Managed Service for Apache Spark Resource Manager roles and permissions

This page lists the IAM roles and permissions for Managed Service for Apache Spark Resource Manager. To search through all roles and permissions, see the role and permission index.

Managed Service for Apache Spark Resource Manager roles

Role Permissions

Role	Permissions
Dataproc Resource Manager Admin ^Beta (`roles/dataprocrm.admin`) Grants full access to all Dataproc Resource Manager resources. Intended for users that need to create and delete any Dataproc Resource Manager resources.	`dataprocrm.*` `dataprocrm.locations.get` `dataprocrm.locations.list` `dataprocrm.nodePools.create` `dataprocrm.nodePools.delete` `dataprocrm.nodePools.deleteNodes` `dataprocrm.nodePools.get` `dataprocrm.nodePools.list` `dataprocrm.nodePools.resize` `dataprocrm.nodes.get` `dataprocrm.nodes.heartbeat` `dataprocrm.nodes.list` `dataprocrm.nodes.mintOAuthToken` `dataprocrm.nodes.update` `dataprocrm.operations.cancel` `dataprocrm.operations.delete` `dataprocrm.operations.get` `dataprocrm.operations.list` `dataprocrm.workloads.cancel` `dataprocrm.workloads.create` `dataprocrm.workloads.delete` `dataprocrm.workloads.get` `dataprocrm.workloads.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataproc Resource Manager Viewer ^Beta (`roles/dataprocrm.viewer`) Grants read access to all Dataproc Resource Manager resources. Intended for users that need read-only access to Dataproc Resource Manager resources.	`dataprocrm.locations.*` `dataprocrm.locations.get` `dataprocrm.locations.list` `dataprocrm.nodePools.get` `dataprocrm.nodePools.list` `dataprocrm.nodes.get` `dataprocrm.nodes.list` `dataprocrm.nodes.mintOAuthToken` `dataprocrm.operations.get` `dataprocrm.operations.list` `dataprocrm.workloads.get` `dataprocrm.workloads.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

Dataproc Resource Manager Admin ^Beta

(roles/dataprocrm.admin)

Grants full access to all Dataproc Resource Manager resources. Intended for users that need to create and delete any Dataproc Resource Manager resources.

dataprocrm.*

dataprocrm.locations.get
dataprocrm.locations.list
dataprocrm.nodePools.create
dataprocrm.nodePools.delete
dataprocrm.nodePools.deleteNodes
dataprocrm.nodePools.get
dataprocrm.nodePools.list
dataprocrm.nodePools.resize
dataprocrm.nodes.get
dataprocrm.nodes.heartbeat
dataprocrm.nodes.list
dataprocrm.nodes.mintOAuthToken
dataprocrm.nodes.update
dataprocrm.operations.cancel
dataprocrm.operations.delete
dataprocrm.operations.get
dataprocrm.operations.list
dataprocrm.workloads.cancel
dataprocrm.workloads.create
dataprocrm.workloads.delete
dataprocrm.workloads.get
dataprocrm.workloads.list

resourcemanager.projects.get

resourcemanager.projects.list

Dataproc Resource Manager Viewer ^Beta

(roles/dataprocrm.viewer)

Grants read access to all Dataproc Resource Manager resources. Intended for users that need read-only access to Dataproc Resource Manager resources.

dataprocrm.locations.*

dataprocrm.locations.get
dataprocrm.locations.list

dataprocrm.nodePools.get

dataprocrm.nodePools.list

dataprocrm.nodes.get

dataprocrm.nodes.list

dataprocrm.nodes.mintOAuthToken

dataprocrm.operations.get

dataprocrm.operations.list

dataprocrm.workloads.get

dataprocrm.workloads.list

resourcemanager.projects.get

resourcemanager.projects.list

Service agent roles

Service agent roles should only be granted to service agents.

Role Permissions

Role	Permissions
Dataproc Resource Manager Node Service Agent (`roles/dataprocrm.nodeServiceAgent`) Dataproc Resource Manager Node Service Agent used to run managed resources in user project with restricted permissions. Warning: Do not grant service agent roles to any principals except service agents.	`dataprocrm.nodes.get` `dataprocrm.nodes.heartbeat` `dataprocrm.nodes.mintOAuthToken` `logging.logEntries.create` `logging.logEntries.route` `monitoring.metricDescriptors.create` `monitoring.metricDescriptors.get` `monitoring.metricDescriptors.list` `monitoring.monitoredResourceDescriptors.*` `monitoring.monitoredResourceDescriptors.get` `monitoring.monitoredResourceDescriptors.list` `monitoring.timeSeries.create` `serviceusage.services.use`

Dataproc Resource Manager Node Service Agent

(roles/dataprocrm.nodeServiceAgent)

Dataproc Resource Manager Node Service Agent used to run managed resources in user project with restricted permissions.

dataprocrm.nodes.get

dataprocrm.nodes.heartbeat

dataprocrm.nodes.mintOAuthToken

logging.logEntries.create

logging.logEntries.route

monitoring.metricDescriptors.create

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

monitoring.monitoredResourceDescriptors.get
monitoring.monitoredResourceDescriptors.list

monitoring.timeSeries.create

serviceusage.services.use

Managed Service for Apache Spark Resource Manager permissions

Permission	Included in roles
`dataprocrm.locations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Dataproc Resource Manager Viewer (`roles/dataprocrm.viewer`) Support User (`roles/iam.supportUser`)
`dataprocrm.locations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Dataproc Resource Manager Viewer (`roles/dataprocrm.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`dataprocrm.nodePools.create`	Owner (`roles/owner`) Editor (`roles/editor`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Serverless Node. (`roles/dataproc.serverlessNode`) Dataproc Worker (`roles/dataproc.worker`) Data Scientist (`roles/iam.dataScientist`) ML Engineer (`roles/iam.mlEngineer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`)
`dataprocrm.nodePools.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Serverless Node. (`roles/dataproc.serverlessNode`) Dataproc Worker (`roles/dataproc.worker`) Data Scientist (`roles/iam.dataScientist`) ML Engineer (`roles/iam.mlEngineer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`)
`dataprocrm.nodePools.deleteNodes`	Owner (`roles/owner`) Editor (`roles/editor`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Serverless Node. (`roles/dataproc.serverlessNode`) Dataproc Worker (`roles/dataproc.worker`) Data Scientist (`roles/iam.dataScientist`) ML Engineer (`roles/iam.mlEngineer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`)
`dataprocrm.nodePools.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Dataproc Resource Manager Viewer (`roles/dataprocrm.viewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Serverless Node. (`roles/dataproc.serverlessNode`) Dataproc Worker (`roles/dataproc.worker`) Data Scientist (`roles/iam.dataScientist`) ML Engineer (`roles/iam.mlEngineer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`)
`dataprocrm.nodePools.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Dataproc Resource Manager Viewer (`roles/dataprocrm.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Serverless Node. (`roles/dataproc.serverlessNode`) Dataproc Worker (`roles/dataproc.worker`) Data Scientist (`roles/iam.dataScientist`) ML Engineer (`roles/iam.mlEngineer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`)
`dataprocrm.nodePools.resize`	Owner (`roles/owner`) Editor (`roles/editor`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Serverless Node. (`roles/dataproc.serverlessNode`) Dataproc Worker (`roles/dataproc.worker`) Data Scientist (`roles/iam.dataScientist`) ML Engineer (`roles/iam.mlEngineer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`)
`dataprocrm.nodes.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Dataproc Resource Manager Viewer (`roles/dataprocrm.viewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Worker (`roles/dataproc.worker`) Data Scientist (`roles/iam.dataScientist`) ML Engineer (`roles/iam.mlEngineer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Dataproc Resource Manager Node Service Agent (`roles/dataprocrm.nodeServiceAgent`)
`dataprocrm.nodes.heartbeat`	Owner (`roles/owner`) Editor (`roles/editor`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Worker (`roles/dataproc.worker`) Data Scientist (`roles/iam.dataScientist`) ML Engineer (`roles/iam.mlEngineer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Dataproc Resource Manager Node Service Agent (`roles/dataprocrm.nodeServiceAgent`)
`dataprocrm.nodes.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Dataproc Resource Manager Viewer (`roles/dataprocrm.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Serverless Node. (`roles/dataproc.serverlessNode`) Dataproc Worker (`roles/dataproc.worker`) Data Scientist (`roles/iam.dataScientist`) ML Engineer (`roles/iam.mlEngineer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`)
`dataprocrm.nodes.mintOAuthToken`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Dataproc Resource Manager Viewer (`roles/dataprocrm.viewer`) Dataproc Worker (`roles/dataproc.worker`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`) Dataproc Resource Manager Node Service Agent (`roles/dataprocrm.nodeServiceAgent`)
`dataprocrm.nodes.update`	Owner (`roles/owner`) Editor (`roles/editor`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Data Scientist (`roles/iam.dataScientist`) ML Engineer (`roles/iam.mlEngineer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`)
`dataprocrm.operations.cancel`	Owner (`roles/owner`) Editor (`roles/editor`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`)
`dataprocrm.operations.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`)
`dataprocrm.operations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Dataproc Resource Manager Viewer (`roles/dataprocrm.viewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Serverless Node. (`roles/dataproc.serverlessNode`) Dataproc Worker (`roles/dataproc.worker`) Data Scientist (`roles/iam.dataScientist`) ML Engineer (`roles/iam.mlEngineer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`)
`dataprocrm.operations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Dataproc Resource Manager Viewer (`roles/dataprocrm.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Data Scientist (`roles/iam.dataScientist`) ML Engineer (`roles/iam.mlEngineer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`)
`dataprocrm.workloads.cancel`	Owner (`roles/owner`) Editor (`roles/editor`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Data Scientist (`roles/iam.dataScientist`) ML Engineer (`roles/iam.mlEngineer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`)
`dataprocrm.workloads.create`	Owner (`roles/owner`) Editor (`roles/editor`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Data Scientist (`roles/iam.dataScientist`) ML Engineer (`roles/iam.mlEngineer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`)
`dataprocrm.workloads.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Data Scientist (`roles/iam.dataScientist`) ML Engineer (`roles/iam.mlEngineer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`)
`dataprocrm.workloads.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Dataproc Resource Manager Viewer (`roles/dataprocrm.viewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Data Scientist (`roles/iam.dataScientist`) ML Engineer (`roles/iam.mlEngineer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`)
`dataprocrm.workloads.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Dataproc Resource Manager Viewer (`roles/dataprocrm.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Data Scientist (`roles/iam.dataScientist`) ML Engineer (`roles/iam.mlEngineer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`)

Managed Service for Apache Spark Resource Manager roles and permissions