MCP on Google Cloud roles and permissions

This page lists the IAM roles and permissions for MCP on Google Cloud. To search through all roles and permissions, see the role and permission index.

MCP on Google Cloud roles

Role Permissions

Role	Permissions
MCP tool user ^Beta (`roles/mcp.toolUser`) Role for calling tools on any MCP server enabled by the parent project.	`mcp.tools.call` `resourcemanager.projects.get` `resourcemanager.projects.list`

MCP tool user ^Beta

(roles/mcp.toolUser)

Role for calling tools on any MCP server enabled by the parent project.

mcp.tools.call

resourcemanager.projects.get

resourcemanager.projects.list

MCP on Google Cloud permissions

Permission Included in roles

Permission	Included in roles
`mcp.tools.call`	Owner (`roles/owner`) Editor (`roles/editor`) MCP tool user (`roles/mcp.toolUser`)

`mcp.tools.call`

Owner (roles/owner)

Editor (roles/editor)

MCP tool user (roles/mcp.toolUser)

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-11-19 UTC.

MCP on Google Cloud roles and permissions Stay organized with collections Save and categorize content based on your preferences.

MCP on Google Cloud roles

MCP tool user Beta

MCP on Google Cloud permissions

mcp.tools.call

MCP on Google Cloud roles and permissions

MCP tool user ^Beta

`mcp.tools.call`