Google Cloud Observability roles and permissions

This page lists the IAM roles and permissions for Google Cloud Observability. To search through all roles and permissions, see the role and permission index.

Google Cloud Observability roles

Role Permissions

Role	Permissions
Observability Admin ^Beta (`roles/observability.admin`) Full access to Observability resources.	`observability.*` `observability.analyticsViews.create` `observability.analyticsViews.delete` `observability.analyticsViews.get` `observability.analyticsViews.list` `observability.analyticsViews.update` `observability.buckets.create` `observability.buckets.delete` `observability.buckets.get` `observability.buckets.list` `observability.buckets.undelete` `observability.buckets.update` `observability.datasets.create` `observability.datasets.delete` `observability.datasets.get` `observability.datasets.list` `observability.datasets.undelete` `observability.datasets.update` `observability.links.create` `observability.links.delete` `observability.links.get` `observability.links.list` `observability.links.update` `observability.operations.cancel` `observability.operations.delete` `observability.operations.get` `observability.operations.list` `observability.scopes.get` `observability.scopes.update` `observability.traceScopes.create` `observability.traceScopes.delete` `observability.traceScopes.get` `observability.traceScopes.list` `observability.traceScopes.update` `observability.views.access` `observability.views.create` `observability.views.delete` `observability.views.get` `observability.views.list` `observability.views.update`
Observability Analytics User ^Beta (`roles/observability.analyticsUser`) Grants permissions to use Cloud Observability Analytics.	`logging.queries.getShared` `logging.queries.listShared` `logging.queries.usePrivate` `observability.analyticsViews.*` `observability.analyticsViews.create` `observability.analyticsViews.delete` `observability.analyticsViews.get` `observability.analyticsViews.list` `observability.analyticsViews.update` `observability.buckets.get` `observability.buckets.list` `observability.datasets.get` `observability.datasets.list` `observability.links.get` `observability.links.list` `observability.operations.get` `observability.operations.list` `observability.scopes.get` `observability.traceScopes.get` `observability.traceScopes.list` `observability.views.get` `observability.views.list`
Observability Editor ^Beta (`roles/observability.editor`) Edit access to Observability resources.	`observability.analyticsViews.` `observability.analyticsViews.create` `observability.analyticsViews.delete` `observability.analyticsViews.get` `observability.analyticsViews.list` `observability.analyticsViews.update` `observability.buckets.create` `observability.buckets.get` `observability.buckets.list` `observability.buckets.update` `observability.datasets.create` `observability.datasets.get` `observability.datasets.list` `observability.datasets.update` `observability.links.` `observability.links.create` `observability.links.delete` `observability.links.get` `observability.links.list` `observability.links.update` `observability.operations.` `observability.operations.cancel` `observability.operations.delete` `observability.operations.get` `observability.operations.list` `observability.scopes.` `observability.scopes.get` `observability.scopes.update` `observability.traceScopes.*` `observability.traceScopes.create` `observability.traceScopes.delete` `observability.traceScopes.get` `observability.traceScopes.list` `observability.traceScopes.update` `observability.views.create` `observability.views.delete` `observability.views.get` `observability.views.list` `observability.views.update`
Observability Scopes Editor ^Beta (`roles/observability.scopesEditor`) Grants permission to view and edit Observability, Logging, Trace, and Monitoring scopes	`logging.logScopes.` `logging.logScopes.create` `logging.logScopes.delete` `logging.logScopes.get` `logging.logScopes.list` `logging.logScopes.update` `monitoring.metricsScopes.link` `observability.scopes.` `observability.scopes.get` `observability.scopes.update` `observability.traceScopes.*` `observability.traceScopes.create` `observability.traceScopes.delete` `observability.traceScopes.get` `observability.traceScopes.list` `observability.traceScopes.update`
Observability Service Agent (`roles/observability.serviceAgent`) Grants Observability service account the ability to list, create and link datasets in the consumer project. Warning: Do not grant service agent roles to any principals except service agents.	`bigquery.datasets.create` `bigquery.datasets.get` `bigquery.datasets.link`
Observability View Accessor ^Beta (`roles/observability.viewAccessor`) Read only access to data defined by an Observability View.	`observability.views.access`
Observability Viewer ^Beta (`roles/observability.viewer`) Read only access to Observability resources.	`observability.analyticsViews.get` `observability.analyticsViews.list` `observability.buckets.get` `observability.buckets.list` `observability.datasets.get` `observability.datasets.list` `observability.links.get` `observability.links.list` `observability.operations.get` `observability.operations.list` `observability.scopes.get` `observability.traceScopes.get` `observability.traceScopes.list` `observability.views.get` `observability.views.list`

Observability Admin ^Beta

(roles/observability.admin)

Full access to Observability resources.

observability.*

observability.analyticsViews.create
observability.analyticsViews.delete
observability.analyticsViews.get
observability.analyticsViews.list
observability.analyticsViews.update
observability.buckets.create
observability.buckets.delete
observability.buckets.get
observability.buckets.list
observability.buckets.undelete
observability.buckets.update
observability.datasets.create
observability.datasets.delete
observability.datasets.get
observability.datasets.list
observability.datasets.undelete
observability.datasets.update
observability.links.create
observability.links.delete
observability.links.get
observability.links.list
observability.links.update
observability.operations.cancel
observability.operations.delete
observability.operations.get
observability.operations.list
observability.scopes.get
observability.scopes.update
observability.traceScopes.create
observability.traceScopes.delete
observability.traceScopes.get
observability.traceScopes.list
observability.traceScopes.update
observability.views.access
observability.views.create
observability.views.delete
observability.views.get
observability.views.list
observability.views.update

Observability Analytics User ^Beta

(roles/observability.analyticsUser)

Grants permissions to use Cloud Observability Analytics.

logging.queries.getShared

logging.queries.listShared

logging.queries.usePrivate

observability.analyticsViews.*

observability.analyticsViews.create
observability.analyticsViews.delete
observability.analyticsViews.get
observability.analyticsViews.list
observability.analyticsViews.update

observability.buckets.get

observability.buckets.list

observability.datasets.get

observability.datasets.list

observability.links.get

observability.links.list

observability.operations.get

observability.operations.list

observability.scopes.get

observability.traceScopes.get

observability.traceScopes.list

observability.views.get

observability.views.list

Observability Editor ^Beta

(roles/observability.editor)

Edit access to Observability resources.

observability.analyticsViews.*

observability.analyticsViews.create
observability.analyticsViews.delete
observability.analyticsViews.get
observability.analyticsViews.list
observability.analyticsViews.update

observability.buckets.create

observability.buckets.get

observability.buckets.list

observability.buckets.update

observability.datasets.create

observability.datasets.get

observability.datasets.list

observability.datasets.update

observability.links.*

observability.links.create
observability.links.delete
observability.links.get
observability.links.list
observability.links.update

observability.operations.*

observability.operations.cancel
observability.operations.delete
observability.operations.get
observability.operations.list

observability.scopes.*

observability.scopes.get
observability.scopes.update

observability.traceScopes.*

observability.traceScopes.create
observability.traceScopes.delete
observability.traceScopes.get
observability.traceScopes.list
observability.traceScopes.update

observability.views.create

observability.views.delete

observability.views.get

observability.views.list

observability.views.update

Observability Scopes Editor ^Beta

(roles/observability.scopesEditor)

Grants permission to view and edit Observability, Logging, Trace, and Monitoring scopes

logging.logScopes.*

logging.logScopes.create
logging.logScopes.delete
logging.logScopes.get
logging.logScopes.list
logging.logScopes.update

monitoring.metricsScopes.link

observability.scopes.*

observability.scopes.get
observability.scopes.update

observability.traceScopes.*

observability.traceScopes.create
observability.traceScopes.delete
observability.traceScopes.get
observability.traceScopes.list
observability.traceScopes.update

Observability Service Agent

(roles/observability.serviceAgent)

Grants Observability service account the ability to list, create and link datasets in the consumer project.

bigquery.datasets.create

bigquery.datasets.get

bigquery.datasets.link

Observability View Accessor ^Beta

(roles/observability.viewAccessor)

Read only access to data defined by an Observability View.

observability.views.access

Observability Viewer ^Beta

(roles/observability.viewer)

Read only access to Observability resources.

observability.analyticsViews.get

observability.analyticsViews.list

observability.buckets.get

observability.buckets.list

observability.datasets.get

observability.datasets.list

observability.links.get

observability.links.list

observability.operations.get

observability.operations.list

observability.scopes.get

observability.traceScopes.get

observability.traceScopes.list

observability.views.get

observability.views.list

Google Cloud Observability permissions

Permission	Included in roles
`observability.analyticsViews.create`	Owner (`roles/owner`) Editor (`roles/editor`) Observability Admin (`roles/observability.admin`) Observability Analytics User (`roles/observability.analyticsUser`) Observability Editor (`roles/observability.editor`)
`observability.analyticsViews.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Observability Admin (`roles/observability.admin`) Observability Analytics User (`roles/observability.analyticsUser`) Observability Editor (`roles/observability.editor`)
`observability.analyticsViews.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Support User (`roles/iam.supportUser`) Observability Admin (`roles/observability.admin`) Observability Analytics User (`roles/observability.analyticsUser`) Observability Editor (`roles/observability.editor`) Observability Viewer (`roles/observability.viewer`)
`observability.analyticsViews.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Observability Admin (`roles/observability.admin`) Observability Analytics User (`roles/observability.analyticsUser`) Observability Editor (`roles/observability.editor`) Observability Viewer (`roles/observability.viewer`)
`observability.analyticsViews.update`	Owner (`roles/owner`) Editor (`roles/editor`) Observability Admin (`roles/observability.admin`) Observability Analytics User (`roles/observability.analyticsUser`) Observability Editor (`roles/observability.editor`)
`observability.buckets.create`	Owner (`roles/owner`) Editor (`roles/editor`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`)
`observability.buckets.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Observability Admin (`roles/observability.admin`)
`observability.buckets.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Support User (`roles/iam.supportUser`) Observability Admin (`roles/observability.admin`) Observability Analytics User (`roles/observability.analyticsUser`) Observability Editor (`roles/observability.editor`) Observability Viewer (`roles/observability.viewer`)
`observability.buckets.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Observability Admin (`roles/observability.admin`) Observability Analytics User (`roles/observability.analyticsUser`) Observability Editor (`roles/observability.editor`) Observability Viewer (`roles/observability.viewer`)
`observability.buckets.undelete`	Owner (`roles/owner`) Editor (`roles/editor`) Observability Admin (`roles/observability.admin`)
`observability.buckets.update`	Owner (`roles/owner`) Editor (`roles/editor`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`)
`observability.datasets.create`	Owner (`roles/owner`) Editor (`roles/editor`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`)
`observability.datasets.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Observability Admin (`roles/observability.admin`)
`observability.datasets.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Support User (`roles/iam.supportUser`) Observability Admin (`roles/observability.admin`) Observability Analytics User (`roles/observability.analyticsUser`) Observability Editor (`roles/observability.editor`) Observability Viewer (`roles/observability.viewer`)
`observability.datasets.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Observability Admin (`roles/observability.admin`) Observability Analytics User (`roles/observability.analyticsUser`) Observability Editor (`roles/observability.editor`) Observability Viewer (`roles/observability.viewer`)
`observability.datasets.undelete`	Owner (`roles/owner`) Editor (`roles/editor`) Observability Admin (`roles/observability.admin`)
`observability.datasets.update`	Owner (`roles/owner`) Editor (`roles/editor`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`)
`observability.links.create`	Owner (`roles/owner`) Editor (`roles/editor`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`)
`observability.links.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`)
`observability.links.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Support User (`roles/iam.supportUser`) Observability Admin (`roles/observability.admin`) Observability Analytics User (`roles/observability.analyticsUser`) Observability Editor (`roles/observability.editor`) Observability Viewer (`roles/observability.viewer`)
`observability.links.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Observability Admin (`roles/observability.admin`) Observability Analytics User (`roles/observability.analyticsUser`) Observability Editor (`roles/observability.editor`) Observability Viewer (`roles/observability.viewer`)
`observability.links.update`	Owner (`roles/owner`) Editor (`roles/editor`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`)
`observability.operations.cancel`	Owner (`roles/owner`) Editor (`roles/editor`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`)
`observability.operations.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`)
`observability.operations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Support User (`roles/iam.supportUser`) Observability Admin (`roles/observability.admin`) Observability Analytics User (`roles/observability.analyticsUser`) Observability Editor (`roles/observability.editor`) Observability Viewer (`roles/observability.viewer`)
`observability.operations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Observability Admin (`roles/observability.admin`) Observability Analytics User (`roles/observability.analyticsUser`) Observability Editor (`roles/observability.editor`) Observability Viewer (`roles/observability.viewer`)
`observability.scopes.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Hub Operator (`roles/cloudhub.operator`) Cloud Trace Admin (`roles/cloudtrace.admin`) Cloud Trace User (`roles/cloudtrace.user`) Dataproc Hub Agent (`roles/dataproc.hubAgent`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Dev Ops (`roles/iam.devOps`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) ML Engineer (`roles/iam.mlEngineer`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Logging Admin (`roles/logging.admin`) Logs Configuration Writer (`roles/logging.configWriter`) Private Logs Viewer (`roles/logging.privateLogViewer`) Logs Viewer (`roles/logging.viewer`) Observability Admin (`roles/observability.admin`) Observability Analytics User (`roles/observability.analyticsUser`) Observability Editor (`roles/observability.editor`) Observability Scopes Editor (`roles/observability.scopesEditor`) Observability Viewer (`roles/observability.viewer`) Telco Automation Admin (`roles/telcoautomation.admin`) Telco Automation Tier 1 Operations Admin (`roles/telcoautomation.opsAdminTier1`) Telco Automation Tier 4 Operations Admin (`roles/telcoautomation.opsAdminTier4`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`)
`observability.scopes.update`	Owner (`roles/owner`) Editor (`roles/editor`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`) Observability Scopes Editor (`roles/observability.scopesEditor`)
`observability.traceScopes.create`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Trace Admin (`roles/cloudtrace.admin`) Cloud Trace User (`roles/cloudtrace.user`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`) Observability Scopes Editor (`roles/observability.scopesEditor`)
`observability.traceScopes.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Trace Admin (`roles/cloudtrace.admin`) Cloud Trace User (`roles/cloudtrace.user`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`) Observability Scopes Editor (`roles/observability.scopesEditor`)
`observability.traceScopes.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Trace Admin (`roles/cloudtrace.admin`) Cloud Trace User (`roles/cloudtrace.user`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Observability Admin (`roles/observability.admin`) Observability Analytics User (`roles/observability.analyticsUser`) Observability Editor (`roles/observability.editor`) Observability Scopes Editor (`roles/observability.scopesEditor`) Observability Viewer (`roles/observability.viewer`)
`observability.traceScopes.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Trace Admin (`roles/cloudtrace.admin`) Cloud Trace User (`roles/cloudtrace.user`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Observability Admin (`roles/observability.admin`) Observability Analytics User (`roles/observability.analyticsUser`) Observability Editor (`roles/observability.editor`) Observability Scopes Editor (`roles/observability.scopesEditor`) Observability Viewer (`roles/observability.viewer`)
`observability.traceScopes.update`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Trace Admin (`roles/cloudtrace.admin`) Cloud Trace User (`roles/cloudtrace.user`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`) Observability Scopes Editor (`roles/observability.scopesEditor`)
`observability.views.access`	Owner (`roles/owner`) Observability Admin (`roles/observability.admin`) Observability View Accessor (`roles/observability.viewAccessor`)
`observability.views.create`	Owner (`roles/owner`) Editor (`roles/editor`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`)
`observability.views.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`)
`observability.views.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Support User (`roles/iam.supportUser`) Observability Admin (`roles/observability.admin`) Observability Analytics User (`roles/observability.analyticsUser`) Observability Editor (`roles/observability.editor`) Observability Viewer (`roles/observability.viewer`)
`observability.views.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Observability Admin (`roles/observability.admin`) Observability Analytics User (`roles/observability.analyticsUser`) Observability Editor (`roles/observability.editor`) Observability Viewer (`roles/observability.viewer`)
`observability.views.update`	Owner (`roles/owner`) Editor (`roles/editor`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`)

Google Cloud Observability roles and permissions