Cloud Run IAM permissions

The following tables list the Identity and Access Management (IAM) permissions that are associated with Cloud Run.

Configurations

Permission	Description
`run.configurations.get`	View configurations, excluding IAM policies.
`run.configurations.list`	List configurations.

There are no IAM permissions for domain mappings. Viewing, listing, creating and deleting domain mappings requires project-level permissions.

For a reference of which IAM permissions are contained in each IAM role, see Cloud Run IAM Roles.

Permission	Description
`run.jobs.create`	Create new job.
`run.jobs.delete`	Delete job.
`run.jobs.get`	View jobs, excluding IAM policies.
`run.jobs.getIamPolicy`	Get an IAM policy.
`run.jobs.list`	List jobs.
`run.jobs.run`	Invoke (execute) jobs and cancel job executions.
`run.jobs.runWithOverrides`	Override job configuration for a job execution.
`run.jobs.setIamPolicy`	Set an IAM policy.
`run.jobs.update`	Update existing job.
`run.executions.delete`	Delete job executions.
`run.executions.get`	Get job executions.
`run.executions.list`	List job executions.
`run.tasks.get`	Get job execution tasks.
`run.tasks.list`	List job execution tasks.

Permission	Description
`run.locations.get`	Get location information.
`run.locations.list`	List all locations.

Permission	Description
`run.routes.get`	View routes, excluding IAM policies.
`run.routes.list`	List routes.
`run.routes.invoke`	Invoke a route.

Permission	Description
`run.services.get`	View services, excluding IAM policies.
`run.services.list`	List services.
`run.services.create`	Create new services.
`run.services.update`	Update existing services.
`run.services.delete`	Delete services.
`run.services.getIamPolicy`	Get an IAM policy.
`run.services.setIamPolicy`	Set an IAM policy.

Permission	Description
`run.revisions.get`	View revisions, excluding IAM policies.
`run.revisions.list`	List revisions.
`run.revisions.delete`	Delete revisions.

Permission	Description
`resourcemanager.projects.get`	Get project.