Memorystore roles and permissions

This page lists the IAM roles and permissions for Memorystore. To search through all roles and permissions, see the role and permission index.

Memorystore roles

Role Permissions

Role	Permissions
Memorystore Admin (`roles/memorystore.admin`) Full access to Memorystore resources.	`memorystore.*` `memorystore.backupCollections.get` `memorystore.backupCollections.list` `memorystore.backups.delete` `memorystore.backups.export` `memorystore.backups.get` `memorystore.backups.list` `memorystore.instances.backup` `memorystore.instances.connect` `memorystore.instances.create` `memorystore.instances.delete` `memorystore.instances.get` `memorystore.instances.list` `memorystore.instances.update` `memorystore.locations.get` `memorystore.locations.list` `memorystore.operations.cancel` `memorystore.operations.delete` `memorystore.operations.get` `memorystore.operations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Memorystore Viewer (`roles/memorystore.viewer`) Readonly access to Memorystore resources.	`memorystore.backupCollections.` `memorystore.backupCollections.get` `memorystore.backupCollections.list` `memorystore.backups.get` `memorystore.backups.list` `memorystore.instances.get` `memorystore.instances.list` `memorystore.locations.` `memorystore.locations.get` `memorystore.locations.list` `memorystore.operations.get` `memorystore.operations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Memorystore DB Connector User (`roles/memorystore.dbConnectionUser`) Access to connecting to Memorystore Server db.	`memorystore.instances.connect`

Memorystore Admin

(roles/memorystore.admin)

Full access to Memorystore resources.

memorystore.*

memorystore.backupCollections.get
memorystore.backupCollections.list
memorystore.backups.delete
memorystore.backups.export
memorystore.backups.get
memorystore.backups.list
memorystore.instances.backup
memorystore.instances.connect
memorystore.instances.create
memorystore.instances.delete
memorystore.instances.get
memorystore.instances.list
memorystore.instances.update
memorystore.locations.get
memorystore.locations.list
memorystore.operations.cancel
memorystore.operations.delete
memorystore.operations.get
memorystore.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Memorystore Viewer

(roles/memorystore.viewer)

Readonly access to Memorystore resources.

memorystore.backupCollections.*

memorystore.backupCollections.get
memorystore.backupCollections.list

memorystore.backups.get

memorystore.backups.list

memorystore.instances.get

memorystore.instances.list

memorystore.locations.*

memorystore.locations.get
memorystore.locations.list

memorystore.operations.get

memorystore.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Memorystore DB Connector User

(roles/memorystore.dbConnectionUser)

Access to connecting to Memorystore Server db.

memorystore.instances.connect

Service agent roles

Service agent roles should only be granted to service agents.

Role Permissions

Role	Permissions
Cloud Memorystore Service Agent (`roles/memorystore.serviceAgent`) Gives Cloud Memorystore service account access to managed resource Warning: Do not grant service agent roles to any principals except service agents.	`compute.globalOperations.get` `compute.networkAttachments.get` `compute.networkAttachments.update` `compute.networks.addPeering` `compute.networks.get` `compute.networks.removePeering` `compute.projects.get` `compute.routes.get` `compute.routes.list` `compute.subnetworks.get` `compute.subnetworks.list` `compute.subnetworks.use` `monitoring.metricDescriptors.create` `monitoring.metricDescriptors.get` `monitoring.metricDescriptors.list` `monitoring.monitoredResourceDescriptors.*` `monitoring.monitoredResourceDescriptors.get` `monitoring.monitoredResourceDescriptors.list` `monitoring.timeSeries.create` `resourcemanager.projects.get` `resourcemanager.projects.list` `telemetry.metrics.write`

Cloud Memorystore Service Agent

(roles/memorystore.serviceAgent)

Gives Cloud Memorystore service account access to managed resource

compute.globalOperations.get

compute.networkAttachments.get

compute.networkAttachments.update

compute.networks.addPeering

compute.networks.get

compute.networks.removePeering

compute.projects.get

compute.routes.get

compute.routes.list

compute.subnetworks.get

compute.subnetworks.list

compute.subnetworks.use

monitoring.metricDescriptors.create

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

monitoring.monitoredResourceDescriptors.get
monitoring.monitoredResourceDescriptors.list

monitoring.timeSeries.create

resourcemanager.projects.get

resourcemanager.projects.list

telemetry.metrics.write

Memorystore permissions

Permission	Included in roles
`memorystore.backupCollections.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Memorystore Admin (`roles/memorystore.admin`) Memorystore Viewer (`roles/memorystore.viewer`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Support User (`roles/iam.supportUser`)
`memorystore.backupCollections.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Memorystore Admin (`roles/memorystore.admin`) Memorystore Viewer (`roles/memorystore.viewer`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`memorystore.backups.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Memorystore Admin (`roles/memorystore.admin`) Databases Admin (`roles/iam.databasesAdmin`)
`memorystore.backups.export`	Owner (`roles/owner`) Editor (`roles/editor`) Memorystore Admin (`roles/memorystore.admin`) Databases Admin (`roles/iam.databasesAdmin`)
`memorystore.backups.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Memorystore Admin (`roles/memorystore.admin`) Memorystore Viewer (`roles/memorystore.viewer`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Support User (`roles/iam.supportUser`)
`memorystore.backups.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Memorystore Admin (`roles/memorystore.admin`) Memorystore Viewer (`roles/memorystore.viewer`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`memorystore.instances.backup`	Owner (`roles/owner`) Editor (`roles/editor`) Memorystore Admin (`roles/memorystore.admin`) Databases Admin (`roles/iam.databasesAdmin`)
`memorystore.instances.connect`	Owner (`roles/owner`) Editor (`roles/editor`) Memorystore Admin (`roles/memorystore.admin`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Memorystore DB Connector User (`roles/memorystore.dbConnectionUser`)
`memorystore.instances.create`	Owner (`roles/owner`) Editor (`roles/editor`) Memorystore Admin (`roles/memorystore.admin`) Databases Admin (`roles/iam.databasesAdmin`)
`memorystore.instances.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Memorystore Admin (`roles/memorystore.admin`) Databases Admin (`roles/iam.databasesAdmin`)
`memorystore.instances.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Memorystore Admin (`roles/memorystore.admin`) Memorystore Viewer (`roles/memorystore.viewer`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Support User (`roles/iam.supportUser`)
`memorystore.instances.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Memorystore Admin (`roles/memorystore.admin`) Memorystore Viewer (`roles/memorystore.viewer`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`memorystore.instances.update`	Owner (`roles/owner`) Editor (`roles/editor`) Memorystore Admin (`roles/memorystore.admin`) Databases Admin (`roles/iam.databasesAdmin`)
`memorystore.locations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Memorystore Admin (`roles/memorystore.admin`) Memorystore Viewer (`roles/memorystore.viewer`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Support User (`roles/iam.supportUser`)
`memorystore.locations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Memorystore Admin (`roles/memorystore.admin`) Memorystore Viewer (`roles/memorystore.viewer`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`memorystore.operations.cancel`	Owner (`roles/owner`) Editor (`roles/editor`) Memorystore Admin (`roles/memorystore.admin`) Databases Admin (`roles/iam.databasesAdmin`)
`memorystore.operations.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Memorystore Admin (`roles/memorystore.admin`) Databases Admin (`roles/iam.databasesAdmin`)
`memorystore.operations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Memorystore Admin (`roles/memorystore.admin`) Memorystore Viewer (`roles/memorystore.viewer`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Support User (`roles/iam.supportUser`)
`memorystore.operations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Memorystore Admin (`roles/memorystore.admin`) Memorystore Viewer (`roles/memorystore.viewer`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)

Memorystore roles and permissions