Cloud Run IAM permissions

The following tables list the Identity and Access Management (IAM) permissions that are associated with Cloud Run.

Services

Permission Description
run.services.get View services, excluding IAM policies.
run.services.list List services.
run.services.create Create new services.
run.services.update Update existing services.
run.services.delete Delete services.
run.services.getIamPolicy Get an IAM policy.
run.services.setIamPolicy Set an IAM policy.

Routes

Permission Description
run.routes.get View routes, excluding IAM policies.
run.routes.list List routes.
run.routes.invoke Invoke a route.

Configurations

Permission Description
run.configurations.get View configurations, excluding IAM policies.
run.configurations.list List configurations.

Revisions

Permission Description
run.revisions.get View revisions, excluding IAM policies.
run.revisions.list List revisions.
run.revisions.delete Delete revisions.

Locations

Permission Description
run.locations.get Get location information.
run.locations.list List all locations.

Domain mappings

There are no IAM permissions for domain mappings. Viewing, listing, creating and deleting domain mappings requires project-level permissions.

For a reference of which IAM permissions are contained in each IAM role, see Cloud Run IAM Roles.

Jobs

Permission Description
run.jobs.get View jobs, excluding IAM policies.
run.jobs.list List jobs.
run.jobs.create Create new job.
run.jobs.update Update existing job.
run.jobs.delete Delete job.
run.jobs.getIamPolicy Get an IAM policy.
run.jobs.setIamPolicy Set an IAM policy.
run.jobs.run Invoke (execute) jobs
run.executions.get. Get job executions.
run.executions.list. List job executions.
run.executions.delete Delete job executions.