Every Workflows method requires the caller to have the necessary
permissions. For a list of the roles Workflows supports and their
corresponding permissions, in this document, see the Workflows roles
section.
Workflows permissions
This table describes the permissions available in Workflows.
Permission
Definition
workflows.callbacks.list
List callbacks for a workflow execution.
workflows.callbacks.send
Trigger a workflow execution callback.
workflows.executions.cancel
Cancel a workflow execution, without deleting traces.
workflows.executions.create
Trigger a workflow execution.
workflows.executions.get
Get the latest state of workflow execution operations.
workflows.executions.list
List the workflow's execution operations.
workflows.locations.get
Get the location of a workflow.
workflows.locations.list
List the locations where the service is available.
workflows.operations.cancel
Cancel long-running operations.
workflows.operations.get
Get details of long-running operations.
workflows.operations.list
Get a list of long-running operations.
workflows.stepEntries.get
Get a step entry for a workflow execution.
workflows.stepEntries.list
List step entries for a workflow execution.
workflows.workflows.create
Create and deploy a new workflow.
workflows.workflows.delete
Delete an existing workflow.
workflows.workflows.get
Get a workflow's settings, including source code, labels, and
description.
workflows.workflows.list
List the workflows in a project.
workflows.workflows.listRevision
List a workflow's revisions.
workflows.workflows.update
Update a workflow's settings, including its source code, labels, and
description.
Workflows roles
The following table lists the Workflows predefined IAM
roles with a corresponding list of all the permissions each role includes.
The available roles address most typical use cases. If your use case isn't
covered by the available roles, you can
create an IAM custom role.
Role
Permissions
Workflows Admin
(roles/workflows.admin)
Full access to workflows and related resources.
Lowest-level resources where you can grant this role:
Project
resourcemanager.projects.get
resourcemanager.projects.list
workflows.*
workflows.callbacks.list
workflows.callbacks.send
workflows.executions.cancel
workflows.executions.create
workflows.executions.get
workflows.executions.list
workflows.locations.get
workflows.locations.list
workflows.operations.cancel
workflows.operations.get
workflows.operations.list
workflows.stepEntries.get
workflows.stepEntries.list
workflows.workflows.create
workflows.workflows.createTagBinding
workflows.workflows.delete
workflows.workflows.deleteTagBinding
workflows.workflows.get
workflows.workflows.list
workflows.workflows.listEffectiveTags
workflows.workflows.listRevision
workflows.workflows.listTagBindings
workflows.workflows.update
Workflows Editor
(roles/workflows.editor)
Read and write access to workflows and related resources, including development and debugging of workflows.
Lowest-level resources where you can grant this role:
Project
resourcemanager.projects.get
resourcemanager.projects.list
workflows.*
workflows.callbacks.list
workflows.callbacks.send
workflows.executions.cancel
workflows.executions.create
workflows.executions.get
workflows.executions.list
workflows.locations.get
workflows.locations.list
workflows.operations.cancel
workflows.operations.get
workflows.operations.list
workflows.stepEntries.get
workflows.stepEntries.list
workflows.workflows.create
workflows.workflows.createTagBinding
workflows.workflows.delete
workflows.workflows.deleteTagBinding
workflows.workflows.get
workflows.workflows.list
workflows.workflows.listEffectiveTags
workflows.workflows.listRevision
workflows.workflows.listTagBindings
workflows.workflows.update
Workflows Invoker
(roles/workflows.invoker)
Access to execute workflows and manage the executions using the API. Does not provide access to develop and debug workflows.
Lowest-level resources where you can grant this role:
Project
resourcemanager.projects.get
resourcemanager.projects.list
workflows.callbacks.*
workflows.callbacks.list
workflows.callbacks.send
workflows.executions.*
workflows.executions.cancel
workflows.executions.create
workflows.executions.get
workflows.executions.list
workflows.stepEntries.*
workflows.stepEntries.get
workflows.stepEntries.list
Workflows Viewer
(roles/workflows.viewer)
Read-only access to workflows and related resources.
Lowest-level resources where you can grant this role:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-01-30 UTC."],[],[]]
