Zugriffssteuerung mit IAM

Cloud Composer 1 Cloud Composer 2

Auf dieser Seite werden die Zugriffssteuerungsoptionen beschrieben, die Ihnen in Cloud Composer zur Verfügung stehen. Außerdem wird erläutert, wie Sie Rollen zuweisen.

Informationen zum Zuweisen von Rollen finden Sie unter Zugriff auf Projekte, Ordner und Organisationen verwalten.

Mit der Airflow-UI-Zugriffssteuerung können Sie Berechtigungen für die Airflow-UI und die DAG-UI über das Aktivieren oder Deaktivieren des Zugriffs hinaus steuern.

Informationen zum Einrichten des Zugriffs für externe Identitäten über die Personalidentitätsföderation finden Sie unter Auf Umgebungen mit Mitarbeiteridentitätsföderation zugreifen.

Informationen zu Identity and Access Managemen in Cloud Composer

Cloud Composer verwendet die Identitäts- und Zugriffsverwaltung (IAM) zur Zugriffssteuerung.

Sie steuern den Zugriff auf verschiedene Cloud Composer-Features, indem Sie Rollen und Berechtigungen sowohl für IAM-Dienstkonten als auch für Nutzerkonten in Ihrem Google Cloud-Projekt gewähren.

Cloud Composer verwendet zwei Arten von IAM-Dienstkonten:

Cloud Composer-Dienst-Agent-Konto
Dienstkonto der Umgebung

Zusätzlich zu diesen beiden Arten von Dienstkonten führt der Google APIs-Dienst-Agent in Ihrem Namen interne Google-Prozesse aus.

Rollen für das Konto des Cloud Composer-Dienst-Agents zuweisen

In Ihrem Google Cloud-Projekt erstellt der Cloud Composer-Dienst ein spezielles von Google verwaltetes Dienstkonto, um Ressourcen für Cloud Composer zu verwalten. Dieses Konto heißt Cloud Composer-Dienst-Agent.

Der Cloud Composer-Dienst-Agent wird für alle Umgebungen in Ihrem Projekt verwendet. Standardmäßig hat das Konto des Cloud Composer-Dienst-Agents nur die Rolle Cloud Composer API-Dienst-Agent. Behalten Sie diese Rolle für dieses Dienstkonto bei.

Cloud Composer 2 verwendet GKE Autopilot, für das Workload Identity erforderlich ist. Zur Unterstützung von Workload Identity muss das Dienstkonto Ihrer Umgebung Bindungen an das Kubernetes-Dienstkonto haben, das den Cluster Ihrer Umgebung ausführt. Diese Bindungen werden benötigt, damit Pods Ihres Umgebungsclusters auf Ressourcen Ihres Google Cloud-Projekts zugreifen können. Sie können beispielsweise DAG-Definitionsdateien aus dem Bucket der Umgebung lesen.

Zum Erstellen von Bindungen zwischen dem Dienstkonto Ihrer Umgebung und dem Kubernetes-Dienstkonto des Clusters Ihrer Umgebung muss das Composer-Dienst-Agent-Konto die erforderlichen Berechtigungen haben. Dazu sind die Berechtigungen iam.serviceAccounts.getIamPolicy und iam.serviceAccounts.setIamPolicy erforderlich, die von der Rolle Dienst-Agent-Erweiterung für die Cloud Composer v2 API (roles/composer.ServiceAgentV2Ext) bereitgestellt werden.

Diese Rolle wird nicht automatisch gewährt. Sie müssen sie manuell gewähren. Eine Anleitung zum Gewähren dieser Rolle finden Sie unter Cloud Composer-Dienstkonto die erforderlichen Berechtigungen erteilen.

Dienstkonto einer Umgebung Rollen zuweisen

Wenn Sie eine Umgebung erstellen, geben Sie ein Dienstkonto an. Dieses Dienstkonto wird als Dienstkonto der Umgebung bezeichnet. Der Cluster Ihrer Umgebung verwendet dieses Dienstkonto, um Pods mit verschiedenen Umgebungskomponenten wie Airflow-Worker und Planer auszuführen.

Standardmäßig werden Cloud Composer-Umgebungen mit dem Compute Engine-Standarddienstkonto ausgeführt. Dieses von Google verwaltete Dienstkonto hat mehr Berechtigungen als zum Ausführen von Cloud Composer-Umgebungen erforderlich, normalerweise die einfache Rolle Bearbeiter.

Wir empfehlen, ein nutzerverwaltetes Dienstkonto für Cloud Composer-Umgebungen einzurichten. Weisen Sie diesem Konto eine Rolle speziell für Cloud Composer zu. Geben Sie anschließend dieses Dienstkonto beim Erstellen neuer Umgebungen an.

Weisen Sie einem nutzerverwalteten Dienstkonto, das eine Cloud Composer-Umgebung ausführt, die Rolle Composer-Worker (composer.worker) zu.

Nutzern Rollen zuweisen

Um einen Umgebungsvorgang auszulösen, muss ein Nutzer ausreichende Berechtigungen haben. Wenn Sie beispielsweise eine neue Umgebung erstellen möchten, benötigen Sie die Berechtigung composer.environments.create.

Bei Cloud Composer werden einzelne Berechtigungen in Rollen gruppiert. Sie können diese Rollen Hauptkonten zuweisen.

Wenn Ihrem Nutzerkonto die Rolle Projektbearbeiter zugewiesen ist, können Sie alle Umgebungsvorgänge ausführen. Diese Rolle hat jedoch umfassende Berechtigungen. Nutzern, die mit Umgebungen arbeiten, empfehlen wir die Verwendung von Rollen, die für Cloud Composer spezifisch sind. Auf diese Weise können Sie den Umfang der Berechtigungen einschränken und verschiedenen Hauptkonten unterschiedliche Zugriffsebenen zuweisen. Beispielsweise kann ein Nutzer Berechtigungen zum Erstellen, Aktualisieren, Aktualisieren und Löschen von Umgebungen haben, während ein anderer Nutzer nur Umgebungen ansehen und auf die Airflow-Weboberfläche zugreifen kann.

Abhängig von der Zugriffsebene, die Sie für Cloud Composer-Umgebungen bereitstellen möchten, gewähren Sie Hauptkonten folgende Berechtigungen.

Umgebungen und Umgebungs-Buckets verwalten

Für einen Nutzer, der Umgebungen aufrufen, erstellen, aktualisieren, upgraden und löschen, Objekte (z. B. DAG-Dateien) in den Umgebungs-Buckets verwalten, auf die Airflow-Weboberfläche zugreifen, Befehle der Airflow-Befehlszeile ausführen und DAGs über die DAG-UI aufrufen und auslösen kann:

Weisen Sie die Rolle Administrator für Umgebung und Storage-Objekte (composer.environmentAndStorageObjectAdmin) zu.
Weisen Sie die Rolle Dienstkontonutzer (iam.serviceAccountUser) zu.

Wenn Sie die Berechtigungen für einen Nutzer einschränken möchten, weisen Sie diese Rolle nur dem Dienstkonto Ihrer Umgebung zu. Weitere Informationen finden Sie unter Einzelne Rolle zuweisen oder widerrufen.

Hinweis: Cloud Composer unterstützt für Nutzer ab Version 1.18.9 eingeschränkte Berechtigungen. Erstellen Sie Umgebungen mit der Google Cloud CLI, der API oder Terraform, um dieses Feature zu verwenden. Die Unterstützung für die Google Cloud Console ist für eine der zukünftigen Versionen geplant.
Gewähren Sie dem Dienstkonto Ihrer Umgebung die Berechtigung iam.serviceAccounts.actAs.

Umgebungen verwalten

Nutzer, die Umgebungen aufrufen, erstellen, aktualisieren, upgraden und löschen, auf die Airflow-Weboberfläche zugreifen, Befehle der Airflow-Befehlszeile ausführen und DAGs über die DAG-UI aufrufen und auslösen können:

Weisen Sie die Rolle Composer-Administrator (composer.admin) zu.
Weisen Sie die Rolle Dienstkontonutzer (iam.serviceAccountUser) zu.

Wenn Sie die Berechtigungen für einen Nutzer einschränken möchten, weisen Sie diese Rolle nur dem Dienstkonto Ihrer Umgebung zu. Weitere Informationen finden Sie unter Einzelne Rolle zuweisen oder widerrufen.

Hinweis: Cloud Composer unterstützt für Nutzer ab Version 1.18.9 eingeschränkte Berechtigungen. Erstellen Sie Umgebungen mit der Google Cloud CLI, der API oder Terraform, um dieses Feature zu verwenden. Die Unterstützung für die Google Cloud Console ist für eine der zukünftigen Versionen geplant.
Gewähren Sie dem Dienstkonto Ihrer Umgebung die Berechtigung iam.serviceAccounts.actAs.

Umgebungen ansehen und Umgebungs-Buckets verwalten

Für einen Nutzer, der Umgebungen ansehen kann, kann er die Airflow-Weboberfläche aufrufen, DAGs über die DAG-UI aufrufen und auslösen sowie Objekte in den Umgebungs-Buckets verwalten (z. B. um neue DAG-Dateien hochzuladen):

Weisen Sie die Rolle Umgebungsnutzer und Betrachter von Storage-Objekten (composer.environmentAndStorageObjectViewer) zu.
Weisen Sie die Rolle Storage-Objekt-Administrator (storage.objectAdmin) zu.

Umgebungen und Umgebungs-Buckets ansehen

Weisen Sie einem Nutzer, der Umgebungen ansehen, auf die Airflow-Weboberfläche zugreifen, über die DAG-UI DAGs aufrufen und auslösen sowie Objekte in Umgebungs-Buckets aufrufen können, die Rolle Umgebungsnutzer und Betrachter von Storage-Objekten (composer.environmentAndStorageObjectViewer) zu.

Umgebungen ansehen

Erteilen Sie einem Nutzer, der Umgebungen ansehen, DAGs über die DAG-UI aufrufen und auslösen und auf die Airflow-Weboberfläche zugreifen kann, die Rolle Composer-Nutzer (composer.user).

Berechtigungen zur Verwendung von `gcloud` mit Umgebungen erteilen

Zur Verwendung von gcloud mit Cloud Composer-Umgebungen benötigen Sie folgende Berechtigungen:

composer.environments.get
container.clusters.get
container.clusters.list
container.clusters.getCredentials

Wenn Sie Umgebungen oder Umgebungs-Buckets mit gcloud composer-Befehlen verwalten möchten, benötigen Sie außerdem eine Rolle mit ausreichenden Berechtigungen.

Wenn Sie Befehle der Airflow-Befehlszeile ausführen möchten, benötigen Sie die folgenden zusätzlichen Berechtigungen:

container.namespaces.list
container.pods.exec
container.pods.get
container.pods.list

Rollen

Role Permissions

Role	Permissions
Cloud Composer v2 API Service Agent Extension (`roles/composer.ServiceAgentV2Ext`) Cloud Composer v2 API Service Agent Extension is a supplementary role required to manage Composer v2 environments.	iam.serviceAccounts.getIamPolicy iam.serviceAccounts.setIamPolicy
Composer Administrator (`roles/composer.admin`) Provides full control of Cloud Composer resources. Lowest-level resources where you can grant this role: Project	composer.* composer.dags.execute composer.dags.get composer.dags.getSourceCode composer.dags.list composer.environments.create composer.environments.delete composer.environments.executeAirflowCommand composer.environments.get composer.environments.list composer.environments.update composer.imageversions.list composer.operations.delete composer.operations.get composer.operations.list serviceusage.quotas.get serviceusage.services.get serviceusage.services.list
Environment and Storage Object Administrator (`roles/composer.environmentAndStorageObjectAdmin`) Provides full control of Cloud Composer resources and of the objects in all project buckets. Lowest-level resources where you can grant this role: Project	composer.* composer.dags.execute composer.dags.get composer.dags.getSourceCode composer.dags.list composer.environments.create composer.environments.delete composer.environments.executeAirflowCommand composer.environments.get composer.environments.list composer.environments.update composer.imageversions.list composer.operations.delete composer.operations.get composer.operations.list orgpolicy.policy.get resourcemanager.projects.get resourcemanager.projects.list serviceusage.quotas.get serviceusage.services.get serviceusage.services.list storage.managedFolders.create storage.managedFolders.delete storage.managedFolders.get storage.managedFolders.list storage.multipartUploads.* storage.multipartUploads.abort storage.multipartUploads.create storage.multipartUploads.list storage.multipartUploads.listParts storage.objects.* storage.objects.create storage.objects.delete storage.objects.get storage.objects.getIamPolicy storage.objects.list storage.objects.setIamPolicy storage.objects.update
Environment and Storage Object User (`roles/composer.environmentAndStorageObjectUser`) Read and use access to Cloud Composer resources and read access to Cloud Storage objects.	composer.dags.* composer.dags.execute composer.dags.get composer.dags.getSourceCode composer.dags.list composer.environments.get composer.environments.list composer.imageversions.list composer.operations.get composer.operations.list resourcemanager.projects.get resourcemanager.projects.list serviceusage.quotas.get serviceusage.services.get serviceusage.services.list storage.managedFolders.get storage.managedFolders.list storage.objects.get storage.objects.list
Environment and Storage Object Viewer (`roles/composer.environmentAndStorageObjectViewer`) Provides the permissions necessary to list and get Cloud Composer environments and operations. Provides read-only access to objects in all project buckets. Lowest-level resources where you can grant this role: Project	composer.dags.* composer.dags.execute composer.dags.get composer.dags.getSourceCode composer.dags.list composer.environments.get composer.environments.list composer.imageversions.list composer.operations.get composer.operations.list resourcemanager.projects.get resourcemanager.projects.list serviceusage.quotas.get serviceusage.services.get serviceusage.services.list storage.managedFolders.get storage.managedFolders.list storage.objects.get storage.objects.list
Composer Shared VPC Agent (`roles/composer.sharedVpcAgent`) Role that should be assigned to Composer Agent service account in Shared VPC host project	compute.networkAttachments.create compute.networkAttachments.delete compute.networkAttachments.get compute.networks.access compute.networks.addPeering compute.networks.get compute.networks.list compute.networks.listPeeringRoutes compute.networks.removePeering compute.networks.updatePeering compute.networks.use compute.networks.useExternalIp compute.projects.get compute.regions.* compute.regions.get compute.regions.list compute.subnetworks.get compute.subnetworks.list compute.subnetworks.use compute.subnetworks.useExternalIp compute.zones.* compute.zones.get compute.zones.list dns.managedZones.get dns.managedZones.list dns.networks.targetWithPeeringZone
Composer User (`roles/composer.user`) Provides the permissions necessary to list and get Cloud Composer environments and operations. Lowest-level resources where you can grant this role: Project	composer.dags.* composer.dags.execute composer.dags.get composer.dags.getSourceCode composer.dags.list composer.environments.get composer.environments.list composer.imageversions.list composer.operations.get composer.operations.list serviceusage.quotas.get serviceusage.services.get serviceusage.services.list
Composer Worker (`roles/composer.worker`) Provides the permissions necessary to run a Cloud Composer environment VM. Intended for service accounts. Lowest-level resources where you can grant this role: Project	artifactregistry.* artifactregistry.aptartifacts.create artifactregistry.dockerimages.get artifactregistry.dockerimages.list artifactregistry.files.get artifactregistry.files.list artifactregistry.kfpartifacts.create artifactregistry.locations.get artifactregistry.locations.list artifactregistry.mavenartifacts.get artifactregistry.mavenartifacts.list artifactregistry.npmpackages.get artifactregistry.npmpackages.list artifactregistry.packages.delete artifactregistry.packages.get artifactregistry.packages.list artifactregistry.projectsettings.get artifactregistry.projectsettings.update artifactregistry.pythonpackages.get artifactregistry.pythonpackages.list artifactregistry.repositories.create artifactregistry.repositories.createOnPush artifactregistry.repositories.createTagBinding artifactregistry.repositories.delete artifactregistry.repositories.deleteArtifacts artifactregistry.repositories.deleteTagBinding artifactregistry.repositories.downloadArtifacts artifactregistry.repositories.get artifactregistry.repositories.getIamPolicy artifactregistry.repositories.list artifactregistry.repositories.listEffectiveTags artifactregistry.repositories.listTagBindings artifactregistry.repositories.readViaVirtualRepository artifactregistry.repositories.setIamPolicy artifactregistry.repositories.update artifactregistry.repositories.uploadArtifacts artifactregistry.tags.create artifactregistry.tags.delete artifactregistry.tags.get artifactregistry.tags.list artifactregistry.tags.update artifactregistry.versions.delete artifactregistry.versions.get artifactregistry.versions.list artifactregistry.yumartifacts.create cloudbuild.builds.create cloudbuild.builds.get cloudbuild.builds.list cloudbuild.builds.update cloudbuild.operations.* cloudbuild.operations.get cloudbuild.operations.list cloudbuild.workerpools.use composer.environments.get container.* container.apiServices.create container.apiServices.delete container.apiServices.get container.apiServices.getStatus container.apiServices.list container.apiServices.update container.apiServices.updateStatus container.auditSinks.create container.auditSinks.delete container.auditSinks.get container.auditSinks.list container.auditSinks.update container.backendConfigs.create container.backendConfigs.delete container.backendConfigs.get container.backendConfigs.list container.backendConfigs.update container.bindings.create container.bindings.delete container.bindings.get container.bindings.list container.bindings.update container.certificateSigningRequests.approve container.certificateSigningRequests.create container.certificateSigningRequests.delete container.certificateSigningRequests.get container.certificateSigningRequests.getStatus container.certificateSigningRequests.list container.certificateSigningRequests.update container.certificateSigningRequests.updateStatus container.clusterRoleBindings.create container.clusterRoleBindings.delete container.clusterRoleBindings.get container.clusterRoleBindings.list container.clusterRoleBindings.update container.clusterRoles.bind container.clusterRoles.create container.clusterRoles.delete container.clusterRoles.escalate container.clusterRoles.get container.clusterRoles.list container.clusterRoles.update container.clusters.create container.clusters.createTagBinding container.clusters.delete container.clusters.deleteTagBinding container.clusters.get container.clusters.getCredentials container.clusters.impersonate container.clusters.list container.clusters.listEffectiveTags container.clusters.listTagBindings container.clusters.update container.componentStatuses.get container.componentStatuses.list container.configMaps.create container.configMaps.delete container.configMaps.get container.configMaps.list container.configMaps.update container.controllerRevisions.create container.controllerRevisions.delete container.controllerRevisions.get container.controllerRevisions.list container.controllerRevisions.update container.cronJobs.create container.cronJobs.delete container.cronJobs.get container.cronJobs.getStatus container.cronJobs.list container.cronJobs.update container.cronJobs.updateStatus container.csiDrivers.create container.csiDrivers.delete container.csiDrivers.get container.csiDrivers.list container.csiDrivers.update container.csiNodeInfos.create container.csiNodeInfos.delete container.csiNodeInfos.get container.csiNodeInfos.list container.csiNodeInfos.update container.csiNodes.create container.csiNodes.delete container.csiNodes.get container.csiNodes.list container.csiNodes.update container.customResourceDefinitions.create container.customResourceDefinitions.delete container.customResourceDefinitions.get container.customResourceDefinitions.getStatus container.customResourceDefinitions.list container.customResourceDefinitions.update container.customResourceDefinitions.updateStatus container.daemonSets.create container.daemonSets.delete container.daemonSets.get container.daemonSets.getStatus container.daemonSets.list container.daemonSets.update container.daemonSets.updateStatus container.deployments.create container.deployments.delete container.deployments.get container.deployments.getScale container.deployments.getStatus container.deployments.list container.deployments.rollback container.deployments.update container.deployments.updateScale container.deployments.updateStatus container.endpointSlices.create container.endpointSlices.delete container.endpointSlices.get container.endpointSlices.list container.endpointSlices.update container.endpoints.create container.endpoints.delete container.endpoints.get container.endpoints.list container.endpoints.update container.events.create container.events.delete container.events.get container.events.list container.events.update container.frontendConfigs.create container.frontendConfigs.delete container.frontendConfigs.get container.frontendConfigs.list container.frontendConfigs.update container.horizontalPodAutoscalers.create container.horizontalPodAutoscalers.delete container.horizontalPodAutoscalers.get container.horizontalPodAutoscalers.getStatus container.horizontalPodAutoscalers.list container.horizontalPodAutoscalers.update container.horizontalPodAutoscalers.updateStatus container.hostServiceAgent.use container.ingresses.create container.ingresses.delete container.ingresses.get container.ingresses.getStatus container.ingresses.list container.ingresses.update container.ingresses.updateStatus container.initializerConfigurations.create container.initializerConfigurations.delete container.initializerConfigurations.get container.initializerConfigurations.list container.initializerConfigurations.update container.jobs.create container.jobs.delete container.jobs.get container.jobs.getStatus container.jobs.list container.jobs.update container.jobs.updateStatus container.leases.create container.leases.delete container.leases.get container.leases.list container.leases.update container.limitRanges.create container.limitRanges.delete container.limitRanges.get container.limitRanges.list container.limitRanges.update container.localSubjectAccessReviews.create container.localSubjectAccessReviews.list container.managedCertificates.create container.managedCertificates.delete container.managedCertificates.get container.managedCertificates.list container.managedCertificates.update container.mutatingWebhookConfigurations.create container.mutatingWebhookConfigurations.delete container.mutatingWebhookConfigurations.get container.mutatingWebhookConfigurations.list container.mutatingWebhookConfigurations.update container.namespaces.create container.namespaces.delete container.namespaces.finalize container.namespaces.get container.namespaces.getStatus container.namespaces.list container.namespaces.update container.namespaces.updateStatus container.networkPolicies.create container.networkPolicies.delete container.networkPolicies.get container.networkPolicies.list container.networkPolicies.update container.nodes.create container.nodes.delete container.nodes.get container.nodes.getStatus container.nodes.list container.nodes.proxy container.nodes.update container.nodes.updateStatus container.operations.get container.operations.list container.persistentVolumeClaims.create container.persistentVolumeClaims.delete container.persistentVolumeClaims.get container.persistentVolumeClaims.getStatus container.persistentVolumeClaims.list container.persistentVolumeClaims.update container.persistentVolumeClaims.updateStatus container.persistentVolumes.create container.persistentVolumes.delete container.persistentVolumes.get container.persistentVolumes.getStatus container.persistentVolumes.list container.persistentVolumes.update container.persistentVolumes.updateStatus container.petSets.create container.petSets.delete container.petSets.get container.petSets.list container.petSets.update container.petSets.updateStatus container.podDisruptionBudgets.create container.podDisruptionBudgets.delete container.podDisruptionBudgets.get container.podDisruptionBudgets.getStatus container.podDisruptionBudgets.list container.podDisruptionBudgets.update container.podDisruptionBudgets.updateStatus container.podPresets.create container.podPresets.delete container.podPresets.get container.podPresets.list container.podPresets.update container.podSecurityPolicies.create container.podSecurityPolicies.delete container.podSecurityPolicies.get container.podSecurityPolicies.list container.podSecurityPolicies.update container.podSecurityPolicies.use container.podTemplates.create container.podTemplates.delete container.podTemplates.get container.podTemplates.list container.podTemplates.update container.pods.attach container.pods.create container.pods.delete container.pods.evict container.pods.exec container.pods.get container.pods.getLogs container.pods.getStatus container.pods.initialize container.pods.list container.pods.portForward container.pods.proxy container.pods.update container.pods.updateStatus container.priorityClasses.create container.priorityClasses.delete container.priorityClasses.get container.priorityClasses.list container.priorityClasses.update container.replicaSets.create container.replicaSets.delete container.replicaSets.get container.replicaSets.getScale container.replicaSets.getStatus container.replicaSets.list container.replicaSets.update container.replicaSets.updateScale container.replicaSets.updateStatus container.replicationControllers.create container.replicationControllers.delete container.replicationControllers.get container.replicationControllers.getScale container.replicationControllers.getStatus container.replicationControllers.list container.replicationControllers.update container.replicationControllers.updateScale container.replicationControllers.updateStatus container.resourceQuotas.create container.resourceQuotas.delete container.resourceQuotas.get container.resourceQuotas.getStatus container.resourceQuotas.list container.resourceQuotas.update container.resourceQuotas.updateStatus container.roleBindings.create container.roleBindings.delete container.roleBindings.get container.roleBindings.list container.roleBindings.update container.roles.bind container.roles.create container.roles.delete container.roles.escalate container.roles.get container.roles.list container.roles.update container.runtimeClasses.create container.runtimeClasses.delete container.runtimeClasses.get container.runtimeClasses.list container.runtimeClasses.update container.scheduledJobs.create container.scheduledJobs.delete container.scheduledJobs.get container.scheduledJobs.list container.scheduledJobs.update container.scheduledJobs.updateStatus container.secrets.create container.secrets.delete container.secrets.get container.secrets.list container.secrets.update container.selfSubjectAccessReviews.create container.selfSubjectAccessReviews.list container.selfSubjectRulesReviews.create container.serviceAccounts.create container.serviceAccounts.createToken container.serviceAccounts.delete container.serviceAccounts.get container.serviceAccounts.list container.serviceAccounts.update container.services.create container.services.delete container.services.get container.services.getStatus container.services.list container.services.proxy container.services.update container.services.updateStatus container.statefulSets.create container.statefulSets.delete container.statefulSets.get container.statefulSets.getScale container.statefulSets.getStatus container.statefulSets.list container.statefulSets.update container.statefulSets.updateScale container.statefulSets.updateStatus container.storageClasses.create container.storageClasses.delete container.storageClasses.get container.storageClasses.list container.storageClasses.update container.storageStates.create container.storageStates.delete container.storageStates.get container.storageStates.getStatus container.storageStates.list container.storageStates.update container.storageStates.updateStatus container.storageVersionMigrations.create container.storageVersionMigrations.delete container.storageVersionMigrations.get container.storageVersionMigrations.getStatus container.storageVersionMigrations.list container.storageVersionMigrations.update container.storageVersionMigrations.updateStatus container.subjectAccessReviews.create container.subjectAccessReviews.list container.thirdPartyObjects.create container.thirdPartyObjects.delete container.thirdPartyObjects.get container.thirdPartyObjects.list container.thirdPartyObjects.update container.thirdPartyResources.create container.thirdPartyResources.delete container.thirdPartyResources.get container.thirdPartyResources.list container.thirdPartyResources.update container.tokenReviews.create container.updateInfos.create container.updateInfos.delete container.updateInfos.get container.updateInfos.list container.updateInfos.update container.validatingWebhookConfigurations.create container.validatingWebhookConfigurations.delete container.validatingWebhookConfigurations.get container.validatingWebhookConfigurations.list container.validatingWebhookConfigurations.update container.volumeAttachments.create container.volumeAttachments.delete container.volumeAttachments.get container.volumeAttachments.getStatus container.volumeAttachments.list container.volumeAttachments.update container.volumeAttachments.updateStatus container.volumeSnapshotClasses.create container.volumeSnapshotClasses.delete container.volumeSnapshotClasses.get container.volumeSnapshotClasses.list container.volumeSnapshotClasses.update container.volumeSnapshotContents.create container.volumeSnapshotContents.delete container.volumeSnapshotContents.get container.volumeSnapshotContents.getStatus container.volumeSnapshotContents.list container.volumeSnapshotContents.update container.volumeSnapshotContents.updateStatus container.volumeSnapshots.create container.volumeSnapshots.delete container.volumeSnapshots.get container.volumeSnapshots.getStatus container.volumeSnapshots.list container.volumeSnapshots.update container.volumeSnapshots.updateStatus containeranalysis.occurrences.create containeranalysis.occurrences.delete containeranalysis.occurrences.get containeranalysis.occurrences.list containeranalysis.occurrences.update datalineage.events.create datalineage.processes.create datalineage.processes.get datalineage.processes.update datalineage.runs.create datalineage.runs.get datalineage.runs.update logging.logEntries.create logging.logEntries.list logging.logEntries.route logging.views.access monitoring.metricDescriptors.create monitoring.metricDescriptors.get monitoring.metricDescriptors.list monitoring.monitoredResourceDescriptors.* monitoring.monitoredResourceDescriptors.get monitoring.monitoredResourceDescriptors.list monitoring.timeSeries.* monitoring.timeSeries.create monitoring.timeSeries.list orgpolicy.policy.get pubsub.schemas.attach pubsub.schemas.commit pubsub.schemas.create pubsub.schemas.delete pubsub.schemas.get pubsub.schemas.list pubsub.schemas.listRevisions pubsub.schemas.rollback pubsub.schemas.validate pubsub.snapshots.create pubsub.snapshots.delete pubsub.snapshots.get pubsub.snapshots.list pubsub.snapshots.seek pubsub.snapshots.update pubsub.subscriptions.consume pubsub.subscriptions.create pubsub.subscriptions.delete pubsub.subscriptions.get pubsub.subscriptions.list pubsub.subscriptions.update pubsub.topics.attachSubscription pubsub.topics.create pubsub.topics.delete pubsub.topics.detachSubscription pubsub.topics.get pubsub.topics.list pubsub.topics.publish pubsub.topics.update pubsub.topics.updateTag recommender.containerDiagnosisInsights.* recommender.containerDiagnosisInsights.get recommender.containerDiagnosisInsights.list recommender.containerDiagnosisInsights.update recommender.containerDiagnosisRecommendations.* recommender.containerDiagnosisRecommendations.get recommender.containerDiagnosisRecommendations.list recommender.containerDiagnosisRecommendations.update recommender.locations.* recommender.locations.get recommender.locations.list recommender.networkAnalyzerGkeConnectivityInsights.* recommender.networkAnalyzerGkeConnectivityInsights.get recommender.networkAnalyzerGkeConnectivityInsights.list recommender.networkAnalyzerGkeConnectivityInsights.update recommender.networkAnalyzerGkeIpAddressInsights.* recommender.networkAnalyzerGkeIpAddressInsights.get recommender.networkAnalyzerGkeIpAddressInsights.list recommender.networkAnalyzerGkeIpAddressInsights.update remotebuildexecution.blobs.get resourcemanager.projects.get resourcemanager.projects.list serviceusage.quotas.get serviceusage.services.get serviceusage.services.list source.repos.get source.repos.list storage.buckets.create storage.buckets.get storage.buckets.list storage.managedFolders.create storage.managedFolders.delete storage.managedFolders.get storage.managedFolders.list storage.multipartUploads.* storage.multipartUploads.abort storage.multipartUploads.create storage.multipartUploads.list storage.multipartUploads.listParts storage.objects.* storage.objects.create storage.objects.delete storage.objects.get storage.objects.getIamPolicy storage.objects.list storage.objects.setIamPolicy storage.objects.update

Cloud Composer v2 API Service Agent Extension

(roles/composer.ServiceAgentV2Ext)

Cloud Composer v2 API Service Agent Extension is a supplementary role required to manage Composer v2 environments.

iam.serviceAccounts.getIamPolicy

iam.serviceAccounts.setIamPolicy

Composer Administrator

(roles/composer.admin)

Provides full control of Cloud Composer resources.

Lowest-level resources where you can grant this role:

Project

composer.*

composer.dags.execute
composer.dags.get
composer.dags.getSourceCode
composer.dags.list
composer.environments.create
composer.environments.delete
composer.environments.executeAirflowCommand
composer.environments.get
composer.environments.list
composer.environments.update
composer.imageversions.list
composer.operations.delete
composer.operations.get
composer.operations.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Environment and Storage Object Administrator

(roles/composer.environmentAndStorageObjectAdmin)

Provides full control of Cloud Composer resources and of the objects in all project buckets.

Lowest-level resources where you can grant this role:

Project

composer.*

composer.dags.execute
composer.dags.get
composer.dags.getSourceCode
composer.dags.list
composer.environments.create
composer.environments.delete
composer.environments.executeAirflowCommand
composer.environments.get
composer.environments.list
composer.environments.update
composer.imageversions.list
composer.operations.delete
composer.operations.get
composer.operations.list

orgpolicy.policy.get

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

storage.managedFolders.create

storage.managedFolders.delete

storage.managedFolders.get

storage.managedFolders.list

storage.multipartUploads.*

storage.multipartUploads.abort
storage.multipartUploads.create
storage.multipartUploads.list
storage.multipartUploads.listParts

storage.objects.*

storage.objects.create
storage.objects.delete
storage.objects.get
storage.objects.getIamPolicy
storage.objects.list
storage.objects.setIamPolicy
storage.objects.update

Environment and Storage Object User

(roles/composer.environmentAndStorageObjectUser)

Read and use access to Cloud Composer resources and read access to Cloud Storage objects.

composer.dags.*

composer.dags.execute
composer.dags.get
composer.dags.getSourceCode
composer.dags.list

composer.environments.get

composer.environments.list

composer.imageversions.list

composer.operations.get

composer.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

storage.managedFolders.get

storage.managedFolders.list

storage.objects.get

storage.objects.list

Environment and Storage Object Viewer

(roles/composer.environmentAndStorageObjectViewer)

Provides the permissions necessary to list and get Cloud Composer environments and operations. Provides read-only access to objects in all project buckets.

Lowest-level resources where you can grant this role:

Project

composer.dags.*

composer.dags.execute
composer.dags.get
composer.dags.getSourceCode
composer.dags.list

composer.environments.get

composer.environments.list

composer.imageversions.list

composer.operations.get

composer.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

storage.managedFolders.get

storage.managedFolders.list

storage.objects.get

storage.objects.list

Composer Shared VPC Agent

(roles/composer.sharedVpcAgent)

Role that should be assigned to Composer Agent service account in Shared VPC host project

compute.networkAttachments.create

compute.networkAttachments.delete

compute.networkAttachments.get

compute.networks.access

compute.networks.addPeering

compute.networks.get

compute.networks.list

compute.networks.listPeeringRoutes

compute.networks.removePeering

compute.networks.updatePeering

compute.networks.use

compute.networks.useExternalIp

compute.projects.get

compute.regions.*

compute.regions.get
compute.regions.list

compute.subnetworks.get

compute.subnetworks.list

compute.subnetworks.use

compute.subnetworks.useExternalIp

compute.zones.*

compute.zones.get
compute.zones.list

dns.managedZones.get

dns.managedZones.list

dns.networks.targetWithPeeringZone

Composer User

(roles/composer.user)

Provides the permissions necessary to list and get Cloud Composer environments and operations.

Lowest-level resources where you can grant this role:

Project

composer.dags.*

composer.dags.execute
composer.dags.get
composer.dags.getSourceCode
composer.dags.list

composer.environments.get

composer.environments.list

composer.imageversions.list

composer.operations.get

composer.operations.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Composer Worker

(roles/composer.worker)

Provides the permissions necessary to run a Cloud Composer environment VM. Intended for service accounts.

Lowest-level resources where you can grant this role:

Project

artifactregistry.*

artifactregistry.aptartifacts.create
artifactregistry.dockerimages.get
artifactregistry.dockerimages.list
artifactregistry.files.get
artifactregistry.files.list
artifactregistry.kfpartifacts.create
artifactregistry.locations.get
artifactregistry.locations.list
artifactregistry.mavenartifacts.get
artifactregistry.mavenartifacts.list
artifactregistry.npmpackages.get
artifactregistry.npmpackages.list
artifactregistry.packages.delete
artifactregistry.packages.get
artifactregistry.packages.list
artifactregistry.projectsettings.get
artifactregistry.projectsettings.update
artifactregistry.pythonpackages.get
artifactregistry.pythonpackages.list
artifactregistry.repositories.create
artifactregistry.repositories.createOnPush
artifactregistry.repositories.createTagBinding
artifactregistry.repositories.delete
artifactregistry.repositories.deleteArtifacts
artifactregistry.repositories.deleteTagBinding
artifactregistry.repositories.downloadArtifacts
artifactregistry.repositories.get
artifactregistry.repositories.getIamPolicy
artifactregistry.repositories.list
artifactregistry.repositories.listEffectiveTags
artifactregistry.repositories.listTagBindings
artifactregistry.repositories.readViaVirtualRepository
artifactregistry.repositories.setIamPolicy
artifactregistry.repositories.update
artifactregistry.repositories.uploadArtifacts
artifactregistry.tags.create
artifactregistry.tags.delete
artifactregistry.tags.get
artifactregistry.tags.list
artifactregistry.tags.update
artifactregistry.versions.delete
artifactregistry.versions.get
artifactregistry.versions.list
artifactregistry.yumartifacts.create

cloudbuild.builds.create

cloudbuild.builds.get

cloudbuild.builds.list

cloudbuild.builds.update

cloudbuild.operations.*

cloudbuild.operations.get
cloudbuild.operations.list

cloudbuild.workerpools.use

composer.environments.get

container.*

container.apiServices.create
container.apiServices.delete
container.apiServices.get
container.apiServices.getStatus
container.apiServices.list
container.apiServices.update
container.apiServices.updateStatus
container.auditSinks.create
container.auditSinks.delete
container.auditSinks.get
container.auditSinks.list
container.auditSinks.update
container.backendConfigs.create
container.backendConfigs.delete
container.backendConfigs.get
container.backendConfigs.list
container.backendConfigs.update
container.bindings.create
container.bindings.delete
container.bindings.get
container.bindings.list
container.bindings.update
container.certificateSigningRequests.approve
container.certificateSigningRequests.create
container.certificateSigningRequests.delete
container.certificateSigningRequests.get
container.certificateSigningRequests.getStatus
container.certificateSigningRequests.list
container.certificateSigningRequests.update
container.certificateSigningRequests.updateStatus
container.clusterRoleBindings.create
container.clusterRoleBindings.delete
container.clusterRoleBindings.get
container.clusterRoleBindings.list
container.clusterRoleBindings.update
container.clusterRoles.bind
container.clusterRoles.create
container.clusterRoles.delete
container.clusterRoles.escalate
container.clusterRoles.get
container.clusterRoles.list
container.clusterRoles.update
container.clusters.create
container.clusters.createTagBinding
container.clusters.delete
container.clusters.deleteTagBinding
container.clusters.get
container.clusters.getCredentials
container.clusters.impersonate
container.clusters.list
container.clusters.listEffectiveTags
container.clusters.listTagBindings
container.clusters.update
container.componentStatuses.get
container.componentStatuses.list
container.configMaps.create
container.configMaps.delete
container.configMaps.get
container.configMaps.list
container.configMaps.update
container.controllerRevisions.create
container.controllerRevisions.delete
container.controllerRevisions.get
container.controllerRevisions.list
container.controllerRevisions.update
container.cronJobs.create
container.cronJobs.delete
container.cronJobs.get
container.cronJobs.getStatus
container.cronJobs.list
container.cronJobs.update
container.cronJobs.updateStatus
container.csiDrivers.create
container.csiDrivers.delete
container.csiDrivers.get
container.csiDrivers.list
container.csiDrivers.update
container.csiNodeInfos.create
container.csiNodeInfos.delete
container.csiNodeInfos.get
container.csiNodeInfos.list
container.csiNodeInfos.update
container.csiNodes.create
container.csiNodes.delete
container.csiNodes.get
container.csiNodes.list
container.csiNodes.update
container.customResourceDefinitions.create
container.customResourceDefinitions.delete
container.customResourceDefinitions.get
container.customResourceDefinitions.getStatus
container.customResourceDefinitions.list
container.customResourceDefinitions.update
container.customResourceDefinitions.updateStatus
container.daemonSets.create
container.daemonSets.delete
container.daemonSets.get
container.daemonSets.getStatus
container.daemonSets.list
container.daemonSets.update
container.daemonSets.updateStatus
container.deployments.create
container.deployments.delete
container.deployments.get
container.deployments.getScale
container.deployments.getStatus
container.deployments.list
container.deployments.rollback
container.deployments.update
container.deployments.updateScale
container.deployments.updateStatus
container.endpointSlices.create
container.endpointSlices.delete
container.endpointSlices.get
container.endpointSlices.list
container.endpointSlices.update
container.endpoints.create
container.endpoints.delete
container.endpoints.get
container.endpoints.list
container.endpoints.update
container.events.create
container.events.delete
container.events.get
container.events.list
container.events.update
container.frontendConfigs.create
container.frontendConfigs.delete
container.frontendConfigs.get
container.frontendConfigs.list
container.frontendConfigs.update
container.horizontalPodAutoscalers.create
container.horizontalPodAutoscalers.delete
container.horizontalPodAutoscalers.get
container.horizontalPodAutoscalers.getStatus
container.horizontalPodAutoscalers.list
container.horizontalPodAutoscalers.update
container.horizontalPodAutoscalers.updateStatus
container.hostServiceAgent.use
container.ingresses.create
container.ingresses.delete
container.ingresses.get
container.ingresses.getStatus
container.ingresses.list
container.ingresses.update
container.ingresses.updateStatus
container.initializerConfigurations.create
container.initializerConfigurations.delete
container.initializerConfigurations.get
container.initializerConfigurations.list
container.initializerConfigurations.update
container.jobs.create
container.jobs.delete
container.jobs.get
container.jobs.getStatus
container.jobs.list
container.jobs.update
container.jobs.updateStatus
container.leases.create
container.leases.delete
container.leases.get
container.leases.list
container.leases.update
container.limitRanges.create
container.limitRanges.delete
container.limitRanges.get
container.limitRanges.list
container.limitRanges.update
container.localSubjectAccessReviews.create
container.localSubjectAccessReviews.list
container.managedCertificates.create
container.managedCertificates.delete
container.managedCertificates.get
container.managedCertificates.list
container.managedCertificates.update
container.mutatingWebhookConfigurations.create
container.mutatingWebhookConfigurations.delete
container.mutatingWebhookConfigurations.get
container.mutatingWebhookConfigurations.list
container.mutatingWebhookConfigurations.update
container.namespaces.create
container.namespaces.delete
container.namespaces.finalize
container.namespaces.get
container.namespaces.getStatus
container.namespaces.list
container.namespaces.update
container.namespaces.updateStatus
container.networkPolicies.create
container.networkPolicies.delete
container.networkPolicies.get
container.networkPolicies.list
container.networkPolicies.update
container.nodes.create
container.nodes.delete
container.nodes.get
container.nodes.getStatus
container.nodes.list
container.nodes.proxy
container.nodes.update
container.nodes.updateStatus
container.operations.get
container.operations.list
container.persistentVolumeClaims.create
container.persistentVolumeClaims.delete
container.persistentVolumeClaims.get
container.persistentVolumeClaims.getStatus
container.persistentVolumeClaims.list
container.persistentVolumeClaims.update
container.persistentVolumeClaims.updateStatus
container.persistentVolumes.create
container.persistentVolumes.delete
container.persistentVolumes.get
container.persistentVolumes.getStatus
container.persistentVolumes.list
container.persistentVolumes.update
container.persistentVolumes.updateStatus
container.petSets.create
container.petSets.delete
container.petSets.get
container.petSets.list
container.petSets.update
container.petSets.updateStatus
container.podDisruptionBudgets.create
container.podDisruptionBudgets.delete
container.podDisruptionBudgets.get
container.podDisruptionBudgets.getStatus
container.podDisruptionBudgets.list
container.podDisruptionBudgets.update
container.podDisruptionBudgets.updateStatus
container.podPresets.create
container.podPresets.delete
container.podPresets.get
container.podPresets.list
container.podPresets.update
container.podSecurityPolicies.create
container.podSecurityPolicies.delete
container.podSecurityPolicies.get
container.podSecurityPolicies.list
container.podSecurityPolicies.update
container.podSecurityPolicies.use
container.podTemplates.create
container.podTemplates.delete
container.podTemplates.get
container.podTemplates.list
container.podTemplates.update
container.pods.attach
container.pods.create
container.pods.delete
container.pods.evict
container.pods.exec
container.pods.get
container.pods.getLogs
container.pods.getStatus
container.pods.initialize
container.pods.list
container.pods.portForward
container.pods.proxy
container.pods.update
container.pods.updateStatus
container.priorityClasses.create
container.priorityClasses.delete
container.priorityClasses.get
container.priorityClasses.list
container.priorityClasses.update
container.replicaSets.create
container.replicaSets.delete
container.replicaSets.get
container.replicaSets.getScale
container.replicaSets.getStatus
container.replicaSets.list
container.replicaSets.update
container.replicaSets.updateScale
container.replicaSets.updateStatus
container.replicationControllers.create
container.replicationControllers.delete
container.replicationControllers.get
container.replicationControllers.getScale
container.replicationControllers.getStatus
container.replicationControllers.list
container.replicationControllers.update
container.replicationControllers.updateScale
container.replicationControllers.updateStatus
container.resourceQuotas.create
container.resourceQuotas.delete
container.resourceQuotas.get
container.resourceQuotas.getStatus
container.resourceQuotas.list
container.resourceQuotas.update
container.resourceQuotas.updateStatus
container.roleBindings.create
container.roleBindings.delete
container.roleBindings.get
container.roleBindings.list
container.roleBindings.update
container.roles.bind
container.roles.create
container.roles.delete
container.roles.escalate
container.roles.get
container.roles.list
container.roles.update
container.runtimeClasses.create
container.runtimeClasses.delete
container.runtimeClasses.get
container.runtimeClasses.list
container.runtimeClasses.update
container.scheduledJobs.create
container.scheduledJobs.delete
container.scheduledJobs.get
container.scheduledJobs.list
container.scheduledJobs.update
container.scheduledJobs.updateStatus
container.secrets.create
container.secrets.delete
container.secrets.get
container.secrets.list
container.secrets.update
container.selfSubjectAccessReviews.create
container.selfSubjectAccessReviews.list
container.selfSubjectRulesReviews.create
container.serviceAccounts.create
container.serviceAccounts.createToken
container.serviceAccounts.delete
container.serviceAccounts.get
container.serviceAccounts.list
container.serviceAccounts.update
container.services.create
container.services.delete
container.services.get
container.services.getStatus
container.services.list
container.services.proxy
container.services.update
container.services.updateStatus
container.statefulSets.create
container.statefulSets.delete
container.statefulSets.get
container.statefulSets.getScale
container.statefulSets.getStatus
container.statefulSets.list
container.statefulSets.update
container.statefulSets.updateScale
container.statefulSets.updateStatus
container.storageClasses.create
container.storageClasses.delete
container.storageClasses.get
container.storageClasses.list
container.storageClasses.update
container.storageStates.create
container.storageStates.delete
container.storageStates.get
container.storageStates.getStatus
container.storageStates.list
container.storageStates.update
container.storageStates.updateStatus
container.storageVersionMigrations.create
container.storageVersionMigrations.delete
container.storageVersionMigrations.get
container.storageVersionMigrations.getStatus
container.storageVersionMigrations.list
container.storageVersionMigrations.update
container.storageVersionMigrations.updateStatus
container.subjectAccessReviews.create
container.subjectAccessReviews.list
container.thirdPartyObjects.create
container.thirdPartyObjects.delete
container.thirdPartyObjects.get
container.thirdPartyObjects.list
container.thirdPartyObjects.update
container.thirdPartyResources.create
container.thirdPartyResources.delete
container.thirdPartyResources.get
container.thirdPartyResources.list
container.thirdPartyResources.update
container.tokenReviews.create
container.updateInfos.create
container.updateInfos.delete
container.updateInfos.get
container.updateInfos.list
container.updateInfos.update
container.validatingWebhookConfigurations.create
container.validatingWebhookConfigurations.delete
container.validatingWebhookConfigurations.get
container.validatingWebhookConfigurations.list
container.validatingWebhookConfigurations.update
container.volumeAttachments.create
container.volumeAttachments.delete
container.volumeAttachments.get
container.volumeAttachments.getStatus
container.volumeAttachments.list
container.volumeAttachments.update
container.volumeAttachments.updateStatus
container.volumeSnapshotClasses.create
container.volumeSnapshotClasses.delete
container.volumeSnapshotClasses.get
container.volumeSnapshotClasses.list
container.volumeSnapshotClasses.update
container.volumeSnapshotContents.create
container.volumeSnapshotContents.delete
container.volumeSnapshotContents.get
container.volumeSnapshotContents.getStatus
container.volumeSnapshotContents.list
container.volumeSnapshotContents.update
container.volumeSnapshotContents.updateStatus
container.volumeSnapshots.create
container.volumeSnapshots.delete
container.volumeSnapshots.get
container.volumeSnapshots.getStatus
container.volumeSnapshots.list
container.volumeSnapshots.update
container.volumeSnapshots.updateStatus

containeranalysis.occurrences.create

containeranalysis.occurrences.delete

containeranalysis.occurrences.get

containeranalysis.occurrences.list

containeranalysis.occurrences.update

datalineage.events.create

datalineage.processes.create

datalineage.processes.get

datalineage.processes.update

datalineage.runs.create

datalineage.runs.get

datalineage.runs.update

logging.logEntries.create

logging.logEntries.list

logging.logEntries.route

logging.views.access

monitoring.metricDescriptors.create

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

monitoring.monitoredResourceDescriptors.get
monitoring.monitoredResourceDescriptors.list

monitoring.timeSeries.*

monitoring.timeSeries.create
monitoring.timeSeries.list

orgpolicy.policy.get

pubsub.schemas.attach

pubsub.schemas.commit

pubsub.schemas.create

pubsub.schemas.delete

pubsub.schemas.get

pubsub.schemas.list

pubsub.schemas.listRevisions

pubsub.schemas.rollback

pubsub.schemas.validate

pubsub.snapshots.create

pubsub.snapshots.delete

pubsub.snapshots.get

pubsub.snapshots.list

pubsub.snapshots.seek

pubsub.snapshots.update

pubsub.subscriptions.consume

pubsub.subscriptions.create

pubsub.subscriptions.delete

pubsub.subscriptions.get

pubsub.subscriptions.list

pubsub.subscriptions.update

pubsub.topics.attachSubscription

pubsub.topics.create

pubsub.topics.delete

pubsub.topics.detachSubscription

pubsub.topics.get

pubsub.topics.list

pubsub.topics.publish

pubsub.topics.update

pubsub.topics.updateTag

recommender.containerDiagnosisInsights.*

recommender.containerDiagnosisInsights.get
recommender.containerDiagnosisInsights.list
recommender.containerDiagnosisInsights.update

recommender.containerDiagnosisRecommendations.*

recommender.containerDiagnosisRecommendations.get
recommender.containerDiagnosisRecommendations.list
recommender.containerDiagnosisRecommendations.update

recommender.locations.*

recommender.locations.get
recommender.locations.list

recommender.networkAnalyzerGkeConnectivityInsights.*

recommender.networkAnalyzerGkeConnectivityInsights.get
recommender.networkAnalyzerGkeConnectivityInsights.list
recommender.networkAnalyzerGkeConnectivityInsights.update

recommender.networkAnalyzerGkeIpAddressInsights.*

recommender.networkAnalyzerGkeIpAddressInsights.get
recommender.networkAnalyzerGkeIpAddressInsights.list
recommender.networkAnalyzerGkeIpAddressInsights.update

remotebuildexecution.blobs.get

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

source.repos.get

source.repos.list

storage.buckets.create

storage.buckets.get

storage.buckets.list

storage.managedFolders.create

storage.managedFolders.delete

storage.managedFolders.get

storage.managedFolders.list

storage.multipartUploads.*

storage.multipartUploads.abort
storage.multipartUploads.create
storage.multipartUploads.list
storage.multipartUploads.listParts

storage.objects.*

storage.objects.create
storage.objects.delete
storage.objects.get
storage.objects.getIamPolicy
storage.objects.list
storage.objects.setIamPolicy
storage.objects.update

Rollen für Dienst-Agents

Rolle Berechtigungen

Rolle	Berechtigungen
Cloud Composer API-Dienst-Agent (`roles/composer.serviceAgent`) Der Cloud Composer API-Dienst-Agent kann Umgebungen verwalten.	appengine.applications.get appengine.applications.update appengine.instances.* appengine.instances.delete appengine.instances.enableDebug appengine.instances.get appengine.instances.list appengine.memcache.addKey appengine.memcache.flush appengine.memcache.get appengine.memcache.update appengine.operations.* appengine.operations.get appengine.operations.list appengine.runtimes.actAsAdmin appengine.services.* appengine.services.delete appengine.services.get appengine.services.list appengine.services.update appengine.versions.create appengine.versions.delete appengine.versions.get appengine.versions.list appengine.versions.update artifactregistry.repositories.create artifactregistry.repositories.delete artifactregistry.repositories.get artifactregistry.repositories.list artifactregistry.repositories.update cloudnotifications.activities.list cloudsql.* cloudsql.backupRuns.create cloudsql.backupRuns.delete cloudsql.backupRuns.get cloudsql.backupRuns.list cloudsql.databases.create cloudsql.databases.delete cloudsql.databases.get cloudsql.databases.list cloudsql.databases.update cloudsql.instances.addServerCa cloudsql.instances.clone cloudsql.instances.connect cloudsql.instances.create cloudsql.instances.createTagBinding cloudsql.instances.delete cloudsql.instances.deleteTagBinding cloudsql.instances.demoteMaster cloudsql.instances.export cloudsql.instances.failover cloudsql.instances.get cloudsql.instances.getDiskShrinkConfig cloudsql.instances.import cloudsql.instances.list cloudsql.instances.listEffectiveTags cloudsql.instances.listServerCas cloudsql.instances.listTagBindings cloudsql.instances.login cloudsql.instances.migrate cloudsql.instances.performDiskShrink cloudsql.instances.promoteReplica cloudsql.instances.reencrypt cloudsql.instances.resetReplicaSize cloudsql.instances.resetSslConfig cloudsql.instances.restart cloudsql.instances.restoreBackup cloudsql.instances.rotateServerCa cloudsql.instances.startReplica cloudsql.instances.stopReplica cloudsql.instances.truncateLog cloudsql.instances.update cloudsql.sslCerts.create cloudsql.sslCerts.createEphemeral cloudsql.sslCerts.delete cloudsql.sslCerts.get cloudsql.sslCerts.list cloudsql.users.create cloudsql.users.delete cloudsql.users.get cloudsql.users.list cloudsql.users.update composer.dags.get composer.environments.get compute.acceleratorTypes.* compute.acceleratorTypes.get compute.acceleratorTypes.list compute.addresses.* compute.addresses.create compute.addresses.createInternal compute.addresses.delete compute.addresses.deleteInternal compute.addresses.get compute.addresses.list compute.addresses.setLabels compute.addresses.use compute.addresses.useInternal compute.autoscalers.* compute.autoscalers.create compute.autoscalers.delete compute.autoscalers.get compute.autoscalers.list compute.autoscalers.update compute.backendBuckets.* compute.backendBuckets.addSignedUrlKey compute.backendBuckets.create compute.backendBuckets.createTagBinding compute.backendBuckets.delete compute.backendBuckets.deleteSignedUrlKey compute.backendBuckets.deleteTagBinding compute.backendBuckets.get compute.backendBuckets.getIamPolicy compute.backendBuckets.list compute.backendBuckets.listEffectiveTags compute.backendBuckets.listTagBindings compute.backendBuckets.setIamPolicy compute.backendBuckets.setSecurityPolicy compute.backendBuckets.update compute.backendBuckets.use compute.backendServices.* compute.backendServices.addSignedUrlKey compute.backendServices.create compute.backendServices.createTagBinding compute.backendServices.delete compute.backendServices.deleteSignedUrlKey compute.backendServices.deleteTagBinding compute.backendServices.get compute.backendServices.getIamPolicy compute.backendServices.list compute.backendServices.listEffectiveTags compute.backendServices.listTagBindings compute.backendServices.setIamPolicy compute.backendServices.setSecurityPolicy compute.backendServices.update compute.backendServices.use compute.diskTypes.* compute.diskTypes.get compute.diskTypes.list compute.disks.* compute.disks.addResourcePolicies compute.disks.create compute.disks.createSnapshot compute.disks.createTagBinding compute.disks.delete compute.disks.deleteTagBinding compute.disks.get compute.disks.getIamPolicy compute.disks.list compute.disks.listEffectiveTags compute.disks.listTagBindings compute.disks.removeResourcePolicies compute.disks.resize compute.disks.setIamPolicy compute.disks.setLabels compute.disks.startAsyncReplication compute.disks.stopAsyncReplication compute.disks.stopGroupAsyncReplication compute.disks.update compute.disks.use compute.disks.useReadOnly compute.externalVpnGateways.* compute.externalVpnGateways.create compute.externalVpnGateways.delete compute.externalVpnGateways.get compute.externalVpnGateways.list compute.externalVpnGateways.setLabels compute.externalVpnGateways.use compute.firewallPolicies.get compute.firewallPolicies.list compute.firewallPolicies.listEffectiveTags compute.firewallPolicies.listTagBindings compute.firewallPolicies.use compute.firewalls.get compute.firewalls.list compute.firewalls.listEffectiveTags compute.firewalls.listTagBindings compute.forwardingRules.* compute.forwardingRules.create compute.forwardingRules.createTagBinding compute.forwardingRules.delete compute.forwardingRules.deleteTagBinding compute.forwardingRules.get compute.forwardingRules.list compute.forwardingRules.listEffectiveTags compute.forwardingRules.listTagBindings compute.forwardingRules.pscCreate compute.forwardingRules.pscDelete compute.forwardingRules.pscSetLabels compute.forwardingRules.pscSetTarget compute.forwardingRules.pscUpdate compute.forwardingRules.setLabels compute.forwardingRules.setTarget compute.forwardingRules.update compute.forwardingRules.use compute.globalAddresses.* compute.globalAddresses.create compute.globalAddresses.createInternal compute.globalAddresses.delete compute.globalAddresses.deleteInternal compute.globalAddresses.get compute.globalAddresses.list compute.globalAddresses.setLabels compute.globalAddresses.use compute.globalForwardingRules.* compute.globalForwardingRules.create compute.globalForwardingRules.createTagBinding compute.globalForwardingRules.delete compute.globalForwardingRules.deleteTagBinding compute.globalForwardingRules.get compute.globalForwardingRules.list compute.globalForwardingRules.listEffectiveTags compute.globalForwardingRules.listTagBindings compute.globalForwardingRules.pscCreate compute.globalForwardingRules.pscDelete compute.globalForwardingRules.pscGet compute.globalForwardingRules.pscSetLabels compute.globalForwardingRules.pscSetTarget compute.globalForwardingRules.pscUpdate compute.globalForwardingRules.setLabels compute.globalForwardingRules.setTarget compute.globalForwardingRules.update compute.globalNetworkEndpointGroups.* compute.globalNetworkEndpointGroups.attachNetworkEndpoints compute.globalNetworkEndpointGroups.create compute.globalNetworkEndpointGroups.createTagBinding compute.globalNetworkEndpointGroups.delete compute.globalNetworkEndpointGroups.deleteTagBinding compute.globalNetworkEndpointGroups.detachNetworkEndpoints compute.globalNetworkEndpointGroups.get compute.globalNetworkEndpointGroups.list compute.globalNetworkEndpointGroups.listEffectiveTags compute.globalNetworkEndpointGroups.listTagBindings compute.globalNetworkEndpointGroups.use compute.globalOperations.get compute.globalOperations.list compute.globalPublicDelegatedPrefixes.delete compute.globalPublicDelegatedPrefixes.get compute.globalPublicDelegatedPrefixes.list compute.globalPublicDelegatedPrefixes.update compute.globalPublicDelegatedPrefixes.updatePolicy compute.healthChecks.* compute.healthChecks.create compute.healthChecks.createTagBinding compute.healthChecks.delete compute.healthChecks.deleteTagBinding compute.healthChecks.get compute.healthChecks.list compute.healthChecks.listEffectiveTags compute.healthChecks.listTagBindings compute.healthChecks.update compute.healthChecks.use compute.healthChecks.useReadOnly compute.httpHealthChecks.* compute.httpHealthChecks.create compute.httpHealthChecks.createTagBinding compute.httpHealthChecks.delete compute.httpHealthChecks.deleteTagBinding compute.httpHealthChecks.get compute.httpHealthChecks.list compute.httpHealthChecks.listEffectiveTags compute.httpHealthChecks.listTagBindings compute.httpHealthChecks.update compute.httpHealthChecks.use compute.httpHealthChecks.useReadOnly compute.httpsHealthChecks.* compute.httpsHealthChecks.create compute.httpsHealthChecks.createTagBinding compute.httpsHealthChecks.delete compute.httpsHealthChecks.deleteTagBinding compute.httpsHealthChecks.get compute.httpsHealthChecks.list compute.httpsHealthChecks.listEffectiveTags compute.httpsHealthChecks.listTagBindings compute.httpsHealthChecks.update compute.httpsHealthChecks.use compute.httpsHealthChecks.useReadOnly compute.images.* compute.images.create compute.images.createTagBinding compute.images.delete compute.images.deleteTagBinding compute.images.deprecate compute.images.get compute.images.getFromFamily compute.images.getIamPolicy compute.images.list compute.images.listEffectiveTags compute.images.listTagBindings compute.images.setIamPolicy compute.images.setLabels compute.images.update compute.images.useReadOnly compute.instanceGroupManagers.* compute.instanceGroupManagers.create compute.instanceGroupManagers.delete compute.instanceGroupManagers.get compute.instanceGroupManagers.list compute.instanceGroupManagers.update compute.instanceGroupManagers.use compute.instanceGroups.* compute.instanceGroups.create compute.instanceGroups.delete compute.instanceGroups.get compute.instanceGroups.list compute.instanceGroups.update compute.instanceGroups.use compute.instanceSettings.* compute.instanceSettings.get compute.instanceSettings.update compute.instanceTemplates.* compute.instanceTemplates.create compute.instanceTemplates.delete compute.instanceTemplates.get compute.instanceTemplates.getIamPolicy compute.instanceTemplates.list compute.instanceTemplates.setIamPolicy compute.instanceTemplates.useReadOnly compute.instances.* compute.instances.addAccessConfig compute.instances.addMaintenancePolicies compute.instances.addResourcePolicies compute.instances.attachDisk compute.instances.create compute.instances.createTagBinding compute.instances.delete compute.instances.deleteAccessConfig compute.instances.deleteTagBinding compute.instances.detachDisk compute.instances.get compute.instances.getEffectiveFirewalls compute.instances.getGuestAttributes compute.instances.getIamPolicy compute.instances.getScreenshot compute.instances.getSerialPortOutput compute.instances.getShieldedInstanceIdentity compute.instances.getShieldedVmIdentity compute.instances.list compute.instances.listEffectiveTags compute.instances.listReferrers compute.instances.listTagBindings compute.instances.osAdminLogin compute.instances.osLogin compute.instances.pscInterfaceCreate compute.instances.removeMaintenancePolicies compute.instances.removeResourcePolicies compute.instances.reset compute.instances.resume compute.instances.sendDiagnosticInterrupt compute.instances.setDeletionProtection compute.instances.setDiskAutoDelete compute.instances.setIamPolicy compute.instances.setLabels compute.instances.setMachineResources compute.instances.setMachineType compute.instances.setMetadata compute.instances.setMinCpuPlatform compute.instances.setName compute.instances.setScheduling compute.instances.setSecurityPolicy compute.instances.setServiceAccount compute.instances.setShieldedInstanceIntegrityPolicy compute.instances.setShieldedVmIntegrityPolicy compute.instances.setTags compute.instances.simulateMaintenanceEvent compute.instances.start compute.instances.startWithEncryptionKey compute.instances.stop compute.instances.suspend compute.instances.update compute.instances.updateAccessConfig compute.instances.updateDisplayDevice compute.instances.updateNetworkInterface compute.instances.updateSecurity compute.instances.updateShieldedInstanceConfig compute.instances.updateShieldedVmConfig compute.instances.use compute.instances.useReadOnly compute.instantSnapshots.* compute.instantSnapshots.create compute.instantSnapshots.delete compute.instantSnapshots.export compute.instantSnapshots.get compute.instantSnapshots.getIamPolicy compute.instantSnapshots.list compute.instantSnapshots.setIamPolicy compute.instantSnapshots.setLabels compute.instantSnapshots.useReadOnly compute.interconnectAttachments.* compute.interconnectAttachments.create compute.interconnectAttachments.delete compute.interconnectAttachments.get compute.interconnectAttachments.list compute.interconnectAttachments.setLabels compute.interconnectAttachments.update compute.interconnectAttachments.use compute.interconnectLocations.* compute.interconnectLocations.get compute.interconnectLocations.list compute.interconnectRemoteLocations.* compute.interconnectRemoteLocations.get compute.interconnectRemoteLocations.list compute.interconnects.* compute.interconnects.create compute.interconnects.delete compute.interconnects.get compute.interconnects.getMacsecConfig compute.interconnects.list compute.interconnects.setLabels compute.interconnects.update compute.interconnects.use compute.licenseCodes.* compute.licenseCodes.get compute.licenseCodes.getIamPolicy compute.licenseCodes.list compute.licenseCodes.setIamPolicy compute.licenseCodes.update compute.licenseCodes.use compute.licenses.* compute.licenses.create compute.licenses.delete compute.licenses.get compute.licenses.getIamPolicy compute.licenses.list compute.licenses.setIamPolicy compute.machineImages.* compute.machineImages.create compute.machineImages.delete compute.machineImages.get compute.machineImages.getIamPolicy compute.machineImages.list compute.machineImages.setIamPolicy compute.machineImages.useReadOnly compute.machineTypes.* compute.machineTypes.get compute.machineTypes.list compute.networkAttachments.* compute.networkAttachments.create compute.networkAttachments.delete compute.networkAttachments.get compute.networkAttachments.getIamPolicy compute.networkAttachments.list compute.networkAttachments.setIamPolicy compute.networkEndpointGroups.* compute.networkEndpointGroups.attachNetworkEndpoints compute.networkEndpointGroups.create compute.networkEndpointGroups.createTagBinding compute.networkEndpointGroups.delete compute.networkEndpointGroups.deleteTagBinding compute.networkEndpointGroups.detachNetworkEndpoints compute.networkEndpointGroups.get compute.networkEndpointGroups.getIamPolicy compute.networkEndpointGroups.list compute.networkEndpointGroups.listEffectiveTags compute.networkEndpointGroups.listTagBindings compute.networkEndpointGroups.setIamPolicy compute.networkEndpointGroups.use compute.networks.* compute.networks.access compute.networks.addPeering compute.networks.create compute.networks.createTagBinding compute.networks.delete compute.networks.deleteTagBinding compute.networks.get compute.networks.getEffectiveFirewalls compute.networks.getRegionEffectiveFirewalls compute.networks.list compute.networks.listEffectiveTags compute.networks.listPeeringRoutes compute.networks.listTagBindings compute.networks.mirror compute.networks.removePeering compute.networks.setFirewallPolicy compute.networks.switchToCustomMode compute.networks.update compute.networks.updatePeering compute.networks.updatePolicy compute.networks.use compute.networks.useExternalIp compute.packetMirrorings.get compute.packetMirrorings.list compute.projects.get compute.projects.setCommonInstanceMetadata compute.publicDelegatedPrefixes.delete compute.publicDelegatedPrefixes.get compute.publicDelegatedPrefixes.list compute.publicDelegatedPrefixes.update compute.publicDelegatedPrefixes.updatePolicy compute.regionBackendServices.* compute.regionBackendServices.create compute.regionBackendServices.createTagBinding compute.regionBackendServices.delete compute.regionBackendServices.deleteTagBinding compute.regionBackendServices.get compute.regionBackendServices.getIamPolicy compute.regionBackendServices.list compute.regionBackendServices.listEffectiveTags compute.regionBackendServices.listTagBindings compute.regionBackendServices.setIamPolicy compute.regionBackendServices.setSecurityPolicy compute.regionBackendServices.update compute.regionBackendServices.use compute.regionFirewallPolicies.get compute.regionFirewallPolicies.list compute.regionFirewallPolicies.listEffectiveTags compute.regionFirewallPolicies.listTagBindings compute.regionFirewallPolicies.use compute.regionHealthCheckServices.* compute.regionHealthCheckServices.create compute.regionHealthCheckServices.delete compute.regionHealthCheckServices.get compute.regionHealthCheckServices.list compute.regionHealthCheckServices.update compute.regionHealthCheckServices.use compute.regionHealthChecks.* compute.regionHealthChecks.create compute.regionHealthChecks.createTagBinding compute.regionHealthChecks.delete compute.regionHealthChecks.deleteTagBinding compute.regionHealthChecks.get compute.regionHealthChecks.list compute.regionHealthChecks.listEffectiveTags compute.regionHealthChecks.listTagBindings compute.regionHealthChecks.update compute.regionHealthChecks.use compute.regionHealthChecks.useReadOnly compute.regionNetworkEndpointGroups.* compute.regionNetworkEndpointGroups.attachNetworkEndpoints compute.regionNetworkEndpointGroups.create compute.regionNetworkEndpointGroups.createTagBinding compute.regionNetworkEndpointGroups.delete compute.regionNetworkEndpointGroups.deleteTagBinding compute.regionNetworkEndpointGroups.detachNetworkEndpoints compute.regionNetworkEndpointGroups.get compute.regionNetworkEndpointGroups.list compute.regionNetworkEndpointGroups.listEffectiveTags compute.regionNetworkEndpointGroups.listTagBindings compute.regionNetworkEndpointGroups.use compute.regionNotificationEndpoints.* compute.regionNotificationEndpoints.create compute.regionNotificationEndpoints.delete compute.regionNotificationEndpoints.get compute.regionNotificationEndpoints.list compute.regionNotificationEndpoints.update compute.regionNotificationEndpoints.use compute.regionOperations.get compute.regionOperations.list compute.regionSecurityPolicies.get compute.regionSecurityPolicies.list compute.regionSecurityPolicies.listEffectiveTags compute.regionSecurityPolicies.listTagBindings compute.regionSecurityPolicies.use compute.regionSslCertificates.get compute.regionSslCertificates.list compute.regionSslCertificates.listEffectiveTags compute.regionSslCertificates.listTagBindings compute.regionSslPolicies.* compute.regionSslPolicies.create compute.regionSslPolicies.delete compute.regionSslPolicies.get compute.regionSslPolicies.list compute.regionSslPolicies.listAvailableFeatures compute.regionSslPolicies.update compute.regionSslPolicies.use compute.regionTargetHttpProxies.* compute.regionTargetHttpProxies.create compute.regionTargetHttpProxies.createTagBinding compute.regionTargetHttpProxies.delete compute.regionTargetHttpProxies.deleteTagBinding compute.regionTargetHttpProxies.get compute.regionTargetHttpProxies.list compute.regionTargetHttpProxies.listEffectiveTags compute.regionTargetHttpProxies.listTagBindings compute.regionTargetHttpProxies.setUrlMap compute.regionTargetHttpProxies.update compute.regionTargetHttpProxies.use compute.regionTargetHttpsProxies.* compute.regionTargetHttpsProxies.create compute.regionTargetHttpsProxies.createTagBinding compute.regionTargetHttpsProxies.delete compute.regionTargetHttpsProxies.deleteTagBinding compute.regionTargetHttpsProxies.get compute.regionTargetHttpsProxies.list compute.regionTargetHttpsProxies.listEffectiveTags compute.regionTargetHttpsProxies.listTagBindings compute.regionTargetHttpsProxies.setSslCertificates compute.regionTargetHttpsProxies.setUrlMap compute.regionTargetHttpsProxies.update compute.regionTargetHttpsProxies.use compute.regionTargetTcpProxies.* compute.regionTargetTcpProxies.create compute.regionTargetTcpProxies.delete compute.regionTargetTcpProxies.get compute.regionTargetTcpProxies.list compute.regionTargetTcpProxies.use compute.regionUrlMaps.* compute.regionUrlMaps.create compute.regionUrlMaps.createTagBinding compute.regionUrlMaps.delete compute.regionUrlMaps.deleteTagBinding compute.regionUrlMaps.get compute.regionUrlMaps.invalidateCache compute.regionUrlMaps.list compute.regionUrlMaps.listEffectiveTags compute.regionUrlMaps.listTagBindings compute.regionUrlMaps.update compute.regionUrlMaps.use compute.regionUrlMaps.validate compute.regions.* compute.regions.get compute.regions.list compute.reservations.get compute.reservations.list compute.resourcePolicies.* compute.resourcePolicies.create compute.resourcePolicies.delete compute.resourcePolicies.get compute.resourcePolicies.getIamPolicy compute.resourcePolicies.list compute.resourcePolicies.setIamPolicy compute.resourcePolicies.update compute.resourcePolicies.use compute.resourcePolicies.useReadOnly compute.routers.* compute.routers.create compute.routers.delete compute.routers.get compute.routers.list compute.routers.update compute.routers.use compute.routes.* compute.routes.create compute.routes.createTagBinding compute.routes.delete compute.routes.deleteTagBinding compute.routes.get compute.routes.list compute.routes.listEffectiveTags compute.routes.listTagBindings compute.securityPolicies.get compute.securityPolicies.list compute.securityPolicies.listEffectiveTags compute.securityPolicies.listTagBindings compute.securityPolicies.use compute.serviceAttachments.* compute.serviceAttachments.create compute.serviceAttachments.delete compute.serviceAttachments.get compute.serviceAttachments.getIamPolicy compute.serviceAttachments.list compute.serviceAttachments.setIamPolicy compute.serviceAttachments.update compute.serviceAttachments.use compute.snapshots.* compute.snapshots.create compute.snapshots.createTagBinding compute.snapshots.delete compute.snapshots.deleteTagBinding compute.snapshots.get compute.snapshots.getIamPolicy compute.snapshots.list compute.snapshots.listEffectiveTags compute.snapshots.listTagBindings compute.snapshots.setIamPolicy compute.snapshots.setLabels compute.snapshots.useReadOnly compute.sslCertificates.get compute.sslCertificates.list compute.sslCertificates.listEffectiveTags compute.sslCertificates.listTagBindings compute.sslPolicies.* compute.sslPolicies.create compute.sslPolicies.createTagBinding compute.sslPolicies.delete compute.sslPolicies.deleteTagBinding compute.sslPolicies.get compute.sslPolicies.list compute.sslPolicies.listAvailableFeatures compute.sslPolicies.listEffectiveTags compute.sslPolicies.listTagBindings compute.sslPolicies.update compute.sslPolicies.use compute.subnetworks.* compute.subnetworks.create compute.subnetworks.createTagBinding compute.subnetworks.delete compute.subnetworks.deleteTagBinding compute.subnetworks.expandIpCidrRange compute.subnetworks.get compute.subnetworks.getIamPolicy compute.subnetworks.list compute.subnetworks.listEffectiveTags compute.subnetworks.listTagBindings compute.subnetworks.mirror compute.subnetworks.setIamPolicy compute.subnetworks.setPrivateIpGoogleAccess compute.subnetworks.update compute.subnetworks.use compute.subnetworks.useExternalIp compute.targetGrpcProxies.* compute.targetGrpcProxies.create compute.targetGrpcProxies.delete compute.targetGrpcProxies.get compute.targetGrpcProxies.list compute.targetGrpcProxies.update compute.targetGrpcProxies.use compute.targetHttpProxies.* compute.targetHttpProxies.create compute.targetHttpProxies.createTagBinding compute.targetHttpProxies.delete compute.targetHttpProxies.deleteTagBinding compute.targetHttpProxies.get compute.targetHttpProxies.list compute.targetHttpProxies.listEffectiveTags compute.targetHttpProxies.listTagBindings compute.targetHttpProxies.setUrlMap compute.targetHttpProxies.update compute.targetHttpProxies.use compute.targetHttpsProxies.* compute.targetHttpsProxies.create compute.targetHttpsProxies.createTagBinding compute.targetHttpsProxies.delete compute.targetHttpsProxies.deleteTagBinding compute.targetHttpsProxies.get compute.targetHttpsProxies.list compute.targetHttpsProxies.listEffectiveTags compute.targetHttpsProxies.listTagBindings compute.targetHttpsProxies.setCertificateMap compute.targetHttpsProxies.setQuicOverride compute.targetHttpsProxies.setSslCertificates compute.targetHttpsProxies.setSslPolicy compute.targetHttpsProxies.setUrlMap compute.targetHttpsProxies.update compute.targetHttpsProxies.use compute.targetInstances.* compute.targetInstances.create compute.targetInstances.createTagBinding compute.targetInstances.delete compute.targetInstances.deleteTagBinding compute.targetInstances.get compute.targetInstances.list compute.targetInstances.listEffectiveTags compute.targetInstances.listTagBindings compute.targetInstances.setSecurityPolicy compute.targetInstances.use compute.targetPools.* compute.targetPools.addHealthCheck compute.targetPools.addInstance compute.targetPools.create compute.targetPools.createTagBinding compute.targetPools.delete compute.targetPools.deleteTagBinding compute.targetPools.get compute.targetPools.list compute.targetPools.listEffectiveTags compute.targetPools.listTagBindings compute.targetPools.removeHealthCheck compute.targetPools.removeInstance compute.targetPools.setSecurityPolicy compute.targetPools.update compute.targetPools.use compute.targetSslProxies.* compute.targetSslProxies.create compute.targetSslProxies.createTagBinding compute.targetSslProxies.delete compute.targetSslProxies.deleteTagBinding compute.targetSslProxies.get compute.targetSslProxies.list compute.targetSslProxies.listEffectiveTags compute.targetSslProxies.listTagBindings compute.targetSslProxies.setBackendService compute.targetSslProxies.setCertificateMap compute.targetSslProxies.setProxyHeader compute.targetSslProxies.setSslCertificates compute.targetSslProxies.setSslPolicy compute.targetSslProxies.update compute.targetSslProxies.use compute.targetTcpProxies.* compute.targetTcpProxies.create compute.targetTcpProxies.createTagBinding compute.targetTcpProxies.delete compute.targetTcpProxies.deleteTagBinding compute.targetTcpProxies.get compute.targetTcpProxies.list compute.targetTcpProxies.listEffectiveTags compute.targetTcpProxies.listTagBindings compute.targetTcpProxies.update compute.targetTcpProxies.use compute.targetVpnGateways.* compute.targetVpnGateways.create compute.targetVpnGateways.delete compute.targetVpnGateways.get compute.targetVpnGateways.list compute.targetVpnGateways.setLabels compute.targetVpnGateways.use compute.urlMaps.* compute.urlMaps.create compute.urlMaps.createTagBinding compute.urlMaps.delete compute.urlMaps.deleteTagBinding compute.urlMaps.get compute.urlMaps.invalidateCache compute.urlMaps.list compute.urlMaps.listEffectiveTags compute.urlMaps.listTagBindings compute.urlMaps.update compute.urlMaps.use compute.urlMaps.validate compute.vpnGateways.* compute.vpnGateways.create compute.vpnGateways.delete compute.vpnGateways.get compute.vpnGateways.list compute.vpnGateways.setLabels compute.vpnGateways.use compute.vpnTunnels.* compute.vpnTunnels.create compute.vpnTunnels.delete compute.vpnTunnels.get compute.vpnTunnels.list compute.vpnTunnels.setLabels compute.zoneOperations.get compute.zoneOperations.list compute.zones.* compute.zones.get compute.zones.list container.* container.apiServices.create container.apiServices.delete container.apiServices.get container.apiServices.getStatus container.apiServices.list container.apiServices.update container.apiServices.updateStatus container.auditSinks.create container.auditSinks.delete container.auditSinks.get container.auditSinks.list container.auditSinks.update container.backendConfigs.create container.backendConfigs.delete container.backendConfigs.get container.backendConfigs.list container.backendConfigs.update container.bindings.create container.bindings.delete container.bindings.get container.bindings.list container.bindings.update container.certificateSigningRequests.approve container.certificateSigningRequests.create container.certificateSigningRequests.delete container.certificateSigningRequests.get container.certificateSigningRequests.getStatus container.certificateSigningRequests.list container.certificateSigningRequests.update container.certificateSigningRequests.updateStatus container.clusterRoleBindings.create container.clusterRoleBindings.delete container.clusterRoleBindings.get container.clusterRoleBindings.list container.clusterRoleBindings.update container.clusterRoles.bind container.clusterRoles.create container.clusterRoles.delete container.clusterRoles.escalate container.clusterRoles.get container.clusterRoles.list container.clusterRoles.update container.clusters.create container.clusters.createTagBinding container.clusters.delete container.clusters.deleteTagBinding container.clusters.get container.clusters.getCredentials container.clusters.impersonate container.clusters.list container.clusters.listEffectiveTags container.clusters.listTagBindings container.clusters.update container.componentStatuses.get container.componentStatuses.list container.configMaps.create container.configMaps.delete container.configMaps.get container.configMaps.list container.configMaps.update container.controllerRevisions.create container.controllerRevisions.delete container.controllerRevisions.get container.controllerRevisions.list container.controllerRevisions.update container.cronJobs.create container.cronJobs.delete container.cronJobs.get container.cronJobs.getStatus container.cronJobs.list container.cronJobs.update container.cronJobs.updateStatus container.csiDrivers.create container.csiDrivers.delete container.csiDrivers.get container.csiDrivers.list container.csiDrivers.update container.csiNodeInfos.create container.csiNodeInfos.delete container.csiNodeInfos.get container.csiNodeInfos.list container.csiNodeInfos.update container.csiNodes.create container.csiNodes.delete container.csiNodes.get container.csiNodes.list container.csiNodes.update container.customResourceDefinitions.create container.customResourceDefinitions.delete container.customResourceDefinitions.get container.customResourceDefinitions.getStatus container.customResourceDefinitions.list container.customResourceDefinitions.update container.customResourceDefinitions.updateStatus container.daemonSets.create container.daemonSets.delete container.daemonSets.get container.daemonSets.getStatus container.daemonSets.list container.daemonSets.update container.daemonSets.updateStatus container.deployments.create container.deployments.delete container.deployments.get container.deployments.getScale container.deployments.getStatus container.deployments.list container.deployments.rollback container.deployments.update container.deployments.updateScale container.deployments.updateStatus container.endpointSlices.create container.endpointSlices.delete container.endpointSlices.get container.endpointSlices.list container.endpointSlices.update container.endpoints.create container.endpoints.delete container.endpoints.get container.endpoints.list container.endpoints.update container.events.create container.events.delete container.events.get container.events.list container.events.update container.frontendConfigs.create container.frontendConfigs.delete container.frontendConfigs.get container.frontendConfigs.list container.frontendConfigs.update container.horizontalPodAutoscalers.create container.horizontalPodAutoscalers.delete container.horizontalPodAutoscalers.get container.horizontalPodAutoscalers.getStatus container.horizontalPodAutoscalers.list container.horizontalPodAutoscalers.update container.horizontalPodAutoscalers.updateStatus container.hostServiceAgent.use container.ingresses.create container.ingresses.delete container.ingresses.get container.ingresses.getStatus container.ingresses.list container.ingresses.update container.ingresses.updateStatus container.initializerConfigurations.create container.initializerConfigurations.delete container.initializerConfigurations.get container.initializerConfigurations.list container.initializerConfigurations.update container.jobs.create container.jobs.delete container.jobs.get container.jobs.getStatus container.jobs.list container.jobs.update container.jobs.updateStatus container.leases.create container.leases.delete container.leases.get container.leases.list container.leases.update container.limitRanges.create container.limitRanges.delete container.limitRanges.get container.limitRanges.list container.limitRanges.update container.localSubjectAccessReviews.create container.localSubjectAccessReviews.list container.managedCertificates.create container.managedCertificates.delete container.managedCertificates.get container.managedCertificates.list container.managedCertificates.update container.mutatingWebhookConfigurations.create container.mutatingWebhookConfigurations.delete container.mutatingWebhookConfigurations.get container.mutatingWebhookConfigurations.list container.mutatingWebhookConfigurations.update container.namespaces.create container.namespaces.delete container.namespaces.finalize container.namespaces.get container.namespaces.getStatus container.namespaces.list container.namespaces.update container.namespaces.updateStatus container.networkPolicies.create container.networkPolicies.delete container.networkPolicies.get container.networkPolicies.list container.networkPolicies.update container.nodes.create container.nodes.delete container.nodes.get container.nodes.getStatus container.nodes.list container.nodes.proxy container.nodes.update container.nodes.updateStatus container.operations.get container.operations.list container.persistentVolumeClaims.create container.persistentVolumeClaims.delete container.persistentVolumeClaims.get container.persistentVolumeClaims.getStatus container.persistentVolumeClaims.list container.persistentVolumeClaims.update container.persistentVolumeClaims.updateStatus container.persistentVolumes.create container.persistentVolumes.delete container.persistentVolumes.get container.persistentVolumes.getStatus container.persistentVolumes.list container.persistentVolumes.update container.persistentVolumes.updateStatus container.petSets.create container.petSets.delete container.petSets.get container.petSets.list container.petSets.update container.petSets.updateStatus container.podDisruptionBudgets.create container.podDisruptionBudgets.delete container.podDisruptionBudgets.get container.podDisruptionBudgets.getStatus container.podDisruptionBudgets.list container.podDisruptionBudgets.update container.podDisruptionBudgets.updateStatus container.podPresets.create container.podPresets.delete container.podPresets.get container.podPresets.list container.podPresets.update container.podSecurityPolicies.create container.podSecurityPolicies.delete container.podSecurityPolicies.get container.podSecurityPolicies.list container.podSecurityPolicies.update container.podSecurityPolicies.use container.podTemplates.create container.podTemplates.delete container.podTemplates.get container.podTemplates.list container.podTemplates.update container.pods.attach container.pods.create container.pods.delete container.pods.evict container.pods.exec container.pods.get container.pods.getLogs container.pods.getStatus container.pods.initialize container.pods.list container.pods.portForward container.pods.proxy container.pods.update container.pods.updateStatus container.priorityClasses.create container.priorityClasses.delete container.priorityClasses.get container.priorityClasses.list container.priorityClasses.update container.replicaSets.create container.replicaSets.delete container.replicaSets.get container.replicaSets.getScale container.replicaSets.getStatus container.replicaSets.list container.replicaSets.update container.replicaSets.updateScale container.replicaSets.updateStatus container.replicationControllers.create container.replicationControllers.delete container.replicationControllers.get container.replicationControllers.getScale container.replicationControllers.getStatus container.replicationControllers.list container.replicationControllers.update container.replicationControllers.updateScale container.replicationControllers.updateStatus container.resourceQuotas.create container.resourceQuotas.delete container.resourceQuotas.get container.resourceQuotas.getStatus container.resourceQuotas.list container.resourceQuotas.update container.resourceQuotas.updateStatus container.roleBindings.create container.roleBindings.delete container.roleBindings.get container.roleBindings.list container.roleBindings.update container.roles.bind container.roles.create container.roles.delete container.roles.escalate container.roles.get container.roles.list container.roles.update container.runtimeClasses.create container.runtimeClasses.delete container.runtimeClasses.get container.runtimeClasses.list container.runtimeClasses.update container.scheduledJobs.create container.scheduledJobs.delete container.scheduledJobs.get container.scheduledJobs.list container.scheduledJobs.update container.scheduledJobs.updateStatus container.secrets.create container.secrets.delete container.secrets.get container.secrets.list container.secrets.update container.selfSubjectAccessReviews.create container.selfSubjectAccessReviews.list container.selfSubjectRulesReviews.create container.serviceAccounts.create container.serviceAccounts.createToken container.serviceAccounts.delete container.serviceAccounts.get container.serviceAccounts.list container.serviceAccounts.update container.services.create container.services.delete container.services.get container.services.getStatus container.services.list container.services.proxy container.services.update container.services.updateStatus container.statefulSets.create container.statefulSets.delete container.statefulSets.get container.statefulSets.getScale container.statefulSets.getStatus container.statefulSets.list container.statefulSets.update container.statefulSets.updateScale container.statefulSets.updateStatus container.storageClasses.create container.storageClasses.delete container.storageClasses.get container.storageClasses.list container.storageClasses.update container.storageStates.create container.storageStates.delete container.storageStates.get container.storageStates.getStatus container.storageStates.list container.storageStates.update container.storageStates.updateStatus container.storageVersionMigrations.create container.storageVersionMigrations.delete container.storageVersionMigrations.get container.storageVersionMigrations.getStatus container.storageVersionMigrations.list container.storageVersionMigrations.update container.storageVersionMigrations.updateStatus container.subjectAccessReviews.create container.subjectAccessReviews.list container.thirdPartyObjects.create container.thirdPartyObjects.delete container.thirdPartyObjects.get container.thirdPartyObjects.list container.thirdPartyObjects.update container.thirdPartyResources.create container.thirdPartyResources.delete container.thirdPartyResources.get container.thirdPartyResources.list container.thirdPartyResources.update container.tokenReviews.create container.updateInfos.create container.updateInfos.delete container.updateInfos.get container.updateInfos.list container.updateInfos.update container.validatingWebhookConfigurations.create container.validatingWebhookConfigurations.delete container.validatingWebhookConfigurations.get container.validatingWebhookConfigurations.list container.validatingWebhookConfigurations.update container.volumeAttachments.create container.volumeAttachments.delete container.volumeAttachments.get container.volumeAttachments.getStatus container.volumeAttachments.list container.volumeAttachments.update container.volumeAttachments.updateStatus container.volumeSnapshotClasses.create container.volumeSnapshotClasses.delete container.volumeSnapshotClasses.get container.volumeSnapshotClasses.list container.volumeSnapshotClasses.update container.volumeSnapshotContents.create container.volumeSnapshotContents.delete container.volumeSnapshotContents.get container.volumeSnapshotContents.getStatus container.volumeSnapshotContents.list container.volumeSnapshotContents.update container.volumeSnapshotContents.updateStatus container.volumeSnapshots.create container.volumeSnapshots.delete container.volumeSnapshots.get container.volumeSnapshots.getStatus container.volumeSnapshots.list container.volumeSnapshots.update container.volumeSnapshots.updateStatus deploymentmanager.compositeTypes.* deploymentmanager.compositeTypes.create deploymentmanager.compositeTypes.delete deploymentmanager.compositeTypes.get deploymentmanager.compositeTypes.list deploymentmanager.compositeTypes.update deploymentmanager.deployments.cancelPreview deploymentmanager.deployments.create deploymentmanager.deployments.delete deploymentmanager.deployments.get deploymentmanager.deployments.list deploymentmanager.deployments.stop deploymentmanager.deployments.update deploymentmanager.manifests.* deploymentmanager.manifests.get deploymentmanager.manifests.list deploymentmanager.operations.* deploymentmanager.operations.get deploymentmanager.operations.list deploymentmanager.resources.* deploymentmanager.resources.get deploymentmanager.resources.list deploymentmanager.typeProviders.* deploymentmanager.typeProviders.create deploymentmanager.typeProviders.delete deploymentmanager.typeProviders.get deploymentmanager.typeProviders.getType deploymentmanager.typeProviders.list deploymentmanager.typeProviders.listTypes deploymentmanager.typeProviders.update deploymentmanager.types.* deploymentmanager.types.create deploymentmanager.types.delete deploymentmanager.types.get deploymentmanager.types.list deploymentmanager.types.update dns.managedZones.get dns.managedZones.list dns.networks.targetWithPeeringZone firebase.projects.get iam.serviceAccounts.actAs iam.serviceAccounts.get iam.serviceAccounts.getAccessToken iam.serviceAccounts.list logging.buckets.create logging.buckets.delete logging.buckets.get logging.buckets.list logging.buckets.undelete logging.buckets.update logging.exclusions.* logging.exclusions.create logging.exclusions.delete logging.exclusions.get logging.exclusions.list logging.exclusions.update logging.links.* logging.links.create logging.links.delete logging.links.get logging.links.list logging.locations.* logging.locations.get logging.locations.list logging.logEntries.create logging.logEntries.route logging.logMetrics.* logging.logMetrics.create logging.logMetrics.delete logging.logMetrics.get logging.logMetrics.list logging.logMetrics.update logging.logServiceIndexes.list logging.logServices.list logging.logs.list logging.notificationRules.* logging.notificationRules.create logging.notificationRules.delete logging.notificationRules.get logging.notificationRules.list logging.notificationRules.update logging.operations.* logging.operations.cancel logging.operations.get logging.operations.list logging.settings.* logging.settings.get logging.settings.update logging.sinks.* logging.sinks.create logging.sinks.delete logging.sinks.get logging.sinks.list logging.sinks.update logging.views.create logging.views.delete logging.views.get logging.views.list logging.views.update monitoring.alertPolicies.get monitoring.alertPolicies.list monitoring.dashboards.get monitoring.dashboards.list monitoring.groups.get monitoring.groups.list monitoring.metricDescriptors.create monitoring.metricDescriptors.get monitoring.metricDescriptors.list monitoring.monitoredResourceDescriptors.* monitoring.monitoredResourceDescriptors.get monitoring.monitoredResourceDescriptors.list monitoring.notificationChannelDescriptors.* monitoring.notificationChannelDescriptors.get monitoring.notificationChannelDescriptors.list monitoring.notificationChannels.get monitoring.notificationChannels.list monitoring.publicWidgets.get monitoring.publicWidgets.list monitoring.services.get monitoring.services.list monitoring.slos.get monitoring.slos.list monitoring.snoozes.get monitoring.snoozes.list monitoring.timeSeries.* monitoring.timeSeries.create monitoring.timeSeries.list monitoring.uptimeCheckConfigs.get monitoring.uptimeCheckConfigs.list networkconnectivity.internalRanges.* networkconnectivity.internalRanges.create networkconnectivity.internalRanges.delete networkconnectivity.internalRanges.get networkconnectivity.internalRanges.getIamPolicy networkconnectivity.internalRanges.list networkconnectivity.internalRanges.setIamPolicy networkconnectivity.internalRanges.update networkconnectivity.locations.* networkconnectivity.locations.get networkconnectivity.locations.list networkconnectivity.operations.* networkconnectivity.operations.cancel networkconnectivity.operations.delete networkconnectivity.operations.get networkconnectivity.operations.list networkconnectivity.policyBasedRoutes.* networkconnectivity.policyBasedRoutes.create networkconnectivity.policyBasedRoutes.delete networkconnectivity.policyBasedRoutes.get networkconnectivity.policyBasedRoutes.getIamPolicy networkconnectivity.policyBasedRoutes.list networkconnectivity.policyBasedRoutes.setIamPolicy networkconnectivity.serviceClasses.* networkconnectivity.serviceClasses.create networkconnectivity.serviceClasses.delete networkconnectivity.serviceClasses.get networkconnectivity.serviceClasses.list networkconnectivity.serviceClasses.update networkconnectivity.serviceClasses.use networkconnectivity.serviceConnectionMaps.* networkconnectivity.serviceConnectionMaps.create networkconnectivity.serviceConnectionMaps.delete networkconnectivity.serviceConnectionMaps.get networkconnectivity.serviceConnectionMaps.list networkconnectivity.serviceConnectionMaps.update networkconnectivity.serviceConnectionPolicies.* networkconnectivity.serviceConnectionPolicies.create networkconnectivity.serviceConnectionPolicies.delete networkconnectivity.serviceConnectionPolicies.get networkconnectivity.serviceConnectionPolicies.list networkconnectivity.serviceConnectionPolicies.update networksecurity.* networksecurity.addressGroups.create networksecurity.addressGroups.delete networksecurity.addressGroups.get networksecurity.addressGroups.getIamPolicy networksecurity.addressGroups.list networksecurity.addressGroups.setIamPolicy networksecurity.addressGroups.update networksecurity.addressGroups.use networksecurity.authorizationPolicies.create networksecurity.authorizationPolicies.delete networksecurity.authorizationPolicies.get networksecurity.authorizationPolicies.getIamPolicy networksecurity.authorizationPolicies.list networksecurity.authorizationPolicies.setIamPolicy networksecurity.authorizationPolicies.update networksecurity.authorizationPolicies.use networksecurity.clientTlsPolicies.create networksecurity.clientTlsPolicies.delete networksecurity.clientTlsPolicies.get networksecurity.clientTlsPolicies.getIamPolicy networksecurity.clientTlsPolicies.list networksecurity.clientTlsPolicies.setIamPolicy networksecurity.clientTlsPolicies.update networksecurity.clientTlsPolicies.use networksecurity.firewallEndpointAssociations.create networksecurity.firewallEndpointAssociations.delete networksecurity.firewallEndpointAssociations.get networksecurity.firewallEndpointAssociations.list networksecurity.firewallEndpointAssociations.update networksecurity.firewallEndpoints.create networksecurity.firewallEndpoints.delete networksecurity.firewallEndpoints.get networksecurity.firewallEndpoints.list networksecurity.firewallEndpoints.update networksecurity.firewallEndpoints.use networksecurity.gatewaySecurityPolicies.create networksecurity.gatewaySecurityPolicies.delete networksecurity.gatewaySecurityPolicies.get networksecurity.gatewaySecurityPolicies.list networksecurity.gatewaySecurityPolicies.update networksecurity.gatewaySecurityPolicies.use networksecurity.gatewaySecurityPolicyRules.create networksecurity.gatewaySecurityPolicyRules.delete networksecurity.gatewaySecurityPolicyRules.get networksecurity.gatewaySecurityPolicyRules.list networksecurity.gatewaySecurityPolicyRules.update networksecurity.gatewaySecurityPolicyRules.use networksecurity.locations.get networksecurity.locations.list networksecurity.operations.cancel networksecurity.operations.delete networksecurity.operations.get networksecurity.operations.list networksecurity.securityProfileGroups.create networksecurity.securityProfileGroups.delete networksecurity.securityProfileGroups.get networksecurity.securityProfileGroups.list networksecurity.securityProfileGroups.update networksecurity.securityProfileGroups.use networksecurity.securityProfiles.create networksecurity.securityProfiles.delete networksecurity.securityProfiles.get networksecurity.securityProfiles.list networksecurity.securityProfiles.update networksecurity.securityProfiles.use networksecurity.serverTlsPolicies.create networksecurity.serverTlsPolicies.delete networksecurity.serverTlsPolicies.get networksecurity.serverTlsPolicies.getIamPolicy networksecurity.serverTlsPolicies.list networksecurity.serverTlsPolicies.setIamPolicy networksecurity.serverTlsPolicies.update networksecurity.serverTlsPolicies.use networksecurity.tlsInspectionPolicies.create networksecurity.tlsInspectionPolicies.delete networksecurity.tlsInspectionPolicies.get networksecurity.tlsInspectionPolicies.list networksecurity.tlsInspectionPolicies.update networksecurity.tlsInspectionPolicies.use networksecurity.urlLists.create networksecurity.urlLists.delete networksecurity.urlLists.get networksecurity.urlLists.list networksecurity.urlLists.update networksecurity.urlLists.use networkservices.* networkservices.endpointConfigSelectors.create networkservices.endpointConfigSelectors.delete networkservices.endpointConfigSelectors.get networkservices.endpointConfigSelectors.getIamPolicy networkservices.endpointConfigSelectors.list networkservices.endpointConfigSelectors.setIamPolicy networkservices.endpointConfigSelectors.update networkservices.endpointConfigSelectors.use networkservices.endpointPolicies.create networkservices.endpointPolicies.delete networkservices.endpointPolicies.get networkservices.endpointPolicies.getIamPolicy networkservices.endpointPolicies.list networkservices.endpointPolicies.setIamPolicy networkservices.endpointPolicies.update networkservices.endpointPolicies.use networkservices.gateways.create networkservices.gateways.delete networkservices.gateways.get networkservices.gateways.list networkservices.gateways.update networkservices.gateways.use networkservices.grpcRoutes.create networkservices.grpcRoutes.delete networkservices.grpcRoutes.get networkservices.grpcRoutes.getIamPolicy networkservices.grpcRoutes.list networkservices.grpcRoutes.setIamPolicy networkservices.grpcRoutes.update networkservices.grpcRoutes.use networkservices.httpFilters.create networkservices.httpFilters.delete networkservices.httpFilters.get networkservices.httpFilters.getIamPolicy networkservices.httpFilters.list networkservices.httpFilters.setIamPolicy networkservices.httpFilters.update networkservices.httpFilters.use networkservices.httpRoutes.create networkservices.httpRoutes.delete networkservices.httpRoutes.get networkservices.httpRoutes.getIamPolicy networkservices.httpRoutes.list networkservices.httpRoutes.setIamPolicy networkservices.httpRoutes.update networkservices.httpRoutes.use networkservices.httpfilters.create networkservices.httpfilters.delete networkservices.httpfilters.get networkservices.httpfilters.getIamPolicy networkservices.httpfilters.list networkservices.httpfilters.setIamPolicy networkservices.httpfilters.update networkservices.httpfilters.use networkservices.lbRouteExtensions.create networkservices.lbRouteExtensions.delete networkservices.lbRouteExtensions.get networkservices.lbRouteExtensions.list networkservices.lbRouteExtensions.update networkservices.lbTrafficExtensions.create networkservices.lbTrafficExtensions.delete networkservices.lbTrafficExtensions.get networkservices.lbTrafficExtensions.list networkservices.lbTrafficExtensions.update networkservices.locations.get networkservices.locations.list networkservices.meshes.create networkservices.meshes.delete networkservices.meshes.get networkservices.meshes.getIamPolicy networkservices.meshes.list networkservices.meshes.setIamPolicy networkservices.meshes.update networkservices.meshes.use networkservices.operations.cancel networkservices.operations.delete networkservices.operations.get networkservices.operations.list networkservices.serviceBindings.create networkservices.serviceBindings.delete networkservices.serviceBindings.get networkservices.serviceBindings.list networkservices.serviceBindings.update networkservices.serviceLbPolicies.create networkservices.serviceLbPolicies.delete networkservices.serviceLbPolicies.get networkservices.serviceLbPolicies.list networkservices.serviceLbPolicies.update networkservices.tcpRoutes.create networkservices.tcpRoutes.delete networkservices.tcpRoutes.get networkservices.tcpRoutes.getIamPolicy networkservices.tcpRoutes.list networkservices.tcpRoutes.setIamPolicy networkservices.tcpRoutes.update networkservices.tcpRoutes.use networkservices.tlsRoutes.create networkservices.tlsRoutes.delete networkservices.tlsRoutes.get networkservices.tlsRoutes.list networkservices.tlsRoutes.update networkservices.tlsRoutes.use opsconfigmonitoring.resourceMetadata.list orgpolicy.policy.get pubsub.* pubsub.schemas.attach pubsub.schemas.commit pubsub.schemas.create pubsub.schemas.delete pubsub.schemas.get pubsub.schemas.getIamPolicy pubsub.schemas.list pubsub.schemas.listRevisions pubsub.schemas.rollback pubsub.schemas.setIamPolicy pubsub.schemas.validate pubsub.snapshots.create pubsub.snapshots.delete pubsub.snapshots.get pubsub.snapshots.getIamPolicy pubsub.snapshots.list pubsub.snapshots.seek pubsub.snapshots.setIamPolicy pubsub.snapshots.update pubsub.subscriptions.consume pubsub.subscriptions.create pubsub.subscriptions.delete pubsub.subscriptions.get pubsub.subscriptions.getIamPolicy pubsub.subscriptions.list pubsub.subscriptions.setIamPolicy pubsub.subscriptions.update pubsub.topics.attachSubscription pubsub.topics.create pubsub.topics.delete pubsub.topics.detachSubscription pubsub.topics.get pubsub.topics.getIamPolicy pubsub.topics.list pubsub.topics.publish pubsub.topics.setIamPolicy pubsub.topics.update pubsub.topics.updateTag recommender.cloudsqlIdleInstanceRecommendations.* recommender.cloudsqlIdleInstanceRecommendations.get recommender.cloudsqlIdleInstanceRecommendations.list recommender.cloudsqlIdleInstanceRecommendations.update recommender.cloudsqlInstanceActivityInsights.* recommender.cloudsqlInstanceActivityInsights.get recommender.cloudsqlInstanceActivityInsights.list recommender.cloudsqlInstanceActivityInsights.update recommender.cloudsqlInstanceCpuUsageInsights.* recommender.cloudsqlInstanceCpuUsageInsights.get recommender.cloudsqlInstanceCpuUsageInsights.list recommender.cloudsqlInstanceCpuUsageInsights.update recommender.cloudsqlInstanceDiskUsageTrendInsights.* recommender.cloudsqlInstanceDiskUsageTrendInsights.get recommender.cloudsqlInstanceDiskUsageTrendInsights.list recommender.cloudsqlInstanceDiskUsageTrendInsights.update recommender.cloudsqlInstanceMemoryUsageInsights.* recommender.cloudsqlInstanceMemoryUsageInsights.get recommender.cloudsqlInstanceMemoryUsageInsights.list recommender.cloudsqlInstanceMemoryUsageInsights.update recommender.cloudsqlInstanceOomProbabilityInsights.* recommender.cloudsqlInstanceOomProbabilityInsights.get recommender.cloudsqlInstanceOomProbabilityInsights.list recommender.cloudsqlInstanceOomProbabilityInsights.update recommender.cloudsqlInstanceOutOfDiskRecommendations.* recommender.cloudsqlInstanceOutOfDiskRecommendations.get recommender.cloudsqlInstanceOutOfDiskRecommendations.list recommender.cloudsqlInstanceOutOfDiskRecommendations.update recommender.cloudsqlInstancePerformanceInsights.* recommender.cloudsqlInstancePerformanceInsights.get recommender.cloudsqlInstancePerformanceInsights.list recommender.cloudsqlInstancePerformanceInsights.update recommender.cloudsqlInstancePerformanceRecommendations.* recommender.cloudsqlInstancePerformanceRecommendations.get recommender.cloudsqlInstancePerformanceRecommendations.list recommender.cloudsqlInstancePerformanceRecommendations.update recommender.cloudsqlInstanceReliabilityInsights.* recommender.cloudsqlInstanceReliabilityInsights.get recommender.cloudsqlInstanceReliabilityInsights.list recommender.cloudsqlInstanceReliabilityInsights.update recommender.cloudsqlInstanceReliabilityRecommendations.* recommender.cloudsqlInstanceReliabilityRecommendations.get recommender.cloudsqlInstanceReliabilityRecommendations.list recommender.cloudsqlInstanceReliabilityRecommendations.update recommender.cloudsqlInstanceSecurityInsights.* recommender.cloudsqlInstanceSecurityInsights.get recommender.cloudsqlInstanceSecurityInsights.list recommender.cloudsqlInstanceSecurityInsights.update recommender.cloudsqlInstanceSecurityRecommendations.* recommender.cloudsqlInstanceSecurityRecommendations.get recommender.cloudsqlInstanceSecurityRecommendations.list recommender.cloudsqlInstanceSecurityRecommendations.update recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.* recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.get recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.list recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.update recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.* recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.get recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.list recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.update recommender.cloudsqlOverprovisionedInstanceRecommendations.* recommender.cloudsqlOverprovisionedInstanceRecommendations.get recommender.cloudsqlOverprovisionedInstanceRecommendations.list recommender.cloudsqlOverprovisionedInstanceRecommendations.update recommender.cloudsqlUnderProvisionedInstanceRecommendations.* recommender.cloudsqlUnderProvisionedInstanceRecommendations.get recommender.cloudsqlUnderProvisionedInstanceRecommendations.list recommender.cloudsqlUnderProvisionedInstanceRecommendations.update recommender.containerDiagnosisInsights.* recommender.containerDiagnosisInsights.get recommender.containerDiagnosisInsights.list recommender.containerDiagnosisInsights.update recommender.containerDiagnosisRecommendations.* recommender.containerDiagnosisRecommendations.get recommender.containerDiagnosisRecommendations.list recommender.containerDiagnosisRecommendations.update recommender.iamPolicyInsights.* recommender.iamPolicyInsights.get recommender.iamPolicyInsights.list recommender.iamPolicyInsights.update recommender.iamPolicyRecommendations.* recommender.iamPolicyRecommendations.get recommender.iamPolicyRecommendations.list recommender.iamPolicyRecommendations.update recommender.locations.* recommender.locations.get recommender.locations.list recommender.networkAnalyzerGkeConnectivityInsights.* recommender.networkAnalyzerGkeConnectivityInsights.get recommender.networkAnalyzerGkeConnectivityInsights.list recommender.networkAnalyzerGkeConnectivityInsights.update recommender.networkAnalyzerGkeIpAddressInsights.* recommender.networkAnalyzerGkeIpAddressInsights.get recommender.networkAnalyzerGkeIpAddressInsights.list recommender.networkAnalyzerGkeIpAddressInsights.update resourcemanager.projects.get resourcemanager.projects.getIamPolicy resourcemanager.projects.list servicedirectory.namespaces.create servicedirectory.namespaces.delete servicedirectory.services.create servicedirectory.services.delete servicenetworking.operations.get servicenetworking.services.addPeering servicenetworking.services.createPeeredDnsDomain servicenetworking.services.deleteConnection servicenetworking.services.deletePeeredDnsDomain servicenetworking.services.disableVpcServiceControls servicenetworking.services.enableVpcServiceControls servicenetworking.services.get servicenetworking.services.listPeeredDnsDomains serviceusage.quotas.get serviceusage.services.get serviceusage.services.list stackdriver.projects.get stackdriver.resourceMetadata.list storage.buckets.* storage.buckets.create storage.buckets.createTagBinding storage.buckets.delete storage.buckets.deleteTagBinding storage.buckets.get storage.buckets.getIamPolicy storage.buckets.getObjectInsights storage.buckets.list storage.buckets.listEffectiveTags storage.buckets.listTagBindings storage.buckets.setIamPolicy storage.buckets.update storage.managedFolders.* storage.managedFolders.create storage.managedFolders.delete storage.managedFolders.get storage.managedFolders.getIamPolicy. storage.managedFolders.list storage.managedFolders.setIamPolicy storage.multipartUploads.* storage.multipartUploads.abort storage.multipartUploads.create storage.multipartUploads.list storage.multipartUploads.listParts storage.objects.* storage.objects.create storage.objects.delete storage.objects.get storage.objects.getIamPolicy storage.objects.list storage.objects.setIamPolicy storage.objects.update trafficdirector.* trafficdirector.networks.getConfigs trafficdirector.networks.reportMetrics

Cloud Composer API-Dienst-Agent

(roles/composer.serviceAgent)

Der Cloud Composer API-Dienst-Agent kann Umgebungen verwalten.

appengine.applications.get

appengine.applications.update

appengine.instances.*

appengine.instances.delete
appengine.instances.enableDebug
appengine.instances.get
appengine.instances.list

appengine.memcache.addKey

appengine.memcache.flush

appengine.memcache.get

appengine.memcache.update

appengine.operations.*

appengine.operations.get
appengine.operations.list

appengine.runtimes.actAsAdmin

appengine.services.*

appengine.services.delete
appengine.services.get
appengine.services.list
appengine.services.update

appengine.versions.create

appengine.versions.delete

appengine.versions.get

appengine.versions.list

appengine.versions.update

artifactregistry.repositories.create

artifactregistry.repositories.delete

artifactregistry.repositories.get

artifactregistry.repositories.list

artifactregistry.repositories.update

cloudnotifications.activities.list

cloudsql.*

cloudsql.backupRuns.create
cloudsql.backupRuns.delete
cloudsql.backupRuns.get
cloudsql.backupRuns.list
cloudsql.databases.create
cloudsql.databases.delete
cloudsql.databases.get
cloudsql.databases.list
cloudsql.databases.update
cloudsql.instances.addServerCa
cloudsql.instances.clone
cloudsql.instances.connect
cloudsql.instances.create
cloudsql.instances.createTagBinding
cloudsql.instances.delete
cloudsql.instances.deleteTagBinding
cloudsql.instances.demoteMaster
cloudsql.instances.export
cloudsql.instances.failover
cloudsql.instances.get
cloudsql.instances.getDiskShrinkConfig
cloudsql.instances.import
cloudsql.instances.list
cloudsql.instances.listEffectiveTags
cloudsql.instances.listServerCas
cloudsql.instances.listTagBindings
cloudsql.instances.login
cloudsql.instances.migrate
cloudsql.instances.performDiskShrink
cloudsql.instances.promoteReplica
cloudsql.instances.reencrypt
cloudsql.instances.resetReplicaSize
cloudsql.instances.resetSslConfig
cloudsql.instances.restart
cloudsql.instances.restoreBackup
cloudsql.instances.rotateServerCa
cloudsql.instances.startReplica
cloudsql.instances.stopReplica
cloudsql.instances.truncateLog
cloudsql.instances.update
cloudsql.sslCerts.create
cloudsql.sslCerts.createEphemeral
cloudsql.sslCerts.delete
cloudsql.sslCerts.get
cloudsql.sslCerts.list
cloudsql.users.create
cloudsql.users.delete
cloudsql.users.get
cloudsql.users.list
cloudsql.users.update

composer.dags.get

composer.environments.get

compute.acceleratorTypes.*

compute.acceleratorTypes.get
compute.acceleratorTypes.list

compute.addresses.*

compute.addresses.create
compute.addresses.createInternal
compute.addresses.delete
compute.addresses.deleteInternal
compute.addresses.get
compute.addresses.list
compute.addresses.setLabels
compute.addresses.use
compute.addresses.useInternal

compute.autoscalers.*

compute.autoscalers.create
compute.autoscalers.delete
compute.autoscalers.get
compute.autoscalers.list
compute.autoscalers.update

compute.backendBuckets.*

compute.backendBuckets.addSignedUrlKey
compute.backendBuckets.create
compute.backendBuckets.createTagBinding
compute.backendBuckets.delete
compute.backendBuckets.deleteSignedUrlKey
compute.backendBuckets.deleteTagBinding
compute.backendBuckets.get
compute.backendBuckets.getIamPolicy
compute.backendBuckets.list
compute.backendBuckets.listEffectiveTags
compute.backendBuckets.listTagBindings
compute.backendBuckets.setIamPolicy
compute.backendBuckets.setSecurityPolicy
compute.backendBuckets.update
compute.backendBuckets.use

compute.backendServices.*

compute.backendServices.addSignedUrlKey
compute.backendServices.create
compute.backendServices.createTagBinding
compute.backendServices.delete
compute.backendServices.deleteSignedUrlKey
compute.backendServices.deleteTagBinding
compute.backendServices.get
compute.backendServices.getIamPolicy
compute.backendServices.list
compute.backendServices.listEffectiveTags
compute.backendServices.listTagBindings
compute.backendServices.setIamPolicy
compute.backendServices.setSecurityPolicy
compute.backendServices.update
compute.backendServices.use

compute.diskTypes.*

compute.diskTypes.get
compute.diskTypes.list

compute.disks.*

compute.disks.addResourcePolicies
compute.disks.create
compute.disks.createSnapshot
compute.disks.createTagBinding
compute.disks.delete
compute.disks.deleteTagBinding
compute.disks.get
compute.disks.getIamPolicy
compute.disks.list
compute.disks.listEffectiveTags
compute.disks.listTagBindings
compute.disks.removeResourcePolicies
compute.disks.resize
compute.disks.setIamPolicy
compute.disks.setLabels
compute.disks.startAsyncReplication
compute.disks.stopAsyncReplication
compute.disks.stopGroupAsyncReplication
compute.disks.update
compute.disks.use
compute.disks.useReadOnly

compute.externalVpnGateways.*

compute.externalVpnGateways.create
compute.externalVpnGateways.delete
compute.externalVpnGateways.get
compute.externalVpnGateways.list
compute.externalVpnGateways.setLabels
compute.externalVpnGateways.use

compute.firewallPolicies.get

compute.firewallPolicies.list

compute.firewallPolicies.listEffectiveTags

compute.firewallPolicies.listTagBindings

compute.firewallPolicies.use

compute.firewalls.get

compute.firewalls.list

compute.firewalls.listEffectiveTags

compute.firewalls.listTagBindings

compute.forwardingRules.*

compute.forwardingRules.create
compute.forwardingRules.createTagBinding
compute.forwardingRules.delete
compute.forwardingRules.deleteTagBinding
compute.forwardingRules.get
compute.forwardingRules.list
compute.forwardingRules.listEffectiveTags
compute.forwardingRules.listTagBindings
compute.forwardingRules.pscCreate
compute.forwardingRules.pscDelete
compute.forwardingRules.pscSetLabels
compute.forwardingRules.pscSetTarget
compute.forwardingRules.pscUpdate
compute.forwardingRules.setLabels
compute.forwardingRules.setTarget
compute.forwardingRules.update
compute.forwardingRules.use

compute.globalAddresses.*

compute.globalAddresses.create
compute.globalAddresses.createInternal
compute.globalAddresses.delete
compute.globalAddresses.deleteInternal
compute.globalAddresses.get
compute.globalAddresses.list
compute.globalAddresses.setLabels
compute.globalAddresses.use

compute.globalForwardingRules.*

compute.globalForwardingRules.create
compute.globalForwardingRules.createTagBinding
compute.globalForwardingRules.delete
compute.globalForwardingRules.deleteTagBinding
compute.globalForwardingRules.get
compute.globalForwardingRules.list
compute.globalForwardingRules.listEffectiveTags
compute.globalForwardingRules.listTagBindings
compute.globalForwardingRules.pscCreate
compute.globalForwardingRules.pscDelete
compute.globalForwardingRules.pscGet
compute.globalForwardingRules.pscSetLabels
compute.globalForwardingRules.pscSetTarget
compute.globalForwardingRules.pscUpdate
compute.globalForwardingRules.setLabels
compute.globalForwardingRules.setTarget
compute.globalForwardingRules.update

compute.globalNetworkEndpointGroups.*

compute.globalNetworkEndpointGroups.attachNetworkEndpoints
compute.globalNetworkEndpointGroups.create
compute.globalNetworkEndpointGroups.createTagBinding
compute.globalNetworkEndpointGroups.delete
compute.globalNetworkEndpointGroups.deleteTagBinding
compute.globalNetworkEndpointGroups.detachNetworkEndpoints
compute.globalNetworkEndpointGroups.get
compute.globalNetworkEndpointGroups.list
compute.globalNetworkEndpointGroups.listEffectiveTags
compute.globalNetworkEndpointGroups.listTagBindings
compute.globalNetworkEndpointGroups.use

compute.globalOperations.get

compute.globalOperations.list

compute.globalPublicDelegatedPrefixes.delete

compute.globalPublicDelegatedPrefixes.get

compute.globalPublicDelegatedPrefixes.list

compute.globalPublicDelegatedPrefixes.update

compute.globalPublicDelegatedPrefixes.updatePolicy

compute.healthChecks.*

compute.healthChecks.create
compute.healthChecks.createTagBinding
compute.healthChecks.delete
compute.healthChecks.deleteTagBinding
compute.healthChecks.get
compute.healthChecks.list
compute.healthChecks.listEffectiveTags
compute.healthChecks.listTagBindings
compute.healthChecks.update
compute.healthChecks.use
compute.healthChecks.useReadOnly

compute.httpHealthChecks.*

compute.httpHealthChecks.create
compute.httpHealthChecks.createTagBinding
compute.httpHealthChecks.delete
compute.httpHealthChecks.deleteTagBinding
compute.httpHealthChecks.get
compute.httpHealthChecks.list
compute.httpHealthChecks.listEffectiveTags
compute.httpHealthChecks.listTagBindings
compute.httpHealthChecks.update
compute.httpHealthChecks.use
compute.httpHealthChecks.useReadOnly

compute.httpsHealthChecks.*

compute.httpsHealthChecks.create
compute.httpsHealthChecks.createTagBinding
compute.httpsHealthChecks.delete
compute.httpsHealthChecks.deleteTagBinding
compute.httpsHealthChecks.get
compute.httpsHealthChecks.list
compute.httpsHealthChecks.listEffectiveTags
compute.httpsHealthChecks.listTagBindings
compute.httpsHealthChecks.update
compute.httpsHealthChecks.use
compute.httpsHealthChecks.useReadOnly

compute.images.*

compute.images.create
compute.images.createTagBinding
compute.images.delete
compute.images.deleteTagBinding
compute.images.deprecate
compute.images.get
compute.images.getFromFamily
compute.images.getIamPolicy
compute.images.list
compute.images.listEffectiveTags
compute.images.listTagBindings
compute.images.setIamPolicy
compute.images.setLabels
compute.images.update
compute.images.useReadOnly

compute.instanceGroupManagers.*

compute.instanceGroupManagers.create
compute.instanceGroupManagers.delete
compute.instanceGroupManagers.get
compute.instanceGroupManagers.list
compute.instanceGroupManagers.update
compute.instanceGroupManagers.use

compute.instanceGroups.*

compute.instanceGroups.create
compute.instanceGroups.delete
compute.instanceGroups.get
compute.instanceGroups.list
compute.instanceGroups.update
compute.instanceGroups.use

compute.instanceSettings.*

compute.instanceSettings.get
compute.instanceSettings.update

compute.instanceTemplates.*

compute.instanceTemplates.create
compute.instanceTemplates.delete
compute.instanceTemplates.get
compute.instanceTemplates.getIamPolicy
compute.instanceTemplates.list
compute.instanceTemplates.setIamPolicy
compute.instanceTemplates.useReadOnly

compute.instances.*

compute.instances.addAccessConfig
compute.instances.addMaintenancePolicies
compute.instances.addResourcePolicies
compute.instances.attachDisk
compute.instances.create
compute.instances.createTagBinding
compute.instances.delete
compute.instances.deleteAccessConfig
compute.instances.deleteTagBinding
compute.instances.detachDisk
compute.instances.get
compute.instances.getEffectiveFirewalls
compute.instances.getGuestAttributes
compute.instances.getIamPolicy
compute.instances.getScreenshot
compute.instances.getSerialPortOutput
compute.instances.getShieldedInstanceIdentity
compute.instances.getShieldedVmIdentity
compute.instances.list
compute.instances.listEffectiveTags
compute.instances.listReferrers
compute.instances.listTagBindings
compute.instances.osAdminLogin
compute.instances.osLogin
compute.instances.pscInterfaceCreate
compute.instances.removeMaintenancePolicies
compute.instances.removeResourcePolicies
compute.instances.reset
compute.instances.resume
compute.instances.sendDiagnosticInterrupt
compute.instances.setDeletionProtection
compute.instances.setDiskAutoDelete
compute.instances.setIamPolicy
compute.instances.setLabels
compute.instances.setMachineResources
compute.instances.setMachineType
compute.instances.setMetadata
compute.instances.setMinCpuPlatform
compute.instances.setName
compute.instances.setScheduling
compute.instances.setSecurityPolicy
compute.instances.setServiceAccount
compute.instances.setShieldedInstanceIntegrityPolicy
compute.instances.setShieldedVmIntegrityPolicy
compute.instances.setTags
compute.instances.simulateMaintenanceEvent
compute.instances.start
compute.instances.startWithEncryptionKey
compute.instances.stop
compute.instances.suspend
compute.instances.update
compute.instances.updateAccessConfig
compute.instances.updateDisplayDevice
compute.instances.updateNetworkInterface
compute.instances.updateSecurity
compute.instances.updateShieldedInstanceConfig
compute.instances.updateShieldedVmConfig
compute.instances.use
compute.instances.useReadOnly

compute.instantSnapshots.*

compute.instantSnapshots.create
compute.instantSnapshots.delete
compute.instantSnapshots.export
compute.instantSnapshots.get
compute.instantSnapshots.getIamPolicy
compute.instantSnapshots.list
compute.instantSnapshots.setIamPolicy
compute.instantSnapshots.setLabels
compute.instantSnapshots.useReadOnly

compute.interconnectAttachments.*

compute.interconnectAttachments.create
compute.interconnectAttachments.delete
compute.interconnectAttachments.get
compute.interconnectAttachments.list
compute.interconnectAttachments.setLabels
compute.interconnectAttachments.update
compute.interconnectAttachments.use

compute.interconnectLocations.*

compute.interconnectLocations.get
compute.interconnectLocations.list

compute.interconnectRemoteLocations.*

compute.interconnectRemoteLocations.get
compute.interconnectRemoteLocations.list

compute.interconnects.*

compute.interconnects.create
compute.interconnects.delete
compute.interconnects.get
compute.interconnects.getMacsecConfig
compute.interconnects.list
compute.interconnects.setLabels
compute.interconnects.update
compute.interconnects.use

compute.licenseCodes.*

compute.licenseCodes.get
compute.licenseCodes.getIamPolicy
compute.licenseCodes.list
compute.licenseCodes.setIamPolicy
compute.licenseCodes.update
compute.licenseCodes.use

compute.licenses.*

compute.licenses.create
compute.licenses.delete
compute.licenses.get
compute.licenses.getIamPolicy
compute.licenses.list
compute.licenses.setIamPolicy

compute.machineImages.*

compute.machineImages.create
compute.machineImages.delete
compute.machineImages.get
compute.machineImages.getIamPolicy
compute.machineImages.list
compute.machineImages.setIamPolicy
compute.machineImages.useReadOnly

compute.machineTypes.*

compute.machineTypes.get
compute.machineTypes.list

compute.networkAttachments.*

compute.networkAttachments.create
compute.networkAttachments.delete
compute.networkAttachments.get
compute.networkAttachments.getIamPolicy
compute.networkAttachments.list
compute.networkAttachments.setIamPolicy

compute.networkEndpointGroups.*

compute.networkEndpointGroups.attachNetworkEndpoints
compute.networkEndpointGroups.create
compute.networkEndpointGroups.createTagBinding
compute.networkEndpointGroups.delete
compute.networkEndpointGroups.deleteTagBinding
compute.networkEndpointGroups.detachNetworkEndpoints
compute.networkEndpointGroups.get
compute.networkEndpointGroups.getIamPolicy
compute.networkEndpointGroups.list
compute.networkEndpointGroups.listEffectiveTags
compute.networkEndpointGroups.listTagBindings
compute.networkEndpointGroups.setIamPolicy
compute.networkEndpointGroups.use

compute.networks.*

compute.networks.access
compute.networks.addPeering
compute.networks.create
compute.networks.createTagBinding
compute.networks.delete
compute.networks.deleteTagBinding
compute.networks.get
compute.networks.getEffectiveFirewalls
compute.networks.getRegionEffectiveFirewalls
compute.networks.list
compute.networks.listEffectiveTags
compute.networks.listPeeringRoutes
compute.networks.listTagBindings
compute.networks.mirror
compute.networks.removePeering
compute.networks.setFirewallPolicy
compute.networks.switchToCustomMode
compute.networks.update
compute.networks.updatePeering
compute.networks.updatePolicy
compute.networks.use
compute.networks.useExternalIp

compute.packetMirrorings.get

compute.packetMirrorings.list

compute.projects.get

compute.projects.setCommonInstanceMetadata

compute.publicDelegatedPrefixes.delete

compute.publicDelegatedPrefixes.get

compute.publicDelegatedPrefixes.list

compute.publicDelegatedPrefixes.update

compute.publicDelegatedPrefixes.updatePolicy

compute.regionBackendServices.*

compute.regionBackendServices.create
compute.regionBackendServices.createTagBinding
compute.regionBackendServices.delete
compute.regionBackendServices.deleteTagBinding
compute.regionBackendServices.get
compute.regionBackendServices.getIamPolicy
compute.regionBackendServices.list
compute.regionBackendServices.listEffectiveTags
compute.regionBackendServices.listTagBindings
compute.regionBackendServices.setIamPolicy
compute.regionBackendServices.setSecurityPolicy
compute.regionBackendServices.update
compute.regionBackendServices.use

compute.regionFirewallPolicies.get

compute.regionFirewallPolicies.list

compute.regionFirewallPolicies.listEffectiveTags

compute.regionFirewallPolicies.listTagBindings

compute.regionFirewallPolicies.use

compute.regionHealthCheckServices.*

compute.regionHealthCheckServices.create
compute.regionHealthCheckServices.delete
compute.regionHealthCheckServices.get
compute.regionHealthCheckServices.list
compute.regionHealthCheckServices.update
compute.regionHealthCheckServices.use

compute.regionHealthChecks.*

compute.regionHealthChecks.create
compute.regionHealthChecks.createTagBinding
compute.regionHealthChecks.delete
compute.regionHealthChecks.deleteTagBinding
compute.regionHealthChecks.get
compute.regionHealthChecks.list
compute.regionHealthChecks.listEffectiveTags
compute.regionHealthChecks.listTagBindings
compute.regionHealthChecks.update
compute.regionHealthChecks.use
compute.regionHealthChecks.useReadOnly

compute.regionNetworkEndpointGroups.*

compute.regionNetworkEndpointGroups.attachNetworkEndpoints
compute.regionNetworkEndpointGroups.create
compute.regionNetworkEndpointGroups.createTagBinding
compute.regionNetworkEndpointGroups.delete
compute.regionNetworkEndpointGroups.deleteTagBinding
compute.regionNetworkEndpointGroups.detachNetworkEndpoints
compute.regionNetworkEndpointGroups.get
compute.regionNetworkEndpointGroups.list
compute.regionNetworkEndpointGroups.listEffectiveTags
compute.regionNetworkEndpointGroups.listTagBindings
compute.regionNetworkEndpointGroups.use

compute.regionNotificationEndpoints.*

compute.regionNotificationEndpoints.create
compute.regionNotificationEndpoints.delete
compute.regionNotificationEndpoints.get
compute.regionNotificationEndpoints.list
compute.regionNotificationEndpoints.update
compute.regionNotificationEndpoints.use

compute.regionOperations.get

compute.regionOperations.list

compute.regionSecurityPolicies.get

compute.regionSecurityPolicies.list

compute.regionSecurityPolicies.listEffectiveTags

compute.regionSecurityPolicies.listTagBindings

compute.regionSecurityPolicies.use

compute.regionSslCertificates.get

compute.regionSslCertificates.list

compute.regionSslCertificates.listEffectiveTags

compute.regionSslCertificates.listTagBindings

compute.regionSslPolicies.*

compute.regionSslPolicies.create
compute.regionSslPolicies.delete
compute.regionSslPolicies.get
compute.regionSslPolicies.list
compute.regionSslPolicies.listAvailableFeatures
compute.regionSslPolicies.update
compute.regionSslPolicies.use

compute.regionTargetHttpProxies.*

compute.regionTargetHttpProxies.create
compute.regionTargetHttpProxies.createTagBinding
compute.regionTargetHttpProxies.delete
compute.regionTargetHttpProxies.deleteTagBinding
compute.regionTargetHttpProxies.get
compute.regionTargetHttpProxies.list
compute.regionTargetHttpProxies.listEffectiveTags
compute.regionTargetHttpProxies.listTagBindings
compute.regionTargetHttpProxies.setUrlMap
compute.regionTargetHttpProxies.update
compute.regionTargetHttpProxies.use

compute.regionTargetHttpsProxies.*

compute.regionTargetHttpsProxies.create
compute.regionTargetHttpsProxies.createTagBinding
compute.regionTargetHttpsProxies.delete
compute.regionTargetHttpsProxies.deleteTagBinding
compute.regionTargetHttpsProxies.get
compute.regionTargetHttpsProxies.list
compute.regionTargetHttpsProxies.listEffectiveTags
compute.regionTargetHttpsProxies.listTagBindings
compute.regionTargetHttpsProxies.setSslCertificates
compute.regionTargetHttpsProxies.setUrlMap
compute.regionTargetHttpsProxies.update
compute.regionTargetHttpsProxies.use

compute.regionTargetTcpProxies.*

compute.regionTargetTcpProxies.create
compute.regionTargetTcpProxies.delete
compute.regionTargetTcpProxies.get
compute.regionTargetTcpProxies.list
compute.regionTargetTcpProxies.use

compute.regionUrlMaps.*

compute.regionUrlMaps.create
compute.regionUrlMaps.createTagBinding
compute.regionUrlMaps.delete
compute.regionUrlMaps.deleteTagBinding
compute.regionUrlMaps.get
compute.regionUrlMaps.invalidateCache
compute.regionUrlMaps.list
compute.regionUrlMaps.listEffectiveTags
compute.regionUrlMaps.listTagBindings
compute.regionUrlMaps.update
compute.regionUrlMaps.use
compute.regionUrlMaps.validate

compute.regions.*

compute.regions.get
compute.regions.list

compute.reservations.get

compute.reservations.list

compute.resourcePolicies.*

compute.resourcePolicies.create
compute.resourcePolicies.delete
compute.resourcePolicies.get
compute.resourcePolicies.getIamPolicy
compute.resourcePolicies.list
compute.resourcePolicies.setIamPolicy
compute.resourcePolicies.update
compute.resourcePolicies.use
compute.resourcePolicies.useReadOnly

compute.routers.*

compute.routers.create
compute.routers.delete
compute.routers.get
compute.routers.list
compute.routers.update
compute.routers.use

compute.routes.*

compute.routes.create
compute.routes.createTagBinding
compute.routes.delete
compute.routes.deleteTagBinding
compute.routes.get
compute.routes.list
compute.routes.listEffectiveTags
compute.routes.listTagBindings

compute.securityPolicies.get

compute.securityPolicies.list

compute.securityPolicies.listEffectiveTags

compute.securityPolicies.listTagBindings

compute.securityPolicies.use

compute.serviceAttachments.*

compute.serviceAttachments.create
compute.serviceAttachments.delete
compute.serviceAttachments.get
compute.serviceAttachments.getIamPolicy
compute.serviceAttachments.list
compute.serviceAttachments.setIamPolicy
compute.serviceAttachments.update
compute.serviceAttachments.use

compute.snapshots.*

compute.snapshots.create
compute.snapshots.createTagBinding
compute.snapshots.delete
compute.snapshots.deleteTagBinding
compute.snapshots.get
compute.snapshots.getIamPolicy
compute.snapshots.list
compute.snapshots.listEffectiveTags
compute.snapshots.listTagBindings
compute.snapshots.setIamPolicy
compute.snapshots.setLabels
compute.snapshots.useReadOnly

compute.sslCertificates.get

compute.sslCertificates.list

compute.sslCertificates.listEffectiveTags

compute.sslCertificates.listTagBindings

compute.sslPolicies.*

compute.sslPolicies.create
compute.sslPolicies.createTagBinding
compute.sslPolicies.delete
compute.sslPolicies.deleteTagBinding
compute.sslPolicies.get
compute.sslPolicies.list
compute.sslPolicies.listAvailableFeatures
compute.sslPolicies.listEffectiveTags
compute.sslPolicies.listTagBindings
compute.sslPolicies.update
compute.sslPolicies.use

compute.subnetworks.*

compute.subnetworks.create
compute.subnetworks.createTagBinding
compute.subnetworks.delete
compute.subnetworks.deleteTagBinding
compute.subnetworks.expandIpCidrRange
compute.subnetworks.get
compute.subnetworks.getIamPolicy
compute.subnetworks.list
compute.subnetworks.listEffectiveTags
compute.subnetworks.listTagBindings
compute.subnetworks.mirror
compute.subnetworks.setIamPolicy
compute.subnetworks.setPrivateIpGoogleAccess
compute.subnetworks.update
compute.subnetworks.use
compute.subnetworks.useExternalIp

compute.targetGrpcProxies.*

compute.targetGrpcProxies.create
compute.targetGrpcProxies.delete
compute.targetGrpcProxies.get
compute.targetGrpcProxies.list
compute.targetGrpcProxies.update
compute.targetGrpcProxies.use

compute.targetHttpProxies.*

compute.targetHttpProxies.create
compute.targetHttpProxies.createTagBinding
compute.targetHttpProxies.delete
compute.targetHttpProxies.deleteTagBinding
compute.targetHttpProxies.get
compute.targetHttpProxies.list
compute.targetHttpProxies.listEffectiveTags
compute.targetHttpProxies.listTagBindings
compute.targetHttpProxies.setUrlMap
compute.targetHttpProxies.update
compute.targetHttpProxies.use

compute.targetHttpsProxies.*

compute.targetHttpsProxies.create
compute.targetHttpsProxies.createTagBinding
compute.targetHttpsProxies.delete
compute.targetHttpsProxies.deleteTagBinding
compute.targetHttpsProxies.get
compute.targetHttpsProxies.list
compute.targetHttpsProxies.listEffectiveTags
compute.targetHttpsProxies.listTagBindings
compute.targetHttpsProxies.setCertificateMap
compute.targetHttpsProxies.setQuicOverride
compute.targetHttpsProxies.setSslCertificates
compute.targetHttpsProxies.setSslPolicy
compute.targetHttpsProxies.setUrlMap
compute.targetHttpsProxies.update
compute.targetHttpsProxies.use

compute.targetInstances.*

compute.targetInstances.create
compute.targetInstances.createTagBinding
compute.targetInstances.delete
compute.targetInstances.deleteTagBinding
compute.targetInstances.get
compute.targetInstances.list
compute.targetInstances.listEffectiveTags
compute.targetInstances.listTagBindings
compute.targetInstances.setSecurityPolicy
compute.targetInstances.use

compute.targetPools.*

compute.targetPools.addHealthCheck
compute.targetPools.addInstance
compute.targetPools.create
compute.targetPools.createTagBinding
compute.targetPools.delete
compute.targetPools.deleteTagBinding
compute.targetPools.get
compute.targetPools.list
compute.targetPools.listEffectiveTags
compute.targetPools.listTagBindings
compute.targetPools.removeHealthCheck
compute.targetPools.removeInstance
compute.targetPools.setSecurityPolicy
compute.targetPools.update
compute.targetPools.use

compute.targetSslProxies.*

compute.targetSslProxies.create
compute.targetSslProxies.createTagBinding
compute.targetSslProxies.delete
compute.targetSslProxies.deleteTagBinding
compute.targetSslProxies.get
compute.targetSslProxies.list
compute.targetSslProxies.listEffectiveTags
compute.targetSslProxies.listTagBindings
compute.targetSslProxies.setBackendService
compute.targetSslProxies.setCertificateMap
compute.targetSslProxies.setProxyHeader
compute.targetSslProxies.setSslCertificates
compute.targetSslProxies.setSslPolicy
compute.targetSslProxies.update
compute.targetSslProxies.use

compute.targetTcpProxies.*

compute.targetTcpProxies.create
compute.targetTcpProxies.createTagBinding
compute.targetTcpProxies.delete
compute.targetTcpProxies.deleteTagBinding
compute.targetTcpProxies.get
compute.targetTcpProxies.list
compute.targetTcpProxies.listEffectiveTags
compute.targetTcpProxies.listTagBindings
compute.targetTcpProxies.update
compute.targetTcpProxies.use

compute.targetVpnGateways.*

compute.targetVpnGateways.create
compute.targetVpnGateways.delete
compute.targetVpnGateways.get
compute.targetVpnGateways.list
compute.targetVpnGateways.setLabels
compute.targetVpnGateways.use

compute.urlMaps.*

compute.urlMaps.create
compute.urlMaps.createTagBinding
compute.urlMaps.delete
compute.urlMaps.deleteTagBinding
compute.urlMaps.get
compute.urlMaps.invalidateCache
compute.urlMaps.list
compute.urlMaps.listEffectiveTags
compute.urlMaps.listTagBindings
compute.urlMaps.update
compute.urlMaps.use
compute.urlMaps.validate

compute.vpnGateways.*

compute.vpnGateways.create
compute.vpnGateways.delete
compute.vpnGateways.get
compute.vpnGateways.list
compute.vpnGateways.setLabels
compute.vpnGateways.use

compute.vpnTunnels.*

compute.vpnTunnels.create
compute.vpnTunnels.delete
compute.vpnTunnels.get
compute.vpnTunnels.list
compute.vpnTunnels.setLabels

compute.zoneOperations.get

compute.zoneOperations.list

compute.zones.*

compute.zones.get
compute.zones.list

container.*

container.apiServices.create
container.apiServices.delete
container.apiServices.get
container.apiServices.getStatus
container.apiServices.list
container.apiServices.update
container.apiServices.updateStatus
container.auditSinks.create
container.auditSinks.delete
container.auditSinks.get
container.auditSinks.list
container.auditSinks.update
container.backendConfigs.create
container.backendConfigs.delete
container.backendConfigs.get
container.backendConfigs.list
container.backendConfigs.update
container.bindings.create
container.bindings.delete
container.bindings.get
container.bindings.list
container.bindings.update
container.certificateSigningRequests.approve
container.certificateSigningRequests.create
container.certificateSigningRequests.delete
container.certificateSigningRequests.get
container.certificateSigningRequests.getStatus
container.certificateSigningRequests.list
container.certificateSigningRequests.update
container.certificateSigningRequests.updateStatus
container.clusterRoleBindings.create
container.clusterRoleBindings.delete
container.clusterRoleBindings.get
container.clusterRoleBindings.list
container.clusterRoleBindings.update
container.clusterRoles.bind
container.clusterRoles.create
container.clusterRoles.delete
container.clusterRoles.escalate
container.clusterRoles.get
container.clusterRoles.list
container.clusterRoles.update
container.clusters.create
container.clusters.createTagBinding
container.clusters.delete
container.clusters.deleteTagBinding
container.clusters.get
container.clusters.getCredentials
container.clusters.impersonate
container.clusters.list
container.clusters.listEffectiveTags
container.clusters.listTagBindings
container.clusters.update
container.componentStatuses.get
container.componentStatuses.list
container.configMaps.create
container.configMaps.delete
container.configMaps.get
container.configMaps.list
container.configMaps.update
container.controllerRevisions.create
container.controllerRevisions.delete
container.controllerRevisions.get
container.controllerRevisions.list
container.controllerRevisions.update
container.cronJobs.create
container.cronJobs.delete
container.cronJobs.get
container.cronJobs.getStatus
container.cronJobs.list
container.cronJobs.update
container.cronJobs.updateStatus
container.csiDrivers.create
container.csiDrivers.delete
container.csiDrivers.get
container.csiDrivers.list
container.csiDrivers.update
container.csiNodeInfos.create
container.csiNodeInfos.delete
container.csiNodeInfos.get
container.csiNodeInfos.list
container.csiNodeInfos.update
container.csiNodes.create
container.csiNodes.delete
container.csiNodes.get
container.csiNodes.list
container.csiNodes.update
container.customResourceDefinitions.create
container.customResourceDefinitions.delete
container.customResourceDefinitions.get
container.customResourceDefinitions.getStatus
container.customResourceDefinitions.list
container.customResourceDefinitions.update
container.customResourceDefinitions.updateStatus
container.daemonSets.create
container.daemonSets.delete
container.daemonSets.get
container.daemonSets.getStatus
container.daemonSets.list
container.daemonSets.update
container.daemonSets.updateStatus
container.deployments.create
container.deployments.delete
container.deployments.get
container.deployments.getScale
container.deployments.getStatus
container.deployments.list
container.deployments.rollback
container.deployments.update
container.deployments.updateScale
container.deployments.updateStatus
container.endpointSlices.create
container.endpointSlices.delete
container.endpointSlices.get
container.endpointSlices.list
container.endpointSlices.update
container.endpoints.create
container.endpoints.delete
container.endpoints.get
container.endpoints.list
container.endpoints.update
container.events.create
container.events.delete
container.events.get
container.events.list
container.events.update
container.frontendConfigs.create
container.frontendConfigs.delete
container.frontendConfigs.get
container.frontendConfigs.list
container.frontendConfigs.update
container.horizontalPodAutoscalers.create
container.horizontalPodAutoscalers.delete
container.horizontalPodAutoscalers.get
container.horizontalPodAutoscalers.getStatus
container.horizontalPodAutoscalers.list
container.horizontalPodAutoscalers.update
container.horizontalPodAutoscalers.updateStatus
container.hostServiceAgent.use
container.ingresses.create
container.ingresses.delete
container.ingresses.get
container.ingresses.getStatus
container.ingresses.list
container.ingresses.update
container.ingresses.updateStatus
container.initializerConfigurations.create
container.initializerConfigurations.delete
container.initializerConfigurations.get
container.initializerConfigurations.list
container.initializerConfigurations.update
container.jobs.create
container.jobs.delete
container.jobs.get
container.jobs.getStatus
container.jobs.list
container.jobs.update
container.jobs.updateStatus
container.leases.create
container.leases.delete
container.leases.get
container.leases.list
container.leases.update
container.limitRanges.create
container.limitRanges.delete
container.limitRanges.get
container.limitRanges.list
container.limitRanges.update
container.localSubjectAccessReviews.create
container.localSubjectAccessReviews.list
container.managedCertificates.create
container.managedCertificates.delete
container.managedCertificates.get
container.managedCertificates.list
container.managedCertificates.update
container.mutatingWebhookConfigurations.create
container.mutatingWebhookConfigurations.delete
container.mutatingWebhookConfigurations.get
container.mutatingWebhookConfigurations.list
container.mutatingWebhookConfigurations.update
container.namespaces.create
container.namespaces.delete
container.namespaces.finalize
container.namespaces.get
container.namespaces.getStatus
container.namespaces.list
container.namespaces.update
container.namespaces.updateStatus
container.networkPolicies.create
container.networkPolicies.delete
container.networkPolicies.get
container.networkPolicies.list
container.networkPolicies.update
container.nodes.create
container.nodes.delete
container.nodes.get
container.nodes.getStatus
container.nodes.list
container.nodes.proxy
container.nodes.update
container.nodes.updateStatus
container.operations.get
container.operations.list
container.persistentVolumeClaims.create
container.persistentVolumeClaims.delete
container.persistentVolumeClaims.get
container.persistentVolumeClaims.getStatus
container.persistentVolumeClaims.list
container.persistentVolumeClaims.update
container.persistentVolumeClaims.updateStatus
container.persistentVolumes.create
container.persistentVolumes.delete
container.persistentVolumes.get
container.persistentVolumes.getStatus
container.persistentVolumes.list
container.persistentVolumes.update
container.persistentVolumes.updateStatus
container.petSets.create
container.petSets.delete
container.petSets.get
container.petSets.list
container.petSets.update
container.petSets.updateStatus
container.podDisruptionBudgets.create
container.podDisruptionBudgets.delete
container.podDisruptionBudgets.get
container.podDisruptionBudgets.getStatus
container.podDisruptionBudgets.list
container.podDisruptionBudgets.update
container.podDisruptionBudgets.updateStatus
container.podPresets.create
container.podPresets.delete
container.podPresets.get
container.podPresets.list
container.podPresets.update
container.podSecurityPolicies.create
container.podSecurityPolicies.delete
container.podSecurityPolicies.get
container.podSecurityPolicies.list
container.podSecurityPolicies.update
container.podSecurityPolicies.use
container.podTemplates.create
container.podTemplates.delete
container.podTemplates.get
container.podTemplates.list
container.podTemplates.update
container.pods.attach
container.pods.create
container.pods.delete
container.pods.evict
container.pods.exec
container.pods.get
container.pods.getLogs
container.pods.getStatus
container.pods.initialize
container.pods.list
container.pods.portForward
container.pods.proxy
container.pods.update
container.pods.updateStatus
container.priorityClasses.create
container.priorityClasses.delete
container.priorityClasses.get
container.priorityClasses.list
container.priorityClasses.update
container.replicaSets.create
container.replicaSets.delete
container.replicaSets.get
container.replicaSets.getScale
container.replicaSets.getStatus
container.replicaSets.list
container.replicaSets.update
container.replicaSets.updateScale
container.replicaSets.updateStatus
container.replicationControllers.create
container.replicationControllers.delete
container.replicationControllers.get
container.replicationControllers.getScale
container.replicationControllers.getStatus
container.replicationControllers.list
container.replicationControllers.update
container.replicationControllers.updateScale
container.replicationControllers.updateStatus
container.resourceQuotas.create
container.resourceQuotas.delete
container.resourceQuotas.get
container.resourceQuotas.getStatus
container.resourceQuotas.list
container.resourceQuotas.update
container.resourceQuotas.updateStatus
container.roleBindings.create
container.roleBindings.delete
container.roleBindings.get
container.roleBindings.list
container.roleBindings.update
container.roles.bind
container.roles.create
container.roles.delete
container.roles.escalate
container.roles.get
container.roles.list
container.roles.update
container.runtimeClasses.create
container.runtimeClasses.delete
container.runtimeClasses.get
container.runtimeClasses.list
container.runtimeClasses.update
container.scheduledJobs.create
container.scheduledJobs.delete
container.scheduledJobs.get
container.scheduledJobs.list
container.scheduledJobs.update
container.scheduledJobs.updateStatus
container.secrets.create
container.secrets.delete
container.secrets.get
container.secrets.list
container.secrets.update
container.selfSubjectAccessReviews.create
container.selfSubjectAccessReviews.list
container.selfSubjectRulesReviews.create
container.serviceAccounts.create
container.serviceAccounts.createToken
container.serviceAccounts.delete
container.serviceAccounts.get
container.serviceAccounts.list
container.serviceAccounts.update
container.services.create
container.services.delete
container.services.get
container.services.getStatus
container.services.list
container.services.proxy
container.services.update
container.services.updateStatus
container.statefulSets.create
container.statefulSets.delete
container.statefulSets.get
container.statefulSets.getScale
container.statefulSets.getStatus
container.statefulSets.list
container.statefulSets.update
container.statefulSets.updateScale
container.statefulSets.updateStatus
container.storageClasses.create
container.storageClasses.delete
container.storageClasses.get
container.storageClasses.list
container.storageClasses.update
container.storageStates.create
container.storageStates.delete
container.storageStates.get
container.storageStates.getStatus
container.storageStates.list
container.storageStates.update
container.storageStates.updateStatus
container.storageVersionMigrations.create
container.storageVersionMigrations.delete
container.storageVersionMigrations.get
container.storageVersionMigrations.getStatus
container.storageVersionMigrations.list
container.storageVersionMigrations.update
container.storageVersionMigrations.updateStatus
container.subjectAccessReviews.create
container.subjectAccessReviews.list
container.thirdPartyObjects.create
container.thirdPartyObjects.delete
container.thirdPartyObjects.get
container.thirdPartyObjects.list
container.thirdPartyObjects.update
container.thirdPartyResources.create
container.thirdPartyResources.delete
container.thirdPartyResources.get
container.thirdPartyResources.list
container.thirdPartyResources.update
container.tokenReviews.create
container.updateInfos.create
container.updateInfos.delete
container.updateInfos.get
container.updateInfos.list
container.updateInfos.update
container.validatingWebhookConfigurations.create
container.validatingWebhookConfigurations.delete
container.validatingWebhookConfigurations.get
container.validatingWebhookConfigurations.list
container.validatingWebhookConfigurations.update
container.volumeAttachments.create
container.volumeAttachments.delete
container.volumeAttachments.get
container.volumeAttachments.getStatus
container.volumeAttachments.list
container.volumeAttachments.update
container.volumeAttachments.updateStatus
container.volumeSnapshotClasses.create
container.volumeSnapshotClasses.delete
container.volumeSnapshotClasses.get
container.volumeSnapshotClasses.list
container.volumeSnapshotClasses.update
container.volumeSnapshotContents.create
container.volumeSnapshotContents.delete
container.volumeSnapshotContents.get
container.volumeSnapshotContents.getStatus
container.volumeSnapshotContents.list
container.volumeSnapshotContents.update
container.volumeSnapshotContents.updateStatus
container.volumeSnapshots.create
container.volumeSnapshots.delete
container.volumeSnapshots.get
container.volumeSnapshots.getStatus
container.volumeSnapshots.list
container.volumeSnapshots.update
container.volumeSnapshots.updateStatus

deploymentmanager.compositeTypes.*

deploymentmanager.compositeTypes.create
deploymentmanager.compositeTypes.delete
deploymentmanager.compositeTypes.get
deploymentmanager.compositeTypes.list
deploymentmanager.compositeTypes.update

deploymentmanager.deployments.cancelPreview

deploymentmanager.deployments.create

deploymentmanager.deployments.delete

deploymentmanager.deployments.get

deploymentmanager.deployments.list

deploymentmanager.deployments.stop

deploymentmanager.deployments.update

deploymentmanager.manifests.*

deploymentmanager.manifests.get
deploymentmanager.manifests.list

deploymentmanager.operations.*

deploymentmanager.operations.get
deploymentmanager.operations.list

deploymentmanager.resources.*

deploymentmanager.resources.get
deploymentmanager.resources.list

deploymentmanager.typeProviders.*

deploymentmanager.typeProviders.create
deploymentmanager.typeProviders.delete
deploymentmanager.typeProviders.get
deploymentmanager.typeProviders.getType
deploymentmanager.typeProviders.list
deploymentmanager.typeProviders.listTypes
deploymentmanager.typeProviders.update

deploymentmanager.types.*

deploymentmanager.types.create
deploymentmanager.types.delete
deploymentmanager.types.get
deploymentmanager.types.list
deploymentmanager.types.update

dns.managedZones.get

dns.managedZones.list

dns.networks.targetWithPeeringZone

firebase.projects.get

iam.serviceAccounts.actAs

iam.serviceAccounts.get

iam.serviceAccounts.getAccessToken

iam.serviceAccounts.list

logging.buckets.create

logging.buckets.delete

logging.buckets.get

logging.buckets.list

logging.buckets.undelete

logging.buckets.update

logging.exclusions.*

logging.exclusions.create
logging.exclusions.delete
logging.exclusions.get
logging.exclusions.list
logging.exclusions.update

logging.links.*

logging.links.create
logging.links.delete
logging.links.get
logging.links.list

logging.locations.*

logging.locations.get
logging.locations.list

logging.logEntries.create

logging.logEntries.route

logging.logMetrics.*

logging.logMetrics.create
logging.logMetrics.delete
logging.logMetrics.get
logging.logMetrics.list
logging.logMetrics.update

logging.logServiceIndexes.list

logging.logServices.list

logging.logs.list

logging.notificationRules.*

logging.notificationRules.create
logging.notificationRules.delete
logging.notificationRules.get
logging.notificationRules.list
logging.notificationRules.update

logging.operations.*

logging.operations.cancel
logging.operations.get
logging.operations.list

logging.settings.*

logging.settings.get
logging.settings.update

logging.sinks.*

logging.sinks.create
logging.sinks.delete
logging.sinks.get
logging.sinks.list
logging.sinks.update

logging.views.create

logging.views.delete

logging.views.get

logging.views.list

logging.views.update

monitoring.alertPolicies.get

monitoring.alertPolicies.list

monitoring.dashboards.get

monitoring.dashboards.list

monitoring.groups.get

monitoring.groups.list

monitoring.metricDescriptors.create

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

monitoring.monitoredResourceDescriptors.get
monitoring.monitoredResourceDescriptors.list

monitoring.notificationChannelDescriptors.*

monitoring.notificationChannelDescriptors.get
monitoring.notificationChannelDescriptors.list

monitoring.notificationChannels.get

monitoring.notificationChannels.list

monitoring.publicWidgets.get

monitoring.publicWidgets.list

monitoring.services.get

monitoring.services.list

monitoring.slos.get

monitoring.slos.list

monitoring.snoozes.get

monitoring.snoozes.list

monitoring.timeSeries.*

monitoring.timeSeries.create
monitoring.timeSeries.list

monitoring.uptimeCheckConfigs.get

monitoring.uptimeCheckConfigs.list

networkconnectivity.internalRanges.*

networkconnectivity.internalRanges.create
networkconnectivity.internalRanges.delete
networkconnectivity.internalRanges.get
networkconnectivity.internalRanges.getIamPolicy
networkconnectivity.internalRanges.list
networkconnectivity.internalRanges.setIamPolicy
networkconnectivity.internalRanges.update

networkconnectivity.locations.*

networkconnectivity.locations.get
networkconnectivity.locations.list

networkconnectivity.operations.*

networkconnectivity.operations.cancel
networkconnectivity.operations.delete
networkconnectivity.operations.get
networkconnectivity.operations.list

networkconnectivity.policyBasedRoutes.*

networkconnectivity.policyBasedRoutes.create
networkconnectivity.policyBasedRoutes.delete
networkconnectivity.policyBasedRoutes.get
networkconnectivity.policyBasedRoutes.getIamPolicy
networkconnectivity.policyBasedRoutes.list
networkconnectivity.policyBasedRoutes.setIamPolicy

networkconnectivity.serviceClasses.*

networkconnectivity.serviceClasses.create
networkconnectivity.serviceClasses.delete
networkconnectivity.serviceClasses.get
networkconnectivity.serviceClasses.list
networkconnectivity.serviceClasses.update
networkconnectivity.serviceClasses.use

networkconnectivity.serviceConnectionMaps.*

networkconnectivity.serviceConnectionMaps.create
networkconnectivity.serviceConnectionMaps.delete
networkconnectivity.serviceConnectionMaps.get
networkconnectivity.serviceConnectionMaps.list
networkconnectivity.serviceConnectionMaps.update

networkconnectivity.serviceConnectionPolicies.*

networkconnectivity.serviceConnectionPolicies.create
networkconnectivity.serviceConnectionPolicies.delete
networkconnectivity.serviceConnectionPolicies.get
networkconnectivity.serviceConnectionPolicies.list
networkconnectivity.serviceConnectionPolicies.update

networksecurity.*

networksecurity.addressGroups.create
networksecurity.addressGroups.delete
networksecurity.addressGroups.get
networksecurity.addressGroups.getIamPolicy
networksecurity.addressGroups.list
networksecurity.addressGroups.setIamPolicy
networksecurity.addressGroups.update
networksecurity.addressGroups.use
networksecurity.authorizationPolicies.create
networksecurity.authorizationPolicies.delete
networksecurity.authorizationPolicies.get
networksecurity.authorizationPolicies.getIamPolicy
networksecurity.authorizationPolicies.list
networksecurity.authorizationPolicies.setIamPolicy
networksecurity.authorizationPolicies.update
networksecurity.authorizationPolicies.use
networksecurity.clientTlsPolicies.create
networksecurity.clientTlsPolicies.delete
networksecurity.clientTlsPolicies.get
networksecurity.clientTlsPolicies.getIamPolicy
networksecurity.clientTlsPolicies.list
networksecurity.clientTlsPolicies.setIamPolicy
networksecurity.clientTlsPolicies.update
networksecurity.clientTlsPolicies.use
networksecurity.firewallEndpointAssociations.create
networksecurity.firewallEndpointAssociations.delete
networksecurity.firewallEndpointAssociations.get
networksecurity.firewallEndpointAssociations.list
networksecurity.firewallEndpointAssociations.update
networksecurity.firewallEndpoints.create
networksecurity.firewallEndpoints.delete
networksecurity.firewallEndpoints.get
networksecurity.firewallEndpoints.list
networksecurity.firewallEndpoints.update
networksecurity.firewallEndpoints.use
networksecurity.gatewaySecurityPolicies.create
networksecurity.gatewaySecurityPolicies.delete
networksecurity.gatewaySecurityPolicies.get
networksecurity.gatewaySecurityPolicies.list
networksecurity.gatewaySecurityPolicies.update
networksecurity.gatewaySecurityPolicies.use
networksecurity.gatewaySecurityPolicyRules.create
networksecurity.gatewaySecurityPolicyRules.delete
networksecurity.gatewaySecurityPolicyRules.get
networksecurity.gatewaySecurityPolicyRules.list
networksecurity.gatewaySecurityPolicyRules.update
networksecurity.gatewaySecurityPolicyRules.use
networksecurity.locations.get
networksecurity.locations.list
networksecurity.operations.cancel
networksecurity.operations.delete
networksecurity.operations.get
networksecurity.operations.list
networksecurity.securityProfileGroups.create
networksecurity.securityProfileGroups.delete
networksecurity.securityProfileGroups.get
networksecurity.securityProfileGroups.list
networksecurity.securityProfileGroups.update
networksecurity.securityProfileGroups.use
networksecurity.securityProfiles.create
networksecurity.securityProfiles.delete
networksecurity.securityProfiles.get
networksecurity.securityProfiles.list
networksecurity.securityProfiles.update
networksecurity.securityProfiles.use
networksecurity.serverTlsPolicies.create
networksecurity.serverTlsPolicies.delete
networksecurity.serverTlsPolicies.get
networksecurity.serverTlsPolicies.getIamPolicy
networksecurity.serverTlsPolicies.list
networksecurity.serverTlsPolicies.setIamPolicy
networksecurity.serverTlsPolicies.update
networksecurity.serverTlsPolicies.use
networksecurity.tlsInspectionPolicies.create
networksecurity.tlsInspectionPolicies.delete
networksecurity.tlsInspectionPolicies.get
networksecurity.tlsInspectionPolicies.list
networksecurity.tlsInspectionPolicies.update
networksecurity.tlsInspectionPolicies.use
networksecurity.urlLists.create
networksecurity.urlLists.delete
networksecurity.urlLists.get
networksecurity.urlLists.list
networksecurity.urlLists.update
networksecurity.urlLists.use

networkservices.*

networkservices.endpointConfigSelectors.create
networkservices.endpointConfigSelectors.delete
networkservices.endpointConfigSelectors.get
networkservices.endpointConfigSelectors.getIamPolicy
networkservices.endpointConfigSelectors.list
networkservices.endpointConfigSelectors.setIamPolicy
networkservices.endpointConfigSelectors.update
networkservices.endpointConfigSelectors.use
networkservices.endpointPolicies.create
networkservices.endpointPolicies.delete
networkservices.endpointPolicies.get
networkservices.endpointPolicies.getIamPolicy
networkservices.endpointPolicies.list
networkservices.endpointPolicies.setIamPolicy
networkservices.endpointPolicies.update
networkservices.endpointPolicies.use
networkservices.gateways.create
networkservices.gateways.delete
networkservices.gateways.get
networkservices.gateways.list
networkservices.gateways.update
networkservices.gateways.use
networkservices.grpcRoutes.create
networkservices.grpcRoutes.delete
networkservices.grpcRoutes.get
networkservices.grpcRoutes.getIamPolicy
networkservices.grpcRoutes.list
networkservices.grpcRoutes.setIamPolicy
networkservices.grpcRoutes.update
networkservices.grpcRoutes.use
networkservices.httpFilters.create
networkservices.httpFilters.delete
networkservices.httpFilters.get
networkservices.httpFilters.getIamPolicy
networkservices.httpFilters.list
networkservices.httpFilters.setIamPolicy
networkservices.httpFilters.update
networkservices.httpFilters.use
networkservices.httpRoutes.create
networkservices.httpRoutes.delete
networkservices.httpRoutes.get
networkservices.httpRoutes.getIamPolicy
networkservices.httpRoutes.list
networkservices.httpRoutes.setIamPolicy
networkservices.httpRoutes.update
networkservices.httpRoutes.use
networkservices.httpfilters.create
networkservices.httpfilters.delete
networkservices.httpfilters.get
networkservices.httpfilters.getIamPolicy
networkservices.httpfilters.list
networkservices.httpfilters.setIamPolicy
networkservices.httpfilters.update
networkservices.httpfilters.use
networkservices.lbRouteExtensions.create
networkservices.lbRouteExtensions.delete
networkservices.lbRouteExtensions.get
networkservices.lbRouteExtensions.list
networkservices.lbRouteExtensions.update
networkservices.lbTrafficExtensions.create
networkservices.lbTrafficExtensions.delete
networkservices.lbTrafficExtensions.get
networkservices.lbTrafficExtensions.list
networkservices.lbTrafficExtensions.update
networkservices.locations.get
networkservices.locations.list
networkservices.meshes.create
networkservices.meshes.delete
networkservices.meshes.get
networkservices.meshes.getIamPolicy
networkservices.meshes.list
networkservices.meshes.setIamPolicy
networkservices.meshes.update
networkservices.meshes.use
networkservices.operations.cancel
networkservices.operations.delete
networkservices.operations.get
networkservices.operations.list
networkservices.serviceBindings.create
networkservices.serviceBindings.delete
networkservices.serviceBindings.get
networkservices.serviceBindings.list
networkservices.serviceBindings.update
networkservices.serviceLbPolicies.create
networkservices.serviceLbPolicies.delete
networkservices.serviceLbPolicies.get
networkservices.serviceLbPolicies.list
networkservices.serviceLbPolicies.update
networkservices.tcpRoutes.create
networkservices.tcpRoutes.delete
networkservices.tcpRoutes.get
networkservices.tcpRoutes.getIamPolicy
networkservices.tcpRoutes.list
networkservices.tcpRoutes.setIamPolicy
networkservices.tcpRoutes.update
networkservices.tcpRoutes.use
networkservices.tlsRoutes.create
networkservices.tlsRoutes.delete
networkservices.tlsRoutes.get
networkservices.tlsRoutes.list
networkservices.tlsRoutes.update
networkservices.tlsRoutes.use

opsconfigmonitoring.resourceMetadata.list

orgpolicy.policy.get

pubsub.*

pubsub.schemas.attach
pubsub.schemas.commit
pubsub.schemas.create
pubsub.schemas.delete
pubsub.schemas.get
pubsub.schemas.getIamPolicy
pubsub.schemas.list
pubsub.schemas.listRevisions
pubsub.schemas.rollback
pubsub.schemas.setIamPolicy
pubsub.schemas.validate
pubsub.snapshots.create
pubsub.snapshots.delete
pubsub.snapshots.get
pubsub.snapshots.getIamPolicy
pubsub.snapshots.list
pubsub.snapshots.seek
pubsub.snapshots.setIamPolicy
pubsub.snapshots.update
pubsub.subscriptions.consume
pubsub.subscriptions.create
pubsub.subscriptions.delete
pubsub.subscriptions.get
pubsub.subscriptions.getIamPolicy
pubsub.subscriptions.list
pubsub.subscriptions.setIamPolicy
pubsub.subscriptions.update
pubsub.topics.attachSubscription
pubsub.topics.create
pubsub.topics.delete
pubsub.topics.detachSubscription
pubsub.topics.get
pubsub.topics.getIamPolicy
pubsub.topics.list
pubsub.topics.publish
pubsub.topics.setIamPolicy
pubsub.topics.update
pubsub.topics.updateTag

recommender.cloudsqlIdleInstanceRecommendations.*

recommender.cloudsqlIdleInstanceRecommendations.get
recommender.cloudsqlIdleInstanceRecommendations.list
recommender.cloudsqlIdleInstanceRecommendations.update

recommender.cloudsqlInstanceActivityInsights.*

recommender.cloudsqlInstanceActivityInsights.get
recommender.cloudsqlInstanceActivityInsights.list
recommender.cloudsqlInstanceActivityInsights.update

recommender.cloudsqlInstanceCpuUsageInsights.*

recommender.cloudsqlInstanceCpuUsageInsights.get
recommender.cloudsqlInstanceCpuUsageInsights.list
recommender.cloudsqlInstanceCpuUsageInsights.update

recommender.cloudsqlInstanceDiskUsageTrendInsights.*

recommender.cloudsqlInstanceDiskUsageTrendInsights.get
recommender.cloudsqlInstanceDiskUsageTrendInsights.list
recommender.cloudsqlInstanceDiskUsageTrendInsights.update

recommender.cloudsqlInstanceMemoryUsageInsights.*

recommender.cloudsqlInstanceMemoryUsageInsights.get
recommender.cloudsqlInstanceMemoryUsageInsights.list
recommender.cloudsqlInstanceMemoryUsageInsights.update

recommender.cloudsqlInstanceOomProbabilityInsights.*

recommender.cloudsqlInstanceOomProbabilityInsights.get
recommender.cloudsqlInstanceOomProbabilityInsights.list
recommender.cloudsqlInstanceOomProbabilityInsights.update

recommender.cloudsqlInstanceOutOfDiskRecommendations.*

recommender.cloudsqlInstanceOutOfDiskRecommendations.get
recommender.cloudsqlInstanceOutOfDiskRecommendations.list
recommender.cloudsqlInstanceOutOfDiskRecommendations.update

recommender.cloudsqlInstancePerformanceInsights.*

recommender.cloudsqlInstancePerformanceInsights.get
recommender.cloudsqlInstancePerformanceInsights.list
recommender.cloudsqlInstancePerformanceInsights.update

recommender.cloudsqlInstancePerformanceRecommendations.*

recommender.cloudsqlInstancePerformanceRecommendations.get
recommender.cloudsqlInstancePerformanceRecommendations.list
recommender.cloudsqlInstancePerformanceRecommendations.update

recommender.cloudsqlInstanceReliabilityInsights.*

recommender.cloudsqlInstanceReliabilityInsights.get
recommender.cloudsqlInstanceReliabilityInsights.list
recommender.cloudsqlInstanceReliabilityInsights.update

recommender.cloudsqlInstanceReliabilityRecommendations.*

recommender.cloudsqlInstanceReliabilityRecommendations.get
recommender.cloudsqlInstanceReliabilityRecommendations.list
recommender.cloudsqlInstanceReliabilityRecommendations.update

recommender.cloudsqlInstanceSecurityInsights.*

recommender.cloudsqlInstanceSecurityInsights.get
recommender.cloudsqlInstanceSecurityInsights.list
recommender.cloudsqlInstanceSecurityInsights.update

recommender.cloudsqlInstanceSecurityRecommendations.*

recommender.cloudsqlInstanceSecurityRecommendations.get
recommender.cloudsqlInstanceSecurityRecommendations.list
recommender.cloudsqlInstanceSecurityRecommendations.update

recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.*

recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.get
recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.list
recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.update

recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.*

recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.get
recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.list
recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.update

recommender.cloudsqlOverprovisionedInstanceRecommendations.*

recommender.cloudsqlOverprovisionedInstanceRecommendations.get
recommender.cloudsqlOverprovisionedInstanceRecommendations.list
recommender.cloudsqlOverprovisionedInstanceRecommendations.update

recommender.cloudsqlUnderProvisionedInstanceRecommendations.*

recommender.cloudsqlUnderProvisionedInstanceRecommendations.get
recommender.cloudsqlUnderProvisionedInstanceRecommendations.list
recommender.cloudsqlUnderProvisionedInstanceRecommendations.update

recommender.containerDiagnosisInsights.*

recommender.containerDiagnosisInsights.get
recommender.containerDiagnosisInsights.list
recommender.containerDiagnosisInsights.update

recommender.containerDiagnosisRecommendations.*

recommender.containerDiagnosisRecommendations.get
recommender.containerDiagnosisRecommendations.list
recommender.containerDiagnosisRecommendations.update

recommender.iamPolicyInsights.*

recommender.iamPolicyInsights.get
recommender.iamPolicyInsights.list
recommender.iamPolicyInsights.update

recommender.iamPolicyRecommendations.*

recommender.iamPolicyRecommendations.get
recommender.iamPolicyRecommendations.list
recommender.iamPolicyRecommendations.update

recommender.locations.*

recommender.locations.get
recommender.locations.list

recommender.networkAnalyzerGkeConnectivityInsights.*

recommender.networkAnalyzerGkeConnectivityInsights.get
recommender.networkAnalyzerGkeConnectivityInsights.list
recommender.networkAnalyzerGkeConnectivityInsights.update

recommender.networkAnalyzerGkeIpAddressInsights.*

recommender.networkAnalyzerGkeIpAddressInsights.get
recommender.networkAnalyzerGkeIpAddressInsights.list
recommender.networkAnalyzerGkeIpAddressInsights.update

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

resourcemanager.projects.list

servicedirectory.namespaces.create

servicedirectory.namespaces.delete

servicedirectory.services.create

servicedirectory.services.delete

servicenetworking.operations.get

servicenetworking.services.addPeering

servicenetworking.services.createPeeredDnsDomain

servicenetworking.services.deleteConnection

servicenetworking.services.deletePeeredDnsDomain

servicenetworking.services.disableVpcServiceControls

servicenetworking.services.enableVpcServiceControls

servicenetworking.services.get

servicenetworking.services.listPeeredDnsDomains

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

stackdriver.projects.get

stackdriver.resourceMetadata.list

storage.buckets.*

storage.buckets.create
storage.buckets.createTagBinding
storage.buckets.delete
storage.buckets.deleteTagBinding
storage.buckets.get
storage.buckets.getIamPolicy
storage.buckets.getObjectInsights
storage.buckets.list
storage.buckets.listEffectiveTags
storage.buckets.listTagBindings
storage.buckets.setIamPolicy
storage.buckets.update

storage.managedFolders.*

storage.managedFolders.create
storage.managedFolders.delete
storage.managedFolders.get
storage.managedFolders.getIamPolicy.
storage.managedFolders.list
storage.managedFolders.setIamPolicy

storage.multipartUploads.*

storage.multipartUploads.abort
storage.multipartUploads.create
storage.multipartUploads.list
storage.multipartUploads.listParts

storage.objects.*

storage.objects.create
storage.objects.delete
storage.objects.get
storage.objects.getIamPolicy
storage.objects.list
storage.objects.setIamPolicy
storage.objects.update

trafficdirector.*

trafficdirector.networks.getConfigs
trafficdirector.networks.reportMetrics

Einfache Rollen

Rolle	Titel	Beschreibung	Berechtigungen	Niedrigste Ressource
`roles/owner`	Owner	Einfache Rolle, die die vollständige Kontrolle über Cloud Composer-Ressourcen ermöglicht.	composer.environments.create composer.environments.delete composer.environments.get composer.environments.list composer.environments.update composer.environments.executeairflowcommand composer.imageversions.list serviceAccount.operative.delete composer.operative.get composer.environments.list composer.env.	Projekt
`roles/editor`	Editor	Einfache Rolle, die die vollständige Kontrolle über Cloud Composer-Ressourcen ermöglicht.	composer.environments.create composer.environments.delete composer.environments.get composer.environments.list composer.environments.update composer.environments.executeairflowcommand composer.imageversions.list serviceAccount.operative.delete composer.operative.get composer.environments.list composer.dags.list composer.dags.list	Projekt
`roles/viewer`	Betrachter	Einfache Rolle, mit der Nutzer Cloud Composer-Ressourcen auflisten und abrufen können.	composer.environments.get composer.environments.list composer.imageversions.list composer.operative.get composer.operative.list composer.dags.list composer.dags.get composer.dags.getSourceCode	Projekt

Berechtigungen für API-Methoden

In der folgenden Tabelle sind die Berechtigungen aufgeführt, die zum Aufrufen der einzelnen API-Methoden in der Cloud Composer API oder zum Ausführen von Aufgaben mit Google Cloud-Tools benötigt werden, die die API verwenden (z. B. die Google Cloud Console oder die Google Cloud CLI).

Methode	Berechtigung
`environments.create`	`composer.environments.create` und `iam.serviceAccounts.actAs` für das Dienstkonto der Umgebung.
`environments.delete`	`composer.environments.delete`
`environments.get`	`composer.environments.get`
`environments.list`	`composer.environments.list`
`environments.update`	`composer.environments.update`
`environments.executeAirlfowCommand`	`composer.environment.executeairflowcommand`
`environments.stopAirlfowCommand`	`composer.environment.executeairflowcommand`
`environments.pollAirlfowCommand`	`composer.environment.executeairflowcommand`
`operations.delete`	`composer.operations.delete`
`operations.get`	`composer.operations.get`
`operations.list`	`composer.operations.list`

Berechtigungen zum Arbeiten mit DAGs in der Google Cloud Console

Die folgenden Berechtigungen beziehen sich auf die Arbeit mit DAGs von der Google Cloud Console aus über die DAG-UI:

Berechtigung	Beschreibung
`composer.dags.list`	Sehen Sie sich die Liste der DAGs auf der Seite "Umgebungsdetails" an.
`composer.dags.get`	Auf der DAG-Detailseite erhalten Sie detaillierte Informationen zu DAGs, DAG-Ausführungen und Aufgaben.
`composer.dags.getSourceCode`	Rufen Sie den Quellcode der DAGs auf der Seite mit den DAG-Details ab.
`composer.dags.execute`	Auf der Seite „DAG-Details“ können Sie DAGs pausieren, die Pausierung aufheben und sie auslösen.

Mit der Airflow-UI-Zugriffssteuerung können Sie DAG-Berechtigungen für Nutzerkonten weiter steuern. Für die DAG-UI sind sowohl IAM- als auch Zugriffssteuerungsberechtigungen für Airflow-UI erforderlich, um eine bestimmte Aktion in einem DAG zuzulassen. Gleichzeitig validiert die Airflow-UI den Nutzerzugriff nur anhand der Zugriffssteuerungsberechtigungen der Airflow-UI. IAM-Berechtigungen werden übersprungen.

Wenn ein Nutzer beispielsweise die Berechtigungen composer.dags.execute und die Airflow-Rolle Viewer hat, kann er keine DAGs über die Google Cloud Console auslösen. Im Gegensatz dazu kann ein Nutzer, der nicht die Berechtigung composer.dags.list hat, die Liste der DAGs trotzdem in der Airflow-UI aufrufen.

Dienstkonto aus einem anderen Projekt verwenden

Wenn eine Cloud Composer-Umgebung in einem Projekt ein nutzerverwaltetes Dienstkonto aus einem anderen Projekt verwenden soll, konfigurieren Sie das nutzerverwaltete Dienstkonto so:

Achten Sie darauf, dass die Organisationsrichtlinie des Projekts, in dem sich Ihr nutzerverwaltetes Dienstkonto befindet, die Dienstkonto-Identitätsübernahme projektübergreifend zulässt.
Aktivieren Sie die Composer API in dem Projekt, in dem sich das nutzerverwaltete Dienstkonto befindet. Weitere Informationen dazu, warum er erforderlich ist, finden Sie unter Wo Dienstkonten erstellt werden können.
Weisen Sie IAM-Rollen wie in der folgenden Tabelle beschrieben zu.
Erstellen Sie Ihre Umgebung mit einem projektübergreifenden Dienstkonto. Sie können die Google Cloud CLI, API oder Terraform verwenden. In der Google Cloud Console ist es nicht möglich, ein Dienstkonto aus einem anderen Projekt auszuwählen.

In der folgenden Tabelle werden die erforderlichen IAM-Rollen und Hauptkonten für Ihr nutzerverwaltetes Dienstkonto beschrieben.

Projekt	Ressource	Hauptkonto	Rolle
Projekt, in dem sich das nutzerverwaltete Dienstkonto befindet	Ihr nutzerverwaltetes Dienstkonto	Konto des Cloud Composer-Dienst-Agents des Projekts, in dem sich die Umgebung befindet (`service-SERVICE_PROJECT_NUMBER@cloudcomposer-accounts.iam.gserviceaccount.com`).	Dienstkontonutzer (`iam.serviceAccountUser`)
(Nur Cloud Composer 2) Projekt, in dem sich das nutzerverwaltete Dienstkonto befindet	Ihr nutzerverwaltetes Dienstkonto	Konto des Cloud Composer-Dienst-Agents des Projekts, in dem sich die Umgebung befindet (`service-SERVICE_PROJECT_NUMBER@cloudcomposer-accounts.iam.gserviceaccount.com`).	Dienst-Agent-Erweiterung für die Cloud Composer v2 API (`roles/composer.ServiceAgentV2Ext`). Weitere Informationen zur Verwendung dieser Rolle finden Sie unter Rollen für das Cloud Composer-Dienst-Agent-Konto zuweisen.
Projekt, in dem sich das nutzerverwaltete Dienstkonto befindet	Ihr nutzerverwaltetes Dienstkonto	Kubernetes Engine-Dienst-Agent des Projekts, in dem sich Ihre Umgebung befindet (`service-SERVICE_PROJECT_NUMBER@container-engine-robot.iam.gserviceaccount.com`)	Dienstkontonutzer (`iam.serviceAccountUser`)
Projekt, in dem sich das nutzerverwaltete Dienstkonto befindet	Ihr nutzerverwaltetes Dienstkonto	Google APIs-Dienst-Agent des Projekts, in dem sich Ihre Umgebung befindet (`SERVICE_PROJECT_NUMBER@cloudservices.gserviceaccount.com`)	Dienstkontonutzer (`iam.serviceAccountUser`)
Projekt, in dem sich das nutzerverwaltete Dienstkonto befindet	Ihr nutzerverwaltetes Dienstkonto	Compute Engine-Dienst-Agent des Projekts, in dem sich Ihre Umgebung befindet (`service-SERVICE_PROJECT_NUMBER@compute-system.iam.gserviceaccount.com`)	Ersteller von Dienstkonto-Tokens (`roles/iam.serviceAccountTokenCreator`)
Projekt, in dem sich Ihre Umgebung befindet	Projekt	Ihr nutzerverwaltetes Dienstkonto	Weisen Sie Ihrem nutzerverwalteten Dienstkonto die erforderlichen Rollen zu, wie unter Einem nutzerverwalteten Dienstkonto Rollen zuweisen beschrieben. In einer öffentlichen IP-Konfiguration erfordert Ihr nutzerverwaltetes Dienstkonto beispielsweise die Rolle Composer-Worker.

Zugriffssteuerung mit IAM

Informationen zu Identity and Access Managemen in Cloud Composer

Rollen für das Konto des Cloud Composer-Dienst-Agents zuweisen

Dienstkonto einer Umgebung Rollen zuweisen

Nutzern Rollen zuweisen

Umgebungen und Umgebungs-Buckets verwalten

Umgebungen verwalten

Umgebungen ansehen und Umgebungs-Buckets verwalten

Umgebungen und Umgebungs-Buckets ansehen

Umgebungen ansehen

Berechtigungen zur Verwendung von gcloud mit Umgebungen erteilen

Rollen

Cloud Composer v2 API Service Agent Extension

Composer Administrator

Environment and Storage Object Administrator

Environment and Storage Object User

Environment and Storage Object Viewer

Composer Shared VPC Agent

Composer User

Composer Worker

Rollen für Dienst-Agents

Cloud Composer API-Dienst-Agent

Einfache Rollen

Berechtigungen für API-Methoden

Berechtigungen zum Arbeiten mit DAGs in der Google Cloud Console

Dienstkonto aus einem anderen Projekt verwenden

Nächste Schritte

Berechtigungen zur Verwendung von `gcloud` mit Umgebungen erteilen