Cloud Run IAM permissions

The following tables list the Identity and Access Management (IAM) permissions that are associated with Cloud Run.


Permission Description View services, excluding IAM policies. List services. Create new services. Update existing services. Delete services. Get an IAM policy. Set an IAM policy.


Permission Description
run.routes.get View routes, excluding IAM policies.
run.routes.list List routes.
run.routes.invoke Invoke a route.


Permission Description
run.configurations.get View configurations, excluding IAM policies.
run.configurations.list List configurations.


Permission Description
run.revisions.get View revisions, excluding IAM policies.
run.revisions.list List revisions.
run.revisions.delete Delete revisions.


Permission Description
run.locations.get Get location information.
run.locations.list List all locations.

Domain mappings

There are no IAM permissions for domain mappings. Viewing, listing, creating and deleting domain mappings requires project-level permissions.

For a reference of which IAM permissions are contained in each IAM role, see Cloud Run IAM Roles.


Permission Description View jobs, excluding IAM policies. List jobs. Create new job. Update existing job. Delete job. Get an IAM policy. Set an IAM policy. Invoke (execute) jobs
run.executions.get. Get job executions.
run.executions.list. List job executions.
run.executions.delete Delete job executions.