Serverless VPC Access roles and permissions
Stay organized with collections Save and categorize content based on your preferences.

This page lists the IAM roles and permissions for Serverless VPC Access. To search through all roles and permissions, see the role and permission index.

Serverless VPC Access roles

Role Permissions

Role	Permissions
Serverless VPC Access Admin (`roles/vpcaccess.admin`) Full access to all Serverless VPC Access resources	`resourcemanager.projects.get` `resourcemanager.projects.list` `vpcaccess.*` `vpcaccess.connectors.create` `vpcaccess.connectors.delete` `vpcaccess.connectors.get` `vpcaccess.connectors.list` `vpcaccess.connectors.update` `vpcaccess.connectors.use` `vpcaccess.locations.list` `vpcaccess.operations.get` `vpcaccess.operations.list`
Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) Can create and manage resources to support serverless application to connect to virtual private cloud. Warning: Do not grant service agent roles to any principals except service agents.	`billing.accounts.get` `compute.autoscalers.` `compute.autoscalers.create` `compute.autoscalers.delete` `compute.autoscalers.get` `compute.autoscalers.list` `compute.autoscalers.update` `compute.disks.create` `compute.firewalls.create` `compute.firewalls.delete` `compute.firewalls.get` `compute.firewalls.list` `compute.firewalls.update` `compute.healthChecks.create` `compute.healthChecks.delete` `compute.healthChecks.get` `compute.healthChecks.list` `compute.healthChecks.update` `compute.healthChecks.use` `compute.healthChecks.useReadOnly` `compute.httpHealthChecks.create` `compute.httpHealthChecks.delete` `compute.httpHealthChecks.get` `compute.httpHealthChecks.list` `compute.httpHealthChecks.use` `compute.httpHealthChecks.useReadOnly` `compute.httpsHealthChecks.create` `compute.httpsHealthChecks.delete` `compute.httpsHealthChecks.get` `compute.httpsHealthChecks.update` `compute.httpsHealthChecks.use` `compute.httpsHealthChecks.useReadOnly` `compute.images.get` `compute.images.useReadOnly` `compute.instanceGroupManagers.create` `compute.instanceGroupManagers.delete` `compute.instanceGroupManagers.get` `compute.instanceGroupManagers.update` `compute.instanceGroupManagers.use` `compute.instanceGroups.create` `compute.instanceGroups.delete` `compute.instanceGroups.get` `compute.instanceGroups.update` `compute.instanceTemplates.create` `compute.instanceTemplates.delete` `compute.instanceTemplates.get` `compute.instanceTemplates.useReadOnly` `compute.instances.create` `compute.instances.delete` `compute.instances.get` `compute.instances.getGuestAttributes` `compute.instances.list` `compute.instances.reset` `compute.instances.setLabels` `compute.instances.setMetadata` `compute.instances.setTags` `compute.instances.start` `compute.instances.stop` `compute.instances.use` `compute.machineTypes.get` `compute.networks.get` `compute.networks.use` `compute.projects.get` `compute.projects.setCommonInstanceMetadata` `compute.regionOperations.get` `compute.regionOperations.list` `compute.regions.` `compute.regions.get` `compute.regions.list` `compute.subnetworks.create` `compute.subnetworks.delete` `compute.subnetworks.get` `compute.subnetworks.list` `compute.subnetworks.use` `compute.zoneOperations.get` `compute.zoneOperations.list` `compute.zones.` `compute.zones.get` `compute.zones.list` `deploymentmanager.compositeTypes.get` `deploymentmanager.deployments.create` `deploymentmanager.deployments.delete` `deploymentmanager.deployments.get` `deploymentmanager.deployments.list` `deploymentmanager.deployments.update` `deploymentmanager.manifests.` `deploymentmanager.manifests.get` `deploymentmanager.manifests.list` `deploymentmanager.operations.*` `deploymentmanager.operations.get` `deploymentmanager.operations.list` `deploymentmanager.typeProviders.create` `deploymentmanager.typeProviders.get` `logging.logEntries.create` `logging.logMetrics.create` `logging.logMetrics.delete` `logging.logMetrics.get` `logging.logMetrics.update` `resourcemanager.projects.get`
Serverless VPC Access User (`roles/vpcaccess.user`) User of Serverless VPC Access connectors	`compute.networks.access` `resourcemanager.projects.get` `resourcemanager.projects.list` `vpcaccess.connectors.get` `vpcaccess.connectors.list` `vpcaccess.connectors.use` `vpcaccess.locations.list` `vpcaccess.operations.*` `vpcaccess.operations.get` `vpcaccess.operations.list`
Serverless VPC Access Viewer (`roles/vpcaccess.viewer`) Viewer of all Serverless VPC Access resources	`resourcemanager.projects.get` `resourcemanager.projects.list` `vpcaccess.connectors.get` `vpcaccess.connectors.list` `vpcaccess.locations.list` `vpcaccess.operations.*` `vpcaccess.operations.get` `vpcaccess.operations.list`

Serverless VPC Access Admin

(roles/vpcaccess.admin)

Full access to all Serverless VPC Access resources

resourcemanager.projects.get

resourcemanager.projects.list

vpcaccess.*

vpcaccess.connectors.create
vpcaccess.connectors.delete
vpcaccess.connectors.get
vpcaccess.connectors.list
vpcaccess.connectors.update
vpcaccess.connectors.use
vpcaccess.locations.list
vpcaccess.operations.get
vpcaccess.operations.list

Serverless VPC Access Service Agent

(roles/vpcaccess.serviceAgent)

Can create and manage resources to support serverless application to connect to virtual private cloud.

billing.accounts.get

compute.autoscalers.*

compute.autoscalers.create
compute.autoscalers.delete
compute.autoscalers.get
compute.autoscalers.list
compute.autoscalers.update

compute.disks.create

compute.firewalls.create

compute.firewalls.delete

compute.firewalls.get

compute.firewalls.list

compute.firewalls.update

compute.healthChecks.create

compute.healthChecks.delete

compute.healthChecks.get

compute.healthChecks.list

compute.healthChecks.update

compute.healthChecks.use

compute.healthChecks.useReadOnly

compute.httpHealthChecks.create

compute.httpHealthChecks.delete

compute.httpHealthChecks.get

compute.httpHealthChecks.list

compute.httpHealthChecks.use

compute.httpHealthChecks.useReadOnly

compute.httpsHealthChecks.create

compute.httpsHealthChecks.delete

compute.httpsHealthChecks.get

compute.httpsHealthChecks.update

compute.httpsHealthChecks.use

compute.httpsHealthChecks.useReadOnly

compute.images.get

compute.images.useReadOnly

compute.instanceGroupManagers.create

compute.instanceGroupManagers.delete

compute.instanceGroupManagers.get

compute.instanceGroupManagers.update

compute.instanceGroupManagers.use

compute.instanceGroups.create

compute.instanceGroups.delete

compute.instanceGroups.get

compute.instanceGroups.update

compute.instanceTemplates.create

compute.instanceTemplates.delete

compute.instanceTemplates.get

compute.instanceTemplates.useReadOnly

compute.instances.create

compute.instances.delete

compute.instances.get

compute.instances.getGuestAttributes

compute.instances.list

compute.instances.reset

compute.instances.setLabels

compute.instances.setMetadata

compute.instances.setTags

compute.instances.start

compute.instances.stop

compute.instances.use

compute.machineTypes.get

compute.networks.get

compute.networks.use

compute.projects.get

compute.projects.setCommonInstanceMetadata

compute.regionOperations.get

compute.regionOperations.list

compute.regions.*

compute.regions.get
compute.regions.list

compute.subnetworks.create

compute.subnetworks.delete

compute.subnetworks.get

compute.subnetworks.list

compute.subnetworks.use

compute.zoneOperations.get

compute.zoneOperations.list

compute.zones.*

compute.zones.get
compute.zones.list

deploymentmanager.compositeTypes.get

deploymentmanager.deployments.create

deploymentmanager.deployments.delete

deploymentmanager.deployments.get

deploymentmanager.deployments.list

deploymentmanager.deployments.update

deploymentmanager.manifests.*

deploymentmanager.manifests.get
deploymentmanager.manifests.list

deploymentmanager.operations.*

deploymentmanager.operations.get
deploymentmanager.operations.list

deploymentmanager.typeProviders.create

deploymentmanager.typeProviders.get

logging.logEntries.create

logging.logMetrics.create

logging.logMetrics.delete

logging.logMetrics.get

logging.logMetrics.update

resourcemanager.projects.get

Serverless VPC Access User

(roles/vpcaccess.user)

User of Serverless VPC Access connectors

compute.networks.access

resourcemanager.projects.get

resourcemanager.projects.list

vpcaccess.connectors.get

vpcaccess.connectors.list

vpcaccess.connectors.use

vpcaccess.locations.list

vpcaccess.operations.*

vpcaccess.operations.get
vpcaccess.operations.list

Serverless VPC Access Viewer

(roles/vpcaccess.viewer)

Viewer of all Serverless VPC Access resources

resourcemanager.projects.get

resourcemanager.projects.list

vpcaccess.connectors.get

vpcaccess.connectors.list

vpcaccess.locations.list

vpcaccess.operations.*

vpcaccess.operations.get
vpcaccess.operations.list

Serverless VPC Access permissions

Permission	Included in roles
`vpcaccess.connectors.create`	Owner (`roles/owner`) Editor (`roles/editor`) Serverless VPC Access Admin (`roles/vpcaccess.admin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`vpcaccess.connectors.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Serverless VPC Access Admin (`roles/vpcaccess.admin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`vpcaccess.connectors.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) Serverless VPC Access Admin (`roles/vpcaccess.admin`) Serverless VPC Access User (`roles/vpcaccess.user`) Serverless VPC Access Viewer (`roles/vpcaccess.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Data Connectors Service Agent (`roles/dataconnectors.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Serverless Integrations Service Agent (`roles/runapps.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`)
`vpcaccess.connectors.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Serverless VPC Access Admin (`roles/vpcaccess.admin`) Serverless VPC Access User (`roles/vpcaccess.user`) Serverless VPC Access Viewer (`roles/vpcaccess.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Serverless Integrations Service Agent (`roles/runapps.serviceAgent`)
`vpcaccess.connectors.update`	Owner (`roles/owner`) Editor (`roles/editor`) Serverless VPC Access Admin (`roles/vpcaccess.admin`)
`vpcaccess.connectors.use`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) Serverless VPC Access Admin (`roles/vpcaccess.admin`) Serverless VPC Access User (`roles/vpcaccess.user`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Data Connectors Service Agent (`roles/dataconnectors.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`)
`vpcaccess.locations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Serverless VPC Access Admin (`roles/vpcaccess.admin`) Serverless VPC Access User (`roles/vpcaccess.user`) Serverless VPC Access Viewer (`roles/vpcaccess.viewer`)
`vpcaccess.operations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Serverless VPC Access Admin (`roles/vpcaccess.admin`) Serverless VPC Access User (`roles/vpcaccess.user`) Serverless VPC Access Viewer (`roles/vpcaccess.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`vpcaccess.operations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Serverless VPC Access Admin (`roles/vpcaccess.admin`) Serverless VPC Access User (`roles/vpcaccess.user`) Serverless VPC Access Viewer (`roles/vpcaccess.viewer`)

Serverless VPC Access roles and permissions
Stay organized with collections Save and categorize content based on your preferences.