Cloud DNS roles and permissions

This page lists the IAM roles and permissions for Cloud DNS. To search through all roles and permissions, see the role and permission index.

Cloud DNS roles

Role Permissions

Role	Permissions
DNS Administrator (`roles/dns.admin`) Provides read-write access to all Cloud DNS resources. Lowest-level resources where you can grant this role: Managed zone	`compute.networks.get` `compute.networks.list` `dns.changes.` `dns.changes.create` `dns.changes.get` `dns.changes.list` `dns.dnsKeys.` `dns.dnsKeys.get` `dns.dnsKeys.list` `dns.gkeClusters.` `dns.gkeClusters.bindDNSResponsePolicy` `dns.gkeClusters.bindPrivateDNSZone` `dns.managedZoneOperations.` `dns.managedZoneOperations.get` `dns.managedZoneOperations.list` `dns.managedZones.create` `dns.managedZones.delete` `dns.managedZones.get` `dns.managedZones.getIamPolicy` `dns.managedZones.list` `dns.managedZones.update` `dns.networks.` `dns.networks.bindDNSResponsePolicy` `dns.networks.bindPrivateDNSPolicy` `dns.networks.bindPrivateDNSZone` `dns.networks.targetWithPeeringZone` `dns.networks.useHealthSignals` `dns.policies.` `dns.policies.create` `dns.policies.createTagBinding` `dns.policies.delete` `dns.policies.deleteTagBinding` `dns.policies.get` `dns.policies.list` `dns.policies.listEffectiveTags` `dns.policies.listTagBindings` `dns.policies.update` `dns.projects.get` `dns.resourceRecordSets.` `dns.resourceRecordSets.create` `dns.resourceRecordSets.delete` `dns.resourceRecordSets.get` `dns.resourceRecordSets.list` `dns.resourceRecordSets.update` `dns.responsePolicies.` `dns.responsePolicies.create` `dns.responsePolicies.delete` `dns.responsePolicies.get` `dns.responsePolicies.list` `dns.responsePolicies.update` `dns.responsePolicyRules.*` `dns.responsePolicyRules.create` `dns.responsePolicyRules.delete` `dns.responsePolicyRules.get` `dns.responsePolicyRules.list` `dns.responsePolicyRules.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
DNS Peer (`roles/dns.peer`) Access to target networks with DNS peering zones	`dns.networks.targetWithPeeringZone`
DNS Reader (`roles/dns.reader`) Provides read-only access to all Cloud DNS resources. Lowest-level resources where you can grant this role: Managed zone	`compute.networks.get` `dns.changes.get` `dns.changes.list` `dns.dnsKeys.` `dns.dnsKeys.get` `dns.dnsKeys.list` `dns.managedZoneOperations.` `dns.managedZoneOperations.get` `dns.managedZoneOperations.list` `dns.managedZones.get` `dns.managedZones.list` `dns.policies.get` `dns.policies.list` `dns.policies.listEffectiveTags` `dns.policies.listTagBindings` `dns.projects.get` `dns.resourceRecordSets.get` `dns.resourceRecordSets.list` `dns.responsePolicies.get` `dns.responsePolicies.list` `dns.responsePolicyRules.get` `dns.responsePolicyRules.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

DNS Administrator

(roles/dns.admin)

Provides read-write access to all Cloud DNS resources.

Lowest-level resources where you can grant this role:

Managed zone

compute.networks.get

compute.networks.list

dns.changes.*

dns.changes.create
dns.changes.get
dns.changes.list

dns.dnsKeys.*

dns.dnsKeys.get
dns.dnsKeys.list

dns.gkeClusters.*

dns.gkeClusters.bindDNSResponsePolicy
dns.gkeClusters.bindPrivateDNSZone

dns.managedZoneOperations.*

dns.managedZoneOperations.get
dns.managedZoneOperations.list

dns.managedZones.create

dns.managedZones.delete

dns.managedZones.get

dns.managedZones.getIamPolicy

dns.managedZones.list

dns.managedZones.update

dns.networks.*

dns.networks.bindDNSResponsePolicy
dns.networks.bindPrivateDNSPolicy
dns.networks.bindPrivateDNSZone
dns.networks.targetWithPeeringZone
dns.networks.useHealthSignals

dns.policies.*

dns.policies.create
dns.policies.createTagBinding
dns.policies.delete
dns.policies.deleteTagBinding
dns.policies.get
dns.policies.list
dns.policies.listEffectiveTags
dns.policies.listTagBindings
dns.policies.update

dns.projects.get

dns.resourceRecordSets.*

dns.resourceRecordSets.create
dns.resourceRecordSets.delete
dns.resourceRecordSets.get
dns.resourceRecordSets.list
dns.resourceRecordSets.update

dns.responsePolicies.*

dns.responsePolicies.create
dns.responsePolicies.delete
dns.responsePolicies.get
dns.responsePolicies.list
dns.responsePolicies.update

dns.responsePolicyRules.*

dns.responsePolicyRules.create
dns.responsePolicyRules.delete
dns.responsePolicyRules.get
dns.responsePolicyRules.list
dns.responsePolicyRules.update

resourcemanager.projects.get

resourcemanager.projects.list

DNS Peer

(roles/dns.peer)

Access to target networks with DNS peering zones

dns.networks.targetWithPeeringZone

DNS Reader

(roles/dns.reader)

Provides read-only access to all Cloud DNS resources.

Lowest-level resources where you can grant this role:

Managed zone

compute.networks.get

dns.changes.get

dns.changes.list

dns.dnsKeys.*

dns.dnsKeys.get
dns.dnsKeys.list

dns.managedZoneOperations.*

dns.managedZoneOperations.get
dns.managedZoneOperations.list

dns.managedZones.get

dns.managedZones.list

dns.policies.get

dns.policies.list

dns.policies.listEffectiveTags

dns.policies.listTagBindings

dns.projects.get

dns.resourceRecordSets.get

dns.resourceRecordSets.list

dns.responsePolicies.get

dns.responsePolicies.list

dns.responsePolicyRules.get

dns.responsePolicyRules.list

resourcemanager.projects.get

resourcemanager.projects.list

Service agent roles

Service agent roles should only be granted to service agents.

Role Permissions

Role	Permissions
Cloud DNS Service Agent (`roles/dns.serviceAgent`) Gives Cloud DNS Service Agent access to Cloud Platform resources. Warning: Do not grant service agent roles to any principals except service agents.	`compute.globalNetworkEndpointGroups.attachNetworkEndpoints` `compute.globalNetworkEndpointGroups.create` `compute.globalNetworkEndpointGroups.delete` `compute.globalNetworkEndpointGroups.detachNetworkEndpoints` `compute.globalNetworkEndpointGroups.get` `compute.globalOperations.get` `compute.healthChecks.get`

Cloud DNS Service Agent

(roles/dns.serviceAgent)

Gives Cloud DNS Service Agent access to Cloud Platform resources.

compute.globalNetworkEndpointGroups.attachNetworkEndpoints

compute.globalNetworkEndpointGroups.create

compute.globalNetworkEndpointGroups.delete

compute.globalNetworkEndpointGroups.detachNetworkEndpoints

compute.globalNetworkEndpointGroups.get

compute.globalOperations.get

compute.healthChecks.get

Cloud DNS permissions

Permission	Included in roles
`dns.changes.create`	Owner (`roles/owner`) Editor (`roles/editor`) DNS Administrator (`roles/dns.admin`) Network Administrator (`roles/iam.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cluster Director Service Agent (`roles/hypercomputecluster.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Managed Kafka Service Agent (`roles/managedkafka.serviceAgent`) Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`)
`dns.changes.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) DNS Administrator (`roles/dns.admin`) DNS Reader (`roles/dns.reader`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cluster Director Service Agent (`roles/hypercomputecluster.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`)
`dns.changes.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) DNS Administrator (`roles/dns.admin`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) DNS Reader (`roles/dns.reader`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cluster Director Service Agent (`roles/hypercomputecluster.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`)
`dns.dnsKeys.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) DNS Administrator (`roles/dns.admin`) DNS Reader (`roles/dns.reader`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`)
`dns.dnsKeys.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) DNS Administrator (`roles/dns.admin`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) DNS Reader (`roles/dns.reader`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`)
`dns.gkeClusters.bindDNSResponsePolicy`	Owner (`roles/owner`) Editor (`roles/editor`) DNS Administrator (`roles/dns.admin`) Network Administrator (`roles/iam.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`)
`dns.gkeClusters.bindPrivateDNSZone`	Owner (`roles/owner`) Editor (`roles/editor`) DNS Administrator (`roles/dns.admin`) Network Administrator (`roles/iam.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`)
`dns.managedZoneOperations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) DNS Administrator (`roles/dns.admin`) DNS Reader (`roles/dns.reader`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`)
`dns.managedZoneOperations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) DNS Administrator (`roles/dns.admin`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) DNS Reader (`roles/dns.reader`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`)
`dns.managedZones.create`	Owner (`roles/owner`) Editor (`roles/editor`) DNS Administrator (`roles/dns.admin`) Network Administrator (`roles/iam.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cluster Director Service Agent (`roles/hypercomputecluster.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Managed Kafka Service Agent (`roles/managedkafka.serviceAgent`) Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`)
`dns.managedZones.delete`	Owner (`roles/owner`) Editor (`roles/editor`) DNS Administrator (`roles/dns.admin`) Network Administrator (`roles/iam.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cluster Director Service Agent (`roles/hypercomputecluster.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Managed Kafka Service Agent (`roles/managedkafka.serviceAgent`) Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`)
`dns.managedZones.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) DNS Administrator (`roles/dns.admin`) Composer Shared VPC Agent (`roles/composer.sharedVpcAgent`) DNS Reader (`roles/dns.reader`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cluster Director Service Agent (`roles/hypercomputecluster.serviceAgent`) Cluster Director Shared VPC Service Agent (`roles/hypercomputecluster.sharedVpcServiceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`)
`dns.managedZones.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) DNS Administrator (`roles/dns.admin`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`)
`dns.managedZones.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) DNS Administrator (`roles/dns.admin`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Workload Manager Admin (`roles/workloadmanager.admin`) Composer Shared VPC Agent (`roles/composer.sharedVpcAgent`) DNS Reader (`roles/dns.reader`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Workload Manager Deployment Admin (`roles/workloadmanager.deploymentAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Audit Manager Auditing Service Agent (`roles/auditmanager.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud Security Compliance Service Agent (`roles/cloudsecuritycompliance.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cluster Director Service Agent (`roles/hypercomputecluster.serviceAgent`) Cluster Director Shared VPC Service Agent (`roles/hypercomputecluster.sharedVpcServiceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Managed Kafka Service Agent (`roles/managedkafka.serviceAgent`) Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Attack Surface Management Scanner Service Agent (`roles/securitycenter.attackSurfaceManagementScannerServiceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`)
`dns.managedZones.setIamPolicy`	Owner (`roles/owner`) Security Admin (`roles/iam.securityAdmin`)
`dns.managedZones.update`	Owner (`roles/owner`) Editor (`roles/editor`) DNS Administrator (`roles/dns.admin`) Network Administrator (`roles/iam.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cluster Director Service Agent (`roles/hypercomputecluster.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`)
`dns.networks.bindDNSResponsePolicy`	Owner (`roles/owner`) Editor (`roles/editor`) DNS Administrator (`roles/dns.admin`) Kubernetes Engine Host Service Agent User (`roles/container.hostServiceAgentUser`) Network Administrator (`roles/iam.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`)
`dns.networks.bindPrivateDNSPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) DNS Administrator (`roles/dns.admin`) Kubernetes Engine Host Service Agent User (`roles/container.hostServiceAgentUser`) Network Administrator (`roles/iam.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`)
`dns.networks.bindPrivateDNSZone`	Owner (`roles/owner`) Editor (`roles/editor`) DNS Administrator (`roles/dns.admin`) Kubernetes Engine Host Service Agent User (`roles/container.hostServiceAgentUser`) Network Administrator (`roles/iam.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cluster Director Service Agent (`roles/hypercomputecluster.serviceAgent`) Cluster Director Shared VPC Service Agent (`roles/hypercomputecluster.sharedVpcServiceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Managed Kafka Service Agent (`roles/managedkafka.serviceAgent`) Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`)
`dns.networks.targetWithPeeringZone`	Owner (`roles/owner`) Editor (`roles/editor`) DNS Administrator (`roles/dns.admin`) Composer Shared VPC Agent (`roles/composer.sharedVpcAgent`) DNS Peer (`roles/dns.peer`) Network Administrator (`roles/iam.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Agent Gateway Service Agent (`roles/agentgateway.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Eventarc Service Agent (`roles/eventarc.serviceAgent`) Cluster Director Service Agent (`roles/hypercomputecluster.serviceAgent`) Cluster Director Shared VPC Service Agent (`roles/hypercomputecluster.sharedVpcServiceAgent`) Managed Flink Service Agent (`roles/managedflink.serviceAgent`) Managed Kafka Service Agent (`roles/managedkafka.serviceAgent`) Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`)
`dns.networks.useHealthSignals`	Owner (`roles/owner`) Editor (`roles/editor`) DNS Administrator (`roles/dns.admin`) Network Administrator (`roles/iam.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`)
`dns.policies.create`	Owner (`roles/owner`) Editor (`roles/editor`) DNS Administrator (`roles/dns.admin`) Network Administrator (`roles/iam.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`)
`dns.policies.createTagBinding`	Owner (`roles/owner`) DNS Administrator (`roles/dns.admin`) Tag User (`roles/resourcemanager.tagUser`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Network Administrator (`roles/iam.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`dns.policies.delete`	Owner (`roles/owner`) Editor (`roles/editor`) DNS Administrator (`roles/dns.admin`) Network Administrator (`roles/iam.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`)
`dns.policies.deleteTagBinding`	Owner (`roles/owner`) DNS Administrator (`roles/dns.admin`) Tag User (`roles/resourcemanager.tagUser`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Network Administrator (`roles/iam.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`dns.policies.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) DNS Administrator (`roles/dns.admin`) DNS Reader (`roles/dns.reader`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`)
`dns.policies.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) DNS Administrator (`roles/dns.admin`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) DNS Reader (`roles/dns.reader`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`)
`dns.policies.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) DNS Administrator (`roles/dns.admin`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) DNS Reader (`roles/dns.reader`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`)
`dns.policies.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) DNS Administrator (`roles/dns.admin`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) DNS Reader (`roles/dns.reader`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`)
`dns.policies.update`	Owner (`roles/owner`) Editor (`roles/editor`) DNS Administrator (`roles/dns.admin`) Network Administrator (`roles/iam.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`)
`dns.projects.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) DNS Administrator (`roles/dns.admin`) DNS Reader (`roles/dns.reader`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`)
`dns.resourceRecordSets.create`	Owner (`roles/owner`) Editor (`roles/editor`) DNS Administrator (`roles/dns.admin`) Network Administrator (`roles/iam.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cluster Director Service Agent (`roles/hypercomputecluster.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Managed Kafka Service Agent (`roles/managedkafka.serviceAgent`) Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`)
`dns.resourceRecordSets.delete`	Owner (`roles/owner`) Editor (`roles/editor`) DNS Administrator (`roles/dns.admin`) Network Administrator (`roles/iam.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cluster Director Service Agent (`roles/hypercomputecluster.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Managed Kafka Service Agent (`roles/managedkafka.serviceAgent`) Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`)
`dns.resourceRecordSets.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) DNS Administrator (`roles/dns.admin`) DNS Reader (`roles/dns.reader`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cluster Director Service Agent (`roles/hypercomputecluster.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`)
`dns.resourceRecordSets.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) DNS Administrator (`roles/dns.admin`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) DNS Reader (`roles/dns.reader`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cluster Director Service Agent (`roles/hypercomputecluster.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Managed Kafka Service Agent (`roles/managedkafka.serviceAgent`) Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Attack Surface Management Scanner Service Agent (`roles/securitycenter.attackSurfaceManagementScannerServiceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`)
`dns.resourceRecordSets.update`	Owner (`roles/owner`) Editor (`roles/editor`) DNS Administrator (`roles/dns.admin`) Network Administrator (`roles/iam.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cluster Director Service Agent (`roles/hypercomputecluster.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Managed Kafka Service Agent (`roles/managedkafka.serviceAgent`) Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`)
`dns.responsePolicies.create`	Owner (`roles/owner`) Editor (`roles/editor`) DNS Administrator (`roles/dns.admin`) Kubernetes Engine Host Service Agent User (`roles/container.hostServiceAgentUser`) Network Administrator (`roles/iam.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`)
`dns.responsePolicies.delete`	Owner (`roles/owner`) Editor (`roles/editor`) DNS Administrator (`roles/dns.admin`) Kubernetes Engine Host Service Agent User (`roles/container.hostServiceAgentUser`) Network Administrator (`roles/iam.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`)
`dns.responsePolicies.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) DNS Administrator (`roles/dns.admin`) Kubernetes Engine Host Service Agent User (`roles/container.hostServiceAgentUser`) DNS Reader (`roles/dns.reader`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`)
`dns.responsePolicies.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) DNS Administrator (`roles/dns.admin`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Kubernetes Engine Host Service Agent User (`roles/container.hostServiceAgentUser`) DNS Reader (`roles/dns.reader`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`)
`dns.responsePolicies.update`	Owner (`roles/owner`) Editor (`roles/editor`) DNS Administrator (`roles/dns.admin`) Kubernetes Engine Host Service Agent User (`roles/container.hostServiceAgentUser`) Network Administrator (`roles/iam.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`)
`dns.responsePolicyRules.create`	Owner (`roles/owner`) Editor (`roles/editor`) DNS Administrator (`roles/dns.admin`) Kubernetes Engine Host Service Agent User (`roles/container.hostServiceAgentUser`) Network Administrator (`roles/iam.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`)
`dns.responsePolicyRules.delete`	Owner (`roles/owner`) Editor (`roles/editor`) DNS Administrator (`roles/dns.admin`) Kubernetes Engine Host Service Agent User (`roles/container.hostServiceAgentUser`) Network Administrator (`roles/iam.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`)
`dns.responsePolicyRules.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) DNS Administrator (`roles/dns.admin`) Kubernetes Engine Host Service Agent User (`roles/container.hostServiceAgentUser`) DNS Reader (`roles/dns.reader`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`)
`dns.responsePolicyRules.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) DNS Administrator (`roles/dns.admin`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Kubernetes Engine Host Service Agent User (`roles/container.hostServiceAgentUser`) DNS Reader (`roles/dns.reader`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`)
`dns.responsePolicyRules.update`	Owner (`roles/owner`) Editor (`roles/editor`) DNS Administrator (`roles/dns.admin`) Kubernetes Engine Host Service Agent User (`roles/container.hostServiceAgentUser`) Network Administrator (`roles/iam.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`)

Cloud DNS roles and permissions Stay organized with collections Save and categorize content based on your preferences.

Cloud DNS roles

DNS Administrator

DNS Peer

DNS Reader

Service agent roles

Cloud DNS Service Agent

Cloud DNS permissions

dns.changes.create

dns.changes.get

dns.changes.list

dns.dnsKeys.get

dns.dnsKeys.list

dns.gkeClusters.bindDNSResponsePolicy

dns.gkeClusters.bindPrivateDNSZone

dns.managedZoneOperations.get

dns.managedZoneOperations.list

dns.managedZones.create

dns.managedZones.delete

dns.managedZones.get

dns.managedZones.getIamPolicy

dns.managedZones.list

dns.managedZones.setIamPolicy

dns.managedZones.update

dns.networks.bindDNSResponsePolicy

dns.networks.bindPrivateDNSPolicy

dns.networks.bindPrivateDNSZone

dns.networks.targetWithPeeringZone

dns.networks.useHealthSignals

dns.policies.create

dns.policies.createTagBinding

dns.policies.delete

dns.policies.deleteTagBinding

dns.policies.get

dns.policies.list

dns.policies.listEffectiveTags

dns.policies.listTagBindings

dns.policies.update

dns.projects.get

dns.resourceRecordSets.create

dns.resourceRecordSets.delete

dns.resourceRecordSets.get

dns.resourceRecordSets.list

dns.resourceRecordSets.update

dns.responsePolicies.create

dns.responsePolicies.delete

dns.responsePolicies.get

dns.responsePolicies.list

dns.responsePolicies.update

dns.responsePolicyRules.create

dns.responsePolicyRules.delete

dns.responsePolicyRules.get

dns.responsePolicyRules.list

dns.responsePolicyRules.update

Cloud DNS roles and permissions

`dns.changes.create`

`dns.changes.get`

`dns.changes.list`

`dns.dnsKeys.get`

`dns.dnsKeys.list`

`dns.gkeClusters.bindDNSResponsePolicy`

`dns.gkeClusters.bindPrivateDNSZone`

`dns.managedZoneOperations.get`

`dns.managedZoneOperations.list`

`dns.managedZones.create`

`dns.managedZones.delete`

`dns.managedZones.get`

`dns.managedZones.getIamPolicy`

`dns.managedZones.list`

`dns.managedZones.setIamPolicy`

`dns.managedZones.update`

`dns.networks.bindDNSResponsePolicy`

`dns.networks.bindPrivateDNSPolicy`

`dns.networks.bindPrivateDNSZone`

`dns.networks.targetWithPeeringZone`

`dns.networks.useHealthSignals`

`dns.policies.create`

`dns.policies.createTagBinding`

`dns.policies.delete`

`dns.policies.deleteTagBinding`

`dns.policies.get`

`dns.policies.list`

`dns.policies.listEffectiveTags`

`dns.policies.listTagBindings`

`dns.policies.update`

`dns.projects.get`

`dns.resourceRecordSets.create`

`dns.resourceRecordSets.delete`

`dns.resourceRecordSets.get`

`dns.resourceRecordSets.list`

`dns.resourceRecordSets.update`

`dns.responsePolicies.create`

`dns.responsePolicies.delete`

`dns.responsePolicies.get`

`dns.responsePolicies.list`

`dns.responsePolicies.update`

`dns.responsePolicyRules.create`

`dns.responsePolicyRules.delete`

`dns.responsePolicyRules.get`

`dns.responsePolicyRules.list`

`dns.responsePolicyRules.update`