Peran dan izin IAM Compute Engine

Saat menambahkan anggota baru ke project, Anda dapat menggunakan kebijakan Identity and Access Management (IAM) untuk memberi anggota tersebut satu atau beberapa peran IAM. Setiap peran IAM berisi izin yang memberikan akses anggota ke resource tertentu.

Compute Engine memiliki sekumpulan peran IAM yang telah ditetapkan yang dijelaskan di halaman ini. Anda juga dapat membuat peran khusus yang berisi subset izin yang dipetakan langsung ke kebutuhan Anda.

Untuk mempelajari izin yang diperlukan bagi setiap metode, baca dokumentasi referensi Compute Engine API:

Untuk informasi tentang cara memberikan akses, baca halaman berikut.

Untuk menetapkan kebijakan IAM di level project, baca Memberikan, mengubah, dan mencabut akses ke resource dalam dokumentasi IAM.
Untuk menetapkan kebijakan resource Compute Engine tertentu, baca Memberikan akses ke resource Compute Engine.
Untuk menetapkan peran ke akun layanan Compute Engine, baca Membuat dan mengaktifkan akun layanan untuk instance.

Apa yang dimaksud dengan IAM?

Google Cloud menawarkan IAM, yang memungkinkan Anda memberikan akses lebih terperinci ke resource Google Cloud tertentu dan mencegah akses yang tidak diinginkan ke resource lain. IAM memungkinkan Anda menerapkan prinsip hak istimewa terendah untuk keamanan, jadi Anda hanya memberikan akses yang diperlukan ke resource Anda.

Dengan IAM, Anda dapat mengontrol siapa (identitas) yang memiliki izin apa (peran) ke resource mana dengan menetapkan kebijakan IAM. Kebijakan IAM memberikan peran tertentu kepada anggota project, sehingga identitas tersebut memiliki izin tertentu. Misalnya, untuk resource tertentu, seperti project, Anda dapat menetapkan peran roles/compute.networkAdmin ke Akun Google dan akun tersebut dapat mengontrol resource terkait jaringan dalam project, tetapi tidak dapat mengelola resource lain, seperti instance dan disk. Anda juga dapat menggunakan IAM untuk mengelola peran lama konsol Google Cloud yang diberikan kepada anggota tim project.

Peran serviceAccountUser

Jika diberikan bersama dengan roles/compute.instanceAdmin.v1, roles/iam.serviceAccountUser memberi anggota kemampuan untuk membuat dan mengelola instance yang menggunakan akun layanan. Secara khusus, memberikan roles/iam.serviceAccountUser dan roles/compute.instanceAdmin.v1 secara bersamaan akan memberi anggota izin untuk:

Buat instance yang berjalan sebagai akun layanan.
Pasang persistent disk ke instance yang berjalan sebagai akun layanan.
Tetapkan metadata instance pada instance yang berjalan sebagai akun layanan.
Gunakan SSH untuk terhubung ke instance yang berjalan sebagai akun layanan.
Konfigurasi ulang instance untuk dijalankan sebagai akun layanan.

Anda dapat memberi izin roles/iam.serviceAccountUser dengan salah satu dari dua cara berikut:

Direkomendasikan. Berikan peran kepada anggota di akun layanan tertentu. Tindakan ini memberi anggota akses ke akun layanan yang anggotanya adalah iam.serviceAccountUser, tetapi mencegah akses ke akun layanan lain yang anggotanya bukan iam.serviceAccountUser.
Berikan peran kepada anggota di level project. Anggota memiliki akses ke semua akun layanan dalam project, termasuk akun layanan yang dibuat di masa mendatang.

Jika Anda belum memahami akun layanan, pelajari akun layanan lebih lanjut.

Izin konsol Google Cloud

Agar dapat menggunakan konsol Google Cloud untuk mengakses resource Compute Engine, Anda harus memiliki peran yang berisi izin berikut pada project:

compute.projects.get

Menghubungkan ke instance sebagai instanceAdmin

Setelah Anda memberi anggota project peran roles/compute.instanceAdmin.v1, mereka dapat terhubung ke instance virtual machine (VM) dengan menggunakan alat Google Cloud standar, sepertigcloud CLI atau SSH dalam browser.

Saat anggota menggunakan gcloud CLI atau SSH dalam browser, alat tersebut akan otomatis membuat pasangan kunci umum/pribadi dan menambahkan kunci publik ke metadata project. Jika anggota tidak memiliki izin untuk mengedit metadata project, alat ini akan menambahkan kunci publik anggota tersebut ke metadata instance.

Jika anggota sudah memiliki pasangan kunci yang ingin digunakan, mereka dapat menambahkan kunci publiknya secara manual ke metadata instance. Pelajari lebih lanjut cara menambahkan kunci SSH ke instance.

IAM dengan akun layanan

Buat akun layanan kustom baru dan berikan peran IAM ke akun layanan untuk membatasi akses instance Anda. Gunakan peran IAM dengan akun layanan kustom untuk:

Batasi akses yang dimiliki instance Anda ke Google Cloud API menggunakan peran IAM terperinci.
Berikan identitas unik pada setiap instance, atau sekumpulan instance.
Batasi akses akun layanan default Anda.

Pelajari akun layanan lebih lanjut.

Grup instance terkelola dan IAM

Grup instance terkelola (MIG) adalah resource yang menjalankan tindakan atas nama Anda tanpa interaksi pengguna langsung. Misalnya, MIG dapat menambahkan dan menghapus VM dari grup.

Semua operasi yang dilakukan oleh Compute Engine sebagai bagian dari MIG dilakukan oleh Agen Layanan Google API untuk project Anda, yang memiliki alamat email seperti berikut: PROJECT_ID@cloudservices.gserviceaccount.com

Secara default, Agen Layanan Google API diberi peran Editor (roles/editor) di level project, yang memberikan hak istimewa yang cukup untuk membuat resource berdasarkan konfigurasi MIG. Jika Anda menyesuaikan akses untuk Agen Layanan Google API, berikan peran kepada Compute Instance Admin (v1) (roles/compute.instanceAdmin.v1) dan, secara opsional, peran Service Account User (roles/iam.serviceAccountUser). Peran Pengguna Akun Layanan hanya diperlukan jika MIG membuat VM yang dapat dijalankan sebagai akun layanan.

Perlu diperhatikan bahwa Agen Layanan Google API juga digunakan oleh proses lain, termasuk Deployment Manager.

Saat Anda membuat MIG atau mengupdate template instance-nya, Compute Engine memvalidasi bahwa Agen Layanan Google API memiliki peran dan izin berikut:

Peran Pengguna Akun Layanan, yang penting jika Anda berencana membuat instance yang dapat berjalan sebagai akun layanan
Izin untuk semua resource yang dirujuk dari template instance, seperti image, disk, jaringan VPC, dan subnet

Peran IAM Compute Engine yang telah ditetapkan

Dengan IAM, setiap metode API di Compute Engine API mengharuskan identitas yang membuat permintaan API memiliki izin yang sesuai untuk menggunakan resource. Izin diberikan dengan menetapkan kebijakan yang memberikan peran ke anggota (pengguna, grup, atau akun layanan) project Anda.

Selain peran dasar (penampil, editor, pemilik) dan peran khusus, Anda dapat menetapkan peran Compute Engine yang telah ditetapkan berikut ke anggota project Anda.

Anda dapat memberikan beberapa peran kepada anggota project di resource yang sama. Misalnya, jika tim jaringan Anda juga mengelola aturan firewall, Anda dapat memberikan roles/compute.networkAdmin dan roles/compute.securityAdmin ke grup Google tim jaringan.

Tabel berikut menjelaskan peran IAM Compute Engine yang telah ditetapkan, serta izin yang terdapat dalam setiap peran. Setiap peran berisi kumpulan izin yang cocok untuk tugas tertentu. Misalnya, peran Instance Admin memberikan izin untuk mengelola instance, peran terkait jaringan mencakup izin untuk mengelola resource terkait jaringan, dan peran keamanan mencakup izin untuk mengelola resource terkait keamanan, seperti firewall dan sertifikat SSL.

Compute Admin role

Details Permissions

Details	Permissions
Compute Admin (`roles/compute.admin`) Full control of all Compute Engine resources. If the user will be managing virtual machine instances that are configured to run as a service account, you must also grant the `roles/iam.serviceAccountUser` role. Lowest-level resources where you can grant this role: Disk Image Instance Instance template Node group Node template Snapshot	`backupdr.backupPlanAssociations.createForComputeInstance` `backupdr.backupPlanAssociations.deleteForComputeInstance` `backupdr.backupPlanAssociations.list` `backupdr.backupPlanAssociations.triggerBackupForComputeInstance` `backupdr.backupPlans.useForComputeInstance` `compute.*` `compute.acceleratorTypes.get` `compute.acceleratorTypes.list` `compute.addresses.create` `compute.addresses.createInternal` `compute.addresses.createTagBinding` `compute.addresses.delete` `compute.addresses.deleteInternal` `compute.addresses.deleteTagBinding` `compute.addresses.get` `compute.addresses.list` `compute.addresses.listEffectiveTags` `compute.addresses.listTagBindings` `compute.addresses.setLabels` `compute.addresses.use` `compute.addresses.useInternal` `compute.autoscalers.create` `compute.autoscalers.delete` `compute.autoscalers.get` `compute.autoscalers.list` `compute.autoscalers.update` `compute.backendBuckets.addSignedUrlKey` `compute.backendBuckets.create` `compute.backendBuckets.createTagBinding` `compute.backendBuckets.delete` `compute.backendBuckets.deleteSignedUrlKey` `compute.backendBuckets.deleteTagBinding` `compute.backendBuckets.get` `compute.backendBuckets.getIamPolicy` `compute.backendBuckets.list` `compute.backendBuckets.listEffectiveTags` `compute.backendBuckets.listTagBindings` `compute.backendBuckets.setIamPolicy` `compute.backendBuckets.setSecurityPolicy` `compute.backendBuckets.update` `compute.backendBuckets.use` `compute.backendServices.addSignedUrlKey` `compute.backendServices.create` `compute.backendServices.createTagBinding` `compute.backendServices.delete` `compute.backendServices.deleteSignedUrlKey` `compute.backendServices.deleteTagBinding` `compute.backendServices.get` `compute.backendServices.getIamPolicy` `compute.backendServices.list` `compute.backendServices.listEffectiveTags` `compute.backendServices.listTagBindings` `compute.backendServices.setIamPolicy` `compute.backendServices.setSecurityPolicy` `compute.backendServices.update` `compute.backendServices.use` `compute.commitments.create` `compute.commitments.get` `compute.commitments.list` `compute.commitments.update` `compute.commitments.updateReservations` `compute.diskTypes.get` `compute.diskTypes.list` `compute.disks.addResourcePolicies` `compute.disks.create` `compute.disks.createSnapshot` `compute.disks.createTagBinding` `compute.disks.delete` `compute.disks.deleteTagBinding` `compute.disks.get` `compute.disks.getIamPolicy` `compute.disks.list` `compute.disks.listEffectiveTags` `compute.disks.listTagBindings` `compute.disks.removeResourcePolicies` `compute.disks.resize` `compute.disks.setIamPolicy` `compute.disks.setLabels` `compute.disks.startAsyncReplication` `compute.disks.stopAsyncReplication` `compute.disks.stopGroupAsyncReplication` `compute.disks.update` `compute.disks.use` `compute.disks.useReadOnly` `compute.externalVpnGateways.create` `compute.externalVpnGateways.createTagBinding` `compute.externalVpnGateways.delete` `compute.externalVpnGateways.deleteTagBinding` `compute.externalVpnGateways.get` `compute.externalVpnGateways.list` `compute.externalVpnGateways.listEffectiveTags` `compute.externalVpnGateways.listTagBindings` `compute.externalVpnGateways.setLabels` `compute.externalVpnGateways.use` `compute.firewallPolicies.cloneRules` `compute.firewallPolicies.copyRules` `compute.firewallPolicies.create` `compute.firewallPolicies.createTagBinding` `compute.firewallPolicies.delete` `compute.firewallPolicies.deleteTagBinding` `compute.firewallPolicies.get` `compute.firewallPolicies.getIamPolicy` `compute.firewallPolicies.list` `compute.firewallPolicies.listEffectiveTags` `compute.firewallPolicies.listTagBindings` `compute.firewallPolicies.move` `compute.firewallPolicies.setIamPolicy` `compute.firewallPolicies.update` `compute.firewallPolicies.use` `compute.firewalls.create` `compute.firewalls.createTagBinding` `compute.firewalls.delete` `compute.firewalls.deleteTagBinding` `compute.firewalls.get` `compute.firewalls.list` `compute.firewalls.listEffectiveTags` `compute.firewalls.listTagBindings` `compute.firewalls.update` `compute.forwardingRules.create` `compute.forwardingRules.createTagBinding` `compute.forwardingRules.delete` `compute.forwardingRules.deleteTagBinding` `compute.forwardingRules.get` `compute.forwardingRules.list` `compute.forwardingRules.listEffectiveTags` `compute.forwardingRules.listTagBindings` `compute.forwardingRules.pscCreate` `compute.forwardingRules.pscDelete` `compute.forwardingRules.pscSetLabels` `compute.forwardingRules.pscSetTarget` `compute.forwardingRules.pscUpdate` `compute.forwardingRules.setLabels` `compute.forwardingRules.setTarget` `compute.forwardingRules.update` `compute.forwardingRules.use` `compute.futureReservations.cancel` `compute.futureReservations.create` `compute.futureReservations.delete` `compute.futureReservations.get` `compute.futureReservations.getIamPolicy` `compute.futureReservations.list` `compute.futureReservations.setIamPolicy` `compute.futureReservations.update` `compute.globalAddresses.create` `compute.globalAddresses.createInternal` `compute.globalAddresses.createTagBinding` `compute.globalAddresses.delete` `compute.globalAddresses.deleteInternal` `compute.globalAddresses.deleteTagBinding` `compute.globalAddresses.get` `compute.globalAddresses.list` `compute.globalAddresses.listEffectiveTags` `compute.globalAddresses.listTagBindings` `compute.globalAddresses.setLabels` `compute.globalAddresses.use` `compute.globalForwardingRules.create` `compute.globalForwardingRules.createTagBinding` `compute.globalForwardingRules.delete` `compute.globalForwardingRules.deleteTagBinding` `compute.globalForwardingRules.get` `compute.globalForwardingRules.list` `compute.globalForwardingRules.listEffectiveTags` `compute.globalForwardingRules.listTagBindings` `compute.globalForwardingRules.pscCreate` `compute.globalForwardingRules.pscDelete` `compute.globalForwardingRules.pscGet` `compute.globalForwardingRules.pscSetLabels` `compute.globalForwardingRules.pscSetTarget` `compute.globalForwardingRules.pscUpdate` `compute.globalForwardingRules.setLabels` `compute.globalForwardingRules.setTarget` `compute.globalForwardingRules.update` `compute.globalNetworkEndpointGroups.attachNetworkEndpoints` `compute.globalNetworkEndpointGroups.create` `compute.globalNetworkEndpointGroups.createTagBinding` `compute.globalNetworkEndpointGroups.delete` `compute.globalNetworkEndpointGroups.deleteTagBinding` `compute.globalNetworkEndpointGroups.detachNetworkEndpoints` `compute.globalNetworkEndpointGroups.get` `compute.globalNetworkEndpointGroups.list` `compute.globalNetworkEndpointGroups.listEffectiveTags` `compute.globalNetworkEndpointGroups.listTagBindings` `compute.globalNetworkEndpointGroups.use` `compute.globalOperations.delete` `compute.globalOperations.get` `compute.globalOperations.getIamPolicy` `compute.globalOperations.list` `compute.globalOperations.setIamPolicy` `compute.globalPublicDelegatedPrefixes.create` `compute.globalPublicDelegatedPrefixes.delete` `compute.globalPublicDelegatedPrefixes.get` `compute.globalPublicDelegatedPrefixes.list` `compute.globalPublicDelegatedPrefixes.updatePolicy` `compute.healthChecks.create` `compute.healthChecks.createTagBinding` `compute.healthChecks.delete` `compute.healthChecks.deleteTagBinding` `compute.healthChecks.get` `compute.healthChecks.list` `compute.healthChecks.listEffectiveTags` `compute.healthChecks.listTagBindings` `compute.healthChecks.update` `compute.healthChecks.use` `compute.healthChecks.useReadOnly` `compute.httpHealthChecks.create` `compute.httpHealthChecks.createTagBinding` `compute.httpHealthChecks.delete` `compute.httpHealthChecks.deleteTagBinding` `compute.httpHealthChecks.get` `compute.httpHealthChecks.list` `compute.httpHealthChecks.listEffectiveTags` `compute.httpHealthChecks.listTagBindings` `compute.httpHealthChecks.update` `compute.httpHealthChecks.use` `compute.httpHealthChecks.useReadOnly` `compute.httpsHealthChecks.create` `compute.httpsHealthChecks.createTagBinding` `compute.httpsHealthChecks.delete` `compute.httpsHealthChecks.deleteTagBinding` `compute.httpsHealthChecks.get` `compute.httpsHealthChecks.list` `compute.httpsHealthChecks.listEffectiveTags` `compute.httpsHealthChecks.listTagBindings` `compute.httpsHealthChecks.update` `compute.httpsHealthChecks.use` `compute.httpsHealthChecks.useReadOnly` `compute.images.create` `compute.images.createTagBinding` `compute.images.delete` `compute.images.deleteTagBinding` `compute.images.deprecate` `compute.images.get` `compute.images.getFromFamily` `compute.images.getIamPolicy` `compute.images.list` `compute.images.listEffectiveTags` `compute.images.listTagBindings` `compute.images.setIamPolicy` `compute.images.setLabels` `compute.images.update` `compute.images.useReadOnly` `compute.instanceGroupManagers.create` `compute.instanceGroupManagers.createTagBinding` `compute.instanceGroupManagers.delete` `compute.instanceGroupManagers.deleteTagBinding` `compute.instanceGroupManagers.get` `compute.instanceGroupManagers.list` `compute.instanceGroupManagers.listEffectiveTags` `compute.instanceGroupManagers.listTagBindings` `compute.instanceGroupManagers.update` `compute.instanceGroupManagers.use` `compute.instanceGroups.create` `compute.instanceGroups.createTagBinding` `compute.instanceGroups.delete` `compute.instanceGroups.deleteTagBinding` `compute.instanceGroups.get` `compute.instanceGroups.list` `compute.instanceGroups.listEffectiveTags` `compute.instanceGroups.listTagBindings` `compute.instanceGroups.update` `compute.instanceGroups.use` `compute.instanceSettings.get` `compute.instanceSettings.update` `compute.instanceTemplates.create` `compute.instanceTemplates.delete` `compute.instanceTemplates.get` `compute.instanceTemplates.getIamPolicy` `compute.instanceTemplates.list` `compute.instanceTemplates.setIamPolicy` `compute.instanceTemplates.useReadOnly` `compute.instances.addAccessConfig` `compute.instances.addResourcePolicies` `compute.instances.attachDisk` `compute.instances.create` `compute.instances.createTagBinding` `compute.instances.delete` `compute.instances.deleteAccessConfig` `compute.instances.deleteTagBinding` `compute.instances.detachDisk` `compute.instances.get` `compute.instances.getEffectiveFirewalls` `compute.instances.getGuestAttributes` `compute.instances.getIamPolicy` `compute.instances.getScreenshot` `compute.instances.getSerialPortOutput` `compute.instances.getShieldedInstanceIdentity` `compute.instances.getShieldedVmIdentity` `compute.instances.list` `compute.instances.listEffectiveTags` `compute.instances.listReferrers` `compute.instances.listTagBindings` `compute.instances.osAdminLogin` `compute.instances.osLogin` `compute.instances.pscInterfaceCreate` `compute.instances.removeResourcePolicies` `compute.instances.reset` `compute.instances.resume` `compute.instances.sendDiagnosticInterrupt` `compute.instances.setDeletionProtection` `compute.instances.setDiskAutoDelete` `compute.instances.setIamPolicy` `compute.instances.setLabels` `compute.instances.setMachineResources` `compute.instances.setMachineType` `compute.instances.setMetadata` `compute.instances.setMinCpuPlatform` `compute.instances.setName` `compute.instances.setScheduling` `compute.instances.setSecurityPolicy` `compute.instances.setServiceAccount` `compute.instances.setShieldedInstanceIntegrityPolicy` `compute.instances.setShieldedVmIntegrityPolicy` `compute.instances.setTags` `compute.instances.simulateMaintenanceEvent` `compute.instances.start` `compute.instances.startWithEncryptionKey` `compute.instances.stop` `compute.instances.suspend` `compute.instances.update` `compute.instances.updateAccessConfig` `compute.instances.updateDisplayDevice` `compute.instances.updateNetworkInterface` `compute.instances.updateSecurity` `compute.instances.updateShieldedInstanceConfig` `compute.instances.updateShieldedVmConfig` `compute.instances.use` `compute.instances.useReadOnly` `compute.instantSnapshots.create` `compute.instantSnapshots.delete` `compute.instantSnapshots.export` `compute.instantSnapshots.get` `compute.instantSnapshots.getIamPolicy` `compute.instantSnapshots.list` `compute.instantSnapshots.setIamPolicy` `compute.instantSnapshots.setLabels` `compute.instantSnapshots.useReadOnly` `compute.interconnectAttachments.create` `compute.interconnectAttachments.createTagBinding` `compute.interconnectAttachments.delete` `compute.interconnectAttachments.deleteTagBinding` `compute.interconnectAttachments.get` `compute.interconnectAttachments.list` `compute.interconnectAttachments.listEffectiveTags` `compute.interconnectAttachments.listTagBindings` `compute.interconnectAttachments.setLabels` `compute.interconnectAttachments.update` `compute.interconnectAttachments.use` `compute.interconnectLocations.get` `compute.interconnectLocations.list` `compute.interconnectRemoteLocations.get` `compute.interconnectRemoteLocations.list` `compute.interconnects.create` `compute.interconnects.createTagBinding` `compute.interconnects.delete` `compute.interconnects.deleteTagBinding` `compute.interconnects.get` `compute.interconnects.getMacsecConfig` `compute.interconnects.list` `compute.interconnects.listEffectiveTags` `compute.interconnects.listTagBindings` `compute.interconnects.setLabels` `compute.interconnects.update` `compute.interconnects.use` `compute.licenseCodes.get` `compute.licenseCodes.getIamPolicy` `compute.licenseCodes.list` `compute.licenseCodes.setIamPolicy` `compute.licenseCodes.update` `compute.licenses.create` `compute.licenses.delete` `compute.licenses.get` `compute.licenses.getIamPolicy` `compute.licenses.list` `compute.licenses.setIamPolicy` `compute.machineImages.create` `compute.machineImages.delete` `compute.machineImages.get` `compute.machineImages.getIamPolicy` `compute.machineImages.list` `compute.machineImages.setIamPolicy` `compute.machineImages.useReadOnly` `compute.machineTypes.get` `compute.machineTypes.list` `compute.multiMig.create` `compute.multiMig.delete` `compute.multiMig.get` `compute.multiMig.list` `compute.networkAttachments.create` `compute.networkAttachments.createTagBinding` `compute.networkAttachments.delete` `compute.networkAttachments.deleteTagBinding` `compute.networkAttachments.get` `compute.networkAttachments.getIamPolicy` `compute.networkAttachments.list` `compute.networkAttachments.listEffectiveTags` `compute.networkAttachments.listTagBindings` `compute.networkAttachments.setIamPolicy` `compute.networkAttachments.update` `compute.networkEdgeSecurityServices.create` `compute.networkEdgeSecurityServices.createTagBinding` `compute.networkEdgeSecurityServices.delete` `compute.networkEdgeSecurityServices.deleteTagBinding` `compute.networkEdgeSecurityServices.get` `compute.networkEdgeSecurityServices.list` `compute.networkEdgeSecurityServices.listEffectiveTags` `compute.networkEdgeSecurityServices.listTagBindings` `compute.networkEdgeSecurityServices.update` `compute.networkEndpointGroups.attachNetworkEndpoints` `compute.networkEndpointGroups.create` `compute.networkEndpointGroups.createTagBinding` `compute.networkEndpointGroups.delete` `compute.networkEndpointGroups.deleteTagBinding` `compute.networkEndpointGroups.detachNetworkEndpoints` `compute.networkEndpointGroups.get` `compute.networkEndpointGroups.list` `compute.networkEndpointGroups.listEffectiveTags` `compute.networkEndpointGroups.listTagBindings` `compute.networkEndpointGroups.use` `compute.networkProfiles.get` `compute.networkProfiles.list` `compute.networks.access` `compute.networks.addPeering` `compute.networks.create` `compute.networks.createTagBinding` `compute.networks.delete` `compute.networks.deleteTagBinding` `compute.networks.get` `compute.networks.getEffectiveFirewalls` `compute.networks.getRegionEffectiveFirewalls` `compute.networks.list` `compute.networks.listEffectiveTags` `compute.networks.listPeeringRoutes` `compute.networks.listTagBindings` `compute.networks.mirror` `compute.networks.removePeering` `compute.networks.setFirewallPolicy` `compute.networks.switchToCustomMode` `compute.networks.update` `compute.networks.updatePeering` `compute.networks.updatePolicy` `compute.networks.use` `compute.networks.useExternalIp` `compute.nodeGroups.addNodes` `compute.nodeGroups.create` `compute.nodeGroups.delete` `compute.nodeGroups.deleteNodes` `compute.nodeGroups.get` `compute.nodeGroups.getIamPolicy` `compute.nodeGroups.list` `compute.nodeGroups.performMaintenance` `compute.nodeGroups.setIamPolicy` `compute.nodeGroups.setNodeTemplate` `compute.nodeGroups.simulateMaintenanceEvent` `compute.nodeGroups.update` `compute.nodeTemplates.create` `compute.nodeTemplates.delete` `compute.nodeTemplates.get` `compute.nodeTemplates.getIamPolicy` `compute.nodeTemplates.list` `compute.nodeTemplates.setIamPolicy` `compute.nodeTypes.get` `compute.nodeTypes.list` `compute.organizations.disableXpnHost` `compute.organizations.disableXpnResource` `compute.organizations.enableXpnHost` `compute.organizations.enableXpnResource` `compute.organizations.listAssociations` `compute.organizations.setFirewallPolicy` `compute.organizations.setSecurityPolicy` `compute.oslogin.updateExternalUser` `compute.packetMirrorings.create` `compute.packetMirrorings.createTagBinding` `compute.packetMirrorings.delete` `compute.packetMirrorings.deleteTagBinding` `compute.packetMirrorings.get` `compute.packetMirrorings.list` `compute.packetMirrorings.listEffectiveTags` `compute.packetMirrorings.listTagBindings` `compute.packetMirrorings.update` `compute.projects.get` `compute.projects.setCloudArmorTier` `compute.projects.setCommonInstanceMetadata` `compute.projects.setDefaultNetworkTier` `compute.projects.setDefaultServiceAccount` `compute.projects.setManagedProtectionTier` `compute.projects.setUsageExportBucket` `compute.publicAdvertisedPrefixes.create` `compute.publicAdvertisedPrefixes.delete` `compute.publicAdvertisedPrefixes.get` `compute.publicAdvertisedPrefixes.list` `compute.publicAdvertisedPrefixes.update` `compute.publicAdvertisedPrefixes.updatePolicy` `compute.publicDelegatedPrefixes.create` `compute.publicDelegatedPrefixes.createTagBinding` `compute.publicDelegatedPrefixes.delete` `compute.publicDelegatedPrefixes.deleteTagBinding` `compute.publicDelegatedPrefixes.get` `compute.publicDelegatedPrefixes.list` `compute.publicDelegatedPrefixes.listEffectiveTags` `compute.publicDelegatedPrefixes.listTagBindings` `compute.publicDelegatedPrefixes.update` `compute.publicDelegatedPrefixes.updatePolicy` `compute.publicDelegatedPrefixes.use` `compute.regionBackendServices.create` `compute.regionBackendServices.createTagBinding` `compute.regionBackendServices.delete` `compute.regionBackendServices.deleteTagBinding` `compute.regionBackendServices.get` `compute.regionBackendServices.getIamPolicy` `compute.regionBackendServices.list` `compute.regionBackendServices.listEffectiveTags` `compute.regionBackendServices.listTagBindings` `compute.regionBackendServices.setIamPolicy` `compute.regionBackendServices.setSecurityPolicy` `compute.regionBackendServices.update` `compute.regionBackendServices.use` `compute.regionFirewallPolicies.cloneRules` `compute.regionFirewallPolicies.create` `compute.regionFirewallPolicies.createTagBinding` `compute.regionFirewallPolicies.delete` `compute.regionFirewallPolicies.deleteTagBinding` `compute.regionFirewallPolicies.get` `compute.regionFirewallPolicies.getIamPolicy` `compute.regionFirewallPolicies.list` `compute.regionFirewallPolicies.listEffectiveTags` `compute.regionFirewallPolicies.listTagBindings` `compute.regionFirewallPolicies.setIamPolicy` `compute.regionFirewallPolicies.update` `compute.regionFirewallPolicies.use` `compute.regionHealthCheckServices.create` `compute.regionHealthCheckServices.delete` `compute.regionHealthCheckServices.get` `compute.regionHealthCheckServices.list` `compute.regionHealthCheckServices.update` `compute.regionHealthCheckServices.use` `compute.regionHealthChecks.create` `compute.regionHealthChecks.createTagBinding` `compute.regionHealthChecks.delete` `compute.regionHealthChecks.deleteTagBinding` `compute.regionHealthChecks.get` `compute.regionHealthChecks.list` `compute.regionHealthChecks.listEffectiveTags` `compute.regionHealthChecks.listTagBindings` `compute.regionHealthChecks.update` `compute.regionHealthChecks.use` `compute.regionHealthChecks.useReadOnly` `compute.regionNetworkEndpointGroups.attachNetworkEndpoints` `compute.regionNetworkEndpointGroups.create` `compute.regionNetworkEndpointGroups.createTagBinding` `compute.regionNetworkEndpointGroups.delete` `compute.regionNetworkEndpointGroups.deleteTagBinding` `compute.regionNetworkEndpointGroups.detachNetworkEndpoints` `compute.regionNetworkEndpointGroups.get` `compute.regionNetworkEndpointGroups.list` `compute.regionNetworkEndpointGroups.listEffectiveTags` `compute.regionNetworkEndpointGroups.listTagBindings` `compute.regionNetworkEndpointGroups.use` `compute.regionNotificationEndpoints.create` `compute.regionNotificationEndpoints.delete` `compute.regionNotificationEndpoints.get` `compute.regionNotificationEndpoints.list` `compute.regionNotificationEndpoints.update` `compute.regionNotificationEndpoints.use` `compute.regionOperations.delete` `compute.regionOperations.get` `compute.regionOperations.getIamPolicy` `compute.regionOperations.list` `compute.regionOperations.setIamPolicy` `compute.regionSecurityPolicies.create` `compute.regionSecurityPolicies.createTagBinding` `compute.regionSecurityPolicies.delete` `compute.regionSecurityPolicies.deleteTagBinding` `compute.regionSecurityPolicies.get` `compute.regionSecurityPolicies.list` `compute.regionSecurityPolicies.listEffectiveTags` `compute.regionSecurityPolicies.listTagBindings` `compute.regionSecurityPolicies.update` `compute.regionSecurityPolicies.use` `compute.regionSslCertificates.create` `compute.regionSslCertificates.createTagBinding` `compute.regionSslCertificates.delete` `compute.regionSslCertificates.deleteTagBinding` `compute.regionSslCertificates.get` `compute.regionSslCertificates.list` `compute.regionSslCertificates.listEffectiveTags` `compute.regionSslCertificates.listTagBindings` `compute.regionSslPolicies.create` `compute.regionSslPolicies.createTagBinding` `compute.regionSslPolicies.delete` `compute.regionSslPolicies.deleteTagBinding` `compute.regionSslPolicies.get` `compute.regionSslPolicies.list` `compute.regionSslPolicies.listAvailableFeatures` `compute.regionSslPolicies.listEffectiveTags` `compute.regionSslPolicies.listTagBindings` `compute.regionSslPolicies.update` `compute.regionSslPolicies.use` `compute.regionTargetHttpProxies.create` `compute.regionTargetHttpProxies.createTagBinding` `compute.regionTargetHttpProxies.delete` `compute.regionTargetHttpProxies.deleteTagBinding` `compute.regionTargetHttpProxies.get` `compute.regionTargetHttpProxies.list` `compute.regionTargetHttpProxies.listEffectiveTags` `compute.regionTargetHttpProxies.listTagBindings` `compute.regionTargetHttpProxies.setUrlMap` `compute.regionTargetHttpProxies.use` `compute.regionTargetHttpsProxies.create` `compute.regionTargetHttpsProxies.createTagBinding` `compute.regionTargetHttpsProxies.delete` `compute.regionTargetHttpsProxies.deleteTagBinding` `compute.regionTargetHttpsProxies.get` `compute.regionTargetHttpsProxies.list` `compute.regionTargetHttpsProxies.listEffectiveTags` `compute.regionTargetHttpsProxies.listTagBindings` `compute.regionTargetHttpsProxies.setSslCertificates` `compute.regionTargetHttpsProxies.setUrlMap` `compute.regionTargetHttpsProxies.update` `compute.regionTargetHttpsProxies.use` `compute.regionTargetTcpProxies.create` `compute.regionTargetTcpProxies.createTagBinding` `compute.regionTargetTcpProxies.delete` `compute.regionTargetTcpProxies.deleteTagBinding` `compute.regionTargetTcpProxies.get` `compute.regionTargetTcpProxies.list` `compute.regionTargetTcpProxies.listEffectiveTags` `compute.regionTargetTcpProxies.listTagBindings` `compute.regionTargetTcpProxies.use` `compute.regionUrlMaps.create` `compute.regionUrlMaps.createTagBinding` `compute.regionUrlMaps.delete` `compute.regionUrlMaps.deleteTagBinding` `compute.regionUrlMaps.get` `compute.regionUrlMaps.invalidateCache` `compute.regionUrlMaps.list` `compute.regionUrlMaps.listEffectiveTags` `compute.regionUrlMaps.listTagBindings` `compute.regionUrlMaps.update` `compute.regionUrlMaps.use` `compute.regionUrlMaps.validate` `compute.regions.get` `compute.regions.list` `compute.reservations.create` `compute.reservations.delete` `compute.reservations.get` `compute.reservations.list` `compute.reservations.resize` `compute.reservations.update` `compute.resourcePolicies.create` `compute.resourcePolicies.delete` `compute.resourcePolicies.get` `compute.resourcePolicies.getIamPolicy` `compute.resourcePolicies.list` `compute.resourcePolicies.setIamPolicy` `compute.resourcePolicies.update` `compute.resourcePolicies.use` `compute.resourcePolicies.useReadOnly` `compute.routers.create` `compute.routers.createTagBinding` `compute.routers.delete` `compute.routers.deleteRoutePolicy` `compute.routers.deleteTagBinding` `compute.routers.get` `compute.routers.getRoutePolicy` `compute.routers.list` `compute.routers.listBgpRoutes` `compute.routers.listEffectiveTags` `compute.routers.listRoutePolicies` `compute.routers.listTagBindings` `compute.routers.update` `compute.routers.updateRoutePolicy` `compute.routers.use` `compute.routes.create` `compute.routes.createTagBinding` `compute.routes.delete` `compute.routes.deleteTagBinding` `compute.routes.get` `compute.routes.list` `compute.routes.listEffectiveTags` `compute.routes.listTagBindings` `compute.securityPolicies.addAssociation` `compute.securityPolicies.copyRules` `compute.securityPolicies.create` `compute.securityPolicies.createTagBinding` `compute.securityPolicies.delete` `compute.securityPolicies.deleteTagBinding` `compute.securityPolicies.get` `compute.securityPolicies.list` `compute.securityPolicies.listEffectiveTags` `compute.securityPolicies.listTagBindings` `compute.securityPolicies.move` `compute.securityPolicies.removeAssociation` `compute.securityPolicies.setLabels` `compute.securityPolicies.update` `compute.securityPolicies.use` `compute.serviceAttachments.create` `compute.serviceAttachments.createTagBinding` `compute.serviceAttachments.delete` `compute.serviceAttachments.deleteTagBinding` `compute.serviceAttachments.get` `compute.serviceAttachments.getIamPolicy` `compute.serviceAttachments.list` `compute.serviceAttachments.listEffectiveTags` `compute.serviceAttachments.listTagBindings` `compute.serviceAttachments.setIamPolicy` `compute.serviceAttachments.update` `compute.serviceAttachments.use` `compute.snapshotSettings.get` `compute.snapshotSettings.update` `compute.snapshots.create` `compute.snapshots.createTagBinding` `compute.snapshots.delete` `compute.snapshots.deleteTagBinding` `compute.snapshots.get` `compute.snapshots.getIamPolicy` `compute.snapshots.list` `compute.snapshots.listEffectiveTags` `compute.snapshots.listTagBindings` `compute.snapshots.setIamPolicy` `compute.snapshots.setLabels` `compute.snapshots.useReadOnly` `compute.sslCertificates.create` `compute.sslCertificates.createTagBinding` `compute.sslCertificates.delete` `compute.sslCertificates.deleteTagBinding` `compute.sslCertificates.get` `compute.sslCertificates.list` `compute.sslCertificates.listEffectiveTags` `compute.sslCertificates.listTagBindings` `compute.sslPolicies.create` `compute.sslPolicies.createTagBinding` `compute.sslPolicies.delete` `compute.sslPolicies.deleteTagBinding` `compute.sslPolicies.get` `compute.sslPolicies.list` `compute.sslPolicies.listAvailableFeatures` `compute.sslPolicies.listEffectiveTags` `compute.sslPolicies.listTagBindings` `compute.sslPolicies.update` `compute.sslPolicies.use` `compute.storagePools.create` `compute.storagePools.delete` `compute.storagePools.get` `compute.storagePools.getIamPolicy` `compute.storagePools.list` `compute.storagePools.setIamPolicy` `compute.storagePools.update` `compute.storagePools.use` `compute.subnetworks.create` `compute.subnetworks.createTagBinding` `compute.subnetworks.delete` `compute.subnetworks.deleteTagBinding` `compute.subnetworks.expandIpCidrRange` `compute.subnetworks.get` `compute.subnetworks.getIamPolicy` `compute.subnetworks.list` `compute.subnetworks.listEffectiveTags` `compute.subnetworks.listTagBindings` `compute.subnetworks.mirror` `compute.subnetworks.setIamPolicy` `compute.subnetworks.setPrivateIpGoogleAccess` `compute.subnetworks.update` `compute.subnetworks.use` `compute.subnetworks.useExternalIp` `compute.targetGrpcProxies.create` `compute.targetGrpcProxies.createTagBinding` `compute.targetGrpcProxies.delete` `compute.targetGrpcProxies.deleteTagBinding` `compute.targetGrpcProxies.get` `compute.targetGrpcProxies.list` `compute.targetGrpcProxies.listEffectiveTags` `compute.targetGrpcProxies.listTagBindings` `compute.targetGrpcProxies.update` `compute.targetGrpcProxies.use` `compute.targetHttpProxies.create` `compute.targetHttpProxies.createTagBinding` `compute.targetHttpProxies.delete` `compute.targetHttpProxies.deleteTagBinding` `compute.targetHttpProxies.get` `compute.targetHttpProxies.list` `compute.targetHttpProxies.listEffectiveTags` `compute.targetHttpProxies.listTagBindings` `compute.targetHttpProxies.setUrlMap` `compute.targetHttpProxies.update` `compute.targetHttpProxies.use` `compute.targetHttpsProxies.create` `compute.targetHttpsProxies.createTagBinding` `compute.targetHttpsProxies.delete` `compute.targetHttpsProxies.deleteTagBinding` `compute.targetHttpsProxies.get` `compute.targetHttpsProxies.list` `compute.targetHttpsProxies.listEffectiveTags` `compute.targetHttpsProxies.listTagBindings` `compute.targetHttpsProxies.setCertificateMap` `compute.targetHttpsProxies.setQuicOverride` `compute.targetHttpsProxies.setSslCertificates` `compute.targetHttpsProxies.setSslPolicy` `compute.targetHttpsProxies.setUrlMap` `compute.targetHttpsProxies.update` `compute.targetHttpsProxies.use` `compute.targetInstances.create` `compute.targetInstances.createTagBinding` `compute.targetInstances.delete` `compute.targetInstances.deleteTagBinding` `compute.targetInstances.get` `compute.targetInstances.list` `compute.targetInstances.listEffectiveTags` `compute.targetInstances.listTagBindings` `compute.targetInstances.setSecurityPolicy` `compute.targetInstances.use` `compute.targetPools.addHealthCheck` `compute.targetPools.addInstance` `compute.targetPools.create` `compute.targetPools.createTagBinding` `compute.targetPools.delete` `compute.targetPools.deleteTagBinding` `compute.targetPools.get` `compute.targetPools.list` `compute.targetPools.listEffectiveTags` `compute.targetPools.listTagBindings` `compute.targetPools.removeHealthCheck` `compute.targetPools.removeInstance` `compute.targetPools.setSecurityPolicy` `compute.targetPools.update` `compute.targetPools.use` `compute.targetSslProxies.create` `compute.targetSslProxies.createTagBinding` `compute.targetSslProxies.delete` `compute.targetSslProxies.deleteTagBinding` `compute.targetSslProxies.get` `compute.targetSslProxies.list` `compute.targetSslProxies.listEffectiveTags` `compute.targetSslProxies.listTagBindings` `compute.targetSslProxies.setBackendService` `compute.targetSslProxies.setCertificateMap` `compute.targetSslProxies.setProxyHeader` `compute.targetSslProxies.setSslCertificates` `compute.targetSslProxies.setSslPolicy` `compute.targetSslProxies.update` `compute.targetSslProxies.use` `compute.targetTcpProxies.create` `compute.targetTcpProxies.createTagBinding` `compute.targetTcpProxies.delete` `compute.targetTcpProxies.deleteTagBinding` `compute.targetTcpProxies.get` `compute.targetTcpProxies.list` `compute.targetTcpProxies.listEffectiveTags` `compute.targetTcpProxies.listTagBindings` `compute.targetTcpProxies.update` `compute.targetTcpProxies.use` `compute.targetVpnGateways.create` `compute.targetVpnGateways.createTagBinding` `compute.targetVpnGateways.delete` `compute.targetVpnGateways.deleteTagBinding` `compute.targetVpnGateways.get` `compute.targetVpnGateways.list` `compute.targetVpnGateways.listEffectiveTags` `compute.targetVpnGateways.listTagBindings` `compute.targetVpnGateways.setLabels` `compute.targetVpnGateways.use` `compute.urlMaps.create` `compute.urlMaps.createTagBinding` `compute.urlMaps.delete` `compute.urlMaps.deleteTagBinding` `compute.urlMaps.get` `compute.urlMaps.invalidateCache` `compute.urlMaps.list` `compute.urlMaps.listEffectiveTags` `compute.urlMaps.listTagBindings` `compute.urlMaps.update` `compute.urlMaps.use` `compute.urlMaps.validate` `compute.vpnGateways.create` `compute.vpnGateways.createTagBinding` `compute.vpnGateways.delete` `compute.vpnGateways.deleteTagBinding` `compute.vpnGateways.get` `compute.vpnGateways.list` `compute.vpnGateways.listEffectiveTags` `compute.vpnGateways.listTagBindings` `compute.vpnGateways.setLabels` `compute.vpnGateways.use` `compute.vpnTunnels.create` `compute.vpnTunnels.createTagBinding` `compute.vpnTunnels.delete` `compute.vpnTunnels.deleteTagBinding` `compute.vpnTunnels.get` `compute.vpnTunnels.list` `compute.vpnTunnels.listEffectiveTags` `compute.vpnTunnels.listTagBindings` `compute.vpnTunnels.setLabels` `compute.zoneOperations.delete` `compute.zoneOperations.get` `compute.zoneOperations.getIamPolicy` `compute.zoneOperations.list` `compute.zoneOperations.setIamPolicy` `compute.zones.get` `compute.zones.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list`

Compute Admin

(roles/compute.admin)

Full control of all Compute Engine resources.

If the user will be managing virtual machine instances that are configured to run as a service account, you must also grant the roles/iam.serviceAccountUser role.

Lowest-level resources where you can grant this role:

Disk
Image
Instance
Instance template
Node group
Node template
Snapshot

backupdr.backupPlanAssociations.createForComputeInstance

backupdr.backupPlanAssociations.deleteForComputeInstance

backupdr.backupPlanAssociations.list

backupdr.backupPlanAssociations.triggerBackupForComputeInstance

backupdr.backupPlans.useForComputeInstance

compute.*

compute.acceleratorTypes.get
compute.acceleratorTypes.list
compute.addresses.create
compute.addresses.createInternal
compute.addresses.createTagBinding
compute.addresses.delete
compute.addresses.deleteInternal
compute.addresses.deleteTagBinding
compute.addresses.get
compute.addresses.list
compute.addresses.listEffectiveTags
compute.addresses.listTagBindings
compute.addresses.setLabels
compute.addresses.use
compute.addresses.useInternal
compute.autoscalers.create
compute.autoscalers.delete
compute.autoscalers.get
compute.autoscalers.list
compute.autoscalers.update
compute.backendBuckets.addSignedUrlKey
compute.backendBuckets.create
compute.backendBuckets.createTagBinding
compute.backendBuckets.delete
compute.backendBuckets.deleteSignedUrlKey
compute.backendBuckets.deleteTagBinding
compute.backendBuckets.get
compute.backendBuckets.getIamPolicy
compute.backendBuckets.list
compute.backendBuckets.listEffectiveTags
compute.backendBuckets.listTagBindings
compute.backendBuckets.setIamPolicy
compute.backendBuckets.setSecurityPolicy
compute.backendBuckets.update
compute.backendBuckets.use
compute.backendServices.addSignedUrlKey
compute.backendServices.create
compute.backendServices.createTagBinding
compute.backendServices.delete
compute.backendServices.deleteSignedUrlKey
compute.backendServices.deleteTagBinding
compute.backendServices.get
compute.backendServices.getIamPolicy
compute.backendServices.list
compute.backendServices.listEffectiveTags
compute.backendServices.listTagBindings
compute.backendServices.setIamPolicy
compute.backendServices.setSecurityPolicy
compute.backendServices.update
compute.backendServices.use
compute.commitments.create
compute.commitments.get
compute.commitments.list
compute.commitments.update
compute.commitments.updateReservations
compute.diskTypes.get
compute.diskTypes.list
compute.disks.addResourcePolicies
compute.disks.create
compute.disks.createSnapshot
compute.disks.createTagBinding
compute.disks.delete
compute.disks.deleteTagBinding
compute.disks.get
compute.disks.getIamPolicy
compute.disks.list
compute.disks.listEffectiveTags
compute.disks.listTagBindings
compute.disks.removeResourcePolicies
compute.disks.resize
compute.disks.setIamPolicy
compute.disks.setLabels
compute.disks.startAsyncReplication
compute.disks.stopAsyncReplication
compute.disks.stopGroupAsyncReplication
compute.disks.update
compute.disks.use
compute.disks.useReadOnly
compute.externalVpnGateways.create
compute.externalVpnGateways.createTagBinding
compute.externalVpnGateways.delete
compute.externalVpnGateways.deleteTagBinding
compute.externalVpnGateways.get
compute.externalVpnGateways.list
compute.externalVpnGateways.listEffectiveTags
compute.externalVpnGateways.listTagBindings
compute.externalVpnGateways.setLabels
compute.externalVpnGateways.use
compute.firewallPolicies.cloneRules
compute.firewallPolicies.copyRules
compute.firewallPolicies.create
compute.firewallPolicies.createTagBinding
compute.firewallPolicies.delete
compute.firewallPolicies.deleteTagBinding
compute.firewallPolicies.get
compute.firewallPolicies.getIamPolicy
compute.firewallPolicies.list
compute.firewallPolicies.listEffectiveTags
compute.firewallPolicies.listTagBindings
compute.firewallPolicies.move
compute.firewallPolicies.setIamPolicy
compute.firewallPolicies.update
compute.firewallPolicies.use
compute.firewalls.create
compute.firewalls.createTagBinding
compute.firewalls.delete
compute.firewalls.deleteTagBinding
compute.firewalls.get
compute.firewalls.list
compute.firewalls.listEffectiveTags
compute.firewalls.listTagBindings
compute.firewalls.update
compute.forwardingRules.create
compute.forwardingRules.createTagBinding
compute.forwardingRules.delete
compute.forwardingRules.deleteTagBinding
compute.forwardingRules.get
compute.forwardingRules.list
compute.forwardingRules.listEffectiveTags
compute.forwardingRules.listTagBindings
compute.forwardingRules.pscCreate
compute.forwardingRules.pscDelete
compute.forwardingRules.pscSetLabels
compute.forwardingRules.pscSetTarget
compute.forwardingRules.pscUpdate
compute.forwardingRules.setLabels
compute.forwardingRules.setTarget
compute.forwardingRules.update
compute.forwardingRules.use
compute.futureReservations.cancel
compute.futureReservations.create
compute.futureReservations.delete
compute.futureReservations.get
compute.futureReservations.getIamPolicy
compute.futureReservations.list
compute.futureReservations.setIamPolicy
compute.futureReservations.update
compute.globalAddresses.create
compute.globalAddresses.createInternal
compute.globalAddresses.createTagBinding
compute.globalAddresses.delete
compute.globalAddresses.deleteInternal
compute.globalAddresses.deleteTagBinding
compute.globalAddresses.get
compute.globalAddresses.list
compute.globalAddresses.listEffectiveTags
compute.globalAddresses.listTagBindings
compute.globalAddresses.setLabels
compute.globalAddresses.use
compute.globalForwardingRules.create
compute.globalForwardingRules.createTagBinding
compute.globalForwardingRules.delete
compute.globalForwardingRules.deleteTagBinding
compute.globalForwardingRules.get
compute.globalForwardingRules.list
compute.globalForwardingRules.listEffectiveTags
compute.globalForwardingRules.listTagBindings
compute.globalForwardingRules.pscCreate
compute.globalForwardingRules.pscDelete
compute.globalForwardingRules.pscGet
compute.globalForwardingRules.pscSetLabels
compute.globalForwardingRules.pscSetTarget
compute.globalForwardingRules.pscUpdate
compute.globalForwardingRules.setLabels
compute.globalForwardingRules.setTarget
compute.globalForwardingRules.update
compute.globalNetworkEndpointGroups.attachNetworkEndpoints
compute.globalNetworkEndpointGroups.create
compute.globalNetworkEndpointGroups.createTagBinding
compute.globalNetworkEndpointGroups.delete
compute.globalNetworkEndpointGroups.deleteTagBinding
compute.globalNetworkEndpointGroups.detachNetworkEndpoints
compute.globalNetworkEndpointGroups.get
compute.globalNetworkEndpointGroups.list
compute.globalNetworkEndpointGroups.listEffectiveTags
compute.globalNetworkEndpointGroups.listTagBindings
compute.globalNetworkEndpointGroups.use
compute.globalOperations.delete
compute.globalOperations.get
compute.globalOperations.getIamPolicy
compute.globalOperations.list
compute.globalOperations.setIamPolicy
compute.globalPublicDelegatedPrefixes.create
compute.globalPublicDelegatedPrefixes.delete
compute.globalPublicDelegatedPrefixes.get
compute.globalPublicDelegatedPrefixes.list
compute.globalPublicDelegatedPrefixes.updatePolicy
compute.healthChecks.create
compute.healthChecks.createTagBinding
compute.healthChecks.delete
compute.healthChecks.deleteTagBinding
compute.healthChecks.get
compute.healthChecks.list
compute.healthChecks.listEffectiveTags
compute.healthChecks.listTagBindings
compute.healthChecks.update
compute.healthChecks.use
compute.healthChecks.useReadOnly
compute.httpHealthChecks.create
compute.httpHealthChecks.createTagBinding
compute.httpHealthChecks.delete
compute.httpHealthChecks.deleteTagBinding
compute.httpHealthChecks.get
compute.httpHealthChecks.list
compute.httpHealthChecks.listEffectiveTags
compute.httpHealthChecks.listTagBindings
compute.httpHealthChecks.update
compute.httpHealthChecks.use
compute.httpHealthChecks.useReadOnly
compute.httpsHealthChecks.create
compute.httpsHealthChecks.createTagBinding
compute.httpsHealthChecks.delete
compute.httpsHealthChecks.deleteTagBinding
compute.httpsHealthChecks.get
compute.httpsHealthChecks.list
compute.httpsHealthChecks.listEffectiveTags
compute.httpsHealthChecks.listTagBindings
compute.httpsHealthChecks.update
compute.httpsHealthChecks.use
compute.httpsHealthChecks.useReadOnly
compute.images.create
compute.images.createTagBinding
compute.images.delete
compute.images.deleteTagBinding
compute.images.deprecate
compute.images.get
compute.images.getFromFamily
compute.images.getIamPolicy
compute.images.list
compute.images.listEffectiveTags
compute.images.listTagBindings
compute.images.setIamPolicy
compute.images.setLabels
compute.images.update
compute.images.useReadOnly
compute.instanceGroupManagers.create
compute.instanceGroupManagers.createTagBinding
compute.instanceGroupManagers.delete
compute.instanceGroupManagers.deleteTagBinding
compute.instanceGroupManagers.get
compute.instanceGroupManagers.list
compute.instanceGroupManagers.listEffectiveTags
compute.instanceGroupManagers.listTagBindings
compute.instanceGroupManagers.update
compute.instanceGroupManagers.use
compute.instanceGroups.create
compute.instanceGroups.createTagBinding
compute.instanceGroups.delete
compute.instanceGroups.deleteTagBinding
compute.instanceGroups.get
compute.instanceGroups.list
compute.instanceGroups.listEffectiveTags
compute.instanceGroups.listTagBindings
compute.instanceGroups.update
compute.instanceGroups.use
compute.instanceSettings.get
compute.instanceSettings.update
compute.instanceTemplates.create
compute.instanceTemplates.delete
compute.instanceTemplates.get
compute.instanceTemplates.getIamPolicy
compute.instanceTemplates.list
compute.instanceTemplates.setIamPolicy
compute.instanceTemplates.useReadOnly
compute.instances.addAccessConfig
compute.instances.addResourcePolicies
compute.instances.attachDisk
compute.instances.create
compute.instances.createTagBinding
compute.instances.delete
compute.instances.deleteAccessConfig
compute.instances.deleteTagBinding
compute.instances.detachDisk
compute.instances.get
compute.instances.getEffectiveFirewalls
compute.instances.getGuestAttributes
compute.instances.getIamPolicy
compute.instances.getScreenshot
compute.instances.getSerialPortOutput
compute.instances.getShieldedInstanceIdentity
compute.instances.getShieldedVmIdentity
compute.instances.list
compute.instances.listEffectiveTags
compute.instances.listReferrers
compute.instances.listTagBindings
compute.instances.osAdminLogin
compute.instances.osLogin
compute.instances.pscInterfaceCreate
compute.instances.removeResourcePolicies
compute.instances.reset
compute.instances.resume
compute.instances.sendDiagnosticInterrupt
compute.instances.setDeletionProtection
compute.instances.setDiskAutoDelete
compute.instances.setIamPolicy
compute.instances.setLabels
compute.instances.setMachineResources
compute.instances.setMachineType
compute.instances.setMetadata
compute.instances.setMinCpuPlatform
compute.instances.setName
compute.instances.setScheduling
compute.instances.setSecurityPolicy
compute.instances.setServiceAccount
compute.instances.setShieldedInstanceIntegrityPolicy
compute.instances.setShieldedVmIntegrityPolicy
compute.instances.setTags
compute.instances.simulateMaintenanceEvent
compute.instances.start
compute.instances.startWithEncryptionKey
compute.instances.stop
compute.instances.suspend
compute.instances.update
compute.instances.updateAccessConfig
compute.instances.updateDisplayDevice
compute.instances.updateNetworkInterface
compute.instances.updateSecurity
compute.instances.updateShieldedInstanceConfig
compute.instances.updateShieldedVmConfig
compute.instances.use
compute.instances.useReadOnly
compute.instantSnapshots.create
compute.instantSnapshots.delete
compute.instantSnapshots.export
compute.instantSnapshots.get
compute.instantSnapshots.getIamPolicy
compute.instantSnapshots.list
compute.instantSnapshots.setIamPolicy
compute.instantSnapshots.setLabels
compute.instantSnapshots.useReadOnly
compute.interconnectAttachments.create
compute.interconnectAttachments.createTagBinding
compute.interconnectAttachments.delete
compute.interconnectAttachments.deleteTagBinding
compute.interconnectAttachments.get
compute.interconnectAttachments.list
compute.interconnectAttachments.listEffectiveTags
compute.interconnectAttachments.listTagBindings
compute.interconnectAttachments.setLabels
compute.interconnectAttachments.update
compute.interconnectAttachments.use
compute.interconnectLocations.get
compute.interconnectLocations.list
compute.interconnectRemoteLocations.get
compute.interconnectRemoteLocations.list
compute.interconnects.create
compute.interconnects.createTagBinding
compute.interconnects.delete
compute.interconnects.deleteTagBinding
compute.interconnects.get
compute.interconnects.getMacsecConfig
compute.interconnects.list
compute.interconnects.listEffectiveTags
compute.interconnects.listTagBindings
compute.interconnects.setLabels
compute.interconnects.update
compute.interconnects.use
compute.licenseCodes.get
compute.licenseCodes.getIamPolicy
compute.licenseCodes.list
compute.licenseCodes.setIamPolicy
compute.licenseCodes.update
compute.licenses.create
compute.licenses.delete
compute.licenses.get
compute.licenses.getIamPolicy
compute.licenses.list
compute.licenses.setIamPolicy
compute.machineImages.create
compute.machineImages.delete
compute.machineImages.get
compute.machineImages.getIamPolicy
compute.machineImages.list
compute.machineImages.setIamPolicy
compute.machineImages.useReadOnly
compute.machineTypes.get
compute.machineTypes.list
compute.multiMig.create
compute.multiMig.delete
compute.multiMig.get
compute.multiMig.list
compute.networkAttachments.create
compute.networkAttachments.createTagBinding
compute.networkAttachments.delete
compute.networkAttachments.deleteTagBinding
compute.networkAttachments.get
compute.networkAttachments.getIamPolicy
compute.networkAttachments.list
compute.networkAttachments.listEffectiveTags
compute.networkAttachments.listTagBindings
compute.networkAttachments.setIamPolicy
compute.networkAttachments.update
compute.networkEdgeSecurityServices.create
compute.networkEdgeSecurityServices.createTagBinding
compute.networkEdgeSecurityServices.delete
compute.networkEdgeSecurityServices.deleteTagBinding
compute.networkEdgeSecurityServices.get
compute.networkEdgeSecurityServices.list
compute.networkEdgeSecurityServices.listEffectiveTags
compute.networkEdgeSecurityServices.listTagBindings
compute.networkEdgeSecurityServices.update
compute.networkEndpointGroups.attachNetworkEndpoints
compute.networkEndpointGroups.create
compute.networkEndpointGroups.createTagBinding
compute.networkEndpointGroups.delete
compute.networkEndpointGroups.deleteTagBinding
compute.networkEndpointGroups.detachNetworkEndpoints
compute.networkEndpointGroups.get
compute.networkEndpointGroups.list
compute.networkEndpointGroups.listEffectiveTags
compute.networkEndpointGroups.listTagBindings
compute.networkEndpointGroups.use
compute.networkProfiles.get
compute.networkProfiles.list
compute.networks.access
compute.networks.addPeering
compute.networks.create
compute.networks.createTagBinding
compute.networks.delete
compute.networks.deleteTagBinding
compute.networks.get
compute.networks.getEffectiveFirewalls
compute.networks.getRegionEffectiveFirewalls
compute.networks.list
compute.networks.listEffectiveTags
compute.networks.listPeeringRoutes
compute.networks.listTagBindings
compute.networks.mirror
compute.networks.removePeering
compute.networks.setFirewallPolicy
compute.networks.switchToCustomMode
compute.networks.update
compute.networks.updatePeering
compute.networks.updatePolicy
compute.networks.use
compute.networks.useExternalIp
compute.nodeGroups.addNodes
compute.nodeGroups.create
compute.nodeGroups.delete
compute.nodeGroups.deleteNodes
compute.nodeGroups.get
compute.nodeGroups.getIamPolicy
compute.nodeGroups.list
compute.nodeGroups.performMaintenance
compute.nodeGroups.setIamPolicy
compute.nodeGroups.setNodeTemplate
compute.nodeGroups.simulateMaintenanceEvent
compute.nodeGroups.update
compute.nodeTemplates.create
compute.nodeTemplates.delete
compute.nodeTemplates.get
compute.nodeTemplates.getIamPolicy
compute.nodeTemplates.list
compute.nodeTemplates.setIamPolicy
compute.nodeTypes.get
compute.nodeTypes.list
compute.organizations.disableXpnHost
compute.organizations.disableXpnResource
compute.organizations.enableXpnHost
compute.organizations.enableXpnResource
compute.organizations.listAssociations
compute.organizations.setFirewallPolicy
compute.organizations.setSecurityPolicy
compute.oslogin.updateExternalUser
compute.packetMirrorings.create
compute.packetMirrorings.createTagBinding
compute.packetMirrorings.delete
compute.packetMirrorings.deleteTagBinding
compute.packetMirrorings.get
compute.packetMirrorings.list
compute.packetMirrorings.listEffectiveTags
compute.packetMirrorings.listTagBindings
compute.packetMirrorings.update
compute.projects.get
compute.projects.setCloudArmorTier
compute.projects.setCommonInstanceMetadata
compute.projects.setDefaultNetworkTier
compute.projects.setDefaultServiceAccount
compute.projects.setManagedProtectionTier
compute.projects.setUsageExportBucket
compute.publicAdvertisedPrefixes.create
compute.publicAdvertisedPrefixes.delete
compute.publicAdvertisedPrefixes.get
compute.publicAdvertisedPrefixes.list
compute.publicAdvertisedPrefixes.update
compute.publicAdvertisedPrefixes.updatePolicy
compute.publicDelegatedPrefixes.create
compute.publicDelegatedPrefixes.createTagBinding
compute.publicDelegatedPrefixes.delete
compute.publicDelegatedPrefixes.deleteTagBinding
compute.publicDelegatedPrefixes.get
compute.publicDelegatedPrefixes.list
compute.publicDelegatedPrefixes.listEffectiveTags
compute.publicDelegatedPrefixes.listTagBindings
compute.publicDelegatedPrefixes.update
compute.publicDelegatedPrefixes.updatePolicy
compute.publicDelegatedPrefixes.use
compute.regionBackendServices.create
compute.regionBackendServices.createTagBinding
compute.regionBackendServices.delete
compute.regionBackendServices.deleteTagBinding
compute.regionBackendServices.get
compute.regionBackendServices.getIamPolicy
compute.regionBackendServices.list
compute.regionBackendServices.listEffectiveTags
compute.regionBackendServices.listTagBindings
compute.regionBackendServices.setIamPolicy
compute.regionBackendServices.setSecurityPolicy
compute.regionBackendServices.update
compute.regionBackendServices.use
compute.regionFirewallPolicies.cloneRules
compute.regionFirewallPolicies.create
compute.regionFirewallPolicies.createTagBinding
compute.regionFirewallPolicies.delete
compute.regionFirewallPolicies.deleteTagBinding
compute.regionFirewallPolicies.get
compute.regionFirewallPolicies.getIamPolicy
compute.regionFirewallPolicies.list
compute.regionFirewallPolicies.listEffectiveTags
compute.regionFirewallPolicies.listTagBindings
compute.regionFirewallPolicies.setIamPolicy
compute.regionFirewallPolicies.update
compute.regionFirewallPolicies.use
compute.regionHealthCheckServices.create
compute.regionHealthCheckServices.delete
compute.regionHealthCheckServices.get
compute.regionHealthCheckServices.list
compute.regionHealthCheckServices.update
compute.regionHealthCheckServices.use
compute.regionHealthChecks.create
compute.regionHealthChecks.createTagBinding
compute.regionHealthChecks.delete
compute.regionHealthChecks.deleteTagBinding
compute.regionHealthChecks.get
compute.regionHealthChecks.list
compute.regionHealthChecks.listEffectiveTags
compute.regionHealthChecks.listTagBindings
compute.regionHealthChecks.update
compute.regionHealthChecks.use
compute.regionHealthChecks.useReadOnly
compute.regionNetworkEndpointGroups.attachNetworkEndpoints
compute.regionNetworkEndpointGroups.create
compute.regionNetworkEndpointGroups.createTagBinding
compute.regionNetworkEndpointGroups.delete
compute.regionNetworkEndpointGroups.deleteTagBinding
compute.regionNetworkEndpointGroups.detachNetworkEndpoints
compute.regionNetworkEndpointGroups.get
compute.regionNetworkEndpointGroups.list
compute.regionNetworkEndpointGroups.listEffectiveTags
compute.regionNetworkEndpointGroups.listTagBindings
compute.regionNetworkEndpointGroups.use
compute.regionNotificationEndpoints.create
compute.regionNotificationEndpoints.delete
compute.regionNotificationEndpoints.get
compute.regionNotificationEndpoints.list
compute.regionNotificationEndpoints.update
compute.regionNotificationEndpoints.use
compute.regionOperations.delete
compute.regionOperations.get
compute.regionOperations.getIamPolicy
compute.regionOperations.list
compute.regionOperations.setIamPolicy
compute.regionSecurityPolicies.create
compute.regionSecurityPolicies.createTagBinding
compute.regionSecurityPolicies.delete
compute.regionSecurityPolicies.deleteTagBinding
compute.regionSecurityPolicies.get
compute.regionSecurityPolicies.list
compute.regionSecurityPolicies.listEffectiveTags
compute.regionSecurityPolicies.listTagBindings
compute.regionSecurityPolicies.update
compute.regionSecurityPolicies.use
compute.regionSslCertificates.create
compute.regionSslCertificates.createTagBinding
compute.regionSslCertificates.delete
compute.regionSslCertificates.deleteTagBinding
compute.regionSslCertificates.get
compute.regionSslCertificates.list
compute.regionSslCertificates.listEffectiveTags
compute.regionSslCertificates.listTagBindings
compute.regionSslPolicies.create
compute.regionSslPolicies.createTagBinding
compute.regionSslPolicies.delete
compute.regionSslPolicies.deleteTagBinding
compute.regionSslPolicies.get
compute.regionSslPolicies.list
compute.regionSslPolicies.listAvailableFeatures
compute.regionSslPolicies.listEffectiveTags
compute.regionSslPolicies.listTagBindings
compute.regionSslPolicies.update
compute.regionSslPolicies.use
compute.regionTargetHttpProxies.create
compute.regionTargetHttpProxies.createTagBinding
compute.regionTargetHttpProxies.delete
compute.regionTargetHttpProxies.deleteTagBinding
compute.regionTargetHttpProxies.get
compute.regionTargetHttpProxies.list
compute.regionTargetHttpProxies.listEffectiveTags
compute.regionTargetHttpProxies.listTagBindings
compute.regionTargetHttpProxies.setUrlMap
compute.regionTargetHttpProxies.use
compute.regionTargetHttpsProxies.create
compute.regionTargetHttpsProxies.createTagBinding
compute.regionTargetHttpsProxies.delete
compute.regionTargetHttpsProxies.deleteTagBinding
compute.regionTargetHttpsProxies.get
compute.regionTargetHttpsProxies.list
compute.regionTargetHttpsProxies.listEffectiveTags
compute.regionTargetHttpsProxies.listTagBindings
compute.regionTargetHttpsProxies.setSslCertificates
compute.regionTargetHttpsProxies.setUrlMap
compute.regionTargetHttpsProxies.update
compute.regionTargetHttpsProxies.use
compute.regionTargetTcpProxies.create
compute.regionTargetTcpProxies.createTagBinding
compute.regionTargetTcpProxies.delete
compute.regionTargetTcpProxies.deleteTagBinding
compute.regionTargetTcpProxies.get
compute.regionTargetTcpProxies.list
compute.regionTargetTcpProxies.listEffectiveTags
compute.regionTargetTcpProxies.listTagBindings
compute.regionTargetTcpProxies.use
compute.regionUrlMaps.create
compute.regionUrlMaps.createTagBinding
compute.regionUrlMaps.delete
compute.regionUrlMaps.deleteTagBinding
compute.regionUrlMaps.get
compute.regionUrlMaps.invalidateCache
compute.regionUrlMaps.list
compute.regionUrlMaps.listEffectiveTags
compute.regionUrlMaps.listTagBindings
compute.regionUrlMaps.update
compute.regionUrlMaps.use
compute.regionUrlMaps.validate
compute.regions.get
compute.regions.list
compute.reservations.create
compute.reservations.delete
compute.reservations.get
compute.reservations.list
compute.reservations.resize
compute.reservations.update
compute.resourcePolicies.create
compute.resourcePolicies.delete
compute.resourcePolicies.get
compute.resourcePolicies.getIamPolicy
compute.resourcePolicies.list
compute.resourcePolicies.setIamPolicy
compute.resourcePolicies.update
compute.resourcePolicies.use
compute.resourcePolicies.useReadOnly
compute.routers.create
compute.routers.createTagBinding
compute.routers.delete
compute.routers.deleteRoutePolicy
compute.routers.deleteTagBinding
compute.routers.get
compute.routers.getRoutePolicy
compute.routers.list
compute.routers.listBgpRoutes
compute.routers.listEffectiveTags
compute.routers.listRoutePolicies
compute.routers.listTagBindings
compute.routers.update
compute.routers.updateRoutePolicy
compute.routers.use
compute.routes.create
compute.routes.createTagBinding
compute.routes.delete
compute.routes.deleteTagBinding
compute.routes.get
compute.routes.list
compute.routes.listEffectiveTags
compute.routes.listTagBindings
compute.securityPolicies.addAssociation
compute.securityPolicies.copyRules
compute.securityPolicies.create
compute.securityPolicies.createTagBinding
compute.securityPolicies.delete
compute.securityPolicies.deleteTagBinding
compute.securityPolicies.get
compute.securityPolicies.list
compute.securityPolicies.listEffectiveTags
compute.securityPolicies.listTagBindings
compute.securityPolicies.move
compute.securityPolicies.removeAssociation
compute.securityPolicies.setLabels
compute.securityPolicies.update
compute.securityPolicies.use
compute.serviceAttachments.create
compute.serviceAttachments.createTagBinding
compute.serviceAttachments.delete
compute.serviceAttachments.deleteTagBinding
compute.serviceAttachments.get
compute.serviceAttachments.getIamPolicy
compute.serviceAttachments.list
compute.serviceAttachments.listEffectiveTags
compute.serviceAttachments.listTagBindings
compute.serviceAttachments.setIamPolicy
compute.serviceAttachments.update
compute.serviceAttachments.use
compute.snapshotSettings.get
compute.snapshotSettings.update
compute.snapshots.create
compute.snapshots.createTagBinding
compute.snapshots.delete
compute.snapshots.deleteTagBinding
compute.snapshots.get
compute.snapshots.getIamPolicy
compute.snapshots.list
compute.snapshots.listEffectiveTags
compute.snapshots.listTagBindings
compute.snapshots.setIamPolicy
compute.snapshots.setLabels
compute.snapshots.useReadOnly
compute.sslCertificates.create
compute.sslCertificates.createTagBinding
compute.sslCertificates.delete
compute.sslCertificates.deleteTagBinding
compute.sslCertificates.get
compute.sslCertificates.list
compute.sslCertificates.listEffectiveTags
compute.sslCertificates.listTagBindings
compute.sslPolicies.create
compute.sslPolicies.createTagBinding
compute.sslPolicies.delete
compute.sslPolicies.deleteTagBinding
compute.sslPolicies.get
compute.sslPolicies.list
compute.sslPolicies.listAvailableFeatures
compute.sslPolicies.listEffectiveTags
compute.sslPolicies.listTagBindings
compute.sslPolicies.update
compute.sslPolicies.use
compute.storagePools.create
compute.storagePools.delete
compute.storagePools.get
compute.storagePools.getIamPolicy
compute.storagePools.list
compute.storagePools.setIamPolicy
compute.storagePools.update
compute.storagePools.use
compute.subnetworks.create
compute.subnetworks.createTagBinding
compute.subnetworks.delete
compute.subnetworks.deleteTagBinding
compute.subnetworks.expandIpCidrRange
compute.subnetworks.get
compute.subnetworks.getIamPolicy
compute.subnetworks.list
compute.subnetworks.listEffectiveTags
compute.subnetworks.listTagBindings
compute.subnetworks.mirror
compute.subnetworks.setIamPolicy
compute.subnetworks.setPrivateIpGoogleAccess
compute.subnetworks.update
compute.subnetworks.use
compute.subnetworks.useExternalIp
compute.targetGrpcProxies.create
compute.targetGrpcProxies.createTagBinding
compute.targetGrpcProxies.delete
compute.targetGrpcProxies.deleteTagBinding
compute.targetGrpcProxies.get
compute.targetGrpcProxies.list
compute.targetGrpcProxies.listEffectiveTags
compute.targetGrpcProxies.listTagBindings
compute.targetGrpcProxies.update
compute.targetGrpcProxies.use
compute.targetHttpProxies.create
compute.targetHttpProxies.createTagBinding
compute.targetHttpProxies.delete
compute.targetHttpProxies.deleteTagBinding
compute.targetHttpProxies.get
compute.targetHttpProxies.list
compute.targetHttpProxies.listEffectiveTags
compute.targetHttpProxies.listTagBindings
compute.targetHttpProxies.setUrlMap
compute.targetHttpProxies.update
compute.targetHttpProxies.use
compute.targetHttpsProxies.create
compute.targetHttpsProxies.createTagBinding
compute.targetHttpsProxies.delete
compute.targetHttpsProxies.deleteTagBinding
compute.targetHttpsProxies.get
compute.targetHttpsProxies.list
compute.targetHttpsProxies.listEffectiveTags
compute.targetHttpsProxies.listTagBindings
compute.targetHttpsProxies.setCertificateMap
compute.targetHttpsProxies.setQuicOverride
compute.targetHttpsProxies.setSslCertificates
compute.targetHttpsProxies.setSslPolicy
compute.targetHttpsProxies.setUrlMap
compute.targetHttpsProxies.update
compute.targetHttpsProxies.use
compute.targetInstances.create
compute.targetInstances.createTagBinding
compute.targetInstances.delete
compute.targetInstances.deleteTagBinding
compute.targetInstances.get
compute.targetInstances.list
compute.targetInstances.listEffectiveTags
compute.targetInstances.listTagBindings
compute.targetInstances.setSecurityPolicy
compute.targetInstances.use
compute.targetPools.addHealthCheck
compute.targetPools.addInstance
compute.targetPools.create
compute.targetPools.createTagBinding
compute.targetPools.delete
compute.targetPools.deleteTagBinding
compute.targetPools.get
compute.targetPools.list
compute.targetPools.listEffectiveTags
compute.targetPools.listTagBindings
compute.targetPools.removeHealthCheck
compute.targetPools.removeInstance
compute.targetPools.setSecurityPolicy
compute.targetPools.update
compute.targetPools.use
compute.targetSslProxies.create
compute.targetSslProxies.createTagBinding
compute.targetSslProxies.delete
compute.targetSslProxies.deleteTagBinding
compute.targetSslProxies.get
compute.targetSslProxies.list
compute.targetSslProxies.listEffectiveTags
compute.targetSslProxies.listTagBindings
compute.targetSslProxies.setBackendService
compute.targetSslProxies.setCertificateMap
compute.targetSslProxies.setProxyHeader
compute.targetSslProxies.setSslCertificates
compute.targetSslProxies.setSslPolicy
compute.targetSslProxies.update
compute.targetSslProxies.use
compute.targetTcpProxies.create
compute.targetTcpProxies.createTagBinding
compute.targetTcpProxies.delete
compute.targetTcpProxies.deleteTagBinding
compute.targetTcpProxies.get
compute.targetTcpProxies.list
compute.targetTcpProxies.listEffectiveTags
compute.targetTcpProxies.listTagBindings
compute.targetTcpProxies.update
compute.targetTcpProxies.use
compute.targetVpnGateways.create
compute.targetVpnGateways.createTagBinding
compute.targetVpnGateways.delete
compute.targetVpnGateways.deleteTagBinding
compute.targetVpnGateways.get
compute.targetVpnGateways.list
compute.targetVpnGateways.listEffectiveTags
compute.targetVpnGateways.listTagBindings
compute.targetVpnGateways.setLabels
compute.targetVpnGateways.use
compute.urlMaps.create
compute.urlMaps.createTagBinding
compute.urlMaps.delete
compute.urlMaps.deleteTagBinding
compute.urlMaps.get
compute.urlMaps.invalidateCache
compute.urlMaps.list
compute.urlMaps.listEffectiveTags
compute.urlMaps.listTagBindings
compute.urlMaps.update
compute.urlMaps.use
compute.urlMaps.validate
compute.vpnGateways.create
compute.vpnGateways.createTagBinding
compute.vpnGateways.delete
compute.vpnGateways.deleteTagBinding
compute.vpnGateways.get
compute.vpnGateways.list
compute.vpnGateways.listEffectiveTags
compute.vpnGateways.listTagBindings
compute.vpnGateways.setLabels
compute.vpnGateways.use
compute.vpnTunnels.create
compute.vpnTunnels.createTagBinding
compute.vpnTunnels.delete
compute.vpnTunnels.deleteTagBinding
compute.vpnTunnels.get
compute.vpnTunnels.list
compute.vpnTunnels.listEffectiveTags
compute.vpnTunnels.listTagBindings
compute.vpnTunnels.setLabels
compute.zoneOperations.delete
compute.zoneOperations.get
compute.zoneOperations.getIamPolicy
compute.zoneOperations.list
compute.zoneOperations.setIamPolicy
compute.zones.get
compute.zones.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Compute Future Reservation Admin role

Details Permissions

Details	Permissions
Compute Future Reservation Admin ^Beta (`roles/compute.futureReservationAdmin`)	`compute.acceleratorTypes.list` `compute.futureReservations.cancel` `compute.futureReservations.create` `compute.futureReservations.delete` `compute.futureReservations.get` `compute.futureReservations.list` `compute.futureReservations.update` `compute.instanceTemplates.list` `compute.machineTypes.list` `compute.regions.list` `compute.reservations.create` `compute.zones.list`

Compute Future Reservation Admin ^Beta

(roles/compute.futureReservationAdmin)

compute.acceleratorTypes.list

compute.futureReservations.cancel

compute.futureReservations.create

compute.futureReservations.delete

compute.futureReservations.get

compute.futureReservations.list

compute.futureReservations.update

compute.instanceTemplates.list

compute.machineTypes.list

compute.regions.list

compute.reservations.create

compute.zones.list

Compute Future Reservation User role

Details Permissions

Details	Permissions
Compute Future Reservation User ^Beta (`roles/compute.futureReservationUser`)	`compute.acceleratorTypes.list` `compute.futureReservations.create` `compute.futureReservations.delete` `compute.futureReservations.get` `compute.futureReservations.list` `compute.futureReservations.update` `compute.instanceTemplates.list` `compute.machineTypes.list` `compute.regions.list` `compute.reservations.create` `compute.zones.list`

Compute Future Reservation User ^Beta

(roles/compute.futureReservationUser)

compute.acceleratorTypes.list

compute.futureReservations.create

compute.futureReservations.delete

compute.futureReservations.get

compute.futureReservations.list

compute.futureReservations.update

compute.instanceTemplates.list

compute.machineTypes.list

compute.regions.list

compute.reservations.create

compute.zones.list

Compute Future Reservation Viewer role

Details Permissions

Details	Permissions
Compute Future Reservation Viewer ^Beta (`roles/compute.futureReservationViewer`)	`compute.acceleratorTypes.list` `compute.futureReservations.get` `compute.futureReservations.list` `compute.instanceTemplates.list` `compute.machineTypes.list` `compute.regions.list` `compute.zones.list`

Compute Future Reservation Viewer ^Beta

(roles/compute.futureReservationViewer)

compute.acceleratorTypes.list

compute.futureReservations.get

compute.futureReservations.list

compute.instanceTemplates.list

compute.machineTypes.list

compute.regions.list

compute.zones.list

Compute Image User role

Details Permissions

Details	Permissions
Compute Image User (`roles/compute.imageUser`) Permission to list and read images without having other permissions on the image. Granting this role at the project level gives users the ability to list all images in the project and create resources, such as instances and persistent disks, based on images in the project. Lowest-level resources where you can grant this role: Image	`compute.images.get` `compute.images.getFromFamily` `compute.images.list` `compute.images.useReadOnly` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list`

Compute Image User

(roles/compute.imageUser)

Permission to list and read images without having other permissions on the image. Granting this role at the project level gives users the ability to list all images in the project and create resources, such as instances and persistent disks, based on images in the project.

Lowest-level resources where you can grant this role:

Image

compute.images.get

compute.images.getFromFamily

compute.images.list

compute.images.useReadOnly

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Compute Instance Admin (beta) role

Details Permissions

Details	Permissions
Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Permissions to create, modify, and delete virtual machine instances. This includes permissions to create, modify, and delete disks, and also to configure Shielded VM settings. If the user will be managing virtual machine instances that are configured to run as a service account, you must also grant the `roles/iam.serviceAccountUser` role. For example, if your company has someone who manages groups of virtual machine instances but does not manage network or security settings and does not manage instances that run as service accounts, you can grant this role on the organization, folder, or project that contains the instances, or you can grant it on individual instances. Lowest-level resources where you can grant this role: Disk Image Instance Instance template Snapshot	`backupdr.backupPlanAssociations.createForComputeInstance` `backupdr.backupPlanAssociations.deleteForComputeInstance` `backupdr.backupPlanAssociations.list` `backupdr.backupPlanAssociations.triggerBackupForComputeInstance` `backupdr.backupPlans.useForComputeInstance` `compute.acceleratorTypes.` `compute.acceleratorTypes.get` `compute.acceleratorTypes.list` `compute.addresses.createInternal` `compute.addresses.deleteInternal` `compute.addresses.get` `compute.addresses.list` `compute.addresses.listEffectiveTags` `compute.addresses.listTagBindings` `compute.addresses.use` `compute.addresses.useInternal` `compute.autoscalers.` `compute.autoscalers.create` `compute.autoscalers.delete` `compute.autoscalers.get` `compute.autoscalers.list` `compute.autoscalers.update` `compute.diskTypes.` `compute.diskTypes.get` `compute.diskTypes.list` `compute.disks.create` `compute.disks.createSnapshot` `compute.disks.delete` `compute.disks.get` `compute.disks.list` `compute.disks.resize` `compute.disks.setLabels` `compute.disks.startAsyncReplication` `compute.disks.stopAsyncReplication` `compute.disks.stopGroupAsyncReplication` `compute.disks.update` `compute.disks.use` `compute.disks.useReadOnly` `compute.globalAddresses.get` `compute.globalAddresses.list` `compute.globalAddresses.listEffectiveTags` `compute.globalAddresses.listTagBindings` `compute.globalAddresses.use` `compute.globalNetworkEndpointGroups.` `compute.globalNetworkEndpointGroups.attachNetworkEndpoints` `compute.globalNetworkEndpointGroups.create` `compute.globalNetworkEndpointGroups.createTagBinding` `compute.globalNetworkEndpointGroups.delete` `compute.globalNetworkEndpointGroups.deleteTagBinding` `compute.globalNetworkEndpointGroups.detachNetworkEndpoints` `compute.globalNetworkEndpointGroups.get` `compute.globalNetworkEndpointGroups.list` `compute.globalNetworkEndpointGroups.listEffectiveTags` `compute.globalNetworkEndpointGroups.listTagBindings` `compute.globalNetworkEndpointGroups.use` `compute.globalOperations.get` `compute.globalOperations.list` `compute.images.get` `compute.images.getFromFamily` `compute.images.list` `compute.images.useReadOnly` `compute.instanceGroupManagers.` `compute.instanceGroupManagers.create` `compute.instanceGroupManagers.createTagBinding` `compute.instanceGroupManagers.delete` `compute.instanceGroupManagers.deleteTagBinding` `compute.instanceGroupManagers.get` `compute.instanceGroupManagers.list` `compute.instanceGroupManagers.listEffectiveTags` `compute.instanceGroupManagers.listTagBindings` `compute.instanceGroupManagers.update` `compute.instanceGroupManagers.use` `compute.instanceGroups.` `compute.instanceGroups.create` `compute.instanceGroups.createTagBinding` `compute.instanceGroups.delete` `compute.instanceGroups.deleteTagBinding` `compute.instanceGroups.get` `compute.instanceGroups.list` `compute.instanceGroups.listEffectiveTags` `compute.instanceGroups.listTagBindings` `compute.instanceGroups.update` `compute.instanceGroups.use` `compute.instanceSettings.get` `compute.instanceTemplates.` `compute.instanceTemplates.create` `compute.instanceTemplates.delete` `compute.instanceTemplates.get` `compute.instanceTemplates.getIamPolicy` `compute.instanceTemplates.list` `compute.instanceTemplates.setIamPolicy` `compute.instanceTemplates.useReadOnly` `compute.instances.` `compute.instances.addAccessConfig` `compute.instances.addResourcePolicies` `compute.instances.attachDisk` `compute.instances.create` `compute.instances.createTagBinding` `compute.instances.delete` `compute.instances.deleteAccessConfig` `compute.instances.deleteTagBinding` `compute.instances.detachDisk` `compute.instances.get` `compute.instances.getEffectiveFirewalls` `compute.instances.getGuestAttributes` `compute.instances.getIamPolicy` `compute.instances.getScreenshot` `compute.instances.getSerialPortOutput` `compute.instances.getShieldedInstanceIdentity` `compute.instances.getShieldedVmIdentity` `compute.instances.list` `compute.instances.listEffectiveTags` `compute.instances.listReferrers` `compute.instances.listTagBindings` `compute.instances.osAdminLogin` `compute.instances.osLogin` `compute.instances.pscInterfaceCreate` `compute.instances.removeResourcePolicies` `compute.instances.reset` `compute.instances.resume` `compute.instances.sendDiagnosticInterrupt` `compute.instances.setDeletionProtection` `compute.instances.setDiskAutoDelete` `compute.instances.setIamPolicy` `compute.instances.setLabels` `compute.instances.setMachineResources` `compute.instances.setMachineType` `compute.instances.setMetadata` `compute.instances.setMinCpuPlatform` `compute.instances.setName` `compute.instances.setScheduling` `compute.instances.setSecurityPolicy` `compute.instances.setServiceAccount` `compute.instances.setShieldedInstanceIntegrityPolicy` `compute.instances.setShieldedVmIntegrityPolicy` `compute.instances.setTags` `compute.instances.simulateMaintenanceEvent` `compute.instances.start` `compute.instances.startWithEncryptionKey` `compute.instances.stop` `compute.instances.suspend` `compute.instances.update` `compute.instances.updateAccessConfig` `compute.instances.updateDisplayDevice` `compute.instances.updateNetworkInterface` `compute.instances.updateSecurity` `compute.instances.updateShieldedInstanceConfig` `compute.instances.updateShieldedVmConfig` `compute.instances.use` `compute.instances.useReadOnly` `compute.licenses.get` `compute.licenses.list` `compute.machineImages.` `compute.machineImages.create` `compute.machineImages.delete` `compute.machineImages.get` `compute.machineImages.getIamPolicy` `compute.machineImages.list` `compute.machineImages.setIamPolicy` `compute.machineImages.useReadOnly` `compute.machineTypes.` `compute.machineTypes.get` `compute.machineTypes.list` `compute.multiMig.` `compute.multiMig.create` `compute.multiMig.delete` `compute.multiMig.get` `compute.multiMig.list` `compute.networkEndpointGroups.` `compute.networkEndpointGroups.attachNetworkEndpoints` `compute.networkEndpointGroups.create` `compute.networkEndpointGroups.createTagBinding` `compute.networkEndpointGroups.delete` `compute.networkEndpointGroups.deleteTagBinding` `compute.networkEndpointGroups.detachNetworkEndpoints` `compute.networkEndpointGroups.get` `compute.networkEndpointGroups.list` `compute.networkEndpointGroups.listEffectiveTags` `compute.networkEndpointGroups.listTagBindings` `compute.networkEndpointGroups.use` `compute.networks.get` `compute.networks.list` `compute.networks.listEffectiveTags` `compute.networks.listTagBindings` `compute.networks.use` `compute.networks.useExternalIp` `compute.projects.get` `compute.regionNetworkEndpointGroups.` `compute.regionNetworkEndpointGroups.attachNetworkEndpoints` `compute.regionNetworkEndpointGroups.create` `compute.regionNetworkEndpointGroups.createTagBinding` `compute.regionNetworkEndpointGroups.delete` `compute.regionNetworkEndpointGroups.deleteTagBinding` `compute.regionNetworkEndpointGroups.detachNetworkEndpoints` `compute.regionNetworkEndpointGroups.get` `compute.regionNetworkEndpointGroups.list` `compute.regionNetworkEndpointGroups.listEffectiveTags` `compute.regionNetworkEndpointGroups.listTagBindings` `compute.regionNetworkEndpointGroups.use` `compute.regionOperations.get` `compute.regionOperations.list` `compute.regions.` `compute.regions.get` `compute.regions.list` `compute.reservations.get` `compute.reservations.list` `compute.resourcePolicies.list` `compute.resourcePolicies.useReadOnly` `compute.storagePools.get` `compute.storagePools.list` `compute.storagePools.use` `compute.subnetworks.get` `compute.subnetworks.list` `compute.subnetworks.listEffectiveTags` `compute.subnetworks.listTagBindings` `compute.subnetworks.use` `compute.subnetworks.useExternalIp` `compute.targetPools.get` `compute.targetPools.list` `compute.targetPools.listEffectiveTags` `compute.targetPools.listTagBindings` `compute.zoneOperations.get` `compute.zoneOperations.list` `compute.zones.*` `compute.zones.get` `compute.zones.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list`

Compute Instance Admin (beta)

(roles/compute.instanceAdmin)

Permissions to create, modify, and delete virtual machine instances. This includes permissions to create, modify, and delete disks, and also to configure Shielded VM settings.

If the user will be managing virtual machine instances that are configured to run as a service account, you must also grant the roles/iam.serviceAccountUser role.

For example, if your company has someone who manages groups of virtual machine instances but does not manage network or security settings and does not manage instances that run as service accounts, you can grant this role on the organization, folder, or project that contains the instances, or you can grant it on individual instances.

Lowest-level resources where you can grant this role:

Disk
Image
Instance
Instance template
Snapshot

backupdr.backupPlanAssociations.createForComputeInstance

backupdr.backupPlanAssociations.deleteForComputeInstance

backupdr.backupPlanAssociations.list

backupdr.backupPlanAssociations.triggerBackupForComputeInstance

backupdr.backupPlans.useForComputeInstance

compute.acceleratorTypes.*

compute.acceleratorTypes.get
compute.acceleratorTypes.list

compute.addresses.createInternal

compute.addresses.deleteInternal

compute.addresses.get

compute.addresses.list

compute.addresses.listEffectiveTags

compute.addresses.listTagBindings

compute.addresses.use

compute.addresses.useInternal

compute.autoscalers.*

compute.autoscalers.create
compute.autoscalers.delete
compute.autoscalers.get
compute.autoscalers.list
compute.autoscalers.update

compute.diskTypes.*

compute.diskTypes.get
compute.diskTypes.list

compute.disks.create

compute.disks.createSnapshot

compute.disks.delete

compute.disks.get

compute.disks.list

compute.disks.resize

compute.disks.setLabels

compute.disks.startAsyncReplication

compute.disks.stopAsyncReplication

compute.disks.stopGroupAsyncReplication

compute.disks.update

compute.disks.use

compute.disks.useReadOnly

compute.globalAddresses.get

compute.globalAddresses.list

compute.globalAddresses.listEffectiveTags

compute.globalAddresses.listTagBindings

compute.globalAddresses.use

compute.globalNetworkEndpointGroups.*

compute.globalNetworkEndpointGroups.attachNetworkEndpoints
compute.globalNetworkEndpointGroups.create
compute.globalNetworkEndpointGroups.createTagBinding
compute.globalNetworkEndpointGroups.delete
compute.globalNetworkEndpointGroups.deleteTagBinding
compute.globalNetworkEndpointGroups.detachNetworkEndpoints
compute.globalNetworkEndpointGroups.get
compute.globalNetworkEndpointGroups.list
compute.globalNetworkEndpointGroups.listEffectiveTags
compute.globalNetworkEndpointGroups.listTagBindings
compute.globalNetworkEndpointGroups.use

compute.globalOperations.get

compute.globalOperations.list

compute.images.get

compute.images.getFromFamily

compute.images.list

compute.images.useReadOnly

compute.instanceGroupManagers.*

compute.instanceGroupManagers.create
compute.instanceGroupManagers.createTagBinding
compute.instanceGroupManagers.delete
compute.instanceGroupManagers.deleteTagBinding
compute.instanceGroupManagers.get
compute.instanceGroupManagers.list
compute.instanceGroupManagers.listEffectiveTags
compute.instanceGroupManagers.listTagBindings
compute.instanceGroupManagers.update
compute.instanceGroupManagers.use

compute.instanceGroups.*

compute.instanceGroups.create
compute.instanceGroups.createTagBinding
compute.instanceGroups.delete
compute.instanceGroups.deleteTagBinding
compute.instanceGroups.get
compute.instanceGroups.list
compute.instanceGroups.listEffectiveTags
compute.instanceGroups.listTagBindings
compute.instanceGroups.update
compute.instanceGroups.use

compute.instanceSettings.get

compute.instanceTemplates.*

compute.instanceTemplates.create
compute.instanceTemplates.delete
compute.instanceTemplates.get
compute.instanceTemplates.getIamPolicy
compute.instanceTemplates.list
compute.instanceTemplates.setIamPolicy
compute.instanceTemplates.useReadOnly

compute.instances.*

compute.instances.addAccessConfig
compute.instances.addResourcePolicies
compute.instances.attachDisk
compute.instances.create
compute.instances.createTagBinding
compute.instances.delete
compute.instances.deleteAccessConfig
compute.instances.deleteTagBinding
compute.instances.detachDisk
compute.instances.get
compute.instances.getEffectiveFirewalls
compute.instances.getGuestAttributes
compute.instances.getIamPolicy
compute.instances.getScreenshot
compute.instances.getSerialPortOutput
compute.instances.getShieldedInstanceIdentity
compute.instances.getShieldedVmIdentity
compute.instances.list
compute.instances.listEffectiveTags
compute.instances.listReferrers
compute.instances.listTagBindings
compute.instances.osAdminLogin
compute.instances.osLogin
compute.instances.pscInterfaceCreate
compute.instances.removeResourcePolicies
compute.instances.reset
compute.instances.resume
compute.instances.sendDiagnosticInterrupt
compute.instances.setDeletionProtection
compute.instances.setDiskAutoDelete
compute.instances.setIamPolicy
compute.instances.setLabels
compute.instances.setMachineResources
compute.instances.setMachineType
compute.instances.setMetadata
compute.instances.setMinCpuPlatform
compute.instances.setName
compute.instances.setScheduling
compute.instances.setSecurityPolicy
compute.instances.setServiceAccount
compute.instances.setShieldedInstanceIntegrityPolicy
compute.instances.setShieldedVmIntegrityPolicy
compute.instances.setTags
compute.instances.simulateMaintenanceEvent
compute.instances.start
compute.instances.startWithEncryptionKey
compute.instances.stop
compute.instances.suspend
compute.instances.update
compute.instances.updateAccessConfig
compute.instances.updateDisplayDevice
compute.instances.updateNetworkInterface
compute.instances.updateSecurity
compute.instances.updateShieldedInstanceConfig
compute.instances.updateShieldedVmConfig
compute.instances.use
compute.instances.useReadOnly

compute.licenses.get

compute.licenses.list

compute.machineImages.*

compute.machineImages.create
compute.machineImages.delete
compute.machineImages.get
compute.machineImages.getIamPolicy
compute.machineImages.list
compute.machineImages.setIamPolicy
compute.machineImages.useReadOnly

compute.machineTypes.*

compute.machineTypes.get
compute.machineTypes.list

compute.multiMig.*

compute.multiMig.create
compute.multiMig.delete
compute.multiMig.get
compute.multiMig.list

compute.networkEndpointGroups.*

compute.networkEndpointGroups.attachNetworkEndpoints
compute.networkEndpointGroups.create
compute.networkEndpointGroups.createTagBinding
compute.networkEndpointGroups.delete
compute.networkEndpointGroups.deleteTagBinding
compute.networkEndpointGroups.detachNetworkEndpoints
compute.networkEndpointGroups.get
compute.networkEndpointGroups.list
compute.networkEndpointGroups.listEffectiveTags
compute.networkEndpointGroups.listTagBindings
compute.networkEndpointGroups.use

compute.networks.get

compute.networks.list

compute.networks.listEffectiveTags

compute.networks.listTagBindings

compute.networks.use

compute.networks.useExternalIp

compute.projects.get

compute.regionNetworkEndpointGroups.*

compute.regionNetworkEndpointGroups.attachNetworkEndpoints
compute.regionNetworkEndpointGroups.create
compute.regionNetworkEndpointGroups.createTagBinding
compute.regionNetworkEndpointGroups.delete
compute.regionNetworkEndpointGroups.deleteTagBinding
compute.regionNetworkEndpointGroups.detachNetworkEndpoints
compute.regionNetworkEndpointGroups.get
compute.regionNetworkEndpointGroups.list
compute.regionNetworkEndpointGroups.listEffectiveTags
compute.regionNetworkEndpointGroups.listTagBindings
compute.regionNetworkEndpointGroups.use

compute.regionOperations.get

compute.regionOperations.list

compute.regions.*

compute.regions.get
compute.regions.list

compute.reservations.get

compute.reservations.list

compute.resourcePolicies.list

compute.resourcePolicies.useReadOnly

compute.storagePools.get

compute.storagePools.list

compute.storagePools.use

compute.subnetworks.get

compute.subnetworks.list

compute.subnetworks.listEffectiveTags

compute.subnetworks.listTagBindings

compute.subnetworks.use

compute.subnetworks.useExternalIp

compute.targetPools.get

compute.targetPools.list

compute.targetPools.listEffectiveTags

compute.targetPools.listTagBindings

compute.zoneOperations.get

compute.zoneOperations.list

compute.zones.*

compute.zones.get
compute.zones.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Compute Instance Admin (v1) role

Details Permissions

Details	Permissions
Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Full control of Compute Engine instances, instance groups, disks, snapshots, and images. Read access to all Compute Engine networking resources. If you grant a user this role only at an instance level, then that user cannot create new instances.	`backupdr.backupPlanAssociations.createForComputeInstance` `backupdr.backupPlanAssociations.deleteForComputeInstance` `backupdr.backupPlanAssociations.list` `backupdr.backupPlanAssociations.triggerBackupForComputeInstance` `backupdr.backupPlans.useForComputeInstance` `compute.acceleratorTypes.` `compute.acceleratorTypes.get` `compute.acceleratorTypes.list` `compute.addresses.createInternal` `compute.addresses.deleteInternal` `compute.addresses.get` `compute.addresses.list` `compute.addresses.listEffectiveTags` `compute.addresses.listTagBindings` `compute.addresses.use` `compute.addresses.useInternal` `compute.autoscalers.` `compute.autoscalers.create` `compute.autoscalers.delete` `compute.autoscalers.get` `compute.autoscalers.list` `compute.autoscalers.update` `compute.backendBuckets.get` `compute.backendBuckets.list` `compute.backendBuckets.listEffectiveTags` `compute.backendBuckets.listTagBindings` `compute.backendServices.get` `compute.backendServices.list` `compute.backendServices.listEffectiveTags` `compute.backendServices.listTagBindings` `compute.diskTypes.` `compute.diskTypes.get` `compute.diskTypes.list` `compute.disks.` `compute.disks.addResourcePolicies` `compute.disks.create` `compute.disks.createSnapshot` `compute.disks.createTagBinding` `compute.disks.delete` `compute.disks.deleteTagBinding` `compute.disks.get` `compute.disks.getIamPolicy` `compute.disks.list` `compute.disks.listEffectiveTags` `compute.disks.listTagBindings` `compute.disks.removeResourcePolicies` `compute.disks.resize` `compute.disks.setIamPolicy` `compute.disks.setLabels` `compute.disks.startAsyncReplication` `compute.disks.stopAsyncReplication` `compute.disks.stopGroupAsyncReplication` `compute.disks.update` `compute.disks.use` `compute.disks.useReadOnly` `compute.externalVpnGateways.get` `compute.externalVpnGateways.list` `compute.externalVpnGateways.listEffectiveTags` `compute.externalVpnGateways.listTagBindings` `compute.firewalls.get` `compute.firewalls.list` `compute.firewalls.listEffectiveTags` `compute.firewalls.listTagBindings` `compute.forwardingRules.get` `compute.forwardingRules.list` `compute.forwardingRules.listEffectiveTags` `compute.forwardingRules.listTagBindings` `compute.globalAddresses.get` `compute.globalAddresses.list` `compute.globalAddresses.listEffectiveTags` `compute.globalAddresses.listTagBindings` `compute.globalAddresses.use` `compute.globalForwardingRules.get` `compute.globalForwardingRules.list` `compute.globalForwardingRules.listEffectiveTags` `compute.globalForwardingRules.listTagBindings` `compute.globalForwardingRules.pscGet` `compute.globalNetworkEndpointGroups.` `compute.globalNetworkEndpointGroups.attachNetworkEndpoints` `compute.globalNetworkEndpointGroups.create` `compute.globalNetworkEndpointGroups.createTagBinding` `compute.globalNetworkEndpointGroups.delete` `compute.globalNetworkEndpointGroups.deleteTagBinding` `compute.globalNetworkEndpointGroups.detachNetworkEndpoints` `compute.globalNetworkEndpointGroups.get` `compute.globalNetworkEndpointGroups.list` `compute.globalNetworkEndpointGroups.listEffectiveTags` `compute.globalNetworkEndpointGroups.listTagBindings` `compute.globalNetworkEndpointGroups.use` `compute.globalOperations.get` `compute.globalOperations.list` `compute.healthChecks.get` `compute.healthChecks.list` `compute.healthChecks.listEffectiveTags` `compute.healthChecks.listTagBindings` `compute.httpHealthChecks.get` `compute.httpHealthChecks.list` `compute.httpHealthChecks.listEffectiveTags` `compute.httpHealthChecks.listTagBindings` `compute.httpsHealthChecks.get` `compute.httpsHealthChecks.list` `compute.httpsHealthChecks.listEffectiveTags` `compute.httpsHealthChecks.listTagBindings` `compute.images.` `compute.images.create` `compute.images.createTagBinding` `compute.images.delete` `compute.images.deleteTagBinding` `compute.images.deprecate` `compute.images.get` `compute.images.getFromFamily` `compute.images.getIamPolicy` `compute.images.list` `compute.images.listEffectiveTags` `compute.images.listTagBindings` `compute.images.setIamPolicy` `compute.images.setLabels` `compute.images.update` `compute.images.useReadOnly` `compute.instanceGroupManagers.` `compute.instanceGroupManagers.create` `compute.instanceGroupManagers.createTagBinding` `compute.instanceGroupManagers.delete` `compute.instanceGroupManagers.deleteTagBinding` `compute.instanceGroupManagers.get` `compute.instanceGroupManagers.list` `compute.instanceGroupManagers.listEffectiveTags` `compute.instanceGroupManagers.listTagBindings` `compute.instanceGroupManagers.update` `compute.instanceGroupManagers.use` `compute.instanceGroups.` `compute.instanceGroups.create` `compute.instanceGroups.createTagBinding` `compute.instanceGroups.delete` `compute.instanceGroups.deleteTagBinding` `compute.instanceGroups.get` `compute.instanceGroups.list` `compute.instanceGroups.listEffectiveTags` `compute.instanceGroups.listTagBindings` `compute.instanceGroups.update` `compute.instanceGroups.use` `compute.instanceSettings.` `compute.instanceSettings.get` `compute.instanceSettings.update` `compute.instanceTemplates.` `compute.instanceTemplates.create` `compute.instanceTemplates.delete` `compute.instanceTemplates.get` `compute.instanceTemplates.getIamPolicy` `compute.instanceTemplates.list` `compute.instanceTemplates.setIamPolicy` `compute.instanceTemplates.useReadOnly` `compute.instances.` `compute.instances.addAccessConfig` `compute.instances.addResourcePolicies` `compute.instances.attachDisk` `compute.instances.create` `compute.instances.createTagBinding` `compute.instances.delete` `compute.instances.deleteAccessConfig` `compute.instances.deleteTagBinding` `compute.instances.detachDisk` `compute.instances.get` `compute.instances.getEffectiveFirewalls` `compute.instances.getGuestAttributes` `compute.instances.getIamPolicy` `compute.instances.getScreenshot` `compute.instances.getSerialPortOutput` `compute.instances.getShieldedInstanceIdentity` `compute.instances.getShieldedVmIdentity` `compute.instances.list` `compute.instances.listEffectiveTags` `compute.instances.listReferrers` `compute.instances.listTagBindings` `compute.instances.osAdminLogin` `compute.instances.osLogin` `compute.instances.pscInterfaceCreate` `compute.instances.removeResourcePolicies` `compute.instances.reset` `compute.instances.resume` `compute.instances.sendDiagnosticInterrupt` `compute.instances.setDeletionProtection` `compute.instances.setDiskAutoDelete` `compute.instances.setIamPolicy` `compute.instances.setLabels` `compute.instances.setMachineResources` `compute.instances.setMachineType` `compute.instances.setMetadata` `compute.instances.setMinCpuPlatform` `compute.instances.setName` `compute.instances.setScheduling` `compute.instances.setSecurityPolicy` `compute.instances.setServiceAccount` `compute.instances.setShieldedInstanceIntegrityPolicy` `compute.instances.setShieldedVmIntegrityPolicy` `compute.instances.setTags` `compute.instances.simulateMaintenanceEvent` `compute.instances.start` `compute.instances.startWithEncryptionKey` `compute.instances.stop` `compute.instances.suspend` `compute.instances.update` `compute.instances.updateAccessConfig` `compute.instances.updateDisplayDevice` `compute.instances.updateNetworkInterface` `compute.instances.updateSecurity` `compute.instances.updateShieldedInstanceConfig` `compute.instances.updateShieldedVmConfig` `compute.instances.use` `compute.instances.useReadOnly` `compute.instantSnapshots.` `compute.instantSnapshots.create` `compute.instantSnapshots.delete` `compute.instantSnapshots.export` `compute.instantSnapshots.get` `compute.instantSnapshots.getIamPolicy` `compute.instantSnapshots.list` `compute.instantSnapshots.setIamPolicy` `compute.instantSnapshots.setLabels` `compute.instantSnapshots.useReadOnly` `compute.interconnectAttachments.get` `compute.interconnectAttachments.list` `compute.interconnectAttachments.listEffectiveTags` `compute.interconnectAttachments.listTagBindings` `compute.interconnectLocations.` `compute.interconnectLocations.get` `compute.interconnectLocations.list` `compute.interconnectRemoteLocations.` `compute.interconnectRemoteLocations.get` `compute.interconnectRemoteLocations.list` `compute.interconnects.get` `compute.interconnects.list` `compute.interconnects.listEffectiveTags` `compute.interconnects.listTagBindings` `compute.licenseCodes.` `compute.licenseCodes.get` `compute.licenseCodes.getIamPolicy` `compute.licenseCodes.list` `compute.licenseCodes.setIamPolicy` `compute.licenseCodes.update` `compute.licenses.` `compute.licenses.create` `compute.licenses.delete` `compute.licenses.get` `compute.licenses.getIamPolicy` `compute.licenses.list` `compute.licenses.setIamPolicy` `compute.machineImages.` `compute.machineImages.create` `compute.machineImages.delete` `compute.machineImages.get` `compute.machineImages.getIamPolicy` `compute.machineImages.list` `compute.machineImages.setIamPolicy` `compute.machineImages.useReadOnly` `compute.machineTypes.` `compute.machineTypes.get` `compute.machineTypes.list` `compute.multiMig.` `compute.multiMig.create` `compute.multiMig.delete` `compute.multiMig.get` `compute.multiMig.list` `compute.networkAttachments.get` `compute.networkAttachments.list` `compute.networkAttachments.listEffectiveTags` `compute.networkAttachments.listTagBindings` `compute.networkEndpointGroups.` `compute.networkEndpointGroups.attachNetworkEndpoints` `compute.networkEndpointGroups.create` `compute.networkEndpointGroups.createTagBinding` `compute.networkEndpointGroups.delete` `compute.networkEndpointGroups.deleteTagBinding` `compute.networkEndpointGroups.detachNetworkEndpoints` `compute.networkEndpointGroups.get` `compute.networkEndpointGroups.list` `compute.networkEndpointGroups.listEffectiveTags` `compute.networkEndpointGroups.listTagBindings` `compute.networkEndpointGroups.use` `compute.networkProfiles.` `compute.networkProfiles.get` `compute.networkProfiles.list` `compute.networks.get` `compute.networks.list` `compute.networks.listEffectiveTags` `compute.networks.listTagBindings` `compute.networks.use` `compute.networks.useExternalIp` `compute.projects.get` `compute.projects.setCommonInstanceMetadata` `compute.regionBackendServices.get` `compute.regionBackendServices.list` `compute.regionBackendServices.listEffectiveTags` `compute.regionBackendServices.listTagBindings` `compute.regionHealthCheckServices.get` `compute.regionHealthCheckServices.list` `compute.regionHealthChecks.get` `compute.regionHealthChecks.list` `compute.regionHealthChecks.listEffectiveTags` `compute.regionHealthChecks.listTagBindings` `compute.regionNetworkEndpointGroups.` `compute.regionNetworkEndpointGroups.attachNetworkEndpoints` `compute.regionNetworkEndpointGroups.create` `compute.regionNetworkEndpointGroups.createTagBinding` `compute.regionNetworkEndpointGroups.delete` `compute.regionNetworkEndpointGroups.deleteTagBinding` `compute.regionNetworkEndpointGroups.detachNetworkEndpoints` `compute.regionNetworkEndpointGroups.get` `compute.regionNetworkEndpointGroups.list` `compute.regionNetworkEndpointGroups.listEffectiveTags` `compute.regionNetworkEndpointGroups.listTagBindings` `compute.regionNetworkEndpointGroups.use` `compute.regionNotificationEndpoints.get` `compute.regionNotificationEndpoints.list` `compute.regionOperations.get` `compute.regionOperations.list` `compute.regionSslCertificates.get` `compute.regionSslCertificates.list` `compute.regionSslCertificates.listEffectiveTags` `compute.regionSslCertificates.listTagBindings` `compute.regionSslPolicies.get` `compute.regionSslPolicies.list` `compute.regionSslPolicies.listAvailableFeatures` `compute.regionSslPolicies.listEffectiveTags` `compute.regionSslPolicies.listTagBindings` `compute.regionTargetHttpProxies.get` `compute.regionTargetHttpProxies.list` `compute.regionTargetHttpProxies.listEffectiveTags` `compute.regionTargetHttpProxies.listTagBindings` `compute.regionTargetHttpsProxies.get` `compute.regionTargetHttpsProxies.list` `compute.regionTargetHttpsProxies.listEffectiveTags` `compute.regionTargetHttpsProxies.listTagBindings` `compute.regionTargetTcpProxies.get` `compute.regionTargetTcpProxies.list` `compute.regionTargetTcpProxies.listEffectiveTags` `compute.regionTargetTcpProxies.listTagBindings` `compute.regionUrlMaps.get` `compute.regionUrlMaps.list` `compute.regionUrlMaps.listEffectiveTags` `compute.regionUrlMaps.listTagBindings` `compute.regions.` `compute.regions.get` `compute.regions.list` `compute.reservations.get` `compute.reservations.list` `compute.resourcePolicies.` `compute.resourcePolicies.create` `compute.resourcePolicies.delete` `compute.resourcePolicies.get` `compute.resourcePolicies.getIamPolicy` `compute.resourcePolicies.list` `compute.resourcePolicies.setIamPolicy` `compute.resourcePolicies.update` `compute.resourcePolicies.use` `compute.resourcePolicies.useReadOnly` `compute.routers.get` `compute.routers.getRoutePolicy` `compute.routers.list` `compute.routers.listBgpRoutes` `compute.routers.listEffectiveTags` `compute.routers.listRoutePolicies` `compute.routers.listTagBindings` `compute.routes.get` `compute.routes.list` `compute.routes.listEffectiveTags` `compute.routes.listTagBindings` `compute.serviceAttachments.get` `compute.serviceAttachments.list` `compute.serviceAttachments.listEffectiveTags` `compute.serviceAttachments.listTagBindings` `compute.snapshots.` `compute.snapshots.create` `compute.snapshots.createTagBinding` `compute.snapshots.delete` `compute.snapshots.deleteTagBinding` `compute.snapshots.get` `compute.snapshots.getIamPolicy` `compute.snapshots.list` `compute.snapshots.listEffectiveTags` `compute.snapshots.listTagBindings` `compute.snapshots.setIamPolicy` `compute.snapshots.setLabels` `compute.snapshots.useReadOnly` `compute.sslCertificates.get` `compute.sslCertificates.list` `compute.sslCertificates.listEffectiveTags` `compute.sslCertificates.listTagBindings` `compute.sslPolicies.get` `compute.sslPolicies.list` `compute.sslPolicies.listAvailableFeatures` `compute.sslPolicies.listEffectiveTags` `compute.sslPolicies.listTagBindings` `compute.storagePools.get` `compute.storagePools.list` `compute.storagePools.use` `compute.subnetworks.get` `compute.subnetworks.list` `compute.subnetworks.listEffectiveTags` `compute.subnetworks.listTagBindings` `compute.subnetworks.use` `compute.subnetworks.useExternalIp` `compute.targetGrpcProxies.get` `compute.targetGrpcProxies.list` `compute.targetGrpcProxies.listEffectiveTags` `compute.targetGrpcProxies.listTagBindings` `compute.targetHttpProxies.get` `compute.targetHttpProxies.list` `compute.targetHttpProxies.listEffectiveTags` `compute.targetHttpProxies.listTagBindings` `compute.targetHttpsProxies.get` `compute.targetHttpsProxies.list` `compute.targetHttpsProxies.listEffectiveTags` `compute.targetHttpsProxies.listTagBindings` `compute.targetInstances.get` `compute.targetInstances.list` `compute.targetInstances.listEffectiveTags` `compute.targetInstances.listTagBindings` `compute.targetPools.get` `compute.targetPools.list` `compute.targetPools.listEffectiveTags` `compute.targetPools.listTagBindings` `compute.targetSslProxies.get` `compute.targetSslProxies.list` `compute.targetSslProxies.listEffectiveTags` `compute.targetSslProxies.listTagBindings` `compute.targetTcpProxies.get` `compute.targetTcpProxies.list` `compute.targetTcpProxies.listEffectiveTags` `compute.targetTcpProxies.listTagBindings` `compute.targetVpnGateways.get` `compute.targetVpnGateways.list` `compute.targetVpnGateways.listEffectiveTags` `compute.targetVpnGateways.listTagBindings` `compute.urlMaps.get` `compute.urlMaps.list` `compute.urlMaps.listEffectiveTags` `compute.urlMaps.listTagBindings` `compute.vpnGateways.get` `compute.vpnGateways.list` `compute.vpnGateways.listEffectiveTags` `compute.vpnGateways.listTagBindings` `compute.vpnTunnels.get` `compute.vpnTunnels.list` `compute.vpnTunnels.listEffectiveTags` `compute.vpnTunnels.listTagBindings` `compute.zoneOperations.get` `compute.zoneOperations.list` `compute.zones.` `compute.zones.get` `compute.zones.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list`

Compute Instance Admin (v1)

(roles/compute.instanceAdmin.v1)

Full control of Compute Engine instances, instance groups, disks, snapshots, and images. Read access to all Compute Engine networking resources.

If you grant a user this role only at an instance level, then that user cannot create new instances.

backupdr.backupPlanAssociations.createForComputeInstance

backupdr.backupPlanAssociations.deleteForComputeInstance

backupdr.backupPlanAssociations.list

backupdr.backupPlanAssociations.triggerBackupForComputeInstance

backupdr.backupPlans.useForComputeInstance

compute.acceleratorTypes.*

compute.acceleratorTypes.get
compute.acceleratorTypes.list

compute.addresses.createInternal

compute.addresses.deleteInternal

compute.addresses.get

compute.addresses.list

compute.addresses.listEffectiveTags

compute.addresses.listTagBindings

compute.addresses.use

compute.addresses.useInternal

compute.autoscalers.*

compute.autoscalers.create
compute.autoscalers.delete
compute.autoscalers.get
compute.autoscalers.list
compute.autoscalers.update

compute.backendBuckets.get

compute.backendBuckets.list

compute.backendBuckets.listEffectiveTags

compute.backendBuckets.listTagBindings

compute.backendServices.get

compute.backendServices.list

compute.backendServices.listEffectiveTags

compute.backendServices.listTagBindings

compute.diskTypes.*

compute.diskTypes.get
compute.diskTypes.list

compute.disks.*

compute.disks.addResourcePolicies
compute.disks.create
compute.disks.createSnapshot
compute.disks.createTagBinding
compute.disks.delete
compute.disks.deleteTagBinding
compute.disks.get
compute.disks.getIamPolicy
compute.disks.list
compute.disks.listEffectiveTags
compute.disks.listTagBindings
compute.disks.removeResourcePolicies
compute.disks.resize
compute.disks.setIamPolicy
compute.disks.setLabels
compute.disks.startAsyncReplication
compute.disks.stopAsyncReplication
compute.disks.stopGroupAsyncReplication
compute.disks.update
compute.disks.use
compute.disks.useReadOnly

compute.externalVpnGateways.get

compute.externalVpnGateways.list

compute.externalVpnGateways.listEffectiveTags

compute.externalVpnGateways.listTagBindings

compute.firewalls.get

compute.firewalls.list

compute.firewalls.listEffectiveTags

compute.firewalls.listTagBindings

compute.forwardingRules.get

compute.forwardingRules.list

compute.forwardingRules.listEffectiveTags

compute.forwardingRules.listTagBindings

compute.globalAddresses.get

compute.globalAddresses.list

compute.globalAddresses.listEffectiveTags

compute.globalAddresses.listTagBindings

compute.globalAddresses.use

compute.globalForwardingRules.get

compute.globalForwardingRules.list

compute.globalForwardingRules.listEffectiveTags

compute.globalForwardingRules.listTagBindings

compute.globalForwardingRules.pscGet

compute.globalNetworkEndpointGroups.*

compute.globalNetworkEndpointGroups.attachNetworkEndpoints
compute.globalNetworkEndpointGroups.create
compute.globalNetworkEndpointGroups.createTagBinding
compute.globalNetworkEndpointGroups.delete
compute.globalNetworkEndpointGroups.deleteTagBinding
compute.globalNetworkEndpointGroups.detachNetworkEndpoints
compute.globalNetworkEndpointGroups.get
compute.globalNetworkEndpointGroups.list
compute.globalNetworkEndpointGroups.listEffectiveTags
compute.globalNetworkEndpointGroups.listTagBindings
compute.globalNetworkEndpointGroups.use

compute.globalOperations.get

compute.globalOperations.list

compute.healthChecks.get

compute.healthChecks.list

compute.healthChecks.listEffectiveTags

compute.healthChecks.listTagBindings

compute.httpHealthChecks.get

compute.httpHealthChecks.list

compute.httpHealthChecks.listEffectiveTags

compute.httpHealthChecks.listTagBindings

compute.httpsHealthChecks.get

compute.httpsHealthChecks.list

compute.httpsHealthChecks.listEffectiveTags

compute.httpsHealthChecks.listTagBindings

compute.images.*

compute.images.create
compute.images.createTagBinding
compute.images.delete
compute.images.deleteTagBinding
compute.images.deprecate
compute.images.get
compute.images.getFromFamily
compute.images.getIamPolicy
compute.images.list
compute.images.listEffectiveTags
compute.images.listTagBindings
compute.images.setIamPolicy
compute.images.setLabels
compute.images.update
compute.images.useReadOnly

compute.instanceGroupManagers.*

compute.instanceGroupManagers.create
compute.instanceGroupManagers.createTagBinding
compute.instanceGroupManagers.delete
compute.instanceGroupManagers.deleteTagBinding
compute.instanceGroupManagers.get
compute.instanceGroupManagers.list
compute.instanceGroupManagers.listEffectiveTags
compute.instanceGroupManagers.listTagBindings
compute.instanceGroupManagers.update
compute.instanceGroupManagers.use

compute.instanceGroups.*

compute.instanceGroups.create
compute.instanceGroups.createTagBinding
compute.instanceGroups.delete
compute.instanceGroups.deleteTagBinding
compute.instanceGroups.get
compute.instanceGroups.list
compute.instanceGroups.listEffectiveTags
compute.instanceGroups.listTagBindings
compute.instanceGroups.update
compute.instanceGroups.use

compute.instanceSettings.*

compute.instanceSettings.get
compute.instanceSettings.update

compute.instanceTemplates.*

compute.instanceTemplates.create
compute.instanceTemplates.delete
compute.instanceTemplates.get
compute.instanceTemplates.getIamPolicy
compute.instanceTemplates.list
compute.instanceTemplates.setIamPolicy
compute.instanceTemplates.useReadOnly

compute.instances.*

compute.instances.addAccessConfig
compute.instances.addResourcePolicies
compute.instances.attachDisk
compute.instances.create
compute.instances.createTagBinding
compute.instances.delete
compute.instances.deleteAccessConfig
compute.instances.deleteTagBinding
compute.instances.detachDisk
compute.instances.get
compute.instances.getEffectiveFirewalls
compute.instances.getGuestAttributes
compute.instances.getIamPolicy
compute.instances.getScreenshot
compute.instances.getSerialPortOutput
compute.instances.getShieldedInstanceIdentity
compute.instances.getShieldedVmIdentity
compute.instances.list
compute.instances.listEffectiveTags
compute.instances.listReferrers
compute.instances.listTagBindings
compute.instances.osAdminLogin
compute.instances.osLogin
compute.instances.pscInterfaceCreate
compute.instances.removeResourcePolicies
compute.instances.reset
compute.instances.resume
compute.instances.sendDiagnosticInterrupt
compute.instances.setDeletionProtection
compute.instances.setDiskAutoDelete
compute.instances.setIamPolicy
compute.instances.setLabels
compute.instances.setMachineResources
compute.instances.setMachineType
compute.instances.setMetadata
compute.instances.setMinCpuPlatform
compute.instances.setName
compute.instances.setScheduling
compute.instances.setSecurityPolicy
compute.instances.setServiceAccount
compute.instances.setShieldedInstanceIntegrityPolicy
compute.instances.setShieldedVmIntegrityPolicy
compute.instances.setTags
compute.instances.simulateMaintenanceEvent
compute.instances.start
compute.instances.startWithEncryptionKey
compute.instances.stop
compute.instances.suspend
compute.instances.update
compute.instances.updateAccessConfig
compute.instances.updateDisplayDevice
compute.instances.updateNetworkInterface
compute.instances.updateSecurity
compute.instances.updateShieldedInstanceConfig
compute.instances.updateShieldedVmConfig
compute.instances.use
compute.instances.useReadOnly

compute.instantSnapshots.*

compute.instantSnapshots.create
compute.instantSnapshots.delete
compute.instantSnapshots.export
compute.instantSnapshots.get
compute.instantSnapshots.getIamPolicy
compute.instantSnapshots.list
compute.instantSnapshots.setIamPolicy
compute.instantSnapshots.setLabels
compute.instantSnapshots.useReadOnly

compute.interconnectAttachments.get

compute.interconnectAttachments.list

compute.interconnectAttachments.listEffectiveTags

compute.interconnectAttachments.listTagBindings

compute.interconnectLocations.*

compute.interconnectLocations.get
compute.interconnectLocations.list

compute.interconnectRemoteLocations.*

compute.interconnectRemoteLocations.get
compute.interconnectRemoteLocations.list

compute.interconnects.get

compute.interconnects.list

compute.interconnects.listEffectiveTags

compute.interconnects.listTagBindings

compute.licenseCodes.*

compute.licenseCodes.get
compute.licenseCodes.getIamPolicy
compute.licenseCodes.list
compute.licenseCodes.setIamPolicy
compute.licenseCodes.update

compute.licenses.*

compute.licenses.create
compute.licenses.delete
compute.licenses.get
compute.licenses.getIamPolicy
compute.licenses.list
compute.licenses.setIamPolicy

compute.machineImages.*

compute.machineImages.create
compute.machineImages.delete
compute.machineImages.get
compute.machineImages.getIamPolicy
compute.machineImages.list
compute.machineImages.setIamPolicy
compute.machineImages.useReadOnly

compute.machineTypes.*

compute.machineTypes.get
compute.machineTypes.list

compute.multiMig.*

compute.multiMig.create
compute.multiMig.delete
compute.multiMig.get
compute.multiMig.list

compute.networkAttachments.get

compute.networkAttachments.list

compute.networkAttachments.listEffectiveTags

compute.networkAttachments.listTagBindings

compute.networkEndpointGroups.*

compute.networkEndpointGroups.attachNetworkEndpoints
compute.networkEndpointGroups.create
compute.networkEndpointGroups.createTagBinding
compute.networkEndpointGroups.delete
compute.networkEndpointGroups.deleteTagBinding
compute.networkEndpointGroups.detachNetworkEndpoints
compute.networkEndpointGroups.get
compute.networkEndpointGroups.list
compute.networkEndpointGroups.listEffectiveTags
compute.networkEndpointGroups.listTagBindings
compute.networkEndpointGroups.use

compute.networkProfiles.*

compute.networkProfiles.get
compute.networkProfiles.list

compute.networks.get

compute.networks.list

compute.networks.listEffectiveTags

compute.networks.listTagBindings

compute.networks.use

compute.networks.useExternalIp

compute.projects.get

compute.projects.setCommonInstanceMetadata

compute.regionBackendServices.get

compute.regionBackendServices.list

compute.regionBackendServices.listEffectiveTags

compute.regionBackendServices.listTagBindings

compute.regionHealthCheckServices.get

compute.regionHealthCheckServices.list

compute.regionHealthChecks.get

compute.regionHealthChecks.list

compute.regionHealthChecks.listEffectiveTags

compute.regionHealthChecks.listTagBindings

compute.regionNetworkEndpointGroups.*

compute.regionNetworkEndpointGroups.attachNetworkEndpoints
compute.regionNetworkEndpointGroups.create
compute.regionNetworkEndpointGroups.createTagBinding
compute.regionNetworkEndpointGroups.delete
compute.regionNetworkEndpointGroups.deleteTagBinding
compute.regionNetworkEndpointGroups.detachNetworkEndpoints
compute.regionNetworkEndpointGroups.get
compute.regionNetworkEndpointGroups.list
compute.regionNetworkEndpointGroups.listEffectiveTags
compute.regionNetworkEndpointGroups.listTagBindings
compute.regionNetworkEndpointGroups.use

compute.regionNotificationEndpoints.get

compute.regionNotificationEndpoints.list

compute.regionOperations.get

compute.regionOperations.list

compute.regionSslCertificates.get

compute.regionSslCertificates.list

compute.regionSslCertificates.listEffectiveTags

compute.regionSslCertificates.listTagBindings

compute.regionSslPolicies.get

compute.regionSslPolicies.list

compute.regionSslPolicies.listAvailableFeatures

compute.regionSslPolicies.listEffectiveTags

compute.regionSslPolicies.listTagBindings

compute.regionTargetHttpProxies.get

compute.regionTargetHttpProxies.list

compute.regionTargetHttpProxies.listEffectiveTags

compute.regionTargetHttpProxies.listTagBindings

compute.regionTargetHttpsProxies.get

compute.regionTargetHttpsProxies.list

compute.regionTargetHttpsProxies.listEffectiveTags

compute.regionTargetHttpsProxies.listTagBindings

compute.regionTargetTcpProxies.get

compute.regionTargetTcpProxies.list

compute.regionTargetTcpProxies.listEffectiveTags

compute.regionTargetTcpProxies.listTagBindings

compute.regionUrlMaps.get

compute.regionUrlMaps.list

compute.regionUrlMaps.listEffectiveTags

compute.regionUrlMaps.listTagBindings

compute.regions.*

compute.regions.get
compute.regions.list

compute.reservations.get

compute.reservations.list

compute.resourcePolicies.*

compute.resourcePolicies.create
compute.resourcePolicies.delete
compute.resourcePolicies.get
compute.resourcePolicies.getIamPolicy
compute.resourcePolicies.list
compute.resourcePolicies.setIamPolicy
compute.resourcePolicies.update
compute.resourcePolicies.use
compute.resourcePolicies.useReadOnly

compute.routers.get

compute.routers.getRoutePolicy

compute.routers.list

compute.routers.listBgpRoutes

compute.routers.listEffectiveTags

compute.routers.listRoutePolicies

compute.routers.listTagBindings

compute.routes.get

compute.routes.list

compute.routes.listEffectiveTags

compute.routes.listTagBindings

compute.serviceAttachments.get

compute.serviceAttachments.list

compute.serviceAttachments.listEffectiveTags

compute.serviceAttachments.listTagBindings

compute.snapshots.*

compute.snapshots.create
compute.snapshots.createTagBinding
compute.snapshots.delete
compute.snapshots.deleteTagBinding
compute.snapshots.get
compute.snapshots.getIamPolicy
compute.snapshots.list
compute.snapshots.listEffectiveTags
compute.snapshots.listTagBindings
compute.snapshots.setIamPolicy
compute.snapshots.setLabels
compute.snapshots.useReadOnly

compute.sslCertificates.get

compute.sslCertificates.list

compute.sslCertificates.listEffectiveTags

compute.sslCertificates.listTagBindings

compute.sslPolicies.get

compute.sslPolicies.list

compute.sslPolicies.listAvailableFeatures

compute.sslPolicies.listEffectiveTags

compute.sslPolicies.listTagBindings

compute.storagePools.get

compute.storagePools.list

compute.storagePools.use

compute.subnetworks.get

compute.subnetworks.list

compute.subnetworks.listEffectiveTags

compute.subnetworks.listTagBindings

compute.subnetworks.use

compute.subnetworks.useExternalIp

compute.targetGrpcProxies.get

compute.targetGrpcProxies.list

compute.targetGrpcProxies.listEffectiveTags

compute.targetGrpcProxies.listTagBindings

compute.targetHttpProxies.get

compute.targetHttpProxies.list

compute.targetHttpProxies.listEffectiveTags

compute.targetHttpProxies.listTagBindings

compute.targetHttpsProxies.get

compute.targetHttpsProxies.list

compute.targetHttpsProxies.listEffectiveTags

compute.targetHttpsProxies.listTagBindings

compute.targetInstances.get

compute.targetInstances.list

compute.targetInstances.listEffectiveTags

compute.targetInstances.listTagBindings

compute.targetPools.get

compute.targetPools.list

compute.targetPools.listEffectiveTags

compute.targetPools.listTagBindings

compute.targetSslProxies.get

compute.targetSslProxies.list

compute.targetSslProxies.listEffectiveTags

compute.targetSslProxies.listTagBindings

compute.targetTcpProxies.get

compute.targetTcpProxies.list

compute.targetTcpProxies.listEffectiveTags

compute.targetTcpProxies.listTagBindings

compute.targetVpnGateways.get

compute.targetVpnGateways.list

compute.targetVpnGateways.listEffectiveTags

compute.targetVpnGateways.listTagBindings

compute.urlMaps.get

compute.urlMaps.list

compute.urlMaps.listEffectiveTags

compute.urlMaps.listTagBindings

compute.vpnGateways.get

compute.vpnGateways.list

compute.vpnGateways.listEffectiveTags

compute.vpnGateways.listTagBindings

compute.vpnTunnels.get

compute.vpnTunnels.list

compute.vpnTunnels.listEffectiveTags

compute.vpnTunnels.listTagBindings

compute.zoneOperations.get

compute.zoneOperations.list

compute.zones.*

compute.zones.get
compute.zones.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Compute Load Balancer Admin role

Details Permissions

Details	Permissions
Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Permissions to create, modify, and delete load balancers and associate resources. For example, if your company has a load balancing team that manages load balancers, SSL certificates for load balancers, SSL policies, and other load balancing resources, and a separate networking team that manages the rest of the networking resources, then grant this role to the load balancing team's group. Lowest-level resources where you can grant this role: Instance	`certificatemanager.certmaps.get` `certificatemanager.certmaps.list` `certificatemanager.certmaps.use` `compute.addresses.` `compute.addresses.create` `compute.addresses.createInternal` `compute.addresses.createTagBinding` `compute.addresses.delete` `compute.addresses.deleteInternal` `compute.addresses.deleteTagBinding` `compute.addresses.get` `compute.addresses.list` `compute.addresses.listEffectiveTags` `compute.addresses.listTagBindings` `compute.addresses.setLabels` `compute.addresses.use` `compute.addresses.useInternal` `compute.backendBuckets.` `compute.backendBuckets.addSignedUrlKey` `compute.backendBuckets.create` `compute.backendBuckets.createTagBinding` `compute.backendBuckets.delete` `compute.backendBuckets.deleteSignedUrlKey` `compute.backendBuckets.deleteTagBinding` `compute.backendBuckets.get` `compute.backendBuckets.getIamPolicy` `compute.backendBuckets.list` `compute.backendBuckets.listEffectiveTags` `compute.backendBuckets.listTagBindings` `compute.backendBuckets.setIamPolicy` `compute.backendBuckets.setSecurityPolicy` `compute.backendBuckets.update` `compute.backendBuckets.use` `compute.backendServices.` `compute.backendServices.addSignedUrlKey` `compute.backendServices.create` `compute.backendServices.createTagBinding` `compute.backendServices.delete` `compute.backendServices.deleteSignedUrlKey` `compute.backendServices.deleteTagBinding` `compute.backendServices.get` `compute.backendServices.getIamPolicy` `compute.backendServices.list` `compute.backendServices.listEffectiveTags` `compute.backendServices.listTagBindings` `compute.backendServices.setIamPolicy` `compute.backendServices.setSecurityPolicy` `compute.backendServices.update` `compute.backendServices.use` `compute.disks.listEffectiveTags` `compute.disks.listTagBindings` `compute.forwardingRules.` `compute.forwardingRules.create` `compute.forwardingRules.createTagBinding` `compute.forwardingRules.delete` `compute.forwardingRules.deleteTagBinding` `compute.forwardingRules.get` `compute.forwardingRules.list` `compute.forwardingRules.listEffectiveTags` `compute.forwardingRules.listTagBindings` `compute.forwardingRules.pscCreate` `compute.forwardingRules.pscDelete` `compute.forwardingRules.pscSetLabels` `compute.forwardingRules.pscSetTarget` `compute.forwardingRules.pscUpdate` `compute.forwardingRules.setLabels` `compute.forwardingRules.setTarget` `compute.forwardingRules.update` `compute.forwardingRules.use` `compute.globalAddresses.` `compute.globalAddresses.create` `compute.globalAddresses.createInternal` `compute.globalAddresses.createTagBinding` `compute.globalAddresses.delete` `compute.globalAddresses.deleteInternal` `compute.globalAddresses.deleteTagBinding` `compute.globalAddresses.get` `compute.globalAddresses.list` `compute.globalAddresses.listEffectiveTags` `compute.globalAddresses.listTagBindings` `compute.globalAddresses.setLabels` `compute.globalAddresses.use` `compute.globalForwardingRules.` `compute.globalForwardingRules.create` `compute.globalForwardingRules.createTagBinding` `compute.globalForwardingRules.delete` `compute.globalForwardingRules.deleteTagBinding` `compute.globalForwardingRules.get` `compute.globalForwardingRules.list` `compute.globalForwardingRules.listEffectiveTags` `compute.globalForwardingRules.listTagBindings` `compute.globalForwardingRules.pscCreate` `compute.globalForwardingRules.pscDelete` `compute.globalForwardingRules.pscGet` `compute.globalForwardingRules.pscSetLabels` `compute.globalForwardingRules.pscSetTarget` `compute.globalForwardingRules.pscUpdate` `compute.globalForwardingRules.setLabels` `compute.globalForwardingRules.setTarget` `compute.globalForwardingRules.update` `compute.globalNetworkEndpointGroups.` `compute.globalNetworkEndpointGroups.attachNetworkEndpoints` `compute.globalNetworkEndpointGroups.create` `compute.globalNetworkEndpointGroups.createTagBinding` `compute.globalNetworkEndpointGroups.delete` `compute.globalNetworkEndpointGroups.deleteTagBinding` `compute.globalNetworkEndpointGroups.detachNetworkEndpoints` `compute.globalNetworkEndpointGroups.get` `compute.globalNetworkEndpointGroups.list` `compute.globalNetworkEndpointGroups.listEffectiveTags` `compute.globalNetworkEndpointGroups.listTagBindings` `compute.globalNetworkEndpointGroups.use` `compute.globalOperations.get` `compute.globalOperations.list` `compute.healthChecks.` `compute.healthChecks.create` `compute.healthChecks.createTagBinding` `compute.healthChecks.delete` `compute.healthChecks.deleteTagBinding` `compute.healthChecks.get` `compute.healthChecks.list` `compute.healthChecks.listEffectiveTags` `compute.healthChecks.listTagBindings` `compute.healthChecks.update` `compute.healthChecks.use` `compute.healthChecks.useReadOnly` `compute.httpHealthChecks.` `compute.httpHealthChecks.create` `compute.httpHealthChecks.createTagBinding` `compute.httpHealthChecks.delete` `compute.httpHealthChecks.deleteTagBinding` `compute.httpHealthChecks.get` `compute.httpHealthChecks.list` `compute.httpHealthChecks.listEffectiveTags` `compute.httpHealthChecks.listTagBindings` `compute.httpHealthChecks.update` `compute.httpHealthChecks.use` `compute.httpHealthChecks.useReadOnly` `compute.httpsHealthChecks.` `compute.httpsHealthChecks.create` `compute.httpsHealthChecks.createTagBinding` `compute.httpsHealthChecks.delete` `compute.httpsHealthChecks.deleteTagBinding` `compute.httpsHealthChecks.get` `compute.httpsHealthChecks.list` `compute.httpsHealthChecks.listEffectiveTags` `compute.httpsHealthChecks.listTagBindings` `compute.httpsHealthChecks.update` `compute.httpsHealthChecks.use` `compute.httpsHealthChecks.useReadOnly` `compute.images.listEffectiveTags` `compute.images.listTagBindings` `compute.instanceGroups.` `compute.instanceGroups.create` `compute.instanceGroups.createTagBinding` `compute.instanceGroups.delete` `compute.instanceGroups.deleteTagBinding` `compute.instanceGroups.get` `compute.instanceGroups.list` `compute.instanceGroups.listEffectiveTags` `compute.instanceGroups.listTagBindings` `compute.instanceGroups.update` `compute.instanceGroups.use` `compute.instances.get` `compute.instances.list` `compute.instances.listEffectiveTags` `compute.instances.listTagBindings` `compute.instances.use` `compute.instances.useReadOnly` `compute.networkEndpointGroups.` `compute.networkEndpointGroups.attachNetworkEndpoints` `compute.networkEndpointGroups.create` `compute.networkEndpointGroups.createTagBinding` `compute.networkEndpointGroups.delete` `compute.networkEndpointGroups.deleteTagBinding` `compute.networkEndpointGroups.detachNetworkEndpoints` `compute.networkEndpointGroups.get` `compute.networkEndpointGroups.list` `compute.networkEndpointGroups.listEffectiveTags` `compute.networkEndpointGroups.listTagBindings` `compute.networkEndpointGroups.use` `compute.networks.get` `compute.networks.list` `compute.networks.listEffectiveTags` `compute.networks.listTagBindings` `compute.networks.use` `compute.projects.get` `compute.regionBackendServices.` `compute.regionBackendServices.create` `compute.regionBackendServices.createTagBinding` `compute.regionBackendServices.delete` `compute.regionBackendServices.deleteTagBinding` `compute.regionBackendServices.get` `compute.regionBackendServices.getIamPolicy` `compute.regionBackendServices.list` `compute.regionBackendServices.listEffectiveTags` `compute.regionBackendServices.listTagBindings` `compute.regionBackendServices.setIamPolicy` `compute.regionBackendServices.setSecurityPolicy` `compute.regionBackendServices.update` `compute.regionBackendServices.use` `compute.regionHealthCheckServices.` `compute.regionHealthCheckServices.create` `compute.regionHealthCheckServices.delete` `compute.regionHealthCheckServices.get` `compute.regionHealthCheckServices.list` `compute.regionHealthCheckServices.update` `compute.regionHealthCheckServices.use` `compute.regionHealthChecks.` `compute.regionHealthChecks.create` `compute.regionHealthChecks.createTagBinding` `compute.regionHealthChecks.delete` `compute.regionHealthChecks.deleteTagBinding` `compute.regionHealthChecks.get` `compute.regionHealthChecks.list` `compute.regionHealthChecks.listEffectiveTags` `compute.regionHealthChecks.listTagBindings` `compute.regionHealthChecks.update` `compute.regionHealthChecks.use` `compute.regionHealthChecks.useReadOnly` `compute.regionNetworkEndpointGroups.` `compute.regionNetworkEndpointGroups.attachNetworkEndpoints` `compute.regionNetworkEndpointGroups.create` `compute.regionNetworkEndpointGroups.createTagBinding` `compute.regionNetworkEndpointGroups.delete` `compute.regionNetworkEndpointGroups.deleteTagBinding` `compute.regionNetworkEndpointGroups.detachNetworkEndpoints` `compute.regionNetworkEndpointGroups.get` `compute.regionNetworkEndpointGroups.list` `compute.regionNetworkEndpointGroups.listEffectiveTags` `compute.regionNetworkEndpointGroups.listTagBindings` `compute.regionNetworkEndpointGroups.use` `compute.regionNotificationEndpoints.` `compute.regionNotificationEndpoints.create` `compute.regionNotificationEndpoints.delete` `compute.regionNotificationEndpoints.get` `compute.regionNotificationEndpoints.list` `compute.regionNotificationEndpoints.update` `compute.regionNotificationEndpoints.use` `compute.regionOperations.get` `compute.regionOperations.list` `compute.regionSecurityPolicies.get` `compute.regionSecurityPolicies.list` `compute.regionSecurityPolicies.listEffectiveTags` `compute.regionSecurityPolicies.listTagBindings` `compute.regionSecurityPolicies.use` `compute.regionSslCertificates.` `compute.regionSslCertificates.create` `compute.regionSslCertificates.createTagBinding` `compute.regionSslCertificates.delete` `compute.regionSslCertificates.deleteTagBinding` `compute.regionSslCertificates.get` `compute.regionSslCertificates.list` `compute.regionSslCertificates.listEffectiveTags` `compute.regionSslCertificates.listTagBindings` `compute.regionSslPolicies.` `compute.regionSslPolicies.create` `compute.regionSslPolicies.createTagBinding` `compute.regionSslPolicies.delete` `compute.regionSslPolicies.deleteTagBinding` `compute.regionSslPolicies.get` `compute.regionSslPolicies.list` `compute.regionSslPolicies.listAvailableFeatures` `compute.regionSslPolicies.listEffectiveTags` `compute.regionSslPolicies.listTagBindings` `compute.regionSslPolicies.update` `compute.regionSslPolicies.use` `compute.regionTargetHttpProxies.` `compute.regionTargetHttpProxies.create` `compute.regionTargetHttpProxies.createTagBinding` `compute.regionTargetHttpProxies.delete` `compute.regionTargetHttpProxies.deleteTagBinding` `compute.regionTargetHttpProxies.get` `compute.regionTargetHttpProxies.list` `compute.regionTargetHttpProxies.listEffectiveTags` `compute.regionTargetHttpProxies.listTagBindings` `compute.regionTargetHttpProxies.setUrlMap` `compute.regionTargetHttpProxies.use` `compute.regionTargetHttpsProxies.` `compute.regionTargetHttpsProxies.create` `compute.regionTargetHttpsProxies.createTagBinding` `compute.regionTargetHttpsProxies.delete` `compute.regionTargetHttpsProxies.deleteTagBinding` `compute.regionTargetHttpsProxies.get` `compute.regionTargetHttpsProxies.list` `compute.regionTargetHttpsProxies.listEffectiveTags` `compute.regionTargetHttpsProxies.listTagBindings` `compute.regionTargetHttpsProxies.setSslCertificates` `compute.regionTargetHttpsProxies.setUrlMap` `compute.regionTargetHttpsProxies.update` `compute.regionTargetHttpsProxies.use` `compute.regionTargetTcpProxies.` `compute.regionTargetTcpProxies.create` `compute.regionTargetTcpProxies.createTagBinding` `compute.regionTargetTcpProxies.delete` `compute.regionTargetTcpProxies.deleteTagBinding` `compute.regionTargetTcpProxies.get` `compute.regionTargetTcpProxies.list` `compute.regionTargetTcpProxies.listEffectiveTags` `compute.regionTargetTcpProxies.listTagBindings` `compute.regionTargetTcpProxies.use` `compute.regionUrlMaps.` `compute.regionUrlMaps.create` `compute.regionUrlMaps.createTagBinding` `compute.regionUrlMaps.delete` `compute.regionUrlMaps.deleteTagBinding` `compute.regionUrlMaps.get` `compute.regionUrlMaps.invalidateCache` `compute.regionUrlMaps.list` `compute.regionUrlMaps.listEffectiveTags` `compute.regionUrlMaps.listTagBindings` `compute.regionUrlMaps.update` `compute.regionUrlMaps.use` `compute.regionUrlMaps.validate` `compute.securityPolicies.get` `compute.securityPolicies.list` `compute.securityPolicies.listEffectiveTags` `compute.securityPolicies.listTagBindings` `compute.securityPolicies.use` `compute.snapshots.listEffectiveTags` `compute.snapshots.listTagBindings` `compute.sslCertificates.` `compute.sslCertificates.create` `compute.sslCertificates.createTagBinding` `compute.sslCertificates.delete` `compute.sslCertificates.deleteTagBinding` `compute.sslCertificates.get` `compute.sslCertificates.list` `compute.sslCertificates.listEffectiveTags` `compute.sslCertificates.listTagBindings` `compute.sslPolicies.` `compute.sslPolicies.create` `compute.sslPolicies.createTagBinding` `compute.sslPolicies.delete` `compute.sslPolicies.deleteTagBinding` `compute.sslPolicies.get` `compute.sslPolicies.list` `compute.sslPolicies.listAvailableFeatures` `compute.sslPolicies.listEffectiveTags` `compute.sslPolicies.listTagBindings` `compute.sslPolicies.update` `compute.sslPolicies.use` `compute.subnetworks.get` `compute.subnetworks.list` `compute.subnetworks.listEffectiveTags` `compute.subnetworks.listTagBindings` `compute.subnetworks.use` `compute.targetGrpcProxies.` `compute.targetGrpcProxies.create` `compute.targetGrpcProxies.createTagBinding` `compute.targetGrpcProxies.delete` `compute.targetGrpcProxies.deleteTagBinding` `compute.targetGrpcProxies.get` `compute.targetGrpcProxies.list` `compute.targetGrpcProxies.listEffectiveTags` `compute.targetGrpcProxies.listTagBindings` `compute.targetGrpcProxies.update` `compute.targetGrpcProxies.use` `compute.targetHttpProxies.` `compute.targetHttpProxies.create` `compute.targetHttpProxies.createTagBinding` `compute.targetHttpProxies.delete` `compute.targetHttpProxies.deleteTagBinding` `compute.targetHttpProxies.get` `compute.targetHttpProxies.list` `compute.targetHttpProxies.listEffectiveTags` `compute.targetHttpProxies.listTagBindings` `compute.targetHttpProxies.setUrlMap` `compute.targetHttpProxies.update` `compute.targetHttpProxies.use` `compute.targetHttpsProxies.` `compute.targetHttpsProxies.create` `compute.targetHttpsProxies.createTagBinding` `compute.targetHttpsProxies.delete` `compute.targetHttpsProxies.deleteTagBinding` `compute.targetHttpsProxies.get` `compute.targetHttpsProxies.list` `compute.targetHttpsProxies.listEffectiveTags` `compute.targetHttpsProxies.listTagBindings` `compute.targetHttpsProxies.setCertificateMap` `compute.targetHttpsProxies.setQuicOverride` `compute.targetHttpsProxies.setSslCertificates` `compute.targetHttpsProxies.setSslPolicy` `compute.targetHttpsProxies.setUrlMap` `compute.targetHttpsProxies.update` `compute.targetHttpsProxies.use` `compute.targetInstances.` `compute.targetInstances.create` `compute.targetInstances.createTagBinding` `compute.targetInstances.delete` `compute.targetInstances.deleteTagBinding` `compute.targetInstances.get` `compute.targetInstances.list` `compute.targetInstances.listEffectiveTags` `compute.targetInstances.listTagBindings` `compute.targetInstances.setSecurityPolicy` `compute.targetInstances.use` `compute.targetPools.` `compute.targetPools.addHealthCheck` `compute.targetPools.addInstance` `compute.targetPools.create` `compute.targetPools.createTagBinding` `compute.targetPools.delete` `compute.targetPools.deleteTagBinding` `compute.targetPools.get` `compute.targetPools.list` `compute.targetPools.listEffectiveTags` `compute.targetPools.listTagBindings` `compute.targetPools.removeHealthCheck` `compute.targetPools.removeInstance` `compute.targetPools.setSecurityPolicy` `compute.targetPools.update` `compute.targetPools.use` `compute.targetSslProxies.` `compute.targetSslProxies.create` `compute.targetSslProxies.createTagBinding` `compute.targetSslProxies.delete` `compute.targetSslProxies.deleteTagBinding` `compute.targetSslProxies.get` `compute.targetSslProxies.list` `compute.targetSslProxies.listEffectiveTags` `compute.targetSslProxies.listTagBindings` `compute.targetSslProxies.setBackendService` `compute.targetSslProxies.setCertificateMap` `compute.targetSslProxies.setProxyHeader` `compute.targetSslProxies.setSslCertificates` `compute.targetSslProxies.setSslPolicy` `compute.targetSslProxies.update` `compute.targetSslProxies.use` `compute.targetTcpProxies.` `compute.targetTcpProxies.create` `compute.targetTcpProxies.createTagBinding` `compute.targetTcpProxies.delete` `compute.targetTcpProxies.deleteTagBinding` `compute.targetTcpProxies.get` `compute.targetTcpProxies.list` `compute.targetTcpProxies.listEffectiveTags` `compute.targetTcpProxies.listTagBindings` `compute.targetTcpProxies.update` `compute.targetTcpProxies.use` `compute.urlMaps.*` `compute.urlMaps.create` `compute.urlMaps.createTagBinding` `compute.urlMaps.delete` `compute.urlMaps.deleteTagBinding` `compute.urlMaps.get` `compute.urlMaps.invalidateCache` `compute.urlMaps.list` `compute.urlMaps.listEffectiveTags` `compute.urlMaps.listTagBindings` `compute.urlMaps.update` `compute.urlMaps.use` `compute.urlMaps.validate` `compute.zoneOperations.get` `compute.zoneOperations.list` `networksecurity.clientTlsPolicies.get` `networksecurity.clientTlsPolicies.list` `networksecurity.clientTlsPolicies.use` `networksecurity.serverTlsPolicies.get` `networksecurity.serverTlsPolicies.list` `networksecurity.serverTlsPolicies.use` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list`

Compute Load Balancer Admin

(roles/compute.loadBalancerAdmin)

Permissions to create, modify, and delete load balancers and associate resources.

For example, if your company has a load balancing team that manages load balancers, SSL certificates for load balancers, SSL policies, and other load balancing resources, and a separate networking team that manages the rest of the networking resources, then grant this role to the load balancing team's group.

Lowest-level resources where you can grant this role:

Instance

certificatemanager.certmaps.get

certificatemanager.certmaps.list

certificatemanager.certmaps.use

compute.addresses.*

compute.addresses.create
compute.addresses.createInternal
compute.addresses.createTagBinding
compute.addresses.delete
compute.addresses.deleteInternal
compute.addresses.deleteTagBinding
compute.addresses.get
compute.addresses.list
compute.addresses.listEffectiveTags
compute.addresses.listTagBindings
compute.addresses.setLabels
compute.addresses.use
compute.addresses.useInternal

compute.backendBuckets.*

compute.backendBuckets.addSignedUrlKey
compute.backendBuckets.create
compute.backendBuckets.createTagBinding
compute.backendBuckets.delete
compute.backendBuckets.deleteSignedUrlKey
compute.backendBuckets.deleteTagBinding
compute.backendBuckets.get
compute.backendBuckets.getIamPolicy
compute.backendBuckets.list
compute.backendBuckets.listEffectiveTags
compute.backendBuckets.listTagBindings
compute.backendBuckets.setIamPolicy
compute.backendBuckets.setSecurityPolicy
compute.backendBuckets.update
compute.backendBuckets.use

compute.backendServices.*

compute.backendServices.addSignedUrlKey
compute.backendServices.create
compute.backendServices.createTagBinding
compute.backendServices.delete
compute.backendServices.deleteSignedUrlKey
compute.backendServices.deleteTagBinding
compute.backendServices.get
compute.backendServices.getIamPolicy
compute.backendServices.list
compute.backendServices.listEffectiveTags
compute.backendServices.listTagBindings
compute.backendServices.setIamPolicy
compute.backendServices.setSecurityPolicy
compute.backendServices.update
compute.backendServices.use

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.forwardingRules.*

compute.forwardingRules.create
compute.forwardingRules.createTagBinding
compute.forwardingRules.delete
compute.forwardingRules.deleteTagBinding
compute.forwardingRules.get
compute.forwardingRules.list
compute.forwardingRules.listEffectiveTags
compute.forwardingRules.listTagBindings
compute.forwardingRules.pscCreate
compute.forwardingRules.pscDelete
compute.forwardingRules.pscSetLabels
compute.forwardingRules.pscSetTarget
compute.forwardingRules.pscUpdate
compute.forwardingRules.setLabels
compute.forwardingRules.setTarget
compute.forwardingRules.update
compute.forwardingRules.use

compute.globalAddresses.*

compute.globalAddresses.create
compute.globalAddresses.createInternal
compute.globalAddresses.createTagBinding
compute.globalAddresses.delete
compute.globalAddresses.deleteInternal
compute.globalAddresses.deleteTagBinding
compute.globalAddresses.get
compute.globalAddresses.list
compute.globalAddresses.listEffectiveTags
compute.globalAddresses.listTagBindings
compute.globalAddresses.setLabels
compute.globalAddresses.use

compute.globalForwardingRules.*

compute.globalForwardingRules.create
compute.globalForwardingRules.createTagBinding
compute.globalForwardingRules.delete
compute.globalForwardingRules.deleteTagBinding
compute.globalForwardingRules.get
compute.globalForwardingRules.list
compute.globalForwardingRules.listEffectiveTags
compute.globalForwardingRules.listTagBindings
compute.globalForwardingRules.pscCreate
compute.globalForwardingRules.pscDelete
compute.globalForwardingRules.pscGet
compute.globalForwardingRules.pscSetLabels
compute.globalForwardingRules.pscSetTarget
compute.globalForwardingRules.pscUpdate
compute.globalForwardingRules.setLabels
compute.globalForwardingRules.setTarget
compute.globalForwardingRules.update

compute.globalNetworkEndpointGroups.*

compute.globalNetworkEndpointGroups.attachNetworkEndpoints
compute.globalNetworkEndpointGroups.create
compute.globalNetworkEndpointGroups.createTagBinding
compute.globalNetworkEndpointGroups.delete
compute.globalNetworkEndpointGroups.deleteTagBinding
compute.globalNetworkEndpointGroups.detachNetworkEndpoints
compute.globalNetworkEndpointGroups.get
compute.globalNetworkEndpointGroups.list
compute.globalNetworkEndpointGroups.listEffectiveTags
compute.globalNetworkEndpointGroups.listTagBindings
compute.globalNetworkEndpointGroups.use

compute.globalOperations.get

compute.globalOperations.list

compute.healthChecks.*

compute.healthChecks.create
compute.healthChecks.createTagBinding
compute.healthChecks.delete
compute.healthChecks.deleteTagBinding
compute.healthChecks.get
compute.healthChecks.list
compute.healthChecks.listEffectiveTags
compute.healthChecks.listTagBindings
compute.healthChecks.update
compute.healthChecks.use
compute.healthChecks.useReadOnly

compute.httpHealthChecks.*

compute.httpHealthChecks.create
compute.httpHealthChecks.createTagBinding
compute.httpHealthChecks.delete
compute.httpHealthChecks.deleteTagBinding
compute.httpHealthChecks.get
compute.httpHealthChecks.list
compute.httpHealthChecks.listEffectiveTags
compute.httpHealthChecks.listTagBindings
compute.httpHealthChecks.update
compute.httpHealthChecks.use
compute.httpHealthChecks.useReadOnly

compute.httpsHealthChecks.*

compute.httpsHealthChecks.create
compute.httpsHealthChecks.createTagBinding
compute.httpsHealthChecks.delete
compute.httpsHealthChecks.deleteTagBinding
compute.httpsHealthChecks.get
compute.httpsHealthChecks.list
compute.httpsHealthChecks.listEffectiveTags
compute.httpsHealthChecks.listTagBindings
compute.httpsHealthChecks.update
compute.httpsHealthChecks.use
compute.httpsHealthChecks.useReadOnly

compute.images.listEffectiveTags

compute.images.listTagBindings

compute.instanceGroups.*

compute.instanceGroups.create
compute.instanceGroups.createTagBinding
compute.instanceGroups.delete
compute.instanceGroups.deleteTagBinding
compute.instanceGroups.get
compute.instanceGroups.list
compute.instanceGroups.listEffectiveTags
compute.instanceGroups.listTagBindings
compute.instanceGroups.update
compute.instanceGroups.use

compute.instances.get

compute.instances.list

compute.instances.listEffectiveTags

compute.instances.listTagBindings

compute.instances.use

compute.instances.useReadOnly

compute.networkEndpointGroups.*

compute.networkEndpointGroups.attachNetworkEndpoints
compute.networkEndpointGroups.create
compute.networkEndpointGroups.createTagBinding
compute.networkEndpointGroups.delete
compute.networkEndpointGroups.deleteTagBinding
compute.networkEndpointGroups.detachNetworkEndpoints
compute.networkEndpointGroups.get
compute.networkEndpointGroups.list
compute.networkEndpointGroups.listEffectiveTags
compute.networkEndpointGroups.listTagBindings
compute.networkEndpointGroups.use

compute.networks.get

compute.networks.list

compute.networks.listEffectiveTags

compute.networks.listTagBindings

compute.networks.use

compute.projects.get

compute.regionBackendServices.*

compute.regionBackendServices.create
compute.regionBackendServices.createTagBinding
compute.regionBackendServices.delete
compute.regionBackendServices.deleteTagBinding
compute.regionBackendServices.get
compute.regionBackendServices.getIamPolicy
compute.regionBackendServices.list
compute.regionBackendServices.listEffectiveTags
compute.regionBackendServices.listTagBindings
compute.regionBackendServices.setIamPolicy
compute.regionBackendServices.setSecurityPolicy
compute.regionBackendServices.update
compute.regionBackendServices.use

compute.regionHealthCheckServices.*

compute.regionHealthCheckServices.create
compute.regionHealthCheckServices.delete
compute.regionHealthCheckServices.get
compute.regionHealthCheckServices.list
compute.regionHealthCheckServices.update
compute.regionHealthCheckServices.use

compute.regionHealthChecks.*

compute.regionHealthChecks.create
compute.regionHealthChecks.createTagBinding
compute.regionHealthChecks.delete
compute.regionHealthChecks.deleteTagBinding
compute.regionHealthChecks.get
compute.regionHealthChecks.list
compute.regionHealthChecks.listEffectiveTags
compute.regionHealthChecks.listTagBindings
compute.regionHealthChecks.update
compute.regionHealthChecks.use
compute.regionHealthChecks.useReadOnly

compute.regionNetworkEndpointGroups.*

compute.regionNetworkEndpointGroups.attachNetworkEndpoints
compute.regionNetworkEndpointGroups.create
compute.regionNetworkEndpointGroups.createTagBinding
compute.regionNetworkEndpointGroups.delete
compute.regionNetworkEndpointGroups.deleteTagBinding
compute.regionNetworkEndpointGroups.detachNetworkEndpoints
compute.regionNetworkEndpointGroups.get
compute.regionNetworkEndpointGroups.list
compute.regionNetworkEndpointGroups.listEffectiveTags
compute.regionNetworkEndpointGroups.listTagBindings
compute.regionNetworkEndpointGroups.use

compute.regionNotificationEndpoints.*

compute.regionNotificationEndpoints.create
compute.regionNotificationEndpoints.delete
compute.regionNotificationEndpoints.get
compute.regionNotificationEndpoints.list
compute.regionNotificationEndpoints.update
compute.regionNotificationEndpoints.use

compute.regionOperations.get

compute.regionOperations.list

compute.regionSecurityPolicies.get

compute.regionSecurityPolicies.list

compute.regionSecurityPolicies.listEffectiveTags

compute.regionSecurityPolicies.listTagBindings

compute.regionSecurityPolicies.use

compute.regionSslCertificates.*

compute.regionSslCertificates.create
compute.regionSslCertificates.createTagBinding
compute.regionSslCertificates.delete
compute.regionSslCertificates.deleteTagBinding
compute.regionSslCertificates.get
compute.regionSslCertificates.list
compute.regionSslCertificates.listEffectiveTags
compute.regionSslCertificates.listTagBindings

compute.regionSslPolicies.*

compute.regionSslPolicies.create
compute.regionSslPolicies.createTagBinding
compute.regionSslPolicies.delete
compute.regionSslPolicies.deleteTagBinding
compute.regionSslPolicies.get
compute.regionSslPolicies.list
compute.regionSslPolicies.listAvailableFeatures
compute.regionSslPolicies.listEffectiveTags
compute.regionSslPolicies.listTagBindings
compute.regionSslPolicies.update
compute.regionSslPolicies.use

compute.regionTargetHttpProxies.*

compute.regionTargetHttpProxies.create
compute.regionTargetHttpProxies.createTagBinding
compute.regionTargetHttpProxies.delete
compute.regionTargetHttpProxies.deleteTagBinding
compute.regionTargetHttpProxies.get
compute.regionTargetHttpProxies.list
compute.regionTargetHttpProxies.listEffectiveTags
compute.regionTargetHttpProxies.listTagBindings
compute.regionTargetHttpProxies.setUrlMap
compute.regionTargetHttpProxies.use

compute.regionTargetHttpsProxies.*

compute.regionTargetHttpsProxies.create
compute.regionTargetHttpsProxies.createTagBinding
compute.regionTargetHttpsProxies.delete
compute.regionTargetHttpsProxies.deleteTagBinding
compute.regionTargetHttpsProxies.get
compute.regionTargetHttpsProxies.list
compute.regionTargetHttpsProxies.listEffectiveTags
compute.regionTargetHttpsProxies.listTagBindings
compute.regionTargetHttpsProxies.setSslCertificates
compute.regionTargetHttpsProxies.setUrlMap
compute.regionTargetHttpsProxies.update
compute.regionTargetHttpsProxies.use

compute.regionTargetTcpProxies.*

compute.regionTargetTcpProxies.create
compute.regionTargetTcpProxies.createTagBinding
compute.regionTargetTcpProxies.delete
compute.regionTargetTcpProxies.deleteTagBinding
compute.regionTargetTcpProxies.get
compute.regionTargetTcpProxies.list
compute.regionTargetTcpProxies.listEffectiveTags
compute.regionTargetTcpProxies.listTagBindings
compute.regionTargetTcpProxies.use

compute.regionUrlMaps.*

compute.regionUrlMaps.create
compute.regionUrlMaps.createTagBinding
compute.regionUrlMaps.delete
compute.regionUrlMaps.deleteTagBinding
compute.regionUrlMaps.get
compute.regionUrlMaps.invalidateCache
compute.regionUrlMaps.list
compute.regionUrlMaps.listEffectiveTags
compute.regionUrlMaps.listTagBindings
compute.regionUrlMaps.update
compute.regionUrlMaps.use
compute.regionUrlMaps.validate

compute.securityPolicies.get

compute.securityPolicies.list

compute.securityPolicies.listEffectiveTags

compute.securityPolicies.listTagBindings

compute.securityPolicies.use

compute.snapshots.listEffectiveTags

compute.snapshots.listTagBindings

compute.sslCertificates.*

compute.sslCertificates.create
compute.sslCertificates.createTagBinding
compute.sslCertificates.delete
compute.sslCertificates.deleteTagBinding
compute.sslCertificates.get
compute.sslCertificates.list
compute.sslCertificates.listEffectiveTags
compute.sslCertificates.listTagBindings

compute.sslPolicies.*

compute.sslPolicies.create
compute.sslPolicies.createTagBinding
compute.sslPolicies.delete
compute.sslPolicies.deleteTagBinding
compute.sslPolicies.get
compute.sslPolicies.list
compute.sslPolicies.listAvailableFeatures
compute.sslPolicies.listEffectiveTags
compute.sslPolicies.listTagBindings
compute.sslPolicies.update
compute.sslPolicies.use

compute.subnetworks.get

compute.subnetworks.list

compute.subnetworks.listEffectiveTags

compute.subnetworks.listTagBindings

compute.subnetworks.use

compute.targetGrpcProxies.*

compute.targetGrpcProxies.create
compute.targetGrpcProxies.createTagBinding
compute.targetGrpcProxies.delete
compute.targetGrpcProxies.deleteTagBinding
compute.targetGrpcProxies.get
compute.targetGrpcProxies.list
compute.targetGrpcProxies.listEffectiveTags
compute.targetGrpcProxies.listTagBindings
compute.targetGrpcProxies.update
compute.targetGrpcProxies.use

compute.targetHttpProxies.*

compute.targetHttpProxies.create
compute.targetHttpProxies.createTagBinding
compute.targetHttpProxies.delete
compute.targetHttpProxies.deleteTagBinding
compute.targetHttpProxies.get
compute.targetHttpProxies.list
compute.targetHttpProxies.listEffectiveTags
compute.targetHttpProxies.listTagBindings
compute.targetHttpProxies.setUrlMap
compute.targetHttpProxies.update
compute.targetHttpProxies.use

compute.targetHttpsProxies.*

compute.targetHttpsProxies.create
compute.targetHttpsProxies.createTagBinding
compute.targetHttpsProxies.delete
compute.targetHttpsProxies.deleteTagBinding
compute.targetHttpsProxies.get
compute.targetHttpsProxies.list
compute.targetHttpsProxies.listEffectiveTags
compute.targetHttpsProxies.listTagBindings
compute.targetHttpsProxies.setCertificateMap
compute.targetHttpsProxies.setQuicOverride
compute.targetHttpsProxies.setSslCertificates
compute.targetHttpsProxies.setSslPolicy
compute.targetHttpsProxies.setUrlMap
compute.targetHttpsProxies.update
compute.targetHttpsProxies.use

compute.targetInstances.*

compute.targetInstances.create
compute.targetInstances.createTagBinding
compute.targetInstances.delete
compute.targetInstances.deleteTagBinding
compute.targetInstances.get
compute.targetInstances.list
compute.targetInstances.listEffectiveTags
compute.targetInstances.listTagBindings
compute.targetInstances.setSecurityPolicy
compute.targetInstances.use

compute.targetPools.*

compute.targetPools.addHealthCheck
compute.targetPools.addInstance
compute.targetPools.create
compute.targetPools.createTagBinding
compute.targetPools.delete
compute.targetPools.deleteTagBinding
compute.targetPools.get
compute.targetPools.list
compute.targetPools.listEffectiveTags
compute.targetPools.listTagBindings
compute.targetPools.removeHealthCheck
compute.targetPools.removeInstance
compute.targetPools.setSecurityPolicy
compute.targetPools.update
compute.targetPools.use

compute.targetSslProxies.*

compute.targetSslProxies.create
compute.targetSslProxies.createTagBinding
compute.targetSslProxies.delete
compute.targetSslProxies.deleteTagBinding
compute.targetSslProxies.get
compute.targetSslProxies.list
compute.targetSslProxies.listEffectiveTags
compute.targetSslProxies.listTagBindings
compute.targetSslProxies.setBackendService
compute.targetSslProxies.setCertificateMap
compute.targetSslProxies.setProxyHeader
compute.targetSslProxies.setSslCertificates
compute.targetSslProxies.setSslPolicy
compute.targetSslProxies.update
compute.targetSslProxies.use

compute.targetTcpProxies.*

compute.targetTcpProxies.create
compute.targetTcpProxies.createTagBinding
compute.targetTcpProxies.delete
compute.targetTcpProxies.deleteTagBinding
compute.targetTcpProxies.get
compute.targetTcpProxies.list
compute.targetTcpProxies.listEffectiveTags
compute.targetTcpProxies.listTagBindings
compute.targetTcpProxies.update
compute.targetTcpProxies.use

compute.urlMaps.*

compute.urlMaps.create
compute.urlMaps.createTagBinding
compute.urlMaps.delete
compute.urlMaps.deleteTagBinding
compute.urlMaps.get
compute.urlMaps.invalidateCache
compute.urlMaps.list
compute.urlMaps.listEffectiveTags
compute.urlMaps.listTagBindings
compute.urlMaps.update
compute.urlMaps.use
compute.urlMaps.validate

compute.zoneOperations.get

compute.zoneOperations.list

networksecurity.clientTlsPolicies.get

networksecurity.clientTlsPolicies.list

networksecurity.clientTlsPolicies.use

networksecurity.serverTlsPolicies.get

networksecurity.serverTlsPolicies.list

networksecurity.serverTlsPolicies.use

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Compute Load Balancer Services User role

Details Permissions

Details	Permissions
Compute Load Balancer Services User (`roles/compute.loadBalancerServiceUser`) Permissions to use services from a load balancer in other projects.	`compute.backendBuckets.get` `compute.backendBuckets.list` `compute.backendBuckets.listEffectiveTags` `compute.backendBuckets.listTagBindings` `compute.backendBuckets.use` `compute.backendServices.get` `compute.backendServices.list` `compute.backendServices.listEffectiveTags` `compute.backendServices.listTagBindings` `compute.backendServices.use` `compute.projects.get` `compute.regionBackendServices.get` `compute.regionBackendServices.list` `compute.regionBackendServices.listEffectiveTags` `compute.regionBackendServices.listTagBindings` `compute.regionBackendServices.use` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list`

Compute Load Balancer Services User

(roles/compute.loadBalancerServiceUser)

Permissions to use services from a load balancer in other projects.

compute.backendBuckets.get

compute.backendBuckets.list

compute.backendBuckets.listEffectiveTags

compute.backendBuckets.listTagBindings

compute.backendBuckets.use

compute.backendServices.get

compute.backendServices.list

compute.backendServices.listEffectiveTags

compute.backendServices.listTagBindings

compute.backendServices.use

compute.projects.get

compute.regionBackendServices.get

compute.regionBackendServices.list

compute.regionBackendServices.listEffectiveTags

compute.regionBackendServices.listTagBindings

compute.regionBackendServices.use

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Compute Network Admin role

Details Permissions

Details	Permissions
Compute Network Admin (`roles/compute.networkAdmin`) Permissions to create, modify, and delete networking resources, except for firewall rules and SSL certificates. The network admin role allows read-only access to firewall rules, SSL certificates, and instances (to view their ephemeral IP addresses). The network admin role does not allow a user to create, start, stop, or delete instances. For example, if your company has a security team that manages firewalls and SSL certificates and a networking team that manages the rest of the networking resources, then grant this role to the networking team's group. Or, if you have a combined team that manages both security and networking, then grant this role as well as the `roles/compute.securityAdmin` role to the combined team's group. Lowest-level resources where you can grant this role: Instance	`compute.acceleratorTypes.` `compute.acceleratorTypes.get` `compute.acceleratorTypes.list` `compute.addresses.` `compute.addresses.create` `compute.addresses.createInternal` `compute.addresses.createTagBinding` `compute.addresses.delete` `compute.addresses.deleteInternal` `compute.addresses.deleteTagBinding` `compute.addresses.get` `compute.addresses.list` `compute.addresses.listEffectiveTags` `compute.addresses.listTagBindings` `compute.addresses.setLabels` `compute.addresses.use` `compute.addresses.useInternal` `compute.autoscalers.get` `compute.autoscalers.list` `compute.backendBuckets.` `compute.backendBuckets.addSignedUrlKey` `compute.backendBuckets.create` `compute.backendBuckets.createTagBinding` `compute.backendBuckets.delete` `compute.backendBuckets.deleteSignedUrlKey` `compute.backendBuckets.deleteTagBinding` `compute.backendBuckets.get` `compute.backendBuckets.getIamPolicy` `compute.backendBuckets.list` `compute.backendBuckets.listEffectiveTags` `compute.backendBuckets.listTagBindings` `compute.backendBuckets.setIamPolicy` `compute.backendBuckets.setSecurityPolicy` `compute.backendBuckets.update` `compute.backendBuckets.use` `compute.backendServices.` `compute.backendServices.addSignedUrlKey` `compute.backendServices.create` `compute.backendServices.createTagBinding` `compute.backendServices.delete` `compute.backendServices.deleteSignedUrlKey` `compute.backendServices.deleteTagBinding` `compute.backendServices.get` `compute.backendServices.getIamPolicy` `compute.backendServices.list` `compute.backendServices.listEffectiveTags` `compute.backendServices.listTagBindings` `compute.backendServices.setIamPolicy` `compute.backendServices.setSecurityPolicy` `compute.backendServices.update` `compute.backendServices.use` `compute.disks.listEffectiveTags` `compute.disks.listTagBindings` `compute.externalVpnGateways.` `compute.externalVpnGateways.create` `compute.externalVpnGateways.createTagBinding` `compute.externalVpnGateways.delete` `compute.externalVpnGateways.deleteTagBinding` `compute.externalVpnGateways.get` `compute.externalVpnGateways.list` `compute.externalVpnGateways.listEffectiveTags` `compute.externalVpnGateways.listTagBindings` `compute.externalVpnGateways.setLabels` `compute.externalVpnGateways.use` `compute.firewallPolicies.get` `compute.firewallPolicies.list` `compute.firewallPolicies.listEffectiveTags` `compute.firewallPolicies.listTagBindings` `compute.firewallPolicies.use` `compute.firewalls.get` `compute.firewalls.list` `compute.firewalls.listEffectiveTags` `compute.firewalls.listTagBindings` `compute.forwardingRules.` `compute.forwardingRules.create` `compute.forwardingRules.createTagBinding` `compute.forwardingRules.delete` `compute.forwardingRules.deleteTagBinding` `compute.forwardingRules.get` `compute.forwardingRules.list` `compute.forwardingRules.listEffectiveTags` `compute.forwardingRules.listTagBindings` `compute.forwardingRules.pscCreate` `compute.forwardingRules.pscDelete` `compute.forwardingRules.pscSetLabels` `compute.forwardingRules.pscSetTarget` `compute.forwardingRules.pscUpdate` `compute.forwardingRules.setLabels` `compute.forwardingRules.setTarget` `compute.forwardingRules.update` `compute.forwardingRules.use` `compute.globalAddresses.` `compute.globalAddresses.create` `compute.globalAddresses.createInternal` `compute.globalAddresses.createTagBinding` `compute.globalAddresses.delete` `compute.globalAddresses.deleteInternal` `compute.globalAddresses.deleteTagBinding` `compute.globalAddresses.get` `compute.globalAddresses.list` `compute.globalAddresses.listEffectiveTags` `compute.globalAddresses.listTagBindings` `compute.globalAddresses.setLabels` `compute.globalAddresses.use` `compute.globalForwardingRules.` `compute.globalForwardingRules.create` `compute.globalForwardingRules.createTagBinding` `compute.globalForwardingRules.delete` `compute.globalForwardingRules.deleteTagBinding` `compute.globalForwardingRules.get` `compute.globalForwardingRules.list` `compute.globalForwardingRules.listEffectiveTags` `compute.globalForwardingRules.listTagBindings` `compute.globalForwardingRules.pscCreate` `compute.globalForwardingRules.pscDelete` `compute.globalForwardingRules.pscGet` `compute.globalForwardingRules.pscSetLabels` `compute.globalForwardingRules.pscSetTarget` `compute.globalForwardingRules.pscUpdate` `compute.globalForwardingRules.setLabels` `compute.globalForwardingRules.setTarget` `compute.globalForwardingRules.update` `compute.globalNetworkEndpointGroups.get` `compute.globalNetworkEndpointGroups.list` `compute.globalNetworkEndpointGroups.listEffectiveTags` `compute.globalNetworkEndpointGroups.listTagBindings` `compute.globalNetworkEndpointGroups.use` `compute.globalOperations.get` `compute.globalOperations.list` `compute.globalPublicDelegatedPrefixes.delete` `compute.globalPublicDelegatedPrefixes.get` `compute.globalPublicDelegatedPrefixes.list` `compute.globalPublicDelegatedPrefixes.updatePolicy` `compute.healthChecks.` `compute.healthChecks.create` `compute.healthChecks.createTagBinding` `compute.healthChecks.delete` `compute.healthChecks.deleteTagBinding` `compute.healthChecks.get` `compute.healthChecks.list` `compute.healthChecks.listEffectiveTags` `compute.healthChecks.listTagBindings` `compute.healthChecks.update` `compute.healthChecks.use` `compute.healthChecks.useReadOnly` `compute.httpHealthChecks.` `compute.httpHealthChecks.create` `compute.httpHealthChecks.createTagBinding` `compute.httpHealthChecks.delete` `compute.httpHealthChecks.deleteTagBinding` `compute.httpHealthChecks.get` `compute.httpHealthChecks.list` `compute.httpHealthChecks.listEffectiveTags` `compute.httpHealthChecks.listTagBindings` `compute.httpHealthChecks.update` `compute.httpHealthChecks.use` `compute.httpHealthChecks.useReadOnly` `compute.httpsHealthChecks.` `compute.httpsHealthChecks.create` `compute.httpsHealthChecks.createTagBinding` `compute.httpsHealthChecks.delete` `compute.httpsHealthChecks.deleteTagBinding` `compute.httpsHealthChecks.get` `compute.httpsHealthChecks.list` `compute.httpsHealthChecks.listEffectiveTags` `compute.httpsHealthChecks.listTagBindings` `compute.httpsHealthChecks.update` `compute.httpsHealthChecks.use` `compute.httpsHealthChecks.useReadOnly` `compute.images.listEffectiveTags` `compute.images.listTagBindings` `compute.instanceGroupManagers.get` `compute.instanceGroupManagers.list` `compute.instanceGroupManagers.listEffectiveTags` `compute.instanceGroupManagers.listTagBindings` `compute.instanceGroupManagers.update` `compute.instanceGroupManagers.use` `compute.instanceGroups.get` `compute.instanceGroups.list` `compute.instanceGroups.listEffectiveTags` `compute.instanceGroups.listTagBindings` `compute.instanceGroups.update` `compute.instanceGroups.use` `compute.instanceSettings.get` `compute.instances.get` `compute.instances.getGuestAttributes` `compute.instances.getScreenshot` `compute.instances.getSerialPortOutput` `compute.instances.list` `compute.instances.listEffectiveTags` `compute.instances.listReferrers` `compute.instances.listTagBindings` `compute.instances.updateSecurity` `compute.instances.use` `compute.instances.useReadOnly` `compute.interconnectAttachments.` `compute.interconnectAttachments.create` `compute.interconnectAttachments.createTagBinding` `compute.interconnectAttachments.delete` `compute.interconnectAttachments.deleteTagBinding` `compute.interconnectAttachments.get` `compute.interconnectAttachments.list` `compute.interconnectAttachments.listEffectiveTags` `compute.interconnectAttachments.listTagBindings` `compute.interconnectAttachments.setLabels` `compute.interconnectAttachments.update` `compute.interconnectAttachments.use` `compute.interconnectLocations.` `compute.interconnectLocations.get` `compute.interconnectLocations.list` `compute.interconnectRemoteLocations.` `compute.interconnectRemoteLocations.get` `compute.interconnectRemoteLocations.list` `compute.interconnects.` `compute.interconnects.create` `compute.interconnects.createTagBinding` `compute.interconnects.delete` `compute.interconnects.deleteTagBinding` `compute.interconnects.get` `compute.interconnects.getMacsecConfig` `compute.interconnects.list` `compute.interconnects.listEffectiveTags` `compute.interconnects.listTagBindings` `compute.interconnects.setLabels` `compute.interconnects.update` `compute.interconnects.use` `compute.machineTypes.` `compute.machineTypes.get` `compute.machineTypes.list` `compute.networkAttachments.` `compute.networkAttachments.create` `compute.networkAttachments.createTagBinding` `compute.networkAttachments.delete` `compute.networkAttachments.deleteTagBinding` `compute.networkAttachments.get` `compute.networkAttachments.getIamPolicy` `compute.networkAttachments.list` `compute.networkAttachments.listEffectiveTags` `compute.networkAttachments.listTagBindings` `compute.networkAttachments.setIamPolicy` `compute.networkAttachments.update` `compute.networkEndpointGroups.get` `compute.networkEndpointGroups.list` `compute.networkEndpointGroups.listEffectiveTags` `compute.networkEndpointGroups.listTagBindings` `compute.networkEndpointGroups.use` `compute.networkProfiles.` `compute.networkProfiles.get` `compute.networkProfiles.list` `compute.networks.` `compute.networks.access` `compute.networks.addPeering` `compute.networks.create` `compute.networks.createTagBinding` `compute.networks.delete` `compute.networks.deleteTagBinding` `compute.networks.get` `compute.networks.getEffectiveFirewalls` `compute.networks.getRegionEffectiveFirewalls` `compute.networks.list` `compute.networks.listEffectiveTags` `compute.networks.listPeeringRoutes` `compute.networks.listTagBindings` `compute.networks.mirror` `compute.networks.removePeering` `compute.networks.setFirewallPolicy` `compute.networks.switchToCustomMode` `compute.networks.update` `compute.networks.updatePeering` `compute.networks.updatePolicy` `compute.networks.use` `compute.networks.useExternalIp` `compute.packetMirrorings.get` `compute.packetMirrorings.list` `compute.packetMirrorings.listEffectiveTags` `compute.packetMirrorings.listTagBindings` `compute.projects.get` `compute.publicDelegatedPrefixes.delete` `compute.publicDelegatedPrefixes.get` `compute.publicDelegatedPrefixes.list` `compute.publicDelegatedPrefixes.listEffectiveTags` `compute.publicDelegatedPrefixes.listTagBindings` `compute.publicDelegatedPrefixes.update` `compute.publicDelegatedPrefixes.updatePolicy` `compute.regionBackendServices.` `compute.regionBackendServices.create` `compute.regionBackendServices.createTagBinding` `compute.regionBackendServices.delete` `compute.regionBackendServices.deleteTagBinding` `compute.regionBackendServices.get` `compute.regionBackendServices.getIamPolicy` `compute.regionBackendServices.list` `compute.regionBackendServices.listEffectiveTags` `compute.regionBackendServices.listTagBindings` `compute.regionBackendServices.setIamPolicy` `compute.regionBackendServices.setSecurityPolicy` `compute.regionBackendServices.update` `compute.regionBackendServices.use` `compute.regionFirewallPolicies.get` `compute.regionFirewallPolicies.list` `compute.regionFirewallPolicies.listEffectiveTags` `compute.regionFirewallPolicies.listTagBindings` `compute.regionFirewallPolicies.use` `compute.regionHealthCheckServices.` `compute.regionHealthCheckServices.create` `compute.regionHealthCheckServices.delete` `compute.regionHealthCheckServices.get` `compute.regionHealthCheckServices.list` `compute.regionHealthCheckServices.update` `compute.regionHealthCheckServices.use` `compute.regionHealthChecks.` `compute.regionHealthChecks.create` `compute.regionHealthChecks.createTagBinding` `compute.regionHealthChecks.delete` `compute.regionHealthChecks.deleteTagBinding` `compute.regionHealthChecks.get` `compute.regionHealthChecks.list` `compute.regionHealthChecks.listEffectiveTags` `compute.regionHealthChecks.listTagBindings` `compute.regionHealthChecks.update` `compute.regionHealthChecks.use` `compute.regionHealthChecks.useReadOnly` `compute.regionNetworkEndpointGroups.get` `compute.regionNetworkEndpointGroups.list` `compute.regionNetworkEndpointGroups.listEffectiveTags` `compute.regionNetworkEndpointGroups.listTagBindings` `compute.regionNetworkEndpointGroups.use` `compute.regionNotificationEndpoints.` `compute.regionNotificationEndpoints.create` `compute.regionNotificationEndpoints.delete` `compute.regionNotificationEndpoints.get` `compute.regionNotificationEndpoints.list` `compute.regionNotificationEndpoints.update` `compute.regionNotificationEndpoints.use` `compute.regionOperations.get` `compute.regionOperations.list` `compute.regionSecurityPolicies.get` `compute.regionSecurityPolicies.list` `compute.regionSecurityPolicies.listEffectiveTags` `compute.regionSecurityPolicies.listTagBindings` `compute.regionSecurityPolicies.use` `compute.regionSslCertificates.get` `compute.regionSslCertificates.list` `compute.regionSslCertificates.listEffectiveTags` `compute.regionSslCertificates.listTagBindings` `compute.regionSslPolicies.` `compute.regionSslPolicies.create` `compute.regionSslPolicies.createTagBinding` `compute.regionSslPolicies.delete` `compute.regionSslPolicies.deleteTagBinding` `compute.regionSslPolicies.get` `compute.regionSslPolicies.list` `compute.regionSslPolicies.listAvailableFeatures` `compute.regionSslPolicies.listEffectiveTags` `compute.regionSslPolicies.listTagBindings` `compute.regionSslPolicies.update` `compute.regionSslPolicies.use` `compute.regionTargetHttpProxies.` `compute.regionTargetHttpProxies.create` `compute.regionTargetHttpProxies.createTagBinding` `compute.regionTargetHttpProxies.delete` `compute.regionTargetHttpProxies.deleteTagBinding` `compute.regionTargetHttpProxies.get` `compute.regionTargetHttpProxies.list` `compute.regionTargetHttpProxies.listEffectiveTags` `compute.regionTargetHttpProxies.listTagBindings` `compute.regionTargetHttpProxies.setUrlMap` `compute.regionTargetHttpProxies.use` `compute.regionTargetHttpsProxies.` `compute.regionTargetHttpsProxies.create` `compute.regionTargetHttpsProxies.createTagBinding` `compute.regionTargetHttpsProxies.delete` `compute.regionTargetHttpsProxies.deleteTagBinding` `compute.regionTargetHttpsProxies.get` `compute.regionTargetHttpsProxies.list` `compute.regionTargetHttpsProxies.listEffectiveTags` `compute.regionTargetHttpsProxies.listTagBindings` `compute.regionTargetHttpsProxies.setSslCertificates` `compute.regionTargetHttpsProxies.setUrlMap` `compute.regionTargetHttpsProxies.update` `compute.regionTargetHttpsProxies.use` `compute.regionTargetTcpProxies.` `compute.regionTargetTcpProxies.create` `compute.regionTargetTcpProxies.createTagBinding` `compute.regionTargetTcpProxies.delete` `compute.regionTargetTcpProxies.deleteTagBinding` `compute.regionTargetTcpProxies.get` `compute.regionTargetTcpProxies.list` `compute.regionTargetTcpProxies.listEffectiveTags` `compute.regionTargetTcpProxies.listTagBindings` `compute.regionTargetTcpProxies.use` `compute.regionUrlMaps.` `compute.regionUrlMaps.create` `compute.regionUrlMaps.createTagBinding` `compute.regionUrlMaps.delete` `compute.regionUrlMaps.deleteTagBinding` `compute.regionUrlMaps.get` `compute.regionUrlMaps.invalidateCache` `compute.regionUrlMaps.list` `compute.regionUrlMaps.listEffectiveTags` `compute.regionUrlMaps.listTagBindings` `compute.regionUrlMaps.update` `compute.regionUrlMaps.use` `compute.regionUrlMaps.validate` `compute.regions.` `compute.regions.get` `compute.regions.list` `compute.routers.` `compute.routers.create` `compute.routers.createTagBinding` `compute.routers.delete` `compute.routers.deleteRoutePolicy` `compute.routers.deleteTagBinding` `compute.routers.get` `compute.routers.getRoutePolicy` `compute.routers.list` `compute.routers.listBgpRoutes` `compute.routers.listEffectiveTags` `compute.routers.listRoutePolicies` `compute.routers.listTagBindings` `compute.routers.update` `compute.routers.updateRoutePolicy` `compute.routers.use` `compute.routes.` `compute.routes.create` `compute.routes.createTagBinding` `compute.routes.delete` `compute.routes.deleteTagBinding` `compute.routes.get` `compute.routes.list` `compute.routes.listEffectiveTags` `compute.routes.listTagBindings` `compute.securityPolicies.get` `compute.securityPolicies.list` `compute.securityPolicies.listEffectiveTags` `compute.securityPolicies.listTagBindings` `compute.securityPolicies.use` `compute.serviceAttachments.` `compute.serviceAttachments.create` `compute.serviceAttachments.createTagBinding` `compute.serviceAttachments.delete` `compute.serviceAttachments.deleteTagBinding` `compute.serviceAttachments.get` `compute.serviceAttachments.getIamPolicy` `compute.serviceAttachments.list` `compute.serviceAttachments.listEffectiveTags` `compute.serviceAttachments.listTagBindings` `compute.serviceAttachments.setIamPolicy` `compute.serviceAttachments.update` `compute.serviceAttachments.use` `compute.snapshots.listEffectiveTags` `compute.snapshots.listTagBindings` `compute.sslCertificates.get` `compute.sslCertificates.list` `compute.sslCertificates.listEffectiveTags` `compute.sslCertificates.listTagBindings` `compute.sslPolicies.` `compute.sslPolicies.create` `compute.sslPolicies.createTagBinding` `compute.sslPolicies.delete` `compute.sslPolicies.deleteTagBinding` `compute.sslPolicies.get` `compute.sslPolicies.list` `compute.sslPolicies.listAvailableFeatures` `compute.sslPolicies.listEffectiveTags` `compute.sslPolicies.listTagBindings` `compute.sslPolicies.update` `compute.sslPolicies.use` `compute.subnetworks.` `compute.subnetworks.create` `compute.subnetworks.createTagBinding` `compute.subnetworks.delete` `compute.subnetworks.deleteTagBinding` `compute.subnetworks.expandIpCidrRange` `compute.subnetworks.get` `compute.subnetworks.getIamPolicy` `compute.subnetworks.list` `compute.subnetworks.listEffectiveTags` `compute.subnetworks.listTagBindings` `compute.subnetworks.mirror` `compute.subnetworks.setIamPolicy` `compute.subnetworks.setPrivateIpGoogleAccess` `compute.subnetworks.update` `compute.subnetworks.use` `compute.subnetworks.useExternalIp` `compute.targetGrpcProxies.` `compute.targetGrpcProxies.create` `compute.targetGrpcProxies.createTagBinding` `compute.targetGrpcProxies.delete` `compute.targetGrpcProxies.deleteTagBinding` `compute.targetGrpcProxies.get` `compute.targetGrpcProxies.list` `compute.targetGrpcProxies.listEffectiveTags` `compute.targetGrpcProxies.listTagBindings` `compute.targetGrpcProxies.update` `compute.targetGrpcProxies.use` `compute.targetHttpProxies.` `compute.targetHttpProxies.create` `compute.targetHttpProxies.createTagBinding` `compute.targetHttpProxies.delete` `compute.targetHttpProxies.deleteTagBinding` `compute.targetHttpProxies.get` `compute.targetHttpProxies.list` `compute.targetHttpProxies.listEffectiveTags` `compute.targetHttpProxies.listTagBindings` `compute.targetHttpProxies.setUrlMap` `compute.targetHttpProxies.update` `compute.targetHttpProxies.use` `compute.targetHttpsProxies.` `compute.targetHttpsProxies.create` `compute.targetHttpsProxies.createTagBinding` `compute.targetHttpsProxies.delete` `compute.targetHttpsProxies.deleteTagBinding` `compute.targetHttpsProxies.get` `compute.targetHttpsProxies.list` `compute.targetHttpsProxies.listEffectiveTags` `compute.targetHttpsProxies.listTagBindings` `compute.targetHttpsProxies.setCertificateMap` `compute.targetHttpsProxies.setQuicOverride` `compute.targetHttpsProxies.setSslCertificates` `compute.targetHttpsProxies.setSslPolicy` `compute.targetHttpsProxies.setUrlMap` `compute.targetHttpsProxies.update` `compute.targetHttpsProxies.use` `compute.targetInstances.` `compute.targetInstances.create` `compute.targetInstances.createTagBinding` `compute.targetInstances.delete` `compute.targetInstances.deleteTagBinding` `compute.targetInstances.get` `compute.targetInstances.list` `compute.targetInstances.listEffectiveTags` `compute.targetInstances.listTagBindings` `compute.targetInstances.setSecurityPolicy` `compute.targetInstances.use` `compute.targetPools.` `compute.targetPools.addHealthCheck` `compute.targetPools.addInstance` `compute.targetPools.create` `compute.targetPools.createTagBinding` `compute.targetPools.delete` `compute.targetPools.deleteTagBinding` `compute.targetPools.get` `compute.targetPools.list` `compute.targetPools.listEffectiveTags` `compute.targetPools.listTagBindings` `compute.targetPools.removeHealthCheck` `compute.targetPools.removeInstance` `compute.targetPools.setSecurityPolicy` `compute.targetPools.update` `compute.targetPools.use` `compute.targetSslProxies.` `compute.targetSslProxies.create` `compute.targetSslProxies.createTagBinding` `compute.targetSslProxies.delete` `compute.targetSslProxies.deleteTagBinding` `compute.targetSslProxies.get` `compute.targetSslProxies.list` `compute.targetSslProxies.listEffectiveTags` `compute.targetSslProxies.listTagBindings` `compute.targetSslProxies.setBackendService` `compute.targetSslProxies.setCertificateMap` `compute.targetSslProxies.setProxyHeader` `compute.targetSslProxies.setSslCertificates` `compute.targetSslProxies.setSslPolicy` `compute.targetSslProxies.update` `compute.targetSslProxies.use` `compute.targetTcpProxies.` `compute.targetTcpProxies.create` `compute.targetTcpProxies.createTagBinding` `compute.targetTcpProxies.delete` `compute.targetTcpProxies.deleteTagBinding` `compute.targetTcpProxies.get` `compute.targetTcpProxies.list` `compute.targetTcpProxies.listEffectiveTags` `compute.targetTcpProxies.listTagBindings` `compute.targetTcpProxies.update` `compute.targetTcpProxies.use` `compute.targetVpnGateways.` `compute.targetVpnGateways.create` `compute.targetVpnGateways.createTagBinding` `compute.targetVpnGateways.delete` `compute.targetVpnGateways.deleteTagBinding` `compute.targetVpnGateways.get` `compute.targetVpnGateways.list` `compute.targetVpnGateways.listEffectiveTags` `compute.targetVpnGateways.listTagBindings` `compute.targetVpnGateways.setLabels` `compute.targetVpnGateways.use` `compute.urlMaps.` `compute.urlMaps.create` `compute.urlMaps.createTagBinding` `compute.urlMaps.delete` `compute.urlMaps.deleteTagBinding` `compute.urlMaps.get` `compute.urlMaps.invalidateCache` `compute.urlMaps.list` `compute.urlMaps.listEffectiveTags` `compute.urlMaps.listTagBindings` `compute.urlMaps.update` `compute.urlMaps.use` `compute.urlMaps.validate` `compute.vpnGateways.` `compute.vpnGateways.create` `compute.vpnGateways.createTagBinding` `compute.vpnGateways.delete` `compute.vpnGateways.deleteTagBinding` `compute.vpnGateways.get` `compute.vpnGateways.list` `compute.vpnGateways.listEffectiveTags` `compute.vpnGateways.listTagBindings` `compute.vpnGateways.setLabels` `compute.vpnGateways.use` `compute.vpnTunnels.` `compute.vpnTunnels.create` `compute.vpnTunnels.createTagBinding` `compute.vpnTunnels.delete` `compute.vpnTunnels.deleteTagBinding` `compute.vpnTunnels.get` `compute.vpnTunnels.list` `compute.vpnTunnels.listEffectiveTags` `compute.vpnTunnels.listTagBindings` `compute.vpnTunnels.setLabels` `compute.zoneOperations.get` `compute.zoneOperations.list` `compute.zones.` `compute.zones.get` `compute.zones.list` `networkconnectivity.internalRanges.` `networkconnectivity.internalRanges.create` `networkconnectivity.internalRanges.delete` `networkconnectivity.internalRanges.get` `networkconnectivity.internalRanges.getIamPolicy` `networkconnectivity.internalRanges.list` `networkconnectivity.internalRanges.setIamPolicy` `networkconnectivity.internalRanges.update` `networkconnectivity.locations.` `networkconnectivity.locations.get` `networkconnectivity.locations.list` `networkconnectivity.operations.` `networkconnectivity.operations.cancel` `networkconnectivity.operations.delete` `networkconnectivity.operations.get` `networkconnectivity.operations.list` `networkconnectivity.policyBasedRoutes.` `networkconnectivity.policyBasedRoutes.create` `networkconnectivity.policyBasedRoutes.delete` `networkconnectivity.policyBasedRoutes.get` `networkconnectivity.policyBasedRoutes.getIamPolicy` `networkconnectivity.policyBasedRoutes.list` `networkconnectivity.policyBasedRoutes.setIamPolicy` `networkconnectivity.regionalEndpoints.` `networkconnectivity.regionalEndpoints.create` `networkconnectivity.regionalEndpoints.delete` `networkconnectivity.regionalEndpoints.get` `networkconnectivity.regionalEndpoints.list` `networkconnectivity.serviceClasses.` `networkconnectivity.serviceClasses.create` `networkconnectivity.serviceClasses.delete` `networkconnectivity.serviceClasses.get` `networkconnectivity.serviceClasses.list` `networkconnectivity.serviceClasses.update` `networkconnectivity.serviceClasses.use` `networkconnectivity.serviceConnectionMaps.` `networkconnectivity.serviceConnectionMaps.create` `networkconnectivity.serviceConnectionMaps.delete` `networkconnectivity.serviceConnectionMaps.get` `networkconnectivity.serviceConnectionMaps.list` `networkconnectivity.serviceConnectionMaps.update` `networkconnectivity.serviceConnectionPolicies.` `networkconnectivity.serviceConnectionPolicies.create` `networkconnectivity.serviceConnectionPolicies.delete` `networkconnectivity.serviceConnectionPolicies.get` `networkconnectivity.serviceConnectionPolicies.list` `networkconnectivity.serviceConnectionPolicies.update` `networkmanagement.connectivitytests.get` `networkmanagement.connectivitytests.list` `networksecurity.addressGroups.` `networksecurity.addressGroups.create` `networksecurity.addressGroups.delete` `networksecurity.addressGroups.get` `networksecurity.addressGroups.getIamPolicy` `networksecurity.addressGroups.list` `networksecurity.addressGroups.setIamPolicy` `networksecurity.addressGroups.update` `networksecurity.addressGroups.use` `networksecurity.authorizationPolicies.` `networksecurity.authorizationPolicies.create` `networksecurity.authorizationPolicies.delete` `networksecurity.authorizationPolicies.get` `networksecurity.authorizationPolicies.getIamPolicy` `networksecurity.authorizationPolicies.list` `networksecurity.authorizationPolicies.setIamPolicy` `networksecurity.authorizationPolicies.update` `networksecurity.authorizationPolicies.use` `networksecurity.authzPolicies.` `networksecurity.authzPolicies.create` `networksecurity.authzPolicies.delete` `networksecurity.authzPolicies.get` `networksecurity.authzPolicies.getIamPolicy` `networksecurity.authzPolicies.list` `networksecurity.authzPolicies.setIamPolicy` `networksecurity.authzPolicies.update` `networksecurity.clientTlsPolicies.` `networksecurity.clientTlsPolicies.create` `networksecurity.clientTlsPolicies.delete` `networksecurity.clientTlsPolicies.get` `networksecurity.clientTlsPolicies.getIamPolicy` `networksecurity.clientTlsPolicies.list` `networksecurity.clientTlsPolicies.setIamPolicy` `networksecurity.clientTlsPolicies.update` `networksecurity.clientTlsPolicies.use` `networksecurity.firewallEndpointAssociations.` `networksecurity.firewallEndpointAssociations.create` `networksecurity.firewallEndpointAssociations.delete` `networksecurity.firewallEndpointAssociations.get` `networksecurity.firewallEndpointAssociations.list` `networksecurity.firewallEndpointAssociations.update` `networksecurity.firewallEndpoints.` `networksecurity.firewallEndpoints.create` `networksecurity.firewallEndpoints.delete` `networksecurity.firewallEndpoints.get` `networksecurity.firewallEndpoints.list` `networksecurity.firewallEndpoints.update` `networksecurity.firewallEndpoints.use` `networksecurity.gatewaySecurityPolicies.` `networksecurity.gatewaySecurityPolicies.create` `networksecurity.gatewaySecurityPolicies.delete` `networksecurity.gatewaySecurityPolicies.get` `networksecurity.gatewaySecurityPolicies.list` `networksecurity.gatewaySecurityPolicies.update` `networksecurity.gatewaySecurityPolicies.use` `networksecurity.gatewaySecurityPolicyRules.` `networksecurity.gatewaySecurityPolicyRules.create` `networksecurity.gatewaySecurityPolicyRules.delete` `networksecurity.gatewaySecurityPolicyRules.get` `networksecurity.gatewaySecurityPolicyRules.list` `networksecurity.gatewaySecurityPolicyRules.update` `networksecurity.gatewaySecurityPolicyRules.use` `networksecurity.locations.` `networksecurity.locations.get` `networksecurity.locations.list` `networksecurity.operations.` `networksecurity.operations.cancel` `networksecurity.operations.delete` `networksecurity.operations.get` `networksecurity.operations.list` `networksecurity.securityProfileGroups.` `networksecurity.securityProfileGroups.create` `networksecurity.securityProfileGroups.delete` `networksecurity.securityProfileGroups.get` `networksecurity.securityProfileGroups.list` `networksecurity.securityProfileGroups.update` `networksecurity.securityProfileGroups.use` `networksecurity.securityProfiles.` `networksecurity.securityProfiles.create` `networksecurity.securityProfiles.delete` `networksecurity.securityProfiles.get` `networksecurity.securityProfiles.list` `networksecurity.securityProfiles.update` `networksecurity.securityProfiles.use` `networksecurity.serverTlsPolicies.` `networksecurity.serverTlsPolicies.create` `networksecurity.serverTlsPolicies.delete` `networksecurity.serverTlsPolicies.get` `networksecurity.serverTlsPolicies.getIamPolicy` `networksecurity.serverTlsPolicies.list` `networksecurity.serverTlsPolicies.setIamPolicy` `networksecurity.serverTlsPolicies.update` `networksecurity.serverTlsPolicies.use` `networksecurity.tlsInspectionPolicies.` `networksecurity.tlsInspectionPolicies.create` `networksecurity.tlsInspectionPolicies.delete` `networksecurity.tlsInspectionPolicies.get` `networksecurity.tlsInspectionPolicies.list` `networksecurity.tlsInspectionPolicies.update` `networksecurity.tlsInspectionPolicies.use` `networksecurity.urlLists.` `networksecurity.urlLists.create` `networksecurity.urlLists.delete` `networksecurity.urlLists.get` `networksecurity.urlLists.list` `networksecurity.urlLists.update` `networksecurity.urlLists.use` `networkservices.` `networkservices.authzExtensions.create` `networkservices.authzExtensions.delete` `networkservices.authzExtensions.get` `networkservices.authzExtensions.list` `networkservices.authzExtensions.update` `networkservices.authzExtensions.use` `networkservices.endpointPolicies.create` `networkservices.endpointPolicies.delete` `networkservices.endpointPolicies.get` `networkservices.endpointPolicies.list` `networkservices.endpointPolicies.update` `networkservices.gateways.create` `networkservices.gateways.delete` `networkservices.gateways.get` `networkservices.gateways.list` `networkservices.gateways.update` `networkservices.gateways.use` `networkservices.grpcRoutes.create` `networkservices.grpcRoutes.delete` `networkservices.grpcRoutes.get` `networkservices.grpcRoutes.list` `networkservices.grpcRoutes.update` `networkservices.httpFilters.create` `networkservices.httpFilters.delete` `networkservices.httpFilters.get` `networkservices.httpFilters.list` `networkservices.httpFilters.update` `networkservices.httpRoutes.create` `networkservices.httpRoutes.delete` `networkservices.httpRoutes.get` `networkservices.httpRoutes.list` `networkservices.httpRoutes.update` `networkservices.httpfilters.create` `networkservices.httpfilters.delete` `networkservices.httpfilters.get` `networkservices.httpfilters.getIamPolicy` `networkservices.httpfilters.list` `networkservices.httpfilters.setIamPolicy` `networkservices.httpfilters.update` `networkservices.httpfilters.use` `networkservices.lbRouteExtensions.create` `networkservices.lbRouteExtensions.delete` `networkservices.lbRouteExtensions.get` `networkservices.lbRouteExtensions.list` `networkservices.lbRouteExtensions.update` `networkservices.lbTrafficExtensions.create` `networkservices.lbTrafficExtensions.delete` `networkservices.lbTrafficExtensions.get` `networkservices.lbTrafficExtensions.list` `networkservices.lbTrafficExtensions.update` `networkservices.locations.get` `networkservices.locations.list` `networkservices.meshes.create` `networkservices.meshes.delete` `networkservices.meshes.get` `networkservices.meshes.list` `networkservices.meshes.update` `networkservices.meshes.use` `networkservices.operations.cancel` `networkservices.operations.delete` `networkservices.operations.get` `networkservices.operations.list` `networkservices.route_views.get` `networkservices.route_views.list` `networkservices.serviceBindings.create` `networkservices.serviceBindings.delete` `networkservices.serviceBindings.get` `networkservices.serviceBindings.list` `networkservices.serviceBindings.update` `networkservices.serviceLbPolicies.create` `networkservices.serviceLbPolicies.delete` `networkservices.serviceLbPolicies.get` `networkservices.serviceLbPolicies.list` `networkservices.serviceLbPolicies.update` `networkservices.tcpRoutes.create` `networkservices.tcpRoutes.delete` `networkservices.tcpRoutes.get` `networkservices.tcpRoutes.list` `networkservices.tcpRoutes.update` `networkservices.tlsRoutes.create` `networkservices.tlsRoutes.delete` `networkservices.tlsRoutes.get` `networkservices.tlsRoutes.list` `networkservices.tlsRoutes.update` `networkservices.wasmPlugins.create` `networkservices.wasmPlugins.delete` `networkservices.wasmPlugins.get` `networkservices.wasmPlugins.list` `networkservices.wasmPlugins.update` `networkservices.wasmPlugins.use` `resourcemanager.projects.get` `resourcemanager.projects.list` `servicedirectory.namespaces.create` `servicedirectory.namespaces.delete` `servicedirectory.services.create` `servicedirectory.services.delete` `servicenetworking.operations.get` `servicenetworking.services.addPeering` `servicenetworking.services.createPeeredDnsDomain` `servicenetworking.services.deleteConnection` `servicenetworking.services.deletePeeredDnsDomain` `servicenetworking.services.disableVpcServiceControls` `servicenetworking.services.enableVpcServiceControls` `servicenetworking.services.get` `servicenetworking.services.listPeeredDnsDomains` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `trafficdirector.*` `trafficdirector.networks.getConfigs` `trafficdirector.networks.reportMetrics`

Compute Network Admin

(roles/compute.networkAdmin)

Permissions to create, modify, and delete networking resources, except for firewall rules and SSL certificates. The network admin role allows read-only access to firewall rules, SSL certificates, and instances (to view their ephemeral IP addresses). The network admin role does not allow a user to create, start, stop, or delete instances.

For example, if your company has a security team that manages firewalls and SSL certificates and a networking team that manages the rest of the networking resources, then grant this role to the networking team's group. Or, if you have a combined team that manages both security and networking, then grant this role as well as the roles/compute.securityAdmin role to the combined team's group.

Lowest-level resources where you can grant this role:

Instance

compute.acceleratorTypes.*

compute.acceleratorTypes.get
compute.acceleratorTypes.list

compute.addresses.*

compute.addresses.create
compute.addresses.createInternal
compute.addresses.createTagBinding
compute.addresses.delete
compute.addresses.deleteInternal
compute.addresses.deleteTagBinding
compute.addresses.get
compute.addresses.list
compute.addresses.listEffectiveTags
compute.addresses.listTagBindings
compute.addresses.setLabels
compute.addresses.use
compute.addresses.useInternal

compute.autoscalers.get

compute.autoscalers.list

compute.backendBuckets.*

compute.backendBuckets.addSignedUrlKey
compute.backendBuckets.create
compute.backendBuckets.createTagBinding
compute.backendBuckets.delete
compute.backendBuckets.deleteSignedUrlKey
compute.backendBuckets.deleteTagBinding
compute.backendBuckets.get
compute.backendBuckets.getIamPolicy
compute.backendBuckets.list
compute.backendBuckets.listEffectiveTags
compute.backendBuckets.listTagBindings
compute.backendBuckets.setIamPolicy
compute.backendBuckets.setSecurityPolicy
compute.backendBuckets.update
compute.backendBuckets.use

compute.backendServices.*

compute.backendServices.addSignedUrlKey
compute.backendServices.create
compute.backendServices.createTagBinding
compute.backendServices.delete
compute.backendServices.deleteSignedUrlKey
compute.backendServices.deleteTagBinding
compute.backendServices.get
compute.backendServices.getIamPolicy
compute.backendServices.list
compute.backendServices.listEffectiveTags
compute.backendServices.listTagBindings
compute.backendServices.setIamPolicy
compute.backendServices.setSecurityPolicy
compute.backendServices.update
compute.backendServices.use

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.externalVpnGateways.*

compute.externalVpnGateways.create
compute.externalVpnGateways.createTagBinding
compute.externalVpnGateways.delete
compute.externalVpnGateways.deleteTagBinding
compute.externalVpnGateways.get
compute.externalVpnGateways.list
compute.externalVpnGateways.listEffectiveTags
compute.externalVpnGateways.listTagBindings
compute.externalVpnGateways.setLabels
compute.externalVpnGateways.use

compute.firewallPolicies.get

compute.firewallPolicies.list

compute.firewallPolicies.listEffectiveTags

compute.firewallPolicies.listTagBindings

compute.firewallPolicies.use

compute.firewalls.get

compute.firewalls.list

compute.firewalls.listEffectiveTags

compute.firewalls.listTagBindings

compute.forwardingRules.*

compute.forwardingRules.create
compute.forwardingRules.createTagBinding
compute.forwardingRules.delete
compute.forwardingRules.deleteTagBinding
compute.forwardingRules.get
compute.forwardingRules.list
compute.forwardingRules.listEffectiveTags
compute.forwardingRules.listTagBindings
compute.forwardingRules.pscCreate
compute.forwardingRules.pscDelete
compute.forwardingRules.pscSetLabels
compute.forwardingRules.pscSetTarget
compute.forwardingRules.pscUpdate
compute.forwardingRules.setLabels
compute.forwardingRules.setTarget
compute.forwardingRules.update
compute.forwardingRules.use

compute.globalAddresses.*

compute.globalAddresses.create
compute.globalAddresses.createInternal
compute.globalAddresses.createTagBinding
compute.globalAddresses.delete
compute.globalAddresses.deleteInternal
compute.globalAddresses.deleteTagBinding
compute.globalAddresses.get
compute.globalAddresses.list
compute.globalAddresses.listEffectiveTags
compute.globalAddresses.listTagBindings
compute.globalAddresses.setLabels
compute.globalAddresses.use

compute.globalForwardingRules.*

compute.globalForwardingRules.create
compute.globalForwardingRules.createTagBinding
compute.globalForwardingRules.delete
compute.globalForwardingRules.deleteTagBinding
compute.globalForwardingRules.get
compute.globalForwardingRules.list
compute.globalForwardingRules.listEffectiveTags
compute.globalForwardingRules.listTagBindings
compute.globalForwardingRules.pscCreate
compute.globalForwardingRules.pscDelete
compute.globalForwardingRules.pscGet
compute.globalForwardingRules.pscSetLabels
compute.globalForwardingRules.pscSetTarget
compute.globalForwardingRules.pscUpdate
compute.globalForwardingRules.setLabels
compute.globalForwardingRules.setTarget
compute.globalForwardingRules.update

compute.globalNetworkEndpointGroups.get

compute.globalNetworkEndpointGroups.list

compute.globalNetworkEndpointGroups.listEffectiveTags

compute.globalNetworkEndpointGroups.listTagBindings

compute.globalNetworkEndpointGroups.use

compute.globalOperations.get

compute.globalOperations.list

compute.globalPublicDelegatedPrefixes.delete

compute.globalPublicDelegatedPrefixes.get

compute.globalPublicDelegatedPrefixes.list

compute.globalPublicDelegatedPrefixes.updatePolicy

compute.healthChecks.*

compute.healthChecks.create
compute.healthChecks.createTagBinding
compute.healthChecks.delete
compute.healthChecks.deleteTagBinding
compute.healthChecks.get
compute.healthChecks.list
compute.healthChecks.listEffectiveTags
compute.healthChecks.listTagBindings
compute.healthChecks.update
compute.healthChecks.use
compute.healthChecks.useReadOnly

compute.httpHealthChecks.*

compute.httpHealthChecks.create
compute.httpHealthChecks.createTagBinding
compute.httpHealthChecks.delete
compute.httpHealthChecks.deleteTagBinding
compute.httpHealthChecks.get
compute.httpHealthChecks.list
compute.httpHealthChecks.listEffectiveTags
compute.httpHealthChecks.listTagBindings
compute.httpHealthChecks.update
compute.httpHealthChecks.use
compute.httpHealthChecks.useReadOnly

compute.httpsHealthChecks.*

compute.httpsHealthChecks.create
compute.httpsHealthChecks.createTagBinding
compute.httpsHealthChecks.delete
compute.httpsHealthChecks.deleteTagBinding
compute.httpsHealthChecks.get
compute.httpsHealthChecks.list
compute.httpsHealthChecks.listEffectiveTags
compute.httpsHealthChecks.listTagBindings
compute.httpsHealthChecks.update
compute.httpsHealthChecks.use
compute.httpsHealthChecks.useReadOnly

compute.images.listEffectiveTags

compute.images.listTagBindings

compute.instanceGroupManagers.get

compute.instanceGroupManagers.list

compute.instanceGroupManagers.listEffectiveTags

compute.instanceGroupManagers.listTagBindings

compute.instanceGroupManagers.update

compute.instanceGroupManagers.use

compute.instanceGroups.get

compute.instanceGroups.list

compute.instanceGroups.listEffectiveTags

compute.instanceGroups.listTagBindings

compute.instanceGroups.update

compute.instanceGroups.use

compute.instanceSettings.get

compute.instances.get

compute.instances.getGuestAttributes

compute.instances.getScreenshot

compute.instances.getSerialPortOutput

compute.instances.list

compute.instances.listEffectiveTags

compute.instances.listReferrers

compute.instances.listTagBindings

compute.instances.updateSecurity

compute.instances.use

compute.instances.useReadOnly

compute.interconnectAttachments.*

compute.interconnectAttachments.create
compute.interconnectAttachments.createTagBinding
compute.interconnectAttachments.delete
compute.interconnectAttachments.deleteTagBinding
compute.interconnectAttachments.get
compute.interconnectAttachments.list
compute.interconnectAttachments.listEffectiveTags
compute.interconnectAttachments.listTagBindings
compute.interconnectAttachments.setLabels
compute.interconnectAttachments.update
compute.interconnectAttachments.use

compute.interconnectLocations.*

compute.interconnectLocations.get
compute.interconnectLocations.list

compute.interconnectRemoteLocations.*

compute.interconnectRemoteLocations.get
compute.interconnectRemoteLocations.list

compute.interconnects.*

compute.interconnects.create
compute.interconnects.createTagBinding
compute.interconnects.delete
compute.interconnects.deleteTagBinding
compute.interconnects.get
compute.interconnects.getMacsecConfig
compute.interconnects.list
compute.interconnects.listEffectiveTags
compute.interconnects.listTagBindings
compute.interconnects.setLabels
compute.interconnects.update
compute.interconnects.use

compute.machineTypes.*

compute.machineTypes.get
compute.machineTypes.list

compute.networkAttachments.*

compute.networkAttachments.create
compute.networkAttachments.createTagBinding
compute.networkAttachments.delete
compute.networkAttachments.deleteTagBinding
compute.networkAttachments.get
compute.networkAttachments.getIamPolicy
compute.networkAttachments.list
compute.networkAttachments.listEffectiveTags
compute.networkAttachments.listTagBindings
compute.networkAttachments.setIamPolicy
compute.networkAttachments.update

compute.networkEndpointGroups.get

compute.networkEndpointGroups.list

compute.networkEndpointGroups.listEffectiveTags

compute.networkEndpointGroups.listTagBindings

compute.networkEndpointGroups.use

compute.networkProfiles.*

compute.networkProfiles.get
compute.networkProfiles.list

compute.networks.*

compute.networks.access
compute.networks.addPeering
compute.networks.create
compute.networks.createTagBinding
compute.networks.delete
compute.networks.deleteTagBinding
compute.networks.get
compute.networks.getEffectiveFirewalls
compute.networks.getRegionEffectiveFirewalls
compute.networks.list
compute.networks.listEffectiveTags
compute.networks.listPeeringRoutes
compute.networks.listTagBindings
compute.networks.mirror
compute.networks.removePeering
compute.networks.setFirewallPolicy
compute.networks.switchToCustomMode
compute.networks.update
compute.networks.updatePeering
compute.networks.updatePolicy
compute.networks.use
compute.networks.useExternalIp

compute.packetMirrorings.get

compute.packetMirrorings.list

compute.packetMirrorings.listEffectiveTags

compute.packetMirrorings.listTagBindings

compute.projects.get

compute.publicDelegatedPrefixes.delete

compute.publicDelegatedPrefixes.get

compute.publicDelegatedPrefixes.list

compute.publicDelegatedPrefixes.listEffectiveTags

compute.publicDelegatedPrefixes.listTagBindings

compute.publicDelegatedPrefixes.update

compute.publicDelegatedPrefixes.updatePolicy

compute.regionBackendServices.*

compute.regionBackendServices.create
compute.regionBackendServices.createTagBinding
compute.regionBackendServices.delete
compute.regionBackendServices.deleteTagBinding
compute.regionBackendServices.get
compute.regionBackendServices.getIamPolicy
compute.regionBackendServices.list
compute.regionBackendServices.listEffectiveTags
compute.regionBackendServices.listTagBindings
compute.regionBackendServices.setIamPolicy
compute.regionBackendServices.setSecurityPolicy
compute.regionBackendServices.update
compute.regionBackendServices.use

compute.regionFirewallPolicies.get

compute.regionFirewallPolicies.list

compute.regionFirewallPolicies.listEffectiveTags

compute.regionFirewallPolicies.listTagBindings

compute.regionFirewallPolicies.use

compute.regionHealthCheckServices.*

compute.regionHealthCheckServices.create
compute.regionHealthCheckServices.delete
compute.regionHealthCheckServices.get
compute.regionHealthCheckServices.list
compute.regionHealthCheckServices.update
compute.regionHealthCheckServices.use

compute.regionHealthChecks.*

compute.regionHealthChecks.create
compute.regionHealthChecks.createTagBinding
compute.regionHealthChecks.delete
compute.regionHealthChecks.deleteTagBinding
compute.regionHealthChecks.get
compute.regionHealthChecks.list
compute.regionHealthChecks.listEffectiveTags
compute.regionHealthChecks.listTagBindings
compute.regionHealthChecks.update
compute.regionHealthChecks.use
compute.regionHealthChecks.useReadOnly

compute.regionNetworkEndpointGroups.get

compute.regionNetworkEndpointGroups.list

compute.regionNetworkEndpointGroups.listEffectiveTags

compute.regionNetworkEndpointGroups.listTagBindings

compute.regionNetworkEndpointGroups.use

compute.regionNotificationEndpoints.*

compute.regionNotificationEndpoints.create
compute.regionNotificationEndpoints.delete
compute.regionNotificationEndpoints.get
compute.regionNotificationEndpoints.list
compute.regionNotificationEndpoints.update
compute.regionNotificationEndpoints.use

compute.regionOperations.get

compute.regionOperations.list

compute.regionSecurityPolicies.get

compute.regionSecurityPolicies.list

compute.regionSecurityPolicies.listEffectiveTags

compute.regionSecurityPolicies.listTagBindings

compute.regionSecurityPolicies.use

compute.regionSslCertificates.get

compute.regionSslCertificates.list

compute.regionSslCertificates.listEffectiveTags

compute.regionSslCertificates.listTagBindings

compute.regionSslPolicies.*

compute.regionSslPolicies.create
compute.regionSslPolicies.createTagBinding
compute.regionSslPolicies.delete
compute.regionSslPolicies.deleteTagBinding
compute.regionSslPolicies.get
compute.regionSslPolicies.list
compute.regionSslPolicies.listAvailableFeatures
compute.regionSslPolicies.listEffectiveTags
compute.regionSslPolicies.listTagBindings
compute.regionSslPolicies.update
compute.regionSslPolicies.use

compute.regionTargetHttpProxies.*

compute.regionTargetHttpProxies.create
compute.regionTargetHttpProxies.createTagBinding
compute.regionTargetHttpProxies.delete
compute.regionTargetHttpProxies.deleteTagBinding
compute.regionTargetHttpProxies.get
compute.regionTargetHttpProxies.list
compute.regionTargetHttpProxies.listEffectiveTags
compute.regionTargetHttpProxies.listTagBindings
compute.regionTargetHttpProxies.setUrlMap
compute.regionTargetHttpProxies.use

compute.regionTargetHttpsProxies.*

compute.regionTargetHttpsProxies.create
compute.regionTargetHttpsProxies.createTagBinding
compute.regionTargetHttpsProxies.delete
compute.regionTargetHttpsProxies.deleteTagBinding
compute.regionTargetHttpsProxies.get
compute.regionTargetHttpsProxies.list
compute.regionTargetHttpsProxies.listEffectiveTags
compute.regionTargetHttpsProxies.listTagBindings
compute.regionTargetHttpsProxies.setSslCertificates
compute.regionTargetHttpsProxies.setUrlMap
compute.regionTargetHttpsProxies.update
compute.regionTargetHttpsProxies.use

compute.regionTargetTcpProxies.*

compute.regionTargetTcpProxies.create
compute.regionTargetTcpProxies.createTagBinding
compute.regionTargetTcpProxies.delete
compute.regionTargetTcpProxies.deleteTagBinding
compute.regionTargetTcpProxies.get
compute.regionTargetTcpProxies.list
compute.regionTargetTcpProxies.listEffectiveTags
compute.regionTargetTcpProxies.listTagBindings
compute.regionTargetTcpProxies.use

compute.regionUrlMaps.*

compute.regionUrlMaps.create
compute.regionUrlMaps.createTagBinding
compute.regionUrlMaps.delete
compute.regionUrlMaps.deleteTagBinding
compute.regionUrlMaps.get
compute.regionUrlMaps.invalidateCache
compute.regionUrlMaps.list
compute.regionUrlMaps.listEffectiveTags
compute.regionUrlMaps.listTagBindings
compute.regionUrlMaps.update
compute.regionUrlMaps.use
compute.regionUrlMaps.validate

compute.regions.*

compute.regions.get
compute.regions.list

compute.routers.*

compute.routers.create
compute.routers.createTagBinding
compute.routers.delete
compute.routers.deleteRoutePolicy
compute.routers.deleteTagBinding
compute.routers.get
compute.routers.getRoutePolicy
compute.routers.list
compute.routers.listBgpRoutes
compute.routers.listEffectiveTags
compute.routers.listRoutePolicies
compute.routers.listTagBindings
compute.routers.update
compute.routers.updateRoutePolicy
compute.routers.use

compute.routes.*

compute.routes.create
compute.routes.createTagBinding
compute.routes.delete
compute.routes.deleteTagBinding
compute.routes.get
compute.routes.list
compute.routes.listEffectiveTags
compute.routes.listTagBindings

compute.securityPolicies.get

compute.securityPolicies.list

compute.securityPolicies.listEffectiveTags

compute.securityPolicies.listTagBindings

compute.securityPolicies.use

compute.serviceAttachments.*

compute.serviceAttachments.create
compute.serviceAttachments.createTagBinding
compute.serviceAttachments.delete
compute.serviceAttachments.deleteTagBinding
compute.serviceAttachments.get
compute.serviceAttachments.getIamPolicy
compute.serviceAttachments.list
compute.serviceAttachments.listEffectiveTags
compute.serviceAttachments.listTagBindings
compute.serviceAttachments.setIamPolicy
compute.serviceAttachments.update
compute.serviceAttachments.use

compute.snapshots.listEffectiveTags

compute.snapshots.listTagBindings

compute.sslCertificates.get

compute.sslCertificates.list

compute.sslCertificates.listEffectiveTags

compute.sslCertificates.listTagBindings

compute.sslPolicies.*

compute.sslPolicies.create
compute.sslPolicies.createTagBinding
compute.sslPolicies.delete
compute.sslPolicies.deleteTagBinding
compute.sslPolicies.get
compute.sslPolicies.list
compute.sslPolicies.listAvailableFeatures
compute.sslPolicies.listEffectiveTags
compute.sslPolicies.listTagBindings
compute.sslPolicies.update
compute.sslPolicies.use

compute.subnetworks.*

compute.subnetworks.create
compute.subnetworks.createTagBinding
compute.subnetworks.delete
compute.subnetworks.deleteTagBinding
compute.subnetworks.expandIpCidrRange
compute.subnetworks.get
compute.subnetworks.getIamPolicy
compute.subnetworks.list
compute.subnetworks.listEffectiveTags
compute.subnetworks.listTagBindings
compute.subnetworks.mirror
compute.subnetworks.setIamPolicy
compute.subnetworks.setPrivateIpGoogleAccess
compute.subnetworks.update
compute.subnetworks.use
compute.subnetworks.useExternalIp

compute.targetGrpcProxies.*

compute.targetGrpcProxies.create
compute.targetGrpcProxies.createTagBinding
compute.targetGrpcProxies.delete
compute.targetGrpcProxies.deleteTagBinding
compute.targetGrpcProxies.get
compute.targetGrpcProxies.list
compute.targetGrpcProxies.listEffectiveTags
compute.targetGrpcProxies.listTagBindings
compute.targetGrpcProxies.update
compute.targetGrpcProxies.use

compute.targetHttpProxies.*

compute.targetHttpProxies.create
compute.targetHttpProxies.createTagBinding
compute.targetHttpProxies.delete
compute.targetHttpProxies.deleteTagBinding
compute.targetHttpProxies.get
compute.targetHttpProxies.list
compute.targetHttpProxies.listEffectiveTags
compute.targetHttpProxies.listTagBindings
compute.targetHttpProxies.setUrlMap
compute.targetHttpProxies.update
compute.targetHttpProxies.use

compute.targetHttpsProxies.*

compute.targetHttpsProxies.create
compute.targetHttpsProxies.createTagBinding
compute.targetHttpsProxies.delete
compute.targetHttpsProxies.deleteTagBinding
compute.targetHttpsProxies.get
compute.targetHttpsProxies.list
compute.targetHttpsProxies.listEffectiveTags
compute.targetHttpsProxies.listTagBindings
compute.targetHttpsProxies.setCertificateMap
compute.targetHttpsProxies.setQuicOverride
compute.targetHttpsProxies.setSslCertificates
compute.targetHttpsProxies.setSslPolicy
compute.targetHttpsProxies.setUrlMap
compute.targetHttpsProxies.update
compute.targetHttpsProxies.use

compute.targetInstances.*

compute.targetInstances.create
compute.targetInstances.createTagBinding
compute.targetInstances.delete
compute.targetInstances.deleteTagBinding
compute.targetInstances.get
compute.targetInstances.list
compute.targetInstances.listEffectiveTags
compute.targetInstances.listTagBindings
compute.targetInstances.setSecurityPolicy
compute.targetInstances.use

compute.targetPools.*

compute.targetPools.addHealthCheck
compute.targetPools.addInstance
compute.targetPools.create
compute.targetPools.createTagBinding
compute.targetPools.delete
compute.targetPools.deleteTagBinding
compute.targetPools.get
compute.targetPools.list
compute.targetPools.listEffectiveTags
compute.targetPools.listTagBindings
compute.targetPools.removeHealthCheck
compute.targetPools.removeInstance
compute.targetPools.setSecurityPolicy
compute.targetPools.update
compute.targetPools.use

compute.targetSslProxies.*

compute.targetSslProxies.create
compute.targetSslProxies.createTagBinding
compute.targetSslProxies.delete
compute.targetSslProxies.deleteTagBinding
compute.targetSslProxies.get
compute.targetSslProxies.list
compute.targetSslProxies.listEffectiveTags
compute.targetSslProxies.listTagBindings
compute.targetSslProxies.setBackendService
compute.targetSslProxies.setCertificateMap
compute.targetSslProxies.setProxyHeader
compute.targetSslProxies.setSslCertificates
compute.targetSslProxies.setSslPolicy
compute.targetSslProxies.update
compute.targetSslProxies.use

compute.targetTcpProxies.*

compute.targetTcpProxies.create
compute.targetTcpProxies.createTagBinding
compute.targetTcpProxies.delete
compute.targetTcpProxies.deleteTagBinding
compute.targetTcpProxies.get
compute.targetTcpProxies.list
compute.targetTcpProxies.listEffectiveTags
compute.targetTcpProxies.listTagBindings
compute.targetTcpProxies.update
compute.targetTcpProxies.use

compute.targetVpnGateways.*

compute.targetVpnGateways.create
compute.targetVpnGateways.createTagBinding
compute.targetVpnGateways.delete
compute.targetVpnGateways.deleteTagBinding
compute.targetVpnGateways.get
compute.targetVpnGateways.list
compute.targetVpnGateways.listEffectiveTags
compute.targetVpnGateways.listTagBindings
compute.targetVpnGateways.setLabels
compute.targetVpnGateways.use

compute.urlMaps.*

compute.urlMaps.create
compute.urlMaps.createTagBinding
compute.urlMaps.delete
compute.urlMaps.deleteTagBinding
compute.urlMaps.get
compute.urlMaps.invalidateCache
compute.urlMaps.list
compute.urlMaps.listEffectiveTags
compute.urlMaps.listTagBindings
compute.urlMaps.update
compute.urlMaps.use
compute.urlMaps.validate

compute.vpnGateways.*

compute.vpnGateways.create
compute.vpnGateways.createTagBinding
compute.vpnGateways.delete
compute.vpnGateways.deleteTagBinding
compute.vpnGateways.get
compute.vpnGateways.list
compute.vpnGateways.listEffectiveTags
compute.vpnGateways.listTagBindings
compute.vpnGateways.setLabels
compute.vpnGateways.use

compute.vpnTunnels.*

compute.vpnTunnels.create
compute.vpnTunnels.createTagBinding
compute.vpnTunnels.delete
compute.vpnTunnels.deleteTagBinding
compute.vpnTunnels.get
compute.vpnTunnels.list
compute.vpnTunnels.listEffectiveTags
compute.vpnTunnels.listTagBindings
compute.vpnTunnels.setLabels

compute.zoneOperations.get

compute.zoneOperations.list

compute.zones.*

compute.zones.get
compute.zones.list

networkconnectivity.internalRanges.*

networkconnectivity.internalRanges.create
networkconnectivity.internalRanges.delete
networkconnectivity.internalRanges.get
networkconnectivity.internalRanges.getIamPolicy
networkconnectivity.internalRanges.list
networkconnectivity.internalRanges.setIamPolicy
networkconnectivity.internalRanges.update

networkconnectivity.locations.*

networkconnectivity.locations.get
networkconnectivity.locations.list

networkconnectivity.operations.*

networkconnectivity.operations.cancel
networkconnectivity.operations.delete
networkconnectivity.operations.get
networkconnectivity.operations.list

networkconnectivity.policyBasedRoutes.*

networkconnectivity.policyBasedRoutes.create
networkconnectivity.policyBasedRoutes.delete
networkconnectivity.policyBasedRoutes.get
networkconnectivity.policyBasedRoutes.getIamPolicy
networkconnectivity.policyBasedRoutes.list
networkconnectivity.policyBasedRoutes.setIamPolicy

networkconnectivity.regionalEndpoints.*

networkconnectivity.regionalEndpoints.create
networkconnectivity.regionalEndpoints.delete
networkconnectivity.regionalEndpoints.get
networkconnectivity.regionalEndpoints.list

networkconnectivity.serviceClasses.*

networkconnectivity.serviceClasses.create
networkconnectivity.serviceClasses.delete
networkconnectivity.serviceClasses.get
networkconnectivity.serviceClasses.list
networkconnectivity.serviceClasses.update
networkconnectivity.serviceClasses.use

networkconnectivity.serviceConnectionMaps.*

networkconnectivity.serviceConnectionMaps.create
networkconnectivity.serviceConnectionMaps.delete
networkconnectivity.serviceConnectionMaps.get
networkconnectivity.serviceConnectionMaps.list
networkconnectivity.serviceConnectionMaps.update

networkconnectivity.serviceConnectionPolicies.*

networkconnectivity.serviceConnectionPolicies.create
networkconnectivity.serviceConnectionPolicies.delete
networkconnectivity.serviceConnectionPolicies.get
networkconnectivity.serviceConnectionPolicies.list
networkconnectivity.serviceConnectionPolicies.update

networkmanagement.connectivitytests.get

networkmanagement.connectivitytests.list

networksecurity.addressGroups.*

networksecurity.addressGroups.create
networksecurity.addressGroups.delete
networksecurity.addressGroups.get
networksecurity.addressGroups.getIamPolicy
networksecurity.addressGroups.list
networksecurity.addressGroups.setIamPolicy
networksecurity.addressGroups.update
networksecurity.addressGroups.use

networksecurity.authorizationPolicies.*

networksecurity.authorizationPolicies.create
networksecurity.authorizationPolicies.delete
networksecurity.authorizationPolicies.get
networksecurity.authorizationPolicies.getIamPolicy
networksecurity.authorizationPolicies.list
networksecurity.authorizationPolicies.setIamPolicy
networksecurity.authorizationPolicies.update
networksecurity.authorizationPolicies.use

networksecurity.authzPolicies.*

networksecurity.authzPolicies.create
networksecurity.authzPolicies.delete
networksecurity.authzPolicies.get
networksecurity.authzPolicies.getIamPolicy
networksecurity.authzPolicies.list
networksecurity.authzPolicies.setIamPolicy
networksecurity.authzPolicies.update

networksecurity.clientTlsPolicies.*

networksecurity.clientTlsPolicies.create
networksecurity.clientTlsPolicies.delete
networksecurity.clientTlsPolicies.get
networksecurity.clientTlsPolicies.getIamPolicy
networksecurity.clientTlsPolicies.list
networksecurity.clientTlsPolicies.setIamPolicy
networksecurity.clientTlsPolicies.update
networksecurity.clientTlsPolicies.use

networksecurity.firewallEndpointAssociations.*

networksecurity.firewallEndpointAssociations.create
networksecurity.firewallEndpointAssociations.delete
networksecurity.firewallEndpointAssociations.get
networksecurity.firewallEndpointAssociations.list
networksecurity.firewallEndpointAssociations.update

networksecurity.firewallEndpoints.*

networksecurity.firewallEndpoints.create
networksecurity.firewallEndpoints.delete
networksecurity.firewallEndpoints.get
networksecurity.firewallEndpoints.list
networksecurity.firewallEndpoints.update
networksecurity.firewallEndpoints.use

networksecurity.gatewaySecurityPolicies.*

networksecurity.gatewaySecurityPolicies.create
networksecurity.gatewaySecurityPolicies.delete
networksecurity.gatewaySecurityPolicies.get
networksecurity.gatewaySecurityPolicies.list
networksecurity.gatewaySecurityPolicies.update
networksecurity.gatewaySecurityPolicies.use

networksecurity.gatewaySecurityPolicyRules.*

networksecurity.gatewaySecurityPolicyRules.create
networksecurity.gatewaySecurityPolicyRules.delete
networksecurity.gatewaySecurityPolicyRules.get
networksecurity.gatewaySecurityPolicyRules.list
networksecurity.gatewaySecurityPolicyRules.update
networksecurity.gatewaySecurityPolicyRules.use

networksecurity.locations.*

networksecurity.locations.get
networksecurity.locations.list

networksecurity.operations.*

networksecurity.operations.cancel
networksecurity.operations.delete
networksecurity.operations.get
networksecurity.operations.list

networksecurity.securityProfileGroups.*

networksecurity.securityProfileGroups.create
networksecurity.securityProfileGroups.delete
networksecurity.securityProfileGroups.get
networksecurity.securityProfileGroups.list
networksecurity.securityProfileGroups.update
networksecurity.securityProfileGroups.use

networksecurity.securityProfiles.*

networksecurity.securityProfiles.create
networksecurity.securityProfiles.delete
networksecurity.securityProfiles.get
networksecurity.securityProfiles.list
networksecurity.securityProfiles.update
networksecurity.securityProfiles.use

networksecurity.serverTlsPolicies.*

networksecurity.serverTlsPolicies.create
networksecurity.serverTlsPolicies.delete
networksecurity.serverTlsPolicies.get
networksecurity.serverTlsPolicies.getIamPolicy
networksecurity.serverTlsPolicies.list
networksecurity.serverTlsPolicies.setIamPolicy
networksecurity.serverTlsPolicies.update
networksecurity.serverTlsPolicies.use

networksecurity.tlsInspectionPolicies.*

networksecurity.tlsInspectionPolicies.create
networksecurity.tlsInspectionPolicies.delete
networksecurity.tlsInspectionPolicies.get
networksecurity.tlsInspectionPolicies.list
networksecurity.tlsInspectionPolicies.update
networksecurity.tlsInspectionPolicies.use

networksecurity.urlLists.*

networksecurity.urlLists.create
networksecurity.urlLists.delete
networksecurity.urlLists.get
networksecurity.urlLists.list
networksecurity.urlLists.update
networksecurity.urlLists.use

networkservices.*

networkservices.authzExtensions.create
networkservices.authzExtensions.delete
networkservices.authzExtensions.get
networkservices.authzExtensions.list
networkservices.authzExtensions.update
networkservices.authzExtensions.use
networkservices.endpointPolicies.create
networkservices.endpointPolicies.delete
networkservices.endpointPolicies.get
networkservices.endpointPolicies.list
networkservices.endpointPolicies.update
networkservices.gateways.create
networkservices.gateways.delete
networkservices.gateways.get
networkservices.gateways.list
networkservices.gateways.update
networkservices.gateways.use
networkservices.grpcRoutes.create
networkservices.grpcRoutes.delete
networkservices.grpcRoutes.get
networkservices.grpcRoutes.list
networkservices.grpcRoutes.update
networkservices.httpFilters.create
networkservices.httpFilters.delete
networkservices.httpFilters.get
networkservices.httpFilters.list
networkservices.httpFilters.update
networkservices.httpRoutes.create
networkservices.httpRoutes.delete
networkservices.httpRoutes.get
networkservices.httpRoutes.list
networkservices.httpRoutes.update
networkservices.httpfilters.create
networkservices.httpfilters.delete
networkservices.httpfilters.get
networkservices.httpfilters.getIamPolicy
networkservices.httpfilters.list
networkservices.httpfilters.setIamPolicy
networkservices.httpfilters.update
networkservices.httpfilters.use
networkservices.lbRouteExtensions.create
networkservices.lbRouteExtensions.delete
networkservices.lbRouteExtensions.get
networkservices.lbRouteExtensions.list
networkservices.lbRouteExtensions.update
networkservices.lbTrafficExtensions.create
networkservices.lbTrafficExtensions.delete
networkservices.lbTrafficExtensions.get
networkservices.lbTrafficExtensions.list
networkservices.lbTrafficExtensions.update
networkservices.locations.get
networkservices.locations.list
networkservices.meshes.create
networkservices.meshes.delete
networkservices.meshes.get
networkservices.meshes.list
networkservices.meshes.update
networkservices.meshes.use
networkservices.operations.cancel
networkservices.operations.delete
networkservices.operations.get
networkservices.operations.list
networkservices.route_views.get
networkservices.route_views.list
networkservices.serviceBindings.create
networkservices.serviceBindings.delete
networkservices.serviceBindings.get
networkservices.serviceBindings.list
networkservices.serviceBindings.update
networkservices.serviceLbPolicies.create
networkservices.serviceLbPolicies.delete
networkservices.serviceLbPolicies.get
networkservices.serviceLbPolicies.list
networkservices.serviceLbPolicies.update
networkservices.tcpRoutes.create
networkservices.tcpRoutes.delete
networkservices.tcpRoutes.get
networkservices.tcpRoutes.list
networkservices.tcpRoutes.update
networkservices.tlsRoutes.create
networkservices.tlsRoutes.delete
networkservices.tlsRoutes.get
networkservices.tlsRoutes.list
networkservices.tlsRoutes.update
networkservices.wasmPlugins.create
networkservices.wasmPlugins.delete
networkservices.wasmPlugins.get
networkservices.wasmPlugins.list
networkservices.wasmPlugins.update
networkservices.wasmPlugins.use

resourcemanager.projects.get

resourcemanager.projects.list

servicedirectory.namespaces.create

servicedirectory.namespaces.delete

servicedirectory.services.create

servicedirectory.services.delete

servicenetworking.operations.get

servicenetworking.services.addPeering

servicenetworking.services.createPeeredDnsDomain

servicenetworking.services.deleteConnection

servicenetworking.services.deletePeeredDnsDomain

servicenetworking.services.disableVpcServiceControls

servicenetworking.services.enableVpcServiceControls

servicenetworking.services.get

servicenetworking.services.listPeeredDnsDomains

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

trafficdirector.*

trafficdirector.networks.getConfigs
trafficdirector.networks.reportMetrics

Compute Network User role

Details Permissions

Details	Permissions
Compute Network User (`roles/compute.networkUser`) Provides access to a shared VPC network Once granted, service owners can use VPC networks and subnets that belong to the host project. For example, a network user can create a VM instance that belongs to a host project network but they cannot delete or create new networks in the host project. Lowest-level resources where you can grant this role: Project	`compute.addresses.createInternal` `compute.addresses.deleteInternal` `compute.addresses.get` `compute.addresses.list` `compute.addresses.listEffectiveTags` `compute.addresses.listTagBindings` `compute.addresses.useInternal` `compute.externalVpnGateways.get` `compute.externalVpnGateways.list` `compute.externalVpnGateways.listEffectiveTags` `compute.externalVpnGateways.listTagBindings` `compute.externalVpnGateways.use` `compute.firewalls.get` `compute.firewalls.list` `compute.firewalls.listEffectiveTags` `compute.firewalls.listTagBindings` `compute.instanceSettings.get` `compute.interconnectAttachments.get` `compute.interconnectAttachments.list` `compute.interconnectAttachments.listEffectiveTags` `compute.interconnectAttachments.listTagBindings` `compute.interconnectLocations.` `compute.interconnectLocations.get` `compute.interconnectLocations.list` `compute.interconnectRemoteLocations.` `compute.interconnectRemoteLocations.get` `compute.interconnectRemoteLocations.list` `compute.interconnects.get` `compute.interconnects.list` `compute.interconnects.listEffectiveTags` `compute.interconnects.listTagBindings` `compute.interconnects.use` `compute.networkAttachments.get` `compute.networkAttachments.list` `compute.networkAttachments.listEffectiveTags` `compute.networkAttachments.listTagBindings` `compute.networkProfiles.` `compute.networkProfiles.get` `compute.networkProfiles.list` `compute.networks.access` `compute.networks.get` `compute.networks.getEffectiveFirewalls` `compute.networks.getRegionEffectiveFirewalls` `compute.networks.list` `compute.networks.listEffectiveTags` `compute.networks.listPeeringRoutes` `compute.networks.listTagBindings` `compute.networks.use` `compute.networks.useExternalIp` `compute.projects.get` `compute.regions.` `compute.regions.get` `compute.regions.list` `compute.routers.get` `compute.routers.getRoutePolicy` `compute.routers.list` `compute.routers.listBgpRoutes` `compute.routers.listEffectiveTags` `compute.routers.listRoutePolicies` `compute.routers.listTagBindings` `compute.routes.get` `compute.routes.list` `compute.routes.listEffectiveTags` `compute.routes.listTagBindings` `compute.serviceAttachments.get` `compute.serviceAttachments.list` `compute.serviceAttachments.listEffectiveTags` `compute.serviceAttachments.listTagBindings` `compute.subnetworks.get` `compute.subnetworks.list` `compute.subnetworks.listEffectiveTags` `compute.subnetworks.listTagBindings` `compute.subnetworks.use` `compute.subnetworks.useExternalIp` `compute.targetVpnGateways.get` `compute.targetVpnGateways.list` `compute.targetVpnGateways.listEffectiveTags` `compute.targetVpnGateways.listTagBindings` `compute.vpnGateways.get` `compute.vpnGateways.list` `compute.vpnGateways.listEffectiveTags` `compute.vpnGateways.listTagBindings` `compute.vpnGateways.use` `compute.vpnTunnels.get` `compute.vpnTunnels.list` `compute.vpnTunnels.listEffectiveTags` `compute.vpnTunnels.listTagBindings` `compute.zones.` `compute.zones.get` `compute.zones.list` `networkconnectivity.internalRanges.get` `networkconnectivity.internalRanges.list` `networkconnectivity.locations.` `networkconnectivity.locations.get` `networkconnectivity.locations.list` `networkconnectivity.operations.get` `networkconnectivity.operations.list` `networkconnectivity.policyBasedRoutes.get` `networkconnectivity.policyBasedRoutes.list` `networkmanagement.connectivitytests.get` `networkmanagement.connectivitytests.list` `networksecurity.addressGroups.get` `networksecurity.addressGroups.list` `networksecurity.addressGroups.use` `networksecurity.authorizationPolicies.get` `networksecurity.authorizationPolicies.list` `networksecurity.authorizationPolicies.use` `networksecurity.authzPolicies.get` `networksecurity.authzPolicies.list` `networksecurity.clientTlsPolicies.get` `networksecurity.clientTlsPolicies.list` `networksecurity.clientTlsPolicies.use` `networksecurity.firewallEndpointAssociations.get` `networksecurity.firewallEndpointAssociations.list` `networksecurity.firewallEndpoints.get` `networksecurity.firewallEndpoints.list` `networksecurity.firewallEndpoints.use` `networksecurity.gatewaySecurityPolicies.get` `networksecurity.gatewaySecurityPolicies.list` `networksecurity.gatewaySecurityPolicies.use` `networksecurity.gatewaySecurityPolicyRules.get` `networksecurity.gatewaySecurityPolicyRules.list` `networksecurity.gatewaySecurityPolicyRules.use` `networksecurity.locations.` `networksecurity.locations.get` `networksecurity.locations.list` `networksecurity.operations.get` `networksecurity.operations.list` `networksecurity.securityProfileGroups.get` `networksecurity.securityProfileGroups.list` `networksecurity.securityProfileGroups.use` `networksecurity.securityProfiles.get` `networksecurity.securityProfiles.list` `networksecurity.securityProfiles.use` `networksecurity.serverTlsPolicies.get` `networksecurity.serverTlsPolicies.list` `networksecurity.serverTlsPolicies.use` `networksecurity.tlsInspectionPolicies.get` `networksecurity.tlsInspectionPolicies.list` `networksecurity.tlsInspectionPolicies.use` `networksecurity.urlLists.get` `networksecurity.urlLists.list` `networksecurity.urlLists.use` `networkservices.authzExtensions.get` `networkservices.authzExtensions.list` `networkservices.authzExtensions.use` `networkservices.endpointPolicies.get` `networkservices.endpointPolicies.list` `networkservices.gateways.get` `networkservices.gateways.list` `networkservices.gateways.use` `networkservices.grpcRoutes.get` `networkservices.grpcRoutes.list` `networkservices.httpFilters.get` `networkservices.httpFilters.list` `networkservices.httpRoutes.get` `networkservices.httpRoutes.list` `networkservices.httpfilters.get` `networkservices.httpfilters.list` `networkservices.httpfilters.use` `networkservices.lbRouteExtensions.get` `networkservices.lbRouteExtensions.list` `networkservices.lbTrafficExtensions.get` `networkservices.lbTrafficExtensions.list` `networkservices.locations.` `networkservices.locations.get` `networkservices.locations.list` `networkservices.meshes.get` `networkservices.meshes.list` `networkservices.meshes.use` `networkservices.operations.get` `networkservices.operations.list` `networkservices.route_views.*` `networkservices.route_views.get` `networkservices.route_views.list` `networkservices.serviceBindings.get` `networkservices.serviceBindings.list` `networkservices.serviceLbPolicies.get` `networkservices.serviceLbPolicies.list` `networkservices.tcpRoutes.get` `networkservices.tcpRoutes.list` `networkservices.tlsRoutes.get` `networkservices.tlsRoutes.list` `networkservices.wasmPlugins.get` `networkservices.wasmPlugins.list` `networkservices.wasmPlugins.use` `resourcemanager.projects.get` `resourcemanager.projects.list` `servicenetworking.services.get` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list`

Compute Network User

(roles/compute.networkUser)

Provides access to a shared VPC network

Once granted, service owners can use VPC networks and subnets that belong to the host project. For example, a network user can create a VM instance that belongs to a host project network but they cannot delete or create new networks in the host project.

Lowest-level resources where you can grant this role:

Project

compute.addresses.createInternal

compute.addresses.deleteInternal

compute.addresses.get

compute.addresses.list

compute.addresses.listEffectiveTags

compute.addresses.listTagBindings

compute.addresses.useInternal

compute.externalVpnGateways.get

compute.externalVpnGateways.list

compute.externalVpnGateways.listEffectiveTags

compute.externalVpnGateways.listTagBindings

compute.externalVpnGateways.use

compute.firewalls.get

compute.firewalls.list

compute.firewalls.listEffectiveTags

compute.firewalls.listTagBindings

compute.instanceSettings.get

compute.interconnectAttachments.get

compute.interconnectAttachments.list

compute.interconnectAttachments.listEffectiveTags

compute.interconnectAttachments.listTagBindings

compute.interconnectLocations.*

compute.interconnectLocations.get
compute.interconnectLocations.list

compute.interconnectRemoteLocations.*

compute.interconnectRemoteLocations.get
compute.interconnectRemoteLocations.list

compute.interconnects.get

compute.interconnects.list

compute.interconnects.listEffectiveTags

compute.interconnects.listTagBindings

compute.interconnects.use

compute.networkAttachments.get

compute.networkAttachments.list

compute.networkAttachments.listEffectiveTags

compute.networkAttachments.listTagBindings

compute.networkProfiles.*

compute.networkProfiles.get
compute.networkProfiles.list

compute.networks.access

compute.networks.get

compute.networks.getEffectiveFirewalls

compute.networks.getRegionEffectiveFirewalls

compute.networks.list

compute.networks.listEffectiveTags

compute.networks.listPeeringRoutes

compute.networks.listTagBindings

compute.networks.use

compute.networks.useExternalIp

compute.projects.get

compute.regions.*

compute.regions.get
compute.regions.list

compute.routers.get

compute.routers.getRoutePolicy

compute.routers.list

compute.routers.listBgpRoutes

compute.routers.listEffectiveTags

compute.routers.listRoutePolicies

compute.routers.listTagBindings

compute.routes.get

compute.routes.list

compute.routes.listEffectiveTags

compute.routes.listTagBindings

compute.serviceAttachments.get

compute.serviceAttachments.list

compute.serviceAttachments.listEffectiveTags

compute.serviceAttachments.listTagBindings

compute.subnetworks.get

compute.subnetworks.list

compute.subnetworks.listEffectiveTags

compute.subnetworks.listTagBindings

compute.subnetworks.use

compute.subnetworks.useExternalIp

compute.targetVpnGateways.get

compute.targetVpnGateways.list

compute.targetVpnGateways.listEffectiveTags

compute.targetVpnGateways.listTagBindings

compute.vpnGateways.get

compute.vpnGateways.list

compute.vpnGateways.listEffectiveTags

compute.vpnGateways.listTagBindings

compute.vpnGateways.use

compute.vpnTunnels.get

compute.vpnTunnels.list

compute.vpnTunnels.listEffectiveTags

compute.vpnTunnels.listTagBindings

compute.zones.*

compute.zones.get
compute.zones.list

networkconnectivity.internalRanges.get

networkconnectivity.internalRanges.list

networkconnectivity.locations.*

networkconnectivity.locations.get
networkconnectivity.locations.list

networkconnectivity.operations.get

networkconnectivity.operations.list

networkconnectivity.policyBasedRoutes.get

networkconnectivity.policyBasedRoutes.list

networkmanagement.connectivitytests.get

networkmanagement.connectivitytests.list

networksecurity.addressGroups.get

networksecurity.addressGroups.list

networksecurity.addressGroups.use

networksecurity.authorizationPolicies.get

networksecurity.authorizationPolicies.list

networksecurity.authorizationPolicies.use

networksecurity.authzPolicies.get

networksecurity.authzPolicies.list

networksecurity.clientTlsPolicies.get

networksecurity.clientTlsPolicies.list

networksecurity.clientTlsPolicies.use

networksecurity.firewallEndpointAssociations.get

networksecurity.firewallEndpointAssociations.list

networksecurity.firewallEndpoints.get

networksecurity.firewallEndpoints.list

networksecurity.firewallEndpoints.use

networksecurity.gatewaySecurityPolicies.get

networksecurity.gatewaySecurityPolicies.list

networksecurity.gatewaySecurityPolicies.use

networksecurity.gatewaySecurityPolicyRules.get

networksecurity.gatewaySecurityPolicyRules.list

networksecurity.gatewaySecurityPolicyRules.use

networksecurity.locations.*

networksecurity.locations.get
networksecurity.locations.list

networksecurity.operations.get

networksecurity.operations.list

networksecurity.securityProfileGroups.get

networksecurity.securityProfileGroups.list

networksecurity.securityProfileGroups.use

networksecurity.securityProfiles.get

networksecurity.securityProfiles.list

networksecurity.securityProfiles.use

networksecurity.serverTlsPolicies.get

networksecurity.serverTlsPolicies.list

networksecurity.serverTlsPolicies.use

networksecurity.tlsInspectionPolicies.get

networksecurity.tlsInspectionPolicies.list

networksecurity.tlsInspectionPolicies.use

networksecurity.urlLists.get

networksecurity.urlLists.list

networksecurity.urlLists.use

networkservices.authzExtensions.get

networkservices.authzExtensions.list

networkservices.authzExtensions.use

networkservices.endpointPolicies.get

networkservices.endpointPolicies.list

networkservices.gateways.get

networkservices.gateways.list

networkservices.gateways.use

networkservices.grpcRoutes.get

networkservices.grpcRoutes.list

networkservices.httpFilters.get

networkservices.httpFilters.list

networkservices.httpRoutes.get

networkservices.httpRoutes.list

networkservices.httpfilters.get

networkservices.httpfilters.list

networkservices.httpfilters.use

networkservices.lbRouteExtensions.get

networkservices.lbRouteExtensions.list

networkservices.lbTrafficExtensions.get

networkservices.lbTrafficExtensions.list

networkservices.locations.*

networkservices.locations.get
networkservices.locations.list

networkservices.meshes.get

networkservices.meshes.list

networkservices.meshes.use

networkservices.operations.get

networkservices.operations.list

networkservices.route_views.*

networkservices.route_views.get
networkservices.route_views.list

networkservices.serviceBindings.get

networkservices.serviceBindings.list

networkservices.serviceLbPolicies.get

networkservices.serviceLbPolicies.list

networkservices.tcpRoutes.get

networkservices.tcpRoutes.list

networkservices.tlsRoutes.get

networkservices.tlsRoutes.list

networkservices.wasmPlugins.get

networkservices.wasmPlugins.list

networkservices.wasmPlugins.use

resourcemanager.projects.get

resourcemanager.projects.list

servicenetworking.services.get

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Compute Network Viewer role

Details Permissions

Details	Permissions
Compute Network Viewer (`roles/compute.networkViewer`) Read-only access to all networking resources For example, if you have software that inspects your network configuration, you could grant this role to that software's service account. Lowest-level resources where you can grant this role: Instance	`compute.acceleratorTypes.` `compute.acceleratorTypes.get` `compute.acceleratorTypes.list` `compute.addresses.get` `compute.addresses.list` `compute.addresses.listEffectiveTags` `compute.addresses.listTagBindings` `compute.autoscalers.get` `compute.autoscalers.list` `compute.backendBuckets.get` `compute.backendBuckets.list` `compute.backendBuckets.listEffectiveTags` `compute.backendBuckets.listTagBindings` `compute.backendServices.get` `compute.backendServices.list` `compute.backendServices.listEffectiveTags` `compute.backendServices.listTagBindings` `compute.disks.listEffectiveTags` `compute.disks.listTagBindings` `compute.externalVpnGateways.get` `compute.externalVpnGateways.list` `compute.externalVpnGateways.listEffectiveTags` `compute.externalVpnGateways.listTagBindings` `compute.firewalls.get` `compute.firewalls.list` `compute.firewalls.listEffectiveTags` `compute.firewalls.listTagBindings` `compute.forwardingRules.get` `compute.forwardingRules.list` `compute.forwardingRules.listEffectiveTags` `compute.forwardingRules.listTagBindings` `compute.globalAddresses.get` `compute.globalAddresses.list` `compute.globalAddresses.listEffectiveTags` `compute.globalAddresses.listTagBindings` `compute.globalForwardingRules.get` `compute.globalForwardingRules.list` `compute.globalForwardingRules.listEffectiveTags` `compute.globalForwardingRules.listTagBindings` `compute.globalForwardingRules.pscGet` `compute.healthChecks.get` `compute.healthChecks.list` `compute.healthChecks.listEffectiveTags` `compute.healthChecks.listTagBindings` `compute.httpHealthChecks.get` `compute.httpHealthChecks.list` `compute.httpHealthChecks.listEffectiveTags` `compute.httpHealthChecks.listTagBindings` `compute.httpsHealthChecks.get` `compute.httpsHealthChecks.list` `compute.httpsHealthChecks.listEffectiveTags` `compute.httpsHealthChecks.listTagBindings` `compute.images.listEffectiveTags` `compute.images.listTagBindings` `compute.instanceGroupManagers.get` `compute.instanceGroupManagers.list` `compute.instanceGroupManagers.listEffectiveTags` `compute.instanceGroupManagers.listTagBindings` `compute.instanceGroups.get` `compute.instanceGroups.list` `compute.instanceGroups.listEffectiveTags` `compute.instanceGroups.listTagBindings` `compute.instanceSettings.get` `compute.instances.get` `compute.instances.getGuestAttributes` `compute.instances.getScreenshot` `compute.instances.getSerialPortOutput` `compute.instances.list` `compute.instances.listEffectiveTags` `compute.instances.listReferrers` `compute.instances.listTagBindings` `compute.interconnectAttachments.get` `compute.interconnectAttachments.list` `compute.interconnectAttachments.listEffectiveTags` `compute.interconnectAttachments.listTagBindings` `compute.interconnectLocations.` `compute.interconnectLocations.get` `compute.interconnectLocations.list` `compute.interconnectRemoteLocations.` `compute.interconnectRemoteLocations.get` `compute.interconnectRemoteLocations.list` `compute.interconnects.get` `compute.interconnects.list` `compute.interconnects.listEffectiveTags` `compute.interconnects.listTagBindings` `compute.machineTypes.` `compute.machineTypes.get` `compute.machineTypes.list` `compute.networkAttachments.get` `compute.networkAttachments.list` `compute.networkAttachments.listEffectiveTags` `compute.networkAttachments.listTagBindings` `compute.networkProfiles.` `compute.networkProfiles.get` `compute.networkProfiles.list` `compute.networks.get` `compute.networks.getEffectiveFirewalls` `compute.networks.getRegionEffectiveFirewalls` `compute.networks.list` `compute.networks.listEffectiveTags` `compute.networks.listPeeringRoutes` `compute.networks.listTagBindings` `compute.packetMirrorings.get` `compute.packetMirrorings.list` `compute.packetMirrorings.listEffectiveTags` `compute.packetMirrorings.listTagBindings` `compute.projects.get` `compute.regionBackendServices.get` `compute.regionBackendServices.list` `compute.regionBackendServices.listEffectiveTags` `compute.regionBackendServices.listTagBindings` `compute.regionHealthCheckServices.get` `compute.regionHealthCheckServices.list` `compute.regionHealthChecks.get` `compute.regionHealthChecks.list` `compute.regionHealthChecks.listEffectiveTags` `compute.regionHealthChecks.listTagBindings` `compute.regionNotificationEndpoints.get` `compute.regionNotificationEndpoints.list` `compute.regionSslCertificates.get` `compute.regionSslCertificates.list` `compute.regionSslCertificates.listEffectiveTags` `compute.regionSslCertificates.listTagBindings` `compute.regionSslPolicies.get` `compute.regionSslPolicies.list` `compute.regionSslPolicies.listAvailableFeatures` `compute.regionSslPolicies.listEffectiveTags` `compute.regionSslPolicies.listTagBindings` `compute.regionTargetHttpProxies.get` `compute.regionTargetHttpProxies.list` `compute.regionTargetHttpProxies.listEffectiveTags` `compute.regionTargetHttpProxies.listTagBindings` `compute.regionTargetHttpsProxies.get` `compute.regionTargetHttpsProxies.list` `compute.regionTargetHttpsProxies.listEffectiveTags` `compute.regionTargetHttpsProxies.listTagBindings` `compute.regionTargetTcpProxies.get` `compute.regionTargetTcpProxies.list` `compute.regionTargetTcpProxies.listEffectiveTags` `compute.regionTargetTcpProxies.listTagBindings` `compute.regionUrlMaps.get` `compute.regionUrlMaps.list` `compute.regionUrlMaps.listEffectiveTags` `compute.regionUrlMaps.listTagBindings` `compute.regions.` `compute.regions.get` `compute.regions.list` `compute.routers.get` `compute.routers.getRoutePolicy` `compute.routers.list` `compute.routers.listBgpRoutes` `compute.routers.listEffectiveTags` `compute.routers.listRoutePolicies` `compute.routers.listTagBindings` `compute.routes.get` `compute.routes.list` `compute.routes.listEffectiveTags` `compute.routes.listTagBindings` `compute.serviceAttachments.get` `compute.serviceAttachments.list` `compute.serviceAttachments.listEffectiveTags` `compute.serviceAttachments.listTagBindings` `compute.snapshots.listEffectiveTags` `compute.snapshots.listTagBindings` `compute.sslCertificates.get` `compute.sslCertificates.list` `compute.sslCertificates.listEffectiveTags` `compute.sslCertificates.listTagBindings` `compute.sslPolicies.get` `compute.sslPolicies.list` `compute.sslPolicies.listAvailableFeatures` `compute.sslPolicies.listEffectiveTags` `compute.sslPolicies.listTagBindings` `compute.subnetworks.get` `compute.subnetworks.list` `compute.subnetworks.listEffectiveTags` `compute.subnetworks.listTagBindings` `compute.targetGrpcProxies.get` `compute.targetGrpcProxies.list` `compute.targetGrpcProxies.listEffectiveTags` `compute.targetGrpcProxies.listTagBindings` `compute.targetHttpProxies.get` `compute.targetHttpProxies.list` `compute.targetHttpProxies.listEffectiveTags` `compute.targetHttpProxies.listTagBindings` `compute.targetHttpsProxies.get` `compute.targetHttpsProxies.list` `compute.targetHttpsProxies.listEffectiveTags` `compute.targetHttpsProxies.listTagBindings` `compute.targetInstances.get` `compute.targetInstances.list` `compute.targetInstances.listEffectiveTags` `compute.targetInstances.listTagBindings` `compute.targetPools.get` `compute.targetPools.list` `compute.targetPools.listEffectiveTags` `compute.targetPools.listTagBindings` `compute.targetSslProxies.get` `compute.targetSslProxies.list` `compute.targetSslProxies.listEffectiveTags` `compute.targetSslProxies.listTagBindings` `compute.targetTcpProxies.get` `compute.targetTcpProxies.list` `compute.targetTcpProxies.listEffectiveTags` `compute.targetTcpProxies.listTagBindings` `compute.targetVpnGateways.get` `compute.targetVpnGateways.list` `compute.targetVpnGateways.listEffectiveTags` `compute.targetVpnGateways.listTagBindings` `compute.urlMaps.get` `compute.urlMaps.list` `compute.urlMaps.listEffectiveTags` `compute.urlMaps.listTagBindings` `compute.vpnGateways.get` `compute.vpnGateways.list` `compute.vpnGateways.listEffectiveTags` `compute.vpnGateways.listTagBindings` `compute.vpnTunnels.get` `compute.vpnTunnels.list` `compute.vpnTunnels.listEffectiveTags` `compute.vpnTunnels.listTagBindings` `compute.zones.` `compute.zones.get` `compute.zones.list` `networkconnectivity.internalRanges.get` `networkconnectivity.internalRanges.list` `networkconnectivity.locations.` `networkconnectivity.locations.get` `networkconnectivity.locations.list` `networkconnectivity.operations.get` `networkconnectivity.operations.list` `networkconnectivity.policyBasedRoutes.get` `networkconnectivity.policyBasedRoutes.list` `networkmanagement.connectivitytests.get` `networkmanagement.connectivitytests.list` `networksecurity.addressGroups.get` `networksecurity.addressGroups.list` `networksecurity.authorizationPolicies.get` `networksecurity.authorizationPolicies.list` `networksecurity.authzPolicies.get` `networksecurity.authzPolicies.list` `networksecurity.clientTlsPolicies.get` `networksecurity.clientTlsPolicies.list` `networksecurity.firewallEndpointAssociations.get` `networksecurity.firewallEndpointAssociations.list` `networksecurity.firewallEndpoints.get` `networksecurity.firewallEndpoints.list` `networksecurity.gatewaySecurityPolicies.get` `networksecurity.gatewaySecurityPolicies.list` `networksecurity.gatewaySecurityPolicyRules.get` `networksecurity.gatewaySecurityPolicyRules.list` `networksecurity.locations.` `networksecurity.locations.get` `networksecurity.locations.list` `networksecurity.operations.get` `networksecurity.operations.list` `networksecurity.securityProfileGroups.get` `networksecurity.securityProfileGroups.list` `networksecurity.securityProfiles.get` `networksecurity.securityProfiles.list` `networksecurity.serverTlsPolicies.get` `networksecurity.serverTlsPolicies.list` `networksecurity.tlsInspectionPolicies.get` `networksecurity.tlsInspectionPolicies.list` `networksecurity.urlLists.get` `networksecurity.urlLists.list` `networkservices.authzExtensions.get` `networkservices.authzExtensions.list` `networkservices.endpointPolicies.get` `networkservices.endpointPolicies.list` `networkservices.gateways.get` `networkservices.gateways.list` `networkservices.grpcRoutes.get` `networkservices.grpcRoutes.list` `networkservices.httpFilters.get` `networkservices.httpFilters.list` `networkservices.httpRoutes.get` `networkservices.httpRoutes.list` `networkservices.httpfilters.get` `networkservices.httpfilters.list` `networkservices.lbRouteExtensions.get` `networkservices.lbRouteExtensions.list` `networkservices.lbTrafficExtensions.get` `networkservices.lbTrafficExtensions.list` `networkservices.locations.` `networkservices.locations.get` `networkservices.locations.list` `networkservices.meshes.get` `networkservices.meshes.list` `networkservices.operations.get` `networkservices.operations.list` `networkservices.route_views.` `networkservices.route_views.get` `networkservices.route_views.list` `networkservices.serviceBindings.get` `networkservices.serviceBindings.list` `networkservices.serviceLbPolicies.get` `networkservices.serviceLbPolicies.list` `networkservices.tcpRoutes.get` `networkservices.tcpRoutes.list` `networkservices.tlsRoutes.get` `networkservices.tlsRoutes.list` `networkservices.wasmPlugins.get` `networkservices.wasmPlugins.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `servicenetworking.services.get` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `trafficdirector.` `trafficdirector.networks.getConfigs` `trafficdirector.networks.reportMetrics`

Compute Network Viewer

(roles/compute.networkViewer)

Read-only access to all networking resources

For example, if you have software that inspects your network configuration, you could grant this role to that software's service account.

Lowest-level resources where you can grant this role:

Instance

compute.acceleratorTypes.*

compute.acceleratorTypes.get
compute.acceleratorTypes.list

compute.addresses.get

compute.addresses.list

compute.addresses.listEffectiveTags

compute.addresses.listTagBindings

compute.autoscalers.get

compute.autoscalers.list

compute.backendBuckets.get

compute.backendBuckets.list

compute.backendBuckets.listEffectiveTags

compute.backendBuckets.listTagBindings

compute.backendServices.get

compute.backendServices.list

compute.backendServices.listEffectiveTags

compute.backendServices.listTagBindings

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.externalVpnGateways.get

compute.externalVpnGateways.list

compute.externalVpnGateways.listEffectiveTags

compute.externalVpnGateways.listTagBindings

compute.firewalls.get

compute.firewalls.list

compute.firewalls.listEffectiveTags

compute.firewalls.listTagBindings

compute.forwardingRules.get

compute.forwardingRules.list

compute.forwardingRules.listEffectiveTags

compute.forwardingRules.listTagBindings

compute.globalAddresses.get

compute.globalAddresses.list

compute.globalAddresses.listEffectiveTags

compute.globalAddresses.listTagBindings

compute.globalForwardingRules.get

compute.globalForwardingRules.list

compute.globalForwardingRules.listEffectiveTags

compute.globalForwardingRules.listTagBindings

compute.globalForwardingRules.pscGet

compute.healthChecks.get

compute.healthChecks.list

compute.healthChecks.listEffectiveTags

compute.healthChecks.listTagBindings

compute.httpHealthChecks.get

compute.httpHealthChecks.list

compute.httpHealthChecks.listEffectiveTags

compute.httpHealthChecks.listTagBindings

compute.httpsHealthChecks.get

compute.httpsHealthChecks.list

compute.httpsHealthChecks.listEffectiveTags

compute.httpsHealthChecks.listTagBindings

compute.images.listEffectiveTags

compute.images.listTagBindings

compute.instanceGroupManagers.get

compute.instanceGroupManagers.list

compute.instanceGroupManagers.listEffectiveTags

compute.instanceGroupManagers.listTagBindings

compute.instanceGroups.get

compute.instanceGroups.list

compute.instanceGroups.listEffectiveTags

compute.instanceGroups.listTagBindings

compute.instanceSettings.get

compute.instances.get

compute.instances.getGuestAttributes

compute.instances.getScreenshot

compute.instances.getSerialPortOutput

compute.instances.list

compute.instances.listEffectiveTags

compute.instances.listReferrers

compute.instances.listTagBindings

compute.interconnectAttachments.get

compute.interconnectAttachments.list

compute.interconnectAttachments.listEffectiveTags

compute.interconnectAttachments.listTagBindings

compute.interconnectLocations.*

compute.interconnectLocations.get
compute.interconnectLocations.list

compute.interconnectRemoteLocations.*

compute.interconnectRemoteLocations.get
compute.interconnectRemoteLocations.list

compute.interconnects.get

compute.interconnects.list

compute.interconnects.listEffectiveTags

compute.interconnects.listTagBindings

compute.machineTypes.*

compute.machineTypes.get
compute.machineTypes.list

compute.networkAttachments.get

compute.networkAttachments.list

compute.networkAttachments.listEffectiveTags

compute.networkAttachments.listTagBindings

compute.networkProfiles.*

compute.networkProfiles.get
compute.networkProfiles.list

compute.networks.get

compute.networks.getEffectiveFirewalls

compute.networks.getRegionEffectiveFirewalls

compute.networks.list

compute.networks.listEffectiveTags

compute.networks.listPeeringRoutes

compute.networks.listTagBindings

compute.packetMirrorings.get

compute.packetMirrorings.list

compute.packetMirrorings.listEffectiveTags

compute.packetMirrorings.listTagBindings

compute.projects.get

compute.regionBackendServices.get

compute.regionBackendServices.list

compute.regionBackendServices.listEffectiveTags

compute.regionBackendServices.listTagBindings

compute.regionHealthCheckServices.get

compute.regionHealthCheckServices.list

compute.regionHealthChecks.get

compute.regionHealthChecks.list

compute.regionHealthChecks.listEffectiveTags

compute.regionHealthChecks.listTagBindings

compute.regionNotificationEndpoints.get

compute.regionNotificationEndpoints.list

compute.regionSslCertificates.get

compute.regionSslCertificates.list

compute.regionSslCertificates.listEffectiveTags

compute.regionSslCertificates.listTagBindings

compute.regionSslPolicies.get

compute.regionSslPolicies.list

compute.regionSslPolicies.listAvailableFeatures

compute.regionSslPolicies.listEffectiveTags

compute.regionSslPolicies.listTagBindings

compute.regionTargetHttpProxies.get

compute.regionTargetHttpProxies.list

compute.regionTargetHttpProxies.listEffectiveTags

compute.regionTargetHttpProxies.listTagBindings

compute.regionTargetHttpsProxies.get

compute.regionTargetHttpsProxies.list

compute.regionTargetHttpsProxies.listEffectiveTags

compute.regionTargetHttpsProxies.listTagBindings

compute.regionTargetTcpProxies.get

compute.regionTargetTcpProxies.list

compute.regionTargetTcpProxies.listEffectiveTags

compute.regionTargetTcpProxies.listTagBindings

compute.regionUrlMaps.get

compute.regionUrlMaps.list

compute.regionUrlMaps.listEffectiveTags

compute.regionUrlMaps.listTagBindings

compute.regions.*

compute.regions.get
compute.regions.list

compute.routers.get

compute.routers.getRoutePolicy

compute.routers.list

compute.routers.listBgpRoutes

compute.routers.listEffectiveTags

compute.routers.listRoutePolicies

compute.routers.listTagBindings

compute.routes.get

compute.routes.list

compute.routes.listEffectiveTags

compute.routes.listTagBindings

compute.serviceAttachments.get

compute.serviceAttachments.list

compute.serviceAttachments.listEffectiveTags

compute.serviceAttachments.listTagBindings

compute.snapshots.listEffectiveTags

compute.snapshots.listTagBindings

compute.sslCertificates.get

compute.sslCertificates.list

compute.sslCertificates.listEffectiveTags

compute.sslCertificates.listTagBindings

compute.sslPolicies.get

compute.sslPolicies.list

compute.sslPolicies.listAvailableFeatures

compute.sslPolicies.listEffectiveTags

compute.sslPolicies.listTagBindings

compute.subnetworks.get

compute.subnetworks.list

compute.subnetworks.listEffectiveTags

compute.subnetworks.listTagBindings

compute.targetGrpcProxies.get

compute.targetGrpcProxies.list

compute.targetGrpcProxies.listEffectiveTags

compute.targetGrpcProxies.listTagBindings

compute.targetHttpProxies.get

compute.targetHttpProxies.list

compute.targetHttpProxies.listEffectiveTags

compute.targetHttpProxies.listTagBindings

compute.targetHttpsProxies.get

compute.targetHttpsProxies.list

compute.targetHttpsProxies.listEffectiveTags

compute.targetHttpsProxies.listTagBindings

compute.targetInstances.get

compute.targetInstances.list

compute.targetInstances.listEffectiveTags

compute.targetInstances.listTagBindings

compute.targetPools.get

compute.targetPools.list

compute.targetPools.listEffectiveTags

compute.targetPools.listTagBindings

compute.targetSslProxies.get

compute.targetSslProxies.list

compute.targetSslProxies.listEffectiveTags

compute.targetSslProxies.listTagBindings

compute.targetTcpProxies.get

compute.targetTcpProxies.list

compute.targetTcpProxies.listEffectiveTags

compute.targetTcpProxies.listTagBindings

compute.targetVpnGateways.get

compute.targetVpnGateways.list

compute.targetVpnGateways.listEffectiveTags

compute.targetVpnGateways.listTagBindings

compute.urlMaps.get

compute.urlMaps.list

compute.urlMaps.listEffectiveTags

compute.urlMaps.listTagBindings

compute.vpnGateways.get

compute.vpnGateways.list

compute.vpnGateways.listEffectiveTags

compute.vpnGateways.listTagBindings

compute.vpnTunnels.get

compute.vpnTunnels.list

compute.vpnTunnels.listEffectiveTags

compute.vpnTunnels.listTagBindings

compute.zones.*

compute.zones.get
compute.zones.list

networkconnectivity.internalRanges.get

networkconnectivity.internalRanges.list

networkconnectivity.locations.*

networkconnectivity.locations.get
networkconnectivity.locations.list

networkconnectivity.operations.get

networkconnectivity.operations.list

networkconnectivity.policyBasedRoutes.get

networkconnectivity.policyBasedRoutes.list

networkmanagement.connectivitytests.get

networkmanagement.connectivitytests.list

networksecurity.addressGroups.get

networksecurity.addressGroups.list

networksecurity.authorizationPolicies.get

networksecurity.authorizationPolicies.list

networksecurity.authzPolicies.get

networksecurity.authzPolicies.list

networksecurity.clientTlsPolicies.get

networksecurity.clientTlsPolicies.list

networksecurity.firewallEndpointAssociations.get

networksecurity.firewallEndpointAssociations.list

networksecurity.firewallEndpoints.get

networksecurity.firewallEndpoints.list

networksecurity.gatewaySecurityPolicies.get

networksecurity.gatewaySecurityPolicies.list

networksecurity.gatewaySecurityPolicyRules.get

networksecurity.gatewaySecurityPolicyRules.list

networksecurity.locations.*

networksecurity.locations.get
networksecurity.locations.list

networksecurity.operations.get

networksecurity.operations.list

networksecurity.securityProfileGroups.get

networksecurity.securityProfileGroups.list

networksecurity.securityProfiles.get

networksecurity.securityProfiles.list

networksecurity.serverTlsPolicies.get

networksecurity.serverTlsPolicies.list

networksecurity.tlsInspectionPolicies.get

networksecurity.tlsInspectionPolicies.list

networksecurity.urlLists.get

networksecurity.urlLists.list

networkservices.authzExtensions.get

networkservices.authzExtensions.list

networkservices.endpointPolicies.get

networkservices.endpointPolicies.list

networkservices.gateways.get

networkservices.gateways.list

networkservices.grpcRoutes.get

networkservices.grpcRoutes.list

networkservices.httpFilters.get

networkservices.httpFilters.list

networkservices.httpRoutes.get

networkservices.httpRoutes.list

networkservices.httpfilters.get

networkservices.httpfilters.list

networkservices.lbRouteExtensions.get

networkservices.lbRouteExtensions.list

networkservices.lbTrafficExtensions.get

networkservices.lbTrafficExtensions.list

networkservices.locations.*

networkservices.locations.get
networkservices.locations.list

networkservices.meshes.get

networkservices.meshes.list

networkservices.operations.get

networkservices.operations.list

networkservices.route_views.*

networkservices.route_views.get
networkservices.route_views.list

networkservices.serviceBindings.get

networkservices.serviceBindings.list

networkservices.serviceLbPolicies.get

networkservices.serviceLbPolicies.list

networkservices.tcpRoutes.get

networkservices.tcpRoutes.list

networkservices.tlsRoutes.get

networkservices.tlsRoutes.list

networkservices.wasmPlugins.get

networkservices.wasmPlugins.list

resourcemanager.projects.get

resourcemanager.projects.list

servicenetworking.services.get

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

trafficdirector.*

trafficdirector.networks.getConfigs
trafficdirector.networks.reportMetrics

Compute Organization Firewall Policy Admin role

Details Permissions

Details	Permissions
Compute Organization Firewall Policy Admin (`roles/compute.orgFirewallPolicyAdmin`) Full control of Compute Engine Organization Firewall Policies.	`compute.firewallPolicies.` `compute.firewallPolicies.cloneRules` `compute.firewallPolicies.copyRules` `compute.firewallPolicies.create` `compute.firewallPolicies.createTagBinding` `compute.firewallPolicies.delete` `compute.firewallPolicies.deleteTagBinding` `compute.firewallPolicies.get` `compute.firewallPolicies.getIamPolicy` `compute.firewallPolicies.list` `compute.firewallPolicies.listEffectiveTags` `compute.firewallPolicies.listTagBindings` `compute.firewallPolicies.move` `compute.firewallPolicies.setIamPolicy` `compute.firewallPolicies.update` `compute.firewallPolicies.use` `compute.globalOperations.get` `compute.globalOperations.getIamPolicy` `compute.globalOperations.list` `compute.globalOperations.setIamPolicy` `compute.projects.get` `compute.regionFirewallPolicies.` `compute.regionFirewallPolicies.cloneRules` `compute.regionFirewallPolicies.create` `compute.regionFirewallPolicies.createTagBinding` `compute.regionFirewallPolicies.delete` `compute.regionFirewallPolicies.deleteTagBinding` `compute.regionFirewallPolicies.get` `compute.regionFirewallPolicies.getIamPolicy` `compute.regionFirewallPolicies.list` `compute.regionFirewallPolicies.listEffectiveTags` `compute.regionFirewallPolicies.listTagBindings` `compute.regionFirewallPolicies.setIamPolicy` `compute.regionFirewallPolicies.update` `compute.regionFirewallPolicies.use` `compute.regionOperations.get` `compute.regionOperations.getIamPolicy` `compute.regionOperations.list` `compute.regionOperations.setIamPolicy` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list`

Compute Organization Firewall Policy Admin

(roles/compute.orgFirewallPolicyAdmin)

Full control of Compute Engine Organization Firewall Policies.

compute.firewallPolicies.*

compute.firewallPolicies.cloneRules
compute.firewallPolicies.copyRules
compute.firewallPolicies.create
compute.firewallPolicies.createTagBinding
compute.firewallPolicies.delete
compute.firewallPolicies.deleteTagBinding
compute.firewallPolicies.get
compute.firewallPolicies.getIamPolicy
compute.firewallPolicies.list
compute.firewallPolicies.listEffectiveTags
compute.firewallPolicies.listTagBindings
compute.firewallPolicies.move
compute.firewallPolicies.setIamPolicy
compute.firewallPolicies.update
compute.firewallPolicies.use

compute.globalOperations.get

compute.globalOperations.getIamPolicy

compute.globalOperations.list

compute.globalOperations.setIamPolicy

compute.projects.get

compute.regionFirewallPolicies.*

compute.regionFirewallPolicies.cloneRules
compute.regionFirewallPolicies.create
compute.regionFirewallPolicies.createTagBinding
compute.regionFirewallPolicies.delete
compute.regionFirewallPolicies.deleteTagBinding
compute.regionFirewallPolicies.get
compute.regionFirewallPolicies.getIamPolicy
compute.regionFirewallPolicies.list
compute.regionFirewallPolicies.listEffectiveTags
compute.regionFirewallPolicies.listTagBindings
compute.regionFirewallPolicies.setIamPolicy
compute.regionFirewallPolicies.update
compute.regionFirewallPolicies.use

compute.regionOperations.get

compute.regionOperations.getIamPolicy

compute.regionOperations.list

compute.regionOperations.setIamPolicy

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Compute Organization Firewall Policy User role

Details Permissions

Details	Permissions
Compute Organization Firewall Policy User (`roles/compute.orgFirewallPolicyUser`) View or use Compute Engine Firewall Policies to associate with the organization or folders.	`compute.firewallPolicies.get` `compute.firewallPolicies.list` `compute.firewallPolicies.listEffectiveTags` `compute.firewallPolicies.listTagBindings` `compute.firewallPolicies.use` `compute.globalOperations.get` `compute.globalOperations.getIamPolicy` `compute.globalOperations.list` `compute.projects.get` `compute.regionFirewallPolicies.get` `compute.regionFirewallPolicies.list` `compute.regionFirewallPolicies.listEffectiveTags` `compute.regionFirewallPolicies.listTagBindings` `compute.regionFirewallPolicies.use` `compute.regionOperations.get` `compute.regionOperations.getIamPolicy` `compute.regionOperations.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list`

Compute Organization Firewall Policy User

(roles/compute.orgFirewallPolicyUser)

View or use Compute Engine Firewall Policies to associate with the organization or folders.

compute.firewallPolicies.get

compute.firewallPolicies.list

compute.firewallPolicies.listEffectiveTags

compute.firewallPolicies.listTagBindings

compute.firewallPolicies.use

compute.globalOperations.get

compute.globalOperations.getIamPolicy

compute.globalOperations.list

compute.projects.get

compute.regionFirewallPolicies.get

compute.regionFirewallPolicies.list

compute.regionFirewallPolicies.listEffectiveTags

compute.regionFirewallPolicies.listTagBindings

compute.regionFirewallPolicies.use

compute.regionOperations.get

compute.regionOperations.getIamPolicy

compute.regionOperations.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Compute Organization Security Policy Admin role

Details Permissions

Details	Permissions
Compute Organization Security Policy Admin (`roles/compute.orgSecurityPolicyAdmin`) Full control of Compute Engine Organization Security Policies.	`compute.firewallPolicies.*` `compute.firewallPolicies.cloneRules` `compute.firewallPolicies.copyRules` `compute.firewallPolicies.create` `compute.firewallPolicies.createTagBinding` `compute.firewallPolicies.delete` `compute.firewallPolicies.deleteTagBinding` `compute.firewallPolicies.get` `compute.firewallPolicies.getIamPolicy` `compute.firewallPolicies.list` `compute.firewallPolicies.listEffectiveTags` `compute.firewallPolicies.listTagBindings` `compute.firewallPolicies.move` `compute.firewallPolicies.setIamPolicy` `compute.firewallPolicies.update` `compute.firewallPolicies.use` `compute.globalOperations.get` `compute.globalOperations.getIamPolicy` `compute.globalOperations.list` `compute.globalOperations.setIamPolicy` `compute.projects.get` `compute.securityPolicies.addAssociation` `compute.securityPolicies.copyRules` `compute.securityPolicies.create` `compute.securityPolicies.createTagBinding` `compute.securityPolicies.delete` `compute.securityPolicies.deleteTagBinding` `compute.securityPolicies.get` `compute.securityPolicies.list` `compute.securityPolicies.listEffectiveTags` `compute.securityPolicies.listTagBindings` `compute.securityPolicies.move` `compute.securityPolicies.removeAssociation` `compute.securityPolicies.update` `compute.securityPolicies.use` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list`

Compute Organization Security Policy Admin

(roles/compute.orgSecurityPolicyAdmin)

Full control of Compute Engine Organization Security Policies.

compute.firewallPolicies.*

compute.firewallPolicies.cloneRules
compute.firewallPolicies.copyRules
compute.firewallPolicies.create
compute.firewallPolicies.createTagBinding
compute.firewallPolicies.delete
compute.firewallPolicies.deleteTagBinding
compute.firewallPolicies.get
compute.firewallPolicies.getIamPolicy
compute.firewallPolicies.list
compute.firewallPolicies.listEffectiveTags
compute.firewallPolicies.listTagBindings
compute.firewallPolicies.move
compute.firewallPolicies.setIamPolicy
compute.firewallPolicies.update
compute.firewallPolicies.use

compute.globalOperations.get

compute.globalOperations.getIamPolicy

compute.globalOperations.list

compute.globalOperations.setIamPolicy

compute.projects.get

compute.securityPolicies.addAssociation

compute.securityPolicies.copyRules

compute.securityPolicies.create

compute.securityPolicies.createTagBinding

compute.securityPolicies.delete

compute.securityPolicies.deleteTagBinding

compute.securityPolicies.get

compute.securityPolicies.list

compute.securityPolicies.listEffectiveTags

compute.securityPolicies.listTagBindings

compute.securityPolicies.move

compute.securityPolicies.removeAssociation

compute.securityPolicies.update

compute.securityPolicies.use

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Compute Organization Security Policy User role

Details Permissions

Details	Permissions
Compute Organization Security Policy User (`roles/compute.orgSecurityPolicyUser`) View or use Compute Engine Security Policies to associate with the organization or folders.	`compute.firewallPolicies.get` `compute.firewallPolicies.list` `compute.firewallPolicies.listEffectiveTags` `compute.firewallPolicies.listTagBindings` `compute.firewallPolicies.use` `compute.globalOperations.get` `compute.globalOperations.getIamPolicy` `compute.globalOperations.list` `compute.globalOperations.setIamPolicy` `compute.projects.get` `compute.securityPolicies.addAssociation` `compute.securityPolicies.get` `compute.securityPolicies.list` `compute.securityPolicies.listEffectiveTags` `compute.securityPolicies.listTagBindings` `compute.securityPolicies.removeAssociation` `compute.securityPolicies.use` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list`

Compute Organization Security Policy User

(roles/compute.orgSecurityPolicyUser)

View or use Compute Engine Security Policies to associate with the organization or folders.

compute.firewallPolicies.get

compute.firewallPolicies.list

compute.firewallPolicies.listEffectiveTags

compute.firewallPolicies.listTagBindings

compute.firewallPolicies.use

compute.globalOperations.get

compute.globalOperations.getIamPolicy

compute.globalOperations.list

compute.globalOperations.setIamPolicy

compute.projects.get

compute.securityPolicies.addAssociation

compute.securityPolicies.get

compute.securityPolicies.list

compute.securityPolicies.listEffectiveTags

compute.securityPolicies.listTagBindings

compute.securityPolicies.removeAssociation

compute.securityPolicies.use

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Compute Organization Resource Admin role

Details Permissions

Details	Permissions
Compute Organization Resource Admin (`roles/compute.orgSecurityResourceAdmin`) Full control of Compute Engine Firewall Policy associations to the organization or folders.	`compute.globalOperations.get` `compute.globalOperations.getIamPolicy` `compute.globalOperations.list` `compute.globalOperations.setIamPolicy` `compute.organizations.listAssociations` `compute.organizations.setFirewallPolicy` `compute.organizations.setSecurityPolicy` `compute.projects.get` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list`

Compute Organization Resource Admin

(roles/compute.orgSecurityResourceAdmin)

Full control of Compute Engine Firewall Policy associations to the organization or folders.

compute.globalOperations.get

compute.globalOperations.getIamPolicy

compute.globalOperations.list

compute.globalOperations.setIamPolicy

compute.organizations.listAssociations

compute.organizations.setFirewallPolicy

compute.organizations.setSecurityPolicy

compute.projects.get

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Compute OS Admin Login role

Details Permissions

Details	Permissions
Compute OS Admin Login (`roles/compute.osAdminLogin`) Access to log in to a Compute Engine instance as an administrator user. Lowest-level resources where you can grant this role: Instance	`compute.disks.listEffectiveTags` `compute.disks.listTagBindings` `compute.images.listEffectiveTags` `compute.images.listTagBindings` `compute.instanceSettings.get` `compute.instances.get` `compute.instances.list` `compute.instances.listEffectiveTags` `compute.instances.listTagBindings` `compute.instances.osAdminLogin` `compute.instances.osLogin` `compute.projects.get` `compute.snapshots.listEffectiveTags` `compute.snapshots.listTagBindings` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list`

Compute OS Admin Login

(roles/compute.osAdminLogin)

Access to log in to a Compute Engine instance as an administrator user.

Lowest-level resources where you can grant this role:

Instance

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.images.listEffectiveTags

compute.images.listTagBindings

compute.instanceSettings.get

compute.instances.get

compute.instances.list

compute.instances.listEffectiveTags

compute.instances.listTagBindings

compute.instances.osAdminLogin

compute.instances.osLogin

compute.projects.get

compute.snapshots.listEffectiveTags

compute.snapshots.listTagBindings

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Compute OS Login role

Details Permissions

Details	Permissions
Compute OS Login (`roles/compute.osLogin`) Access to log in to a Compute Engine instance as a standard user. Lowest-level resources where you can grant this role: Instance	`compute.disks.listEffectiveTags` `compute.disks.listTagBindings` `compute.images.listEffectiveTags` `compute.images.listTagBindings` `compute.instanceSettings.get` `compute.instances.get` `compute.instances.list` `compute.instances.listEffectiveTags` `compute.instances.listTagBindings` `compute.instances.osLogin` `compute.projects.get` `compute.snapshots.listEffectiveTags` `compute.snapshots.listTagBindings` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list`

Compute OS Login

(roles/compute.osLogin)

Access to log in to a Compute Engine instance as a standard user.

Lowest-level resources where you can grant this role:

Instance

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.images.listEffectiveTags

compute.images.listTagBindings

compute.instanceSettings.get

compute.instances.get

compute.instances.list

compute.instances.listEffectiveTags

compute.instances.listTagBindings

compute.instances.osLogin

compute.projects.get

compute.snapshots.listEffectiveTags

compute.snapshots.listTagBindings

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Compute OS Login External User role

Details Permissions

Details	Permissions
Compute OS Login External User (`roles/compute.osLoginExternalUser`) Available only at the organization level. Access for an external user to set OS Login information associated with this organization. This role does not grant access to instances. External users must be granted one of the required OS Login roles in order to allow access to instances using SSH. Lowest-level resources where you can grant this role: Organization	`compute.oslogin.updateExternalUser`

Compute OS Login External User

(roles/compute.osLoginExternalUser)

Available only at the organization level.

Access for an external user to set OS Login information associated with this organization. This role does not grant access to instances. External users must be granted one of the required OS Login roles in order to allow access to instances using SSH.

Lowest-level resources where you can grant this role:

Organization

compute.oslogin.updateExternalUser

Compute packet mirroring admin role

Details Permissions

Details	Permissions
Compute packet mirroring admin (`roles/compute.packetMirroringAdmin`) Specify resources to be mirrored.	`compute.instances.updateSecurity` `compute.networks.mirror` `compute.projects.get` `compute.subnetworks.mirror` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list`

Compute packet mirroring admin

(roles/compute.packetMirroringAdmin)

Specify resources to be mirrored.

compute.instances.updateSecurity

compute.networks.mirror

compute.projects.get

compute.subnetworks.mirror

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Compute packet mirroring user role

Details Permissions

Details	Permissions
Compute packet mirroring user (`roles/compute.packetMirroringUser`) Use Compute Engine packet mirrorings.	`compute.packetMirrorings.*` `compute.packetMirrorings.create` `compute.packetMirrorings.createTagBinding` `compute.packetMirrorings.delete` `compute.packetMirrorings.deleteTagBinding` `compute.packetMirrorings.get` `compute.packetMirrorings.list` `compute.packetMirrorings.listEffectiveTags` `compute.packetMirrorings.listTagBindings` `compute.packetMirrorings.update` `compute.projects.get` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list`

Compute packet mirroring user

(roles/compute.packetMirroringUser)

Use Compute Engine packet mirrorings.

compute.packetMirrorings.*

compute.packetMirrorings.create
compute.packetMirrorings.createTagBinding
compute.packetMirrorings.delete
compute.packetMirrorings.deleteTagBinding
compute.packetMirrorings.get
compute.packetMirrorings.list
compute.packetMirrorings.listEffectiveTags
compute.packetMirrorings.listTagBindings
compute.packetMirrorings.update

compute.projects.get

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Compute Public IP Admin role

Details Permissions

Details	Permissions
Compute Public IP Admin (`roles/compute.publicIpAdmin`) Full control of public IP address management for Compute Engine.	`compute.addresses.` `compute.addresses.create` `compute.addresses.createInternal` `compute.addresses.createTagBinding` `compute.addresses.delete` `compute.addresses.deleteInternal` `compute.addresses.deleteTagBinding` `compute.addresses.get` `compute.addresses.list` `compute.addresses.listEffectiveTags` `compute.addresses.listTagBindings` `compute.addresses.setLabels` `compute.addresses.use` `compute.addresses.useInternal` `compute.globalAddresses.` `compute.globalAddresses.create` `compute.globalAddresses.createInternal` `compute.globalAddresses.createTagBinding` `compute.globalAddresses.delete` `compute.globalAddresses.deleteInternal` `compute.globalAddresses.deleteTagBinding` `compute.globalAddresses.get` `compute.globalAddresses.list` `compute.globalAddresses.listEffectiveTags` `compute.globalAddresses.listTagBindings` `compute.globalAddresses.setLabels` `compute.globalAddresses.use` `compute.globalPublicDelegatedPrefixes.` `compute.globalPublicDelegatedPrefixes.create` `compute.globalPublicDelegatedPrefixes.delete` `compute.globalPublicDelegatedPrefixes.get` `compute.globalPublicDelegatedPrefixes.list` `compute.globalPublicDelegatedPrefixes.updatePolicy` `compute.publicAdvertisedPrefixes.` `compute.publicAdvertisedPrefixes.create` `compute.publicAdvertisedPrefixes.delete` `compute.publicAdvertisedPrefixes.get` `compute.publicAdvertisedPrefixes.list` `compute.publicAdvertisedPrefixes.update` `compute.publicAdvertisedPrefixes.updatePolicy` `compute.publicDelegatedPrefixes.*` `compute.publicDelegatedPrefixes.create` `compute.publicDelegatedPrefixes.createTagBinding` `compute.publicDelegatedPrefixes.delete` `compute.publicDelegatedPrefixes.deleteTagBinding` `compute.publicDelegatedPrefixes.get` `compute.publicDelegatedPrefixes.list` `compute.publicDelegatedPrefixes.listEffectiveTags` `compute.publicDelegatedPrefixes.listTagBindings` `compute.publicDelegatedPrefixes.update` `compute.publicDelegatedPrefixes.updatePolicy` `compute.publicDelegatedPrefixes.use` `resourcemanager.projects.get` `resourcemanager.projects.list`

Compute Public IP Admin

(roles/compute.publicIpAdmin)

Full control of public IP address management for Compute Engine.

compute.addresses.*

compute.addresses.create
compute.addresses.createInternal
compute.addresses.createTagBinding
compute.addresses.delete
compute.addresses.deleteInternal
compute.addresses.deleteTagBinding
compute.addresses.get
compute.addresses.list
compute.addresses.listEffectiveTags
compute.addresses.listTagBindings
compute.addresses.setLabels
compute.addresses.use
compute.addresses.useInternal

compute.globalAddresses.*

compute.globalAddresses.create
compute.globalAddresses.createInternal
compute.globalAddresses.createTagBinding
compute.globalAddresses.delete
compute.globalAddresses.deleteInternal
compute.globalAddresses.deleteTagBinding
compute.globalAddresses.get
compute.globalAddresses.list
compute.globalAddresses.listEffectiveTags
compute.globalAddresses.listTagBindings
compute.globalAddresses.setLabels
compute.globalAddresses.use

compute.globalPublicDelegatedPrefixes.*

compute.globalPublicDelegatedPrefixes.create
compute.globalPublicDelegatedPrefixes.delete
compute.globalPublicDelegatedPrefixes.get
compute.globalPublicDelegatedPrefixes.list
compute.globalPublicDelegatedPrefixes.updatePolicy

compute.publicAdvertisedPrefixes.*

compute.publicAdvertisedPrefixes.create
compute.publicAdvertisedPrefixes.delete
compute.publicAdvertisedPrefixes.get
compute.publicAdvertisedPrefixes.list
compute.publicAdvertisedPrefixes.update
compute.publicAdvertisedPrefixes.updatePolicy

compute.publicDelegatedPrefixes.*

compute.publicDelegatedPrefixes.create
compute.publicDelegatedPrefixes.createTagBinding
compute.publicDelegatedPrefixes.delete
compute.publicDelegatedPrefixes.deleteTagBinding
compute.publicDelegatedPrefixes.get
compute.publicDelegatedPrefixes.list
compute.publicDelegatedPrefixes.listEffectiveTags
compute.publicDelegatedPrefixes.listTagBindings
compute.publicDelegatedPrefixes.update
compute.publicDelegatedPrefixes.updatePolicy
compute.publicDelegatedPrefixes.use

resourcemanager.projects.get

resourcemanager.projects.list

Compute Security Admin role

Details Permissions

Details	Permissions
Compute Security Admin (`roles/compute.securityAdmin`) Permissions to create, modify, and delete firewall rules and SSL certificates, and also to configure Shielded VM settings. For example, if your company has a security team that manages firewalls and SSL certificates and a networking team that manages the rest of the networking resources, then grant this role to the security team's group. Lowest-level resources where you can grant this role: Instance	`compute.backendBuckets.list` `compute.backendServices.list` `compute.firewallPolicies.` `compute.firewallPolicies.cloneRules` `compute.firewallPolicies.copyRules` `compute.firewallPolicies.create` `compute.firewallPolicies.createTagBinding` `compute.firewallPolicies.delete` `compute.firewallPolicies.deleteTagBinding` `compute.firewallPolicies.get` `compute.firewallPolicies.getIamPolicy` `compute.firewallPolicies.list` `compute.firewallPolicies.listEffectiveTags` `compute.firewallPolicies.listTagBindings` `compute.firewallPolicies.move` `compute.firewallPolicies.setIamPolicy` `compute.firewallPolicies.update` `compute.firewallPolicies.use` `compute.firewalls.` `compute.firewalls.create` `compute.firewalls.createTagBinding` `compute.firewalls.delete` `compute.firewalls.deleteTagBinding` `compute.firewalls.get` `compute.firewalls.list` `compute.firewalls.listEffectiveTags` `compute.firewalls.listTagBindings` `compute.firewalls.update` `compute.globalOperations.get` `compute.globalOperations.list` `compute.instanceSettings.get` `compute.instances.getEffectiveFirewalls` `compute.instances.list` `compute.instances.setShieldedInstanceIntegrityPolicy` `compute.instances.setShieldedVmIntegrityPolicy` `compute.instances.updateSecurity` `compute.instances.updateShieldedInstanceConfig` `compute.instances.updateShieldedVmConfig` `compute.networks.get` `compute.networks.getEffectiveFirewalls` `compute.networks.getRegionEffectiveFirewalls` `compute.networks.list` `compute.networks.listEffectiveTags` `compute.networks.listTagBindings` `compute.networks.updatePolicy` `compute.packetMirrorings.` `compute.packetMirrorings.create` `compute.packetMirrorings.createTagBinding` `compute.packetMirrorings.delete` `compute.packetMirrorings.deleteTagBinding` `compute.packetMirrorings.get` `compute.packetMirrorings.list` `compute.packetMirrorings.listEffectiveTags` `compute.packetMirrorings.listTagBindings` `compute.packetMirrorings.update` `compute.projects.get` `compute.regionBackendServices.list` `compute.regionFirewallPolicies.` `compute.regionFirewallPolicies.cloneRules` `compute.regionFirewallPolicies.create` `compute.regionFirewallPolicies.createTagBinding` `compute.regionFirewallPolicies.delete` `compute.regionFirewallPolicies.deleteTagBinding` `compute.regionFirewallPolicies.get` `compute.regionFirewallPolicies.getIamPolicy` `compute.regionFirewallPolicies.list` `compute.regionFirewallPolicies.listEffectiveTags` `compute.regionFirewallPolicies.listTagBindings` `compute.regionFirewallPolicies.setIamPolicy` `compute.regionFirewallPolicies.update` `compute.regionFirewallPolicies.use` `compute.regionOperations.get` `compute.regionOperations.list` `compute.regionSecurityPolicies.` `compute.regionSecurityPolicies.create` `compute.regionSecurityPolicies.createTagBinding` `compute.regionSecurityPolicies.delete` `compute.regionSecurityPolicies.deleteTagBinding` `compute.regionSecurityPolicies.get` `compute.regionSecurityPolicies.list` `compute.regionSecurityPolicies.listEffectiveTags` `compute.regionSecurityPolicies.listTagBindings` `compute.regionSecurityPolicies.update` `compute.regionSecurityPolicies.use` `compute.regionSslCertificates.` `compute.regionSslCertificates.create` `compute.regionSslCertificates.createTagBinding` `compute.regionSslCertificates.delete` `compute.regionSslCertificates.deleteTagBinding` `compute.regionSslCertificates.get` `compute.regionSslCertificates.list` `compute.regionSslCertificates.listEffectiveTags` `compute.regionSslCertificates.listTagBindings` `compute.regionSslPolicies.` `compute.regionSslPolicies.create` `compute.regionSslPolicies.createTagBinding` `compute.regionSslPolicies.delete` `compute.regionSslPolicies.deleteTagBinding` `compute.regionSslPolicies.get` `compute.regionSslPolicies.list` `compute.regionSslPolicies.listAvailableFeatures` `compute.regionSslPolicies.listEffectiveTags` `compute.regionSslPolicies.listTagBindings` `compute.regionSslPolicies.update` `compute.regionSslPolicies.use` `compute.regions.` `compute.regions.get` `compute.regions.list` `compute.routers.get` `compute.routers.getRoutePolicy` `compute.routers.list` `compute.routers.listBgpRoutes` `compute.routers.listEffectiveTags` `compute.routers.listRoutePolicies` `compute.routers.listTagBindings` `compute.routes.get` `compute.routes.list` `compute.routes.listEffectiveTags` `compute.routes.listTagBindings` `compute.securityPolicies.` `compute.securityPolicies.addAssociation` `compute.securityPolicies.copyRules` `compute.securityPolicies.create` `compute.securityPolicies.createTagBinding` `compute.securityPolicies.delete` `compute.securityPolicies.deleteTagBinding` `compute.securityPolicies.get` `compute.securityPolicies.list` `compute.securityPolicies.listEffectiveTags` `compute.securityPolicies.listTagBindings` `compute.securityPolicies.move` `compute.securityPolicies.removeAssociation` `compute.securityPolicies.setLabels` `compute.securityPolicies.update` `compute.securityPolicies.use` `compute.sslCertificates.` `compute.sslCertificates.create` `compute.sslCertificates.createTagBinding` `compute.sslCertificates.delete` `compute.sslCertificates.deleteTagBinding` `compute.sslCertificates.get` `compute.sslCertificates.list` `compute.sslCertificates.listEffectiveTags` `compute.sslCertificates.listTagBindings` `compute.sslPolicies.` `compute.sslPolicies.create` `compute.sslPolicies.createTagBinding` `compute.sslPolicies.delete` `compute.sslPolicies.deleteTagBinding` `compute.sslPolicies.get` `compute.sslPolicies.list` `compute.sslPolicies.listAvailableFeatures` `compute.sslPolicies.listEffectiveTags` `compute.sslPolicies.listTagBindings` `compute.sslPolicies.update` `compute.sslPolicies.use` `compute.subnetworks.get` `compute.subnetworks.list` `compute.subnetworks.listEffectiveTags` `compute.subnetworks.listTagBindings` `compute.targetInstances.list` `compute.targetPools.list` `compute.zoneOperations.get` `compute.zoneOperations.list` `compute.zones.` `compute.zones.get` `compute.zones.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list`

Compute Security Admin

(roles/compute.securityAdmin)

Permissions to create, modify, and delete firewall rules and SSL certificates, and also to configure Shielded VM settings.

Lowest-level resources where you can grant this role:

Instance

compute.backendBuckets.list

compute.backendServices.list

compute.firewallPolicies.*

compute.firewallPolicies.cloneRules
compute.firewallPolicies.copyRules
compute.firewallPolicies.create
compute.firewallPolicies.createTagBinding
compute.firewallPolicies.delete
compute.firewallPolicies.deleteTagBinding
compute.firewallPolicies.get
compute.firewallPolicies.getIamPolicy
compute.firewallPolicies.list
compute.firewallPolicies.listEffectiveTags
compute.firewallPolicies.listTagBindings
compute.firewallPolicies.move
compute.firewallPolicies.setIamPolicy
compute.firewallPolicies.update
compute.firewallPolicies.use

compute.firewalls.*

compute.firewalls.create
compute.firewalls.createTagBinding
compute.firewalls.delete
compute.firewalls.deleteTagBinding
compute.firewalls.get
compute.firewalls.list
compute.firewalls.listEffectiveTags
compute.firewalls.listTagBindings
compute.firewalls.update

compute.globalOperations.get

compute.globalOperations.list

compute.instanceSettings.get

compute.instances.getEffectiveFirewalls

compute.instances.list

compute.instances.setShieldedInstanceIntegrityPolicy

compute.instances.setShieldedVmIntegrityPolicy

compute.instances.updateSecurity

compute.instances.updateShieldedInstanceConfig

compute.instances.updateShieldedVmConfig

compute.networks.get

compute.networks.getEffectiveFirewalls

compute.networks.getRegionEffectiveFirewalls

compute.networks.list

compute.networks.listEffectiveTags

compute.networks.listTagBindings

compute.networks.updatePolicy

compute.packetMirrorings.*

compute.packetMirrorings.create
compute.packetMirrorings.createTagBinding
compute.packetMirrorings.delete
compute.packetMirrorings.deleteTagBinding
compute.packetMirrorings.get
compute.packetMirrorings.list
compute.packetMirrorings.listEffectiveTags
compute.packetMirrorings.listTagBindings
compute.packetMirrorings.update

compute.projects.get

compute.regionBackendServices.list

compute.regionFirewallPolicies.*

compute.regionFirewallPolicies.cloneRules
compute.regionFirewallPolicies.create
compute.regionFirewallPolicies.createTagBinding
compute.regionFirewallPolicies.delete
compute.regionFirewallPolicies.deleteTagBinding
compute.regionFirewallPolicies.get
compute.regionFirewallPolicies.getIamPolicy
compute.regionFirewallPolicies.list
compute.regionFirewallPolicies.listEffectiveTags
compute.regionFirewallPolicies.listTagBindings
compute.regionFirewallPolicies.setIamPolicy
compute.regionFirewallPolicies.update
compute.regionFirewallPolicies.use

compute.regionOperations.get

compute.regionOperations.list

compute.regionSecurityPolicies.*

compute.regionSecurityPolicies.create
compute.regionSecurityPolicies.createTagBinding
compute.regionSecurityPolicies.delete
compute.regionSecurityPolicies.deleteTagBinding
compute.regionSecurityPolicies.get
compute.regionSecurityPolicies.list
compute.regionSecurityPolicies.listEffectiveTags
compute.regionSecurityPolicies.listTagBindings
compute.regionSecurityPolicies.update
compute.regionSecurityPolicies.use

compute.regionSslCertificates.*

compute.regionSslCertificates.create
compute.regionSslCertificates.createTagBinding
compute.regionSslCertificates.delete
compute.regionSslCertificates.deleteTagBinding
compute.regionSslCertificates.get
compute.regionSslCertificates.list
compute.regionSslCertificates.listEffectiveTags
compute.regionSslCertificates.listTagBindings

compute.regionSslPolicies.*

compute.regionSslPolicies.create
compute.regionSslPolicies.createTagBinding
compute.regionSslPolicies.delete
compute.regionSslPolicies.deleteTagBinding
compute.regionSslPolicies.get
compute.regionSslPolicies.list
compute.regionSslPolicies.listAvailableFeatures
compute.regionSslPolicies.listEffectiveTags
compute.regionSslPolicies.listTagBindings
compute.regionSslPolicies.update
compute.regionSslPolicies.use

compute.regions.*

compute.regions.get
compute.regions.list

compute.routers.get

compute.routers.getRoutePolicy

compute.routers.list

compute.routers.listBgpRoutes

compute.routers.listEffectiveTags

compute.routers.listRoutePolicies

compute.routers.listTagBindings

compute.routes.get

compute.routes.list

compute.routes.listEffectiveTags

compute.routes.listTagBindings

compute.securityPolicies.*

compute.securityPolicies.addAssociation
compute.securityPolicies.copyRules
compute.securityPolicies.create
compute.securityPolicies.createTagBinding
compute.securityPolicies.delete
compute.securityPolicies.deleteTagBinding
compute.securityPolicies.get
compute.securityPolicies.list
compute.securityPolicies.listEffectiveTags
compute.securityPolicies.listTagBindings
compute.securityPolicies.move
compute.securityPolicies.removeAssociation
compute.securityPolicies.setLabels
compute.securityPolicies.update
compute.securityPolicies.use

compute.sslCertificates.*

compute.sslCertificates.create
compute.sslCertificates.createTagBinding
compute.sslCertificates.delete
compute.sslCertificates.deleteTagBinding
compute.sslCertificates.get
compute.sslCertificates.list
compute.sslCertificates.listEffectiveTags
compute.sslCertificates.listTagBindings

compute.sslPolicies.*

compute.sslPolicies.create
compute.sslPolicies.createTagBinding
compute.sslPolicies.delete
compute.sslPolicies.deleteTagBinding
compute.sslPolicies.get
compute.sslPolicies.list
compute.sslPolicies.listAvailableFeatures
compute.sslPolicies.listEffectiveTags
compute.sslPolicies.listTagBindings
compute.sslPolicies.update
compute.sslPolicies.use

compute.subnetworks.get

compute.subnetworks.list

compute.subnetworks.listEffectiveTags

compute.subnetworks.listTagBindings

compute.targetInstances.list

compute.targetPools.list

compute.zoneOperations.get

compute.zoneOperations.list

compute.zones.*

compute.zones.get
compute.zones.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Compute Sole Tenant Viewer role

Details Permissions

Details	Permissions
Compute Sole Tenant Viewer (`roles/compute.soleTenantViewer`) Permissions to view sole tenancy node groups	`compute.nodeGroups.get` `compute.nodeGroups.getIamPolicy` `compute.nodeGroups.list` `compute.nodeTemplates.get` `compute.nodeTemplates.getIamPolicy` `compute.nodeTemplates.list` `compute.nodeTypes.*` `compute.nodeTypes.get` `compute.nodeTypes.list`

Compute Sole Tenant Viewer

(roles/compute.soleTenantViewer)

Permissions to view sole tenancy node groups

compute.nodeGroups.get

compute.nodeGroups.getIamPolicy

compute.nodeGroups.list

compute.nodeTemplates.get

compute.nodeTemplates.getIamPolicy

compute.nodeTemplates.list

compute.nodeTypes.*

compute.nodeTypes.get
compute.nodeTypes.list

Compute Storage Admin role

Details Permissions

Details	Permissions
Compute Storage Admin (`roles/compute.storageAdmin`) Permissions to create, modify, and delete disks, images, and snapshots. For example, if your company has someone who manages project images and you don't want them to have the editor role on the project, then grant this role to their account on the project. Lowest-level resources where you can grant this role: Disk Image Snapshot	`compute.diskTypes.` `compute.diskTypes.get` `compute.diskTypes.list` `compute.disks.` `compute.disks.addResourcePolicies` `compute.disks.create` `compute.disks.createSnapshot` `compute.disks.createTagBinding` `compute.disks.delete` `compute.disks.deleteTagBinding` `compute.disks.get` `compute.disks.getIamPolicy` `compute.disks.list` `compute.disks.listEffectiveTags` `compute.disks.listTagBindings` `compute.disks.removeResourcePolicies` `compute.disks.resize` `compute.disks.setIamPolicy` `compute.disks.setLabels` `compute.disks.startAsyncReplication` `compute.disks.stopAsyncReplication` `compute.disks.stopGroupAsyncReplication` `compute.disks.update` `compute.disks.use` `compute.disks.useReadOnly` `compute.globalOperations.get` `compute.globalOperations.list` `compute.images.` `compute.images.create` `compute.images.createTagBinding` `compute.images.delete` `compute.images.deleteTagBinding` `compute.images.deprecate` `compute.images.get` `compute.images.getFromFamily` `compute.images.getIamPolicy` `compute.images.list` `compute.images.listEffectiveTags` `compute.images.listTagBindings` `compute.images.setIamPolicy` `compute.images.setLabels` `compute.images.update` `compute.images.useReadOnly` `compute.instanceSettings.get` `compute.instantSnapshots.` `compute.instantSnapshots.create` `compute.instantSnapshots.delete` `compute.instantSnapshots.export` `compute.instantSnapshots.get` `compute.instantSnapshots.getIamPolicy` `compute.instantSnapshots.list` `compute.instantSnapshots.setIamPolicy` `compute.instantSnapshots.setLabels` `compute.instantSnapshots.useReadOnly` `compute.licenseCodes.` `compute.licenseCodes.get` `compute.licenseCodes.getIamPolicy` `compute.licenseCodes.list` `compute.licenseCodes.setIamPolicy` `compute.licenseCodes.update` `compute.licenses.` `compute.licenses.create` `compute.licenses.delete` `compute.licenses.get` `compute.licenses.getIamPolicy` `compute.licenses.list` `compute.licenses.setIamPolicy` `compute.projects.get` `compute.regionOperations.get` `compute.regionOperations.list` `compute.regions.` `compute.regions.get` `compute.regions.list` `compute.resourcePolicies.` `compute.resourcePolicies.create` `compute.resourcePolicies.delete` `compute.resourcePolicies.get` `compute.resourcePolicies.getIamPolicy` `compute.resourcePolicies.list` `compute.resourcePolicies.setIamPolicy` `compute.resourcePolicies.update` `compute.resourcePolicies.use` `compute.resourcePolicies.useReadOnly` `compute.snapshots.` `compute.snapshots.create` `compute.snapshots.createTagBinding` `compute.snapshots.delete` `compute.snapshots.deleteTagBinding` `compute.snapshots.get` `compute.snapshots.getIamPolicy` `compute.snapshots.list` `compute.snapshots.listEffectiveTags` `compute.snapshots.listTagBindings` `compute.snapshots.setIamPolicy` `compute.snapshots.setLabels` `compute.snapshots.useReadOnly` `compute.storagePools.` `compute.storagePools.create` `compute.storagePools.delete` `compute.storagePools.get` `compute.storagePools.getIamPolicy` `compute.storagePools.list` `compute.storagePools.setIamPolicy` `compute.storagePools.update` `compute.storagePools.use` `compute.zoneOperations.get` `compute.zoneOperations.list` `compute.zones.*` `compute.zones.get` `compute.zones.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list`

Compute Storage Admin

(roles/compute.storageAdmin)

Permissions to create, modify, and delete disks, images, and snapshots.

For example, if your company has someone who manages project images and you don't want them to have the editor role on the project, then grant this role to their account on the project.

Lowest-level resources where you can grant this role:

Disk
Image
Snapshot

compute.diskTypes.*

compute.diskTypes.get
compute.diskTypes.list

compute.disks.*

compute.disks.addResourcePolicies
compute.disks.create
compute.disks.createSnapshot
compute.disks.createTagBinding
compute.disks.delete
compute.disks.deleteTagBinding
compute.disks.get
compute.disks.getIamPolicy
compute.disks.list
compute.disks.listEffectiveTags
compute.disks.listTagBindings
compute.disks.removeResourcePolicies
compute.disks.resize
compute.disks.setIamPolicy
compute.disks.setLabels
compute.disks.startAsyncReplication
compute.disks.stopAsyncReplication
compute.disks.stopGroupAsyncReplication
compute.disks.update
compute.disks.use
compute.disks.useReadOnly

compute.globalOperations.get

compute.globalOperations.list

compute.images.*

compute.images.create
compute.images.createTagBinding
compute.images.delete
compute.images.deleteTagBinding
compute.images.deprecate
compute.images.get
compute.images.getFromFamily
compute.images.getIamPolicy
compute.images.list
compute.images.listEffectiveTags
compute.images.listTagBindings
compute.images.setIamPolicy
compute.images.setLabels
compute.images.update
compute.images.useReadOnly

compute.instanceSettings.get

compute.instantSnapshots.*

compute.instantSnapshots.create
compute.instantSnapshots.delete
compute.instantSnapshots.export
compute.instantSnapshots.get
compute.instantSnapshots.getIamPolicy
compute.instantSnapshots.list
compute.instantSnapshots.setIamPolicy
compute.instantSnapshots.setLabels
compute.instantSnapshots.useReadOnly

compute.licenseCodes.*

compute.licenseCodes.get
compute.licenseCodes.getIamPolicy
compute.licenseCodes.list
compute.licenseCodes.setIamPolicy
compute.licenseCodes.update

compute.licenses.*

compute.licenses.create
compute.licenses.delete
compute.licenses.get
compute.licenses.getIamPolicy
compute.licenses.list
compute.licenses.setIamPolicy

compute.projects.get

compute.regionOperations.get

compute.regionOperations.list

compute.regions.*

compute.regions.get
compute.regions.list

compute.resourcePolicies.*

compute.resourcePolicies.create
compute.resourcePolicies.delete
compute.resourcePolicies.get
compute.resourcePolicies.getIamPolicy
compute.resourcePolicies.list
compute.resourcePolicies.setIamPolicy
compute.resourcePolicies.update
compute.resourcePolicies.use
compute.resourcePolicies.useReadOnly

compute.snapshots.*

compute.snapshots.create
compute.snapshots.createTagBinding
compute.snapshots.delete
compute.snapshots.deleteTagBinding
compute.snapshots.get
compute.snapshots.getIamPolicy
compute.snapshots.list
compute.snapshots.listEffectiveTags
compute.snapshots.listTagBindings
compute.snapshots.setIamPolicy
compute.snapshots.setLabels
compute.snapshots.useReadOnly

compute.storagePools.*

compute.storagePools.create
compute.storagePools.delete
compute.storagePools.get
compute.storagePools.getIamPolicy
compute.storagePools.list
compute.storagePools.setIamPolicy
compute.storagePools.update
compute.storagePools.use

compute.zoneOperations.get

compute.zoneOperations.list

compute.zones.*

compute.zones.get
compute.zones.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Compute Viewer role

Details Permissions

Details	Permissions
Compute Viewer (`roles/compute.viewer`) Read-only access to get and list Compute Engine resources, without being able to read the data stored on them. For example, an account with this role could inventory all of the disks in a project, but it could not read any of the data on those disks. Lowest-level resources where you can grant this role: Disk Image Instance Instance template Node group Node template Snapshot	`compute.acceleratorTypes.` `compute.acceleratorTypes.get` `compute.acceleratorTypes.list` `compute.addresses.get` `compute.addresses.list` `compute.addresses.listEffectiveTags` `compute.addresses.listTagBindings` `compute.autoscalers.get` `compute.autoscalers.list` `compute.backendBuckets.get` `compute.backendBuckets.getIamPolicy` `compute.backendBuckets.list` `compute.backendBuckets.listEffectiveTags` `compute.backendBuckets.listTagBindings` `compute.backendServices.get` `compute.backendServices.getIamPolicy` `compute.backendServices.list` `compute.backendServices.listEffectiveTags` `compute.backendServices.listTagBindings` `compute.commitments.get` `compute.commitments.list` `compute.diskTypes.` `compute.diskTypes.get` `compute.diskTypes.list` `compute.disks.get` `compute.disks.getIamPolicy` `compute.disks.list` `compute.disks.listEffectiveTags` `compute.disks.listTagBindings` `compute.externalVpnGateways.get` `compute.externalVpnGateways.list` `compute.externalVpnGateways.listEffectiveTags` `compute.externalVpnGateways.listTagBindings` `compute.firewallPolicies.get` `compute.firewallPolicies.getIamPolicy` `compute.firewallPolicies.list` `compute.firewallPolicies.listEffectiveTags` `compute.firewallPolicies.listTagBindings` `compute.firewalls.get` `compute.firewalls.list` `compute.firewalls.listEffectiveTags` `compute.firewalls.listTagBindings` `compute.forwardingRules.get` `compute.forwardingRules.list` `compute.forwardingRules.listEffectiveTags` `compute.forwardingRules.listTagBindings` `compute.futureReservations.get` `compute.futureReservations.getIamPolicy` `compute.futureReservations.list` `compute.globalAddresses.get` `compute.globalAddresses.list` `compute.globalAddresses.listEffectiveTags` `compute.globalAddresses.listTagBindings` `compute.globalForwardingRules.get` `compute.globalForwardingRules.list` `compute.globalForwardingRules.listEffectiveTags` `compute.globalForwardingRules.listTagBindings` `compute.globalForwardingRules.pscGet` `compute.globalNetworkEndpointGroups.get` `compute.globalNetworkEndpointGroups.list` `compute.globalNetworkEndpointGroups.listEffectiveTags` `compute.globalNetworkEndpointGroups.listTagBindings` `compute.globalOperations.get` `compute.globalOperations.getIamPolicy` `compute.globalOperations.list` `compute.globalPublicDelegatedPrefixes.get` `compute.globalPublicDelegatedPrefixes.list` `compute.healthChecks.get` `compute.healthChecks.list` `compute.healthChecks.listEffectiveTags` `compute.healthChecks.listTagBindings` `compute.httpHealthChecks.get` `compute.httpHealthChecks.list` `compute.httpHealthChecks.listEffectiveTags` `compute.httpHealthChecks.listTagBindings` `compute.httpsHealthChecks.get` `compute.httpsHealthChecks.list` `compute.httpsHealthChecks.listEffectiveTags` `compute.httpsHealthChecks.listTagBindings` `compute.images.get` `compute.images.getFromFamily` `compute.images.getIamPolicy` `compute.images.list` `compute.images.listEffectiveTags` `compute.images.listTagBindings` `compute.instanceGroupManagers.get` `compute.instanceGroupManagers.list` `compute.instanceGroupManagers.listEffectiveTags` `compute.instanceGroupManagers.listTagBindings` `compute.instanceGroups.get` `compute.instanceGroups.list` `compute.instanceGroups.listEffectiveTags` `compute.instanceGroups.listTagBindings` `compute.instanceSettings.get` `compute.instanceTemplates.get` `compute.instanceTemplates.getIamPolicy` `compute.instanceTemplates.list` `compute.instances.get` `compute.instances.getEffectiveFirewalls` `compute.instances.getGuestAttributes` `compute.instances.getIamPolicy` `compute.instances.getScreenshot` `compute.instances.getSerialPortOutput` `compute.instances.getShieldedInstanceIdentity` `compute.instances.getShieldedVmIdentity` `compute.instances.list` `compute.instances.listEffectiveTags` `compute.instances.listReferrers` `compute.instances.listTagBindings` `compute.instantSnapshots.get` `compute.instantSnapshots.getIamPolicy` `compute.instantSnapshots.list` `compute.interconnectAttachments.get` `compute.interconnectAttachments.list` `compute.interconnectAttachments.listEffectiveTags` `compute.interconnectAttachments.listTagBindings` `compute.interconnectLocations.` `compute.interconnectLocations.get` `compute.interconnectLocations.list` `compute.interconnectRemoteLocations.` `compute.interconnectRemoteLocations.get` `compute.interconnectRemoteLocations.list` `compute.interconnects.get` `compute.interconnects.list` `compute.interconnects.listEffectiveTags` `compute.interconnects.listTagBindings` `compute.licenseCodes.get` `compute.licenseCodes.getIamPolicy` `compute.licenseCodes.list` `compute.licenses.get` `compute.licenses.getIamPolicy` `compute.licenses.list` `compute.machineImages.get` `compute.machineImages.getIamPolicy` `compute.machineImages.list` `compute.machineTypes.` `compute.machineTypes.get` `compute.machineTypes.list` `compute.multiMig.get` `compute.multiMig.list` `compute.networkAttachments.get` `compute.networkAttachments.getIamPolicy` `compute.networkAttachments.list` `compute.networkAttachments.listEffectiveTags` `compute.networkAttachments.listTagBindings` `compute.networkEdgeSecurityServices.get` `compute.networkEdgeSecurityServices.list` `compute.networkEdgeSecurityServices.listEffectiveTags` `compute.networkEdgeSecurityServices.listTagBindings` `compute.networkEndpointGroups.get` `compute.networkEndpointGroups.list` `compute.networkEndpointGroups.listEffectiveTags` `compute.networkEndpointGroups.listTagBindings` `compute.networkProfiles.` `compute.networkProfiles.get` `compute.networkProfiles.list` `compute.networks.get` `compute.networks.getEffectiveFirewalls` `compute.networks.getRegionEffectiveFirewalls` `compute.networks.list` `compute.networks.listEffectiveTags` `compute.networks.listPeeringRoutes` `compute.networks.listTagBindings` `compute.nodeGroups.get` `compute.nodeGroups.getIamPolicy` `compute.nodeGroups.list` `compute.nodeTemplates.get` `compute.nodeTemplates.getIamPolicy` `compute.nodeTemplates.list` `compute.nodeTypes.` `compute.nodeTypes.get` `compute.nodeTypes.list` `compute.organizations.listAssociations` `compute.packetMirrorings.get` `compute.packetMirrorings.list` `compute.packetMirrorings.listEffectiveTags` `compute.packetMirrorings.listTagBindings` `compute.projects.get` `compute.publicAdvertisedPrefixes.get` `compute.publicAdvertisedPrefixes.list` `compute.publicDelegatedPrefixes.get` `compute.publicDelegatedPrefixes.list` `compute.publicDelegatedPrefixes.listEffectiveTags` `compute.publicDelegatedPrefixes.listTagBindings` `compute.regionBackendServices.get` `compute.regionBackendServices.getIamPolicy` `compute.regionBackendServices.list` `compute.regionBackendServices.listEffectiveTags` `compute.regionBackendServices.listTagBindings` `compute.regionFirewallPolicies.get` `compute.regionFirewallPolicies.getIamPolicy` `compute.regionFirewallPolicies.list` `compute.regionFirewallPolicies.listEffectiveTags` `compute.regionFirewallPolicies.listTagBindings` `compute.regionHealthCheckServices.get` `compute.regionHealthCheckServices.list` `compute.regionHealthChecks.get` `compute.regionHealthChecks.list` `compute.regionHealthChecks.listEffectiveTags` `compute.regionHealthChecks.listTagBindings` `compute.regionNetworkEndpointGroups.get` `compute.regionNetworkEndpointGroups.list` `compute.regionNetworkEndpointGroups.listEffectiveTags` `compute.regionNetworkEndpointGroups.listTagBindings` `compute.regionNotificationEndpoints.get` `compute.regionNotificationEndpoints.list` `compute.regionOperations.get` `compute.regionOperations.getIamPolicy` `compute.regionOperations.list` `compute.regionSecurityPolicies.get` `compute.regionSecurityPolicies.list` `compute.regionSecurityPolicies.listEffectiveTags` `compute.regionSecurityPolicies.listTagBindings` `compute.regionSslCertificates.get` `compute.regionSslCertificates.list` `compute.regionSslCertificates.listEffectiveTags` `compute.regionSslCertificates.listTagBindings` `compute.regionSslPolicies.get` `compute.regionSslPolicies.list` `compute.regionSslPolicies.listAvailableFeatures` `compute.regionSslPolicies.listEffectiveTags` `compute.regionSslPolicies.listTagBindings` `compute.regionTargetHttpProxies.get` `compute.regionTargetHttpProxies.list` `compute.regionTargetHttpProxies.listEffectiveTags` `compute.regionTargetHttpProxies.listTagBindings` `compute.regionTargetHttpsProxies.get` `compute.regionTargetHttpsProxies.list` `compute.regionTargetHttpsProxies.listEffectiveTags` `compute.regionTargetHttpsProxies.listTagBindings` `compute.regionTargetTcpProxies.get` `compute.regionTargetTcpProxies.list` `compute.regionTargetTcpProxies.listEffectiveTags` `compute.regionTargetTcpProxies.listTagBindings` `compute.regionUrlMaps.get` `compute.regionUrlMaps.list` `compute.regionUrlMaps.listEffectiveTags` `compute.regionUrlMaps.listTagBindings` `compute.regionUrlMaps.validate` `compute.regions.` `compute.regions.get` `compute.regions.list` `compute.reservations.get` `compute.reservations.list` `compute.resourcePolicies.get` `compute.resourcePolicies.getIamPolicy` `compute.resourcePolicies.list` `compute.routers.get` `compute.routers.getRoutePolicy` `compute.routers.list` `compute.routers.listBgpRoutes` `compute.routers.listEffectiveTags` `compute.routers.listRoutePolicies` `compute.routers.listTagBindings` `compute.routes.get` `compute.routes.list` `compute.routes.listEffectiveTags` `compute.routes.listTagBindings` `compute.securityPolicies.get` `compute.securityPolicies.list` `compute.securityPolicies.listEffectiveTags` `compute.securityPolicies.listTagBindings` `compute.serviceAttachments.get` `compute.serviceAttachments.getIamPolicy` `compute.serviceAttachments.list` `compute.serviceAttachments.listEffectiveTags` `compute.serviceAttachments.listTagBindings` `compute.snapshotSettings.get` `compute.snapshots.get` `compute.snapshots.getIamPolicy` `compute.snapshots.list` `compute.snapshots.listEffectiveTags` `compute.snapshots.listTagBindings` `compute.sslCertificates.get` `compute.sslCertificates.list` `compute.sslCertificates.listEffectiveTags` `compute.sslCertificates.listTagBindings` `compute.sslPolicies.get` `compute.sslPolicies.list` `compute.sslPolicies.listAvailableFeatures` `compute.sslPolicies.listEffectiveTags` `compute.sslPolicies.listTagBindings` `compute.storagePools.get` `compute.storagePools.getIamPolicy` `compute.storagePools.list` `compute.subnetworks.get` `compute.subnetworks.getIamPolicy` `compute.subnetworks.list` `compute.subnetworks.listEffectiveTags` `compute.subnetworks.listTagBindings` `compute.targetGrpcProxies.get` `compute.targetGrpcProxies.list` `compute.targetGrpcProxies.listEffectiveTags` `compute.targetGrpcProxies.listTagBindings` `compute.targetHttpProxies.get` `compute.targetHttpProxies.list` `compute.targetHttpProxies.listEffectiveTags` `compute.targetHttpProxies.listTagBindings` `compute.targetHttpsProxies.get` `compute.targetHttpsProxies.list` `compute.targetHttpsProxies.listEffectiveTags` `compute.targetHttpsProxies.listTagBindings` `compute.targetInstances.get` `compute.targetInstances.list` `compute.targetInstances.listEffectiveTags` `compute.targetInstances.listTagBindings` `compute.targetPools.get` `compute.targetPools.list` `compute.targetPools.listEffectiveTags` `compute.targetPools.listTagBindings` `compute.targetSslProxies.get` `compute.targetSslProxies.list` `compute.targetSslProxies.listEffectiveTags` `compute.targetSslProxies.listTagBindings` `compute.targetTcpProxies.get` `compute.targetTcpProxies.list` `compute.targetTcpProxies.listEffectiveTags` `compute.targetTcpProxies.listTagBindings` `compute.targetVpnGateways.get` `compute.targetVpnGateways.list` `compute.targetVpnGateways.listEffectiveTags` `compute.targetVpnGateways.listTagBindings` `compute.urlMaps.get` `compute.urlMaps.list` `compute.urlMaps.listEffectiveTags` `compute.urlMaps.listTagBindings` `compute.urlMaps.validate` `compute.vpnGateways.get` `compute.vpnGateways.list` `compute.vpnGateways.listEffectiveTags` `compute.vpnGateways.listTagBindings` `compute.vpnTunnels.get` `compute.vpnTunnels.list` `compute.vpnTunnels.listEffectiveTags` `compute.vpnTunnels.listTagBindings` `compute.zoneOperations.get` `compute.zoneOperations.getIamPolicy` `compute.zoneOperations.list` `compute.zones.*` `compute.zones.get` `compute.zones.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list`

Compute Viewer

(roles/compute.viewer)

Read-only access to get and list Compute Engine resources, without being able to read the data stored on them.

For example, an account with this role could inventory all of the disks in a project, but it could not read any of the data on those disks.

Lowest-level resources where you can grant this role:

Disk
Image
Instance
Instance template
Node group
Node template
Snapshot

compute.acceleratorTypes.*

compute.acceleratorTypes.get
compute.acceleratorTypes.list

compute.addresses.get

compute.addresses.list

compute.addresses.listEffectiveTags

compute.addresses.listTagBindings

compute.autoscalers.get

compute.autoscalers.list

compute.backendBuckets.get

compute.backendBuckets.getIamPolicy

compute.backendBuckets.list

compute.backendBuckets.listEffectiveTags

compute.backendBuckets.listTagBindings

compute.backendServices.get

compute.backendServices.getIamPolicy

compute.backendServices.list

compute.backendServices.listEffectiveTags

compute.backendServices.listTagBindings

compute.commitments.get

compute.commitments.list

compute.diskTypes.*

compute.diskTypes.get
compute.diskTypes.list

compute.disks.get

compute.disks.getIamPolicy

compute.disks.list

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.externalVpnGateways.get

compute.externalVpnGateways.list

compute.externalVpnGateways.listEffectiveTags

compute.externalVpnGateways.listTagBindings

compute.firewallPolicies.get

compute.firewallPolicies.getIamPolicy

compute.firewallPolicies.list

compute.firewallPolicies.listEffectiveTags

compute.firewallPolicies.listTagBindings

compute.firewalls.get

compute.firewalls.list

compute.firewalls.listEffectiveTags

compute.firewalls.listTagBindings

compute.forwardingRules.get

compute.forwardingRules.list

compute.forwardingRules.listEffectiveTags

compute.forwardingRules.listTagBindings

compute.futureReservations.get

compute.futureReservations.getIamPolicy

compute.futureReservations.list

compute.globalAddresses.get

compute.globalAddresses.list

compute.globalAddresses.listEffectiveTags

compute.globalAddresses.listTagBindings

compute.globalForwardingRules.get

compute.globalForwardingRules.list

compute.globalForwardingRules.listEffectiveTags

compute.globalForwardingRules.listTagBindings

compute.globalForwardingRules.pscGet

compute.globalNetworkEndpointGroups.get

compute.globalNetworkEndpointGroups.list

compute.globalNetworkEndpointGroups.listEffectiveTags

compute.globalNetworkEndpointGroups.listTagBindings

compute.globalOperations.get

compute.globalOperations.getIamPolicy

compute.globalOperations.list

compute.globalPublicDelegatedPrefixes.get

compute.globalPublicDelegatedPrefixes.list

compute.healthChecks.get

compute.healthChecks.list

compute.healthChecks.listEffectiveTags

compute.healthChecks.listTagBindings

compute.httpHealthChecks.get

compute.httpHealthChecks.list

compute.httpHealthChecks.listEffectiveTags

compute.httpHealthChecks.listTagBindings

compute.httpsHealthChecks.get

compute.httpsHealthChecks.list

compute.httpsHealthChecks.listEffectiveTags

compute.httpsHealthChecks.listTagBindings

compute.images.get

compute.images.getFromFamily

compute.images.getIamPolicy

compute.images.list

compute.images.listEffectiveTags

compute.images.listTagBindings

compute.instanceGroupManagers.get

compute.instanceGroupManagers.list

compute.instanceGroupManagers.listEffectiveTags

compute.instanceGroupManagers.listTagBindings

compute.instanceGroups.get

compute.instanceGroups.list

compute.instanceGroups.listEffectiveTags

compute.instanceGroups.listTagBindings

compute.instanceSettings.get

compute.instanceTemplates.get

compute.instanceTemplates.getIamPolicy

compute.instanceTemplates.list

compute.instances.get

compute.instances.getEffectiveFirewalls

compute.instances.getGuestAttributes

compute.instances.getIamPolicy

compute.instances.getScreenshot

compute.instances.getSerialPortOutput

compute.instances.getShieldedInstanceIdentity

compute.instances.getShieldedVmIdentity

compute.instances.list

compute.instances.listEffectiveTags

compute.instances.listReferrers

compute.instances.listTagBindings

compute.instantSnapshots.get

compute.instantSnapshots.getIamPolicy

compute.instantSnapshots.list

compute.interconnectAttachments.get

compute.interconnectAttachments.list

compute.interconnectAttachments.listEffectiveTags

compute.interconnectAttachments.listTagBindings

compute.interconnectLocations.*

compute.interconnectLocations.get
compute.interconnectLocations.list

compute.interconnectRemoteLocations.*

compute.interconnectRemoteLocations.get
compute.interconnectRemoteLocations.list

compute.interconnects.get

compute.interconnects.list

compute.interconnects.listEffectiveTags

compute.interconnects.listTagBindings

compute.licenseCodes.get

compute.licenseCodes.getIamPolicy

compute.licenseCodes.list

compute.licenses.get

compute.licenses.getIamPolicy

compute.licenses.list

compute.machineImages.get

compute.machineImages.getIamPolicy

compute.machineImages.list

compute.machineTypes.*

compute.machineTypes.get
compute.machineTypes.list

compute.multiMig.get

compute.multiMig.list

compute.networkAttachments.get

compute.networkAttachments.getIamPolicy

compute.networkAttachments.list

compute.networkAttachments.listEffectiveTags

compute.networkAttachments.listTagBindings

compute.networkEdgeSecurityServices.get

compute.networkEdgeSecurityServices.list

compute.networkEdgeSecurityServices.listEffectiveTags

compute.networkEdgeSecurityServices.listTagBindings

compute.networkEndpointGroups.get

compute.networkEndpointGroups.list

compute.networkEndpointGroups.listEffectiveTags

compute.networkEndpointGroups.listTagBindings

compute.networkProfiles.*

compute.networkProfiles.get
compute.networkProfiles.list

compute.networks.get

compute.networks.getEffectiveFirewalls

compute.networks.getRegionEffectiveFirewalls

compute.networks.list

compute.networks.listEffectiveTags

compute.networks.listPeeringRoutes

compute.networks.listTagBindings

compute.nodeGroups.get

compute.nodeGroups.getIamPolicy

compute.nodeGroups.list

compute.nodeTemplates.get

compute.nodeTemplates.getIamPolicy

compute.nodeTemplates.list

compute.nodeTypes.*

compute.nodeTypes.get
compute.nodeTypes.list

compute.organizations.listAssociations

compute.packetMirrorings.get

compute.packetMirrorings.list

compute.packetMirrorings.listEffectiveTags

compute.packetMirrorings.listTagBindings

compute.projects.get

compute.publicAdvertisedPrefixes.get

compute.publicAdvertisedPrefixes.list

compute.publicDelegatedPrefixes.get

compute.publicDelegatedPrefixes.list

compute.publicDelegatedPrefixes.listEffectiveTags

compute.publicDelegatedPrefixes.listTagBindings

compute.regionBackendServices.get

compute.regionBackendServices.getIamPolicy

compute.regionBackendServices.list

compute.regionBackendServices.listEffectiveTags

compute.regionBackendServices.listTagBindings

compute.regionFirewallPolicies.get

compute.regionFirewallPolicies.getIamPolicy

compute.regionFirewallPolicies.list

compute.regionFirewallPolicies.listEffectiveTags

compute.regionFirewallPolicies.listTagBindings

compute.regionHealthCheckServices.get

compute.regionHealthCheckServices.list

compute.regionHealthChecks.get

compute.regionHealthChecks.list

compute.regionHealthChecks.listEffectiveTags

compute.regionHealthChecks.listTagBindings

compute.regionNetworkEndpointGroups.get

compute.regionNetworkEndpointGroups.list

compute.regionNetworkEndpointGroups.listEffectiveTags

compute.regionNetworkEndpointGroups.listTagBindings

compute.regionNotificationEndpoints.get

compute.regionNotificationEndpoints.list

compute.regionOperations.get

compute.regionOperations.getIamPolicy

compute.regionOperations.list

compute.regionSecurityPolicies.get

compute.regionSecurityPolicies.list

compute.regionSecurityPolicies.listEffectiveTags

compute.regionSecurityPolicies.listTagBindings

compute.regionSslCertificates.get

compute.regionSslCertificates.list

compute.regionSslCertificates.listEffectiveTags

compute.regionSslCertificates.listTagBindings

compute.regionSslPolicies.get

compute.regionSslPolicies.list

compute.regionSslPolicies.listAvailableFeatures

compute.regionSslPolicies.listEffectiveTags

compute.regionSslPolicies.listTagBindings

compute.regionTargetHttpProxies.get

compute.regionTargetHttpProxies.list

compute.regionTargetHttpProxies.listEffectiveTags

compute.regionTargetHttpProxies.listTagBindings

compute.regionTargetHttpsProxies.get

compute.regionTargetHttpsProxies.list

compute.regionTargetHttpsProxies.listEffectiveTags

compute.regionTargetHttpsProxies.listTagBindings

compute.regionTargetTcpProxies.get

compute.regionTargetTcpProxies.list

compute.regionTargetTcpProxies.listEffectiveTags

compute.regionTargetTcpProxies.listTagBindings

compute.regionUrlMaps.get

compute.regionUrlMaps.list

compute.regionUrlMaps.listEffectiveTags

compute.regionUrlMaps.listTagBindings

compute.regionUrlMaps.validate

compute.regions.*

compute.regions.get
compute.regions.list

compute.reservations.get

compute.reservations.list

compute.resourcePolicies.get

compute.resourcePolicies.getIamPolicy

compute.resourcePolicies.list

compute.routers.get

compute.routers.getRoutePolicy

compute.routers.list

compute.routers.listBgpRoutes

compute.routers.listEffectiveTags

compute.routers.listRoutePolicies

compute.routers.listTagBindings

compute.routes.get

compute.routes.list

compute.routes.listEffectiveTags

compute.routes.listTagBindings

compute.securityPolicies.get

compute.securityPolicies.list

compute.securityPolicies.listEffectiveTags

compute.securityPolicies.listTagBindings

compute.serviceAttachments.get

compute.serviceAttachments.getIamPolicy

compute.serviceAttachments.list

compute.serviceAttachments.listEffectiveTags

compute.serviceAttachments.listTagBindings

compute.snapshotSettings.get

compute.snapshots.get

compute.snapshots.getIamPolicy

compute.snapshots.list

compute.snapshots.listEffectiveTags

compute.snapshots.listTagBindings

compute.sslCertificates.get

compute.sslCertificates.list

compute.sslCertificates.listEffectiveTags

compute.sslCertificates.listTagBindings

compute.sslPolicies.get

compute.sslPolicies.list

compute.sslPolicies.listAvailableFeatures

compute.sslPolicies.listEffectiveTags

compute.sslPolicies.listTagBindings

compute.storagePools.get

compute.storagePools.getIamPolicy

compute.storagePools.list

compute.subnetworks.get

compute.subnetworks.getIamPolicy

compute.subnetworks.list

compute.subnetworks.listEffectiveTags

compute.subnetworks.listTagBindings

compute.targetGrpcProxies.get

compute.targetGrpcProxies.list

compute.targetGrpcProxies.listEffectiveTags

compute.targetGrpcProxies.listTagBindings

compute.targetHttpProxies.get

compute.targetHttpProxies.list

compute.targetHttpProxies.listEffectiveTags

compute.targetHttpProxies.listTagBindings

compute.targetHttpsProxies.get

compute.targetHttpsProxies.list

compute.targetHttpsProxies.listEffectiveTags

compute.targetHttpsProxies.listTagBindings

compute.targetInstances.get

compute.targetInstances.list

compute.targetInstances.listEffectiveTags

compute.targetInstances.listTagBindings

compute.targetPools.get

compute.targetPools.list

compute.targetPools.listEffectiveTags

compute.targetPools.listTagBindings

compute.targetSslProxies.get

compute.targetSslProxies.list

compute.targetSslProxies.listEffectiveTags

compute.targetSslProxies.listTagBindings

compute.targetTcpProxies.get

compute.targetTcpProxies.list

compute.targetTcpProxies.listEffectiveTags

compute.targetTcpProxies.listTagBindings

compute.targetVpnGateways.get

compute.targetVpnGateways.list

compute.targetVpnGateways.listEffectiveTags

compute.targetVpnGateways.listTagBindings

compute.urlMaps.get

compute.urlMaps.list

compute.urlMaps.listEffectiveTags

compute.urlMaps.listTagBindings

compute.urlMaps.validate

compute.vpnGateways.get

compute.vpnGateways.list

compute.vpnGateways.listEffectiveTags

compute.vpnGateways.listTagBindings

compute.vpnTunnels.get

compute.vpnTunnels.list

compute.vpnTunnels.listEffectiveTags

compute.vpnTunnels.listTagBindings

compute.zoneOperations.get

compute.zoneOperations.getIamPolicy

compute.zoneOperations.list

compute.zones.*

compute.zones.get
compute.zones.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Compute Shared VPC Admin role

Details Permissions

Details	Permissions
Compute Shared VPC Admin (`roles/compute.xpnAdmin`) Permissions to administer shared VPC host projects, specifically enabling the host projects and associating shared VPC service projects to the host project's network. At the organization level, this role can only be granted by an organization admin. Google Cloud recommends that the Shared VPC Admin be the owner of the shared VPC host project. The Shared VPC Admin is responsible for granting the Compute Network User role (`roles/compute.networkUser`) to service owners, and the shared VPC host project owner controls the project itself. Managing the project is easier if a single principal (individual or group) can fulfill both roles. Lowest-level resources where you can grant this role: Folder	`compute.globalOperations.get` `compute.globalOperations.list` `compute.organizations.disableXpnHost` `compute.organizations.disableXpnResource` `compute.organizations.enableXpnHost` `compute.organizations.enableXpnResource` `compute.projects.get` `compute.subnetworks.getIamPolicy` `compute.subnetworks.setIamPolicy` `resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.getIamPolicy` `resourcemanager.projects.list`

Compute Shared VPC Admin

(roles/compute.xpnAdmin)

Permissions to administer shared VPC host projects, specifically enabling the host projects and associating shared VPC service projects to the host project's network.

At the organization level, this role can only be granted by an organization admin.

Google Cloud recommends that the Shared VPC Admin be the owner of the shared VPC host project. The Shared VPC Admin is responsible for granting the Compute Network User role (roles/compute.networkUser) to service owners, and the shared VPC host project owner controls the project itself. Managing the project is easier if a single principal (individual or group) can fulfill both roles.

Lowest-level resources where you can grant this role:

Folder

compute.globalOperations.get

compute.globalOperations.list

compute.organizations.disableXpnHost

compute.organizations.disableXpnResource

compute.organizations.enableXpnHost

compute.organizations.enableXpnResource

compute.projects.get

compute.subnetworks.getIamPolicy

compute.subnetworks.setIamPolicy

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

resourcemanager.projects.list

OS Config Admin role

Details Permissions

Details	Permissions
OS Config Admin ^Beta (`roles/osconfig.admin`) Full access to OS Config resources	`osconfig.*` `osconfig.guestPolicies.create` `osconfig.guestPolicies.delete` `osconfig.guestPolicies.get` `osconfig.guestPolicies.list` `osconfig.guestPolicies.update` `osconfig.instanceOSPoliciesCompliances.get` `osconfig.instanceOSPoliciesCompliances.list` `osconfig.inventories.get` `osconfig.inventories.list` `osconfig.locations.get` `osconfig.locations.list` `osconfig.operations.cancel` `osconfig.operations.delete` `osconfig.operations.get` `osconfig.operations.list` `osconfig.osPolicyAssignmentReports.get` `osconfig.osPolicyAssignmentReports.list` `osconfig.osPolicyAssignmentReports.searchSummaries` `osconfig.osPolicyAssignments.create` `osconfig.osPolicyAssignments.delete` `osconfig.osPolicyAssignments.get` `osconfig.osPolicyAssignments.list` `osconfig.osPolicyAssignments.searchPolicies` `osconfig.osPolicyAssignments.update` `osconfig.patchDeployments.create` `osconfig.patchDeployments.delete` `osconfig.patchDeployments.execute` `osconfig.patchDeployments.get` `osconfig.patchDeployments.list` `osconfig.patchDeployments.pause` `osconfig.patchDeployments.resume` `osconfig.patchDeployments.update` `osconfig.patchJobs.exec` `osconfig.patchJobs.get` `osconfig.patchJobs.list` `osconfig.policyOrchestrators.create` `osconfig.policyOrchestrators.delete` `osconfig.policyOrchestrators.get` `osconfig.policyOrchestrators.list` `osconfig.policyOrchestrators.update` `osconfig.projectFeatureSettings.get` `osconfig.projectFeatureSettings.update` `osconfig.upgradeReports.get` `osconfig.upgradeReports.getSummary` `osconfig.upgradeReports.list` `osconfig.upgradeReports.searchSummaries` `osconfig.vulnerabilityReports.get` `osconfig.vulnerabilityReports.list`

OS Config Admin ^Beta

(roles/osconfig.admin)

Full access to OS Config resources

osconfig.*

osconfig.guestPolicies.create
osconfig.guestPolicies.delete
osconfig.guestPolicies.get
osconfig.guestPolicies.list
osconfig.guestPolicies.update
osconfig.instanceOSPoliciesCompliances.get
osconfig.instanceOSPoliciesCompliances.list
osconfig.inventories.get
osconfig.inventories.list
osconfig.locations.get
osconfig.locations.list
osconfig.operations.cancel
osconfig.operations.delete
osconfig.operations.get
osconfig.operations.list
osconfig.osPolicyAssignmentReports.get
osconfig.osPolicyAssignmentReports.list
osconfig.osPolicyAssignmentReports.searchSummaries
osconfig.osPolicyAssignments.create
osconfig.osPolicyAssignments.delete
osconfig.osPolicyAssignments.get
osconfig.osPolicyAssignments.list
osconfig.osPolicyAssignments.searchPolicies
osconfig.osPolicyAssignments.update
osconfig.patchDeployments.create
osconfig.patchDeployments.delete
osconfig.patchDeployments.execute
osconfig.patchDeployments.get
osconfig.patchDeployments.list
osconfig.patchDeployments.pause
osconfig.patchDeployments.resume
osconfig.patchDeployments.update
osconfig.patchJobs.exec
osconfig.patchJobs.get
osconfig.patchJobs.list
osconfig.policyOrchestrators.create
osconfig.policyOrchestrators.delete
osconfig.policyOrchestrators.get
osconfig.policyOrchestrators.list
osconfig.policyOrchestrators.update
osconfig.projectFeatureSettings.get
osconfig.projectFeatureSettings.update
osconfig.upgradeReports.get
osconfig.upgradeReports.getSummary
osconfig.upgradeReports.list
osconfig.upgradeReports.searchSummaries
osconfig.vulnerabilityReports.get
osconfig.vulnerabilityReports.list

GuestPolicy Admin role

Details Permissions

Details	Permissions
GuestPolicy Admin ^Beta (`roles/osconfig.guestPolicyAdmin`) Full admin access to GuestPolicies	`osconfig.guestPolicies.*` `osconfig.guestPolicies.create` `osconfig.guestPolicies.delete` `osconfig.guestPolicies.get` `osconfig.guestPolicies.list` `osconfig.guestPolicies.update` `resourcemanager.projects.get` `resourcemanager.projects.list`

GuestPolicy Admin ^Beta

(roles/osconfig.guestPolicyAdmin)

Full admin access to GuestPolicies

osconfig.guestPolicies.*

osconfig.guestPolicies.create
osconfig.guestPolicies.delete
osconfig.guestPolicies.get
osconfig.guestPolicies.list
osconfig.guestPolicies.update

resourcemanager.projects.get

resourcemanager.projects.list

GuestPolicy Editor role

Details Permissions

Details	Permissions
GuestPolicy Editor ^Beta (`roles/osconfig.guestPolicyEditor`) Editor of GuestPolicy resources	`osconfig.guestPolicies.get` `osconfig.guestPolicies.list` `osconfig.guestPolicies.update` `resourcemanager.projects.get` `resourcemanager.projects.list`

GuestPolicy Editor ^Beta

(roles/osconfig.guestPolicyEditor)

Editor of GuestPolicy resources

osconfig.guestPolicies.get

osconfig.guestPolicies.list

osconfig.guestPolicies.update

resourcemanager.projects.get

resourcemanager.projects.list

GuestPolicy Viewer role

Details Permissions

Details	Permissions
GuestPolicy Viewer ^Beta (`roles/osconfig.guestPolicyViewer`) Viewer of GuestPolicy resources	`osconfig.guestPolicies.get` `osconfig.guestPolicies.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

GuestPolicy Viewer ^Beta

(roles/osconfig.guestPolicyViewer)

Viewer of GuestPolicy resources

osconfig.guestPolicies.get

osconfig.guestPolicies.list

resourcemanager.projects.get

resourcemanager.projects.list

InstanceOSPoliciesCompliance Viewer role

Details Permissions

Details	Permissions
InstanceOSPoliciesCompliance Viewer ^Beta (`roles/osconfig.instanceOSPoliciesComplianceViewer`) Viewer of OS Policies Compliance of VM instances	`osconfig.instanceOSPoliciesCompliances.*` `osconfig.instanceOSPoliciesCompliances.get` `osconfig.instanceOSPoliciesCompliances.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

InstanceOSPoliciesCompliance Viewer ^Beta

(roles/osconfig.instanceOSPoliciesComplianceViewer)

Viewer of OS Policies Compliance of VM instances

osconfig.instanceOSPoliciesCompliances.*

osconfig.instanceOSPoliciesCompliances.get
osconfig.instanceOSPoliciesCompliances.list

resourcemanager.projects.get

resourcemanager.projects.list

OS Inventory Viewer role

Details Permissions

Details	Permissions
OS Inventory Viewer (`roles/osconfig.inventoryViewer`) Viewer of OS Inventories	`osconfig.inventories.*` `osconfig.inventories.get` `osconfig.inventories.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

OS Inventory Viewer

(roles/osconfig.inventoryViewer)

Viewer of OS Inventories

osconfig.inventories.*

osconfig.inventories.get
osconfig.inventories.list

resourcemanager.projects.get

resourcemanager.projects.list

OSPolicyAssignment Admin role

Details Permissions

Details	Permissions
OSPolicyAssignment Admin (`roles/osconfig.osPolicyAssignmentAdmin`) Full admin access to OS Policy Assignments	`osconfig.osPolicyAssignments.*` `osconfig.osPolicyAssignments.create` `osconfig.osPolicyAssignments.delete` `osconfig.osPolicyAssignments.get` `osconfig.osPolicyAssignments.list` `osconfig.osPolicyAssignments.searchPolicies` `osconfig.osPolicyAssignments.update` `resourcemanager.projects.get` `resourcemanager.projects.list`

OSPolicyAssignment Admin

(roles/osconfig.osPolicyAssignmentAdmin)

Full admin access to OS Policy Assignments

osconfig.osPolicyAssignments.*

osconfig.osPolicyAssignments.create
osconfig.osPolicyAssignments.delete
osconfig.osPolicyAssignments.get
osconfig.osPolicyAssignments.list
osconfig.osPolicyAssignments.searchPolicies
osconfig.osPolicyAssignments.update

resourcemanager.projects.get

resourcemanager.projects.list

OSPolicyAssignment Editor role

Details Permissions

Details	Permissions
OSPolicyAssignment Editor (`roles/osconfig.osPolicyAssignmentEditor`) Editor of OS Policy Assignments	`osconfig.osPolicyAssignments.get` `osconfig.osPolicyAssignments.list` `osconfig.osPolicyAssignments.searchPolicies` `osconfig.osPolicyAssignments.update` `resourcemanager.projects.get` `resourcemanager.projects.list`

OSPolicyAssignment Editor

(roles/osconfig.osPolicyAssignmentEditor)

Editor of OS Policy Assignments

osconfig.osPolicyAssignments.get

osconfig.osPolicyAssignments.list

osconfig.osPolicyAssignments.searchPolicies

osconfig.osPolicyAssignments.update

resourcemanager.projects.get

resourcemanager.projects.list

OSPolicyAssignmentReport Viewer role

Details Permissions

Details	Permissions
OSPolicyAssignmentReport Viewer (`roles/osconfig.osPolicyAssignmentReportViewer`) Viewer of OS policy assignment reports for VM instances	`osconfig.osPolicyAssignmentReports.*` `osconfig.osPolicyAssignmentReports.get` `osconfig.osPolicyAssignmentReports.list` `osconfig.osPolicyAssignmentReports.searchSummaries` `resourcemanager.projects.get` `resourcemanager.projects.list`

OSPolicyAssignmentReport Viewer

(roles/osconfig.osPolicyAssignmentReportViewer)

Viewer of OS policy assignment reports for VM instances

osconfig.osPolicyAssignmentReports.*

osconfig.osPolicyAssignmentReports.get
osconfig.osPolicyAssignmentReports.list
osconfig.osPolicyAssignmentReports.searchSummaries

resourcemanager.projects.get

resourcemanager.projects.list

OSPolicyAssignment Viewer role

Details Permissions

Details	Permissions
OSPolicyAssignment Viewer (`roles/osconfig.osPolicyAssignmentViewer`) Viewer of OS Policy Assignments	`osconfig.osPolicyAssignments.get` `osconfig.osPolicyAssignments.list` `osconfig.osPolicyAssignments.searchPolicies` `resourcemanager.projects.get` `resourcemanager.projects.list`

OSPolicyAssignment Viewer

(roles/osconfig.osPolicyAssignmentViewer)

Viewer of OS Policy Assignments

osconfig.osPolicyAssignments.get

osconfig.osPolicyAssignments.list

osconfig.osPolicyAssignments.searchPolicies

resourcemanager.projects.get

resourcemanager.projects.list

PatchDeployment Admin role

Details Permissions

Details	Permissions
PatchDeployment Admin (`roles/osconfig.patchDeploymentAdmin`) Full admin access to PatchDeployments	`osconfig.patchDeployments.*` `osconfig.patchDeployments.create` `osconfig.patchDeployments.delete` `osconfig.patchDeployments.execute` `osconfig.patchDeployments.get` `osconfig.patchDeployments.list` `osconfig.patchDeployments.pause` `osconfig.patchDeployments.resume` `osconfig.patchDeployments.update` `resourcemanager.projects.get` `resourcemanager.projects.list`

PatchDeployment Admin

(roles/osconfig.patchDeploymentAdmin)

Full admin access to PatchDeployments

osconfig.patchDeployments.*

osconfig.patchDeployments.create
osconfig.patchDeployments.delete
osconfig.patchDeployments.execute
osconfig.patchDeployments.get
osconfig.patchDeployments.list
osconfig.patchDeployments.pause
osconfig.patchDeployments.resume
osconfig.patchDeployments.update

resourcemanager.projects.get

resourcemanager.projects.list

PatchDeployment Viewer role

Details Permissions

Details	Permissions
PatchDeployment Viewer (`roles/osconfig.patchDeploymentViewer`) Viewer of PatchDeployment resources	`osconfig.patchDeployments.get` `osconfig.patchDeployments.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

PatchDeployment Viewer

(roles/osconfig.patchDeploymentViewer)

Viewer of PatchDeployment resources

osconfig.patchDeployments.get

osconfig.patchDeployments.list

resourcemanager.projects.get

resourcemanager.projects.list

Patch Job Executor role

Details Permissions

Details	Permissions
Patch Job Executor (`roles/osconfig.patchJobExecutor`) Access to execute Patch Jobs.	`osconfig.patchJobs.*` `osconfig.patchJobs.exec` `osconfig.patchJobs.get` `osconfig.patchJobs.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

Patch Job Executor

(roles/osconfig.patchJobExecutor)

Access to execute Patch Jobs.

osconfig.patchJobs.*

osconfig.patchJobs.exec
osconfig.patchJobs.get
osconfig.patchJobs.list

resourcemanager.projects.get

resourcemanager.projects.list

Patch Job Viewer role

Details Permissions

Details	Permissions
Patch Job Viewer (`roles/osconfig.patchJobViewer`) Get and list Patch Jobs.	`osconfig.patchJobs.get` `osconfig.patchJobs.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

Patch Job Viewer

(roles/osconfig.patchJobViewer)

Get and list Patch Jobs.

osconfig.patchJobs.get

osconfig.patchJobs.list

resourcemanager.projects.get

resourcemanager.projects.list

PolicyOrchestrator Admin role

Details Permissions

Details	Permissions
PolicyOrchestrator Admin ^Alpha (`roles/osconfig.policyOrchestratorAdmin`) Admin of PolicyOrchestrator resources	`osconfig.locations.` `osconfig.locations.get` `osconfig.locations.list` `osconfig.operations.get` `osconfig.policyOrchestrators.` `osconfig.policyOrchestrators.create` `osconfig.policyOrchestrators.delete` `osconfig.policyOrchestrators.get` `osconfig.policyOrchestrators.list` `osconfig.policyOrchestrators.update`

PolicyOrchestrator Admin ^Alpha

(roles/osconfig.policyOrchestratorAdmin)

Admin of PolicyOrchestrator resources

osconfig.locations.*

osconfig.locations.get
osconfig.locations.list

osconfig.operations.get

osconfig.policyOrchestrators.*

osconfig.policyOrchestrators.create
osconfig.policyOrchestrators.delete
osconfig.policyOrchestrators.get
osconfig.policyOrchestrators.list
osconfig.policyOrchestrators.update

PolicyOrchestrator Viewer role

Details Permissions

Details	Permissions
PolicyOrchestrator Viewer ^Alpha (`roles/osconfig.policyOrchestratorViewer`) Viewer of PolicyOrchestrator resources	`osconfig.locations.*` `osconfig.locations.get` `osconfig.locations.list` `osconfig.operations.get` `osconfig.policyOrchestrators.get` `osconfig.policyOrchestrators.list`

PolicyOrchestrator Viewer ^Alpha

(roles/osconfig.policyOrchestratorViewer)

Viewer of PolicyOrchestrator resources

osconfig.locations.*

osconfig.locations.get
osconfig.locations.list

osconfig.operations.get

osconfig.policyOrchestrators.get

osconfig.policyOrchestrators.list

Project Feature Settings Editor role

Details Permissions

Details	Permissions
Project Feature Settings Editor (`roles/osconfig.projectFeatureSettingsEditor`) Read/write access to project feature settings	`osconfig.projectFeatureSettings.*` `osconfig.projectFeatureSettings.get` `osconfig.projectFeatureSettings.update` `resourcemanager.projects.get` `resourcemanager.projects.list`

Project Feature Settings Editor

(roles/osconfig.projectFeatureSettingsEditor)

Read/write access to project feature settings

osconfig.projectFeatureSettings.*

osconfig.projectFeatureSettings.get
osconfig.projectFeatureSettings.update

resourcemanager.projects.get

resourcemanager.projects.list

Project Feature Settings Viewer role

Details Permissions

Details	Permissions
Project Feature Settings Viewer (`roles/osconfig.projectFeatureSettingsViewer`) Read access to project feature settings	`osconfig.projectFeatureSettings.get` `resourcemanager.projects.get` `resourcemanager.projects.list`

Project Feature Settings Viewer

(roles/osconfig.projectFeatureSettingsViewer)

Read access to project feature settings

osconfig.projectFeatureSettings.get

resourcemanager.projects.get

resourcemanager.projects.list

Upgrade Report Viewer role

Details Permissions

Details	Permissions
Upgrade Report Viewer ^Beta (`roles/osconfig.upgradeReportViewer`) Provides read-only access to VM Manager Upgrade Reports	`osconfig.upgradeReports.*` `osconfig.upgradeReports.get` `osconfig.upgradeReports.getSummary` `osconfig.upgradeReports.list` `osconfig.upgradeReports.searchSummaries` `resourcemanager.projects.get` `resourcemanager.projects.list`

Upgrade Report Viewer ^Beta

(roles/osconfig.upgradeReportViewer)

Provides read-only access to VM Manager Upgrade Reports

osconfig.upgradeReports.*

osconfig.upgradeReports.get
osconfig.upgradeReports.getSummary
osconfig.upgradeReports.list
osconfig.upgradeReports.searchSummaries

resourcemanager.projects.get

resourcemanager.projects.list

OS Config Viewer role

Details Permissions

Details	Permissions
OS Config Viewer ^Beta (`roles/osconfig.viewer`) Readonly access to OS Config resources	`osconfig.guestPolicies.get` `osconfig.guestPolicies.list` `osconfig.instanceOSPoliciesCompliances.` `osconfig.instanceOSPoliciesCompliances.get` `osconfig.instanceOSPoliciesCompliances.list` `osconfig.inventories.` `osconfig.inventories.get` `osconfig.inventories.list` `osconfig.locations.` `osconfig.locations.get` `osconfig.locations.list` `osconfig.operations.get` `osconfig.operations.list` `osconfig.osPolicyAssignmentReports.` `osconfig.osPolicyAssignmentReports.get` `osconfig.osPolicyAssignmentReports.list` `osconfig.osPolicyAssignmentReports.searchSummaries` `osconfig.osPolicyAssignments.get` `osconfig.osPolicyAssignments.list` `osconfig.osPolicyAssignments.searchPolicies` `osconfig.patchDeployments.get` `osconfig.patchDeployments.list` `osconfig.patchJobs.get` `osconfig.patchJobs.list` `osconfig.policyOrchestrators.get` `osconfig.policyOrchestrators.list` `osconfig.projectFeatureSettings.get` `osconfig.upgradeReports.` `osconfig.upgradeReports.get` `osconfig.upgradeReports.getSummary` `osconfig.upgradeReports.list` `osconfig.upgradeReports.searchSummaries` `osconfig.vulnerabilityReports.` `osconfig.vulnerabilityReports.get` `osconfig.vulnerabilityReports.list`

OS Config Viewer ^Beta

(roles/osconfig.viewer)

Readonly access to OS Config resources

osconfig.guestPolicies.get

osconfig.guestPolicies.list

osconfig.instanceOSPoliciesCompliances.*

osconfig.instanceOSPoliciesCompliances.get
osconfig.instanceOSPoliciesCompliances.list

osconfig.inventories.*

osconfig.inventories.get
osconfig.inventories.list

osconfig.locations.*

osconfig.locations.get
osconfig.locations.list

osconfig.operations.get

osconfig.operations.list

osconfig.osPolicyAssignmentReports.*

osconfig.osPolicyAssignmentReports.get
osconfig.osPolicyAssignmentReports.list
osconfig.osPolicyAssignmentReports.searchSummaries

osconfig.osPolicyAssignments.get

osconfig.osPolicyAssignments.list

osconfig.osPolicyAssignments.searchPolicies

osconfig.patchDeployments.get

osconfig.patchDeployments.list

osconfig.patchJobs.get

osconfig.patchJobs.list

osconfig.policyOrchestrators.get

osconfig.policyOrchestrators.list

osconfig.projectFeatureSettings.get

osconfig.upgradeReports.*

osconfig.upgradeReports.get
osconfig.upgradeReports.getSummary
osconfig.upgradeReports.list
osconfig.upgradeReports.searchSummaries

osconfig.vulnerabilityReports.*

osconfig.vulnerabilityReports.get
osconfig.vulnerabilityReports.list

OS VulnerabilityReport Viewer role

Details Permissions

Details	Permissions
OS VulnerabilityReport Viewer (`roles/osconfig.vulnerabilityReportViewer`) Viewer of OS VulnerabilityReports	`osconfig.vulnerabilityReports.*` `osconfig.vulnerabilityReports.get` `osconfig.vulnerabilityReports.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

OS VulnerabilityReport Viewer

(roles/osconfig.vulnerabilityReportViewer)

Viewer of OS VulnerabilityReports

osconfig.vulnerabilityReports.*

osconfig.vulnerabilityReports.get
osconfig.vulnerabilityReports.list

resourcemanager.projects.get

resourcemanager.projects.list

DNS Administrator role

Details Permissions

Details	Permissions
DNS Administrator (`roles/dns.admin`) Provides read-write access to all Cloud DNS resources. Lowest-level resources where you can grant this role: Managed zone	`compute.networks.get` `compute.networks.list` `dns.changes.` `dns.changes.create` `dns.changes.get` `dns.changes.list` `dns.dnsKeys.` `dns.dnsKeys.get` `dns.dnsKeys.list` `dns.gkeClusters.` `dns.gkeClusters.bindDNSResponsePolicy` `dns.gkeClusters.bindPrivateDNSZone` `dns.managedZoneOperations.` `dns.managedZoneOperations.get` `dns.managedZoneOperations.list` `dns.managedZones.create` `dns.managedZones.delete` `dns.managedZones.get` `dns.managedZones.getIamPolicy` `dns.managedZones.list` `dns.managedZones.update` `dns.networks.` `dns.networks.bindDNSResponsePolicy` `dns.networks.bindPrivateDNSPolicy` `dns.networks.bindPrivateDNSZone` `dns.networks.targetWithPeeringZone` `dns.networks.useHealthSignals` `dns.policies.create` `dns.policies.delete` `dns.policies.get` `dns.policies.getIamPolicy` `dns.policies.list` `dns.policies.update` `dns.projects.get` `dns.resourceRecordSets.` `dns.resourceRecordSets.create` `dns.resourceRecordSets.delete` `dns.resourceRecordSets.get` `dns.resourceRecordSets.list` `dns.resourceRecordSets.update` `dns.responsePolicies.` `dns.responsePolicies.create` `dns.responsePolicies.delete` `dns.responsePolicies.get` `dns.responsePolicies.list` `dns.responsePolicies.update` `dns.responsePolicyRules.` `dns.responsePolicyRules.create` `dns.responsePolicyRules.delete` `dns.responsePolicyRules.get` `dns.responsePolicyRules.list` `dns.responsePolicyRules.update` `resourcemanager.projects.get` `resourcemanager.projects.list`

DNS Administrator

(roles/dns.admin)

Provides read-write access to all Cloud DNS resources.

Lowest-level resources where you can grant this role:

Managed zone

compute.networks.get

compute.networks.list

dns.changes.*

dns.changes.create
dns.changes.get
dns.changes.list

dns.dnsKeys.*

dns.dnsKeys.get
dns.dnsKeys.list

dns.gkeClusters.*

dns.gkeClusters.bindDNSResponsePolicy
dns.gkeClusters.bindPrivateDNSZone

dns.managedZoneOperations.*

dns.managedZoneOperations.get
dns.managedZoneOperations.list

dns.managedZones.create

dns.managedZones.delete

dns.managedZones.get

dns.managedZones.getIamPolicy

dns.managedZones.list

dns.managedZones.update

dns.networks.*

dns.networks.bindDNSResponsePolicy
dns.networks.bindPrivateDNSPolicy
dns.networks.bindPrivateDNSZone
dns.networks.targetWithPeeringZone
dns.networks.useHealthSignals

dns.policies.create

dns.policies.delete

dns.policies.get

dns.policies.getIamPolicy

dns.policies.list

dns.policies.update

dns.projects.get

dns.resourceRecordSets.*

dns.resourceRecordSets.create
dns.resourceRecordSets.delete
dns.resourceRecordSets.get
dns.resourceRecordSets.list
dns.resourceRecordSets.update

dns.responsePolicies.*

dns.responsePolicies.create
dns.responsePolicies.delete
dns.responsePolicies.get
dns.responsePolicies.list
dns.responsePolicies.update

dns.responsePolicyRules.*

dns.responsePolicyRules.create
dns.responsePolicyRules.delete
dns.responsePolicyRules.get
dns.responsePolicyRules.list
dns.responsePolicyRules.update

resourcemanager.projects.get

resourcemanager.projects.list

DNS Peer role

Details Permissions

DNS Peer

(roles/dns.peer)

Access to target networks with DNS peering zones

dns.networks.targetWithPeeringZone

DNS Reader role

Details Permissions

DNS Reader

(roles/dns.reader)

Provides read-only access to all Cloud DNS resources.

Lowest-level resources where you can grant this role:

Managed zone

compute.networks.get

dns.changes.get

dns.changes.list

dns.dnsKeys.*

dns.dnsKeys.get
dns.dnsKeys.list

dns.managedZoneOperations.*

dns.managedZoneOperations.get
dns.managedZoneOperations.list

dns.managedZones.get

dns.managedZones.list

dns.policies.get

dns.policies.list

dns.projects.get

dns.resourceRecordSets.get

dns.resourceRecordSets.list

dns.responsePolicies.get

dns.responsePolicies.list

dns.responsePolicyRules.get

dns.responsePolicyRules.list

resourcemanager.projects.get

resourcemanager.projects.list

Service Account Admin role

Details Permissions

Service Account Admin

(roles/iam.serviceAccountAdmin)

Create and manage service accounts.

Lowest-level resources where you can grant this role:

Service Account

iam.serviceAccounts.create

iam.serviceAccounts.createTagBinding

iam.serviceAccounts.delete

iam.serviceAccounts.deleteTagBinding

iam.serviceAccounts.disable

iam.serviceAccounts.enable

iam.serviceAccounts.get

iam.serviceAccounts.getIamPolicy

iam.serviceAccounts.list

iam.serviceAccounts.listEffectiveTags

iam.serviceAccounts.listTagBindings

iam.serviceAccounts.setIamPolicy

iam.serviceAccounts.undelete

iam.serviceAccounts.update

resourcemanager.projects.get

resourcemanager.projects.list

Create Service Accounts role

Details Permissions

Create Service Accounts

(roles/iam.serviceAccountCreator)

Access to create service accounts.

iam.serviceAccounts.create

iam.serviceAccounts.get

iam.serviceAccounts.list

resourcemanager.projects.get

resourcemanager.projects.list

Delete Service Accounts role

Details Permissions

Delete Service Accounts

(roles/iam.serviceAccountDeleter)

Access to delete service accounts.

iam.serviceAccounts.delete

iam.serviceAccounts.get

iam.serviceAccounts.list

resourcemanager.projects.get

resourcemanager.projects.list

Service Account Key Admin role

Details Permissions

Service Account Key Admin

(roles/iam.serviceAccountKeyAdmin)

Create and manage (and rotate) service account keys.

Lowest-level resources where you can grant this role:

Service Account

iam.serviceAccountKeys.*

iam.serviceAccountKeys.create
iam.serviceAccountKeys.delete
iam.serviceAccountKeys.disable
iam.serviceAccountKeys.enable
iam.serviceAccountKeys.get
iam.serviceAccountKeys.list

iam.serviceAccounts.get

iam.serviceAccounts.list

resourcemanager.projects.get

resourcemanager.projects.list

Service Account OpenID Connect Identity Token Creator role

Details Permissions

Service Account OpenID Connect Identity Token Creator

(roles/iam.serviceAccountOpenIdTokenCreator)

Create OpenID Connect (OIDC) identity tokens

iam.serviceAccounts.getOpenIdToken

Service Account Token Creator role

Details Permissions

Service Account Token Creator

(roles/iam.serviceAccountTokenCreator)

Impersonate service accounts (create OAuth2 access tokens, sign blobs or JWTs, etc).

Lowest-level resources where you can grant this role:

Service Account

iam.serviceAccounts.get

iam.serviceAccounts.getAccessToken

iam.serviceAccounts.getOpenIdToken

iam.serviceAccounts.implicitDelegation

iam.serviceAccounts.list

iam.serviceAccounts.signBlob

iam.serviceAccounts.signJwt

resourcemanager.projects.get

resourcemanager.projects.list

Service Account User role

Details Permissions

Service Account User

(roles/iam.serviceAccountUser)

Run operations as the service account.

Lowest-level resources where you can grant this role:

Service Account

iam.serviceAccounts.actAs

iam.serviceAccounts.get

iam.serviceAccounts.list

resourcemanager.projects.get

resourcemanager.projects.list

View Service Accounts role

Details Permissions

View Service Accounts

(roles/iam.serviceAccountViewer)

Read access to service accounts, metadata, and keys.

iam.serviceAccountKeys.get

iam.serviceAccountKeys.list

iam.serviceAccounts.get

iam.serviceAccounts.getIamPolicy

iam.serviceAccounts.list

iam.serviceAccounts.listEffectiveTags

iam.serviceAccounts.listTagBindings

resourcemanager.projects.get

resourcemanager.projects.list

Workload Identity User role

Details Permissions

Workload Identity User

(roles/iam.workloadIdentityUser)

Impersonate service accounts from federated workloads.

iam.serviceAccounts.get

iam.serviceAccounts.getAccessToken

iam.serviceAccounts.getOpenIdToken

iam.serviceAccounts.list

Langkah selanjutnya

Pelajari IAM lebih lanjut
Pelajari cara membuat dan mengelola peran IAM kustom.
Memberi peran IAM kepada pengguna project.
Memberikan peran IAM untuk resource Compute Engine tertentu.
Memberikan peran IAM ke akun layanan.

Peran dan izin IAM Compute Engine

Apa yang dimaksud dengan IAM?

Peran serviceAccountUser

Izin konsol Google Cloud

Menghubungkan ke instance sebagai instanceAdmin

IAM dengan akun layanan

Grup instance terkelola dan IAM

Peran IAM Compute Engine yang telah ditetapkan

Compute Admin role

Compute Admin

Compute Future Reservation Admin role

Compute Future Reservation Admin Beta

Compute Future Reservation User role

Compute Future Reservation User Beta

Compute Future Reservation Viewer role

Compute Future Reservation Viewer Beta

Compute Image User role

Compute Image User

Compute Instance Admin (beta) role

Compute Instance Admin (beta)

Compute Instance Admin (v1) role

Compute Instance Admin (v1)

Compute Load Balancer Admin role

Compute Load Balancer Admin

Compute Load Balancer Services User role

Compute Load Balancer Services User

Compute Network Admin role

Compute Network Admin

Compute Network User role

Compute Network User

Compute Network Viewer role

Compute Network Viewer

Compute Organization Firewall Policy Admin role

Compute Organization Firewall Policy Admin

Compute Organization Firewall Policy User role

Compute Organization Firewall Policy User

Compute Organization Security Policy Admin role

Compute Organization Security Policy Admin

Compute Organization Security Policy User role

Compute Organization Security Policy User

Compute Organization Resource Admin role

Compute Organization Resource Admin

Compute OS Admin Login role

Compute OS Admin Login

Compute OS Login role

Compute OS Login

Compute OS Login External User role

Compute OS Login External User

Compute packet mirroring admin role

Compute packet mirroring admin

Compute packet mirroring user role

Compute packet mirroring user

Compute Public IP Admin role

Compute Public IP Admin

Compute Security Admin role

Compute Security Admin

Compute Sole Tenant Viewer role

Compute Sole Tenant Viewer

Compute Storage Admin role

Compute Storage Admin

Compute Viewer role

Compute Viewer

Compute Shared VPC Admin role

Compute Shared VPC Admin

OS Config Admin role

OS Config Admin Beta

GuestPolicy Admin role

GuestPolicy Admin Beta

GuestPolicy Editor role

GuestPolicy Editor Beta

GuestPolicy Viewer role

GuestPolicy Viewer Beta

InstanceOSPoliciesCompliance Viewer role

InstanceOSPoliciesCompliance Viewer Beta

OS Inventory Viewer role

OS Inventory Viewer

OSPolicyAssignment Admin role

OSPolicyAssignment Admin

OSPolicyAssignment Editor role

OSPolicyAssignment Editor

Compute Future Reservation Admin ^Beta

Compute Future Reservation User ^Beta

Compute Future Reservation Viewer ^Beta

OS Config Admin ^Beta

GuestPolicy Admin ^Beta

GuestPolicy Editor ^Beta

GuestPolicy Viewer ^Beta

InstanceOSPoliciesCompliance Viewer ^Beta

PolicyOrchestrator Admin ^Alpha

PolicyOrchestrator Viewer ^Alpha

Upgrade Report Viewer ^Beta

OS Config Viewer ^Beta