Identity Toolkit roles and permissions

This page lists the IAM roles and permissions for Identity Toolkit. To search through all roles and permissions, see the role and permission index.

Identity Toolkit roles

Role Permissions

(roles/identitytoolkit.admin)

Full access to Identity Toolkit resources.

firebaseauth.*

  • firebaseauth.configs.create
  • firebaseauth.configs.get
  • firebaseauth.configs.getHashConfig
  • firebaseauth.configs.getSecret
  • firebaseauth.configs.update
  • firebaseauth.users.create
  • firebaseauth.users.createSession
  • firebaseauth.users.delete
  • firebaseauth.users.get
  • firebaseauth.users.sendEmail
  • firebaseauth.users.update

identitytoolkit.*

  • identitytoolkit.tenants.create
  • identitytoolkit.tenants.delete
  • identitytoolkit.tenants.get
  • identitytoolkit.tenants.getIamPolicy
  • identitytoolkit.tenants.list
  • identitytoolkit.tenants.setIamPolicy
  • identitytoolkit.tenants.update

(roles/identitytoolkit.viewer)

Read access to Identity Toolkit resources.

firebaseauth.configs.get

firebaseauth.users.get

identitytoolkit.tenants.get

identitytoolkit.tenants.getIamPolicy

identitytoolkit.tenants.list

Service agent roles

Service agent roles should only be granted to service agents.

Role Permissions

(roles/identitytoolkit.serviceAgent)

Gives Identity Platform service account access to customer project resources.

cloudfunctions.functions.invoke

recaptchaenterprise.assessments.create

recaptchaenterprise.keys.create

recaptchaenterprise.keys.delete

recaptchaenterprise.keys.get

Identity Toolkit permissions

Permission Included in roles

Owner (roles/owner)

Editor (roles/editor)

Identity Platform Admin (roles/identityplatform.admin)

Identity Toolkit Admin (roles/identitytoolkit.admin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Identity Platform Admin (roles/identityplatform.admin)

Identity Toolkit Admin (roles/identitytoolkit.admin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Identity Platform Admin (roles/identityplatform.admin)

Identity Platform Viewer (roles/identityplatform.viewer)

Identity Toolkit Admin (roles/identitytoolkit.admin)

Identity Toolkit Viewer (roles/identitytoolkit.viewer)

Support User (roles/iam.supportUser)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Identity Platform Admin (roles/identityplatform.admin)

Identity Platform Viewer (roles/identityplatform.viewer)

Identity Toolkit Admin (roles/identitytoolkit.admin)

Identity Toolkit Viewer (roles/identitytoolkit.viewer)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Identity Platform Admin (roles/identityplatform.admin)

Identity Platform Viewer (roles/identityplatform.viewer)

Identity Toolkit Admin (roles/identitytoolkit.admin)

Identity Toolkit Viewer (roles/identitytoolkit.viewer)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Service agent roles

Owner (roles/owner)

Security Admin (roles/iam.securityAdmin)

Identity Platform Admin (roles/identityplatform.admin)

Identity Toolkit Admin (roles/identitytoolkit.admin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Identity Platform Admin (roles/identityplatform.admin)

Identity Toolkit Admin (roles/identitytoolkit.admin)

Service agent roles