Access control can be configured at the project level and at the queue level. For example:
You can grant access with limited capabilities, like to create and add tasks to a queue,
but not to delete the queue. Or you can grant access to all Cloud Tasks resources within
a project to a group of developers.
Every Cloud Tasks method requires the caller to have the necessary permissions.
See below for a list of the permissions and roles supported. The Cloud Tasks
IAM permissions are also checked when queue.yaml/xml is updated or when the Google Cloud console
is used.
Roles
The following table lists the Cloud Tasks IAM roles with a corresponding list of
all the permissions each role includes. Note that every permission is applicable
to a particular resource type.
Cloud Tasks roles
Role
Permissions
Cloud Tasks Admin
Beta
(roles/cloudtasks.admin)
Full access to queues and tasks.
cloudtasks.*
cloudtasks.cmekConfig.get
cloudtasks.cmekConfig.update
cloudtasks.locations.get
cloudtasks.locations.list
cloudtasks.queues.create
cloudtasks.queues.delete
cloudtasks.queues.get
cloudtasks.queues.getIamPolicy
cloudtasks.queues.list
cloudtasks.queues.pause
cloudtasks.queues.purge
cloudtasks.queues.resume
cloudtasks.queues.setIamPolicy
cloudtasks.queues.update
cloudtasks.tasks.create
cloudtasks.tasks.delete
cloudtasks.tasks.fullView
cloudtasks.tasks.get
cloudtasks.tasks.list
cloudtasks.tasks.run
monitoring.timeSeries.list
resourcemanager.projects.get
resourcemanager.projects.list
Cloud Tasks Enqueuer
Beta
(roles/cloudtasks.enqueuer)
Access to create tasks.
cloudtasks.tasks.create
cloudtasks.tasks.fullView
resourcemanager.projects.get
resourcemanager.projects.list
Cloud Tasks Queue Admin
Beta
(roles/cloudtasks.queueAdmin)
Admin access to queues.
cloudtasks.locations.*
cloudtasks.locations.get
cloudtasks.locations.list
cloudtasks.queues.*
cloudtasks.queues.create
cloudtasks.queues.delete
cloudtasks.queues.get
cloudtasks.queues.getIamPolicy
cloudtasks.queues.list
cloudtasks.queues.pause
cloudtasks.queues.purge
cloudtasks.queues.resume
cloudtasks.queues.setIamPolicy
cloudtasks.queues.update
resourcemanager.projects.get
resourcemanager.projects.list
Cloud Tasks Service Agent
(roles/cloudtasks.serviceAgent)
Grants Cloud Tasks Service Account access to manage resources.
iam.serviceAccounts.getAccessToken
iam.serviceAccounts.getOpenIdToken
logging.logEntries.create
Cloud Tasks Task Deleter
Beta
(roles/cloudtasks.taskDeleter)
Access to delete tasks.
cloudtasks.tasks.delete
resourcemanager.projects.get
resourcemanager.projects.list
Cloud Tasks Task Runner
Beta
(roles/cloudtasks.taskRunner)
Access to run tasks.
cloudtasks.tasks.fullView
cloudtasks.tasks.run
resourcemanager.projects.get
resourcemanager.projects.list
Cloud Tasks Viewer
Beta
(roles/cloudtasks.viewer)
Get and list access to tasks, queues, and locations.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-07-02 UTC."],[],[]]
