The following tables list the Identity and Access Management (IAM)
permissions that are associated with Cloud Run.
Services
| Permission |
Description |
run.services.get |
View services, excluding IAM policies. |
run.services.list |
List services. |
run.services.create |
Create new services. |
run.services.update |
Update existing services. |
run.services.delete |
Delete services. |
run.services.getIamPolicy |
Get an IAM policy. |
run.services.setIamPolicy |
Set an IAM policy. |
Routes
| Permission |
Description |
run.routes.get |
View routes, excluding IAM policies. |
run.routes.list |
List routes. |
run.routes.invoke |
Invoke a route. |
Configurations
| Permission |
Description |
run.configurations.get |
View configurations, excluding IAM policies. |
run.configurations.list |
List configurations. |
Revisions
| Permission |
Description |
run.revisions.get |
View revisions, excluding IAM policies. |
run.revisions.list |
List revisions. |
run.revisions.delete |
Delete revisions. |
Locations
| Permission |
Description |
run.locations.get |
Get location information. |
run.locations.list |
List all locations. |
Domain mappings
There are no IAM permissions for domain mappings. Viewing, listing, creating and
deleting domain mappings requires project-level permissions.
For a reference of which IAM permissions are contained in each IAM role, see
Cloud Run IAM Roles.
Jobs
| Permission |
Description |
run.jobs.get |
View jobs, excluding IAM policies. |
run.jobs.list |
List jobs. |
run.jobs.create |
Create new job. |
run.jobs.update |
Update existing job. |
run.jobs.delete |
Delete job. |
run.jobs.getIamPolicy |
Get an IAM policy. |
run.jobs.setIamPolicy |
Set an IAM policy. |
run.jobs.run |
Invoke (execute) jobs |
run.executions.get. |
Get job executions. |
run.executions.list. |
List job executions. |
run.executions.delete |
Delete job executions. |
