Workflows roles and permissions

This page lists the IAM roles and permissions for Workflows. To search through all roles and permissions, see the role and permission index.

Workflows roles

Role Permissions

(roles/workflows.admin)

Full access to workflows and related resources.

Lowest-level resources where you can grant this role:

  • Project

resourcemanager.projects.get

resourcemanager.projects.list

workflows.*

  • workflows.callbacks.list
  • workflows.callbacks.send
  • workflows.executions.cancel
  • workflows.executions.create
  • workflows.executions.get
  • workflows.executions.list
  • workflows.locations.get
  • workflows.locations.list
  • workflows.operations.cancel
  • workflows.operations.get
  • workflows.operations.list
  • workflows.stepEntries.get
  • workflows.stepEntries.list
  • workflows.workflows.create
  • workflows.workflows.createTagBinding
  • workflows.workflows.delete
  • workflows.workflows.deleteTagBinding
  • workflows.workflows.get
  • workflows.workflows.list
  • workflows.workflows.listEffectiveTags
  • workflows.workflows.listRevision
  • workflows.workflows.listTagBindings
  • workflows.workflows.update

(roles/workflows.editor)

Read and write access to workflows and related resources, including development and debugging of workflows.

Lowest-level resources where you can grant this role:

  • Project

resourcemanager.projects.get

resourcemanager.projects.list

workflows.*

  • workflows.callbacks.list
  • workflows.callbacks.send
  • workflows.executions.cancel
  • workflows.executions.create
  • workflows.executions.get
  • workflows.executions.list
  • workflows.locations.get
  • workflows.locations.list
  • workflows.operations.cancel
  • workflows.operations.get
  • workflows.operations.list
  • workflows.stepEntries.get
  • workflows.stepEntries.list
  • workflows.workflows.create
  • workflows.workflows.createTagBinding
  • workflows.workflows.delete
  • workflows.workflows.deleteTagBinding
  • workflows.workflows.get
  • workflows.workflows.list
  • workflows.workflows.listEffectiveTags
  • workflows.workflows.listRevision
  • workflows.workflows.listTagBindings
  • workflows.workflows.update

(roles/workflows.invoker)

Access to execute workflows and manage the executions using the API. Does not provide access to develop and debug workflows.

Lowest-level resources where you can grant this role:

  • Project

resourcemanager.projects.get

resourcemanager.projects.list

workflows.callbacks.*

  • workflows.callbacks.list
  • workflows.callbacks.send

workflows.executions.*

  • workflows.executions.cancel
  • workflows.executions.create
  • workflows.executions.get
  • workflows.executions.list

workflows.stepEntries.*

  • workflows.stepEntries.get
  • workflows.stepEntries.list

(roles/workflows.serviceAgent)

Gives Cloud Workflows service account access to managed resources.

container.clusters.connect

iam.serviceAccounts.get

iam.serviceAccounts.getAccessToken

iam.serviceAccounts.getOpenIdToken

serviceusage.services.use

(roles/workflows.viewer)

Read-only access to workflows and related resources.

Lowest-level resources where you can grant this role:

  • Project

resourcemanager.projects.get

resourcemanager.projects.list

workflows.callbacks.list

workflows.executions.get

workflows.executions.list

workflows.locations.*

  • workflows.locations.get
  • workflows.locations.list

workflows.operations.get

workflows.operations.list

workflows.stepEntries.*

  • workflows.stepEntries.get
  • workflows.stepEntries.list

workflows.workflows.get

workflows.workflows.list

workflows.workflows.listEffectiveTags

workflows.workflows.listRevision

workflows.workflows.listTagBindings

Workflows permissions

Permission Included in roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Workflows Admin (roles/workflows.admin)

Workflows Editor (roles/workflows.editor)

Workflows Invoker (roles/workflows.invoker)

Workflows Viewer (roles/workflows.viewer)

Owner (roles/owner)

Editor (roles/editor)

Workflows Admin (roles/workflows.admin)

Workflows Editor (roles/workflows.editor)

Workflows Invoker (roles/workflows.invoker)

Owner (roles/owner)

Editor (roles/editor)

Workflows Admin (roles/workflows.admin)

Workflows Editor (roles/workflows.editor)

Workflows Invoker (roles/workflows.invoker)

Owner (roles/owner)

Editor (roles/editor)

Workflows Admin (roles/workflows.admin)

Workflows Editor (roles/workflows.editor)

Workflows Invoker (roles/workflows.invoker)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Workflows Admin (roles/workflows.admin)

Workflows Editor (roles/workflows.editor)

Workflows Invoker (roles/workflows.invoker)

Workflows Viewer (roles/workflows.viewer)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Workflows Admin (roles/workflows.admin)

Workflows Editor (roles/workflows.editor)

Workflows Invoker (roles/workflows.invoker)

Workflows Viewer (roles/workflows.viewer)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Workflows Admin (roles/workflows.admin)

Workflows Editor (roles/workflows.editor)

Workflows Viewer (roles/workflows.viewer)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Workflows Admin (roles/workflows.admin)

Workflows Editor (roles/workflows.editor)

Workflows Viewer (roles/workflows.viewer)

Owner (roles/owner)

Editor (roles/editor)

Workflows Admin (roles/workflows.admin)

Workflows Editor (roles/workflows.editor)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Workflows Admin (roles/workflows.admin)

Workflows Editor (roles/workflows.editor)

Workflows Viewer (roles/workflows.viewer)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Workflows Admin (roles/workflows.admin)

Workflows Editor (roles/workflows.editor)

Workflows Viewer (roles/workflows.viewer)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Workflows Admin (roles/workflows.admin)

Workflows Editor (roles/workflows.editor)

Workflows Invoker (roles/workflows.invoker)

Workflows Viewer (roles/workflows.viewer)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Workflows Admin (roles/workflows.admin)

Workflows Editor (roles/workflows.editor)

Workflows Invoker (roles/workflows.invoker)

Workflows Viewer (roles/workflows.viewer)

Owner (roles/owner)

Editor (roles/editor)

Workflows Admin (roles/workflows.admin)

Workflows Editor (roles/workflows.editor)

Service agent roles

Owner (roles/owner)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Tag User (roles/resourcemanager.tagUser)

Workflows Admin (roles/workflows.admin)

Workflows Editor (roles/workflows.editor)

Owner (roles/owner)

Editor (roles/editor)

Workflows Admin (roles/workflows.admin)

Workflows Editor (roles/workflows.editor)

Service agent roles

Owner (roles/owner)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Tag User (roles/resourcemanager.tagUser)

Workflows Admin (roles/workflows.admin)

Workflows Editor (roles/workflows.editor)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Workflows Admin (roles/workflows.admin)

Workflows Editor (roles/workflows.editor)

Workflows Viewer (roles/workflows.viewer)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Workflows Admin (roles/workflows.admin)

Workflows Editor (roles/workflows.editor)

Workflows Viewer (roles/workflows.viewer)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

Workflows Admin (roles/workflows.admin)

Workflows Editor (roles/workflows.editor)

Workflows Viewer (roles/workflows.viewer)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Workflows Admin (roles/workflows.admin)

Workflows Editor (roles/workflows.editor)

Workflows Viewer (roles/workflows.viewer)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

Workflows Admin (roles/workflows.admin)

Workflows Editor (roles/workflows.editor)

Workflows Viewer (roles/workflows.viewer)

Owner (roles/owner)

Editor (roles/editor)

Workflows Admin (roles/workflows.admin)

Workflows Editor (roles/workflows.editor)