Stream roles and permissions

This page lists the IAM roles and permissions for Stream. To search through all roles and permissions, see the role and permission index.

Stream roles

Role Permissions

Role	Permissions
Stream Admin (`roles/stream.admin`) Full access to Stream all resources.	`resourcemanager.projects.get` `resourcemanager.projects.list` `stream.*` `stream.locations.get` `stream.locations.list` `stream.operations.cancel` `stream.operations.delete` `stream.operations.get` `stream.operations.list` `stream.streamContents.build` `stream.streamContents.create` `stream.streamContents.delete` `stream.streamContents.get` `stream.streamContents.list` `stream.streamContents.update` `stream.streamInstances.create` `stream.streamInstances.delete` `stream.streamInstances.get` `stream.streamInstances.list` `stream.streamInstances.rollout` `stream.streamInstances.update`
Stream Content Admin (`roles/stream.contentAdmin`) Full access to all StreamContent resources.	`resourcemanager.projects.get` `resourcemanager.projects.list` `stream.streamContents.*` `stream.streamContents.build` `stream.streamContents.create` `stream.streamContents.delete` `stream.streamContents.get` `stream.streamContents.list` `stream.streamContents.update`
Stream Content Builder (`roles/stream.contentBuilder`) Read and build access to StreamContent resources.	`resourcemanager.projects.get` `resourcemanager.projects.list` `stream.streamContents.build` `stream.streamContents.get` `stream.streamContents.list`
Stream Instance Admin (`roles/stream.instanceAdmin`) Full access to all StreamInstance resources and Read access to all StreamContent resources.	`resourcemanager.projects.get` `resourcemanager.projects.list` `stream.streamContents.get` `stream.streamContents.list` `stream.streamInstances.*` `stream.streamInstances.create` `stream.streamInstances.delete` `stream.streamInstances.get` `stream.streamInstances.list` `stream.streamInstances.rollout` `stream.streamInstances.update`
Stream Service Agent (`roles/stream.serviceAgent`) Gives Immersive Stream for XR access to the required resources. Warning: Do not grant service agent roles to any principals except service agents.	`resourcemanager.projects.get` `resourcemanager.projects.list` `storage.buckets.create` `storage.buckets.get` `storage.objects.create` `storage.objects.get` `storage.objects.list`
Stream Viewer (`roles/stream.viewer`) Read-only access to Stream all resources.	`resourcemanager.projects.get` `resourcemanager.projects.list` `stream.locations.*` `stream.locations.get` `stream.locations.list` `stream.operations.get` `stream.operations.list` `stream.streamContents.get` `stream.streamContents.list` `stream.streamInstances.get` `stream.streamInstances.list`

Stream Admin

(roles/stream.admin)

Full access to Stream all resources.

resourcemanager.projects.get

resourcemanager.projects.list

stream.*

stream.locations.get
stream.locations.list
stream.operations.cancel
stream.operations.delete
stream.operations.get
stream.operations.list
stream.streamContents.build
stream.streamContents.create
stream.streamContents.delete
stream.streamContents.get
stream.streamContents.list
stream.streamContents.update
stream.streamInstances.create
stream.streamInstances.delete
stream.streamInstances.get
stream.streamInstances.list
stream.streamInstances.rollout
stream.streamInstances.update

Stream Content Admin

(roles/stream.contentAdmin)

Full access to all StreamContent resources.

resourcemanager.projects.get

resourcemanager.projects.list

stream.streamContents.*

stream.streamContents.build
stream.streamContents.create
stream.streamContents.delete
stream.streamContents.get
stream.streamContents.list
stream.streamContents.update

Stream Content Builder

(roles/stream.contentBuilder)

Read and build access to StreamContent resources.

resourcemanager.projects.get

resourcemanager.projects.list

stream.streamContents.build

stream.streamContents.get

stream.streamContents.list

Stream Instance Admin

(roles/stream.instanceAdmin)

Full access to all StreamInstance resources and Read access to all StreamContent resources.

resourcemanager.projects.get

resourcemanager.projects.list

stream.streamContents.get

stream.streamContents.list

stream.streamInstances.*

stream.streamInstances.create
stream.streamInstances.delete
stream.streamInstances.get
stream.streamInstances.list
stream.streamInstances.rollout
stream.streamInstances.update

Stream Service Agent

(roles/stream.serviceAgent)

Gives Immersive Stream for XR access to the required resources.

resourcemanager.projects.get

resourcemanager.projects.list

storage.buckets.create

storage.buckets.get

storage.objects.create

storage.objects.get

storage.objects.list

Stream Viewer

(roles/stream.viewer)

Read-only access to Stream all resources.

resourcemanager.projects.get

resourcemanager.projects.list

stream.locations.*

stream.locations.get
stream.locations.list

stream.operations.get

stream.operations.list

stream.streamContents.get

stream.streamContents.list

stream.streamInstances.get

stream.streamInstances.list

Stream permissions

Permission	Included in roles
`stream.locations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Support User (`roles/iam.supportUser`) Stream Admin (`roles/stream.admin`) Stream Viewer (`roles/stream.viewer`)
`stream.locations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Stream Admin (`roles/stream.admin`) Stream Viewer (`roles/stream.viewer`)
`stream.operations.cancel`	Owner (`roles/owner`) Editor (`roles/editor`) Stream Admin (`roles/stream.admin`)
`stream.operations.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Stream Admin (`roles/stream.admin`)
`stream.operations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Support User (`roles/iam.supportUser`) Stream Admin (`roles/stream.admin`) Stream Viewer (`roles/stream.viewer`)
`stream.operations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Stream Admin (`roles/stream.admin`) Stream Viewer (`roles/stream.viewer`)
`stream.streamContents.build`	Owner (`roles/owner`) Editor (`roles/editor`) Stream Admin (`roles/stream.admin`) Stream Content Admin (`roles/stream.contentAdmin`) Stream Content Builder (`roles/stream.contentBuilder`)
`stream.streamContents.create`	Owner (`roles/owner`) Editor (`roles/editor`) Stream Admin (`roles/stream.admin`) Stream Content Admin (`roles/stream.contentAdmin`)
`stream.streamContents.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Stream Admin (`roles/stream.admin`) Stream Content Admin (`roles/stream.contentAdmin`)
`stream.streamContents.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Support User (`roles/iam.supportUser`) Stream Admin (`roles/stream.admin`) Stream Content Admin (`roles/stream.contentAdmin`) Stream Content Builder (`roles/stream.contentBuilder`) Stream Instance Admin (`roles/stream.instanceAdmin`) Stream Viewer (`roles/stream.viewer`)
`stream.streamContents.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Stream Admin (`roles/stream.admin`) Stream Content Admin (`roles/stream.contentAdmin`) Stream Content Builder (`roles/stream.contentBuilder`) Stream Instance Admin (`roles/stream.instanceAdmin`) Stream Viewer (`roles/stream.viewer`)
`stream.streamContents.update`	Owner (`roles/owner`) Editor (`roles/editor`) Stream Admin (`roles/stream.admin`) Stream Content Admin (`roles/stream.contentAdmin`)
`stream.streamInstances.create`	Owner (`roles/owner`) Editor (`roles/editor`) Stream Admin (`roles/stream.admin`) Stream Instance Admin (`roles/stream.instanceAdmin`)
`stream.streamInstances.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Stream Admin (`roles/stream.admin`) Stream Instance Admin (`roles/stream.instanceAdmin`)
`stream.streamInstances.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Support User (`roles/iam.supportUser`) Stream Admin (`roles/stream.admin`) Stream Instance Admin (`roles/stream.instanceAdmin`) Stream Viewer (`roles/stream.viewer`)
`stream.streamInstances.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Stream Admin (`roles/stream.admin`) Stream Instance Admin (`roles/stream.instanceAdmin`) Stream Viewer (`roles/stream.viewer`)
`stream.streamInstances.rollout`	Owner (`roles/owner`) Editor (`roles/editor`) Stream Admin (`roles/stream.admin`) Stream Instance Admin (`roles/stream.instanceAdmin`)
`stream.streamInstances.update`	Owner (`roles/owner`) Editor (`roles/editor`) Stream Admin (`roles/stream.admin`) Stream Instance Admin (`roles/stream.instanceAdmin`)

Stream roles and permissions

Stream roles

Stream Admin

Stream Content Admin

Stream Content Builder

Stream Instance Admin

Stream Service Agent

Stream Viewer

Stream permissions

`stream.locations.get`

`stream.locations.list`

`stream.operations.cancel`

`stream.operations.delete`

`stream.operations.get`

`stream.operations.list`

`stream.streamContents.build`

`stream.streamContents.create`

`stream.streamContents.delete`

`stream.streamContents.get`

`stream.streamContents.list`

`stream.streamContents.update`

`stream.streamInstances.create`

`stream.streamInstances.delete`

`stream.streamInstances.get`

`stream.streamInstances.list`

`stream.streamInstances.rollout`

`stream.streamInstances.update`