IAM basic and predefined roles reference

Stay organized with collections Save and categorize content based on your preferences.

This page lists all basic and predefined roles for Identity and Access Management (IAM). To learn more about IAM roles, see Roles and permissions.

Basic roles

Basic roles are highly permissive roles that existed prior to the introduction of IAM. You can use basic roles to grant principals broad access to Google Cloud resources.

Name Title Permissions
roles/viewer Viewer Permissions for read-only actions that do not affect state, such as viewing (but not modifying) existing resources or data.
roles/editor Editor All viewer permissions, plus permissions for actions that modify state, such as changing existing resources.
Note: The Editor role contains permissions to create and delete resources for most Google Cloud services. However, it does not contain permissions to perform all actions for all services. For more information about how to check whether a role has the permissions that you need, see Role types on this page.
roles/owner Owner All Editor permissions and permissions for the following actions:
  • Manage roles and permissions for a project and all resources within the project.
  • Set up billing for a project.
Note:
  • Granting the Owner role at a resource level, such as a Pub/Sub topic, doesn't grant the Owner role on the parent project.
  • Granting the Owner role at the organization level doesn't allow you to update the organization's metadata. However, it allows you to modify all projects and other resources under that organization.
  • To grant the Owner role on a project to a user outside of your organization, you must use the Google Cloud console, not the gcloud CLI. If your project is not part of an organization, you must use the Google Cloud console to grant the Owner role.

Predefined roles

Predefined roles give granular access to specific Google Cloud resources. These roles are created and maintained by Google. Google automatically updates their permissions as necessary, such as when Google Cloud adds new features or services.

The following table lists all IAM predefined roles, organized by service.

Some permissions are marked as owner permissions with A permission is an owner permission if one of the following is true:

  • The permission is in the Owner basic role, but not the Viewer or Editor basic roles.
  • The permission isn't in any basic role, but it allows principals to perform tasks that an account owner might perform—for example, manage billing.

For more information about predefined roles, see Roles and permissions. For help choosing the most appropriate predefined roles, see Choose predefined roles.

Permissions

(roles/accessapproval.approver)

Ability to view or act on access approval requests and view configuration

Contains 3 owner permissions

accessapproval.requests.*

  • accessapproval.requests.approve
  • accessapproval.requests.dismiss
  • accessapproval.requests.get
  • accessapproval.requests.invalidate
  • accessapproval.requests.list

accessapproval.serviceAccounts.get

accessapproval.settings.get

resourcemanager.projects.get

resourcemanager.projects.list

(roles/accessapproval.configEditor)

Ability to update the Access Approval configuration

Contains 2 owner permissions

accessapproval.serviceAccounts.get

accessapproval.settings.*

  • accessapproval.settings.delete
  • accessapproval.settings.get
  • accessapproval.settings.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/accessapproval.invalidator)

Ability to invalidate existing approved approval requests

Contains 1 owner permission

accessapproval.requests.invalidate

accessapproval.serviceAccounts.get

accessapproval.settings.get

resourcemanager.projects.get

resourcemanager.projects.list

(roles/accessapproval.viewer)

Ability to view access approval requests and configuration

accessapproval.requests.get

accessapproval.requests.list

accessapproval.serviceAccounts.get

accessapproval.settings.get

resourcemanager.projects.get

resourcemanager.projects.list

Permissions

(roles/accesscontextmanager.gcpAccessAdmin)

Create, edit, and change Cloud access bindings.

accesscontextmanager.gcpUserAccessBindings.*

  • accesscontextmanager.gcpUserAccessBindings.create
  • accesscontextmanager.gcpUserAccessBindings.delete
  • accesscontextmanager.gcpUserAccessBindings.get
  • accesscontextmanager.gcpUserAccessBindings.list
  • accesscontextmanager.gcpUserAccessBindings.update

(roles/accesscontextmanager.gcpAccessReader)

Read access to Cloud access bindings.

accesscontextmanager.gcpUserAccessBindings.get

accesscontextmanager.gcpUserAccessBindings.list

(roles/accesscontextmanager.policyAdmin)

Full access to policies, access levels, access zones and trusted orgs descs.

Contains 2 owner permissions

accesscontextmanager.accessLevels.*

  • accesscontextmanager.accessLevels.create
  • accesscontextmanager.accessLevels.delete
  • accesscontextmanager.accessLevels.get
  • accesscontextmanager.accessLevels.list
  • accesscontextmanager.accessLevels.replaceAll
  • accesscontextmanager.accessLevels.update

accesscontextmanager.accessPolicies.*

  • accesscontextmanager.accessPolicies.create
  • accesscontextmanager.accessPolicies.delete
  • accesscontextmanager.accessPolicies.get
  • accesscontextmanager.accessPolicies.getIamPolicy
  • accesscontextmanager.accessPolicies.list
  • accesscontextmanager.accessPolicies.setIamPolicy
  • accesscontextmanager.accessPolicies.update

accesscontextmanager.accessZones.*

  • accesscontextmanager.accessZones.create
  • accesscontextmanager.accessZones.delete
  • accesscontextmanager.accessZones.get
  • accesscontextmanager.accessZones.list
  • accesscontextmanager.accessZones.update

accesscontextmanager.policies.*

  • accesscontextmanager.policies.create
  • accesscontextmanager.policies.delete
  • accesscontextmanager.policies.get
  • accesscontextmanager.policies.getIamPolicy
  • accesscontextmanager.policies.list
  • accesscontextmanager.policies.setIamPolicy
  • accesscontextmanager.policies.update

accesscontextmanager.servicePerimeters.*

  • accesscontextmanager.servicePerimeters.commit
  • accesscontextmanager.servicePerimeters.create
  • accesscontextmanager.servicePerimeters.delete
  • accesscontextmanager.servicePerimeters.get
  • accesscontextmanager.servicePerimeters.list
  • accesscontextmanager.servicePerimeters.replaceAll
  • accesscontextmanager.servicePerimeters.update

cloudasset.assets.searchAllResources

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

(roles/accesscontextmanager.policyEditor)

Edit access to policies. Create, edit, and change access levels, access zones and trusted orgs descs.

accesscontextmanager.accessLevels.*

  • accesscontextmanager.accessLevels.create
  • accesscontextmanager.accessLevels.delete
  • accesscontextmanager.accessLevels.get
  • accesscontextmanager.accessLevels.list
  • accesscontextmanager.accessLevels.replaceAll
  • accesscontextmanager.accessLevels.update

accesscontextmanager.accessPolicies.create

accesscontextmanager.accessPolicies.delete

accesscontextmanager.accessPolicies.get

accesscontextmanager.accessPolicies.getIamPolicy

accesscontextmanager.accessPolicies.list

accesscontextmanager.accessPolicies.update

accesscontextmanager.accessZones.*

  • accesscontextmanager.accessZones.create
  • accesscontextmanager.accessZones.delete
  • accesscontextmanager.accessZones.get
  • accesscontextmanager.accessZones.list
  • accesscontextmanager.accessZones.update

accesscontextmanager.policies.create

accesscontextmanager.policies.delete

accesscontextmanager.policies.get

accesscontextmanager.policies.getIamPolicy

accesscontextmanager.policies.list

accesscontextmanager.policies.update

accesscontextmanager.servicePerimeters.*

  • accesscontextmanager.servicePerimeters.commit
  • accesscontextmanager.servicePerimeters.create
  • accesscontextmanager.servicePerimeters.delete
  • accesscontextmanager.servicePerimeters.get
  • accesscontextmanager.servicePerimeters.list
  • accesscontextmanager.servicePerimeters.replaceAll
  • accesscontextmanager.servicePerimeters.update

cloudasset.assets.searchAllResources

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

(roles/accesscontextmanager.policyReader)

Read access to policies, access levels, access zones and trusted orgs descs.

accesscontextmanager.accessLevels.get

accesscontextmanager.accessLevels.list

accesscontextmanager.accessPolicies.get

accesscontextmanager.accessPolicies.getIamPolicy

accesscontextmanager.accessPolicies.list

accesscontextmanager.accessZones.get

accesscontextmanager.accessZones.list

accesscontextmanager.policies.get

accesscontextmanager.policies.getIamPolicy

accesscontextmanager.policies.list

accesscontextmanager.servicePerimeters.get

accesscontextmanager.servicePerimeters.list

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

(roles/accesscontextmanager.vpcScTroubleshooterViewer)

accesscontextmanager.accessLevels.get

accesscontextmanager.accessLevels.list

accesscontextmanager.policies.get

accesscontextmanager.policies.getIamPolicy

accesscontextmanager.policies.list

accesscontextmanager.servicePerimeters.get

accesscontextmanager.servicePerimeters.list

logging.exclusions.get

logging.exclusions.list

logging.logEntries.list

logging.logMetrics.get

logging.logMetrics.list

logging.logServiceIndexes.list

logging.logServices.list

logging.logs.list

logging.sinks.get

logging.sinks.list

logging.usage.get

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

Permissions

(roles/actions.Admin)

Access to edit and deploy an action

actions.*

  • actions.agent.claimContentProvider
  • actions.agent.get
  • actions.agent.update
  • actions.agentVersions.create
  • actions.agentVersions.delete
  • actions.agentVersions.deploy
  • actions.agentVersions.get
  • actions.agentVersions.list

firebase.projects.get

firebase.projects.update

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.services.use

(roles/actions.Viewer)

Access to view an action

actions.agent.get

actions.agentVersions.get

actions.agentVersions.list

firebase.projects.get

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.services.use

Permissions

(roles/notebooks.admin)

Full access to Notebooks, all resources.

Lowest-level resources where you can grant this role:

  • Instance

Contains 5 owner permissions

compute.acceleratorTypes.*

  • compute.acceleratorTypes.get
  • compute.acceleratorTypes.list

compute.addresses.get

compute.addresses.list

compute.autoscalers.get

compute.autoscalers.list

compute.backendBuckets.get

compute.backendBuckets.list

compute.backendServices.get

compute.backendServices.getIamPolicy

compute.backendServices.list

compute.commitments.get

compute.commitments.list

compute.diskTypes.*

  • compute.diskTypes.get
  • compute.diskTypes.list

compute.disks.get

compute.disks.getIamPolicy

compute.disks.list

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.externalVpnGateways.get

compute.externalVpnGateways.list

compute.firewallPolicies.get

compute.firewallPolicies.getIamPolicy

compute.firewallPolicies.list

compute.firewalls.get

compute.firewalls.list

compute.forwardingRules.get

compute.forwardingRules.list

compute.globalAddresses.get

compute.globalAddresses.list

compute.globalForwardingRules.get

compute.globalForwardingRules.list

compute.globalForwardingRules.pscGet

compute.globalNetworkEndpointGroups.get

compute.globalNetworkEndpointGroups.list

compute.globalOperations.get

compute.globalOperations.getIamPolicy

compute.globalOperations.list

compute.globalPublicDelegatedPrefixes.get

compute.globalPublicDelegatedPrefixes.list

compute.healthChecks.get

compute.healthChecks.list

compute.httpHealthChecks.get

compute.httpHealthChecks.list

compute.httpsHealthChecks.get

compute.httpsHealthChecks.list

compute.images.get

compute.images.getFromFamily

compute.images.getIamPolicy

compute.images.list

compute.images.listEffectiveTags

compute.images.listTagBindings

compute.instanceGroupManagers.get

compute.instanceGroupManagers.list

compute.instanceGroups.get

compute.instanceGroups.list

compute.instanceTemplates.get

compute.instanceTemplates.getIamPolicy

compute.instanceTemplates.list

compute.instances.get

compute.instances.getEffectiveFirewalls

compute.instances.getGuestAttributes

compute.instances.getIamPolicy

compute.instances.getScreenshot

compute.instances.getSerialPortOutput

compute.instances.getShieldedInstanceIdentity

compute.instances.getShieldedVmIdentity

compute.instances.list

compute.instances.listEffectiveTags

compute.instances.listReferrers

compute.instances.listTagBindings

compute.interconnectAttachments.get

compute.interconnectAttachments.list

compute.interconnectLocations.*

  • compute.interconnectLocations.get
  • compute.interconnectLocations.list

compute.interconnects.get

compute.interconnects.list

compute.licenseCodes.get

compute.licenseCodes.getIamPolicy

compute.licenseCodes.list

compute.licenses.get

compute.licenses.getIamPolicy

compute.licenses.list

compute.machineImages.get

compute.machineImages.getIamPolicy

compute.machineImages.list

compute.machineTypes.*

  • compute.machineTypes.get
  • compute.machineTypes.list

compute.maintenancePolicies.get

compute.maintenancePolicies.getIamPolicy

compute.maintenancePolicies.list

compute.networkEdgeSecurityServices.get

compute.networkEdgeSecurityServices.list

compute.networkEndpointGroups.get

compute.networkEndpointGroups.getIamPolicy

compute.networkEndpointGroups.list

compute.networks.get

compute.networks.getEffectiveFirewalls

compute.networks.getRegionEffectiveFirewalls

compute.networks.list

compute.networks.listPeeringRoutes

compute.nodeGroups.get

compute.nodeGroups.getIamPolicy

compute.nodeGroups.list

compute.nodeTemplates.get

compute.nodeTemplates.getIamPolicy

compute.nodeTemplates.list

compute.nodeTypes.*

  • compute.nodeTypes.get
  • compute.nodeTypes.list

compute.organizations.listAssociations

compute.packetMirrorings.get

compute.packetMirrorings.list

compute.projects.get

compute.publicAdvertisedPrefixes.get

compute.publicAdvertisedPrefixes.list

compute.publicDelegatedPrefixes.get

compute.publicDelegatedPrefixes.list

compute.regionBackendServices.get

compute.regionBackendServices.getIamPolicy

compute.regionBackendServices.list

compute.regionFirewallPolicies.get

compute.regionFirewallPolicies.getIamPolicy

compute.regionFirewallPolicies.list

compute.regionHealthCheckServices.get

compute.regionHealthCheckServices.list

compute.regionHealthChecks.get

compute.regionHealthChecks.list

compute.regionNetworkEndpointGroups.get

compute.regionNetworkEndpointGroups.list

compute.regionNotificationEndpoints.get

compute.regionNotificationEndpoints.list

compute.regionOperations.get

compute.regionOperations.getIamPolicy

compute.regionOperations.list

compute.regionSecurityPolicies.get

compute.regionSecurityPolicies.list

compute.regionSslCertificates.get

compute.regionSslCertificates.list

compute.regionTargetHttpProxies.get

compute.regionTargetHttpProxies.list

compute.regionTargetHttpsProxies.get

compute.regionTargetHttpsProxies.list

compute.regionUrlMaps.get

compute.regionUrlMaps.list

compute.regionUrlMaps.validate

compute.regions.*

  • compute.regions.get
  • compute.regions.list

compute.reservations.get

compute.reservations.list

compute.resourcePolicies.get

compute.resourcePolicies.list

compute.routers.get

compute.routers.list

compute.routes.get

compute.routes.list

compute.securityPolicies.get

compute.securityPolicies.getIamPolicy

compute.securityPolicies.list

compute.serviceAttachments.get

compute.serviceAttachments.list

compute.snapshots.get

compute.snapshots.getIamPolicy

compute.snapshots.list

compute.snapshots.listEffectiveTags

compute.snapshots.listTagBindings

compute.sslCertificates.get

compute.sslCertificates.list

compute.sslPolicies.get

compute.sslPolicies.list

compute.sslPolicies.listAvailableFeatures

compute.subnetworks.get

compute.subnetworks.getIamPolicy

compute.subnetworks.list

compute.targetGrpcProxies.get

compute.targetGrpcProxies.list

compute.targetHttpProxies.get

compute.targetHttpProxies.list

compute.targetHttpsProxies.get

compute.targetHttpsProxies.list

compute.targetInstances.get

compute.targetInstances.list

compute.targetPools.get

compute.targetPools.list

compute.targetSslProxies.get

compute.targetSslProxies.list

compute.targetTcpProxies.get

compute.targetTcpProxies.list

compute.targetVpnGateways.get

compute.targetVpnGateways.list

compute.urlMaps.get

compute.urlMaps.list

compute.urlMaps.validate

compute.vpnGateways.get

compute.vpnGateways.list

compute.vpnTunnels.get

compute.vpnTunnels.list

compute.zoneOperations.get

compute.zoneOperations.getIamPolicy

compute.zoneOperations.list

compute.zones.*

  • compute.zones.get
  • compute.zones.list

notebooks.*

  • notebooks.environments.create
  • notebooks.environments.delete
  • notebooks.environments.get
  • notebooks.environments.getIamPolicy
  • notebooks.environments.list
  • notebooks.environments.setIamPolicy
  • notebooks.executions.create
  • notebooks.executions.delete
  • notebooks.executions.get
  • notebooks.executions.getIamPolicy
  • notebooks.executions.list
  • notebooks.executions.setIamPolicy
  • notebooks.instances.checkUpgradability
  • notebooks.instances.create
  • notebooks.instances.delete
  • notebooks.instances.diagnose
  • notebooks.instances.get
  • notebooks.instances.getHealth
  • notebooks.instances.getIamPolicy
  • notebooks.instances.list
  • notebooks.instances.reset
  • notebooks.instances.setAccelerator
  • notebooks.instances.setIamPolicy
  • notebooks.instances.setLabels
  • notebooks.instances.setMachineType
  • notebooks.instances.start
  • notebooks.instances.stop
  • notebooks.instances.update
  • notebooks.instances.updateConfig
  • notebooks.instances.updateShieldInstanceConfig
  • notebooks.instances.upgrade
  • notebooks.instances.use
  • notebooks.locations.get
  • notebooks.locations.list
  • notebooks.operations.cancel
  • notebooks.operations.delete
  • notebooks.operations.get
  • notebooks.operations.list
  • notebooks.runtimes.create
  • notebooks.runtimes.delete
  • notebooks.runtimes.diagnose
  • notebooks.runtimes.get
  • notebooks.runtimes.getIamPolicy
  • notebooks.runtimes.list
  • notebooks.runtimes.reset
  • notebooks.runtimes.setIamPolicy
  • notebooks.runtimes.start
  • notebooks.runtimes.stop
  • notebooks.runtimes.switch
  • notebooks.runtimes.update
  • notebooks.schedules.create
  • notebooks.schedules.delete
  • notebooks.schedules.get
  • notebooks.schedules.getIamPolicy
  • notebooks.schedules.list
  • notebooks.schedules.setIamPolicy

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

(roles/notebooks.legacyAdmin)

Full access to Notebooks all resources through compute API.

Contains 35 owner permissions

compute.*

  • compute.acceleratorTypes.get
  • compute.acceleratorTypes.list
  • compute.addresses.create
  • compute.addresses.createInternal
  • compute.addresses.delete
  • compute.addresses.deleteInternal
  • compute.addresses.get
  • compute.addresses.list
  • compute.addresses.setLabels
  • compute.addresses.use
  • compute.addresses.useInternal
  • compute.autoscalers.create
  • compute.autoscalers.delete
  • compute.autoscalers.get
  • compute.autoscalers.list
  • compute.autoscalers.update
  • compute.backendBuckets.create
  • compute.backendBuckets.delete
  • compute.backendBuckets.get
  • compute.backendBuckets.list
  • compute.backendBuckets.setSecurityPolicy
  • compute.backendBuckets.update
  • compute.backendBuckets.use
  • compute.backendServices.create
  • compute.backendServices.delete
  • compute.backendServices.get
  • compute.backendServices.getIamPolicy
  • compute.backendServices.list
  • compute.backendServices.setIamPolicy
  • compute.backendServices.setSecurityPolicy
  • compute.backendServices.update
  • compute.backendServices.use
  • compute.commitments.create
  • compute.commitments.get
  • compute.commitments.list
  • compute.commitments.update
  • compute.commitments.updateReservations
  • compute.diskTypes.get
  • compute.diskTypes.list
  • compute.disks.addResourcePolicies
  • compute.disks.create
  • compute.disks.createSnapshot
  • compute.disks.createTagBinding
  • compute.disks.delete
  • compute.disks.deleteTagBinding
  • compute.disks.get
  • compute.disks.getIamPolicy
  • compute.disks.list
  • compute.disks.listEffectiveTags
  • compute.disks.listTagBindings
  • compute.disks.removeResourcePolicies
  • compute.disks.resize
  • compute.disks.setIamPolicy
  • compute.disks.setLabels
  • compute.disks.update
  • compute.disks.use
  • compute.disks.useReadOnly
  • compute.externalVpnGateways.create
  • compute.externalVpnGateways.delete
  • compute.externalVpnGateways.get
  • compute.externalVpnGateways.list
  • compute.externalVpnGateways.setLabels
  • compute.externalVpnGateways.use
  • compute.firewallPolicies.addAssociation
  • compute.firewallPolicies.cloneRules
  • compute.firewallPolicies.copyRules
  • compute.firewallPolicies.create
  • compute.firewallPolicies.delete
  • compute.firewallPolicies.get
  • compute.firewallPolicies.getIamPolicy
  • compute.firewallPolicies.list
  • compute.firewallPolicies.move
  • compute.firewallPolicies.removeAssociation
  • compute.firewallPolicies.setIamPolicy
  • compute.firewallPolicies.update
  • compute.firewallPolicies.use
  • compute.firewalls.create
  • compute.firewalls.delete
  • compute.firewalls.get
  • compute.firewalls.list
  • compute.firewalls.update
  • compute.forwardingRules.create
  • compute.forwardingRules.delete
  • compute.forwardingRules.get
  • compute.forwardingRules.list
  • compute.forwardingRules.pscCreate
  • compute.forwardingRules.pscDelete
  • compute.forwardingRules.pscSetLabels
  • compute.forwardingRules.pscSetTarget
  • compute.forwardingRules.pscUpdate
  • compute.forwardingRules.setLabels
  • compute.forwardingRules.setTarget
  • compute.forwardingRules.update
  • compute.forwardingRules.use
  • compute.globalAddresses.create
  • compute.globalAddresses.createInternal
  • compute.globalAddresses.delete
  • compute.globalAddresses.deleteInternal
  • compute.globalAddresses.get
  • compute.globalAddresses.list
  • compute.globalAddresses.setLabels
  • compute.globalAddresses.use
  • compute.globalForwardingRules.create
  • compute.globalForwardingRules.delete
  • compute.globalForwardingRules.get
  • compute.globalForwardingRules.list
  • compute.globalForwardingRules.pscCreate
  • compute.globalForwardingRules.pscDelete
  • compute.globalForwardingRules.pscGet
  • compute.globalForwardingRules.pscSetLabels
  • compute.globalForwardingRules.pscSetTarget
  • compute.globalForwardingRules.pscUpdate
  • compute.globalForwardingRules.setLabels
  • compute.globalForwardingRules.setTarget
  • compute.globalForwardingRules.update
  • compute.globalNetworkEndpointGroups.attachNetworkEndpoints
  • compute.globalNetworkEndpointGroups.create
  • compute.globalNetworkEndpointGroups.delete
  • compute.globalNetworkEndpointGroups.detachNetworkEndpoints
  • compute.globalNetworkEndpointGroups.get
  • compute.globalNetworkEndpointGroups.list
  • compute.globalNetworkEndpointGroups.use
  • compute.globalOperations.delete
  • compute.globalOperations.get
  • compute.globalOperations.getIamPolicy
  • compute.globalOperations.list
  • compute.globalOperations.setIamPolicy
  • compute.globalPublicDelegatedPrefixes.create
  • compute.globalPublicDelegatedPrefixes.delete
  • compute.globalPublicDelegatedPrefixes.get
  • compute.globalPublicDelegatedPrefixes.list
  • compute.globalPublicDelegatedPrefixes.update
  • compute.globalPublicDelegatedPrefixes.updatePolicy
  • compute.globalPublicDelegatedPrefixes.use
  • compute.healthChecks.create
  • compute.healthChecks.delete
  • compute.healthChecks.get
  • compute.healthChecks.list
  • compute.healthChecks.update
  • compute.healthChecks.use
  • compute.healthChecks.useReadOnly
  • compute.httpHealthChecks.create
  • compute.httpHealthChecks.delete
  • compute.httpHealthChecks.get
  • compute.httpHealthChecks.list
  • compute.httpHealthChecks.update
  • compute.httpHealthChecks.use
  • compute.httpHealthChecks.useReadOnly
  • compute.httpsHealthChecks.create
  • compute.httpsHealthChecks.delete
  • compute.httpsHealthChecks.get
  • compute.httpsHealthChecks.list
  • compute.httpsHealthChecks.update
  • compute.httpsHealthChecks.use
  • compute.httpsHealthChecks.useReadOnly
  • compute.images.create
  • compute.images.createTagBinding
  • compute.images.delete
  • compute.images.deleteTagBinding
  • compute.images.deprecate
  • compute.images.get
  • compute.images.getFromFamily
  • compute.images.getIamPolicy
  • compute.images.list
  • compute.images.listEffectiveTags
  • compute.images.listTagBindings
  • compute.images.setIamPolicy
  • compute.images.setLabels
  • compute.images.update
  • compute.images.useReadOnly
  • compute.instanceGroupManagers.create
  • compute.instanceGroupManagers.delete
  • compute.instanceGroupManagers.get
  • compute.instanceGroupManagers.list
  • compute.instanceGroupManagers.update
  • compute.instanceGroupManagers.use
  • compute.instanceGroups.create
  • compute.instanceGroups.delete
  • compute.instanceGroups.get
  • compute.instanceGroups.list
  • compute.instanceGroups.update
  • compute.instanceGroups.use
  • compute.instanceTemplates.create
  • compute.instanceTemplates.delete
  • compute.instanceTemplates.get
  • compute.instanceTemplates.getIamPolicy
  • compute.instanceTemplates.list
  • compute.instanceTemplates.setIamPolicy
  • compute.instanceTemplates.useReadOnly
  • compute.instances.addAccessConfig
  • compute.instances.addMaintenancePolicies
  • compute.instances.addResourcePolicies
  • compute.instances.attachDisk
  • compute.instances.create
  • compute.instances.createTagBinding
  • compute.instances.delete
  • compute.instances.deleteAccessConfig
  • compute.instances.deleteTagBinding
  • compute.instances.detachDisk
  • compute.instances.get
  • compute.instances.getEffectiveFirewalls
  • compute.instances.getGuestAttributes
  • compute.instances.getIamPolicy
  • compute.instances.getScreenshot
  • compute.instances.getSerialPortOutput
  • compute.instances.getShieldedInstanceIdentity
  • compute.instances.getShieldedVmIdentity
  • compute.instances.list
  • compute.instances.listEffectiveTags
  • compute.instances.listReferrers
  • compute.instances.listTagBindings
  • compute.instances.osAdminLogin
  • compute.instances.osLogin
  • compute.instances.removeMaintenancePolicies
  • compute.instances.removeResourcePolicies
  • compute.instances.reset
  • compute.instances.resume
  • compute.instances.sendDiagnosticInterrupt
  • compute.instances.setDeletionProtection
  • compute.instances.setDiskAutoDelete
  • compute.instances.setIamPolicy
  • compute.instances.setLabels
  • compute.instances.setMachineResources
  • compute.instances.setMachineType
  • compute.instances.setMetadata
  • compute.instances.setMinCpuPlatform
  • compute.instances.setScheduling
  • compute.instances.setServiceAccount
  • compute.instances.setShieldedInstanceIntegrityPolicy
  • compute.instances.setShieldedVmIntegrityPolicy
  • compute.instances.setTags
  • compute.instances.start
  • compute.instances.startWithEncryptionKey
  • compute.instances.stop
  • compute.instances.suspend
  • compute.instances.update
  • compute.instances.updateAccessConfig
  • compute.instances.updateDisplayDevice
  • compute.instances.updateNetworkInterface
  • compute.instances.updateSecurity
  • compute.instances.updateShieldedInstanceConfig
  • compute.instances.updateShieldedVmConfig
  • compute.instances.use
  • compute.instances.useReadOnly
  • compute.interconnectAttachments.create
  • compute.interconnectAttachments.delete
  • compute.interconnectAttachments.get
  • compute.interconnectAttachments.list
  • compute.interconnectAttachments.setLabels
  • compute.interconnectAttachments.update
  • compute.interconnectAttachments.use
  • compute.interconnectLocations.get
  • compute.interconnectLocations.list
  • compute.interconnects.create
  • compute.interconnects.delete
  • compute.interconnects.get
  • compute.interconnects.list
  • compute.interconnects.setLabels
  • compute.interconnects.update
  • compute.interconnects.use
  • compute.licenseCodes.get
  • compute.licenseCodes.getIamPolicy
  • compute.licenseCodes.list
  • compute.licenseCodes.setIamPolicy
  • compute.licenseCodes.update
  • compute.licenseCodes.use
  • compute.licenses.create
  • compute.licenses.delete
  • compute.licenses.get
  • compute.licenses.getIamPolicy
  • compute.licenses.list
  • compute.licenses.setIamPolicy
  • compute.machineImages.create
  • compute.machineImages.delete
  • compute.machineImages.get
  • compute.machineImages.getIamPolicy
  • compute.machineImages.list
  • compute.machineImages.setIamPolicy
  • compute.machineImages.useReadOnly
  • compute.machineTypes.get
  • compute.machineTypes.list
  • compute.maintenancePolicies.create
  • compute.maintenancePolicies.delete
  • compute.maintenancePolicies.get
  • compute.maintenancePolicies.getIamPolicy
  • compute.maintenancePolicies.list
  • compute.maintenancePolicies.setIamPolicy
  • compute.maintenancePolicies.use
  • compute.networkEdgeSecurityServices.create
  • compute.networkEdgeSecurityServices.delete
  • compute.networkEdgeSecurityServices.get
  • compute.networkEdgeSecurityServices.list
  • compute.networkEdgeSecurityServices.update
  • compute.networkEndpointGroups.attachNetworkEndpoints
  • compute.networkEndpointGroups.create
  • compute.networkEndpointGroups.delete
  • compute.networkEndpointGroups.detachNetworkEndpoints
  • compute.networkEndpointGroups.get
  • compute.networkEndpointGroups.getIamPolicy
  • compute.networkEndpointGroups.list
  • compute.networkEndpointGroups.setIamPolicy
  • compute.networkEndpointGroups.use
  • compute.networks.access
  • compute.networks.addPeering
  • compute.networks.create
  • compute.networks.delete
  • compute.networks.get
  • compute.networks.getEffectiveFirewalls
  • compute.networks.getRegionEffectiveFirewalls
  • compute.networks.list
  • compute.networks.listPeeringRoutes
  • compute.networks.mirror
  • compute.networks.removePeering
  • compute.networks.setFirewallPolicy
  • compute.networks.switchToCustomMode
  • compute.networks.update
  • compute.networks.updatePeering
  • compute.networks.updatePolicy
  • compute.networks.use
  • compute.networks.useExternalIp
  • compute.nodeGroups.addNodes
  • compute.nodeGroups.create
  • compute.nodeGroups.delete
  • compute.nodeGroups.deleteNodes
  • compute.nodeGroups.get
  • compute.nodeGroups.getIamPolicy
  • compute.nodeGroups.list
  • compute.nodeGroups.setIamPolicy
  • compute.nodeGroups.setNodeTemplate
  • compute.nodeGroups.update
  • compute.nodeTemplates.create
  • compute.nodeTemplates.delete
  • compute.nodeTemplates.get
  • compute.nodeTemplates.getIamPolicy
  • compute.nodeTemplates.list
  • compute.nodeTemplates.setIamPolicy
  • compute.nodeTypes.get
  • compute.nodeTypes.list
  • compute.organizations.administerXpn
  • compute.organizations.disableXpnHost
  • compute.organizations.disableXpnResource
  • compute.organizations.enableXpnHost
  • compute.organizations.enableXpnResource
  • compute.organizations.listAssociations
  • compute.organizations.setFirewallPolicy
  • compute.organizations.setSecurityPolicy
  • compute.oslogin.updateExternalUser
  • compute.packetMirrorings.create
  • compute.packetMirrorings.delete
  • compute.packetMirrorings.get
  • compute.packetMirrorings.list
  • compute.packetMirrorings.update
  • compute.projects.get
  • compute.projects.setCommonInstanceMetadata
  • compute.projects.setDefaultNetworkTier
  • compute.projects.setDefaultServiceAccount
  • compute.projects.setUsageExportBucket
  • compute.publicAdvertisedPrefixes.create
  • compute.publicAdvertisedPrefixes.delete
  • compute.publicAdvertisedPrefixes.get
  • compute.publicAdvertisedPrefixes.list
  • compute.publicAdvertisedPrefixes.update
  • compute.publicAdvertisedPrefixes.updatePolicy
  • compute.publicAdvertisedPrefixes.use
  • compute.publicDelegatedPrefixes.create
  • compute.publicDelegatedPrefixes.delete
  • compute.publicDelegatedPrefixes.get
  • compute.publicDelegatedPrefixes.list
  • compute.publicDelegatedPrefixes.update
  • compute.publicDelegatedPrefixes.updatePolicy
  • compute.publicDelegatedPrefixes.use
  • compute.regionBackendServices.create
  • compute.regionBackendServices.delete
  • compute.regionBackendServices.get
  • compute.regionBackendServices.getIamPolicy
  • compute.regionBackendServices.list
  • compute.regionBackendServices.setIamPolicy
  • compute.regionBackendServices.setSecurityPolicy
  • compute.regionBackendServices.update
  • compute.regionBackendServices.use
  • compute.regionFirewallPolicies.cloneRules
  • compute.regionFirewallPolicies.create
  • compute.regionFirewallPolicies.delete
  • compute.regionFirewallPolicies.get
  • compute.regionFirewallPolicies.getIamPolicy
  • compute.regionFirewallPolicies.list
  • compute.regionFirewallPolicies.setIamPolicy
  • compute.regionFirewallPolicies.update
  • compute.regionFirewallPolicies.use
  • compute.regionHealthCheckServices.create
  • compute.regionHealthCheckServices.delete
  • compute.regionHealthCheckServices.get
  • compute.regionHealthCheckServices.list
  • compute.regionHealthCheckServices.update
  • compute.regionHealthCheckServices.use
  • compute.regionHealthChecks.create
  • compute.regionHealthChecks.delete
  • compute.regionHealthChecks.get
  • compute.regionHealthChecks.list
  • compute.regionHealthChecks.update
  • compute.regionHealthChecks.use
  • compute.regionHealthChecks.useReadOnly
  • compute.regionNetworkEndpointGroups.create
  • compute.regionNetworkEndpointGroups.delete
  • compute.regionNetworkEndpointGroups.get
  • compute.regionNetworkEndpointGroups.list
  • compute.regionNetworkEndpointGroups.use
  • compute.regionNotificationEndpoints.create
  • compute.regionNotificationEndpoints.delete
  • compute.regionNotificationEndpoints.get
  • compute.regionNotificationEndpoints.list
  • compute.regionNotificationEndpoints.update
  • compute.regionNotificationEndpoints.use
  • compute.regionOperations.delete
  • compute.regionOperations.get
  • compute.regionOperations.getIamPolicy
  • compute.regionOperations.list
  • compute.regionOperations.setIamPolicy
  • compute.regionSecurityPolicies.create
  • compute.regionSecurityPolicies.delete
  • compute.regionSecurityPolicies.get
  • compute.regionSecurityPolicies.list
  • compute.regionSecurityPolicies.update
  • compute.regionSecurityPolicies.use
  • compute.regionSslCertificates.create
  • compute.regionSslCertificates.delete
  • compute.regionSslCertificates.get
  • compute.regionSslCertificates.list
  • compute.regionTargetHttpProxies.create
  • compute.regionTargetHttpProxies.delete
  • compute.regionTargetHttpProxies.get
  • compute.regionTargetHttpProxies.list
  • compute.regionTargetHttpProxies.setUrlMap
  • compute.regionTargetHttpProxies.use
  • compute.regionTargetHttpsProxies.create
  • compute.regionTargetHttpsProxies.delete
  • compute.regionTargetHttpsProxies.get
  • compute.regionTargetHttpsProxies.list
  • compute.regionTargetHttpsProxies.setSslCertificates
  • compute.regionTargetHttpsProxies.setUrlMap
  • compute.regionTargetHttpsProxies.update
  • compute.regionTargetHttpsProxies.use
  • compute.regionUrlMaps.create
  • compute.regionUrlMaps.delete
  • compute.regionUrlMaps.get
  • compute.regionUrlMaps.invalidateCache
  • compute.regionUrlMaps.list
  • compute.regionUrlMaps.update
  • compute.regionUrlMaps.use
  • compute.regionUrlMaps.validate
  • compute.regions.get
  • compute.regions.list
  • compute.reservations.create
  • compute.reservations.delete
  • compute.reservations.get
  • compute.reservations.list
  • compute.reservations.resize
  • compute.reservations.update
  • compute.resourcePolicies.create
  • compute.resourcePolicies.delete
  • compute.resourcePolicies.get
  • compute.resourcePolicies.list
  • compute.resourcePolicies.use
  • compute.routers.create
  • compute.routers.delete
  • compute.routers.get
  • compute.routers.list
  • compute.routers.update
  • compute.routers.use
  • compute.routes.create
  • compute.routes.delete
  • compute.routes.get
  • compute.routes.list
  • compute.securityPolicies.addAssociation
  • compute.securityPolicies.copyRules
  • compute.securityPolicies.create
  • compute.securityPolicies.delete
  • compute.securityPolicies.get
  • compute.securityPolicies.getIamPolicy
  • compute.securityPolicies.list
  • compute.securityPolicies.move
  • compute.securityPolicies.removeAssociation
  • compute.securityPolicies.setIamPolicy
  • compute.securityPolicies.setLabels
  • compute.securityPolicies.update
  • compute.securityPolicies.use
  • compute.serviceAttachments.create
  • compute.serviceAttachments.delete
  • compute.serviceAttachments.get
  • compute.serviceAttachments.list
  • compute.serviceAttachments.update
  • compute.snapshots.create
  • compute.snapshots.createTagBinding
  • compute.snapshots.delete
  • compute.snapshots.deleteTagBinding
  • compute.snapshots.get
  • compute.snapshots.getIamPolicy
  • compute.snapshots.list
  • compute.snapshots.listEffectiveTags
  • compute.snapshots.listTagBindings
  • compute.snapshots.setIamPolicy
  • compute.snapshots.setLabels
  • compute.snapshots.useReadOnly
  • compute.sslCertificates.create
  • compute.sslCertificates.delete
  • compute.sslCertificates.get
  • compute.sslCertificates.list
  • compute.sslPolicies.create
  • compute.sslPolicies.delete
  • compute.sslPolicies.get
  • compute.sslPolicies.list
  • compute.sslPolicies.listAvailableFeatures
  • compute.sslPolicies.update
  • compute.sslPolicies.use
  • compute.subnetworks.create
  • compute.subnetworks.delete
  • compute.subnetworks.expandIpCidrRange
  • compute.subnetworks.get
  • compute.subnetworks.getIamPolicy
  • compute.subnetworks.list
  • compute.subnetworks.mirror
  • compute.subnetworks.setIamPolicy
  • compute.subnetworks.setPrivateIpGoogleAccess
  • compute.subnetworks.update
  • compute.subnetworks.use
  • compute.subnetworks.useExternalIp
  • compute.targetGrpcProxies.create
  • compute.targetGrpcProxies.delete
  • compute.targetGrpcProxies.get
  • compute.targetGrpcProxies.list
  • compute.targetGrpcProxies.update
  • compute.targetGrpcProxies.use
  • compute.targetHttpProxies.create
  • compute.targetHttpProxies.delete
  • compute.targetHttpProxies.get
  • compute.targetHttpProxies.list
  • compute.targetHttpProxies.setUrlMap
  • compute.targetHttpProxies.use
  • compute.targetHttpsProxies.create
  • compute.targetHttpsProxies.delete
  • compute.targetHttpsProxies.get
  • compute.targetHttpsProxies.list
  • compute.targetHttpsProxies.setSslCertificates
  • compute.targetHttpsProxies.setSslPolicy
  • compute.targetHttpsProxies.setUrlMap
  • compute.targetHttpsProxies.update
  • compute.targetHttpsProxies.use
  • compute.targetInstances.create
  • compute.targetInstances.delete
  • compute.targetInstances.get
  • compute.targetInstances.list
  • compute.targetInstances.use
  • compute.targetPools.addHealthCheck
  • compute.targetPools.addInstance
  • compute.targetPools.create
  • compute.targetPools.delete
  • compute.targetPools.get
  • compute.targetPools.list
  • compute.targetPools.removeHealthCheck
  • compute.targetPools.removeInstance
  • compute.targetPools.update
  • compute.targetPools.use
  • compute.targetSslProxies.create
  • compute.targetSslProxies.delete
  • compute.targetSslProxies.get
  • compute.targetSslProxies.list
  • compute.targetSslProxies.setBackendService
  • compute.targetSslProxies.setProxyHeader
  • compute.targetSslProxies.setSslCertificates
  • compute.targetSslProxies.use
  • compute.targetTcpProxies.create
  • compute.targetTcpProxies.delete
  • compute.targetTcpProxies.get
  • compute.targetTcpProxies.list
  • compute.targetTcpProxies.update
  • compute.targetTcpProxies.use
  • compute.targetVpnGateways.create
  • compute.targetVpnGateways.delete
  • compute.targetVpnGateways.get
  • compute.targetVpnGateways.list
  • compute.targetVpnGateways.setLabels
  • compute.targetVpnGateways.use
  • compute.urlMaps.create
  • compute.urlMaps.delete
  • compute.urlMaps.get
  • compute.urlMaps.invalidateCache
  • compute.urlMaps.list
  • compute.urlMaps.update
  • compute.urlMaps.use
  • compute.urlMaps.validate
  • compute.vpnGateways.create
  • compute.vpnGateways.delete
  • compute.vpnGateways.get
  • compute.vpnGateways.list
  • compute.vpnGateways.setLabels
  • compute.vpnGateways.use
  • compute.vpnTunnels.create
  • compute.vpnTunnels.delete
  • compute.vpnTunnels.get
  • compute.vpnTunnels.list
  • compute.vpnTunnels.setLabels
  • compute.zoneOperations.delete
  • compute.zoneOperations.get
  • compute.zoneOperations.getIamPolicy
  • compute.zoneOperations.list
  • compute.zoneOperations.setIamPolicy
  • compute.zones.get
  • compute.zones.list

notebooks.*

  • notebooks.environments.create
  • notebooks.environments.delete
  • notebooks.environments.get
  • notebooks.environments.getIamPolicy
  • notebooks.environments.list
  • notebooks.environments.setIamPolicy
  • notebooks.executions.create
  • notebooks.executions.delete
  • notebooks.executions.get
  • notebooks.executions.getIamPolicy
  • notebooks.executions.list
  • notebooks.executions.setIamPolicy
  • notebooks.instances.checkUpgradability
  • notebooks.instances.create
  • notebooks.instances.delete
  • notebooks.instances.diagnose
  • notebooks.instances.get
  • notebooks.instances.getHealth
  • notebooks.instances.getIamPolicy
  • notebooks.instances.list
  • notebooks.instances.reset
  • notebooks.instances.setAccelerator
  • notebooks.instances.setIamPolicy
  • notebooks.instances.setLabels
  • notebooks.instances.setMachineType
  • notebooks.instances.start
  • notebooks.instances.stop
  • notebooks.instances.update
  • notebooks.instances.updateConfig
  • notebooks.instances.updateShieldInstanceConfig
  • notebooks.instances.upgrade
  • notebooks.instances.use
  • notebooks.locations.get
  • notebooks.locations.list
  • notebooks.operations.cancel
  • notebooks.operations.delete
  • notebooks.operations.get
  • notebooks.operations.list
  • notebooks.runtimes.create
  • notebooks.runtimes.delete
  • notebooks.runtimes.diagnose
  • notebooks.runtimes.get
  • notebooks.runtimes.getIamPolicy
  • notebooks.runtimes.list
  • notebooks.runtimes.reset
  • notebooks.runtimes.setIamPolicy
  • notebooks.runtimes.start
  • notebooks.runtimes.stop
  • notebooks.runtimes.switch
  • notebooks.runtimes.update
  • notebooks.schedules.create
  • notebooks.schedules.delete
  • notebooks.schedules.get
  • notebooks.schedules.getIamPolicy
  • notebooks.schedules.list
  • notebooks.schedules.setIamPolicy

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

(roles/notebooks.legacyViewer)

Read-only access to Notebooks all resources through compute API.

compute.acceleratorTypes.*

  • compute.acceleratorTypes.get
  • compute.acceleratorTypes.list

compute.addresses.get

compute.addresses.list

compute.autoscalers.get

compute.autoscalers.list

compute.backendBuckets.get

compute.backendBuckets.list

compute.backendServices.get

compute.backendServices.getIamPolicy

compute.backendServices.list

compute.commitments.get

compute.commitments.list

compute.diskTypes.*

  • compute.diskTypes.get
  • compute.diskTypes.list

compute.disks.get

compute.disks.getIamPolicy

compute.disks.list

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.externalVpnGateways.get

compute.externalVpnGateways.list

compute.firewallPolicies.get

compute.firewallPolicies.getIamPolicy

compute.firewallPolicies.list

compute.firewalls.get

compute.firewalls.list

compute.forwardingRules.get

compute.forwardingRules.list

compute.globalAddresses.get

compute.globalAddresses.list

compute.globalForwardingRules.get

compute.globalForwardingRules.list

compute.globalForwardingRules.pscGet

compute.globalNetworkEndpointGroups.get

compute.globalNetworkEndpointGroups.list

compute.globalOperations.get

compute.globalOperations.getIamPolicy

compute.globalOperations.list

compute.globalPublicDelegatedPrefixes.get

compute.globalPublicDelegatedPrefixes.list

compute.healthChecks.get

compute.healthChecks.list

compute.httpHealthChecks.get

compute.httpHealthChecks.list

compute.httpsHealthChecks.get

compute.httpsHealthChecks.list

compute.images.get

compute.images.getFromFamily

compute.images.getIamPolicy

compute.images.list

compute.images.listEffectiveTags

compute.images.listTagBindings

compute.instanceGroupManagers.get

compute.instanceGroupManagers.list

compute.instanceGroups.get

compute.instanceGroups.list

compute.instanceTemplates.get

compute.instanceTemplates.getIamPolicy

compute.instanceTemplates.list

compute.instances.get

compute.instances.getEffectiveFirewalls

compute.instances.getGuestAttributes

compute.instances.getIamPolicy

compute.instances.getScreenshot

compute.instances.getSerialPortOutput

compute.instances.getShieldedInstanceIdentity

compute.instances.getShieldedVmIdentity

compute.instances.list

compute.instances.listEffectiveTags

compute.instances.listReferrers

compute.instances.listTagBindings

compute.interconnectAttachments.get

compute.interconnectAttachments.list

compute.interconnectLocations.*

  • compute.interconnectLocations.get
  • compute.interconnectLocations.list

compute.interconnects.get

compute.interconnects.list

compute.licenseCodes.get

compute.licenseCodes.getIamPolicy

compute.licenseCodes.list

compute.licenses.get

compute.licenses.getIamPolicy

compute.licenses.list

compute.machineImages.get

compute.machineImages.getIamPolicy

compute.machineImages.list

compute.machineTypes.*

  • compute.machineTypes.get
  • compute.machineTypes.list

compute.maintenancePolicies.get

compute.maintenancePolicies.getIamPolicy

compute.maintenancePolicies.list

compute.networkEdgeSecurityServices.get

compute.networkEdgeSecurityServices.list

compute.networkEndpointGroups.get

compute.networkEndpointGroups.getIamPolicy

compute.networkEndpointGroups.list

compute.networks.get

compute.networks.getEffectiveFirewalls

compute.networks.getRegionEffectiveFirewalls

compute.networks.list

compute.networks.listPeeringRoutes

compute.nodeGroups.get

compute.nodeGroups.getIamPolicy

compute.nodeGroups.list

compute.nodeTemplates.get

compute.nodeTemplates.getIamPolicy

compute.nodeTemplates.list

compute.nodeTypes.*

  • compute.nodeTypes.get
  • compute.nodeTypes.list

compute.organizations.listAssociations

compute.packetMirrorings.get

compute.packetMirrorings.list

compute.projects.get

compute.publicAdvertisedPrefixes.get

compute.publicAdvertisedPrefixes.list

compute.publicDelegatedPrefixes.get

compute.publicDelegatedPrefixes.list

compute.regionBackendServices.get

compute.regionBackendServices.getIamPolicy

compute.regionBackendServices.list

compute.regionFirewallPolicies.get

compute.regionFirewallPolicies.getIamPolicy

compute.regionFirewallPolicies.list

compute.regionHealthCheckServices.get

compute.regionHealthCheckServices.list

compute.regionHealthChecks.get

compute.regionHealthChecks.list

compute.regionNetworkEndpointGroups.get

compute.regionNetworkEndpointGroups.list

compute.regionNotificationEndpoints.get

compute.regionNotificationEndpoints.list

compute.regionOperations.get

compute.regionOperations.getIamPolicy

compute.regionOperations.list

compute.regionSecurityPolicies.get

compute.regionSecurityPolicies.list

compute.regionSslCertificates.get

compute.regionSslCertificates.list

compute.regionTargetHttpProxies.get

compute.regionTargetHttpProxies.list

compute.regionTargetHttpsProxies.get

compute.regionTargetHttpsProxies.list

compute.regionUrlMaps.get

compute.regionUrlMaps.list

compute.regionUrlMaps.validate

compute.regions.*

  • compute.regions.get
  • compute.regions.list

compute.reservations.get

compute.reservations.list

compute.resourcePolicies.get

compute.resourcePolicies.list

compute.routers.get

compute.routers.list

compute.routes.get

compute.routes.list

compute.securityPolicies.get

compute.securityPolicies.getIamPolicy

compute.securityPolicies.list

compute.serviceAttachments.get

compute.serviceAttachments.list

compute.snapshots.get

compute.snapshots.getIamPolicy

compute.snapshots.list

compute.snapshots.listEffectiveTags

compute.snapshots.listTagBindings

compute.sslCertificates.get

compute.sslCertificates.list

compute.sslPolicies.get

compute.sslPolicies.list

compute.sslPolicies.listAvailableFeatures

compute.subnetworks.get

compute.subnetworks.getIamPolicy

compute.subnetworks.list

compute.targetGrpcProxies.get

compute.targetGrpcProxies.list

compute.targetHttpProxies.get

compute.targetHttpProxies.list

compute.targetHttpsProxies.get

compute.targetHttpsProxies.list

compute.targetInstances.get

compute.targetInstances.list

compute.targetPools.get

compute.targetPools.list

compute.targetSslProxies.get

compute.targetSslProxies.list

compute.targetTcpProxies.get

compute.targetTcpProxies.list

compute.targetVpnGateways.get

compute.targetVpnGateways.list

compute.urlMaps.get

compute.urlMaps.list

compute.urlMaps.validate

compute.vpnGateways.get

compute.vpnGateways.list

compute.vpnTunnels.get

compute.vpnTunnels.list

compute.zoneOperations.get

compute.zoneOperations.getIamPolicy

compute.zoneOperations.list

compute.zones.*

  • compute.zones.get
  • compute.zones.list

notebooks.environments.get

notebooks.environments.getIamPolicy

notebooks.environments.list

notebooks.executions.get

notebooks.executions.getIamPolicy

notebooks.executions.list

notebooks.instances.checkUpgradability

notebooks.instances.get

notebooks.instances.getHealth

notebooks.instances.getIamPolicy

notebooks.instances.list

notebooks.locations.*

  • notebooks.locations.get
  • notebooks.locations.list

notebooks.operations.get

notebooks.operations.list

notebooks.runtimes.get

notebooks.runtimes.getIamPolicy

notebooks.runtimes.list

notebooks.schedules.get

notebooks.schedules.getIamPolicy

notebooks.schedules.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

(roles/notebooks.runner)

Restricted access for running scheduled Notebooks.

compute.acceleratorTypes.*

  • compute.acceleratorTypes.get
  • compute.acceleratorTypes.list

compute.addresses.get

compute.addresses.list

compute.autoscalers.get

compute.autoscalers.list

compute.backendBuckets.get

compute.backendBuckets.list

compute.backendServices.get

compute.backendServices.getIamPolicy

compute.backendServices.list

compute.commitments.get

compute.commitments.list

compute.diskTypes.*

  • compute.diskTypes.get
  • compute.diskTypes.list

compute.disks.get

compute.disks.getIamPolicy

compute.disks.list

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.externalVpnGateways.get

compute.externalVpnGateways.list

compute.firewallPolicies.get

compute.firewallPolicies.getIamPolicy

compute.firewallPolicies.list

compute.firewalls.get

compute.firewalls.list

compute.forwardingRules.get

compute.forwardingRules.list

compute.globalAddresses.get

compute.globalAddresses.list

compute.globalForwardingRules.get

compute.globalForwardingRules.list

compute.globalForwardingRules.pscGet

compute.globalNetworkEndpointGroups.get

compute.globalNetworkEndpointGroups.list

compute.globalOperations.get

compute.globalOperations.getIamPolicy

compute.globalOperations.list

compute.globalPublicDelegatedPrefixes.get

compute.globalPublicDelegatedPrefixes.list

compute.healthChecks.get

compute.healthChecks.list

compute.httpHealthChecks.get

compute.httpHealthChecks.list

compute.httpsHealthChecks.get

compute.httpsHealthChecks.list

compute.images.get

compute.images.getFromFamily

compute.images.getIamPolicy

compute.images.list

compute.images.listEffectiveTags

compute.images.listTagBindings

compute.instanceGroupManagers.get

compute.instanceGroupManagers.list

compute.instanceGroups.get

compute.instanceGroups.list

compute.instanceTemplates.get

compute.instanceTemplates.getIamPolicy

compute.instanceTemplates.list

compute.instances.get

compute.instances.getEffectiveFirewalls

compute.instances.getGuestAttributes

compute.instances.getIamPolicy

compute.instances.getScreenshot

compute.instances.getSerialPortOutput

compute.instances.getShieldedInstanceIdentity

compute.instances.getShieldedVmIdentity

compute.instances.list

compute.instances.listEffectiveTags

compute.instances.listReferrers

compute.instances.listTagBindings

compute.interconnectAttachments.get

compute.interconnectAttachments.list

compute.interconnectLocations.*

  • compute.interconnectLocations.get
  • compute.interconnectLocations.list

compute.interconnects.get

compute.interconnects.list

compute.licenseCodes.get

compute.licenseCodes.getIamPolicy

compute.licenseCodes.list

compute.licenses.get

compute.licenses.getIamPolicy

compute.licenses.list

compute.machineImages.get

compute.machineImages.getIamPolicy

compute.machineImages.list

compute.machineTypes.*

  • compute.machineTypes.get
  • compute.machineTypes.list

compute.maintenancePolicies.get

compute.maintenancePolicies.getIamPolicy

compute.maintenancePolicies.list

compute.networkEdgeSecurityServices.get

compute.networkEdgeSecurityServices.list

compute.networkEndpointGroups.get

compute.networkEndpointGroups.getIamPolicy

compute.networkEndpointGroups.list

compute.networks.get

compute.networks.getEffectiveFirewalls

compute.networks.getRegionEffectiveFirewalls

compute.networks.list

compute.networks.listPeeringRoutes

compute.nodeGroups.get

compute.nodeGroups.getIamPolicy

compute.nodeGroups.list

compute.nodeTemplates.get

compute.nodeTemplates.getIamPolicy

compute.nodeTemplates.list

compute.nodeTypes.*

  • compute.nodeTypes.get
  • compute.nodeTypes.list

compute.organizations.listAssociations

compute.packetMirrorings.get

compute.packetMirrorings.list

compute.projects.get

compute.publicAdvertisedPrefixes.get

compute.publicAdvertisedPrefixes.list

compute.publicDelegatedPrefixes.get

compute.publicDelegatedPrefixes.list

compute.regionBackendServices.get

compute.regionBackendServices.getIamPolicy

compute.regionBackendServices.list

compute.regionFirewallPolicies.get

compute.regionFirewallPolicies.getIamPolicy

compute.regionFirewallPolicies.list

compute.regionHealthCheckServices.get

compute.regionHealthCheckServices.list

compute.regionHealthChecks.get

compute.regionHealthChecks.list

compute.regionNetworkEndpointGroups.get

compute.regionNetworkEndpointGroups.list

compute.regionNotificationEndpoints.get

compute.regionNotificationEndpoints.list

compute.regionOperations.get

compute.regionOperations.getIamPolicy

compute.regionOperations.list

compute.regionSecurityPolicies.get

compute.regionSecurityPolicies.list

compute.regionSslCertificates.get

compute.regionSslCertificates.list

compute.regionTargetHttpProxies.get

compute.regionTargetHttpProxies.list

compute.regionTargetHttpsProxies.get

compute.regionTargetHttpsProxies.list

compute.regionUrlMaps.get

compute.regionUrlMaps.list

compute.regionUrlMaps.validate

compute.regions.*

  • compute.regions.get
  • compute.regions.list

compute.reservations.get

compute.reservations.list

compute.resourcePolicies.get

compute.resourcePolicies.list

compute.routers.get

compute.routers.list

compute.routes.get

compute.routes.list

compute.securityPolicies.get

compute.securityPolicies.getIamPolicy

compute.securityPolicies.list

compute.serviceAttachments.get

compute.serviceAttachments.list

compute.snapshots.get

compute.snapshots.getIamPolicy

compute.snapshots.list

compute.snapshots.listEffectiveTags

compute.snapshots.listTagBindings

compute.sslCertificates.get

compute.sslCertificates.list

compute.sslPolicies.get

compute.sslPolicies.list

compute.sslPolicies.listAvailableFeatures

compute.subnetworks.get

compute.subnetworks.getIamPolicy

compute.subnetworks.list

compute.targetGrpcProxies.get

compute.targetGrpcProxies.list

compute.targetHttpProxies.get

compute.targetHttpProxies.list

compute.targetHttpsProxies.get

compute.targetHttpsProxies.list

compute.targetInstances.get

compute.targetInstances.list

compute.targetPools.get

compute.targetPools.list

compute.targetSslProxies.get

compute.targetSslProxies.list

compute.targetTcpProxies.get

compute.targetTcpProxies.list

compute.targetVpnGateways.get

compute.targetVpnGateways.list

compute.urlMaps.get

compute.urlMaps.list

compute.urlMaps.validate

compute.vpnGateways.get

compute.vpnGateways.list

compute.vpnTunnels.get

compute.vpnTunnels.list

compute.zoneOperations.get

compute.zoneOperations.getIamPolicy

compute.zoneOperations.list

compute.zones.*

  • compute.zones.get
  • compute.zones.list

notebooks.environments.get

notebooks.environments.getIamPolicy

notebooks.environments.list

notebooks.executions.create

notebooks.executions.get

notebooks.executions.getIamPolicy

notebooks.executions.list

notebooks.instances.checkUpgradability

notebooks.instances.create

notebooks.instances.get

notebooks.instances.getHealth

notebooks.instances.getIamPolicy

notebooks.instances.list

notebooks.locations.*

  • notebooks.locations.get
  • notebooks.locations.list

notebooks.operations.get

notebooks.operations.list

notebooks.runtimes.create

notebooks.runtimes.get

notebooks.runtimes.getIamPolicy

notebooks.runtimes.list

notebooks.schedules.create

notebooks.schedules.get

notebooks.schedules.getIamPolicy

notebooks.schedules.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

(roles/notebooks.viewer)

Read-only access to Notebooks, all resources.

Lowest-level resources where you can grant this role:

  • Instance

compute.acceleratorTypes.*

  • compute.acceleratorTypes.get
  • compute.acceleratorTypes.list

compute.addresses.get

compute.addresses.list

compute.autoscalers.get

compute.autoscalers.list

compute.backendBuckets.get

compute.backendBuckets.list

compute.backendServices.get

compute.backendServices.getIamPolicy

compute.backendServices.list

compute.commitments.get

compute.commitments.list

compute.diskTypes.*

  • compute.diskTypes.get
  • compute.diskTypes.list

compute.disks.get

compute.disks.getIamPolicy

compute.disks.list

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.externalVpnGateways.get

compute.externalVpnGateways.list

compute.firewallPolicies.get

compute.firewallPolicies.getIamPolicy

compute.firewallPolicies.list

compute.firewalls.get

compute.firewalls.list

compute.forwardingRules.get

compute.forwardingRules.list

compute.globalAddresses.get

compute.globalAddresses.list

compute.globalForwardingRules.get

compute.globalForwardingRules.list

compute.globalForwardingRules.pscGet

compute.globalNetworkEndpointGroups.get

compute.globalNetworkEndpointGroups.list

compute.globalOperations.get

compute.globalOperations.getIamPolicy

compute.globalOperations.list

compute.globalPublicDelegatedPrefixes.get

compute.globalPublicDelegatedPrefixes.list

compute.healthChecks.get

compute.healthChecks.list

compute.httpHealthChecks.get

compute.httpHealthChecks.list

compute.httpsHealthChecks.get

compute.httpsHealthChecks.list

compute.images.get

compute.images.getFromFamily

compute.images.getIamPolicy

compute.images.list

compute.images.listEffectiveTags

compute.images.listTagBindings

compute.instanceGroupManagers.get

compute.instanceGroupManagers.list

compute.instanceGroups.get

compute.instanceGroups.list

compute.instanceTemplates.get

compute.instanceTemplates.getIamPolicy

compute.instanceTemplates.list

compute.instances.get

compute.instances.getEffectiveFirewalls

compute.instances.getGuestAttributes

compute.instances.getIamPolicy

compute.instances.getScreenshot

compute.instances.getSerialPortOutput

compute.instances.getShieldedInstanceIdentity

compute.instances.getShieldedVmIdentity

compute.instances.list

compute.instances.listEffectiveTags

compute.instances.listReferrers

compute.instances.listTagBindings

compute.interconnectAttachments.get

compute.interconnectAttachments.list

compute.interconnectLocations.*

  • compute.interconnectLocations.get
  • compute.interconnectLocations.list

compute.interconnects.get

compute.interconnects.list

compute.licenseCodes.get

compute.licenseCodes.getIamPolicy

compute.licenseCodes.list

compute.licenses.get

compute.licenses.getIamPolicy

compute.licenses.list

compute.machineImages.get

compute.machineImages.getIamPolicy

compute.machineImages.list

compute.machineTypes.*

  • compute.machineTypes.get
  • compute.machineTypes.list

compute.maintenancePolicies.get

compute.maintenancePolicies.getIamPolicy

compute.maintenancePolicies.list

compute.networkEdgeSecurityServices.get

compute.networkEdgeSecurityServices.list

compute.networkEndpointGroups.get

compute.networkEndpointGroups.getIamPolicy

compute.networkEndpointGroups.list

compute.networks.get

compute.networks.getEffectiveFirewalls

compute.networks.getRegionEffectiveFirewalls

compute.networks.list

compute.networks.listPeeringRoutes

compute.nodeGroups.get

compute.nodeGroups.getIamPolicy

compute.nodeGroups.list

compute.nodeTemplates.get

compute.nodeTemplates.getIamPolicy

compute.nodeTemplates.list

compute.nodeTypes.*

  • compute.nodeTypes.get
  • compute.nodeTypes.list

compute.organizations.listAssociations

compute.packetMirrorings.get

compute.packetMirrorings.list

compute.projects.get

compute.publicAdvertisedPrefixes.get

compute.publicAdvertisedPrefixes.list

compute.publicDelegatedPrefixes.get

compute.publicDelegatedPrefixes.list

compute.regionBackendServices.get

compute.regionBackendServices.getIamPolicy

compute.regionBackendServices.list

compute.regionFirewallPolicies.get

compute.regionFirewallPolicies.getIamPolicy

compute.regionFirewallPolicies.list

compute.regionHealthCheckServices.get

compute.regionHealthCheckServices.list

compute.regionHealthChecks.get

compute.regionHealthChecks.list

compute.regionNetworkEndpointGroups.get

compute.regionNetworkEndpointGroups.list

compute.regionNotificationEndpoints.get

compute.regionNotificationEndpoints.list

compute.regionOperations.get

compute.regionOperations.getIamPolicy

compute.regionOperations.list

compute.regionSecurityPolicies.get

compute.regionSecurityPolicies.list

compute.regionSslCertificates.get

compute.regionSslCertificates.list

compute.regionTargetHttpProxies.get

compute.regionTargetHttpProxies.list

compute.regionTargetHttpsProxies.get

compute.regionTargetHttpsProxies.list

compute.regionUrlMaps.get

compute.regionUrlMaps.list

compute.regionUrlMaps.validate

compute.regions.*

  • compute.regions.get
  • compute.regions.list

compute.reservations.get

compute.reservations.list

compute.resourcePolicies.get

compute.resourcePolicies.list

compute.routers.get

compute.routers.list

compute.routes.get

compute.routes.list

compute.securityPolicies.get

compute.securityPolicies.getIamPolicy

compute.securityPolicies.list

compute.serviceAttachments.get

compute.serviceAttachments.list

compute.snapshots.get

compute.snapshots.getIamPolicy

compute.snapshots.list

compute.snapshots.listEffectiveTags

compute.snapshots.listTagBindings

compute.sslCertificates.get

compute.sslCertificates.list

compute.sslPolicies.get

compute.sslPolicies.list

compute.sslPolicies.listAvailableFeatures

compute.subnetworks.get

compute.subnetworks.getIamPolicy

compute.subnetworks.list

compute.targetGrpcProxies.get

compute.targetGrpcProxies.list

compute.targetHttpProxies.get

compute.targetHttpProxies.list

compute.targetHttpsProxies.get

compute.targetHttpsProxies.list

compute.targetInstances.get

compute.targetInstances.list

compute.targetPools.get

compute.targetPools.list

compute.targetSslProxies.get

compute.targetSslProxies.list

compute.targetTcpProxies.get

compute.targetTcpProxies.list

compute.targetVpnGateways.get

compute.targetVpnGateways.list

compute.urlMaps.get

compute.urlMaps.list

compute.urlMaps.validate

compute.vpnGateways.get

compute.vpnGateways.list

compute.vpnTunnels.get

compute.vpnTunnels.list

compute.zoneOperations.get

compute.zoneOperations.getIamPolicy

compute.zoneOperations.list

compute.zones.*

  • compute.zones.get
  • compute.zones.list

notebooks.environments.get

notebooks.environments.getIamPolicy

notebooks.environments.list

notebooks.executions.get

notebooks.executions.getIamPolicy

notebooks.executions.list

notebooks.instances.checkUpgradability

notebooks.instances.get

notebooks.instances.getHealth

notebooks.instances.getIamPolicy

notebooks.instances.list

notebooks.locations.*

  • notebooks.locations.get
  • notebooks.locations.list

notebooks.operations.get

notebooks.operations.list

notebooks.runtimes.get

notebooks.runtimes.getIamPolicy

notebooks.runtimes.list

notebooks.schedules.get

notebooks.schedules.getIamPolicy

notebooks.schedules.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Permissions

(roles/ml.admin)

Provides full access to AI Platform resources, and its jobs, operations, models, and versions.

Lowest-level resources where you can grant this role:

  • Project

Contains 3 owner permissions

ml.*

  • ml.jobs.cancel
  • ml.jobs.create
  • ml.jobs.get
  • ml.jobs.getIamPolicy
  • ml.jobs.list
  • ml.jobs.setIamPolicy
  • ml.jobs.update
  • ml.locations.get
  • ml.locations.list
  • ml.models.create
  • ml.models.delete
  • ml.models.get
  • ml.models.getIamPolicy
  • ml.models.list
  • ml.models.predict
  • ml.models.setIamPolicy
  • ml.models.update
  • ml.operations.cancel
  • ml.operations.get
  • ml.operations.list
  • ml.projects.getConfig
  • ml.studies.create
  • ml.studies.delete
  • ml.studies.get
  • ml.studies.getIamPolicy
  • ml.studies.list
  • ml.studies.setIamPolicy
  • ml.trials.create
  • ml.trials.delete
  • ml.trials.get
  • ml.trials.list
  • ml.trials.update
  • ml.versions.create
  • ml.versions.delete
  • ml.versions.get
  • ml.versions.list
  • ml.versions.predict
  • ml.versions.update

resourcemanager.projects.get

(roles/ml.developer)

Provides ability to use AI Platform resources for creating models, versions, jobs for training and prediction, and sending online prediction requests.

Lowest-level resources where you can grant this role:

  • Project

Contains 1 owner permission

ml.jobs.create

ml.jobs.get

ml.jobs.getIamPolicy

ml.jobs.list

ml.locations.*

  • ml.locations.get
  • ml.locations.list

ml.models.create

ml.models.get

ml.models.getIamPolicy

ml.models.list

ml.models.predict

ml.operations.get

ml.operations.list

ml.projects.getConfig

ml.studies.*

  • ml.studies.create
  • ml.studies.delete
  • ml.studies.get
  • ml.studies.getIamPolicy
  • ml.studies.list
  • ml.studies.setIamPolicy

ml.trials.*

  • ml.trials.create
  • ml.trials.delete
  • ml.trials.get
  • ml.trials.list
  • ml.trials.update

ml.versions.get

ml.versions.list

ml.versions.predict

resourcemanager.projects.get

(roles/ml.jobOwner)

Provides full access to all permissions for a particular job resource. This role is automatically granted to the user who creates the job.

Lowest-level resources where you can grant this role:

  • Job

Contains 1 owner permission

ml.jobs.*

  • ml.jobs.cancel
  • ml.jobs.create
  • ml.jobs.get
  • ml.jobs.getIamPolicy
  • ml.jobs.list
  • ml.jobs.setIamPolicy
  • ml.jobs.update

(roles/ml.modelOwner)

Provides full access to the model and its versions. This role is automatically granted to the user who creates the model.

Lowest-level resources where you can grant this role:

  • Model

Contains 1 owner permission

ml.models.*

  • ml.models.create
  • ml.models.delete
  • ml.models.get
  • ml.models.getIamPolicy
  • ml.models.list
  • ml.models.predict
  • ml.models.setIamPolicy
  • ml.models.update

ml.versions.*

  • ml.versions.create
  • ml.versions.delete
  • ml.versions.get
  • ml.versions.list
  • ml.versions.predict
  • ml.versions.update

(roles/ml.modelUser)

Provides permissions to read the model and its versions, and use them for prediction.

Lowest-level resources where you can grant this role:

  • Model

ml.models.get

ml.models.predict

ml.versions.get

ml.versions.list

ml.versions.predict

(roles/ml.operationOwner)

Provides full access to all permissions for a particular operation resource.

Lowest-level resources where you can grant this role:

  • Operation

ml.operations.*

  • ml.operations.cancel
  • ml.operations.get
  • ml.operations.list

(roles/ml.viewer)

Provides read-only access to AI Platform resources.

Lowest-level resources where you can grant this role:

  • Project

ml.jobs.get

ml.jobs.list

ml.locations.*

  • ml.locations.get
  • ml.locations.list

ml.models.get

ml.models.list

ml.operations.get

ml.operations.list

ml.projects.getConfig

ml.studies.get

ml.studies.getIamPolicy

ml.studies.list

ml.trials.get

ml.trials.list

ml.versions.get

ml.versions.list

resourcemanager.projects.get

Permissions

(roles/analyticshub.admin)

Administer Data Exchanges and Listings

Contains 2 owner permissions

analyticshub.dataExchanges.*

  • analyticshub.dataExchanges.create
  • analyticshub.dataExchanges.delete
  • analyticshub.dataExchanges.get
  • analyticshub.dataExchanges.getIamPolicy
  • analyticshub.dataExchanges.list
  • analyticshub.dataExchanges.setIamPolicy
  • analyticshub.dataExchanges.update

analyticshub.listings.create

analyticshub.listings.delete

analyticshub.listings.get

analyticshub.listings.getIamPolicy

analyticshub.listings.list

analyticshub.listings.setIamPolicy

analyticshub.listings.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/analyticshub.listingAdmin)

Grants full control over the Listing, including updating, deleting and setting ACLs

Contains 1 owner permission

analyticshub.dataExchanges.get

analyticshub.dataExchanges.getIamPolicy

analyticshub.dataExchanges.list

analyticshub.listings.delete

analyticshub.listings.get

analyticshub.listings.getIamPolicy

analyticshub.listings.list

analyticshub.listings.setIamPolicy

analyticshub.listings.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/analyticshub.publisher)

Can publish to Data Exchanges thus creating Listings

analyticshub.dataExchanges.get

analyticshub.dataExchanges.getIamPolicy

analyticshub.dataExchanges.list

analyticshub.listings.create

analyticshub.listings.get

analyticshub.listings.getIamPolicy

analyticshub.listings.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/analyticshub.subscriber)

Can browse Data Exchanges and subscribe to Listings

Contains 1 owner permission

analyticshub.dataExchanges.get

analyticshub.dataExchanges.getIamPolicy

analyticshub.dataExchanges.list

analyticshub.listings.get

analyticshub.listings.getIamPolicy

analyticshub.listings.list

analyticshub.listings.subscribe

resourcemanager.projects.get

resourcemanager.projects.list

(roles/analyticshub.viewer)

Can browse Data Exchanges and Listings

analyticshub.dataExchanges.get

analyticshub.dataExchanges.getIamPolicy

analyticshub.dataExchanges.list

analyticshub.listings.get

analyticshub.listings.getIamPolicy

analyticshub.listings.list

resourcemanager.projects.get

resourcemanager.projects.list

Permissions

(roles/androidmanagement.user)

Full access to manage devices.

androidmanagement.enterprises.manage

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Permissions

(roles/gkemulticloud.admin)

Admin access to Anthos Multi-cloud resources.

Contains 2 owner permissions

gkemulticloud.*

  • gkemulticloud.awsClusters.create
  • gkemulticloud.awsClusters.delete
  • gkemulticloud.awsClusters.generateAccessToken
  • gkemulticloud.awsClusters.get
  • gkemulticloud.awsClusters.getAdminKubeconfig
  • gkemulticloud.awsClusters.list
  • gkemulticloud.awsClusters.update
  • gkemulticloud.awsNodePools.create
  • gkemulticloud.awsNodePools.delete
  • gkemulticloud.awsNodePools.get
  • gkemulticloud.awsNodePools.list
  • gkemulticloud.awsNodePools.update
  • gkemulticloud.awsServerConfigs.get
  • gkemulticloud.azureClients.create
  • gkemulticloud.azureClients.delete
  • gkemulticloud.azureClients.get
  • gkemulticloud.azureClients.list
  • gkemulticloud.azureClusters.create
  • gkemulticloud.azureClusters.delete
  • gkemulticloud.azureClusters.generateAccessToken
  • gkemulticloud.azureClusters.get
  • gkemulticloud.azureClusters.getAdminKubeconfig
  • gkemulticloud.azureClusters.list
  • gkemulticloud.azureClusters.update
  • gkemulticloud.azureNodePools.create
  • gkemulticloud.azureNodePools.delete
  • gkemulticloud.azureNodePools.get
  • gkemulticloud.azureNodePools.list
  • gkemulticloud.azureNodePools.update
  • gkemulticloud.azureServerConfigs.get
  • gkemulticloud.operations.cancel
  • gkemulticloud.operations.delete
  • gkemulticloud.operations.get
  • gkemulticloud.operations.list
  • gkemulticloud.operations.wait

resourcemanager.projects.get

resourcemanager.projects.list

(roles/gkemulticloud.telemetryWriter)

Grant access to write cluster telemetry data such as logs, metrics, and resource metadata.

logging.logEntries.create

monitoring.metricDescriptors.create

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

  • monitoring.monitoredResourceDescriptors.get
  • monitoring.monitoredResourceDescriptors.list

monitoring.timeSeries.create

opsconfigmonitoring.resourceMetadata.write

(roles/gkemulticloud.viewer)

Viewer access to Anthos Multi-cloud resources.

gkemulticloud.awsClusters.generateAccessToken

gkemulticloud.awsClusters.get

gkemulticloud.awsClusters.list

gkemulticloud.awsNodePools.get

gkemulticloud.awsNodePools.list

gkemulticloud.awsServerConfigs.get

gkemulticloud.azureClients.get

gkemulticloud.azureClients.list

gkemulticloud.azureClusters.generateAccessToken

gkemulticloud.azureClusters.get

gkemulticloud.azureClusters.list

gkemulticloud.azureNodePools.get

gkemulticloud.azureNodePools.list

gkemulticloud.azureServerConfigs.get

gkemulticloud.operations.get

gkemulticloud.operations.list

gkemulticloud.operations.wait

resourcemanager.projects.get

resourcemanager.projects.list

Permissions

(roles/apigateway.admin)

Full access to ApiGateway and related resources.

Contains 3 owner permissions

apigateway.*

  • apigateway.apiconfigs.create
  • apigateway.apiconfigs.delete
  • apigateway.apiconfigs.get
  • apigateway.apiconfigs.getIamPolicy
  • apigateway.apiconfigs.list
  • apigateway.apiconfigs.setIamPolicy
  • apigateway.apiconfigs.update
  • apigateway.apis.create
  • apigateway.apis.delete
  • apigateway.apis.get
  • apigateway.apis.getIamPolicy
  • apigateway.apis.list
  • apigateway.apis.setIamPolicy
  • apigateway.apis.update
  • apigateway.gateways.create
  • apigateway.gateways.delete
  • apigateway.gateways.get
  • apigateway.gateways.getIamPolicy
  • apigateway.gateways.list
  • apigateway.gateways.setIamPolicy
  • apigateway.gateways.update
  • apigateway.locations.get
  • apigateway.locations.list
  • apigateway.operations.cancel
  • apigateway.operations.delete
  • apigateway.operations.get
  • apigateway.operations.list

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.get

monitoring.timeSeries.list

resourcemanager.projects.get

resourcemanager.projects.list

servicemanagement.services.get

serviceusage.services.list

(roles/apigateway.viewer)

Read-only access to ApiGateway and related resources.

apigateway.apiconfigs.get

apigateway.apiconfigs.getIamPolicy

apigateway.apiconfigs.list

apigateway.apis.get

apigateway.apis.getIamPolicy

apigateway.apis.list

apigateway.gateways.get

apigateway.gateways.getIamPolicy

apigateway.gateways.list

apigateway.locations.*

  • apigateway.locations.get
  • apigateway.locations.list

apigateway.operations.get

apigateway.operations.list

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.get

monitoring.timeSeries.list

resourcemanager.projects.get

resourcemanager.projects.list

servicemanagement.services.get

serviceusage.services.list

Permissions

(roles/apigee.admin)

Full access to all apigee resource features

Contains 1 owner permission

apigee.*

  • apigee.apiproductattributes.createOrUpdateAll
  • apigee.apiproductattributes.delete
  • apigee.apiproductattributes.get
  • apigee.apiproductattributes.list
  • apigee.apiproductattributes.update
  • apigee.apiproducts.create
  • apigee.apiproducts.delete
  • apigee.apiproducts.get
  • apigee.apiproducts.list
  • apigee.apiproducts.update
  • apigee.appkeys.create
  • apigee.appkeys.delete
  • apigee.appkeys.get
  • apigee.appkeys.manage
  • apigee.apps.get
  • apigee.apps.list
  • apigee.archivedeployments.create
  • apigee.archivedeployments.delete
  • apigee.archivedeployments.download
  • apigee.archivedeployments.get
  • apigee.archivedeployments.list
  • apigee.archivedeployments.update
  • apigee.archivedeployments.upload
  • apigee.caches.delete
  • apigee.caches.list
  • apigee.canaryevaluations.create
  • apigee.canaryevaluations.get
  • apigee.datacollectors.create
  • apigee.datacollectors.delete
  • apigee.datacollectors.get
  • apigee.datacollectors.list
  • apigee.datacollectors.update
  • apigee.datalocation.get
  • apigee.datastores.create
  • apigee.datastores.delete
  • apigee.datastores.get
  • apigee.datastores.list
  • apigee.datastores.update
  • apigee.deployments.create
  • apigee.deployments.delete
  • apigee.deployments.get
  • apigee.deployments.list
  • apigee.deployments.update
  • apigee.developerappattributes.createOrUpdateAll
  • apigee.developerappattributes.delete
  • apigee.developerappattributes.get
  • apigee.developerappattributes.list
  • apigee.developerappattributes.update
  • apigee.developerapps.create
  • apigee.developerapps.delete
  • apigee.developerapps.get
  • apigee.developerapps.list
  • apigee.developerapps.manage
  • apigee.developerattributes.createOrUpdateAll
  • apigee.developerattributes.delete
  • apigee.developerattributes.get
  • apigee.developerattributes.list
  • apigee.developerattributes.update
  • apigee.developerbalances.adjust
  • apigee.developerbalances.get
  • apigee.developerbalances.update
  • apigee.developermonetizationconfigs.get
  • apigee.developermonetizationconfigs.update
  • apigee.developers.create
  • apigee.developers.delete
  • apigee.developers.get
  • apigee.developers.list
  • apigee.developers.update
  • apigee.developersubscriptions.create
  • apigee.developersubscriptions.get
  • apigee.developersubscriptions.list
  • apigee.developersubscriptions.update
  • apigee.endpointattachments.create
  • apigee.endpointattachments.delete
  • apigee.endpointattachments.get
  • apigee.endpointattachments.list
  • apigee.envgroupattachments.create
  • apigee.envgroupattachments.delete
  • apigee.envgroupattachments.get
  • apigee.envgroupattachments.list
  • apigee.envgroups.create
  • apigee.envgroups.delete
  • apigee.envgroups.get
  • apigee.envgroups.list
  • apigee.envgroups.update
  • apigee.environments.create
  • apigee.environments.delete
  • apigee.environments.get
  • apigee.environments.getDataLocation
  • apigee.environments.getIamPolicy
  • apigee.environments.getStats
  • apigee.environments.list
  • apigee.environments.manageRuntime
  • apigee.environments.setIamPolicy
  • apigee.environments.update
  • apigee.exports.create
  • apigee.exports.get
  • apigee.exports.list
  • apigee.flowhooks.attachSharedFlow
  • apigee.flowhooks.detachSharedFlow
  • apigee.flowhooks.getSharedFlow
  • apigee.flowhooks.list
  • apigee.hostqueries.create
  • apigee.hostqueries.get
  • apigee.hostqueries.list
  • apigee.hostsecurityreports.create
  • apigee.hostsecurityreports.get
  • apigee.hostsecurityreports.list
  • apigee.hoststats.get
  • apigee.ingressconfigs.get
  • apigee.instanceattachments.create
  • apigee.instanceattachments.delete
  • apigee.instanceattachments.get
  • apigee.instanceattachments.list
  • apigee.instances.create
  • apigee.instances.delete
  • apigee.instances.get
  • apigee.instances.list
  • apigee.instances.reportStatus
  • apigee.keystorealiases.create
  • apigee.keystorealiases.delete
  • apigee.keystorealiases.exportCertificate
  • apigee.keystorealiases.generateCSR
  • apigee.keystorealiases.get
  • apigee.keystorealiases.list
  • apigee.keystorealiases.update
  • apigee.keystores.create
  • apigee.keystores.delete
  • apigee.keystores.export
  • apigee.keystores.get
  • apigee.keystores.list
  • apigee.keyvaluemapentries.create
  • apigee.keyvaluemapentries.delete
  • apigee.keyvaluemapentries.get
  • apigee.keyvaluemapentries.list
  • apigee.keyvaluemaps.create
  • apigee.keyvaluemaps.delete
  • apigee.keyvaluemaps.list
  • apigee.maskconfigs.get
  • apigee.maskconfigs.update
  • apigee.operations.get
  • apigee.operations.list
  • apigee.organizations.create
  • apigee.organizations.delete
  • apigee.organizations.get
  • apigee.organizations.list
  • apigee.organizations.update
  • apigee.portals.create
  • apigee.portals.delete
  • apigee.portals.get
  • apigee.portals.list
  • apigee.portals.update
  • apigee.projects.update
  • apigee.proxies.create
  • apigee.proxies.delete
  • apigee.proxies.get
  • apigee.proxies.list
  • apigee.proxies.update
  • apigee.proxyrevisions.delete
  • apigee.proxyrevisions.deploy
  • apigee.proxyrevisions.get
  • apigee.proxyrevisions.list
  • apigee.proxyrevisions.undeploy
  • apigee.proxyrevisions.update
  • apigee.queries.create
  • apigee.queries.get
  • apigee.queries.list
  • apigee.rateplans.create
  • apigee.rateplans.delete
  • apigee.rateplans.get
  • apigee.rateplans.list
  • apigee.rateplans.update
  • apigee.references.create
  • apigee.references.delete
  • apigee.references.get
  • apigee.references.list
  • apigee.references.update
  • apigee.reports.create
  • apigee.reports.delete
  • apigee.reports.get
  • apigee.reports.list
  • apigee.reports.update
  • apigee.resourcefiles.create
  • apigee.resourcefiles.delete
  • apigee.resourcefiles.get
  • apigee.resourcefiles.list
  • apigee.resourcefiles.update
  • apigee.runtimeconfigs.get
  • apigee.securityProfileEnvironments.computeScore
  • apigee.securityProfileEnvironments.create
  • apigee.securityProfileEnvironments.delete
  • apigee.securityProfiles.get
  • apigee.securityProfiles.list
  • apigee.securityStats.queryTabularStats
  • apigee.securityStats.queryTimeSeriesStats
  • apigee.securityreports.create
  • apigee.securityreports.get
  • apigee.securityreports.list
  • apigee.sharedflowrevisions.delete
  • apigee.sharedflowrevisions.deploy
  • apigee.sharedflowrevisions.get
  • apigee.sharedflowrevisions.list
  • apigee.sharedflowrevisions.undeploy
  • apigee.sharedflowrevisions.update
  • apigee.sharedflows.create
  • apigee.sharedflows.delete
  • apigee.sharedflows.get
  • apigee.sharedflows.list
  • apigee.targetservers.create
  • apigee.targetservers.delete
  • apigee.targetservers.get
  • apigee.targetservers.list
  • apigee.targetservers.update
  • apigee.tracesessions.create
  • apigee.tracesessions.delete
  • apigee.tracesessions.get
  • apigee.tracesessions.list

monitoring.timeSeries.list

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

resourcemanager.projects.list

(roles/apigee.analyticsAgent)

Curated set of permissions for Apigee Universal Data Collection Agent to manage analytics for an Apigee Organization

apigee.datalocation.get

apigee.environments.getDataLocation

apigee.runtimeconfigs.get

(roles/apigee.analyticsEditor)

Analytics editor for an Apigee Organization

apigee.datacollectors.*

  • apigee.datacollectors.create
  • apigee.datacollectors.delete
  • apigee.datacollectors.get
  • apigee.datacollectors.list
  • apigee.datacollectors.update

apigee.datastores.*

  • apigee.datastores.create
  • apigee.datastores.delete
  • apigee.datastores.get
  • apigee.datastores.list
  • apigee.datastores.update

apigee.envgroupattachments.get

apigee.envgroupattachments.list

apigee.envgroups.get

apigee.envgroups.list

apigee.environments.get

apigee.environments.getStats

apigee.environments.list

apigee.exports.*

  • apigee.exports.create
  • apigee.exports.get
  • apigee.exports.list

apigee.hostqueries.*

  • apigee.hostqueries.create
  • apigee.hostqueries.get
  • apigee.hostqueries.list

apigee.hoststats.get

apigee.organizations.get

apigee.organizations.list

apigee.queries.*

  • apigee.queries.create
  • apigee.queries.get
  • apigee.queries.list

apigee.reports.*

  • apigee.reports.create
  • apigee.reports.delete
  • apigee.reports.get
  • apigee.reports.list
  • apigee.reports.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/apigee.analyticsViewer)

Analytics viewer for an Apigee Organization

apigee.datacollectors.get

apigee.datacollectors.list

apigee.datastores.get

apigee.datastores.list

apigee.envgroupattachments.get

apigee.envgroupattachments.list

apigee.envgroups.get

apigee.envgroups.list

apigee.environments.get

apigee.environments.getStats

apigee.environments.list

apigee.exports.get

apigee.exports.list

apigee.hostqueries.get

apigee.hostqueries.list

apigee.hoststats.get

apigee.organizations.get

apigee.organizations.list

apigee.queries.get

apigee.queries.list

apigee.reports.get

apigee.reports.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/apigee.apiAdminV2)

Full read/write access to all apigee API resources

apigee.apiproductattributes.*

  • apigee.apiproductattributes.createOrUpdateAll
  • apigee.apiproductattributes.delete
  • apigee.apiproductattributes.get
  • apigee.apiproductattributes.list
  • apigee.apiproductattributes.update

apigee.apiproducts.*

  • apigee.apiproducts.create
  • apigee.apiproducts.delete
  • apigee.apiproducts.get
  • apigee.apiproducts.list
  • apigee.apiproducts.update

apigee.envgroupattachments.get

apigee.envgroupattachments.list

apigee.envgroups.get

apigee.envgroups.list

apigee.environments.get

apigee.environments.getStats

apigee.environments.list

apigee.keyvaluemapentries.*

  • apigee.keyvaluemapentries.create
  • apigee.keyvaluemapentries.delete
  • apigee.keyvaluemapentries.get
  • apigee.keyvaluemapentries.list

apigee.keyvaluemaps.*

  • apigee.keyvaluemaps.create
  • apigee.keyvaluemaps.delete
  • apigee.keyvaluemaps.list

apigee.organizations.get

apigee.organizations.list

apigee.proxies.*

  • apigee.proxies.create
  • apigee.proxies.delete
  • apigee.proxies.get
  • apigee.proxies.list
  • apigee.proxies.update

apigee.proxyrevisions.*

  • apigee.proxyrevisions.delete
  • apigee.proxyrevisions.deploy
  • apigee.proxyrevisions.get
  • apigee.proxyrevisions.list
  • apigee.proxyrevisions.undeploy
  • apigee.proxyrevisions.update

apigee.sharedflowrevisions.*

  • apigee.sharedflowrevisions.delete
  • apigee.sharedflowrevisions.deploy
  • apigee.sharedflowrevisions.get
  • apigee.sharedflowrevisions.list
  • apigee.sharedflowrevisions.undeploy
  • apigee.sharedflowrevisions.update

apigee.sharedflows.*

  • apigee.sharedflows.create
  • apigee.sharedflows.delete
  • apigee.sharedflows.get
  • apigee.sharedflows.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/apigee.apiReaderV2)

Reader of apigee resources

apigee.apiproductattributes.get

apigee.apiproductattributes.list

apigee.apiproducts.get

apigee.apiproducts.list

apigee.envgroupattachments.get

apigee.envgroupattachments.list

apigee.envgroups.get

apigee.envgroups.list

apigee.environments.get

apigee.environments.getStats

apigee.environments.list

apigee.keyvaluemapentries.get

apigee.keyvaluemapentries.list

apigee.keyvaluemaps.list

apigee.organizations.get

apigee.organizations.list

apigee.proxies.get

apigee.proxies.list

apigee.proxyrevisions.deploy

apigee.proxyrevisions.get

apigee.proxyrevisions.list

apigee.proxyrevisions.undeploy

apigee.sharedflowrevisions.deploy

apigee.sharedflowrevisions.get

apigee.sharedflowrevisions.list

apigee.sharedflowrevisions.undeploy

apigee.sharedflows.get

apigee.sharedflows.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/apigee.developerAdmin)

Developer admin of apigee resources

apigee.apiproductattributes.get

apigee.apiproductattributes.list

apigee.apiproducts.get

apigee.apiproducts.list

apigee.appkeys.*

  • apigee.appkeys.create
  • apigee.appkeys.delete
  • apigee.appkeys.get
  • apigee.appkeys.manage

apigee.apps.*

  • apigee.apps.get
  • apigee.apps.list

apigee.datacollectors.*

  • apigee.datacollectors.create
  • apigee.datacollectors.delete
  • apigee.datacollectors.get
  • apigee.datacollectors.list
  • apigee.datacollectors.update

apigee.developerappattributes.*

  • apigee.developerappattributes.createOrUpdateAll
  • apigee.developerappattributes.delete
  • apigee.developerappattributes.get
  • apigee.developerappattributes.list
  • apigee.developerappattributes.update

apigee.developerapps.*

  • apigee.developerapps.create
  • apigee.developerapps.delete
  • apigee.developerapps.get
  • apigee.developerapps.list
  • apigee.developerapps.manage

apigee.developerattributes.*

  • apigee.developerattributes.createOrUpdateAll
  • apigee.developerattributes.delete
  • apigee.developerattributes.get
  • apigee.developerattributes.list
  • apigee.developerattributes.update

apigee.developerbalances.*

  • apigee.developerbalances.adjust
  • apigee.developerbalances.get
  • apigee.developerbalances.update

apigee.developermonetizationconfigs.*

  • apigee.developermonetizationconfigs.get
  • apigee.developermonetizationconfigs.update

apigee.developers.*

  • apigee.developers.create
  • apigee.developers.delete
  • apigee.developers.get
  • apigee.developers.list
  • apigee.developers.update

apigee.developersubscriptions.*

  • apigee.developersubscriptions.create
  • apigee.developersubscriptions.get
  • apigee.developersubscriptions.list
  • apigee.developersubscriptions.update

apigee.environments.get

apigee.environments.getStats

apigee.hoststats.get

apigee.organizations.get

apigee.organizations.list

apigee.rateplans.get

apigee.rateplans.list

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

resourcemanager.projects.list

(roles/apigee.environmentAdmin)

Full read/write access to apigee environment resources, including deployments.

Contains 1 owner permission

apigee.archivedeployments.*

  • apigee.archivedeployments.create
  • apigee.archivedeployments.delete
  • apigee.archivedeployments.download
  • apigee.archivedeployments.get
  • apigee.archivedeployments.list
  • apigee.archivedeployments.update
  • apigee.archivedeployments.upload

apigee.datacollectors.get

apigee.datacollectors.list

apigee.deployments.*

  • apigee.deployments.create
  • apigee.deployments.delete
  • apigee.deployments.get
  • apigee.deployments.list
  • apigee.deployments.update

apigee.envgroupattachments.get

apigee.envgroupattachments.list

apigee.envgroups.get

apigee.envgroups.list

apigee.environments.get

apigee.environments.getIamPolicy

apigee.environments.getStats

apigee.environments.list

apigee.environments.setIamPolicy

apigee.environments.update

apigee.flowhooks.*

  • apigee.flowhooks.attachSharedFlow
  • apigee.flowhooks.detachSharedFlow
  • apigee.flowhooks.getSharedFlow
  • apigee.flowhooks.list

apigee.ingressconfigs.get

apigee.keystorealiases.*

  • apigee.keystorealiases.create
  • apigee.keystorealiases.delete
  • apigee.keystorealiases.exportCertificate
  • apigee.keystorealiases.generateCSR
  • apigee.keystorealiases.get
  • apigee.keystorealiases.list
  • apigee.keystorealiases.update

apigee.keystores.*

  • apigee.keystores.create
  • apigee.keystores.delete
  • apigee.keystores.export
  • apigee.keystores.get
  • apigee.keystores.list

apigee.keyvaluemaps.*

  • apigee.keyvaluemaps.create
  • apigee.keyvaluemaps.delete
  • apigee.keyvaluemaps.list

apigee.maskconfigs.*

  • apigee.maskconfigs.get
  • apigee.maskconfigs.update

apigee.organizations.get

apigee.organizations.list

apigee.proxies.get

apigee.proxies.list

apigee.proxyrevisions.deploy

apigee.proxyrevisions.get

apigee.proxyrevisions.list

apigee.proxyrevisions.undeploy

apigee.references.*

  • apigee.references.create
  • apigee.references.delete
  • apigee.references.get
  • apigee.references.list
  • apigee.references.update

apigee.resourcefiles.*

  • apigee.resourcefiles.create
  • apigee.resourcefiles.delete
  • apigee.resourcefiles.get
  • apigee.resourcefiles.list
  • apigee.resourcefiles.update

apigee.sharedflowrevisions.deploy

apigee.sharedflowrevisions.get

apigee.sharedflowrevisions.list

apigee.sharedflowrevisions.undeploy

apigee.sharedflows.get

apigee.sharedflows.list

apigee.targetservers.*

  • apigee.targetservers.create
  • apigee.targetservers.delete
  • apigee.targetservers.get
  • apigee.targetservers.list
  • apigee.targetservers.update

apigee.tracesessions.*

  • apigee.tracesessions.create
  • apigee.tracesessions.delete
  • apigee.tracesessions.get
  • apigee.tracesessions.list

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

resourcemanager.projects.list

(roles/apigee.monetizationAdmin)

All permissions related to monetization

apigee.apiproducts.get

apigee.apiproducts.list

apigee.developerbalances.*

  • apigee.developerbalances.adjust
  • apigee.developerbalances.get
  • apigee.developerbalances.update

apigee.developermonetizationconfigs.*

  • apigee.developermonetizationconfigs.get
  • apigee.developermonetizationconfigs.update

apigee.developersubscriptions.*

  • apigee.developersubscriptions.create
  • apigee.developersubscriptions.get
  • apigee.developersubscriptions.list
  • apigee.developersubscriptions.update

apigee.organizations.get

apigee.organizations.list

apigee.rateplans.*

  • apigee.rateplans.create
  • apigee.rateplans.delete
  • apigee.rateplans.get
  • apigee.rateplans.list
  • apigee.rateplans.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/apigee.portalAdmin)

Portal admin for an Apigee Organization

apigee.organizations.get

apigee.organizations.list

apigee.portals.*

  • apigee.portals.create
  • apigee.portals.delete
  • apigee.portals.get
  • apigee.portals.list
  • apigee.portals.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/apigee.readOnlyAdmin)

Viewer of all apigee resources

apigee.apiproductattributes.get

apigee.apiproductattributes.list

apigee.apiproducts.get

apigee.apiproducts.list

apigee.appkeys.get

apigee.apps.*

  • apigee.apps.get
  • apigee.apps.list

apigee.archivedeployments.download

apigee.archivedeployments.get

apigee.archivedeployments.list

apigee.caches.list

apigee.canaryevaluations.get

apigee.datacollectors.get

apigee.datacollectors.list

apigee.datalocation.get

apigee.datastores.get

apigee.datastores.list

apigee.deployments.get

apigee.deployments.list

apigee.developerappattributes.get

apigee.developerappattributes.list

apigee.developerapps.get

apigee.developerapps.list

apigee.developerattributes.get

apigee.developerattributes.list

apigee.developerbalances.get

apigee.developermonetizationconfigs.get

apigee.developers.get

apigee.developers.list

apigee.developersubscriptions.get

apigee.developersubscriptions.list

apigee.endpointattachments.get

apigee.endpointattachments.list

apigee.envgroupattachments.get

apigee.envgroupattachments.list

apigee.envgroups.get

apigee.envgroups.list

apigee.environments.get

apigee.environments.getDataLocation

apigee.environments.getIamPolicy

apigee.environments.getStats

apigee.environments.list

apigee.exports.get

apigee.exports.list

apigee.flowhooks.getSharedFlow

apigee.flowhooks.list

apigee.hostqueries.get

apigee.hostqueries.list

apigee.hostsecurityreports.get

apigee.hostsecurityreports.list

apigee.hoststats.get

apigee.ingressconfigs.get

apigee.instanceattachments.get

apigee.instanceattachments.list

apigee.instances.get

apigee.instances.list

apigee.keystorealiases.get

apigee.keystorealiases.list

apigee.keystores.get

apigee.keystores.list

apigee.keyvaluemapentries.get

apigee.keyvaluemapentries.list

apigee.keyvaluemaps.list

apigee.maskconfigs.get

apigee.operations.*

  • apigee.operations.get
  • apigee.operations.list

apigee.organizations.get

apigee.organizations.list

apigee.portals.get