Google Cloud Observability roles and permissions

This page lists the IAM roles and permissions for Google Cloud Observability. To search through all roles and permissions, see the role and permission index.

Google Cloud Observability roles

Role Permissions

Role	Permissions
Observability Admin ^Beta (`roles/observability.admin`) Full access to Observability resources.	`observability.*` `observability.analyticsViews.create` `observability.analyticsViews.delete` `observability.analyticsViews.get` `observability.analyticsViews.list` `observability.analyticsViews.update` `observability.buckets.create` `observability.buckets.delete` `observability.buckets.get` `observability.buckets.list` `observability.buckets.undelete` `observability.buckets.update` `observability.datasets.create` `observability.datasets.delete` `observability.datasets.get` `observability.datasets.list` `observability.datasets.undelete` `observability.datasets.update` `observability.links.create` `observability.links.delete` `observability.links.get` `observability.links.list` `observability.links.update` `observability.locations.get` `observability.locations.list` `observability.operations.cancel` `observability.operations.delete` `observability.operations.get` `observability.operations.list` `observability.scopes.get` `observability.scopes.update` `observability.settings.get` `observability.settings.update` `observability.traceScopes.create` `observability.traceScopes.delete` `observability.traceScopes.get` `observability.traceScopes.list` `observability.traceScopes.update` `observability.views.access` `observability.views.create` `observability.views.delete` `observability.views.get` `observability.views.list` `observability.views.update`
Observability Editor ^Beta (`roles/observability.editor`) Edit access to Observability resources.	`observability.analyticsViews.` `observability.analyticsViews.create` `observability.analyticsViews.delete` `observability.analyticsViews.get` `observability.analyticsViews.list` `observability.analyticsViews.update` `observability.buckets.create` `observability.buckets.get` `observability.buckets.list` `observability.buckets.update` `observability.datasets.create` `observability.datasets.get` `observability.datasets.list` `observability.datasets.update` `observability.links.` `observability.links.create` `observability.links.delete` `observability.links.get` `observability.links.list` `observability.links.update` `observability.locations.` `observability.locations.get` `observability.locations.list` `observability.operations.` `observability.operations.cancel` `observability.operations.delete` `observability.operations.get` `observability.operations.list` `observability.scopes.` `observability.scopes.get` `observability.scopes.update` `observability.settings.` `observability.settings.get` `observability.settings.update` `observability.traceScopes.*` `observability.traceScopes.create` `observability.traceScopes.delete` `observability.traceScopes.get` `observability.traceScopes.list` `observability.traceScopes.update` `observability.views.create` `observability.views.delete` `observability.views.get` `observability.views.list` `observability.views.update`
Observability Viewer ^Beta (`roles/observability.viewer`) Read only access to Observability resources.	`observability.analyticsViews.get` `observability.analyticsViews.list` `observability.buckets.get` `observability.buckets.list` `observability.datasets.get` `observability.datasets.list` `observability.links.get` `observability.links.list` `observability.locations.*` `observability.locations.get` `observability.locations.list` `observability.operations.get` `observability.operations.list` `observability.scopes.get` `observability.settings.get` `observability.traceScopes.get` `observability.traceScopes.list` `observability.views.get` `observability.views.list`
Observability Analytics User ^Beta (`roles/observability.analyticsUser`) Grants permissions to use Cloud Observability Analytics.	`logging.queries.getShared` `logging.queries.listShared` `logging.queries.usePrivate` `observability.analyticsViews.` `observability.analyticsViews.create` `observability.analyticsViews.delete` `observability.analyticsViews.get` `observability.analyticsViews.list` `observability.analyticsViews.update` `observability.buckets.get` `observability.buckets.list` `observability.datasets.get` `observability.datasets.list` `observability.links.get` `observability.links.list` `observability.locations.` `observability.locations.get` `observability.locations.list` `observability.operations.get` `observability.operations.list` `observability.scopes.get` `observability.settings.get` `observability.traceScopes.get` `observability.traceScopes.list` `observability.views.get` `observability.views.list`
Observability Scopes Editor ^Beta (`roles/observability.scopesEditor`) Grants permission to view and edit Observability, Logging, Trace, and Monitoring scopes	`logging.logScopes.` `logging.logScopes.create` `logging.logScopes.delete` `logging.logScopes.get` `logging.logScopes.list` `logging.logScopes.update` `monitoring.metricsScopes.link` `observability.scopes.` `observability.scopes.get` `observability.scopes.update` `observability.traceScopes.*` `observability.traceScopes.create` `observability.traceScopes.delete` `observability.traceScopes.get` `observability.traceScopes.list` `observability.traceScopes.update`
Observability View Accessor ^Beta (`roles/observability.viewAccessor`) Read only access to data defined by an Observability View.	`observability.views.access`

Observability Admin ^Beta

(roles/observability.admin)

Full access to Observability resources.

observability.*

observability.analyticsViews.create
observability.analyticsViews.delete
observability.analyticsViews.get
observability.analyticsViews.list
observability.analyticsViews.update
observability.buckets.create
observability.buckets.delete
observability.buckets.get
observability.buckets.list
observability.buckets.undelete
observability.buckets.update
observability.datasets.create
observability.datasets.delete
observability.datasets.get
observability.datasets.list
observability.datasets.undelete
observability.datasets.update
observability.links.create
observability.links.delete
observability.links.get
observability.links.list
observability.links.update
observability.locations.get
observability.locations.list
observability.operations.cancel
observability.operations.delete
observability.operations.get
observability.operations.list
observability.scopes.get
observability.scopes.update
observability.settings.get
observability.settings.update
observability.traceScopes.create
observability.traceScopes.delete
observability.traceScopes.get
observability.traceScopes.list
observability.traceScopes.update
observability.views.access
observability.views.create
observability.views.delete
observability.views.get
observability.views.list
observability.views.update

Observability Editor ^Beta

(roles/observability.editor)

Edit access to Observability resources.

observability.analyticsViews.*

observability.analyticsViews.create
observability.analyticsViews.delete
observability.analyticsViews.get
observability.analyticsViews.list
observability.analyticsViews.update

observability.buckets.create

observability.buckets.get

observability.buckets.list

observability.buckets.update

observability.datasets.create

observability.datasets.get

observability.datasets.list

observability.datasets.update

observability.links.*

observability.links.create
observability.links.delete
observability.links.get
observability.links.list
observability.links.update

observability.locations.*

observability.locations.get
observability.locations.list

observability.operations.*

observability.operations.cancel
observability.operations.delete
observability.operations.get
observability.operations.list

observability.scopes.*

observability.scopes.get
observability.scopes.update

observability.settings.*

observability.settings.get
observability.settings.update

observability.traceScopes.*

observability.traceScopes.create
observability.traceScopes.delete
observability.traceScopes.get
observability.traceScopes.list
observability.traceScopes.update

observability.views.create

observability.views.delete

observability.views.get

observability.views.list

observability.views.update

Observability Viewer ^Beta

(roles/observability.viewer)

Read only access to Observability resources.

observability.analyticsViews.get

observability.analyticsViews.list

observability.buckets.get

observability.buckets.list

observability.datasets.get

observability.datasets.list

observability.links.get

observability.links.list

observability.locations.*

observability.locations.get
observability.locations.list

observability.operations.get

observability.operations.list

observability.scopes.get

observability.settings.get

observability.traceScopes.get

observability.traceScopes.list

observability.views.get

observability.views.list

Observability Analytics User ^Beta

(roles/observability.analyticsUser)

Grants permissions to use Cloud Observability Analytics.

logging.queries.getShared

logging.queries.listShared

logging.queries.usePrivate

observability.analyticsViews.*

observability.analyticsViews.create
observability.analyticsViews.delete
observability.analyticsViews.get
observability.analyticsViews.list
observability.analyticsViews.update

observability.buckets.get

observability.buckets.list

observability.datasets.get

observability.datasets.list

observability.links.get

observability.links.list

observability.locations.*

observability.locations.get
observability.locations.list

observability.operations.get

observability.operations.list

observability.scopes.get

observability.settings.get

observability.traceScopes.get

observability.traceScopes.list

observability.views.get

observability.views.list

Observability Scopes Editor ^Beta

(roles/observability.scopesEditor)

Grants permission to view and edit Observability, Logging, Trace, and Monitoring scopes

logging.logScopes.*

logging.logScopes.create
logging.logScopes.delete
logging.logScopes.get
logging.logScopes.list
logging.logScopes.update

monitoring.metricsScopes.link

observability.scopes.*

observability.scopes.get
observability.scopes.update

observability.traceScopes.*

observability.traceScopes.create
observability.traceScopes.delete
observability.traceScopes.get
observability.traceScopes.list
observability.traceScopes.update

Observability View Accessor ^Beta

(roles/observability.viewAccessor)

Read only access to data defined by an Observability View.

observability.views.access

Service agent roles

Service agent roles should only be granted to service agents.

Role Permissions

Role	Permissions
Observability Service Agent (`roles/observability.serviceAgent`) Grants Observability service account the ability to list, create and link datasets in the consumer project. Warning: Do not grant service agent roles to any principals except service agents.	`bigquery.datasets.create` `bigquery.datasets.get` `bigquery.datasets.link`

Observability Service Agent

(roles/observability.serviceAgent)

Grants Observability service account the ability to list, create and link datasets in the consumer project.

bigquery.datasets.create

bigquery.datasets.get

bigquery.datasets.link

Google Cloud Observability permissions

Permission	Included in roles
`observability.analyticsViews.create`	Owner (`roles/owner`) Editor (`roles/editor`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`) Observability Analytics User (`roles/observability.analyticsUser`)
`observability.analyticsViews.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`) Observability Analytics User (`roles/observability.analyticsUser`)
`observability.analyticsViews.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`) Observability Viewer (`roles/observability.viewer`) Support User (`roles/iam.supportUser`) Observability Analytics User (`roles/observability.analyticsUser`)
`observability.analyticsViews.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`) Observability Viewer (`roles/observability.viewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Observability Analytics User (`roles/observability.analyticsUser`)
`observability.analyticsViews.update`	Owner (`roles/owner`) Editor (`roles/editor`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`) Observability Analytics User (`roles/observability.analyticsUser`)
`observability.buckets.create`	Owner (`roles/owner`) Editor (`roles/editor`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`)
`observability.buckets.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Observability Admin (`roles/observability.admin`)
`observability.buckets.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`) Observability Viewer (`roles/observability.viewer`) Support User (`roles/iam.supportUser`) Observability Analytics User (`roles/observability.analyticsUser`)
`observability.buckets.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`) Observability Viewer (`roles/observability.viewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Observability Analytics User (`roles/observability.analyticsUser`)
`observability.buckets.undelete`	Owner (`roles/owner`) Editor (`roles/editor`) Observability Admin (`roles/observability.admin`)
`observability.buckets.update`	Owner (`roles/owner`) Editor (`roles/editor`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`)
`observability.datasets.create`	Owner (`roles/owner`) Editor (`roles/editor`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`)
`observability.datasets.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Observability Admin (`roles/observability.admin`)
`observability.datasets.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`) Observability Viewer (`roles/observability.viewer`) Support User (`roles/iam.supportUser`) Observability Analytics User (`roles/observability.analyticsUser`)
`observability.datasets.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`) Observability Viewer (`roles/observability.viewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Observability Analytics User (`roles/observability.analyticsUser`)
`observability.datasets.undelete`	Owner (`roles/owner`) Editor (`roles/editor`) Observability Admin (`roles/observability.admin`)
`observability.datasets.update`	Owner (`roles/owner`) Editor (`roles/editor`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`)
`observability.links.create`	Owner (`roles/owner`) Editor (`roles/editor`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`)
`observability.links.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`)
`observability.links.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`) Observability Viewer (`roles/observability.viewer`) Support User (`roles/iam.supportUser`) Observability Analytics User (`roles/observability.analyticsUser`)
`observability.links.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`) Observability Viewer (`roles/observability.viewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Observability Analytics User (`roles/observability.analyticsUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Monitoring Service Agent (`roles/monitoring.notificationServiceAgent`)
`observability.links.update`	Owner (`roles/owner`) Editor (`roles/editor`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`)
`observability.locations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`) Observability Viewer (`roles/observability.viewer`) Support User (`roles/iam.supportUser`) Observability Analytics User (`roles/observability.analyticsUser`)
`observability.locations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`) Observability Viewer (`roles/observability.viewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Observability Analytics User (`roles/observability.analyticsUser`)
`observability.operations.cancel`	Owner (`roles/owner`) Editor (`roles/editor`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`)
`observability.operations.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`)
`observability.operations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`) Observability Viewer (`roles/observability.viewer`) Support User (`roles/iam.supportUser`) Observability Analytics User (`roles/observability.analyticsUser`)
`observability.operations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`) Observability Viewer (`roles/observability.viewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Observability Analytics User (`roles/observability.analyticsUser`)
`observability.scopes.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Trace Admin (`roles/cloudtrace.admin`) Cloud Trace User (`roles/cloudtrace.user`) Logging Admin (`roles/logging.admin`) Private Logs Viewer (`roles/logging.privateLogViewer`) Logs Viewer (`roles/logging.viewer`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`) Observability Viewer (`roles/observability.viewer`) Telco Automation Admin (`roles/telcoautomation.admin`) Cloud Hub Operator (`roles/cloudhub.operator`) Dataproc Hub Agent (`roles/dataproc.hubAgent`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Dev Ops (`roles/iam.devOps`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) ML Engineer (`roles/iam.mlEngineer`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Logs Configuration Writer (`roles/logging.configWriter`) Observability Analytics User (`roles/observability.analyticsUser`) Observability Scopes Editor (`roles/observability.scopesEditor`) Telco Automation Tier 1 Operations Admin (`roles/telcoautomation.opsAdminTier1`) Telco Automation Tier 4 Operations Admin (`roles/telcoautomation.opsAdminTier4`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`observability.scopes.update`	Owner (`roles/owner`) Editor (`roles/editor`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`) Observability Scopes Editor (`roles/observability.scopesEditor`)
`observability.settings.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`) Observability Viewer (`roles/observability.viewer`) Support User (`roles/iam.supportUser`) Observability Analytics User (`roles/observability.analyticsUser`)
`observability.settings.update`	Owner (`roles/owner`) Editor (`roles/editor`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`)
`observability.traceScopes.create`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Trace Admin (`roles/cloudtrace.admin`) Cloud Trace User (`roles/cloudtrace.user`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Observability Scopes Editor (`roles/observability.scopesEditor`)
`observability.traceScopes.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Trace Admin (`roles/cloudtrace.admin`) Cloud Trace User (`roles/cloudtrace.user`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Observability Scopes Editor (`roles/observability.scopesEditor`)
`observability.traceScopes.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Trace Admin (`roles/cloudtrace.admin`) Cloud Trace User (`roles/cloudtrace.user`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`) Observability Viewer (`roles/observability.viewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Observability Analytics User (`roles/observability.analyticsUser`) Observability Scopes Editor (`roles/observability.scopesEditor`)
`observability.traceScopes.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Trace Admin (`roles/cloudtrace.admin`) Cloud Trace User (`roles/cloudtrace.user`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`) Observability Viewer (`roles/observability.viewer`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Observability Analytics User (`roles/observability.analyticsUser`) Observability Scopes Editor (`roles/observability.scopesEditor`)
`observability.traceScopes.update`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Trace Admin (`roles/cloudtrace.admin`) Cloud Trace User (`roles/cloudtrace.user`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Observability Scopes Editor (`roles/observability.scopesEditor`)
`observability.views.access`	Owner (`roles/owner`) Observability Admin (`roles/observability.admin`) Observability View Accessor (`roles/observability.viewAccessor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Custom Code Service Agent (`roles/aiplatform.customCodeServiceAgent`)
`observability.views.create`	Owner (`roles/owner`) Editor (`roles/editor`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`)
`observability.views.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`)
`observability.views.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`) Observability Viewer (`roles/observability.viewer`) Support User (`roles/iam.supportUser`) Observability Analytics User (`roles/observability.analyticsUser`)
`observability.views.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`) Observability Viewer (`roles/observability.viewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Observability Analytics User (`roles/observability.analyticsUser`)
`observability.views.update`	Owner (`roles/owner`) Editor (`roles/editor`) Observability Admin (`roles/observability.admin`) Observability Editor (`roles/observability.editor`)

Google Cloud Observability roles and permissions Stay organized with collections Save and categorize content based on your preferences.