Other roles |
Permissions |
Advisory Notifications Admin
(roles/advisorynotifications.admin )
Grants write access to settings in Advisory Notifications
|
advisorynotifications.*
resourcemanager.organizations.get
resourcemanager.projects.get
|
Advisory Notifications Viewer
(roles/advisorynotifications.viewer )
Grants view access in Advisory Notifications
|
advisorynotifications.notifications.*
advisorynotifications.settings.get
resourcemanager.organizations.get
resourcemanager.projects.get
|
Cloud API Hub Admin
Beta
(roles/apihub.admin )
Full access to all API hub resources.
|
apihub.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Cloud API hub Attributes Admin
Beta
(roles/apihub.attributeAdmin )
Full access to all Cloud API hub attribute's resources.
|
apihub.attributes.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Cloud API Hub Editor
Beta
(roles/apihub.editor )
Edit access to most of Cloud API Hub resources.
|
apihub.apiHubInstances.get
apihub.apiHubInstances.list
apihub.apiOperations.*
apihub.apis.*
apihub.attributes.get
apihub.attributes.list
apihub.definitions.*
apihub.dependencies.*
apihub.deployments.*
apihub.externalApis.*
apihub.hostProjectRegistrations.get
apihub.hostProjectRegistrations.list
apihub.llmEnablements.*
apihub.locations.searchResources
apihub.operations.get
apihub.operations.list
apihub.plugins.get
apihub.plugins.list
apihub.runTimeProjectAttachments.get
apihub.runTimeProjectAttachments.list
apihub.specs.*
apihub.styleGuides.get
apihub.versions.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Cloud API hub Plugins Admin
Beta
(roles/apihub.pluginAdmin )
Full access to all Cloud API hub plugin's resources.
|
apihub.plugins.*
apihub.specs.lint
apihub.styleGuides.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Cloud API hub Provisioning Admin
Beta
(roles/apihub.provisioningAdmin )
Full access to Cloud API hub provisioning related resources.
|
apihub.apiHubInstances.*
apihub.hostProjectRegistrations.*
apihub.operations.*
apihub.runTimeProjectAttachments.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Cloud API hub Viewer
Beta
(roles/apihub.viewer )
View access to all Cloud API hub resources.
|
apihub.apiHubInstances.get
apihub.apiHubInstances.list
apihub.apiOperations.get
apihub.apiOperations.list
apihub.apis.get
apihub.apis.list
apihub.attributes.get
apihub.attributes.list
apihub.definitions.get
apihub.definitions.list
apihub.dependencies.get
apihub.dependencies.list
apihub.deployments.get
apihub.deployments.list
apihub.externalApis.get
apihub.externalApis.list
apihub.hostProjectRegistrations.get
apihub.hostProjectRegistrations.list
apihub.llmEnablements.get
apihub.llmEnablements.list
apihub.locations.searchResources
apihub.operations.get
apihub.operations.list
apihub.plugins.get
apihub.plugins.list
apihub.runTimeProjectAttachments.get
apihub.runTimeProjectAttachments.list
apihub.specs.get
apihub.specs.list
apihub.styleGuides.get
apihub.versions.get
apihub.versions.list
resourcemanager.projects.get
resourcemanager.projects.list
|
API Management Admin
Beta
(roles/apim.admin )
Full access to API Management resources.
|
apim.*
resourcemanager.projects.get
resourcemanager.projects.list
|
API Management Viewer
Beta
(roles/apim.viewer )
Readonly access to API Management resources.
|
apim.apiObservations.get
apim.apiObservations.list
apim.apiOperations.*
apim.locations.*
apim.observationJobs.get
apim.observationJobs.list
apim.observationSources.get
apim.observationSources.list
apim.operations.get
apim.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
App Hub Admin
(roles/apphub.admin )
Full access to App Hub resources.
|
apphub.*
resourcemanager.projects.get
resourcemanager.projects.list
|
App Hub Editor
(roles/apphub.editor )
Edit access to App Hub resources.
|
apphub.applications.create
apphub.applications.delete
apphub.applications.get
apphub.applications.list
apphub.applications.update
apphub.discoveredServices.*
apphub.discoveredWorkloads.*
apphub.locations.*
apphub.operations.*
apphub.serviceProjectAttachments.lookup
apphub.services.*
apphub.workloads.*
resourcemanager.projects.get
resourcemanager.projects.list
|
App Hub Viewer
(roles/apphub.viewer )
View access to App Hub resources.
|
apphub.applications.get
apphub.applications.list
apphub.discoveredServices.get
apphub.discoveredServices.list
apphub.discoveredWorkloads.get
apphub.discoveredWorkloads.list
apphub.locations.*
apphub.operations.get
apphub.operations.list
apphub.serviceProjectAttachments.lookup
apphub.services.get
apphub.services.list
apphub.workloads.get
apphub.workloads.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Appliance troubleshooting commands approver
Beta
(roles/applianceactivation.approver )
Grants access to approve commands to run on appliances
|
applianceactivation.rttCommands.approve
applianceactivation.rttCommands.get
resourcemanager.projects.get
resourcemanager.projects.list
|
On-appliance troubleshooting client
Beta
(roles/applianceactivation.client )
Grants access to read commands for an appliance and send its result.
|
applianceactivation.rttCommands.get
applianceactivation.rttCommands.sendResult
|
Appliance troubleshooter
Beta
(roles/applianceactivation.troubleshooter )
Grants access to send new commands to run on appliances and view the outputs
|
applianceactivation.rttCommands.create
applianceactivation.rttCommands.get
applianceactivation.rttCommands.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Assured OSS Admin
(roles/assuredoss.admin )
Access to use Assured OSS and manage configuration.
|
artifactregistry.attachments.get
artifactregistry.attachments.list
artifactregistry.dockerimages.*
artifactregistry.files.download
artifactregistry.files.get
artifactregistry.files.list
artifactregistry.locations.*
artifactregistry.mavenartifacts.*
artifactregistry.npmpackages.*
artifactregistry.packages.get
artifactregistry.packages.list
artifactregistry.projectsettings.get
artifactregistry.pythonpackages.*
artifactregistry.repositories.create
artifactregistry.repositories.downloadArtifacts
artifactregistry.repositories.get
artifactregistry.repositories.list
artifactregistry.repositories.listEffectiveTags
artifactregistry.repositories.listTagBindings
artifactregistry.repositories.readViaVirtualRepository
artifactregistry.rules.get
artifactregistry.rules.list
artifactregistry.tags.get
artifactregistry.tags.list
artifactregistry.versions.get
artifactregistry.versions.list
assuredoss.*
iam.serviceAccountKeys.create
iam.serviceAccounts.create
iam.serviceAccounts.get
pubsub.schemas.get
pubsub.schemas.list
pubsub.schemas.listRevisions
pubsub.schemas.validate
pubsub.snapshots.get
pubsub.snapshots.list
pubsub.subscriptions.create
pubsub.subscriptions.get
pubsub.subscriptions.list
pubsub.subscriptions.update
pubsub.topics.get
pubsub.topics.list
resourcemanager.organizations.get
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.quotas.get
serviceusage.services.enable
serviceusage.services.get
serviceusage.services.list
|
Assured OSS Project Admin
Beta
(roles/assuredoss.projectAdmin )
Access to use Assured OSS and manage configuration.
|
artifactregistry.attachments.get
artifactregistry.attachments.list
artifactregistry.dockerimages.*
artifactregistry.files.download
artifactregistry.files.get
artifactregistry.files.list
artifactregistry.locations.*
artifactregistry.mavenartifacts.*
artifactregistry.npmpackages.*
artifactregistry.packages.get
artifactregistry.packages.list
artifactregistry.projectsettings.get
artifactregistry.pythonpackages.*
artifactregistry.repositories.create
artifactregistry.repositories.downloadArtifacts
artifactregistry.repositories.get
artifactregistry.repositories.list
artifactregistry.repositories.listEffectiveTags
artifactregistry.repositories.listTagBindings
artifactregistry.repositories.readViaVirtualRepository
artifactregistry.rules.get
artifactregistry.rules.list
artifactregistry.tags.get
artifactregistry.tags.list
artifactregistry.versions.get
artifactregistry.versions.list
assuredoss.*
iam.serviceAccounts.create
iam.serviceAccounts.get
pubsub.schemas.get
pubsub.schemas.list
pubsub.schemas.listRevisions
pubsub.schemas.validate
pubsub.snapshots.get
pubsub.snapshots.list
pubsub.subscriptions.get
pubsub.subscriptions.list
pubsub.topics.get
pubsub.topics.list
resourcemanager.organizations.get
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.quotas.get
serviceusage.services.enable
serviceusage.services.get
serviceusage.services.list
|
Assured OSS Reader
(roles/assuredoss.reader )
Access to use Assured OSS and view Assured OSS configuration.
|
artifactregistry.attachments.get
artifactregistry.attachments.list
artifactregistry.dockerimages.*
artifactregistry.files.download
artifactregistry.files.get
artifactregistry.files.list
artifactregistry.locations.*
artifactregistry.mavenartifacts.*
artifactregistry.npmpackages.*
artifactregistry.packages.get
artifactregistry.packages.list
artifactregistry.projectsettings.get
artifactregistry.pythonpackages.*
artifactregistry.repositories.downloadArtifacts
artifactregistry.repositories.get
artifactregistry.repositories.list
artifactregistry.repositories.listEffectiveTags
artifactregistry.repositories.listTagBindings
artifactregistry.repositories.readViaVirtualRepository
artifactregistry.rules.get
artifactregistry.rules.list
artifactregistry.tags.get
artifactregistry.tags.list
artifactregistry.versions.get
artifactregistry.versions.list
assuredoss.config.get
assuredoss.locations.*
assuredoss.metadata.*
assuredoss.operations.get
assuredoss.operations.list
pubsub.schemas.get
pubsub.schemas.list
pubsub.schemas.listRevisions
pubsub.schemas.validate
pubsub.snapshots.get
pubsub.snapshots.list
pubsub.subscriptions.get
pubsub.subscriptions.list
pubsub.topics.get
pubsub.topics.list
resourcemanager.organizations.get
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
|
Assured OSS User
(roles/assuredoss.user )
Access to use Assured OSS.
|
artifactregistry.attachments.get
artifactregistry.attachments.list
artifactregistry.dockerimages.*
artifactregistry.files.download
artifactregistry.files.get
artifactregistry.files.list
artifactregistry.locations.*
artifactregistry.mavenartifacts.*
artifactregistry.npmpackages.*
artifactregistry.packages.get
artifactregistry.packages.list
artifactregistry.projectsettings.get
artifactregistry.pythonpackages.*
artifactregistry.repositories.downloadArtifacts
artifactregistry.repositories.get
artifactregistry.repositories.list
artifactregistry.repositories.listEffectiveTags
artifactregistry.repositories.listTagBindings
artifactregistry.repositories.readViaVirtualRepository
artifactregistry.rules.get
artifactregistry.rules.list
artifactregistry.tags.get
artifactregistry.tags.list
artifactregistry.versions.get
artifactregistry.versions.list
assuredoss.locations.*
assuredoss.metadata.*
assuredoss.operations.get
assuredoss.operations.list
resourcemanager.organizations.get
resourcemanager.projects.get
resourcemanager.projects.list
|
Audit Manager Admin
Beta
(roles/auditmanager.admin )
Full access to Audit Manager resources.
|
auditmanager.auditReports.*
auditmanager.auditScopeReports.generate
auditmanager.billingSettings.get
auditmanager.controlReports.*
auditmanager.controls.list
auditmanager.findings.*
auditmanager.locations.*
auditmanager.operations.*
auditmanager.resourceEnrollmentStatuses.*
cloudasset.assets.searchAllResources
resourcemanager.folders.get
resourcemanager.folders.list
resourcemanager.organizations.get
resourcemanager.projects.get
resourcemanager.projects.list
|
Audit Manager Auditor
Beta
(roles/auditmanager.auditor )
Allows creating and viewing an audit report.
|
auditmanager.auditReports.*
auditmanager.auditScopeReports.generate
auditmanager.billingSettings.get
auditmanager.controlReports.*
auditmanager.controls.list
auditmanager.findings.*
auditmanager.locations.get
auditmanager.locations.list
auditmanager.operations.*
auditmanager.resourceEnrollmentStatuses.*
cloudasset.assets.searchAllResources
resourcemanager.folders.get
resourcemanager.folders.list
resourcemanager.organizations.get
resourcemanager.projects.get
resourcemanager.projects.list
|
Custom Compliance Framework Admin
Beta
(roles/auditmanager.ccfAdmin )
Full access to Custom Compliance Framework resources.
|
auditmanager.billingSettings.get
auditmanager.customComplianceFrameworks.*
auditmanager.locations.get
auditmanager.locations.list
auditmanager.operations.*
resourcemanager.organizations.get
|
Custom Compliance Framework Viewer
Beta
(roles/auditmanager.ccfViewer )
Allows viewing Custom Compliance Framework resources.
|
auditmanager.billingSettings.get
auditmanager.customComplianceFrameworks.get
auditmanager.customComplianceFrameworks.list
auditmanager.locations.get
auditmanager.locations.list
auditmanager.operations.*
resourcemanager.organizations.get
|
Autoscaling Metrics Writer
Beta
(roles/autoscaling.metricsWriter )
Access to write metrics for autoscaling site
|
autoscaling.sites.writeMetrics
|
Autoscaling Recommendations Reader
Beta
(roles/autoscaling.recommendationsReader )
Access to read recommendations from autoscaling site
|
autoscaling.sites.readRecommendations
|
Autoscaling Site Admin
Beta
(roles/autoscaling.sitesAdmin )
Full access to all autoscaling site features
|
autoscaling.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Autoscaling State Writer
Beta
(roles/autoscaling.stateWriter )
Access to write state for autoscaling site
|
autoscaling.sites.writeState
|
Batch Administrator
(roles/batch.admin )
Administrator of Batch resources
|
batch.jobs.*
batch.locations.*
batch.operations.*
batch.resourceAllowances.*
batch.tasks.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Batch Agent Reporter
(roles/batch.agentReporter )
Reporter of Batch agent states.
|
batch.states.report
|
Batch Job Editor
(roles/batch.jobsEditor )
Editor of Batch Jobs
|
batch.jobs.*
batch.locations.*
batch.operations.*
batch.tasks.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Batch Job Viewer
(roles/batch.jobsViewer )
Viewer of Batch Jobs, Task Groups and Tasks
|
batch.jobs.get
batch.jobs.list
batch.locations.*
batch.operations.*
batch.tasks.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Batch ResourceAllowance Editor
(roles/batch.resourceAllowancesEditor )
Editor of Batch ResourceAllowances
|
batch.locations.*
batch.operations.*
batch.resourceAllowances.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Batch ResourceAllowance Viewer
(roles/batch.resourceAllowancesViewer )
Viewer of Batch ResourceAllowances
|
batch.locations.*
batch.operations.*
batch.resourceAllowances.get
batch.resourceAllowances.list
resourcemanager.projects.get
resourcemanager.projects.list
|
BigLake Admin
(roles/biglake.admin )
Provides full access to all BigLake resources.
|
biglake.*
resourcemanager.projects.get
resourcemanager.projects.list
|
BigLake Viewer
(roles/biglake.viewer )
Provides read-only access to all BigLake resources.
|
biglake.catalogs.get
biglake.catalogs.list
biglake.databases.get
biglake.databases.list
biglake.locks.list
biglake.tables.get
biglake.tables.list
resourcemanager.projects.get
resourcemanager.projects.list
|
MigrationWorkflow Editor
(roles/bigquerymigration.editor )
Editor of EDW migration workflows.
|
bigquerymigration.subtasks.*
bigquerymigration.workflows.create
bigquerymigration.workflows.delete
bigquerymigration.workflows.enableAiOutputTypes
bigquerymigration.workflows.enableLineageOutputTypes
bigquerymigration.workflows.enableOutputTypePermissions
bigquerymigration.workflows.get
bigquerymigration.workflows.list
bigquerymigration.workflows.update
|
Task Orchestrator
(roles/bigquerymigration.orchestrator )
Orchestrator of EDW migration tasks.
|
bigquerymigration.workflows.orchestrateTask
storage.objects.list
|
Migration Translation User
(roles/bigquerymigration.translationUser )
User of EDW migration interactive SQL translation service.
|
bigquerymigration.translation.translate
|
MigrationWorkflow Viewer
(roles/bigquerymigration.viewer )
Viewer of EDW migration MigrationWorkflow.
|
bigquerymigration.subtasks.*
bigquerymigration.workflows.get
bigquerymigration.workflows.list
|
Task Worker
(roles/bigquerymigration.worker )
Worker that executes EDW migration subtasks.
|
storage.objects.create
storage.objects.get
storage.objects.list
|
Carbon Footprint Viewer
(roles/billing.carbonViewer )
|
billing.accounts.get
billing.accounts.getCarbonInformation
billing.accounts.list
|
Blockchain Node Engine Admin
(roles/blockchainnodeengine.admin )
Full access to Blockchain Node Engine resources.
|
blockchainnodeengine.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Blockchain Node Engine Viewer
(roles/blockchainnodeengine.viewer )
Read-only access to Blockchain Node Engine resources.
|
blockchainnodeengine.blockchainNodes.get
blockchainnodeengine.blockchainNodes.list
blockchainnodeengine.locations.*
blockchainnodeengine.operations.get
blockchainnodeengine.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Blockchain Validator Manager Admin
Beta
(roles/blockchainvalidatormanager.admin )
Full access to Blockchain Validator Manager resources.
|
blockchainvalidatormanager.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Blockchain Validator Viewer
Beta
(roles/blockchainvalidatormanager.viewer )
Readonly access to Blockchain Validator Manager resources.
|
blockchainvalidatormanager.blockchainValidatorConfigs.get
blockchainvalidatormanager.blockchainValidatorConfigs.list
blockchainvalidatormanager.locations.*
blockchainvalidatormanager.operations.get
blockchainvalidatormanager.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Capacity Planner Usage Viewer
Beta
(roles/capacityplanner.viewer )
Read-only access to Capacity Planner usage resources
|
capacityplanner.*
cloudquotas.quotas.get
compute.futureReservations.get
compute.futureReservations.list
compute.reservations.get
compute.reservations.list
monitoring.timeSeries.list
resourcemanager.folders.get
resourcemanager.organizations.get
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.quotas.get
serviceusage.services.get
|
Care Studio Patients Viewer
(roles/carestudio.viewer )
This role can view all properties of Patients.
|
carestudio.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Chronicle Service Admin
(roles/chroniclesm.admin )
Admins can view and modify Chronicle service details.
|
chroniclesm.*
|
Chronicle Service Viewer
(roles/chroniclesm.viewer )
Viewers can see Chronicle service details but not change them.
|
chroniclesm.gcpAssociations.get
chroniclesm.gcpAssociations.list
chroniclesm.gcpLogFlowFilters.get
chroniclesm.gcpSettings.get
|
Location reader
Beta
(roles/cloud.locationReader )
Read and enumerate locations available for resource creation.
|
cloud.*
|
Code Repository Indexes Admin
Beta
(roles/cloudaicompanion.codeRepositoryIndexesAdmin )
Grants full access to Code Repository Indexes resources.
|
cloudaicompanion.codeRepositoryIndexes.*
cloudaicompanion.operations.*
cloudaicompanion.repositoryGroups.create
cloudaicompanion.repositoryGroups.delete
cloudaicompanion.repositoryGroups.get
cloudaicompanion.repositoryGroups.getIamPolicy
cloudaicompanion.repositoryGroups.list
cloudaicompanion.repositoryGroups.setIamPolicy
cloudaicompanion.repositoryGroups.update
resourcemanager.projects.get
resourcemanager.projects.list
|
Code Repository Indexes Viewer
Beta
(roles/cloudaicompanion.codeRepositoryIndexesViewer )
Grants readonly access to Code Repository Indexes resources.
|
cloudaicompanion.codeRepositoryIndexes.get
cloudaicompanion.codeRepositoryIndexes.list
cloudaicompanion.operations.get
cloudaicompanion.operations.list
cloudaicompanion.repositoryGroups.get
cloudaicompanion.repositoryGroups.getIamPolicy
cloudaicompanion.repositoryGroups.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Repository Groups User
Beta
(roles/cloudaicompanion.repositoryGroupsUser )
Grants Read/Use access to the Code Repository Indexes Repository Group.
|
cloudaicompanion.codeRepositoryIndexes.get
cloudaicompanion.repositoryGroups.get
cloudaicompanion.repositoryGroups.getIamPolicy
cloudaicompanion.repositoryGroups.use
|
Gemini for Google Cloud User
Beta
(roles/cloudaicompanion.user )
A user who can use Gemini for Google Cloud
|
cloudaicompanion.companions.*
cloudaicompanion.entitlements.get
cloudaicompanion.instances.*
cloudaicompanion.licenses.selfAssign
resourcemanager.projects.get
resourcemanager.projects.list
|
Cloud Controls Partner Admin
(roles/cloudcontrolspartner.admin )
Full access to Cloud Controls Partner resources.
|
cloudcontrolspartner.accessapprovalrequests.list
cloudcontrolspartner.customers.*
cloudcontrolspartner.ekmconnections.get
cloudcontrolspartner.inspectabilityevents.get
cloudcontrolspartner.partnerpermissions.get
cloudcontrolspartner.partners.get
cloudcontrolspartner.platformcontrols.get
cloudcontrolspartner.violations.list
cloudcontrolspartner.workloads.list
|
Cloud Controls Partner Editor
(roles/cloudcontrolspartner.editor )
Editor access to Cloud Controls Partner resources.
|
cloudcontrolspartner.*
|
Cloud Controls Partner Inspectability Reader
(roles/cloudcontrolspartner.inspectabilityReader )
Readonly access to Cloud Controls Partner inspectability resources.
|
cloudcontrolspartner.customers.get
cloudcontrolspartner.customers.list
cloudcontrolspartner.inspectabilityevents.get
cloudcontrolspartner.platformcontrols.get
|
Cloud Controls Partner Monitoring Reader
(roles/cloudcontrolspartner.monitoringReader )
Read-only access to Cloud Controls Partner monitoring resources.
|
cloudcontrolspartner.customers.get
cloudcontrolspartner.customers.list
cloudcontrolspartner.violations.*
cloudcontrolspartner.workloads.*
|
Cloud Controls Partner Reader
(roles/cloudcontrolspartner.reader )
Read-only access to Cloud Controls Partner resources.
|
cloudcontrolspartner.accessapprovalrequests.list
cloudcontrolspartner.customers.get
cloudcontrolspartner.customers.list
cloudcontrolspartner.ekmconnections.get
cloudcontrolspartner.inspectabilityevents.get
cloudcontrolspartner.partnerpermissions.get
cloudcontrolspartner.partners.get
cloudcontrolspartner.platformcontrols.get
cloudcontrolspartner.violations.*
cloudcontrolspartner.workloads.*
|
Cloud Optimization AI Admin
(roles/cloudoptimization.admin )
Administrator of Cloud Optimization AI resources
|
cloudoptimization.*
|
Cloud Optimization AI Editor
(roles/cloudoptimization.editor )
Editor of Cloud Optimization AI resources
|
cloudoptimization.*
|
Cloud Optimization AI Viewer
(roles/cloudoptimization.viewer )
Viewer of Cloud Optimization AI resources
|
cloudoptimization.operations.get
|
Cloud Quotas Admin
Beta
(roles/cloudquotas.admin )
Full access to Cloud Quotas resources.
|
cloudquotas.*
monitoring.timeSeries.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Cloud Quotas Viewer
Beta
(roles/cloudquotas.viewer )
Readonly access to Cloud Quotas resources.
|
cloudquotas.quotas.get
resourcemanager.projects.get
resourcemanager.projects.list
|
Commerce Agreement Publishing Admin
Beta
(roles/commerceagreementpublishing.admin )
Admin of Commerce Agreement Publishing service
|
commerceagreementpublishing.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Commerce Agreement Publishing Viewer
Beta
(roles/commerceagreementpublishing.viewer )
Viewer of Commerce Agreement Publishing service
|
commerceagreementpublishing.agreements.get
commerceagreementpublishing.agreements.list
commerceagreementpublishing.documents.get
commerceagreementpublishing.documents.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Confidential Space Workload User
(roles/confidentialcomputing.workloadUser )
Grants the ability to generate an attestation token and run a workload in a VM. Intended for service accounts that run on Confidential Space VMs.
|
confidentialcomputing.*
logging.logEntries.create
|
ConfigDelivery Admin
Beta
(roles/configdelivery.configDeliveryAdmin )
Grants full access to all Config Delivery resources. Lets users create, remove and manage fleet packages and resource bundles.
|
configdelivery.*
resourcemanager.projects.get
resourcemanager.projects.list
|
ConfigDelivery Viewer
Beta
(roles/configdelivery.configDeliveryViewer )
Grants read access to all Config Delivery resources. Lets users view existing fleet packages and resource bundles, but they will not be able to make any changes.
|
configdelivery.fleetPackages.get
configdelivery.fleetPackages.list
configdelivery.locations.*
configdelivery.operations.get
configdelivery.operations.list
configdelivery.releases.get
configdelivery.releases.list
configdelivery.resourceBundles.get
configdelivery.resourceBundles.list
configdelivery.rollouts.get
configdelivery.rollouts.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Config Delivery Resource Bundle Publisher
Beta
(roles/configdelivery.resourceBundlePublisher )
Grants read and write permissions to Config Delivery ResourceBundles and Releases.
|
configdelivery.locations.*
configdelivery.operations.get
configdelivery.operations.list
configdelivery.releases.create
configdelivery.releases.get
configdelivery.releases.list
configdelivery.releases.update
configdelivery.resourceBundles.create
configdelivery.resourceBundles.get
configdelivery.resourceBundles.list
configdelivery.resourceBundles.update
resourcemanager.projects.get
resourcemanager.projects.list
|
(roles/contactcenteraiplatform.admin )
Full access to Contact Center AI Platform resources.
|
contactcenteraiplatform.*
resourcemanager.projects.get
resourcemanager.projects.list
|
(roles/contactcenteraiplatform.viewer )
Read-only access to Contact Center AI Platform resources.
|
contactcenteraiplatform.contactCenters.get
contactcenteraiplatform.contactCenters.list
contactcenteraiplatform.locations.*
contactcenteraiplatform.operations.get
contactcenteraiplatform.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
(roles/contactcenterinsights.editor )
Grants read and write access to all Contact Center AI Insights resources.
|
contactcenterinsights.*
|
(roles/contactcenterinsights.viewer )
Grants read access to all Contact Center AI Insights resources.
|
contactcenterinsights.analyses.get
contactcenterinsights.analyses.list
contactcenterinsights.analysisRules.get
contactcenterinsights.analysisRules.list
contactcenterinsights.conversations.get
contactcenterinsights.conversations.list
contactcenterinsights.faqEntries.get
contactcenterinsights.faqEntries.list
contactcenterinsights.faqModels.get
contactcenterinsights.faqModels.list
contactcenterinsights.feedbackLabels.download
contactcenterinsights.feedbackLabels.get
contactcenterinsights.feedbackLabels.list
contactcenterinsights.issueModels.get
contactcenterinsights.issueModels.list
contactcenterinsights.issues.get
contactcenterinsights.issues.list
contactcenterinsights.operations.get
contactcenterinsights.operations.list
contactcenterinsights.phraseMatchers.get
contactcenterinsights.phraseMatchers.list
contactcenterinsights.qaQuestions.get
contactcenterinsights.qaQuestions.list
contactcenterinsights.qaScorecardRevisions.get
contactcenterinsights.qaScorecardRevisions.list
contactcenterinsights.qaScorecards.get
contactcenterinsights.qaScorecards.list
contactcenterinsights.settings.get
contactcenterinsights.views.get
contactcenterinsights.views.list
|
GKE Security Posture Viewer
Beta
(roles/containersecurity.viewer )
Read-only access to GKE Security Posture resources.
|
container.clusters.list
containersecurity.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Content Warehouse Admin
(roles/contentwarehouse.admin )
Grants full access to all the resources in Content Warehouse
|
contentwarehouse.corpora.*
contentwarehouse.dataExportJobs.*
contentwarehouse.documentSchemas.*
contentwarehouse.documents.*
contentwarehouse.locations.*
contentwarehouse.operations.get
contentwarehouse.rawDocuments.*
contentwarehouse.ruleSets.*
contentwarehouse.synonymSets.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Content Warehouse Document Admin
(roles/contentwarehouse.documentAdmin )
Grants full access to the document resource in Content Warehouse
|
contentwarehouse.documentSchemas.get
contentwarehouse.documents.create
contentwarehouse.documents.delete
contentwarehouse.documents.get
contentwarehouse.documents.getIamPolicy
contentwarehouse.documents.setIamPolicy
contentwarehouse.documents.update
contentwarehouse.links.*
contentwarehouse.locations.getStatus
contentwarehouse.rawDocuments.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Content Warehouse document creator
(roles/contentwarehouse.documentCreator )
Grants access to create document in Content Warehouse
|
contentwarehouse.documentSchemas.get
contentwarehouse.documentSchemas.list
contentwarehouse.documents.create
contentwarehouse.locations.getStatus
resourcemanager.projects.get
resourcemanager.projects.list
|
Content Warehouse Document Editor
(roles/contentwarehouse.documentEditor )
Grants access to update document resource in Content Warehouse
|
contentwarehouse.documentSchemas.get
contentwarehouse.documents.get
contentwarehouse.documents.getIamPolicy
contentwarehouse.documents.update
contentwarehouse.links.*
contentwarehouse.locations.getStatus
contentwarehouse.rawDocuments.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Content Warehouse document schema viewer
(roles/contentwarehouse.documentSchemaViewer )
Grants access to view the document schemas in Content Warehouse
|
contentwarehouse.documentSchemas.get
contentwarehouse.documentSchemas.list
contentwarehouse.locations.getStatus
resourcemanager.projects.get
resourcemanager.projects.list
|
Content Warehouse Viewer
(roles/contentwarehouse.documentViewer )
Grants access to view all the resources in Content Warehouse
|
contentwarehouse.documentSchemas.get
contentwarehouse.documents.get
contentwarehouse.documents.getIamPolicy
contentwarehouse.links.get
contentwarehouse.locations.getStatus
contentwarehouse.rawDocuments.download
resourcemanager.projects.get
resourcemanager.projects.list
|
Database center viewer
Beta
(roles/databasecenter.viewer )
Viewer role for Database Center resource data
|
cloudaicompanion.entitlements.get
databasecenter.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Events Service viewer
Beta
(roles/databaseinsights.eventsViewer )
Viewer role for Events Service data
|
databaseinsights.aggregatedEvents.query
databaseinsights.clusterEvents.query
databaseinsights.instanceEvents.query
|
Database Insights monitoring viewer
Beta
(roles/databaseinsights.monitoringViewer )
Viewer role for Database Insights monitoring data
|
databaseinsights.activeQueries.fetch
databaseinsights.activitySummary.fetch
databaseinsights.aggregatedStats.query
databaseinsights.locations.*
databaseinsights.timeSeries.query
databaseinsights.workloadRecommendations.fetch
resourcemanager.projects.get
resourcemanager.projects.list
|
Database Insights performing operations
Beta
(roles/databaseinsights.operationsAdmin )
Admin role for performing Database Insights operations
|
databaseinsights.activeQuery.terminate
|
Database Insights recommendation viewer
Beta
(roles/databaseinsights.recommendationViewer )
Viewer role for Database Insights recommendation data
|
databaseinsights.locations.*
databaseinsights.recommendations.query
databaseinsights.resourceRecommendations.query
databaseinsights.workloadRecommendations.fetch
resourcemanager.projects.get
resourcemanager.projects.list
|
Database Insights viewer
Beta
(roles/databaseinsights.viewer )
Viewer role for Database Insights data
|
databaseinsights.activeQueries.fetch
databaseinsights.activitySummary.fetch
databaseinsights.aggregatedStats.query
databaseinsights.locations.*
databaseinsights.recommendations.query
databaseinsights.resourceRecommendations.query
databaseinsights.timeSeries.query
databaseinsights.workloadRecommendations.fetch
resourcemanager.projects.get
resourcemanager.projects.list
|
Data Lineage Administrator
(roles/datalineage.admin )
Grants full access to all resources in Data Lineage API
|
datalineage.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Data Lineage Editor
(roles/datalineage.editor )
Grants edit access to all resources in Data Lineage API
|
datalineage.events.*
datalineage.locations.searchLinks
datalineage.operations.get
datalineage.processes.create
datalineage.processes.get
datalineage.processes.list
datalineage.processes.update
datalineage.runs.create
datalineage.runs.get
datalineage.runs.list
datalineage.runs.update
resourcemanager.projects.get
resourcemanager.projects.list
|
Data Lineage Events Producer
(roles/datalineage.producer )
Grants access to creating all resources in Data Lineage API
|
datalineage.events.create
datalineage.processes.create
datalineage.processes.get
datalineage.processes.update
datalineage.runs.create
datalineage.runs.get
datalineage.runs.update
resourcemanager.projects.get
resourcemanager.projects.list
|
Data Lineage Viewer
(roles/datalineage.viewer )
Grants read access to all resources in Data Lineage API
|
datalineage.events.get
datalineage.events.list
datalineage.locations.searchLinks
datalineage.processes.get
datalineage.processes.list
datalineage.runs.get
datalineage.runs.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Data Processing Controls Resource Admin
(roles/dataprocessing.admin )
Data processing controls admin who can fully manage data processing controls settings and view all datasource data.
|
billing.accounts.get
billing.accounts.list
dataprocessing.*
|
Data Processing Controls Data Source Manager
(roles/dataprocessing.dataSourceManager )
Data processing controls data source manager who can get, list, and update the underlying data.
|
dataprocessing.datasources.list
dataprocessing.datasources.update
|
Dataproc Resource Manager Admin
Beta
(roles/dataprocrm.admin )
Grants full access to all Dataproc Resource Manager resources. Intended for users that need to create and delete any Dataproc Resource Manager resources.
|
dataprocrm.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Dataproc Resource Manager Viewer
Beta
(roles/dataprocrm.viewer )
Grants read access to all Dataproc Resource Manager resources. Intended for users that need read-only access to Dataproc Resource Manager resources.
|
dataprocrm.locations.*
dataprocrm.nodePools.get
dataprocrm.nodePools.list
dataprocrm.nodes.get
dataprocrm.nodes.list
dataprocrm.nodes.mintOAuthToken
dataprocrm.operations.get
dataprocrm.operations.list
dataprocrm.workloads.get
dataprocrm.workloads.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Developer Connect Admin
Beta
(roles/developerconnect.admin )
Full access to Developer Connect resources.
|
developerconnect.connections.*
developerconnect.gitRepositoryLinks.create
developerconnect.gitRepositoryLinks.delete
developerconnect.gitRepositoryLinks.fetchGitRefs
developerconnect.gitRepositoryLinks.get
developerconnect.gitRepositoryLinks.list
developerconnect.locations.*
developerconnect.operations.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Developer Connect Read Token Accessor
Beta
(roles/developerconnect.readTokenAccessor )
Grants access to Read-Only tokens (both PAT and short-lived). Also grants access to view the git repository link.
|
developerconnect.connections.get
developerconnect.gitRepositoryLinks.fetchReadToken
developerconnect.gitRepositoryLinks.get
|
Developer Connect Token Accessor
Beta
(roles/developerconnect.tokenAccessor )
Grants access to Read/Write and Read-Only tokens (both PAT and short-lived). Also grants access to view the git repository link.
|
developerconnect.connections.get
developerconnect.gitRepositoryLinks.fetchReadToken
developerconnect.gitRepositoryLinks.fetchReadWriteToken
developerconnect.gitRepositoryLinks.get
|
Developer Connect User
Beta
(roles/developerconnect.user )
Grants access to view the connection and to the features that interact with the actual repository such as reading content from the repository
|
developerconnect.connections.fetchGitHubInstallations
developerconnect.connections.fetchLinkableGitRepositories
developerconnect.connections.get
developerconnect.connections.list
developerconnect.gitRepositoryLinks.fetchGitRefs
developerconnect.gitRepositoryLinks.get
developerconnect.gitRepositoryLinks.list
developerconnect.locations.*
developerconnect.operations.get
developerconnect.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Developer Connect Viewer
Beta
(roles/developerconnect.viewer )
Readonly access to Developer Connect resources.
|
developerconnect.connections.get
developerconnect.connections.list
developerconnect.gitRepositoryLinks.get
developerconnect.gitRepositoryLinks.list
developerconnect.locations.*
developerconnect.operations.get
developerconnect.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Discovery Engine Admin
(roles/discoveryengine.admin )
Grants full access to all discoveryengine resources.
|
discoveryengine.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Discovery Engine Editor
(roles/discoveryengine.editor )
Grants read and write access to all discovery engine resources.
|
discoveryengine.aclConfigs.get
discoveryengine.analytics.*
discoveryengine.answers.get
discoveryengine.branches.*
discoveryengine.cmekConfigs.get
discoveryengine.cmekConfigs.list
discoveryengine.collections.get
discoveryengine.collections.list
discoveryengine.completionConfigs.completeQuery
discoveryengine.completionConfigs.get
discoveryengine.controls.get
discoveryengine.controls.list
discoveryengine.conversations.*
discoveryengine.dataStores.completeQuery
discoveryengine.dataStores.get
discoveryengine.dataStores.list
discoveryengine.documentProcessingConfigs.get
discoveryengine.documents.batchGetDocumentsMetadata
discoveryengine.documents.create
discoveryengine.documents.delete
discoveryengine.documents.get
discoveryengine.documents.import
discoveryengine.documents.list
discoveryengine.documents.update
discoveryengine.engines.get
discoveryengine.engines.list
discoveryengine.engines.pause
discoveryengine.engines.resume
discoveryengine.engines.tune
discoveryengine.evaluations.get
discoveryengine.evaluations.list
discoveryengine.groundingConfigs.check
discoveryengine.models.*
discoveryengine.operations.*
discoveryengine.projects.get
discoveryengine.rankingConfigs.rank
discoveryengine.sampleQueries.*
discoveryengine.sampleQuerySets.*
discoveryengine.schemas.get
discoveryengine.schemas.list
discoveryengine.schemas.preview
discoveryengine.schemas.validate
discoveryengine.servingConfigs.answer
discoveryengine.servingConfigs.get
discoveryengine.servingConfigs.list
discoveryengine.servingConfigs.recommend
discoveryengine.servingConfigs.search
discoveryengine.sessions.*
discoveryengine.siteSearchEngines.get
discoveryengine.targetSites.get
discoveryengine.targetSites.list
discoveryengine.userEvents.create
discoveryengine.userEvents.fetchStats
discoveryengine.userEvents.import
discoveryengine.widgetConfigs.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Discovery Engine User
Beta
(roles/discoveryengine.user )
Grants user-level access to Discovery Engine resources.
|
discoveryengine.answers.get
discoveryengine.completionConfigs.completeQuery
discoveryengine.servingConfigs.answer
discoveryengine.servingConfigs.search
discoveryengine.sessions.delete
discoveryengine.sessions.get
discoveryengine.sessions.list
discoveryengine.sessions.update
|
Discovery Engine Viewer
(roles/discoveryengine.viewer )
Grants read access to all discovery engine resources.
|
discoveryengine.aclConfigs.get
discoveryengine.analytics.*
discoveryengine.answers.get
discoveryengine.branches.*
discoveryengine.cmekConfigs.get
discoveryengine.cmekConfigs.list
discoveryengine.collections.get
discoveryengine.collections.list
discoveryengine.completionConfigs.completeQuery
discoveryengine.completionConfigs.get
discoveryengine.controls.get
discoveryengine.controls.list
discoveryengine.conversations.converse
discoveryengine.conversations.get
discoveryengine.conversations.list
discoveryengine.dataStores.completeQuery
discoveryengine.dataStores.get
discoveryengine.dataStores.list
discoveryengine.documentProcessingConfigs.get
discoveryengine.documents.batchGetDocumentsMetadata
discoveryengine.documents.get
discoveryengine.documents.list
discoveryengine.engines.get
discoveryengine.engines.list
discoveryengine.evaluations.get
discoveryengine.evaluations.list
discoveryengine.groundingConfigs.check
discoveryengine.models.get
discoveryengine.models.list
discoveryengine.operations.*
discoveryengine.projects.get
discoveryengine.rankingConfigs.rank
discoveryengine.sampleQueries.get
discoveryengine.sampleQueries.list
discoveryengine.sampleQuerySets.get
discoveryengine.sampleQuerySets.list
discoveryengine.schemas.get
discoveryengine.schemas.list
discoveryengine.schemas.preview
discoveryengine.schemas.validate
discoveryengine.servingConfigs.answer
discoveryengine.servingConfigs.get
discoveryengine.servingConfigs.list
discoveryengine.servingConfigs.recommend
discoveryengine.servingConfigs.search
discoveryengine.sessions.get
discoveryengine.sessions.list
discoveryengine.siteSearchEngines.get
discoveryengine.targetSites.get
discoveryengine.targetSites.list
discoveryengine.userEvents.fetchStats
discoveryengine.widgetConfigs.get
resourcemanager.projects.get
resourcemanager.projects.list
|
Enterprise Purchasing Admin
Beta
(roles/enterprisepurchasing.admin )
Full access to Enterprise Purchasing resources.
|
enterprisepurchasing.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Enterprise Purchasing Editor
Beta
(roles/enterprisepurchasing.editor )
Edit access to Enterprise Purchasing resources.
|
enterprisepurchasing.gcveCuds.get
enterprisepurchasing.gcveCuds.list
enterprisepurchasing.gcveNodePricingInfo.list
enterprisepurchasing.locations.*
enterprisepurchasing.operations.get
enterprisepurchasing.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Enterprise Purchasing Viewer
Beta
(roles/enterprisepurchasing.viewer )
Readonly access to Enterprise Purchasing resources.
|
enterprisepurchasing.gcveCuds.get
enterprisepurchasing.gcveCuds.list
enterprisepurchasing.gcveNodePricingInfo.list
enterprisepurchasing.locations.*
enterprisepurchasing.operations.get
enterprisepurchasing.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
(roles/essentialcontacts.admin )
Full access to all essential contacts
|
essentialcontacts.*
|
(roles/essentialcontacts.viewer )
Viewer for all essential contacts
|
essentialcontacts.contacts.get
essentialcontacts.contacts.list
|
Firebase Cloud Messaging API Admin
Beta
(roles/firebasecloudmessaging.admin )
Full read/write access to Firebase Cloud Messaging API resources.
|
cloudmessaging.messages.create
fcmdata.deliverydata.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Firebase Crash Symbol Uploader
(roles/firebasecrash.symbolMappingsAdmin )
Full read/write access to symbol mapping file resources for Firebase Crash Reporting.
|
firebase.clients.get
firebase.clients.list
resourcemanager.projects.get
|
Firebase Data Connect API Admin
Beta
(roles/firebasedataconnect.admin )
Full access to Firebase Data Connect API resources, including data.
|
firebasedataconnect.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Firebase Data Connect API Data Admin
Beta
(roles/firebasedataconnect.dataAdmin )
Full access to data sources.
|
firebasedataconnect.services.executeGraphql
firebasedataconnect.services.executeGraphqlRead
|
Firebase Data Connect API Data Viewer
Beta
(roles/firebasedataconnect.dataViewer )
Readonly access to data sources.
|
firebasedataconnect.services.executeGraphqlRead
|
Firebase Data Connect API Viewer
Beta
(roles/firebasedataconnect.viewer )
Readonly access to Firebase Data Connect API resources. Role does not grant access to data.
|
firebasedataconnect.connectorRevisions.get
firebasedataconnect.connectorRevisions.list
firebasedataconnect.connectors.get
firebasedataconnect.connectors.list
firebasedataconnect.locations.*
firebasedataconnect.operations.get
firebasedataconnect.operations.list
firebasedataconnect.schemaRevisions.get
firebasedataconnect.schemaRevisions.list
firebasedataconnect.schemas.get
firebasedataconnect.schemas.list
firebasedataconnect.services.get
firebasedataconnect.services.list
resourcemanager.projects.get
resourcemanager.projects.list
|
GDC Hardware Management Admin
Beta
(roles/gdchardwaremanagement.admin )
Full access to GDC Hardware Management resources.
|
gdchardwaremanagement.*
resourcemanager.projects.get
resourcemanager.projects.list
|
GDC Hardware Management Operator
Beta
(roles/gdchardwaremanagement.operator )
Create, read, and update access to GDC Hardware Management resources that support those operations. Also grants delete access to HardwareGroup resource.
|
gdchardwaremanagement.changeLogEntries.*
gdchardwaremanagement.comments.*
gdchardwaremanagement.hardware.*
gdchardwaremanagement.hardwareGroups.*
gdchardwaremanagement.locations.*
gdchardwaremanagement.operations.get
gdchardwaremanagement.operations.list
gdchardwaremanagement.orders.create
gdchardwaremanagement.orders.get
gdchardwaremanagement.orders.list
gdchardwaremanagement.orders.update
gdchardwaremanagement.sites.*
gdchardwaremanagement.skus.*
gdchardwaremanagement.zones.*
resourcemanager.projects.get
resourcemanager.projects.list
|
GDC Hardware Management Reader
Beta
(roles/gdchardwaremanagement.reader )
Readonly access to GDC Hardware Management resources.
|
gdchardwaremanagement.changeLogEntries.*
gdchardwaremanagement.comments.get
gdchardwaremanagement.comments.list
gdchardwaremanagement.hardware.get
gdchardwaremanagement.hardware.list
gdchardwaremanagement.hardwareGroups.get
gdchardwaremanagement.hardwareGroups.list
gdchardwaremanagement.locations.*
gdchardwaremanagement.operations.get
gdchardwaremanagement.operations.list
gdchardwaremanagement.orders.get
gdchardwaremanagement.orders.list
gdchardwaremanagement.sites.get
gdchardwaremanagement.sites.list
gdchardwaremanagement.skus.*
gdchardwaremanagement.zones.get
gdchardwaremanagement.zones.list
resourcemanager.projects.get
resourcemanager.projects.list
|
(roles/identityplatform.admin )
Full access to Identity Platform resources.
|
firebaseauth.*
identitytoolkit.*
|
(roles/identityplatform.viewer )
Read access to Identity Platform resources.
|
firebaseauth.configs.get
firebaseauth.users.get
identitytoolkit.tenants.get
identitytoolkit.tenants.getIamPolicy
identitytoolkit.tenants.list
|
(roles/identitytoolkit.admin )
Full access to Identity Toolkit resources.
|
firebaseauth.*
identitytoolkit.*
|
(roles/identitytoolkit.viewer )
Read access to Identity Toolkit resources.
|
firebaseauth.configs.get
firebaseauth.users.get
identitytoolkit.tenants.get
identitytoolkit.tenants.getIamPolicy
identitytoolkit.tenants.list
|
Apigee Integration Admin
(roles/integrations.apigeeIntegrationAdminRole )
A user that has full access to all Apigee integrations.
|
connectors.actions.*
connectors.connections.executeSqlQuery
connectors.entities.*
connectors.entityTypes.list
integrations.apigeeAuthConfigs.*
integrations.apigeeCertificates.*
integrations.apigeeExecutions.list
integrations.apigeeIntegrationVers.*
integrations.apigeeIntegrations.*
integrations.apigeeSfdcChannels.*
integrations.apigeeSfdcInstances.*
integrations.apigeeSuspensions.*
integrations.authConfigs.*
integrations.certificates.*
integrations.executions.get
integrations.executions.list
integrations.integrationVersions.create
integrations.integrationVersions.delete
integrations.integrationVersions.deploy
integrations.integrationVersions.get
integrations.integrationVersions.list
integrations.integrationVersions.update
integrations.integrations.create
integrations.integrations.delete
integrations.integrations.deploy
integrations.integrations.get
integrations.integrations.invoke
integrations.integrations.list
integrations.integrations.update
integrations.sfdcChannels.*
integrations.sfdcInstances.*
integrations.suspensions.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Apigee Integration Deployer
(roles/integrations.apigeeIntegrationDeployerRole )
A developer that can deploy/undeploy Apigee integrations to the integration runtime.
|
integrations.apigeeIntegrationVers.deploy
integrations.apigeeIntegrationVers.get
integrations.apigeeIntegrationVers.list
integrations.apigeeIntegrations.list
integrations.integrationVersions.deploy
integrations.integrationVersions.get
integrations.integrationVersions.list
integrations.integrations.deploy
integrations.integrations.get
integrations.integrations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Apigee Integration Editor
(roles/integrations.apigeeIntegrationEditorRole )
A developer that can list, create and update Apigee integrations.
|
connectors.actions.*
connectors.connections.executeSqlQuery
connectors.entities.*
connectors.entityTypes.list
integrations.apigeeAuthConfigs.create
integrations.apigeeAuthConfigs.get
integrations.apigeeAuthConfigs.list
integrations.apigeeAuthConfigs.update
integrations.apigeeCertificates.create
integrations.apigeeCertificates.get
integrations.apigeeCertificates.list
integrations.apigeeCertificates.update
integrations.apigeeExecutions.list
integrations.apigeeIntegrationVers.*
integrations.apigeeIntegrations.*
integrations.apigeeSfdcChannels.create
integrations.apigeeSfdcChannels.get
integrations.apigeeSfdcChannels.list
integrations.apigeeSfdcChannels.update
integrations.apigeeSfdcInstances.create
integrations.apigeeSfdcInstances.get
integrations.apigeeSfdcInstances.list
integrations.apigeeSfdcInstances.update
integrations.authConfigs.create
integrations.authConfigs.get
integrations.authConfigs.list
integrations.authConfigs.update
integrations.certificates.get
integrations.executions.get
integrations.executions.list
integrations.integrationVersions.create
integrations.integrationVersions.delete
integrations.integrationVersions.deploy
integrations.integrationVersions.get
integrations.integrationVersions.list
integrations.integrationVersions.update
integrations.integrations.create
integrations.integrations.get
integrations.integrations.invoke
integrations.integrations.list
integrations.integrations.update
integrations.sfdcChannels.*
integrations.sfdcInstances.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Apigee Integration Invoker
(roles/integrations.apigeeIntegrationInvokerRole )
A role that can invoke Apigee integrations.
|
connectors.actions.*
connectors.connections.executeSqlQuery
connectors.entities.*
connectors.entityTypes.list
integrations.apigeeExecutions.list
integrations.apigeeIntegrationVers.get
integrations.apigeeIntegrationVers.list
integrations.apigeeIntegrations.*
integrations.executions.get
integrations.executions.list
integrations.integrationVersions.get
integrations.integrationVersions.invoke
integrations.integrationVersions.list
integrations.integrations.get
integrations.integrations.invoke
integrations.integrations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Apigee Integration Viewer
(roles/integrations.apigeeIntegrationsViewer )
A developer that can list and view Apigee integrations.
|
integrations.apigeeAuthConfigs.list
integrations.apigeeCertificates.list
integrations.apigeeIntegrationVers.get
integrations.apigeeIntegrationVers.list
integrations.apigeeIntegrations.list
integrations.apigeeSfdcChannels.list
integrations.apigeeSfdcInstances.list
integrations.authConfigs.get
integrations.authConfigs.list
integrations.certificates.get
integrations.certificates.list
integrations.executions.get
integrations.executions.list
integrations.integrationVersions.get
integrations.integrationVersions.list
integrations.integrations.get
integrations.integrations.list
integrations.sfdcChannels.list
integrations.sfdcInstances.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Apigee Integration Approver
(roles/integrations.apigeeSuspensionResolver )
A role that can approve / reject Apigee integrations that contain a suspension/wait task.
|
integrations.apigeeSuspensions.*
integrations.suspensions.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Certificate Viewer
(roles/integrations.certificateViewer )
A developer that can list and view Certificates.
|
integrations.certificates.get
resourcemanager.projects.get
resourcemanager.projects.list
|
Application Integration Admin
(roles/integrations.integrationAdmin )
A user that has full access (CRUD) to all integrations.
|
integrations.apigeeAuthConfigs.*
integrations.apigeeCertificates.*
integrations.apigeeExecutions.list
integrations.apigeeIntegrationVers.*
integrations.apigeeIntegrations.*
integrations.apigeeSfdcChannels.*
integrations.apigeeSfdcInstances.*
integrations.apigeeSuspensions.*
integrations.authConfigs.*
integrations.certificates.*
integrations.executions.*
integrations.integrationVersions.create
integrations.integrationVersions.delete
integrations.integrationVersions.deploy
integrations.integrationVersions.get
integrations.integrationVersions.list
integrations.integrationVersions.update
integrations.integrations.*
integrations.sfdcChannels.*
integrations.sfdcInstances.*
integrations.suspensions.*
integrations.testCases.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Application Integration Deployer
(roles/integrations.integrationDeployer )
A developer that can deploy/undeploy integrations to the integration runtime.
|
integrations.apigeeIntegrationVers.deploy
integrations.apigeeIntegrationVers.get
integrations.apigeeIntegrationVers.list
integrations.apigeeIntegrations.list
integrations.integrationVersions.deploy
integrations.integrationVersions.get
integrations.integrationVersions.list
integrations.integrations.deploy
integrations.integrations.get
integrations.integrations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Application Integration Editor
(roles/integrations.integrationEditor )
A developer that can list, create and update integrations.
|
integrations.apigeeAuthConfigs.create
integrations.apigeeAuthConfigs.get
integrations.apigeeAuthConfigs.list
integrations.apigeeAuthConfigs.update
integrations.apigeeCertificates.create
integrations.apigeeCertificates.get
integrations.apigeeCertificates.list
integrations.apigeeCertificates.update
integrations.apigeeExecutions.list
integrations.apigeeIntegrationVers.*
integrations.apigeeIntegrations.*
integrations.apigeeSfdcChannels.create
integrations.apigeeSfdcChannels.get
integrations.apigeeSfdcChannels.list
integrations.apigeeSfdcChannels.update
integrations.apigeeSfdcInstances.create
integrations.apigeeSfdcInstances.get
integrations.apigeeSfdcInstances.list
integrations.apigeeSfdcInstances.update
integrations.authConfigs.create
integrations.authConfigs.get
integrations.authConfigs.list
integrations.authConfigs.update
integrations.certificates.get
integrations.executions.*
integrations.integrationVersions.create
integrations.integrationVersions.delete
integrations.integrationVersions.deploy
integrations.integrationVersions.get
integrations.integrationVersions.list
integrations.integrationVersions.update
integrations.integrations.create
integrations.integrations.generateOpenApiSpec
integrations.integrations.get
integrations.integrations.invoke
integrations.integrations.list
integrations.integrations.update
integrations.sfdcChannels.*
integrations.sfdcInstances.*
integrations.testCases.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Application Integration Invoker
(roles/integrations.integrationInvoker )
A role that can invoke integrations.
|
integrations.apigeeExecutions.list
integrations.apigeeIntegrationVers.get
integrations.apigeeIntegrationVers.list
integrations.apigeeIntegrations.*
integrations.executions.*
integrations.integrationVersions.get
integrations.integrationVersions.invoke
integrations.integrationVersions.list
integrations.integrations.get
integrations.integrations.invoke
integrations.integrations.list
integrations.testCases.get
integrations.testCases.invoke
integrations.testCases.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Application Integration Viewer
(roles/integrations.integrationViewer )
A developer that can list and view integrations.
|
integrations.apigeeAuthConfigs.list
integrations.apigeeCertificates.list
integrations.apigeeIntegrationVers.get
integrations.apigeeIntegrationVers.list
integrations.apigeeIntegrations.list
integrations.apigeeSfdcChannels.list
integrations.apigeeSfdcInstances.list
integrations.authConfigs.get
integrations.authConfigs.list
integrations.certificates.get
integrations.certificates.list
integrations.executions.get
integrations.executions.list
integrations.integrationVersions.get
integrations.integrationVersions.list
integrations.integrations.generateOpenApiSpec
integrations.integrations.get
integrations.integrations.list
integrations.sfdcChannels.list
integrations.sfdcInstances.list
integrations.testCases.get
integrations.testCases.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Security Integration Admin
Beta
(roles/integrations.securityIntegrationAdmin )
A user that has full access to all Security integrations.
|
integrations.securityAuthConfigs.*
integrations.securityExecutions.*
integrations.securityIntegTempVers.*
integrations.securityIntegrationVers.*
integrations.securityIntegrations.*
|
Application Integration SFDC Instance Admin
(roles/integrations.sfdcInstanceAdmin )
A user that has full access (CRUD) to all SFDC instances.
|
integrations.sfdcChannels.*
integrations.sfdcInstances.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Application Integration SFDC Instance Editor
(roles/integrations.sfdcInstanceEditor )
A developer that can list, create and update integrations.
|
integrations.sfdcChannels.create
integrations.sfdcChannels.get
integrations.sfdcChannels.list
integrations.sfdcChannels.update
integrations.sfdcInstances.create
integrations.sfdcInstances.get
integrations.sfdcInstances.list
integrations.sfdcInstances.update
resourcemanager.projects.get
resourcemanager.projects.list
|
Application Integration SFDC Instance Viewer
(roles/integrations.sfdcInstanceViewer )
A developer that can list and view SFDC instances.
|
integrations.sfdcChannels.get
integrations.sfdcChannels.list
integrations.sfdcInstances.get
integrations.sfdcInstances.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Application Integration Approver
(roles/integrations.suspensionResolver )
A role that can resolve suspended integrations.
|
integrations.apigeeSuspensions.*
integrations.suspensions.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Issuerswitch Account Manager Admin
Beta
(roles/issuerswitch.accountManagerAdmin )
This role can perform all account manager related operations
|
issuerswitch.accountManagerTransactions.*
issuerswitch.managedAccounts.*
issuerswitch.operations.get
issuerswitch.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Issuerswitch Account Manager Transactions Admin
Beta
(roles/issuerswitch.accountManagerTransactionsAdmin )
This role can perform all account manager transactions related operations
|
issuerswitch.accountManagerTransactions.*
issuerswitch.operations.get
issuerswitch.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Issuerswitch Account Manager Transactions Viewer
Beta
(roles/issuerswitch.accountManagerTransactionsViewer )
This role can view all account manager transactions
|
issuerswitch.accountManagerTransactions.list
issuerswitch.operations.get
issuerswitch.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Issuerswitch Admin
Beta
(roles/issuerswitch.admin )
Access to all issuer switch roles
|
issuerswitch.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Issuerswitch Participants Admin
Beta
(roles/issuerswitch.issuerParticipantsAdmin )
Full access to issuer switch participants
|
issuerswitch.issuerParticipants.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Issuerswitch Resolutions Admin
Beta
(roles/issuerswitch.resolutionsAdmin )
Full access to issuer switch resolutions
|
issuerswitch.complaintTransactions.list
issuerswitch.complaints.*
issuerswitch.disputes.*
issuerswitch.operations.get
resourcemanager.projects.get
resourcemanager.projects.list
|
Issuerswitch Rules Admin
Beta
(roles/issuerswitch.rulesAdmin )
Full access to issuer switch rules
|
issuerswitch.ruleMetadata.list
issuerswitch.ruleMetadataValues.*
issuerswitch.rules.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Issuerswitch Rules Viewer
Beta
(roles/issuerswitch.rulesViewer )
This role can view rules and related metadata.
|
issuerswitch.ruleMetadata.list
issuerswitch.ruleMetadataValues.list
issuerswitch.rules.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Issuerswitch Transactions Viewer
Beta
(roles/issuerswitch.transactionsViewer )
This role can view all transactions
|
issuerswitch.complaintTransactions.list
issuerswitch.financialTransactions.list
issuerswitch.mandateTransactions.list
issuerswitch.metadataTransactions.list
issuerswitch.operations.get
issuerswitch.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
(roles/kubernetesmetadata.publisher )
Publisher of Kubernetes clusters metadata
|
kubernetesmetadata.*
|
Cloud License Manager Admin
(roles/licensemanager.admin )
Full access to Cloud License Manager resources.
|
licensemanager.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Cloud License Manager Viewer
(roles/licensemanager.viewer )
Readonly access to Cloud License Manager resources.
|
licensemanager.configurations.get
licensemanager.configurations.list
licensemanager.instances.*
licensemanager.locations.*
licensemanager.operations.get
licensemanager.operations.list
licensemanager.products.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Managed Flink Admin
Beta
(roles/managedflink.admin )
Full access to Managed Flink resources.
|
managedflink.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Managed Flink Developer
Beta
(roles/managedflink.developer )
Full access to Managed Flink Jobs and Sessions and read access to Deployments.
|
managedflink.deployments.get
managedflink.deployments.list
managedflink.jobs.*
managedflink.locations.*
managedflink.operations.get
managedflink.operations.list
managedflink.sessions.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Managed Flink Viewer
Beta
(roles/managedflink.viewer )
Readonly access to Managed Flink resources.
|
managedflink.deployments.get
managedflink.deployments.list
managedflink.jobs.get
managedflink.jobs.list
managedflink.locations.*
managedflink.operations.get
managedflink.operations.list
managedflink.sessions.get
managedflink.sessions.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Managed Kafka Admin
Beta
(roles/managedkafka.admin )
Full access to Managed Kafka resources.
|
managedkafka.*
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
|
Managed Kafka Client
Beta
(roles/managedkafka.client )
Provides access to connect to the Kafka servers in a cluster, i.e. provides Kafka data plane access. Intended for, e.g., producers and consumers.
|
managedkafka.clusters.connect
managedkafka.clusters.get
managedkafka.clusters.list
managedkafka.consumerGroups.*
managedkafka.locations.*
managedkafka.operations.get
managedkafka.operations.list
managedkafka.topics.*
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
|
Managed Kafka Cluster Editor
Beta
(roles/managedkafka.clusterEditor )
Provides read and write access to Kafka clusters. Intended for, e.g., IT Departments that provision Kafka clusters, but need not be able to read or modify topics or consumer groups.
|
managedkafka.clusters.create
managedkafka.clusters.delete
managedkafka.clusters.get
managedkafka.clusters.list
managedkafka.clusters.update
managedkafka.consumerGroups.get
managedkafka.consumerGroups.list
managedkafka.locations.*
managedkafka.operations.get
managedkafka.operations.list
managedkafka.topics.get
managedkafka.topics.list
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
|
Managed Kafka Consumer Group Editor
Beta
(roles/managedkafka.consumerGroupEditor )
Provides read and write access to consumer group metadata. Intended for, e.g., developers who configure consumer groups.
|
managedkafka.clusters.get
managedkafka.clusters.list
managedkafka.consumerGroups.*
managedkafka.locations.*
managedkafka.operations.get
managedkafka.operations.list
managedkafka.topics.get
managedkafka.topics.list
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
|
Managed Kafka Topic Editor
Beta
(roles/managedkafka.topicEditor )
Provides read and write access to topic metadata. Intended for, e.g., developers who configure topics.
|
managedkafka.clusters.get
managedkafka.clusters.list
managedkafka.consumerGroups.get
managedkafka.consumerGroups.list
managedkafka.locations.*
managedkafka.operations.get
managedkafka.operations.list
managedkafka.topics.*
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
|
Managed Kafka Viewer
Beta
(roles/managedkafka.viewer )
Readonly access to Managed Kafka resources.
|
managedkafka.clusters.get
managedkafka.clusters.list
managedkafka.consumerGroups.get
managedkafka.consumerGroups.list
managedkafka.locations.*
managedkafka.operations.get
managedkafka.operations.list
managedkafka.topics.get
managedkafka.topics.list
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
|
Mandiant Attack Surface Management Editor
Beta
(roles/mandiant.attackSurfaceManagementEditor )
Access to write Attack Surface Management
|
mandiant.genericAttackSurfaceManagements.create
mandiant.genericAttackSurfaceManagements.delete
mandiant.genericAttackSurfaceManagements.update
mandiant.genericPlatforms.create
mandiant.genericPlatforms.delete
mandiant.genericPlatforms.update
resourcemanager.projects.get
resourcemanager.projects.list
|
Mandiant Attack Surface Management Viewer
Beta
(roles/mandiant.attackSurfaceManagementViewer )
Access to read Attack Surface Management
|
mandiant.genericAttackSurfaceManagements.get
mandiant.genericPlatforms.get
resourcemanager.projects.get
resourcemanager.projects.list
|
Mandiant Digital Threat Monitoring Editor
Beta
(roles/mandiant.digitalThreatMonitoringEditor )
Access to write Digital Threat Monitoring
|
mandiant.genericDigitalThreatMonitorings.create
mandiant.genericDigitalThreatMonitorings.update
mandiant.genericPlatforms.create
mandiant.genericPlatforms.update
resourcemanager.projects.get
resourcemanager.projects.list
|
Mandiant Digital Threat Monitoring Viewer
Beta
(roles/mandiant.digitalThreatMonitoringViewer )
Access to read Digital Threat Monitoring
|
mandiant.genericDigitalThreatMonitorings.get
mandiant.genericPlatforms.get
resourcemanager.projects.get
resourcemanager.projects.list
|
Mandiant Expertise On Demand Editor
Beta
(roles/mandiant.expertiseOnDemandEditor )
Access to write Expertise On Demand
|
mandiant.genericExpertiseOnDemands.create
mandiant.genericExpertiseOnDemands.delete
mandiant.genericExpertiseOnDemands.update
mandiant.genericPlatforms.create
mandiant.genericPlatforms.delete
mandiant.genericPlatforms.update
resourcemanager.projects.get
resourcemanager.projects.list
|
Mandiant Expertise On Demand Viewer
Beta
(roles/mandiant.expertiseOnDemandViewer )
Access to read Expertise On Demand
|
mandiant.genericExpertiseOnDemands.get
mandiant.genericPlatforms.get
resourcemanager.projects.get
resourcemanager.projects.list
|
Mandiant Threat Intel Editor
Beta
(roles/mandiant.threatIntelEditor )
Access to write Threat Intel
|
mandiant.genericPlatforms.create
mandiant.genericPlatforms.delete
mandiant.genericPlatforms.update
mandiant.genericThreatIntels.create
mandiant.genericThreatIntels.delete
mandiant.genericThreatIntels.update
resourcemanager.projects.get
resourcemanager.projects.list
|
Mandiant Threat Intel Viewer
Beta
(roles/mandiant.threatIntelViewer )
Access to read Threat Intel
|
mandiant.genericPlatforms.get
mandiant.genericThreatIntels.get
resourcemanager.projects.get
resourcemanager.projects.list
|
Mandiant Validation Editor
Beta
(roles/mandiant.validationEditor )
Access to write Validation
|
mandiant.genericPlatforms.create
mandiant.genericPlatforms.delete
mandiant.genericPlatforms.update
mandiant.genericValidations.create
mandiant.genericValidations.delete
mandiant.genericValidations.update
resourcemanager.projects.get
resourcemanager.projects.list
|
Mandiant Validation Viewer
Beta
(roles/mandiant.validationViewer )
Access to read Validation
|
mandiant.genericPlatforms.get
mandiant.genericValidations.get
resourcemanager.projects.get
resourcemanager.projects.list
|
Mobility Solutions Overages Viewer
Beta
(roles/mapsanalytics.mobilitySolutionsOverageViewer )
Grants read-only access to Mobility Solutions Overages metric data.
|
mapsanalytics.metricData.queryMobilitySolutionsOverageData
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.services.list
|
Maps Analytics Viewer
Beta
(roles/mapsanalytics.viewer )
Grants read-only access to all of the Maps Analytics resources.
|
mapsanalytics.metricData.query
mapsanalytics.metricMetadata.list
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.services.list
|
(roles/mapsplatformdatasets.admin )
Grants read and write access to all the Maps Platform Datasets API resources
|
mapsadmin.clientStyles.*
mapsplatformdatasets.*
resourcemanager.projects.get
resourcemanager.projects.list
|
(roles/mapsplatformdatasets.viewer )
Grants read-only access to all the Maps Platform Datasets API resources
|
mapsadmin.clientStyles.get
mapsadmin.clientStyles.list
mapsplatformdatasets.datasets.export
mapsplatformdatasets.datasets.get
mapsplatformdatasets.datasets.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Marketplace Solutions Admin
Beta
(roles/marketplacesolutions.admin )
Full access to Marketplace Solutions resources.
|
marketplacesolutions.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Marketplace Solutions Editor
Beta
(roles/marketplacesolutions.editor )
Edit access to Marketplace Solutions resources.
|
marketplacesolutions.locations.*
marketplacesolutions.operations.get
marketplacesolutions.operations.list
marketplacesolutions.powerImages.*
marketplacesolutions.powerInstances.get
marketplacesolutions.powerInstances.list
marketplacesolutions.powerInstances.update
marketplacesolutions.powerNetworks.*
marketplacesolutions.powerSshKeys.*
marketplacesolutions.powerVolumes.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Marketplace Solutions Viewer
Beta
(roles/marketplacesolutions.viewer )
Readonly access to Marketplace Solutions resources.
|
marketplacesolutions.locations.*
marketplacesolutions.operations.get
marketplacesolutions.operations.list
marketplacesolutions.powerImages.*
marketplacesolutions.powerInstances.get
marketplacesolutions.powerInstances.list
marketplacesolutions.powerNetworks.*
marketplacesolutions.powerSshKeys.*
marketplacesolutions.powerVolumes.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Memorystore Admin
Beta
(roles/memorystore.admin )
Full access to Memorystore resources.
|
memorystore.instances.create
memorystore.instances.delete
memorystore.instances.get
memorystore.instances.list
memorystore.instances.update
memorystore.locations.*
memorystore.operations.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Memorystore DB Connector User
Beta
(roles/memorystore.dbConnectionUser )
Access to connecting to Memorystore Server db.
|
memorystore.instances.connect
|
Memorystore Viewer
Beta
(roles/memorystore.viewer )
Readonly access to Memorystore resources.
|
memorystore.instances.get
memorystore.instances.list
memorystore.locations.*
memorystore.operations.get
memorystore.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Google Home Developer Console Admin
(roles/nestconsole.homeDeveloperAdmin )
Admin access to Google Home Developer Console resources
|
nestconsole.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Google Home Developer Console Editor
(roles/nestconsole.homeDeveloperEditor )
Read-Write access to Google Home Developer Console resources
|
nestconsole.smarthomePreviews.update
nestconsole.smarthomeProjects.get
nestconsole.smarthomeProjects.update
nestconsole.smarthomeVersions.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Google Home Developer Console Reader
(roles/nestconsole.homeDeveloperViewer )
Read-only access to Google Home Developer Console resources
|
nestconsole.smarthomeProjects.get
nestconsole.smarthomeVersions.get
resourcemanager.projects.get
resourcemanager.projects.list
|
Google Cloud NetApp Volumes Admin
Beta
(roles/netapp.admin )
Full access to Google Cloud NetApp Volumes resources.
|
netapp.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Google Cloud NetApp Volumes Viewer
Beta
(roles/netapp.viewer )
Readonly access to Google Cloud NetApp Volumes resources.
|
netapp.activeDirectories.get
netapp.activeDirectories.list
netapp.backupPolicies.get
netapp.backupPolicies.list
netapp.backupVaults.get
netapp.backupVaults.list
netapp.backups.get
netapp.backups.list
netapp.kmsConfigs.get
netapp.kmsConfigs.list
netapp.locations.*
netapp.operations.get
netapp.operations.list
netapp.replications.get
netapp.replications.list
netapp.snapshots.get
netapp.snapshots.list
netapp.storagePools.get
netapp.storagePools.list
netapp.volumes.get
netapp.volumes.list
resourcemanager.projects.get
resourcemanager.projects.list
|
OAuth Config Editor
Beta
(roles/oauthconfig.editor )
Read/write access to OAuth config resources
|
clientauthconfig.*
oauthconfig.*
|
OAuth Config Viewer
Beta
(roles/oauthconfig.viewer )
Read-only access to OAuth config resources
|
clientauthconfig.brands.get
clientauthconfig.brands.list
clientauthconfig.clients.get
clientauthconfig.clients.list
oauthconfig.clientpolicy.get
oauthconfig.testusers.get
oauthconfig.verification.get
|
Oracle Database@Google Cloud admin
(roles/oracledatabase.admin )
Grants full access to manage all Oracle Database resources.
|
oracledatabase.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Oracle Database@Google Cloud Autonomous Database Admin
(roles/oracledatabase.autonomousDatabaseAdmin )
Grants full access to manage all Autonomous Database resources.
|
oracledatabase.autonomousDatabaseBackups.*
oracledatabase.autonomousDatabaseCharacterSets.list
oracledatabase.autonomousDatabases.*
oracledatabase.autonomousDbVersions.list
oracledatabase.entitlements.list
oracledatabase.locations.*
oracledatabase.operations.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Oracle Database@Google Cloud Autonomous Database Viewer
(roles/oracledatabase.autonomousDatabaseViewer )
Grants read access to see all Autonomous Database resources.
|
oracledatabase.autonomousDatabaseBackups.get
oracledatabase.autonomousDatabaseBackups.list
oracledatabase.autonomousDatabaseCharacterSets.list
oracledatabase.autonomousDatabases.get
oracledatabase.autonomousDatabases.list
oracledatabase.autonomousDbVersions.list
oracledatabase.entitlements.list
oracledatabase.locations.*
oracledatabase.operations.get
oracledatabase.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Oracle Database@Google Cloud Exadata Infrastructure Admin
(roles/oracledatabase.cloudExadataInfrastructureAdmin )
Grants full access to manage all Exadata Infrastructure resources.
|
oracledatabase.cloudExadataInfrastructures.create
oracledatabase.cloudExadataInfrastructures.delete
oracledatabase.cloudExadataInfrastructures.get
oracledatabase.cloudExadataInfrastructures.list
oracledatabase.cloudExadataInfrastructures.update
oracledatabase.dbServers.list
oracledatabase.dbSystemShapes.list
oracledatabase.entitlements.list
oracledatabase.giVersions.list
oracledatabase.locations.*
oracledatabase.operations.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Oracle Database@Google Cloud Exadata Infrastructure Viewer
(roles/oracledatabase.cloudExadataInfrastructureViewer )
Grants read access to see all Exadata Infrastructure resources.
|
oracledatabase.cloudExadataInfrastructures.get
oracledatabase.cloudExadataInfrastructures.list
oracledatabase.dbServers.list
oracledatabase.dbSystemShapes.list
oracledatabase.entitlements.list
oracledatabase.giVersions.list
oracledatabase.locations.*
oracledatabase.operations.get
oracledatabase.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Oracle Database@Google Cloud VM Cluster Admin
(roles/oracledatabase.cloudVmClusterAdmin )
Grants full access to manage all VM Cluster resources.
|
oracledatabase.cloudExadataInfrastructures.list
oracledatabase.cloudExadataInfrastructures.use
oracledatabase.cloudVmClusters.*
oracledatabase.dbNodes.list
oracledatabase.dbServers.list
oracledatabase.entitlements.list
oracledatabase.giVersions.list
oracledatabase.locations.*
oracledatabase.operations.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Oracle Database@Google Cloud VM Cluster Viewer
(roles/oracledatabase.cloudVmClusterViewer )
Grants read access to see all VM Cluster resources.
|
oracledatabase.cloudVmClusters.get
oracledatabase.cloudVmClusters.list
oracledatabase.dbNodes.list
oracledatabase.entitlements.list
oracledatabase.locations.*
oracledatabase.operations.get
oracledatabase.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Oracle Database@Google Cloud viewer
(roles/oracledatabase.viewer )
Grants view access to all Oracle Database resources.
|
oracledatabase.autonomousDatabaseBackups.get
oracledatabase.autonomousDatabaseBackups.list
oracledatabase.autonomousDatabaseCharacterSets.list
oracledatabase.autonomousDatabases.get
oracledatabase.autonomousDatabases.list
oracledatabase.autonomousDbVersions.list
oracledatabase.cloudExadataInfrastructures.get
oracledatabase.cloudExadataInfrastructures.list
oracledatabase.cloudVmClusters.get
oracledatabase.cloudVmClusters.list
oracledatabase.dbNodes.list
oracledatabase.dbServers.list
oracledatabase.dbSystemShapes.list
oracledatabase.entitlements.list
oracledatabase.giVersions.list
oracledatabase.locations.*
oracledatabase.operations.get
oracledatabase.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Parallelstore Admin
(roles/parallelstore.admin )
Full access to Parallelstore resources.
|
parallelstore.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Parallelstore Viewer
(roles/parallelstore.viewer )
Readonly access to Parallelstore resources.
|
parallelstore.instances.get
parallelstore.instances.list
parallelstore.locations.*
parallelstore.operations.get
parallelstore.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Parameter Manager Admin
Beta
(roles/parametermanager.admin )
Grants full access to all Parameter Manager resources. Intended for project admins & owners who need to perform all administrative tasks.
|
parametermanager.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Parameter Manager Parameter Accessor
Beta
(roles/parametermanager.parameterAccessor )
Grants read access to ParameterManager ParameterVersion resources. Intended for users & applications that need to perform read operations on ParameterVersion only.
|
parametermanager.locations.*
parametermanager.parameterVersions.render
resourcemanager.projects.get
resourcemanager.projects.list
|
Parameter Manager Parameter Version Adder
Beta
(roles/parametermanager.parameterVersionAdder )
Grants create access to Parameter Manager ParameterVersion resources. Intended for users & applications that need to perform create operations on ParameterVersions only.
|
parametermanager.locations.*
parametermanager.parameterVersions.create
parametermanager.parameters.get
parametermanager.parameters.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Parameter Manager Parameter Version Manager
Beta
(roles/parametermanager.parameterVersionManager )
Grants read & write access to all Parameter Manager ParameterVersion resources. Intended for users & applications that need to view Parameters & perform create/read/update/delete/list operations on ParameterVersions only.
|
parametermanager.locations.*
parametermanager.parameterVersions.create
parametermanager.parameterVersions.delete
parametermanager.parameterVersions.get
parametermanager.parameterVersions.list
parametermanager.parameterVersions.update
parametermanager.parameters.get
parametermanager.parameters.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Parameter Manager Parameter Viewer
Beta
(roles/parametermanager.parameterViewer )
Grants read access to Parameter Manager Parameter & ParameterVersion resources. Intended for users & applications that need to perform read/list operations on Parameters & ParameterVersions only.
|
parametermanager.locations.*
parametermanager.parameterVersions.get
parametermanager.parameterVersions.list
parametermanager.parameters.get
parametermanager.parameters.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Payments Reseller Admin
Beta
(roles/paymentsresellersubscription.partnerAdmin )
Full access to all Payments Reseller resources, including subscriptions, products and promotions
|
paymentsresellersubscription.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Payments Reseller Viewer
Beta
(roles/paymentsresellersubscription.partnerViewer )
Read access to all Payments Reseller resources, including subscriptions, products and promotions
|
paymentsresellersubscription.products.list
paymentsresellersubscription.promotions.list
paymentsresellersubscription.subscriptions.get
resourcemanager.projects.get
resourcemanager.projects.list
|
Payments Reseller Products Viewer
Beta
(roles/paymentsresellersubscription.productViewer )
Read access to Payments Reseller Product resource
|
paymentsresellersubscription.products.list
resourcemanager.projects.get
resourcemanager.projects.list
|
(roles/paymentsresellersubscription.promotionViewer )
Read access to Payments Reseller Promotion resource
|
paymentsresellersubscription.promotions.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Payments Reseller Subscriptions Editor
Beta
(roles/paymentsresellersubscription.subscriptionEditor )
Write access to Payments Reseller Subscription resource
|
paymentsresellersubscription.subscriptions.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Payments Reseller Subscriptions Viewer
Beta
(roles/paymentsresellersubscription.subscriptionViewer )
Read access to Payments Reseller Subscription resource
|
paymentsresellersubscription.subscriptions.get
resourcemanager.projects.get
resourcemanager.projects.list
|
Payments Partner UserSessions Editor
Beta
(roles/paymentsresellersubscription.userSessionEditor )
Editor of UserSessions for a Payments Partner
|
paymentsresellersubscription.userSessions.generate
|
Activity Analysis Viewer
Beta
(roles/policyanalyzer.activityAnalysisViewer )
Viewer user that can read all activity analysis.
|
policyanalyzer.*
|
(roles/policyremediatormanager.policyRemediatorAdmin )
Grants the ability to enable and disable the usage of the policy remediator for the organization
|
policyremediatormanager.*
|
(roles/policyremediatormanager.policyRemediatorReader )
Grants the ability to read/view the state of the policy remediator for the organization
|
policyremediatormanager.locations.*
policyremediatormanager.operations.get
policyremediatormanager.operations.list
policyremediatormanager.remediatorServices.get
|
Simulator Admin
Beta
(roles/policysimulator.admin )
Admin user that can run and access replays.
|
policysimulator.accessPolicySimulationResults.list
policysimulator.accessPolicySimulations.*
policysimulator.replayResults.list
policysimulator.replays.*
|
OrgPolicy Simulator Admin
Beta
(roles/policysimulator.orgPolicyAdmin )
OrgPolicy Admin that can run and access simulations.
|
cloudasset.assets.analyzeOrgPolicy
cloudasset.assets.exportResource
cloudasset.assets.listResource
cloudasset.assets.searchAllResources
orgpolicy.customConstraints.get
orgpolicy.customConstraints.list
orgpolicy.policies.list
orgpolicy.policy.get
policysimulator.orgPolicyViolations.list
policysimulator.orgPolicyViolationsPreviews.*
resourcemanager.organizations.get
|
External Account Key Creator
Beta
(roles/publicca.externalAccountKeyCreator )
This role can create a new externalAccountKey resource.
|
publicca.externalAccountKeys.create
resourcemanager.projects.get
resourcemanager.projects.list
|
Subscription Linking Admin
(roles/readerrevenuesubscriptionlinking.admin )
Full access to publication reader resources
|
readerrevenuesubscriptionlinking.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Subscription Linking Entitlements Viewer
(roles/readerrevenuesubscriptionlinking.entitlementsViewer )
This role can view all publication reader entitlements
|
readerrevenuesubscriptionlinking.readerEntitlements.get
|
Subscription Linking Viewer
(roles/readerrevenuesubscriptionlinking.viewer )
This role can view all publication reader resources
|
readerrevenuesubscriptionlinking.readerEntitlements.get
readerrevenuesubscriptionlinking.readers.get
resourcemanager.projects.get
resourcemanager.projects.list
|
Recommendations Exporter
(roles/recommender.exporter )
Exporter of Recommendations
|
recommender.resources.export
|
Remote Build Execution Action Cache Writer
Beta
(roles/remotebuildexecution.actionCacheWriter )
Remote Build Execution Action Cache Writer
|
remotebuildexecution.actions.set
remotebuildexecution.blobs.create
|
Remote Build Execution Artifact Admin
Beta
(roles/remotebuildexecution.artifactAdmin )
Remote Build Execution Artifact Admin
|
remotebuildexecution.actions.create
remotebuildexecution.actions.delete
remotebuildexecution.actions.get
remotebuildexecution.blobs.*
remotebuildexecution.logstreams.*
|
Remote Build Execution Artifact Creator
Beta
(roles/remotebuildexecution.artifactCreator )
Remote Build Execution Artifact Creator
|
remotebuildexecution.actions.create
remotebuildexecution.actions.get
remotebuildexecution.blobs.*
remotebuildexecution.logstreams.*
|
Remote Build Execution Artifact Viewer
Beta
(roles/remotebuildexecution.artifactViewer )
Remote Build Execution Artifact Viewer
|
remotebuildexecution.actions.get
remotebuildexecution.blobs.get
remotebuildexecution.logstreams.get
|
Remote Build Execution Configuration Admin
Beta
(roles/remotebuildexecution.configurationAdmin )
Remote Build Execution Configuration Admin
|
remotebuildexecution.instances.*
remotebuildexecution.workerpools.*
|
Remote Build Execution Configuration Viewer
Beta
(roles/remotebuildexecution.configurationViewer )
Remote Build Execution Configuration Viewer
|
remotebuildexecution.instances.get
remotebuildexecution.instances.list
remotebuildexecution.workerpools.get
remotebuildexecution.workerpools.list
|
Remote Build Execution Logstream Writer
Beta
(roles/remotebuildexecution.logstreamWriter )
Remote Build Execution Logstream Writer
|
remotebuildexecution.logstreams.create
remotebuildexecution.logstreams.update
|
Remote Build Execution Reservation Admin
Beta
(roles/remotebuildexecution.reservationAdmin )
Remote Build Execution Reservation Admin
|
remotebuildexecution.actions.create
remotebuildexecution.actions.delete
remotebuildexecution.actions.get
|
Remote Build Execution Worker
Beta
(roles/remotebuildexecution.worker )
Remote Build Execution Worker
|
remotebuildexecution.actions.update
remotebuildexecution.blobs.*
remotebuildexecution.botsessions.*
remotebuildexecution.logstreams.create
remotebuildexecution.logstreams.update
|
Retail Admin
(roles/retail.admin )
Full access to Retail api resources.
|
automlrecommendations.apiKeys.create
automlrecommendations.apiKeys.delete
automlrecommendations.catalogItems.*
automlrecommendations.catalogs.*
automlrecommendations.eventStores.getStats
automlrecommendations.events.create
automlrecommendations.events.list
automlrecommendations.events.purge
automlrecommendations.events.rejoin
automlrecommendations.placements.*
automlrecommendations.recommendations.*
retail.*
|
Retail Editor
(roles/retail.editor )
Full access to Retail api resources except purge, rejoin, and setSponsorship.
|
automlrecommendations.apiKeys.create
automlrecommendations.apiKeys.delete
automlrecommendations.catalogItems.*
automlrecommendations.catalogs.*
automlrecommendations.eventStores.getStats
automlrecommendations.events.create
automlrecommendations.events.list
automlrecommendations.placements.*
automlrecommendations.recommendations.*
retail.alertConfigs.*
retail.attributesConfigs.addCatalogAttribute
retail.attributesConfigs.exportCatalogAttributes
retail.attributesConfigs.get
retail.attributesConfigs.importCatalogAttributes
retail.attributesConfigs.replaceCatalogAttribute
retail.attributesConfigs.update
retail.branches.*
retail.catalogs.*
retail.controls.*
retail.experiments.*
retail.models.*
retail.operations.*
retail.placements.*
retail.products.create
retail.products.delete
retail.products.export
retail.products.get
retail.products.import
retail.products.list
retail.products.update
retail.retailProjects.get
retail.servingConfigs.*
retail.userEvents.create
retail.userEvents.import
|
Retail Viewer
(roles/retail.viewer )
Grants access to read all resources in Retail.
|
automlrecommendations.catalogItems.get
automlrecommendations.catalogItems.list
automlrecommendations.catalogs.getStats
automlrecommendations.catalogs.list
automlrecommendations.eventStores.getStats
automlrecommendations.events.list
automlrecommendations.placements.getStats
automlrecommendations.placements.list
automlrecommendations.recommendations.list
retail.alertConfigs.get
retail.attributesConfigs.exportCatalogAttributes
retail.attributesConfigs.get
retail.branches.*
retail.catalogs.completeQuery
retail.catalogs.exportAnalyticsMetrics
retail.catalogs.list
retail.controls.export
retail.controls.get
retail.controls.list
retail.experiments.get
retail.experiments.list
retail.experiments.loadExperimentLookerDashboard
retail.experiments.queryTrafficMetrics
retail.models.get
retail.models.list
retail.operations.*
retail.placements.*
retail.products.export
retail.products.get
retail.products.list
retail.retailProjects.get
retail.servingConfigs.get
retail.servingConfigs.list
retail.servingConfigs.predict
retail.servingConfigs.search
|
RISC Configuration Admin
Beta
(roles/riscconfigs.admin )
Read/write access to RISC config resources.
|
clientauthconfig.clients.list
riscconfigurationservice.*
|
RISC Configuration Viewer
Beta
(roles/riscconfigs.viewer )
Read-only access to RISC config resources.
|
clientauthconfig.clients.list
riscconfigurationservice.riscconfigs.get
|
Route Optimization Editor
(roles/routeoptimization.editor )
This role can create long-running operations via BatchOptimizeTours.
|
resourcemanager.projects.get
resourcemanager.projects.list
routeoptimization.*
|
Route Optimization Viewer
(roles/routeoptimization.viewer )
This role can view any long-running Operations.
|
resourcemanager.projects.get
resourcemanager.projects.list
routeoptimization.operations.get
|
Serverless Integrations Developer
Beta
(roles/runapps.developer )
Access to create and change Serverless Integrations and their configuration.
|
resourcemanager.projects.get
resourcemanager.projects.list
runapps.applications.*
runapps.deployments.get
runapps.deployments.list
runapps.locations.*
runapps.operations.*
|
Serverless Integrations Operator
Beta
(roles/runapps.operator )
Access to deploy Serverless Integrations.
|
resourcemanager.projects.get
resourcemanager.projects.list
runapps.applications.get
runapps.applications.getStatus
runapps.applications.list
runapps.deployments.*
runapps.locations.*
runapps.operations.*
|
Serverless Integrations Viewer
Beta
(roles/runapps.viewer )
Read-only access to Serverless Integrations resources.
|
resourcemanager.projects.get
resourcemanager.projects.list
runapps.applications.get
runapps.applications.getStatus
runapps.applications.list
runapps.deployments.get
runapps.deployments.list
runapps.locations.*
runapps.operations.get
runapps.operations.list
|
Cloud RuntimeConfig Admin
(roles/runtimeconfig.admin )
Full access to RuntimeConfig resources.
|
runtimeconfig.*
|
(roles/securedlandingzone.bqdwOrgRemediator )
Access to modify (remediate) resources in SLZ BQDW Blueprint at Organization.
|
accesscontextmanager.servicePerimeters.get
accesscontextmanager.servicePerimeters.list
accesscontextmanager.servicePerimeters.update
|
(roles/securedlandingzone.bqdwProjectRemediator )
Access to modify (remediate) resources in SLZ BQDW Blueprint at Project.
|
bigquery.datasets.get
bigquery.datasets.getIamPolicy
bigquery.datasets.setIamPolicy
bigquery.datasets.update
cloudkms.cryptoKeys.get
cloudkms.cryptoKeys.getIamPolicy
cloudkms.cryptoKeys.list
cloudkms.cryptoKeys.setIamPolicy
cloudkms.cryptoKeys.update
cloudkms.keyRings.getIamPolicy
cloudkms.keyRings.setIamPolicy
pubsub.topics.get
pubsub.topics.getIamPolicy
pubsub.topics.list
pubsub.topics.setIamPolicy
pubsub.topics.update
resourcemanager.projects.update
serviceusage.services.use
storage.buckets.get
storage.buckets.getIamPolicy
storage.buckets.list
storage.buckets.setIamPolicy
storage.buckets.update
|
Overwatch Activator
Beta
(roles/securedlandingzone.overwatchActivator )
This role can activate or suspend Overwatches
|
resourcemanager.projects.get
resourcemanager.projects.list
securedlandingzone.overwatches.activate
securedlandingzone.overwatches.suspend
|
Overwatch Admin
Beta
(roles/securedlandingzone.overwatchAdmin )
Full access to Overwatches
|
resourcemanager.projects.get
resourcemanager.projects.list
securedlandingzone.*
|
Overwatch Viewer
Beta
(roles/securedlandingzone.overwatchViewer )
This role can view all properties of Overwatches
|
resourcemanager.projects.get
resourcemanager.projects.list
securedlandingzone.operations.get
securedlandingzone.overwatches.get
securedlandingzone.overwatches.list
|
Security Posture Admin
(roles/securityposture.admin )
Full access to Security Posture service APIs.
|
orgpolicy.*
resourcemanager.organizations.get
securitycenter.securityhealthanalyticssettings.*
securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.*
securitycentermanagement.securityHealthAnalyticsCustomModules.create
securitycentermanagement.securityHealthAnalyticsCustomModules.delete
securitycentermanagement.securityHealthAnalyticsCustomModules.get
securitycentermanagement.securityHealthAnalyticsCustomModules.list
securitycentermanagement.securityHealthAnalyticsCustomModules.update
securityposture.*
|
Security Posture Deployer
(roles/securityposture.postureDeployer )
Mutate and read permissions to the Posture Deployment resource.
|
orgpolicy.*
resourcemanager.organizations.get
securitycenter.securityhealthanalyticssettings.*
securitycentermanagement.securityHealthAnalyticsCustomModules.create
securitycentermanagement.securityHealthAnalyticsCustomModules.delete
securitycentermanagement.securityHealthAnalyticsCustomModules.update
securityposture.operations.get
securityposture.postureDeployments.*
|
Security Posture Deployments Viewer
(roles/securityposture.postureDeploymentsViewer )
Read only access to the Posture Deployment resource.
|
resourcemanager.organizations.get
securityposture.operations.get
securityposture.postureDeployments.get
securityposture.postureDeployments.list
|
Security Posture Resource Editor
(roles/securityposture.postureEditor )
Mutate and read permissions to the Posture resource.
|
securityposture.operations.get
securityposture.postures.*
|
Security Posture Resource Viewer
(roles/securityposture.postureViewer )
Read only access to the Posture resource.
|
resourcemanager.organizations.get
securityposture.operations.get
securityposture.postures.get
securityposture.postures.list
|
Security Posture Shift-Left Validator
(roles/securityposture.reportCreator )
Create access for Reports, e.g. IaC Validation Report.
|
securityposture.operations.get
securityposture.reports.*
|
Security Posture Viewer
(roles/securityposture.viewer )
Read only access to all the SecurityPosture Service resources.
|
resourcemanager.organizations.get
securityposture.operations.get
securityposture.postureDeployments.get
securityposture.postureDeployments.list
securityposture.postureTemplates.*
securityposture.postures.get
securityposture.postures.list
|
Personalized Service Health Viewer
(roles/servicehealth.viewer )
Readonly access to Personalized Service Health resources.
|
resourcemanager.projects.get
resourcemanager.projects.list
servicehealth.*
|
Security Insights Viewer
Beta
(roles/servicesecurityinsights.securityInsightsViewer )
Read-only access to Security Insights resources
|
servicesecurityinsights.*
|
Speaker ID Admin
(roles/speakerid.admin )
Grants full access to all Speaker ID resources, including project settings.
|
speakerid.*
|
Speaker ID Editor
(roles/speakerid.editor )
Grants access to read and write all Speaker ID resources.
|
speakerid.phrases.*
speakerid.speakers.*
|
Speaker ID Verifier
(roles/speakerid.verifier )
Grants read access to all Speaker ID resources, and allows verification.
|
speakerid.phrases.get
speakerid.phrases.list
speakerid.speakers.get
speakerid.speakers.list
speakerid.speakers.verify
|
Speaker ID Viewer
(roles/speakerid.viewer )
Grants read access to all Speaker ID resources.
|
speakerid.phrases.get
speakerid.phrases.list
speakerid.speakers.get
speakerid.speakers.list
|
Cloud Speech Administrator
(roles/speech.admin )
Grants full access to all resources in Speech-to-text
|
speech.*
|
Cloud Speech Client
(roles/speech.client )
Grants access to the recognition APIs.
|
speech.adaptations.execute
speech.customClasses.get
speech.customClasses.list
speech.locations.*
speech.operations.get
speech.operations.list
speech.operations.wait
speech.phraseSets.get
speech.phraseSets.list
speech.recognizers.get
speech.recognizers.list
speech.recognizers.recognize
|
Cloud Speech Editor
(roles/speech.editor )
Grants access to edit resources in Speech-to-text
|
speech.adaptations.execute
speech.customClasses.*
speech.locations.*
speech.operations.*
speech.phraseSets.*
speech.recognizers.*
|
Storage Insights Admin
(roles/storageinsights.admin )
Full access to Storage Insights resources.
|
resourcemanager.projects.get
resourcemanager.projects.list
storageinsights.*
|
Storage Insights Analyst
(roles/storageinsights.analyst )
Data access to Storage Insights.
|
resourcemanager.projects.get
resourcemanager.projects.list
storageinsights.datasetConfigs.get
storageinsights.datasetConfigs.linkDataset
storageinsights.datasetConfigs.list
storageinsights.datasetConfigs.unlinkDataset
storageinsights.locations.*
storageinsights.operations.get
storageinsights.operations.list
storageinsights.reportConfigs.get
storageinsights.reportConfigs.list
storageinsights.reportDetails.*
|
Storage Insights Viewer
(roles/storageinsights.viewer )
Read-only access to Storage Insights resources.
|
resourcemanager.projects.get
resourcemanager.projects.list
storageinsights.datasetConfigs.get
storageinsights.datasetConfigs.list
storageinsights.locations.*
storageinsights.operations.get
storageinsights.operations.list
storageinsights.reportConfigs.get
storageinsights.reportConfigs.list
storageinsights.reportDetails.*
|
Subscribe with Google Developer
Beta
(roles/subscribewithgoogledeveloper.developer )
Access DevTools for Subscribe with Google
|
resourcemanager.projects.get
resourcemanager.projects.list
subscribewithgoogledeveloper.tools.get
|
Telco Automation Admin
Beta
(roles/telcoautomation.admin )
Full access to Telco Automation resources.
|
logging.buckets.get
logging.buckets.list
logging.exclusions.get
logging.exclusions.list
logging.links.get
logging.links.list
logging.locations.*
logging.logEntries.list
logging.logMetrics.get
logging.logMetrics.list
logging.logScopes.get
logging.logScopes.list
logging.logServiceIndexes.list
logging.logServices.list
logging.logs.list
logging.operations.get
logging.operations.list
logging.queries.getShared
logging.queries.listShared
logging.queries.usePrivate
logging.sinks.get
logging.sinks.list
logging.usage.get
logging.views.get
logging.views.list
monitoring.timeSeries.list
observability.scopes.get
resourcemanager.projects.get
serviceusage.quotas.*
serviceusage.services.*
source.repos.get
source.repos.list
telcoautomation.*
|
Telco Automation Blueprint Designer
Beta
(roles/telcoautomation.blueprintDesigner )
Ability to manage blueprints
|
telcoautomation.blueprints.create
telcoautomation.blueprints.delete
telcoautomation.blueprints.get
telcoautomation.blueprints.list
telcoautomation.blueprints.propose
telcoautomation.blueprints.update
telcoautomation.deployments.computeStatus
telcoautomation.deployments.get
telcoautomation.deployments.list
telcoautomation.hydratedDeployments.get
telcoautomation.hydratedDeployments.list
telcoautomation.orchestrationClusters.get
telcoautomation.orchestrationClusters.list
telcoautomation.publicBlueprints.*
|
Telco Automation Deployment Admin
Beta
(roles/telcoautomation.deploymentAdmin )
Ability to manage deployments
|
telcoautomation.blueprints.get
telcoautomation.blueprints.list
telcoautomation.deployments.*
telcoautomation.hydratedDeployments.*
telcoautomation.orchestrationClusters.get
telcoautomation.orchestrationClusters.list
|
Telco Automation Tier 1 Operations Admin
Beta
(roles/telcoautomation.opsAdminTier1 )
Ability to get status of deployments
|
logging.buckets.get
logging.buckets.list
logging.exclusions.get
logging.exclusions.list
logging.links.get
logging.links.list
logging.locations.*
logging.logEntries.list
logging.logMetrics.get
logging.logMetrics.list
logging.logScopes.get
logging.logScopes.list
logging.logServiceIndexes.list
logging.logServices.list
logging.logs.list
logging.operations.get
logging.operations.list
logging.queries.getShared
logging.queries.listShared
logging.queries.usePrivate
logging.sinks.get
logging.sinks.list
logging.usage.get
logging.views.get
logging.views.list
observability.scopes.get
resourcemanager.projects.get
telcoautomation.blueprints.get
telcoautomation.blueprints.list
telcoautomation.deployments.computeStatus
telcoautomation.deployments.get
telcoautomation.deployments.list
telcoautomation.hydratedDeployments.get
telcoautomation.hydratedDeployments.list
telcoautomation.orchestrationClusters.get
telcoautomation.orchestrationClusters.list
|
Telco Automation Tier 4 Operations Admin
Beta
(roles/telcoautomation.opsAdminTier4 )
Ability to manage deployments and their status
|
logging.buckets.get
logging.buckets.list
logging.exclusions.get
logging.exclusions.list
logging.links.get
logging.links.list
logging.locations.*
logging.logEntries.list
logging.logMetrics.get
logging.logMetrics.list
logging.logScopes.get
logging.logScopes.list
logging.logServiceIndexes.list
logging.logServices.list
logging.logs.list
logging.operations.get
logging.operations.list
logging.queries.getShared
logging.queries.listShared
logging.queries.usePrivate
logging.sinks.get
logging.sinks.list
logging.usage.get
logging.views.get
logging.views.list
observability.scopes.get
resourcemanager.projects.get
telcoautomation.blueprints.get
telcoautomation.blueprints.list
telcoautomation.deployments.*
telcoautomation.hydratedDeployments.*
telcoautomation.orchestrationClusters.get
telcoautomation.orchestrationClusters.list
|
Telco Automation Service Orchestrator
Beta
(roles/telcoautomation.serviceOrchestrator )
Ability to manage deployments
|
telcoautomation.blueprints.get
telcoautomation.blueprints.list
telcoautomation.deployments.*
telcoautomation.hydratedDeployments.*
telcoautomation.orchestrationClusters.get
telcoautomation.orchestrationClusters.list
|
Timeseries Insights DataSet Editor
Beta
(roles/timeseriesinsights.datasetsEditor )
Edit access to DataSets.
|
timeseriesinsights.*
|
Timeseries Insights DataSet Owner
Beta
(roles/timeseriesinsights.datasetsOwner )
Full access to DataSets.
|
timeseriesinsights.*
|
Timeseries Insights DataSet Viewer
Beta
(roles/timeseriesinsights.datasetsViewer )
Read-only access (List and Query) to DataSets.
|
timeseriesinsights.datasets.evaluate
timeseriesinsights.datasets.list
timeseriesinsights.datasets.query
timeseriesinsights.locations.*
|
Traffic Director Client
Beta
(roles/trafficdirector.client )
Fetch service configurations and report metrics.
|
trafficdirector.*
|
Translation Hub Admin
Beta
(roles/translationhub.admin )
Admin of Translation Hub
|
automl.models.get
automl.models.list
automl.models.predict
cloudtranslate.customModels.get
cloudtranslate.customModels.list
cloudtranslate.customModels.predict
cloudtranslate.glossaries.create
cloudtranslate.glossaries.delete
cloudtranslate.glossaries.get
cloudtranslate.glossaries.list
cloudtranslate.glossaries.predict
resourcemanager.projects.get
resourcemanager.projects.list
translationhub.*
|
Translation Hub Portal User
Beta
(roles/translationhub.portalUser )
Portal user of Translation Hub
|
automl.models.get
automl.models.list
automl.models.predict
cloudtranslate.customModels.get
cloudtranslate.customModels.list
cloudtranslate.customModels.predict
cloudtranslate.glossaries.get
cloudtranslate.glossaries.list
cloudtranslate.glossaries.predict
resourcemanager.projects.get
resourcemanager.projects.list
translationhub.portals.get
translationhub.portals.list
|
Visual Inspection AI Solution Editor
(roles/visualinspection.editor )
Read and write access to all Visual Inspection AI resources except visualinspection.locations.reportUsageMetrics
|
visualinspection.annotationSets.*
visualinspection.annotationSpecs.*
visualinspection.annotations.*
visualinspection.datasets.*
visualinspection.images.*
visualinspection.locations.get
visualinspection.locations.list
visualinspection.modelEvaluations.*
visualinspection.models.*
visualinspection.modules.*
visualinspection.operations.*
visualinspection.solutionArtifacts.*
visualinspection.solutions.*
|
Visual Inspection AI Usage Metrics Reporter
(roles/visualinspection.usageMetricsReporter )
ReportUsageMetric access to Visual Inspection AI Service
|
visualinspection.locations.reportUsageMetrics
|
Visual Inspection AI Viewer
(roles/visualinspection.viewer )
Read access to Visual Inspection AI resources
|
visualinspection.annotationSets.get
visualinspection.annotationSets.list
visualinspection.annotationSpecs.get
visualinspection.annotationSpecs.list
visualinspection.annotations.get
visualinspection.annotations.list
visualinspection.datasets.export
visualinspection.datasets.get
visualinspection.datasets.list
visualinspection.images.get
visualinspection.images.list
visualinspection.locations.get
visualinspection.locations.list
visualinspection.modelEvaluations.*
visualinspection.models.get
visualinspection.models.list
visualinspection.modules.get
visualinspection.modules.list
visualinspection.operations.*
visualinspection.solutionArtifacts.get
visualinspection.solutionArtifacts.list
visualinspection.solutionArtifacts.predict
visualinspection.solutions.get
visualinspection.solutions.list
|