockchain Node Engine Service Agent (`roles/blockchainnodeengine.serviceAgent`) Cloud Security Compliance Service Agent (`roles/cloudsecuritycompliance.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Default Node Service Agent (`roles/container.defaultNodeServiceAgent`) [Deprecated] Kubernetes Engine Node Service Agent (`roles/container.nodeServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Discovery Engine Service Agent (`roles/discoveryengine.serviceAgent`) Edge Container Cluster Service Agent (`roles/edgecontainer.clusterServiceAgent`) Anthos Multi-Cloud Container Service Agent (`roles/gkemulticloud.containerServiceAgent`) Healthcare Service Agent (`roles/healthcare.serviceAgent`) Monitoring Service Agent (`roles/monitoring.notificationServiceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Security Center Control Service Agent (`roles/securitycenter.controlServiceAgent`) Security Center Service Agent (`roles/securitycenter.serviceAgent`) Workload Manager Service Agent (`roles/workloadmanager.serviceAgent`) Audit Manager Auditing Service Agent (`roles/auditmanager.serviceAgent`)
`monitoring.uptimeCheckConfigs.create`	Owner (`roles/owner`) Editor (`roles/editor`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Monitoring Uptime Check Configuration Editor (`roles/monitoring.uptimeCheckConfigEditor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`monitoring.uptimeCheckConfigs.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Monitoring Uptime Check Configuration Editor (`roles/monitoring.uptimeCheckConfigEditor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`monitoring.uptimeCheckConfigs.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) App Management Viewer (`roles/apphub.appManagementViewer`) Cloud Hub Operator (`roles/cloudhub.operator`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Monitoring Uptime Check Configuration Editor (`roles/monitoring.uptimeCheckConfigEditor`) Monitoring Uptime Check Configuration Viewer (`roles/monitoring.uptimeCheckConfigViewer`) Monitoring Viewer (`roles/monitoring.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Edge Container Cluster Service Agent (`roles/edgecontainer.clusterServiceAgent`) Anthos Multi-Cloud Container Service Agent (`roles/gkemulticloud.containerServiceAgent`) Healthcare Service Agent (`roles/healthcare.serviceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`)
`monitoring.uptimeCheckConfigs.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) App Management Viewer (`roles/apphub.appManagementViewer`) Cloud Hub Operator (`roles/cloudhub.operator`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Monitoring Uptime Check Configuration Editor (`roles/monitoring.uptimeCheckConfigEditor`) Monitoring Uptime Check Configuration Viewer (`roles/monitoring.uptimeCheckConfigViewer`) Monitoring Viewer (`roles/monitoring.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Edge Container Cluster Service Agent (`roles/edgecontainer.clusterServiceAgent`) Anthos Multi-Cloud Container Service Agent (`roles/gkemulticloud.containerServiceAgent`) Healthcare Service Agent (`roles/healthcare.serviceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`)
`monitoring.uptimeCheckConfigs.update`	Owner (`roles/owner`) Editor (`roles/editor`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Monitoring Uptime Check Configuration Editor (`roles/monitoring.uptimeCheckConfigEditor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`opsconfigmonitoring.resourceMetadata.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) App Management Viewer (`roles/apphub.appManagementViewer`) Cloud Hub Operator (`roles/cloudhub.operator`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Monitoring Viewer (`roles/monitoring.viewer`) Ops Config Monitoring Resource Metadata Viewer (`roles/opsconfigmonitoring.resourceMetadata.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Edge Container Cluster Service Agent (`roles/edgecontainer.clusterServiceAgent`) Anthos Multi-Cloud Container Service Agent (`roles/gkemulticloud.containerServiceAgent`) Healthcare Service Agent (`roles/healthcare.serviceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`)
`opsconfigmonitoring.resourceMetadata.write`	Owner (`roles/owner`) Editor (`roles/editor`) Anthos Multi-cloud Telemetry Writer (`roles/gkemulticloud.telemetryWriter`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Ops Config Monitoring Resource Metadata Writer (`roles/opsconfigmonitoring.resourceMetadata.writer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Anthos Multi-Cloud Container Service Agent (`roles/gkemulticloud.containerServiceAgent`) Edge Container Cluster Service Agent (`roles/edgecontainer.clusterServiceAgent`)
`stackdriver.projects.edit`	Owner (`roles/owner`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Stackdriver Accounts Editor (`roles/stackdriver.accounts.editor`)
`stackdriver.projects.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) App Management Viewer (`roles/apphub.appManagementViewer`) Cloud Hub Operator (`roles/cloudhub.operator`) Error Reporting Admin (`roles/errorreporting.admin`) Error Reporting User (`roles/errorreporting.user`) Error Reporting Viewer (`roles/errorreporting.viewer`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Monitoring Viewer (`roles/monitoring.viewer`) Stackdriver Accounts Editor (`roles/stackdriver.accounts.editor`) Stackdriver Accounts Viewer (`roles/stackdriver.accounts.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Edge Container Cluster Service Agent (`roles/edgecontainer.clusterServiceAgent`) Anthos Multi-Cloud Container Service Agent (`roles/gkemulticloud.containerServiceAgent`) Healthcare Service Agent (`roles/healthcare.serviceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Security Center Control Service Agent (`roles/securitycenter.controlServiceAgent`) Security Health Analytics Service Agent (`roles/securitycenter.securityHealthAnalyticsServiceAgent`) Security Center Service Agent (`roles/securitycenter.serviceAgent`) Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`)
`stackdriver.resourceMetadata.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) App Management Viewer (`roles/apphub.appManagementViewer`) Cloud Hub Operator (`roles/cloudhub.operator`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Monitoring Viewer (`roles/monitoring.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Edge Container Cluster Service Agent (`roles/edgecontainer.clusterServiceAgent`) Anthos Multi-Cloud Container Service Agent (`roles/gkemulticloud.containerServiceAgent`) Healthcare Service Agent (`roles/healthcare.serviceAgent`) Retail Service Agent (`roles/retail.serviceAgent`) Recommendations AI Service Agent (`roles/automlrecommendations.serviceAgent`)
`stackdriver.resourceMetadata.write`	Owner (`roles/owner`) Editor (`roles/editor`) Monitoring Admin (`roles/monitoring.admin`) Monitoring Editor (`roles/monitoring.editor`) Stackdriver Resource Metadata Writer (`roles/stackdriver.resourceMetadata.writer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Edge Container Cluster Service Agent (`roles/edgecontainer.clusterServiceAgent`)

Cloud Monitoring roles and permissions Stay organized with collections Save and categorize content based on your preferences.