Cloud Functions IAM Permissions

The following tables list the Identity and Access Management (IAM) permissions that are associated with Cloud Functions.

Functions

Permission Description
cloudfunctions.functions.call Call the callFunction API.
cloudfunctions.functions.invoke Invoke an HTTP function via its public URL.
cloudfunctions.functions.create Create new functions.
cloudfunctions.functions.delete Delete functions.
cloudfunctions.functions.get View functions, excluding IAM policies.
cloudfunctions.functions.list List functions.
cloudfunctions.functions.update Update existing functions.
cloudfunctions.functions.sourceCodeGet View function source code.
cloudfunctions.functions.sourceCodeSet Update function source code.
cloudfunctions.functions.getIamPolicy View IAM policies associated with a function.
cloudfunctions.functions.setIamPolicy Update IAM policies associated with a function.

Operations

Permission Description
cloudfunctions.operations.get Get an existing operation.
cloudfunctions.operations.list List all operations.

Locations

Permission Description
cloudfunctions.locations.list List all locations.

For a reference of which IAM permissions are contained in each IAM role, see Cloud Functions IAM Roles.