Filestore roles and permissions

This page lists the IAM roles and permissions for Filestore. To search through all roles and permissions, see the role and permission index.

Filestore roles

Role Permissions

(roles/file.admin)

Admin role for file

backupdr.backupPlanAssociations.createForFilestoreInstance

backupdr.backupPlanAssociations.deleteForFilestoreInstance

backupdr.backupPlanAssociations.fetchForFilestoreInstance

backupdr.backupPlanAssociations.getForFilestoreInstance

backupdr.backupPlanAssociations.triggerBackupForFilestoreInstance

backupdr.backupPlanAssociations.updateForFilestoreInstance

backupdr.backupPlans.get

backupdr.backupPlans.list

backupdr.backupPlans.useForFilestoreInstance

backupdr.backupVaults.get

backupdr.backupVaults.list

backupdr.bvbackups.useReadOnlyForFilestoreInstance

backupdr.dataSourceReferences.fetchForFilestoreInstance

backupdr.dataSourceReferences.getForFilestoreInstance

backupdr.locations.list

backupdr.operations.get

backupdr.serviceConfig.initialize

file.*

  • file.backups.create
  • file.backups.createTagBinding
  • file.backups.delete
  • file.backups.deleteTagBinding
  • file.backups.get
  • file.backups.list
  • file.backups.listEffectiveTags
  • file.backups.listTagBindings
  • file.backups.update
  • file.backups.useReadOnly
  • file.instances.create
  • file.instances.createCrossProjectBackup
  • file.instances.createTagBinding
  • file.instances.delete
  • file.instances.deleteTagBinding
  • file.instances.get
  • file.instances.list
  • file.instances.listEffectiveTags
  • file.instances.listTagBindings
  • file.instances.restore
  • file.instances.revert
  • file.instances.update
  • file.locations.get
  • file.locations.list
  • file.operations.cancel
  • file.operations.delete
  • file.operations.get
  • file.operations.list
  • file.snapshots.createTagBinding
  • file.snapshots.deleteTagBinding
  • file.snapshots.listEffectiveTags
  • file.snapshots.listTagBindings

resourcemanager.projects.get

resourcemanager.projects.list

(roles/file.editor)

Read-write access to Filestore instances and related resources.

backupdr.backupPlanAssociations.createForFilestoreInstance

backupdr.backupPlanAssociations.deleteForFilestoreInstance

backupdr.backupPlanAssociations.fetchForFilestoreInstance

backupdr.backupPlanAssociations.getForFilestoreInstance

backupdr.backupPlanAssociations.triggerBackupForFilestoreInstance

backupdr.backupPlanAssociations.updateForFilestoreInstance

backupdr.backupPlans.get

backupdr.backupPlans.list

backupdr.backupPlans.useForFilestoreInstance

backupdr.backupVaults.get

backupdr.backupVaults.list

backupdr.bvbackups.useReadOnlyForFilestoreInstance

backupdr.dataSourceReferences.fetchForFilestoreInstance

backupdr.dataSourceReferences.getForFilestoreInstance

backupdr.locations.list

backupdr.operations.get

backupdr.serviceConfig.initialize

file.*

  • file.backups.create
  • file.backups.createTagBinding
  • file.backups.delete
  • file.backups.deleteTagBinding
  • file.backups.get
  • file.backups.list
  • file.backups.listEffectiveTags
  • file.backups.listTagBindings
  • file.backups.update
  • file.backups.useReadOnly
  • file.instances.create
  • file.instances.createCrossProjectBackup
  • file.instances.createTagBinding
  • file.instances.delete
  • file.instances.deleteTagBinding
  • file.instances.get
  • file.instances.list
  • file.instances.listEffectiveTags
  • file.instances.listTagBindings
  • file.instances.restore
  • file.instances.revert
  • file.instances.update
  • file.locations.get
  • file.locations.list
  • file.operations.cancel
  • file.operations.delete
  • file.operations.get
  • file.operations.list
  • file.snapshots.createTagBinding
  • file.snapshots.deleteTagBinding
  • file.snapshots.listEffectiveTags
  • file.snapshots.listTagBindings

(roles/file.viewer)

Read-only access to Filestore instances and related resources.

backupdr.backupPlanAssociations.fetchForFilestoreInstance

backupdr.backupPlanAssociations.getForFilestoreInstance

backupdr.dataSourceReferences.fetchForFilestoreInstance

backupdr.dataSourceReferences.getForFilestoreInstance

file.backups.get

file.backups.list

file.backups.listEffectiveTags

file.backups.listTagBindings

file.backups.useReadOnly

file.instances.get

file.instances.list

file.instances.listEffectiveTags

file.instances.listTagBindings

file.locations.*

  • file.locations.get
  • file.locations.list

file.operations.get

file.operations.list

file.snapshots.listEffectiveTags

file.snapshots.listTagBindings

Service agent roles

Service agent roles should only be granted to service agents.

Role Permissions

(roles/file.serviceAgent)

Gives Cloud Filestore service account access to managed resources.

compute.globalOperations.get

compute.networks.addPeering

compute.networks.get

compute.networks.removePeering

compute.networks.update

compute.networks.updatePeering

compute.routes.list

monitoring.metricDescriptors.create

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

  • monitoring.monitoredResourceDescriptors.get
  • monitoring.monitoredResourceDescriptors.list

monitoring.timeSeries.create

resourcemanager.projects.get

resourcemanager.projects.list

telemetry.metrics.write

Filestore permissions

Permission Included in roles

Owner (roles/owner)

Editor (roles/editor)

File Admin (roles/file.admin)

Cloud Filestore Editor (roles/file.editor)

Backup and DR Filestore Operator (roles/backupdr.filestoreOperator)

Service agent roles

Owner (roles/owner)

File Admin (roles/file.admin)

Cloud Filestore Editor (roles/file.editor)

Tag User (roles/resourcemanager.tagUser)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

File Admin (roles/file.admin)

Cloud Filestore Editor (roles/file.editor)

Service agent roles

Owner (roles/owner)

File Admin (roles/file.admin)

Cloud Filestore Editor (roles/file.editor)

Tag User (roles/resourcemanager.tagUser)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

File Admin (roles/file.admin)

Cloud Filestore Editor (roles/file.editor)

Cloud Filestore Viewer (roles/file.viewer)

Support User (roles/iam.supportUser)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

File Admin (roles/file.admin)

Cloud Filestore Editor (roles/file.editor)

Cloud Filestore Viewer (roles/file.viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

File Admin (roles/file.admin)

Cloud Filestore Editor (roles/file.editor)

Cloud Filestore Viewer (roles/file.viewer)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

File Admin (roles/file.admin)

Cloud Filestore Editor (roles/file.editor)

Cloud Filestore Viewer (roles/file.viewer)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

File Admin (roles/file.admin)

Cloud Filestore Editor (roles/file.editor)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

File Admin (roles/file.admin)

Cloud Filestore Editor (roles/file.editor)

Cloud Filestore Viewer (roles/file.viewer)

Support User (roles/iam.supportUser)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

File Admin (roles/file.admin)

Cloud Filestore Editor (roles/file.editor)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

File Admin (roles/file.admin)

Cloud Filestore Editor (roles/file.editor)

Backup and DR Filestore Operator (roles/backupdr.filestoreOperator)

Service agent roles

Owner (roles/owner)

File Admin (roles/file.admin)

Cloud Filestore Editor (roles/file.editor)

Tag User (roles/resourcemanager.tagUser)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

File Admin (roles/file.admin)

Cloud Filestore Editor (roles/file.editor)

Service agent roles

Owner (roles/owner)

File Admin (roles/file.admin)

Cloud Filestore Editor (roles/file.editor)

Tag User (roles/resourcemanager.tagUser)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

File Admin (roles/file.admin)

Cloud Filestore Editor (roles/file.editor)

Cloud Filestore Viewer (roles/file.viewer)

Backup and DR Filestore Operator (roles/backupdr.filestoreOperator)

Support User (roles/iam.supportUser)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

File Admin (roles/file.admin)

Cloud Filestore Editor (roles/file.editor)

Cloud Filestore Viewer (roles/file.viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

File Admin (roles/file.admin)

Cloud Filestore Editor (roles/file.editor)

Cloud Filestore Viewer (roles/file.viewer)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

File Admin (roles/file.admin)

Cloud Filestore Editor (roles/file.editor)

Cloud Filestore Viewer (roles/file.viewer)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

File Admin (roles/file.admin)

Cloud Filestore Editor (roles/file.editor)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

File Admin (roles/file.admin)

Cloud Filestore Editor (roles/file.editor)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

File Admin (roles/file.admin)

Cloud Filestore Editor (roles/file.editor)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

File Admin (roles/file.admin)

Cloud Filestore Editor (roles/file.editor)

Cloud Filestore Viewer (roles/file.viewer)

Support User (roles/iam.supportUser)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

File Admin (roles/file.admin)

Cloud Filestore Editor (roles/file.editor)

Cloud Filestore Viewer (roles/file.viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

File Admin (roles/file.admin)

Cloud Filestore Editor (roles/file.editor)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

File Admin (roles/file.admin)

Cloud Filestore Editor (roles/file.editor)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

File Admin (roles/file.admin)

Cloud Filestore Editor (roles/file.editor)

Cloud Filestore Viewer (roles/file.viewer)

Support User (roles/iam.supportUser)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

File Admin (roles/file.admin)

Cloud Filestore Editor (roles/file.editor)

Cloud Filestore Viewer (roles/file.viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Service agent roles

Owner (roles/owner)

File Admin (roles/file.admin)

Cloud Filestore Editor (roles/file.editor)

Tag User (roles/resourcemanager.tagUser)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

File Admin (roles/file.admin)

Cloud Filestore Editor (roles/file.editor)

Tag User (roles/resourcemanager.tagUser)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

File Admin (roles/file.admin)

Cloud Filestore Editor (roles/file.editor)

Cloud Filestore Viewer (roles/file.viewer)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

File Admin (roles/file.admin)

Cloud Filestore Editor (roles/file.editor)

Cloud Filestore Viewer (roles/file.viewer)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Service agent roles