Other roles |
Permissions |
Advisory Notifications Admin
(roles/advisorynotifications.admin )
Grants write access to settings in Advisory Notifications
|
advisorynotifications.*
resourcemanager.organizations.get
resourcemanager.projects.get
|
Advisory Notifications Viewer
(roles/advisorynotifications.viewer )
Grants view access in Advisory Notifications
|
advisorynotifications.notifications.*
advisorynotifications.settings.get
resourcemanager.organizations.get
resourcemanager.projects.get
|
Cloud API Hub Admin
Beta
(roles/apihub.admin )
Full access to all API hub resources.
|
apihub.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Cloud API hub Attributes Admin
Beta
(roles/apihub.attributeAdmin )
Full access to all Cloud API hub attribute's resources.
|
apihub.attributes.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Cloud API Hub Editor
Beta
(roles/apihub.editor )
Edit access to most of Cloud API Hub resources.
|
apihub.apiHubInstances.get
apihub.apiHubInstances.list
apihub.apiOperations.*
apihub.apis.*
apihub.attributes.get
apihub.attributes.list
apihub.definitions.*
apihub.dependencies.*
apihub.deployments.*
apihub.externalApis.*
apihub.hostProjectRegistrations.get
apihub.hostProjectRegistrations.list
apihub.llmEnablements.*
apihub.locations.searchResources
apihub.operations.get
apihub.operations.list
apihub.plugins.get
apihub.plugins.list
apihub.runTimeProjectAttachments.get
apihub.runTimeProjectAttachments.list
apihub.specs.*
apihub.styleGuides.get
apihub.versions.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Cloud API hub Plugins Admin
Beta
(roles/apihub.pluginAdmin )
Full access to all Cloud API hub plugin's resources.
|
apihub.plugins.*
apihub.specs.lint
apihub.styleGuides.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Cloud API hub Provisioning Admin
Beta
(roles/apihub.provisioningAdmin )
Full access to Cloud API hub provisioning related resources.
|
apihub.apiHubInstances.*
apihub.hostProjectRegistrations.*
apihub.operations.*
apihub.runTimeProjectAttachments.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Cloud API hub Viewer
Beta
(roles/apihub.viewer )
View access to all Cloud API hub resources.
|
apihub.apiHubInstances.get
apihub.apiHubInstances.list
apihub.apiOperations.get
apihub.apiOperations.list
apihub.apis.get
apihub.apis.list
apihub.attributes.get
apihub.attributes.list
apihub.definitions.get
apihub.definitions.list
apihub.dependencies.get
apihub.dependencies.list
apihub.deployments.get
apihub.deployments.list
apihub.externalApis.get
apihub.externalApis.list
apihub.hostProjectRegistrations.get
apihub.hostProjectRegistrations.list
apihub.llmEnablements.get
apihub.llmEnablements.list
apihub.locations.searchResources
apihub.operations.get
apihub.operations.list
apihub.plugins.get
apihub.plugins.list
apihub.runTimeProjectAttachments.get
apihub.runTimeProjectAttachments.list
apihub.specs.get
apihub.specs.list
apihub.styleGuides.get
apihub.versions.get
apihub.versions.list
resourcemanager.projects.get
resourcemanager.projects.list
|
API Management Admin
Beta
(roles/apim.admin )
Full access to API Management resources.
|
apim.*
resourcemanager.projects.get
resourcemanager.projects.list
|
API Management Viewer
Beta
(roles/apim.viewer )
Readonly access to API Management resources.
|
apim.apiObservations.*
apim.apiOperations.*
apim.locations.*
apim.observationJobs.get
apim.observationJobs.list
apim.observationSources.get
apim.observationSources.list
apim.operations.get
apim.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
App Hub Admin
(roles/apphub.admin )
Full access to App Hub resources.
|
apphub.*
resourcemanager.projects.get
resourcemanager.projects.list
|
App Hub Editor
(roles/apphub.editor )
Edit access to App Hub resources.
|
apphub.applications.create
apphub.applications.delete
apphub.applications.get
apphub.applications.list
apphub.applications.update
apphub.discoveredServices.*
apphub.discoveredWorkloads.*
apphub.locations.*
apphub.operations.*
apphub.serviceProjectAttachments.lookup
apphub.services.*
apphub.workloads.*
resourcemanager.projects.get
resourcemanager.projects.list
|
App Hub Viewer
(roles/apphub.viewer )
View access to App Hub resources.
|
apphub.applications.get
apphub.applications.list
apphub.discoveredServices.get
apphub.discoveredServices.list
apphub.discoveredWorkloads.get
apphub.discoveredWorkloads.list
apphub.locations.*
apphub.operations.get
apphub.operations.list
apphub.serviceProjectAttachments.lookup
apphub.services.get
apphub.services.list
apphub.workloads.get
apphub.workloads.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Appliance troubleshooting commands approver
Beta
(roles/applianceactivation.approver )
Grants access to approve commands to run on appliances
|
applianceactivation.rttCommands.approve
applianceactivation.rttCommands.get
resourcemanager.projects.get
resourcemanager.projects.list
|
On-appliance troubleshooting client
Beta
(roles/applianceactivation.client )
Grants access to read commands for an appliance and send its result.
|
applianceactivation.rttCommands.get
applianceactivation.rttCommands.sendResult
|
Appliance troubleshooter
Beta
(roles/applianceactivation.troubleshooter )
Grants access to send new commands to run on appliances and view the outputs
|
applianceactivation.rttCommands.create
applianceactivation.rttCommands.get
applianceactivation.rttCommands.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Assured OSS Admin
(roles/assuredoss.admin )
Access to use Assured OSS and manage configuration.
|
artifactregistry.dockerimages.*
artifactregistry.files.download
artifactregistry.files.get
artifactregistry.files.list
artifactregistry.locations.*
artifactregistry.mavenartifacts.*
artifactregistry.npmpackages.*
artifactregistry.packages.get
artifactregistry.packages.list
artifactregistry.projectsettings.get
artifactregistry.pythonpackages.*
artifactregistry.repositories.create
artifactregistry.repositories.downloadArtifacts
artifactregistry.repositories.get
artifactregistry.repositories.list
artifactregistry.repositories.listEffectiveTags
artifactregistry.repositories.listTagBindings
artifactregistry.repositories.readViaVirtualRepository
artifactregistry.tags.get
artifactregistry.tags.list
artifactregistry.versions.get
artifactregistry.versions.list
assuredoss.*
iam.serviceAccountKeys.create
iam.serviceAccounts.create
iam.serviceAccounts.get
pubsub.schemas.get
pubsub.schemas.list
pubsub.schemas.listRevisions
pubsub.schemas.validate
pubsub.snapshots.get
pubsub.snapshots.list
pubsub.subscriptions.create
pubsub.subscriptions.get
pubsub.subscriptions.list
pubsub.subscriptions.update
pubsub.topics.get
pubsub.topics.list
resourcemanager.organizations.get
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.quotas.get
serviceusage.services.enable
serviceusage.services.get
serviceusage.services.list
|
Assured OSS Project Admin
Beta
(roles/assuredoss.projectAdmin )
Access to use Assured OSS and manage configuration.
|
artifactregistry.dockerimages.*
artifactregistry.files.download
artifactregistry.files.get
artifactregistry.files.list
artifactregistry.locations.*
artifactregistry.mavenartifacts.*
artifactregistry.npmpackages.*
artifactregistry.packages.get
artifactregistry.packages.list
artifactregistry.projectsettings.get
artifactregistry.pythonpackages.*
artifactregistry.repositories.create
artifactregistry.repositories.downloadArtifacts
artifactregistry.repositories.get
artifactregistry.repositories.list
artifactregistry.repositories.listEffectiveTags
artifactregistry.repositories.listTagBindings
artifactregistry.repositories.readViaVirtualRepository
artifactregistry.tags.get
artifactregistry.tags.list
artifactregistry.versions.get
artifactregistry.versions.list
assuredoss.*
iam.serviceAccounts.create
iam.serviceAccounts.get
pubsub.schemas.get
pubsub.schemas.list
pubsub.schemas.listRevisions
pubsub.schemas.validate
pubsub.snapshots.get
pubsub.snapshots.list
pubsub.subscriptions.get
pubsub.subscriptions.list
pubsub.topics.get
pubsub.topics.list
resourcemanager.organizations.get
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.quotas.get
serviceusage.services.enable
serviceusage.services.get
serviceusage.services.list
|
Assured OSS Reader
(roles/assuredoss.reader )
Access to use Assured OSS and view Assured OSS configuration.
|
artifactregistry.dockerimages.*
artifactregistry.files.download
artifactregistry.files.get
artifactregistry.files.list
artifactregistry.locations.*
artifactregistry.mavenartifacts.*
artifactregistry.npmpackages.*
artifactregistry.packages.get
artifactregistry.packages.list
artifactregistry.projectsettings.get
artifactregistry.pythonpackages.*
artifactregistry.repositories.downloadArtifacts
artifactregistry.repositories.get
artifactregistry.repositories.list
artifactregistry.repositories.listEffectiveTags
artifactregistry.repositories.listTagBindings
artifactregistry.repositories.readViaVirtualRepository
artifactregistry.tags.get
artifactregistry.tags.list
artifactregistry.versions.get
artifactregistry.versions.list
assuredoss.config.get
assuredoss.locations.*
assuredoss.metadata.*
assuredoss.operations.get
assuredoss.operations.list
pubsub.schemas.get
pubsub.schemas.list
pubsub.schemas.listRevisions
pubsub.schemas.validate
pubsub.snapshots.get
pubsub.snapshots.list
pubsub.subscriptions.get
pubsub.subscriptions.list
pubsub.topics.get
pubsub.topics.list
resourcemanager.organizations.get
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
|
Assured OSS User
(roles/assuredoss.user )
Access to use Assured OSS.
|
artifactregistry.dockerimages.*
artifactregistry.files.download
artifactregistry.files.get
artifactregistry.files.list
artifactregistry.locations.*
artifactregistry.mavenartifacts.*
artifactregistry.npmpackages.*
artifactregistry.packages.get
artifactregistry.packages.list
artifactregistry.projectsettings.get
artifactregistry.pythonpackages.*
artifactregistry.repositories.downloadArtifacts
artifactregistry.repositories.get
artifactregistry.repositories.list
artifactregistry.repositories.listEffectiveTags
artifactregistry.repositories.listTagBindings
artifactregistry.repositories.readViaVirtualRepository
artifactregistry.tags.get
artifactregistry.tags.list
artifactregistry.versions.get
artifactregistry.versions.list
assuredoss.locations.*
assuredoss.metadata.*
assuredoss.operations.get
assuredoss.operations.list
resourcemanager.organizations.get
resourcemanager.projects.get
resourcemanager.projects.list
|
Audit Manager Admin
Beta
(roles/auditmanager.admin )
Full access to Audit Manager resources.
|
auditmanager.*
cloudasset.assets.searchAllResources
resourcemanager.folders.get
resourcemanager.folders.list
resourcemanager.organizations.get
resourcemanager.projects.get
resourcemanager.projects.list
|
Audit Manager Auditor
Beta
(roles/auditmanager.auditor )
Allows creating and viewing an audit report.
|
auditmanager.auditReports.generate
auditmanager.auditScopeReports.generate
auditmanager.locations.get
auditmanager.locations.list
auditmanager.operations.*
cloudasset.assets.searchAllResources
resourcemanager.folders.get
resourcemanager.folders.list
resourcemanager.organizations.get
resourcemanager.projects.get
resourcemanager.projects.list
|
Autoscaling Metrics Writer
Beta
(roles/autoscaling.metricsWriter )
Access to write metrics for autoscaling site
|
autoscaling.sites.writeMetrics
|
Autoscaling Recommendations Reader
Beta
(roles/autoscaling.recommendationsReader )
Access to read recommendations from autoscaling site
|
autoscaling.sites.readRecommendations
|
Autoscaling Site Admin
Beta
(roles/autoscaling.sitesAdmin )
Full access to all autoscaling site features
|
autoscaling.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Autoscaling State Writer
Beta
(roles/autoscaling.stateWriter )
Access to write state for autoscaling site
|
autoscaling.sites.writeState
|
Batch Agent Reporter
Beta
(roles/batch.agentReporter )
Reporter of Batch agent states.
|
batch.states.report
|
Batch Job Editor
Beta
(roles/batch.jobsEditor )
Editor of Batch Jobs
|
batch.jobs.*
batch.locations.*
batch.operations.*
batch.tasks.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Batch Job Viewer
Beta
(roles/batch.jobsViewer )
Viewer of Batch Jobs, Task Groups and Tasks
|
batch.jobs.get
batch.jobs.list
batch.locations.*
batch.operations.*
batch.tasks.*
resourcemanager.projects.get
resourcemanager.projects.list
|
BigLake Admin
(roles/biglake.admin )
Provides full access to all BigLake resources.
|
biglake.*
resourcemanager.projects.get
resourcemanager.projects.list
|
BigLake Viewer
(roles/biglake.viewer )
Provides read-only access to all BigLake resources.
|
biglake.catalogs.get
biglake.catalogs.list
biglake.databases.get
biglake.databases.list
biglake.locks.list
biglake.tables.get
biglake.tables.list
resourcemanager.projects.get
resourcemanager.projects.list
|
MigrationWorkflow Editor
(roles/bigquerymigration.editor )
Editor of EDW migration workflows.
|
bigquerymigration.locations.*
bigquerymigration.subtasks.get
bigquerymigration.subtasks.list
bigquerymigration.workflows.create
bigquerymigration.workflows.delete
bigquerymigration.workflows.get
bigquerymigration.workflows.list
bigquerymigration.workflows.update
|
Task Orchestrator
(roles/bigquerymigration.orchestrator )
Orchestrator of EDW migration tasks.
|
bigquerymigration.subtasks.create
bigquerymigration.taskTypes.orchestrateTask
bigquerymigration.workflows.orchestrateTask
storage.objects.list
|
Migration Translation User
(roles/bigquerymigration.translationUser )
User of EDW migration interactive SQL translation service.
|
bigquerymigration.translation.translate
|
MigrationWorkflow Viewer
(roles/bigquerymigration.viewer )
Viewer of EDW migration MigrationWorkflow.
|
bigquerymigration.locations.*
bigquerymigration.subtasks.get
bigquerymigration.subtasks.list
bigquerymigration.workflows.get
bigquerymigration.workflows.list
|
Task Worker
(roles/bigquerymigration.worker )
Worker that executes EDW migration subtasks.
|
bigquerymigration.subtaskTypes.executeTask
bigquerymigration.subtasks.executeTask
storage.objects.create
storage.objects.get
storage.objects.list
|
Carbon Footprint Viewer
(roles/billing.carbonViewer )
|
billing.accounts.get
billing.accounts.getCarbonInformation
billing.accounts.list
|
Blockchain Node Engine Admin
(roles/blockchainnodeengine.admin )
Full access to Blockchain Node Engine resources.
|
blockchainnodeengine.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Blockchain Node Engine Viewer
(roles/blockchainnodeengine.viewer )
Read-only access to Blockchain Node Engine resources.
|
blockchainnodeengine.blockchainNodes.get
blockchainnodeengine.blockchainNodes.list
blockchainnodeengine.locations.*
blockchainnodeengine.operations.get
blockchainnodeengine.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Capacity Planner Usage Viewer
Beta
(roles/capacityplanner.viewer )
Read-only access to Capacity Planner usage resources
|
capacityplanner.*
cloudquotas.quotas.get
monitoring.timeSeries.list
resourcemanager.folders.get
resourcemanager.organizations.get
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.quotas.get
serviceusage.services.get
|
Care Studio Patients Viewer
(roles/carestudio.viewer )
This role can view all properties of Patients.
|
carestudio.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Chronicle Service Admin
(roles/chroniclesm.admin )
Admins can view and modify Chronicle service details.
|
chroniclesm.*
|
Chronicle Service Viewer
(roles/chroniclesm.viewer )
Viewers can see Chronicle service details but not change them.
|
chroniclesm.gcpAssociations.get
chroniclesm.gcpSettings.get
|
Location reader
Beta
(roles/cloud.locationReader )
Read and enumerate locations available for resource creation.
|
cloud.*
|
Cloud AI Companion User
Beta
(roles/cloudaicompanion.user )
A user who can receive assistance from Cloud AI Companion
|
cloudaicompanion.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Cloud Controls Partner Admin
(roles/cloudcontrolspartner.admin )
Full access to Cloud Controls Partner resources.
|
cloudcontrolspartner.accessapprovalrequests.list
cloudcontrolspartner.customers.list
cloudcontrolspartner.ekmconnections.get
cloudcontrolspartner.inspectabilityevents.get
cloudcontrolspartner.partnerpermissions.get
cloudcontrolspartner.partners.get
cloudcontrolspartner.platformcontrols.get
cloudcontrolspartner.violations.list
cloudcontrolspartner.workloads.list
|
Cloud Controls Partner Editor
(roles/cloudcontrolspartner.editor )
Editor access to Cloud Controls Partner resources.
|
cloudcontrolspartner.*
|
Cloud Controls Partner Inspectability Reader
(roles/cloudcontrolspartner.inspectabilityReader )
Readonly access to Cloud Controls Partner inspectability resources.
|
cloudcontrolspartner.customers.*
cloudcontrolspartner.inspectabilityevents.get
cloudcontrolspartner.platformcontrols.get
|
Cloud Controls Partner Monitoring Reader
(roles/cloudcontrolspartner.monitoringReader )
Read-only access to Cloud Controls Partner monitoring resources.
|
cloudcontrolspartner.customers.*
cloudcontrolspartner.violations.*
cloudcontrolspartner.workloads.*
|
Cloud Controls Partner Reader
(roles/cloudcontrolspartner.reader )
Read-only access to Cloud Controls Partner resources.
|
cloudcontrolspartner.*
|
Cloud Optimization AI Admin
(roles/cloudoptimization.admin )
Administrator of Cloud Optimization AI resources
|
cloudoptimization.*
|
Cloud Optimization AI Editor
(roles/cloudoptimization.editor )
Editor of Cloud Optimization AI resources
|
cloudoptimization.*
|
Cloud Optimization AI Viewer
(roles/cloudoptimization.viewer )
Viewer of Cloud Optimization AI resources
|
cloudoptimization.operations.get
|
Cloud Quotas Admin
Beta
(roles/cloudquotas.admin )
Full access to Cloud Quotas resources.
|
cloudquotas.*
monitoring.timeSeries.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Cloud Quotas Viewer
Beta
(roles/cloudquotas.viewer )
Readonly access to Cloud Quotas resources.
|
cloudquotas.quotas.get
resourcemanager.projects.get
resourcemanager.projects.list
|
Commerce Agreement Publishing Admin
Beta
(roles/commerceagreementpublishing.admin )
Admin of Commerce Agreement Publishing service
|
commerceagreementpublishing.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Commerce Agreement Publishing Viewer
Beta
(roles/commerceagreementpublishing.viewer )
Viewer of Commerce Agreement Publishing service
|
commerceagreementpublishing.agreements.get
commerceagreementpublishing.agreements.list
commerceagreementpublishing.documents.get
commerceagreementpublishing.documents.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Confidential Space Workload User
(roles/confidentialcomputing.workloadUser )
Grants the ability to generate an attestation token and run a workload in a VM. Intended for service accounts that run on Confidential Space VMs.
|
confidentialcomputing.*
logging.logEntries.create
|
(roles/contactcenteraiplatform.admin )
Full access to Contact Center AI Platform resources.
|
contactcenteraiplatform.*
resourcemanager.projects.get
resourcemanager.projects.list
|
(roles/contactcenteraiplatform.viewer )
Read-only access to Contact Center AI Platform resources.
|
contactcenteraiplatform.contactCenters.get
contactcenteraiplatform.contactCenters.list
contactcenteraiplatform.locations.*
contactcenteraiplatform.operations.get
contactcenteraiplatform.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
(roles/contactcenterinsights.editor )
Grants read and write access to all Contact Center AI Insights resources.
|
contactcenterinsights.*
|
(roles/contactcenterinsights.viewer )
Grants read access to all Contact Center AI Insights resources.
|
contactcenterinsights.analyses.get
contactcenterinsights.analyses.list
contactcenterinsights.conversations.get
contactcenterinsights.conversations.list
contactcenterinsights.faqEntries.get
contactcenterinsights.faqEntries.list
contactcenterinsights.faqModels.get
contactcenterinsights.faqModels.list
contactcenterinsights.feedbackLabels.get
contactcenterinsights.feedbackLabels.list
contactcenterinsights.issueModels.get
contactcenterinsights.issueModels.list
contactcenterinsights.issues.get
contactcenterinsights.issues.list
contactcenterinsights.operations.*
contactcenterinsights.phraseMatchers.get
contactcenterinsights.phraseMatchers.list
contactcenterinsights.qaQuestions.*
contactcenterinsights.qaScorecardRevisions.get
contactcenterinsights.qaScorecards.*
contactcenterinsights.settings.get
contactcenterinsights.views.get
contactcenterinsights.views.list
|
GKE Security Posture Viewer
Beta
(roles/containersecurity.viewer )
Read-only access to GKE Security Posture resources.
|
container.clusters.list
containersecurity.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Content Warehouse Admin
(roles/contentwarehouse.admin )
Grants full access to all the resources in Content Warehouse
|
contentwarehouse.corpora.*
contentwarehouse.dataExportJobs.*
contentwarehouse.documentSchemas.*
contentwarehouse.documents.*
contentwarehouse.locations.*
contentwarehouse.operations.get
contentwarehouse.rawDocuments.*
contentwarehouse.ruleSets.*
contentwarehouse.synonymSets.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Content Warehouse Document Admin
(roles/contentwarehouse.documentAdmin )
Grants full access to the document resource in Content Warehouse
|
contentwarehouse.documentSchemas.get
contentwarehouse.documents.create
contentwarehouse.documents.delete
contentwarehouse.documents.get
contentwarehouse.documents.getIamPolicy
contentwarehouse.documents.setIamPolicy
contentwarehouse.documents.update
contentwarehouse.links.*
contentwarehouse.locations.getStatus
contentwarehouse.rawDocuments.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Content Warehouse document creator
(roles/contentwarehouse.documentCreator )
Grants access to create document in Content Warehouse
|
contentwarehouse.documentSchemas.get
contentwarehouse.documentSchemas.list
contentwarehouse.documents.create
contentwarehouse.locations.getStatus
resourcemanager.projects.get
resourcemanager.projects.list
|
Content Warehouse Document Editor
(roles/contentwarehouse.documentEditor )
Grants access to update document resource in Content Warehouse
|
contentwarehouse.documentSchemas.get
contentwarehouse.documents.get
contentwarehouse.documents.getIamPolicy
contentwarehouse.documents.update
contentwarehouse.links.*
contentwarehouse.locations.getStatus
contentwarehouse.rawDocuments.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Content Warehouse document schema viewer
(roles/contentwarehouse.documentSchemaViewer )
Grants access to view the document schemas in Content Warehouse
|
contentwarehouse.documentSchemas.get
contentwarehouse.documentSchemas.list
contentwarehouse.locations.getStatus
resourcemanager.projects.get
resourcemanager.projects.list
|
Content Warehouse Viewer
(roles/contentwarehouse.documentViewer )
Grants access to view all the resources in Content Warehouse
|
contentwarehouse.documentSchemas.get
contentwarehouse.documents.get
contentwarehouse.documents.getIamPolicy
contentwarehouse.links.get
contentwarehouse.locations.getStatus
contentwarehouse.rawDocuments.download
resourcemanager.projects.get
resourcemanager.projects.list
|
Database center viewer
Beta
(roles/databasecenter.viewer )
Viewer role for Database Center resource data
|
cloudaicompanion.entitlements.get
databasecenter.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Events Service viewer
Beta
(roles/databaseinsights.eventsViewer )
Viewer role for Events Service data
|
databaseinsights.aggregatedEvents.query
databaseinsights.clusterEvents.query
databaseinsights.instanceEvents.query
|
Database Insights monitoring viewer
Beta
(roles/databaseinsights.monitoringViewer )
Viewer role for Database Insights monitoring data
|
databaseinsights.activeQueries.fetch
databaseinsights.activitySummary.fetch
databaseinsights.aggregatedStats.query
databaseinsights.locations.*
databaseinsights.timeSeries.query
databaseinsights.workloadRecommendations.fetch
resourcemanager.projects.get
resourcemanager.projects.list
|
Database Insights performing operations
Beta
(roles/databaseinsights.operationsAdmin )
Admin role for performing Database Insights operations
|
databaseinsights.activeQuery.terminate
|
Database Insights recommendation viewer
Beta
(roles/databaseinsights.recommendationViewer )
Viewer role for Database Insights recommendation data
|
databaseinsights.locations.*
databaseinsights.recommendations.query
databaseinsights.resourceRecommendations.query
databaseinsights.workloadRecommendations.fetch
resourcemanager.projects.get
resourcemanager.projects.list
|
Database Insights viewer
Beta
(roles/databaseinsights.viewer )
Viewer role for Database Insights data
|
databaseinsights.activeQueries.fetch
databaseinsights.activitySummary.fetch
databaseinsights.aggregatedStats.query
databaseinsights.locations.*
databaseinsights.recommendations.query
databaseinsights.resourceRecommendations.query
databaseinsights.timeSeries.query
databaseinsights.workloadRecommendations.fetch
resourcemanager.projects.get
resourcemanager.projects.list
|
Data Lineage Administrator
(roles/datalineage.admin )
Grants full access to all resources in Data Lineage API
|
datalineage.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Data Lineage Editor
(roles/datalineage.editor )
Grants edit access to all resources in Data Lineage API
|
datalineage.events.*
datalineage.locations.searchLinks
datalineage.operations.get
datalineage.processes.create
datalineage.processes.get
datalineage.processes.list
datalineage.processes.update
datalineage.runs.create
datalineage.runs.get
datalineage.runs.list
datalineage.runs.update
resourcemanager.projects.get
resourcemanager.projects.list
|
Data Lineage Events Producer
(roles/datalineage.producer )
Grants access to creating all resources in Data Lineage API
|
datalineage.events.create
datalineage.processes.create
datalineage.processes.get
datalineage.processes.update
datalineage.runs.create
datalineage.runs.get
datalineage.runs.update
resourcemanager.projects.get
resourcemanager.projects.list
|
Data Lineage Viewer
(roles/datalineage.viewer )
Grants read access to all resources in Data Lineage API
|
datalineage.events.get
datalineage.events.list
datalineage.locations.searchLinks
datalineage.processes.get
datalineage.processes.list
datalineage.runs.get
datalineage.runs.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Data Processing Controls Resource Admin
(roles/dataprocessing.admin )
Data processing controls admin who can fully manage data processing controls settings and view all datasource data.
|
billing.accounts.get
billing.accounts.list
dataprocessing.*
|
Data Processing Controls Data Source Manager
(roles/dataprocessing.dataSourceManager )
Data processing controls data source manager who can get, list, and update the underlying data.
|
dataprocessing.datasources.list
dataprocessing.datasources.update
|
Developer Connect Admin
Beta
(roles/developerconnect.admin )
Full access to Developer Connect resources.
|
developerconnect.connections.*
developerconnect.gitRepositoryLinks.create
developerconnect.gitRepositoryLinks.delete
developerconnect.gitRepositoryLinks.fetchGitRefs
developerconnect.gitRepositoryLinks.get
developerconnect.gitRepositoryLinks.list
developerconnect.locations.*
developerconnect.operations.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Developer Connect Read Token Accessor
Beta
(roles/developerconnect.readTokenAccessor )
Grants access to Read-Only tokens (both PAT and short-lived). Also grants access to view the git repository link.
|
developerconnect.connections.get
developerconnect.gitRepositoryLinks.fetchReadToken
developerconnect.gitRepositoryLinks.get
|
Developer Connect Token Accessor
Beta
(roles/developerconnect.tokenAccessor )
Grants access to Read/Write and Read-Only tokens (both PAT and short-lived). Also grants access to view the git repository link.
|
developerconnect.connections.get
developerconnect.gitRepositoryLinks.fetchReadToken
developerconnect.gitRepositoryLinks.fetchReadWriteToken
developerconnect.gitRepositoryLinks.get
|
Developer Connect User
Beta
(roles/developerconnect.user )
Grants access to view the connection and to the features that interact with the actual repository such as reading content from the repository
|
developerconnect.connections.fetchGitHubInstallations
developerconnect.connections.fetchLinkableGitRepositories
developerconnect.connections.get
developerconnect.connections.list
developerconnect.gitRepositoryLinks.fetchGitRefs
developerconnect.gitRepositoryLinks.get
developerconnect.gitRepositoryLinks.list
developerconnect.locations.*
developerconnect.operations.get
developerconnect.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Developer Connect Viewer
Beta
(roles/developerconnect.viewer )
Readonly access to Developer Connect resources.
|
developerconnect.connections.get
developerconnect.connections.list
developerconnect.gitRepositoryLinks.get
developerconnect.gitRepositoryLinks.list
developerconnect.locations.*
developerconnect.operations.get
developerconnect.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Discovery Engine Admin
(roles/discoveryengine.admin )
Grants full access to all discoveryengine resources.
|
discoveryengine.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Discovery Engine Editor
(roles/discoveryengine.editor )
Grants read and write access to all discovery engine resources.
|
discoveryengine.analytics.*
discoveryengine.branches.*
discoveryengine.cmekConfigs.get
discoveryengine.cmekConfigs.list
discoveryengine.collections.get
discoveryengine.collections.list
discoveryengine.completionConfigs.get
discoveryengine.controls.get
discoveryengine.controls.list
discoveryengine.conversations.*
discoveryengine.dataStores.completeQuery
discoveryengine.dataStores.get
discoveryengine.dataStores.list
discoveryengine.documentProcessingConfigs.get
discoveryengine.documents.create
discoveryengine.documents.delete
discoveryengine.documents.get
discoveryengine.documents.import
discoveryengine.documents.list
discoveryengine.documents.update
discoveryengine.engines.get
discoveryengine.engines.list
discoveryengine.engines.pause
discoveryengine.engines.resume
discoveryengine.engines.tune
discoveryengine.models.*
discoveryengine.operations.*
discoveryengine.projects.get
discoveryengine.schemas.get
discoveryengine.schemas.list
discoveryengine.schemas.preview
discoveryengine.schemas.validate
discoveryengine.servingConfigs.get
discoveryengine.servingConfigs.list
discoveryengine.servingConfigs.recommend
discoveryengine.servingConfigs.search
discoveryengine.siteSearchEngines.get
discoveryengine.targetSites.get
discoveryengine.targetSites.list
discoveryengine.userEvents.create
discoveryengine.userEvents.fetchStats
discoveryengine.userEvents.import
discoveryengine.widgetConfigs.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Discovery Engine Viewer
(roles/discoveryengine.viewer )
Grants read access to all discovery engine resources.
|
discoveryengine.analytics.*
discoveryengine.branches.*
discoveryengine.cmekConfigs.get
discoveryengine.cmekConfigs.list
discoveryengine.collections.get
discoveryengine.collections.list
discoveryengine.completionConfigs.get
discoveryengine.controls.get
discoveryengine.controls.list
discoveryengine.conversations.converse
discoveryengine.conversations.get
discoveryengine.conversations.list
discoveryengine.dataStores.completeQuery
discoveryengine.dataStores.get
discoveryengine.dataStores.list
discoveryengine.documentProcessingConfigs.get
discoveryengine.documents.get
discoveryengine.documents.list
discoveryengine.engines.get
discoveryengine.engines.list
discoveryengine.models.get
discoveryengine.models.list
discoveryengine.operations.*
discoveryengine.projects.get
discoveryengine.schemas.get
discoveryengine.schemas.list
discoveryengine.schemas.preview
discoveryengine.schemas.validate
discoveryengine.servingConfigs.get
discoveryengine.servingConfigs.list
discoveryengine.servingConfigs.recommend
discoveryengine.servingConfigs.search
discoveryengine.siteSearchEngines.get
discoveryengine.targetSites.get
discoveryengine.targetSites.list
discoveryengine.userEvents.fetchStats
discoveryengine.widgetConfigs.get
resourcemanager.projects.get
resourcemanager.projects.list
|
Enterprise Purchasing Admin
Beta
(roles/enterprisepurchasing.admin )
Full access to Enterprise Purchasing resources.
|
enterprisepurchasing.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Enterprise Purchasing Editor
Beta
(roles/enterprisepurchasing.editor )
Edit access to Enterprise Purchasing resources.
|
enterprisepurchasing.gcveCuds.get
enterprisepurchasing.gcveCuds.list
enterprisepurchasing.gcveNodePricingInfo.list
enterprisepurchasing.locations.*
enterprisepurchasing.operations.get
enterprisepurchasing.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Enterprise Purchasing Viewer
Beta
(roles/enterprisepurchasing.viewer )
Readonly access to Enterprise Purchasing resources.
|
enterprisepurchasing.gcveCuds.get
enterprisepurchasing.gcveCuds.list
enterprisepurchasing.gcveNodePricingInfo.list
enterprisepurchasing.locations.*
enterprisepurchasing.operations.get
enterprisepurchasing.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
(roles/essentialcontacts.admin )
Full access to all essential contacts
|
essentialcontacts.*
|
(roles/essentialcontacts.viewer )
Viewer for all essential contacts
|
essentialcontacts.contacts.get
essentialcontacts.contacts.list
|
Firebase Cloud Messaging API Admin
Beta
(roles/firebasecloudmessaging.admin )
Full read/write access to Firebase Cloud Messaging API resources.
|
cloudmessaging.messages.create
fcmdata.deliverydata.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Firebase Crash Symbol Uploader
(roles/firebasecrash.symbolMappingsAdmin )
Full read/write access to symbol mapping file resources for Firebase Crash Reporting.
|
firebase.clients.get
firebase.clients.list
resourcemanager.projects.get
|
GDC Hardware Management Admin
Beta
(roles/gdchardwaremanagement.admin )
Full access to GDC Hardware Management resources.
|
gdchardwaremanagement.*
resourcemanager.projects.get
resourcemanager.projects.list
|
GDC Hardware Management Operator
Beta
(roles/gdchardwaremanagement.operator )
Create, read, and update access to GDC Hardware Management resources that support those operations. Also grants delete access to HardwareGroup resource.
|
gdchardwaremanagement.changeLogEntries.*
gdchardwaremanagement.comments.*
gdchardwaremanagement.hardware.*
gdchardwaremanagement.hardwareGroups.*
gdchardwaremanagement.locations.*
gdchardwaremanagement.operations.get
gdchardwaremanagement.operations.list
gdchardwaremanagement.orders.create
gdchardwaremanagement.orders.get
gdchardwaremanagement.orders.list
gdchardwaremanagement.orders.update
gdchardwaremanagement.sites.*
gdchardwaremanagement.skus.*
gdchardwaremanagement.zones.*
resourcemanager.projects.get
resourcemanager.projects.list
|
GDC Hardware Management Reader
Beta
(roles/gdchardwaremanagement.reader )
Readonly access to GDC Hardware Management resources.
|
gdchardwaremanagement.changeLogEntries.*
gdchardwaremanagement.comments.get
gdchardwaremanagement.comments.list
gdchardwaremanagement.hardware.get
gdchardwaremanagement.hardware.list
gdchardwaremanagement.hardwareGroups.get
gdchardwaremanagement.hardwareGroups.list
gdchardwaremanagement.locations.*
gdchardwaremanagement.operations.get
gdchardwaremanagement.operations.list
gdchardwaremanagement.orders.get
gdchardwaremanagement.orders.list
gdchardwaremanagement.sites.get
gdchardwaremanagement.sites.list
gdchardwaremanagement.skus.*
gdchardwaremanagement.zones.get
gdchardwaremanagement.zones.list
resourcemanager.projects.get
resourcemanager.projects.list
|
(roles/identityplatform.admin )
Full access to Identity Platform resources.
|
firebaseauth.*
identitytoolkit.*
|
(roles/identityplatform.viewer )
Read access to Identity Platform resources.
|
firebaseauth.configs.get
firebaseauth.users.get
identitytoolkit.tenants.get
identitytoolkit.tenants.getIamPolicy
identitytoolkit.tenants.list
|
(roles/identitytoolkit.admin )
Full access to Identity Toolkit resources.
|
firebaseauth.*
identitytoolkit.*
|
(roles/identitytoolkit.viewer )
Read access to Identity Toolkit resources.
|
firebaseauth.configs.get
firebaseauth.users.get
identitytoolkit.tenants.get
identitytoolkit.tenants.getIamPolicy
identitytoolkit.tenants.list
|
Apigee Integration Admin
(roles/integrations.apigeeIntegrationAdminRole )
A user that has full access to all Apigee integrations.
|
connectors.actions.*
connectors.connections.executeSqlQuery
connectors.entities.*
connectors.entityTypes.list
integrations.apigeeAuthConfigs.*
integrations.apigeeCertificates.*
integrations.apigeeExecutions.list
integrations.apigeeIntegrationVers.*
integrations.apigeeIntegrations.*
integrations.apigeeSfdcChannels.*
integrations.apigeeSfdcInstances.*
integrations.apigeeSuspensions.*
integrations.authConfigs.*
integrations.certificates.*
integrations.executions.*
integrations.integrationVersions.create
integrations.integrationVersions.delete
integrations.integrationVersions.deploy
integrations.integrationVersions.get
integrations.integrationVersions.list
integrations.integrationVersions.update
integrations.integrations.*
integrations.sfdcChannels.*
integrations.sfdcInstances.*
integrations.suspensions.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Apigee Integration Deployer
(roles/integrations.apigeeIntegrationDeployerRole )
A developer that can deploy/undeploy Apigee integrations to the integration runtime.
|
integrations.apigeeIntegrationVers.deploy
integrations.apigeeIntegrationVers.get
integrations.apigeeIntegrationVers.list
integrations.apigeeIntegrations.list
integrations.integrationVersions.deploy
integrations.integrationVersions.get
integrations.integrationVersions.list
integrations.integrations.deploy
integrations.integrations.get
integrations.integrations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Apigee Integration Editor
(roles/integrations.apigeeIntegrationEditorRole )
A developer that can list, create and update Apigee integrations.
|
connectors.actions.*
connectors.connections.executeSqlQuery
connectors.entities.*
connectors.entityTypes.list
integrations.apigeeAuthConfigs.create
integrations.apigeeAuthConfigs.get
integrations.apigeeAuthConfigs.list
integrations.apigeeAuthConfigs.update
integrations.apigeeCertificates.create
integrations.apigeeCertificates.get
integrations.apigeeCertificates.list
integrations.apigeeCertificates.update
integrations.apigeeExecutions.list
integrations.apigeeIntegrationVers.*
integrations.apigeeIntegrations.*
integrations.apigeeSfdcChannels.create
integrations.apigeeSfdcChannels.get
integrations.apigeeSfdcChannels.list
integrations.apigeeSfdcChannels.update
integrations.apigeeSfdcInstances.create
integrations.apigeeSfdcInstances.get
integrations.apigeeSfdcInstances.list
integrations.apigeeSfdcInstances.update
integrations.authConfigs.create
integrations.authConfigs.get
integrations.authConfigs.list
integrations.authConfigs.update
integrations.certificates.get
integrations.executions.*
integrations.integrationVersions.create
integrations.integrationVersions.delete
integrations.integrationVersions.deploy
integrations.integrationVersions.get
integrations.integrationVersions.list
integrations.integrationVersions.update
integrations.integrations.create
integrations.integrations.get
integrations.integrations.invoke
integrations.integrations.list
integrations.integrations.update
integrations.sfdcChannels.*
integrations.sfdcInstances.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Apigee Integration Invoker
(roles/integrations.apigeeIntegrationInvokerRole )
A role that can invoke Apigee integrations.
|
connectors.actions.*
connectors.connections.executeSqlQuery
connectors.entities.*
connectors.entityTypes.list
integrations.apigeeExecutions.list
integrations.apigeeIntegrationVers.get
integrations.apigeeIntegrationVers.list
integrations.apigeeIntegrations.*
integrations.executions.*
integrations.integrationVersions.get
integrations.integrationVersions.invoke
integrations.integrationVersions.list
integrations.integrations.get
integrations.integrations.invoke
integrations.integrations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Apigee Integration Viewer
(roles/integrations.apigeeIntegrationsViewer )
A developer that can list and view Apigee integrations.
|
integrations.apigeeAuthConfigs.list
integrations.apigeeCertificates.list
integrations.apigeeIntegrationVers.get
integrations.apigeeIntegrationVers.list
integrations.apigeeIntegrations.list
integrations.apigeeSfdcChannels.list
integrations.apigeeSfdcInstances.list
integrations.authConfigs.get
integrations.authConfigs.list
integrations.certificates.get
integrations.certificates.list
integrations.executions.*
integrations.integrationVersions.get
integrations.integrationVersions.list
integrations.integrations.get
integrations.integrations.list
integrations.sfdcChannels.list
integrations.sfdcInstances.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Apigee Integration Approver
(roles/integrations.apigeeSuspensionResolver )
A role that can approve / reject Apigee integrations that contain a suspension/wait task.
|
integrations.apigeeSuspensions.*
integrations.suspensions.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Certificate Viewer
(roles/integrations.certificateViewer )
A developer that can list and view Certificates.
|
integrations.certificates.get
resourcemanager.projects.get
resourcemanager.projects.list
|
Application Integration Admin
(roles/integrations.integrationAdmin )
A user that has full access (CRUD) to all integrations.
|
integrations.apigeeAuthConfigs.*
integrations.apigeeCertificates.*
integrations.apigeeExecutions.list
integrations.apigeeIntegrationVers.*
integrations.apigeeIntegrations.*
integrations.apigeeSfdcChannels.*
integrations.apigeeSfdcInstances.*
integrations.apigeeSuspensions.*
integrations.authConfigs.*
integrations.certificates.*
integrations.executions.*
integrations.integrationVersions.create
integrations.integrationVersions.delete
integrations.integrationVersions.deploy
integrations.integrationVersions.get
integrations.integrationVersions.list
integrations.integrationVersions.update
integrations.integrations.*
integrations.sfdcChannels.*
integrations.sfdcInstances.*
integrations.suspensions.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Application Integration Deployer
(roles/integrations.integrationDeployer )
A developer that can deploy/undeploy integrations to the integration runtime.
|
integrations.apigeeIntegrationVers.deploy
integrations.apigeeIntegrationVers.get
integrations.apigeeIntegrationVers.list
integrations.apigeeIntegrations.list
integrations.integrationVersions.deploy
integrations.integrationVersions.get
integrations.integrationVersions.list
integrations.integrations.deploy
integrations.integrations.get
integrations.integrations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Application Integration Editor
(roles/integrations.integrationEditor )
A developer that can list, create and update integrations.
|
integrations.apigeeAuthConfigs.create
integrations.apigeeAuthConfigs.get
integrations.apigeeAuthConfigs.list
integrations.apigeeAuthConfigs.update
integrations.apigeeCertificates.create
integrations.apigeeCertificates.get
integrations.apigeeCertificates.list
integrations.apigeeCertificates.update
integrations.apigeeExecutions.list
integrations.apigeeIntegrationVers.*
integrations.apigeeIntegrations.*
integrations.apigeeSfdcChannels.create
integrations.apigeeSfdcChannels.get
integrations.apigeeSfdcChannels.list
integrations.apigeeSfdcChannels.update
integrations.apigeeSfdcInstances.create
integrations.apigeeSfdcInstances.get
integrations.apigeeSfdcInstances.list
integrations.apigeeSfdcInstances.update
integrations.authConfigs.create
integrations.authConfigs.get
integrations.authConfigs.list
integrations.authConfigs.update
integrations.certificates.get
integrations.executions.*
integrations.integrationVersions.create
integrations.integrationVersions.delete
integrations.integrationVersions.deploy
integrations.integrationVersions.get
integrations.integrationVersions.list
integrations.integrationVersions.update
integrations.integrations.create
integrations.integrations.get
integrations.integrations.invoke
integrations.integrations.list
integrations.integrations.update
integrations.sfdcChannels.*
integrations.sfdcInstances.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Application Integration Invoker
(roles/integrations.integrationInvoker )
A role that can invoke integrations.
|
integrations.apigeeExecutions.list
integrations.apigeeIntegrationVers.get
integrations.apigeeIntegrationVers.list
integrations.apigeeIntegrations.*
integrations.executions.*
integrations.integrationVersions.get
integrations.integrationVersions.invoke
integrations.integrationVersions.list
integrations.integrations.get
integrations.integrations.invoke
integrations.integrations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Application Integration Viewer
(roles/integrations.integrationViewer )
A developer that can list and view integrations.
|
integrations.apigeeAuthConfigs.list
integrations.apigeeCertificates.list
integrations.apigeeIntegrationVers.get
integrations.apigeeIntegrationVers.list
integrations.apigeeIntegrations.list
integrations.apigeeSfdcChannels.list
integrations.apigeeSfdcInstances.list
integrations.authConfigs.get
integrations.authConfigs.list
integrations.certificates.get
integrations.certificates.list
integrations.executions.*
integrations.integrationVersions.get
integrations.integrationVersions.list
integrations.integrations.get
integrations.integrations.list
integrations.sfdcChannels.list
integrations.sfdcInstances.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Security Integration Admin
Beta
(roles/integrations.securityIntegrationAdmin )
A user that has full access to all Security integrations.
|
integrations.securityAuthConfigs.*
integrations.securityExecutions.*
integrations.securityIntegTempVers.*
integrations.securityIntegrationVers.*
integrations.securityIntegrations.*
|
Application Integration SFDC Instance Admin
(roles/integrations.sfdcInstanceAdmin )
A user that has full access (CRUD) to all SFDC instances.
|
integrations.sfdcChannels.*
integrations.sfdcInstances.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Application Integration SFDC Instance Editor
(roles/integrations.sfdcInstanceEditor )
A developer that can list, create and update integrations.
|
integrations.sfdcChannels.create
integrations.sfdcChannels.get
integrations.sfdcChannels.list
integrations.sfdcChannels.update
integrations.sfdcInstances.create
integrations.sfdcInstances.get
integrations.sfdcInstances.list
integrations.sfdcInstances.update
resourcemanager.projects.get
resourcemanager.projects.list
|
Application Integration SFDC Instance Viewer
(roles/integrations.sfdcInstanceViewer )
A developer that can list and view SFDC instances.
|
integrations.sfdcChannels.get
integrations.sfdcChannels.list
integrations.sfdcInstances.get
integrations.sfdcInstances.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Application Integration Approver
(roles/integrations.suspensionResolver )
A role that can resolve suspended integrations.
|
integrations.apigeeSuspensions.*
integrations.suspensions.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Issuerswitch Account Manager Admin
Beta
(roles/issuerswitch.accountManagerAdmin )
This role can perform all account manager related operations
|
issuerswitch.accountManagerTransactions.*
issuerswitch.managedAccounts.*
issuerswitch.operations.get
issuerswitch.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Issuerswitch Account Manager Transactions Admin
Beta
(roles/issuerswitch.accountManagerTransactionsAdmin )
This role can perform all account manager transactions related operations
|
issuerswitch.accountManagerTransactions.*
issuerswitch.operations.get
issuerswitch.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Issuerswitch Account Manager Transactions Viewer
Beta
(roles/issuerswitch.accountManagerTransactionsViewer )
This role can view all account manager transactions
|
issuerswitch.accountManagerTransactions.list
issuerswitch.operations.get
issuerswitch.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Issuerswitch Admin
Beta
(roles/issuerswitch.admin )
Access to all issuer switch roles
|
issuerswitch.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Issuerswitch Participants Admin
Beta
(roles/issuerswitch.issuerParticipantsAdmin )
Full access to issuer switch participants
|
issuerswitch.issuerParticipants.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Issuerswitch Resolutions Admin
Beta
(roles/issuerswitch.resolutionsAdmin )
Full access to issuer switch resolutions
|
issuerswitch.complaintTransactions.list
issuerswitch.complaints.*
issuerswitch.disputes.*
issuerswitch.operations.get
resourcemanager.projects.get
resourcemanager.projects.list
|
Issuerswitch Rules Admin
Beta
(roles/issuerswitch.rulesAdmin )
Full access to issuer switch rules
|
issuerswitch.ruleMetadata.list
issuerswitch.ruleMetadataValues.*
issuerswitch.rules.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Issuerswitch Rules Viewer
Beta
(roles/issuerswitch.rulesViewer )
This role can view rules and related metadata.
|
issuerswitch.ruleMetadata.list
issuerswitch.ruleMetadataValues.list
issuerswitch.rules.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Issuerswitch Transactions Viewer
Beta
(roles/issuerswitch.transactionsViewer )
This role can view all transactions
|
issuerswitch.complaintTransactions.list
issuerswitch.financialTransactions.list
issuerswitch.mandateTransactions.list
issuerswitch.metadataTransactions.list
issuerswitch.operations.get
issuerswitch.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
(roles/kubernetesmetadata.publisher )
Publisher of Kubernetes clusters metadata
|
kubernetesmetadata.*
|
Mandiant Attack Surface Management Editor
Beta
(roles/mandiant.attackSurfaceManagementEditor )
Access to write Attack Surface Management
|
mandiant.genericAttackSurfaceManagements.create
mandiant.genericAttackSurfaceManagements.delete
mandiant.genericAttackSurfaceManagements.update
mandiant.genericPlatforms.create
mandiant.genericPlatforms.delete
mandiant.genericPlatforms.update
resourcemanager.projects.get
resourcemanager.projects.list
|
Mandiant Attack Surface Management Viewer
Beta
(roles/mandiant.attackSurfaceManagementViewer )
Access to read Attack Surface Management
|
mandiant.genericAttackSurfaceManagements.get
mandiant.genericPlatforms.get
resourcemanager.projects.get
resourcemanager.projects.list
|
Mandiant Digital Threat Monitoring Editor
Beta
(roles/mandiant.digitalThreatMonitoringEditor )
Access to write Digital Threat Monitoring
|
mandiant.genericDigitalThreatMonitorings.create
mandiant.genericDigitalThreatMonitorings.update
mandiant.genericPlatforms.create
mandiant.genericPlatforms.update
resourcemanager.projects.get
resourcemanager.projects.list
|
Mandiant Digital Threat Monitoring Viewer
Beta
(roles/mandiant.digitalThreatMonitoringViewer )
Access to read Digital Threat Monitoring
|
mandiant.genericDigitalThreatMonitorings.get
mandiant.genericPlatforms.get
resourcemanager.projects.get
resourcemanager.projects.list
|
Mandiant Expertise On Demand Editor
Beta
(roles/mandiant.expertiseOnDemandEditor )
Access to write Expertise On Demand
|
mandiant.genericExpertiseOnDemands.create
mandiant.genericExpertiseOnDemands.delete
mandiant.genericExpertiseOnDemands.update
mandiant.genericPlatforms.create
mandiant.genericPlatforms.delete
mandiant.genericPlatforms.update
resourcemanager.projects.get
resourcemanager.projects.list
|
Mandiant Expertise On Demand Viewer
Beta
(roles/mandiant.expertiseOnDemandViewer )
Access to read Expertise On Demand
|
mandiant.genericExpertiseOnDemands.get
mandiant.genericPlatforms.get
resourcemanager.projects.get
resourcemanager.projects.list
|
Mandiant Threat Intel Editor
Beta
(roles/mandiant.threatIntelEditor )
Access to write Threat Intel
|
mandiant.genericPlatforms.create
mandiant.genericPlatforms.delete
mandiant.genericPlatforms.update
mandiant.genericThreatIntels.create
mandiant.genericThreatIntels.delete
mandiant.genericThreatIntels.update
resourcemanager.projects.get
resourcemanager.projects.list
|
Mandiant Threat Intel Viewer
Beta
(roles/mandiant.threatIntelViewer )
Access to read Threat Intel
|
mandiant.genericPlatforms.get
mandiant.genericThreatIntels.get
resourcemanager.projects.get
resourcemanager.projects.list
|
Mandiant Validation Editor
Beta
(roles/mandiant.validationEditor )
Access to write Validation
|
mandiant.genericPlatforms.create
mandiant.genericPlatforms.delete
mandiant.genericPlatforms.update
mandiant.genericValidations.create
mandiant.genericValidations.delete
mandiant.genericValidations.update
resourcemanager.projects.get
resourcemanager.projects.list
|
Mandiant Validation Viewer
Beta
(roles/mandiant.validationViewer )
Access to read Validation
|
mandiant.genericPlatforms.get
mandiant.genericValidations.get
resourcemanager.projects.get
resourcemanager.projects.list
|
Maps Analytics Viewer
Beta
(roles/mapsanalytics.viewer )
Grants read-only access to all of the Maps Analytics resources.
|
mapsanalytics.*
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.services.list
|
(roles/mapsplatformdatasets.admin )
Grants read and write access to all the Maps Platform Datasets API resources
|
mapsadmin.clientStyles.*
mapsplatformdatasets.*
resourcemanager.projects.get
resourcemanager.projects.list
|
(roles/mapsplatformdatasets.viewer )
Grants read-only access to all the Maps Platform Datasets API resources
|
mapsadmin.clientStyles.get
mapsadmin.clientStyles.list
mapsplatformdatasets.datasets.export
mapsplatformdatasets.datasets.get
mapsplatformdatasets.datasets.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Marketplace Solutions Admin
Beta
(roles/marketplacesolutions.admin )
Full access to Marketplace Solutions resources.
|
marketplacesolutions.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Marketplace Solutions Editor
Beta
(roles/marketplacesolutions.editor )
Edit access to Marketplace Solutions resources.
|
marketplacesolutions.locations.*
marketplacesolutions.operations.get
marketplacesolutions.operations.list
marketplacesolutions.powerImages.*
marketplacesolutions.powerInstances.get
marketplacesolutions.powerInstances.list
marketplacesolutions.powerInstances.update
marketplacesolutions.powerNetworks.*
marketplacesolutions.powerSshKeys.*
marketplacesolutions.powerVolumes.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Marketplace Solutions Viewer
Beta
(roles/marketplacesolutions.viewer )
Readonly access to Marketplace Solutions resources.
|
marketplacesolutions.locations.*
marketplacesolutions.operations.get
marketplacesolutions.operations.list
marketplacesolutions.powerImages.*
marketplacesolutions.powerInstances.get
marketplacesolutions.powerInstances.list
marketplacesolutions.powerNetworks.*
marketplacesolutions.powerSshKeys.*
marketplacesolutions.powerVolumes.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Google Home Developer Console Admin
(roles/nestconsole.homeDeveloperAdmin )
Admin access to Google Home Developer Console resources
|
nestconsole.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Google Home Developer Console Editor
(roles/nestconsole.homeDeveloperEditor )
Read-Write access to Google Home Developer Console resources
|
nestconsole.smarthomePreviews.update
nestconsole.smarthomeProjects.get
nestconsole.smarthomeProjects.update
nestconsole.smarthomeVersions.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Google Home Developer Console Reader
(roles/nestconsole.homeDeveloperViewer )
Read-only access to Google Home Developer Console resources
|
nestconsole.smarthomeProjects.get
nestconsole.smarthomeVersions.get
resourcemanager.projects.get
resourcemanager.projects.list
|
Google Cloud NetApp Volumes Admin
Beta
(roles/netapp.admin )
Full access to Google Cloud NetApp Volumes resources.
|
netapp.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Google Cloud NetApp Volumes Viewer
Beta
(roles/netapp.viewer )
Readonly access to Google Cloud NetApp Volumes resources.
|
netapp.activeDirectories.get
netapp.activeDirectories.list
netapp.backupPolicies.get
netapp.backupPolicies.list
netapp.backupVaults.get
netapp.backupVaults.list
netapp.backups.get
netapp.backups.list
netapp.kmsConfigs.get
netapp.kmsConfigs.list
netapp.replications.get
netapp.replications.list
netapp.snapshots.get
netapp.snapshots.list
netapp.storagePools.get
netapp.storagePools.list
netapp.volumes.get
netapp.volumes.list
resourcemanager.projects.get
resourcemanager.projects.list
|
OAuth Config Editor
Beta
(roles/oauthconfig.editor )
Read/write access to OAuth config resources
|
clientauthconfig.*
oauthconfig.*
|
OAuth Config Viewer
Beta
(roles/oauthconfig.viewer )
Read-only access to OAuth config resources
|
clientauthconfig.brands.get
clientauthconfig.brands.list
clientauthconfig.clients.get
clientauthconfig.clients.list
oauthconfig.clientpolicy.get
oauthconfig.testusers.get
oauthconfig.verification.get
|
Payments Reseller Admin
Beta
(roles/paymentsresellersubscription.partnerAdmin )
Full access to all Payments Reseller resources, including subscriptions, products and promotions
|
paymentsresellersubscription.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Payments Reseller Viewer
Beta
(roles/paymentsresellersubscription.partnerViewer )
Read access to all Payments Reseller resources, including subscriptions, products and promotions
|
paymentsresellersubscription.products.list
paymentsresellersubscription.promotions.list
paymentsresellersubscription.subscriptions.get
resourcemanager.projects.get
resourcemanager.projects.list
|
Payments Reseller Products Viewer
Beta
(roles/paymentsresellersubscription.productViewer )
Read access to Payments Reseller Product resource
|
paymentsresellersubscription.products.list
resourcemanager.projects.get
resourcemanager.projects.list
|
(roles/paymentsresellersubscription.promotionViewer )
Read access to Payments Reseller Promotion resource
|
paymentsresellersubscription.promotions.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Payments Reseller Subscriptions Editor
Beta
(roles/paymentsresellersubscription.subscriptionEditor )
Write access to Payments Reseller Subscription resource
|
paymentsresellersubscription.subscriptions.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Payments Reseller Subscriptions Viewer
Beta
(roles/paymentsresellersubscription.subscriptionViewer )
Read access to Payments Reseller Subscription resource
|
paymentsresellersubscription.subscriptions.get
resourcemanager.projects.get
resourcemanager.projects.list
|
Activity Analysis Viewer
Beta
(roles/policyanalyzer.activityAnalysisViewer )
Viewer user that can read all activity analysis.
|
policyanalyzer.*
|
(roles/policyremediatormanager.policyRemediatorAdmin )
Grants the ability to enable and disable the usage of the policy remediator for the organization
|
policyremediatormanager.*
|
(roles/policyremediatormanager.policyRemediatorReader )
Grants the ability to read/view the state of the policy remediator for the organization
|
policyremediatormanager.locations.*
policyremediatormanager.operations.get
policyremediatormanager.operations.list
policyremediatormanager.remediatorServices.get
|
Simulator Admin
Beta
(roles/policysimulator.admin )
Admin user that can run and access replays.
|
policysimulator.replayResults.list
policysimulator.replays.*
|
OrgPolicy Simulator Admin
Beta
(roles/policysimulator.orgPolicyAdmin )
OrgPolicy Admin that can run and access simulations.
|
cloudasset.assets.analyzeOrgPolicy
cloudasset.assets.exportResource
cloudasset.assets.listResource
cloudasset.assets.searchAllResources
orgpolicy.customConstraints.get
orgpolicy.customConstraints.list
orgpolicy.policies.list
orgpolicy.policy.get
policysimulator.orgPolicyViolations.list
policysimulator.orgPolicyViolationsPreviews.*
resourcemanager.organizations.get
|
External Account Key Creator
Beta
(roles/publicca.externalAccountKeyCreator )
This role can create a new externalAccountKey resource.
|
publicca.externalAccountKeys.create
resourcemanager.projects.get
resourcemanager.projects.list
|
Subscription Linking Admin
(roles/readerrevenuesubscriptionlinking.admin )
Full access to publication reader resources
|
readerrevenuesubscriptionlinking.*
resourcemanager.projects.get
resourcemanager.projects.list
|
Subscription Linking Entitlements Viewer
(roles/readerrevenuesubscriptionlinking.entitlementsViewer )
This role can view all publication reader entitlements
|
readerrevenuesubscriptionlinking.readerEntitlements.get
|
Subscription Linking Viewer
(roles/readerrevenuesubscriptionlinking.viewer )
This role can view all publication reader resources
|
readerrevenuesubscriptionlinking.readerEntitlements.get
readerrevenuesubscriptionlinking.readers.get
resourcemanager.projects.get
resourcemanager.projects.list
|
Recommendations Exporter
(roles/recommender.exporter )
Exporter of Recommendations
|
recommender.resources.export
|
Remote Build Execution Action Cache Writer
Beta
(roles/remotebuildexecution.actionCacheWriter )
Remote Build Execution Action Cache Writer
|
remotebuildexecution.actions.set
remotebuildexecution.blobs.create
|
Remote Build Execution Artifact Admin
Beta
(roles/remotebuildexecution.artifactAdmin )
Remote Build Execution Artifact Admin
|
remotebuildexecution.actions.create
remotebuildexecution.actions.delete
remotebuildexecution.actions.get
remotebuildexecution.blobs.*
remotebuildexecution.logstreams.*
|
Remote Build Execution Artifact Creator
Beta
(roles/remotebuildexecution.artifactCreator )
Remote Build Execution Artifact Creator
|
remotebuildexecution.actions.create
remotebuildexecution.actions.get
remotebuildexecution.blobs.*
remotebuildexecution.logstreams.*
|
Remote Build Execution Artifact Viewer
Beta
(roles/remotebuildexecution.artifactViewer )
Remote Build Execution Artifact Viewer
|
remotebuildexecution.actions.get
remotebuildexecution.blobs.get
remotebuildexecution.logstreams.get
|
Remote Build Execution Configuration Admin
Beta
(roles/remotebuildexecution.configurationAdmin )
Remote Build Execution Configuration Admin
|
remotebuildexecution.instances.*
remotebuildexecution.workerpools.*
|
Remote Build Execution Configuration Viewer
Beta
(roles/remotebuildexecution.configurationViewer )
Remote Build Execution Configuration Viewer
|
remotebuildexecution.instances.get
remotebuildexecution.instances.list
remotebuildexecution.workerpools.get
remotebuildexecution.workerpools.list
|
Remote Build Execution Logstream Writer
Beta
(roles/remotebuildexecution.logstreamWriter )
Remote Build Execution Logstream Writer
|
remotebuildexecution.logstreams.create
remotebuildexecution.logstreams.update
|
Remote Build Execution Reservation Admin
Beta
(roles/remotebuildexecution.reservationAdmin )
Remote Build Execution Reservation Admin
|
remotebuildexecution.actions.create
remotebuildexecution.actions.delete
remotebuildexecution.actions.get
|
Remote Build Execution Worker
Beta
(roles/remotebuildexecution.worker )
Remote Build Execution Worker
|
remotebuildexecution.actions.update
remotebuildexecution.blobs.*
remotebuildexecution.botsessions.*
remotebuildexecution.logstreams.create
remotebuildexecution.logstreams.update
|
Retail Admin
(roles/retail.admin )
Full access to Retail api resources.
|
automlrecommendations.apiKeys.create
automlrecommendations.apiKeys.delete
automlrecommendations.catalogItems.*
automlrecommendations.catalogs.*
automlrecommendations.eventStores.getStats
automlrecommendations.events.create
automlrecommendations.events.list
automlrecommendations.events.purge
automlrecommendations.events.rejoin
automlrecommendations.placements.*
automlrecommendations.recommendations.*
retail.*
|
Retail Editor
(roles/retail.editor )
Full access to Retail api resources except purge, rejoin, and setSponsorship.
|
automlrecommendations.apiKeys.create
automlrecommendations.apiKeys.delete
automlrecommendations.catalogItems.*
automlrecommendations.catalogs.*
automlrecommendations.eventStores.getStats
automlrecommendations.events.create
automlrecommendations.events.list
automlrecommendations.placements.*
automlrecommendations.recommendations.*
retail.attributesConfigs.addCatalogAttribute
retail.attributesConfigs.exportCatalogAttributes
retail.attributesConfigs.get
retail.attributesConfigs.importCatalogAttributes
retail.attributesConfigs.replaceCatalogAttribute
retail.attributesConfigs.update
retail.catalogs.*
retail.controls.*
retail.experiments.*
retail.models.*
retail.operations.*
retail.placements.*
retail.products.create
retail.products.delete
retail.products.export
retail.products.get
retail.products.import
retail.products.list
retail.products.update
retail.retailProjects.get
retail.servingConfigs.*
retail.userEvents.create
retail.userEvents.import
|
Retail Viewer
(roles/retail.viewer )
Grants access to read all resources in Retail.
|
automlrecommendations.catalogItems.get
automlrecommendations.catalogItems.list
automlrecommendations.catalogs.getStats
automlrecommendations.catalogs.list
automlrecommendations.eventStores.getStats
automlrecommendations.events.list
automlrecommendations.placements.getStats
automlrecommendations.placements.list
automlrecommendations.recommendations.list
retail.attributesConfigs.exportCatalogAttributes
retail.attributesConfigs.get
retail.catalogs.completeQuery
retail.catalogs.exportAnalyticsMetrics
retail.catalogs.list
retail.controls.export
retail.controls.get
retail.controls.list
retail.experiments.get
retail.experiments.list
retail.experiments.loadExperimentLookerDashboard
retail.experiments.queryTrafficMetrics
retail.models.get
retail.models.list
retail.operations.*
retail.placements.*
retail.products.export
retail.products.get
retail.products.list
retail.retailProjects.get
retail.servingConfigs.get
retail.servingConfigs.list
retail.servingConfigs.predict
retail.servingConfigs.search
|
RISC Configuration Admin
Beta
(roles/riscconfigs.admin )
Read/write access to RISC config resources.
|
clientauthconfig.clients.list
riscconfigurationservice.*
|
RISC Configuration Viewer
Beta
(roles/riscconfigs.viewer )
Read-only access to RISC config resources.
|
clientauthconfig.clients.list
riscconfigurationservice.riscconfigs.get
|
Route Optimization Editor
(roles/routeoptimization.editor )
This role can create long-running operations via BatchOptimizeTours.
|
resourcemanager.projects.get
resourcemanager.projects.list
routeoptimization.*
|
Route Optimization Viewer
(roles/routeoptimization.viewer )
This role can view any long-running Operations.
|
resourcemanager.projects.get
resourcemanager.projects.list
routeoptimization.operations.get
|
Serverless Integrations Developer
Beta
(roles/runapps.developer )
Access to create and change Serverless Integrations and their configuration.
|
resourcemanager.projects.get
resourcemanager.projects.list
runapps.applications.*
runapps.deployments.get
runapps.deployments.list
runapps.locations.*
runapps.operations.*
|
Serverless Integrations Operator
Beta
(roles/runapps.operator )
Access to deploy Serverless Integrations.
|
resourcemanager.projects.get
resourcemanager.projects.list
runapps.applications.get
runapps.applications.getStatus
runapps.applications.list
runapps.deployments.*
runapps.locations.*
runapps.operations.*
|
Serverless Integrations Viewer
Beta
(roles/runapps.viewer )
Read-only access to Serverless Integrations resources.
|
resourcemanager.projects.get
resourcemanager.projects.list
runapps.applications.get
runapps.applications.getStatus
runapps.applications.list
runapps.deployments.get
runapps.deployments.list
runapps.locations.*
runapps.operations.get
runapps.operations.list
|
Cloud RuntimeConfig Admin
(roles/runtimeconfig.admin )
Full access to RuntimeConfig resources.
|
runtimeconfig.*
|
(roles/securedlandingzone.bqdwOrgRemediator )
Access to modify (remediate) resources in SLZ BQDW Blueprint at Organization.
|
accesscontextmanager.servicePerimeters.get
accesscontextmanager.servicePerimeters.list
accesscontextmanager.servicePerimeters.update
|
(roles/securedlandingzone.bqdwProjectRemediator )
Access to modify (remediate) resources in SLZ BQDW Blueprint at Project.
|
bigquery.datasets.get
bigquery.datasets.getIamPolicy
bigquery.datasets.setIamPolicy
bigquery.datasets.update
cloudkms.cryptoKeys.get
cloudkms.cryptoKeys.getIamPolicy
cloudkms.cryptoKeys.list
cloudkms.cryptoKeys.setIamPolicy
cloudkms.cryptoKeys.update
cloudkms.keyRings.getIamPolicy
cloudkms.keyRings.setIamPolicy
pubsub.topics.get
pubsub.topics.getIamPolicy
pubsub.topics.list
pubsub.topics.setIamPolicy
pubsub.topics.update
resourcemanager.projects.update
serviceusage.services.use
storage.buckets.get
storage.buckets.getIamPolicy
storage.buckets.list
storage.buckets.setIamPolicy
storage.buckets.update
|
Overwatch Activator
Beta
(roles/securedlandingzone.overwatchActivator )
This role can activate or suspend Overwatches
|
resourcemanager.projects.get
resourcemanager.projects.list
securedlandingzone.overwatches.activate
securedlandingzone.overwatches.suspend
|
Overwatch Admin
Beta
(roles/securedlandingzone.overwatchAdmin )
Full access to Overwatches
|
resourcemanager.projects.get
resourcemanager.projects.list
securedlandingzone.*
|
Overwatch Viewer
Beta
(roles/securedlandingzone.overwatchViewer )
This role can view all properties of Overwatches
|
resourcemanager.projects.get
resourcemanager.projects.list
securedlandingzone.operations.get
securedlandingzone.overwatches.get
securedlandingzone.overwatches.list
|
Security Center Management Admin
(roles/securitycentermanagement.admin )
Full access to manage Cloud Security Command Center services and custom modules configuration.
|
resourcemanager.organizations.get
resourcemanager.projects.get
resourcemanager.projects.list
securitycenter.organizationsettings.*
securitycenter.securitycentersettings.*
securitycentermanagement.*
|
Security Center Management Custom Modules Editor
(roles/securitycentermanagement.customModulesEditor )
Full access to manage Cloud Security Command Center custom modules.
|
resourcemanager.organizations.get
resourcemanager.projects.get
resourcemanager.projects.list
securitycentermanagement.effectiveEventThreatDetectionCustomModules.*
securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.*
securitycentermanagement.eventThreatDetectionCustomModules.*
securitycentermanagement.locations.*
securitycentermanagement.securityHealthAnalyticsCustomModules.*
|
Security Center Management Custom Modules Viewer
(roles/securitycentermanagement.customModulesViewer )
Readonly access to Cloud Security Command Center custom modules.
|
resourcemanager.organizations.get
resourcemanager.projects.get
resourcemanager.projects.list
securitycentermanagement.effectiveEventThreatDetectionCustomModules.*
securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.*
securitycentermanagement.eventThreatDetectionCustomModules.get
securitycentermanagement.eventThreatDetectionCustomModules.list
securitycentermanagement.eventThreatDetectionCustomModules.validate
securitycentermanagement.locations.*
securitycentermanagement.securityHealthAnalyticsCustomModules.get
securitycentermanagement.securityHealthAnalyticsCustomModules.list
securitycentermanagement.securityHealthAnalyticsCustomModules.simulate
securitycentermanagement.securityHealthAnalyticsCustomModules.test
|
Security Center Management Custom ETD Modules Editor
(roles/securitycentermanagement.etdCustomModulesEditor )
Full access to manage Cloud Security Command Center ETD custom modules.
|
resourcemanager.organizations.get
resourcemanager.projects.get
resourcemanager.projects.list
securitycentermanagement.effectiveEventThreatDetectionCustomModules.*
securitycentermanagement.eventThreatDetectionCustomModules.*
securitycentermanagement.locations.*
|
Security Center Management ETD Custom Modules Viewer
(roles/securitycentermanagement.etdCustomModulesViewer )
Readonly access to Cloud Security Command Center ETD custom modules.
|
resourcemanager.organizations.get
resourcemanager.projects.get
resourcemanager.projects.list
securitycentermanagement.effectiveEventThreatDetectionCustomModules.*
securitycentermanagement.eventThreatDetectionCustomModules.get
securitycentermanagement.eventThreatDetectionCustomModules.list
securitycentermanagement.eventThreatDetectionCustomModules.validate
securitycentermanagement.locations.*
|
Security Center Management Services Editor
(roles/securitycentermanagement.securityCenterServicesEditor )
Full access to manage Cloud Security Command Center services configuration.
|
securitycentermanagement.securityCenterServices.*
|
Security Center Management Services Viewer
(roles/securitycentermanagement.securityCenterServicesViewer )
Readonly access to Cloud Security Command Center services configuration.
|
securitycentermanagement.securityCenterServices.get
securitycentermanagement.securityCenterServices.list
|
Security Center Management Settings Editor
(roles/securitycentermanagement.settingsEditor )
Full access to manage Cloud Security Command Center settings
|
resourcemanager.organizations.get
resourcemanager.projects.get
resourcemanager.projects.list
securitycenter.organizationsettings.*
securitycenter.securitycentersettings.*
securitycentermanagement.*
|
Security Center Management Settings Viewer
(roles/securitycentermanagement.settingsViewer )
Readonly access to Cloud Security Command Center settings
|
resourcemanager.organizations.get
resourcemanager.projects.get
resourcemanager.projects.list
securitycenter.organizationsettings.get
securitycenter.securitycentersettings.get
securitycentermanagement.effectiveEventThreatDetectionCustomModules.*
securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.*
securitycentermanagement.eventThreatDetectionCustomModules.get
securitycentermanagement.eventThreatDetectionCustomModules.list
securitycentermanagement.eventThreatDetectionCustomModules.validate
securitycentermanagement.locations.*
securitycentermanagement.securityCenterServices.get
securitycentermanagement.securityCenterServices.list
securitycentermanagement.securityCommandCenter.get
securitycentermanagement.securityHealthAnalyticsCustomModules.get
securitycentermanagement.securityHealthAnalyticsCustomModules.list
securitycentermanagement.securityHealthAnalyticsCustomModules.simulate
securitycentermanagement.securityHealthAnalyticsCustomModules.test
|
Security Center Management SHA Custom Modules Editor
(roles/securitycentermanagement.shaCustomModulesEditor )
Full access to manage Cloud Security Command Center SHA custom modules.
|
resourcemanager.organizations.get
resourcemanager.projects.get
resourcemanager.projects.list
securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.*
securitycentermanagement.locations.*
securitycentermanagement.securityHealthAnalyticsCustomModules.*
|
Security Center Management SHA Custom Modules Viewer
(roles/securitycentermanagement.shaCustomModulesViewer )
Readonly access to Cloud Security Command Center SHA custom modules.
|
resourcemanager.organizations.get
resourcemanager.projects.get
resourcemanager.projects.list
securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.*
securitycentermanagement.locations.*
securitycentermanagement.securityHealthAnalyticsCustomModules.get
securitycentermanagement.securityHealthAnalyticsCustomModules.list
securitycentermanagement.securityHealthAnalyticsCustomModules.simulate
securitycentermanagement.securityHealthAnalyticsCustomModules.test
|
Security Center Management Viewer
(roles/securitycentermanagement.viewer )
Readonly access to Cloud Security Command Center services and custom modules configuration.
|
resourcemanager.organizations.get
resourcemanager.projects.get
resourcemanager.projects.list
securitycenter.organizationsettings.get
securitycenter.securitycentersettings.get
securitycentermanagement.effectiveEventThreatDetectionCustomModules.*
securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.*
securitycentermanagement.eventThreatDetectionCustomModules.get
securitycentermanagement.eventThreatDetectionCustomModules.list
securitycentermanagement.eventThreatDetectionCustomModules.validate
securitycentermanagement.locations.*
securitycentermanagement.securityCenterServices.get
securitycentermanagement.securityCenterServices.list
securitycentermanagement.securityCommandCenter.get
securitycentermanagement.securityHealthAnalyticsCustomModules.get
securitycentermanagement.securityHealthAnalyticsCustomModules.list
securitycentermanagement.securityHealthAnalyticsCustomModules.simulate
securitycentermanagement.securityHealthAnalyticsCustomModules.test
|
Security Posture Admin
(roles/securityposture.admin )
Full access to Security Posture service APIs.
|
orgpolicy.*
resourcemanager.organizations.get
securitycenter.securityhealthanalyticssettings.*
securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.*
securitycentermanagement.securityHealthAnalyticsCustomModules.create
securitycentermanagement.securityHealthAnalyticsCustomModules.delete
securitycentermanagement.securityHealthAnalyticsCustomModules.get
securitycentermanagement.securityHealthAnalyticsCustomModules.list
securitycentermanagement.securityHealthAnalyticsCustomModules.update
securityposture.*
|
Security Posture Deployer
(roles/securityposture.postureDeployer )
Mutate and read permissions to the Posture Deployment resource.
|
orgpolicy.*
resourcemanager.organizations.get
securitycenter.securityhealthanalyticssettings.*
securitycentermanagement.securityHealthAnalyticsCustomModules.create
securitycentermanagement.securityHealthAnalyticsCustomModules.delete
securitycentermanagement.securityHealthAnalyticsCustomModules.update
securityposture.operations.get
securityposture.postureDeployments.*
|
Security Posture Deployments Viewer
(roles/securityposture.postureDeploymentsViewer )
Read only access to the Posture Deployment resource.
|
resourcemanager.organizations.get
securityposture.operations.get
securityposture.postureDeployments.get
securityposture.postureDeployments.list
|
Security Posture Resource Editor
(roles/securityposture.postureEditor )
Mutate and read permissions to the Posture resource.
|
securityposture.operations.get
securityposture.postures.*
|
Security Posture Resource Viewer
(roles/securityposture.postureViewer )
Read only access to the Posture resource.
|
resourcemanager.organizations.get
securityposture.operations.get
securityposture.postures.get
securityposture.postures.list
|
Security Posture Shift-Left Validator
(roles/securityposture.reportCreator )
Create access for Reports, e.g. IaC Validation Report.
|
securityposture.operations.get
securityposture.reports.*
|
Security Posture Viewer
(roles/securityposture.viewer )
Read only access to all the SecurityPosture Service resources.
|
resourcemanager.organizations.get
securityposture.operations.get
securityposture.postureDeployments.get
securityposture.postureDeployments.list
securityposture.postureTemplates.*
securityposture.postures.get
securityposture.postures.list
|
Personalized Service Health Viewer
Beta
(roles/servicehealth.viewer )
Readonly access to Personalized Service Health resources.
|
resourcemanager.projects.get
resourcemanager.projects.list
servicehealth.*
|
Security Insights Viewer
Beta
(roles/servicesecurityinsights.securityInsightsViewer )
Read-only access to Security Insights resources
|
servicesecurityinsights.*
|
Speaker ID Admin
(roles/speakerid.admin )
Grants full access to all Speaker ID resources, including project settings.
|
speakerid.*
|
Speaker ID Editor
(roles/speakerid.editor )
Grants access to read and write all Speaker ID resources.
|
speakerid.phrases.*
speakerid.speakers.*
|
Speaker ID Verifier
(roles/speakerid.verifier )
Grants read access to all Speaker ID resources, and allows verification.
|
speakerid.phrases.get
speakerid.phrases.list
speakerid.speakers.get
speakerid.speakers.list
speakerid.speakers.verify
|
Speaker ID Viewer
(roles/speakerid.viewer )
Grants read access to all Speaker ID resources.
|
speakerid.phrases.get
speakerid.phrases.list
speakerid.speakers.get
speakerid.speakers.list
|
Cloud Speech Administrator
(roles/speech.admin )
Grants full access to all resources in Speech-to-text
|
speech.*
|
Cloud Speech Client
(roles/speech.client )
Grants access to the recognition APIs.
|
speech.adaptations.execute
speech.customClasses.get
speech.customClasses.list
speech.locations.*
speech.operations.get
speech.operations.list
speech.operations.wait
speech.phraseSets.get
speech.phraseSets.list
speech.recognizers.get
speech.recognizers.list
speech.recognizers.recognize
|
Cloud Speech Editor
(roles/speech.editor )
Grants access to edit resources in Speech-to-text
|
speech.adaptations.execute
speech.customClasses.*
speech.locations.*
speech.operations.*
speech.phraseSets.*
speech.recognizers.*
|
Storage Insights Admin
(roles/storageinsights.admin )
Full access to Storage Insights resources.
|
resourcemanager.projects.get
resourcemanager.projects.list
storageinsights.*
|
Storage Insights Analyst
(roles/storageinsights.analyst )
Data access to Storage Insights.
|
resourcemanager.projects.get
resourcemanager.projects.list
storageinsights.datasetConfigs.get
storageinsights.datasetConfigs.linkDataset
storageinsights.datasetConfigs.list
storageinsights.datasetConfigs.unlinkDataset
storageinsights.locations.*
storageinsights.operations.get
storageinsights.operations.list
storageinsights.reportConfigs.get
storageinsights.reportConfigs.list
storageinsights.reportDetails.*
|
Storage Insights Viewer
(roles/storageinsights.viewer )
Read-only access to Storage Insights resources.
|
resourcemanager.projects.get
resourcemanager.projects.list
storageinsights.datasetConfigs.get
storageinsights.datasetConfigs.list
storageinsights.locations.*
storageinsights.operations.get
storageinsights.operations.list
storageinsights.reportConfigs.get
storageinsights.reportConfigs.list
storageinsights.reportDetails.*
|
Subscribe with Google Developer
Beta
(roles/subscribewithgoogledeveloper.developer )
Access DevTools for Subscribe with Google
|
resourcemanager.projects.get
resourcemanager.projects.list
subscribewithgoogledeveloper.tools.get
|
Telco Automation Admin
Beta
(roles/telcoautomation.admin )
Full access to Telco Automation resources.
|
logging.buckets.get
logging.buckets.list
logging.exclusions.get
logging.exclusions.list
logging.links.get
logging.links.list
logging.locations.*
logging.logEntries.list
logging.logMetrics.get
logging.logMetrics.list
logging.logServiceIndexes.list
logging.logServices.list
logging.logs.list
logging.operations.get
logging.operations.list
logging.queries.create
logging.queries.delete
logging.queries.get
logging.queries.getShared
logging.queries.list
logging.queries.listShared
logging.queries.update
logging.queries.usePrivate
logging.sinks.get
logging.sinks.list
logging.usage.get
logging.views.get
logging.views.list
monitoring.timeSeries.list
resourcemanager.projects.get
serviceusage.quotas.*
serviceusage.services.*
source.repos.get
source.repos.list
telcoautomation.*
|
Telco Automation Blueprint Designer
Beta
(roles/telcoautomation.blueprintDesigner )
Ability to manage blueprints
|
telcoautomation.blueprints.create
telcoautomation.blueprints.delete
telcoautomation.blueprints.get
telcoautomation.blueprints.list
telcoautomation.blueprints.propose
telcoautomation.blueprints.update
telcoautomation.deployments.computeStatus
telcoautomation.deployments.get
telcoautomation.deployments.list
telcoautomation.hydratedDeployments.get
telcoautomation.hydratedDeployments.list
telcoautomation.orchestrationClusters.get
telcoautomation.orchestrationClusters.list
telcoautomation.publicBlueprints.*
|
Telco Automation Deployment Admin
Beta
(roles/telcoautomation.deploymentAdmin )
Ability to manage deployments
|
telcoautomation.blueprints.get
telcoautomation.blueprints.list
telcoautomation.deployments.*
telcoautomation.hydratedDeployments.*
telcoautomation.orchestrationClusters.get
telcoautomation.orchestrationClusters.list
|
Telco Automation Tier 1 Operations Admin
Beta
(roles/telcoautomation.opsAdminTier1 )
Ability to get status of deployments
|
logging.buckets.get
logging.buckets.list
logging.exclusions.get
logging.exclusions.list
logging.links.get
logging.links.list
logging.locations.*
logging.logEntries.list
logging.logMetrics.get
logging.logMetrics.list
logging.logServiceIndexes.list
logging.logServices.list
logging.logs.list
logging.operations.get
logging.operations.list
logging.queries.create
logging.queries.delete
logging.queries.get
logging.queries.getShared
logging.queries.list
logging.queries.listShared
logging.queries.update
logging.queries.usePrivate
logging.sinks.get
logging.sinks.list
logging.usage.get
logging.views.get
logging.views.list
resourcemanager.projects.get
telcoautomation.blueprints.get
telcoautomation.blueprints.list
telcoautomation.deployments.computeStatus
telcoautomation.deployments.get
telcoautomation.deployments.list
telcoautomation.hydratedDeployments.get
telcoautomation.hydratedDeployments.list
telcoautomation.orchestrationClusters.get
telcoautomation.orchestrationClusters.list
|
Telco Automation Tier 4 Operations Admin
Beta
(roles/telcoautomation.opsAdminTier4 )
Ability to manage deployments and their status
|
logging.buckets.get
logging.buckets.list
logging.exclusions.get
logging.exclusions.list
logging.links.get
logging.links.list
logging.locations.*
logging.logEntries.list
logging.logMetrics.get
logging.logMetrics.list
logging.logServiceIndexes.list
logging.logServices.list
logging.logs.list
logging.operations.get
logging.operations.list
logging.queries.create
logging.queries.delete
logging.queries.get
logging.queries.getShared
logging.queries.list
logging.queries.listShared
logging.queries.update
logging.queries.usePrivate
logging.sinks.get
logging.sinks.list
logging.usage.get
logging.views.get
logging.views.list
resourcemanager.projects.get
telcoautomation.blueprints.get
telcoautomation.blueprints.list
telcoautomation.deployments.*
telcoautomation.hydratedDeployments.*
telcoautomation.orchestrationClusters.get
telcoautomation.orchestrationClusters.list
|
Telco Automation Service Orchestrator
Beta
(roles/telcoautomation.serviceOrchestrator )
Ability to manage deployments
|
telcoautomation.blueprints.get
telcoautomation.blueprints.list
telcoautomation.deployments.*
telcoautomation.hydratedDeployments.*
telcoautomation.orchestrationClusters.get
telcoautomation.orchestrationClusters.list
|
Timeseries Insights DataSet Editor
Beta
(roles/timeseriesinsights.datasetsEditor )
Edit access to DataSets.
|
timeseriesinsights.*
|
Timeseries Insights DataSet Owner
Beta
(roles/timeseriesinsights.datasetsOwner )
Full access to DataSets.
|
timeseriesinsights.*
|
Timeseries Insights DataSet Viewer
Beta
(roles/timeseriesinsights.datasetsViewer )
Read-only access (List and Query) to DataSets.
|
timeseriesinsights.datasets.evaluate
timeseriesinsights.datasets.list
timeseriesinsights.datasets.query
timeseriesinsights.locations.*
|
Traffic Director Client
Beta
(roles/trafficdirector.client )
Fetch service configurations and report metrics.
|
trafficdirector.*
|
Translation Hub Admin
Beta
(roles/translationhub.admin )
Admin of Translation Hub
|
automl.models.get
automl.models.list
automl.models.predict
cloudtranslate.customModels.get
cloudtranslate.customModels.list
cloudtranslate.customModels.predict
cloudtranslate.glossaries.create
cloudtranslate.glossaries.delete
cloudtranslate.glossaries.get
cloudtranslate.glossaries.list
cloudtranslate.glossaries.predict
resourcemanager.projects.get
resourcemanager.projects.list
translationhub.*
|
Translation Hub Portal User
Beta
(roles/translationhub.portalUser )
Portal user of Translation Hub
|
automl.models.get
automl.models.list
automl.models.predict
cloudtranslate.customModels.get
cloudtranslate.customModels.list
cloudtranslate.customModels.predict
cloudtranslate.glossaries.get
cloudtranslate.glossaries.list
cloudtranslate.glossaries.predict
resourcemanager.projects.get
resourcemanager.projects.list
translationhub.portals.get
translationhub.portals.list
|
Visual Inspection AI Solution Editor
(roles/visualinspection.editor )
Read and write access to all Visual Inspection AI resources except visualinspection.locations.reportUsageMetrics
|
visualinspection.annotationSets.*
visualinspection.annotationSpecs.*
visualinspection.annotations.*
visualinspection.datasets.*
visualinspection.images.*
visualinspection.locations.get
visualinspection.locations.list
visualinspection.modelEvaluations.*
visualinspection.models.*
visualinspection.modules.*
visualinspection.operations.*
visualinspection.solutionArtifacts.*
visualinspection.solutions.*
|
Visual Inspection AI Usage Metrics Reporter
(roles/visualinspection.usageMetricsReporter )
ReportUsageMetric access to Visual Inspection AI Service
|
visualinspection.locations.reportUsageMetrics
|
Visual Inspection AI Viewer
(roles/visualinspection.viewer )
Read access to Visual Inspection AI resources
|
visualinspection.annotationSets.get
visualinspection.annotationSets.list
visualinspection.annotationSpecs.get
visualinspection.annotationSpecs.list
visualinspection.annotations.get
visualinspection.annotations.list
visualinspection.datasets.export
visualinspection.datasets.get
visualinspection.datasets.list
visualinspection.images.get
visualinspection.images.list
visualinspection.locations.get
visualinspection.locations.list
visualinspection.modelEvaluations.*
visualinspection.models.get
visualinspection.models.list
visualinspection.modules.get
visualinspection.modules.list
visualinspection.operations.*
visualinspection.solutionArtifacts.get
visualinspection.solutionArtifacts.list
visualinspection.solutionArtifacts.predict
visualinspection.solutions.get
visualinspection.solutions.list
|