Cloud Run IAM permissions

The following tables list the Identity and Access Management (IAM) permissions that are associated with Cloud Run.


Permission Description
run.configurations.get View configurations, excluding IAM policies.
run.configurations.list List configurations.

Domain mappings

There are no IAM permissions for domain mappings. Viewing, listing, creating and deleting domain mappings requires project-level permissions.

For a reference of which IAM permissions are contained in each IAM role, see Cloud Run IAM Roles.


Permission Description Create new job. Delete job. View jobs, excluding IAM policies. Get an IAM policy. List jobs. Invoke (execute) jobs Override job configuration for a job execution. Set an IAM policy. Update existing job.
run.executions.delete Delete job executions.
run.executions.get Get job executions.
run.executions.list List job executions.
run.tasks.get Get job execution tasks.
run.tasks.list List job execution tasks.


Permission Description
run.locations.get Get location information.
run.locations.list List all locations.


Permission Description
run.routes.get View routes, excluding IAM policies.
run.routes.list List routes.
run.routes.invoke Invoke a route.


Permission Description View services, excluding IAM policies. List services. Create new services. Update existing services. Delete services. Get an IAM policy. Set an IAM policy.

Service revisions

Permission Description
run.revisions.get View revisions, excluding IAM policies.
run.revisions.list List revisions.
run.revisions.delete Delete revisions.

View project

Permission Description
resourcemanager.projects.get Get project.