Resource Manager roles and permissions

This page lists the IAM roles and permissions for Resource Manager. To search through all roles and permissions, see the role and permission index.

Resource Manager roles

Role Permissions

(roles/resourcemanager.folderAdmin)

Provides all available permissions for working with folders.

Lowest-level resources where you can grant this role:

  • Folder

essentialcontacts.*

  • essentialcontacts.contacts.create
  • essentialcontacts.contacts.delete
  • essentialcontacts.contacts.get
  • essentialcontacts.contacts.list
  • essentialcontacts.contacts.send
  • essentialcontacts.contacts.update

iam.policybindings.*

  • iam.policybindings.get
  • iam.policybindings.list

orgpolicy.constraints.list

orgpolicy.policies.list

orgpolicy.policy.get

resourcemanager.capabilities.*

  • resourcemanager.capabilities.get
  • resourcemanager.capabilities.update

resourcemanager.folders.*

  • resourcemanager.folders.create
  • resourcemanager.folders.createPolicyBinding
  • resourcemanager.folders.delete
  • resourcemanager.folders.deletePolicyBinding
  • resourcemanager.folders.get
  • resourcemanager.folders.getIamPolicy
  • resourcemanager.folders.list
  • resourcemanager.folders.move
  • resourcemanager.folders.searchPolicyBindings
  • resourcemanager.folders.setIamPolicy
  • resourcemanager.folders.undelete
  • resourcemanager.folders.update
  • resourcemanager.folders.updatePolicyBinding

resourcemanager.hierarchyNodes.*

  • resourcemanager.hierarchyNodes.createTagBinding
  • resourcemanager.hierarchyNodes.deleteTagBinding
  • resourcemanager.hierarchyNodes.listEffectiveTags
  • resourcemanager.hierarchyNodes.listTagBindings

resourcemanager.projects.createPolicyBinding

resourcemanager.projects.deletePolicyBinding

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

resourcemanager.projects.list

resourcemanager.projects.move

resourcemanager.projects.searchPolicyBindings

resourcemanager.projects.setIamPolicy

resourcemanager.projects.updatePolicyBinding

(roles/resourcemanager.folderCreator)

Provides permissions needed to browse the hierarchy and create folders.

Lowest-level resources where you can grant this role:

  • Folder

essentialcontacts.contacts.get

essentialcontacts.contacts.list

orgpolicy.constraints.list

orgpolicy.policies.list

orgpolicy.policy.get

resourcemanager.capabilities.get

resourcemanager.folders.create

resourcemanager.folders.get

resourcemanager.folders.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/resourcemanager.folderEditor)

Provides permission to modify folders as well as to view a folder's allow policy.

Lowest-level resources where you can grant this role:

  • Folder

essentialcontacts.contacts.get

essentialcontacts.contacts.list

orgpolicy.constraints.list

orgpolicy.policies.list

orgpolicy.policy.get

resourcemanager.capabilities.*

  • resourcemanager.capabilities.get
  • resourcemanager.capabilities.update

resourcemanager.folders.delete

resourcemanager.folders.get

resourcemanager.folders.getIamPolicy

resourcemanager.folders.list

resourcemanager.folders.searchPolicyBindings

resourcemanager.folders.undelete

resourcemanager.folders.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/resourcemanager.folderIamAdmin)

Provides permissions to administer allow policies on folders.

Lowest-level resources where you can grant this role:

  • Folder

iam.policybindings.*

  • iam.policybindings.get
  • iam.policybindings.list

resourcemanager.folders.createPolicyBinding

resourcemanager.folders.deletePolicyBinding

resourcemanager.folders.get

resourcemanager.folders.getIamPolicy

resourcemanager.folders.searchPolicyBindings

resourcemanager.folders.setIamPolicy

resourcemanager.folders.updatePolicyBinding

(roles/resourcemanager.folderMover)

Provides permission to move projects and folders into and out of a parent organization or folder.

Lowest-level resources where you can grant this role:

  • Folder

resourcemanager.folders.move

resourcemanager.projects.move

(roles/resourcemanager.folderViewer)

Provides permission to get a folder and list the folders and projects below a resource.

Lowest-level resources where you can grant this role:

  • Folder

essentialcontacts.contacts.get

essentialcontacts.contacts.list

orgpolicy.constraints.list

orgpolicy.policies.list

orgpolicy.policy.get

resourcemanager.capabilities.get

resourcemanager.folders.get

resourcemanager.folders.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/resourcemanager.lienModifier)

Provides access to modify Liens on projects.

Lowest-level resources where you can grant this role:

  • Project

resourcemanager.projects.updateLiens

(roles/resourcemanager.organizationAdmin)

Access to manage IAM policies and view organization policies for organizations, folders, and projects.

Lowest-level resources where you can grant this role:

  • Project

essentialcontacts.*

  • essentialcontacts.contacts.create
  • essentialcontacts.contacts.delete
  • essentialcontacts.contacts.get
  • essentialcontacts.contacts.list
  • essentialcontacts.contacts.send
  • essentialcontacts.contacts.update

iam.policybindings.*

  • iam.policybindings.get
  • iam.policybindings.list

orgpolicy.constraints.list

orgpolicy.policies.list

orgpolicy.policy.get

resourcemanager.capabilities.*

  • resourcemanager.capabilities.get
  • resourcemanager.capabilities.update

resourcemanager.folders.createPolicyBinding

resourcemanager.folders.deletePolicyBinding

resourcemanager.folders.get

resourcemanager.folders.getIamPolicy

resourcemanager.folders.list

resourcemanager.folders.searchPolicyBindings

resourcemanager.folders.setIamPolicy

resourcemanager.folders.updatePolicyBinding

resourcemanager.organizations.*

  • resourcemanager.organizations.createPolicyBinding
  • resourcemanager.organizations.deletePolicyBinding
  • resourcemanager.organizations.get
  • resourcemanager.organizations.getIamPolicy
  • resourcemanager.organizations.searchPolicyBindings
  • resourcemanager.organizations.setIamPolicy
  • resourcemanager.organizations.updatePolicyBinding

resourcemanager.projects.createPolicyBinding

resourcemanager.projects.deletePolicyBinding

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

resourcemanager.projects.list

resourcemanager.projects.searchPolicyBindings

resourcemanager.projects.setIamPolicy

resourcemanager.projects.updatePolicyBinding

(roles/resourcemanager.organizationViewer)

Provides access to view an organization.

Lowest-level resources where you can grant this role:

  • Organization

resourcemanager.organizations.get

(roles/resourcemanager.projectCreator)

Provides access to create new projects. Once a user creates a project, they're automatically granted the owner role for that project.

Lowest-level resources where you can grant this role:

  • Folder

resourcemanager.organizations.get

resourcemanager.projects.create

(roles/resourcemanager.projectDeleter)

Provides access to delete Google Cloud projects.

Lowest-level resources where you can grant this role:

  • Project

resourcemanager.projects.delete

(roles/resourcemanager.projectIamAdmin)

Provides permissions to administer allow policies on projects.

Lowest-level resources where you can grant this role:

  • Project

iam.policybindings.*

  • iam.policybindings.get
  • iam.policybindings.list

resourcemanager.projects.createPolicyBinding

resourcemanager.projects.deletePolicyBinding

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

resourcemanager.projects.searchPolicyBindings

resourcemanager.projects.setIamPolicy

resourcemanager.projects.updatePolicyBinding

(roles/resourcemanager.projectMover)

Provides access to update and move projects.

Lowest-level resources where you can grant this role:

  • Project

resourcemanager.projects.get

resourcemanager.projects.move

resourcemanager.projects.update

(roles/resourcemanager.tagAdmin)

Access to create, delete, update, and manage access to Tags

resourcemanager.tagHolds.*

  • resourcemanager.tagHolds.create
  • resourcemanager.tagHolds.delete
  • resourcemanager.tagHolds.list

resourcemanager.tagKeys.*

  • resourcemanager.tagKeys.create
  • resourcemanager.tagKeys.delete
  • resourcemanager.tagKeys.get
  • resourcemanager.tagKeys.getIamPolicy
  • resourcemanager.tagKeys.list
  • resourcemanager.tagKeys.setIamPolicy
  • resourcemanager.tagKeys.update

resourcemanager.tagValues.*

  • resourcemanager.tagValues.create
  • resourcemanager.tagValues.delete
  • resourcemanager.tagValues.get
  • resourcemanager.tagValues.getIamPolicy
  • resourcemanager.tagValues.list
  • resourcemanager.tagValues.setIamPolicy
  • resourcemanager.tagValues.update

(roles/resourcemanager.tagHoldAdmin)

Access to create, delete and list TagHolds under a TagValue

resourcemanager.tagHolds.*

  • resourcemanager.tagHolds.create
  • resourcemanager.tagHolds.delete
  • resourcemanager.tagHolds.list

(roles/resourcemanager.tagUser)

Access to list Tags and manage their associations with resources

alloydb.backups.createTagBinding

alloydb.backups.deleteTagBinding

alloydb.backups.listEffectiveTags

alloydb.backups.listTagBindings

alloydb.clusters.createTagBinding

alloydb.clusters.deleteTagBinding

alloydb.clusters.listEffectiveTags

alloydb.clusters.listTagBindings

apigateway.apis.createTagBinding

apigateway.apis.deleteTagBinding

apigateway.apis.listEffectiveTags

apigateway.apis.listTagBindings

apigateway.gateways.createTagBinding

apigateway.gateways.deleteTagBinding

apigateway.gateways.listEffectiveTags

apigateway.gateways.listTagBindings

apihub.apis.createTagBinding

apihub.apis.deleteTagBinding

apihub.apis.listEffectiveTags

apihub.apis.listTagBindings

apihub.deployments.createTagBinding

apihub.deployments.deleteTagBinding

apihub.deployments.listEffectiveTags

apihub.deployments.listTagBindings

artifactregistry.repositories.createTagBinding

artifactregistry.repositories.deleteTagBinding

artifactregistry.repositories.listEffectiveTags

artifactregistry.repositories.listTagBindings

bigquery.datasets.createTagBinding

bigquery.datasets.deleteTagBinding

bigquery.datasets.listEffectiveTags

bigquery.datasets.listTagBindings

bigquery.tables.createTagBinding

bigquery.tables.deleteTagBinding

bigquery.tables.listEffectiveTags

bigquery.tables.listTagBindings

bigtable.authorizedViews.createTagBinding

bigtable.authorizedViews.deleteTagBinding

bigtable.authorizedViews.listEffectiveTags

bigtable.authorizedViews.listTagBindings

bigtable.instances.createTagBinding

bigtable.instances.deleteTagBinding

bigtable.instances.listEffectiveTags

bigtable.instances.listTagBindings

certificatemanager.certissuanceconfigs.createTagBinding

certificatemanager.certissuanceconfigs.deleteTagBinding

certificatemanager.certissuanceconfigs.listEffectiveTags

certificatemanager.certissuanceconfigs.listTagBindings

certificatemanager.certmapentries.createTagBinding

certificatemanager.certmapentries.deleteTagBinding

certificatemanager.certmapentries.listEffectiveTags

certificatemanager.certmapentries.listTagBindings

certificatemanager.certmaps.createTagBinding

certificatemanager.certmaps.deleteTagBinding

certificatemanager.certmaps.listEffectiveTags

certificatemanager.certmaps.listTagBindings

certificatemanager.certs.createTagBinding

certificatemanager.certs.deleteTagBinding

certificatemanager.certs.listEffectiveTags

certificatemanager.certs.listTagBindings

certificatemanager.dnsauthorizations.createTagBinding

certificatemanager.dnsauthorizations.deleteTagBinding

certificatemanager.dnsauthorizations.listEffectiveTags

certificatemanager.dnsauthorizations.listTagBindings

certificatemanager.trustconfigs.createTagBinding

certificatemanager.trustconfigs.deleteTagBinding

certificatemanager.trustconfigs.listEffectiveTags

certificatemanager.trustconfigs.listTagBindings

clouddeploy.deliveryPipelines.createTagBinding

clouddeploy.deliveryPipelines.deleteTagBinding

clouddeploy.deliveryPipelines.listEffectiveTags

clouddeploy.deliveryPipelines.listTagBindings

clouddeploy.targets.createTagBinding

clouddeploy.targets.deleteTagBinding

clouddeploy.targets.listEffectiveTags

clouddeploy.targets.listTagBindings

cloudkms.keyRings.createTagBinding

cloudkms.keyRings.deleteTagBinding

cloudkms.keyRings.listEffectiveTags

cloudkms.keyRings.listTagBindings

cloudsql.instances.createTagBinding

cloudsql.instances.deleteTagBinding

cloudsql.instances.listEffectiveTags

cloudsql.instances.listTagBindings

compute.addresses.createTagBinding

compute.addresses.deleteTagBinding

compute.addresses.listEffectiveTags

compute.addresses.listTagBindings

compute.backendBuckets.createTagBinding

compute.backendBuckets.deleteTagBinding

compute.backendBuckets.listEffectiveTags

compute.backendBuckets.listTagBindings

compute.backendServices.createTagBinding

compute.backendServices.deleteTagBinding

compute.backendServices.listEffectiveTags

compute.backendServices.listTagBindings

compute.disks.createTagBinding

compute.disks.deleteTagBinding

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.externalVpnGateways.createTagBinding

compute.externalVpnGateways.deleteTagBinding

compute.externalVpnGateways.listEffectiveTags

compute.externalVpnGateways.listTagBindings

compute.firewallPolicies.createTagBinding

compute.firewallPolicies.deleteTagBinding

compute.firewallPolicies.listEffectiveTags

compute.firewallPolicies.listTagBindings

compute.firewalls.createTagBinding

compute.firewalls.deleteTagBinding

compute.firewalls.listEffectiveTags

compute.firewalls.listTagBindings

compute.forwardingRules.createTagBinding

compute.forwardingRules.deleteTagBinding

compute.forwardingRules.listEffectiveTags

compute.forwardingRules.listTagBindings

compute.globalAddresses.createTagBinding

compute.globalAddresses.deleteTagBinding

compute.globalAddresses.listEffectiveTags

compute.globalAddresses.listTagBindings

compute.globalForwardingRules.createTagBinding

compute.globalForwardingRules.deleteTagBinding

compute.globalForwardingRules.listEffectiveTags

compute.globalForwardingRules.listTagBindings

compute.globalNetworkEndpointGroups.createTagBinding

compute.globalNetworkEndpointGroups.deleteTagBinding

compute.globalNetworkEndpointGroups.listEffectiveTags

compute.globalNetworkEndpointGroups.listTagBindings

compute.healthChecks.createTagBinding

compute.healthChecks.deleteTagBinding

compute.healthChecks.listEffectiveTags

compute.healthChecks.listTagBindings

compute.httpHealthChecks.createTagBinding

compute.httpHealthChecks.deleteTagBinding

compute.httpHealthChecks.listEffectiveTags

compute.httpHealthChecks.listTagBindings

compute.httpsHealthChecks.createTagBinding

compute.httpsHealthChecks.deleteTagBinding

compute.httpsHealthChecks.listEffectiveTags

compute.httpsHealthChecks.listTagBindings

compute.images.createTagBinding

compute.images.deleteTagBinding

compute.images.listEffectiveTags

compute.images.listTagBindings

compute.instanceGroupManagers.createTagBinding

compute.instanceGroupManagers.deleteTagBinding

compute.instanceGroupManagers.listEffectiveTags

compute.instanceGroupManagers.listTagBindings

compute.instanceGroups.createTagBinding

compute.instanceGroups.deleteTagBinding

compute.instanceGroups.listEffectiveTags

compute.instanceGroups.listTagBindings

compute.instances.createTagBinding

compute.instances.deleteTagBinding

compute.instances.listEffectiveTags

compute.instances.listTagBindings

compute.interconnectAttachments.createTagBinding

compute.interconnectAttachments.deleteTagBinding

compute.interconnectAttachments.listEffectiveTags

compute.interconnectAttachments.listTagBindings

compute.interconnects.createTagBinding

compute.interconnects.deleteTagBinding

compute.interconnects.listEffectiveTags

compute.interconnects.listTagBindings

compute.networkAttachments.createTagBinding

compute.networkAttachments.deleteTagBinding

compute.networkAttachments.listEffectiveTags

compute.networkAttachments.listTagBindings

compute.networkEdgeSecurityServices.createTagBinding

compute.networkEdgeSecurityServices.deleteTagBinding

compute.networkEdgeSecurityServices.listEffectiveTags

compute.networkEdgeSecurityServices.listTagBindings

compute.networkEndpointGroups.createTagBinding

compute.networkEndpointGroups.deleteTagBinding

compute.networkEndpointGroups.listEffectiveTags

compute.networkEndpointGroups.listTagBindings

compute.networks.createTagBinding

compute.networks.deleteTagBinding

compute.networks.listEffectiveTags

compute.networks.listTagBindings

compute.packetMirrorings.createTagBinding

compute.packetMirrorings.deleteTagBinding

compute.packetMirrorings.listEffectiveTags

compute.packetMirrorings.listTagBindings

compute.publicDelegatedPrefixes.createTagBinding

compute.publicDelegatedPrefixes.deleteTagBinding

compute.publicDelegatedPrefixes.listEffectiveTags

compute.publicDelegatedPrefixes.listTagBindings

compute.regionBackendServices.createTagBinding

compute.regionBackendServices.deleteTagBinding

compute.regionBackendServices.listEffectiveTags

compute.regionBackendServices.listTagBindings

compute.regionFirewallPolicies.createTagBinding

compute.regionFirewallPolicies.deleteTagBinding

compute.regionFirewallPolicies.listEffectiveTags

compute.regionFirewallPolicies.listTagBindings

compute.regionHealthChecks.createTagBinding

compute.regionHealthChecks.deleteTagBinding

compute.regionHealthChecks.listEffectiveTags

compute.regionHealthChecks.listTagBindings

compute.regionNetworkEndpointGroups.createTagBinding

compute.regionNetworkEndpointGroups.deleteTagBinding

compute.regionNetworkEndpointGroups.listEffectiveTags

compute.regionNetworkEndpointGroups.listTagBindings

compute.regionSecurityPolicies.createTagBinding

compute.regionSecurityPolicies.deleteTagBinding

compute.regionSecurityPolicies.listEffectiveTags

compute.regionSecurityPolicies.listTagBindings

compute.regionSslCertificates.createTagBinding

compute.regionSslCertificates.deleteTagBinding

compute.regionSslCertificates.listEffectiveTags

compute.regionSslCertificates.listTagBindings

compute.regionSslPolicies.createTagBinding

compute.regionSslPolicies.deleteTagBinding

compute.regionSslPolicies.listEffectiveTags

compute.regionSslPolicies.listTagBindings

compute.regionTargetHttpProxies.createTagBinding

compute.regionTargetHttpProxies.deleteTagBinding

compute.regionTargetHttpProxies.listEffectiveTags

compute.regionTargetHttpProxies.listTagBindings

compute.regionTargetHttpsProxies.createTagBinding

compute.regionTargetHttpsProxies.deleteTagBinding

compute.regionTargetHttpsProxies.listEffectiveTags

compute.regionTargetHttpsProxies.listTagBindings

compute.regionTargetTcpProxies.createTagBinding

compute.regionTargetTcpProxies.deleteTagBinding

compute.regionTargetTcpProxies.listEffectiveTags

compute.regionTargetTcpProxies.listTagBindings

compute.regionUrlMaps.createTagBinding

compute.regionUrlMaps.deleteTagBinding

compute.regionUrlMaps.listEffectiveTags

compute.regionUrlMaps.listTagBindings

compute.routers.createTagBinding

compute.routers.deleteTagBinding

compute.routers.listEffectiveTags

compute.routers.listTagBindings

compute.routes.createTagBinding

compute.routes.deleteTagBinding

compute.routes.listEffectiveTags

compute.routes.listTagBindings

compute.securityPolicies.createTagBinding

compute.securityPolicies.deleteTagBinding

compute.securityPolicies.listEffectiveTags

compute.securityPolicies.listTagBindings

compute.serviceAttachments.createTagBinding

compute.serviceAttachments.deleteTagBinding

compute.serviceAttachments.listEffectiveTags

compute.serviceAttachments.listTagBindings

compute.snapshots.createTagBinding

compute.snapshots.deleteTagBinding

compute.snapshots.listEffectiveTags

compute.snapshots.listTagBindings

compute.sslCertificates.createTagBinding

compute.sslCertificates.deleteTagBinding

compute.sslCertificates.listEffectiveTags

compute.sslCertificates.listTagBindings

compute.sslPolicies.createTagBinding

compute.sslPolicies.deleteTagBinding

compute.sslPolicies.listEffectiveTags

compute.sslPolicies.listTagBindings

compute.subnetworks.createTagBinding

compute.subnetworks.deleteTagBinding

compute.subnetworks.listEffectiveTags

compute.subnetworks.listTagBindings

compute.targetGrpcProxies.createTagBinding

compute.targetGrpcProxies.deleteTagBinding

compute.targetGrpcProxies.listEffectiveTags

compute.targetGrpcProxies.listTagBindings

compute.targetHttpProxies.createTagBinding

compute.targetHttpProxies.deleteTagBinding

compute.targetHttpProxies.listEffectiveTags

compute.targetHttpProxies.listTagBindings

compute.targetHttpsProxies.createTagBinding

compute.targetHttpsProxies.deleteTagBinding

compute.targetHttpsProxies.listEffectiveTags

compute.targetHttpsProxies.listTagBindings

compute.targetInstances.createTagBinding

compute.targetInstances.deleteTagBinding

compute.targetInstances.listEffectiveTags

compute.targetInstances.listTagBindings

compute.targetPools.createTagBinding

compute.targetPools.deleteTagBinding

compute.targetPools.listEffectiveTags

compute.targetPools.listTagBindings

compute.targetSslProxies.createTagBinding

compute.targetSslProxies.deleteTagBinding

compute.targetSslProxies.listEffectiveTags

compute.targetSslProxies.listTagBindings

compute.targetTcpProxies.createTagBinding

compute.targetTcpProxies.deleteTagBinding

compute.targetTcpProxies.listEffectiveTags

compute.targetTcpProxies.listTagBindings

compute.targetVpnGateways.createTagBinding

compute.targetVpnGateways.deleteTagBinding

compute.targetVpnGateways.listEffectiveTags

compute.targetVpnGateways.listTagBindings

compute.urlMaps.createTagBinding

compute.urlMaps.deleteTagBinding

compute.urlMaps.listEffectiveTags

compute.urlMaps.listTagBindings

compute.vpnGateways.createTagBinding

compute.vpnGateways.deleteTagBinding

compute.vpnGateways.listEffectiveTags

compute.vpnGateways.listTagBindings

compute.vpnTunnels.createTagBinding

compute.vpnTunnels.deleteTagBinding

compute.vpnTunnels.listEffectiveTags

compute.vpnTunnels.listTagBindings

container.clusters.createTagBinding

container.clusters.deleteTagBinding

container.clusters.listEffectiveTags

container.clusters.listTagBindings

datafusion.instances.createTagBinding

datafusion.instances.deleteTagBinding

datafusion.instances.listEffectiveTags

datafusion.instances.listTagBindings

datastore.databases.createTagBinding

datastore.databases.deleteTagBinding

datastore.databases.listEffectiveTags

datastore.databases.listTagBindings

datastream.connectionProfiles.createTagBinding

datastream.connectionProfiles.deleteTagBinding

datastream.connectionProfiles.listEffectiveTags

datastream.connectionProfiles.listTagBindings

datastream.privateConnections.createTagBinding

datastream.privateConnections.deleteTagBinding

datastream.privateConnections.listEffectiveTags

datastream.privateConnections.listTagBindings

datastream.streams.createTagBinding

datastream.streams.deleteTagBinding

datastream.streams.listEffectiveTags

datastream.streams.listTagBindings

domains.registrations.createTagBinding

domains.registrations.deleteTagBinding

domains.registrations.listEffectiveTags

domains.registrations.listTagBindings

file.backups.createTagBinding

file.backups.deleteTagBinding

file.backups.listEffectiveTags

file.backups.listTagBindings

file.instances.createTagBinding

file.instances.deleteTagBinding

file.instances.listEffectiveTags

file.instances.listTagBindings

file.snapshots.*

  • file.snapshots.createTagBinding
  • file.snapshots.deleteTagBinding
  • file.snapshots.listEffectiveTags
  • file.snapshots.listTagBindings

iam.serviceAccounts.createTagBinding

iam.serviceAccounts.deleteTagBinding

iam.serviceAccounts.listEffectiveTags

iam.serviceAccounts.listTagBindings

logging.buckets.createTagBinding

logging.buckets.deleteTagBinding

logging.buckets.listEffectiveTags

logging.buckets.listTagBindings

managedidentities.domains.createTagBinding

managedidentities.domains.deleteTagBinding

managedidentities.domains.listEffectiveTags

managedidentities.domains.listTagBindings

monitoring.alertPolicies.createTagBinding

monitoring.alertPolicies.deleteTagBinding

monitoring.alertPolicies.listEffectiveTags

monitoring.alertPolicies.listTagBindings

privateca.caPools.createTagBinding

privateca.caPools.deleteTagBinding

privateca.caPools.listEffectiveTags

privateca.caPools.listTagBindings

privateca.certificateTemplates.createTagBinding

privateca.certificateTemplates.deleteTagBinding

privateca.certificateTemplates.listEffectiveTags

privateca.certificateTemplates.listTagBindings

redis.instances.createTagBinding

redis.instances.deleteTagBinding

redis.instances.listEffectiveTags

redis.instances.listTagBindings

resourcemanager.hierarchyNodes.*

  • resourcemanager.hierarchyNodes.createTagBinding
  • resourcemanager.hierarchyNodes.deleteTagBinding
  • resourcemanager.hierarchyNodes.listEffectiveTags
  • resourcemanager.hierarchyNodes.listTagBindings

resourcemanager.projects.get

resourcemanager.tagKeys.get

resourcemanager.tagKeys.list

resourcemanager.tagValueBindings.*

  • resourcemanager.tagValueBindings.create
  • resourcemanager.tagValueBindings.delete

resourcemanager.tagValues.get

resourcemanager.tagValues.list

run.jobs.createTagBinding

run.jobs.deleteTagBinding

run.jobs.listEffectiveTags

run.jobs.listTagBindings

run.services.createTagBinding

run.services.deleteTagBinding

run.services.listEffectiveTags

run.services.listTagBindings

secretmanager.secrets.createTagBinding

secretmanager.secrets.deleteTagBinding

secretmanager.secrets.listEffectiveTags

secretmanager.secrets.listTagBindings

spanner.instances.createTagBinding

spanner.instances.deleteTagBinding

spanner.instances.listEffectiveTags

spanner.instances.listTagBindings

storage.buckets.createTagBinding

storage.buckets.deleteTagBinding

storage.buckets.listEffectiveTags

storage.buckets.listTagBindings

transcoder.jobTemplates.createTagBinding

transcoder.jobTemplates.deleteTagBinding

transcoder.jobTemplates.listEffectiveTags

transcoder.jobTemplates.listTagBindings

transcoder.jobs.createTagBinding

transcoder.jobs.deleteTagBinding

transcoder.jobs.listEffectiveTags

transcoder.jobs.listTagBindings

vmwareengine.networkPeerings.createTagBinding

vmwareengine.networkPeerings.deleteTagBinding

vmwareengine.networkPeerings.listEffectiveTags

vmwareengine.networkPeerings.listTagBindings

vmwareengine.networkPolicies.createTagBinding

vmwareengine.networkPolicies.deleteTagBinding

vmwareengine.networkPolicies.listEffectiveTags

vmwareengine.networkPolicies.listTagBindings

vmwareengine.privateClouds.createTagBinding

vmwareengine.privateClouds.deleteTagBinding

vmwareengine.privateClouds.listEffectiveTags

vmwareengine.privateClouds.listTagBindings

vmwareengine.privateConnections.createTagBinding

vmwareengine.privateConnections.deleteTagBinding

vmwareengine.privateConnections.listEffectiveTags

vmwareengine.privateConnections.listTagBindings

vmwareengine.vmwareEngineNetworks.createTagBinding

vmwareengine.vmwareEngineNetworks.deleteTagBinding

vmwareengine.vmwareEngineNetworks.listEffectiveTags

vmwareengine.vmwareEngineNetworks.listTagBindings

workflows.workflows.createTagBinding

workflows.workflows.deleteTagBinding

workflows.workflows.listEffectiveTags

workflows.workflows.listTagBindings

workstations.workstationClusters.createTagBinding

workstations.workstationClusters.deleteTagBinding

workstations.workstationClusters.listEffectiveTags

workstations.workstationClusters.listTagBindings

(roles/resourcemanager.tagViewer)

Access to list Tags and their associations with resources

alloydb.backups.listEffectiveTags

alloydb.backups.listTagBindings

alloydb.clusters.listEffectiveTags

alloydb.clusters.listTagBindings

apigateway.apis.listEffectiveTags

apigateway.apis.listTagBindings

apigateway.gateways.listEffectiveTags

apigateway.gateways.listTagBindings

apihub.apis.listEffectiveTags

apihub.apis.listTagBindings

apihub.deployments.listEffectiveTags

apihub.deployments.listTagBindings

artifactregistry.repositories.listEffectiveTags

artifactregistry.repositories.listTagBindings

bigquery.datasets.listEffectiveTags

bigquery.datasets.listTagBindings

bigquery.tables.listEffectiveTags

bigquery.tables.listTagBindings

bigtable.authorizedViews.listEffectiveTags

bigtable.authorizedViews.listTagBindings

bigtable.instances.listEffectiveTags

bigtable.instances.listTagBindings

certificatemanager.certissuanceconfigs.listEffectiveTags

certificatemanager.certissuanceconfigs.listTagBindings

certificatemanager.certmapentries.listEffectiveTags

certificatemanager.certmapentries.listTagBindings

certificatemanager.certmaps.listEffectiveTags

certificatemanager.certmaps.listTagBindings

certificatemanager.certs.listEffectiveTags

certificatemanager.certs.listTagBindings

certificatemanager.dnsauthorizations.listEffectiveTags

certificatemanager.dnsauthorizations.listTagBindings

certificatemanager.trustconfigs.listEffectiveTags

certificatemanager.trustconfigs.listTagBindings

clouddeploy.deliveryPipelines.listEffectiveTags

clouddeploy.deliveryPipelines.listTagBindings

clouddeploy.targets.listEffectiveTags

clouddeploy.targets.listTagBindings

cloudkms.keyRings.listEffectiveTags

cloudkms.keyRings.listTagBindings

cloudsql.instances.listEffectiveTags

cloudsql.instances.listTagBindings

compute.addresses.listEffectiveTags

compute.addresses.listTagBindings

compute.backendBuckets.listEffectiveTags

compute.backendBuckets.listTagBindings

compute.backendServices.listEffectiveTags

compute.backendServices.listTagBindings

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.externalVpnGateways.listEffectiveTags

compute.externalVpnGateways.listTagBindings

compute.firewallPolicies.listEffectiveTags

compute.firewallPolicies.listTagBindings

compute.firewalls.listEffectiveTags

compute.firewalls.listTagBindings

compute.forwardingRules.listEffectiveTags

compute.forwardingRules.listTagBindings

compute.globalAddresses.listEffectiveTags

compute.globalAddresses.listTagBindings

compute.globalForwardingRules.listEffectiveTags

compute.globalForwardingRules.listTagBindings

compute.globalNetworkEndpointGroups.listEffectiveTags

compute.globalNetworkEndpointGroups.listTagBindings

compute.healthChecks.listEffectiveTags

compute.healthChecks.listTagBindings

compute.httpHealthChecks.listEffectiveTags

compute.httpHealthChecks.listTagBindings

compute.httpsHealthChecks.listEffectiveTags

compute.httpsHealthChecks.listTagBindings

compute.images.listEffectiveTags

compute.images.listTagBindings

compute.instanceGroupManagers.listEffectiveTags

compute.instanceGroupManagers.listTagBindings

compute.instanceGroups.listEffectiveTags

compute.instanceGroups.listTagBindings

compute.instances.listEffectiveTags

compute.instances.listTagBindings

compute.interconnectAttachments.listEffectiveTags

compute.interconnectAttachments.listTagBindings

compute.interconnects.listEffectiveTags

compute.interconnects.listTagBindings

compute.networkAttachments.listEffectiveTags

compute.networkAttachments.listTagBindings

compute.networkEdgeSecurityServices.listEffectiveTags

compute.networkEdgeSecurityServices.listTagBindings

compute.networkEndpointGroups.listEffectiveTags

compute.networkEndpointGroups.listTagBindings

compute.networks.listEffectiveTags

compute.networks.listTagBindings

compute.packetMirrorings.listEffectiveTags

compute.packetMirrorings.listTagBindings

compute.publicDelegatedPrefixes.listEffectiveTags

compute.publicDelegatedPrefixes.listTagBindings

compute.regionBackendServices.listEffectiveTags

compute.regionBackendServices.listTagBindings

compute.regionFirewallPolicies.listEffectiveTags

compute.regionFirewallPolicies.listTagBindings

compute.regionHealthChecks.listEffectiveTags

compute.regionHealthChecks.listTagBindings

compute.regionNetworkEndpointGroups.listEffectiveTags

compute.regionNetworkEndpointGroups.listTagBindings

compute.regionSecurityPolicies.listEffectiveTags

compute.regionSecurityPolicies.listTagBindings

compute.regionSslCertificates.listEffectiveTags

compute.regionSslCertificates.listTagBindings

compute.regionSslPolicies.listEffectiveTags

compute.regionSslPolicies.listTagBindings

compute.regionTargetHttpProxies.listEffectiveTags

compute.regionTargetHttpProxies.listTagBindings

compute.regionTargetHttpsProxies.listEffectiveTags

compute.regionTargetHttpsProxies.listTagBindings

compute.regionTargetTcpProxies.listEffectiveTags

compute.regionTargetTcpProxies.listTagBindings

compute.regionUrlMaps.listEffectiveTags

compute.regionUrlMaps.listTagBindings

compute.routers.listEffectiveTags

compute.routers.listTagBindings

compute.routes.listEffectiveTags

compute.routes.listTagBindings

compute.securityPolicies.listEffectiveTags

compute.securityPolicies.listTagBindings

compute.serviceAttachments.listEffectiveTags

compute.serviceAttachments.listTagBindings

compute.snapshots.listEffectiveTags

compute.snapshots.listTagBindings

compute.sslCertificates.listEffectiveTags

compute.sslCertificates.listTagBindings

compute.sslPolicies.listEffectiveTags

compute.sslPolicies.listTagBindings

compute.subnetworks.listEffectiveTags

compute.subnetworks.listTagBindings

compute.targetGrpcProxies.listEffectiveTags

compute.targetGrpcProxies.listTagBindings

compute.targetHttpProxies.listEffectiveTags

compute.targetHttpProxies.listTagBindings

compute.targetHttpsProxies.listEffectiveTags

compute.targetHttpsProxies.listTagBindings

compute.targetInstances.listEffectiveTags

compute.targetInstances.listTagBindings

compute.targetPools.listEffectiveTags

compute.targetPools.listTagBindings

compute.targetSslProxies.listEffectiveTags

compute.targetSslProxies.listTagBindings

compute.targetTcpProxies.listEffectiveTags

compute.targetTcpProxies.listTagBindings

compute.targetVpnGateways.listEffectiveTags

compute.targetVpnGateways.listTagBindings

compute.urlMaps.listEffectiveTags

compute.urlMaps.listTagBindings

compute.vpnGateways.listEffectiveTags

compute.vpnGateways.listTagBindings

compute.vpnTunnels.listEffectiveTags

compute.vpnTunnels.listTagBindings

container.clusters.listEffectiveTags

container.clusters.listTagBindings

datafusion.instances.listEffectiveTags

datafusion.instances.listTagBindings

datastore.databases.listEffectiveTags

datastore.databases.listTagBindings

datastream.connectionProfiles.listEffectiveTags

datastream.connectionProfiles.listTagBindings

datastream.privateConnections.listEffectiveTags

datastream.privateConnections.listTagBindings

datastream.streams.listEffectiveTags

datastream.streams.listTagBindings

domains.registrations.listEffectiveTags

domains.registrations.listTagBindings

file.backups.listEffectiveTags

file.backups.listTagBindings

file.instances.listEffectiveTags

file.instances.listTagBindings

file.snapshots.listEffectiveTags

file.snapshots.listTagBindings

iam.serviceAccounts.listEffectiveTags

iam.serviceAccounts.listTagBindings

logging.buckets.listEffectiveTags

logging.buckets.listTagBindings

managedidentities.domains.listEffectiveTags

managedidentities.domains.listTagBindings

monitoring.alertPolicies.listEffectiveTags

monitoring.alertPolicies.listTagBindings

privateca.caPools.listEffectiveTags

privateca.caPools.listTagBindings

privateca.certificateTemplates.listEffectiveTags

privateca.certificateTemplates.listTagBindings

redis.instances.listEffectiveTags

redis.instances.listTagBindings

resourcemanager.hierarchyNodes.listEffectiveTags

resourcemanager.hierarchyNodes.listTagBindings

resourcemanager.tagHolds.list

resourcemanager.tagKeys.get

resourcemanager.tagKeys.list

resourcemanager.tagValues.get

resourcemanager.tagValues.list

run.jobs.listEffectiveTags

run.jobs.listTagBindings

run.services.listEffectiveTags

run.services.listTagBindings

secretmanager.secrets.listEffectiveTags

secretmanager.secrets.listTagBindings

spanner.instances.listEffectiveTags

spanner.instances.listTagBindings

storage.buckets.listEffectiveTags

storage.buckets.listTagBindings

transcoder.jobTemplates.listEffectiveTags

transcoder.jobTemplates.listTagBindings

transcoder.jobs.listEffectiveTags

transcoder.jobs.listTagBindings

vmwareengine.networkPeerings.listEffectiveTags

vmwareengine.networkPeerings.listTagBindings

vmwareengine.networkPolicies.listEffectiveTags

vmwareengine.networkPolicies.listTagBindings

vmwareengine.privateClouds.listEffectiveTags

vmwareengine.privateClouds.listTagBindings

vmwareengine.privateConnections.listEffectiveTags

vmwareengine.privateConnections.listTagBindings

vmwareengine.vmwareEngineNetworks.listEffectiveTags

vmwareengine.vmwareEngineNetworks.listTagBindings

workflows.workflows.listEffectiveTags

workflows.workflows.listTagBindings

workstations.workstationClusters.listEffectiveTags

workstations.workstationClusters.listTagBindings

Resource Manager permissions

Permission Included in roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Folder Admin (roles/resourcemanager.folderAdmin)

Folder Creator (roles/resourcemanager.folderCreator)

Folder Editor (roles/resourcemanager.folderEditor)

Folder Viewer (roles/resourcemanager.folderViewer)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Owner (roles/owner)

Editor (roles/editor)

Folder Admin (roles/resourcemanager.folderAdmin)

Folder Editor (roles/resourcemanager.folderEditor)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Assured Workloads Administrator (roles/assuredworkloads.admin)

Assured Workloads Editor (roles/assuredworkloads.editor)

Folder Admin (roles/resourcemanager.folderAdmin)

Folder Creator (roles/resourcemanager.folderCreator)

Service agent roles

Owner (roles/owner)

Folder Admin (roles/resourcemanager.folderAdmin)

Folder IAM Admin (roles/resourcemanager.folderIamAdmin)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Folder Admin (roles/resourcemanager.folderAdmin)

Folder Editor (roles/resourcemanager.folderEditor)

Service agent roles

Owner (roles/owner)

Folder Admin (roles/resourcemanager.folderAdmin)

Folder IAM Admin (roles/resourcemanager.folderIamAdmin)

Organization Administrator (roles/resourcemanager.organizationAdmin)

App Management Viewer (roles/apphub.appManagementViewer)

Assured Workloads Administrator (roles/assuredworkloads.admin)

Assured Workloads Editor (roles/assuredworkloads.editor)

Assured Workloads Reader (roles/assuredworkloads.reader)

Audit Manager Admin (roles/auditmanager.admin)

Audit Manager Auditor (roles/auditmanager.auditor)

Browser (roles/browser)

Capacity Planner Usage Viewer (roles/capacityplanner.viewer)

Cloud Hub Operator (roles/cloudhub.operator)

Catalog Admin (roles/cloudprivatecatalogproducer.admin)

Catalog Manager (roles/cloudprivatecatalogproducer.manager)

Catalog Org Admin (roles/cloudprivatecatalogproducer.orgAdmin)

Model Armor Floor Setting Admin (roles/modelarmor.floorSettingsAdmin)

Model Armor Floor Setting Viewer (roles/modelarmor.floorSettingsViewer)

Folder Admin (roles/resourcemanager.folderAdmin)

Folder Creator (roles/resourcemanager.folderCreator)

Folder Editor (roles/resourcemanager.folderEditor)

Folder IAM Admin (roles/resourcemanager.folderIamAdmin)

Folder Viewer (roles/resourcemanager.folderViewer)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Security Center Assets Viewer (roles/securitycenter.assetsViewer)

Security Center BigQuery Exports Editor (roles/securitycenter.bigQueryExportsEditor)

Security Center BigQuery Exports Viewer (roles/securitycenter.bigQueryExportsViewer)

Security Center Findings Editor (roles/securitycenter.findingsEditor)

Security Center Findings Viewer (roles/securitycenter.findingsViewer)

Security Center Settings Admin (roles/securitycenter.settingsAdmin)

Security Center Settings Editor (roles/securitycenter.settingsEditor)

Security Center Settings Viewer (roles/securitycenter.settingsViewer)

Service Management Administrator (roles/servicemanagement.admin)

Service agent roles

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Folder Admin (roles/resourcemanager.folderAdmin)

Folder Editor (roles/resourcemanager.folderEditor)

Folder IAM Admin (roles/resourcemanager.folderIamAdmin)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Service agent roles

App Management Viewer (roles/apphub.appManagementViewer)

Assured Workloads Administrator (roles/assuredworkloads.admin)

Assured Workloads Editor (roles/assuredworkloads.editor)

Assured Workloads Reader (roles/assuredworkloads.reader)

Audit Manager Admin (roles/auditmanager.admin)

Audit Manager Auditor (roles/auditmanager.auditor)

Browser (roles/browser)

Catalog Admin (roles/cloudprivatecatalogproducer.admin)

Catalog Manager (roles/cloudprivatecatalogproducer.manager)

Catalog Org Admin (roles/cloudprivatecatalogproducer.orgAdmin)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Model Armor Floor Setting Admin (roles/modelarmor.floorSettingsAdmin)

Model Armor Floor Setting Viewer (roles/modelarmor.floorSettingsViewer)

Folder Admin (roles/resourcemanager.folderAdmin)

Folder Creator (roles/resourcemanager.folderCreator)

Folder Editor (roles/resourcemanager.folderEditor)

Folder Viewer (roles/resourcemanager.folderViewer)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Security Center BigQuery Exports Editor (roles/securitycenter.bigQueryExportsEditor)

Security Center BigQuery Exports Viewer (roles/securitycenter.bigQueryExportsViewer)

Security Center Settings Admin (roles/securitycenter.settingsAdmin)

Security Center Settings Editor (roles/securitycenter.settingsEditor)

Security Center Settings Viewer (roles/securitycenter.settingsViewer)

Service Management Administrator (roles/servicemanagement.admin)

Service agent roles

Folder Admin (roles/resourcemanager.folderAdmin)

Folder Mover (roles/resourcemanager.folderMover)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Folder Admin (roles/resourcemanager.folderAdmin)

Folder Editor (roles/resourcemanager.folderEditor)

Folder IAM Admin (roles/resourcemanager.folderIamAdmin)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Security Admin (roles/iam.securityAdmin)

Folder Admin (roles/resourcemanager.folderAdmin)

Folder IAM Admin (roles/resourcemanager.folderIamAdmin)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Service agent roles

Folder Admin (roles/resourcemanager.folderAdmin)

Folder Editor (roles/resourcemanager.folderEditor)

Folder Admin (roles/resourcemanager.folderAdmin)

Folder Editor (roles/resourcemanager.folderEditor)

Service agent roles

Owner (roles/owner)

Folder Admin (roles/resourcemanager.folderAdmin)

Folder IAM Admin (roles/resourcemanager.folderIamAdmin)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Owner (roles/owner)

Editor (roles/editor)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Folder Admin (roles/resourcemanager.folderAdmin)

Tag User (roles/resourcemanager.tagUser)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Folder Admin (roles/resourcemanager.folderAdmin)

Tag User (roles/resourcemanager.tagUser)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Firebase Admin (roles/firebase.admin)

Firebase Develop Admin (roles/firebase.developAdmin)

Folder Admin (roles/resourcemanager.folderAdmin)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

Storage Admin (roles/storage.admin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Folder Admin (roles/resourcemanager.folderAdmin)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

Service agent roles

Owner (roles/owner)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Owner (roles/owner)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Access Context Manager Admin (roles/accesscontextmanager.policyAdmin)

Access Context Manager Editor (roles/accesscontextmanager.policyEditor)

Access Context Manager Reader (roles/accesscontextmanager.policyReader)

VPC Service Controls Troubleshooter Viewer (roles/accesscontextmanager.vpcScTroubleshooterViewer)

Advisory Notifications Admin (roles/advisorynotifications.admin)

Advisory Notifications Viewer (roles/advisorynotifications.viewer)

Assured OSS Admin (roles/assuredoss.admin)

Assured OSS Project Admin (roles/assuredoss.projectAdmin)

Assured OSS Reader (roles/assuredoss.reader)

Assured OSS User (roles/assuredoss.user)

Assured Workloads Administrator (roles/assuredworkloads.admin)

Assured Workloads Editor (roles/assuredworkloads.editor)

Assured Workloads Reader (roles/assuredworkloads.reader)

Audit Manager Admin (roles/auditmanager.admin)

Audit Manager Auditor (roles/auditmanager.auditor)

Custom Compliance Framework Admin (roles/auditmanager.ccfAdmin)

Custom Compliance Framework Viewer (roles/auditmanager.ccfViewer)

Access Transparency Admin (roles/axt.admin)

Cloud BeyondCorp Partner Service Delegate Admin (roles/beyondcorp.partnerServiceDelegateAdmin)

Cloud BeyondCorp Partner Service Delegate Viewer (roles/beyondcorp.partnerServiceDelegateViewer)

Cloud BeyondCorp Subscription Admin (roles/beyondcorp.subscriptionAdmin)

Cloud BeyondCorp Subscription Viewer (roles/beyondcorp.subscriptionViewer)

Cloud BeyondCorp Viewer (roles/beyondcorp.viewer)

Billing Account Creator (roles/billing.creator)

Browser (roles/browser)

Capacity Planner Usage Viewer (roles/capacityplanner.viewer)

Chronicle SOAR Admin (roles/chronicle.soarAdmin)

Chronicle SOAR Threat Manager (roles/chronicle.soarThreatManager)

Chronicle SOAR Vulnerability Manager (roles/chronicle.soarVulnerabilityManager)

Cloud Hub Operator (roles/cloudhub.operator)

Catalog Admin (roles/cloudprivatecatalogproducer.admin)

Catalog Manager (roles/cloudprivatecatalogproducer.manager)

Catalog Org Admin (roles/cloudprivatecatalogproducer.orgAdmin)

Support Account Administrator (roles/cloudsupport.admin)

Commerce Business Enablement Configuration Admin (roles/commercebusinessenablement.admin)

Commerce Business Enablement Reseller Discount Admin (roles/commercebusinessenablement.resellerDiscountAdmin)

Commerce Business Enablement Reseller Discount Viewer (roles/commercebusinessenablement.resellerDiscountViewer)

Commerce Business Enablement Configuration Viewer (roles/commercebusinessenablement.viewer)

Compute Shared VPC Admin (roles/compute.xpnAdmin)

DataCatalog Migration Config Admin (roles/datacatalog.migrationConfigAdmin)

DataCatalog Search Admin (roles/datacatalog.searchAdmin)

Organization Role Administrator (roles/iam.organizationRoleAdmin)

Organization Role Viewer (roles/iam.organizationRoleViewer)

Model Armor Floor Setting Admin (roles/modelarmor.floorSettingsAdmin)

Model Armor Floor Setting Viewer (roles/modelarmor.floorSettingsViewer)

Network Management Admin (roles/networkmanagement.admin)

Network Management Viewer (roles/networkmanagement.viewer)

OrgPolicy Simulator Admin (roles/policysimulator.orgPolicyAdmin)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Organization Viewer (roles/resourcemanager.organizationViewer)

Project Creator (roles/resourcemanager.projectCreator)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Security Center Assets Viewer (roles/securitycenter.assetsViewer)

Security Center BigQuery Exports Editor (roles/securitycenter.bigQueryExportsEditor)

Security Center BigQuery Exports Viewer (roles/securitycenter.bigQueryExportsViewer)

Security Center Findings Editor (roles/securitycenter.findingsEditor)

Security Center Findings Viewer (roles/securitycenter.findingsViewer)

Security Center Settings Admin (roles/securitycenter.settingsAdmin)

Security Center Settings Editor (roles/securitycenter.settingsEditor)

Security Center Settings Viewer (roles/securitycenter.settingsViewer)

Security Center Sources Admin (roles/securitycenter.sourcesAdmin)

Security Center Sources Editor (roles/securitycenter.sourcesEditor)

Security Center Sources Viewer (roles/securitycenter.sourcesViewer)

Security Center Management Admin (roles/securitycentermanagement.admin)

Security Center Management Custom Modules Editor (roles/securitycentermanagement.customModulesEditor)

Security Center Management Custom Modules Viewer (roles/securitycentermanagement.customModulesViewer)

Security Center Management Custom ETD Modules Editor (roles/securitycentermanagement.etdCustomModulesEditor)

Security Center Management ETD Custom Modules Viewer (roles/securitycentermanagement.etdCustomModulesViewer)

Security Center Management Settings Editor (roles/securitycentermanagement.settingsEditor)

Security Center Management Settings Viewer (roles/securitycentermanagement.settingsViewer)

Security Center Management SHA Custom Modules Editor (roles/securitycentermanagement.shaCustomModulesEditor)

Security Center Management SHA Custom Modules Viewer (roles/securitycentermanagement.shaCustomModulesViewer)

Security Center Management Viewer (roles/securitycentermanagement.viewer)

Security Posture Admin (roles/securityposture.admin)

Security Posture Deployer (roles/securityposture.postureDeployer)

Security Posture Deployments Viewer (roles/securityposture.postureDeploymentsViewer)

Security Posture Resource Viewer (roles/securityposture.postureViewer)

Security Posture Viewer (roles/securityposture.viewer)

Service Management Administrator (roles/servicemanagement.admin)

Quota Administrator (roles/servicemanagement.quotaAdmin)

Service agent roles

Organization Role Administrator (roles/iam.organizationRoleAdmin)

Organization Role Viewer (roles/iam.organizationRoleViewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Security Admin (roles/iam.securityAdmin)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Service agent roles

Owner (roles/owner)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Assured Workloads Administrator (roles/assuredworkloads.admin)

Assured Workloads Editor (roles/assuredworkloads.editor)

Project Creator (roles/resourcemanager.projectCreator)

Service agent roles

Owner (roles/owner)

Billing Account Administrator (roles/billing.admin)

Project Billing Manager (roles/billing.projectManager)

Service agent roles

Owner (roles/owner)

Folder Admin (roles/resourcemanager.folderAdmin)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Project IAM Admin (roles/resourcemanager.projectIamAdmin)

Owner (roles/owner)

Project Deleter (roles/resourcemanager.projectDeleter)

Service agent roles

Owner (roles/owner)

Billing Account Administrator (roles/billing.admin)

Project Billing Manager (roles/billing.projectManager)

Service agent roles

Owner (roles/owner)

Folder Admin (roles/resourcemanager.folderAdmin)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Project IAM Admin (roles/resourcemanager.projectIamAdmin)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Access Approval Approver (roles/accessapproval.approver)

Access Approval Config Editor (roles/accessapproval.configEditor)

Access Approval Invalidator (roles/accessapproval.invalidator)

Access Approval Viewer (roles/accessapproval.viewer)

Access Context Manager Admin (roles/accesscontextmanager.policyAdmin)

Access Context Manager Editor (roles/accesscontextmanager.policyEditor)

Access Context Manager Reader (roles/accesscontextmanager.policyReader)

VPC Service Controls Troubleshooter Viewer (roles/accesscontextmanager.vpcScTroubleshooterViewer)

Actions Admin (roles/actions.Admin)

Actions Viewer (roles/actions.Viewer)

Advisory Notifications Admin (roles/advisorynotifications.admin)

Advisory Notifications Viewer (roles/advisorynotifications.viewer)

Vertex AI Administrator (roles/aiplatform.admin)

Colab Enterprise Admin (roles/aiplatform.colabEnterpriseAdmin)

Colab Enterprise User (roles/aiplatform.colabEnterpriseUser)

Vertex AI Feature Store EntityType owner (roles/aiplatform.entityTypeOwner)

Vertex AI Feature Store Admin (roles/aiplatform.featurestoreAdmin)

Vertex AI Feature Store Data Viewer (roles/aiplatform.featurestoreDataViewer)

Vertex AI Feature Store Data Writer (roles/aiplatform.featurestoreDataWriter)

Vertex AI Feature Store Resource Viewer (roles/aiplatform.featurestoreResourceViewer)

Vertex AI Feature Store User (roles/aiplatform.featurestoreUser)

Vertex AI User (roles/aiplatform.user)

Vertex AI Viewer (roles/aiplatform.viewer)

Cloud AlloyDB Admin (roles/alloydb.admin)

Cloud AlloyDB Client (roles/alloydb.client)

Cloud AlloyDB Database User (roles/alloydb.databaseUser)

Cloud AlloyDB Viewer (roles/alloydb.viewer)

Analytics Hub Admin (roles/analyticshub.admin)

Analytics Hub Listing Admin (roles/analyticshub.listingAdmin)

Analytics Hub Publisher (roles/analyticshub.publisher)

Analytics Hub Subscriber (roles/analyticshub.subscriber)

Analytics Hub Subscription Owner (roles/analyticshub.subscriptionOwner)

Analytics Hub Viewer (roles/analyticshub.viewer)

ApiGateway Admin (roles/apigateway.admin)

ApiGateway Viewer (roles/apigateway.viewer)

Apigee Organization Admin (roles/apigee.admin)

Apigee Analytics Editor (roles/apigee.analyticsEditor)

Apigee Analytics Viewer (roles/apigee.analyticsViewer)

Apigee API Admin (roles/apigee.apiAdminV2)

Apigee API Reader (roles/apigee.apiReaderV2)

Apigee Developer Admin (roles/apigee.developerAdmin)

Apigee Environment Admin (roles/apigee.environmentAdmin)

Apigee Monetization Admin (roles/apigee.monetizationAdmin)

Apigee Portal Admin (roles/apigee.portalAdmin)

Apigee Read-only Admin (roles/apigee.readOnlyAdmin)

Apigee Security Admin (roles/apigee.securityAdmin)

Apigee Security Viewer (roles/apigee.securityViewer)

Apigee Space Console User (roles/apigee.spaceConsoleUser)

Cloud Apigee Registry Admin (roles/apigeeregistry.admin)

Cloud Apigee Registry Editor (roles/apigeeregistry.editor)

Cloud Apigee Registry Viewer (roles/apigeeregistry.viewer)

Cloud Apigee Registry Worker (roles/apigeeregistry.worker)

Cloud API Hub Admin (roles/apihub.admin)

Cloud API hub Attributes Admin (roles/apihub.attributeAdmin)

Cloud API Hub Editor (roles/apihub.editor)

Cloud API hub Plugins Admin (roles/apihub.pluginAdmin)

Cloud API hub Provisioning Admin (roles/apihub.provisioningAdmin)

Cloud API hub Viewer (roles/apihub.viewer)

API Management Admin (roles/apim.admin)

API Management Viewer (roles/apim.viewer)

App Engine Admin (roles/appengine.appAdmin)

App Engine Creator (roles/appengine.appCreator)

App Engine Viewer (roles/appengine.appViewer)

App Engine Code Viewer (roles/appengine.codeViewer)

App Engine Managed VM Debug Access (roles/appengine.debugger)

App Engine Deployer (roles/appengine.deployer)

App Engine Memcache Data Admin (roles/appengine.memcacheDataAdmin)

App Engine Service Admin (roles/appengine.serviceAdmin)

App Hub Admin (roles/apphub.admin)

App Management Viewer (roles/apphub.appManagementViewer)

App Hub Editor (roles/apphub.editor)

App Hub Viewer (roles/apphub.viewer)

Appliance troubleshooting commands approver (roles/applianceactivation.approver)

Appliance troubleshooter (roles/applianceactivation.troubleshooter)

Workspace Marketplace App Configuration Admin (roles/appmetadata.workspaceMarketplaceAppConfigurationAdmin)

Container Registry -> Artifact Registry Migration Admin (roles/artifactregistry.containerRegistryMigrationAdmin)

Assured OSS Admin (roles/assuredoss.admin)

Assured OSS Project Admin (roles/assuredoss.projectAdmin)

Assured OSS Reader (roles/assuredoss.reader)

Assured OSS User (roles/assuredoss.user)

Assured Workloads Administrator (roles/assuredworkloads.admin)

Assured Workloads Editor (roles/assuredworkloads.editor)

Assured Workloads Reader (roles/assuredworkloads.reader)

Audit Manager Admin (roles/auditmanager.admin)

Audit Manager Auditor (roles/auditmanager.auditor)

AutoML Admin (roles/automl.admin)

AutoML Editor (roles/automl.editor)

AutoML Predictor (roles/automl.predictor)

AutoML Viewer (roles/automl.viewer)

Recommendations AI Admin (roles/automlrecommendations.admin)

Recommendations AI Admin Viewer (roles/automlrecommendations.adminViewer)

Recommendations AI Editor (roles/automlrecommendations.editor)

Recommendations AI Viewer (roles/automlrecommendations.viewer)

Autoscaling Site Admin (roles/autoscaling.sitesAdmin)

Access Transparency Admin (roles/axt.admin)

Backup and DR Admin (roles/backupdr.admin)

Backup and DR Backup User (roles/backupdr.backupUser)

Backup and DR Compute Engine Operator (roles/backupdr.computeEngineOperator)

Backup and DR Mount User (roles/backupdr.mountUser)

Backup and DR Restore User (roles/backupdr.restoreUser)

Backup and DR User (roles/backupdr.user)

Backup and DR User V2 (roles/backupdr.userv2)

Backup and DR Viewer (roles/backupdr.viewer)

Bare Metal Solution Admin (roles/baremetalsolution.admin)

Bare Metal Solution Editor (roles/baremetalsolution.editor)

Bare Metal Solution Instances Admin (roles/baremetalsolution.instancesadmin)

Bare Metal Solution Instances Viewer (roles/baremetalsolution.instancesviewer)

Bare Metal Solution Storage Admin (roles/baremetalsolution.storageadmin)

Bare Metal Solution Viewer (roles/baremetalsolution.viewer)

Batch Administrator (roles/batch.admin)

Batch Job Editor (roles/batch.jobsEditor)

Batch Job Viewer (roles/batch.jobsViewer)

Batch ResourceAllowance Editor (roles/batch.resourceAllowancesEditor)

Batch ResourceAllowance Viewer (roles/batch.resourceAllowancesViewer)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

Cloud BeyondCorp Client Connector Admin (roles/beyondcorp.clientConnectorAdmin)

Cloud BeyondCorp Client Connector Viewer (roles/beyondcorp.clientConnectorViewer)

Cloud BeyondCorp Viewer (roles/beyondcorp.viewer)

BigLake Admin (roles/biglake.admin)

BigLake Viewer (roles/biglake.viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Editor (roles/bigquery.dataEditor)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Data Viewer (roles/bigquery.dataViewer)

BigQuery Job User (roles/bigquery.jobUser)

BigQuery Metadata Viewer (roles/bigquery.metadataViewer)

BigQuery Read Session User (roles/bigquery.readSessionUser)

BigQuery Resource Admin (roles/bigquery.resourceAdmin)

BigQuery Resource Editor (roles/bigquery.resourceEditor)

BigQuery Resource Viewer (roles/bigquery.resourceViewer)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery Studio User (roles/bigquery.studioUser)

BigQuery User (roles/bigquery.user)

Bigtable Administrator (roles/bigtable.admin)

Bigtable Reader (roles/bigtable.reader)

Bigtable User (roles/bigtable.user)

Bigtable Viewer (roles/bigtable.viewer)

Billing Account Administrator (roles/billing.admin)

Binary Authorization Attestor Admin (roles/binaryauthorization.attestorsAdmin)

Binary Authorization Attestor Editor (roles/binaryauthorization.attestorsEditor)

Binary Authorization Attestor Image Verifier (roles/binaryauthorization.attestorsVerifier)

Binary Authorization Attestor Viewer (roles/binaryauthorization.attestorsViewer)

Binary Authorization Policy Administrator (roles/binaryauthorization.policyAdmin)

Binary Authorization Policy Editor (roles/binaryauthorization.policyEditor)

Binary Authorization Policy Evaluator (roles/binaryauthorization.policyEvaluator)

Binary Authorization Policy Viewer (roles/binaryauthorization.policyViewer)

Blockchain Node Engine Admin (roles/blockchainnodeengine.admin)

Blockchain Node Engine Viewer (roles/blockchainnodeengine.viewer)

Blockchain Validator Manager Admin (roles/blockchainvalidatormanager.admin)

Blockchain Validator Viewer (roles/blockchainvalidatormanager.viewer)

Browser (roles/browser)

Capacity Planner Usage Viewer (roles/capacityplanner.viewer)

Care Studio Patients Viewer (roles/carestudio.viewer)

Certificate Manager Editor (roles/certificatemanager.editor)

Certificate Manager Owner (roles/certificatemanager.owner)

Certificate Manager Viewer (roles/certificatemanager.viewer)

Chronicle API Admin (roles/chronicle.admin)

Chronicle API Data Governor (roles/chronicle.dataGovernor)

Chronicle API Editor (roles/chronicle.editor)

Chronicle API Federation Admin (roles/chronicle.federationAdmin)

Chronicle API Federation Viewer (roles/chronicle.federationViewer)

Chronicle API Limited Viewer (roles/chronicle.limitedViewer)

Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)

Chronicle SOAR Admin (roles/chronicle.soarAdmin)

Chronicle SOAR Threat Manager (roles/chronicle.soarThreatManager)

Chronicle SOAR Vulnerability Manager (roles/chronicle.soarVulnerabilityManager)

Chronicle API Viewer (roles/chronicle.viewer)

Code Repository Indexes Admin (roles/cloudaicompanion.codeRepositoryIndexesAdmin)

Code Repository Indexes Viewer (roles/cloudaicompanion.codeRepositoryIndexesViewer)

Gemini Code Assist Tools Admin (roles/cloudaicompanion.codeToolsAdmin)

Gemini Code Assist Tools User (roles/cloudaicompanion.codeToolsUser)

Gemini for Google Cloud User (roles/cloudaicompanion.user)

Cloud Build Approver (roles/cloudbuild.builds.approver)

Cloud Build Service Account (roles/cloudbuild.builds.builder)

Cloud Build Editor (roles/cloudbuild.builds.editor)

Cloud Build Viewer (roles/cloudbuild.builds.viewer)

Cloud Build Connection Admin (roles/cloudbuild.connectionAdmin)

Cloud Build Connection Viewer (roles/cloudbuild.connectionViewer)

Cloud Build Integrations Editor (roles/cloudbuild.integrationsEditor)

Cloud Build Integrations Owner (roles/cloudbuild.integrationsOwner)

Cloud Build Integrations Viewer (roles/cloudbuild.integrationsViewer)

Cloud Build WorkerPool Editor (roles/cloudbuild.workerPoolEditor)

Cloud Build WorkerPool Owner (roles/cloudbuild.workerPoolOwner)

Cloud Build WorkerPool Viewer (roles/cloudbuild.workerPoolViewer)

Firebase Remote Config Admin (roles/cloudconfig.admin)

Firebase Remote Config Viewer (roles/cloudconfig.viewer)

Cloud Deploy Admin (roles/clouddeploy.admin)

Cloud Deploy Approver (roles/clouddeploy.approver)

Cloud Deploy Custom Target Type Admin (roles/clouddeploy.customTargetTypeAdmin)

Cloud Deploy Developer (roles/clouddeploy.developer)

Cloud Deploy Operator (roles/clouddeploy.operator)

Cloud Deploy Policy Admin (roles/clouddeploy.policyAdmin)

Cloud Deploy Policy Overrider (roles/clouddeploy.policyOverrider)

Cloud Deploy Releaser (roles/clouddeploy.releaser)

Cloud Deploy Viewer (roles/clouddeploy.viewer)

Cloud Functions Admin (roles/cloudfunctions.admin)

Cloud Functions Developer (roles/cloudfunctions.developer)

Cloud Functions Viewer (roles/cloudfunctions.viewer)

Cloud Hub Operator (roles/cloudhub.operator)

Cloud Talent Solution Admin (roles/cloudjobdiscovery.admin)

Cloud Talent Solution Job Editor (roles/cloudjobdiscovery.jobsEditor)

Cloud Talent Solution Job Viewer (roles/cloudjobdiscovery.jobsViewer)

Cloud Talent Solution Profile Editor (roles/cloudjobdiscovery.profilesEditor)

Cloud Talent Solution Profile Viewer (roles/cloudjobdiscovery.profilesViewer)

Cloud KMS Admin (roles/cloudkms.admin)

Cloud KMS CryptoKey Decrypter (roles/cloudkms.cryptoKeyDecrypter)

Cloud KMS CryptoKey Decrypter Via Delegation (roles/cloudkms.cryptoKeyDecrypterViaDelegation)

Cloud KMS CryptoKey Encrypter (roles/cloudkms.cryptoKeyEncrypter)

Cloud KMS CryptoKey Encrypter/Decrypter (roles/cloudkms.cryptoKeyEncrypterDecrypter)

Cloud KMS CryptoKey Encrypter/Decrypter Via Delegation (roles/cloudkms.cryptoKeyEncrypterDecrypterViaDelegation)

Cloud KMS CryptoKey Encrypter Via Delegation (roles/cloudkms.cryptoKeyEncrypterViaDelegation)

Cloud KMS Crypto Operator (roles/cloudkms.cryptoOperator)

Cloud KMS EkmConnections Admin (roles/cloudkms.ekmConnectionsAdmin)

Cloud KMS Expert Raw AES-CBC Key Manager (roles/cloudkms.expertRawAesCbc)

Cloud KMS Expert Raw AES-CTR Key Manager (roles/cloudkms.expertRawAesCtr)

Cloud KMS Expert Raw PKCS#1 Key Manager (roles/cloudkms.expertRawPKCS1)

Cloud KMS Importer (roles/cloudkms.importer)

Cloud KMS CryptoKey Public Key Viewer (roles/cloudkms.publicKeyViewer)

Cloud KMS CryptoKey Signer (roles/cloudkms.signer)

Cloud KMS CryptoKey Signer/Verifier (roles/cloudkms.signerVerifier)

Cloud KMS CryptoKey Verifier (roles/cloudkms.verifier)

Cloud KMS Viewer (roles/cloudkms.viewer)

Velostrata Manager (roles/cloudmigration.inframanager)

Catalog Consumer (roles/cloudprivatecatalog.consumer)

Catalog Admin (roles/cloudprivatecatalogproducer.admin)

Catalog Manager (roles/cloudprivatecatalogproducer.manager)

Catalog Org Admin (roles/cloudprivatecatalogproducer.orgAdmin)

Cloud Profiler User (roles/cloudprofiler.user)

Cloud Quotas Admin (roles/cloudquotas.admin)

Cloud Quotas Viewer (roles/cloudquotas.viewer)

Cloud Scheduler Admin (roles/cloudscheduler.admin)

Cloud Scheduler Job Runner (roles/cloudscheduler.jobRunner)

Cloud Scheduler Viewer (roles/cloudscheduler.viewer)

Web Security Scanner Editor (roles/cloudsecurityscanner.editor)

Cloud SQL Admin (roles/cloudsql.admin)

Cloud SQL Editor (roles/cloudsql.editor)

Cloud SQL Viewer (roles/cloudsql.viewer)

Tech Support Editor (roles/cloudsupport.techSupportEditor)

Tech Support Viewer (roles/cloudsupport.techSupportViewer)

Cloud Tasks Admin (roles/cloudtasks.admin)

Cloud Tasks Enqueuer (roles/cloudtasks.enqueuer)

Cloud Tasks Queue Admin (roles/cloudtasks.queueAdmin)

Cloud Tasks Task Deleter (roles/cloudtasks.taskDeleter)

Cloud Tasks Task Runner (roles/cloudtasks.taskRunner)

Cloud Tasks Viewer (roles/cloudtasks.viewer)

Firebase Test Lab Direct Access Admin (roles/cloudtestservice.directAccessAdmin)

Firebase Test Lab Direct Access Viewer (roles/cloudtestservice.directAccessViewer)

Firebase Test Lab Admin (roles/cloudtestservice.testAdmin)

Firebase Test Lab Viewer (roles/cloudtestservice.testViewer)

Cloud Trace Admin (roles/cloudtrace.admin)

Cloud Trace User (roles/cloudtrace.user)

Cloud Translation API Admin (roles/cloudtranslate.admin)

Cloud Translation API Editor (roles/cloudtranslate.editor)

Cloud Translation API User (roles/cloudtranslate.user)

Cloud Translation API Viewer (roles/cloudtranslate.viewer)

Commerce Agreement Publishing Admin (roles/commerceagreementpublishing.admin)

Commerce Agreement Publishing Viewer (roles/commerceagreementpublishing.viewer)

Commerce Business Enablement Configuration Admin (roles/commercebusinessenablement.admin)

Commerce Business Enablement PaymentConfig Admin (roles/commercebusinessenablement.paymentConfigAdmin)

Commerce Business Enablement PaymentConfig Viewer (roles/commercebusinessenablement.paymentConfigViewer)

Commerce Business Enablement Reseller Discount Admin (roles/commercebusinessenablement.resellerDiscountAdmin)

Commerce Business Enablement Reseller Discount Viewer (roles/commercebusinessenablement.resellerDiscountViewer)

Commerce Business Enablement Configuration Viewer (roles/commercebusinessenablement.viewer)

Commerce Organization Governance Admin (roles/commerceorggovernance.admin)

Governed Marketplace User (roles/commerceorggovernance.user)

Commerce Organization Governance Viewer (roles/commerceorggovernance.viewer)

Commerce Price Management Events Viewer (roles/commercepricemanagement.eventsViewer)

Commerce Price Management Private Offers Admin (roles/commercepricemanagement.privateOffersAdmin)

Commerce Price Management Viewer (roles/commercepricemanagement.viewer)

Commerce Producer Admin (roles/commerceproducer.admin)

Commerce Producer Viewer (roles/commerceproducer.viewer)

Environment and Storage Object Administrator (roles/composer.environmentAndStorageObjectAdmin)

Environment and Storage Object User (roles/composer.environmentAndStorageObjectUser)

Environment and Storage Object Viewer (roles/composer.environmentAndStorageObjectViewer)

Composer Worker (roles/composer.worker)

Compute Admin (roles/compute.admin)

Compute Image User (roles/compute.imageUser)

Compute Instance Admin (beta) (roles/compute.instanceAdmin)

Compute Instance Admin (v1) (roles/compute.instanceAdmin.v1)

Compute Load Balancer Admin (roles/compute.loadBalancerAdmin)

Compute Load Balancer Services User (roles/compute.loadBalancerServiceUser)

Compute Network Admin (roles/compute.networkAdmin)

Compute Network User (roles/compute.networkUser)

Compute Network Viewer (roles/compute.networkViewer)

Compute Organization Firewall Policy Admin (roles/compute.orgFirewallPolicyAdmin)

Compute Organization Firewall Policy User (roles/compute.orgFirewallPolicyUser)

Compute Organization Security Policy Admin (roles/compute.orgSecurityPolicyAdmin)

Compute Organization Security Policy User (roles/compute.orgSecurityPolicyUser)

Compute Organization Resource Admin (roles/compute.orgSecurityResourceAdmin)

Compute OS Admin Login (roles/compute.osAdminLogin)

Compute OS Login (roles/compute.osLogin)

Compute packet mirroring admin (roles/compute.packetMirroringAdmin)

Compute packet mirroring user (roles/compute.packetMirroringUser)

Compute Public IP Admin (roles/compute.publicIpAdmin)

Compute Security Admin (roles/compute.securityAdmin)

Compute Storage Admin (roles/compute.storageAdmin)

Compute Viewer (roles/compute.viewer)

Compute Shared VPC Admin (roles/compute.xpnAdmin)

Cloud Infrastructure Manager Admin (roles/config.admin)

Cloud Infrastructure Manager Viewer (roles/config.viewer)

ConfigDelivery Admin (roles/configdelivery.configDeliveryAdmin)

ConfigDelivery Viewer (roles/configdelivery.configDeliveryViewer)

Config Delivery Resource Bundle Publisher (roles/configdelivery.resourceBundlePublisher)

Connector Admin (roles/connectors.admin)

Connectors Viewer (roles/connectors.viewer)

Consumer Procurement Entitlement Manager (roles/consumerprocurement.entitlementManager)

Consumer Procurement Entitlement Viewer (roles/consumerprocurement.entitlementViewer)

Consumer Procurement Administrator (roles/consumerprocurement.procurementAdmin)

Consumer Procurement Viewer (roles/consumerprocurement.procurementViewer)

Contact Center AI Platform Admin (roles/contactcenteraiplatform.admin)

Contact Center AI Platform Viewer (roles/contactcenteraiplatform.viewer)

Kubernetes Engine Admin (roles/container.admin)

Kubernetes Engine KMS Crypto Key User (roles/container.cloudKmsKeyUser)

Kubernetes Engine Cluster Admin (roles/container.clusterAdmin)

Kubernetes Engine Cluster Viewer (roles/container.clusterViewer)

Kubernetes Engine Developer (roles/container.developer)

Kubernetes Engine Viewer (roles/container.viewer)

Container Analysis Admin (roles/containeranalysis.admin)

Container Analysis Notes Editor (roles/containeranalysis.notes.editor)

Container Analysis Notes Viewer (roles/containeranalysis.notes.viewer)

Container Analysis Occurrences Editor (roles/containeranalysis.occurrences.editor)

Container Analysis Occurrences Viewer (roles/containeranalysis.occurrences.viewer)

GKE Security Posture Viewer (roles/containersecurity.viewer)

Content Warehouse Admin (roles/contentwarehouse.admin)

Content Warehouse Document Admin (roles/contentwarehouse.documentAdmin)

Content Warehouse document creator (roles/contentwarehouse.documentCreator)

Content Warehouse Document Editor (roles/contentwarehouse.documentEditor)

Content Warehouse document schema viewer (roles/contentwarehouse.documentSchemaViewer)

Content Warehouse Viewer (roles/contentwarehouse.documentViewer)

Database Center Admin (roles/databasecenter.admin)

Database Center Viewer (roles/databasecenter.viewer)

Database Insights monitoring viewer (roles/databaseinsights.monitoringViewer)

Database Insights recommendation viewer (roles/databaseinsights.recommendationViewer)

Database Insights viewer (roles/databaseinsights.viewer)

Studio Query Admin (roles/databasesconsole.studioQueryAdmin)

Studio Query User (roles/databasesconsole.studioQueryUser)

Data Catalog Admin (roles/datacatalog.admin)

Policy Tag Admin (roles/datacatalog.categoryAdmin)

DataCatalog Data Steward (roles/datacatalog.dataSteward)

DataCatalog EntryGroup Creator (roles/datacatalog.entryGroupCreator)

DataCatalog EntryGroup Owner (roles/datacatalog.entryGroupOwner)

DataCatalog Entry Owner (roles/datacatalog.entryOwner)

DataCatalog Entry Viewer (roles/datacatalog.entryViewer)

DataCatalog Migration Config Admin (roles/datacatalog.migrationConfigAdmin)

DataCatalog Search Admin (roles/datacatalog.searchAdmin)

Data Catalog TagTemplate Owner (roles/datacatalog.tagTemplateOwner)

Data Catalog TagTemplate User (roles/datacatalog.tagTemplateUser)

Data Catalog TagTemplate Viewer (roles/datacatalog.tagTemplateViewer)

Data Catalog Viewer (roles/datacatalog.viewer)

Connector Admin (roles/dataconnectors.connectorAdmin)

Dataflow Admin (roles/dataflow.admin)

Dataflow Developer (roles/dataflow.developer)

Dataflow Viewer (roles/dataflow.viewer)

Dataform Admin (roles/dataform.admin)

Code Creator (roles/dataform.codeCreator)

Code Editor (roles/dataform.codeEditor)

Code Owner (roles/dataform.codeOwner)

Code Viewer (roles/dataform.codeViewer)

Dataform Editor (roles/dataform.editor)

Dataform Viewer (roles/dataform.viewer)

Cloud Data Fusion Accessor (roles/datafusion.accessor)

Cloud Data Fusion Admin (roles/datafusion.admin)

Cloud Data Fusion Developer (roles/datafusion.developer)

Cloud Data Fusion Operator (roles/datafusion.operator)

Cloud Data Fusion Viewer (roles/datafusion.viewer)

Data Labeling Service Admin (roles/datalabeling.admin)

Data Labeling Service Editor (roles/datalabeling.editor)

Data Labeling Service Viewer (roles/datalabeling.viewer)

Data Lineage Administrator (roles/datalineage.admin)

Data Lineage Editor (roles/datalineage.editor)

Data Lineage Events Producer (roles/datalineage.producer)

Data Lineage Viewer (roles/datalineage.viewer)

Database Migration Admin (roles/datamigration.admin)

Data pipelines Admin (roles/datapipelines.admin)

Data pipelines Invoker (roles/datapipelines.invoker)

Data pipelines Viewer (roles/datapipelines.viewer)

Dataplex Administrator (roles/dataplex.admin)

Dataplex Aspect Type Owner (roles/dataplex.aspectTypeOwner)

Dataplex Aspect Type User (roles/dataplex.aspectTypeUser)

Dataplex Catalog Admin (roles/dataplex.catalogAdmin)

Dataplex Catalog Editor (roles/dataplex.catalogEditor)

Dataplex Catalog Viewer (roles/dataplex.catalogViewer)

Dataplex Entry Group Exporter (roles/dataplex.entryGroupExporter)

Dataplex Entry Group Importer (roles/dataplex.entryGroupImporter)

Dataplex Entry Group Owner (roles/dataplex.entryGroupOwner)

Dataplex Entry and EntryLink Owner (roles/dataplex.entryOwner)

Dataplex Entry Type Owner (roles/dataplex.entryTypeOwner)

Dataplex Entry Type User (roles/dataplex.entryTypeUser)

Dataplex Metadata Job Owner (roles/dataplex.metadataJobOwner)

Dataplex Metadata Job Viewer (roles/dataplex.metadataJobViewer)

Dataplex Metadata Reader (roles/dataplex.metadataReader)

Dataplex Metadata Writer (roles/dataplex.metadataWriter)

Dataprep User (roles/dataprep.projects.user)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Dataproc Hub Agent (roles/dataproc.hubAgent)

Dataproc Serverless Editor (roles/dataproc.serverlessEditor)

Dataproc Serverless Viewer (roles/dataproc.serverlessViewer)

Dataproc Viewer (roles/dataproc.viewer)

Dataproc Resource Manager Admin (roles/dataprocrm.admin)

Dataproc Resource Manager Viewer (roles/dataprocrm.viewer)

Cloud Datastore Bulk Admin (roles/datastore.bulkAdmin)

Cloud Datastore Import Export Admin (roles/datastore.importExportAdmin)

Cloud Datastore Index Admin (roles/datastore.indexAdmin)

Cloud Datastore Key Visualizer Viewer (roles/datastore.keyVisualizerViewer)

Cloud Datastore Owner (roles/datastore.owner)

Cloud Datastore User (roles/datastore.user)

Cloud Datastore Viewer (roles/datastore.viewer)

Datastream Admin (roles/datastream.admin)

Datastream Viewer (roles/datastream.viewer)

Data Studio Admin (roles/datastudio.admin)

Data Studio Workspace Content Manager (roles/datastudio.contentManager)

Data Studio Workspace Contributor (roles/datastudio.contributor)

Data Studio Asset Editor (roles/datastudio.editor)

Data Studio Workspace Manager (roles/datastudio.manager)

Data Studio Asset Viewer (roles/datastudio.viewer)

Data Studio Workspace Viewer (roles/datastudio.workspaceViewer)

Dell EMC Cloud OneFS Admin (roles/dellemccloudonefs.admin)

Dell EMC Cloud OneFS User (roles/dellemccloudonefs.user)

Dell EMC Cloud OneFS Viewer (roles/dellemccloudonefs.viewer)

Deployment Manager Editor (roles/deploymentmanager.editor)

Deployment Manager Type Editor (roles/deploymentmanager.typeEditor)

Deployment Manager Type Viewer (roles/deploymentmanager.typeViewer)

Deployment Manager Viewer (roles/deploymentmanager.viewer)

Application Design Center Admin (roles/designcenter.admin)

Application Admin (roles/designcenter.applicationAdmin)

Application Editor (roles/designcenter.applicationEditor)

Application Viewer (roles/designcenter.applicationViewer)

Application Design Center User (roles/designcenter.user)

Application Design Center Viewer (roles/designcenter.viewer)

Developer Connect Admin (roles/developerconnect.admin)

Developer Connect OAuth Admin (roles/developerconnect.oauthAdmin)

Developer Connect OAuth User (roles/developerconnect.oauthUser)

Developer Connect User (roles/developerconnect.user)

Developer Connect Viewer (roles/developerconnect.viewer)

Device Streaming Admin (roles/devicestreaming.admin)

Device Streaming Viewer (roles/devicestreaming.viewer)

CX Premium Admin (roles/dialogflow.aamAdmin)

CX Premium Conversational Architect (roles/dialogflow.aamConversationalArchitect)

CX Premium Dialog Designer (roles/dialogflow.aamDialogDesigner)

CX Premium Lead Dialog Designer (roles/dialogflow.aamLeadDialogDesigner)

CX Premium Viewer (roles/dialogflow.aamViewer)

Dialogflow API Admin (roles/dialogflow.admin)

Dialogflow Console Agent Editor (roles/dialogflow.consoleAgentEditor)

Dialogflow Console Simulator User (roles/dialogflow.consoleSimulatorUser)

Dialogflow Console Smart Messaging Allowlist Editor (roles/dialogflow.consoleSmartMessagingAllowlistEditor)

Dialogflow API Reader (roles/dialogflow.reader)

Discovery Engine Admin (roles/discoveryengine.admin)

Discovery Engine Editor (roles/discoveryengine.editor)

Cloud NotebookLM Admin (roles/discoveryengine.notebookLmOwner)

Cloud NotebookLM User (roles/discoveryengine.notebookLmUser)

Discovery Engine Viewer (roles/discoveryengine.viewer)

DLP Administrator (roles/dlp.admin)

DLP Connections Admin (roles/dlp.connectionsAdmin)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

DLP Subscription Admin (roles/dlp.subscriptionsAdmin)

DNS Administrator (roles/dns.admin)

DNS Reader (roles/dns.reader)

Document AI Administrator (roles/documentai.admin)

Document AI Editor (roles/documentai.editor)

Document AI Viewer (roles/documentai.viewer)

Cloud Domains Admin (roles/domains.admin)

Cloud Domains Viewer (roles/domains.viewer)

Earth Engine Resource Admin (roles/earthengine.admin)

Earth Engine Apps Publisher (roles/earthengine.appsPublisher)

Earth Engine Resource Viewer (roles/earthengine.viewer)

Earth Engine Resource Writer (roles/earthengine.writer)

Edge Container Admin (roles/edgecontainer.admin)

Edge Container Machine User (roles/edgecontainer.machineUser)

Edge Container Cluster offline Credential User (roles/edgecontainer.offlineCredentialUser)

Edge Container Viewer (roles/edgecontainer.viewer)

Edge Network Admin (roles/edgenetwork.admin)

Edge Network Viewer (roles/edgenetwork.viewer)

Enterprise Knowledge Graph Admin (roles/enterpriseknowledgegraph.admin)

Enterprise Knowledge Graph Editor (roles/enterpriseknowledgegraph.editor)

Enterprise Knowledge Graph Viewer (roles/enterpriseknowledgegraph.viewer)

Enterprise Purchasing Admin (roles/enterprisepurchasing.admin)

Enterprise Purchasing Editor (roles/enterprisepurchasing.editor)

Enterprise Purchasing Viewer (roles/enterprisepurchasing.viewer)

Error Reporting Admin (roles/errorreporting.admin)

Error Reporting User (roles/errorreporting.user)

Error Reporting Viewer (roles/errorreporting.viewer)

Eventarc Admin (roles/eventarc.admin)

Eventarc Connection Publisher (roles/eventarc.connectionPublisher)

Eventarc Developer (roles/eventarc.developer)

Eventarc Publisher (roles/eventarc.publisher)

Eventarc Viewer (roles/eventarc.viewer)

Financial Services Admin (roles/financialservices.admin)

Financial Services Viewer (roles/financialservices.viewer)

Firebase Admin (roles/firebase.admin)

Firebase Analytics Admin (roles/firebase.analyticsAdmin)

Firebase Analytics Viewer (roles/firebase.analyticsViewer)

Firebase Develop Admin (roles/firebase.developAdmin)

Firebase Develop Viewer (roles/firebase.developViewer)

Firebase Grow Admin (roles/firebase.growthAdmin)

Firebase Grow Viewer (roles/firebase.growthViewer)

Firebase Quality Admin (roles/firebase.qualityAdmin)

Firebase Quality Viewer (roles/firebase.qualityViewer)

Firebase Admin SDK Administrator Service Agent (roles/firebase.sdkAdminServiceAgent)

Firebase Viewer (roles/firebase.viewer)

Firebase A/B Testing Admin (roles/firebaseabt.admin)

Firebase A/B Testing Viewer (roles/firebaseabt.viewer)

Firebase App Distribution Admin (roles/firebaseappdistro.admin)

Firebase App Distribution Viewer (roles/firebaseappdistro.viewer)

Firebase Authentication Admin (roles/firebaseauth.admin)

Firebase Authentication Viewer (roles/firebaseauth.viewer)

Firebase Cloud Messaging API Admin (roles/firebasecloudmessaging.admin)

Firebase Crash Symbol Uploader (roles/firebasecrash.symbolMappingsAdmin)

Firebase Crashlytics Admin (roles/firebasecrashlytics.admin)

Firebase Crashlytics Viewer (roles/firebasecrashlytics.viewer)

Firebase Realtime Database Admin (roles/firebasedatabase.admin)

Firebase Realtime Database Viewer (roles/firebasedatabase.viewer)

Firebase Data Connect API Admin (roles/firebasedataconnect.admin)

Firebase Data Connect API Viewer (roles/firebasedataconnect.viewer)

Firebase Dynamic Links Admin (roles/firebasedynamiclinks.admin)

Firebase Dynamic Links Viewer (roles/firebasedynamiclinks.viewer)

Firebase Extensions Developer (roles/firebaseextensions.developer)

Firebase Extensions Viewer (roles/firebaseextensions.viewer)

Firebase Extensions Publisher - Extensions Admin (roles/firebaseextensionspublisher.extensionsAdmin)

Firebase Extensions Publisher - Extensions Viewer (roles/firebaseextensionspublisher.extensionsViewer)

Firebase Hosting Admin (roles/firebasehosting.admin)

Firebase Hosting Viewer (roles/firebasehosting.viewer)

Firebase In-App Messaging Admin (roles/firebaseinappmessaging.admin)

Firebase In-App Messaging Viewer (roles/firebaseinappmessaging.viewer)

Firebase ML Kit Admin (roles/firebaseml.admin)

Firebase ML Kit Viewer (roles/firebaseml.viewer)

Firebase Extensions API Service Agent (roles/firebasemods.serviceAgent)

Firebase Cloud Messaging Admin (roles/firebasenotifications.admin)

Firebase Cloud Messaging Viewer (roles/firebasenotifications.viewer)

Firebase Performance Reporting Admin (roles/firebaseperformance.admin)

Firebase Performance Reporting Viewer (roles/firebaseperformance.viewer)

Firebase Rules Admin (roles/firebaserules.admin)

Firebase Rules System (roles/firebaserules.system)

Firebase Rules Viewer (roles/firebaserules.viewer)

Cloud Storage for Firebase Admin (roles/firebasestorage.admin)

Cloud Storage for Firebase Viewer (roles/firebasestorage.viewer)

Firebase Vertex AI Admin (roles/firebasevertexai.admin)

Firebase Vertex AI Viewer (roles/firebasevertexai.viewer)

Fleet Engine Delivery Admin (roles/fleetengine.deliveryAdmin)

Fleet Engine Delivery Super User (roles/fleetengine.deliverySuperUser)

Fleet Engine On-Demand Admin (roles/fleetengine.ondemandAdmin)

Fleet Engine Service Super User (roles/fleetengine.serviceSuperUser)

GDC Hardware Management Admin (roles/gdchardwaremanagement.admin)

GDC Hardware Management Operator (roles/gdchardwaremanagement.operator)

GDC Hardware Management Reader (roles/gdchardwaremanagement.reader)

Gemini Cloud Assist Investigation Admin (roles/geminicloudassist.investigationAdmin)

Gemini Cloud Assist Investigation Creator (roles/geminicloudassist.investigationCreator)

Gemini Cloud Assist Investigation Editor (roles/geminicloudassist.investigationEditor)

Gemini Cloud Assist Investigation Owner (roles/geminicloudassist.investigationOwner)

Gemini Cloud Assist Investigation User (roles/geminicloudassist.investigationUser)

Gemini Cloud Assist Investigation Viewer (roles/geminicloudassist.investigationViewer)

Gemini Cloud Assist User (roles/geminicloudassist.user)

Backup for GKE Admin (roles/gkebackup.admin)

Backup for GKE Backup Admin (roles/gkebackup.backupAdmin)

Backup for GKE Restore Admin (roles/gkebackup.restoreAdmin)

Backup for GKE Viewer (roles/gkebackup.viewer)

Fleet Admin (formerly GKE Hub Admin) (roles/gkehub.admin)

Fleet Editor (formerly GKE Hub Editor) (roles/gkehub.editor)

Fleet Project-level Scope Editor (roles/gkehub.scopeEditorProjectLevel)

Fleet Project-level Scope Viewer (roles/gkehub.scopeViewerProjectLevel)

Fleet Viewer (formerly GKE Hub Viewer) (roles/gkehub.viewer)

Anthos Multi-cloud Admin (roles/gkemulticloud.admin)

Anthos Multi-cloud Viewer (roles/gkemulticloud.viewer)

GKE on-prem Admin (roles/gkeonprem.admin)

GKE on-prem Viewer (roles/gkeonprem.viewer)

Google Workspace Add-ons Developer (roles/gsuiteaddons.developer)

Google Workspace Add-ons Reader (roles/gsuiteaddons.reader)

Google Workspace Add-ons Tester (roles/gsuiteaddons.tester)

Healthcare Annotation Editor (roles/healthcare.annotationEditor)

Healthcare Annotation Reader (roles/healthcare.annotationReader)

Healthcare Annotation Administrator (roles/healthcare.annotationStoreAdmin)

Healthcare Annotation Store Viewer (roles/healthcare.annotationStoreViewer)

Healthcare Attribute Definition Editor (roles/healthcare.attributeDefinitionEditor)

Healthcare Attribute Definition Reader (roles/healthcare.attributeDefinitionReader)

Healthcare Consent Artifact Administrator (roles/healthcare.consentArtifactAdmin)

Healthcare Consent Artifact Editor (roles/healthcare.consentArtifactEditor)

Healthcare Consent Artifact Reader (roles/healthcare.consentArtifactReader)

Healthcare Consent Editor (roles/healthcare.consentEditor)

Healthcare Consent Reader (roles/healthcare.consentReader)

Healthcare Consent Store Administrator (roles/healthcare.consentStoreAdmin)

Healthcare Consent Store Viewer (roles/healthcare.consentStoreViewer)

Healthcare Dataset Administrator (roles/healthcare.datasetAdmin)

Healthcare Dataset Viewer (roles/healthcare.datasetViewer)

Healthcare DICOM Editor (roles/healthcare.dicomEditor)

Healthcare DICOM Store Administrator (roles/healthcare.dicomStoreAdmin)

Healthcare DICOM Store Viewer (roles/healthcare.dicomStoreViewer)

Healthcare DICOM Viewer (roles/healthcare.dicomViewer)

Healthcare FHIR Resource Editor (roles/healthcare.fhirResourceEditor)

Healthcare FHIR Resource Reader (roles/healthcare.fhirResourceReader)

Healthcare FHIR Store Administrator (roles/healthcare.fhirStoreAdmin)

Healthcare FHIR Store Viewer (roles/healthcare.fhirStoreViewer)

Healthcare HL7v2 Message Consumer (roles/healthcare.hl7V2Consumer)

Healthcare HL7v2 Message Editor (roles/healthcare.hl7V2Editor)

Healthcare HL7v2 Message Ingest (roles/healthcare.hl7V2Ingest)

Healthcare HL7v2 Store Administrator (roles/healthcare.hl7V2StoreAdmin)

Healthcare HL7v2 Store Viewer (roles/healthcare.hl7V2StoreViewer)

Healthcare NLP Service Viewer (roles/healthcare.nlpServiceViewer)

Healthcare User Data Mapping Editor (roles/healthcare.userDataMappingEditor)

Healthcare User Data Mapping Reader (roles/healthcare.userDataMappingReader)

IAM OAuth Client Admin (roles/iam.oauthClientAdmin)

IAM OAuth Client Viewer (roles/iam.oauthClientViewer)

Organization Role Administrator (roles/iam.organizationRoleAdmin)

Organization Role Viewer (roles/iam.organizationRoleViewer)

Role Administrator (roles/iam.roleAdmin)

Role Viewer (roles/iam.roleViewer)

Service Account Admin (roles/iam.serviceAccountAdmin)

Create Service Accounts (roles/iam.serviceAccountCreator)

Delete Service Accounts (roles/iam.serviceAccountDeleter)

Service Account Key Admin (roles/iam.serviceAccountKeyAdmin)

Service Account Token Creator (roles/iam.serviceAccountTokenCreator)

Service Account User (roles/iam.serviceAccountUser)

View Service Accounts (roles/iam.serviceAccountViewer)

IAM Workload Identity Pool Admin (roles/iam.workloadIdentityPoolAdmin)

IAM Workload Identity Pool Viewer (roles/iam.workloadIdentityPoolViewer)

Cloud IDS Admin (roles/ids.admin)

Cloud IDS Viewer (roles/ids.viewer)

Apigee Integration Admin (roles/integrations.apigeeIntegrationAdminRole)

Apigee Integration Deployer (roles/integrations.apigeeIntegrationDeployerRole)

Apigee Integration Editor (roles/integrations.apigeeIntegrationEditorRole)

Apigee Integration Invoker (roles/integrations.apigeeIntegrationInvokerRole)

Apigee Integration Viewer (roles/integrations.apigeeIntegrationsViewer)

Apigee Integration Approver (roles/integrations.apigeeSuspensionResolver)

Certificate Viewer (roles/integrations.certificateViewer)

Application Integration Admin (roles/integrations.integrationAdmin)

Application Integration Deployer (roles/integrations.integrationDeployer)

Application Integration Editor (roles/integrations.integrationEditor)

Application Integration Invoker (roles/integrations.integrationInvoker)

Application Integration Viewer (roles/integrations.integrationViewer)

Application Integration SFDC Instance Admin (roles/integrations.sfdcInstanceAdmin)

Application Integration SFDC Instance Editor (roles/integrations.sfdcInstanceEditor)

Application Integration SFDC Instance Viewer (roles/integrations.sfdcInstanceViewer)

Application Integration Approver (roles/integrations.suspensionResolver)

Issuerswitch Account Manager Admin (roles/issuerswitch.accountManagerAdmin)

Issuerswitch Account Manager Transactions Admin (roles/issuerswitch.accountManagerTransactionsAdmin)

Issuerswitch Account Manager Transactions Viewer (roles/issuerswitch.accountManagerTransactionsViewer)

Issuerswitch Admin (roles/issuerswitch.admin)

Issuerswitch Participants Admin (roles/issuerswitch.issuerParticipantsAdmin)

Issuerswitch Resolutions Admin (roles/issuerswitch.resolutionsAdmin)

Issuerswitch Rules Admin (roles/issuerswitch.rulesAdmin)

Issuerswitch Rules Viewer (roles/issuerswitch.rulesViewer)

Issuerswitch Transactions Viewer (roles/issuerswitch.transactionsViewer)

Config Controller Admin (roles/krmapihosting.admin)

Config Controller Viewer (roles/krmapihosting.viewer)

Cloud License Manager Admin (roles/licensemanager.admin)

Cloud License Manager Viewer (roles/licensemanager.viewer)

Cloud Life Sciences Viewer (roles/lifesciences.viewer)

Live Stream Editor (roles/livestream.editor)

Live Stream Viewer (roles/livestream.viewer)

Logging Admin (roles/logging.admin)

Logs Configuration Writer (roles/logging.configWriter)

Private Logs Viewer (roles/logging.privateLogViewer)

Logs Viewer (roles/logging.viewer)

Looker Admin (roles/looker.admin)

Looker Instance User (roles/looker.instanceUser)

Looker Viewer (roles/looker.viewer)

Looker Admin (roles/lookerstudio.lookerAdmin)

Looker Studio Pro Manager (roles/lookerstudio.proManager)

Google Cloud Managed Lustre Admin (roles/lustre.admin)

Google Cloud Managed Lustre Viewer (roles/lustre.viewer)

Maintenance API Viewer (roles/maintenance.viewer)

Managed Flink Admin (roles/managedflink.admin)

Managed Flink Developer (roles/managedflink.developer)

Managed Flink Viewer (roles/managedflink.viewer)

Google Cloud Managed Identities Admin (roles/managedidentities.admin)

Google Cloud Managed Identities Backup Admin (roles/managedidentities.backupAdmin)

Google Cloud Managed Identities Backup Viewer (roles/managedidentities.backupViewer)

Google Cloud Managed Identities Domain Admin (roles/managedidentities.domainAdmin)

Google Cloud Managed Identities Peering Admin (roles/managedidentities.peeringAdmin)

Google Cloud Managed Identities Peering Viewer (roles/managedidentities.peeringViewer)

Google Cloud Managed Identities Viewer (roles/managedidentities.viewer)

Managed Kafka Admin (roles/managedkafka.admin)

Managed Kafka Client (roles/managedkafka.client)

Managed Kafka Cluster Editor (roles/managedkafka.clusterEditor)

Managed Kafka Connector Editor (roles/managedkafka.connectorEditor)

Managed Kafka Consumer Group Editor (roles/managedkafka.consumerGroupEditor)

Managed Kafka Topic Editor (roles/managedkafka.topicEditor)

Managed Kafka Viewer (roles/managedkafka.viewer)

Mandiant Attack Surface Management Editor (roles/mandiant.attackSurfaceManagementEditor)

Mandiant Attack Surface Management Viewer (roles/mandiant.attackSurfaceManagementViewer)

Mandiant Digital Threat Monitoring Editor (roles/mandiant.digitalThreatMonitoringEditor)

Mandiant Digital Threat Monitoring Viewer (roles/mandiant.digitalThreatMonitoringViewer)

Mandiant Expertise On Demand Editor (roles/mandiant.expertiseOnDemandEditor)

Mandiant Expertise On Demand Viewer (roles/mandiant.expertiseOnDemandViewer)

Mandiant Threat Intel Editor (roles/mandiant.threatIntelEditor)

Mandiant Threat Intel Viewer (roles/mandiant.threatIntelViewer)

Mandiant Validation Editor (roles/mandiant.validationEditor)

Mandiant Validation Viewer (roles/mandiant.validationViewer)

Maps API Admin (roles/mapsadmin.admin)

Maps API Viewer (roles/mapsadmin.viewer)

Mobility Solutions Overages Viewer (roles/mapsanalytics.mobilitySolutionsOverageViewer)

Maps Analytics Viewer (roles/mapsanalytics.viewer)

Maps Platform Datasets Admin (roles/mapsplatformdatasets.admin)

Maps Platform Datasets Viewer (roles/mapsplatformdatasets.viewer)

Marketplace Solutions Admin (roles/marketplacesolutions.admin)

Marketplace Solutions Editor (roles/marketplacesolutions.editor)

Marketplace Solutions Viewer (roles/marketplacesolutions.viewer)

Cloud Memorystore Memcached Admin (roles/memcache.admin)

Cloud Memorystore Memcached Editor (roles/memcache.editor)

Cloud Memorystore Memcached Viewer (roles/memcache.viewer)

Memorystore Admin (roles/memorystore.admin)

Memorystore Viewer (roles/memorystore.viewer)

Dataproc Metastore Admin (roles/metastore.admin)

Dataproc Metastore Editor (roles/metastore.editor)

Dataproc Metastore Metadata Operator (roles/metastore.metadataOperator)

Dataproc Metastore Viewer (roles/metastore.user)

Migration Center Admin (roles/migrationcenter.admin)

Migration Center Discovery Client Registrator (roles/migrationcenter.discoveryClientRegistrator)

Migration Center Viewer (roles/migrationcenter.viewer)

AI Platform Admin (roles/ml.admin)

AI Platform Developer (roles/ml.developer)

AI Platform Viewer (roles/ml.viewer)

Model Armor Admin (roles/modelarmor.admin)

Model Armor Callout User (roles/modelarmor.calloutUser)

Model Armor Floor Setting Admin (roles/modelarmor.floorSettingsAdmin)

Model Armor Floor Setting Viewer (roles/modelarmor.floorSettingsViewer)

Model Armor User (roles/modelarmor.user)

Model Armor Viewer (roles/modelarmor.viewer)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring Metrics Scopes Admin (roles/monitoring.metricsScopesAdmin)

Monitoring Metrics Scopes Viewer (roles/monitoring.metricsScopesViewer)

Monitoring Viewer (roles/monitoring.viewer)

Google Home Developer Console Admin (roles/nestconsole.homeDeveloperAdmin)

Google Home Developer Console Editor (roles/nestconsole.homeDeveloperEditor)

Google Home Developer Console Reader (roles/nestconsole.homeDeveloperViewer)

Google Cloud NetApp Volumes Admin (roles/netapp.admin)

Google Cloud NetApp Volumes Viewer (roles/netapp.viewer)

NetApp Cloud Volumes Admin (roles/netappcloudvolumes.admin)

NetApp Cloud Volumes Viewer (roles/netappcloudvolumes.viewer)

Service Automation Consumer Network Admin (roles/networkconnectivity.consumerNetworkAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

Hub & Spoke Viewer (roles/networkconnectivity.hubViewer)

Regional Endpoint Admin (roles/networkconnectivity.regionalEndpointAdmin)

Regional Endpoint Viewer (roles/networkconnectivity.regionalEndpointViewer)

Service Class User (roles/networkconnectivity.serviceClassUser)

Service Automation Service Producer Admin (roles/networkconnectivity.serviceProducerAdmin)

Spoke Admin (roles/networkconnectivity.spokeAdmin)

Network Management Admin (roles/networkmanagement.admin)

Network Management Viewer (roles/networkmanagement.viewer)

Intercept Deployment Admin (roles/networksecurity.interceptDeploymentAdmin)

Intercept Deployment Viewer (roles/networksecurity.interceptDeploymentViewer)

Intercept Endpoint Admin (roles/networksecurity.interceptEndpointAdmin)

Intercept Endpoint Viewer (roles/networksecurity.interceptEndpointViewer)

Mirroring Deployment Admin (roles/networksecurity.mirroringDeploymentAdmin)

Mirroring Deployment Viewer (roles/networksecurity.mirroringDeploymentViewer)

Mirroring Endpoint Admin (roles/networksecurity.mirroringEndpointAdmin)

Mirroring Endpoint Viewer (roles/networksecurity.mirroringEndpointViewer)

Security Profile Admin (roles/networksecurity.securityProfileAdmin)

Service Extensions Admin (roles/networkservices.serviceExtensionsAdmin)

Service Extensions Viewer (roles/networkservices.serviceExtensionsViewer)

Notebooks Admin (roles/notebooks.admin)

Notebooks Legacy Admin (roles/notebooks.legacyAdmin)

Notebooks Legacy Viewer (roles/notebooks.legacyViewer)

Notebooks Runner (roles/notebooks.runner)

Notebooks Viewer (roles/notebooks.viewer)

Oracle Database@Google Cloud admin (roles/oracledatabase.admin)

Oracle Database@Google Cloud Autonomous Database Admin (roles/oracledatabase.autonomousDatabaseAdmin)

Oracle Database@Google Cloud Autonomous Database Viewer (roles/oracledatabase.autonomousDatabaseViewer)

Oracle Database@Google Cloud Exadata Infrastructure Admin (roles/oracledatabase.cloudExadataInfrastructureAdmin)

Oracle Database@Google Cloud Exadata Infrastructure User (roles/oracledatabase.cloudExadataInfrastructureUser)

Oracle Database@Google Cloud Exadata Infrastructure Viewer (roles/oracledatabase.cloudExadataInfrastructureViewer)

Oracle Database@Google Cloud VM Cluster Admin (roles/oracledatabase.cloudVmClusterAdmin)

Oracle Database@Google Cloud VM Cluster Viewer (roles/oracledatabase.cloudVmClusterViewer)

Oracle Database@Google Cloud viewer (roles/oracledatabase.viewer)

GuestPolicy Admin (roles/osconfig.guestPolicyAdmin)

GuestPolicy Editor (roles/osconfig.guestPolicyEditor)

GuestPolicy Viewer (roles/osconfig.guestPolicyViewer)

InstanceOSPoliciesCompliance Viewer (roles/osconfig.instanceOSPoliciesComplianceViewer)

OS Inventory Viewer (roles/osconfig.inventoryViewer)

OSPolicyAssignment Admin (roles/osconfig.osPolicyAssignmentAdmin)

OSPolicyAssignment Editor (roles/osconfig.osPolicyAssignmentEditor)

OSPolicyAssignmentReport Viewer (roles/osconfig.osPolicyAssignmentReportViewer)

OSPolicyAssignment Viewer (roles/osconfig.osPolicyAssignmentViewer)

PatchDeployment Admin (roles/osconfig.patchDeploymentAdmin)

PatchDeployment Viewer (roles/osconfig.patchDeploymentViewer)

Patch Job Executor (roles/osconfig.patchJobExecutor)

Patch Job Viewer (roles/osconfig.patchJobViewer)

Project Feature Settings Editor (roles/osconfig.projectFeatureSettingsEditor)

Project Feature Settings Viewer (roles/osconfig.projectFeatureSettingsViewer)

Upgrade Report Viewer (roles/osconfig.upgradeReportViewer)

OS VulnerabilityReport Viewer (roles/osconfig.vulnerabilityReportViewer)

Parallelstore Admin (roles/parallelstore.admin)

Parallelstore Viewer (roles/parallelstore.viewer)

Parameter Manager Admin (roles/parametermanager.admin)

Parameter Manager Parameter Accessor (roles/parametermanager.parameterAccessor)

Parameter Manager Parameter Version Adder (roles/parametermanager.parameterVersionAdder)

Parameter Manager Parameter Version Manager (roles/parametermanager.parameterVersionManager)

Parameter Manager Parameter Viewer (roles/parametermanager.parameterViewer)

Payments Reseller Admin (roles/paymentsresellersubscription.partnerAdmin)

Payments Reseller Viewer (roles/paymentsresellersubscription.partnerViewer)

Payments Reseller Products Viewer (roles/paymentsresellersubscription.productViewer)

Payments Reseller Promotions Viewer (roles/paymentsresellersubscription.promotionViewer)

Payments Reseller Subscriptions Editor (roles/paymentsresellersubscription.subscriptionEditor)

Payments Reseller Subscriptions Viewer (roles/paymentsresellersubscription.subscriptionViewer)

CA Service Admin (roles/privateca.admin)

CA Service Auditor (roles/privateca.auditor)

CA Service Operation Manager (roles/privateca.caManager)

CA Service Certificate Manager (roles/privateca.certificateManager)

Privileged Access Manager Admin (roles/privilegedaccessmanager.admin)

Privileged Access Manager Viewer (roles/privilegedaccessmanager.viewer)

Beacon Attachment Editor (roles/proximitybeacon.attachmentEditor)

Beacon Attachment Publisher (roles/proximitybeacon.attachmentPublisher)

Beacon Attachment Viewer (roles/proximitybeacon.attachmentViewer)

Beacon Editor (roles/proximitybeacon.beaconEditor)

External Account Key Creator (roles/publicca.externalAccountKeyCreator)

Pub/Sub Admin (roles/pubsub.admin)

Pub/Sub Editor (roles/pubsub.editor)

Pub/Sub Viewer (roles/pubsub.viewer)

Subscription Linking Admin (roles/readerrevenuesubscriptionlinking.admin)

Subscription Linking Viewer (roles/readerrevenuesubscriptionlinking.viewer)

reCAPTCHA Enterprise Admin (roles/recaptchaenterprise.admin)

reCAPTCHA Enterprise Agent (roles/recaptchaenterprise.agent)

reCAPTCHA Enterprise Viewer (roles/recaptchaenterprise.viewer)

AlloyDB Recommender Admin (roles/recommender.alloydbAdmin)

AlloyDB Recommender Viewer (roles/recommender.alloydbViewer)

BigQuery Slot Recommender Admin (roles/recommender.bigQueryCapacityCommitmentsAdmin)

BigQuery Recommender Project Admin (roles/recommender.bigQueryCapacityCommitmentsProjectAdmin)

BigQuery Recommender Project Viewer (roles/recommender.bigQueryCapacityCommitmentsProjectViewer)

BigQuery Slot Recommender Viewer (roles/recommender.bigQueryCapacityCommitmentsViewer)

BigQuery Materialized View Recommender Admin (roles/recommender.bigqueryMaterializedViewAdmin)

BigQuery Materialized View Recommender Viewer (roles/recommender.bigqueryMaterializedViewViewer)

BigQuery Partitioning Clustering Recommender Admin (roles/recommender.bigqueryPartitionClusterAdmin)

BigQuery Partitioning Clustering Recommender Viewer (roles/recommender.bigqueryPartitionClusterViewer)

Bigtable Cluster Performance Recommender Admin (roles/recommender.bigtableClusterPerformanceAdmin)

Bigtable Cluster Performance Recommender Viewer (roles/recommender.bigtableClusterPerformanceViewer)

Cloud Asset Insights Admin (roles/recommender.cloudAssetInsightsAdmin)

Cloud Asset Insights Viewer (roles/recommender.cloudAssetInsightsViewer)

Cloud Cost General Recommendations Recommender Admin (roles/recommender.cloudCostRecommendationAdmin)

Cloud Cost General Recommendations Recommender Viewer (roles/recommender.cloudCostRecommendationViewer)

Cloud Deprecation General Recommender Admin (roles/recommender.cloudDeprecationRecommendationAdmin)

Cloud Deprecation General Recommender Viewer (roles/recommender.cloudDeprecationRecommendationViewer)

Cloud Manageability General Recommendations Recommender Admin (roles/recommender.cloudManageabilityRecommendationAdmin)

Cloud Manageability General Recommendations Recommender Viewer (roles/recommender.cloudManageabilityRecommendationViewer)

Cloud Performance General Recommendations Recommender Admin (roles/recommender.cloudPerformanceRecommendationAdmin)

Cloud Performance General Recommendations Recommender Viewer (roles/recommender.cloudPerformanceRecommendationViewer)

Cloud Reliability General Recommendations Recommender Admin (roles/recommender.cloudReliabilityRecommendationAdmin)

Cloud Reliability General Recommendations Recommender Viewer (roles/recommender.cloudReliabilityRecommendationViewer)

Cloud Security General Recommendations Recommender Admin (roles/recommender.cloudSecurityRecommendationAdmin)

Cloud Security General Recommendations Recommender Viewer (roles/recommender.cloudSecurityRecommendationViewer)

Cloud SQL Recommender Admin (roles/recommender.cloudsqlAdmin)

Cloud SQL Recommender Viewer (roles/recommender.cloudsqlViewer)

Compute Recommender Admin (roles/recommender.computeAdmin)

Compute Recommender Viewer (roles/recommender.computeViewer)

GKE Diagnosis Recommender Admin (roles/recommender.containerDiagnosisAdmin)

GKE Diagnosis Recommender Viewer (roles/recommender.containerDiagnosisViewer)

Dataflow Diagnostics Admin (roles/recommender.dataflowDiagnosticsAdmin)

Dataflow Diagnostics Viewer (roles/recommender.dataflowDiagnosticsViewer)

Error Reporting Recommender Admin (roles/recommender.errorReportingAdmin)

Error Reporting Recommender Viewer (roles/recommender.errorReportingViewer)

Firestore Database Firebase rules Recommender Admin (roles/recommender.firestoredatabasefirebaserulesAdmin)

Firestore Database Firebase rules Recommender Viewer (roles/recommender.firestoredatabasefirebaserulesViewer)

Firestore Database Reliability Recommender Admin (roles/recommender.firestoredatabasereliabilityAdmin)

Firestore Database Reliability Recommender Viewer (roles/recommender.firestoredatabasereliabilityViewer)

Firewall Recommender Admin (roles/recommender.firewallAdmin)

Firewall Recommender Viewer (roles/recommender.firewallViewer)

Google Maps Platform Insights/Recommendations Admin (roles/recommender.gmpAdmin)

Google Maps Platform Insights/Recommendations Viewer (roles/recommender.gmpViewer)

IAM Recommender Admin (roles/recommender.iamAdmin)

IAM Recommender Viewer (roles/recommender.iamViewer)

IAM Policy Change Risk Recommender Admin (roles/recommender.iampolicychangeriskAdmin)

IAM Policy Change Risk Recommender Viewer (roles/recommender.iampolicychangeriskViewer)

Memorystore Manageability Recommender Admin (roles/recommender.memorystoremanageabilityAdmin)

Memorystore Manageability Recommender Viewer (roles/recommender.memorystoremanageabilityViewer)

Memorystore Performance Recommender Admin (roles/recommender.memorystoreperformanceAdmin)

Memorystore Performance Recommender Viewer (roles/recommender.memorystoreperformanceViewer)

Memorystore Reliability Recommender Admin (roles/recommender.memorystorereliabilityAdmin)

Memorystore Reliability Recommender Viewer (roles/recommender.memorystorereliabilityViewer)

Network Analyzer Recommender Admin (roles/recommender.networkAnalyzerAdmin)

Network Analyzer Cloud SQL Recommender Admin (roles/recommender.networkAnalyzerCloudSqlAdmin)

Network Analyzer Cloud SQL Recommender Viewer (roles/recommender.networkAnalyzerCloudSqlViewer)

Network Analyzer Dynamic Route Recommender Admin (roles/recommender.networkAnalyzerDynamicRouteAdmin)

Network Analyzer Dynamic Route Recommender Viewer (roles/recommender.networkAnalyzerDynamicRouteViewer)

Network Analyzer GKE Connectivity Recommender Admin (roles/recommender.networkAnalyzerGkeConnectivityAdmin)

Network Analyzer GKE Connectivity Recommender Viewer (roles/recommender.networkAnalyzerGkeConnectivityViewer)

Network Analyzer GKE IP Address Recommender Admin (roles/recommender.networkAnalyzerGkeIpAddressAdmin)

Network Analyzer GKE IP Address Recommender Viewer (roles/recommender.networkAnalyzerGkeIpAddressViewer)

Network Analyzer GKE Service Account Insights Recommender Admin (roles/recommender.networkAnalyzerGkeServiceAccountAdmin)

Network Analyzer GKE Service Account Insights Recommender Viewer (roles/recommender.networkAnalyzerGkeServiceAccountViewer)

Network Analyzer IP Address Recommender Admin (roles/recommender.networkAnalyzerIpAddressAdmin)

Network Analyzer IP Address Recommender Viewer (roles/recommender.networkAnalyzerIpAddressViewer)

Network Analyzer Load Balancer Recommender Admin (roles/recommender.networkAnalyzerLoadBalancerAdmin)

Network Analyzer Load Balancer Recommender Viewer (roles/recommender.networkAnalyzerLoadBalancerViewer)

Network Analyzer Recommender Viewer (roles/recommender.networkAnalyzerViewer)

Network Analyzer VPC Connectivity Recommender Admin (roles/recommender.networkAnalyzerVpcConnectivityAdmin)

Network Analyzer VPC Connectivity Recommender Viewer (roles/recommender.networkAnalyzerVpcConnectivityViewer)

Org Policy Recommender Admin (roles/recommender.orgPolicyAdmin)

Org Policy Recommender Viewer (roles/recommender.orgPolicyViewer)

Product Suggestion Recommenders Admin (roles/recommender.productSuggestionAdmin)

Product Suggestion Recommenders Viewer (roles/recommender.productSuggestionViewer)

Project Usage Commitment Recommender Admin (roles/recommender.projectCudAdmin)

Project Usage Commitment Recommender Viewer (roles/recommender.projectCudViewer)

Project Utilization Recommender Admin (roles/recommender.projectUtilAdmin)

Project Utilization Recommender Viewer (roles/recommender.projectUtilViewer)

RecentChange RecommenderConfig Admin (roles/recommender.recentChangeConfigAdmin)

Recent Change Risk Recommender Admin (roles/recommender.recentchangeriskAdmin)

Recent Change Risk Recommender Viewer (roles/recommender.recentchangeriskViewer)

Service Limit Recommender Admin (roles/recommender.serviceLimitAdmin)

Service Limit Recommender Viewer (roles/recommender.serviceLimitViewer)

Service Account Change Risk Recommender Admin (roles/recommender.serviceaccntchangeriskAdmin)

Service Account Change Risk Recommender Viewer (roles/recommender.serviceaccntchangeriskViewer)

Spanner Project Reliability Recommender Admin (roles/recommender.spannerAdmin)

Spanner Project Reliability Recommender Viewer (roles/recommender.spannerViewer)

Recommender Viewer (roles/recommender.viewer)

Cloud Memorystore Redis Admin (roles/redis.admin)

Cloud Memorystore Redis Editor (roles/redis.editor)

Cloud Memorystore Redis Viewer (roles/redis.viewer)

Redis Enterprise Cloud Admin (roles/redisenterprisecloud.admin)

Redis Enterprise Cloud Viewer (roles/redisenterprisecloud.viewer)

Folder Admin (roles/resourcemanager.folderAdmin)

Folder Creator (roles/resourcemanager.folderCreator)

Folder Editor (roles/resourcemanager.folderEditor)

Folder Viewer (roles/resourcemanager.folderViewer)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Project IAM Admin (roles/resourcemanager.projectIamAdmin)

Project Mover (roles/resourcemanager.projectMover)

Tag User (roles/resourcemanager.tagUser)

Risk Manager Admin (roles/riskmanager.admin)

Risk Manager Editor (roles/riskmanager.editor)

Risk Manager Report Reviewer (roles/riskmanager.reviewer)

Risk Manager Viewer (roles/riskmanager.viewer)

Rapid Migration Assessment Admin (roles/rma.admin)

Rapid Migration Assessment Runner (roles/rma.runner)

Rapid Migration Assessment Viewer (roles/rma.viewer)

Route Optimization Editor (roles/routeoptimization.editor)

Route Optimization Viewer (roles/routeoptimization.viewer)

Cloud Run Admin (roles/run.admin)

Cloud Run Developer (roles/run.developer)

Cloud Run Source Developer (roles/run.sourceDeveloper)

Cloud Run Source Viewer (roles/run.sourceViewer)

Cloud Run Viewer (roles/run.viewer)

Serverless Integrations Developer (roles/runapps.developer)

Serverless Integrations Operator (roles/runapps.operator)

Serverless Integrations Viewer (roles/runapps.viewer)

SaaS Service Management Admin (roles/saasservicemgmt.admin)

SaaS Service Management Viewer (roles/saasservicemgmt.viewer)

Secret Manager Admin (roles/secretmanager.admin)

Secret Manager Secret Accessor (roles/secretmanager.secretAccessor)

Secret Manager Secret Version Adder (roles/secretmanager.secretVersionAdder)

Secret Manager Secret Version Manager (roles/secretmanager.secretVersionManager)

Secret Manager Viewer (roles/secretmanager.viewer)

Overwatch Activator (roles/securedlandingzone.overwatchActivator)

Overwatch Admin (roles/securedlandingzone.overwatchAdmin)

Overwatch Viewer (roles/securedlandingzone.overwatchViewer)

Secure Source Manager Admin (roles/securesourcemanager.admin)

Secure Source Manager Instance Accessor (roles/securesourcemanager.instanceAccessor)

Secure Source Manager Instance Manager (roles/securesourcemanager.instanceManager)

Secure Source Manager Instance Owner (roles/securesourcemanager.instanceOwner)

Secure Source Manager Instance Repository Creator (roles/securesourcemanager.instanceRepositoryCreator)

Secure Source Manager Repository Admin (roles/securesourcemanager.repoAdmin)

Secure Source Manager Repository Creator (roles/securesourcemanager.repoCreator)

Secure Source Manager Repository Pull Request Approver (roles/securesourcemanager.repoPullRequestApprover)

Secure Source Manager Repository Reader (roles/securesourcemanager.repoReader)

Secure Source Manager Repository Writer (roles/securesourcemanager.repoWriter)

Secure Source Manager SSH Key User (roles/securesourcemanager.sshKeyUser)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Security Center Assets Viewer (roles/securitycenter.assetsViewer)

Security Center BigQuery Exports Editor (roles/securitycenter.bigQueryExportsEditor)

Security Center BigQuery Exports Viewer (roles/securitycenter.bigQueryExportsViewer)

Security Center Findings Editor (roles/securitycenter.findingsEditor)

Security Center Findings Viewer (roles/securitycenter.findingsViewer)

Security Center Settings Admin (roles/securitycenter.settingsAdmin)

Security Center Settings Editor (roles/securitycenter.settingsEditor)

Security Center Settings Viewer (roles/securitycenter.settingsViewer)

Security Center Management Admin (roles/securitycentermanagement.admin)

Security Center Management Custom Modules Editor (roles/securitycentermanagement.customModulesEditor)

Security Center Management Custom Modules Viewer (roles/securitycentermanagement.customModulesViewer)

Security Center Management Custom ETD Modules Editor (roles/securitycentermanagement.etdCustomModulesEditor)

Security Center Management ETD Custom Modules Viewer (roles/securitycentermanagement.etdCustomModulesViewer)

Security Center Management Settings Editor (roles/securitycentermanagement.settingsEditor)

Security Center Management Settings Viewer (roles/securitycentermanagement.settingsViewer)

Security Center Management SHA Custom Modules Editor (roles/securitycentermanagement.shaCustomModulesEditor)

Security Center Management SHA Custom Modules Viewer (roles/securitycentermanagement.shaCustomModulesViewer)

Security Center Management Viewer (roles/securitycentermanagement.viewer)

Cloud Run Service Agent (roles/serverless.serviceAgent)

Service Directory Admin (roles/servicedirectory.admin)

Service Directory Editor (roles/servicedirectory.editor)

Service Directory Network Attacher (roles/servicedirectory.networkAttacher)

Private Service Connect Authorized Service (roles/servicedirectory.pscAuthorizedService)

Service Directory Viewer (roles/servicedirectory.viewer)

Personalized Service Health Viewer (roles/servicehealth.viewer)

Service Management Administrator (roles/servicemanagement.admin)

Quota Administrator (roles/servicemanagement.quotaAdmin)

Cloud Spanner Admin (roles/spanner.admin)

Cloud Spanner Backup Admin (roles/spanner.backupAdmin)

Cloud Spanner Database Admin (roles/spanner.databaseAdmin)

Cloud Spanner Restore Admin (roles/spanner.restoreAdmin)

Cloud Spanner Viewer (roles/spanner.viewer)

Stackdriver Accounts Editor (roles/stackdriver.accounts.editor)

Stackdriver Accounts Viewer (roles/stackdriver.accounts.viewer)

Storage Admin (roles/storage.admin)

Storage Folder Admin (roles/storage.folderAdmin)

Storage HMAC Key Admin (roles/storage.hmacKeyAdmin)

Storage Insights Collector Service (roles/storage.insightsCollectorService)

Storage Object Admin (roles/storage.objectAdmin)

Storage Object Creator (roles/storage.objectCreator)

Storage Object User (roles/storage.objectUser)

Storage Object Viewer (roles/storage.objectViewer)

Storage Insights Admin (roles/storageinsights.admin)

Storage Insights Analyst (roles/storageinsights.analyst)

Storage Insights Viewer (roles/storageinsights.viewer)

Storage Transfer Admin (roles/storagetransfer.admin)

Storage Transfer User (roles/storagetransfer.user)

Storage Transfer Viewer (roles/storagetransfer.viewer)

Stream Admin (roles/stream.admin)

Stream Content Admin (roles/stream.contentAdmin)

Stream Content Builder (roles/stream.contentBuilder)

Stream Instance Admin (roles/stream.instanceAdmin)

Stream Viewer (roles/stream.viewer)

Subscribe with Google Developer (roles/subscribewithgoogledeveloper.developer)

Telco Automation Admin (roles/telcoautomation.admin)

Telco Automation Tier 1 Operations Admin (roles/telcoautomation.opsAdminTier1)

Telco Automation Tier 4 Operations Admin (roles/telcoautomation.opsAdminTier4)

TPU Admin (roles/tpu.admin)

TPU Viewer (roles/tpu.viewer)

Transcoder Admin (roles/transcoder.admin)

Transcoder Viewer (roles/transcoder.viewer)

Transfer Appliance Admin (roles/transferappliance.admin)

Transfer Appliance Viewer (roles/transferappliance.viewer)

Translation Hub Admin (roles/translationhub.admin)

Translation Hub Portal User (roles/translationhub.portalUser)

Video Stitcher Admin (roles/videostitcher.admin)

Video Stitcher User (roles/videostitcher.user)

Video Stitcher Viewer (roles/videostitcher.viewer)

VisionAI Admin (roles/visionai.admin)

VisionAI Editor (roles/visionai.editor)

VisionAI Viewer (roles/visionai.viewer)

VM Migration Administrator (roles/vmmigration.admin)

VM Migration Viewer (roles/vmmigration.viewer)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

Serverless VPC Access Admin (roles/vpcaccess.admin)

Serverless VPC Access User (roles/vpcaccess.user)

Serverless VPC Access Viewer (roles/vpcaccess.viewer)

Workflows Admin (roles/workflows.admin)

Workflows Editor (roles/workflows.editor)

Workflows Invoker (roles/workflows.invoker)

Workflows Viewer (roles/workflows.viewer)

Workload Certificate Admin (roles/workloadcertificate.admin)

Workload Certificate Registration Admin (roles/workloadcertificate.registrationAdmin)

Workload Certificate Registration Viewer (roles/workloadcertificate.registrationViewer)

Workload Certificate Viewer (roles/workloadcertificate.viewer)

Workload Manager Admin (roles/workloadmanager.admin)

Workload Manager Deployment Admin (roles/workloadmanager.deploymentAdmin)

Workload Manager Deployment Viewer (roles/workloadmanager.deploymentViewer)

Workload Manager Evaluation Admin (roles/workloadmanager.evaluationAdmin)

Workload Manager Evaluation Viewer (roles/workloadmanager.evaluationViewer)

Workload Manager Viewer (roles/workloadmanager.viewer)

Workload Manager Worker (roles/workloadmanager.worker)

Workload Manager Workload Viewer (roles/workloadmanager.workloadViewer)

Cloud Workstations Admin (roles/workstations.admin)

Cloud Workstations Creator (roles/workstations.workstationCreator)

Cloud Workstations Limit Exempted Creator (roles/workstations.workstationLimitExemptedCreator)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Apigee Organization Admin (roles/apigee.admin)

Apigee Developer Admin (roles/apigee.developerAdmin)

Apigee Environment Admin (roles/apigee.environmentAdmin)

Apigee Read-only Admin (roles/apigee.readOnlyAdmin)

Container Registry -> Artifact Registry Migration Admin (roles/artifactregistry.containerRegistryMigrationAdmin)

Browser (roles/browser)

Cloud Functions Admin (roles/cloudfunctions.admin)

Compute Shared VPC Admin (roles/compute.xpnAdmin)

Data Studio Workspace Content Manager (roles/datastudio.contentManager)

Data Studio Workspace Contributor (roles/datastudio.contributor)

Data Studio Asset Editor (roles/datastudio.editor)

Data Studio Workspace Manager (roles/datastudio.manager)

Firebase Admin (roles/firebase.admin)

Firebase Analytics Admin (roles/firebase.analyticsAdmin)

Firebase Analytics Viewer (roles/firebase.analyticsViewer)

Firebase Develop Admin (roles/firebase.developAdmin)

Firebase Develop Viewer (roles/firebase.developViewer)

Firebase Grow Admin (roles/firebase.growthAdmin)

Firebase Grow Viewer (roles/firebase.growthViewer)

Firebase Quality Admin (roles/firebase.qualityAdmin)

Firebase Quality Viewer (roles/firebase.qualityViewer)

Firebase Viewer (roles/firebase.viewer)

Organization Role Administrator (roles/iam.organizationRoleAdmin)

Organization Role Viewer (roles/iam.organizationRoleViewer)

Role Administrator (roles/iam.roleAdmin)

Role Viewer (roles/iam.roleViewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Looker Admin (roles/lookerstudio.lookerAdmin)

Folder Admin (roles/resourcemanager.folderAdmin)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Project IAM Admin (roles/resourcemanager.projectIamAdmin)

Cloud Run Service Agent (roles/serverless.serviceAgent)

Workload Manager Admin (roles/workloadmanager.admin)

Workload Manager Deployment Admin (roles/workloadmanager.deploymentAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Access Approval Approver (roles/accessapproval.approver)

Access Approval Config Editor (roles/accessapproval.configEditor)

Access Approval Invalidator (roles/accessapproval.invalidator)

Access Approval Viewer (roles/accessapproval.viewer)

Access Context Manager Admin (roles/accesscontextmanager.policyAdmin)

Access Context Manager Editor (roles/accesscontextmanager.policyEditor)

Access Context Manager Reader (roles/accesscontextmanager.policyReader)

VPC Service Controls Troubleshooter Viewer (roles/accesscontextmanager.vpcScTroubleshooterViewer)

Actions Admin (roles/actions.Admin)

Actions Viewer (roles/actions.Viewer)

Vertex AI Administrator (roles/aiplatform.admin)

Colab Enterprise Admin (roles/aiplatform.colabEnterpriseAdmin)

Colab Enterprise User (roles/aiplatform.colabEnterpriseUser)

Vertex AI Feature Store EntityType owner (roles/aiplatform.entityTypeOwner)

Vertex AI Feature Store Admin (roles/aiplatform.featurestoreAdmin)

Vertex AI Feature Store Data Viewer (roles/aiplatform.featurestoreDataViewer)

Vertex AI Feature Store Data Writer (roles/aiplatform.featurestoreDataWriter)

Vertex AI Feature Store Resource Viewer (roles/aiplatform.featurestoreResourceViewer)

Vertex AI Feature Store User (roles/aiplatform.featurestoreUser)

Vertex AI User (roles/aiplatform.user)

Vertex AI Viewer (roles/aiplatform.viewer)

Cloud AlloyDB Admin (roles/alloydb.admin)

Cloud AlloyDB Client (roles/alloydb.client)

Cloud AlloyDB Database User (roles/alloydb.databaseUser)

Cloud AlloyDB Viewer (roles/alloydb.viewer)

Analytics Hub Admin (roles/analyticshub.admin)

Analytics Hub Listing Admin (roles/analyticshub.listingAdmin)

Analytics Hub Publisher (roles/analyticshub.publisher)

Analytics Hub Subscriber (roles/analyticshub.subscriber)

Analytics Hub Subscription Owner (roles/analyticshub.subscriptionOwner)

Analytics Hub Viewer (roles/analyticshub.viewer)

ApiGateway Admin (roles/apigateway.admin)

ApiGateway Viewer (roles/apigateway.viewer)

Apigee Organization Admin (roles/apigee.admin)

Apigee Analytics Editor (roles/apigee.analyticsEditor)

Apigee Analytics Viewer (roles/apigee.analyticsViewer)

Apigee API Admin (roles/apigee.apiAdminV2)

Apigee API Reader (roles/apigee.apiReaderV2)

Apigee Developer Admin (roles/apigee.developerAdmin)

Apigee Environment Admin (roles/apigee.environmentAdmin)

Apigee Monetization Admin (roles/apigee.monetizationAdmin)

Apigee Portal Admin (roles/apigee.portalAdmin)

Apigee Read-only Admin (roles/apigee.readOnlyAdmin)

Apigee Security Admin (roles/apigee.securityAdmin)

Apigee Security Viewer (roles/apigee.securityViewer)

Apigee Space Console User (roles/apigee.spaceConsoleUser)

Cloud Apigee Registry Admin (roles/apigeeregistry.admin)

Cloud Apigee Registry Editor (roles/apigeeregistry.editor)

Cloud Apigee Registry Viewer (roles/apigeeregistry.viewer)

Cloud Apigee Registry Worker (roles/apigeeregistry.worker)

Cloud API Hub Admin (roles/apihub.admin)

Cloud API hub Attributes Admin (roles/apihub.attributeAdmin)

Cloud API Hub Editor (roles/apihub.editor)

Cloud API hub Plugins Admin (roles/apihub.pluginAdmin)

Cloud API hub Provisioning Admin (roles/apihub.provisioningAdmin)

Cloud API hub Viewer (roles/apihub.viewer)

API Management Admin (roles/apim.admin)

API Management Viewer (roles/apim.viewer)

App Engine Admin (roles/appengine.appAdmin)

App Engine Creator (roles/appengine.appCreator)

App Engine Viewer (roles/appengine.appViewer)

App Engine Code Viewer (roles/appengine.codeViewer)

App Engine Managed VM Debug Access (roles/appengine.debugger)

App Engine Deployer (roles/appengine.deployer)

App Engine Memcache Data Admin (roles/appengine.memcacheDataAdmin)

App Engine Service Admin (roles/appengine.serviceAdmin)

App Hub Admin (roles/apphub.admin)

App Management Viewer (roles/apphub.appManagementViewer)

App Hub Editor (roles/apphub.editor)

App Hub Viewer (roles/apphub.viewer)

Appliance troubleshooting commands approver (roles/applianceactivation.approver)

Appliance troubleshooter (roles/applianceactivation.troubleshooter)

Assured OSS Admin (roles/assuredoss.admin)

Assured OSS Project Admin (roles/assuredoss.projectAdmin)

Assured OSS Reader (roles/assuredoss.reader)

Assured OSS User (roles/assuredoss.user)

Assured Workloads Administrator (roles/assuredworkloads.admin)

Assured Workloads Editor (roles/assuredworkloads.editor)

Assured Workloads Reader (roles/assuredworkloads.reader)

Audit Manager Admin (roles/auditmanager.admin)

Audit Manager Auditor (roles/auditmanager.auditor)

AutoML Admin (roles/automl.admin)

AutoML Editor (roles/automl.editor)

AutoML Predictor (roles/automl.predictor)

AutoML Viewer (roles/automl.viewer)

Recommendations AI Admin (roles/automlrecommendations.admin)

Recommendations AI Admin Viewer (roles/automlrecommendations.adminViewer)

Recommendations AI Editor (roles/automlrecommendations.editor)

Recommendations AI Viewer (roles/automlrecommendations.viewer)

Autoscaling Site Admin (roles/autoscaling.sitesAdmin)

Access Transparency Admin (roles/axt.admin)

Backup and DR Admin (roles/backupdr.admin)

Backup and DR Backup User (roles/backupdr.backupUser)

Backup and DR Compute Engine Operator (roles/backupdr.computeEngineOperator)

Backup and DR Mount User (roles/backupdr.mountUser)

Backup and DR Restore User (roles/backupdr.restoreUser)

Backup and DR User (roles/backupdr.user)

Backup and DR User V2 (roles/backupdr.userv2)

Backup and DR Viewer (roles/backupdr.viewer)

Bare Metal Solution Admin (roles/baremetalsolution.admin)

Bare Metal Solution Editor (roles/baremetalsolution.editor)

Bare Metal Solution Instances Admin (roles/baremetalsolution.instancesadmin)

Bare Metal Solution Instances Viewer (roles/baremetalsolution.instancesviewer)

Bare Metal Solution Storage Admin (roles/baremetalsolution.storageadmin)

Bare Metal Solution Viewer (roles/baremetalsolution.viewer)

Batch Administrator (roles/batch.admin)

Batch Job Editor (roles/batch.jobsEditor)

Batch Job Viewer (roles/batch.jobsViewer)

Batch ResourceAllowance Editor (roles/batch.resourceAllowancesEditor)

Batch ResourceAllowance Viewer (roles/batch.resourceAllowancesViewer)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

Cloud BeyondCorp Client Connector Admin (roles/beyondcorp.clientConnectorAdmin)

Cloud BeyondCorp Client Connector Viewer (roles/beyondcorp.clientConnectorViewer)

Cloud BeyondCorp Viewer (roles/beyondcorp.viewer)

BigLake Admin (roles/biglake.admin)

BigLake Viewer (roles/biglake.viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Editor (roles/bigquery.dataEditor)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Data Viewer (roles/bigquery.dataViewer)

BigQuery Job User (roles/bigquery.jobUser)

BigQuery Metadata Viewer (roles/bigquery.metadataViewer)

BigQuery Read Session User (roles/bigquery.readSessionUser)

BigQuery Resource Admin (roles/bigquery.resourceAdmin)

BigQuery Resource Editor (roles/bigquery.resourceEditor)

BigQuery Resource Viewer (roles/bigquery.resourceViewer)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery Studio User (roles/bigquery.studioUser)

BigQuery User (roles/bigquery.user)

Billing Account Administrator (roles/billing.admin)

Binary Authorization Attestor Admin (roles/binaryauthorization.attestorsAdmin)

Binary Authorization Attestor Editor (roles/binaryauthorization.attestorsEditor)

Binary Authorization Attestor Image Verifier (roles/binaryauthorization.attestorsVerifier)

Binary Authorization Attestor Viewer (roles/binaryauthorization.attestorsViewer)

Binary Authorization Policy Administrator (roles/binaryauthorization.policyAdmin)

Binary Authorization Policy Editor (roles/binaryauthorization.policyEditor)

Binary Authorization Policy Evaluator (roles/binaryauthorization.policyEvaluator)

Binary Authorization Policy Viewer (roles/binaryauthorization.policyViewer)

Blockchain Node Engine Admin (roles/blockchainnodeengine.admin)

Blockchain Node Engine Viewer (roles/blockchainnodeengine.viewer)

Blockchain Validator Manager Admin (roles/blockchainvalidatormanager.admin)

Blockchain Validator Viewer (roles/blockchainvalidatormanager.viewer)

Browser (roles/browser)

Capacity Planner Usage Viewer (roles/capacityplanner.viewer)

Care Studio Patients Viewer (roles/carestudio.viewer)

Certificate Manager Editor (roles/certificatemanager.editor)

Certificate Manager Owner (roles/certificatemanager.owner)

Certificate Manager Viewer (roles/certificatemanager.viewer)

Chronicle API Admin (roles/chronicle.admin)

Chronicle API Data Governor (roles/chronicle.dataGovernor)

Chronicle API Editor (roles/chronicle.editor)

Chronicle API Federation Admin (roles/chronicle.federationAdmin)

Chronicle API Federation Viewer (roles/chronicle.federationViewer)

Chronicle API Limited Viewer (roles/chronicle.limitedViewer)

Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)

Chronicle SOAR Admin (roles/chronicle.soarAdmin)

Chronicle SOAR Threat Manager (roles/chronicle.soarThreatManager)

Chronicle SOAR Vulnerability Manager (roles/chronicle.soarVulnerabilityManager)

Chronicle API Viewer (roles/chronicle.viewer)

Code Repository Indexes Admin (roles/cloudaicompanion.codeRepositoryIndexesAdmin)

Code Repository Indexes Viewer (roles/cloudaicompanion.codeRepositoryIndexesViewer)

Gemini Code Assist Tools Admin (roles/cloudaicompanion.codeToolsAdmin)

Gemini Code Assist Tools User (roles/cloudaicompanion.codeToolsUser)

Gemini for Google Cloud User (roles/cloudaicompanion.user)

Cloud Build Approver (roles/cloudbuild.builds.approver)

Cloud Build Service Account (roles/cloudbuild.builds.builder)

Cloud Build Editor (roles/cloudbuild.builds.editor)

Cloud Build Viewer (roles/cloudbuild.builds.viewer)

Cloud Build Connection Admin (roles/cloudbuild.connectionAdmin)

Cloud Build Connection Viewer (roles/cloudbuild.connectionViewer)

Cloud Build Integrations Editor (roles/cloudbuild.integrationsEditor)

Cloud Build Integrations Owner (roles/cloudbuild.integrationsOwner)

Cloud Build Integrations Viewer (roles/cloudbuild.integrationsViewer)

Cloud Build WorkerPool Editor (roles/cloudbuild.workerPoolEditor)

Cloud Build WorkerPool Owner (roles/cloudbuild.workerPoolOwner)

Cloud Build WorkerPool Viewer (roles/cloudbuild.workerPoolViewer)

Firebase Remote Config Admin (roles/cloudconfig.admin)

Firebase Remote Config Viewer (roles/cloudconfig.viewer)

Cloud Deploy Admin (roles/clouddeploy.admin)

Cloud Deploy Approver (roles/clouddeploy.approver)

Cloud Deploy Custom Target Type Admin (roles/clouddeploy.customTargetTypeAdmin)

Cloud Deploy Developer (roles/clouddeploy.developer)

Cloud Deploy Operator (roles/clouddeploy.operator)

Cloud Deploy Policy Admin (roles/clouddeploy.policyAdmin)

Cloud Deploy Policy Overrider (roles/clouddeploy.policyOverrider)

Cloud Deploy Releaser (roles/clouddeploy.releaser)

Cloud Deploy Viewer (roles/clouddeploy.viewer)

Cloud Functions Admin (roles/cloudfunctions.admin)

Cloud Functions Developer (roles/cloudfunctions.developer)

Cloud Functions Viewer (roles/cloudfunctions.viewer)

Cloud Hub Operator (roles/cloudhub.operator)

Cloud Talent Solution Admin (roles/cloudjobdiscovery.admin)

Cloud Talent Solution Job Editor (roles/cloudjobdiscovery.jobsEditor)

Cloud Talent Solution Job Viewer (roles/cloudjobdiscovery.jobsViewer)

Cloud Talent Solution Profile Editor (roles/cloudjobdiscovery.profilesEditor)

Cloud Talent Solution Profile Viewer (roles/cloudjobdiscovery.profilesViewer)

Cloud KMS CryptoKey Decrypter Via Delegation (roles/cloudkms.cryptoKeyDecrypterViaDelegation)

Cloud KMS CryptoKey Encrypter/Decrypter Via Delegation (roles/cloudkms.cryptoKeyEncrypterDecrypterViaDelegation)

Cloud KMS CryptoKey Encrypter Via Delegation (roles/cloudkms.cryptoKeyEncrypterViaDelegation)

Cloud KMS EkmConnections Admin (roles/cloudkms.ekmConnectionsAdmin)

Cloud KMS Expert Raw AES-CBC Key Manager (roles/cloudkms.expertRawAesCbc)

Cloud KMS Expert Raw AES-CTR Key Manager (roles/cloudkms.expertRawAesCtr)

Cloud KMS Expert Raw PKCS#1 Key Manager (roles/cloudkms.expertRawPKCS1)

Catalog Consumer (roles/cloudprivatecatalog.consumer)

Catalog Admin (roles/cloudprivatecatalogproducer.admin)

Catalog Manager (roles/cloudprivatecatalogproducer.manager)

Catalog Org Admin (roles/cloudprivatecatalogproducer.orgAdmin)

Cloud Profiler User (roles/cloudprofiler.user)

Cloud Quotas Admin (roles/cloudquotas.admin)

Cloud Quotas Viewer (roles/cloudquotas.viewer)

Cloud Scheduler Admin (roles/cloudscheduler.admin)

Cloud Scheduler Job Runner (roles/cloudscheduler.jobRunner)

Cloud Scheduler Viewer (roles/cloudscheduler.viewer)

Web Security Scanner Editor (roles/cloudsecurityscanner.editor)

Cloud SQL Admin (roles/cloudsql.admin)

Cloud SQL Editor (roles/cloudsql.editor)

Cloud SQL Viewer (roles/cloudsql.viewer)

Tech Support Editor (roles/cloudsupport.techSupportEditor)

Tech Support Viewer (roles/cloudsupport.techSupportViewer)

Cloud Tasks Admin (roles/cloudtasks.admin)

Cloud Tasks Enqueuer (roles/cloudtasks.enqueuer)

Cloud Tasks Queue Admin (roles/cloudtasks.queueAdmin)

Cloud Tasks Task Deleter (roles/cloudtasks.taskDeleter)

Cloud Tasks Task Runner (roles/cloudtasks.taskRunner)

Cloud Tasks Viewer (roles/cloudtasks.viewer)

Firebase Test Lab Direct Access Admin (roles/cloudtestservice.directAccessAdmin)

Firebase Test Lab Direct Access Viewer (roles/cloudtestservice.directAccessViewer)

Firebase Test Lab Admin (roles/cloudtestservice.testAdmin)

Firebase Test Lab Viewer (roles/cloudtestservice.testViewer)

Cloud Trace Admin (roles/cloudtrace.admin)

Cloud Trace User (roles/cloudtrace.user)

Cloud Translation API Admin (roles/cloudtranslate.admin)

Cloud Translation API Editor (roles/cloudtranslate.editor)

Cloud Translation API User (roles/cloudtranslate.user)

Cloud Translation API Viewer (roles/cloudtranslate.viewer)

Commerce Agreement Publishing Admin (roles/commerceagreementpublishing.admin)

Commerce Agreement Publishing Viewer (roles/commerceagreementpublishing.viewer)

Commerce Business Enablement Configuration Admin (roles/commercebusinessenablement.admin)

Commerce Business Enablement PaymentConfig Admin (roles/commercebusinessenablement.paymentConfigAdmin)

Commerce Business Enablement PaymentConfig Viewer (roles/commercebusinessenablement.paymentConfigViewer)

Commerce Business Enablement Reseller Discount Admin (roles/commercebusinessenablement.resellerDiscountAdmin)

Commerce Business Enablement Reseller Discount Viewer (roles/commercebusinessenablement.resellerDiscountViewer)

Commerce Business Enablement Configuration Viewer (roles/commercebusinessenablement.viewer)

Commerce Organization Governance Admin (roles/commerceorggovernance.admin)

Governed Marketplace User (roles/commerceorggovernance.user)

Commerce Organization Governance Viewer (roles/commerceorggovernance.viewer)

Commerce Price Management Events Viewer (roles/commercepricemanagement.eventsViewer)

Commerce Price Management Private Offers Admin (roles/commercepricemanagement.privateOffersAdmin)

Commerce Price Management Viewer (roles/commercepricemanagement.viewer)

Commerce Producer Admin (roles/commerceproducer.admin)

Commerce Producer Viewer (roles/commerceproducer.viewer)

Environment and Storage Object Administrator (roles/composer.environmentAndStorageObjectAdmin)

Environment and Storage Object User (roles/composer.environmentAndStorageObjectUser)

Environment and Storage Object Viewer (roles/composer.environmentAndStorageObjectViewer)

Composer Worker (roles/composer.worker)

Compute Admin (roles/compute.admin)

Compute Image User (roles/compute.imageUser)

Compute Instance Admin (beta) (roles/compute.instanceAdmin)

Compute Instance Admin (v1) (roles/compute.instanceAdmin.v1)

Compute Load Balancer Admin (roles/compute.loadBalancerAdmin)

Compute Load Balancer Services User (roles/compute.loadBalancerServiceUser)

Compute Network Admin (roles/compute.networkAdmin)

Compute Network User (roles/compute.networkUser)

Compute Network Viewer (roles/compute.networkViewer)

Compute Organization Firewall Policy Admin (roles/compute.orgFirewallPolicyAdmin)

Compute Organization Firewall Policy User (roles/compute.orgFirewallPolicyUser)

Compute Organization Security Policy Admin (roles/compute.orgSecurityPolicyAdmin)

Compute Organization Security Policy User (roles/compute.orgSecurityPolicyUser)

Compute Organization Resource Admin (roles/compute.orgSecurityResourceAdmin)

Compute OS Admin Login (roles/compute.osAdminLogin)

Compute OS Login (roles/compute.osLogin)

Compute packet mirroring admin (roles/compute.packetMirroringAdmin)

Compute packet mirroring user (roles/compute.packetMirroringUser)

Compute Public IP Admin (roles/compute.publicIpAdmin)

Compute Security Admin (roles/compute.securityAdmin)

Compute Storage Admin (roles/compute.storageAdmin)

Compute Viewer (roles/compute.viewer)

Compute Shared VPC Admin (roles/compute.xpnAdmin)

Cloud Infrastructure Manager Admin (roles/config.admin)

Cloud Infrastructure Manager Viewer (roles/config.viewer)

ConfigDelivery Admin (roles/configdelivery.configDeliveryAdmin)

ConfigDelivery Viewer (roles/configdelivery.configDeliveryViewer)

Config Delivery Resource Bundle Publisher (roles/configdelivery.resourceBundlePublisher)

Connector Admin (roles/connectors.admin)

Connectors Viewer (roles/connectors.viewer)

Consumer Procurement Entitlement Manager (roles/consumerprocurement.entitlementManager)

Consumer Procurement Entitlement Viewer (roles/consumerprocurement.entitlementViewer)

Consumer Procurement Administrator (roles/consumerprocurement.procurementAdmin)

Consumer Procurement Viewer (roles/consumerprocurement.procurementViewer)

Contact Center AI Platform Admin (roles/contactcenteraiplatform.admin)

Contact Center AI Platform Viewer (roles/contactcenteraiplatform.viewer)

Kubernetes Engine Admin (roles/container.admin)

Kubernetes Engine Cluster Admin (roles/container.clusterAdmin)

Kubernetes Engine Cluster Viewer (roles/container.clusterViewer)

Kubernetes Engine Developer (roles/container.developer)

Kubernetes Engine Viewer (roles/container.viewer)

Container Analysis Admin (roles/containeranalysis.admin)

Container Analysis Notes Editor (roles/containeranalysis.notes.editor)

Container Analysis Notes Viewer (roles/containeranalysis.notes.viewer)

Container Analysis Occurrences Editor (roles/containeranalysis.occurrences.editor)

Container Analysis Occurrences Viewer (roles/containeranalysis.occurrences.viewer)

GKE Security Posture Viewer (roles/containersecurity.viewer)

Content Warehouse Admin (roles/contentwarehouse.admin)

Content Warehouse Document Admin (roles/contentwarehouse.documentAdmin)

Content Warehouse document creator (roles/contentwarehouse.documentCreator)

Content Warehouse Document Editor (roles/contentwarehouse.documentEditor)

Content Warehouse document schema viewer (roles/contentwarehouse.documentSchemaViewer)

Content Warehouse Viewer (roles/contentwarehouse.documentViewer)

Database Center Admin (roles/databasecenter.admin)

Database Center Viewer (roles/databasecenter.viewer)

Database Insights monitoring viewer (roles/databaseinsights.monitoringViewer)

Database Insights recommendation viewer (roles/databaseinsights.recommendationViewer)

Database Insights viewer (roles/databaseinsights.viewer)

Studio Query Admin (roles/databasesconsole.studioQueryAdmin)

Studio Query User (roles/databasesconsole.studioQueryUser)

Data Catalog Admin (roles/datacatalog.admin)

Policy Tag Admin (roles/datacatalog.categoryAdmin)

DataCatalog Data Steward (roles/datacatalog.dataSteward)

DataCatalog EntryGroup Creator (roles/datacatalog.entryGroupCreator)

DataCatalog EntryGroup Owner (roles/datacatalog.entryGroupOwner)

DataCatalog Entry Owner (roles/datacatalog.entryOwner)

DataCatalog Entry Viewer (roles/datacatalog.entryViewer)

DataCatalog Migration Config Admin (roles/datacatalog.migrationConfigAdmin)

DataCatalog Search Admin (roles/datacatalog.searchAdmin)

Data Catalog TagTemplate Owner (roles/datacatalog.tagTemplateOwner)

Data Catalog TagTemplate User (roles/datacatalog.tagTemplateUser)

Data Catalog TagTemplate Viewer (roles/datacatalog.tagTemplateViewer)

Data Catalog Viewer (roles/datacatalog.viewer)

Connector Admin (roles/dataconnectors.connectorAdmin)

Dataflow Admin (roles/dataflow.admin)

Dataflow Developer (roles/dataflow.developer)

Dataflow Viewer (roles/dataflow.viewer)

Dataform Admin (roles/dataform.admin)

Code Creator (roles/dataform.codeCreator)

Code Editor (roles/dataform.codeEditor)

Code Owner (roles/dataform.codeOwner)

Code Viewer (roles/dataform.codeViewer)

Dataform Editor (roles/dataform.editor)

Dataform Viewer (roles/dataform.viewer)

Cloud Data Fusion Accessor (roles/datafusion.accessor)

Cloud Data Fusion Admin (roles/datafusion.admin)

Cloud Data Fusion Developer (roles/datafusion.developer)

Cloud Data Fusion Operator (roles/datafusion.operator)

Cloud Data Fusion Viewer (roles/datafusion.viewer)

Data Labeling Service Admin (roles/datalabeling.admin)

Data Labeling Service Editor (roles/datalabeling.editor)

Data Labeling Service Viewer (roles/datalabeling.viewer)

Data Lineage Administrator (roles/datalineage.admin)

Data Lineage Editor (roles/datalineage.editor)

Data Lineage Events Producer (roles/datalineage.producer)

Data Lineage Viewer (roles/datalineage.viewer)

Database Migration Admin (roles/datamigration.admin)

Data pipelines Admin (roles/datapipelines.admin)

Data pipelines Invoker (roles/datapipelines.invoker)

Data pipelines Viewer (roles/datapipelines.viewer)

Dataplex Administrator (roles/dataplex.admin)

Dataplex Aspect Type Owner (roles/dataplex.aspectTypeOwner)

Dataplex Aspect Type User (roles/dataplex.aspectTypeUser)

Dataplex Catalog Admin (roles/dataplex.catalogAdmin)

Dataplex Catalog Editor (roles/dataplex.catalogEditor)

Dataplex Catalog Viewer (roles/dataplex.catalogViewer)

Dataplex Entry Group Exporter (roles/dataplex.entryGroupExporter)

Dataplex Entry Group Importer (roles/dataplex.entryGroupImporter)

Dataplex Entry Group Owner (roles/dataplex.entryGroupOwner)

Dataplex Entry and EntryLink Owner (roles/dataplex.entryOwner)

Dataplex Entry Type Owner (roles/dataplex.entryTypeOwner)

Dataplex Entry Type User (roles/dataplex.entryTypeUser)

Dataplex Metadata Job Owner (roles/dataplex.metadataJobOwner)

Dataplex Metadata Job Viewer (roles/dataplex.metadataJobViewer)

Dataplex Metadata Reader (roles/dataplex.metadataReader)

Dataplex Metadata Writer (roles/dataplex.metadataWriter)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Dataproc Hub Agent (roles/dataproc.hubAgent)

Dataproc Serverless Editor (roles/dataproc.serverlessEditor)

Dataproc Serverless Viewer (roles/dataproc.serverlessViewer)

Dataproc Viewer (roles/dataproc.viewer)

Dataproc Resource Manager Admin (roles/dataprocrm.admin)

Dataproc Resource Manager Viewer (roles/dataprocrm.viewer)

Cloud Datastore Bulk Admin (roles/datastore.bulkAdmin)

Cloud Datastore Import Export Admin (roles/datastore.importExportAdmin)

Cloud Datastore Index Admin (roles/datastore.indexAdmin)

Cloud Datastore Key Visualizer Viewer (roles/datastore.keyVisualizerViewer)

Cloud Datastore Owner (roles/datastore.owner)

Cloud Datastore User (roles/datastore.user)

Cloud Datastore Viewer (roles/datastore.viewer)

Datastream Admin (roles/datastream.admin)

Datastream Viewer (roles/datastream.viewer)

Data Studio Admin (roles/datastudio.admin)

Dell EMC Cloud OneFS Admin (roles/dellemccloudonefs.admin)

Dell EMC Cloud OneFS User (roles/dellemccloudonefs.user)

Dell EMC Cloud OneFS Viewer (roles/dellemccloudonefs.viewer)

Deployment Manager Editor (roles/deploymentmanager.editor)

Deployment Manager Type Editor (roles/deploymentmanager.typeEditor)

Deployment Manager Type Viewer (roles/deploymentmanager.typeViewer)

Deployment Manager Viewer (roles/deploymentmanager.viewer)

Application Design Center Admin (roles/designcenter.admin)

Application Admin (roles/designcenter.applicationAdmin)

Application Editor (roles/designcenter.applicationEditor)

Application Viewer (roles/designcenter.applicationViewer)

Application Design Center User (roles/designcenter.user)

Application Design Center Viewer (roles/designcenter.viewer)

Developer Connect Admin (roles/developerconnect.admin)

Developer Connect OAuth Admin (roles/developerconnect.oauthAdmin)

Developer Connect OAuth User (roles/developerconnect.oauthUser)

Developer Connect User (roles/developerconnect.user)

Developer Connect Viewer (roles/developerconnect.viewer)

Device Streaming Admin (roles/devicestreaming.admin)

Device Streaming Viewer (roles/devicestreaming.viewer)

CX Premium Admin (roles/dialogflow.aamAdmin)

CX Premium Conversational Architect (roles/dialogflow.aamConversationalArchitect)

CX Premium Dialog Designer (roles/dialogflow.aamDialogDesigner)

CX Premium Lead Dialog Designer (roles/dialogflow.aamLeadDialogDesigner)

CX Premium Viewer (roles/dialogflow.aamViewer)

Dialogflow Console Simulator User (roles/dialogflow.consoleSimulatorUser)

Dialogflow Console Smart Messaging Allowlist Editor (roles/dialogflow.consoleSmartMessagingAllowlistEditor)

Discovery Engine Admin (roles/discoveryengine.admin)

Discovery Engine Editor (roles/discoveryengine.editor)

Cloud NotebookLM Admin (roles/discoveryengine.notebookLmOwner)

Cloud NotebookLM User (roles/discoveryengine.notebookLmUser)

Discovery Engine Viewer (roles/discoveryengine.viewer)

DLP Administrator (roles/dlp.admin)

DLP Connections Admin (roles/dlp.connectionsAdmin)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

DLP Subscription Admin (roles/dlp.subscriptionsAdmin)

DNS Administrator (roles/dns.admin)

DNS Reader (roles/dns.reader)

Document AI Administrator (roles/documentai.admin)

Document AI Editor (roles/documentai.editor)

Document AI Viewer (roles/documentai.viewer)

Cloud Domains Admin (roles/domains.admin)

Cloud Domains Viewer (roles/domains.viewer)

Earth Engine Resource Admin (roles/earthengine.admin)

Earth Engine Resource Viewer (roles/earthengine.viewer)

Earth Engine Resource Writer (roles/earthengine.writer)

Edge Container Admin (roles/edgecontainer.admin)

Edge Container Machine User (roles/edgecontainer.machineUser)

Edge Container Cluster offline Credential User (roles/edgecontainer.offlineCredentialUser)

Edge Container Viewer (roles/edgecontainer.viewer)

Edge Network Admin (roles/edgenetwork.admin)

Edge Network Viewer (roles/edgenetwork.viewer)

Enterprise Knowledge Graph Admin (roles/enterpriseknowledgegraph.admin)

Enterprise Knowledge Graph Editor (roles/enterpriseknowledgegraph.editor)

Enterprise Knowledge Graph Viewer (roles/enterpriseknowledgegraph.viewer)

Enterprise Purchasing Admin (roles/enterprisepurchasing.admin)

Enterprise Purchasing Editor (roles/enterprisepurchasing.editor)

Enterprise Purchasing Viewer (roles/enterprisepurchasing.viewer)

Error Reporting Admin (roles/errorreporting.admin)

Error Reporting User (roles/errorreporting.user)

Error Reporting Viewer (roles/errorreporting.viewer)

Eventarc Admin (roles/eventarc.admin)

Eventarc Connection Publisher (roles/eventarc.connectionPublisher)

Eventarc Developer (roles/eventarc.developer)

Eventarc Publisher (roles/eventarc.publisher)

Eventarc Viewer (roles/eventarc.viewer)

Financial Services Admin (roles/financialservices.admin)

Financial Services Viewer (roles/financialservices.viewer)

Firebase Admin (roles/firebase.admin)

Firebase Analytics Admin (roles/firebase.analyticsAdmin)

Firebase Analytics Viewer (roles/firebase.analyticsViewer)

Firebase Develop Admin (roles/firebase.developAdmin)

Firebase Develop Viewer (roles/firebase.developViewer)

Firebase Grow Admin (roles/firebase.growthAdmin)

Firebase Grow Viewer (roles/firebase.growthViewer)

Firebase Quality Admin (roles/firebase.qualityAdmin)

Firebase Quality Viewer (roles/firebase.qualityViewer)

Firebase Admin SDK Administrator Service Agent (roles/firebase.sdkAdminServiceAgent)

Firebase Viewer (roles/firebase.viewer)

Firebase A/B Testing Admin (roles/firebaseabt.admin)

Firebase A/B Testing Viewer (roles/firebaseabt.viewer)

Firebase App Distribution Admin (roles/firebaseappdistro.admin)

Firebase App Distribution Viewer (roles/firebaseappdistro.viewer)

Firebase Authentication Admin (roles/firebaseauth.admin)

Firebase Authentication Viewer (roles/firebaseauth.viewer)

Firebase Cloud Messaging API Admin (roles/firebasecloudmessaging.admin)

Firebase Crashlytics Admin (roles/firebasecrashlytics.admin)

Firebase Crashlytics Viewer (roles/firebasecrashlytics.viewer)

Firebase Realtime Database Admin (roles/firebasedatabase.admin)

Firebase Realtime Database Viewer (roles/firebasedatabase.viewer)

Firebase Data Connect API Admin (roles/firebasedataconnect.admin)

Firebase Data Connect API Viewer (roles/firebasedataconnect.viewer)

Firebase Dynamic Links Admin (roles/firebasedynamiclinks.admin)

Firebase Dynamic Links Viewer (roles/firebasedynamiclinks.viewer)

Firebase Extensions Developer (roles/firebaseextensions.developer)

Firebase Extensions Viewer (roles/firebaseextensions.viewer)

Firebase Extensions Publisher - Extensions Admin (roles/firebaseextensionspublisher.extensionsAdmin)

Firebase Extensions Publisher - Extensions Viewer (roles/firebaseextensionspublisher.extensionsViewer)

Firebase Hosting Admin (roles/firebasehosting.admin)

Firebase Hosting Viewer (roles/firebasehosting.viewer)

Firebase In-App Messaging Admin (roles/firebaseinappmessaging.admin)

Firebase In-App Messaging Viewer (roles/firebaseinappmessaging.viewer)

Firebase ML Kit Admin (roles/firebaseml.admin)

Firebase ML Kit Viewer (roles/firebaseml.viewer)

Firebase Extensions API Service Agent (roles/firebasemods.serviceAgent)

Firebase Cloud Messaging Admin (roles/firebasenotifications.admin)

Firebase Cloud Messaging Viewer (roles/firebasenotifications.viewer)

Firebase Performance Reporting Admin (roles/firebaseperformance.admin)

Firebase Performance Reporting Viewer (roles/firebaseperformance.viewer)

Firebase Rules Admin (roles/firebaserules.admin)

Firebase Rules System (roles/firebaserules.system)

Firebase Rules Viewer (roles/firebaserules.viewer)

Cloud Storage for Firebase Admin (roles/firebasestorage.admin)

Cloud Storage for Firebase Viewer (roles/firebasestorage.viewer)

Firebase Vertex AI Admin (roles/firebasevertexai.admin)

Firebase Vertex AI Viewer (roles/firebasevertexai.viewer)

Fleet Engine Delivery Admin (roles/fleetengine.deliveryAdmin)

Fleet Engine Delivery Super User (roles/fleetengine.deliverySuperUser)

Fleet Engine On-Demand Admin (roles/fleetengine.ondemandAdmin)

Fleet Engine Service Super User (roles/fleetengine.serviceSuperUser)

GDC Hardware Management Admin (roles/gdchardwaremanagement.admin)

GDC Hardware Management Operator (roles/gdchardwaremanagement.operator)

GDC Hardware Management Reader (roles/gdchardwaremanagement.reader)

Gemini Cloud Assist Investigation Admin (roles/geminicloudassist.investigationAdmin)

Gemini Cloud Assist Investigation Creator (roles/geminicloudassist.investigationCreator)

Gemini Cloud Assist Investigation Editor (roles/geminicloudassist.investigationEditor)

Gemini Cloud Assist Investigation Owner (roles/geminicloudassist.investigationOwner)

Gemini Cloud Assist Investigation User (roles/geminicloudassist.investigationUser)

Gemini Cloud Assist Investigation Viewer (roles/geminicloudassist.investigationViewer)

Gemini Cloud Assist User (roles/geminicloudassist.user)

Backup for GKE Admin (roles/gkebackup.admin)

Backup for GKE Backup Admin (roles/gkebackup.backupAdmin)

Backup for GKE Restore Admin (roles/gkebackup.restoreAdmin)

Backup for GKE Viewer (roles/gkebackup.viewer)

Fleet Admin (formerly GKE Hub Admin) (roles/gkehub.admin)

Fleet Editor (formerly GKE Hub Editor) (roles/gkehub.editor)

Fleet Project-level Scope Editor (roles/gkehub.scopeEditorProjectLevel)

Fleet Project-level Scope Viewer (roles/gkehub.scopeViewerProjectLevel)

Fleet Viewer (formerly GKE Hub Viewer) (roles/gkehub.viewer)

Anthos Multi-cloud Admin (roles/gkemulticloud.admin)

Anthos Multi-cloud Viewer (roles/gkemulticloud.viewer)

GKE on-prem Admin (roles/gkeonprem.admin)

GKE on-prem Viewer (roles/gkeonprem.viewer)

Google Workspace Add-ons Developer (roles/gsuiteaddons.developer)

Google Workspace Add-ons Reader (roles/gsuiteaddons.reader)

Google Workspace Add-ons Tester (roles/gsuiteaddons.tester)

Healthcare Annotation Editor (roles/healthcare.annotationEditor)

Healthcare Annotation Reader (roles/healthcare.annotationReader)

Healthcare Annotation Administrator (roles/healthcare.annotationStoreAdmin)

Healthcare Annotation Store Viewer (roles/healthcare.annotationStoreViewer)

Healthcare Attribute Definition Editor (roles/healthcare.attributeDefinitionEditor)

Healthcare Attribute Definition Reader (roles/healthcare.attributeDefinitionReader)

Healthcare Consent Artifact Administrator (roles/healthcare.consentArtifactAdmin)

Healthcare Consent Artifact Editor (roles/healthcare.consentArtifactEditor)

Healthcare Consent Artifact Reader (roles/healthcare.consentArtifactReader)

Healthcare Consent Editor (roles/healthcare.consentEditor)

Healthcare Consent Reader (roles/healthcare.consentReader)

Healthcare Consent Store Administrator (roles/healthcare.consentStoreAdmin)

Healthcare Consent Store Viewer (roles/healthcare.consentStoreViewer)

Healthcare Dataset Administrator (roles/healthcare.datasetAdmin)

Healthcare Dataset Viewer (roles/healthcare.datasetViewer)

Healthcare DICOM Editor (roles/healthcare.dicomEditor)

Healthcare DICOM Store Administrator (roles/healthcare.dicomStoreAdmin)

Healthcare DICOM Store Viewer (roles/healthcare.dicomStoreViewer)

Healthcare DICOM Viewer (roles/healthcare.dicomViewer)

Healthcare FHIR Resource Editor (roles/healthcare.fhirResourceEditor)

Healthcare FHIR Resource Reader (roles/healthcare.fhirResourceReader)

Healthcare FHIR Store Administrator (roles/healthcare.fhirStoreAdmin)

Healthcare FHIR Store Viewer (roles/healthcare.fhirStoreViewer)

Healthcare HL7v2 Message Consumer (roles/healthcare.hl7V2Consumer)

Healthcare HL7v2 Message Editor (roles/healthcare.hl7V2Editor)

Healthcare HL7v2 Message Ingest (roles/healthcare.hl7V2Ingest)

Healthcare HL7v2 Store Administrator (roles/healthcare.hl7V2StoreAdmin)

Healthcare HL7v2 Store Viewer (roles/healthcare.hl7V2StoreViewer)

Healthcare NLP Service Viewer (roles/healthcare.nlpServiceViewer)

Healthcare User Data Mapping Editor (roles/healthcare.userDataMappingEditor)

Healthcare User Data Mapping Reader (roles/healthcare.userDataMappingReader)

IAM OAuth Client Admin (roles/iam.oauthClientAdmin)

IAM OAuth Client Viewer (roles/iam.oauthClientViewer)

Organization Role Administrator (roles/iam.organizationRoleAdmin)

Organization Role Viewer (roles/iam.organizationRoleViewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Service Account Admin (roles/iam.serviceAccountAdmin)

Create Service Accounts (roles/iam.serviceAccountCreator)

Delete Service Accounts (roles/iam.serviceAccountDeleter)

Service Account Key Admin (roles/iam.serviceAccountKeyAdmin)

Service Account Token Creator (roles/iam.serviceAccountTokenCreator)

Service Account User (roles/iam.serviceAccountUser)

View Service Accounts (roles/iam.serviceAccountViewer)

IAM Workload Identity Pool Admin (roles/iam.workloadIdentityPoolAdmin)

IAM Workload Identity Pool Viewer (roles/iam.workloadIdentityPoolViewer)

Cloud IDS Admin (roles/ids.admin)

Cloud IDS Viewer (roles/ids.viewer)

Apigee Integration Admin (roles/integrations.apigeeIntegrationAdminRole)

Apigee Integration Deployer (roles/integrations.apigeeIntegrationDeployerRole)

Apigee Integration Editor (roles/integrations.apigeeIntegrationEditorRole)

Apigee Integration Invoker (roles/integrations.apigeeIntegrationInvokerRole)

Apigee Integration Viewer (roles/integrations.apigeeIntegrationsViewer)

Apigee Integration Approver (roles/integrations.apigeeSuspensionResolver)

Certificate Viewer (roles/integrations.certificateViewer)

Application Integration Admin (roles/integrations.integrationAdmin)

Application Integration Deployer (roles/integrations.integrationDeployer)

Application Integration Editor (roles/integrations.integrationEditor)

Application Integration Invoker (roles/integrations.integrationInvoker)

Application Integration Viewer (roles/integrations.integrationViewer)

Application Integration SFDC Instance Admin (roles/integrations.sfdcInstanceAdmin)

Application Integration SFDC Instance Editor (roles/integrations.sfdcInstanceEditor)

Application Integration SFDC Instance Viewer (roles/integrations.sfdcInstanceViewer)

Application Integration Approver (roles/integrations.suspensionResolver)

Issuerswitch Account Manager Admin (roles/issuerswitch.accountManagerAdmin)

Issuerswitch Account Manager Transactions Admin (roles/issuerswitch.accountManagerTransactionsAdmin)

Issuerswitch Account Manager Transactions Viewer (roles/issuerswitch.accountManagerTransactionsViewer)

Issuerswitch Admin (roles/issuerswitch.admin)

Issuerswitch Participants Admin (roles/issuerswitch.issuerParticipantsAdmin)

Issuerswitch Resolutions Admin (roles/issuerswitch.resolutionsAdmin)

Issuerswitch Rules Admin (roles/issuerswitch.rulesAdmin)

Issuerswitch Rules Viewer (roles/issuerswitch.rulesViewer)

Issuerswitch Transactions Viewer (roles/issuerswitch.transactionsViewer)

Config Controller Admin (roles/krmapihosting.admin)

Config Controller Viewer (roles/krmapihosting.viewer)

Cloud License Manager Admin (roles/licensemanager.admin)

Cloud License Manager Viewer (roles/licensemanager.viewer)

Cloud Life Sciences Viewer (roles/lifesciences.viewer)

Live Stream Editor (roles/livestream.editor)

Live Stream Viewer (roles/livestream.viewer)

Logging Admin (roles/logging.admin)

Logs Configuration Writer (roles/logging.configWriter)

Looker Admin (roles/looker.admin)

Looker Instance User (roles/looker.instanceUser)

Looker Viewer (roles/looker.viewer)

Looker Studio Pro Manager (roles/lookerstudio.proManager)

Google Cloud Managed Lustre Admin (roles/lustre.admin)

Google Cloud Managed Lustre Viewer (roles/lustre.viewer)

Maintenance API Viewer (roles/maintenance.viewer)

Managed Flink Admin (roles/managedflink.admin)

Managed Flink Developer (roles/managedflink.developer)

Managed Flink Viewer (roles/managedflink.viewer)

Google Cloud Managed Identities Admin (roles/managedidentities.admin)

Google Cloud Managed Identities Backup Admin (roles/managedidentities.backupAdmin)

Google Cloud Managed Identities Backup Viewer (roles/managedidentities.backupViewer)

Google Cloud Managed Identities Domain Admin (roles/managedidentities.domainAdmin)

Google Cloud Managed Identities Peering Admin (roles/managedidentities.peeringAdmin)

Google Cloud Managed Identities Peering Viewer (roles/managedidentities.peeringViewer)

Google Cloud Managed Identities Viewer (roles/managedidentities.viewer)

Managed Kafka Admin (roles/managedkafka.admin)

Managed Kafka Client (roles/managedkafka.client)

Managed Kafka Cluster Editor (roles/managedkafka.clusterEditor)

Managed Kafka Connector Editor (roles/managedkafka.connectorEditor)

Managed Kafka Consumer Group Editor (roles/managedkafka.consumerGroupEditor)

Managed Kafka Topic Editor (roles/managedkafka.topicEditor)

Managed Kafka Viewer (roles/managedkafka.viewer)

Mandiant Attack Surface Management Editor (roles/mandiant.attackSurfaceManagementEditor)

Mandiant Attack Surface Management Viewer (roles/mandiant.attackSurfaceManagementViewer)

Mandiant Digital Threat Monitoring Editor (roles/mandiant.digitalThreatMonitoringEditor)

Mandiant Digital Threat Monitoring Viewer (roles/mandiant.digitalThreatMonitoringViewer)

Mandiant Expertise On Demand Editor (roles/mandiant.expertiseOnDemandEditor)

Mandiant Expertise On Demand Viewer (roles/mandiant.expertiseOnDemandViewer)

Mandiant Threat Intel Editor (roles/mandiant.threatIntelEditor)

Mandiant Threat Intel Viewer (roles/mandiant.threatIntelViewer)

Mandiant Validation Editor (roles/mandiant.validationEditor)

Mandiant Validation Viewer (roles/mandiant.validationViewer)

Maps API Admin (roles/mapsadmin.admin)

Maps API Viewer (roles/mapsadmin.viewer)

Mobility Solutions Overages Viewer (roles/mapsanalytics.mobilitySolutionsOverageViewer)

Maps Analytics Viewer (roles/mapsanalytics.viewer)

Maps Platform Datasets Admin (roles/mapsplatformdatasets.admin)

Maps Platform Datasets Viewer (roles/mapsplatformdatasets.viewer)

Marketplace Solutions Admin (roles/marketplacesolutions.admin)

Marketplace Solutions Editor (roles/marketplacesolutions.editor)

Marketplace Solutions Viewer (roles/marketplacesolutions.viewer)

Cloud Memorystore Memcached Admin (roles/memcache.admin)

Cloud Memorystore Memcached Editor (roles/memcache.editor)

Cloud Memorystore Memcached Viewer (roles/memcache.viewer)

Memorystore Admin (roles/memorystore.admin)

Memorystore Viewer (roles/memorystore.viewer)

Dataproc Metastore Admin (roles/metastore.admin)

Dataproc Metastore Editor (roles/metastore.editor)

Dataproc Metastore Metadata Operator (roles/metastore.metadataOperator)

Dataproc Metastore Viewer (roles/metastore.user)

Migration Center Admin (roles/migrationcenter.admin)

Migration Center Discovery Client Registrator (roles/migrationcenter.discoveryClientRegistrator)

Migration Center Viewer (roles/migrationcenter.viewer)

Model Armor Admin (roles/modelarmor.admin)

Model Armor Callout User (roles/modelarmor.calloutUser)

Model Armor Floor Setting Admin (roles/modelarmor.floorSettingsAdmin)

Model Armor Floor Setting Viewer (roles/modelarmor.floorSettingsViewer)

Model Armor User (roles/modelarmor.user)

Model Armor Viewer (roles/modelarmor.viewer)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring Metrics Scopes Admin (roles/monitoring.metricsScopesAdmin)

Monitoring Metrics Scopes Viewer (roles/monitoring.metricsScopesViewer)

Monitoring Viewer (roles/monitoring.viewer)

Google Home Developer Console Admin (roles/nestconsole.homeDeveloperAdmin)

Google Home Developer Console Editor (roles/nestconsole.homeDeveloperEditor)

Google Home Developer Console Reader (roles/nestconsole.homeDeveloperViewer)

Google Cloud NetApp Volumes Admin (roles/netapp.admin)

Google Cloud NetApp Volumes Viewer (roles/netapp.viewer)

NetApp Cloud Volumes Admin (roles/netappcloudvolumes.admin)

NetApp Cloud Volumes Viewer (roles/netappcloudvolumes.viewer)

Service Automation Consumer Network Admin (roles/networkconnectivity.consumerNetworkAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

Hub & Spoke Viewer (roles/networkconnectivity.hubViewer)

Regional Endpoint Admin (roles/networkconnectivity.regionalEndpointAdmin)

Regional Endpoint Viewer (roles/networkconnectivity.regionalEndpointViewer)

Service Class User (roles/networkconnectivity.serviceClassUser)

Service Automation Service Producer Admin (roles/networkconnectivity.serviceProducerAdmin)

Spoke Admin (roles/networkconnectivity.spokeAdmin)

Network Management Admin (roles/networkmanagement.admin)

Network Management Viewer (roles/networkmanagement.viewer)

Intercept Deployment Admin (roles/networksecurity.interceptDeploymentAdmin)

Intercept Deployment Viewer (roles/networksecurity.interceptDeploymentViewer)

Intercept Endpoint Admin (roles/networksecurity.interceptEndpointAdmin)

Intercept Endpoint Viewer (roles/networksecurity.interceptEndpointViewer)

Mirroring Deployment Admin (roles/networksecurity.mirroringDeploymentAdmin)

Mirroring Deployment Viewer (roles/networksecurity.mirroringDeploymentViewer)

Mirroring Endpoint Admin (roles/networksecurity.mirroringEndpointAdmin)

Mirroring Endpoint Viewer (roles/networksecurity.mirroringEndpointViewer)

Security Profile Admin (roles/networksecurity.securityProfileAdmin)

Service Extensions Admin (roles/networkservices.serviceExtensionsAdmin)

Service Extensions Viewer (roles/networkservices.serviceExtensionsViewer)

Notebooks Admin (roles/notebooks.admin)

Notebooks Legacy Admin (roles/notebooks.legacyAdmin)

Notebooks Legacy Viewer (roles/notebooks.legacyViewer)

Notebooks Runner (roles/notebooks.runner)

Notebooks Viewer (roles/notebooks.viewer)

Oracle Database@Google Cloud admin (roles/oracledatabase.admin)

Oracle Database@Google Cloud Autonomous Database Admin (roles/oracledatabase.autonomousDatabaseAdmin)

Oracle Database@Google Cloud Autonomous Database Viewer (roles/oracledatabase.autonomousDatabaseViewer)

Oracle Database@Google Cloud Exadata Infrastructure Admin (roles/oracledatabase.cloudExadataInfrastructureAdmin)

Oracle Database@Google Cloud Exadata Infrastructure User (roles/oracledatabase.cloudExadataInfrastructureUser)

Oracle Database@Google Cloud Exadata Infrastructure Viewer (roles/oracledatabase.cloudExadataInfrastructureViewer)

Oracle Database@Google Cloud VM Cluster Admin (roles/oracledatabase.cloudVmClusterAdmin)

Oracle Database@Google Cloud VM Cluster Viewer (roles/oracledatabase.cloudVmClusterViewer)

Oracle Database@Google Cloud viewer (roles/oracledatabase.viewer)

GuestPolicy Admin (roles/osconfig.guestPolicyAdmin)

GuestPolicy Editor (roles/osconfig.guestPolicyEditor)

GuestPolicy Viewer (roles/osconfig.guestPolicyViewer)

InstanceOSPoliciesCompliance Viewer (roles/osconfig.instanceOSPoliciesComplianceViewer)

OS Inventory Viewer (roles/osconfig.inventoryViewer)

OSPolicyAssignment Admin (roles/osconfig.osPolicyAssignmentAdmin)

OSPolicyAssignment Editor (roles/osconfig.osPolicyAssignmentEditor)

OSPolicyAssignmentReport Viewer (roles/osconfig.osPolicyAssignmentReportViewer)

OSPolicyAssignment Viewer (roles/osconfig.osPolicyAssignmentViewer)

PatchDeployment Admin (roles/osconfig.patchDeploymentAdmin)

PatchDeployment Viewer (roles/osconfig.patchDeploymentViewer)

Patch Job Executor (roles/osconfig.patchJobExecutor)

Patch Job Viewer (roles/osconfig.patchJobViewer)

Project Feature Settings Editor (roles/osconfig.projectFeatureSettingsEditor)

Project Feature Settings Viewer (roles/osconfig.projectFeatureSettingsViewer)

Upgrade Report Viewer (roles/osconfig.upgradeReportViewer)

OS VulnerabilityReport Viewer (roles/osconfig.vulnerabilityReportViewer)

Parallelstore Admin (roles/parallelstore.admin)

Parallelstore Viewer (roles/parallelstore.viewer)

Parameter Manager Admin (roles/parametermanager.admin)

Parameter Manager Parameter Accessor (roles/parametermanager.parameterAccessor)

Parameter Manager Parameter Version Adder (roles/parametermanager.parameterVersionAdder)

Parameter Manager Parameter Version Manager (roles/parametermanager.parameterVersionManager)

Parameter Manager Parameter Viewer (roles/parametermanager.parameterViewer)

Payments Reseller Admin (roles/paymentsresellersubscription.partnerAdmin)

Payments Reseller Viewer (roles/paymentsresellersubscription.partnerViewer)

Payments Reseller Products Viewer (roles/paymentsresellersubscription.productViewer)

Payments Reseller Promotions Viewer (roles/paymentsresellersubscription.promotionViewer)

Payments Reseller Subscriptions Editor (roles/paymentsresellersubscription.subscriptionEditor)

Payments Reseller Subscriptions Viewer (roles/paymentsresellersubscription.subscriptionViewer)

CA Service Admin (roles/privateca.admin)

CA Service Auditor (roles/privateca.auditor)

CA Service Operation Manager (roles/privateca.caManager)

CA Service Certificate Manager (roles/privateca.certificateManager)

Beacon Attachment Editor (roles/proximitybeacon.attachmentEditor)

Beacon Attachment Publisher (roles/proximitybeacon.attachmentPublisher)

Beacon Attachment Viewer (roles/proximitybeacon.attachmentViewer)

Beacon Editor (roles/proximitybeacon.beaconEditor)

External Account Key Creator (roles/publicca.externalAccountKeyCreator)

Subscription Linking Admin (roles/readerrevenuesubscriptionlinking.admin)

Subscription Linking Viewer (roles/readerrevenuesubscriptionlinking.viewer)

reCAPTCHA Enterprise Admin (roles/recaptchaenterprise.admin)

reCAPTCHA Enterprise Agent (roles/recaptchaenterprise.agent)

reCAPTCHA Enterprise Viewer (roles/recaptchaenterprise.viewer)

AlloyDB Recommender Admin (roles/recommender.alloydbAdmin)

AlloyDB Recommender Viewer (roles/recommender.alloydbViewer)

BigQuery Slot Recommender Admin (roles/recommender.bigQueryCapacityCommitmentsAdmin)

BigQuery Recommender Project Admin (roles/recommender.bigQueryCapacityCommitmentsProjectAdmin)

BigQuery Recommender Project Viewer (roles/recommender.bigQueryCapacityCommitmentsProjectViewer)

BigQuery Slot Recommender Viewer (roles/recommender.bigQueryCapacityCommitmentsViewer)

BigQuery Materialized View Recommender Admin (roles/recommender.bigqueryMaterializedViewAdmin)

BigQuery Materialized View Recommender Viewer (roles/recommender.bigqueryMaterializedViewViewer)

BigQuery Partitioning Clustering Recommender Admin (roles/recommender.bigqueryPartitionClusterAdmin)

BigQuery Partitioning Clustering Recommender Viewer (roles/recommender.bigqueryPartitionClusterViewer)

Bigtable Cluster Performance Recommender Admin (roles/recommender.bigtableClusterPerformanceAdmin)

Bigtable Cluster Performance Recommender Viewer (roles/recommender.bigtableClusterPerformanceViewer)

Cloud Asset Insights Admin (roles/recommender.cloudAssetInsightsAdmin)

Cloud Asset Insights Viewer (roles/recommender.cloudAssetInsightsViewer)

Cloud Cost General Recommendations Recommender Admin (roles/recommender.cloudCostRecommendationAdmin)

Cloud Cost General Recommendations Recommender Viewer (roles/recommender.cloudCostRecommendationViewer)

Cloud Deprecation General Recommender Admin (roles/recommender.cloudDeprecationRecommendationAdmin)

Cloud Deprecation General Recommender Viewer (roles/recommender.cloudDeprecationRecommendationViewer)

Cloud Manageability General Recommendations Recommender Admin (roles/recommender.cloudManageabilityRecommendationAdmin)

Cloud Manageability General Recommendations Recommender Viewer (roles/recommender.cloudManageabilityRecommendationViewer)

Cloud Performance General Recommendations Recommender Admin (roles/recommender.cloudPerformanceRecommendationAdmin)

Cloud Performance General Recommendations Recommender Viewer (roles/recommender.cloudPerformanceRecommendationViewer)

Cloud Reliability General Recommendations Recommender Admin (roles/recommender.cloudReliabilityRecommendationAdmin)

Cloud Reliability General Recommendations Recommender Viewer (roles/recommender.cloudReliabilityRecommendationViewer)

Cloud Security General Recommendations Recommender Admin (roles/recommender.cloudSecurityRecommendationAdmin)

Cloud Security General Recommendations Recommender Viewer (roles/recommender.cloudSecurityRecommendationViewer)

Cloud SQL Recommender Admin (roles/recommender.cloudsqlAdmin)

Cloud SQL Recommender Viewer (roles/recommender.cloudsqlViewer)

Compute Recommender Admin (roles/recommender.computeAdmin)

Compute Recommender Viewer (roles/recommender.computeViewer)

GKE Diagnosis Recommender Admin (roles/recommender.containerDiagnosisAdmin)

GKE Diagnosis Recommender Viewer (roles/recommender.containerDiagnosisViewer)

Dataflow Diagnostics Admin (roles/recommender.dataflowDiagnosticsAdmin)

Dataflow Diagnostics Viewer (roles/recommender.dataflowDiagnosticsViewer)

Error Reporting Recommender Admin (roles/recommender.errorReportingAdmin)

Error Reporting Recommender Viewer (roles/recommender.errorReportingViewer)

Firestore Database Firebase rules Recommender Admin (roles/recommender.firestoredatabasefirebaserulesAdmin)

Firestore Database Firebase rules Recommender Viewer (roles/recommender.firestoredatabasefirebaserulesViewer)

Firestore Database Reliability Recommender Admin (roles/recommender.firestoredatabasereliabilityAdmin)

Firestore Database Reliability Recommender Viewer (roles/recommender.firestoredatabasereliabilityViewer)

Firewall Recommender Admin (roles/recommender.firewallAdmin)

Firewall Recommender Viewer (roles/recommender.firewallViewer)

Google Maps Platform Insights/Recommendations Admin (roles/recommender.gmpAdmin)

Google Maps Platform Insights/Recommendations Viewer (roles/recommender.gmpViewer)

IAM Recommender Admin (roles/recommender.iamAdmin)

IAM Recommender Viewer (roles/recommender.iamViewer)

IAM Policy Change Risk Recommender Admin (roles/recommender.iampolicychangeriskAdmin)

IAM Policy Change Risk Recommender Viewer (roles/recommender.iampolicychangeriskViewer)

Memorystore Manageability Recommender Admin (roles/recommender.memorystoremanageabilityAdmin)

Memorystore Manageability Recommender Viewer (roles/recommender.memorystoremanageabilityViewer)

Memorystore Performance Recommender Admin (roles/recommender.memorystoreperformanceAdmin)

Memorystore Performance Recommender Viewer (roles/recommender.memorystoreperformanceViewer)

Memorystore Reliability Recommender Admin (roles/recommender.memorystorereliabilityAdmin)

Memorystore Reliability Recommender Viewer (roles/recommender.memorystorereliabilityViewer)

Network Analyzer Recommender Admin (roles/recommender.networkAnalyzerAdmin)

Network Analyzer Cloud SQL Recommender Admin (roles/recommender.networkAnalyzerCloudSqlAdmin)

Network Analyzer Cloud SQL Recommender Viewer (roles/recommender.networkAnalyzerCloudSqlViewer)

Network Analyzer Dynamic Route Recommender Admin (roles/recommender.networkAnalyzerDynamicRouteAdmin)

Network Analyzer Dynamic Route Recommender Viewer (roles/recommender.networkAnalyzerDynamicRouteViewer)

Network Analyzer GKE Connectivity Recommender Admin (roles/recommender.networkAnalyzerGkeConnectivityAdmin)

Network Analyzer GKE Connectivity Recommender Viewer (roles/recommender.networkAnalyzerGkeConnectivityViewer)

Network Analyzer GKE IP Address Recommender Admin (roles/recommender.networkAnalyzerGkeIpAddressAdmin)

Network Analyzer GKE IP Address Recommender Viewer (roles/recommender.networkAnalyzerGkeIpAddressViewer)

Network Analyzer GKE Service Account Insights Recommender Admin (roles/recommender.networkAnalyzerGkeServiceAccountAdmin)

Network Analyzer GKE Service Account Insights Recommender Viewer (roles/recommender.networkAnalyzerGkeServiceAccountViewer)

Network Analyzer IP Address Recommender Admin (roles/recommender.networkAnalyzerIpAddressAdmin)

Network Analyzer IP Address Recommender Viewer (roles/recommender.networkAnalyzerIpAddressViewer)

Network Analyzer Load Balancer Recommender Admin (roles/recommender.networkAnalyzerLoadBalancerAdmin)

Network Analyzer Load Balancer Recommender Viewer (roles/recommender.networkAnalyzerLoadBalancerViewer)

Network Analyzer Recommender Viewer (roles/recommender.networkAnalyzerViewer)

Network Analyzer VPC Connectivity Recommender Admin (roles/recommender.networkAnalyzerVpcConnectivityAdmin)

Network Analyzer VPC Connectivity Recommender Viewer (roles/recommender.networkAnalyzerVpcConnectivityViewer)

Org Policy Recommender Admin (roles/recommender.orgPolicyAdmin)

Org Policy Recommender Viewer (roles/recommender.orgPolicyViewer)

Product Suggestion Recommenders Admin (roles/recommender.productSuggestionAdmin)

Product Suggestion Recommenders Viewer (roles/recommender.productSuggestionViewer)

Project Usage Commitment Recommender Admin (roles/recommender.projectCudAdmin)

Project Usage Commitment Recommender Viewer (roles/recommender.projectCudViewer)

Project Utilization Recommender Admin (roles/recommender.projectUtilAdmin)

Project Utilization Recommender Viewer (roles/recommender.projectUtilViewer)

RecentChange RecommenderConfig Admin (roles/recommender.recentChangeConfigAdmin)

Recent Change Risk Recommender Admin (roles/recommender.recentchangeriskAdmin)

Recent Change Risk Recommender Viewer (roles/recommender.recentchangeriskViewer)

Service Limit Recommender Admin (roles/recommender.serviceLimitAdmin)

Service Limit Recommender Viewer (roles/recommender.serviceLimitViewer)

Service Account Change Risk Recommender Admin (roles/recommender.serviceaccntchangeriskAdmin)

Service Account Change Risk Recommender Viewer (roles/recommender.serviceaccntchangeriskViewer)

Spanner Project Reliability Recommender Admin (roles/recommender.spannerAdmin)

Spanner Project Reliability Recommender Viewer (roles/recommender.spannerViewer)

Cloud Memorystore Redis Admin (roles/redis.admin)

Cloud Memorystore Redis Editor (roles/redis.editor)

Cloud Memorystore Redis Viewer (roles/redis.viewer)

Redis Enterprise Cloud Admin (roles/redisenterprisecloud.admin)

Redis Enterprise Cloud Viewer (roles/redisenterprisecloud.viewer)

Folder Admin (roles/resourcemanager.folderAdmin)

Folder Creator (roles/resourcemanager.folderCreator)

Folder Editor (roles/resourcemanager.folderEditor)

Folder Viewer (roles/resourcemanager.folderViewer)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Risk Manager Admin (roles/riskmanager.admin)

Risk Manager Editor (roles/riskmanager.editor)

Risk Manager Report Reviewer (roles/riskmanager.reviewer)

Risk Manager Viewer (roles/riskmanager.viewer)

Rapid Migration Assessment Admin (roles/rma.admin)

Rapid Migration Assessment Runner (roles/rma.runner)

Rapid Migration Assessment Viewer (roles/rma.viewer)

Route Optimization Editor (roles/routeoptimization.editor)

Route Optimization Viewer (roles/routeoptimization.viewer)

Cloud Run Admin (roles/run.admin)

Cloud Run Developer (roles/run.developer)

Cloud Run Source Developer (roles/run.sourceDeveloper)

Cloud Run Source Viewer (roles/run.sourceViewer)

Cloud Run Viewer (roles/run.viewer)

Serverless Integrations Developer (roles/runapps.developer)

Serverless Integrations Operator (roles/runapps.operator)

Serverless Integrations Viewer (roles/runapps.viewer)

SaaS Service Management Admin (roles/saasservicemgmt.admin)

SaaS Service Management Viewer (roles/saasservicemgmt.viewer)

Secret Manager Admin (roles/secretmanager.admin)

Secret Manager Secret Accessor (roles/secretmanager.secretAccessor)

Secret Manager Secret Version Adder (roles/secretmanager.secretVersionAdder)

Secret Manager Secret Version Manager (roles/secretmanager.secretVersionManager)

Secret Manager Viewer (roles/secretmanager.viewer)

Overwatch Activator (roles/securedlandingzone.overwatchActivator)

Overwatch Admin (roles/securedlandingzone.overwatchAdmin)

Overwatch Viewer (roles/securedlandingzone.overwatchViewer)

Secure Source Manager Admin (roles/securesourcemanager.admin)

Secure Source Manager Instance Accessor (roles/securesourcemanager.instanceAccessor)

Secure Source Manager Instance Manager (roles/securesourcemanager.instanceManager)

Secure Source Manager Instance Owner (roles/securesourcemanager.instanceOwner)

Secure Source Manager Instance Repository Creator (roles/securesourcemanager.instanceRepositoryCreator)

Secure Source Manager Repository Admin (roles/securesourcemanager.repoAdmin)

Secure Source Manager Repository Creator (roles/securesourcemanager.repoCreator)

Secure Source Manager Repository Pull Request Approver (roles/securesourcemanager.repoPullRequestApprover)

Secure Source Manager Repository Reader (roles/securesourcemanager.repoReader)

Secure Source Manager Repository Writer (roles/securesourcemanager.repoWriter)

Secure Source Manager SSH Key User (roles/securesourcemanager.sshKeyUser)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Security Center BigQuery Exports Editor (roles/securitycenter.bigQueryExportsEditor)

Security Center BigQuery Exports Viewer (roles/securitycenter.bigQueryExportsViewer)

Security Center Settings Admin (roles/securitycenter.settingsAdmin)

Security Center Settings Editor (roles/securitycenter.settingsEditor)

Security Center Settings Viewer (roles/securitycenter.settingsViewer)

Security Center Management Admin (roles/securitycentermanagement.admin)

Security Center Management Custom Modules Editor (roles/securitycentermanagement.customModulesEditor)

Security Center Management Custom Modules Viewer (roles/securitycentermanagement.customModulesViewer)

Security Center Management Custom ETD Modules Editor (roles/securitycentermanagement.etdCustomModulesEditor)

Security Center Management ETD Custom Modules Viewer (roles/securitycentermanagement.etdCustomModulesViewer)

Security Center Management Settings Editor (roles/securitycentermanagement.settingsEditor)

Security Center Management Settings Viewer (roles/securitycentermanagement.settingsViewer)

Security Center Management SHA Custom Modules Editor (roles/securitycentermanagement.shaCustomModulesEditor)

Security Center Management SHA Custom Modules Viewer (roles/securitycentermanagement.shaCustomModulesViewer)

Security Center Management Viewer (roles/securitycentermanagement.viewer)

Cloud Run Service Agent (roles/serverless.serviceAgent)

Service Directory Admin (roles/servicedirectory.admin)

Service Directory Editor (roles/servicedirectory.editor)

Service Directory Network Attacher (roles/servicedirectory.networkAttacher)

Private Service Connect Authorized Service (roles/servicedirectory.pscAuthorizedService)

Service Directory Viewer (roles/servicedirectory.viewer)

Personalized Service Health Viewer (roles/servicehealth.viewer)

Service Management Administrator (roles/servicemanagement.admin)

Quota Administrator (roles/servicemanagement.quotaAdmin)

Cloud Spanner Admin (roles/spanner.admin)

Cloud Spanner Backup Admin (roles/spanner.backupAdmin)

Cloud Spanner Database Admin (roles/spanner.databaseAdmin)

Cloud Spanner Restore Admin (roles/spanner.restoreAdmin)

Cloud Spanner Viewer (roles/spanner.viewer)

Stackdriver Accounts Editor (roles/stackdriver.accounts.editor)

Stackdriver Accounts Viewer (roles/stackdriver.accounts.viewer)

Storage Admin (roles/storage.admin)

Storage Folder Admin (roles/storage.folderAdmin)

Storage HMAC Key Admin (roles/storage.hmacKeyAdmin)

Storage Insights Collector Service (roles/storage.insightsCollectorService)

Storage Object Admin (roles/storage.objectAdmin)

Storage Object Creator (roles/storage.objectCreator)

Storage Object User (roles/storage.objectUser)

Storage Object Viewer (roles/storage.objectViewer)

Storage Insights Admin (roles/storageinsights.admin)

Storage Insights Analyst (roles/storageinsights.analyst)

Storage Insights Viewer (roles/storageinsights.viewer)

Storage Transfer Admin (roles/storagetransfer.admin)

Storage Transfer User (roles/storagetransfer.user)

Storage Transfer Viewer (roles/storagetransfer.viewer)

Stream Admin (roles/stream.admin)

Stream Content Admin (roles/stream.contentAdmin)

Stream Content Builder (roles/stream.contentBuilder)

Stream Instance Admin (roles/stream.instanceAdmin)

Stream Viewer (roles/stream.viewer)

Subscribe with Google Developer (roles/subscribewithgoogledeveloper.developer)

TPU Admin (roles/tpu.admin)

TPU Viewer (roles/tpu.viewer)

Transcoder Admin (roles/transcoder.admin)

Transcoder Viewer (roles/transcoder.viewer)

Transfer Appliance Admin (roles/transferappliance.admin)

Transfer Appliance Viewer (roles/transferappliance.viewer)

Translation Hub Admin (roles/translationhub.admin)

Translation Hub Portal User (roles/translationhub.portalUser)

Video Stitcher Admin (roles/videostitcher.admin)

Video Stitcher User (roles/videostitcher.user)

Video Stitcher Viewer (roles/videostitcher.viewer)

VisionAI Admin (roles/visionai.admin)

VisionAI Editor (roles/visionai.editor)

VisionAI Viewer (roles/visionai.viewer)

VM Migration Administrator (roles/vmmigration.admin)

VM Migration Viewer (roles/vmmigration.viewer)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

Serverless VPC Access Admin (roles/vpcaccess.admin)

Serverless VPC Access User (roles/vpcaccess.user)

Serverless VPC Access Viewer (roles/vpcaccess.viewer)

Workflows Admin (roles/workflows.admin)

Workflows Editor (roles/workflows.editor)

Workflows Invoker (roles/workflows.invoker)

Workflows Viewer (roles/workflows.viewer)

Workload Certificate Admin (roles/workloadcertificate.admin)

Workload Certificate Registration Admin (roles/workloadcertificate.registrationAdmin)

Workload Certificate Registration Viewer (roles/workloadcertificate.registrationViewer)

Workload Certificate Viewer (roles/workloadcertificate.viewer)

Workload Manager Admin (roles/workloadmanager.admin)

Workload Manager Deployment Admin (roles/workloadmanager.deploymentAdmin)

Workload Manager Deployment Viewer (roles/workloadmanager.deploymentViewer)

Workload Manager Evaluation Admin (roles/workloadmanager.evaluationAdmin)

Workload Manager Evaluation Viewer (roles/workloadmanager.evaluationViewer)

Workload Manager Viewer (roles/workloadmanager.viewer)

Workload Manager Worker (roles/workloadmanager.worker)

Workload Manager Workload Viewer (roles/workloadmanager.workloadViewer)

Cloud Workstations Admin (roles/workstations.admin)

Cloud Workstations Creator (roles/workstations.workstationCreator)

Cloud Workstations Limit Exempted Creator (roles/workstations.workstationLimitExemptedCreator)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Folder Admin (roles/resourcemanager.folderAdmin)

Folder Mover (roles/resourcemanager.folderMover)

Project Mover (roles/resourcemanager.projectMover)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Folder Admin (roles/resourcemanager.folderAdmin)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Project IAM Admin (roles/resourcemanager.projectIamAdmin)

Owner (roles/owner)

Security Admin (roles/iam.securityAdmin)

Folder Admin (roles/resourcemanager.folderAdmin)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Project IAM Admin (roles/resourcemanager.projectIamAdmin)

Service agent roles

Owner (roles/owner)

Owner (roles/owner)

Editor (roles/editor)

Firebase Admin SDK Administrator Service Agent (roles/firebase.sdkAdminServiceAgent)

Project Mover (roles/resourcemanager.projectMover)

SLZ BQDW Blueprint Project Level Remediator (roles/securedlandingzone.bqdwProjectRemediator)

Service agent roles

Owner (roles/owner)

Firebase Extensions API Service Agent (roles/firebasemods.serviceAgent)

Looker Studio Pro Manager (roles/lookerstudio.proManager)

Project Lien Modifier (roles/resourcemanager.lienModifier)

Service agent roles

Owner (roles/owner)

Folder Admin (roles/resourcemanager.folderAdmin)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Project IAM Admin (roles/resourcemanager.projectIamAdmin)

Owner (roles/owner)

Editor (roles/editor)

Tag Administrator (roles/resourcemanager.tagAdmin)

Tag Hold Administrator (roles/resourcemanager.tagHoldAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Tag Administrator (roles/resourcemanager.tagAdmin)

Tag Hold Administrator (roles/resourcemanager.tagHoldAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Tag Administrator (roles/resourcemanager.tagAdmin)

Tag Hold Administrator (roles/resourcemanager.tagHoldAdmin)

Tag Viewer (roles/resourcemanager.tagViewer)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Tag Administrator (roles/resourcemanager.tagAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Tag Administrator (roles/resourcemanager.tagAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Tag Administrator (roles/resourcemanager.tagAdmin)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Tag Administrator (roles/resourcemanager.tagAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Tag Administrator (roles/resourcemanager.tagAdmin)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

Service agent roles

Owner (roles/owner)

Security Admin (roles/iam.securityAdmin)

Tag Administrator (roles/resourcemanager.tagAdmin)

Owner (roles/owner)

Editor (roles/editor)

Tag Administrator (roles/resourcemanager.tagAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Tag User (roles/resourcemanager.tagUser)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Tag User (roles/resourcemanager.tagUser)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Tag Administrator (roles/resourcemanager.tagAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Tag Administrator (roles/resourcemanager.tagAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Tag Administrator (roles/resourcemanager.tagAdmin)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Security Center Resource Value Configurations Editor (roles/securitycenter.resourceValueConfigsEditor)

Security Center Resource Value Configurations Viewer (roles/securitycenter.resourceValueConfigsViewer)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Tag Administrator (roles/resourcemanager.tagAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Tag Administrator (roles/resourcemanager.tagAdmin)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

Service agent roles

Owner (roles/owner)

Security Admin (roles/iam.securityAdmin)

Tag Administrator (roles/resourcemanager.tagAdmin)

Owner (roles/owner)

Editor (roles/editor)

Tag Administrator (roles/resourcemanager.tagAdmin)

Service agent roles