Cloud Run IAM permissions

The following tables list the Identity and Access Management (IAM) permissions that are associated with Cloud Run.

Configurations

Permission Description
run.configurations.get View configurations, excluding IAM policies.
run.configurations.list List configurations.

Domain mappings

There are no IAM permissions for domain mappings. Viewing, listing, creating and deleting domain mappings requires project-level permissions.

For a reference of which IAM permissions are contained in each IAM role, see Cloud Run IAM Roles.

Jobs

Permission Description
run.jobs.create Create new job.
run.jobs.delete Delete job.
run.jobs.get View jobs, excluding IAM policies.
run.jobs.getIamPolicy Get an IAM policy.
run.jobs.list List jobs.
run.jobs.run Invoke (execute) jobs
run.jobs.runWithOverrides Override job configuration for a job execution.
run.jobs.setIamPolicy Set an IAM policy.
run.jobs.update Update existing job.
run.executions.delete Delete job executions.
run.executions.get Get job executions.
run.executions.list List job executions.
run.tasks.get Get job execution tasks.
run.tasks.list List job execution tasks.

Locations

Permission Description
run.locations.get Get location information.
run.locations.list List all locations.

Routes

Permission Description
run.routes.get View routes, excluding IAM policies.
run.routes.list List routes.
run.routes.invoke Invoke a route.

Services

Permission Description
run.services.get View services, excluding IAM policies.
run.services.list List services.
run.services.create Create new services.
run.services.update Update existing services.
run.services.delete Delete services.
run.services.getIamPolicy Get an IAM policy.
run.services.setIamPolicy Set an IAM policy.

Service revisions

Permission Description
run.revisions.get View revisions, excluding IAM policies.
run.revisions.list List revisions.
run.revisions.delete Delete revisions.

View project

Permission Description
resourcemanager.projects.get Get project.