תפקידים והרשאות של IAM ב-Compute Engine

כשמוסיפים חבר חדש לפרויקט, אפשר להשתמש במדיניות ניהול הזהויות והרשאות הגישה (IAM) כדי להקצות לחבר הזה תפקיד IAM אחד או יותר. כל תפקיד IAM מכיל הרשאות שמעניקות לחברים גישה למשאבים ספציפיים.

ל-Compute Engine יש קבוצה של תפקידי IAM מוגדרים מראש שמתוארים בדף הזה. אפשר גם ליצור תפקידים בהתאמה אישית שכוללים קבוצות משנה של הרשאות שמתאימות בדיוק לצרכים שלכם.

כדי לדעת אילו הרשאות נדרשות לכל method, אפשר לעיין במסמכי העזר של Compute Engine API:

מידע על מתן גישה מופיע בדפים הבאים.

כדי להגדיר מדיניות IAM ברמת הפרויקט, אפשר לעיין במאמר ניהול הגישה לפרויקטים, לתיקיות ולארגונים במסמכי העזרה של IAM.
כדי להגדיר מדיניות במשאבים ספציפיים של Compute Engine, אפשר לקרוא את המאמר בנושא הענקת גישה למשאבי Compute Engine.
כדי להקצות תפקידים לחשבון שירות של Compute Engine, קראו את המאמר בנושא יצירת VM שמשתמשת בחשבון שירות שמנוהל על ידי משתמש.

מה זה IAM?

‫Google Cloud כולל את הממשק לניהול הזהויות והרשאות הגישה (IAM), שבאמצעותו אתם יכולים לתת גישה פרטנית יותר למשאבים ספציפיים ב-Google Cloud ולמנוע גישה לא רצויה למשאבים אחרים. בעזרת IAM אתם יכולים לשמור על עקרון האבטחה של הרשאות מינימליות, וכך לתת למי שצריך רק את רמת הגישה הדרושה למשאבים השונים.

בעזרת IAM תוכלו לקבוע למי (זהות) יש אילו (תפקידים) הרשאות גישה לאילו משאבים, על ידי הגדרה של כללי מדיניות ב-IAM. כללי המדיניות ב-IAM מקצים תפקידים ספציפיים לחברי פרויקט, וכך נותנים לזהות הזו הרשאות מסוימות. לדוגמה, עבור משאב נתון, כמו פרויקט, תוכלו להקצות את התפקיד 'אדמין של רשת Compute' (roles/compute.networkAdmin) לחשבון משתמש (חשבון Google או חשבון מספק זהויות חיצוני) וחשבון זה יוכל לשלוט במשאבים שקשורים לרשת בפרויקט, אבל לא יוכל לנהל משאבים אחרים, כמו מופעים ודיסקים. אפשר גם להשתמש ב-IAM כדי לנהל את התפקידים מהדור הקודם במסוףGoogle Cloud שניתנו לחברי צוות הפרויקט.

התפקיד serviceAccountUser

בשילוב עם התפקיד 'אדמין מכונות של Compute ‏ (v1)' (roles/compute.instanceAdmin.v1), התפקיד 'משתמש בחשבון שירות' (roles/iam.serviceAccountUser) מאפשר לחברים ליצור ולנהל מכונות שמשתמשות בחשבון שירות. בפרט, הענקת ההרשאות roles/iam.serviceAccountUser ו-roles/compute.instanceAdmin.v1 יחד מאפשרת לחברים בקבוצה לבצע את הפעולות הבאות:

יוצרים מכונה שפועלת בתור חשבון שירות.
צירוף אחסון מתמיד (persistent disk) למכונה שפועלת כחשבון שירות.
הגדרת מטא-נתונים של מכונה במכונה שפועלת כחשבון שירות.
משתמשים ב-SSH כדי להתחבר למכונה שפועלת כחשבון שירות.
מגדירים מחדש מכונה כך שתפעל כחשבון שירות.

אפשר להעניק את התפקיד 'משתמש בחשבון שירות' (roles/iam.serviceAccountUser) באחת משתי דרכים:

מומלץ. מקצים את התפקיד לחבר בחשבון שירות ספציפי. כך חבר מקבל גישה לחשבון השירות שבו הוא מוגדר כiam.serviceAccountUser, אבל לא מקבל גישה לחשבונות שירות אחרים שבהם הוא לא מוגדר כiam.serviceAccountUser.
נותנים את התפקיד לחבר ברמת הפרויקט. לחבר יש גישה לכל חשבונות השירות בפרויקט, כולל חשבונות שירות שייווצרו בעתיד.

אם אתם לא מכירים חשבונות שירות, כאן אפשר לקרוא מידע נוסף על חשבונות שירות.

הרשאה במסוףGoogle Cloud

כדי להשתמש ב Google Cloud console כדי לגשת למשאבי Compute Engine, צריך להיות לכם תפקיד שכולל את ההרשאה הבאה בפרויקט:

compute.projects.get

התחברות למופע בתור instanceAdmin

אחרי שמקצים לחבר בפרויקט את התפקיד roles/compute.instanceAdmin.v1, הוא יכול להתחבר למכונות וירטואליות (VM) באמצעות כלים סטנדרטיים כמו ה-CLI של gcloud או SSH בדפדפן. Google Cloud

כשחבר משתמש ב-CLI של gcloud או ב-SSH בדפדפן, הכלים יוצרים באופן אוטומטי זוג מפתחות ציבורי/פרטי ומוסיפים את המפתח הציבורי למטא-נתונים של הפרויקט. אם לחבר אין הרשאות לערוך את המטא-נתונים של הפרויקט, הכלי מוסיף את המפתח הציבורי של החבר למטא-נתונים של המופע במקום.

אם לחבר יש זוג מפתחות קיים שהוא רוצה להשתמש בו, הוא יכול להוסיף ידנית את המפתח הציבורי שלו למטא-נתונים של המופע. מידע נוסף על הוספת מפתחות SSH למכונה

‫IAM עם חשבונות שירות

יצירת חשבונות שירות חדשים בהתאמה אישית והענקת תפקידי IAM לחשבונות שירות כדי להגביל את הגישה למופעים. משתמשים בתפקידי IAM עם חשבונות שירות בהתאמה אישית כדי:

כדאי להגביל את הגישה של המכונות לממשקי API באמצעות תפקידי IAM עם הרשאות גרנולריות. Google Cloud
נותנים לכל מופע או קבוצת מופעים זהות ייחודית.
הגבל את הגישה של חשבון השירות שמוגדר כברירת מחדל.

מידע נוסף על חשבונות שירות

קבוצות של מופעי מכונה מנוהלים ו-IAM

קבוצות מנוהלות של מופעים (MIG) הן משאבים שמבצעים פעולות בשמכם בלי אינטראקציה ישירה עם המשתמש. לדוגמה, קבוצת ה-MIG יכולה להוסיף מכונות וירטואליות לקבוצה ולהסיר אותן ממנה.

כל הפעולות שמבוצעות על ידי Compute Engine כחלק מ-MIG מבוצעות על ידי סוכן שירות של Google APIs עבור הפרויקט שלכם, שיש לו כתובת אימייל כמו זו שבהמשך: PROJECT_ID@cloudservices.gserviceaccount.com

כברירת מחדל, סוכן השירות של Google APIs מקבל את התפקיד 'סוכן שירות של Instance Group Manager' (roles/compute.instanceGroupManagerServiceAgent) ברמת הפרויקט, שמעניק לו מספיק הרשאות כדי ליצור משאבים על סמך ההגדרה של MIG. אם אתם מתאימים אישית את הגישה לסוכן השירות של Google APIs, העניקו את התפקיד 'אדמין מכונות של Compute' (v1) ‏(roles/compute.instanceAdmin.v1) ואת התפקיד 'משתמש בחשבון שירות' (roles/iam.serviceAccountUser) (אופציונלי). התפקיד 'משתמש בחשבון שירות' נדרש רק אם ה-MIG יוצר מכונות וירטואליות שיכולות לפעול כחשבון שירות.

שימו לב: סוכן השירות של Google APIs משמש גם תהליכים אחרים, כולל Deployment Manager.

כשיוצרים קבוצת מופעים מנוהלת או מעדכנים את תבנית של הגדרות מכונה שלה, Compute Engine מוודא שלסוכן שירות של Google APIs יש את התפקיד וההרשאות הבאים:

התפקיד 'משתמש בחשבון שירות', שחשוב אם אתם מתכננים ליצור מכונות שיכולות לפעול כחשבון שירות
הרשאות לכל המשאבים שמפנים אליהם מתבניות של מכונות, כמו תמונות, דיסקים, רשתות VPC ורשתות משנה

תפקידי IAM מוגדרים מראש ב-Compute Engine

באמצעות IAM, כל method ב-Compute Engine API דורשת שלזהות שממנה הגיעה בקשת ה-API יהיו ההרשאות המתאימות לשימוש במשאב. ההרשאות ניתנות על ידי הגדרת כללי מדיניות שמעניקים תפקידים לחברים (משתמשים, קבוצות או חשבונות שירות) בפרויקט.

בנוסף לתפקידים הבסיסיים (צפייה, עריכה, בעלים) ולתפקידים בהתאמה אישית, אפשר להקצות לחברי הפרויקט את התפקידים המוגדרים מראש הבאים ב-Compute Engine.

אתם יכולים להקצות לחברי פרויקט כמה תפקידים באותו משאב. לדוגמה, אם צוות הרשתות שלכם מנהל גם את כללי חומת האש, אתם יכולים להעניק את התפקידים roles/compute.networkAdmin ו-roles/compute.securityAdmin לקבוצת Google של צוות הרשתות.

בטבלאות הבאות מתוארים תפקידי IAM מוגדרים מראש ב-Compute Engine, ופירוט של ההרשאות שכלולות בכל תפקיד. כל תפקיד מכיל קבוצה של הרשאות שמתאימות למשימה ספציפית. לדוגמה, התפקידים 'אדמין של מופע' מעניקים הרשאות לניהול מופעים, התפקידים שקשורים לרשת כוללים הרשאות לניהול משאבים שקשורים לרשת, והתפקיד 'אבטחה' כולל הרשאות לניהול משאבים שקשורים לאבטחה, כמו חומות אש ואישורי SSL. כשעובדים ב-Compute Engine, יכול להיות שצריך גם תפקידים בשירותים אחרים כמו Cloud DNS וחשבונות שירות של IAM. רשימה מלאה של תפקידי IAM זמינה במאמר מאמרי העזרה בנושא תפקידי IAM.

Role Permissions

Role	Permissions
Compute Admin (`roles/compute.admin`) Full control of all Compute Engine resources. If the user will be managing virtual machine instances that are configured to run as a service account, you must also grant the `roles/iam.serviceAccountUser` role. Lowest-level resources where you can grant this role: Disk Image Instance Instance template Node group Node template Snapshot	`backupdr.backupPlanAssociations.createForComputeDisk` `backupdr.backupPlanAssociations.createForComputeInstance` `backupdr.backupPlanAssociations.deleteForComputeDisk` `backupdr.backupPlanAssociations.deleteForComputeInstance` `backupdr.backupPlanAssociations.fetchForComputeDisk` `backupdr.backupPlanAssociations.getForComputeDisk` `backupdr.backupPlanAssociations.list` `backupdr.backupPlanAssociations.triggerBackupForComputeDisk` `backupdr.backupPlanAssociations.triggerBackupForComputeInstance` `backupdr.backupPlanAssociations.updateForComputeDisk` `backupdr.backupPlanAssociations.updateForComputeInstance` `backupdr.backupPlans.get` `backupdr.backupPlans.list` `backupdr.backupPlans.useForComputeDisk` `backupdr.backupPlans.useForComputeInstance` `backupdr.backupVaults.get` `backupdr.backupVaults.list` `backupdr.locations.list` `backupdr.operations.get` `backupdr.operations.list` `backupdr.serviceConfig.initialize` `cloudkms.keyHandles.` `cloudkms.keyHandles.create` `cloudkms.keyHandles.get` `cloudkms.keyHandles.list` `cloudkms.operations.get` `cloudkms.projects.showEffectiveAutokeyConfig` `compute.` `compute.acceleratorTypes.get` `compute.acceleratorTypes.list` `compute.addresses.create` `compute.addresses.createInternal` `compute.addresses.createTagBinding` `compute.addresses.delete` `compute.addresses.deleteInternal` `compute.addresses.deleteTagBinding` `compute.addresses.get` `compute.addresses.list` `compute.addresses.listEffectiveTags` `compute.addresses.listTagBindings` `compute.addresses.setLabels` `compute.addresses.use` `compute.addresses.useInternal` `compute.advice.calendarMode` `compute.autoscalers.create` `compute.autoscalers.delete` `compute.autoscalers.get` `compute.autoscalers.list` `compute.autoscalers.update` `compute.backendBuckets.addSignedUrlKey` `compute.backendBuckets.create` `compute.backendBuckets.createTagBinding` `compute.backendBuckets.delete` `compute.backendBuckets.deleteSignedUrlKey` `compute.backendBuckets.deleteTagBinding` `compute.backendBuckets.get` `compute.backendBuckets.getIamPolicy` `compute.backendBuckets.list` `compute.backendBuckets.listEffectiveTags` `compute.backendBuckets.listTagBindings` `compute.backendBuckets.setIamPolicy` `compute.backendBuckets.setSecurityPolicy` `compute.backendBuckets.update` `compute.backendBuckets.use` `compute.backendServices.addSignedUrlKey` `compute.backendServices.create` `compute.backendServices.createTagBinding` `compute.backendServices.delete` `compute.backendServices.deleteSignedUrlKey` `compute.backendServices.deleteTagBinding` `compute.backendServices.get` `compute.backendServices.getIamPolicy` `compute.backendServices.list` `compute.backendServices.listEffectiveTags` `compute.backendServices.listTagBindings` `compute.backendServices.setIamPolicy` `compute.backendServices.setSecurityPolicy` `compute.backendServices.update` `compute.backendServices.use` `compute.commitments.create` `compute.commitments.createTagBinding` `compute.commitments.deleteTagBinding` `compute.commitments.get` `compute.commitments.list` `compute.commitments.listEffectiveTags` `compute.commitments.listTagBindings` `compute.commitments.update` `compute.commitments.updateReservations` `compute.crossSiteNetworks.create` `compute.crossSiteNetworks.delete` `compute.crossSiteNetworks.get` `compute.crossSiteNetworks.list` `compute.crossSiteNetworks.update` `compute.diskSettings.get` `compute.diskSettings.update` `compute.diskTypes.get` `compute.diskTypes.list` `compute.disks.addResourcePolicies` `compute.disks.create` `compute.disks.createSnapshot` `compute.disks.createTagBinding` `compute.disks.delete` `compute.disks.deleteTagBinding` `compute.disks.get` `compute.disks.getIamPolicy` `compute.disks.list` `compute.disks.listEffectiveTags` `compute.disks.listTagBindings` `compute.disks.removeResourcePolicies` `compute.disks.resize` `compute.disks.setIamPolicy` `compute.disks.setLabels` `compute.disks.startAsyncReplication` `compute.disks.stopAsyncReplication` `compute.disks.stopGroupAsyncReplication` `compute.disks.update` `compute.disks.updateKmsKey` `compute.disks.use` `compute.disks.useReadOnly` `compute.externalVpnGateways.create` `compute.externalVpnGateways.createTagBinding` `compute.externalVpnGateways.delete` `compute.externalVpnGateways.deleteTagBinding` `compute.externalVpnGateways.get` `compute.externalVpnGateways.list` `compute.externalVpnGateways.listEffectiveTags` `compute.externalVpnGateways.listTagBindings` `compute.externalVpnGateways.setLabels` `compute.externalVpnGateways.use` `compute.firewallPolicies.cloneRules` `compute.firewallPolicies.copyRules` `compute.firewallPolicies.create` `compute.firewallPolicies.createTagBinding` `compute.firewallPolicies.delete` `compute.firewallPolicies.deleteTagBinding` `compute.firewallPolicies.get` `compute.firewallPolicies.getIamPolicy` `compute.firewallPolicies.list` `compute.firewallPolicies.listEffectiveTags` `compute.firewallPolicies.listTagBindings` `compute.firewallPolicies.move` `compute.firewallPolicies.setIamPolicy` `compute.firewallPolicies.update` `compute.firewallPolicies.use` `compute.firewalls.create` `compute.firewalls.createTagBinding` `compute.firewalls.delete` `compute.firewalls.deleteTagBinding` `compute.firewalls.get` `compute.firewalls.list` `compute.firewalls.listEffectiveTags` `compute.firewalls.listTagBindings` `compute.firewalls.update` `compute.forwardingRules.create` `compute.forwardingRules.createTagBinding` `compute.forwardingRules.delete` `compute.forwardingRules.deleteTagBinding` `compute.forwardingRules.get` `compute.forwardingRules.list` `compute.forwardingRules.listEffectiveTags` `compute.forwardingRules.listTagBindings` `compute.forwardingRules.pscCreate` `compute.forwardingRules.pscDelete` `compute.forwardingRules.pscSetLabels` `compute.forwardingRules.pscUpdate` `compute.forwardingRules.setLabels` `compute.forwardingRules.setTarget` `compute.forwardingRules.update` `compute.forwardingRules.use` `compute.futureReservations.cancel` `compute.futureReservations.create` `compute.futureReservations.createTagBinding` `compute.futureReservations.delete` `compute.futureReservations.deleteTagBinding` `compute.futureReservations.get` `compute.futureReservations.getIamPolicy` `compute.futureReservations.list` `compute.futureReservations.listEffectiveTags` `compute.futureReservations.listTagBindings` `compute.futureReservations.setIamPolicy` `compute.futureReservations.update` `compute.globalAddresses.create` `compute.globalAddresses.createInternal` `compute.globalAddresses.createTagBinding` `compute.globalAddresses.delete` `compute.globalAddresses.deleteInternal` `compute.globalAddresses.deleteTagBinding` `compute.globalAddresses.get` `compute.globalAddresses.list` `compute.globalAddresses.listEffectiveTags` `compute.globalAddresses.listTagBindings` `compute.globalAddresses.setLabels` `compute.globalAddresses.use` `compute.globalForwardingRules.create` `compute.globalForwardingRules.createTagBinding` `compute.globalForwardingRules.delete` `compute.globalForwardingRules.deleteTagBinding` `compute.globalForwardingRules.get` `compute.globalForwardingRules.list` `compute.globalForwardingRules.listEffectiveTags` `compute.globalForwardingRules.listTagBindings` `compute.globalForwardingRules.pscCreate` `compute.globalForwardingRules.pscDelete` `compute.globalForwardingRules.pscSetLabels` `compute.globalForwardingRules.pscUpdate` `compute.globalForwardingRules.setLabels` `compute.globalForwardingRules.setTarget` `compute.globalForwardingRules.update` `compute.globalNetworkEndpointGroups.attachNetworkEndpoints` `compute.globalNetworkEndpointGroups.create` `compute.globalNetworkEndpointGroups.createTagBinding` `compute.globalNetworkEndpointGroups.delete` `compute.globalNetworkEndpointGroups.deleteTagBinding` `compute.globalNetworkEndpointGroups.detachNetworkEndpoints` `compute.globalNetworkEndpointGroups.get` `compute.globalNetworkEndpointGroups.list` `compute.globalNetworkEndpointGroups.listEffectiveTags` `compute.globalNetworkEndpointGroups.listTagBindings` `compute.globalNetworkEndpointGroups.use` `compute.globalOperations.delete` `compute.globalOperations.get` `compute.globalOperations.getIamPolicy` `compute.globalOperations.list` `compute.globalOperations.setIamPolicy` `compute.globalPublicDelegatedPrefixes.create` `compute.globalPublicDelegatedPrefixes.delete` `compute.globalPublicDelegatedPrefixes.get` `compute.globalPublicDelegatedPrefixes.list` `compute.globalPublicDelegatedPrefixes.updatePolicy` `compute.healthChecks.create` `compute.healthChecks.createTagBinding` `compute.healthChecks.delete` `compute.healthChecks.deleteTagBinding` `compute.healthChecks.get` `compute.healthChecks.list` `compute.healthChecks.listEffectiveTags` `compute.healthChecks.listTagBindings` `compute.healthChecks.update` `compute.healthChecks.use` `compute.healthChecks.useReadOnly` `compute.httpHealthChecks.create` `compute.httpHealthChecks.createTagBinding` `compute.httpHealthChecks.delete` `compute.httpHealthChecks.deleteTagBinding` `compute.httpHealthChecks.get` `compute.httpHealthChecks.list` `compute.httpHealthChecks.listEffectiveTags` `compute.httpHealthChecks.listTagBindings` `compute.httpHealthChecks.update` `compute.httpHealthChecks.use` `compute.httpHealthChecks.useReadOnly` `compute.httpsHealthChecks.create` `compute.httpsHealthChecks.createTagBinding` `compute.httpsHealthChecks.delete` `compute.httpsHealthChecks.deleteTagBinding` `compute.httpsHealthChecks.get` `compute.httpsHealthChecks.list` `compute.httpsHealthChecks.listEffectiveTags` `compute.httpsHealthChecks.listTagBindings` `compute.httpsHealthChecks.update` `compute.httpsHealthChecks.use` `compute.httpsHealthChecks.useReadOnly` `compute.images.create` `compute.images.createTagBinding` `compute.images.delete` `compute.images.deleteTagBinding` `compute.images.deprecate` `compute.images.get` `compute.images.getFromFamily` `compute.images.getIamPolicy` `compute.images.list` `compute.images.listEffectiveTags` `compute.images.listTagBindings` `compute.images.setIamPolicy` `compute.images.setLabels` `compute.images.update` `compute.images.useReadOnly` `compute.instanceGroupManagers.create` `compute.instanceGroupManagers.createTagBinding` `compute.instanceGroupManagers.delete` `compute.instanceGroupManagers.deleteTagBinding` `compute.instanceGroupManagers.get` `compute.instanceGroupManagers.list` `compute.instanceGroupManagers.listEffectiveTags` `compute.instanceGroupManagers.listTagBindings` `compute.instanceGroupManagers.update` `compute.instanceGroupManagers.use` `compute.instanceGroups.create` `compute.instanceGroups.createTagBinding` `compute.instanceGroups.delete` `compute.instanceGroups.deleteTagBinding` `compute.instanceGroups.get` `compute.instanceGroups.list` `compute.instanceGroups.listEffectiveTags` `compute.instanceGroups.listTagBindings` `compute.instanceGroups.update` `compute.instanceGroups.use` `compute.instanceSettings.get` `compute.instanceSettings.update` `compute.instanceTemplates.create` `compute.instanceTemplates.delete` `compute.instanceTemplates.get` `compute.instanceTemplates.getIamPolicy` `compute.instanceTemplates.list` `compute.instanceTemplates.setIamPolicy` `compute.instanceTemplates.useReadOnly` `compute.instances.addAccessConfig` `compute.instances.addNetworkInterface` `compute.instances.addResourcePolicies` `compute.instances.attachDisk` `compute.instances.create` `compute.instances.createTagBinding` `compute.instances.delete` `compute.instances.deleteAccessConfig` `compute.instances.deleteNetworkInterface` `compute.instances.deleteTagBinding` `compute.instances.detachDisk` `compute.instances.get` `compute.instances.getEffectiveFirewalls` `compute.instances.getGuestAttributes` `compute.instances.getIamPolicy` `compute.instances.getScreenshot` `compute.instances.getSerialPortOutput` `compute.instances.getShieldedInstanceIdentity` `compute.instances.getShieldedVmIdentity` `compute.instances.list` `compute.instances.listEffectiveTags` `compute.instances.listReferrers` `compute.instances.listTagBindings` `compute.instances.osAdminLogin` `compute.instances.osLogin` `compute.instances.pscInterfaceCreate` `compute.instances.removeResourcePolicies` `compute.instances.reset` `compute.instances.resume` `compute.instances.sendDiagnosticInterrupt` `compute.instances.setDeletionProtection` `compute.instances.setDiskAutoDelete` `compute.instances.setIamPolicy` `compute.instances.setLabels` `compute.instances.setMachineResources` `compute.instances.setMachineType` `compute.instances.setMetadata` `compute.instances.setMinCpuPlatform` `compute.instances.setName` `compute.instances.setScheduling` `compute.instances.setSecurityPolicy` `compute.instances.setServiceAccount` `compute.instances.setShieldedInstanceIntegrityPolicy` `compute.instances.setShieldedVmIntegrityPolicy` `compute.instances.setTags` `compute.instances.simulateMaintenanceEvent` `compute.instances.start` `compute.instances.startWithEncryptionKey` `compute.instances.stop` `compute.instances.suspend` `compute.instances.update` `compute.instances.updateAccessConfig` `compute.instances.updateDisplayDevice` `compute.instances.updateNetworkInterface` `compute.instances.updateSecurity` `compute.instances.updateShieldedInstanceConfig` `compute.instances.updateShieldedVmConfig` `compute.instances.use` `compute.instances.useReadOnly` `compute.instantSnapshotGroups.create` `compute.instantSnapshotGroups.delete` `compute.instantSnapshotGroups.get` `compute.instantSnapshotGroups.getIamPolicy` `compute.instantSnapshotGroups.list` `compute.instantSnapshotGroups.setIamPolicy` `compute.instantSnapshotGroups.useReadOnly` `compute.instantSnapshots.create` `compute.instantSnapshots.createTagBinding` `compute.instantSnapshots.delete` `compute.instantSnapshots.deleteTagBinding` `compute.instantSnapshots.export` `compute.instantSnapshots.get` `compute.instantSnapshots.getIamPolicy` `compute.instantSnapshots.list` `compute.instantSnapshots.listEffectiveTags` `compute.instantSnapshots.listTagBindings` `compute.instantSnapshots.setIamPolicy` `compute.instantSnapshots.setLabels` `compute.instantSnapshots.useReadOnly` `compute.interconnectAttachmentGroups.create` `compute.interconnectAttachmentGroups.delete` `compute.interconnectAttachmentGroups.get` `compute.interconnectAttachmentGroups.list` `compute.interconnectAttachmentGroups.patch` `compute.interconnectAttachments.create` `compute.interconnectAttachments.createTagBinding` `compute.interconnectAttachments.delete` `compute.interconnectAttachments.deleteTagBinding` `compute.interconnectAttachments.get` `compute.interconnectAttachments.list` `compute.interconnectAttachments.listEffectiveTags` `compute.interconnectAttachments.listTagBindings` `compute.interconnectAttachments.setLabels` `compute.interconnectAttachments.update` `compute.interconnectAttachments.use` `compute.interconnectGroups.create` `compute.interconnectGroups.delete` `compute.interconnectGroups.get` `compute.interconnectGroups.list` `compute.interconnectGroups.patch` `compute.interconnectLocations.get` `compute.interconnectLocations.list` `compute.interconnectRemoteLocations.get` `compute.interconnectRemoteLocations.list` `compute.interconnects.create` `compute.interconnects.createTagBinding` `compute.interconnects.delete` `compute.interconnects.deleteTagBinding` `compute.interconnects.get` `compute.interconnects.getMacsecConfig` `compute.interconnects.list` `compute.interconnects.listEffectiveTags` `compute.interconnects.listTagBindings` `compute.interconnects.setLabels` `compute.interconnects.update` `compute.interconnects.use` `compute.licenseCodes.get` `compute.licenseCodes.getIamPolicy` `compute.licenseCodes.list` `compute.licenseCodes.setIamPolicy` `compute.licenses.create` `compute.licenses.createTagBinding` `compute.licenses.delete` `compute.licenses.deleteTagBinding` `compute.licenses.get` `compute.licenses.getIamPolicy` `compute.licenses.list` `compute.licenses.listEffectiveTags` `compute.licenses.listTagBindings` `compute.licenses.setIamPolicy` `compute.licenses.update` `compute.machineImages.create` `compute.machineImages.createTagBinding` `compute.machineImages.delete` `compute.machineImages.deleteTagBinding` `compute.machineImages.get` `compute.machineImages.getIamPolicy` `compute.machineImages.list` `compute.machineImages.listEffectiveTags` `compute.machineImages.listTagBindings` `compute.machineImages.setIamPolicy` `compute.machineImages.setLabels` `compute.machineImages.useReadOnly` `compute.machineTypes.get` `compute.machineTypes.list` `compute.multiMig.create` `compute.multiMig.delete` `compute.multiMig.get` `compute.multiMig.list` `compute.multiMigMembers.get` `compute.multiMigMembers.list` `compute.networkAttachments.create` `compute.networkAttachments.createTagBinding` `compute.networkAttachments.delete` `compute.networkAttachments.deleteTagBinding` `compute.networkAttachments.get` `compute.networkAttachments.getIamPolicy` `compute.networkAttachments.list` `compute.networkAttachments.listEffectiveTags` `compute.networkAttachments.listTagBindings` `compute.networkAttachments.setIamPolicy` `compute.networkAttachments.update` `compute.networkAttachments.use` `compute.networkEdgeSecurityServices.create` `compute.networkEdgeSecurityServices.createTagBinding` `compute.networkEdgeSecurityServices.delete` `compute.networkEdgeSecurityServices.deleteTagBinding` `compute.networkEdgeSecurityServices.get` `compute.networkEdgeSecurityServices.list` `compute.networkEdgeSecurityServices.listEffectiveTags` `compute.networkEdgeSecurityServices.listTagBindings` `compute.networkEdgeSecurityServices.update` `compute.networkEndpointGroups.attachNetworkEndpoints` `compute.networkEndpointGroups.create` `compute.networkEndpointGroups.createTagBinding` `compute.networkEndpointGroups.delete` `compute.networkEndpointGroups.deleteTagBinding` `compute.networkEndpointGroups.detachNetworkEndpoints` `compute.networkEndpointGroups.get` `compute.networkEndpointGroups.list` `compute.networkEndpointGroups.listEffectiveTags` `compute.networkEndpointGroups.listTagBindings` `compute.networkEndpointGroups.use` `compute.networkProfiles.get` `compute.networkProfiles.list` `compute.networks.access` `compute.networks.addPeering` `compute.networks.create` `compute.networks.createTagBinding` `compute.networks.delete` `compute.networks.deleteTagBinding` `compute.networks.get` `compute.networks.getEffectiveFirewalls` `compute.networks.getRegionEffectiveFirewalls` `compute.networks.list` `compute.networks.listEffectiveTags` `compute.networks.listPeeringRoutes` `compute.networks.listTagBindings` `compute.networks.mirror` `compute.networks.removePeering` `compute.networks.setFirewallPolicy` `compute.networks.setNetworkPolicy` `compute.networks.switchToCustomMode` `compute.networks.update` `compute.networks.updatePeering` `compute.networks.updatePolicy` `compute.networks.use` `compute.networks.useExternalIp` `compute.nodeGroups.addNodes` `compute.nodeGroups.create` `compute.nodeGroups.delete` `compute.nodeGroups.deleteNodes` `compute.nodeGroups.get` `compute.nodeGroups.getIamPolicy` `compute.nodeGroups.list` `compute.nodeGroups.performMaintenance` `compute.nodeGroups.setIamPolicy` `compute.nodeGroups.setNodeTemplate` `compute.nodeGroups.simulateMaintenanceEvent` `compute.nodeGroups.update` `compute.nodeTemplates.create` `compute.nodeTemplates.delete` `compute.nodeTemplates.get` `compute.nodeTemplates.getIamPolicy` `compute.nodeTemplates.list` `compute.nodeTemplates.setIamPolicy` `compute.nodeTypes.get` `compute.nodeTypes.list` `compute.organizations.disableXpnHost` `compute.organizations.disableXpnResource` `compute.organizations.enableXpnHost` `compute.organizations.enableXpnResource` `compute.organizations.listAssociations` `compute.organizations.setFirewallPolicy` `compute.organizations.setSecurityPolicy` `compute.oslogin.updateExternalUser` `compute.packetMirrorings.create` `compute.packetMirrorings.createTagBinding` `compute.packetMirrorings.delete` `compute.packetMirrorings.deleteTagBinding` `compute.packetMirrorings.get` `compute.packetMirrorings.list` `compute.packetMirrorings.listEffectiveTags` `compute.packetMirrorings.listTagBindings` `compute.packetMirrorings.update` `compute.previewFeatures.get` `compute.previewFeatures.list` `compute.previewFeatures.update` `compute.projects.get` `compute.projects.setCloudArmorTier` `compute.projects.setCommonInstanceMetadata` `compute.projects.setDefaultNetworkTier` `compute.projects.setDefaultServiceAccount` `compute.projects.setManagedProtectionTier` `compute.projects.setUsageExportBucket` `compute.publicAdvertisedPrefixes.create` `compute.publicAdvertisedPrefixes.delete` `compute.publicAdvertisedPrefixes.get` `compute.publicAdvertisedPrefixes.list` `compute.publicAdvertisedPrefixes.update` `compute.publicAdvertisedPrefixes.updatePolicy` `compute.publicDelegatedPrefixes.announce` `compute.publicDelegatedPrefixes.create` `compute.publicDelegatedPrefixes.createTagBinding` `compute.publicDelegatedPrefixes.delete` `compute.publicDelegatedPrefixes.deleteTagBinding` `compute.publicDelegatedPrefixes.get` `compute.publicDelegatedPrefixes.list` `compute.publicDelegatedPrefixes.listEffectiveTags` `compute.publicDelegatedPrefixes.listTagBindings` `compute.publicDelegatedPrefixes.update` `compute.publicDelegatedPrefixes.updatePolicy` `compute.publicDelegatedPrefixes.use` `compute.publicDelegatedPrefixes.withdraw` `compute.regionBackendBuckets.create` `compute.regionBackendBuckets.createTagBinding` `compute.regionBackendBuckets.delete` `compute.regionBackendBuckets.deleteTagBinding` `compute.regionBackendBuckets.get` `compute.regionBackendBuckets.getIamPolicy` `compute.regionBackendBuckets.list` `compute.regionBackendBuckets.listEffectiveTags` `compute.regionBackendBuckets.listTagBindings` `compute.regionBackendBuckets.setIamPolicy` `compute.regionBackendBuckets.update` `compute.regionBackendBuckets.use` `compute.regionBackendServices.create` `compute.regionBackendServices.createTagBinding` `compute.regionBackendServices.delete` `compute.regionBackendServices.deleteTagBinding` `compute.regionBackendServices.get` `compute.regionBackendServices.getIamPolicy` `compute.regionBackendServices.list` `compute.regionBackendServices.listEffectiveTags` `compute.regionBackendServices.listTagBindings` `compute.regionBackendServices.setIamPolicy` `compute.regionBackendServices.setSecurityPolicy` `compute.regionBackendServices.update` `compute.regionBackendServices.use` `compute.regionCompositeHealthChecks.create` `compute.regionCompositeHealthChecks.delete` `compute.regionCompositeHealthChecks.get` `compute.regionCompositeHealthChecks.list` `compute.regionCompositeHealthChecks.update` `compute.regionFirewallPolicies.cloneRules` `compute.regionFirewallPolicies.create` `compute.regionFirewallPolicies.createTagBinding` `compute.regionFirewallPolicies.delete` `compute.regionFirewallPolicies.deleteTagBinding` `compute.regionFirewallPolicies.get` `compute.regionFirewallPolicies.getIamPolicy` `compute.regionFirewallPolicies.list` `compute.regionFirewallPolicies.listEffectiveTags` `compute.regionFirewallPolicies.listTagBindings` `compute.regionFirewallPolicies.setIamPolicy` `compute.regionFirewallPolicies.update` `compute.regionFirewallPolicies.use` `compute.regionHealthAggregationPolicies.create` `compute.regionHealthAggregationPolicies.delete` `compute.regionHealthAggregationPolicies.get` `compute.regionHealthAggregationPolicies.list` `compute.regionHealthAggregationPolicies.update` `compute.regionHealthCheckServices.create` `compute.regionHealthCheckServices.delete` `compute.regionHealthCheckServices.get` `compute.regionHealthCheckServices.list` `compute.regionHealthCheckServices.update` `compute.regionHealthCheckServices.use` `compute.regionHealthChecks.create` `compute.regionHealthChecks.createTagBinding` `compute.regionHealthChecks.delete` `compute.regionHealthChecks.deleteTagBinding` `compute.regionHealthChecks.get` `compute.regionHealthChecks.list` `compute.regionHealthChecks.listEffectiveTags` `compute.regionHealthChecks.listTagBindings` `compute.regionHealthChecks.update` `compute.regionHealthChecks.use` `compute.regionHealthChecks.useReadOnly` `compute.regionHealthSources.create` `compute.regionHealthSources.delete` `compute.regionHealthSources.get` `compute.regionHealthSources.list` `compute.regionHealthSources.update` `compute.regionNetworkEndpointGroups.attachNetworkEndpoints` `compute.regionNetworkEndpointGroups.create` `compute.regionNetworkEndpointGroups.createTagBinding` `compute.regionNetworkEndpointGroups.delete` `compute.regionNetworkEndpointGroups.deleteTagBinding` `compute.regionNetworkEndpointGroups.detachNetworkEndpoints` `compute.regionNetworkEndpointGroups.get` `compute.regionNetworkEndpointGroups.list` `compute.regionNetworkEndpointGroups.listEffectiveTags` `compute.regionNetworkEndpointGroups.listTagBindings` `compute.regionNetworkEndpointGroups.use` `compute.regionNetworkPolicies.create` `compute.regionNetworkPolicies.delete` `compute.regionNetworkPolicies.get` `compute.regionNetworkPolicies.list` `compute.regionNetworkPolicies.update` `compute.regionNetworkPolicies.use` `compute.regionNotificationEndpoints.create` `compute.regionNotificationEndpoints.delete` `compute.regionNotificationEndpoints.get` `compute.regionNotificationEndpoints.list` `compute.regionNotificationEndpoints.update` `compute.regionNotificationEndpoints.use` `compute.regionOperations.delete` `compute.regionOperations.get` `compute.regionOperations.getIamPolicy` `compute.regionOperations.list` `compute.regionOperations.setIamPolicy` `compute.regionSecurityPolicies.create` `compute.regionSecurityPolicies.createTagBinding` `compute.regionSecurityPolicies.delete` `compute.regionSecurityPolicies.deleteTagBinding` `compute.regionSecurityPolicies.get` `compute.regionSecurityPolicies.list` `compute.regionSecurityPolicies.listEffectiveTags` `compute.regionSecurityPolicies.listTagBindings` `compute.regionSecurityPolicies.update` `compute.regionSecurityPolicies.use` `compute.regionSslCertificates.create` `compute.regionSslCertificates.createTagBinding` `compute.regionSslCertificates.delete` `compute.regionSslCertificates.deleteTagBinding` `compute.regionSslCertificates.get` `compute.regionSslCertificates.list` `compute.regionSslCertificates.listEffectiveTags` `compute.regionSslCertificates.listTagBindings` `compute.regionSslPolicies.create` `compute.regionSslPolicies.createTagBinding` `compute.regionSslPolicies.delete` `compute.regionSslPolicies.deleteTagBinding` `compute.regionSslPolicies.get` `compute.regionSslPolicies.list` `compute.regionSslPolicies.listAvailableFeatures` `compute.regionSslPolicies.listEffectiveTags` `compute.regionSslPolicies.listTagBindings` `compute.regionSslPolicies.update` `compute.regionSslPolicies.use` `compute.regionTargetHttpProxies.create` `compute.regionTargetHttpProxies.createTagBinding` `compute.regionTargetHttpProxies.delete` `compute.regionTargetHttpProxies.deleteTagBinding` `compute.regionTargetHttpProxies.get` `compute.regionTargetHttpProxies.list` `compute.regionTargetHttpProxies.listEffectiveTags` `compute.regionTargetHttpProxies.listTagBindings` `compute.regionTargetHttpProxies.setUrlMap` `compute.regionTargetHttpProxies.use` `compute.regionTargetHttpsProxies.create` `compute.regionTargetHttpsProxies.createTagBinding` `compute.regionTargetHttpsProxies.delete` `compute.regionTargetHttpsProxies.deleteTagBinding` `compute.regionTargetHttpsProxies.get` `compute.regionTargetHttpsProxies.list` `compute.regionTargetHttpsProxies.listEffectiveTags` `compute.regionTargetHttpsProxies.listTagBindings` `compute.regionTargetHttpsProxies.setSslCertificates` `compute.regionTargetHttpsProxies.setUrlMap` `compute.regionTargetHttpsProxies.update` `compute.regionTargetHttpsProxies.use` `compute.regionTargetTcpProxies.create` `compute.regionTargetTcpProxies.createTagBinding` `compute.regionTargetTcpProxies.delete` `compute.regionTargetTcpProxies.deleteTagBinding` `compute.regionTargetTcpProxies.get` `compute.regionTargetTcpProxies.list` `compute.regionTargetTcpProxies.listEffectiveTags` `compute.regionTargetTcpProxies.listTagBindings` `compute.regionTargetTcpProxies.use` `compute.regionUrlMaps.create` `compute.regionUrlMaps.createTagBinding` `compute.regionUrlMaps.delete` `compute.regionUrlMaps.deleteTagBinding` `compute.regionUrlMaps.get` `compute.regionUrlMaps.invalidateCache` `compute.regionUrlMaps.list` `compute.regionUrlMaps.listEffectiveTags` `compute.regionUrlMaps.listTagBindings` `compute.regionUrlMaps.update` `compute.regionUrlMaps.use` `compute.regionUrlMaps.validate` `compute.regions.get` `compute.regions.list` `compute.reservationBlocks.get` `compute.reservationBlocks.list` `compute.reservationBlocks.performMaintenance` `compute.reservationSlots.get` `compute.reservationSlots.list` `compute.reservationSlots.update` `compute.reservationSubBlocks.get` `compute.reservationSubBlocks.list` `compute.reservationSubBlocks.performMaintenance` `compute.reservationSubBlocks.reportFaulty` `compute.reservations.create` `compute.reservations.createTagBinding` `compute.reservations.delete` `compute.reservations.deleteTagBinding` `compute.reservations.get` `compute.reservations.list` `compute.reservations.listEffectiveTags` `compute.reservations.listTagBindings` `compute.reservations.performMaintenance` `compute.reservations.resize` `compute.reservations.update` `compute.resourcePolicies.create` `compute.resourcePolicies.delete` `compute.resourcePolicies.get` `compute.resourcePolicies.getIamPolicy` `compute.resourcePolicies.list` `compute.resourcePolicies.setIamPolicy` `compute.resourcePolicies.update` `compute.resourcePolicies.use` `compute.resourcePolicies.useReadOnly` `compute.rolloutPlans.create` `compute.rolloutPlans.delete` `compute.rolloutPlans.get` `compute.rolloutPlans.list` `compute.rollouts.cancel` `compute.rollouts.delete` `compute.rollouts.get` `compute.rollouts.list` `compute.routers.create` `compute.routers.createTagBinding` `compute.routers.delete` `compute.routers.deleteRoutePolicy` `compute.routers.deleteTagBinding` `compute.routers.get` `compute.routers.getRoutePolicy` `compute.routers.list` `compute.routers.listBgpRoutes` `compute.routers.listEffectiveTags` `compute.routers.listRoutePolicies` `compute.routers.listTagBindings` `compute.routers.update` `compute.routers.updateRoutePolicy` `compute.routers.use` `compute.routes.create` `compute.routes.createTagBinding` `compute.routes.delete` `compute.routes.deleteTagBinding` `compute.routes.get` `compute.routes.list` `compute.routes.listEffectiveTags` `compute.routes.listTagBindings` `compute.securityPolicies.addAssociation` `compute.securityPolicies.copyRules` `compute.securityPolicies.create` `compute.securityPolicies.createTagBinding` `compute.securityPolicies.delete` `compute.securityPolicies.deleteTagBinding` `compute.securityPolicies.get` `compute.securityPolicies.list` `compute.securityPolicies.listEffectiveTags` `compute.securityPolicies.listTagBindings` `compute.securityPolicies.move` `compute.securityPolicies.removeAssociation` `compute.securityPolicies.setLabels` `compute.securityPolicies.update` `compute.securityPolicies.use` `compute.serviceAttachments.create` `compute.serviceAttachments.createTagBinding` `compute.serviceAttachments.delete` `compute.serviceAttachments.deleteTagBinding` `compute.serviceAttachments.get` `compute.serviceAttachments.getIamPolicy` `compute.serviceAttachments.list` `compute.serviceAttachments.listEffectiveTags` `compute.serviceAttachments.listTagBindings` `compute.serviceAttachments.setIamPolicy` `compute.serviceAttachments.update` `compute.serviceAttachments.use` `compute.snapshotGroups.create` `compute.snapshotGroups.delete` `compute.snapshotGroups.get` `compute.snapshotGroups.getIamPolicy` `compute.snapshotGroups.list` `compute.snapshotGroups.setIamPolicy` `compute.snapshotGroups.useReadOnly` `compute.snapshotSettings.get` `compute.snapshotSettings.update` `compute.snapshots.create` `compute.snapshots.createTagBinding` `compute.snapshots.delete` `compute.snapshots.deleteTagBinding` `compute.snapshots.get` `compute.snapshots.getIamPolicy` `compute.snapshots.list` `compute.snapshots.listEffectiveTags` `compute.snapshots.listTagBindings` `compute.snapshots.setIamPolicy` `compute.snapshots.setLabels` `compute.snapshots.updateKmsKey` `compute.snapshots.useReadOnly` `compute.spotAssistants.get` `compute.sslCertificates.create` `compute.sslCertificates.createTagBinding` `compute.sslCertificates.delete` `compute.sslCertificates.deleteTagBinding` `compute.sslCertificates.get` `compute.sslCertificates.list` `compute.sslCertificates.listEffectiveTags` `compute.sslCertificates.listTagBindings` `compute.sslPolicies.create` `compute.sslPolicies.createTagBinding` `compute.sslPolicies.delete` `compute.sslPolicies.deleteTagBinding` `compute.sslPolicies.get` `compute.sslPolicies.list` `compute.sslPolicies.listAvailableFeatures` `compute.sslPolicies.listEffectiveTags` `compute.sslPolicies.listTagBindings` `compute.sslPolicies.update` `compute.sslPolicies.use` `compute.storagePools.create` `compute.storagePools.createTagBinding` `compute.storagePools.delete` `compute.storagePools.deleteTagBinding` `compute.storagePools.get` `compute.storagePools.getIamPolicy` `compute.storagePools.list` `compute.storagePools.listEffectiveTags` `compute.storagePools.listTagBindings` `compute.storagePools.setIamPolicy` `compute.storagePools.update` `compute.storagePools.use` `compute.subnetworks.create` `compute.subnetworks.createTagBinding` `compute.subnetworks.delete` `compute.subnetworks.deleteTagBinding` `compute.subnetworks.expandIpCidrRange` `compute.subnetworks.get` `compute.subnetworks.getIamPolicy` `compute.subnetworks.list` `compute.subnetworks.listEffectiveTags` `compute.subnetworks.listTagBindings` `compute.subnetworks.mirror` `compute.subnetworks.setIamPolicy` `compute.subnetworks.setPrivateIpGoogleAccess` `compute.subnetworks.update` `compute.subnetworks.use` `compute.subnetworks.useExternalIp` `compute.subnetworks.usePeerMigration` `compute.targetGrpcProxies.create` `compute.targetGrpcProxies.createTagBinding` `compute.targetGrpcProxies.delete` `compute.targetGrpcProxies.deleteTagBinding` `compute.targetGrpcProxies.get` `compute.targetGrpcProxies.list` `compute.targetGrpcProxies.listEffectiveTags` `compute.targetGrpcProxies.listTagBindings` `compute.targetGrpcProxies.update` `compute.targetGrpcProxies.use` `compute.targetHttpProxies.create` `compute.targetHttpProxies.createTagBinding` `compute.targetHttpProxies.delete` `compute.targetHttpProxies.deleteTagBinding` `compute.targetHttpProxies.get` `compute.targetHttpProxies.list` `compute.targetHttpProxies.listEffectiveTags` `compute.targetHttpProxies.listTagBindings` `compute.targetHttpProxies.setUrlMap` `compute.targetHttpProxies.update` `compute.targetHttpProxies.use` `compute.targetHttpsProxies.create` `compute.targetHttpsProxies.createTagBinding` `compute.targetHttpsProxies.delete` `compute.targetHttpsProxies.deleteTagBinding` `compute.targetHttpsProxies.get` `compute.targetHttpsProxies.list` `compute.targetHttpsProxies.listEffectiveTags` `compute.targetHttpsProxies.listTagBindings` `compute.targetHttpsProxies.setCertificateMap` `compute.targetHttpsProxies.setQuicOverride` `compute.targetHttpsProxies.setSslCertificates` `compute.targetHttpsProxies.setSslPolicy` `compute.targetHttpsProxies.setUrlMap` `compute.targetHttpsProxies.update` `compute.targetHttpsProxies.use` `compute.targetInstances.create` `compute.targetInstances.createTagBinding` `compute.targetInstances.delete` `compute.targetInstances.deleteTagBinding` `compute.targetInstances.get` `compute.targetInstances.list` `compute.targetInstances.listEffectiveTags` `compute.targetInstances.listTagBindings` `compute.targetInstances.setSecurityPolicy` `compute.targetInstances.use` `compute.targetPools.addHealthCheck` `compute.targetPools.addInstance` `compute.targetPools.create` `compute.targetPools.createTagBinding` `compute.targetPools.delete` `compute.targetPools.deleteTagBinding` `compute.targetPools.get` `compute.targetPools.list` `compute.targetPools.listEffectiveTags` `compute.targetPools.listTagBindings` `compute.targetPools.removeHealthCheck` `compute.targetPools.removeInstance` `compute.targetPools.setSecurityPolicy` `compute.targetPools.update` `compute.targetPools.use` `compute.targetSslProxies.create` `compute.targetSslProxies.createTagBinding` `compute.targetSslProxies.delete` `compute.targetSslProxies.deleteTagBinding` `compute.targetSslProxies.get` `compute.targetSslProxies.list` `compute.targetSslProxies.listEffectiveTags` `compute.targetSslProxies.listTagBindings` `compute.targetSslProxies.setBackendService` `compute.targetSslProxies.setCertificateMap` `compute.targetSslProxies.setProxyHeader` `compute.targetSslProxies.setSslCertificates` `compute.targetSslProxies.setSslPolicy` `compute.targetSslProxies.update` `compute.targetSslProxies.use` `compute.targetTcpProxies.create` `compute.targetTcpProxies.createTagBinding` `compute.targetTcpProxies.delete` `compute.targetTcpProxies.deleteTagBinding` `compute.targetTcpProxies.get` `compute.targetTcpProxies.list` `compute.targetTcpProxies.listEffectiveTags` `compute.targetTcpProxies.listTagBindings` `compute.targetTcpProxies.update` `compute.targetTcpProxies.use` `compute.targetVpnGateways.create` `compute.targetVpnGateways.createTagBinding` `compute.targetVpnGateways.delete` `compute.targetVpnGateways.deleteTagBinding` `compute.targetVpnGateways.get` `compute.targetVpnGateways.list` `compute.targetVpnGateways.listEffectiveTags` `compute.targetVpnGateways.listTagBindings` `compute.targetVpnGateways.setLabels` `compute.targetVpnGateways.use` `compute.urlMaps.create` `compute.urlMaps.createTagBinding` `compute.urlMaps.delete` `compute.urlMaps.deleteTagBinding` `compute.urlMaps.get` `compute.urlMaps.invalidateCache` `compute.urlMaps.list` `compute.urlMaps.listEffectiveTags` `compute.urlMaps.listTagBindings` `compute.urlMaps.update` `compute.urlMaps.use` `compute.urlMaps.validate` `compute.vmExtensionPolicies.create` `compute.vmExtensionPolicies.delete` `compute.vmExtensionPolicies.get` `compute.vmExtensionPolicies.list` `compute.vmExtensionPolicies.update` `compute.vpnGateways.create` `compute.vpnGateways.createTagBinding` `compute.vpnGateways.delete` `compute.vpnGateways.deleteTagBinding` `compute.vpnGateways.get` `compute.vpnGateways.list` `compute.vpnGateways.listEffectiveTags` `compute.vpnGateways.listTagBindings` `compute.vpnGateways.setLabels` `compute.vpnGateways.use` `compute.vpnTunnels.create` `compute.vpnTunnels.createTagBinding` `compute.vpnTunnels.delete` `compute.vpnTunnels.deleteTagBinding` `compute.vpnTunnels.get` `compute.vpnTunnels.list` `compute.vpnTunnels.listEffectiveTags` `compute.vpnTunnels.listTagBindings` `compute.vpnTunnels.setLabels` `compute.wireGroups.create` `compute.wireGroups.delete` `compute.wireGroups.get` `compute.wireGroups.list` `compute.wireGroups.update` `compute.zoneOperations.delete` `compute.zoneOperations.get` `compute.zoneOperations.getIamPolicy` `compute.zoneOperations.list` `compute.zoneOperations.setIamPolicy` `compute.zones.get` `compute.zones.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.*` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`
Compute Future Reservation Admin ^Beta (`roles/compute.futureReservationAdmin`)	`compute.acceleratorTypes.list` `compute.advice.calendarMode` `compute.futureReservations.cancel` `compute.futureReservations.create` `compute.futureReservations.delete` `compute.futureReservations.get` `compute.futureReservations.list` `compute.futureReservations.update` `compute.instanceTemplates.list` `compute.machineTypes.list` `compute.regions.list` `compute.reservationBlocks.performMaintenance` `compute.reservationSubBlocks.performMaintenance` `compute.reservationSubBlocks.reportFaulty` `compute.reservations.create` `compute.reservations.performMaintenance` `compute.zones.list`
Compute Future Reservation User ^Beta (`roles/compute.futureReservationUser`)	`compute.acceleratorTypes.list` `compute.advice.calendarMode` `compute.futureReservations.create` `compute.futureReservations.delete` `compute.futureReservations.get` `compute.futureReservations.list` `compute.futureReservations.update` `compute.instanceTemplates.list` `compute.machineTypes.list` `compute.regions.list` `compute.reservations.create` `compute.zones.list`
Compute Future Reservation Viewer ^Beta (`roles/compute.futureReservationViewer`)	`compute.acceleratorTypes.list` `compute.futureReservations.get` `compute.futureReservations.list` `compute.instanceTemplates.list` `compute.machineTypes.list` `compute.regions.list` `compute.zones.list`
Compute Image User (`roles/compute.imageUser`) Permission to list and read images without having other permissions on the image. Granting this role at the project level gives users the ability to list all images in the project and create resources, such as instances and persistent disks, based on images in the project. Lowest-level resources where you can grant this role: Image	`compute.images.get` `compute.images.getFromFamily` `compute.images.list` `compute.images.useReadOnly` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.*` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`
Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Permissions to create, modify, and delete virtual machine instances. This includes permissions to create, modify, and delete disks, and also to configure Shielded VM settings. If the user will be managing virtual machine instances that are configured to run as a service account, you must also grant the `roles/iam.serviceAccountUser` role. For example, if your company has someone who manages groups of virtual machine instances but does not manage network or security settings and does not manage instances that run as service accounts, you can grant this role on the organization, folder, or project that contains the instances, or you can grant it on individual instances. Lowest-level resources where you can grant this role: Disk Image Instance Instance template Snapshot	`backupdr.backupPlanAssociations.createForComputeDisk` `backupdr.backupPlanAssociations.createForComputeInstance` `backupdr.backupPlanAssociations.deleteForComputeDisk` `backupdr.backupPlanAssociations.deleteForComputeInstance` `backupdr.backupPlanAssociations.fetchForComputeDisk` `backupdr.backupPlanAssociations.getForComputeDisk` `backupdr.backupPlanAssociations.list` `backupdr.backupPlanAssociations.triggerBackupForComputeDisk` `backupdr.backupPlanAssociations.triggerBackupForComputeInstance` `backupdr.backupPlanAssociations.updateForComputeDisk` `backupdr.backupPlanAssociations.updateForComputeInstance` `backupdr.backupPlans.get` `backupdr.backupPlans.list` `backupdr.backupPlans.useForComputeDisk` `backupdr.backupPlans.useForComputeInstance` `backupdr.backupVaults.get` `backupdr.backupVaults.list` `backupdr.locations.list` `backupdr.operations.get` `backupdr.operations.list` `backupdr.serviceConfig.initialize` `cloudkms.keyHandles.` `cloudkms.keyHandles.create` `cloudkms.keyHandles.get` `cloudkms.keyHandles.list` `cloudkms.operations.get` `cloudkms.projects.showEffectiveAutokeyConfig` `compute.acceleratorTypes.` `compute.acceleratorTypes.get` `compute.acceleratorTypes.list` `compute.addresses.createInternal` `compute.addresses.deleteInternal` `compute.addresses.get` `compute.addresses.list` `compute.addresses.listEffectiveTags` `compute.addresses.listTagBindings` `compute.addresses.use` `compute.addresses.useInternal` `compute.autoscalers.` `compute.autoscalers.create` `compute.autoscalers.delete` `compute.autoscalers.get` `compute.autoscalers.list` `compute.autoscalers.update` `compute.diskSettings.get` `compute.diskTypes.` `compute.diskTypes.get` `compute.diskTypes.list` `compute.disks.create` `compute.disks.createSnapshot` `compute.disks.delete` `compute.disks.get` `compute.disks.list` `compute.disks.resize` `compute.disks.setLabels` `compute.disks.startAsyncReplication` `compute.disks.stopAsyncReplication` `compute.disks.stopGroupAsyncReplication` `compute.disks.update` `compute.disks.updateKmsKey` `compute.disks.use` `compute.disks.useReadOnly` `compute.globalAddresses.get` `compute.globalAddresses.list` `compute.globalAddresses.listEffectiveTags` `compute.globalAddresses.listTagBindings` `compute.globalAddresses.use` `compute.globalNetworkEndpointGroups.` `compute.globalNetworkEndpointGroups.attachNetworkEndpoints` `compute.globalNetworkEndpointGroups.create` `compute.globalNetworkEndpointGroups.createTagBinding` `compute.globalNetworkEndpointGroups.delete` `compute.globalNetworkEndpointGroups.deleteTagBinding` `compute.globalNetworkEndpointGroups.detachNetworkEndpoints` `compute.globalNetworkEndpointGroups.get` `compute.globalNetworkEndpointGroups.list` `compute.globalNetworkEndpointGroups.listEffectiveTags` `compute.globalNetworkEndpointGroups.listTagBindings` `compute.globalNetworkEndpointGroups.use` `compute.globalOperations.get` `compute.globalOperations.list` `compute.images.get` `compute.images.getFromFamily` `compute.images.list` `compute.images.useReadOnly` `compute.instanceGroupManagers.` `compute.instanceGroupManagers.create` `compute.instanceGroupManagers.createTagBinding` `compute.instanceGroupManagers.delete` `compute.instanceGroupManagers.deleteTagBinding` `compute.instanceGroupManagers.get` `compute.instanceGroupManagers.list` `compute.instanceGroupManagers.listEffectiveTags` `compute.instanceGroupManagers.listTagBindings` `compute.instanceGroupManagers.update` `compute.instanceGroupManagers.use` `compute.instanceGroups.` `compute.instanceGroups.create` `compute.instanceGroups.createTagBinding` `compute.instanceGroups.delete` `compute.instanceGroups.deleteTagBinding` `compute.instanceGroups.get` `compute.instanceGroups.list` `compute.instanceGroups.listEffectiveTags` `compute.instanceGroups.listTagBindings` `compute.instanceGroups.update` `compute.instanceGroups.use` `compute.instanceSettings.get` `compute.instanceTemplates.` `compute.instanceTemplates.create` `compute.instanceTemplates.delete` `compute.instanceTemplates.get` `compute.instanceTemplates.getIamPolicy` `compute.instanceTemplates.list` `compute.instanceTemplates.setIamPolicy` `compute.instanceTemplates.useReadOnly` `compute.instances.` `compute.instances.addAccessConfig` `compute.instances.addNetworkInterface` `compute.instances.addResourcePolicies` `compute.instances.attachDisk` `compute.instances.create` `compute.instances.createTagBinding` `compute.instances.delete` `compute.instances.deleteAccessConfig` `compute.instances.deleteNetworkInterface` `compute.instances.deleteTagBinding` `compute.instances.detachDisk` `compute.instances.get` `compute.instances.getEffectiveFirewalls` `compute.instances.getGuestAttributes` `compute.instances.getIamPolicy` `compute.instances.getScreenshot` `compute.instances.getSerialPortOutput` `compute.instances.getShieldedInstanceIdentity` `compute.instances.getShieldedVmIdentity` `compute.instances.list` `compute.instances.listEffectiveTags` `compute.instances.listReferrers` `compute.instances.listTagBindings` `compute.instances.osAdminLogin` `compute.instances.osLogin` `compute.instances.pscInterfaceCreate` `compute.instances.removeResourcePolicies` `compute.instances.reset` `compute.instances.resume` `compute.instances.sendDiagnosticInterrupt` `compute.instances.setDeletionProtection` `compute.instances.setDiskAutoDelete` `compute.instances.setIamPolicy` `compute.instances.setLabels` `compute.instances.setMachineResources` `compute.instances.setMachineType` `compute.instances.setMetadata` `compute.instances.setMinCpuPlatform` `compute.instances.setName` `compute.instances.setScheduling` `compute.instances.setSecurityPolicy` `compute.instances.setServiceAccount` `compute.instances.setShieldedInstanceIntegrityPolicy` `compute.instances.setShieldedVmIntegrityPolicy` `compute.instances.setTags` `compute.instances.simulateMaintenanceEvent` `compute.instances.start` `compute.instances.startWithEncryptionKey` `compute.instances.stop` `compute.instances.suspend` `compute.instances.update` `compute.instances.updateAccessConfig` `compute.instances.updateDisplayDevice` `compute.instances.updateNetworkInterface` `compute.instances.updateSecurity` `compute.instances.updateShieldedInstanceConfig` `compute.instances.updateShieldedVmConfig` `compute.instances.use` `compute.instances.useReadOnly` `compute.licenses.get` `compute.licenses.list` `compute.licenses.listEffectiveTags` `compute.licenses.listTagBindings` `compute.machineImages.` `compute.machineImages.create` `compute.machineImages.createTagBinding` `compute.machineImages.delete` `compute.machineImages.deleteTagBinding` `compute.machineImages.get` `compute.machineImages.getIamPolicy` `compute.machineImages.list` `compute.machineImages.listEffectiveTags` `compute.machineImages.listTagBindings` `compute.machineImages.setIamPolicy` `compute.machineImages.setLabels` `compute.machineImages.useReadOnly` `compute.machineTypes.` `compute.machineTypes.get` `compute.machineTypes.list` `compute.multiMig.` `compute.multiMig.create` `compute.multiMig.delete` `compute.multiMig.get` `compute.multiMig.list` `compute.networkEndpointGroups.` `compute.networkEndpointGroups.attachNetworkEndpoints` `compute.networkEndpointGroups.create` `compute.networkEndpointGroups.createTagBinding` `compute.networkEndpointGroups.delete` `compute.networkEndpointGroups.deleteTagBinding` `compute.networkEndpointGroups.detachNetworkEndpoints` `compute.networkEndpointGroups.get` `compute.networkEndpointGroups.list` `compute.networkEndpointGroups.listEffectiveTags` `compute.networkEndpointGroups.listTagBindings` `compute.networkEndpointGroups.use` `compute.networks.get` `compute.networks.list` `compute.networks.listEffectiveTags` `compute.networks.listTagBindings` `compute.networks.use` `compute.networks.useExternalIp` `compute.projects.get` `compute.regionNetworkEndpointGroups.` `compute.regionNetworkEndpointGroups.attachNetworkEndpoints` `compute.regionNetworkEndpointGroups.create` `compute.regionNetworkEndpointGroups.createTagBinding` `compute.regionNetworkEndpointGroups.delete` `compute.regionNetworkEndpointGroups.deleteTagBinding` `compute.regionNetworkEndpointGroups.detachNetworkEndpoints` `compute.regionNetworkEndpointGroups.get` `compute.regionNetworkEndpointGroups.list` `compute.regionNetworkEndpointGroups.listEffectiveTags` `compute.regionNetworkEndpointGroups.listTagBindings` `compute.regionNetworkEndpointGroups.use` `compute.regionOperations.get` `compute.regionOperations.list` `compute.regions.` `compute.regions.get` `compute.regions.list` `compute.reservationBlocks.get` `compute.reservationBlocks.list` `compute.reservationSubBlocks.` `compute.reservationSubBlocks.get` `compute.reservationSubBlocks.list` `compute.reservationSubBlocks.performMaintenance` `compute.reservationSubBlocks.reportFaulty` `compute.reservations.get` `compute.reservations.list` `compute.reservations.listEffectiveTags` `compute.reservations.listTagBindings` `compute.resourcePolicies.list` `compute.resourcePolicies.useReadOnly` `compute.storagePools.get` `compute.storagePools.list` `compute.storagePools.listEffectiveTags` `compute.storagePools.listTagBindings` `compute.storagePools.use` `compute.subnetworks.get` `compute.subnetworks.list` `compute.subnetworks.listEffectiveTags` `compute.subnetworks.listTagBindings` `compute.subnetworks.use` `compute.subnetworks.useExternalIp` `compute.targetPools.get` `compute.targetPools.list` `compute.targetPools.listEffectiveTags` `compute.targetPools.listTagBindings` `compute.zoneOperations.get` `compute.zoneOperations.list` `compute.zones.` `compute.zones.get` `compute.zones.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`
Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Full control of Compute Engine instances, instance groups, disks, snapshots, and images. Read access to all Compute Engine networking resources. If you grant a user this role only at an instance level, then that user cannot create new instances.	`backupdr.backupPlanAssociations.createForComputeDisk` `backupdr.backupPlanAssociations.createForComputeInstance` `backupdr.backupPlanAssociations.deleteForComputeDisk` `backupdr.backupPlanAssociations.deleteForComputeInstance` `backupdr.backupPlanAssociations.fetchForComputeDisk` `backupdr.backupPlanAssociations.getForComputeDisk` `backupdr.backupPlanAssociations.list` `backupdr.backupPlanAssociations.triggerBackupForComputeDisk` `backupdr.backupPlanAssociations.triggerBackupForComputeInstance` `backupdr.backupPlanAssociations.updateForComputeDisk` `backupdr.backupPlanAssociations.updateForComputeInstance` `backupdr.backupPlans.get` `backupdr.backupPlans.list` `backupdr.backupPlans.useForComputeDisk` `backupdr.backupPlans.useForComputeInstance` `backupdr.backupVaults.get` `backupdr.backupVaults.list` `backupdr.locations.list` `backupdr.operations.get` `backupdr.operations.list` `backupdr.serviceConfig.initialize` `cloudkms.keyHandles.` `cloudkms.keyHandles.create` `cloudkms.keyHandles.get` `cloudkms.keyHandles.list` `cloudkms.operations.get` `cloudkms.projects.showEffectiveAutokeyConfig` `compute.acceleratorTypes.` `compute.acceleratorTypes.get` `compute.acceleratorTypes.list` `compute.addresses.createInternal` `compute.addresses.deleteInternal` `compute.addresses.get` `compute.addresses.list` `compute.addresses.listEffectiveTags` `compute.addresses.listTagBindings` `compute.addresses.use` `compute.addresses.useInternal` `compute.autoscalers.` `compute.autoscalers.create` `compute.autoscalers.delete` `compute.autoscalers.get` `compute.autoscalers.list` `compute.autoscalers.update` `compute.backendBuckets.get` `compute.backendBuckets.list` `compute.backendBuckets.listEffectiveTags` `compute.backendBuckets.listTagBindings` `compute.backendServices.get` `compute.backendServices.list` `compute.backendServices.listEffectiveTags` `compute.backendServices.listTagBindings` `compute.crossSiteNetworks.get` `compute.crossSiteNetworks.list` `compute.diskSettings.get` `compute.diskTypes.` `compute.diskTypes.get` `compute.diskTypes.list` `compute.disks.` `compute.disks.addResourcePolicies` `compute.disks.create` `compute.disks.createSnapshot` `compute.disks.createTagBinding` `compute.disks.delete` `compute.disks.deleteTagBinding` `compute.disks.get` `compute.disks.getIamPolicy` `compute.disks.list` `compute.disks.listEffectiveTags` `compute.disks.listTagBindings` `compute.disks.removeResourcePolicies` `compute.disks.resize` `compute.disks.setIamPolicy` `compute.disks.setLabels` `compute.disks.startAsyncReplication` `compute.disks.stopAsyncReplication` `compute.disks.stopGroupAsyncReplication` `compute.disks.update` `compute.disks.updateKmsKey` `compute.disks.use` `compute.disks.useReadOnly` `compute.externalVpnGateways.get` `compute.externalVpnGateways.list` `compute.externalVpnGateways.listEffectiveTags` `compute.externalVpnGateways.listTagBindings` `compute.firewalls.get` `compute.firewalls.list` `compute.firewalls.listEffectiveTags` `compute.firewalls.listTagBindings` `compute.forwardingRules.get` `compute.forwardingRules.list` `compute.forwardingRules.listEffectiveTags` `compute.forwardingRules.listTagBindings` `compute.globalAddresses.get` `compute.globalAddresses.list` `compute.globalAddresses.listEffectiveTags` `compute.globalAddresses.listTagBindings` `compute.globalAddresses.use` `compute.globalForwardingRules.get` `compute.globalForwardingRules.list` `compute.globalForwardingRules.listEffectiveTags` `compute.globalForwardingRules.listTagBindings` `compute.globalNetworkEndpointGroups.` `compute.globalNetworkEndpointGroups.attachNetworkEndpoints` `compute.globalNetworkEndpointGroups.create` `compute.globalNetworkEndpointGroups.createTagBinding` `compute.globalNetworkEndpointGroups.delete` `compute.globalNetworkEndpointGroups.deleteTagBinding` `compute.globalNetworkEndpointGroups.detachNetworkEndpoints` `compute.globalNetworkEndpointGroups.get` `compute.globalNetworkEndpointGroups.list` `compute.globalNetworkEndpointGroups.listEffectiveTags` `compute.globalNetworkEndpointGroups.listTagBindings` `compute.globalNetworkEndpointGroups.use` `compute.globalOperations.get` `compute.globalOperations.list` `compute.healthChecks.get` `compute.healthChecks.list` `compute.healthChecks.listEffectiveTags` `compute.healthChecks.listTagBindings` `compute.httpHealthChecks.get` `compute.httpHealthChecks.list` `compute.httpHealthChecks.listEffectiveTags` `compute.httpHealthChecks.listTagBindings` `compute.httpsHealthChecks.get` `compute.httpsHealthChecks.list` `compute.httpsHealthChecks.listEffectiveTags` `compute.httpsHealthChecks.listTagBindings` `compute.images.` `compute.images.create` `compute.images.createTagBinding` `compute.images.delete` `compute.images.deleteTagBinding` `compute.images.deprecate` `compute.images.get` `compute.images.getFromFamily` `compute.images.getIamPolicy` `compute.images.list` `compute.images.listEffectiveTags` `compute.images.listTagBindings` `compute.images.setIamPolicy` `compute.images.setLabels` `compute.images.update` `compute.images.useReadOnly` `compute.instanceGroupManagers.` `compute.instanceGroupManagers.create` `compute.instanceGroupManagers.createTagBinding` `compute.instanceGroupManagers.delete` `compute.instanceGroupManagers.deleteTagBinding` `compute.instanceGroupManagers.get` `compute.instanceGroupManagers.list` `compute.instanceGroupManagers.listEffectiveTags` `compute.instanceGroupManagers.listTagBindings` `compute.instanceGroupManagers.update` `compute.instanceGroupManagers.use` `compute.instanceGroups.` `compute.instanceGroups.create` `compute.instanceGroups.createTagBinding` `compute.instanceGroups.delete` `compute.instanceGroups.deleteTagBinding` `compute.instanceGroups.get` `compute.instanceGroups.list` `compute.instanceGroups.listEffectiveTags` `compute.instanceGroups.listTagBindings` `compute.instanceGroups.update` `compute.instanceGroups.use` `compute.instanceSettings.` `compute.instanceSettings.get` `compute.instanceSettings.update` `compute.instanceTemplates.` `compute.instanceTemplates.create` `compute.instanceTemplates.delete` `compute.instanceTemplates.get` `compute.instanceTemplates.getIamPolicy` `compute.instanceTemplates.list` `compute.instanceTemplates.setIamPolicy` `compute.instanceTemplates.useReadOnly` `compute.instances.` `compute.instances.addAccessConfig` `compute.instances.addNetworkInterface` `compute.instances.addResourcePolicies` `compute.instances.attachDisk` `compute.instances.create` `compute.instances.createTagBinding` `compute.instances.delete` `compute.instances.deleteAccessConfig` `compute.instances.deleteNetworkInterface` `compute.instances.deleteTagBinding` `compute.instances.detachDisk` `compute.instances.get` `compute.instances.getEffectiveFirewalls` `compute.instances.getGuestAttributes` `compute.instances.getIamPolicy` `compute.instances.getScreenshot` `compute.instances.getSerialPortOutput` `compute.instances.getShieldedInstanceIdentity` `compute.instances.getShieldedVmIdentity` `compute.instances.list` `compute.instances.listEffectiveTags` `compute.instances.listReferrers` `compute.instances.listTagBindings` `compute.instances.osAdminLogin` `compute.instances.osLogin` `compute.instances.pscInterfaceCreate` `compute.instances.removeResourcePolicies` `compute.instances.reset` `compute.instances.resume` `compute.instances.sendDiagnosticInterrupt` `compute.instances.setDeletionProtection` `compute.instances.setDiskAutoDelete` `compute.instances.setIamPolicy` `compute.instances.setLabels` `compute.instances.setMachineResources` `compute.instances.setMachineType` `compute.instances.setMetadata` `compute.instances.setMinCpuPlatform` `compute.instances.setName` `compute.instances.setScheduling` `compute.instances.setSecurityPolicy` `compute.instances.setServiceAccount` `compute.instances.setShieldedInstanceIntegrityPolicy` `compute.instances.setShieldedVmIntegrityPolicy` `compute.instances.setTags` `compute.instances.simulateMaintenanceEvent` `compute.instances.start` `compute.instances.startWithEncryptionKey` `compute.instances.stop` `compute.instances.suspend` `compute.instances.update` `compute.instances.updateAccessConfig` `compute.instances.updateDisplayDevice` `compute.instances.updateNetworkInterface` `compute.instances.updateSecurity` `compute.instances.updateShieldedInstanceConfig` `compute.instances.updateShieldedVmConfig` `compute.instances.use` `compute.instances.useReadOnly` `compute.instantSnapshotGroups.` `compute.instantSnapshotGroups.create` `compute.instantSnapshotGroups.delete` `compute.instantSnapshotGroups.get` `compute.instantSnapshotGroups.getIamPolicy` `compute.instantSnapshotGroups.list` `compute.instantSnapshotGroups.setIamPolicy` `compute.instantSnapshotGroups.useReadOnly` `compute.instantSnapshots.` `compute.instantSnapshots.create` `compute.instantSnapshots.createTagBinding` `compute.instantSnapshots.delete` `compute.instantSnapshots.deleteTagBinding` `compute.instantSnapshots.export` `compute.instantSnapshots.get` `compute.instantSnapshots.getIamPolicy` `compute.instantSnapshots.list` `compute.instantSnapshots.listEffectiveTags` `compute.instantSnapshots.listTagBindings` `compute.instantSnapshots.setIamPolicy` `compute.instantSnapshots.setLabels` `compute.instantSnapshots.useReadOnly` `compute.interconnectAttachmentGroups.get` `compute.interconnectAttachmentGroups.list` `compute.interconnectAttachments.get` `compute.interconnectAttachments.list` `compute.interconnectAttachments.listEffectiveTags` `compute.interconnectAttachments.listTagBindings` `compute.interconnectGroups.get` `compute.interconnectGroups.list` `compute.interconnectLocations.` `compute.interconnectLocations.get` `compute.interconnectLocations.list` `compute.interconnectRemoteLocations.` `compute.interconnectRemoteLocations.get` `compute.interconnectRemoteLocations.list` `compute.interconnects.get` `compute.interconnects.list` `compute.interconnects.listEffectiveTags` `compute.interconnects.listTagBindings` `compute.licenseCodes.` `compute.licenseCodes.get` `compute.licenseCodes.getIamPolicy` `compute.licenseCodes.list` `compute.licenseCodes.setIamPolicy` `compute.licenses.` `compute.licenses.create` `compute.licenses.createTagBinding` `compute.licenses.delete` `compute.licenses.deleteTagBinding` `compute.licenses.get` `compute.licenses.getIamPolicy` `compute.licenses.list` `compute.licenses.listEffectiveTags` `compute.licenses.listTagBindings` `compute.licenses.setIamPolicy` `compute.licenses.update` `compute.machineImages.` `compute.machineImages.create` `compute.machineImages.createTagBinding` `compute.machineImages.delete` `compute.machineImages.deleteTagBinding` `compute.machineImages.get` `compute.machineImages.getIamPolicy` `compute.machineImages.list` `compute.machineImages.listEffectiveTags` `compute.machineImages.listTagBindings` `compute.machineImages.setIamPolicy` `compute.machineImages.setLabels` `compute.machineImages.useReadOnly` `compute.machineTypes.` `compute.machineTypes.get` `compute.machineTypes.list` `compute.multiMig.` `compute.multiMig.create` `compute.multiMig.delete` `compute.multiMig.get` `compute.multiMig.list` `compute.networkAttachments.get` `compute.networkAttachments.list` `compute.networkAttachments.listEffectiveTags` `compute.networkAttachments.listTagBindings` `compute.networkEndpointGroups.` `compute.networkEndpointGroups.attachNetworkEndpoints` `compute.networkEndpointGroups.create` `compute.networkEndpointGroups.createTagBinding` `compute.networkEndpointGroups.delete` `compute.networkEndpointGroups.deleteTagBinding` `compute.networkEndpointGroups.detachNetworkEndpoints` `compute.networkEndpointGroups.get` `compute.networkEndpointGroups.list` `compute.networkEndpointGroups.listEffectiveTags` `compute.networkEndpointGroups.listTagBindings` `compute.networkEndpointGroups.use` `compute.networkProfiles.` `compute.networkProfiles.get` `compute.networkProfiles.list` `compute.networks.get` `compute.networks.list` `compute.networks.listEffectiveTags` `compute.networks.listTagBindings` `compute.networks.use` `compute.networks.useExternalIp` `compute.projects.get` `compute.projects.setCommonInstanceMetadata` `compute.regionBackendBuckets.get` `compute.regionBackendBuckets.list` `compute.regionBackendBuckets.listEffectiveTags` `compute.regionBackendBuckets.listTagBindings` `compute.regionBackendServices.get` `compute.regionBackendServices.list` `compute.regionBackendServices.listEffectiveTags` `compute.regionBackendServices.listTagBindings` `compute.regionCompositeHealthChecks.get` `compute.regionCompositeHealthChecks.list` `compute.regionHealthAggregationPolicies.get` `compute.regionHealthAggregationPolicies.list` `compute.regionHealthCheckServices.get` `compute.regionHealthCheckServices.list` `compute.regionHealthChecks.get` `compute.regionHealthChecks.list` `compute.regionHealthChecks.listEffectiveTags` `compute.regionHealthChecks.listTagBindings` `compute.regionHealthSources.get` `compute.regionHealthSources.list` `compute.regionNetworkEndpointGroups.` `compute.regionNetworkEndpointGroups.attachNetworkEndpoints` `compute.regionNetworkEndpointGroups.create` `compute.regionNetworkEndpointGroups.createTagBinding` `compute.regionNetworkEndpointGroups.delete` `compute.regionNetworkEndpointGroups.deleteTagBinding` `compute.regionNetworkEndpointGroups.detachNetworkEndpoints` `compute.regionNetworkEndpointGroups.get` `compute.regionNetworkEndpointGroups.list` `compute.regionNetworkEndpointGroups.listEffectiveTags` `compute.regionNetworkEndpointGroups.listTagBindings` `compute.regionNetworkEndpointGroups.use` `compute.regionNotificationEndpoints.get` `compute.regionNotificationEndpoints.list` `compute.regionOperations.get` `compute.regionOperations.list` `compute.regionSslCertificates.get` `compute.regionSslCertificates.list` `compute.regionSslCertificates.listEffectiveTags` `compute.regionSslCertificates.listTagBindings` `compute.regionSslPolicies.get` `compute.regionSslPolicies.list` `compute.regionSslPolicies.listAvailableFeatures` `compute.regionSslPolicies.listEffectiveTags` `compute.regionSslPolicies.listTagBindings` `compute.regionTargetHttpProxies.get` `compute.regionTargetHttpProxies.list` `compute.regionTargetHttpProxies.listEffectiveTags` `compute.regionTargetHttpProxies.listTagBindings` `compute.regionTargetHttpsProxies.get` `compute.regionTargetHttpsProxies.list` `compute.regionTargetHttpsProxies.listEffectiveTags` `compute.regionTargetHttpsProxies.listTagBindings` `compute.regionTargetTcpProxies.get` `compute.regionTargetTcpProxies.list` `compute.regionTargetTcpProxies.listEffectiveTags` `compute.regionTargetTcpProxies.listTagBindings` `compute.regionUrlMaps.get` `compute.regionUrlMaps.list` `compute.regionUrlMaps.listEffectiveTags` `compute.regionUrlMaps.listTagBindings` `compute.regions.` `compute.regions.get` `compute.regions.list` `compute.reservationBlocks.get` `compute.reservationBlocks.list` `compute.reservationSubBlocks.get` `compute.reservationSubBlocks.list` `compute.reservations.get` `compute.reservations.list` `compute.reservations.listEffectiveTags` `compute.reservations.listTagBindings` `compute.resourcePolicies.` `compute.resourcePolicies.create` `compute.resourcePolicies.delete` `compute.resourcePolicies.get` `compute.resourcePolicies.getIamPolicy` `compute.resourcePolicies.list` `compute.resourcePolicies.setIamPolicy` `compute.resourcePolicies.update` `compute.resourcePolicies.use` `compute.resourcePolicies.useReadOnly` `compute.routers.get` `compute.routers.getRoutePolicy` `compute.routers.list` `compute.routers.listBgpRoutes` `compute.routers.listEffectiveTags` `compute.routers.listRoutePolicies` `compute.routers.listTagBindings` `compute.routes.get` `compute.routes.list` `compute.routes.listEffectiveTags` `compute.routes.listTagBindings` `compute.serviceAttachments.get` `compute.serviceAttachments.list` `compute.serviceAttachments.listEffectiveTags` `compute.serviceAttachments.listTagBindings` `compute.snapshotGroups.` `compute.snapshotGroups.create` `compute.snapshotGroups.delete` `compute.snapshotGroups.get` `compute.snapshotGroups.getIamPolicy` `compute.snapshotGroups.list` `compute.snapshotGroups.setIamPolicy` `compute.snapshotGroups.useReadOnly` `compute.snapshots.` `compute.snapshots.create` `compute.snapshots.createTagBinding` `compute.snapshots.delete` `compute.snapshots.deleteTagBinding` `compute.snapshots.get` `compute.snapshots.getIamPolicy` `compute.snapshots.list` `compute.snapshots.listEffectiveTags` `compute.snapshots.listTagBindings` `compute.snapshots.setIamPolicy` `compute.snapshots.setLabels` `compute.snapshots.updateKmsKey` `compute.snapshots.useReadOnly` `compute.spotAssistants.get` `compute.sslCertificates.get` `compute.sslCertificates.list` `compute.sslCertificates.listEffectiveTags` `compute.sslCertificates.listTagBindings` `compute.sslPolicies.get` `compute.sslPolicies.list` `compute.sslPolicies.listAvailableFeatures` `compute.sslPolicies.listEffectiveTags` `compute.sslPolicies.listTagBindings` `compute.storagePools.get` `compute.storagePools.list` `compute.storagePools.listEffectiveTags` `compute.storagePools.listTagBindings` `compute.storagePools.use` `compute.subnetworks.get` `compute.subnetworks.list` `compute.subnetworks.listEffectiveTags` `compute.subnetworks.listTagBindings` `compute.subnetworks.use` `compute.subnetworks.useExternalIp` `compute.targetGrpcProxies.get` `compute.targetGrpcProxies.list` `compute.targetGrpcProxies.listEffectiveTags` `compute.targetGrpcProxies.listTagBindings` `compute.targetHttpProxies.get` `compute.targetHttpProxies.list` `compute.targetHttpProxies.listEffectiveTags` `compute.targetHttpProxies.listTagBindings` `compute.targetHttpsProxies.get` `compute.targetHttpsProxies.list` `compute.targetHttpsProxies.listEffectiveTags` `compute.targetHttpsProxies.listTagBindings` `compute.targetInstances.get` `compute.targetInstances.list` `compute.targetInstances.listEffectiveTags` `compute.targetInstances.listTagBindings` `compute.targetPools.get` `compute.targetPools.list` `compute.targetPools.listEffectiveTags` `compute.targetPools.listTagBindings` `compute.targetSslProxies.get` `compute.targetSslProxies.list` `compute.targetSslProxies.listEffectiveTags` `compute.targetSslProxies.listTagBindings` `compute.targetTcpProxies.get` `compute.targetTcpProxies.list` `compute.targetTcpProxies.listEffectiveTags` `compute.targetTcpProxies.listTagBindings` `compute.targetVpnGateways.get` `compute.targetVpnGateways.list` `compute.targetVpnGateways.listEffectiveTags` `compute.targetVpnGateways.listTagBindings` `compute.urlMaps.get` `compute.urlMaps.list` `compute.urlMaps.listEffectiveTags` `compute.urlMaps.listTagBindings` `compute.vpnGateways.get` `compute.vpnGateways.list` `compute.vpnGateways.listEffectiveTags` `compute.vpnGateways.listTagBindings` `compute.vpnTunnels.get` `compute.vpnTunnels.list` `compute.vpnTunnels.listEffectiveTags` `compute.vpnTunnels.listTagBindings` `compute.wireGroups.get` `compute.wireGroups.list` `compute.zoneOperations.get` `compute.zoneOperations.list` `compute.zones.` `compute.zones.get` `compute.zones.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`
Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Role containing all permissions required by Managed Instance Groups to create and manage instances. Warning: Do not grant service agent roles to any principals except service agents.	`compute.addresses.` `compute.addresses.create` `compute.addresses.createInternal` `compute.addresses.createTagBinding` `compute.addresses.delete` `compute.addresses.deleteInternal` `compute.addresses.deleteTagBinding` `compute.addresses.get` `compute.addresses.list` `compute.addresses.listEffectiveTags` `compute.addresses.listTagBindings` `compute.addresses.setLabels` `compute.addresses.use` `compute.addresses.useInternal` `compute.disks.addResourcePolicies` `compute.disks.create` `compute.disks.createSnapshot` `compute.disks.createTagBinding` `compute.disks.delete` `compute.disks.deleteTagBinding` `compute.disks.get` `compute.disks.getIamPolicy` `compute.disks.list` `compute.disks.listEffectiveTags` `compute.disks.listTagBindings` `compute.disks.removeResourcePolicies` `compute.disks.resize` `compute.disks.setLabels` `compute.disks.startAsyncReplication` `compute.disks.stopAsyncReplication` `compute.disks.stopGroupAsyncReplication` `compute.disks.update` `compute.disks.updateKmsKey` `compute.disks.use` `compute.disks.useReadOnly` `compute.globalAddresses.get` `compute.globalOperations.get` `compute.healthChecks.get` `compute.httpHealthChecks.get` `compute.httpsHealthChecks.get` `compute.images.useReadOnly` `compute.instanceGroups.update` `compute.instanceTemplates.useReadOnly` `compute.instances.addAccessConfig` `compute.instances.addNetworkInterface` `compute.instances.addResourcePolicies` `compute.instances.attachDisk` `compute.instances.create` `compute.instances.createTagBinding` `compute.instances.delete` `compute.instances.deleteAccessConfig` `compute.instances.deleteNetworkInterface` `compute.instances.deleteTagBinding` `compute.instances.detachDisk` `compute.instances.get` `compute.instances.getEffectiveFirewalls` `compute.instances.getGuestAttributes` `compute.instances.getIamPolicy` `compute.instances.getScreenshot` `compute.instances.getSerialPortOutput` `compute.instances.getShieldedInstanceIdentity` `compute.instances.getShieldedVmIdentity` `compute.instances.list` `compute.instances.listEffectiveTags` `compute.instances.listReferrers` `compute.instances.listTagBindings` `compute.instances.osAdminLogin` `compute.instances.osLogin` `compute.instances.pscInterfaceCreate` `compute.instances.removeResourcePolicies` `compute.instances.reset` `compute.instances.resume` `compute.instances.sendDiagnosticInterrupt` `compute.instances.setDeletionProtection` `compute.instances.setDiskAutoDelete` `compute.instances.setLabels` `compute.instances.setMachineResources` `compute.instances.setMachineType` `compute.instances.setMetadata` `compute.instances.setMinCpuPlatform` `compute.instances.setName` `compute.instances.setScheduling` `compute.instances.setSecurityPolicy` `compute.instances.setServiceAccount` `compute.instances.setShieldedInstanceIntegrityPolicy` `compute.instances.setShieldedVmIntegrityPolicy` `compute.instances.setTags` `compute.instances.simulateMaintenanceEvent` `compute.instances.start` `compute.instances.startWithEncryptionKey` `compute.instances.stop` `compute.instances.suspend` `compute.instances.update` `compute.instances.updateAccessConfig` `compute.instances.updateDisplayDevice` `compute.instances.updateNetworkInterface` `compute.instances.updateSecurity` `compute.instances.updateShieldedInstanceConfig` `compute.instances.updateShieldedVmConfig` `compute.instances.use` `compute.instances.useReadOnly` `compute.networks.use` `compute.networks.useExternalIp` `compute.regionOperations.get` `compute.resourcePolicies.use` `compute.snapshots.useReadOnly` `compute.subnetworks.use` `compute.subnetworks.useExternalIp` `compute.targetPools.addInstance` `compute.targetPools.removeInstance` `compute.zoneOperations.get` `iam.serviceAccounts.actAs` `networkconnectivity.serviceClasses.use` `resourcemanager.tagValueBindings.` `resourcemanager.tagValueBindings.create` `resourcemanager.tagValueBindings.delete` `resourcemanager.tagValues.get`
Interconnect Attachment Group Analyzer (`roles/compute.interconnectAttachmentGroupAnalyzer`) Analyze Interconnect Attachment Groups via their GetOperationalStatus method.	`cloudasset.assets.listComputeInterconnect` `cloudasset.assets.listComputeInterconnectAttachment` `cloudasset.assets.listComputeNetworks` `cloudasset.assets.listComputeRouters` `cloudasset.assets.listComputeVpnGateways` `compute.interconnectAttachmentGroups.get` `compute.interconnectAttachmentGroups.list` `compute.interconnectAttachments.get` `compute.interconnectAttachments.list` `compute.routers.get`
Interconnect Group Analyzer (`roles/compute.interconnectGroupAnalyzer`) Analyze Interconnect Groups via their GetOperationalStatus method.	`cloudasset.assets.listComputeInterconnect` `cloudasset.assets.listComputeInterconnectAttachment` `cloudasset.assets.listComputeNetworks` `cloudasset.assets.listComputeRouters` `cloudasset.assets.listComputeVpnGateways` `compute.interconnectGroups.get` `compute.interconnectGroups.list` `compute.interconnects.get` `compute.interconnects.list`
Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Permissions to create, modify, and delete load balancers and associate resources. For example, if your company has a load balancing team that manages load balancers, SSL certificates for load balancers, SSL policies, and other load balancing resources, and a separate networking team that manages the rest of the networking resources, then grant this role to the load balancing team's group. Lowest-level resources where you can grant this role: Instance	`certificatemanager.certmaps.get` `certificatemanager.certmaps.list` `certificatemanager.certmaps.use` `compute.addresses.` `compute.addresses.create` `compute.addresses.createInternal` `compute.addresses.createTagBinding` `compute.addresses.delete` `compute.addresses.deleteInternal` `compute.addresses.deleteTagBinding` `compute.addresses.get` `compute.addresses.list` `compute.addresses.listEffectiveTags` `compute.addresses.listTagBindings` `compute.addresses.setLabels` `compute.addresses.use` `compute.addresses.useInternal` `compute.backendBuckets.` `compute.backendBuckets.addSignedUrlKey` `compute.backendBuckets.create` `compute.backendBuckets.createTagBinding` `compute.backendBuckets.delete` `compute.backendBuckets.deleteSignedUrlKey` `compute.backendBuckets.deleteTagBinding` `compute.backendBuckets.get` `compute.backendBuckets.getIamPolicy` `compute.backendBuckets.list` `compute.backendBuckets.listEffectiveTags` `compute.backendBuckets.listTagBindings` `compute.backendBuckets.setIamPolicy` `compute.backendBuckets.setSecurityPolicy` `compute.backendBuckets.update` `compute.backendBuckets.use` `compute.backendServices.` `compute.backendServices.addSignedUrlKey` `compute.backendServices.create` `compute.backendServices.createTagBinding` `compute.backendServices.delete` `compute.backendServices.deleteSignedUrlKey` `compute.backendServices.deleteTagBinding` `compute.backendServices.get` `compute.backendServices.getIamPolicy` `compute.backendServices.list` `compute.backendServices.listEffectiveTags` `compute.backendServices.listTagBindings` `compute.backendServices.setIamPolicy` `compute.backendServices.setSecurityPolicy` `compute.backendServices.update` `compute.backendServices.use` `compute.disks.listEffectiveTags` `compute.disks.listTagBindings` `compute.forwardingRules.` `compute.forwardingRules.create` `compute.forwardingRules.createTagBinding` `compute.forwardingRules.delete` `compute.forwardingRules.deleteTagBinding` `compute.forwardingRules.get` `compute.forwardingRules.list` `compute.forwardingRules.listEffectiveTags` `compute.forwardingRules.listTagBindings` `compute.forwardingRules.pscCreate` `compute.forwardingRules.pscDelete` `compute.forwardingRules.pscSetLabels` `compute.forwardingRules.pscUpdate` `compute.forwardingRules.setLabels` `compute.forwardingRules.setTarget` `compute.forwardingRules.update` `compute.forwardingRules.use` `compute.globalAddresses.` `compute.globalAddresses.create` `compute.globalAddresses.createInternal` `compute.globalAddresses.createTagBinding` `compute.globalAddresses.delete` `compute.globalAddresses.deleteInternal` `compute.globalAddresses.deleteTagBinding` `compute.globalAddresses.get` `compute.globalAddresses.list` `compute.globalAddresses.listEffectiveTags` `compute.globalAddresses.listTagBindings` `compute.globalAddresses.setLabels` `compute.globalAddresses.use` `compute.globalForwardingRules.` `compute.globalForwardingRules.create` `compute.globalForwardingRules.createTagBinding` `compute.globalForwardingRules.delete` `compute.globalForwardingRules.deleteTagBinding` `compute.globalForwardingRules.get` `compute.globalForwardingRules.list` `compute.globalForwardingRules.listEffectiveTags` `compute.globalForwardingRules.listTagBindings` `compute.globalForwardingRules.pscCreate` `compute.globalForwardingRules.pscDelete` `compute.globalForwardingRules.pscSetLabels` `compute.globalForwardingRules.pscUpdate` `compute.globalForwardingRules.setLabels` `compute.globalForwardingRules.setTarget` `compute.globalForwardingRules.update` `compute.globalNetworkEndpointGroups.` `compute.globalNetworkEndpointGroups.attachNetworkEndpoints` `compute.globalNetworkEndpointGroups.create` `compute.globalNetworkEndpointGroups.createTagBinding` `compute.globalNetworkEndpointGroups.delete` `compute.globalNetworkEndpointGroups.deleteTagBinding` `compute.globalNetworkEndpointGroups.detachNetworkEndpoints` `compute.globalNetworkEndpointGroups.get` `compute.globalNetworkEndpointGroups.list` `compute.globalNetworkEndpointGroups.listEffectiveTags` `compute.globalNetworkEndpointGroups.listTagBindings` `compute.globalNetworkEndpointGroups.use` `compute.globalOperations.get` `compute.globalOperations.list` `compute.healthChecks.` `compute.healthChecks.create` `compute.healthChecks.createTagBinding` `compute.healthChecks.delete` `compute.healthChecks.deleteTagBinding` `compute.healthChecks.get` `compute.healthChecks.list` `compute.healthChecks.listEffectiveTags` `compute.healthChecks.listTagBindings` `compute.healthChecks.update` `compute.healthChecks.use` `compute.healthChecks.useReadOnly` `compute.httpHealthChecks.` `compute.httpHealthChecks.create` `compute.httpHealthChecks.createTagBinding` `compute.httpHealthChecks.delete` `compute.httpHealthChecks.deleteTagBinding` `compute.httpHealthChecks.get` `compute.httpHealthChecks.list` `compute.httpHealthChecks.listEffectiveTags` `compute.httpHealthChecks.listTagBindings` `compute.httpHealthChecks.update` `compute.httpHealthChecks.use` `compute.httpHealthChecks.useReadOnly` `compute.httpsHealthChecks.` `compute.httpsHealthChecks.create` `compute.httpsHealthChecks.createTagBinding` `compute.httpsHealthChecks.delete` `compute.httpsHealthChecks.deleteTagBinding` `compute.httpsHealthChecks.get` `compute.httpsHealthChecks.list` `compute.httpsHealthChecks.listEffectiveTags` `compute.httpsHealthChecks.listTagBindings` `compute.httpsHealthChecks.update` `compute.httpsHealthChecks.use` `compute.httpsHealthChecks.useReadOnly` `compute.images.listEffectiveTags` `compute.images.listTagBindings` `compute.instanceGroups.` `compute.instanceGroups.create` `compute.instanceGroups.createTagBinding` `compute.instanceGroups.delete` `compute.instanceGroups.deleteTagBinding` `compute.instanceGroups.get` `compute.instanceGroups.list` `compute.instanceGroups.listEffectiveTags` `compute.instanceGroups.listTagBindings` `compute.instanceGroups.update` `compute.instanceGroups.use` `compute.instances.get` `compute.instances.list` `compute.instances.listEffectiveTags` `compute.instances.listTagBindings` `compute.instances.use` `compute.instances.useReadOnly` `compute.networkEndpointGroups.` `compute.networkEndpointGroups.attachNetworkEndpoints` `compute.networkEndpointGroups.create` `compute.networkEndpointGroups.createTagBinding` `compute.networkEndpointGroups.delete` `compute.networkEndpointGroups.deleteTagBinding` `compute.networkEndpointGroups.detachNetworkEndpoints` `compute.networkEndpointGroups.get` `compute.networkEndpointGroups.list` `compute.networkEndpointGroups.listEffectiveTags` `compute.networkEndpointGroups.listTagBindings` `compute.networkEndpointGroups.use` `compute.networks.get` `compute.networks.list` `compute.networks.listEffectiveTags` `compute.networks.listTagBindings` `compute.networks.use` `compute.projects.get` `compute.regionBackendBuckets.` `compute.regionBackendBuckets.create` `compute.regionBackendBuckets.createTagBinding` `compute.regionBackendBuckets.delete` `compute.regionBackendBuckets.deleteTagBinding` `compute.regionBackendBuckets.get` `compute.regionBackendBuckets.getIamPolicy` `compute.regionBackendBuckets.list` `compute.regionBackendBuckets.listEffectiveTags` `compute.regionBackendBuckets.listTagBindings` `compute.regionBackendBuckets.setIamPolicy` `compute.regionBackendBuckets.update` `compute.regionBackendBuckets.use` `compute.regionBackendServices.` `compute.regionBackendServices.create` `compute.regionBackendServices.createTagBinding` `compute.regionBackendServices.delete` `compute.regionBackendServices.deleteTagBinding` `compute.regionBackendServices.get` `compute.regionBackendServices.getIamPolicy` `compute.regionBackendServices.list` `compute.regionBackendServices.listEffectiveTags` `compute.regionBackendServices.listTagBindings` `compute.regionBackendServices.setIamPolicy` `compute.regionBackendServices.setSecurityPolicy` `compute.regionBackendServices.update` `compute.regionBackendServices.use` `compute.regionHealthCheckServices.` `compute.regionHealthCheckServices.create` `compute.regionHealthCheckServices.delete` `compute.regionHealthCheckServices.get` `compute.regionHealthCheckServices.list` `compute.regionHealthCheckServices.update` `compute.regionHealthCheckServices.use` `compute.regionHealthChecks.` `compute.regionHealthChecks.create` `compute.regionHealthChecks.createTagBinding` `compute.regionHealthChecks.delete` `compute.regionHealthChecks.deleteTagBinding` `compute.regionHealthChecks.get` `compute.regionHealthChecks.list` `compute.regionHealthChecks.listEffectiveTags` `compute.regionHealthChecks.listTagBindings` `compute.regionHealthChecks.update` `compute.regionHealthChecks.use` `compute.regionHealthChecks.useReadOnly` `compute.regionNetworkEndpointGroups.` `compute.regionNetworkEndpointGroups.attachNetworkEndpoints` `compute.regionNetworkEndpointGroups.create` `compute.regionNetworkEndpointGroups.createTagBinding` `compute.regionNetworkEndpointGroups.delete` `compute.regionNetworkEndpointGroups.deleteTagBinding` `compute.regionNetworkEndpointGroups.detachNetworkEndpoints` `compute.regionNetworkEndpointGroups.get` `compute.regionNetworkEndpointGroups.list` `compute.regionNetworkEndpointGroups.listEffectiveTags` `compute.regionNetworkEndpointGroups.listTagBindings` `compute.regionNetworkEndpointGroups.use` `compute.regionNotificationEndpoints.` `compute.regionNotificationEndpoints.create` `compute.regionNotificationEndpoints.delete` `compute.regionNotificationEndpoints.get` `compute.regionNotificationEndpoints.list` `compute.regionNotificationEndpoints.update` `compute.regionNotificationEndpoints.use` `compute.regionOperations.get` `compute.regionOperations.list` `compute.regionSecurityPolicies.get` `compute.regionSecurityPolicies.list` `compute.regionSecurityPolicies.listEffectiveTags` `compute.regionSecurityPolicies.listTagBindings` `compute.regionSecurityPolicies.use` `compute.regionSslCertificates.` `compute.regionSslCertificates.create` `compute.regionSslCertificates.createTagBinding` `compute.regionSslCertificates.delete` `compute.regionSslCertificates.deleteTagBinding` `compute.regionSslCertificates.get` `compute.regionSslCertificates.list` `compute.regionSslCertificates.listEffectiveTags` `compute.regionSslCertificates.listTagBindings` `compute.regionSslPolicies.` `compute.regionSslPolicies.create` `compute.regionSslPolicies.createTagBinding` `compute.regionSslPolicies.delete` `compute.regionSslPolicies.deleteTagBinding` `compute.regionSslPolicies.get` `compute.regionSslPolicies.list` `compute.regionSslPolicies.listAvailableFeatures` `compute.regionSslPolicies.listEffectiveTags` `compute.regionSslPolicies.listTagBindings` `compute.regionSslPolicies.update` `compute.regionSslPolicies.use` `compute.regionTargetHttpProxies.` `compute.regionTargetHttpProxies.create` `compute.regionTargetHttpProxies.createTagBinding` `compute.regionTargetHttpProxies.delete` `compute.regionTargetHttpProxies.deleteTagBinding` `compute.regionTargetHttpProxies.get` `compute.regionTargetHttpProxies.list` `compute.regionTargetHttpProxies.listEffectiveTags` `compute.regionTargetHttpProxies.listTagBindings` `compute.regionTargetHttpProxies.setUrlMap` `compute.regionTargetHttpProxies.use` `compute.regionTargetHttpsProxies.` `compute.regionTargetHttpsProxies.create` `compute.regionTargetHttpsProxies.createTagBinding` `compute.regionTargetHttpsProxies.delete` `compute.regionTargetHttpsProxies.deleteTagBinding` `compute.regionTargetHttpsProxies.get` `compute.regionTargetHttpsProxies.list` `compute.regionTargetHttpsProxies.listEffectiveTags` `compute.regionTargetHttpsProxies.listTagBindings` `compute.regionTargetHttpsProxies.setSslCertificates` `compute.regionTargetHttpsProxies.setUrlMap` `compute.regionTargetHttpsProxies.update` `compute.regionTargetHttpsProxies.use` `compute.regionTargetTcpProxies.` `compute.regionTargetTcpProxies.create` `compute.regionTargetTcpProxies.createTagBinding` `compute.regionTargetTcpProxies.delete` `compute.regionTargetTcpProxies.deleteTagBinding` `compute.regionTargetTcpProxies.get` `compute.regionTargetTcpProxies.list` `compute.regionTargetTcpProxies.listEffectiveTags` `compute.regionTargetTcpProxies.listTagBindings` `compute.regionTargetTcpProxies.use` `compute.regionUrlMaps.` `compute.regionUrlMaps.create` `compute.regionUrlMaps.createTagBinding` `compute.regionUrlMaps.delete` `compute.regionUrlMaps.deleteTagBinding` `compute.regionUrlMaps.get` `compute.regionUrlMaps.invalidateCache` `compute.regionUrlMaps.list` `compute.regionUrlMaps.listEffectiveTags` `compute.regionUrlMaps.listTagBindings` `compute.regionUrlMaps.update` `compute.regionUrlMaps.use` `compute.regionUrlMaps.validate` `compute.securityPolicies.get` `compute.securityPolicies.list` `compute.securityPolicies.listEffectiveTags` `compute.securityPolicies.listTagBindings` `compute.securityPolicies.use` `compute.snapshots.listEffectiveTags` `compute.snapshots.listTagBindings` `compute.sslCertificates.` `compute.sslCertificates.create` `compute.sslCertificates.createTagBinding` `compute.sslCertificates.delete` `compute.sslCertificates.deleteTagBinding` `compute.sslCertificates.get` `compute.sslCertificates.list` `compute.sslCertificates.listEffectiveTags` `compute.sslCertificates.listTagBindings` `compute.sslPolicies.` `compute.sslPolicies.create` `compute.sslPolicies.createTagBinding` `compute.sslPolicies.delete` `compute.sslPolicies.deleteTagBinding` `compute.sslPolicies.get` `compute.sslPolicies.list` `compute.sslPolicies.listAvailableFeatures` `compute.sslPolicies.listEffectiveTags` `compute.sslPolicies.listTagBindings` `compute.sslPolicies.update` `compute.sslPolicies.use` `compute.subnetworks.get` `compute.subnetworks.list` `compute.subnetworks.listEffectiveTags` `compute.subnetworks.listTagBindings` `compute.subnetworks.use` `compute.targetGrpcProxies.` `compute.targetGrpcProxies.create` `compute.targetGrpcProxies.createTagBinding` `compute.targetGrpcProxies.delete` `compute.targetGrpcProxies.deleteTagBinding` `compute.targetGrpcProxies.get` `compute.targetGrpcProxies.list` `compute.targetGrpcProxies.listEffectiveTags` `compute.targetGrpcProxies.listTagBindings` `compute.targetGrpcProxies.update` `compute.targetGrpcProxies.use` `compute.targetHttpProxies.` `compute.targetHttpProxies.create` `compute.targetHttpProxies.createTagBinding` `compute.targetHttpProxies.delete` `compute.targetHttpProxies.deleteTagBinding` `compute.targetHttpProxies.get` `compute.targetHttpProxies.list` `compute.targetHttpProxies.listEffectiveTags` `compute.targetHttpProxies.listTagBindings` `compute.targetHttpProxies.setUrlMap` `compute.targetHttpProxies.update` `compute.targetHttpProxies.use` `compute.targetHttpsProxies.` `compute.targetHttpsProxies.create` `compute.targetHttpsProxies.createTagBinding` `compute.targetHttpsProxies.delete` `compute.targetHttpsProxies.deleteTagBinding` `compute.targetHttpsProxies.get` `compute.targetHttpsProxies.list` `compute.targetHttpsProxies.listEffectiveTags` `compute.targetHttpsProxies.listTagBindings` `compute.targetHttpsProxies.setCertificateMap` `compute.targetHttpsProxies.setQuicOverride` `compute.targetHttpsProxies.setSslCertificates` `compute.targetHttpsProxies.setSslPolicy` `compute.targetHttpsProxies.setUrlMap` `compute.targetHttpsProxies.update` `compute.targetHttpsProxies.use` `compute.targetInstances.` `compute.targetInstances.create` `compute.targetInstances.createTagBinding` `compute.targetInstances.delete` `compute.targetInstances.deleteTagBinding` `compute.targetInstances.get` `compute.targetInstances.list` `compute.targetInstances.listEffectiveTags` `compute.targetInstances.listTagBindings` `compute.targetInstances.setSecurityPolicy` `compute.targetInstances.use` `compute.targetPools.` `compute.targetPools.addHealthCheck` `compute.targetPools.addInstance` `compute.targetPools.create` `compute.targetPools.createTagBinding` `compute.targetPools.delete` `compute.targetPools.deleteTagBinding` `compute.targetPools.get` `compute.targetPools.list` `compute.targetPools.listEffectiveTags` `compute.targetPools.listTagBindings` `compute.targetPools.removeHealthCheck` `compute.targetPools.removeInstance` `compute.targetPools.setSecurityPolicy` `compute.targetPools.update` `compute.targetPools.use` `compute.targetSslProxies.` `compute.targetSslProxies.create` `compute.targetSslProxies.createTagBinding` `compute.targetSslProxies.delete` `compute.targetSslProxies.deleteTagBinding` `compute.targetSslProxies.get` `compute.targetSslProxies.list` `compute.targetSslProxies.listEffectiveTags` `compute.targetSslProxies.listTagBindings` `compute.targetSslProxies.setBackendService` `compute.targetSslProxies.setCertificateMap` `compute.targetSslProxies.setProxyHeader` `compute.targetSslProxies.setSslCertificates` `compute.targetSslProxies.setSslPolicy` `compute.targetSslProxies.update` `compute.targetSslProxies.use` `compute.targetTcpProxies.` `compute.targetTcpProxies.create` `compute.targetTcpProxies.createTagBinding` `compute.targetTcpProxies.delete` `compute.targetTcpProxies.deleteTagBinding` `compute.targetTcpProxies.get` `compute.targetTcpProxies.list` `compute.targetTcpProxies.listEffectiveTags` `compute.targetTcpProxies.listTagBindings` `compute.targetTcpProxies.update` `compute.targetTcpProxies.use` `compute.urlMaps.` `compute.urlMaps.create` `compute.urlMaps.createTagBinding` `compute.urlMaps.delete` `compute.urlMaps.deleteTagBinding` `compute.urlMaps.get` `compute.urlMaps.invalidateCache` `compute.urlMaps.list` `compute.urlMaps.listEffectiveTags` `compute.urlMaps.listTagBindings` `compute.urlMaps.update` `compute.urlMaps.use` `compute.urlMaps.validate` `compute.zoneOperations.get` `compute.zoneOperations.list` `networksecurity.clientTlsPolicies.get` `networksecurity.clientTlsPolicies.list` `networksecurity.clientTlsPolicies.use` `networksecurity.serverTlsPolicies.get` `networksecurity.serverTlsPolicies.list` `networksecurity.serverTlsPolicies.use` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.*` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`
Compute Load Balancer Services User (`roles/compute.loadBalancerServiceUser`) Permissions to use services from a load balancer in other projects.	`compute.backendBuckets.get` `compute.backendBuckets.list` `compute.backendBuckets.listEffectiveTags` `compute.backendBuckets.listTagBindings` `compute.backendBuckets.use` `compute.backendServices.get` `compute.backendServices.list` `compute.backendServices.listEffectiveTags` `compute.backendServices.listTagBindings` `compute.backendServices.use` `compute.projects.get` `compute.regionBackendBuckets.get` `compute.regionBackendBuckets.list` `compute.regionBackendBuckets.listEffectiveTags` `compute.regionBackendBuckets.listTagBindings` `compute.regionBackendBuckets.use` `compute.regionBackendServices.get` `compute.regionBackendServices.list` `compute.regionBackendServices.listEffectiveTags` `compute.regionBackendServices.listTagBindings` `compute.regionBackendServices.use` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.*` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`
Compute Network Admin (`roles/compute.networkAdmin`) Permissions to create, modify, and delete networking resources, except for firewall rules and SSL certificates. The network admin role allows read-only access to firewall rules, SSL certificates, and instances (to view their ephemeral IP addresses). The network admin role does not allow a user to create, start, stop, or delete instances. For example, if your company has a security team that manages firewalls and SSL certificates and a networking team that manages the rest of the networking resources, then grant this role to the networking team's group. Or, if you have a combined team that manages both security and networking, then grant this role as well as the `roles/compute.securityAdmin` role to the combined team's group. Lowest-level resources where you can grant this role: Instance	`compute.acceleratorTypes.` `compute.acceleratorTypes.get` `compute.acceleratorTypes.list` `compute.addresses.` `compute.addresses.create` `compute.addresses.createInternal` `compute.addresses.createTagBinding` `compute.addresses.delete` `compute.addresses.deleteInternal` `compute.addresses.deleteTagBinding` `compute.addresses.get` `compute.addresses.list` `compute.addresses.listEffectiveTags` `compute.addresses.listTagBindings` `compute.addresses.setLabels` `compute.addresses.use` `compute.addresses.useInternal` `compute.autoscalers.get` `compute.autoscalers.list` `compute.backendBuckets.` `compute.backendBuckets.addSignedUrlKey` `compute.backendBuckets.create` `compute.backendBuckets.createTagBinding` `compute.backendBuckets.delete` `compute.backendBuckets.deleteSignedUrlKey` `compute.backendBuckets.deleteTagBinding` `compute.backendBuckets.get` `compute.backendBuckets.getIamPolicy` `compute.backendBuckets.list` `compute.backendBuckets.listEffectiveTags` `compute.backendBuckets.listTagBindings` `compute.backendBuckets.setIamPolicy` `compute.backendBuckets.setSecurityPolicy` `compute.backendBuckets.update` `compute.backendBuckets.use` `compute.backendServices.` `compute.backendServices.addSignedUrlKey` `compute.backendServices.create` `compute.backendServices.createTagBinding` `compute.backendServices.delete` `compute.backendServices.deleteSignedUrlKey` `compute.backendServices.deleteTagBinding` `compute.backendServices.get` `compute.backendServices.getIamPolicy` `compute.backendServices.list` `compute.backendServices.listEffectiveTags` `compute.backendServices.listTagBindings` `compute.backendServices.setIamPolicy` `compute.backendServices.setSecurityPolicy` `compute.backendServices.update` `compute.backendServices.use` `compute.crossSiteNetworks.` `compute.crossSiteNetworks.create` `compute.crossSiteNetworks.delete` `compute.crossSiteNetworks.get` `compute.crossSiteNetworks.list` `compute.crossSiteNetworks.update` `compute.disks.listEffectiveTags` `compute.disks.listTagBindings` `compute.externalVpnGateways.` `compute.externalVpnGateways.create` `compute.externalVpnGateways.createTagBinding` `compute.externalVpnGateways.delete` `compute.externalVpnGateways.deleteTagBinding` `compute.externalVpnGateways.get` `compute.externalVpnGateways.list` `compute.externalVpnGateways.listEffectiveTags` `compute.externalVpnGateways.listTagBindings` `compute.externalVpnGateways.setLabels` `compute.externalVpnGateways.use` `compute.firewallPolicies.get` `compute.firewallPolicies.list` `compute.firewallPolicies.listEffectiveTags` `compute.firewallPolicies.listTagBindings` `compute.firewallPolicies.use` `compute.firewalls.get` `compute.firewalls.list` `compute.firewalls.listEffectiveTags` `compute.firewalls.listTagBindings` `compute.forwardingRules.` `compute.forwardingRules.create` `compute.forwardingRules.createTagBinding` `compute.forwardingRules.delete` `compute.forwardingRules.deleteTagBinding` `compute.forwardingRules.get` `compute.forwardingRules.list` `compute.forwardingRules.listEffectiveTags` `compute.forwardingRules.listTagBindings` `compute.forwardingRules.pscCreate` `compute.forwardingRules.pscDelete` `compute.forwardingRules.pscSetLabels` `compute.forwardingRules.pscUpdate` `compute.forwardingRules.setLabels` `compute.forwardingRules.setTarget` `compute.forwardingRules.update` `compute.forwardingRules.use` `compute.globalAddresses.` `compute.globalAddresses.create` `compute.globalAddresses.createInternal` `compute.globalAddresses.createTagBinding` `compute.globalAddresses.delete` `compute.globalAddresses.deleteInternal` `compute.globalAddresses.deleteTagBinding` `compute.globalAddresses.get` `compute.globalAddresses.list` `compute.globalAddresses.listEffectiveTags` `compute.globalAddresses.listTagBindings` `compute.globalAddresses.setLabels` `compute.globalAddresses.use` `compute.globalForwardingRules.` `compute.globalForwardingRules.create` `compute.globalForwardingRules.createTagBinding` `compute.globalForwardingRules.delete` `compute.globalForwardingRules.deleteTagBinding` `compute.globalForwardingRules.get` `compute.globalForwardingRules.list` `compute.globalForwardingRules.listEffectiveTags` `compute.globalForwardingRules.listTagBindings` `compute.globalForwardingRules.pscCreate` `compute.globalForwardingRules.pscDelete` `compute.globalForwardingRules.pscSetLabels` `compute.globalForwardingRules.pscUpdate` `compute.globalForwardingRules.setLabels` `compute.globalForwardingRules.setTarget` `compute.globalForwardingRules.update` `compute.globalNetworkEndpointGroups.get` `compute.globalNetworkEndpointGroups.list` `compute.globalNetworkEndpointGroups.listEffectiveTags` `compute.globalNetworkEndpointGroups.listTagBindings` `compute.globalNetworkEndpointGroups.use` `compute.globalOperations.get` `compute.globalOperations.list` `compute.globalPublicDelegatedPrefixes.delete` `compute.globalPublicDelegatedPrefixes.get` `compute.globalPublicDelegatedPrefixes.list` `compute.globalPublicDelegatedPrefixes.updatePolicy` `compute.healthChecks.` `compute.healthChecks.create` `compute.healthChecks.createTagBinding` `compute.healthChecks.delete` `compute.healthChecks.deleteTagBinding` `compute.healthChecks.get` `compute.healthChecks.list` `compute.healthChecks.listEffectiveTags` `compute.healthChecks.listTagBindings` `compute.healthChecks.update` `compute.healthChecks.use` `compute.healthChecks.useReadOnly` `compute.httpHealthChecks.` `compute.httpHealthChecks.create` `compute.httpHealthChecks.createTagBinding` `compute.httpHealthChecks.delete` `compute.httpHealthChecks.deleteTagBinding` `compute.httpHealthChecks.get` `compute.httpHealthChecks.list` `compute.httpHealthChecks.listEffectiveTags` `compute.httpHealthChecks.listTagBindings` `compute.httpHealthChecks.update` `compute.httpHealthChecks.use` `compute.httpHealthChecks.useReadOnly` `compute.httpsHealthChecks.` `compute.httpsHealthChecks.create` `compute.httpsHealthChecks.createTagBinding` `compute.httpsHealthChecks.delete` `compute.httpsHealthChecks.deleteTagBinding` `compute.httpsHealthChecks.get` `compute.httpsHealthChecks.list` `compute.httpsHealthChecks.listEffectiveTags` `compute.httpsHealthChecks.listTagBindings` `compute.httpsHealthChecks.update` `compute.httpsHealthChecks.use` `compute.httpsHealthChecks.useReadOnly` `compute.images.listEffectiveTags` `compute.images.listTagBindings` `compute.instanceGroupManagers.get` `compute.instanceGroupManagers.list` `compute.instanceGroupManagers.listEffectiveTags` `compute.instanceGroupManagers.listTagBindings` `compute.instanceGroupManagers.update` `compute.instanceGroupManagers.use` `compute.instanceGroups.get` `compute.instanceGroups.list` `compute.instanceGroups.listEffectiveTags` `compute.instanceGroups.listTagBindings` `compute.instanceGroups.update` `compute.instanceGroups.use` `compute.instanceSettings.get` `compute.instances.get` `compute.instances.getGuestAttributes` `compute.instances.getScreenshot` `compute.instances.getSerialPortOutput` `compute.instances.list` `compute.instances.listEffectiveTags` `compute.instances.listReferrers` `compute.instances.listTagBindings` `compute.instances.updateSecurity` `compute.instances.use` `compute.instances.useReadOnly` `compute.interconnectAttachmentGroups.` `compute.interconnectAttachmentGroups.create` `compute.interconnectAttachmentGroups.delete` `compute.interconnectAttachmentGroups.get` `compute.interconnectAttachmentGroups.list` `compute.interconnectAttachmentGroups.patch` `compute.interconnectAttachments.` `compute.interconnectAttachments.create` `compute.interconnectAttachments.createTagBinding` `compute.interconnectAttachments.delete` `compute.interconnectAttachments.deleteTagBinding` `compute.interconnectAttachments.get` `compute.interconnectAttachments.list` `compute.interconnectAttachments.listEffectiveTags` `compute.interconnectAttachments.listTagBindings` `compute.interconnectAttachments.setLabels` `compute.interconnectAttachments.update` `compute.interconnectAttachments.use` `compute.interconnectGroups.` `compute.interconnectGroups.create` `compute.interconnectGroups.delete` `compute.interconnectGroups.get` `compute.interconnectGroups.list` `compute.interconnectGroups.patch` `compute.interconnectLocations.` `compute.interconnectLocations.get` `compute.interconnectLocations.list` `compute.interconnectRemoteLocations.` `compute.interconnectRemoteLocations.get` `compute.interconnectRemoteLocations.list` `compute.interconnects.` `compute.interconnects.create` `compute.interconnects.createTagBinding` `compute.interconnects.delete` `compute.interconnects.deleteTagBinding` `compute.interconnects.get` `compute.interconnects.getMacsecConfig` `compute.interconnects.list` `compute.interconnects.listEffectiveTags` `compute.interconnects.listTagBindings` `compute.interconnects.setLabels` `compute.interconnects.update` `compute.interconnects.use` `compute.machineTypes.` `compute.machineTypes.get` `compute.machineTypes.list` `compute.networkAttachments.` `compute.networkAttachments.create` `compute.networkAttachments.createTagBinding` `compute.networkAttachments.delete` `compute.networkAttachments.deleteTagBinding` `compute.networkAttachments.get` `compute.networkAttachments.getIamPolicy` `compute.networkAttachments.list` `compute.networkAttachments.listEffectiveTags` `compute.networkAttachments.listTagBindings` `compute.networkAttachments.setIamPolicy` `compute.networkAttachments.update` `compute.networkAttachments.use` `compute.networkEndpointGroups.get` `compute.networkEndpointGroups.list` `compute.networkEndpointGroups.listEffectiveTags` `compute.networkEndpointGroups.listTagBindings` `compute.networkEndpointGroups.use` `compute.networkProfiles.` `compute.networkProfiles.get` `compute.networkProfiles.list` `compute.networks.` `compute.networks.access` `compute.networks.addPeering` `compute.networks.create` `compute.networks.createTagBinding` `compute.networks.delete` `compute.networks.deleteTagBinding` `compute.networks.get` `compute.networks.getEffectiveFirewalls` `compute.networks.getRegionEffectiveFirewalls` `compute.networks.list` `compute.networks.listEffectiveTags` `compute.networks.listPeeringRoutes` `compute.networks.listTagBindings` `compute.networks.mirror` `compute.networks.removePeering` `compute.networks.setFirewallPolicy` `compute.networks.setNetworkPolicy` `compute.networks.switchToCustomMode` `compute.networks.update` `compute.networks.updatePeering` `compute.networks.updatePolicy` `compute.networks.use` `compute.networks.useExternalIp` `compute.packetMirrorings.get` `compute.packetMirrorings.list` `compute.packetMirrorings.listEffectiveTags` `compute.packetMirrorings.listTagBindings` `compute.projects.get` `compute.publicDelegatedPrefixes.delete` `compute.publicDelegatedPrefixes.get` `compute.publicDelegatedPrefixes.list` `compute.publicDelegatedPrefixes.listEffectiveTags` `compute.publicDelegatedPrefixes.listTagBindings` `compute.publicDelegatedPrefixes.update` `compute.publicDelegatedPrefixes.updatePolicy` `compute.regionBackendBuckets.` `compute.regionBackendBuckets.create` `compute.regionBackendBuckets.createTagBinding` `compute.regionBackendBuckets.delete` `compute.regionBackendBuckets.deleteTagBinding` `compute.regionBackendBuckets.get` `compute.regionBackendBuckets.getIamPolicy` `compute.regionBackendBuckets.list` `compute.regionBackendBuckets.listEffectiveTags` `compute.regionBackendBuckets.listTagBindings` `compute.regionBackendBuckets.setIamPolicy` `compute.regionBackendBuckets.update` `compute.regionBackendBuckets.use` `compute.regionBackendServices.` `compute.regionBackendServices.create` `compute.regionBackendServices.createTagBinding` `compute.regionBackendServices.delete` `compute.regionBackendServices.deleteTagBinding` `compute.regionBackendServices.get` `compute.regionBackendServices.getIamPolicy` `compute.regionBackendServices.list` `compute.regionBackendServices.listEffectiveTags` `compute.regionBackendServices.listTagBindings` `compute.regionBackendServices.setIamPolicy` `compute.regionBackendServices.setSecurityPolicy` `compute.regionBackendServices.update` `compute.regionBackendServices.use` `compute.regionCompositeHealthChecks.` `compute.regionCompositeHealthChecks.create` `compute.regionCompositeHealthChecks.delete` `compute.regionCompositeHealthChecks.get` `compute.regionCompositeHealthChecks.list` `compute.regionCompositeHealthChecks.update` `compute.regionFirewallPolicies.get` `compute.regionFirewallPolicies.list` `compute.regionFirewallPolicies.listEffectiveTags` `compute.regionFirewallPolicies.listTagBindings` `compute.regionFirewallPolicies.use` `compute.regionHealthAggregationPolicies.` `compute.regionHealthAggregationPolicies.create` `compute.regionHealthAggregationPolicies.delete` `compute.regionHealthAggregationPolicies.get` `compute.regionHealthAggregationPolicies.list` `compute.regionHealthAggregationPolicies.update` `compute.regionHealthCheckServices.` `compute.regionHealthCheckServices.create` `compute.regionHealthCheckServices.delete` `compute.regionHealthCheckServices.get` `compute.regionHealthCheckServices.list` `compute.regionHealthCheckServices.update` `compute.regionHealthCheckServices.use` `compute.regionHealthChecks.` `compute.regionHealthChecks.create` `compute.regionHealthChecks.createTagBinding` `compute.regionHealthChecks.delete` `compute.regionHealthChecks.deleteTagBinding` `compute.regionHealthChecks.get` `compute.regionHealthChecks.list` `compute.regionHealthChecks.listEffectiveTags` `compute.regionHealthChecks.listTagBindings` `compute.regionHealthChecks.update` `compute.regionHealthChecks.use` `compute.regionHealthChecks.useReadOnly` `compute.regionHealthSources.` `compute.regionHealthSources.create` `compute.regionHealthSources.delete` `compute.regionHealthSources.get` `compute.regionHealthSources.list` `compute.regionHealthSources.update` `compute.regionNetworkEndpointGroups.get` `compute.regionNetworkEndpointGroups.list` `compute.regionNetworkEndpointGroups.listEffectiveTags` `compute.regionNetworkEndpointGroups.listTagBindings` `compute.regionNetworkEndpointGroups.use` `compute.regionNetworkPolicies.` `compute.regionNetworkPolicies.create` `compute.regionNetworkPolicies.delete` `compute.regionNetworkPolicies.get` `compute.regionNetworkPolicies.list` `compute.regionNetworkPolicies.update` `compute.regionNetworkPolicies.use` `compute.regionNotificationEndpoints.` `compute.regionNotificationEndpoints.create` `compute.regionNotificationEndpoints.delete` `compute.regionNotificationEndpoints.get` `compute.regionNotificationEndpoints.list` `compute.regionNotificationEndpoints.update` `compute.regionNotificationEndpoints.use` `compute.regionOperations.get` `compute.regionOperations.list` `compute.regionSecurityPolicies.get` `compute.regionSecurityPolicies.list` `compute.regionSecurityPolicies.listEffectiveTags` `compute.regionSecurityPolicies.listTagBindings` `compute.regionSecurityPolicies.use` `compute.regionSslCertificates.get` `compute.regionSslCertificates.list` `compute.regionSslCertificates.listEffectiveTags` `compute.regionSslCertificates.listTagBindings` `compute.regionSslPolicies.` `compute.regionSslPolicies.create` `compute.regionSslPolicies.createTagBinding` `compute.regionSslPolicies.delete` `compute.regionSslPolicies.deleteTagBinding` `compute.regionSslPolicies.get` `compute.regionSslPolicies.list` `compute.regionSslPolicies.listAvailableFeatures` `compute.regionSslPolicies.listEffectiveTags` `compute.regionSslPolicies.listTagBindings` `compute.regionSslPolicies.update` `compute.regionSslPolicies.use` `compute.regionTargetHttpProxies.` `compute.regionTargetHttpProxies.create` `compute.regionTargetHttpProxies.createTagBinding` `compute.regionTargetHttpProxies.delete` `compute.regionTargetHttpProxies.deleteTagBinding` `compute.regionTargetHttpProxies.get` `compute.regionTargetHttpProxies.list` `compute.regionTargetHttpProxies.listEffectiveTags` `compute.regionTargetHttpProxies.listTagBindings` `compute.regionTargetHttpProxies.setUrlMap` `compute.regionTargetHttpProxies.use` `compute.regionTargetHttpsProxies.` `compute.regionTargetHttpsProxies.create` `compute.regionTargetHttpsProxies.createTagBinding` `compute.regionTargetHttpsProxies.delete` `compute.regionTargetHttpsProxies.deleteTagBinding` `compute.regionTargetHttpsProxies.get` `compute.regionTargetHttpsProxies.list` `compute.regionTargetHttpsProxies.listEffectiveTags` `compute.regionTargetHttpsProxies.listTagBindings` `compute.regionTargetHttpsProxies.setSslCertificates` `compute.regionTargetHttpsProxies.setUrlMap` `compute.regionTargetHttpsProxies.update` `compute.regionTargetHttpsProxies.use` `compute.regionTargetTcpProxies.` `compute.regionTargetTcpProxies.create` `compute.regionTargetTcpProxies.createTagBinding` `compute.regionTargetTcpProxies.delete` `compute.regionTargetTcpProxies.deleteTagBinding` `compute.regionTargetTcpProxies.get` `compute.regionTargetTcpProxies.list` `compute.regionTargetTcpProxies.listEffectiveTags` `compute.regionTargetTcpProxies.listTagBindings` `compute.regionTargetTcpProxies.use` `compute.regionUrlMaps.` `compute.regionUrlMaps.create` `compute.regionUrlMaps.createTagBinding` `compute.regionUrlMaps.delete` `compute.regionUrlMaps.deleteTagBinding` `compute.regionUrlMaps.get` `compute.regionUrlMaps.invalidateCache` `compute.regionUrlMaps.list` `compute.regionUrlMaps.listEffectiveTags` `compute.regionUrlMaps.listTagBindings` `compute.regionUrlMaps.update` `compute.regionUrlMaps.use` `compute.regionUrlMaps.validate` `compute.regions.` `compute.regions.get` `compute.regions.list` `compute.routers.` `compute.routers.create` `compute.routers.createTagBinding` `compute.routers.delete` `compute.routers.deleteRoutePolicy` `compute.routers.deleteTagBinding` `compute.routers.get` `compute.routers.getRoutePolicy` `compute.routers.list` `compute.routers.listBgpRoutes` `compute.routers.listEffectiveTags` `compute.routers.listRoutePolicies` `compute.routers.listTagBindings` `compute.routers.update` `compute.routers.updateRoutePolicy` `compute.routers.use` `compute.routes.` `compute.routes.create` `compute.routes.createTagBinding` `compute.routes.delete` `compute.routes.deleteTagBinding` `compute.routes.get` `compute.routes.list` `compute.routes.listEffectiveTags` `compute.routes.listTagBindings` `compute.securityPolicies.get` `compute.securityPolicies.list` `compute.securityPolicies.listEffectiveTags` `compute.securityPolicies.listTagBindings` `compute.securityPolicies.use` `compute.serviceAttachments.` `compute.serviceAttachments.create` `compute.serviceAttachments.createTagBinding` `compute.serviceAttachments.delete` `compute.serviceAttachments.deleteTagBinding` `compute.serviceAttachments.get` `compute.serviceAttachments.getIamPolicy` `compute.serviceAttachments.list` `compute.serviceAttachments.listEffectiveTags` `compute.serviceAttachments.listTagBindings` `compute.serviceAttachments.setIamPolicy` `compute.serviceAttachments.update` `compute.serviceAttachments.use` `compute.snapshots.listEffectiveTags` `compute.snapshots.listTagBindings` `compute.sslCertificates.get` `compute.sslCertificates.list` `compute.sslCertificates.listEffectiveTags` `compute.sslCertificates.listTagBindings` `compute.sslPolicies.` `compute.sslPolicies.create` `compute.sslPolicies.createTagBinding` `compute.sslPolicies.delete` `compute.sslPolicies.deleteTagBinding` `compute.sslPolicies.get` `compute.sslPolicies.list` `compute.sslPolicies.listAvailableFeatures` `compute.sslPolicies.listEffectiveTags` `compute.sslPolicies.listTagBindings` `compute.sslPolicies.update` `compute.sslPolicies.use` `compute.subnetworks.` `compute.subnetworks.create` `compute.subnetworks.createTagBinding` `compute.subnetworks.delete` `compute.subnetworks.deleteTagBinding` `compute.subnetworks.expandIpCidrRange` `compute.subnetworks.get` `compute.subnetworks.getIamPolicy` `compute.subnetworks.list` `compute.subnetworks.listEffectiveTags` `compute.subnetworks.listTagBindings` `compute.subnetworks.mirror` `compute.subnetworks.setIamPolicy` `compute.subnetworks.setPrivateIpGoogleAccess` `compute.subnetworks.update` `compute.subnetworks.use` `compute.subnetworks.useExternalIp` `compute.subnetworks.usePeerMigration` `compute.targetGrpcProxies.` `compute.targetGrpcProxies.create` `compute.targetGrpcProxies.createTagBinding` `compute.targetGrpcProxies.delete` `compute.targetGrpcProxies.deleteTagBinding` `compute.targetGrpcProxies.get` `compute.targetGrpcProxies.list` `compute.targetGrpcProxies.listEffectiveTags` `compute.targetGrpcProxies.listTagBindings` `compute.targetGrpcProxies.update` `compute.targetGrpcProxies.use` `compute.targetHttpProxies.` `compute.targetHttpProxies.create` `compute.targetHttpProxies.createTagBinding` `compute.targetHttpProxies.delete` `compute.targetHttpProxies.deleteTagBinding` `compute.targetHttpProxies.get` `compute.targetHttpProxies.list` `compute.targetHttpProxies.listEffectiveTags` `compute.targetHttpProxies.listTagBindings` `compute.targetHttpProxies.setUrlMap` `compute.targetHttpProxies.update` `compute.targetHttpProxies.use` `compute.targetHttpsProxies.` `compute.targetHttpsProxies.create` `compute.targetHttpsProxies.createTagBinding` `compute.targetHttpsProxies.delete` `compute.targetHttpsProxies.deleteTagBinding` `compute.targetHttpsProxies.get` `compute.targetHttpsProxies.list` `compute.targetHttpsProxies.listEffectiveTags` `compute.targetHttpsProxies.listTagBindings` `compute.targetHttpsProxies.setCertificateMap` `compute.targetHttpsProxies.setQuicOverride` `compute.targetHttpsProxies.setSslCertificates` `compute.targetHttpsProxies.setSslPolicy` `compute.targetHttpsProxies.setUrlMap` `compute.targetHttpsProxies.update` `compute.targetHttpsProxies.use` `compute.targetInstances.` `compute.targetInstances.create` `compute.targetInstances.createTagBinding` `compute.targetInstances.delete` `compute.targetInstances.deleteTagBinding` `compute.targetInstances.get` `compute.targetInstances.list` `compute.targetInstances.listEffectiveTags` `compute.targetInstances.listTagBindings` `compute.targetInstances.setSecurityPolicy` `compute.targetInstances.use` `compute.targetPools.` `compute.targetPools.addHealthCheck` `compute.targetPools.addInstance` `compute.targetPools.create` `compute.targetPools.createTagBinding` `compute.targetPools.delete` `compute.targetPools.deleteTagBinding` `compute.targetPools.get` `compute.targetPools.list` `compute.targetPools.listEffectiveTags` `compute.targetPools.listTagBindings` `compute.targetPools.removeHealthCheck` `compute.targetPools.removeInstance` `compute.targetPools.setSecurityPolicy` `compute.targetPools.update` `compute.targetPools.use` `compute.targetSslProxies.` `compute.targetSslProxies.create` `compute.targetSslProxies.createTagBinding` `compute.targetSslProxies.delete` `compute.targetSslProxies.deleteTagBinding` `compute.targetSslProxies.get` `compute.targetSslProxies.list` `compute.targetSslProxies.listEffectiveTags` `compute.targetSslProxies.listTagBindings` `compute.targetSslProxies.setBackendService` `compute.targetSslProxies.setCertificateMap` `compute.targetSslProxies.setProxyHeader` `compute.targetSslProxies.setSslCertificates` `compute.targetSslProxies.setSslPolicy` `compute.targetSslProxies.update` `compute.targetSslProxies.use` `compute.targetTcpProxies.` `compute.targetTcpProxies.create` `compute.targetTcpProxies.createTagBinding` `compute.targetTcpProxies.delete` `compute.targetTcpProxies.deleteTagBinding` `compute.targetTcpProxies.get` `compute.targetTcpProxies.list` `compute.targetTcpProxies.listEffectiveTags` `compute.targetTcpProxies.listTagBindings` `compute.targetTcpProxies.update` `compute.targetTcpProxies.use` `compute.targetVpnGateways.` `compute.targetVpnGateways.create` `compute.targetVpnGateways.createTagBinding` `compute.targetVpnGateways.delete` `compute.targetVpnGateways.deleteTagBinding` `compute.targetVpnGateways.get` `compute.targetVpnGateways.list` `compute.targetVpnGateways.listEffectiveTags` `compute.targetVpnGateways.listTagBindings` `compute.targetVpnGateways.setLabels` `compute.targetVpnGateways.use` `compute.urlMaps.` `compute.urlMaps.create` `compute.urlMaps.createTagBinding` `compute.urlMaps.delete` `compute.urlMaps.deleteTagBinding` `compute.urlMaps.get` `compute.urlMaps.invalidateCache` `compute.urlMaps.list` `compute.urlMaps.listEffectiveTags` `compute.urlMaps.listTagBindings` `compute.urlMaps.update` `compute.urlMaps.use` `compute.urlMaps.validate` `compute.vpnGateways.` `compute.vpnGateways.create` `compute.vpnGateways.createTagBinding` `compute.vpnGateways.delete` `compute.vpnGateways.deleteTagBinding` `compute.vpnGateways.get` `compute.vpnGateways.list` `compute.vpnGateways.listEffectiveTags` `compute.vpnGateways.listTagBindings` `compute.vpnGateways.setLabels` `compute.vpnGateways.use` `compute.vpnTunnels.` `compute.vpnTunnels.create` `compute.vpnTunnels.createTagBinding` `compute.vpnTunnels.delete` `compute.vpnTunnels.deleteTagBinding` `compute.vpnTunnels.get` `compute.vpnTunnels.list` `compute.vpnTunnels.listEffectiveTags` `compute.vpnTunnels.listTagBindings` `compute.vpnTunnels.setLabels` `compute.wireGroups.` `compute.wireGroups.create` `compute.wireGroups.delete` `compute.wireGroups.get` `compute.wireGroups.list` `compute.wireGroups.update` `compute.zoneOperations.get` `compute.zoneOperations.list` `compute.zones.` `compute.zones.get` `compute.zones.list` `networkconnectivity.internalRanges.` `networkconnectivity.internalRanges.create` `networkconnectivity.internalRanges.delete` `networkconnectivity.internalRanges.get` `networkconnectivity.internalRanges.getIamPolicy` `networkconnectivity.internalRanges.list` `networkconnectivity.internalRanges.setIamPolicy` `networkconnectivity.internalRanges.update` `networkconnectivity.locations.` `networkconnectivity.locations.get` `networkconnectivity.locations.list` `networkconnectivity.operations.` `networkconnectivity.operations.cancel` `networkconnectivity.operations.delete` `networkconnectivity.operations.get` `networkconnectivity.operations.list` `networkconnectivity.policyBasedRoutes.` `networkconnectivity.policyBasedRoutes.create` `networkconnectivity.policyBasedRoutes.delete` `networkconnectivity.policyBasedRoutes.get` `networkconnectivity.policyBasedRoutes.getIamPolicy` `networkconnectivity.policyBasedRoutes.list` `networkconnectivity.policyBasedRoutes.setIamPolicy` `networkconnectivity.regionalEndpoints.` `networkconnectivity.regionalEndpoints.create` `networkconnectivity.regionalEndpoints.delete` `networkconnectivity.regionalEndpoints.get` `networkconnectivity.regionalEndpoints.list` `networkconnectivity.serviceClasses.` `networkconnectivity.serviceClasses.create` `networkconnectivity.serviceClasses.delete` `networkconnectivity.serviceClasses.get` `networkconnectivity.serviceClasses.list` `networkconnectivity.serviceClasses.update` `networkconnectivity.serviceClasses.use` `networkconnectivity.serviceConnectionMaps.` `networkconnectivity.serviceConnectionMaps.create` `networkconnectivity.serviceConnectionMaps.delete` `networkconnectivity.serviceConnectionMaps.get` `networkconnectivity.serviceConnectionMaps.list` `networkconnectivity.serviceConnectionMaps.update` `networkconnectivity.serviceConnectionPolicies.` `networkconnectivity.serviceConnectionPolicies.create` `networkconnectivity.serviceConnectionPolicies.delete` `networkconnectivity.serviceConnectionPolicies.get` `networkconnectivity.serviceConnectionPolicies.list` `networkconnectivity.serviceConnectionPolicies.update` `networkmanagement.connectivitytests.get` `networkmanagement.connectivitytests.list` `networksecurity.addressGroups.` `networksecurity.addressGroups.create` `networksecurity.addressGroups.delete` `networksecurity.addressGroups.get` `networksecurity.addressGroups.getIamPolicy` `networksecurity.addressGroups.list` `networksecurity.addressGroups.setIamPolicy` `networksecurity.addressGroups.update` `networksecurity.addressGroups.use` `networksecurity.authorizationPolicies.` `networksecurity.authorizationPolicies.create` `networksecurity.authorizationPolicies.delete` `networksecurity.authorizationPolicies.get` `networksecurity.authorizationPolicies.getIamPolicy` `networksecurity.authorizationPolicies.list` `networksecurity.authorizationPolicies.setIamPolicy` `networksecurity.authorizationPolicies.update` `networksecurity.authorizationPolicies.use` `networksecurity.authzPolicies.` `networksecurity.authzPolicies.create` `networksecurity.authzPolicies.delete` `networksecurity.authzPolicies.get` `networksecurity.authzPolicies.getIamPolicy` `networksecurity.authzPolicies.list` `networksecurity.authzPolicies.setIamPolicy` `networksecurity.authzPolicies.update` `networksecurity.backendAuthenticationConfigs.` `networksecurity.backendAuthenticationConfigs.create` `networksecurity.backendAuthenticationConfigs.delete` `networksecurity.backendAuthenticationConfigs.get` `networksecurity.backendAuthenticationConfigs.list` `networksecurity.backendAuthenticationConfigs.update` `networksecurity.backendAuthenticationConfigs.use` `networksecurity.clientTlsPolicies.` `networksecurity.clientTlsPolicies.create` `networksecurity.clientTlsPolicies.delete` `networksecurity.clientTlsPolicies.get` `networksecurity.clientTlsPolicies.getIamPolicy` `networksecurity.clientTlsPolicies.list` `networksecurity.clientTlsPolicies.setIamPolicy` `networksecurity.clientTlsPolicies.update` `networksecurity.clientTlsPolicies.use` `networksecurity.firewallEndpointAssociations.` `networksecurity.firewallEndpointAssociations.create` `networksecurity.firewallEndpointAssociations.delete` `networksecurity.firewallEndpointAssociations.get` `networksecurity.firewallEndpointAssociations.list` `networksecurity.firewallEndpointAssociations.update` `networksecurity.firewallEndpoints.` `networksecurity.firewallEndpoints.create` `networksecurity.firewallEndpoints.delete` `networksecurity.firewallEndpoints.get` `networksecurity.firewallEndpoints.list` `networksecurity.firewallEndpoints.update` `networksecurity.firewallEndpoints.use` `networksecurity.gatewaySecurityPolicies.` `networksecurity.gatewaySecurityPolicies.create` `networksecurity.gatewaySecurityPolicies.delete` `networksecurity.gatewaySecurityPolicies.get` `networksecurity.gatewaySecurityPolicies.list` `networksecurity.gatewaySecurityPolicies.update` `networksecurity.gatewaySecurityPolicies.use` `networksecurity.gatewaySecurityPolicyRules.` `networksecurity.gatewaySecurityPolicyRules.create` `networksecurity.gatewaySecurityPolicyRules.delete` `networksecurity.gatewaySecurityPolicyRules.get` `networksecurity.gatewaySecurityPolicyRules.list` `networksecurity.gatewaySecurityPolicyRules.update` `networksecurity.gatewaySecurityPolicyRules.use` `networksecurity.locations.` `networksecurity.locations.get` `networksecurity.locations.list` `networksecurity.operations.` `networksecurity.operations.cancel` `networksecurity.operations.delete` `networksecurity.operations.get` `networksecurity.operations.list` `networksecurity.sacAttachments.` `networksecurity.sacAttachments.create` `networksecurity.sacAttachments.delete` `networksecurity.sacAttachments.get` `networksecurity.sacAttachments.list` `networksecurity.sacRealms.` `networksecurity.sacRealms.create` `networksecurity.sacRealms.delete` `networksecurity.sacRealms.get` `networksecurity.sacRealms.list` `networksecurity.securityProfileGroups.` `networksecurity.securityProfileGroups.create` `networksecurity.securityProfileGroups.delete` `networksecurity.securityProfileGroups.get` `networksecurity.securityProfileGroups.list` `networksecurity.securityProfileGroups.update` `networksecurity.securityProfileGroups.use` `networksecurity.securityProfiles.` `networksecurity.securityProfiles.create` `networksecurity.securityProfiles.delete` `networksecurity.securityProfiles.get` `networksecurity.securityProfiles.list` `networksecurity.securityProfiles.update` `networksecurity.securityProfiles.use` `networksecurity.serverTlsPolicies.` `networksecurity.serverTlsPolicies.create` `networksecurity.serverTlsPolicies.delete` `networksecurity.serverTlsPolicies.get` `networksecurity.serverTlsPolicies.getIamPolicy` `networksecurity.serverTlsPolicies.list` `networksecurity.serverTlsPolicies.setIamPolicy` `networksecurity.serverTlsPolicies.update` `networksecurity.serverTlsPolicies.use` `networksecurity.tlsInspectionPolicies.` `networksecurity.tlsInspectionPolicies.create` `networksecurity.tlsInspectionPolicies.delete` `networksecurity.tlsInspectionPolicies.get` `networksecurity.tlsInspectionPolicies.list` `networksecurity.tlsInspectionPolicies.update` `networksecurity.tlsInspectionPolicies.use` `networksecurity.urlLists.` `networksecurity.urlLists.create` `networksecurity.urlLists.delete` `networksecurity.urlLists.get` `networksecurity.urlLists.list` `networksecurity.urlLists.update` `networksecurity.urlLists.use` `networkservices.` `networkservices.authzExtensions.create` `networkservices.authzExtensions.delete` `networkservices.authzExtensions.get` `networkservices.authzExtensions.list` `networkservices.authzExtensions.update` `networkservices.authzExtensions.use` `networkservices.endpointPolicies.create` `networkservices.endpointPolicies.delete` `networkservices.endpointPolicies.get` `networkservices.endpointPolicies.list` `networkservices.endpointPolicies.update` `networkservices.gateways.create` `networkservices.gateways.delete` `networkservices.gateways.get` `networkservices.gateways.list` `networkservices.gateways.update` `networkservices.gateways.use` `networkservices.grpcRoutes.create` `networkservices.grpcRoutes.delete` `networkservices.grpcRoutes.get` `networkservices.grpcRoutes.list` `networkservices.grpcRoutes.update` `networkservices.httpFilters.create` `networkservices.httpFilters.delete` `networkservices.httpFilters.get` `networkservices.httpFilters.list` `networkservices.httpFilters.update` `networkservices.httpRoutes.create` `networkservices.httpRoutes.delete` `networkservices.httpRoutes.get` `networkservices.httpRoutes.list` `networkservices.httpRoutes.update` `networkservices.httpfilters.create` `networkservices.httpfilters.delete` `networkservices.httpfilters.get` `networkservices.httpfilters.getIamPolicy` `networkservices.httpfilters.list` `networkservices.httpfilters.setIamPolicy` `networkservices.httpfilters.update` `networkservices.httpfilters.use` `networkservices.lbEdgeExtensions.create` `networkservices.lbEdgeExtensions.delete` `networkservices.lbEdgeExtensions.get` `networkservices.lbEdgeExtensions.list` `networkservices.lbEdgeExtensions.update` `networkservices.lbRouteExtensions.create` `networkservices.lbRouteExtensions.delete` `networkservices.lbRouteExtensions.get` `networkservices.lbRouteExtensions.list` `networkservices.lbRouteExtensions.update` `networkservices.lbTcpExtensions.createForNetwork` `networkservices.lbTcpExtensions.deleteForNetwork` `networkservices.lbTcpExtensions.getForNetwork` `networkservices.lbTcpExtensions.listForNetwork` `networkservices.lbTcpExtensions.updateForNetwork` `networkservices.lbTrafficExtensions.create` `networkservices.lbTrafficExtensions.delete` `networkservices.lbTrafficExtensions.get` `networkservices.lbTrafficExtensions.list` `networkservices.lbTrafficExtensions.update` `networkservices.locations.get` `networkservices.locations.list` `networkservices.meshes.create` `networkservices.meshes.delete` `networkservices.meshes.get` `networkservices.meshes.list` `networkservices.meshes.update` `networkservices.meshes.use` `networkservices.operations.cancel` `networkservices.operations.delete` `networkservices.operations.get` `networkservices.operations.list` `networkservices.route_views.get` `networkservices.route_views.list` `networkservices.serviceBindings.create` `networkservices.serviceBindings.delete` `networkservices.serviceBindings.get` `networkservices.serviceBindings.list` `networkservices.serviceBindings.update` `networkservices.serviceLbPolicies.create` `networkservices.serviceLbPolicies.delete` `networkservices.serviceLbPolicies.get` `networkservices.serviceLbPolicies.list` `networkservices.serviceLbPolicies.update` `networkservices.swpSecurityExtensions.create` `networkservices.swpSecurityExtensions.delete` `networkservices.swpSecurityExtensions.get` `networkservices.swpSecurityExtensions.list` `networkservices.swpSecurityExtensions.update` `networkservices.tcpRoutes.create` `networkservices.tcpRoutes.delete` `networkservices.tcpRoutes.get` `networkservices.tcpRoutes.list` `networkservices.tcpRoutes.update` `networkservices.tlsRoutes.create` `networkservices.tlsRoutes.delete` `networkservices.tlsRoutes.get` `networkservices.tlsRoutes.list` `networkservices.tlsRoutes.update` `networkservices.wasmPlugins.create` `networkservices.wasmPlugins.delete` `networkservices.wasmPlugins.get` `networkservices.wasmPlugins.list` `networkservices.wasmPlugins.update` `networkservices.wasmPlugins.use` `resourcemanager.projects.get` `resourcemanager.projects.list` `servicedirectory.namespaces.create` `servicedirectory.namespaces.delete` `servicedirectory.services.create` `servicedirectory.services.delete` `servicenetworking.operations.get` `servicenetworking.services.addPeering` `servicenetworking.services.createPeeredDnsDomain` `servicenetworking.services.deleteConnection` `servicenetworking.services.deletePeeredDnsDomain` `servicenetworking.services.disableVpcServiceControls` `servicenetworking.services.enableVpcServiceControls` `servicenetworking.services.get` `servicenetworking.services.getVpcServiceControls` `servicenetworking.services.listPeeredDnsDomains` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test` `trafficdirector.` `trafficdirector.networks.getConfigs` `trafficdirector.networks.reportMetrics`
Compute Network User (`roles/compute.networkUser`) Provides access to a shared VPC network Once granted, service owners can use VPC networks and subnets that belong to the host project. For example, a network user can create a VM instance that belongs to a host project network but they cannot delete or create new networks in the host project. Lowest-level resources where you can grant this role: Subnetwork	`compute.addresses.createInternal` `compute.addresses.deleteInternal` `compute.addresses.get` `compute.addresses.list` `compute.addresses.listEffectiveTags` `compute.addresses.listTagBindings` `compute.addresses.useInternal` `compute.crossSiteNetworks.get` `compute.crossSiteNetworks.list` `compute.externalVpnGateways.get` `compute.externalVpnGateways.list` `compute.externalVpnGateways.listEffectiveTags` `compute.externalVpnGateways.listTagBindings` `compute.externalVpnGateways.use` `compute.firewalls.get` `compute.firewalls.list` `compute.firewalls.listEffectiveTags` `compute.firewalls.listTagBindings` `compute.instanceSettings.get` `compute.interconnectAttachmentGroups.get` `compute.interconnectAttachmentGroups.list` `compute.interconnectAttachments.get` `compute.interconnectAttachments.list` `compute.interconnectAttachments.listEffectiveTags` `compute.interconnectAttachments.listTagBindings` `compute.interconnectGroups.get` `compute.interconnectGroups.list` `compute.interconnectLocations.` `compute.interconnectLocations.get` `compute.interconnectLocations.list` `compute.interconnectRemoteLocations.` `compute.interconnectRemoteLocations.get` `compute.interconnectRemoteLocations.list` `compute.interconnects.get` `compute.interconnects.list` `compute.interconnects.listEffectiveTags` `compute.interconnects.listTagBindings` `compute.interconnects.use` `compute.networkAttachments.get` `compute.networkAttachments.list` `compute.networkAttachments.listEffectiveTags` `compute.networkAttachments.listTagBindings` `compute.networkProfiles.` `compute.networkProfiles.get` `compute.networkProfiles.list` `compute.networks.access` `compute.networks.get` `compute.networks.getEffectiveFirewalls` `compute.networks.getRegionEffectiveFirewalls` `compute.networks.list` `compute.networks.listEffectiveTags` `compute.networks.listPeeringRoutes` `compute.networks.listTagBindings` `compute.networks.use` `compute.networks.useExternalIp` `compute.projects.get` `compute.regionCompositeHealthChecks.get` `compute.regionCompositeHealthChecks.list` `compute.regionHealthAggregationPolicies.get` `compute.regionHealthAggregationPolicies.list` `compute.regionHealthSources.get` `compute.regionHealthSources.list` `compute.regionNetworkPolicies.get` `compute.regionNetworkPolicies.list` `compute.regionNetworkPolicies.use` `compute.regions.` `compute.regions.get` `compute.regions.list` `compute.routers.get` `compute.routers.getRoutePolicy` `compute.routers.list` `compute.routers.listBgpRoutes` `compute.routers.listEffectiveTags` `compute.routers.listRoutePolicies` `compute.routers.listTagBindings` `compute.routes.get` `compute.routes.list` `compute.routes.listEffectiveTags` `compute.routes.listTagBindings` `compute.serviceAttachments.get` `compute.serviceAttachments.list` `compute.serviceAttachments.listEffectiveTags` `compute.serviceAttachments.listTagBindings` `compute.subnetworks.get` `compute.subnetworks.list` `compute.subnetworks.listEffectiveTags` `compute.subnetworks.listTagBindings` `compute.subnetworks.use` `compute.subnetworks.useExternalIp` `compute.targetVpnGateways.get` `compute.targetVpnGateways.list` `compute.targetVpnGateways.listEffectiveTags` `compute.targetVpnGateways.listTagBindings` `compute.vpnGateways.get` `compute.vpnGateways.list` `compute.vpnGateways.listEffectiveTags` `compute.vpnGateways.listTagBindings` `compute.vpnGateways.use` `compute.vpnTunnels.get` `compute.vpnTunnels.list` `compute.vpnTunnels.listEffectiveTags` `compute.vpnTunnels.listTagBindings` `compute.wireGroups.get` `compute.wireGroups.list` `compute.zones.` `compute.zones.get` `compute.zones.list` `networkconnectivity.internalRanges.get` `networkconnectivity.internalRanges.list` `networkconnectivity.locations.` `networkconnectivity.locations.get` `networkconnectivity.locations.list` `networkconnectivity.operations.get` `networkconnectivity.operations.list` `networkconnectivity.policyBasedRoutes.get` `networkconnectivity.policyBasedRoutes.list` `networkmanagement.connectivitytests.get` `networkmanagement.connectivitytests.list` `networksecurity.addressGroups.get` `networksecurity.addressGroups.list` `networksecurity.addressGroups.use` `networksecurity.authorizationPolicies.get` `networksecurity.authorizationPolicies.list` `networksecurity.authorizationPolicies.use` `networksecurity.authzPolicies.get` `networksecurity.authzPolicies.list` `networksecurity.clientTlsPolicies.get` `networksecurity.clientTlsPolicies.list` `networksecurity.clientTlsPolicies.use` `networksecurity.firewallEndpointAssociations.get` `networksecurity.firewallEndpointAssociations.list` `networksecurity.firewallEndpoints.get` `networksecurity.firewallEndpoints.list` `networksecurity.firewallEndpoints.use` `networksecurity.gatewaySecurityPolicies.get` `networksecurity.gatewaySecurityPolicies.list` `networksecurity.gatewaySecurityPolicies.use` `networksecurity.gatewaySecurityPolicyRules.get` `networksecurity.gatewaySecurityPolicyRules.list` `networksecurity.gatewaySecurityPolicyRules.use` `networksecurity.locations.` `networksecurity.locations.get` `networksecurity.locations.list` `networksecurity.operations.get` `networksecurity.operations.list` `networksecurity.sacAttachments.` `networksecurity.sacAttachments.create` `networksecurity.sacAttachments.delete` `networksecurity.sacAttachments.get` `networksecurity.sacAttachments.list` `networksecurity.sacRealms.get` `networksecurity.sacRealms.list` `networksecurity.securityProfileGroups.get` `networksecurity.securityProfileGroups.list` `networksecurity.securityProfileGroups.use` `networksecurity.securityProfiles.get` `networksecurity.securityProfiles.list` `networksecurity.securityProfiles.use` `networksecurity.serverTlsPolicies.get` `networksecurity.serverTlsPolicies.list` `networksecurity.serverTlsPolicies.use` `networksecurity.tlsInspectionPolicies.get` `networksecurity.tlsInspectionPolicies.list` `networksecurity.tlsInspectionPolicies.use` `networksecurity.urlLists.get` `networksecurity.urlLists.list` `networksecurity.urlLists.use` `networkservices.authzExtensions.get` `networkservices.authzExtensions.list` `networkservices.authzExtensions.use` `networkservices.endpointPolicies.get` `networkservices.endpointPolicies.list` `networkservices.gateways.get` `networkservices.gateways.list` `networkservices.gateways.use` `networkservices.grpcRoutes.get` `networkservices.grpcRoutes.list` `networkservices.httpFilters.get` `networkservices.httpFilters.list` `networkservices.httpRoutes.get` `networkservices.httpRoutes.list` `networkservices.httpfilters.get` `networkservices.httpfilters.list` `networkservices.httpfilters.use` `networkservices.lbEdgeExtensions.get` `networkservices.lbEdgeExtensions.list` `networkservices.lbRouteExtensions.get` `networkservices.lbRouteExtensions.list` `networkservices.lbTrafficExtensions.get` `networkservices.lbTrafficExtensions.list` `networkservices.locations.` `networkservices.locations.get` `networkservices.locations.list` `networkservices.meshes.get` `networkservices.meshes.list` `networkservices.meshes.use` `networkservices.operations.get` `networkservices.operations.list` `networkservices.route_views.` `networkservices.route_views.get` `networkservices.route_views.list` `networkservices.serviceBindings.get` `networkservices.serviceBindings.list` `networkservices.serviceLbPolicies.get` `networkservices.serviceLbPolicies.list` `networkservices.swpSecurityExtensions.get` `networkservices.swpSecurityExtensions.list` `networkservices.tcpRoutes.get` `networkservices.tcpRoutes.list` `networkservices.tlsRoutes.get` `networkservices.tlsRoutes.list` `networkservices.wasmPlugins.get` `networkservices.wasmPlugins.list` `networkservices.wasmPlugins.use` `resourcemanager.projects.get` `resourcemanager.projects.list` `servicenetworking.services.get` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.*` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`
Compute Network Viewer (`roles/compute.networkViewer`) Read-only access to all networking resources For example, if you have software that inspects your network configuration, you could grant this role to that software's service account. Lowest-level resources where you can grant this role: Instance	`compute.acceleratorTypes.` `compute.acceleratorTypes.get` `compute.acceleratorTypes.list` `compute.addresses.get` `compute.addresses.list` `compute.addresses.listEffectiveTags` `compute.addresses.listTagBindings` `compute.autoscalers.get` `compute.autoscalers.list` `compute.backendBuckets.get` `compute.backendBuckets.list` `compute.backendBuckets.listEffectiveTags` `compute.backendBuckets.listTagBindings` `compute.backendServices.get` `compute.backendServices.list` `compute.backendServices.listEffectiveTags` `compute.backendServices.listTagBindings` `compute.crossSiteNetworks.get` `compute.crossSiteNetworks.list` `compute.disks.listEffectiveTags` `compute.disks.listTagBindings` `compute.externalVpnGateways.get` `compute.externalVpnGateways.list` `compute.externalVpnGateways.listEffectiveTags` `compute.externalVpnGateways.listTagBindings` `compute.firewalls.get` `compute.firewalls.list` `compute.firewalls.listEffectiveTags` `compute.firewalls.listTagBindings` `compute.forwardingRules.get` `compute.forwardingRules.list` `compute.forwardingRules.listEffectiveTags` `compute.forwardingRules.listTagBindings` `compute.globalAddresses.get` `compute.globalAddresses.list` `compute.globalAddresses.listEffectiveTags` `compute.globalAddresses.listTagBindings` `compute.globalForwardingRules.get` `compute.globalForwardingRules.list` `compute.globalForwardingRules.listEffectiveTags` `compute.globalForwardingRules.listTagBindings` `compute.healthChecks.get` `compute.healthChecks.list` `compute.healthChecks.listEffectiveTags` `compute.healthChecks.listTagBindings` `compute.httpHealthChecks.get` `compute.httpHealthChecks.list` `compute.httpHealthChecks.listEffectiveTags` `compute.httpHealthChecks.listTagBindings` `compute.httpsHealthChecks.get` `compute.httpsHealthChecks.list` `compute.httpsHealthChecks.listEffectiveTags` `compute.httpsHealthChecks.listTagBindings` `compute.images.listEffectiveTags` `compute.images.listTagBindings` `compute.instanceGroupManagers.get` `compute.instanceGroupManagers.list` `compute.instanceGroupManagers.listEffectiveTags` `compute.instanceGroupManagers.listTagBindings` `compute.instanceGroups.get` `compute.instanceGroups.list` `compute.instanceGroups.listEffectiveTags` `compute.instanceGroups.listTagBindings` `compute.instanceSettings.get` `compute.instances.get` `compute.instances.getGuestAttributes` `compute.instances.getScreenshot` `compute.instances.getSerialPortOutput` `compute.instances.list` `compute.instances.listEffectiveTags` `compute.instances.listReferrers` `compute.instances.listTagBindings` `compute.interconnectAttachmentGroups.get` `compute.interconnectAttachmentGroups.list` `compute.interconnectAttachments.get` `compute.interconnectAttachments.list` `compute.interconnectAttachments.listEffectiveTags` `compute.interconnectAttachments.listTagBindings` `compute.interconnectGroups.get` `compute.interconnectGroups.list` `compute.interconnectLocations.` `compute.interconnectLocations.get` `compute.interconnectLocations.list` `compute.interconnectRemoteLocations.` `compute.interconnectRemoteLocations.get` `compute.interconnectRemoteLocations.list` `compute.interconnects.get` `compute.interconnects.list` `compute.interconnects.listEffectiveTags` `compute.interconnects.listTagBindings` `compute.machineTypes.` `compute.machineTypes.get` `compute.machineTypes.list` `compute.networkAttachments.get` `compute.networkAttachments.list` `compute.networkAttachments.listEffectiveTags` `compute.networkAttachments.listTagBindings` `compute.networkProfiles.` `compute.networkProfiles.get` `compute.networkProfiles.list` `compute.networks.get` `compute.networks.getEffectiveFirewalls` `compute.networks.getRegionEffectiveFirewalls` `compute.networks.list` `compute.networks.listEffectiveTags` `compute.networks.listPeeringRoutes` `compute.networks.listTagBindings` `compute.packetMirrorings.get` `compute.packetMirrorings.list` `compute.packetMirrorings.listEffectiveTags` `compute.packetMirrorings.listTagBindings` `compute.projects.get` `compute.regionBackendBuckets.get` `compute.regionBackendBuckets.list` `compute.regionBackendBuckets.listEffectiveTags` `compute.regionBackendBuckets.listTagBindings` `compute.regionBackendServices.get` `compute.regionBackendServices.list` `compute.regionBackendServices.listEffectiveTags` `compute.regionBackendServices.listTagBindings` `compute.regionCompositeHealthChecks.get` `compute.regionCompositeHealthChecks.list` `compute.regionHealthAggregationPolicies.get` `compute.regionHealthAggregationPolicies.list` `compute.regionHealthCheckServices.get` `compute.regionHealthCheckServices.list` `compute.regionHealthChecks.get` `compute.regionHealthChecks.list` `compute.regionHealthChecks.listEffectiveTags` `compute.regionHealthChecks.listTagBindings` `compute.regionHealthSources.get` `compute.regionHealthSources.list` `compute.regionNetworkPolicies.get` `compute.regionNetworkPolicies.list` `compute.regionNotificationEndpoints.get` `compute.regionNotificationEndpoints.list` `compute.regionSslCertificates.get` `compute.regionSslCertificates.list` `compute.regionSslCertificates.listEffectiveTags` `compute.regionSslCertificates.listTagBindings` `compute.regionSslPolicies.get` `compute.regionSslPolicies.list` `compute.regionSslPolicies.listAvailableFeatures` `compute.regionSslPolicies.listEffectiveTags` `compute.regionSslPolicies.listTagBindings` `compute.regionTargetHttpProxies.get` `compute.regionTargetHttpProxies.list` `compute.regionTargetHttpProxies.listEffectiveTags` `compute.regionTargetHttpProxies.listTagBindings` `compute.regionTargetHttpsProxies.get` `compute.regionTargetHttpsProxies.list` `compute.regionTargetHttpsProxies.listEffectiveTags` `compute.regionTargetHttpsProxies.listTagBindings` `compute.regionTargetTcpProxies.get` `compute.regionTargetTcpProxies.list` `compute.regionTargetTcpProxies.listEffectiveTags` `compute.regionTargetTcpProxies.listTagBindings` `compute.regionUrlMaps.get` `compute.regionUrlMaps.list` `compute.regionUrlMaps.listEffectiveTags` `compute.regionUrlMaps.listTagBindings` `compute.regions.` `compute.regions.get` `compute.regions.list` `compute.routers.get` `compute.routers.getRoutePolicy` `compute.routers.list` `compute.routers.listBgpRoutes` `compute.routers.listEffectiveTags` `compute.routers.listRoutePolicies` `compute.routers.listTagBindings` `compute.routes.get` `compute.routes.list` `compute.routes.listEffectiveTags` `compute.routes.listTagBindings` `compute.serviceAttachments.get` `compute.serviceAttachments.list` `compute.serviceAttachments.listEffectiveTags` `compute.serviceAttachments.listTagBindings` `compute.snapshots.listEffectiveTags` `compute.snapshots.listTagBindings` `compute.sslCertificates.get` `compute.sslCertificates.list` `compute.sslCertificates.listEffectiveTags` `compute.sslCertificates.listTagBindings` `compute.sslPolicies.get` `compute.sslPolicies.list` `compute.sslPolicies.listAvailableFeatures` `compute.sslPolicies.listEffectiveTags` `compute.sslPolicies.listTagBindings` `compute.subnetworks.get` `compute.subnetworks.list` `compute.subnetworks.listEffectiveTags` `compute.subnetworks.listTagBindings` `compute.targetGrpcProxies.get` `compute.targetGrpcProxies.list` `compute.targetGrpcProxies.listEffectiveTags` `compute.targetGrpcProxies.listTagBindings` `compute.targetHttpProxies.get` `compute.targetHttpProxies.list` `compute.targetHttpProxies.listEffectiveTags` `compute.targetHttpProxies.listTagBindings` `compute.targetHttpsProxies.get` `compute.targetHttpsProxies.list` `compute.targetHttpsProxies.listEffectiveTags` `compute.targetHttpsProxies.listTagBindings` `compute.targetInstances.get` `compute.targetInstances.list` `compute.targetInstances.listEffectiveTags` `compute.targetInstances.listTagBindings` `compute.targetPools.get` `compute.targetPools.list` `compute.targetPools.listEffectiveTags` `compute.targetPools.listTagBindings` `compute.targetSslProxies.get` `compute.targetSslProxies.list` `compute.targetSslProxies.listEffectiveTags` `compute.targetSslProxies.listTagBindings` `compute.targetTcpProxies.get` `compute.targetTcpProxies.list` `compute.targetTcpProxies.listEffectiveTags` `compute.targetTcpProxies.listTagBindings` `compute.targetVpnGateways.get` `compute.targetVpnGateways.list` `compute.targetVpnGateways.listEffectiveTags` `compute.targetVpnGateways.listTagBindings` `compute.urlMaps.get` `compute.urlMaps.list` `compute.urlMaps.listEffectiveTags` `compute.urlMaps.listTagBindings` `compute.vpnGateways.get` `compute.vpnGateways.list` `compute.vpnGateways.listEffectiveTags` `compute.vpnGateways.listTagBindings` `compute.vpnTunnels.get` `compute.vpnTunnels.list` `compute.vpnTunnels.listEffectiveTags` `compute.vpnTunnels.listTagBindings` `compute.wireGroups.get` `compute.wireGroups.list` `compute.zones.` `compute.zones.get` `compute.zones.list` `networkconnectivity.internalRanges.get` `networkconnectivity.internalRanges.list` `networkconnectivity.locations.` `networkconnectivity.locations.get` `networkconnectivity.locations.list` `networkconnectivity.operations.get` `networkconnectivity.operations.list` `networkconnectivity.policyBasedRoutes.get` `networkconnectivity.policyBasedRoutes.list` `networkmanagement.connectivitytests.get` `networkmanagement.connectivitytests.list` `networksecurity.addressGroups.get` `networksecurity.addressGroups.list` `networksecurity.authorizationPolicies.get` `networksecurity.authorizationPolicies.list` `networksecurity.authzPolicies.get` `networksecurity.authzPolicies.list` `networksecurity.clientTlsPolicies.get` `networksecurity.clientTlsPolicies.list` `networksecurity.firewallEndpointAssociations.get` `networksecurity.firewallEndpointAssociations.list` `networksecurity.firewallEndpoints.get` `networksecurity.firewallEndpoints.list` `networksecurity.gatewaySecurityPolicies.get` `networksecurity.gatewaySecurityPolicies.list` `networksecurity.gatewaySecurityPolicyRules.get` `networksecurity.gatewaySecurityPolicyRules.list` `networksecurity.locations.` `networksecurity.locations.get` `networksecurity.locations.list` `networksecurity.operations.get` `networksecurity.operations.list` `networksecurity.sacAttachments.get` `networksecurity.sacAttachments.list` `networksecurity.sacRealms.get` `networksecurity.sacRealms.list` `networksecurity.securityProfileGroups.get` `networksecurity.securityProfileGroups.list` `networksecurity.securityProfiles.get` `networksecurity.securityProfiles.list` `networksecurity.serverTlsPolicies.get` `networksecurity.serverTlsPolicies.list` `networksecurity.tlsInspectionPolicies.get` `networksecurity.tlsInspectionPolicies.list` `networksecurity.urlLists.get` `networksecurity.urlLists.list` `networkservices.authzExtensions.get` `networkservices.authzExtensions.list` `networkservices.endpointPolicies.get` `networkservices.endpointPolicies.list` `networkservices.gateways.get` `networkservices.gateways.list` `networkservices.grpcRoutes.get` `networkservices.grpcRoutes.list` `networkservices.httpFilters.get` `networkservices.httpFilters.list` `networkservices.httpRoutes.get` `networkservices.httpRoutes.list` `networkservices.httpfilters.get` `networkservices.httpfilters.list` `networkservices.lbEdgeExtensions.get` `networkservices.lbEdgeExtensions.list` `networkservices.lbRouteExtensions.get` `networkservices.lbRouteExtensions.list` `networkservices.lbTrafficExtensions.get` `networkservices.lbTrafficExtensions.list` `networkservices.locations.` `networkservices.locations.get` `networkservices.locations.list` `networkservices.meshes.get` `networkservices.meshes.list` `networkservices.operations.get` `networkservices.operations.list` `networkservices.route_views.` `networkservices.route_views.get` `networkservices.route_views.list` `networkservices.serviceBindings.get` `networkservices.serviceBindings.list` `networkservices.serviceLbPolicies.get` `networkservices.serviceLbPolicies.list` `networkservices.swpSecurityExtensions.get` `networkservices.swpSecurityExtensions.list` `networkservices.tcpRoutes.get` `networkservices.tcpRoutes.list` `networkservices.tlsRoutes.get` `networkservices.tlsRoutes.list` `networkservices.wasmPlugins.get` `networkservices.wasmPlugins.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `servicenetworking.services.get` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test` `trafficdirector.*` `trafficdirector.networks.getConfigs` `trafficdirector.networks.reportMetrics`
Compute Organization Firewall Policy Admin (`roles/compute.orgFirewallPolicyAdmin`) Full control of Compute Engine Organization Firewall Policies.	`compute.firewallPolicies.` `compute.firewallPolicies.cloneRules` `compute.firewallPolicies.copyRules` `compute.firewallPolicies.create` `compute.firewallPolicies.createTagBinding` `compute.firewallPolicies.delete` `compute.firewallPolicies.deleteTagBinding` `compute.firewallPolicies.get` `compute.firewallPolicies.getIamPolicy` `compute.firewallPolicies.list` `compute.firewallPolicies.listEffectiveTags` `compute.firewallPolicies.listTagBindings` `compute.firewallPolicies.move` `compute.firewallPolicies.setIamPolicy` `compute.firewallPolicies.update` `compute.firewallPolicies.use` `compute.globalOperations.get` `compute.globalOperations.getIamPolicy` `compute.globalOperations.list` `compute.globalOperations.setIamPolicy` `compute.projects.get` `compute.regionFirewallPolicies.` `compute.regionFirewallPolicies.cloneRules` `compute.regionFirewallPolicies.create` `compute.regionFirewallPolicies.createTagBinding` `compute.regionFirewallPolicies.delete` `compute.regionFirewallPolicies.deleteTagBinding` `compute.regionFirewallPolicies.get` `compute.regionFirewallPolicies.getIamPolicy` `compute.regionFirewallPolicies.list` `compute.regionFirewallPolicies.listEffectiveTags` `compute.regionFirewallPolicies.listTagBindings` `compute.regionFirewallPolicies.setIamPolicy` `compute.regionFirewallPolicies.update` `compute.regionFirewallPolicies.use` `compute.regionOperations.get` `compute.regionOperations.getIamPolicy` `compute.regionOperations.list` `compute.regionOperations.setIamPolicy` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.*` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`
Compute Organization Firewall Policy User (`roles/compute.orgFirewallPolicyUser`) View or use Compute Engine Firewall Policies to associate with the organization or folders.	`compute.firewallPolicies.get` `compute.firewallPolicies.list` `compute.firewallPolicies.listEffectiveTags` `compute.firewallPolicies.listTagBindings` `compute.firewallPolicies.use` `compute.globalOperations.get` `compute.globalOperations.getIamPolicy` `compute.globalOperations.list` `compute.projects.get` `compute.regionFirewallPolicies.get` `compute.regionFirewallPolicies.list` `compute.regionFirewallPolicies.listEffectiveTags` `compute.regionFirewallPolicies.listTagBindings` `compute.regionFirewallPolicies.use` `compute.regionOperations.get` `compute.regionOperations.getIamPolicy` `compute.regionOperations.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.*` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`
Compute Organization Security Policy Admin (`roles/compute.orgSecurityPolicyAdmin`) Full control of Compute Engine Organization Security Policies.	`compute.firewallPolicies.` `compute.firewallPolicies.cloneRules` `compute.firewallPolicies.copyRules` `compute.firewallPolicies.create` `compute.firewallPolicies.createTagBinding` `compute.firewallPolicies.delete` `compute.firewallPolicies.deleteTagBinding` `compute.firewallPolicies.get` `compute.firewallPolicies.getIamPolicy` `compute.firewallPolicies.list` `compute.firewallPolicies.listEffectiveTags` `compute.firewallPolicies.listTagBindings` `compute.firewallPolicies.move` `compute.firewallPolicies.setIamPolicy` `compute.firewallPolicies.update` `compute.firewallPolicies.use` `compute.globalOperations.get` `compute.globalOperations.getIamPolicy` `compute.globalOperations.list` `compute.globalOperations.setIamPolicy` `compute.projects.get` `compute.securityPolicies.addAssociation` `compute.securityPolicies.copyRules` `compute.securityPolicies.create` `compute.securityPolicies.createTagBinding` `compute.securityPolicies.delete` `compute.securityPolicies.deleteTagBinding` `compute.securityPolicies.get` `compute.securityPolicies.list` `compute.securityPolicies.listEffectiveTags` `compute.securityPolicies.listTagBindings` `compute.securityPolicies.move` `compute.securityPolicies.removeAssociation` `compute.securityPolicies.update` `compute.securityPolicies.use` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`
Compute Organization Security Policy User (`roles/compute.orgSecurityPolicyUser`) View or use Compute Engine Security Policies to associate with the organization or folders.	`compute.firewallPolicies.get` `compute.firewallPolicies.list` `compute.firewallPolicies.listEffectiveTags` `compute.firewallPolicies.listTagBindings` `compute.firewallPolicies.use` `compute.globalOperations.get` `compute.globalOperations.getIamPolicy` `compute.globalOperations.list` `compute.globalOperations.setIamPolicy` `compute.projects.get` `compute.securityPolicies.addAssociation` `compute.securityPolicies.get` `compute.securityPolicies.list` `compute.securityPolicies.listEffectiveTags` `compute.securityPolicies.listTagBindings` `compute.securityPolicies.removeAssociation` `compute.securityPolicies.use` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.*` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`
Compute Organization Resource Admin (`roles/compute.orgSecurityResourceAdmin`) Full control of Compute Engine Firewall Policy associations to the organization or folders.	`compute.globalOperations.get` `compute.globalOperations.getIamPolicy` `compute.globalOperations.list` `compute.globalOperations.setIamPolicy` `compute.organizations.listAssociations` `compute.organizations.setFirewallPolicy` `compute.organizations.setSecurityPolicy` `compute.projects.get` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.*` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`
Compute OS Admin Login (`roles/compute.osAdminLogin`) Access to log in to a Compute Engine instance as an administrator user. Lowest-level resources where you can grant this role: Instance	`compute.disks.listEffectiveTags` `compute.disks.listTagBindings` `compute.images.listEffectiveTags` `compute.images.listTagBindings` `compute.instanceSettings.get` `compute.instances.get` `compute.instances.list` `compute.instances.listEffectiveTags` `compute.instances.listTagBindings` `compute.instances.osAdminLogin` `compute.instances.osLogin` `compute.projects.get` `compute.snapshots.listEffectiveTags` `compute.snapshots.listTagBindings` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.*` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`
Compute OS Login (`roles/compute.osLogin`) Access to log in to a Compute Engine instance as a standard user. Lowest-level resources where you can grant this role: Instance	`compute.disks.listEffectiveTags` `compute.disks.listTagBindings` `compute.images.listEffectiveTags` `compute.images.listTagBindings` `compute.instanceSettings.get` `compute.instances.get` `compute.instances.list` `compute.instances.listEffectiveTags` `compute.instances.listTagBindings` `compute.instances.osLogin` `compute.projects.get` `compute.snapshots.listEffectiveTags` `compute.snapshots.listTagBindings` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.*` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`
Compute OS Login External User (`roles/compute.osLoginExternalUser`) Available only at the organization level. Access for an external user to set OS Login information associated with this organization. This role does not grant access to instances. External users must be granted one of the required OS Login roles in order to allow access to instances using SSH. Lowest-level resources where you can grant this role: Organization	`compute.oslogin.updateExternalUser`
Compute packet mirroring admin (`roles/compute.packetMirroringAdmin`) Specify resources to be mirrored.	`compute.instances.updateSecurity` `compute.networks.mirror` `compute.projects.get` `compute.subnetworks.mirror` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.*` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`
Compute packet mirroring user (`roles/compute.packetMirroringUser`) Use Compute Engine packet mirrorings.	`compute.packetMirrorings.` `compute.packetMirrorings.create` `compute.packetMirrorings.createTagBinding` `compute.packetMirrorings.delete` `compute.packetMirrorings.deleteTagBinding` `compute.packetMirrorings.get` `compute.packetMirrorings.list` `compute.packetMirrorings.listEffectiveTags` `compute.packetMirrorings.listTagBindings` `compute.packetMirrorings.update` `compute.projects.get` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`
Compute Peer Subnet Migration Admin (`roles/compute.peerSubnetMigrationAdmin`) Use subnetwork whose PURPOSE is "PEER_MIGRATION"	`compute.addresses.createInternal` `compute.addresses.deleteInternal` `compute.addresses.get` `compute.addresses.use` `compute.forwardingRules.create` `compute.forwardingRules.delete` `compute.forwardingRules.get` `compute.forwardingRules.list` `compute.forwardingRules.pscCreate` `compute.forwardingRules.pscDelete` `compute.forwardingRules.pscUpdate` `compute.forwardingRules.update` `compute.networks.use` `compute.regionOperations.get` `compute.regions.list` `compute.subnetworks.use` `compute.subnetworks.usePeerMigration` `servicedirectory.namespaces.create` `servicedirectory.services.create` `servicedirectory.services.delete`
Compute Public IP Admin (`roles/compute.publicIpAdmin`) Full control of public IP address management for Compute Engine.	`compute.addresses.` `compute.addresses.create` `compute.addresses.createInternal` `compute.addresses.createTagBinding` `compute.addresses.delete` `compute.addresses.deleteInternal` `compute.addresses.deleteTagBinding` `compute.addresses.get` `compute.addresses.list` `compute.addresses.listEffectiveTags` `compute.addresses.listTagBindings` `compute.addresses.setLabels` `compute.addresses.use` `compute.addresses.useInternal` `compute.globalAddresses.` `compute.globalAddresses.create` `compute.globalAddresses.createInternal` `compute.globalAddresses.createTagBinding` `compute.globalAddresses.delete` `compute.globalAddresses.deleteInternal` `compute.globalAddresses.deleteTagBinding` `compute.globalAddresses.get` `compute.globalAddresses.list` `compute.globalAddresses.listEffectiveTags` `compute.globalAddresses.listTagBindings` `compute.globalAddresses.setLabels` `compute.globalAddresses.use` `compute.globalPublicDelegatedPrefixes.` `compute.globalPublicDelegatedPrefixes.create` `compute.globalPublicDelegatedPrefixes.delete` `compute.globalPublicDelegatedPrefixes.get` `compute.globalPublicDelegatedPrefixes.list` `compute.globalPublicDelegatedPrefixes.updatePolicy` `compute.publicAdvertisedPrefixes.` `compute.publicAdvertisedPrefixes.create` `compute.publicAdvertisedPrefixes.delete` `compute.publicAdvertisedPrefixes.get` `compute.publicAdvertisedPrefixes.list` `compute.publicAdvertisedPrefixes.update` `compute.publicAdvertisedPrefixes.updatePolicy` `compute.publicDelegatedPrefixes.*` `compute.publicDelegatedPrefixes.announce` `compute.publicDelegatedPrefixes.create` `compute.publicDelegatedPrefixes.createTagBinding` `compute.publicDelegatedPrefixes.delete` `compute.publicDelegatedPrefixes.deleteTagBinding` `compute.publicDelegatedPrefixes.get` `compute.publicDelegatedPrefixes.list` `compute.publicDelegatedPrefixes.listEffectiveTags` `compute.publicDelegatedPrefixes.listTagBindings` `compute.publicDelegatedPrefixes.update` `compute.publicDelegatedPrefixes.updatePolicy` `compute.publicDelegatedPrefixes.use` `compute.publicDelegatedPrefixes.withdraw` `resourcemanager.projects.get` `resourcemanager.projects.list`
Compute Security Admin (`roles/compute.securityAdmin`) Permissions to create, modify, and delete firewall rules and SSL certificates, and also to configure Shielded VM settings. For example, if your company has a security team that manages firewalls and SSL certificates and a networking team that manages the rest of the networking resources, then grant this role to the security team's group. Lowest-level resources where you can grant this role: Instance	`compute.backendBuckets.list` `compute.backendServices.list` `compute.firewallPolicies.` `compute.firewallPolicies.cloneRules` `compute.firewallPolicies.copyRules` `compute.firewallPolicies.create` `compute.firewallPolicies.createTagBinding` `compute.firewallPolicies.delete` `compute.firewallPolicies.deleteTagBinding` `compute.firewallPolicies.get` `compute.firewallPolicies.getIamPolicy` `compute.firewallPolicies.list` `compute.firewallPolicies.listEffectiveTags` `compute.firewallPolicies.listTagBindings` `compute.firewallPolicies.move` `compute.firewallPolicies.setIamPolicy` `compute.firewallPolicies.update` `compute.firewallPolicies.use` `compute.firewalls.` `compute.firewalls.create` `compute.firewalls.createTagBinding` `compute.firewalls.delete` `compute.firewalls.deleteTagBinding` `compute.firewalls.get` `compute.firewalls.list` `compute.firewalls.listEffectiveTags` `compute.firewalls.listTagBindings` `compute.firewalls.update` `compute.globalOperations.get` `compute.globalOperations.list` `compute.instanceSettings.get` `compute.instances.getEffectiveFirewalls` `compute.instances.list` `compute.instances.setShieldedInstanceIntegrityPolicy` `compute.instances.setShieldedVmIntegrityPolicy` `compute.instances.updateSecurity` `compute.instances.updateShieldedInstanceConfig` `compute.instances.updateShieldedVmConfig` `compute.networks.get` `compute.networks.getEffectiveFirewalls` `compute.networks.getRegionEffectiveFirewalls` `compute.networks.list` `compute.networks.listEffectiveTags` `compute.networks.listTagBindings` `compute.networks.updatePolicy` `compute.packetMirrorings.` `compute.packetMirrorings.create` `compute.packetMirrorings.createTagBinding` `compute.packetMirrorings.delete` `compute.packetMirrorings.deleteTagBinding` `compute.packetMirrorings.get` `compute.packetMirrorings.list` `compute.packetMirrorings.listEffectiveTags` `compute.packetMirrorings.listTagBindings` `compute.packetMirrorings.update` `compute.projects.get` `compute.regionBackendBuckets.list` `compute.regionBackendServices.list` `compute.regionFirewallPolicies.` `compute.regionFirewallPolicies.cloneRules` `compute.regionFirewallPolicies.create` `compute.regionFirewallPolicies.createTagBinding` `compute.regionFirewallPolicies.delete` `compute.regionFirewallPolicies.deleteTagBinding` `compute.regionFirewallPolicies.get` `compute.regionFirewallPolicies.getIamPolicy` `compute.regionFirewallPolicies.list` `compute.regionFirewallPolicies.listEffectiveTags` `compute.regionFirewallPolicies.listTagBindings` `compute.regionFirewallPolicies.setIamPolicy` `compute.regionFirewallPolicies.update` `compute.regionFirewallPolicies.use` `compute.regionOperations.get` `compute.regionOperations.list` `compute.regionSecurityPolicies.` `compute.regionSecurityPolicies.create` `compute.regionSecurityPolicies.createTagBinding` `compute.regionSecurityPolicies.delete` `compute.regionSecurityPolicies.deleteTagBinding` `compute.regionSecurityPolicies.get` `compute.regionSecurityPolicies.list` `compute.regionSecurityPolicies.listEffectiveTags` `compute.regionSecurityPolicies.listTagBindings` `compute.regionSecurityPolicies.update` `compute.regionSecurityPolicies.use` `compute.regionSslCertificates.` `compute.regionSslCertificates.create` `compute.regionSslCertificates.createTagBinding` `compute.regionSslCertificates.delete` `compute.regionSslCertificates.deleteTagBinding` `compute.regionSslCertificates.get` `compute.regionSslCertificates.list` `compute.regionSslCertificates.listEffectiveTags` `compute.regionSslCertificates.listTagBindings` `compute.regionSslPolicies.` `compute.regionSslPolicies.create` `compute.regionSslPolicies.createTagBinding` `compute.regionSslPolicies.delete` `compute.regionSslPolicies.deleteTagBinding` `compute.regionSslPolicies.get` `compute.regionSslPolicies.list` `compute.regionSslPolicies.listAvailableFeatures` `compute.regionSslPolicies.listEffectiveTags` `compute.regionSslPolicies.listTagBindings` `compute.regionSslPolicies.update` `compute.regionSslPolicies.use` `compute.regions.` `compute.regions.get` `compute.regions.list` `compute.routers.get` `compute.routers.getRoutePolicy` `compute.routers.list` `compute.routers.listBgpRoutes` `compute.routers.listEffectiveTags` `compute.routers.listRoutePolicies` `compute.routers.listTagBindings` `compute.routes.get` `compute.routes.list` `compute.routes.listEffectiveTags` `compute.routes.listTagBindings` `compute.securityPolicies.` `compute.securityPolicies.addAssociation` `compute.securityPolicies.copyRules` `compute.securityPolicies.create` `compute.securityPolicies.createTagBinding` `compute.securityPolicies.delete` `compute.securityPolicies.deleteTagBinding` `compute.securityPolicies.get` `compute.securityPolicies.list` `compute.securityPolicies.listEffectiveTags` `compute.securityPolicies.listTagBindings` `compute.securityPolicies.move` `compute.securityPolicies.removeAssociation` `compute.securityPolicies.setLabels` `compute.securityPolicies.update` `compute.securityPolicies.use` `compute.sslCertificates.` `compute.sslCertificates.create` `compute.sslCertificates.createTagBinding` `compute.sslCertificates.delete` `compute.sslCertificates.deleteTagBinding` `compute.sslCertificates.get` `compute.sslCertificates.list` `compute.sslCertificates.listEffectiveTags` `compute.sslCertificates.listTagBindings` `compute.sslPolicies.` `compute.sslPolicies.create` `compute.sslPolicies.createTagBinding` `compute.sslPolicies.delete` `compute.sslPolicies.deleteTagBinding` `compute.sslPolicies.get` `compute.sslPolicies.list` `compute.sslPolicies.listAvailableFeatures` `compute.sslPolicies.listEffectiveTags` `compute.sslPolicies.listTagBindings` `compute.sslPolicies.update` `compute.sslPolicies.use` `compute.subnetworks.get` `compute.subnetworks.list` `compute.subnetworks.listEffectiveTags` `compute.subnetworks.listTagBindings` `compute.targetInstances.list` `compute.targetPools.list` `compute.zoneOperations.get` `compute.zoneOperations.list` `compute.zones.` `compute.zones.get` `compute.zones.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.*` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`
Compute Engine Service Agent (`roles/compute.serviceAgent`) Gives Compute Engine Service Account access to assert service account authority. Includes access to service accounts. Warning: Do not grant service agent roles to any principals except service agents.	`cloudnotifications.activities.list` `compute.addresses.use` `compute.addresses.useInternal` `compute.disks.create` `compute.disks.createTagBinding` `compute.disks.delete` `compute.disks.get` `compute.disks.setLabels` `compute.disks.use` `compute.disks.useReadOnly` `compute.forwardingRules.create` `compute.forwardingRules.delete` `compute.forwardingRules.get` `compute.globalOperations.get` `compute.healthChecks.create` `compute.healthChecks.delete` `compute.healthChecks.get` `compute.healthChecks.update` `compute.images.useReadOnly` `compute.instanceGroupManagers.get` `compute.instanceTemplates.useReadOnly` `compute.instances.attachDisk` `compute.instances.create` `compute.instances.createTagBinding` `compute.instances.delete` `compute.instances.detachDisk` `compute.instances.get` `compute.instances.setDeletionProtection` `compute.instances.setLabels` `compute.instances.setMetadata` `compute.instances.setServiceAccount` `compute.instances.setTags` `compute.instances.start` `compute.instances.stop` `compute.instances.update` `compute.instances.updateDisplayDevice` `compute.instances.use` `compute.machineImages.useReadOnly` `compute.networkEndpointGroups.attachNetworkEndpoints` `compute.networkEndpointGroups.create` `compute.networkEndpointGroups.delete` `compute.networkEndpointGroups.use` `compute.networks.use` `compute.networks.useExternalIp` `compute.regionBackendServices.create` `compute.regionBackendServices.delete` `compute.regionBackendServices.get` `compute.regionBackendServices.update` `compute.regionBackendServices.use` `compute.regionOperations.get` `compute.resourcePolicies.use` `compute.snapshots.listEffectiveTags` `compute.snapshots.useReadOnly` `compute.subnetworks.use` `compute.subnetworks.useExternalIp` `compute.zoneOperations.get` `iam.serviceAccounts.actAs` `iam.serviceAccounts.getAccessToken` `iam.serviceAccounts.getOpenIdToken` `iam.serviceAccounts.implicitDelegation` `iam.serviceAccounts.signJwt` `logging.logEntries.create` `monitoring.alertPolicies.get` `monitoring.alertPolicies.list` `monitoring.alertPolicies.listEffectiveTags` `monitoring.alertPolicies.listTagBindings` `monitoring.alerts.` `monitoring.alerts.get` `monitoring.alerts.list` `monitoring.dashboards.get` `monitoring.dashboards.list` `monitoring.dashboards.listEffectiveTags` `monitoring.dashboards.listTagBindings` `monitoring.groups.get` `monitoring.groups.list` `monitoring.metricDescriptors.get` `monitoring.metricDescriptors.list` `monitoring.monitoredResourceDescriptors.` `monitoring.monitoredResourceDescriptors.get` `monitoring.monitoredResourceDescriptors.list` `monitoring.notificationChannelDescriptors.*` `monitoring.notificationChannelDescriptors.get` `monitoring.notificationChannelDescriptors.list` `monitoring.notificationChannels.get` `monitoring.notificationChannels.list` `monitoring.services.get` `monitoring.services.list` `monitoring.slos.get` `monitoring.slos.list` `monitoring.snoozes.get` `monitoring.snoozes.list` `monitoring.timeSeries.list` `monitoring.uptimeCheckConfigs.get` `monitoring.uptimeCheckConfigs.list` `opsconfigmonitoring.resourceMetadata.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `stackdriver.projects.get` `stackdriver.resourceMetadata.list` `storage.objects.create` `storage.objects.get` `storage.objects.list` `storage.objects.update`
Compute Sole Tenant Viewer (`roles/compute.soleTenantViewer`) Permissions to view sole tenancy node groups	`compute.nodeGroups.get` `compute.nodeGroups.getIamPolicy` `compute.nodeGroups.list` `compute.nodeTemplates.get` `compute.nodeTemplates.getIamPolicy` `compute.nodeTemplates.list` `compute.nodeTypes.*` `compute.nodeTypes.get` `compute.nodeTypes.list`
Compute Storage Admin (`roles/compute.storageAdmin`) Permissions to create, modify, and delete disks, images, and snapshots. For example, if your company has someone who manages project images and you don't want them to have the editor role on the project, then grant this role to their account on the project. Lowest-level resources where you can grant this role: Disk Image Snapshot	`backupdr.backupPlanAssociations.createForComputeDisk` `backupdr.backupPlanAssociations.deleteForComputeDisk` `backupdr.backupPlanAssociations.fetchForComputeDisk` `backupdr.backupPlanAssociations.getForComputeDisk` `backupdr.backupPlanAssociations.triggerBackupForComputeDisk` `backupdr.backupPlanAssociations.updateForComputeDisk` `backupdr.backupPlans.useForComputeDisk` `cloudkms.keyHandles.` `cloudkms.keyHandles.create` `cloudkms.keyHandles.get` `cloudkms.keyHandles.list` `cloudkms.operations.get` `cloudkms.projects.showEffectiveAutokeyConfig` `compute.diskSettings.` `compute.diskSettings.get` `compute.diskSettings.update` `compute.diskTypes.` `compute.diskTypes.get` `compute.diskTypes.list` `compute.disks.` `compute.disks.addResourcePolicies` `compute.disks.create` `compute.disks.createSnapshot` `compute.disks.createTagBinding` `compute.disks.delete` `compute.disks.deleteTagBinding` `compute.disks.get` `compute.disks.getIamPolicy` `compute.disks.list` `compute.disks.listEffectiveTags` `compute.disks.listTagBindings` `compute.disks.removeResourcePolicies` `compute.disks.resize` `compute.disks.setIamPolicy` `compute.disks.setLabels` `compute.disks.startAsyncReplication` `compute.disks.stopAsyncReplication` `compute.disks.stopGroupAsyncReplication` `compute.disks.update` `compute.disks.updateKmsKey` `compute.disks.use` `compute.disks.useReadOnly` `compute.globalOperations.get` `compute.globalOperations.list` `compute.images.` `compute.images.create` `compute.images.createTagBinding` `compute.images.delete` `compute.images.deleteTagBinding` `compute.images.deprecate` `compute.images.get` `compute.images.getFromFamily` `compute.images.getIamPolicy` `compute.images.list` `compute.images.listEffectiveTags` `compute.images.listTagBindings` `compute.images.setIamPolicy` `compute.images.setLabels` `compute.images.update` `compute.images.useReadOnly` `compute.instanceSettings.get` `compute.instantSnapshotGroups.` `compute.instantSnapshotGroups.create` `compute.instantSnapshotGroups.delete` `compute.instantSnapshotGroups.get` `compute.instantSnapshotGroups.getIamPolicy` `compute.instantSnapshotGroups.list` `compute.instantSnapshotGroups.setIamPolicy` `compute.instantSnapshotGroups.useReadOnly` `compute.instantSnapshots.` `compute.instantSnapshots.create` `compute.instantSnapshots.createTagBinding` `compute.instantSnapshots.delete` `compute.instantSnapshots.deleteTagBinding` `compute.instantSnapshots.export` `compute.instantSnapshots.get` `compute.instantSnapshots.getIamPolicy` `compute.instantSnapshots.list` `compute.instantSnapshots.listEffectiveTags` `compute.instantSnapshots.listTagBindings` `compute.instantSnapshots.setIamPolicy` `compute.instantSnapshots.setLabels` `compute.instantSnapshots.useReadOnly` `compute.licenseCodes.` `compute.licenseCodes.get` `compute.licenseCodes.getIamPolicy` `compute.licenseCodes.list` `compute.licenseCodes.setIamPolicy` `compute.licenses.` `compute.licenses.create` `compute.licenses.createTagBinding` `compute.licenses.delete` `compute.licenses.deleteTagBinding` `compute.licenses.get` `compute.licenses.getIamPolicy` `compute.licenses.list` `compute.licenses.listEffectiveTags` `compute.licenses.listTagBindings` `compute.licenses.setIamPolicy` `compute.licenses.update` `compute.projects.get` `compute.regionOperations.get` `compute.regionOperations.list` `compute.regions.` `compute.regions.get` `compute.regions.list` `compute.resourcePolicies.` `compute.resourcePolicies.create` `compute.resourcePolicies.delete` `compute.resourcePolicies.get` `compute.resourcePolicies.getIamPolicy` `compute.resourcePolicies.list` `compute.resourcePolicies.setIamPolicy` `compute.resourcePolicies.update` `compute.resourcePolicies.use` `compute.resourcePolicies.useReadOnly` `compute.snapshotGroups.` `compute.snapshotGroups.create` `compute.snapshotGroups.delete` `compute.snapshotGroups.get` `compute.snapshotGroups.getIamPolicy` `compute.snapshotGroups.list` `compute.snapshotGroups.setIamPolicy` `compute.snapshotGroups.useReadOnly` `compute.snapshots.` `compute.snapshots.create` `compute.snapshots.createTagBinding` `compute.snapshots.delete` `compute.snapshots.deleteTagBinding` `compute.snapshots.get` `compute.snapshots.getIamPolicy` `compute.snapshots.list` `compute.snapshots.listEffectiveTags` `compute.snapshots.listTagBindings` `compute.snapshots.setIamPolicy` `compute.snapshots.setLabels` `compute.snapshots.updateKmsKey` `compute.snapshots.useReadOnly` `compute.storagePools.` `compute.storagePools.create` `compute.storagePools.createTagBinding` `compute.storagePools.delete` `compute.storagePools.deleteTagBinding` `compute.storagePools.get` `compute.storagePools.getIamPolicy` `compute.storagePools.list` `compute.storagePools.listEffectiveTags` `compute.storagePools.listTagBindings` `compute.storagePools.setIamPolicy` `compute.storagePools.update` `compute.storagePools.use` `compute.zoneOperations.get` `compute.zoneOperations.list` `compute.zones.` `compute.zones.get` `compute.zones.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`
Compute Viewer (`roles/compute.viewer`) Read-only access to get and list Compute Engine resources, without being able to read the data stored on them. For example, an account with this role could inventory all of the disks in a project, but it could not read any of the data on those disks. Lowest-level resources where you can grant this role: Disk Image Instance Instance template Node group Node template Snapshot	`compute.acceleratorTypes.` `compute.acceleratorTypes.get` `compute.acceleratorTypes.list` `compute.addresses.get` `compute.addresses.list` `compute.addresses.listEffectiveTags` `compute.addresses.listTagBindings` `compute.autoscalers.get` `compute.autoscalers.list` `compute.backendBuckets.get` `compute.backendBuckets.getIamPolicy` `compute.backendBuckets.list` `compute.backendBuckets.listEffectiveTags` `compute.backendBuckets.listTagBindings` `compute.backendServices.get` `compute.backendServices.getIamPolicy` `compute.backendServices.list` `compute.backendServices.listEffectiveTags` `compute.backendServices.listTagBindings` `compute.commitments.get` `compute.commitments.list` `compute.commitments.listEffectiveTags` `compute.commitments.listTagBindings` `compute.crossSiteNetworks.get` `compute.crossSiteNetworks.list` `compute.diskSettings.get` `compute.diskTypes.` `compute.diskTypes.get` `compute.diskTypes.list` `compute.disks.get` `compute.disks.getIamPolicy` `compute.disks.list` `compute.disks.listEffectiveTags` `compute.disks.listTagBindings` `compute.externalVpnGateways.get` `compute.externalVpnGateways.list` `compute.externalVpnGateways.listEffectiveTags` `compute.externalVpnGateways.listTagBindings` `compute.firewallPolicies.get` `compute.firewallPolicies.getIamPolicy` `compute.firewallPolicies.list` `compute.firewallPolicies.listEffectiveTags` `compute.firewallPolicies.listTagBindings` `compute.firewalls.get` `compute.firewalls.list` `compute.firewalls.listEffectiveTags` `compute.firewalls.listTagBindings` `compute.forwardingRules.get` `compute.forwardingRules.list` `compute.forwardingRules.listEffectiveTags` `compute.forwardingRules.listTagBindings` `compute.futureReservations.get` `compute.futureReservations.getIamPolicy` `compute.futureReservations.list` `compute.futureReservations.listEffectiveTags` `compute.futureReservations.listTagBindings` `compute.globalAddresses.get` `compute.globalAddresses.list` `compute.globalAddresses.listEffectiveTags` `compute.globalAddresses.listTagBindings` `compute.globalForwardingRules.get` `compute.globalForwardingRules.list` `compute.globalForwardingRules.listEffectiveTags` `compute.globalForwardingRules.listTagBindings` `compute.globalNetworkEndpointGroups.get` `compute.globalNetworkEndpointGroups.list` `compute.globalNetworkEndpointGroups.listEffectiveTags` `compute.globalNetworkEndpointGroups.listTagBindings` `compute.globalOperations.get` `compute.globalOperations.getIamPolicy` `compute.globalOperations.list` `compute.globalPublicDelegatedPrefixes.get` `compute.globalPublicDelegatedPrefixes.list` `compute.healthChecks.get` `compute.healthChecks.list` `compute.healthChecks.listEffectiveTags` `compute.healthChecks.listTagBindings` `compute.httpHealthChecks.get` `compute.httpHealthChecks.list` `compute.httpHealthChecks.listEffectiveTags` `compute.httpHealthChecks.listTagBindings` `compute.httpsHealthChecks.get` `compute.httpsHealthChecks.list` `compute.httpsHealthChecks.listEffectiveTags` `compute.httpsHealthChecks.listTagBindings` `compute.images.get` `compute.images.getFromFamily` `compute.images.getIamPolicy` `compute.images.list` `compute.images.listEffectiveTags` `compute.images.listTagBindings` `compute.instanceGroupManagers.get` `compute.instanceGroupManagers.list` `compute.instanceGroupManagers.listEffectiveTags` `compute.instanceGroupManagers.listTagBindings` `compute.instanceGroups.get` `compute.instanceGroups.list` `compute.instanceGroups.listEffectiveTags` `compute.instanceGroups.listTagBindings` `compute.instanceSettings.get` `compute.instanceTemplates.get` `compute.instanceTemplates.getIamPolicy` `compute.instanceTemplates.list` `compute.instances.get` `compute.instances.getEffectiveFirewalls` `compute.instances.getGuestAttributes` `compute.instances.getIamPolicy` `compute.instances.getScreenshot` `compute.instances.getSerialPortOutput` `compute.instances.getShieldedInstanceIdentity` `compute.instances.getShieldedVmIdentity` `compute.instances.list` `compute.instances.listEffectiveTags` `compute.instances.listReferrers` `compute.instances.listTagBindings` `compute.instantSnapshotGroups.get` `compute.instantSnapshotGroups.getIamPolicy` `compute.instantSnapshotGroups.list` `compute.instantSnapshots.get` `compute.instantSnapshots.getIamPolicy` `compute.instantSnapshots.list` `compute.instantSnapshots.listEffectiveTags` `compute.instantSnapshots.listTagBindings` `compute.interconnectAttachmentGroups.get` `compute.interconnectAttachmentGroups.list` `compute.interconnectAttachments.get` `compute.interconnectAttachments.list` `compute.interconnectAttachments.listEffectiveTags` `compute.interconnectAttachments.listTagBindings` `compute.interconnectGroups.get` `compute.interconnectGroups.list` `compute.interconnectLocations.` `compute.interconnectLocations.get` `compute.interconnectLocations.list` `compute.interconnectRemoteLocations.` `compute.interconnectRemoteLocations.get` `compute.interconnectRemoteLocations.list` `compute.interconnects.get` `compute.interconnects.list` `compute.interconnects.listEffectiveTags` `compute.interconnects.listTagBindings` `compute.licenseCodes.get` `compute.licenseCodes.getIamPolicy` `compute.licenseCodes.list` `compute.licenses.get` `compute.licenses.getIamPolicy` `compute.licenses.list` `compute.licenses.listEffectiveTags` `compute.licenses.listTagBindings` `compute.machineImages.get` `compute.machineImages.getIamPolicy` `compute.machineImages.list` `compute.machineImages.listEffectiveTags` `compute.machineImages.listTagBindings` `compute.machineTypes.` `compute.machineTypes.get` `compute.machineTypes.list` `compute.multiMig.get` `compute.multiMig.list` `compute.multiMigMembers.` `compute.multiMigMembers.get` `compute.multiMigMembers.list` `compute.networkAttachments.get` `compute.networkAttachments.getIamPolicy` `compute.networkAttachments.list` `compute.networkAttachments.listEffectiveTags` `compute.networkAttachments.listTagBindings` `compute.networkEdgeSecurityServices.get` `compute.networkEdgeSecurityServices.list` `compute.networkEdgeSecurityServices.listEffectiveTags` `compute.networkEdgeSecurityServices.listTagBindings` `compute.networkEndpointGroups.get` `compute.networkEndpointGroups.list` `compute.networkEndpointGroups.listEffectiveTags` `compute.networkEndpointGroups.listTagBindings` `compute.networkProfiles.` `compute.networkProfiles.get` `compute.networkProfiles.list` `compute.networks.get` `compute.networks.getEffectiveFirewalls` `compute.networks.getRegionEffectiveFirewalls` `compute.networks.list` `compute.networks.listEffectiveTags` `compute.networks.listPeeringRoutes` `compute.networks.listTagBindings` `compute.nodeGroups.get` `compute.nodeGroups.getIamPolicy` `compute.nodeGroups.list` `compute.nodeTemplates.get` `compute.nodeTemplates.getIamPolicy` `compute.nodeTemplates.list` `compute.nodeTypes.` `compute.nodeTypes.get` `compute.nodeTypes.list` `compute.organizations.listAssociations` `compute.packetMirrorings.get` `compute.packetMirrorings.list` `compute.packetMirrorings.listEffectiveTags` `compute.packetMirrorings.listTagBindings` `compute.previewFeatures.get` `compute.previewFeatures.list` `compute.projects.get` `compute.publicAdvertisedPrefixes.get` `compute.publicAdvertisedPrefixes.list` `compute.publicDelegatedPrefixes.get` `compute.publicDelegatedPrefixes.list` `compute.publicDelegatedPrefixes.listEffectiveTags` `compute.publicDelegatedPrefixes.listTagBindings` `compute.regionBackendBuckets.get` `compute.regionBackendBuckets.getIamPolicy` `compute.regionBackendBuckets.list` `compute.regionBackendBuckets.listEffectiveTags` `compute.regionBackendBuckets.listTagBindings` `compute.regionBackendServices.get` `compute.regionBackendServices.getIamPolicy` `compute.regionBackendServices.list` `compute.regionBackendServices.listEffectiveTags` `compute.regionBackendServices.listTagBindings` `compute.regionCompositeHealthChecks.get` `compute.regionCompositeHealthChecks.list` `compute.regionFirewallPolicies.get` `compute.regionFirewallPolicies.getIamPolicy` `compute.regionFirewallPolicies.list` `compute.regionFirewallPolicies.listEffectiveTags` `compute.regionFirewallPolicies.listTagBindings` `compute.regionHealthAggregationPolicies.get` `compute.regionHealthAggregationPolicies.list` `compute.regionHealthCheckServices.get` `compute.regionHealthCheckServices.list` `compute.regionHealthChecks.get` `compute.regionHealthChecks.list` `compute.regionHealthChecks.listEffectiveTags` `compute.regionHealthChecks.listTagBindings` `compute.regionHealthSources.get` `compute.regionHealthSources.list` `compute.regionNetworkEndpointGroups.get` `compute.regionNetworkEndpointGroups.list` `compute.regionNetworkEndpointGroups.listEffectiveTags` `compute.regionNetworkEndpointGroups.listTagBindings` `compute.regionNetworkPolicies.get` `compute.regionNetworkPolicies.list` `compute.regionNotificationEndpoints.get` `compute.regionNotificationEndpoints.list` `compute.regionOperations.get` `compute.regionOperations.getIamPolicy` `compute.regionOperations.list` `compute.regionSecurityPolicies.get` `compute.regionSecurityPolicies.list` `compute.regionSecurityPolicies.listEffectiveTags` `compute.regionSecurityPolicies.listTagBindings` `compute.regionSslCertificates.get` `compute.regionSslCertificates.list` `compute.regionSslCertificates.listEffectiveTags` `compute.regionSslCertificates.listTagBindings` `compute.regionSslPolicies.get` `compute.regionSslPolicies.list` `compute.regionSslPolicies.listAvailableFeatures` `compute.regionSslPolicies.listEffectiveTags` `compute.regionSslPolicies.listTagBindings` `compute.regionTargetHttpProxies.get` `compute.regionTargetHttpProxies.list` `compute.regionTargetHttpProxies.listEffectiveTags` `compute.regionTargetHttpProxies.listTagBindings` `compute.regionTargetHttpsProxies.get` `compute.regionTargetHttpsProxies.list` `compute.regionTargetHttpsProxies.listEffectiveTags` `compute.regionTargetHttpsProxies.listTagBindings` `compute.regionTargetTcpProxies.get` `compute.regionTargetTcpProxies.list` `compute.regionTargetTcpProxies.listEffectiveTags` `compute.regionTargetTcpProxies.listTagBindings` `compute.regionUrlMaps.get` `compute.regionUrlMaps.list` `compute.regionUrlMaps.listEffectiveTags` `compute.regionUrlMaps.listTagBindings` `compute.regionUrlMaps.validate` `compute.regions.` `compute.regions.get` `compute.regions.list` `compute.reservationBlocks.get` `compute.reservationBlocks.list` `compute.reservationSlots.get` `compute.reservationSlots.list` `compute.reservationSubBlocks.get` `compute.reservationSubBlocks.list` `compute.reservations.get` `compute.reservations.list` `compute.reservations.listEffectiveTags` `compute.reservations.listTagBindings` `compute.resourcePolicies.get` `compute.resourcePolicies.getIamPolicy` `compute.resourcePolicies.list` `compute.rolloutPlans.get` `compute.rolloutPlans.list` `compute.rollouts.get` `compute.rollouts.list` `compute.routers.get` `compute.routers.getRoutePolicy` `compute.routers.list` `compute.routers.listBgpRoutes` `compute.routers.listEffectiveTags` `compute.routers.listRoutePolicies` `compute.routers.listTagBindings` `compute.routes.get` `compute.routes.list` `compute.routes.listEffectiveTags` `compute.routes.listTagBindings` `compute.securityPolicies.get` `compute.securityPolicies.list` `compute.securityPolicies.listEffectiveTags` `compute.securityPolicies.listTagBindings` `compute.serviceAttachments.get` `compute.serviceAttachments.getIamPolicy` `compute.serviceAttachments.list` `compute.serviceAttachments.listEffectiveTags` `compute.serviceAttachments.listTagBindings` `compute.snapshotGroups.get` `compute.snapshotGroups.getIamPolicy` `compute.snapshotGroups.list` `compute.snapshotSettings.get` `compute.snapshots.get` `compute.snapshots.getIamPolicy` `compute.snapshots.list` `compute.snapshots.listEffectiveTags` `compute.snapshots.listTagBindings` `compute.spotAssistants.get` `compute.sslCertificates.get` `compute.sslCertificates.list` `compute.sslCertificates.listEffectiveTags` `compute.sslCertificates.listTagBindings` `compute.sslPolicies.get` `compute.sslPolicies.list` `compute.sslPolicies.listAvailableFeatures` `compute.sslPolicies.listEffectiveTags` `compute.sslPolicies.listTagBindings` `compute.storagePools.get` `compute.storagePools.getIamPolicy` `compute.storagePools.list` `compute.storagePools.listEffectiveTags` `compute.storagePools.listTagBindings` `compute.subnetworks.get` `compute.subnetworks.getIamPolicy` `compute.subnetworks.list` `compute.subnetworks.listEffectiveTags` `compute.subnetworks.listTagBindings` `compute.targetGrpcProxies.get` `compute.targetGrpcProxies.list` `compute.targetGrpcProxies.listEffectiveTags` `compute.targetGrpcProxies.listTagBindings` `compute.targetHttpProxies.get` `compute.targetHttpProxies.list` `compute.targetHttpProxies.listEffectiveTags` `compute.targetHttpProxies.listTagBindings` `compute.targetHttpsProxies.get` `compute.targetHttpsProxies.list` `compute.targetHttpsProxies.listEffectiveTags` `compute.targetHttpsProxies.listTagBindings` `compute.targetInstances.get` `compute.targetInstances.list` `compute.targetInstances.listEffectiveTags` `compute.targetInstances.listTagBindings` `compute.targetPools.get` `compute.targetPools.list` `compute.targetPools.listEffectiveTags` `compute.targetPools.listTagBindings` `compute.targetSslProxies.get` `compute.targetSslProxies.list` `compute.targetSslProxies.listEffectiveTags` `compute.targetSslProxies.listTagBindings` `compute.targetTcpProxies.get` `compute.targetTcpProxies.list` `compute.targetTcpProxies.listEffectiveTags` `compute.targetTcpProxies.listTagBindings` `compute.targetVpnGateways.get` `compute.targetVpnGateways.list` `compute.targetVpnGateways.listEffectiveTags` `compute.targetVpnGateways.listTagBindings` `compute.urlMaps.get` `compute.urlMaps.list` `compute.urlMaps.listEffectiveTags` `compute.urlMaps.listTagBindings` `compute.urlMaps.validate` `compute.vmExtensionPolicies.get` `compute.vmExtensionPolicies.list` `compute.vpnGateways.get` `compute.vpnGateways.list` `compute.vpnGateways.listEffectiveTags` `compute.vpnGateways.listTagBindings` `compute.vpnTunnels.get` `compute.vpnTunnels.list` `compute.vpnTunnels.listEffectiveTags` `compute.vpnTunnels.listTagBindings` `compute.wireGroups.get` `compute.wireGroups.list` `compute.zoneOperations.get` `compute.zoneOperations.getIamPolicy` `compute.zoneOperations.list` `compute.zones.` `compute.zones.get` `compute.zones.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.*` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`
Compute VM extension policy admin ^Beta (`roles/compute.vmExtensionPolicyAdmin`) Administer zone/global VM extension policies.	`compute.instances.get` `compute.instances.list` `compute.instances.setLabels` `compute.instances.setTags` `compute.rolloutPlans.` `compute.rolloutPlans.create` `compute.rolloutPlans.delete` `compute.rolloutPlans.get` `compute.rolloutPlans.list` `compute.rollouts.` `compute.rollouts.cancel` `compute.rollouts.delete` `compute.rollouts.get` `compute.rollouts.list` `compute.vmExtensionPolicies.*` `compute.vmExtensionPolicies.create` `compute.vmExtensionPolicies.delete` `compute.vmExtensionPolicies.get` `compute.vmExtensionPolicies.list` `compute.vmExtensionPolicies.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Compute VM extension policy viewer ^Beta (`roles/compute.vmExtensionPolicyViewer`) View zone/global VM extension policies.	`compute.instances.get` `compute.instances.list` `compute.rolloutPlans.get` `compute.rolloutPlans.list` `compute.rollouts.get` `compute.rollouts.list` `compute.vmExtensionPolicies.get` `compute.vmExtensionPolicies.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Compute Shared VPC Admin (`roles/compute.xpnAdmin`) Permissions to administer shared VPC host projects, specifically enabling the host projects and associating shared VPC service projects to the host project's network. At the organization level, this role can only be granted by an organization admin. Google Cloud recommends that the Shared VPC Admin be the owner of the shared VPC host project. The Shared VPC Admin is responsible for granting the Compute Network User role (`roles/compute.networkUser`) to service owners, and the shared VPC host project owner controls the project itself. Managing the project is easier if a single principal (individual or group) can fulfill both roles. Lowest-level resources where you can grant this role: Folder	`compute.globalOperations.get` `compute.globalOperations.list` `compute.organizations.disableXpnHost` `compute.organizations.disableXpnResource` `compute.organizations.enableXpnHost` `compute.organizations.enableXpnResource` `compute.projects.get` `compute.subnetworks.getIamPolicy` `compute.subnetworks.setIamPolicy` `resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.getIamPolicy` `resourcemanager.projects.list`

Compute Admin

(roles/compute.admin)

Full control of all Compute Engine resources.

If the user will be managing virtual machine instances that are configured to run as a service account, you must also grant the roles/iam.serviceAccountUser role.

Lowest-level resources where you can grant this role:

Disk
Image
Instance
Instance template
Node group
Node template
Snapshot

backupdr.backupPlanAssociations.createForComputeDisk

backupdr.backupPlanAssociations.createForComputeInstance

backupdr.backupPlanAssociations.deleteForComputeDisk

backupdr.backupPlanAssociations.deleteForComputeInstance

backupdr.backupPlanAssociations.fetchForComputeDisk

backupdr.backupPlanAssociations.getForComputeDisk

backupdr.backupPlanAssociations.list

backupdr.backupPlanAssociations.triggerBackupForComputeDisk

backupdr.backupPlanAssociations.triggerBackupForComputeInstance

backupdr.backupPlanAssociations.updateForComputeDisk

backupdr.backupPlanAssociations.updateForComputeInstance

backupdr.backupPlans.get

backupdr.backupPlans.list

backupdr.backupPlans.useForComputeDisk

backupdr.backupPlans.useForComputeInstance

backupdr.backupVaults.get

backupdr.backupVaults.list

backupdr.locations.list

backupdr.operations.get

backupdr.operations.list

backupdr.serviceConfig.initialize

cloudkms.keyHandles.*

cloudkms.keyHandles.create
cloudkms.keyHandles.get
cloudkms.keyHandles.list

cloudkms.operations.get

cloudkms.projects.showEffectiveAutokeyConfig

compute.*

compute.acceleratorTypes.get
compute.acceleratorTypes.list
compute.addresses.create
compute.addresses.createInternal
compute.addresses.createTagBinding
compute.addresses.delete
compute.addresses.deleteInternal
compute.addresses.deleteTagBinding
compute.addresses.get
compute.addresses.list
compute.addresses.listEffectiveTags
compute.addresses.listTagBindings
compute.addresses.setLabels
compute.addresses.use
compute.addresses.useInternal
compute.advice.calendarMode
compute.autoscalers.create
compute.autoscalers.delete
compute.autoscalers.get
compute.autoscalers.list
compute.autoscalers.update
compute.backendBuckets.addSignedUrlKey
compute.backendBuckets.create
compute.backendBuckets.createTagBinding
compute.backendBuckets.delete
compute.backendBuckets.deleteSignedUrlKey
compute.backendBuckets.deleteTagBinding
compute.backendBuckets.get
compute.backendBuckets.getIamPolicy
compute.backendBuckets.list
compute.backendBuckets.listEffectiveTags
compute.backendBuckets.listTagBindings
compute.backendBuckets.setIamPolicy
compute.backendBuckets.setSecurityPolicy
compute.backendBuckets.update
compute.backendBuckets.use
compute.backendServices.addSignedUrlKey
compute.backendServices.create
compute.backendServices.createTagBinding
compute.backendServices.delete
compute.backendServices.deleteSignedUrlKey
compute.backendServices.deleteTagBinding
compute.backendServices.get
compute.backendServices.getIamPolicy
compute.backendServices.list
compute.backendServices.listEffectiveTags
compute.backendServices.listTagBindings
compute.backendServices.setIamPolicy
compute.backendServices.setSecurityPolicy
compute.backendServices.update
compute.backendServices.use
compute.commitments.create
compute.commitments.createTagBinding
compute.commitments.deleteTagBinding
compute.commitments.get
compute.commitments.list
compute.commitments.listEffectiveTags
compute.commitments.listTagBindings
compute.commitments.update
compute.commitments.updateReservations
compute.crossSiteNetworks.create
compute.crossSiteNetworks.delete
compute.crossSiteNetworks.get
compute.crossSiteNetworks.list
compute.crossSiteNetworks.update
compute.diskSettings.get
compute.diskSettings.update
compute.diskTypes.get
compute.diskTypes.list
compute.disks.addResourcePolicies
compute.disks.create
compute.disks.createSnapshot
compute.disks.createTagBinding
compute.disks.delete
compute.disks.deleteTagBinding
compute.disks.get
compute.disks.getIamPolicy
compute.disks.list
compute.disks.listEffectiveTags
compute.disks.listTagBindings
compute.disks.removeResourcePolicies
compute.disks.resize
compute.disks.setIamPolicy
compute.disks.setLabels
compute.disks.startAsyncReplication
compute.disks.stopAsyncReplication
compute.disks.stopGroupAsyncReplication
compute.disks.update
compute.disks.updateKmsKey
compute.disks.use
compute.disks.useReadOnly
compute.externalVpnGateways.create
compute.externalVpnGateways.createTagBinding
compute.externalVpnGateways.delete
compute.externalVpnGateways.deleteTagBinding
compute.externalVpnGateways.get
compute.externalVpnGateways.list
compute.externalVpnGateways.listEffectiveTags
compute.externalVpnGateways.listTagBindings
compute.externalVpnGateways.setLabels
compute.externalVpnGateways.use
compute.firewallPolicies.cloneRules
compute.firewallPolicies.copyRules
compute.firewallPolicies.create
compute.firewallPolicies.createTagBinding
compute.firewallPolicies.delete
compute.firewallPolicies.deleteTagBinding
compute.firewallPolicies.get
compute.firewallPolicies.getIamPolicy
compute.firewallPolicies.list
compute.firewallPolicies.listEffectiveTags
compute.firewallPolicies.listTagBindings
compute.firewallPolicies.move
compute.firewallPolicies.setIamPolicy
compute.firewallPolicies.update
compute.firewallPolicies.use
compute.firewalls.create
compute.firewalls.createTagBinding
compute.firewalls.delete
compute.firewalls.deleteTagBinding
compute.firewalls.get
compute.firewalls.list
compute.firewalls.listEffectiveTags
compute.firewalls.listTagBindings
compute.firewalls.update
compute.forwardingRules.create
compute.forwardingRules.createTagBinding
compute.forwardingRules.delete
compute.forwardingRules.deleteTagBinding
compute.forwardingRules.get
compute.forwardingRules.list
compute.forwardingRules.listEffectiveTags
compute.forwardingRules.listTagBindings
compute.forwardingRules.pscCreate
compute.forwardingRules.pscDelete
compute.forwardingRules.pscSetLabels
compute.forwardingRules.pscUpdate
compute.forwardingRules.setLabels
compute.forwardingRules.setTarget
compute.forwardingRules.update
compute.forwardingRules.use
compute.futureReservations.cancel
compute.futureReservations.create
compute.futureReservations.createTagBinding
compute.futureReservations.delete
compute.futureReservations.deleteTagBinding
compute.futureReservations.get
compute.futureReservations.getIamPolicy
compute.futureReservations.list
compute.futureReservations.listEffectiveTags
compute.futureReservations.listTagBindings
compute.futureReservations.setIamPolicy
compute.futureReservations.update
compute.globalAddresses.create
compute.globalAddresses.createInternal
compute.globalAddresses.createTagBinding
compute.globalAddresses.delete
compute.globalAddresses.deleteInternal
compute.globalAddresses.deleteTagBinding
compute.globalAddresses.get
compute.globalAddresses.list
compute.globalAddresses.listEffectiveTags
compute.globalAddresses.listTagBindings
compute.globalAddresses.setLabels
compute.globalAddresses.use
compute.globalForwardingRules.create
compute.globalForwardingRules.createTagBinding
compute.globalForwardingRules.delete
compute.globalForwardingRules.deleteTagBinding
compute.globalForwardingRules.get
compute.globalForwardingRules.list
compute.globalForwardingRules.listEffectiveTags
compute.globalForwardingRules.listTagBindings
compute.globalForwardingRules.pscCreate
compute.globalForwardingRules.pscDelete
compute.globalForwardingRules.pscSetLabels
compute.globalForwardingRules.pscUpdate
compute.globalForwardingRules.setLabels
compute.globalForwardingRules.setTarget
compute.globalForwardingRules.update
compute.globalNetworkEndpointGroups.attachNetworkEndpoints
compute.globalNetworkEndpointGroups.create
compute.globalNetworkEndpointGroups.createTagBinding
compute.globalNetworkEndpointGroups.delete
compute.globalNetworkEndpointGroups.deleteTagBinding
compute.globalNetworkEndpointGroups.detachNetworkEndpoints
compute.globalNetworkEndpointGroups.get
compute.globalNetworkEndpointGroups.list
compute.globalNetworkEndpointGroups.listEffectiveTags
compute.globalNetworkEndpointGroups.listTagBindings
compute.globalNetworkEndpointGroups.use
compute.globalOperations.delete
compute.globalOperations.get
compute.globalOperations.getIamPolicy
compute.globalOperations.list
compute.globalOperations.setIamPolicy
compute.globalPublicDelegatedPrefixes.create
compute.globalPublicDelegatedPrefixes.delete
compute.globalPublicDelegatedPrefixes.get
compute.globalPublicDelegatedPrefixes.list
compute.globalPublicDelegatedPrefixes.updatePolicy
compute.healthChecks.create
compute.healthChecks.createTagBinding
compute.healthChecks.delete
compute.healthChecks.deleteTagBinding
compute.healthChecks.get
compute.healthChecks.list
compute.healthChecks.listEffectiveTags
compute.healthChecks.listTagBindings
compute.healthChecks.update
compute.healthChecks.use
compute.healthChecks.useReadOnly
compute.httpHealthChecks.create
compute.httpHealthChecks.createTagBinding
compute.httpHealthChecks.delete
compute.httpHealthChecks.deleteTagBinding
compute.httpHealthChecks.get
compute.httpHealthChecks.list
compute.httpHealthChecks.listEffectiveTags
compute.httpHealthChecks.listTagBindings
compute.httpHealthChecks.update
compute.httpHealthChecks.use
compute.httpHealthChecks.useReadOnly
compute.httpsHealthChecks.create
compute.httpsHealthChecks.createTagBinding
compute.httpsHealthChecks.delete
compute.httpsHealthChecks.deleteTagBinding
compute.httpsHealthChecks.get
compute.httpsHealthChecks.list
compute.httpsHealthChecks.listEffectiveTags
compute.httpsHealthChecks.listTagBindings
compute.httpsHealthChecks.update
compute.httpsHealthChecks.use
compute.httpsHealthChecks.useReadOnly
compute.images.create
compute.images.createTagBinding
compute.images.delete
compute.images.deleteTagBinding
compute.images.deprecate
compute.images.get
compute.images.getFromFamily
compute.images.getIamPolicy
compute.images.list
compute.images.listEffectiveTags
compute.images.listTagBindings
compute.images.setIamPolicy
compute.images.setLabels
compute.images.update
compute.images.useReadOnly
compute.instanceGroupManagers.create
compute.instanceGroupManagers.createTagBinding
compute.instanceGroupManagers.delete
compute.instanceGroupManagers.deleteTagBinding
compute.instanceGroupManagers.get
compute.instanceGroupManagers.list
compute.instanceGroupManagers.listEffectiveTags
compute.instanceGroupManagers.listTagBindings
compute.instanceGroupManagers.update
compute.instanceGroupManagers.use
compute.instanceGroups.create
compute.instanceGroups.createTagBinding
compute.instanceGroups.delete
compute.instanceGroups.deleteTagBinding
compute.instanceGroups.get
compute.instanceGroups.list
compute.instanceGroups.listEffectiveTags
compute.instanceGroups.listTagBindings
compute.instanceGroups.update
compute.instanceGroups.use
compute.instanceSettings.get
compute.instanceSettings.update
compute.instanceTemplates.create
compute.instanceTemplates.delete
compute.instanceTemplates.get
compute.instanceTemplates.getIamPolicy
compute.instanceTemplates.list
compute.instanceTemplates.setIamPolicy
compute.instanceTemplates.useReadOnly
compute.instances.addAccessConfig
compute.instances.addNetworkInterface
compute.instances.addResourcePolicies
compute.instances.attachDisk
compute.instances.create
compute.instances.createTagBinding
compute.instances.delete
compute.instances.deleteAccessConfig
compute.instances.deleteNetworkInterface
compute.instances.deleteTagBinding
compute.instances.detachDisk
compute.instances.get
compute.instances.getEffectiveFirewalls
compute.instances.getGuestAttributes
compute.instances.getIamPolicy
compute.instances.getScreenshot
compute.instances.getSerialPortOutput
compute.instances.getShieldedInstanceIdentity
compute.instances.getShieldedVmIdentity
compute.instances.list
compute.instances.listEffectiveTags
compute.instances.listReferrers
compute.instances.listTagBindings
compute.instances.osAdminLogin
compute.instances.osLogin
compute.instances.pscInterfaceCreate
compute.instances.removeResourcePolicies
compute.instances.reset
compute.instances.resume
compute.instances.sendDiagnosticInterrupt
compute.instances.setDeletionProtection
compute.instances.setDiskAutoDelete
compute.instances.setIamPolicy
compute.instances.setLabels
compute.instances.setMachineResources
compute.instances.setMachineType
compute.instances.setMetadata
compute.instances.setMinCpuPlatform
compute.instances.setName
compute.instances.setScheduling
compute.instances.setSecurityPolicy
compute.instances.setServiceAccount
compute.instances.setShieldedInstanceIntegrityPolicy
compute.instances.setShieldedVmIntegrityPolicy
compute.instances.setTags
compute.instances.simulateMaintenanceEvent
compute.instances.start
compute.instances.startWithEncryptionKey
compute.instances.stop
compute.instances.suspend
compute.instances.update
compute.instances.updateAccessConfig
compute.instances.updateDisplayDevice
compute.instances.updateNetworkInterface
compute.instances.updateSecurity
compute.instances.updateShieldedInstanceConfig
compute.instances.updateShieldedVmConfig
compute.instances.use
compute.instances.useReadOnly
compute.instantSnapshotGroups.create
compute.instantSnapshotGroups.delete
compute.instantSnapshotGroups.get
compute.instantSnapshotGroups.getIamPolicy
compute.instantSnapshotGroups.list
compute.instantSnapshotGroups.setIamPolicy
compute.instantSnapshotGroups.useReadOnly
compute.instantSnapshots.create
compute.instantSnapshots.createTagBinding
compute.instantSnapshots.delete
compute.instantSnapshots.deleteTagBinding
compute.instantSnapshots.export
compute.instantSnapshots.get
compute.instantSnapshots.getIamPolicy
compute.instantSnapshots.list
compute.instantSnapshots.listEffectiveTags
compute.instantSnapshots.listTagBindings
compute.instantSnapshots.setIamPolicy
compute.instantSnapshots.setLabels
compute.instantSnapshots.useReadOnly
compute.interconnectAttachmentGroups.create
compute.interconnectAttachmentGroups.delete
compute.interconnectAttachmentGroups.get
compute.interconnectAttachmentGroups.list
compute.interconnectAttachmentGroups.patch
compute.interconnectAttachments.create
compute.interconnectAttachments.createTagBinding
compute.interconnectAttachments.delete
compute.interconnectAttachments.deleteTagBinding
compute.interconnectAttachments.get
compute.interconnectAttachments.list
compute.interconnectAttachments.listEffectiveTags
compute.interconnectAttachments.listTagBindings
compute.interconnectAttachments.setLabels
compute.interconnectAttachments.update
compute.interconnectAttachments.use
compute.interconnectGroups.create
compute.interconnectGroups.delete
compute.interconnectGroups.get
compute.interconnectGroups.list
compute.interconnectGroups.patch
compute.interconnectLocations.get
compute.interconnectLocations.list
compute.interconnectRemoteLocations.get
compute.interconnectRemoteLocations.list
compute.interconnects.create
compute.interconnects.createTagBinding
compute.interconnects.delete
compute.interconnects.deleteTagBinding
compute.interconnects.get
compute.interconnects.getMacsecConfig
compute.interconnects.list
compute.interconnects.listEffectiveTags
compute.interconnects.listTagBindings
compute.interconnects.setLabels
compute.interconnects.update
compute.interconnects.use
compute.licenseCodes.get
compute.licenseCodes.getIamPolicy
compute.licenseCodes.list
compute.licenseCodes.setIamPolicy
compute.licenses.create
compute.licenses.createTagBinding
compute.licenses.delete
compute.licenses.deleteTagBinding
compute.licenses.get
compute.licenses.getIamPolicy
compute.licenses.list
compute.licenses.listEffectiveTags
compute.licenses.listTagBindings
compute.licenses.setIamPolicy
compute.licenses.update
compute.machineImages.create
compute.machineImages.createTagBinding
compute.machineImages.delete
compute.machineImages.deleteTagBinding
compute.machineImages.get
compute.machineImages.getIamPolicy
compute.machineImages.list
compute.machineImages.listEffectiveTags
compute.machineImages.listTagBindings
compute.machineImages.setIamPolicy
compute.machineImages.setLabels
compute.machineImages.useReadOnly
compute.machineTypes.get
compute.machineTypes.list
compute.multiMig.create
compute.multiMig.delete
compute.multiMig.get
compute.multiMig.list
compute.multiMigMembers.get
compute.multiMigMembers.list
compute.networkAttachments.create
compute.networkAttachments.createTagBinding
compute.networkAttachments.delete
compute.networkAttachments.deleteTagBinding
compute.networkAttachments.get
compute.networkAttachments.getIamPolicy
compute.networkAttachments.list
compute.networkAttachments.listEffectiveTags
compute.networkAttachments.listTagBindings
compute.networkAttachments.setIamPolicy
compute.networkAttachments.update
compute.networkAttachments.use
compute.networkEdgeSecurityServices.create
compute.networkEdgeSecurityServices.createTagBinding
compute.networkEdgeSecurityServices.delete
compute.networkEdgeSecurityServices.deleteTagBinding
compute.networkEdgeSecurityServices.get
compute.networkEdgeSecurityServices.list
compute.networkEdgeSecurityServices.listEffectiveTags
compute.networkEdgeSecurityServices.listTagBindings
compute.networkEdgeSecurityServices.update
compute.networkEndpointGroups.attachNetworkEndpoints
compute.networkEndpointGroups.create
compute.networkEndpointGroups.createTagBinding
compute.networkEndpointGroups.delete
compute.networkEndpointGroups.deleteTagBinding
compute.networkEndpointGroups.detachNetworkEndpoints
compute.networkEndpointGroups.get
compute.networkEndpointGroups.list
compute.networkEndpointGroups.listEffectiveTags
compute.networkEndpointGroups.listTagBindings
compute.networkEndpointGroups.use
compute.networkProfiles.get
compute.networkProfiles.list
compute.networks.access
compute.networks.addPeering
compute.networks.create
compute.networks.createTagBinding
compute.networks.delete
compute.networks.deleteTagBinding
compute.networks.get
compute.networks.getEffectiveFirewalls
compute.networks.getRegionEffectiveFirewalls
compute.networks.list
compute.networks.listEffectiveTags
compute.networks.listPeeringRoutes
compute.networks.listTagBindings
compute.networks.mirror
compute.networks.removePeering
compute.networks.setFirewallPolicy
compute.networks.setNetworkPolicy
compute.networks.switchToCustomMode
compute.networks.update
compute.networks.updatePeering
compute.networks.updatePolicy
compute.networks.use
compute.networks.useExternalIp
compute.nodeGroups.addNodes
compute.nodeGroups.create
compute.nodeGroups.delete
compute.nodeGroups.deleteNodes
compute.nodeGroups.get
compute.nodeGroups.getIamPolicy
compute.nodeGroups.list
compute.nodeGroups.performMaintenance
compute.nodeGroups.setIamPolicy
compute.nodeGroups.setNodeTemplate
compute.nodeGroups.simulateMaintenanceEvent
compute.nodeGroups.update
compute.nodeTemplates.create
compute.nodeTemplates.delete
compute.nodeTemplates.get
compute.nodeTemplates.getIamPolicy
compute.nodeTemplates.list
compute.nodeTemplates.setIamPolicy
compute.nodeTypes.get
compute.nodeTypes.list
compute.organizations.disableXpnHost
compute.organizations.disableXpnResource
compute.organizations.enableXpnHost
compute.organizations.enableXpnResource
compute.organizations.listAssociations
compute.organizations.setFirewallPolicy
compute.organizations.setSecurityPolicy
compute.oslogin.updateExternalUser
compute.packetMirrorings.create
compute.packetMirrorings.createTagBinding
compute.packetMirrorings.delete
compute.packetMirrorings.deleteTagBinding
compute.packetMirrorings.get
compute.packetMirrorings.list
compute.packetMirrorings.listEffectiveTags
compute.packetMirrorings.listTagBindings
compute.packetMirrorings.update
compute.previewFeatures.get
compute.previewFeatures.list
compute.previewFeatures.update
compute.projects.get
compute.projects.setCloudArmorTier
compute.projects.setCommonInstanceMetadata
compute.projects.setDefaultNetworkTier
compute.projects.setDefaultServiceAccount
compute.projects.setManagedProtectionTier
compute.projects.setUsageExportBucket
compute.publicAdvertisedPrefixes.create
compute.publicAdvertisedPrefixes.delete
compute.publicAdvertisedPrefixes.get
compute.publicAdvertisedPrefixes.list
compute.publicAdvertisedPrefixes.update
compute.publicAdvertisedPrefixes.updatePolicy
compute.publicDelegatedPrefixes.announce
compute.publicDelegatedPrefixes.create
compute.publicDelegatedPrefixes.createTagBinding
compute.publicDelegatedPrefixes.delete
compute.publicDelegatedPrefixes.deleteTagBinding
compute.publicDelegatedPrefixes.get
compute.publicDelegatedPrefixes.list
compute.publicDelegatedPrefixes.listEffectiveTags
compute.publicDelegatedPrefixes.listTagBindings
compute.publicDelegatedPrefixes.update
compute.publicDelegatedPrefixes.updatePolicy
compute.publicDelegatedPrefixes.use
compute.publicDelegatedPrefixes.withdraw
compute.regionBackendBuckets.create
compute.regionBackendBuckets.createTagBinding
compute.regionBackendBuckets.delete
compute.regionBackendBuckets.deleteTagBinding
compute.regionBackendBuckets.get
compute.regionBackendBuckets.getIamPolicy
compute.regionBackendBuckets.list
compute.regionBackendBuckets.listEffectiveTags
compute.regionBackendBuckets.listTagBindings
compute.regionBackendBuckets.setIamPolicy
compute.regionBackendBuckets.update
compute.regionBackendBuckets.use
compute.regionBackendServices.create
compute.regionBackendServices.createTagBinding
compute.regionBackendServices.delete
compute.regionBackendServices.deleteTagBinding
compute.regionBackendServices.get
compute.regionBackendServices.getIamPolicy
compute.regionBackendServices.list
compute.regionBackendServices.listEffectiveTags
compute.regionBackendServices.listTagBindings
compute.regionBackendServices.setIamPolicy
compute.regionBackendServices.setSecurityPolicy
compute.regionBackendServices.update
compute.regionBackendServices.use
compute.regionCompositeHealthChecks.create
compute.regionCompositeHealthChecks.delete
compute.regionCompositeHealthChecks.get
compute.regionCompositeHealthChecks.list
compute.regionCompositeHealthChecks.update
compute.regionFirewallPolicies.cloneRules
compute.regionFirewallPolicies.create
compute.regionFirewallPolicies.createTagBinding
compute.regionFirewallPolicies.delete
compute.regionFirewallPolicies.deleteTagBinding
compute.regionFirewallPolicies.get
compute.regionFirewallPolicies.getIamPolicy
compute.regionFirewallPolicies.list
compute.regionFirewallPolicies.listEffectiveTags
compute.regionFirewallPolicies.listTagBindings
compute.regionFirewallPolicies.setIamPolicy
compute.regionFirewallPolicies.update
compute.regionFirewallPolicies.use
compute.regionHealthAggregationPolicies.create
compute.regionHealthAggregationPolicies.delete
compute.regionHealthAggregationPolicies.get
compute.regionHealthAggregationPolicies.list
compute.regionHealthAggregationPolicies.update
compute.regionHealthCheckServices.create
compute.regionHealthCheckServices.delete
compute.regionHealthCheckServices.get
compute.regionHealthCheckServices.list
compute.regionHealthCheckServices.update
compute.regionHealthCheckServices.use
compute.regionHealthChecks.create
compute.regionHealthChecks.createTagBinding
compute.regionHealthChecks.delete
compute.regionHealthChecks.deleteTagBinding
compute.regionHealthChecks.get
compute.regionHealthChecks.list
compute.regionHealthChecks.listEffectiveTags
compute.regionHealthChecks.listTagBindings
compute.regionHealthChecks.update
compute.regionHealthChecks.use
compute.regionHealthChecks.useReadOnly
compute.regionHealthSources.create
compute.regionHealthSources.delete
compute.regionHealthSources.get
compute.regionHealthSources.list
compute.regionHealthSources.update
compute.regionNetworkEndpointGroups.attachNetworkEndpoints
compute.regionNetworkEndpointGroups.create
compute.regionNetworkEndpointGroups.createTagBinding
compute.regionNetworkEndpointGroups.delete
compute.regionNetworkEndpointGroups.deleteTagBinding
compute.regionNetworkEndpointGroups.detachNetworkEndpoints
compute.regionNetworkEndpointGroups.get
compute.regionNetworkEndpointGroups.list
compute.regionNetworkEndpointGroups.listEffectiveTags
compute.regionNetworkEndpointGroups.listTagBindings
compute.regionNetworkEndpointGroups.use
compute.regionNetworkPolicies.create
compute.regionNetworkPolicies.delete
compute.regionNetworkPolicies.get
compute.regionNetworkPolicies.list
compute.regionNetworkPolicies.update
compute.regionNetworkPolicies.use
compute.regionNotificationEndpoints.create
compute.regionNotificationEndpoints.delete
compute.regionNotificationEndpoints.get
compute.regionNotificationEndpoints.list
compute.regionNotificationEndpoints.update
compute.regionNotificationEndpoints.use
compute.regionOperations.delete
compute.regionOperations.get
compute.regionOperations.getIamPolicy
compute.regionOperations.list
compute.regionOperations.setIamPolicy
compute.regionSecurityPolicies.create
compute.regionSecurityPolicies.createTagBinding
compute.regionSecurityPolicies.delete
compute.regionSecurityPolicies.deleteTagBinding
compute.regionSecurityPolicies.get
compute.regionSecurityPolicies.list
compute.regionSecurityPolicies.listEffectiveTags
compute.regionSecurityPolicies.listTagBindings
compute.regionSecurityPolicies.update
compute.regionSecurityPolicies.use
compute.regionSslCertificates.create
compute.regionSslCertificates.createTagBinding
compute.regionSslCertificates.delete
compute.regionSslCertificates.deleteTagBinding
compute.regionSslCertificates.get
compute.regionSslCertificates.list
compute.regionSslCertificates.listEffectiveTags
compute.regionSslCertificates.listTagBindings
compute.regionSslPolicies.create
compute.regionSslPolicies.createTagBinding
compute.regionSslPolicies.delete
compute.regionSslPolicies.deleteTagBinding
compute.regionSslPolicies.get
compute.regionSslPolicies.list
compute.regionSslPolicies.listAvailableFeatures
compute.regionSslPolicies.listEffectiveTags
compute.regionSslPolicies.listTagBindings
compute.regionSslPolicies.update
compute.regionSslPolicies.use
compute.regionTargetHttpProxies.create
compute.regionTargetHttpProxies.createTagBinding
compute.regionTargetHttpProxies.delete
compute.regionTargetHttpProxies.deleteTagBinding
compute.regionTargetHttpProxies.get
compute.regionTargetHttpProxies.list
compute.regionTargetHttpProxies.listEffectiveTags
compute.regionTargetHttpProxies.listTagBindings
compute.regionTargetHttpProxies.setUrlMap
compute.regionTargetHttpProxies.use
compute.regionTargetHttpsProxies.create
compute.regionTargetHttpsProxies.createTagBinding
compute.regionTargetHttpsProxies.delete
compute.regionTargetHttpsProxies.deleteTagBinding
compute.regionTargetHttpsProxies.get
compute.regionTargetHttpsProxies.list
compute.regionTargetHttpsProxies.listEffectiveTags
compute.regionTargetHttpsProxies.listTagBindings
compute.regionTargetHttpsProxies.setSslCertificates
compute.regionTargetHttpsProxies.setUrlMap
compute.regionTargetHttpsProxies.update
compute.regionTargetHttpsProxies.use
compute.regionTargetTcpProxies.create
compute.regionTargetTcpProxies.createTagBinding
compute.regionTargetTcpProxies.delete
compute.regionTargetTcpProxies.deleteTagBinding
compute.regionTargetTcpProxies.get
compute.regionTargetTcpProxies.list
compute.regionTargetTcpProxies.listEffectiveTags
compute.regionTargetTcpProxies.listTagBindings
compute.regionTargetTcpProxies.use
compute.regionUrlMaps.create
compute.regionUrlMaps.createTagBinding
compute.regionUrlMaps.delete
compute.regionUrlMaps.deleteTagBinding
compute.regionUrlMaps.get
compute.regionUrlMaps.invalidateCache
compute.regionUrlMaps.list
compute.regionUrlMaps.listEffectiveTags
compute.regionUrlMaps.listTagBindings
compute.regionUrlMaps.update
compute.regionUrlMaps.use
compute.regionUrlMaps.validate
compute.regions.get
compute.regions.list
compute.reservationBlocks.get
compute.reservationBlocks.list
compute.reservationBlocks.performMaintenance
compute.reservationSlots.get
compute.reservationSlots.list
compute.reservationSlots.update
compute.reservationSubBlocks.get
compute.reservationSubBlocks.list
compute.reservationSubBlocks.performMaintenance
compute.reservationSubBlocks.reportFaulty
compute.reservations.create
compute.reservations.createTagBinding
compute.reservations.delete
compute.reservations.deleteTagBinding
compute.reservations.get
compute.reservations.list
compute.reservations.listEffectiveTags
compute.reservations.listTagBindings
compute.reservations.performMaintenance
compute.reservations.resize
compute.reservations.update
compute.resourcePolicies.create
compute.resourcePolicies.delete
compute.resourcePolicies.get
compute.resourcePolicies.getIamPolicy
compute.resourcePolicies.list
compute.resourcePolicies.setIamPolicy
compute.resourcePolicies.update
compute.resourcePolicies.use
compute.resourcePolicies.useReadOnly
compute.rolloutPlans.create
compute.rolloutPlans.delete
compute.rolloutPlans.get
compute.rolloutPlans.list
compute.rollouts.cancel
compute.rollouts.delete
compute.rollouts.get
compute.rollouts.list
compute.routers.create
compute.routers.createTagBinding
compute.routers.delete
compute.routers.deleteRoutePolicy
compute.routers.deleteTagBinding
compute.routers.get
compute.routers.getRoutePolicy
compute.routers.list
compute.routers.listBgpRoutes
compute.routers.listEffectiveTags
compute.routers.listRoutePolicies
compute.routers.listTagBindings
compute.routers.update
compute.routers.updateRoutePolicy
compute.routers.use
compute.routes.create
compute.routes.createTagBinding
compute.routes.delete
compute.routes.deleteTagBinding
compute.routes.get
compute.routes.list
compute.routes.listEffectiveTags
compute.routes.listTagBindings
compute.securityPolicies.addAssociation
compute.securityPolicies.copyRules
compute.securityPolicies.create
compute.securityPolicies.createTagBinding
compute.securityPolicies.delete
compute.securityPolicies.deleteTagBinding
compute.securityPolicies.get
compute.securityPolicies.list
compute.securityPolicies.listEffectiveTags
compute.securityPolicies.listTagBindings
compute.securityPolicies.move
compute.securityPolicies.removeAssociation
compute.securityPolicies.setLabels
compute.securityPolicies.update
compute.securityPolicies.use
compute.serviceAttachments.create
compute.serviceAttachments.createTagBinding
compute.serviceAttachments.delete
compute.serviceAttachments.deleteTagBinding
compute.serviceAttachments.get
compute.serviceAttachments.getIamPolicy
compute.serviceAttachments.list
compute.serviceAttachments.listEffectiveTags
compute.serviceAttachments.listTagBindings
compute.serviceAttachments.setIamPolicy
compute.serviceAttachments.update
compute.serviceAttachments.use
compute.snapshotGroups.create
compute.snapshotGroups.delete
compute.snapshotGroups.get
compute.snapshotGroups.getIamPolicy
compute.snapshotGroups.list
compute.snapshotGroups.setIamPolicy
compute.snapshotGroups.useReadOnly
compute.snapshotSettings.get
compute.snapshotSettings.update
compute.snapshots.create
compute.snapshots.createTagBinding
compute.snapshots.delete
compute.snapshots.deleteTagBinding
compute.snapshots.get
compute.snapshots.getIamPolicy
compute.snapshots.list
compute.snapshots.listEffectiveTags
compute.snapshots.listTagBindings
compute.snapshots.setIamPolicy
compute.snapshots.setLabels
compute.snapshots.updateKmsKey
compute.snapshots.useReadOnly
compute.spotAssistants.get
compute.sslCertificates.create
compute.sslCertificates.createTagBinding
compute.sslCertificates.delete
compute.sslCertificates.deleteTagBinding
compute.sslCertificates.get
compute.sslCertificates.list
compute.sslCertificates.listEffectiveTags
compute.sslCertificates.listTagBindings
compute.sslPolicies.create
compute.sslPolicies.createTagBinding
compute.sslPolicies.delete
compute.sslPolicies.deleteTagBinding
compute.sslPolicies.get
compute.sslPolicies.list
compute.sslPolicies.listAvailableFeatures
compute.sslPolicies.listEffectiveTags
compute.sslPolicies.listTagBindings
compute.sslPolicies.update
compute.sslPolicies.use
compute.storagePools.create
compute.storagePools.createTagBinding
compute.storagePools.delete
compute.storagePools.deleteTagBinding
compute.storagePools.get
compute.storagePools.getIamPolicy
compute.storagePools.list
compute.storagePools.listEffectiveTags
compute.storagePools.listTagBindings
compute.storagePools.setIamPolicy
compute.storagePools.update
compute.storagePools.use
compute.subnetworks.create
compute.subnetworks.createTagBinding
compute.subnetworks.delete
compute.subnetworks.deleteTagBinding
compute.subnetworks.expandIpCidrRange
compute.subnetworks.get
compute.subnetworks.getIamPolicy
compute.subnetworks.list
compute.subnetworks.listEffectiveTags
compute.subnetworks.listTagBindings
compute.subnetworks.mirror
compute.subnetworks.setIamPolicy
compute.subnetworks.setPrivateIpGoogleAccess
compute.subnetworks.update
compute.subnetworks.use
compute.subnetworks.useExternalIp
compute.subnetworks.usePeerMigration
compute.targetGrpcProxies.create
compute.targetGrpcProxies.createTagBinding
compute.targetGrpcProxies.delete
compute.targetGrpcProxies.deleteTagBinding
compute.targetGrpcProxies.get
compute.targetGrpcProxies.list
compute.targetGrpcProxies.listEffectiveTags
compute.targetGrpcProxies.listTagBindings
compute.targetGrpcProxies.update
compute.targetGrpcProxies.use
compute.targetHttpProxies.create
compute.targetHttpProxies.createTagBinding
compute.targetHttpProxies.delete
compute.targetHttpProxies.deleteTagBinding
compute.targetHttpProxies.get
compute.targetHttpProxies.list
compute.targetHttpProxies.listEffectiveTags
compute.targetHttpProxies.listTagBindings
compute.targetHttpProxies.setUrlMap
compute.targetHttpProxies.update
compute.targetHttpProxies.use
compute.targetHttpsProxies.create
compute.targetHttpsProxies.createTagBinding
compute.targetHttpsProxies.delete
compute.targetHttpsProxies.deleteTagBinding
compute.targetHttpsProxies.get
compute.targetHttpsProxies.list
compute.targetHttpsProxies.listEffectiveTags
compute.targetHttpsProxies.listTagBindings
compute.targetHttpsProxies.setCertificateMap
compute.targetHttpsProxies.setQuicOverride
compute.targetHttpsProxies.setSslCertificates
compute.targetHttpsProxies.setSslPolicy
compute.targetHttpsProxies.setUrlMap
compute.targetHttpsProxies.update
compute.targetHttpsProxies.use
compute.targetInstances.create
compute.targetInstances.createTagBinding
compute.targetInstances.delete
compute.targetInstances.deleteTagBinding
compute.targetInstances.get
compute.targetInstances.list
compute.targetInstances.listEffectiveTags
compute.targetInstances.listTagBindings
compute.targetInstances.setSecurityPolicy
compute.targetInstances.use
compute.targetPools.addHealthCheck
compute.targetPools.addInstance
compute.targetPools.create
compute.targetPools.createTagBinding
compute.targetPools.delete
compute.targetPools.deleteTagBinding
compute.targetPools.get
compute.targetPools.list
compute.targetPools.listEffectiveTags
compute.targetPools.listTagBindings
compute.targetPools.removeHealthCheck
compute.targetPools.removeInstance
compute.targetPools.setSecurityPolicy
compute.targetPools.update
compute.targetPools.use
compute.targetSslProxies.create
compute.targetSslProxies.createTagBinding
compute.targetSslProxies.delete
compute.targetSslProxies.deleteTagBinding
compute.targetSslProxies.get
compute.targetSslProxies.list
compute.targetSslProxies.listEffectiveTags
compute.targetSslProxies.listTagBindings
compute.targetSslProxies.setBackendService
compute.targetSslProxies.setCertificateMap
compute.targetSslProxies.setProxyHeader
compute.targetSslProxies.setSslCertificates
compute.targetSslProxies.setSslPolicy
compute.targetSslProxies.update
compute.targetSslProxies.use
compute.targetTcpProxies.create
compute.targetTcpProxies.createTagBinding
compute.targetTcpProxies.delete
compute.targetTcpProxies.deleteTagBinding
compute.targetTcpProxies.get
compute.targetTcpProxies.list
compute.targetTcpProxies.listEffectiveTags
compute.targetTcpProxies.listTagBindings
compute.targetTcpProxies.update
compute.targetTcpProxies.use
compute.targetVpnGateways.create
compute.targetVpnGateways.createTagBinding
compute.targetVpnGateways.delete
compute.targetVpnGateways.deleteTagBinding
compute.targetVpnGateways.get
compute.targetVpnGateways.list
compute.targetVpnGateways.listEffectiveTags
compute.targetVpnGateways.listTagBindings
compute.targetVpnGateways.setLabels
compute.targetVpnGateways.use
compute.urlMaps.create
compute.urlMaps.createTagBinding
compute.urlMaps.delete
compute.urlMaps.deleteTagBinding
compute.urlMaps.get
compute.urlMaps.invalidateCache
compute.urlMaps.list
compute.urlMaps.listEffectiveTags
compute.urlMaps.listTagBindings
compute.urlMaps.update
compute.urlMaps.use
compute.urlMaps.validate
compute.vmExtensionPolicies.create
compute.vmExtensionPolicies.delete
compute.vmExtensionPolicies.get
compute.vmExtensionPolicies.list
compute.vmExtensionPolicies.update
compute.vpnGateways.create
compute.vpnGateways.createTagBinding
compute.vpnGateways.delete
compute.vpnGateways.deleteTagBinding
compute.vpnGateways.get
compute.vpnGateways.list
compute.vpnGateways.listEffectiveTags
compute.vpnGateways.listTagBindings
compute.vpnGateways.setLabels
compute.vpnGateways.use
compute.vpnTunnels.create
compute.vpnTunnels.createTagBinding
compute.vpnTunnels.delete
compute.vpnTunnels.deleteTagBinding
compute.vpnTunnels.get
compute.vpnTunnels.list
compute.vpnTunnels.listEffectiveTags
compute.vpnTunnels.listTagBindings
compute.vpnTunnels.setLabels
compute.wireGroups.create
compute.wireGroups.delete
compute.wireGroups.get
compute.wireGroups.list
compute.wireGroups.update
compute.zoneOperations.delete
compute.zoneOperations.get
compute.zoneOperations.getIamPolicy
compute.zoneOperations.list
compute.zoneOperations.setIamPolicy
compute.zones.get
compute.zones.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Compute Future Reservation Admin ^Beta

(roles/compute.futureReservationAdmin)

compute.acceleratorTypes.list

compute.advice.calendarMode

compute.futureReservations.cancel

compute.futureReservations.create

compute.futureReservations.delete

compute.futureReservations.get

compute.futureReservations.list

compute.futureReservations.update

compute.instanceTemplates.list

compute.machineTypes.list

compute.regions.list

compute.reservationBlocks.performMaintenance

compute.reservationSubBlocks.performMaintenance

compute.reservationSubBlocks.reportFaulty

compute.reservations.create

compute.reservations.performMaintenance

compute.zones.list

Compute Future Reservation User ^Beta

(roles/compute.futureReservationUser)

compute.acceleratorTypes.list

compute.advice.calendarMode

compute.futureReservations.create

compute.futureReservations.delete

compute.futureReservations.get

compute.futureReservations.list

compute.futureReservations.update

compute.instanceTemplates.list

compute.machineTypes.list

compute.regions.list

compute.reservations.create

compute.zones.list

Compute Future Reservation Viewer ^Beta

(roles/compute.futureReservationViewer)

compute.acceleratorTypes.list

compute.futureReservations.get

compute.futureReservations.list

compute.instanceTemplates.list

compute.machineTypes.list

compute.regions.list

compute.zones.list

Compute Image User

(roles/compute.imageUser)

Permission to list and read images without having other permissions on the image. Granting this role at the project level gives users the ability to list all images in the project and create resources, such as instances and persistent disks, based on images in the project.

Lowest-level resources where you can grant this role:

Image

compute.images.get

compute.images.getFromFamily

compute.images.list

compute.images.useReadOnly

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Compute Instance Admin (beta)

(roles/compute.instanceAdmin)

Permissions to create, modify, and delete virtual machine instances. This includes permissions to create, modify, and delete disks, and also to configure Shielded VM settings.

If the user will be managing virtual machine instances that are configured to run as a service account, you must also grant the roles/iam.serviceAccountUser role.

For example, if your company has someone who manages groups of virtual machine instances but does not manage network or security settings and does not manage instances that run as service accounts, you can grant this role on the organization, folder, or project that contains the instances, or you can grant it on individual instances.

Lowest-level resources where you can grant this role:

Disk
Image
Instance
Instance template
Snapshot

backupdr.backupPlanAssociations.createForComputeDisk

backupdr.backupPlanAssociations.createForComputeInstance

backupdr.backupPlanAssociations.deleteForComputeDisk

backupdr.backupPlanAssociations.deleteForComputeInstance

backupdr.backupPlanAssociations.fetchForComputeDisk

backupdr.backupPlanAssociations.getForComputeDisk

backupdr.backupPlanAssociations.list

backupdr.backupPlanAssociations.triggerBackupForComputeDisk

backupdr.backupPlanAssociations.triggerBackupForComputeInstance

backupdr.backupPlanAssociations.updateForComputeDisk

backupdr.backupPlanAssociations.updateForComputeInstance

backupdr.backupPlans.get

backupdr.backupPlans.list

backupdr.backupPlans.useForComputeDisk

backupdr.backupPlans.useForComputeInstance

backupdr.backupVaults.get

backupdr.backupVaults.list

backupdr.locations.list

backupdr.operations.get

backupdr.operations.list

backupdr.serviceConfig.initialize

cloudkms.keyHandles.*

cloudkms.keyHandles.create
cloudkms.keyHandles.get
cloudkms.keyHandles.list

cloudkms.operations.get

cloudkms.projects.showEffectiveAutokeyConfig

compute.acceleratorTypes.*

compute.acceleratorTypes.get
compute.acceleratorTypes.list

compute.addresses.createInternal

compute.addresses.deleteInternal

compute.addresses.get

compute.addresses.list

compute.addresses.listEffectiveTags

compute.addresses.listTagBindings

compute.addresses.use

compute.addresses.useInternal

compute.autoscalers.*

compute.autoscalers.create
compute.autoscalers.delete
compute.autoscalers.get
compute.autoscalers.list
compute.autoscalers.update

compute.diskSettings.get

compute.diskTypes.*

compute.diskTypes.get
compute.diskTypes.list

compute.disks.create

compute.disks.createSnapshot

compute.disks.delete

compute.disks.get

compute.disks.list

compute.disks.resize

compute.disks.setLabels

compute.disks.startAsyncReplication

compute.disks.stopAsyncReplication

compute.disks.stopGroupAsyncReplication

compute.disks.update

compute.disks.updateKmsKey

compute.disks.use

compute.disks.useReadOnly

compute.globalAddresses.get

compute.globalAddresses.list

compute.globalAddresses.listEffectiveTags

compute.globalAddresses.listTagBindings

compute.globalAddresses.use

compute.globalNetworkEndpointGroups.*

compute.globalNetworkEndpointGroups.attachNetworkEndpoints
compute.globalNetworkEndpointGroups.create
compute.globalNetworkEndpointGroups.createTagBinding
compute.globalNetworkEndpointGroups.delete
compute.globalNetworkEndpointGroups.deleteTagBinding
compute.globalNetworkEndpointGroups.detachNetworkEndpoints
compute.globalNetworkEndpointGroups.get
compute.globalNetworkEndpointGroups.list
compute.globalNetworkEndpointGroups.listEffectiveTags
compute.globalNetworkEndpointGroups.listTagBindings
compute.globalNetworkEndpointGroups.use

compute.globalOperations.get

compute.globalOperations.list

compute.images.get

compute.images.getFromFamily

compute.images.list

compute.images.useReadOnly

compute.instanceGroupManagers.*

compute.instanceGroupManagers.create
compute.instanceGroupManagers.createTagBinding
compute.instanceGroupManagers.delete
compute.instanceGroupManagers.deleteTagBinding
compute.instanceGroupManagers.get
compute.instanceGroupManagers.list
compute.instanceGroupManagers.listEffectiveTags
compute.instanceGroupManagers.listTagBindings
compute.instanceGroupManagers.update
compute.instanceGroupManagers.use

compute.instanceGroups.*

compute.instanceGroups.create
compute.instanceGroups.createTagBinding
compute.instanceGroups.delete
compute.instanceGroups.deleteTagBinding
compute.instanceGroups.get
compute.instanceGroups.list
compute.instanceGroups.listEffectiveTags
compute.instanceGroups.listTagBindings
compute.instanceGroups.update
compute.instanceGroups.use

compute.instanceSettings.get

compute.instanceTemplates.*

compute.instanceTemplates.create
compute.instanceTemplates.delete
compute.instanceTemplates.get
compute.instanceTemplates.getIamPolicy
compute.instanceTemplates.list
compute.instanceTemplates.setIamPolicy
compute.instanceTemplates.useReadOnly

compute.instances.*

compute.instances.addAccessConfig
compute.instances.addNetworkInterface
compute.instances.addResourcePolicies
compute.instances.attachDisk
compute.instances.create
compute.instances.createTagBinding
compute.instances.delete
compute.instances.deleteAccessConfig
compute.instances.deleteNetworkInterface
compute.instances.deleteTagBinding
compute.instances.detachDisk
compute.instances.get
compute.instances.getEffectiveFirewalls
compute.instances.getGuestAttributes
compute.instances.getIamPolicy
compute.instances.getScreenshot
compute.instances.getSerialPortOutput
compute.instances.getShieldedInstanceIdentity
compute.instances.getShieldedVmIdentity
compute.instances.list
compute.instances.listEffectiveTags
compute.instances.listReferrers
compute.instances.listTagBindings
compute.instances.osAdminLogin
compute.instances.osLogin
compute.instances.pscInterfaceCreate
compute.instances.removeResourcePolicies
compute.instances.reset
compute.instances.resume
compute.instances.sendDiagnosticInterrupt
compute.instances.setDeletionProtection
compute.instances.setDiskAutoDelete
compute.instances.setIamPolicy
compute.instances.setLabels
compute.instances.setMachineResources
compute.instances.setMachineType
compute.instances.setMetadata
compute.instances.setMinCpuPlatform
compute.instances.setName
compute.instances.setScheduling
compute.instances.setSecurityPolicy
compute.instances.setServiceAccount
compute.instances.setShieldedInstanceIntegrityPolicy
compute.instances.setShieldedVmIntegrityPolicy
compute.instances.setTags
compute.instances.simulateMaintenanceEvent
compute.instances.start
compute.instances.startWithEncryptionKey
compute.instances.stop
compute.instances.suspend
compute.instances.update
compute.instances.updateAccessConfig
compute.instances.updateDisplayDevice
compute.instances.updateNetworkInterface
compute.instances.updateSecurity
compute.instances.updateShieldedInstanceConfig
compute.instances.updateShieldedVmConfig
compute.instances.use
compute.instances.useReadOnly

compute.licenses.get

compute.licenses.list

compute.licenses.listEffectiveTags

compute.licenses.listTagBindings

compute.machineImages.*

compute.machineImages.create
compute.machineImages.createTagBinding
compute.machineImages.delete
compute.machineImages.deleteTagBinding
compute.machineImages.get
compute.machineImages.getIamPolicy
compute.machineImages.list
compute.machineImages.listEffectiveTags
compute.machineImages.listTagBindings
compute.machineImages.setIamPolicy
compute.machineImages.setLabels
compute.machineImages.useReadOnly

compute.machineTypes.*

compute.machineTypes.get
compute.machineTypes.list

compute.multiMig.*

compute.multiMig.create
compute.multiMig.delete
compute.multiMig.get
compute.multiMig.list

compute.networkEndpointGroups.*

compute.networkEndpointGroups.attachNetworkEndpoints
compute.networkEndpointGroups.create
compute.networkEndpointGroups.createTagBinding
compute.networkEndpointGroups.delete
compute.networkEndpointGroups.deleteTagBinding
compute.networkEndpointGroups.detachNetworkEndpoints
compute.networkEndpointGroups.get
compute.networkEndpointGroups.list
compute.networkEndpointGroups.listEffectiveTags
compute.networkEndpointGroups.listTagBindings
compute.networkEndpointGroups.use

compute.networks.get

compute.networks.list

compute.networks.listEffectiveTags

compute.networks.listTagBindings

compute.networks.use

compute.networks.useExternalIp

compute.projects.get

compute.regionNetworkEndpointGroups.*

compute.regionNetworkEndpointGroups.attachNetworkEndpoints
compute.regionNetworkEndpointGroups.create
compute.regionNetworkEndpointGroups.createTagBinding
compute.regionNetworkEndpointGroups.delete
compute.regionNetworkEndpointGroups.deleteTagBinding
compute.regionNetworkEndpointGroups.detachNetworkEndpoints
compute.regionNetworkEndpointGroups.get
compute.regionNetworkEndpointGroups.list
compute.regionNetworkEndpointGroups.listEffectiveTags
compute.regionNetworkEndpointGroups.listTagBindings
compute.regionNetworkEndpointGroups.use

compute.regionOperations.get

compute.regionOperations.list

compute.regions.*

compute.regions.get
compute.regions.list

compute.reservationBlocks.get

compute.reservationBlocks.list

compute.reservationSubBlocks.*

compute.reservationSubBlocks.get
compute.reservationSubBlocks.list
compute.reservationSubBlocks.performMaintenance
compute.reservationSubBlocks.reportFaulty

compute.reservations.get

compute.reservations.list

compute.reservations.listEffectiveTags

compute.reservations.listTagBindings

compute.resourcePolicies.list

compute.resourcePolicies.useReadOnly

compute.storagePools.get

compute.storagePools.list

compute.storagePools.listEffectiveTags

compute.storagePools.listTagBindings

compute.storagePools.use

compute.subnetworks.get

compute.subnetworks.list

compute.subnetworks.listEffectiveTags

compute.subnetworks.listTagBindings

compute.subnetworks.use

compute.subnetworks.useExternalIp

compute.targetPools.get

compute.targetPools.list

compute.targetPools.listEffectiveTags

compute.targetPools.listTagBindings

compute.zoneOperations.get

compute.zoneOperations.list

compute.zones.*

compute.zones.get
compute.zones.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Compute Instance Admin (v1)

(roles/compute.instanceAdmin.v1)

Full control of Compute Engine instances, instance groups, disks, snapshots, and images. Read access to all Compute Engine networking resources.

If you grant a user this role only at an instance level, then that user cannot create new instances.

backupdr.backupPlanAssociations.createForComputeDisk

backupdr.backupPlanAssociations.createForComputeInstance

backupdr.backupPlanAssociations.deleteForComputeDisk

backupdr.backupPlanAssociations.deleteForComputeInstance

backupdr.backupPlanAssociations.fetchForComputeDisk

backupdr.backupPlanAssociations.getForComputeDisk

backupdr.backupPlanAssociations.list

backupdr.backupPlanAssociations.triggerBackupForComputeDisk

backupdr.backupPlanAssociations.triggerBackupForComputeInstance

backupdr.backupPlanAssociations.updateForComputeDisk

backupdr.backupPlanAssociations.updateForComputeInstance

backupdr.backupPlans.get

backupdr.backupPlans.list

backupdr.backupPlans.useForComputeDisk

backupdr.backupPlans.useForComputeInstance

backupdr.backupVaults.get

backupdr.backupVaults.list

backupdr.locations.list

backupdr.operations.get

backupdr.operations.list

backupdr.serviceConfig.initialize

cloudkms.keyHandles.*

cloudkms.keyHandles.create
cloudkms.keyHandles.get
cloudkms.keyHandles.list

cloudkms.operations.get

cloudkms.projects.showEffectiveAutokeyConfig

compute.acceleratorTypes.*

compute.acceleratorTypes.get
compute.acceleratorTypes.list

compute.addresses.createInternal

compute.addresses.deleteInternal

compute.addresses.get

compute.addresses.list

compute.addresses.listEffectiveTags

compute.addresses.listTagBindings

compute.addresses.use

compute.addresses.useInternal

compute.autoscalers.*

compute.autoscalers.create
compute.autoscalers.delete
compute.autoscalers.get
compute.autoscalers.list
compute.autoscalers.update

compute.backendBuckets.get

compute.backendBuckets.list

compute.backendBuckets.listEffectiveTags

compute.backendBuckets.listTagBindings

compute.backendServices.get

compute.backendServices.list

compute.backendServices.listEffectiveTags

compute.backendServices.listTagBindings

compute.crossSiteNetworks.get

compute.crossSiteNetworks.list

compute.diskSettings.get

compute.diskTypes.*

compute.diskTypes.get
compute.diskTypes.list

compute.disks.*

compute.disks.addResourcePolicies
compute.disks.create
compute.disks.createSnapshot
compute.disks.createTagBinding
compute.disks.delete
compute.disks.deleteTagBinding
compute.disks.get
compute.disks.getIamPolicy
compute.disks.list
compute.disks.listEffectiveTags
compute.disks.listTagBindings
compute.disks.removeResourcePolicies
compute.disks.resize
compute.disks.setIamPolicy
compute.disks.setLabels
compute.disks.startAsyncReplication
compute.disks.stopAsyncReplication
compute.disks.stopGroupAsyncReplication
compute.disks.update
compute.disks.updateKmsKey
compute.disks.use
compute.disks.useReadOnly

compute.externalVpnGateways.get

compute.externalVpnGateways.list

compute.externalVpnGateways.listEffectiveTags

compute.externalVpnGateways.listTagBindings

compute.firewalls.get

compute.firewalls.list

compute.firewalls.listEffectiveTags

compute.firewalls.listTagBindings

compute.forwardingRules.get

compute.forwardingRules.list

compute.forwardingRules.listEffectiveTags

compute.forwardingRules.listTagBindings

compute.globalAddresses.get

compute.globalAddresses.list

compute.globalAddresses.listEffectiveTags

compute.globalAddresses.listTagBindings

compute.globalAddresses.use

compute.globalForwardingRules.get

compute.globalForwardingRules.list

compute.globalForwardingRules.listEffectiveTags

compute.globalForwardingRules.listTagBindings

compute.globalNetworkEndpointGroups.*

compute.globalNetworkEndpointGroups.attachNetworkEndpoints
compute.globalNetworkEndpointGroups.create
compute.globalNetworkEndpointGroups.createTagBinding
compute.globalNetworkEndpointGroups.delete
compute.globalNetworkEndpointGroups.deleteTagBinding
compute.globalNetworkEndpointGroups.detachNetworkEndpoints
compute.globalNetworkEndpointGroups.get
compute.globalNetworkEndpointGroups.list
compute.globalNetworkEndpointGroups.listEffectiveTags
compute.globalNetworkEndpointGroups.listTagBindings
compute.globalNetworkEndpointGroups.use

compute.globalOperations.get

compute.globalOperations.list

compute.healthChecks.get

compute.healthChecks.list

compute.healthChecks.listEffectiveTags

compute.healthChecks.listTagBindings

compute.httpHealthChecks.get

compute.httpHealthChecks.list

compute.httpHealthChecks.listEffectiveTags

compute.httpHealthChecks.listTagBindings

compute.httpsHealthChecks.get

compute.httpsHealthChecks.list

compute.httpsHealthChecks.listEffectiveTags

compute.httpsHealthChecks.listTagBindings

compute.images.*

compute.images.create
compute.images.createTagBinding
compute.images.delete
compute.images.deleteTagBinding
compute.images.deprecate
compute.images.get
compute.images.getFromFamily
compute.images.getIamPolicy
compute.images.list
compute.images.listEffectiveTags
compute.images.listTagBindings
compute.images.setIamPolicy
compute.images.setLabels
compute.images.update
compute.images.useReadOnly

compute.instanceGroupManagers.*

compute.instanceGroupManagers.create
compute.instanceGroupManagers.createTagBinding
compute.instanceGroupManagers.delete
compute.instanceGroupManagers.deleteTagBinding
compute.instanceGroupManagers.get
compute.instanceGroupManagers.list
compute.instanceGroupManagers.listEffectiveTags
compute.instanceGroupManagers.listTagBindings
compute.instanceGroupManagers.update
compute.instanceGroupManagers.use

compute.instanceGroups.*

compute.instanceGroups.create
compute.instanceGroups.createTagBinding
compute.instanceGroups.delete
compute.instanceGroups.deleteTagBinding
compute.instanceGroups.get
compute.instanceGroups.list
compute.instanceGroups.listEffectiveTags
compute.instanceGroups.listTagBindings
compute.instanceGroups.update
compute.instanceGroups.use

compute.instanceSettings.*

compute.instanceSettings.get
compute.instanceSettings.update

compute.instanceTemplates.*

compute.instanceTemplates.create
compute.instanceTemplates.delete
compute.instanceTemplates.get
compute.instanceTemplates.getIamPolicy
compute.instanceTemplates.list
compute.instanceTemplates.setIamPolicy
compute.instanceTemplates.useReadOnly

compute.instances.*

compute.instances.addAccessConfig
compute.instances.addNetworkInterface
compute.instances.addResourcePolicies
compute.instances.attachDisk
compute.instances.create
compute.instances.createTagBinding
compute.instances.delete
compute.instances.deleteAccessConfig
compute.instances.deleteNetworkInterface
compute.instances.deleteTagBinding
compute.instances.detachDisk
compute.instances.get
compute.instances.getEffectiveFirewalls
compute.instances.getGuestAttributes
compute.instances.getIamPolicy
compute.instances.getScreenshot
compute.instances.getSerialPortOutput
compute.instances.getShieldedInstanceIdentity
compute.instances.getShieldedVmIdentity
compute.instances.list
compute.instances.listEffectiveTags
compute.instances.listReferrers
compute.instances.listTagBindings
compute.instances.osAdminLogin
compute.instances.osLogin
compute.instances.pscInterfaceCreate
compute.instances.removeResourcePolicies
compute.instances.reset
compute.instances.resume
compute.instances.sendDiagnosticInterrupt
compute.instances.setDeletionProtection
compute.instances.setDiskAutoDelete
compute.instances.setIamPolicy
compute.instances.setLabels
compute.instances.setMachineResources
compute.instances.setMachineType
compute.instances.setMetadata
compute.instances.setMinCpuPlatform
compute.instances.setName
compute.instances.setScheduling
compute.instances.setSecurityPolicy
compute.instances.setServiceAccount
compute.instances.setShieldedInstanceIntegrityPolicy
compute.instances.setShieldedVmIntegrityPolicy
compute.instances.setTags
compute.instances.simulateMaintenanceEvent
compute.instances.start
compute.instances.startWithEncryptionKey
compute.instances.stop
compute.instances.suspend
compute.instances.update
compute.instances.updateAccessConfig
compute.instances.updateDisplayDevice
compute.instances.updateNetworkInterface
compute.instances.updateSecurity
compute.instances.updateShieldedInstanceConfig
compute.instances.updateShieldedVmConfig
compute.instances.use
compute.instances.useReadOnly

compute.instantSnapshotGroups.*

compute.instantSnapshotGroups.create
compute.instantSnapshotGroups.delete
compute.instantSnapshotGroups.get
compute.instantSnapshotGroups.getIamPolicy
compute.instantSnapshotGroups.list
compute.instantSnapshotGroups.setIamPolicy
compute.instantSnapshotGroups.useReadOnly

compute.instantSnapshots.*

compute.instantSnapshots.create
compute.instantSnapshots.createTagBinding
compute.instantSnapshots.delete
compute.instantSnapshots.deleteTagBinding
compute.instantSnapshots.export
compute.instantSnapshots.get
compute.instantSnapshots.getIamPolicy
compute.instantSnapshots.list
compute.instantSnapshots.listEffectiveTags
compute.instantSnapshots.listTagBindings
compute.instantSnapshots.setIamPolicy
compute.instantSnapshots.setLabels
compute.instantSnapshots.useReadOnly

compute.interconnectAttachmentGroups.get

compute.interconnectAttachmentGroups.list

compute.interconnectAttachments.get

compute.interconnectAttachments.list

compute.interconnectAttachments.listEffectiveTags

compute.interconnectAttachments.listTagBindings

compute.interconnectGroups.get

compute.interconnectGroups.list

compute.interconnectLocations.*

compute.interconnectLocations.get
compute.interconnectLocations.list

compute.interconnectRemoteLocations.*

compute.interconnectRemoteLocations.get
compute.interconnectRemoteLocations.list

compute.interconnects.get

compute.interconnects.list

compute.interconnects.listEffectiveTags

compute.interconnects.listTagBindings

compute.licenseCodes.*

compute.licenseCodes.get
compute.licenseCodes.getIamPolicy
compute.licenseCodes.list
compute.licenseCodes.setIamPolicy

compute.licenses.*

compute.licenses.create
compute.licenses.createTagBinding
compute.licenses.delete
compute.licenses.deleteTagBinding
compute.licenses.get
compute.licenses.getIamPolicy
compute.licenses.list
compute.licenses.listEffectiveTags
compute.licenses.listTagBindings
compute.licenses.setIamPolicy
compute.licenses.update

compute.machineImages.*

compute.machineImages.create
compute.machineImages.createTagBinding
compute.machineImages.delete
compute.machineImages.deleteTagBinding
compute.machineImages.get
compute.machineImages.getIamPolicy
compute.machineImages.list
compute.machineImages.listEffectiveTags
compute.machineImages.listTagBindings
compute.machineImages.setIamPolicy
compute.machineImages.setLabels
compute.machineImages.useReadOnly

compute.machineTypes.*

compute.machineTypes.get
compute.machineTypes.list

compute.multiMig.*

compute.multiMig.create
compute.multiMig.delete
compute.multiMig.get
compute.multiMig.list

compute.networkAttachments.get

compute.networkAttachments.list

compute.networkAttachments.listEffectiveTags

compute.networkAttachments.listTagBindings

compute.networkEndpointGroups.*

compute.networkEndpointGroups.attachNetworkEndpoints
compute.networkEndpointGroups.create
compute.networkEndpointGroups.createTagBinding
compute.networkEndpointGroups.delete
compute.networkEndpointGroups.deleteTagBinding
compute.networkEndpointGroups.detachNetworkEndpoints
compute.networkEndpointGroups.get
compute.networkEndpointGroups.list
compute.networkEndpointGroups.listEffectiveTags
compute.networkEndpointGroups.listTagBindings
compute.networkEndpointGroups.use

compute.networkProfiles.*

compute.networkProfiles.get
compute.networkProfiles.list

compute.networks.get

compute.networks.list

compute.networks.listEffectiveTags

compute.networks.listTagBindings

compute.networks.use

compute.networks.useExternalIp

compute.projects.get

compute.projects.setCommonInstanceMetadata

compute.regionBackendBuckets.get

compute.regionBackendBuckets.list

compute.regionBackendBuckets.listEffectiveTags

compute.regionBackendBuckets.listTagBindings

compute.regionBackendServices.get

compute.regionBackendServices.list

compute.regionBackendServices.listEffectiveTags

compute.regionBackendServices.listTagBindings

compute.regionCompositeHealthChecks.get

compute.regionCompositeHealthChecks.list

compute.regionHealthAggregationPolicies.get

compute.regionHealthAggregationPolicies.list

compute.regionHealthCheckServices.get

compute.regionHealthCheckServices.list

compute.regionHealthChecks.get

compute.regionHealthChecks.list

compute.regionHealthChecks.listEffectiveTags

compute.regionHealthChecks.listTagBindings

compute.regionHealthSources.get

compute.regionHealthSources.list

compute.regionNetworkEndpointGroups.*

compute.regionNetworkEndpointGroups.attachNetworkEndpoints
compute.regionNetworkEndpointGroups.create
compute.regionNetworkEndpointGroups.createTagBinding
compute.regionNetworkEndpointGroups.delete
compute.regionNetworkEndpointGroups.deleteTagBinding
compute.regionNetworkEndpointGroups.detachNetworkEndpoints
compute.regionNetworkEndpointGroups.get
compute.regionNetworkEndpointGroups.list
compute.regionNetworkEndpointGroups.listEffectiveTags
compute.regionNetworkEndpointGroups.listTagBindings
compute.regionNetworkEndpointGroups.use

compute.regionNotificationEndpoints.get

compute.regionNotificationEndpoints.list

compute.regionOperations.get

compute.regionOperations.list

compute.regionSslCertificates.get

compute.regionSslCertificates.list

compute.regionSslCertificates.listEffectiveTags

compute.regionSslCertificates.listTagBindings

compute.regionSslPolicies.get

compute.regionSslPolicies.list

compute.regionSslPolicies.listAvailableFeatures

compute.regionSslPolicies.listEffectiveTags

compute.regionSslPolicies.listTagBindings

compute.regionTargetHttpProxies.get

compute.regionTargetHttpProxies.list

compute.regionTargetHttpProxies.listEffectiveTags

compute.regionTargetHttpProxies.listTagBindings

compute.regionTargetHttpsProxies.get

compute.regionTargetHttpsProxies.list

compute.regionTargetHttpsProxies.listEffectiveTags

compute.regionTargetHttpsProxies.listTagBindings

compute.regionTargetTcpProxies.get

compute.regionTargetTcpProxies.list

compute.regionTargetTcpProxies.listEffectiveTags

compute.regionTargetTcpProxies.listTagBindings

compute.regionUrlMaps.get

compute.regionUrlMaps.list

compute.regionUrlMaps.listEffectiveTags

compute.regionUrlMaps.listTagBindings

compute.regions.*

compute.regions.get
compute.regions.list

compute.reservationBlocks.get

compute.reservationBlocks.list

compute.reservationSubBlocks.get

compute.reservationSubBlocks.list

compute.reservations.get

compute.reservations.list

compute.reservations.listEffectiveTags

compute.reservations.listTagBindings

compute.resourcePolicies.*

compute.resourcePolicies.create
compute.resourcePolicies.delete
compute.resourcePolicies.get
compute.resourcePolicies.getIamPolicy
compute.resourcePolicies.list
compute.resourcePolicies.setIamPolicy
compute.resourcePolicies.update
compute.resourcePolicies.use
compute.resourcePolicies.useReadOnly

compute.routers.get

compute.routers.getRoutePolicy

compute.routers.list

compute.routers.listBgpRoutes

compute.routers.listEffectiveTags

compute.routers.listRoutePolicies

compute.routers.listTagBindings

compute.routes.get

compute.routes.list

compute.routes.listEffectiveTags

compute.routes.listTagBindings

compute.serviceAttachments.get

compute.serviceAttachments.list

compute.serviceAttachments.listEffectiveTags

compute.serviceAttachments.listTagBindings

compute.snapshotGroups.*

compute.snapshotGroups.create
compute.snapshotGroups.delete
compute.snapshotGroups.get
compute.snapshotGroups.getIamPolicy
compute.snapshotGroups.list
compute.snapshotGroups.setIamPolicy
compute.snapshotGroups.useReadOnly

compute.snapshots.*

compute.snapshots.create
compute.snapshots.createTagBinding
compute.snapshots.delete
compute.snapshots.deleteTagBinding
compute.snapshots.get
compute.snapshots.getIamPolicy
compute.snapshots.list
compute.snapshots.listEffectiveTags
compute.snapshots.listTagBindings
compute.snapshots.setIamPolicy
compute.snapshots.setLabels
compute.snapshots.updateKmsKey
compute.snapshots.useReadOnly

compute.spotAssistants.get

compute.sslCertificates.get

compute.sslCertificates.list

compute.sslCertificates.listEffectiveTags

compute.sslCertificates.listTagBindings

compute.sslPolicies.get

compute.sslPolicies.list

compute.sslPolicies.listAvailableFeatures

compute.sslPolicies.listEffectiveTags

compute.sslPolicies.listTagBindings

compute.storagePools.get

compute.storagePools.list

compute.storagePools.listEffectiveTags

compute.storagePools.listTagBindings

compute.storagePools.use

compute.subnetworks.get

compute.subnetworks.list

compute.subnetworks.listEffectiveTags

compute.subnetworks.listTagBindings

compute.subnetworks.use

compute.subnetworks.useExternalIp

compute.targetGrpcProxies.get

compute.targetGrpcProxies.list

compute.targetGrpcProxies.listEffectiveTags

compute.targetGrpcProxies.listTagBindings

compute.targetHttpProxies.get

compute.targetHttpProxies.list

compute.targetHttpProxies.listEffectiveTags

compute.targetHttpProxies.listTagBindings

compute.targetHttpsProxies.get

compute.targetHttpsProxies.list

compute.targetHttpsProxies.listEffectiveTags

compute.targetHttpsProxies.listTagBindings

compute.targetInstances.get

compute.targetInstances.list

compute.targetInstances.listEffectiveTags

compute.targetInstances.listTagBindings

compute.targetPools.get

compute.targetPools.list

compute.targetPools.listEffectiveTags

compute.targetPools.listTagBindings

compute.targetSslProxies.get

compute.targetSslProxies.list

compute.targetSslProxies.listEffectiveTags

compute.targetSslProxies.listTagBindings

compute.targetTcpProxies.get

compute.targetTcpProxies.list

compute.targetTcpProxies.listEffectiveTags

compute.targetTcpProxies.listTagBindings

compute.targetVpnGateways.get

compute.targetVpnGateways.list

compute.targetVpnGateways.listEffectiveTags

compute.targetVpnGateways.listTagBindings

compute.urlMaps.get

compute.urlMaps.list

compute.urlMaps.listEffectiveTags

compute.urlMaps.listTagBindings

compute.vpnGateways.get

compute.vpnGateways.list

compute.vpnGateways.listEffectiveTags

compute.vpnGateways.listTagBindings

compute.vpnTunnels.get

compute.vpnTunnels.list

compute.vpnTunnels.listEffectiveTags

compute.vpnTunnels.listTagBindings

compute.wireGroups.get

compute.wireGroups.list

compute.zoneOperations.get

compute.zoneOperations.list

compute.zones.*

compute.zones.get
compute.zones.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Instance Group Manager Service Agent

(roles/compute.instanceGroupManagerServiceAgent)

Role containing all permissions required by Managed Instance Groups to create and manage instances.

compute.addresses.*

compute.addresses.create
compute.addresses.createInternal
compute.addresses.createTagBinding
compute.addresses.delete
compute.addresses.deleteInternal
compute.addresses.deleteTagBinding
compute.addresses.get
compute.addresses.list
compute.addresses.listEffectiveTags
compute.addresses.listTagBindings
compute.addresses.setLabels
compute.addresses.use
compute.addresses.useInternal

compute.disks.addResourcePolicies

compute.disks.create

compute.disks.createSnapshot

compute.disks.createTagBinding

compute.disks.delete

compute.disks.deleteTagBinding

compute.disks.get

compute.disks.getIamPolicy

compute.disks.list

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.disks.removeResourcePolicies

compute.disks.resize

compute.disks.setLabels

compute.disks.startAsyncReplication

compute.disks.stopAsyncReplication

compute.disks.stopGroupAsyncReplication

compute.disks.update

compute.disks.updateKmsKey

compute.disks.use

compute.disks.useReadOnly

compute.globalAddresses.get

compute.globalOperations.get

compute.healthChecks.get

compute.httpHealthChecks.get

compute.httpsHealthChecks.get

compute.images.useReadOnly

compute.instanceGroups.update

compute.instanceTemplates.useReadOnly

compute.instances.addAccessConfig

compute.instances.addNetworkInterface

compute.instances.addResourcePolicies

compute.instances.attachDisk

compute.instances.create

compute.instances.createTagBinding

compute.instances.delete

compute.instances.deleteAccessConfig

compute.instances.deleteNetworkInterface

compute.instances.deleteTagBinding

compute.instances.detachDisk

compute.instances.get

compute.instances.getEffectiveFirewalls

compute.instances.getGuestAttributes

compute.instances.getIamPolicy

compute.instances.getScreenshot

compute.instances.getSerialPortOutput

compute.instances.getShieldedInstanceIdentity

compute.instances.getShieldedVmIdentity

compute.instances.list

compute.instances.listEffectiveTags

compute.instances.listReferrers

compute.instances.listTagBindings

compute.instances.osAdminLogin

compute.instances.osLogin

compute.instances.pscInterfaceCreate

compute.instances.removeResourcePolicies

compute.instances.reset

compute.instances.resume

compute.instances.sendDiagnosticInterrupt

compute.instances.setDeletionProtection

compute.instances.setDiskAutoDelete

compute.instances.setLabels

compute.instances.setMachineResources

compute.instances.setMachineType

compute.instances.setMetadata

compute.instances.setMinCpuPlatform

compute.instances.setName

compute.instances.setScheduling

compute.instances.setSecurityPolicy

compute.instances.setServiceAccount

compute.instances.setShieldedInstanceIntegrityPolicy

compute.instances.setShieldedVmIntegrityPolicy

compute.instances.setTags

compute.instances.simulateMaintenanceEvent

compute.instances.start

compute.instances.startWithEncryptionKey

compute.instances.stop

compute.instances.suspend

compute.instances.update

compute.instances.updateAccessConfig

compute.instances.updateDisplayDevice

compute.instances.updateNetworkInterface

compute.instances.updateSecurity

compute.instances.updateShieldedInstanceConfig

compute.instances.updateShieldedVmConfig

compute.instances.use

compute.instances.useReadOnly

compute.networks.use

compute.networks.useExternalIp

compute.regionOperations.get

compute.resourcePolicies.use

compute.snapshots.useReadOnly

compute.subnetworks.use

compute.subnetworks.useExternalIp

compute.targetPools.addInstance

compute.targetPools.removeInstance

compute.zoneOperations.get

iam.serviceAccounts.actAs

networkconnectivity.serviceClasses.use

resourcemanager.tagValueBindings.*

resourcemanager.tagValueBindings.create
resourcemanager.tagValueBindings.delete

resourcemanager.tagValues.get

Interconnect Attachment Group Analyzer

(roles/compute.interconnectAttachmentGroupAnalyzer)

Analyze Interconnect Attachment Groups via their GetOperationalStatus method.

cloudasset.assets.listComputeInterconnect

cloudasset.assets.listComputeInterconnectAttachment

cloudasset.assets.listComputeNetworks

cloudasset.assets.listComputeRouters

cloudasset.assets.listComputeVpnGateways

compute.interconnectAttachmentGroups.get

compute.interconnectAttachmentGroups.list

compute.interconnectAttachments.get

compute.interconnectAttachments.list

compute.routers.get

Interconnect Group Analyzer

(roles/compute.interconnectGroupAnalyzer)

Analyze Interconnect Groups via their GetOperationalStatus method.

cloudasset.assets.listComputeInterconnect

cloudasset.assets.listComputeInterconnectAttachment

cloudasset.assets.listComputeNetworks

cloudasset.assets.listComputeRouters

cloudasset.assets.listComputeVpnGateways

compute.interconnectGroups.get

compute.interconnectGroups.list

compute.interconnects.get

compute.interconnects.list

Compute Load Balancer Admin

(roles/compute.loadBalancerAdmin)

Permissions to create, modify, and delete load balancers and associate resources.

For example, if your company has a load balancing team that manages load balancers, SSL certificates for load balancers, SSL policies, and other load balancing resources, and a separate networking team that manages the rest of the networking resources, then grant this role to the load balancing team's group.

Lowest-level resources where you can grant this role:

Instance

certificatemanager.certmaps.get

certificatemanager.certmaps.list

certificatemanager.certmaps.use

compute.addresses.*

compute.addresses.create
compute.addresses.createInternal
compute.addresses.createTagBinding
compute.addresses.delete
compute.addresses.deleteInternal
compute.addresses.deleteTagBinding
compute.addresses.get
compute.addresses.list
compute.addresses.listEffectiveTags
compute.addresses.listTagBindings
compute.addresses.setLabels
compute.addresses.use
compute.addresses.useInternal

compute.backendBuckets.*

compute.backendBuckets.addSignedUrlKey
compute.backendBuckets.create
compute.backendBuckets.createTagBinding
compute.backendBuckets.delete
compute.backendBuckets.deleteSignedUrlKey
compute.backendBuckets.deleteTagBinding
compute.backendBuckets.get
compute.backendBuckets.getIamPolicy
compute.backendBuckets.list
compute.backendBuckets.listEffectiveTags
compute.backendBuckets.listTagBindings
compute.backendBuckets.setIamPolicy
compute.backendBuckets.setSecurityPolicy
compute.backendBuckets.update
compute.backendBuckets.use

compute.backendServices.*

compute.backendServices.addSignedUrlKey
compute.backendServices.create
compute.backendServices.createTagBinding
compute.backendServices.delete
compute.backendServices.deleteSignedUrlKey
compute.backendServices.deleteTagBinding
compute.backendServices.get
compute.backendServices.getIamPolicy
compute.backendServices.list
compute.backendServices.listEffectiveTags
compute.backendServices.listTagBindings
compute.backendServices.setIamPolicy
compute.backendServices.setSecurityPolicy
compute.backendServices.update
compute.backendServices.use

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.forwardingRules.*

compute.forwardingRules.create
compute.forwardingRules.createTagBinding
compute.forwardingRules.delete
compute.forwardingRules.deleteTagBinding
compute.forwardingRules.get
compute.forwardingRules.list
compute.forwardingRules.listEffectiveTags
compute.forwardingRules.listTagBindings
compute.forwardingRules.pscCreate
compute.forwardingRules.pscDelete
compute.forwardingRules.pscSetLabels
compute.forwardingRules.pscUpdate
compute.forwardingRules.setLabels
compute.forwardingRules.setTarget
compute.forwardingRules.update
compute.forwardingRules.use

compute.globalAddresses.*

compute.globalAddresses.create
compute.globalAddresses.createInternal
compute.globalAddresses.createTagBinding
compute.globalAddresses.delete
compute.globalAddresses.deleteInternal
compute.globalAddresses.deleteTagBinding
compute.globalAddresses.get
compute.globalAddresses.list
compute.globalAddresses.listEffectiveTags
compute.globalAddresses.listTagBindings
compute.globalAddresses.setLabels
compute.globalAddresses.use

compute.globalForwardingRules.*

compute.globalForwardingRules.create
compute.globalForwardingRules.createTagBinding
compute.globalForwardingRules.delete
compute.globalForwardingRules.deleteTagBinding
compute.globalForwardingRules.get
compute.globalForwardingRules.list
compute.globalForwardingRules.listEffectiveTags
compute.globalForwardingRules.listTagBindings
compute.globalForwardingRules.pscCreate
compute.globalForwardingRules.pscDelete
compute.globalForwardingRules.pscSetLabels
compute.globalForwardingRules.pscUpdate
compute.globalForwardingRules.setLabels
compute.globalForwardingRules.setTarget
compute.globalForwardingRules.update

compute.globalNetworkEndpointGroups.*

compute.globalNetworkEndpointGroups.attachNetworkEndpoints
compute.globalNetworkEndpointGroups.create
compute.globalNetworkEndpointGroups.createTagBinding
compute.globalNetworkEndpointGroups.delete
compute.globalNetworkEndpointGroups.deleteTagBinding
compute.globalNetworkEndpointGroups.detachNetworkEndpoints
compute.globalNetworkEndpointGroups.get
compute.globalNetworkEndpointGroups.list
compute.globalNetworkEndpointGroups.listEffectiveTags
compute.globalNetworkEndpointGroups.listTagBindings
compute.globalNetworkEndpointGroups.use

compute.globalOperations.get

compute.globalOperations.list

compute.healthChecks.*

compute.healthChecks.create
compute.healthChecks.createTagBinding
compute.healthChecks.delete
compute.healthChecks.deleteTagBinding
compute.healthChecks.get
compute.healthChecks.list
compute.healthChecks.listEffectiveTags
compute.healthChecks.listTagBindings
compute.healthChecks.update
compute.healthChecks.use
compute.healthChecks.useReadOnly

compute.httpHealthChecks.*

compute.httpHealthChecks.create
compute.httpHealthChecks.createTagBinding
compute.httpHealthChecks.delete
compute.httpHealthChecks.deleteTagBinding
compute.httpHealthChecks.get
compute.httpHealthChecks.list
compute.httpHealthChecks.listEffectiveTags
compute.httpHealthChecks.listTagBindings
compute.httpHealthChecks.update
compute.httpHealthChecks.use
compute.httpHealthChecks.useReadOnly

compute.httpsHealthChecks.*

compute.httpsHealthChecks.create
compute.httpsHealthChecks.createTagBinding
compute.httpsHealthChecks.delete
compute.httpsHealthChecks.deleteTagBinding
compute.httpsHealthChecks.get
compute.httpsHealthChecks.list
compute.httpsHealthChecks.listEffectiveTags
compute.httpsHealthChecks.listTagBindings
compute.httpsHealthChecks.update
compute.httpsHealthChecks.use
compute.httpsHealthChecks.useReadOnly

compute.images.listEffectiveTags

compute.images.listTagBindings

compute.instanceGroups.*

compute.instanceGroups.create
compute.instanceGroups.createTagBinding
compute.instanceGroups.delete
compute.instanceGroups.deleteTagBinding
compute.instanceGroups.get
compute.instanceGroups.list
compute.instanceGroups.listEffectiveTags
compute.instanceGroups.listTagBindings
compute.instanceGroups.update
compute.instanceGroups.use

compute.instances.get

compute.instances.list

compute.instances.listEffectiveTags

compute.instances.listTagBindings

compute.instances.use

compute.instances.useReadOnly

compute.networkEndpointGroups.*

compute.networkEndpointGroups.attachNetworkEndpoints
compute.networkEndpointGroups.create
compute.networkEndpointGroups.createTagBinding
compute.networkEndpointGroups.delete
compute.networkEndpointGroups.deleteTagBinding
compute.networkEndpointGroups.detachNetworkEndpoints
compute.networkEndpointGroups.get
compute.networkEndpointGroups.list
compute.networkEndpointGroups.listEffectiveTags
compute.networkEndpointGroups.listTagBindings
compute.networkEndpointGroups.use

compute.networks.get

compute.networks.list

compute.networks.listEffectiveTags

compute.networks.listTagBindings

compute.networks.use

compute.projects.get

compute.regionBackendBuckets.*

compute.regionBackendBuckets.create
compute.regionBackendBuckets.createTagBinding
compute.regionBackendBuckets.delete
compute.regionBackendBuckets.deleteTagBinding
compute.regionBackendBuckets.get
compute.regionBackendBuckets.getIamPolicy
compute.regionBackendBuckets.list
compute.regionBackendBuckets.listEffectiveTags
compute.regionBackendBuckets.listTagBindings
compute.regionBackendBuckets.setIamPolicy
compute.regionBackendBuckets.update
compute.regionBackendBuckets.use

compute.regionBackendServices.*

compute.regionBackendServices.create
compute.regionBackendServices.createTagBinding
compute.regionBackendServices.delete
compute.regionBackendServices.deleteTagBinding
compute.regionBackendServices.get
compute.regionBackendServices.getIamPolicy
compute.regionBackendServices.list
compute.regionBackendServices.listEffectiveTags
compute.regionBackendServices.listTagBindings
compute.regionBackendServices.setIamPolicy
compute.regionBackendServices.setSecurityPolicy
compute.regionBackendServices.update
compute.regionBackendServices.use

compute.regionHealthCheckServices.*

compute.regionHealthCheckServices.create
compute.regionHealthCheckServices.delete
compute.regionHealthCheckServices.get
compute.regionHealthCheckServices.list
compute.regionHealthCheckServices.update
compute.regionHealthCheckServices.use

compute.regionHealthChecks.*

compute.regionHealthChecks.create
compute.regionHealthChecks.createTagBinding
compute.regionHealthChecks.delete
compute.regionHealthChecks.deleteTagBinding
compute.regionHealthChecks.get
compute.regionHealthChecks.list
compute.regionHealthChecks.listEffectiveTags
compute.regionHealthChecks.listTagBindings
compute.regionHealthChecks.update
compute.regionHealthChecks.use
compute.regionHealthChecks.useReadOnly

compute.regionNetworkEndpointGroups.*

compute.regionNetworkEndpointGroups.attachNetworkEndpoints
compute.regionNetworkEndpointGroups.create
compute.regionNetworkEndpointGroups.createTagBinding
compute.regionNetworkEndpointGroups.delete
compute.regionNetworkEndpointGroups.deleteTagBinding
compute.regionNetworkEndpointGroups.detachNetworkEndpoints
compute.regionNetworkEndpointGroups.get
compute.regionNetworkEndpointGroups.list
compute.regionNetworkEndpointGroups.listEffectiveTags
compute.regionNetworkEndpointGroups.listTagBindings
compute.regionNetworkEndpointGroups.use

compute.regionNotificationEndpoints.*

compute.regionNotificationEndpoints.create
compute.regionNotificationEndpoints.delete
compute.regionNotificationEndpoints.get
compute.regionNotificationEndpoints.list
compute.regionNotificationEndpoints.update
compute.regionNotificationEndpoints.use

compute.regionOperations.get

compute.regionOperations.list

compute.regionSecurityPolicies.get

compute.regionSecurityPolicies.list

compute.regionSecurityPolicies.listEffectiveTags

compute.regionSecurityPolicies.listTagBindings

compute.regionSecurityPolicies.use

compute.regionSslCertificates.*

compute.regionSslCertificates.create
compute.regionSslCertificates.createTagBinding
compute.regionSslCertificates.delete
compute.regionSslCertificates.deleteTagBinding
compute.regionSslCertificates.get
compute.regionSslCertificates.list
compute.regionSslCertificates.listEffectiveTags
compute.regionSslCertificates.listTagBindings

compute.regionSslPolicies.*

compute.regionSslPolicies.create
compute.regionSslPolicies.createTagBinding
compute.regionSslPolicies.delete
compute.regionSslPolicies.deleteTagBinding
compute.regionSslPolicies.get
compute.regionSslPolicies.list
compute.regionSslPolicies.listAvailableFeatures
compute.regionSslPolicies.listEffectiveTags
compute.regionSslPolicies.listTagBindings
compute.regionSslPolicies.update
compute.regionSslPolicies.use

compute.regionTargetHttpProxies.*

compute.regionTargetHttpProxies.create
compute.regionTargetHttpProxies.createTagBinding
compute.regionTargetHttpProxies.delete
compute.regionTargetHttpProxies.deleteTagBinding
compute.regionTargetHttpProxies.get
compute.regionTargetHttpProxies.list
compute.regionTargetHttpProxies.listEffectiveTags
compute.regionTargetHttpProxies.listTagBindings
compute.regionTargetHttpProxies.setUrlMap
compute.regionTargetHttpProxies.use

compute.regionTargetHttpsProxies.*

compute.regionTargetHttpsProxies.create
compute.regionTargetHttpsProxies.createTagBinding
compute.regionTargetHttpsProxies.delete
compute.regionTargetHttpsProxies.deleteTagBinding
compute.regionTargetHttpsProxies.get
compute.regionTargetHttpsProxies.list
compute.regionTargetHttpsProxies.listEffectiveTags
compute.regionTargetHttpsProxies.listTagBindings
compute.regionTargetHttpsProxies.setSslCertificates
compute.regionTargetHttpsProxies.setUrlMap
compute.regionTargetHttpsProxies.update
compute.regionTargetHttpsProxies.use

compute.regionTargetTcpProxies.*

compute.regionTargetTcpProxies.create
compute.regionTargetTcpProxies.createTagBinding
compute.regionTargetTcpProxies.delete
compute.regionTargetTcpProxies.deleteTagBinding
compute.regionTargetTcpProxies.get
compute.regionTargetTcpProxies.list
compute.regionTargetTcpProxies.listEffectiveTags
compute.regionTargetTcpProxies.listTagBindings
compute.regionTargetTcpProxies.use

compute.regionUrlMaps.*

compute.regionUrlMaps.create
compute.regionUrlMaps.createTagBinding
compute.regionUrlMaps.delete
compute.regionUrlMaps.deleteTagBinding
compute.regionUrlMaps.get
compute.regionUrlMaps.invalidateCache
compute.regionUrlMaps.list
compute.regionUrlMaps.listEffectiveTags
compute.regionUrlMaps.listTagBindings
compute.regionUrlMaps.update
compute.regionUrlMaps.use
compute.regionUrlMaps.validate

compute.securityPolicies.get

compute.securityPolicies.list

compute.securityPolicies.listEffectiveTags

compute.securityPolicies.listTagBindings

compute.securityPolicies.use

compute.snapshots.listEffectiveTags

compute.snapshots.listTagBindings

compute.sslCertificates.*

compute.sslCertificates.create
compute.sslCertificates.createTagBinding
compute.sslCertificates.delete
compute.sslCertificates.deleteTagBinding
compute.sslCertificates.get
compute.sslCertificates.list
compute.sslCertificates.listEffectiveTags
compute.sslCertificates.listTagBindings

compute.sslPolicies.*

compute.sslPolicies.create
compute.sslPolicies.createTagBinding
compute.sslPolicies.delete
compute.sslPolicies.deleteTagBinding
compute.sslPolicies.get
compute.sslPolicies.list
compute.sslPolicies.listAvailableFeatures
compute.sslPolicies.listEffectiveTags
compute.sslPolicies.listTagBindings
compute.sslPolicies.update
compute.sslPolicies.use

compute.subnetworks.get

compute.subnetworks.list

compute.subnetworks.listEffectiveTags

compute.subnetworks.listTagBindings

compute.subnetworks.use

compute.targetGrpcProxies.*

compute.targetGrpcProxies.create
compute.targetGrpcProxies.createTagBinding
compute.targetGrpcProxies.delete
compute.targetGrpcProxies.deleteTagBinding
compute.targetGrpcProxies.get
compute.targetGrpcProxies.list
compute.targetGrpcProxies.listEffectiveTags
compute.targetGrpcProxies.listTagBindings
compute.targetGrpcProxies.update
compute.targetGrpcProxies.use

compute.targetHttpProxies.*

compute.targetHttpProxies.create
compute.targetHttpProxies.createTagBinding
compute.targetHttpProxies.delete
compute.targetHttpProxies.deleteTagBinding
compute.targetHttpProxies.get
compute.targetHttpProxies.list
compute.targetHttpProxies.listEffectiveTags
compute.targetHttpProxies.listTagBindings
compute.targetHttpProxies.setUrlMap
compute.targetHttpProxies.update
compute.targetHttpProxies.use

compute.targetHttpsProxies.*

compute.targetHttpsProxies.create
compute.targetHttpsProxies.createTagBinding
compute.targetHttpsProxies.delete
compute.targetHttpsProxies.deleteTagBinding
compute.targetHttpsProxies.get
compute.targetHttpsProxies.list
compute.targetHttpsProxies.listEffectiveTags
compute.targetHttpsProxies.listTagBindings
compute.targetHttpsProxies.setCertificateMap
compute.targetHttpsProxies.setQuicOverride
compute.targetHttpsProxies.setSslCertificates
compute.targetHttpsProxies.setSslPolicy
compute.targetHttpsProxies.setUrlMap
compute.targetHttpsProxies.update
compute.targetHttpsProxies.use

compute.targetInstances.*

compute.targetInstances.create
compute.targetInstances.createTagBinding
compute.targetInstances.delete
compute.targetInstances.deleteTagBinding
compute.targetInstances.get
compute.targetInstances.list
compute.targetInstances.listEffectiveTags
compute.targetInstances.listTagBindings
compute.targetInstances.setSecurityPolicy
compute.targetInstances.use

compute.targetPools.*

compute.targetPools.addHealthCheck
compute.targetPools.addInstance
compute.targetPools.create
compute.targetPools.createTagBinding
compute.targetPools.delete
compute.targetPools.deleteTagBinding
compute.targetPools.get
compute.targetPools.list
compute.targetPools.listEffectiveTags
compute.targetPools.listTagBindings
compute.targetPools.removeHealthCheck
compute.targetPools.removeInstance
compute.targetPools.setSecurityPolicy
compute.targetPools.update
compute.targetPools.use

compute.targetSslProxies.*

compute.targetSslProxies.create
compute.targetSslProxies.createTagBinding
compute.targetSslProxies.delete
compute.targetSslProxies.deleteTagBinding
compute.targetSslProxies.get
compute.targetSslProxies.list
compute.targetSslProxies.listEffectiveTags
compute.targetSslProxies.listTagBindings
compute.targetSslProxies.setBackendService
compute.targetSslProxies.setCertificateMap
compute.targetSslProxies.setProxyHeader
compute.targetSslProxies.setSslCertificates
compute.targetSslProxies.setSslPolicy
compute.targetSslProxies.update
compute.targetSslProxies.use

compute.targetTcpProxies.*

compute.targetTcpProxies.create
compute.targetTcpProxies.createTagBinding
compute.targetTcpProxies.delete
compute.targetTcpProxies.deleteTagBinding
compute.targetTcpProxies.get
compute.targetTcpProxies.list
compute.targetTcpProxies.listEffectiveTags
compute.targetTcpProxies.listTagBindings
compute.targetTcpProxies.update
compute.targetTcpProxies.use

compute.urlMaps.*

compute.urlMaps.create
compute.urlMaps.createTagBinding
compute.urlMaps.delete
compute.urlMaps.deleteTagBinding
compute.urlMaps.get
compute.urlMaps.invalidateCache
compute.urlMaps.list
compute.urlMaps.listEffectiveTags
compute.urlMaps.listTagBindings
compute.urlMaps.update
compute.urlMaps.use
compute.urlMaps.validate

compute.zoneOperations.get

compute.zoneOperations.list

networksecurity.clientTlsPolicies.get

networksecurity.clientTlsPolicies.list

networksecurity.clientTlsPolicies.use

networksecurity.serverTlsPolicies.get

networksecurity.serverTlsPolicies.list

networksecurity.serverTlsPolicies.use

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Compute Load Balancer Services User

(roles/compute.loadBalancerServiceUser)

Permissions to use services from a load balancer in other projects.

compute.backendBuckets.get

compute.backendBuckets.list

compute.backendBuckets.listEffectiveTags

compute.backendBuckets.listTagBindings

compute.backendBuckets.use

compute.backendServices.get

compute.backendServices.list

compute.backendServices.listEffectiveTags

compute.backendServices.listTagBindings

compute.backendServices.use

compute.projects.get

compute.regionBackendBuckets.get

compute.regionBackendBuckets.list

compute.regionBackendBuckets.listEffectiveTags

compute.regionBackendBuckets.listTagBindings

compute.regionBackendBuckets.use

compute.regionBackendServices.get

compute.regionBackendServices.list

compute.regionBackendServices.listEffectiveTags

compute.regionBackendServices.listTagBindings

compute.regionBackendServices.use

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Compute Network Admin

(roles/compute.networkAdmin)

Permissions to create, modify, and delete networking resources, except for firewall rules and SSL certificates. The network admin role allows read-only access to firewall rules, SSL certificates, and instances (to view their ephemeral IP addresses). The network admin role does not allow a user to create, start, stop, or delete instances.

For example, if your company has a security team that manages firewalls and SSL certificates and a networking team that manages the rest of the networking resources, then grant this role to the networking team's group. Or, if you have a combined team that manages both security and networking, then grant this role as well as the roles/compute.securityAdmin role to the combined team's group.

Lowest-level resources where you can grant this role:

Instance

compute.acceleratorTypes.*

compute.acceleratorTypes.get
compute.acceleratorTypes.list

compute.addresses.*

compute.addresses.create
compute.addresses.createInternal
compute.addresses.createTagBinding
compute.addresses.delete
compute.addresses.deleteInternal
compute.addresses.deleteTagBinding
compute.addresses.get
compute.addresses.list
compute.addresses.listEffectiveTags
compute.addresses.listTagBindings
compute.addresses.setLabels
compute.addresses.use
compute.addresses.useInternal

compute.autoscalers.get

compute.autoscalers.list

compute.backendBuckets.*

compute.backendBuckets.addSignedUrlKey
compute.backendBuckets.create
compute.backendBuckets.createTagBinding
compute.backendBuckets.delete
compute.backendBuckets.deleteSignedUrlKey
compute.backendBuckets.deleteTagBinding
compute.backendBuckets.get
compute.backendBuckets.getIamPolicy
compute.backendBuckets.list
compute.backendBuckets.listEffectiveTags
compute.backendBuckets.listTagBindings
compute.backendBuckets.setIamPolicy
compute.backendBuckets.setSecurityPolicy
compute.backendBuckets.update
compute.backendBuckets.use

compute.backendServices.*

compute.backendServices.addSignedUrlKey
compute.backendServices.create
compute.backendServices.createTagBinding
compute.backendServices.delete
compute.backendServices.deleteSignedUrlKey
compute.backendServices.deleteTagBinding
compute.backendServices.get
compute.backendServices.getIamPolicy
compute.backendServices.list
compute.backendServices.listEffectiveTags
compute.backendServices.listTagBindings
compute.backendServices.setIamPolicy
compute.backendServices.setSecurityPolicy
compute.backendServices.update
compute.backendServices.use

compute.crossSiteNetworks.*

compute.crossSiteNetworks.create
compute.crossSiteNetworks.delete
compute.crossSiteNetworks.get
compute.crossSiteNetworks.list
compute.crossSiteNetworks.update

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.externalVpnGateways.*

compute.externalVpnGateways.create
compute.externalVpnGateways.createTagBinding
compute.externalVpnGateways.delete
compute.externalVpnGateways.deleteTagBinding
compute.externalVpnGateways.get
compute.externalVpnGateways.list
compute.externalVpnGateways.listEffectiveTags
compute.externalVpnGateways.listTagBindings
compute.externalVpnGateways.setLabels
compute.externalVpnGateways.use

compute.firewallPolicies.get

compute.firewallPolicies.list

compute.firewallPolicies.listEffectiveTags

compute.firewallPolicies.listTagBindings

compute.firewallPolicies.use

compute.firewalls.get

compute.firewalls.list

compute.firewalls.listEffectiveTags

compute.firewalls.listTagBindings

compute.forwardingRules.*

compute.forwardingRules.create
compute.forwardingRules.createTagBinding
compute.forwardingRules.delete
compute.forwardingRules.deleteTagBinding
compute.forwardingRules.get
compute.forwardingRules.list
compute.forwardingRules.listEffectiveTags
compute.forwardingRules.listTagBindings
compute.forwardingRules.pscCreate
compute.forwardingRules.pscDelete
compute.forwardingRules.pscSetLabels
compute.forwardingRules.pscUpdate
compute.forwardingRules.setLabels
compute.forwardingRules.setTarget
compute.forwardingRules.update
compute.forwardingRules.use

compute.globalAddresses.*

compute.globalAddresses.create
compute.globalAddresses.createInternal
compute.globalAddresses.createTagBinding
compute.globalAddresses.delete
compute.globalAddresses.deleteInternal
compute.globalAddresses.deleteTagBinding
compute.globalAddresses.get
compute.globalAddresses.list
compute.globalAddresses.listEffectiveTags
compute.globalAddresses.listTagBindings
compute.globalAddresses.setLabels
compute.globalAddresses.use

compute.globalForwardingRules.*

compute.globalForwardingRules.create
compute.globalForwardingRules.createTagBinding
compute.globalForwardingRules.delete
compute.globalForwardingRules.deleteTagBinding
compute.globalForwardingRules.get
compute.globalForwardingRules.list
compute.globalForwardingRules.listEffectiveTags
compute.globalForwardingRules.listTagBindings
compute.globalForwardingRules.pscCreate
compute.globalForwardingRules.pscDelete
compute.globalForwardingRules.pscSetLabels
compute.globalForwardingRules.pscUpdate
compute.globalForwardingRules.setLabels
compute.globalForwardingRules.setTarget
compute.globalForwardingRules.update

compute.globalNetworkEndpointGroups.get

compute.globalNetworkEndpointGroups.list

compute.globalNetworkEndpointGroups.listEffectiveTags

compute.globalNetworkEndpointGroups.listTagBindings

compute.globalNetworkEndpointGroups.use

compute.globalOperations.get

compute.globalOperations.list

compute.globalPublicDelegatedPrefixes.delete

compute.globalPublicDelegatedPrefixes.get

compute.globalPublicDelegatedPrefixes.list

compute.globalPublicDelegatedPrefixes.updatePolicy

compute.healthChecks.*

compute.healthChecks.create
compute.healthChecks.createTagBinding
compute.healthChecks.delete
compute.healthChecks.deleteTagBinding
compute.healthChecks.get
compute.healthChecks.list
compute.healthChecks.listEffectiveTags
compute.healthChecks.listTagBindings
compute.healthChecks.update
compute.healthChecks.use
compute.healthChecks.useReadOnly

compute.httpHealthChecks.*

compute.httpHealthChecks.create
compute.httpHealthChecks.createTagBinding
compute.httpHealthChecks.delete
compute.httpHealthChecks.deleteTagBinding
compute.httpHealthChecks.get
compute.httpHealthChecks.list
compute.httpHealthChecks.listEffectiveTags
compute.httpHealthChecks.listTagBindings
compute.httpHealthChecks.update
compute.httpHealthChecks.use
compute.httpHealthChecks.useReadOnly

compute.httpsHealthChecks.*

compute.httpsHealthChecks.create
compute.httpsHealthChecks.createTagBinding
compute.httpsHealthChecks.delete
compute.httpsHealthChecks.deleteTagBinding
compute.httpsHealthChecks.get
compute.httpsHealthChecks.list
compute.httpsHealthChecks.listEffectiveTags
compute.httpsHealthChecks.listTagBindings
compute.httpsHealthChecks.update
compute.httpsHealthChecks.use
compute.httpsHealthChecks.useReadOnly

compute.images.listEffectiveTags

compute.images.listTagBindings

compute.instanceGroupManagers.get

compute.instanceGroupManagers.list

compute.instanceGroupManagers.listEffectiveTags

compute.instanceGroupManagers.listTagBindings

compute.instanceGroupManagers.update

compute.instanceGroupManagers.use

compute.instanceGroups.get

compute.instanceGroups.list

compute.instanceGroups.listEffectiveTags

compute.instanceGroups.listTagBindings

compute.instanceGroups.update

compute.instanceGroups.use

compute.instanceSettings.get

compute.instances.get

compute.instances.getGuestAttributes

compute.instances.getScreenshot

compute.instances.getSerialPortOutput

compute.instances.list

compute.instances.listEffectiveTags

compute.instances.listReferrers

compute.instances.listTagBindings

compute.instances.updateSecurity

compute.instances.use

compute.instances.useReadOnly

compute.interconnectAttachmentGroups.*

compute.interconnectAttachmentGroups.create
compute.interconnectAttachmentGroups.delete
compute.interconnectAttachmentGroups.get
compute.interconnectAttachmentGroups.list
compute.interconnectAttachmentGroups.patch

compute.interconnectAttachments.*

compute.interconnectAttachments.create
compute.interconnectAttachments.createTagBinding
compute.interconnectAttachments.delete
compute.interconnectAttachments.deleteTagBinding
compute.interconnectAttachments.get
compute.interconnectAttachments.list
compute.interconnectAttachments.listEffectiveTags
compute.interconnectAttachments.listTagBindings
compute.interconnectAttachments.setLabels
compute.interconnectAttachments.update
compute.interconnectAttachments.use

compute.interconnectGroups.*

compute.interconnectGroups.create
compute.interconnectGroups.delete
compute.interconnectGroups.get
compute.interconnectGroups.list
compute.interconnectGroups.patch

compute.interconnectLocations.*

compute.interconnectLocations.get
compute.interconnectLocations.list

compute.interconnectRemoteLocations.*

compute.interconnectRemoteLocations.get
compute.interconnectRemoteLocations.list

compute.interconnects.*

compute.interconnects.create
compute.interconnects.createTagBinding
compute.interconnects.delete
compute.interconnects.deleteTagBinding
compute.interconnects.get
compute.interconnects.getMacsecConfig
compute.interconnects.list
compute.interconnects.listEffectiveTags
compute.interconnects.listTagBindings
compute.interconnects.setLabels
compute.interconnects.update
compute.interconnects.use

compute.machineTypes.*

compute.machineTypes.get
compute.machineTypes.list

compute.networkAttachments.*

compute.networkAttachments.create
compute.networkAttachments.createTagBinding
compute.networkAttachments.delete
compute.networkAttachments.deleteTagBinding
compute.networkAttachments.get
compute.networkAttachments.getIamPolicy
compute.networkAttachments.list
compute.networkAttachments.listEffectiveTags
compute.networkAttachments.listTagBindings
compute.networkAttachments.setIamPolicy
compute.networkAttachments.update
compute.networkAttachments.use

compute.networkEndpointGroups.get

compute.networkEndpointGroups.list

compute.networkEndpointGroups.listEffectiveTags

compute.networkEndpointGroups.listTagBindings

compute.networkEndpointGroups.use

compute.networkProfiles.*

compute.networkProfiles.get
compute.networkProfiles.list

compute.networks.*

compute.networks.access
compute.networks.addPeering
compute.networks.create
compute.networks.createTagBinding
compute.networks.delete
compute.networks.deleteTagBinding
compute.networks.get
compute.networks.getEffectiveFirewalls
compute.networks.getRegionEffectiveFirewalls
compute.networks.list
compute.networks.listEffectiveTags
compute.networks.listPeeringRoutes
compute.networks.listTagBindings
compute.networks.mirror
compute.networks.removePeering
compute.networks.setFirewallPolicy
compute.networks.setNetworkPolicy
compute.networks.switchToCustomMode
compute.networks.update
compute.networks.updatePeering
compute.networks.updatePolicy
compute.networks.use
compute.networks.useExternalIp

compute.packetMirrorings.get

compute.packetMirrorings.list

compute.packetMirrorings.listEffectiveTags

compute.packetMirrorings.listTagBindings

compute.projects.get

compute.publicDelegatedPrefixes.delete

compute.publicDelegatedPrefixes.get

compute.publicDelegatedPrefixes.list

compute.publicDelegatedPrefixes.listEffectiveTags

compute.publicDelegatedPrefixes.listTagBindings

compute.publicDelegatedPrefixes.update

compute.publicDelegatedPrefixes.updatePolicy

compute.regionBackendBuckets.*

compute.regionBackendBuckets.create
compute.regionBackendBuckets.createTagBinding
compute.regionBackendBuckets.delete
compute.regionBackendBuckets.deleteTagBinding
compute.regionBackendBuckets.get
compute.regionBackendBuckets.getIamPolicy
compute.regionBackendBuckets.list
compute.regionBackendBuckets.listEffectiveTags
compute.regionBackendBuckets.listTagBindings
compute.regionBackendBuckets.setIamPolicy
compute.regionBackendBuckets.update
compute.regionBackendBuckets.use

compute.regionBackendServices.*

compute.regionBackendServices.create
compute.regionBackendServices.createTagBinding
compute.regionBackendServices.delete
compute.regionBackendServices.deleteTagBinding
compute.regionBackendServices.get
compute.regionBackendServices.getIamPolicy
compute.regionBackendServices.list
compute.regionBackendServices.listEffectiveTags
compute.regionBackendServices.listTagBindings
compute.regionBackendServices.setIamPolicy
compute.regionBackendServices.setSecurityPolicy
compute.regionBackendServices.update
compute.regionBackendServices.use

compute.regionCompositeHealthChecks.*

compute.regionCompositeHealthChecks.create
compute.regionCompositeHealthChecks.delete
compute.regionCompositeHealthChecks.get
compute.regionCompositeHealthChecks.list
compute.regionCompositeHealthChecks.update

compute.regionFirewallPolicies.get

compute.regionFirewallPolicies.list

compute.regionFirewallPolicies.listEffectiveTags

compute.regionFirewallPolicies.listTagBindings

compute.regionFirewallPolicies.use

compute.regionHealthAggregationPolicies.*

compute.regionHealthAggregationPolicies.create
compute.regionHealthAggregationPolicies.delete
compute.regionHealthAggregationPolicies.get
compute.regionHealthAggregationPolicies.list
compute.regionHealthAggregationPolicies.update

compute.regionHealthCheckServices.*

compute.regionHealthCheckServices.create
compute.regionHealthCheckServices.delete
compute.regionHealthCheckServices.get
compute.regionHealthCheckServices.list
compute.regionHealthCheckServices.update
compute.regionHealthCheckServices.use

compute.regionHealthChecks.*

compute.regionHealthChecks.create
compute.regionHealthChecks.createTagBinding
compute.regionHealthChecks.delete
compute.regionHealthChecks.deleteTagBinding
compute.regionHealthChecks.get
compute.regionHealthChecks.list
compute.regionHealthChecks.listEffectiveTags
compute.regionHealthChecks.listTagBindings
compute.regionHealthChecks.update
compute.regionHealthChecks.use
compute.regionHealthChecks.useReadOnly

compute.regionHealthSources.*

compute.regionHealthSources.create
compute.regionHealthSources.delete
compute.regionHealthSources.get
compute.regionHealthSources.list
compute.regionHealthSources.update

compute.regionNetworkEndpointGroups.get

compute.regionNetworkEndpointGroups.list

compute.regionNetworkEndpointGroups.listEffectiveTags

compute.regionNetworkEndpointGroups.listTagBindings

compute.regionNetworkEndpointGroups.use

compute.regionNetworkPolicies.*

compute.regionNetworkPolicies.create
compute.regionNetworkPolicies.delete
compute.regionNetworkPolicies.get
compute.regionNetworkPolicies.list
compute.regionNetworkPolicies.update
compute.regionNetworkPolicies.use

compute.regionNotificationEndpoints.*

compute.regionNotificationEndpoints.create
compute.regionNotificationEndpoints.delete
compute.regionNotificationEndpoints.get
compute.regionNotificationEndpoints.list
compute.regionNotificationEndpoints.update
compute.regionNotificationEndpoints.use

compute.regionOperations.get

compute.regionOperations.list

compute.regionSecurityPolicies.get

compute.regionSecurityPolicies.list

compute.regionSecurityPolicies.listEffectiveTags

compute.regionSecurityPolicies.listTagBindings

compute.regionSecurityPolicies.use

compute.regionSslCertificates.get

compute.regionSslCertificates.list

compute.regionSslCertificates.listEffectiveTags

compute.regionSslCertificates.listTagBindings

compute.regionSslPolicies.*

compute.regionSslPolicies.create
compute.regionSslPolicies.createTagBinding
compute.regionSslPolicies.delete
compute.regionSslPolicies.deleteTagBinding
compute.regionSslPolicies.get
compute.regionSslPolicies.list
compute.regionSslPolicies.listAvailableFeatures
compute.regionSslPolicies.listEffectiveTags
compute.regionSslPolicies.listTagBindings
compute.regionSslPolicies.update
compute.regionSslPolicies.use

compute.regionTargetHttpProxies.*

compute.regionTargetHttpProxies.create
compute.regionTargetHttpProxies.createTagBinding
compute.regionTargetHttpProxies.delete
compute.regionTargetHttpProxies.deleteTagBinding
compute.regionTargetHttpProxies.get
compute.regionTargetHttpProxies.list
compute.regionTargetHttpProxies.listEffectiveTags
compute.regionTargetHttpProxies.listTagBindings
compute.regionTargetHttpProxies.setUrlMap
compute.regionTargetHttpProxies.use

compute.regionTargetHttpsProxies.*

compute.regionTargetHttpsProxies.create
compute.regionTargetHttpsProxies.createTagBinding
compute.regionTargetHttpsProxies.delete
compute.regionTargetHttpsProxies.deleteTagBinding
compute.regionTargetHttpsProxies.get
compute.regionTargetHttpsProxies.list
compute.regionTargetHttpsProxies.listEffectiveTags
compute.regionTargetHttpsProxies.listTagBindings
compute.regionTargetHttpsProxies.setSslCertificates
compute.regionTargetHttpsProxies.setUrlMap
compute.regionTargetHttpsProxies.update
compute.regionTargetHttpsProxies.use

compute.regionTargetTcpProxies.*

compute.regionTargetTcpProxies.create
compute.regionTargetTcpProxies.createTagBinding
compute.regionTargetTcpProxies.delete
compute.regionTargetTcpProxies.deleteTagBinding
compute.regionTargetTcpProxies.get
compute.regionTargetTcpProxies.list
compute.regionTargetTcpProxies.listEffectiveTags
compute.regionTargetTcpProxies.listTagBindings
compute.regionTargetTcpProxies.use

compute.regionUrlMaps.*

compute.regionUrlMaps.create
compute.regionUrlMaps.createTagBinding
compute.regionUrlMaps.delete
compute.regionUrlMaps.deleteTagBinding
compute.regionUrlMaps.get
compute.regionUrlMaps.invalidateCache
compute.regionUrlMaps.list
compute.regionUrlMaps.listEffectiveTags
compute.regionUrlMaps.listTagBindings
compute.regionUrlMaps.update
compute.regionUrlMaps.use
compute.regionUrlMaps.validate

compute.regions.*

compute.regions.get
compute.regions.list

compute.routers.*

compute.routers.create
compute.routers.createTagBinding
compute.routers.delete
compute.routers.deleteRoutePolicy
compute.routers.deleteTagBinding
compute.routers.get
compute.routers.getRoutePolicy
compute.routers.list
compute.routers.listBgpRoutes
compute.routers.listEffectiveTags
compute.routers.listRoutePolicies
compute.routers.listTagBindings
compute.routers.update
compute.routers.updateRoutePolicy
compute.routers.use

compute.routes.*

compute.routes.create
compute.routes.createTagBinding
compute.routes.delete
compute.routes.deleteTagBinding
compute.routes.get
compute.routes.list
compute.routes.listEffectiveTags
compute.routes.listTagBindings

compute.securityPolicies.get

compute.securityPolicies.list

compute.securityPolicies.listEffectiveTags

compute.securityPolicies.listTagBindings

compute.securityPolicies.use

compute.serviceAttachments.*

compute.serviceAttachments.create
compute.serviceAttachments.createTagBinding
compute.serviceAttachments.delete
compute.serviceAttachments.deleteTagBinding
compute.serviceAttachments.get
compute.serviceAttachments.getIamPolicy
compute.serviceAttachments.list
compute.serviceAttachments.listEffectiveTags
compute.serviceAttachments.listTagBindings
compute.serviceAttachments.setIamPolicy
compute.serviceAttachments.update
compute.serviceAttachments.use

compute.snapshots.listEffectiveTags

compute.snapshots.listTagBindings

compute.sslCertificates.get

compute.sslCertificates.list

compute.sslCertificates.listEffectiveTags

compute.sslCertificates.listTagBindings

compute.sslPolicies.*

compute.sslPolicies.create
compute.sslPolicies.createTagBinding
compute.sslPolicies.delete
compute.sslPolicies.deleteTagBinding
compute.sslPolicies.get
compute.sslPolicies.list
compute.sslPolicies.listAvailableFeatures
compute.sslPolicies.listEffectiveTags
compute.sslPolicies.listTagBindings
compute.sslPolicies.update
compute.sslPolicies.use

compute.subnetworks.*

compute.subnetworks.create
compute.subnetworks.createTagBinding
compute.subnetworks.delete
compute.subnetworks.deleteTagBinding
compute.subnetworks.expandIpCidrRange
compute.subnetworks.get
compute.subnetworks.getIamPolicy
compute.subnetworks.list
compute.subnetworks.listEffectiveTags
compute.subnetworks.listTagBindings
compute.subnetworks.mirror
compute.subnetworks.setIamPolicy
compute.subnetworks.setPrivateIpGoogleAccess
compute.subnetworks.update
compute.subnetworks.use
compute.subnetworks.useExternalIp
compute.subnetworks.usePeerMigration

compute.targetGrpcProxies.*

compute.targetGrpcProxies.create
compute.targetGrpcProxies.createTagBinding
compute.targetGrpcProxies.delete
compute.targetGrpcProxies.deleteTagBinding
compute.targetGrpcProxies.get
compute.targetGrpcProxies.list
compute.targetGrpcProxies.listEffectiveTags
compute.targetGrpcProxies.listTagBindings
compute.targetGrpcProxies.update
compute.targetGrpcProxies.use

compute.targetHttpProxies.*

compute.targetHttpProxies.create
compute.targetHttpProxies.createTagBinding
compute.targetHttpProxies.delete
compute.targetHttpProxies.deleteTagBinding
compute.targetHttpProxies.get
compute.targetHttpProxies.list
compute.targetHttpProxies.listEffectiveTags
compute.targetHttpProxies.listTagBindings
compute.targetHttpProxies.setUrlMap
compute.targetHttpProxies.update
compute.targetHttpProxies.use

compute.targetHttpsProxies.*

compute.targetHttpsProxies.create
compute.targetHttpsProxies.createTagBinding
compute.targetHttpsProxies.delete
compute.targetHttpsProxies.deleteTagBinding
compute.targetHttpsProxies.get
compute.targetHttpsProxies.list
compute.targetHttpsProxies.listEffectiveTags
compute.targetHttpsProxies.listTagBindings
compute.targetHttpsProxies.setCertificateMap
compute.targetHttpsProxies.setQuicOverride
compute.targetHttpsProxies.setSslCertificates
compute.targetHttpsProxies.setSslPolicy
compute.targetHttpsProxies.setUrlMap
compute.targetHttpsProxies.update
compute.targetHttpsProxies.use

compute.targetInstances.*

compute.targetInstances.create
compute.targetInstances.createTagBinding
compute.targetInstances.delete
compute.targetInstances.deleteTagBinding
compute.targetInstances.get
compute.targetInstances.list
compute.targetInstances.listEffectiveTags
compute.targetInstances.listTagBindings
compute.targetInstances.setSecurityPolicy
compute.targetInstances.use

compute.targetPools.*

compute.targetPools.addHealthCheck
compute.targetPools.addInstance
compute.targetPools.create
compute.targetPools.createTagBinding
compute.targetPools.delete
compute.targetPools.deleteTagBinding
compute.targetPools.get
compute.targetPools.list
compute.targetPools.listEffectiveTags
compute.targetPools.listTagBindings
compute.targetPools.removeHealthCheck
compute.targetPools.removeInstance
compute.targetPools.setSecurityPolicy
compute.targetPools.update
compute.targetPools.use

compute.targetSslProxies.*

compute.targetSslProxies.create
compute.targetSslProxies.createTagBinding
compute.targetSslProxies.delete
compute.targetSslProxies.deleteTagBinding
compute.targetSslProxies.get
compute.targetSslProxies.list
compute.targetSslProxies.listEffectiveTags
compute.targetSslProxies.listTagBindings
compute.targetSslProxies.setBackendService
compute.targetSslProxies.setCertificateMap
compute.targetSslProxies.setProxyHeader
compute.targetSslProxies.setSslCertificates
compute.targetSslProxies.setSslPolicy
compute.targetSslProxies.update
compute.targetSslProxies.use

compute.targetTcpProxies.*

compute.targetTcpProxies.create
compute.targetTcpProxies.createTagBinding
compute.targetTcpProxies.delete
compute.targetTcpProxies.deleteTagBinding
compute.targetTcpProxies.get
compute.targetTcpProxies.list
compute.targetTcpProxies.listEffectiveTags
compute.targetTcpProxies.listTagBindings
compute.targetTcpProxies.update
compute.targetTcpProxies.use

compute.targetVpnGateways.*

compute.targetVpnGateways.create
compute.targetVpnGateways.createTagBinding
compute.targetVpnGateways.delete
compute.targetVpnGateways.deleteTagBinding
compute.targetVpnGateways.get
compute.targetVpnGateways.list
compute.targetVpnGateways.listEffectiveTags
compute.targetVpnGateways.listTagBindings
compute.targetVpnGateways.setLabels
compute.targetVpnGateways.use

compute.urlMaps.*

compute.urlMaps.create
compute.urlMaps.createTagBinding
compute.urlMaps.delete
compute.urlMaps.deleteTagBinding
compute.urlMaps.get
compute.urlMaps.invalidateCache
compute.urlMaps.list
compute.urlMaps.listEffectiveTags
compute.urlMaps.listTagBindings
compute.urlMaps.update
compute.urlMaps.use
compute.urlMaps.validate

compute.vpnGateways.*

compute.vpnGateways.create
compute.vpnGateways.createTagBinding
compute.vpnGateways.delete
compute.vpnGateways.deleteTagBinding
compute.vpnGateways.get
compute.vpnGateways.list
compute.vpnGateways.listEffectiveTags
compute.vpnGateways.listTagBindings
compute.vpnGateways.setLabels
compute.vpnGateways.use

compute.vpnTunnels.*

compute.vpnTunnels.create
compute.vpnTunnels.createTagBinding
compute.vpnTunnels.delete
compute.vpnTunnels.deleteTagBinding
compute.vpnTunnels.get
compute.vpnTunnels.list
compute.vpnTunnels.listEffectiveTags
compute.vpnTunnels.listTagBindings
compute.vpnTunnels.setLabels

compute.wireGroups.*

compute.wireGroups.create
compute.wireGroups.delete
compute.wireGroups.get
compute.wireGroups.list
compute.wireGroups.update

compute.zoneOperations.get

compute.zoneOperations.list

compute.zones.*

compute.zones.get
compute.zones.list

networkconnectivity.internalRanges.*

networkconnectivity.internalRanges.create
networkconnectivity.internalRanges.delete
networkconnectivity.internalRanges.get
networkconnectivity.internalRanges.getIamPolicy
networkconnectivity.internalRanges.list
networkconnectivity.internalRanges.setIamPolicy
networkconnectivity.internalRanges.update

networkconnectivity.locations.*

networkconnectivity.locations.get
networkconnectivity.locations.list

networkconnectivity.operations.*

networkconnectivity.operations.cancel
networkconnectivity.operations.delete
networkconnectivity.operations.get
networkconnectivity.operations.list

networkconnectivity.policyBasedRoutes.*

networkconnectivity.policyBasedRoutes.create
networkconnectivity.policyBasedRoutes.delete
networkconnectivity.policyBasedRoutes.get
networkconnectivity.policyBasedRoutes.getIamPolicy
networkconnectivity.policyBasedRoutes.list
networkconnectivity.policyBasedRoutes.setIamPolicy

networkconnectivity.regionalEndpoints.*

networkconnectivity.regionalEndpoints.create
networkconnectivity.regionalEndpoints.delete
networkconnectivity.regionalEndpoints.get
networkconnectivity.regionalEndpoints.list

networkconnectivity.serviceClasses.*

networkconnectivity.serviceClasses.create
networkconnectivity.serviceClasses.delete
networkconnectivity.serviceClasses.get
networkconnectivity.serviceClasses.list
networkconnectivity.serviceClasses.update
networkconnectivity.serviceClasses.use

networkconnectivity.serviceConnectionMaps.*

networkconnectivity.serviceConnectionMaps.create
networkconnectivity.serviceConnectionMaps.delete
networkconnectivity.serviceConnectionMaps.get
networkconnectivity.serviceConnectionMaps.list
networkconnectivity.serviceConnectionMaps.update

networkconnectivity.serviceConnectionPolicies.*

networkconnectivity.serviceConnectionPolicies.create
networkconnectivity.serviceConnectionPolicies.delete
networkconnectivity.serviceConnectionPolicies.get
networkconnectivity.serviceConnectionPolicies.list
networkconnectivity.serviceConnectionPolicies.update

networkmanagement.connectivitytests.get

networkmanagement.connectivitytests.list

networksecurity.addressGroups.*

networksecurity.addressGroups.create
networksecurity.addressGroups.delete
networksecurity.addressGroups.get
networksecurity.addressGroups.getIamPolicy
networksecurity.addressGroups.list
networksecurity.addressGroups.setIamPolicy
networksecurity.addressGroups.update
networksecurity.addressGroups.use

networksecurity.authorizationPolicies.*

networksecurity.authorizationPolicies.create
networksecurity.authorizationPolicies.delete
networksecurity.authorizationPolicies.get
networksecurity.authorizationPolicies.getIamPolicy
networksecurity.authorizationPolicies.list
networksecurity.authorizationPolicies.setIamPolicy
networksecurity.authorizationPolicies.update
networksecurity.authorizationPolicies.use

networksecurity.authzPolicies.*

networksecurity.authzPolicies.create
networksecurity.authzPolicies.delete
networksecurity.authzPolicies.get
networksecurity.authzPolicies.getIamPolicy
networksecurity.authzPolicies.list
networksecurity.authzPolicies.setIamPolicy
networksecurity.authzPolicies.update

networksecurity.backendAuthenticationConfigs.*

networksecurity.backendAuthenticationConfigs.create
networksecurity.backendAuthenticationConfigs.delete
networksecurity.backendAuthenticationConfigs.get
networksecurity.backendAuthenticationConfigs.list
networksecurity.backendAuthenticationConfigs.update
networksecurity.backendAuthenticationConfigs.use

networksecurity.clientTlsPolicies.*

networksecurity.clientTlsPolicies.create
networksecurity.clientTlsPolicies.delete
networksecurity.clientTlsPolicies.get
networksecurity.clientTlsPolicies.getIamPolicy
networksecurity.clientTlsPolicies.list
networksecurity.clientTlsPolicies.setIamPolicy
networksecurity.clientTlsPolicies.update
networksecurity.clientTlsPolicies.use

networksecurity.firewallEndpointAssociations.*

networksecurity.firewallEndpointAssociations.create
networksecurity.firewallEndpointAssociations.delete
networksecurity.firewallEndpointAssociations.get
networksecurity.firewallEndpointAssociations.list
networksecurity.firewallEndpointAssociations.update

networksecurity.firewallEndpoints.*

networksecurity.firewallEndpoints.create
networksecurity.firewallEndpoints.delete
networksecurity.firewallEndpoints.get
networksecurity.firewallEndpoints.list
networksecurity.firewallEndpoints.update
networksecurity.firewallEndpoints.use

networksecurity.gatewaySecurityPolicies.*

networksecurity.gatewaySecurityPolicies.create
networksecurity.gatewaySecurityPolicies.delete
networksecurity.gatewaySecurityPolicies.get
networksecurity.gatewaySecurityPolicies.list
networksecurity.gatewaySecurityPolicies.update
networksecurity.gatewaySecurityPolicies.use

networksecurity.gatewaySecurityPolicyRules.*

networksecurity.gatewaySecurityPolicyRules.create
networksecurity.gatewaySecurityPolicyRules.delete
networksecurity.gatewaySecurityPolicyRules.get
networksecurity.gatewaySecurityPolicyRules.list
networksecurity.gatewaySecurityPolicyRules.update
networksecurity.gatewaySecurityPolicyRules.use

networksecurity.locations.*

networksecurity.locations.get
networksecurity.locations.list

networksecurity.operations.*

networksecurity.operations.cancel
networksecurity.operations.delete
networksecurity.operations.get
networksecurity.operations.list

networksecurity.sacAttachments.*

networksecurity.sacAttachments.create
networksecurity.sacAttachments.delete
networksecurity.sacAttachments.get
networksecurity.sacAttachments.list

networksecurity.sacRealms.*

networksecurity.sacRealms.create
networksecurity.sacRealms.delete
networksecurity.sacRealms.get
networksecurity.sacRealms.list

networksecurity.securityProfileGroups.*

networksecurity.securityProfileGroups.create
networksecurity.securityProfileGroups.delete
networksecurity.securityProfileGroups.get
networksecurity.securityProfileGroups.list
networksecurity.securityProfileGroups.update
networksecurity.securityProfileGroups.use

networksecurity.securityProfiles.*

networksecurity.securityProfiles.create
networksecurity.securityProfiles.delete
networksecurity.securityProfiles.get
networksecurity.securityProfiles.list
networksecurity.securityProfiles.update
networksecurity.securityProfiles.use

networksecurity.serverTlsPolicies.*

networksecurity.serverTlsPolicies.create
networksecurity.serverTlsPolicies.delete
networksecurity.serverTlsPolicies.get
networksecurity.serverTlsPolicies.getIamPolicy
networksecurity.serverTlsPolicies.list
networksecurity.serverTlsPolicies.setIamPolicy
networksecurity.serverTlsPolicies.update
networksecurity.serverTlsPolicies.use

networksecurity.tlsInspectionPolicies.*

networksecurity.tlsInspectionPolicies.create
networksecurity.tlsInspectionPolicies.delete
networksecurity.tlsInspectionPolicies.get
networksecurity.tlsInspectionPolicies.list
networksecurity.tlsInspectionPolicies.update
networksecurity.tlsInspectionPolicies.use

networksecurity.urlLists.*

networksecurity.urlLists.create
networksecurity.urlLists.delete
networksecurity.urlLists.get
networksecurity.urlLists.list
networksecurity.urlLists.update
networksecurity.urlLists.use

networkservices.*

networkservices.authzExtensions.create
networkservices.authzExtensions.delete
networkservices.authzExtensions.get
networkservices.authzExtensions.list
networkservices.authzExtensions.update
networkservices.authzExtensions.use
networkservices.endpointPolicies.create
networkservices.endpointPolicies.delete
networkservices.endpointPolicies.get
networkservices.endpointPolicies.list
networkservices.endpointPolicies.update
networkservices.gateways.create
networkservices.gateways.delete
networkservices.gateways.get
networkservices.gateways.list
networkservices.gateways.update
networkservices.gateways.use
networkservices.grpcRoutes.create
networkservices.grpcRoutes.delete
networkservices.grpcRoutes.get
networkservices.grpcRoutes.list
networkservices.grpcRoutes.update
networkservices.httpFilters.create
networkservices.httpFilters.delete
networkservices.httpFilters.get
networkservices.httpFilters.list
networkservices.httpFilters.update
networkservices.httpRoutes.create
networkservices.httpRoutes.delete
networkservices.httpRoutes.get
networkservices.httpRoutes.list
networkservices.httpRoutes.update
networkservices.httpfilters.create
networkservices.httpfilters.delete
networkservices.httpfilters.get
networkservices.httpfilters.getIamPolicy
networkservices.httpfilters.list
networkservices.httpfilters.setIamPolicy
networkservices.httpfilters.update
networkservices.httpfilters.use
networkservices.lbEdgeExtensions.create
networkservices.lbEdgeExtensions.delete
networkservices.lbEdgeExtensions.get
networkservices.lbEdgeExtensions.list
networkservices.lbEdgeExtensions.update
networkservices.lbRouteExtensions.create
networkservices.lbRouteExtensions.delete
networkservices.lbRouteExtensions.get
networkservices.lbRouteExtensions.list
networkservices.lbRouteExtensions.update
networkservices.lbTcpExtensions.createForNetwork
networkservices.lbTcpExtensions.deleteForNetwork
networkservices.lbTcpExtensions.getForNetwork
networkservices.lbTcpExtensions.listForNetwork
networkservices.lbTcpExtensions.updateForNetwork
networkservices.lbTrafficExtensions.create
networkservices.lbTrafficExtensions.delete
networkservices.lbTrafficExtensions.get
networkservices.lbTrafficExtensions.list
networkservices.lbTrafficExtensions.update
networkservices.locations.get
networkservices.locations.list
networkservices.meshes.create
networkservices.meshes.delete
networkservices.meshes.get
networkservices.meshes.list
networkservices.meshes.update
networkservices.meshes.use
networkservices.operations.cancel
networkservices.operations.delete
networkservices.operations.get
networkservices.operations.list
networkservices.route_views.get
networkservices.route_views.list
networkservices.serviceBindings.create
networkservices.serviceBindings.delete
networkservices.serviceBindings.get
networkservices.serviceBindings.list
networkservices.serviceBindings.update
networkservices.serviceLbPolicies.create
networkservices.serviceLbPolicies.delete
networkservices.serviceLbPolicies.get
networkservices.serviceLbPolicies.list
networkservices.serviceLbPolicies.update
networkservices.swpSecurityExtensions.create
networkservices.swpSecurityExtensions.delete
networkservices.swpSecurityExtensions.get
networkservices.swpSecurityExtensions.list
networkservices.swpSecurityExtensions.update
networkservices.tcpRoutes.create
networkservices.tcpRoutes.delete
networkservices.tcpRoutes.get
networkservices.tcpRoutes.list
networkservices.tcpRoutes.update
networkservices.tlsRoutes.create
networkservices.tlsRoutes.delete
networkservices.tlsRoutes.get
networkservices.tlsRoutes.list
networkservices.tlsRoutes.update
networkservices.wasmPlugins.create
networkservices.wasmPlugins.delete
networkservices.wasmPlugins.get
networkservices.wasmPlugins.list
networkservices.wasmPlugins.update
networkservices.wasmPlugins.use

resourcemanager.projects.get

resourcemanager.projects.list

servicedirectory.namespaces.create

servicedirectory.namespaces.delete

servicedirectory.services.create

servicedirectory.services.delete

servicenetworking.operations.get

servicenetworking.services.addPeering

servicenetworking.services.createPeeredDnsDomain

servicenetworking.services.deleteConnection

servicenetworking.services.deletePeeredDnsDomain

servicenetworking.services.disableVpcServiceControls

servicenetworking.services.enableVpcServiceControls

servicenetworking.services.get

servicenetworking.services.getVpcServiceControls

servicenetworking.services.listPeeredDnsDomains

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

trafficdirector.*

trafficdirector.networks.getConfigs
trafficdirector.networks.reportMetrics

Compute Network User

(roles/compute.networkUser)

Provides access to a shared VPC network

Once granted, service owners can use VPC networks and subnets that belong to the host project. For example, a network user can create a VM instance that belongs to a host project network but they cannot delete or create new networks in the host project.

Lowest-level resources where you can grant this role:

Subnetwork

compute.addresses.createInternal

compute.addresses.deleteInternal

compute.addresses.get

compute.addresses.list

compute.addresses.listEffectiveTags

compute.addresses.listTagBindings

compute.addresses.useInternal

compute.crossSiteNetworks.get

compute.crossSiteNetworks.list

compute.externalVpnGateways.get

compute.externalVpnGateways.list

compute.externalVpnGateways.listEffectiveTags

compute.externalVpnGateways.listTagBindings

compute.externalVpnGateways.use

compute.firewalls.get

compute.firewalls.list

compute.firewalls.listEffectiveTags

compute.firewalls.listTagBindings

compute.instanceSettings.get

compute.interconnectAttachmentGroups.get

compute.interconnectAttachmentGroups.list

compute.interconnectAttachments.get

compute.interconnectAttachments.list

compute.interconnectAttachments.listEffectiveTags

compute.interconnectAttachments.listTagBindings

compute.interconnectGroups.get

compute.interconnectGroups.list

compute.interconnectLocations.*

compute.interconnectLocations.get
compute.interconnectLocations.list

compute.interconnectRemoteLocations.*

compute.interconnectRemoteLocations.get
compute.interconnectRemoteLocations.list

compute.interconnects.get

compute.interconnects.list

compute.interconnects.listEffectiveTags

compute.interconnects.listTagBindings

compute.interconnects.use

compute.networkAttachments.get

compute.networkAttachments.list

compute.networkAttachments.listEffectiveTags

compute.networkAttachments.listTagBindings

compute.networkProfiles.*

compute.networkProfiles.get
compute.networkProfiles.list

compute.networks.access

compute.networks.get

compute.networks.getEffectiveFirewalls

compute.networks.getRegionEffectiveFirewalls

compute.networks.list

compute.networks.listEffectiveTags

compute.networks.listPeeringRoutes

compute.networks.listTagBindings

compute.networks.use

compute.networks.useExternalIp

compute.projects.get

compute.regionCompositeHealthChecks.get

compute.regionCompositeHealthChecks.list

compute.regionHealthAggregationPolicies.get

compute.regionHealthAggregationPolicies.list

compute.regionHealthSources.get

compute.regionHealthSources.list

compute.regionNetworkPolicies.get

compute.regionNetworkPolicies.list

compute.regionNetworkPolicies.use

compute.regions.*

compute.regions.get
compute.regions.list

compute.routers.get

compute.routers.getRoutePolicy

compute.routers.list

compute.routers.listBgpRoutes

compute.routers.listEffectiveTags

compute.routers.listRoutePolicies

compute.routers.listTagBindings

compute.routes.get

compute.routes.list

compute.routes.listEffectiveTags

compute.routes.listTagBindings

compute.serviceAttachments.get

compute.serviceAttachments.list

compute.serviceAttachments.listEffectiveTags

compute.serviceAttachments.listTagBindings

compute.subnetworks.get

compute.subnetworks.list

compute.subnetworks.listEffectiveTags

compute.subnetworks.listTagBindings

compute.subnetworks.use

compute.subnetworks.useExternalIp

compute.targetVpnGateways.get

compute.targetVpnGateways.list

compute.targetVpnGateways.listEffectiveTags

compute.targetVpnGateways.listTagBindings

compute.vpnGateways.get

compute.vpnGateways.list

compute.vpnGateways.listEffectiveTags

compute.vpnGateways.listTagBindings

compute.vpnGateways.use

compute.vpnTunnels.get

compute.vpnTunnels.list

compute.vpnTunnels.listEffectiveTags

compute.vpnTunnels.listTagBindings

compute.wireGroups.get

compute.wireGroups.list

compute.zones.*

compute.zones.get
compute.zones.list

networkconnectivity.internalRanges.get

networkconnectivity.internalRanges.list

networkconnectivity.locations.*

networkconnectivity.locations.get
networkconnectivity.locations.list

networkconnectivity.operations.get

networkconnectivity.operations.list

networkconnectivity.policyBasedRoutes.get

networkconnectivity.policyBasedRoutes.list

networkmanagement.connectivitytests.get

networkmanagement.connectivitytests.list

networksecurity.addressGroups.get

networksecurity.addressGroups.list

networksecurity.addressGroups.use

networksecurity.authorizationPolicies.get

networksecurity.authorizationPolicies.list

networksecurity.authorizationPolicies.use

networksecurity.authzPolicies.get

networksecurity.authzPolicies.list

networksecurity.clientTlsPolicies.get

networksecurity.clientTlsPolicies.list

networksecurity.clientTlsPolicies.use

networksecurity.firewallEndpointAssociations.get

networksecurity.firewallEndpointAssociations.list

networksecurity.firewallEndpoints.get

networksecurity.firewallEndpoints.list

networksecurity.firewallEndpoints.use

networksecurity.gatewaySecurityPolicies.get

networksecurity.gatewaySecurityPolicies.list

networksecurity.gatewaySecurityPolicies.use

networksecurity.gatewaySecurityPolicyRules.get

networksecurity.gatewaySecurityPolicyRules.list

networksecurity.gatewaySecurityPolicyRules.use

networksecurity.locations.*

networksecurity.locations.get
networksecurity.locations.list

networksecurity.operations.get

networksecurity.operations.list

networksecurity.sacAttachments.*

networksecurity.sacAttachments.create
networksecurity.sacAttachments.delete
networksecurity.sacAttachments.get
networksecurity.sacAttachments.list

networksecurity.sacRealms.get

networksecurity.sacRealms.list

networksecurity.securityProfileGroups.get

networksecurity.securityProfileGroups.list

networksecurity.securityProfileGroups.use

networksecurity.securityProfiles.get

networksecurity.securityProfiles.list

networksecurity.securityProfiles.use

networksecurity.serverTlsPolicies.get

networksecurity.serverTlsPolicies.list

networksecurity.serverTlsPolicies.use

networksecurity.tlsInspectionPolicies.get

networksecurity.tlsInspectionPolicies.list

networksecurity.tlsInspectionPolicies.use

networksecurity.urlLists.get

networksecurity.urlLists.list

networksecurity.urlLists.use

networkservices.authzExtensions.get

networkservices.authzExtensions.list

networkservices.authzExtensions.use

networkservices.endpointPolicies.get

networkservices.endpointPolicies.list

networkservices.gateways.get

networkservices.gateways.list

networkservices.gateways.use

networkservices.grpcRoutes.get

networkservices.grpcRoutes.list

networkservices.httpFilters.get

networkservices.httpFilters.list

networkservices.httpRoutes.get

networkservices.httpRoutes.list

networkservices.httpfilters.get

networkservices.httpfilters.list

networkservices.httpfilters.use

networkservices.lbEdgeExtensions.get

networkservices.lbEdgeExtensions.list

networkservices.lbRouteExtensions.get

networkservices.lbRouteExtensions.list

networkservices.lbTrafficExtensions.get

networkservices.lbTrafficExtensions.list

networkservices.locations.*

networkservices.locations.get
networkservices.locations.list

networkservices.meshes.get

networkservices.meshes.list

networkservices.meshes.use

networkservices.operations.get

networkservices.operations.list

networkservices.route_views.*

networkservices.route_views.get
networkservices.route_views.list

networkservices.serviceBindings.get

networkservices.serviceBindings.list

networkservices.serviceLbPolicies.get

networkservices.serviceLbPolicies.list

networkservices.swpSecurityExtensions.get

networkservices.swpSecurityExtensions.list

networkservices.tcpRoutes.get

networkservices.tcpRoutes.list

networkservices.tlsRoutes.get

networkservices.tlsRoutes.list

networkservices.wasmPlugins.get

networkservices.wasmPlugins.list

networkservices.wasmPlugins.use

resourcemanager.projects.get

resourcemanager.projects.list

servicenetworking.services.get

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Compute Network Viewer

(roles/compute.networkViewer)

Read-only access to all networking resources

For example, if you have software that inspects your network configuration, you could grant this role to that software's service account.

Lowest-level resources where you can grant this role:

Instance

compute.acceleratorTypes.*

compute.acceleratorTypes.get
compute.acceleratorTypes.list

compute.addresses.get

compute.addresses.list

compute.addresses.listEffectiveTags

compute.addresses.listTagBindings

compute.autoscalers.get

compute.autoscalers.list

compute.backendBuckets.get

compute.backendBuckets.list

compute.backendBuckets.listEffectiveTags

compute.backendBuckets.listTagBindings

compute.backendServices.get

compute.backendServices.list

compute.backendServices.listEffectiveTags

compute.backendServices.listTagBindings

compute.crossSiteNetworks.get

compute.crossSiteNetworks.list

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.externalVpnGateways.get

compute.externalVpnGateways.list

compute.externalVpnGateways.listEffectiveTags

compute.externalVpnGateways.listTagBindings

compute.firewalls.get

compute.firewalls.list

compute.firewalls.listEffectiveTags

compute.firewalls.listTagBindings

compute.forwardingRules.get

compute.forwardingRules.list

compute.forwardingRules.listEffectiveTags

compute.forwardingRules.listTagBindings

compute.globalAddresses.get

compute.globalAddresses.list

compute.globalAddresses.listEffectiveTags

compute.globalAddresses.listTagBindings

compute.globalForwardingRules.get

compute.globalForwardingRules.list

compute.globalForwardingRules.listEffectiveTags

compute.globalForwardingRules.listTagBindings

compute.healthChecks.get

compute.healthChecks.list

compute.healthChecks.listEffectiveTags

compute.healthChecks.listTagBindings

compute.httpHealthChecks.get

compute.httpHealthChecks.list

compute.httpHealthChecks.listEffectiveTags

compute.httpHealthChecks.listTagBindings

compute.httpsHealthChecks.get

compute.httpsHealthChecks.list

compute.httpsHealthChecks.listEffectiveTags

compute.httpsHealthChecks.listTagBindings

compute.images.listEffectiveTags

compute.images.listTagBindings

compute.instanceGroupManagers.get

compute.instanceGroupManagers.list

compute.instanceGroupManagers.listEffectiveTags

compute.instanceGroupManagers.listTagBindings

compute.instanceGroups.get

compute.instanceGroups.list

compute.instanceGroups.listEffectiveTags

compute.instanceGroups.listTagBindings

compute.instanceSettings.get

compute.instances.get

compute.instances.getGuestAttributes

compute.instances.getScreenshot

compute.instances.getSerialPortOutput

compute.instances.list

compute.instances.listEffectiveTags

compute.instances.listReferrers

compute.instances.listTagBindings

compute.interconnectAttachmentGroups.get

compute.interconnectAttachmentGroups.list

compute.interconnectAttachments.get

compute.interconnectAttachments.list

compute.interconnectAttachments.listEffectiveTags

compute.interconnectAttachments.listTagBindings

compute.interconnectGroups.get

compute.interconnectGroups.list

compute.interconnectLocations.*

compute.interconnectLocations.get
compute.interconnectLocations.list

compute.interconnectRemoteLocations.*

compute.interconnectRemoteLocations.get
compute.interconnectRemoteLocations.list

compute.interconnects.get

compute.interconnects.list

compute.interconnects.listEffectiveTags

compute.interconnects.listTagBindings

compute.machineTypes.*

compute.machineTypes.get
compute.machineTypes.list

compute.networkAttachments.get

compute.networkAttachments.list

compute.networkAttachments.listEffectiveTags

compute.networkAttachments.listTagBindings

compute.networkProfiles.*

compute.networkProfiles.get
compute.networkProfiles.list

compute.networks.get

compute.networks.getEffectiveFirewalls

compute.networks.getRegionEffectiveFirewalls

compute.networks.list

compute.networks.listEffectiveTags

compute.networks.listPeeringRoutes

compute.networks.listTagBindings

compute.packetMirrorings.get

compute.packetMirrorings.list

compute.packetMirrorings.listEffectiveTags

compute.packetMirrorings.listTagBindings

compute.projects.get

compute.regionBackendBuckets.get

compute.regionBackendBuckets.list

compute.regionBackendBuckets.listEffectiveTags

compute.regionBackendBuckets.listTagBindings

compute.regionBackendServices.get

compute.regionBackendServices.list

compute.regionBackendServices.listEffectiveTags

compute.regionBackendServices.listTagBindings

compute.regionCompositeHealthChecks.get

compute.regionCompositeHealthChecks.list

compute.regionHealthAggregationPolicies.get

compute.regionHealthAggregationPolicies.list

compute.regionHealthCheckServices.get

compute.regionHealthCheckServices.list

compute.regionHealthChecks.get

compute.regionHealthChecks.list

compute.regionHealthChecks.listEffectiveTags

compute.regionHealthChecks.listTagBindings

compute.regionHealthSources.get

compute.regionHealthSources.list

compute.regionNetworkPolicies.get

compute.regionNetworkPolicies.list

compute.regionNotificationEndpoints.get

compute.regionNotificationEndpoints.list

compute.regionSslCertificates.get

compute.regionSslCertificates.list

compute.regionSslCertificates.listEffectiveTags

compute.regionSslCertificates.listTagBindings

compute.regionSslPolicies.get

compute.regionSslPolicies.list

compute.regionSslPolicies.listAvailableFeatures

compute.regionSslPolicies.listEffectiveTags

compute.regionSslPolicies.listTagBindings

compute.regionTargetHttpProxies.get

compute.regionTargetHttpProxies.list

compute.regionTargetHttpProxies.listEffectiveTags

compute.regionTargetHttpProxies.listTagBindings

compute.regionTargetHttpsProxies.get

compute.regionTargetHttpsProxies.list

compute.regionTargetHttpsProxies.listEffectiveTags

compute.regionTargetHttpsProxies.listTagBindings

compute.regionTargetTcpProxies.get

compute.regionTargetTcpProxies.list

compute.regionTargetTcpProxies.listEffectiveTags

compute.regionTargetTcpProxies.listTagBindings

compute.regionUrlMaps.get

compute.regionUrlMaps.list

compute.regionUrlMaps.listEffectiveTags

compute.regionUrlMaps.listTagBindings

compute.regions.*

compute.regions.get
compute.regions.list

compute.routers.get

compute.routers.getRoutePolicy

compute.routers.list

compute.routers.listBgpRoutes

compute.routers.listEffectiveTags

compute.routers.listRoutePolicies

compute.routers.listTagBindings

compute.routes.get

compute.routes.list

compute.routes.listEffectiveTags

compute.routes.listTagBindings

compute.serviceAttachments.get

compute.serviceAttachments.list

compute.serviceAttachments.listEffectiveTags

compute.serviceAttachments.listTagBindings

compute.snapshots.listEffectiveTags

compute.snapshots.listTagBindings

compute.sslCertificates.get

compute.sslCertificates.list

compute.sslCertificates.listEffectiveTags

compute.sslCertificates.listTagBindings

compute.sslPolicies.get

compute.sslPolicies.list

compute.sslPolicies.listAvailableFeatures

compute.sslPolicies.listEffectiveTags

compute.sslPolicies.listTagBindings

compute.subnetworks.get

compute.subnetworks.list

compute.subnetworks.listEffectiveTags

compute.subnetworks.listTagBindings

compute.targetGrpcProxies.get

compute.targetGrpcProxies.list

compute.targetGrpcProxies.listEffectiveTags

compute.targetGrpcProxies.listTagBindings

compute.targetHttpProxies.get

compute.targetHttpProxies.list

compute.targetHttpProxies.listEffectiveTags

compute.targetHttpProxies.listTagBindings

compute.targetHttpsProxies.get

compute.targetHttpsProxies.list

compute.targetHttpsProxies.listEffectiveTags

compute.targetHttpsProxies.listTagBindings

compute.targetInstances.get

compute.targetInstances.list

compute.targetInstances.listEffectiveTags

compute.targetInstances.listTagBindings

compute.targetPools.get

compute.targetPools.list

compute.targetPools.listEffectiveTags

compute.targetPools.listTagBindings

compute.targetSslProxies.get

compute.targetSslProxies.list

compute.targetSslProxies.listEffectiveTags

compute.targetSslProxies.listTagBindings

compute.targetTcpProxies.get

compute.targetTcpProxies.list

compute.targetTcpProxies.listEffectiveTags

compute.targetTcpProxies.listTagBindings

compute.targetVpnGateways.get

compute.targetVpnGateways.list

compute.targetVpnGateways.listEffectiveTags

compute.targetVpnGateways.listTagBindings

compute.urlMaps.get

compute.urlMaps.list

compute.urlMaps.listEffectiveTags

compute.urlMaps.listTagBindings

compute.vpnGateways.get

compute.vpnGateways.list

compute.vpnGateways.listEffectiveTags

compute.vpnGateways.listTagBindings

compute.vpnTunnels.get

compute.vpnTunnels.list

compute.vpnTunnels.listEffectiveTags

compute.vpnTunnels.listTagBindings

compute.wireGroups.get

compute.wireGroups.list

compute.zones.*

compute.zones.get
compute.zones.list

networkconnectivity.internalRanges.get

networkconnectivity.internalRanges.list

networkconnectivity.locations.*

networkconnectivity.locations.get
networkconnectivity.locations.list

networkconnectivity.operations.get

networkconnectivity.operations.list

networkconnectivity.policyBasedRoutes.get

networkconnectivity.policyBasedRoutes.list

networkmanagement.connectivitytests.get

networkmanagement.connectivitytests.list

networksecurity.addressGroups.get

networksecurity.addressGroups.list

networksecurity.authorizationPolicies.get

networksecurity.authorizationPolicies.list

networksecurity.authzPolicies.get

networksecurity.authzPolicies.list

networksecurity.clientTlsPolicies.get

networksecurity.clientTlsPolicies.list

networksecurity.firewallEndpointAssociations.get

networksecurity.firewallEndpointAssociations.list

networksecurity.firewallEndpoints.get

networksecurity.firewallEndpoints.list

networksecurity.gatewaySecurityPolicies.get

networksecurity.gatewaySecurityPolicies.list

networksecurity.gatewaySecurityPolicyRules.get

networksecurity.gatewaySecurityPolicyRules.list

networksecurity.locations.*

networksecurity.locations.get
networksecurity.locations.list

networksecurity.operations.get

networksecurity.operations.list

networksecurity.sacAttachments.get

networksecurity.sacAttachments.list

networksecurity.sacRealms.get

networksecurity.sacRealms.list

networksecurity.securityProfileGroups.get

networksecurity.securityProfileGroups.list

networksecurity.securityProfiles.get

networksecurity.securityProfiles.list

networksecurity.serverTlsPolicies.get

networksecurity.serverTlsPolicies.list

networksecurity.tlsInspectionPolicies.get

networksecurity.tlsInspectionPolicies.list

networksecurity.urlLists.get

networksecurity.urlLists.list

networkservices.authzExtensions.get

networkservices.authzExtensions.list

networkservices.endpointPolicies.get

networkservices.endpointPolicies.list

networkservices.gateways.get

networkservices.gateways.list

networkservices.grpcRoutes.get

networkservices.grpcRoutes.list

networkservices.httpFilters.get

networkservices.httpFilters.list

networkservices.httpRoutes.get

networkservices.httpRoutes.list

networkservices.httpfilters.get

networkservices.httpfilters.list

networkservices.lbEdgeExtensions.get

networkservices.lbEdgeExtensions.list

networkservices.lbRouteExtensions.get

networkservices.lbRouteExtensions.list

networkservices.lbTrafficExtensions.get

networkservices.lbTrafficExtensions.list

networkservices.locations.*

networkservices.locations.get
networkservices.locations.list

networkservices.meshes.get

networkservices.meshes.list

networkservices.operations.get

networkservices.operations.list

networkservices.route_views.*

networkservices.route_views.get
networkservices.route_views.list

networkservices.serviceBindings.get

networkservices.serviceBindings.list

networkservices.serviceLbPolicies.get

networkservices.serviceLbPolicies.list

networkservices.swpSecurityExtensions.get

networkservices.swpSecurityExtensions.list

networkservices.tcpRoutes.get

networkservices.tcpRoutes.list

networkservices.tlsRoutes.get

networkservices.tlsRoutes.list

networkservices.wasmPlugins.get

networkservices.wasmPlugins.list

resourcemanager.projects.get

resourcemanager.projects.list

servicenetworking.services.get

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

trafficdirector.*

trafficdirector.networks.getConfigs
trafficdirector.networks.reportMetrics

Compute Organization Firewall Policy Admin

(roles/compute.orgFirewallPolicyAdmin)

Full control of Compute Engine Organization Firewall Policies.

compute.firewallPolicies.*

compute.firewallPolicies.cloneRules
compute.firewallPolicies.copyRules
compute.firewallPolicies.create
compute.firewallPolicies.createTagBinding
compute.firewallPolicies.delete
compute.firewallPolicies.deleteTagBinding
compute.firewallPolicies.get
compute.firewallPolicies.getIamPolicy
compute.firewallPolicies.list
compute.firewallPolicies.listEffectiveTags
compute.firewallPolicies.listTagBindings
compute.firewallPolicies.move
compute.firewallPolicies.setIamPolicy
compute.firewallPolicies.update
compute.firewallPolicies.use

compute.globalOperations.get

compute.globalOperations.getIamPolicy

compute.globalOperations.list

compute.globalOperations.setIamPolicy

compute.projects.get

compute.regionFirewallPolicies.*

compute.regionFirewallPolicies.cloneRules
compute.regionFirewallPolicies.create
compute.regionFirewallPolicies.createTagBinding
compute.regionFirewallPolicies.delete
compute.regionFirewallPolicies.deleteTagBinding
compute.regionFirewallPolicies.get
compute.regionFirewallPolicies.getIamPolicy
compute.regionFirewallPolicies.list
compute.regionFirewallPolicies.listEffectiveTags
compute.regionFirewallPolicies.listTagBindings
compute.regionFirewallPolicies.setIamPolicy
compute.regionFirewallPolicies.update
compute.regionFirewallPolicies.use

compute.regionOperations.get

compute.regionOperations.getIamPolicy

compute.regionOperations.list

compute.regionOperations.setIamPolicy

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Compute Organization Firewall Policy User

(roles/compute.orgFirewallPolicyUser)

View or use Compute Engine Firewall Policies to associate with the organization or folders.

compute.firewallPolicies.get

compute.firewallPolicies.list

compute.firewallPolicies.listEffectiveTags

compute.firewallPolicies.listTagBindings

compute.firewallPolicies.use

compute.globalOperations.get

compute.globalOperations.getIamPolicy

compute.globalOperations.list

compute.projects.get

compute.regionFirewallPolicies.get

compute.regionFirewallPolicies.list

compute.regionFirewallPolicies.listEffectiveTags

compute.regionFirewallPolicies.listTagBindings

compute.regionFirewallPolicies.use

compute.regionOperations.get

compute.regionOperations.getIamPolicy

compute.regionOperations.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Compute Organization Security Policy Admin

(roles/compute.orgSecurityPolicyAdmin)

Full control of Compute Engine Organization Security Policies.

compute.firewallPolicies.*

compute.firewallPolicies.cloneRules
compute.firewallPolicies.copyRules
compute.firewallPolicies.create
compute.firewallPolicies.createTagBinding
compute.firewallPolicies.delete
compute.firewallPolicies.deleteTagBinding
compute.firewallPolicies.get
compute.firewallPolicies.getIamPolicy
compute.firewallPolicies.list
compute.firewallPolicies.listEffectiveTags
compute.firewallPolicies.listTagBindings
compute.firewallPolicies.move
compute.firewallPolicies.setIamPolicy
compute.firewallPolicies.update
compute.firewallPolicies.use

compute.globalOperations.get

compute.globalOperations.getIamPolicy

compute.globalOperations.list

compute.globalOperations.setIamPolicy

compute.projects.get

compute.securityPolicies.addAssociation

compute.securityPolicies.copyRules

compute.securityPolicies.create

compute.securityPolicies.createTagBinding

compute.securityPolicies.delete

compute.securityPolicies.deleteTagBinding

compute.securityPolicies.get

compute.securityPolicies.list

compute.securityPolicies.listEffectiveTags

compute.securityPolicies.listTagBindings

compute.securityPolicies.move

compute.securityPolicies.removeAssociation

compute.securityPolicies.update

compute.securityPolicies.use

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Compute Organization Security Policy User

(roles/compute.orgSecurityPolicyUser)

View or use Compute Engine Security Policies to associate with the organization or folders.

compute.firewallPolicies.get

compute.firewallPolicies.list

compute.firewallPolicies.listEffectiveTags

compute.firewallPolicies.listTagBindings

compute.firewallPolicies.use

compute.globalOperations.get

compute.globalOperations.getIamPolicy

compute.globalOperations.list

compute.globalOperations.setIamPolicy

compute.projects.get

compute.securityPolicies.addAssociation

compute.securityPolicies.get

compute.securityPolicies.list

compute.securityPolicies.listEffectiveTags

compute.securityPolicies.listTagBindings

compute.securityPolicies.removeAssociation

compute.securityPolicies.use

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Compute Organization Resource Admin

(roles/compute.orgSecurityResourceAdmin)

Full control of Compute Engine Firewall Policy associations to the organization or folders.

compute.globalOperations.get

compute.globalOperations.getIamPolicy

compute.globalOperations.list

compute.globalOperations.setIamPolicy

compute.organizations.listAssociations

compute.organizations.setFirewallPolicy

compute.organizations.setSecurityPolicy

compute.projects.get

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Compute OS Admin Login

(roles/compute.osAdminLogin)

Access to log in to a Compute Engine instance as an administrator user.

Lowest-level resources where you can grant this role:

Instance

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.images.listEffectiveTags

compute.images.listTagBindings

compute.instanceSettings.get

compute.instances.get

compute.instances.list

compute.instances.listEffectiveTags

compute.instances.listTagBindings

compute.instances.osAdminLogin

compute.instances.osLogin

compute.projects.get

compute.snapshots.listEffectiveTags

compute.snapshots.listTagBindings

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Compute OS Login

(roles/compute.osLogin)

Access to log in to a Compute Engine instance as a standard user.

Lowest-level resources where you can grant this role:

Instance

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.images.listEffectiveTags

compute.images.listTagBindings

compute.instanceSettings.get

compute.instances.get

compute.instances.list

compute.instances.listEffectiveTags

compute.instances.listTagBindings

compute.instances.osLogin

compute.projects.get

compute.snapshots.listEffectiveTags

compute.snapshots.listTagBindings

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Compute OS Login External User

(roles/compute.osLoginExternalUser)

Available only at the organization level.

Access for an external user to set OS Login information associated with this organization. This role does not grant access to instances. External users must be granted one of the required OS Login roles in order to allow access to instances using SSH.

Lowest-level resources where you can grant this role:

Organization

compute.oslogin.updateExternalUser

Compute packet mirroring admin

(roles/compute.packetMirroringAdmin)

Specify resources to be mirrored.

compute.instances.updateSecurity

compute.networks.mirror

compute.projects.get

compute.subnetworks.mirror

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Compute packet mirroring user

(roles/compute.packetMirroringUser)

Use Compute Engine packet mirrorings.

compute.packetMirrorings.*

compute.packetMirrorings.create
compute.packetMirrorings.createTagBinding
compute.packetMirrorings.delete
compute.packetMirrorings.deleteTagBinding
compute.packetMirrorings.get
compute.packetMirrorings.list
compute.packetMirrorings.listEffectiveTags
compute.packetMirrorings.listTagBindings
compute.packetMirrorings.update

compute.projects.get

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Compute Peer Subnet Migration Admin

(roles/compute.peerSubnetMigrationAdmin)

Use subnetwork whose PURPOSE is "PEER_MIGRATION"

compute.addresses.createInternal

compute.addresses.deleteInternal

compute.addresses.get

compute.addresses.use

compute.forwardingRules.create

compute.forwardingRules.delete

compute.forwardingRules.get

compute.forwardingRules.list

compute.forwardingRules.pscCreate

compute.forwardingRules.pscDelete

compute.forwardingRules.pscUpdate

compute.forwardingRules.update

compute.networks.use

compute.regionOperations.get

compute.regions.list

compute.subnetworks.use

compute.subnetworks.usePeerMigration

servicedirectory.namespaces.create

servicedirectory.services.create

servicedirectory.services.delete

Compute Public IP Admin

(roles/compute.publicIpAdmin)

Full control of public IP address management for Compute Engine.

compute.addresses.*

compute.addresses.create
compute.addresses.createInternal
compute.addresses.createTagBinding
compute.addresses.delete
compute.addresses.deleteInternal
compute.addresses.deleteTagBinding
compute.addresses.get
compute.addresses.list
compute.addresses.listEffectiveTags
compute.addresses.listTagBindings
compute.addresses.setLabels
compute.addresses.use
compute.addresses.useInternal

compute.globalAddresses.*

compute.globalAddresses.create
compute.globalAddresses.createInternal
compute.globalAddresses.createTagBinding
compute.globalAddresses.delete
compute.globalAddresses.deleteInternal
compute.globalAddresses.deleteTagBinding
compute.globalAddresses.get
compute.globalAddresses.list
compute.globalAddresses.listEffectiveTags
compute.globalAddresses.listTagBindings
compute.globalAddresses.setLabels
compute.globalAddresses.use

compute.globalPublicDelegatedPrefixes.*

compute.globalPublicDelegatedPrefixes.create
compute.globalPublicDelegatedPrefixes.delete
compute.globalPublicDelegatedPrefixes.get
compute.globalPublicDelegatedPrefixes.list
compute.globalPublicDelegatedPrefixes.updatePolicy

compute.publicAdvertisedPrefixes.*

compute.publicAdvertisedPrefixes.create
compute.publicAdvertisedPrefixes.delete
compute.publicAdvertisedPrefixes.get
compute.publicAdvertisedPrefixes.list
compute.publicAdvertisedPrefixes.update
compute.publicAdvertisedPrefixes.updatePolicy

compute.publicDelegatedPrefixes.*

compute.publicDelegatedPrefixes.announce
compute.publicDelegatedPrefixes.create
compute.publicDelegatedPrefixes.createTagBinding
compute.publicDelegatedPrefixes.delete
compute.publicDelegatedPrefixes.deleteTagBinding
compute.publicDelegatedPrefixes.get
compute.publicDelegatedPrefixes.list
compute.publicDelegatedPrefixes.listEffectiveTags
compute.publicDelegatedPrefixes.listTagBindings
compute.publicDelegatedPrefixes.update
compute.publicDelegatedPrefixes.updatePolicy
compute.publicDelegatedPrefixes.use
compute.publicDelegatedPrefixes.withdraw

resourcemanager.projects.get

resourcemanager.projects.list

Compute Security Admin

(roles/compute.securityAdmin)

Permissions to create, modify, and delete firewall rules and SSL certificates, and also to configure Shielded VM settings.

Lowest-level resources where you can grant this role:

Instance

compute.backendBuckets.list

compute.backendServices.list

compute.firewallPolicies.*

compute.firewallPolicies.cloneRules
compute.firewallPolicies.copyRules
compute.firewallPolicies.create
compute.firewallPolicies.createTagBinding
compute.firewallPolicies.delete
compute.firewallPolicies.deleteTagBinding
compute.firewallPolicies.get
compute.firewallPolicies.getIamPolicy
compute.firewallPolicies.list
compute.firewallPolicies.listEffectiveTags
compute.firewallPolicies.listTagBindings
compute.firewallPolicies.move
compute.firewallPolicies.setIamPolicy
compute.firewallPolicies.update
compute.firewallPolicies.use

compute.firewalls.*

compute.firewalls.create
compute.firewalls.createTagBinding
compute.firewalls.delete
compute.firewalls.deleteTagBinding
compute.firewalls.get
compute.firewalls.list
compute.firewalls.listEffectiveTags
compute.firewalls.listTagBindings
compute.firewalls.update

compute.globalOperations.get

compute.globalOperations.list

compute.instanceSettings.get

compute.instances.getEffectiveFirewalls

compute.instances.list

compute.instances.setShieldedInstanceIntegrityPolicy

compute.instances.setShieldedVmIntegrityPolicy

compute.instances.updateSecurity

compute.instances.updateShieldedInstanceConfig

compute.instances.updateShieldedVmConfig

compute.networks.get

compute.networks.getEffectiveFirewalls

compute.networks.getRegionEffectiveFirewalls

compute.networks.list

compute.networks.listEffectiveTags

compute.networks.listTagBindings

compute.networks.updatePolicy

compute.packetMirrorings.*

compute.packetMirrorings.create
compute.packetMirrorings.createTagBinding
compute.packetMirrorings.delete
compute.packetMirrorings.deleteTagBinding
compute.packetMirrorings.get
compute.packetMirrorings.list
compute.packetMirrorings.listEffectiveTags
compute.packetMirrorings.listTagBindings
compute.packetMirrorings.update

compute.projects.get

compute.regionBackendBuckets.list

compute.regionBackendServices.list

compute.regionFirewallPolicies.*

compute.regionFirewallPolicies.cloneRules
compute.regionFirewallPolicies.create
compute.regionFirewallPolicies.createTagBinding
compute.regionFirewallPolicies.delete
compute.regionFirewallPolicies.deleteTagBinding
compute.regionFirewallPolicies.get
compute.regionFirewallPolicies.getIamPolicy
compute.regionFirewallPolicies.list
compute.regionFirewallPolicies.listEffectiveTags
compute.regionFirewallPolicies.listTagBindings
compute.regionFirewallPolicies.setIamPolicy
compute.regionFirewallPolicies.update
compute.regionFirewallPolicies.use

compute.regionOperations.get

compute.regionOperations.list

compute.regionSecurityPolicies.*

compute.regionSecurityPolicies.create
compute.regionSecurityPolicies.createTagBinding
compute.regionSecurityPolicies.delete
compute.regionSecurityPolicies.deleteTagBinding
compute.regionSecurityPolicies.get
compute.regionSecurityPolicies.list
compute.regionSecurityPolicies.listEffectiveTags
compute.regionSecurityPolicies.listTagBindings
compute.regionSecurityPolicies.update
compute.regionSecurityPolicies.use

compute.regionSslCertificates.*

compute.regionSslCertificates.create
compute.regionSslCertificates.createTagBinding
compute.regionSslCertificates.delete
compute.regionSslCertificates.deleteTagBinding
compute.regionSslCertificates.get
compute.regionSslCertificates.list
compute.regionSslCertificates.listEffectiveTags
compute.regionSslCertificates.listTagBindings

compute.regionSslPolicies.*

compute.regionSslPolicies.create
compute.regionSslPolicies.createTagBinding
compute.regionSslPolicies.delete
compute.regionSslPolicies.deleteTagBinding
compute.regionSslPolicies.get
compute.regionSslPolicies.list
compute.regionSslPolicies.listAvailableFeatures
compute.regionSslPolicies.listEffectiveTags
compute.regionSslPolicies.listTagBindings
compute.regionSslPolicies.update
compute.regionSslPolicies.use

compute.regions.*

compute.regions.get
compute.regions.list

compute.routers.get

compute.routers.getRoutePolicy

compute.routers.list

compute.routers.listBgpRoutes

compute.routers.listEffectiveTags

compute.routers.listRoutePolicies

compute.routers.listTagBindings

compute.routes.get

compute.routes.list

compute.routes.listEffectiveTags

compute.routes.listTagBindings

compute.securityPolicies.*

compute.securityPolicies.addAssociation
compute.securityPolicies.copyRules
compute.securityPolicies.create
compute.securityPolicies.createTagBinding
compute.securityPolicies.delete
compute.securityPolicies.deleteTagBinding
compute.securityPolicies.get
compute.securityPolicies.list
compute.securityPolicies.listEffectiveTags
compute.securityPolicies.listTagBindings
compute.securityPolicies.move
compute.securityPolicies.removeAssociation
compute.securityPolicies.setLabels
compute.securityPolicies.update
compute.securityPolicies.use

compute.sslCertificates.*

compute.sslCertificates.create
compute.sslCertificates.createTagBinding
compute.sslCertificates.delete
compute.sslCertificates.deleteTagBinding
compute.sslCertificates.get
compute.sslCertificates.list
compute.sslCertificates.listEffectiveTags
compute.sslCertificates.listTagBindings

compute.sslPolicies.*

compute.sslPolicies.create
compute.sslPolicies.createTagBinding
compute.sslPolicies.delete
compute.sslPolicies.deleteTagBinding
compute.sslPolicies.get
compute.sslPolicies.list
compute.sslPolicies.listAvailableFeatures
compute.sslPolicies.listEffectiveTags
compute.sslPolicies.listTagBindings
compute.sslPolicies.update
compute.sslPolicies.use

compute.subnetworks.get

compute.subnetworks.list

compute.subnetworks.listEffectiveTags

compute.subnetworks.listTagBindings

compute.targetInstances.list

compute.targetPools.list

compute.zoneOperations.get

compute.zoneOperations.list

compute.zones.*

compute.zones.get
compute.zones.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Compute Engine Service Agent

(roles/compute.serviceAgent)

Gives Compute Engine Service Account access to assert service account authority. Includes access to service accounts.

cloudnotifications.activities.list

compute.addresses.use

compute.addresses.useInternal

compute.disks.create

compute.disks.createTagBinding

compute.disks.delete

compute.disks.get

compute.disks.setLabels

compute.disks.use

compute.disks.useReadOnly

compute.forwardingRules.create

compute.forwardingRules.delete

compute.forwardingRules.get

compute.globalOperations.get

compute.healthChecks.create

compute.healthChecks.delete

compute.healthChecks.get

compute.healthChecks.update

compute.images.useReadOnly

compute.instanceGroupManagers.get

compute.instanceTemplates.useReadOnly

compute.instances.attachDisk

compute.instances.create

compute.instances.createTagBinding

compute.instances.delete

compute.instances.detachDisk

compute.instances.get

compute.instances.setDeletionProtection

compute.instances.setLabels

compute.instances.setMetadata

compute.instances.setServiceAccount

compute.instances.setTags

compute.instances.start

compute.instances.stop

compute.instances.update

compute.instances.updateDisplayDevice

compute.instances.use

compute.machineImages.useReadOnly

compute.networkEndpointGroups.attachNetworkEndpoints

compute.networkEndpointGroups.create

compute.networkEndpointGroups.delete

compute.networkEndpointGroups.use

compute.networks.use

compute.networks.useExternalIp

compute.regionBackendServices.create

compute.regionBackendServices.delete

compute.regionBackendServices.get

compute.regionBackendServices.update

compute.regionBackendServices.use

compute.regionOperations.get

compute.resourcePolicies.use

compute.snapshots.listEffectiveTags

compute.snapshots.useReadOnly

compute.subnetworks.use

compute.subnetworks.useExternalIp

compute.zoneOperations.get

iam.serviceAccounts.actAs

iam.serviceAccounts.getAccessToken

iam.serviceAccounts.getOpenIdToken

iam.serviceAccounts.implicitDelegation

iam.serviceAccounts.signJwt

logging.logEntries.create

monitoring.alertPolicies.get

monitoring.alertPolicies.list

monitoring.alertPolicies.listEffectiveTags

monitoring.alertPolicies.listTagBindings

monitoring.alerts.*

monitoring.alerts.get
monitoring.alerts.list

monitoring.dashboards.get

monitoring.dashboards.list

monitoring.dashboards.listEffectiveTags

monitoring.dashboards.listTagBindings

monitoring.groups.get

monitoring.groups.list

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

monitoring.monitoredResourceDescriptors.get
monitoring.monitoredResourceDescriptors.list

monitoring.notificationChannelDescriptors.*

monitoring.notificationChannelDescriptors.get
monitoring.notificationChannelDescriptors.list

monitoring.notificationChannels.get

monitoring.notificationChannels.list

monitoring.services.get

monitoring.services.list

monitoring.slos.get

monitoring.slos.list

monitoring.snoozes.get

monitoring.snoozes.list

monitoring.timeSeries.list

monitoring.uptimeCheckConfigs.get

monitoring.uptimeCheckConfigs.list

opsconfigmonitoring.resourceMetadata.list

resourcemanager.projects.get

resourcemanager.projects.list

stackdriver.projects.get

stackdriver.resourceMetadata.list

storage.objects.create

storage.objects.get

storage.objects.list

storage.objects.update

Compute Sole Tenant Viewer

(roles/compute.soleTenantViewer)

Permissions to view sole tenancy node groups

compute.nodeGroups.get

compute.nodeGroups.getIamPolicy

compute.nodeGroups.list

compute.nodeTemplates.get

compute.nodeTemplates.getIamPolicy

compute.nodeTemplates.list

compute.nodeTypes.*

compute.nodeTypes.get
compute.nodeTypes.list

Compute Storage Admin

(roles/compute.storageAdmin)

Permissions to create, modify, and delete disks, images, and snapshots.

For example, if your company has someone who manages project images and you don't want them to have the editor role on the project, then grant this role to their account on the project.

Lowest-level resources where you can grant this role:

Disk
Image
Snapshot

backupdr.backupPlanAssociations.createForComputeDisk

backupdr.backupPlanAssociations.deleteForComputeDisk

backupdr.backupPlanAssociations.fetchForComputeDisk

backupdr.backupPlanAssociations.getForComputeDisk

backupdr.backupPlanAssociations.triggerBackupForComputeDisk

backupdr.backupPlanAssociations.updateForComputeDisk

backupdr.backupPlans.useForComputeDisk

cloudkms.keyHandles.*

cloudkms.keyHandles.create
cloudkms.keyHandles.get
cloudkms.keyHandles.list

cloudkms.operations.get

cloudkms.projects.showEffectiveAutokeyConfig

compute.diskSettings.*

compute.diskSettings.get
compute.diskSettings.update

compute.diskTypes.*

compute.diskTypes.get
compute.diskTypes.list

compute.disks.*

compute.disks.addResourcePolicies
compute.disks.create
compute.disks.createSnapshot
compute.disks.createTagBinding
compute.disks.delete
compute.disks.deleteTagBinding
compute.disks.get
compute.disks.getIamPolicy
compute.disks.list
compute.disks.listEffectiveTags
compute.disks.listTagBindings
compute.disks.removeResourcePolicies
compute.disks.resize
compute.disks.setIamPolicy
compute.disks.setLabels
compute.disks.startAsyncReplication
compute.disks.stopAsyncReplication
compute.disks.stopGroupAsyncReplication
compute.disks.update
compute.disks.updateKmsKey
compute.disks.use
compute.disks.useReadOnly

compute.globalOperations.get

compute.globalOperations.list

compute.images.*

compute.images.create
compute.images.createTagBinding
compute.images.delete
compute.images.deleteTagBinding
compute.images.deprecate
compute.images.get
compute.images.getFromFamily
compute.images.getIamPolicy
compute.images.list
compute.images.listEffectiveTags
compute.images.listTagBindings
compute.images.setIamPolicy
compute.images.setLabels
compute.images.update
compute.images.useReadOnly

compute.instanceSettings.get

compute.instantSnapshotGroups.*

compute.instantSnapshotGroups.create
compute.instantSnapshotGroups.delete
compute.instantSnapshotGroups.get
compute.instantSnapshotGroups.getIamPolicy
compute.instantSnapshotGroups.list
compute.instantSnapshotGroups.setIamPolicy
compute.instantSnapshotGroups.useReadOnly

compute.instantSnapshots.*

compute.instantSnapshots.create
compute.instantSnapshots.createTagBinding
compute.instantSnapshots.delete
compute.instantSnapshots.deleteTagBinding
compute.instantSnapshots.export
compute.instantSnapshots.get
compute.instantSnapshots.getIamPolicy
compute.instantSnapshots.list
compute.instantSnapshots.listEffectiveTags
compute.instantSnapshots.listTagBindings
compute.instantSnapshots.setIamPolicy
compute.instantSnapshots.setLabels
compute.instantSnapshots.useReadOnly

compute.licenseCodes.*

compute.licenseCodes.get
compute.licenseCodes.getIamPolicy
compute.licenseCodes.list
compute.licenseCodes.setIamPolicy

compute.licenses.*

compute.licenses.create
compute.licenses.createTagBinding
compute.licenses.delete
compute.licenses.deleteTagBinding
compute.licenses.get
compute.licenses.getIamPolicy
compute.licenses.list
compute.licenses.listEffectiveTags
compute.licenses.listTagBindings
compute.licenses.setIamPolicy
compute.licenses.update

compute.projects.get

compute.regionOperations.get

compute.regionOperations.list

compute.regions.*

compute.regions.get
compute.regions.list

compute.resourcePolicies.*

compute.resourcePolicies.create
compute.resourcePolicies.delete
compute.resourcePolicies.get
compute.resourcePolicies.getIamPolicy
compute.resourcePolicies.list
compute.resourcePolicies.setIamPolicy
compute.resourcePolicies.update
compute.resourcePolicies.use
compute.resourcePolicies.useReadOnly

compute.snapshotGroups.*

compute.snapshotGroups.create
compute.snapshotGroups.delete
compute.snapshotGroups.get
compute.snapshotGroups.getIamPolicy
compute.snapshotGroups.list
compute.snapshotGroups.setIamPolicy
compute.snapshotGroups.useReadOnly

compute.snapshots.*

compute.snapshots.create
compute.snapshots.createTagBinding
compute.snapshots.delete
compute.snapshots.deleteTagBinding
compute.snapshots.get
compute.snapshots.getIamPolicy
compute.snapshots.list
compute.snapshots.listEffectiveTags
compute.snapshots.listTagBindings
compute.snapshots.setIamPolicy
compute.snapshots.setLabels
compute.snapshots.updateKmsKey
compute.snapshots.useReadOnly

compute.storagePools.*

compute.storagePools.create
compute.storagePools.createTagBinding
compute.storagePools.delete
compute.storagePools.deleteTagBinding
compute.storagePools.get
compute.storagePools.getIamPolicy
compute.storagePools.list
compute.storagePools.listEffectiveTags
compute.storagePools.listTagBindings
compute.storagePools.setIamPolicy
compute.storagePools.update
compute.storagePools.use

compute.zoneOperations.get

compute.zoneOperations.list

compute.zones.*

compute.zones.get
compute.zones.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Compute Viewer

(roles/compute.viewer)

Read-only access to get and list Compute Engine resources, without being able to read the data stored on them.

For example, an account with this role could inventory all of the disks in a project, but it could not read any of the data on those disks.

Lowest-level resources where you can grant this role:

Disk
Image
Instance
Instance template
Node group
Node template
Snapshot

compute.acceleratorTypes.*

compute.acceleratorTypes.get
compute.acceleratorTypes.list

compute.addresses.get

compute.addresses.list

compute.addresses.listEffectiveTags

compute.addresses.listTagBindings

compute.autoscalers.get

compute.autoscalers.list

compute.backendBuckets.get

compute.backendBuckets.getIamPolicy

compute.backendBuckets.list

compute.backendBuckets.listEffectiveTags

compute.backendBuckets.listTagBindings

compute.backendServices.get

compute.backendServices.getIamPolicy

compute.backendServices.list

compute.backendServices.listEffectiveTags

compute.backendServices.listTagBindings

compute.commitments.get

compute.commitments.list

compute.commitments.listEffectiveTags

compute.commitments.listTagBindings

compute.crossSiteNetworks.get

compute.crossSiteNetworks.list

compute.diskSettings.get

compute.diskTypes.*

compute.diskTypes.get
compute.diskTypes.list

compute.disks.get

compute.disks.getIamPolicy

compute.disks.list

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.externalVpnGateways.get

compute.externalVpnGateways.list

compute.externalVpnGateways.listEffectiveTags

compute.externalVpnGateways.listTagBindings

compute.firewallPolicies.get

compute.firewallPolicies.getIamPolicy

compute.firewallPolicies.list

compute.firewallPolicies.listEffectiveTags

compute.firewallPolicies.listTagBindings

compute.firewalls.get

compute.firewalls.list

compute.firewalls.listEffectiveTags

compute.firewalls.listTagBindings

compute.forwardingRules.get

compute.forwardingRules.list

compute.forwardingRules.listEffectiveTags

compute.forwardingRules.listTagBindings

compute.futureReservations.get

compute.futureReservations.getIamPolicy

compute.futureReservations.list

compute.futureReservations.listEffectiveTags

compute.futureReservations.listTagBindings

compute.globalAddresses.get

compute.globalAddresses.list

compute.globalAddresses.listEffectiveTags

compute.globalAddresses.listTagBindings

compute.globalForwardingRules.get

compute.globalForwardingRules.list

compute.globalForwardingRules.listEffectiveTags

compute.globalForwardingRules.listTagBindings

compute.globalNetworkEndpointGroups.get

compute.globalNetworkEndpointGroups.list

compute.globalNetworkEndpointGroups.listEffectiveTags

compute.globalNetworkEndpointGroups.listTagBindings

compute.globalOperations.get

compute.globalOperations.getIamPolicy

compute.globalOperations.list

compute.globalPublicDelegatedPrefixes.get

compute.globalPublicDelegatedPrefixes.list

compute.healthChecks.get

compute.healthChecks.list

compute.healthChecks.listEffectiveTags

compute.healthChecks.listTagBindings

compute.httpHealthChecks.get

compute.httpHealthChecks.list

compute.httpHealthChecks.listEffectiveTags

compute.httpHealthChecks.listTagBindings

compute.httpsHealthChecks.get

compute.httpsHealthChecks.list

compute.httpsHealthChecks.listEffectiveTags

compute.httpsHealthChecks.listTagBindings

compute.images.get

compute.images.getFromFamily

compute.images.getIamPolicy

compute.images.list

compute.images.listEffectiveTags

compute.images.listTagBindings

compute.instanceGroupManagers.get

compute.instanceGroupManagers.list

compute.instanceGroupManagers.listEffectiveTags

compute.instanceGroupManagers.listTagBindings

compute.instanceGroups.get

compute.instanceGroups.list

compute.instanceGroups.listEffectiveTags

compute.instanceGroups.listTagBindings

compute.instanceSettings.get

compute.instanceTemplates.get

compute.instanceTemplates.getIamPolicy

compute.instanceTemplates.list

compute.instances.get

compute.instances.getEffectiveFirewalls

compute.instances.getGuestAttributes

compute.instances.getIamPolicy

compute.instances.getScreenshot

compute.instances.getSerialPortOutput

compute.instances.getShieldedInstanceIdentity

compute.instances.getShieldedVmIdentity

compute.instances.list

compute.instances.listEffectiveTags

compute.instances.listReferrers

compute.instances.listTagBindings

compute.instantSnapshotGroups.get

compute.instantSnapshotGroups.getIamPolicy

compute.instantSnapshotGroups.list

compute.instantSnapshots.get

compute.instantSnapshots.getIamPolicy

compute.instantSnapshots.list

compute.instantSnapshots.listEffectiveTags

compute.instantSnapshots.listTagBindings

compute.interconnectAttachmentGroups.get

compute.interconnectAttachmentGroups.list

compute.interconnectAttachments.get

compute.interconnectAttachments.list

compute.interconnectAttachments.listEffectiveTags

compute.interconnectAttachments.listTagBindings

compute.interconnectGroups.get

compute.interconnectGroups.list

compute.interconnectLocations.*

compute.interconnectLocations.get
compute.interconnectLocations.list

compute.interconnectRemoteLocations.*

compute.interconnectRemoteLocations.get
compute.interconnectRemoteLocations.list

compute.interconnects.get

compute.interconnects.list

compute.interconnects.listEffectiveTags

compute.interconnects.listTagBindings

compute.licenseCodes.get

compute.licenseCodes.getIamPolicy

compute.licenseCodes.list

compute.licenses.get

compute.licenses.getIamPolicy

compute.licenses.list

compute.licenses.listEffectiveTags

compute.licenses.listTagBindings

compute.machineImages.get

compute.machineImages.getIamPolicy

compute.machineImages.list

compute.machineImages.listEffectiveTags

compute.machineImages.listTagBindings

compute.machineTypes.*

compute.machineTypes.get
compute.machineTypes.list

compute.multiMig.get

compute.multiMig.list

compute.multiMigMembers.*

compute.multiMigMembers.get
compute.multiMigMembers.list

compute.networkAttachments.get

compute.networkAttachments.getIamPolicy

compute.networkAttachments.list

compute.networkAttachments.listEffectiveTags

compute.networkAttachments.listTagBindings

compute.networkEdgeSecurityServices.get

compute.networkEdgeSecurityServices.list

compute.networkEdgeSecurityServices.listEffectiveTags

compute.networkEdgeSecurityServices.listTagBindings

compute.networkEndpointGroups.get

compute.networkEndpointGroups.list

compute.networkEndpointGroups.listEffectiveTags

compute.networkEndpointGroups.listTagBindings

compute.networkProfiles.*

compute.networkProfiles.get
compute.networkProfiles.list

compute.networks.get

compute.networks.getEffectiveFirewalls

compute.networks.getRegionEffectiveFirewalls

compute.networks.list

compute.networks.listEffectiveTags

compute.networks.listPeeringRoutes

compute.networks.listTagBindings

compute.nodeGroups.get

compute.nodeGroups.getIamPolicy

compute.nodeGroups.list

compute.nodeTemplates.get

compute.nodeTemplates.getIamPolicy

compute.nodeTemplates.list

compute.nodeTypes.*

compute.nodeTypes.get
compute.nodeTypes.list

compute.organizations.listAssociations

compute.packetMirrorings.get

compute.packetMirrorings.list

compute.packetMirrorings.listEffectiveTags

compute.packetMirrorings.listTagBindings

compute.previewFeatures.get

compute.previewFeatures.list

compute.projects.get

compute.publicAdvertisedPrefixes.get

compute.publicAdvertisedPrefixes.list

compute.publicDelegatedPrefixes.get

compute.publicDelegatedPrefixes.list

compute.publicDelegatedPrefixes.listEffectiveTags

compute.publicDelegatedPrefixes.listTagBindings

compute.regionBackendBuckets.get

compute.regionBackendBuckets.getIamPolicy

compute.regionBackendBuckets.list

compute.regionBackendBuckets.listEffectiveTags

compute.regionBackendBuckets.listTagBindings

compute.regionBackendServices.get

compute.regionBackendServices.getIamPolicy

compute.regionBackendServices.list

compute.regionBackendServices.listEffectiveTags

compute.regionBackendServices.listTagBindings

compute.regionCompositeHealthChecks.get

compute.regionCompositeHealthChecks.list

compute.regionFirewallPolicies.get

compute.regionFirewallPolicies.getIamPolicy

compute.regionFirewallPolicies.list

compute.regionFirewallPolicies.listEffectiveTags

compute.regionFirewallPolicies.listTagBindings

compute.regionHealthAggregationPolicies.get

compute.regionHealthAggregationPolicies.list

compute.regionHealthCheckServices.get

compute.regionHealthCheckServices.list

compute.regionHealthChecks.get

compute.regionHealthChecks.list

compute.regionHealthChecks.listEffectiveTags

compute.regionHealthChecks.listTagBindings

compute.regionHealthSources.get

compute.regionHealthSources.list

compute.regionNetworkEndpointGroups.get

compute.regionNetworkEndpointGroups.list

compute.regionNetworkEndpointGroups.listEffectiveTags

compute.regionNetworkEndpointGroups.listTagBindings

compute.regionNetworkPolicies.get

compute.regionNetworkPolicies.list

compute.regionNotificationEndpoints.get

compute.regionNotificationEndpoints.list

compute.regionOperations.get

compute.regionOperations.getIamPolicy

compute.regionOperations.list

compute.regionSecurityPolicies.get

compute.regionSecurityPolicies.list

compute.regionSecurityPolicies.listEffectiveTags

compute.regionSecurityPolicies.listTagBindings

compute.regionSslCertificates.get

compute.regionSslCertificates.list

compute.regionSslCertificates.listEffectiveTags

compute.regionSslCertificates.listTagBindings

compute.regionSslPolicies.get

compute.regionSslPolicies.list

compute.regionSslPolicies.listAvailableFeatures

compute.regionSslPolicies.listEffectiveTags

compute.regionSslPolicies.listTagBindings

compute.regionTargetHttpProxies.get

compute.regionTargetHttpProxies.list

compute.regionTargetHttpProxies.listEffectiveTags

compute.regionTargetHttpProxies.listTagBindings

compute.regionTargetHttpsProxies.get

compute.regionTargetHttpsProxies.list

compute.regionTargetHttpsProxies.listEffectiveTags

compute.regionTargetHttpsProxies.listTagBindings

compute.regionTargetTcpProxies.get

compute.regionTargetTcpProxies.list

compute.regionTargetTcpProxies.listEffectiveTags

compute.regionTargetTcpProxies.listTagBindings

compute.regionUrlMaps.get

compute.regionUrlMaps.list

compute.regionUrlMaps.listEffectiveTags

compute.regionUrlMaps.listTagBindings

compute.regionUrlMaps.validate

compute.regions.*

compute.regions.get
compute.regions.list

compute.reservationBlocks.get

compute.reservationBlocks.list

compute.reservationSlots.get

compute.reservationSlots.list

compute.reservationSubBlocks.get

compute.reservationSubBlocks.list

compute.reservations.get

compute.reservations.list

compute.reservations.listEffectiveTags

compute.reservations.listTagBindings

compute.resourcePolicies.get

compute.resourcePolicies.getIamPolicy

compute.resourcePolicies.list

compute.rolloutPlans.get

compute.rolloutPlans.list

compute.rollouts.get

compute.rollouts.list

compute.routers.get

compute.routers.getRoutePolicy

compute.routers.list

compute.routers.listBgpRoutes

compute.routers.listEffectiveTags

compute.routers.listRoutePolicies

compute.routers.listTagBindings

compute.routes.get

compute.routes.list

compute.routes.listEffectiveTags

compute.routes.listTagBindings

compute.securityPolicies.get

compute.securityPolicies.list

compute.securityPolicies.listEffectiveTags

compute.securityPolicies.listTagBindings

compute.serviceAttachments.get

compute.serviceAttachments.getIamPolicy

compute.serviceAttachments.list

compute.serviceAttachments.listEffectiveTags

compute.serviceAttachments.listTagBindings

compute.snapshotGroups.get

compute.snapshotGroups.getIamPolicy

compute.snapshotGroups.list

compute.snapshotSettings.get

compute.snapshots.get

compute.snapshots.getIamPolicy

compute.snapshots.list

compute.snapshots.listEffectiveTags

compute.snapshots.listTagBindings

compute.spotAssistants.get

compute.sslCertificates.get

compute.sslCertificates.list

compute.sslCertificates.listEffectiveTags

compute.sslCertificates.listTagBindings

compute.sslPolicies.get

compute.sslPolicies.list

compute.sslPolicies.listAvailableFeatures

compute.sslPolicies.listEffectiveTags

compute.sslPolicies.listTagBindings

compute.storagePools.get

compute.storagePools.getIamPolicy

compute.storagePools.list

compute.storagePools.listEffectiveTags

compute.storagePools.listTagBindings

compute.subnetworks.get

compute.subnetworks.getIamPolicy

compute.subnetworks.list

compute.subnetworks.listEffectiveTags

compute.subnetworks.listTagBindings

compute.targetGrpcProxies.get

compute.targetGrpcProxies.list

compute.targetGrpcProxies.listEffectiveTags

compute.targetGrpcProxies.listTagBindings

compute.targetHttpProxies.get

compute.targetHttpProxies.list

compute.targetHttpProxies.listEffectiveTags

compute.targetHttpProxies.listTagBindings

compute.targetHttpsProxies.get

compute.targetHttpsProxies.list

compute.targetHttpsProxies.listEffectiveTags

compute.targetHttpsProxies.listTagBindings

compute.targetInstances.get

compute.targetInstances.list

compute.targetInstances.listEffectiveTags

compute.targetInstances.listTagBindings

compute.targetPools.get

compute.targetPools.list

compute.targetPools.listEffectiveTags

compute.targetPools.listTagBindings

compute.targetSslProxies.get

compute.targetSslProxies.list

compute.targetSslProxies.listEffectiveTags

compute.targetSslProxies.listTagBindings

compute.targetTcpProxies.get

compute.targetTcpProxies.list

compute.targetTcpProxies.listEffectiveTags

compute.targetTcpProxies.listTagBindings

compute.targetVpnGateways.get

compute.targetVpnGateways.list

compute.targetVpnGateways.listEffectiveTags

compute.targetVpnGateways.listTagBindings

compute.urlMaps.get

compute.urlMaps.list

compute.urlMaps.listEffectiveTags

compute.urlMaps.listTagBindings

compute.urlMaps.validate

compute.vmExtensionPolicies.get

compute.vmExtensionPolicies.list

compute.vpnGateways.get

compute.vpnGateways.list

compute.vpnGateways.listEffectiveTags

compute.vpnGateways.listTagBindings

compute.vpnTunnels.get

compute.vpnTunnels.list

compute.vpnTunnels.listEffectiveTags

compute.vpnTunnels.listTagBindings

compute.wireGroups.get

compute.wireGroups.list

compute.zoneOperations.get

compute.zoneOperations.getIamPolicy

compute.zoneOperations.list

compute.zones.*

compute.zones.get
compute.zones.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Compute VM extension policy admin ^Beta

(roles/compute.vmExtensionPolicyAdmin)

Administer zone/global VM extension policies.

compute.instances.get

compute.instances.list

compute.instances.setLabels

compute.instances.setTags

compute.rolloutPlans.*

compute.rolloutPlans.create
compute.rolloutPlans.delete
compute.rolloutPlans.get
compute.rolloutPlans.list

compute.rollouts.*

compute.rollouts.cancel
compute.rollouts.delete
compute.rollouts.get
compute.rollouts.list

compute.vmExtensionPolicies.*

compute.vmExtensionPolicies.create
compute.vmExtensionPolicies.delete
compute.vmExtensionPolicies.get
compute.vmExtensionPolicies.list
compute.vmExtensionPolicies.update

resourcemanager.projects.get

resourcemanager.projects.list

Compute VM extension policy viewer ^Beta

(roles/compute.vmExtensionPolicyViewer)

View zone/global VM extension policies.

compute.instances.get

compute.instances.list

compute.rolloutPlans.get

compute.rolloutPlans.list

compute.rollouts.get

compute.rollouts.list

compute.vmExtensionPolicies.get

compute.vmExtensionPolicies.list

resourcemanager.projects.get

resourcemanager.projects.list

Compute Shared VPC Admin

(roles/compute.xpnAdmin)

Permissions to administer shared VPC host projects, specifically enabling the host projects and associating shared VPC service projects to the host project's network.

At the organization level, this role can only be granted by an organization admin.

Google Cloud recommends that the Shared VPC Admin be the owner of the shared VPC host project. The Shared VPC Admin is responsible for granting the Compute Network User role (roles/compute.networkUser) to service owners, and the shared VPC host project owner controls the project itself. Managing the project is easier if a single principal (individual or group) can fulfill both roles.

Lowest-level resources where you can grant this role:

Folder

compute.globalOperations.get

compute.globalOperations.list

compute.organizations.disableXpnHost

compute.organizations.disableXpnResource

compute.organizations.enableXpnHost

compute.organizations.enableXpnResource

compute.projects.get

compute.subnetworks.getIamPolicy

compute.subnetworks.setIamPolicy

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

resourcemanager.projects.list

תפקידים והרשאות של IAM ב-Compute Engine קל לארגן דפים בעזרת אוספים אפשר לשמור ולסווג תוכן על סמך ההעדפות שלך.

מה זה IAM?

התפקיד serviceAccountUser

הרשאה במסוףGoogle Cloud

התחברות למופע בתור instanceAdmin

‫IAM עם חשבונות שירות

קבוצות של מופעי מכונה מנוהלים ו-IAM

תפקידי IAM מוגדרים מראש ב-Compute Engine

Compute Admin

Compute Future Reservation Admin Beta

Compute Future Reservation User Beta

Compute Future Reservation Viewer Beta

Compute Image User

Compute Instance Admin (beta)

Compute Instance Admin (v1)

Instance Group Manager Service Agent

Interconnect Attachment Group Analyzer

Interconnect Group Analyzer

Compute Load Balancer Admin

Compute Load Balancer Services User

Compute Network Admin

Compute Network User

Compute Network Viewer

Compute Organization Firewall Policy Admin

Compute Organization Firewall Policy User

Compute Organization Security Policy Admin

Compute Organization Security Policy User

Compute Organization Resource Admin

Compute OS Admin Login

Compute OS Login

Compute OS Login External User

Compute packet mirroring admin

Compute packet mirroring user

Compute Peer Subnet Migration Admin

Compute Public IP Admin

Compute Security Admin

Compute Engine Service Agent

Compute Sole Tenant Viewer

Compute Storage Admin

Compute Viewer

Compute VM extension policy admin Beta

Compute VM extension policy viewer Beta

Compute Shared VPC Admin

המאמרים הבאים

תפקידים והרשאות של IAM ב-Compute Engine

Compute Future Reservation Admin ^Beta

Compute Future Reservation User ^Beta

Compute Future Reservation Viewer ^Beta

Compute VM extension policy admin ^Beta

Compute VM extension policy viewer ^Beta