Looker roles and permissions

This page lists the IAM roles and permissions for Looker. To search through all roles and permissions, see the role and permission index.

Looker roles

Role Permissions

Role	Permissions
Looker Admin (`roles/looker.admin`) Full access to all Looker resources.	`looker.*` `looker.backups.create` `looker.backups.delete` `looker.backups.get` `looker.backups.list` `looker.instances.create` `looker.instances.delete` `looker.instances.export` `looker.instances.get` `looker.instances.import` `looker.instances.list` `looker.instances.login` `looker.instances.update` `looker.locations.get` `looker.locations.list` `looker.operations.cancel` `looker.operations.delete` `looker.operations.get` `looker.operations.list` `monitoring.timeSeries.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.quotas.get`
Looker Viewer (`roles/looker.viewer`) Read-only access to all Looker resources.	`looker.backups.get` `looker.backups.list` `looker.instances.get` `looker.instances.list` `looker.instances.login` `looker.locations.*` `looker.locations.get` `looker.locations.list` `looker.operations.get` `looker.operations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Looker Instance User (`roles/looker.instanceUser`) Access to log in to a Looker instance.	`looker.instances.get` `looker.instances.login` `resourcemanager.projects.get` `resourcemanager.projects.list`

Looker Admin

(roles/looker.admin)

Full access to all Looker resources.

looker.*

looker.backups.create
looker.backups.delete
looker.backups.get
looker.backups.list
looker.instances.create
looker.instances.delete
looker.instances.export
looker.instances.get
looker.instances.import
looker.instances.list
looker.instances.login
looker.instances.update
looker.locations.get
looker.locations.list
looker.operations.cancel
looker.operations.delete
looker.operations.get
looker.operations.list

monitoring.timeSeries.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

Looker Viewer

(roles/looker.viewer)

Read-only access to all Looker resources.

looker.backups.get

looker.backups.list

looker.instances.get

looker.instances.list

looker.instances.login

looker.locations.*

looker.locations.get
looker.locations.list

looker.operations.get

looker.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Looker Instance User

(roles/looker.instanceUser)

Access to log in to a Looker instance.

looker.instances.get

looker.instances.login

resourcemanager.projects.get

resourcemanager.projects.list

Service agent roles

Service agent roles should only be granted to service agents.

Role Permissions

Role	Permissions
Looker Service Agent (`roles/looker.restrictedServiceAgent`) Gives the Looker service account permission to manage customer resources. Does not include permissions to access BigQuery. Warning: Do not grant service agent roles to any principals except service agents.	`compute.globalAddresses.get` `looker.backups.create` `looker.instances.get` `resourcemanager.projects.get` `serviceusage.services.use`
Looker Service Agent (`roles/looker.serviceAgent`) Gives the Looker service account permission to manage customer resources Warning: Do not grant service agent roles to any principals except service agents.	`bigquery.config.get` `bigquery.datasets.get` `bigquery.jobs.create` `bigquery.models.export` `bigquery.models.getData` `bigquery.models.getMetadata` `bigquery.models.list` `bigquery.tables.create` `bigquery.tables.createSnapshot` `bigquery.tables.export` `bigquery.tables.get` `bigquery.tables.getData` `bigquery.tables.list` `compute.globalAddresses.get` `looker.backups.create` `looker.instances.get` `resourcemanager.projects.get` `serviceusage.services.use`

Looker Service Agent

(roles/looker.restrictedServiceAgent)

Gives the Looker service account permission to manage customer resources. Does not include permissions to access BigQuery.

compute.globalAddresses.get

looker.backups.create

looker.instances.get

resourcemanager.projects.get

serviceusage.services.use

Looker Service Agent

(roles/looker.serviceAgent)

Gives the Looker service account permission to manage customer resources

bigquery.config.get

bigquery.datasets.get

bigquery.jobs.create

bigquery.models.export

bigquery.models.getData

bigquery.models.getMetadata

bigquery.models.list

bigquery.tables.create

bigquery.tables.createSnapshot

bigquery.tables.export

bigquery.tables.get

bigquery.tables.getData

bigquery.tables.list

compute.globalAddresses.get

looker.backups.create

looker.instances.get

resourcemanager.projects.get

serviceusage.services.use

Looker permissions

Permission	Included in roles
`looker.backups.create`	Owner (`roles/owner`) Editor (`roles/editor`) Looker Admin (`roles/looker.admin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Looker Service Agent (`roles/looker.restrictedServiceAgent`) Looker Service Agent (`roles/looker.serviceAgent`)
`looker.backups.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Looker Admin (`roles/looker.admin`)
`looker.backups.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Looker Admin (`roles/looker.admin`) Looker Viewer (`roles/looker.viewer`) Support User (`roles/iam.supportUser`)
`looker.backups.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Looker Admin (`roles/looker.admin`) Looker Viewer (`roles/looker.viewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`looker.instances.create`	Owner (`roles/owner`) Editor (`roles/editor`) Looker Admin (`roles/looker.admin`)
`looker.instances.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Looker Admin (`roles/looker.admin`)
`looker.instances.export`	Owner (`roles/owner`) Editor (`roles/editor`) Looker Admin (`roles/looker.admin`)
`looker.instances.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Looker Admin (`roles/looker.admin`) Looker Viewer (`roles/looker.viewer`) Support User (`roles/iam.supportUser`) Looker Instance User (`roles/looker.instanceUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Looker Service Agent (`roles/looker.restrictedServiceAgent`) Looker Service Agent (`roles/looker.serviceAgent`)
`looker.instances.import`	Owner (`roles/owner`) Editor (`roles/editor`) Looker Admin (`roles/looker.admin`)
`looker.instances.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Looker Admin (`roles/looker.admin`) Looker Viewer (`roles/looker.viewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`looker.instances.login`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Looker Admin (`roles/looker.admin`) Looker Viewer (`roles/looker.viewer`) Support User (`roles/iam.supportUser`) Looker Instance User (`roles/looker.instanceUser`)
`looker.instances.update`	Owner (`roles/owner`) Editor (`roles/editor`) Looker Admin (`roles/looker.admin`)
`looker.locations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Looker Admin (`roles/looker.admin`) Looker Viewer (`roles/looker.viewer`) Support User (`roles/iam.supportUser`)
`looker.locations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Looker Admin (`roles/looker.admin`) Looker Viewer (`roles/looker.viewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`looker.operations.cancel`	Owner (`roles/owner`) Editor (`roles/editor`) Looker Admin (`roles/looker.admin`)
`looker.operations.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Looker Admin (`roles/looker.admin`)
`looker.operations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Looker Admin (`roles/looker.admin`) Looker Viewer (`roles/looker.viewer`) Support User (`roles/iam.supportUser`)
`looker.operations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Looker Admin (`roles/looker.admin`) Looker Viewer (`roles/looker.viewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)

Looker roles and permissions

Looker roles

Looker Admin

Looker Viewer

Looker Instance User

Service agent roles

Looker Service Agent

Looker Service Agent

Looker permissions

`looker.backups.create`

`looker.backups.delete`

`looker.backups.get`

`looker.backups.list`

`looker.instances.create`

`looker.instances.delete`

`looker.instances.export`

`looker.instances.get`

`looker.instances.import`

`looker.instances.list`

`looker.instances.update`

`looker.locations.get`

`looker.locations.list`

`looker.operations.cancel`

`looker.operations.delete`

`looker.operations.get`

`looker.operations.list`

Looker roles and permissions Stay organized with collections Save and categorize content based on your preferences.

Looker roles

Looker Admin

Looker Viewer

Looker Instance User

Service agent roles

Looker Service Agent

Looker Service Agent

Looker permissions

looker.backups.create

looker.backups.delete

looker.backups.get

looker.backups.list

looker.instances.create

looker.instances.delete

looker.instances.export

looker.instances.get

looker.instances.import

looker.instances.list

looker.instances.login

looker.instances.update

looker.locations.get

looker.locations.list

looker.operations.cancel

looker.operations.delete

looker.operations.get

looker.operations.list

Looker roles and permissions

`looker.backups.create`

`looker.backups.delete`

`looker.backups.get`

`looker.backups.list`

`looker.instances.create`

`looker.instances.delete`

`looker.instances.export`

`looker.instances.get`

`looker.instances.import`

`looker.instances.list`

`looker.instances.login`

`looker.instances.update`

`looker.locations.get`

`looker.locations.list`

`looker.operations.cancel`

`looker.operations.delete`

`looker.operations.get`

`looker.operations.list`