Resource Manager roles and permissions

This page lists the IAM roles and permissions for Resource Manager. To search through all roles and permissions, see the role and permission index.

Resource Manager roles

Role Permissions

(roles/resourcemanager.folderAdmin)

Provides all available permissions for working with folders.

Lowest-level resources where you can grant this role:

  • Folder

essentialcontacts.*

  • essentialcontacts.contacts.create
  • essentialcontacts.contacts.delete
  • essentialcontacts.contacts.get
  • essentialcontacts.contacts.list
  • essentialcontacts.contacts.send
  • essentialcontacts.contacts.update

iam.policybindings.*

  • iam.policybindings.get
  • iam.policybindings.list

orgpolicy.constraints.list

orgpolicy.policies.list

orgpolicy.policy.get

resourcemanager.capabilities.*

  • resourcemanager.capabilities.get
  • resourcemanager.capabilities.update

resourcemanager.folders.*

  • resourcemanager.folders.create
  • resourcemanager.folders.createPolicyBinding
  • resourcemanager.folders.delete
  • resourcemanager.folders.deletePolicyBinding
  • resourcemanager.folders.get
  • resourcemanager.folders.getIamPolicy
  • resourcemanager.folders.list
  • resourcemanager.folders.move
  • resourcemanager.folders.searchPolicyBindings
  • resourcemanager.folders.setIamPolicy
  • resourcemanager.folders.undelete
  • resourcemanager.folders.update
  • resourcemanager.folders.updatePolicyBinding

resourcemanager.hierarchyNodes.*

  • resourcemanager.hierarchyNodes.createTagBinding
  • resourcemanager.hierarchyNodes.deleteTagBinding
  • resourcemanager.hierarchyNodes.listEffectiveTags
  • resourcemanager.hierarchyNodes.listTagBindings

resourcemanager.projects.createPolicyBinding

resourcemanager.projects.deletePolicyBinding

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

resourcemanager.projects.list

resourcemanager.projects.move

resourcemanager.projects.searchPolicyBindings

resourcemanager.projects.setIamPolicy

resourcemanager.projects.updatePolicyBinding

(roles/resourcemanager.organizationAdmin)

Access to manage IAM policies and view organization policies for organizations, folders, and projects.

Lowest-level resources where you can grant this role:

  • Project

essentialcontacts.*

  • essentialcontacts.contacts.create
  • essentialcontacts.contacts.delete
  • essentialcontacts.contacts.get
  • essentialcontacts.contacts.list
  • essentialcontacts.contacts.send
  • essentialcontacts.contacts.update

iam.policybindings.*

  • iam.policybindings.get
  • iam.policybindings.list

orgpolicy.constraints.list

orgpolicy.policies.list

orgpolicy.policy.get

resourcemanager.capabilities.*

  • resourcemanager.capabilities.get
  • resourcemanager.capabilities.update

resourcemanager.folders.createPolicyBinding

resourcemanager.folders.deletePolicyBinding

resourcemanager.folders.get

resourcemanager.folders.getIamPolicy

resourcemanager.folders.list

resourcemanager.folders.searchPolicyBindings

resourcemanager.folders.setIamPolicy

resourcemanager.folders.updatePolicyBinding

resourcemanager.organizations.*

  • resourcemanager.organizations.createPolicyBinding
  • resourcemanager.organizations.deletePolicyBinding
  • resourcemanager.organizations.get
  • resourcemanager.organizations.getIamPolicy
  • resourcemanager.organizations.searchPolicyBindings
  • resourcemanager.organizations.setIamPolicy
  • resourcemanager.organizations.updatePolicyBinding

resourcemanager.projects.createPolicyBinding

resourcemanager.projects.deletePolicyBinding

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

resourcemanager.projects.list

resourcemanager.projects.searchPolicyBindings

resourcemanager.projects.setIamPolicy

resourcemanager.projects.updatePolicyBinding

(roles/resourcemanager.projectIamAdmin)

Provides permissions to administer allow policies on projects.

Lowest-level resources where you can grant this role:

  • Project

iam.policybindings.*

  • iam.policybindings.get
  • iam.policybindings.list

resourcemanager.projects.createPolicyBinding

resourcemanager.projects.deletePolicyBinding

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

resourcemanager.projects.searchPolicyBindings

resourcemanager.projects.setIamPolicy

resourcemanager.projects.updatePolicyBinding

(roles/resourcemanager.projectMover)

Provides access to update and move projects.

Lowest-level resources where you can grant this role:

  • Project

resourcemanager.projects.get

resourcemanager.projects.move

resourcemanager.projects.update

(roles/resourcemanager.tagAdmin)

Access to create, delete, update, and manage access to Tags

resourcemanager.tagHolds.*

  • resourcemanager.tagHolds.create
  • resourcemanager.tagHolds.delete
  • resourcemanager.tagHolds.list

resourcemanager.tagKeys.*

  • resourcemanager.tagKeys.create
  • resourcemanager.tagKeys.delete
  • resourcemanager.tagKeys.get
  • resourcemanager.tagKeys.getIamPolicy
  • resourcemanager.tagKeys.list
  • resourcemanager.tagKeys.setIamPolicy
  • resourcemanager.tagKeys.update

resourcemanager.tagValues.*

  • resourcemanager.tagValues.create
  • resourcemanager.tagValues.delete
  • resourcemanager.tagValues.get
  • resourcemanager.tagValues.getIamPolicy
  • resourcemanager.tagValues.list
  • resourcemanager.tagValues.setIamPolicy
  • resourcemanager.tagValues.update

(roles/resourcemanager.tagUser)

Access to list Tags and manage their associations with resources

alloydb.backups.createTagBinding

alloydb.backups.deleteTagBinding

alloydb.backups.listEffectiveTags

alloydb.backups.listTagBindings

alloydb.clusters.createTagBinding

alloydb.clusters.deleteTagBinding

alloydb.clusters.listEffectiveTags

alloydb.clusters.listTagBindings

apigateway.apis.createTagBinding

apigateway.apis.deleteTagBinding

apigateway.apis.listEffectiveTags

apigateway.apis.listTagBindings

apigateway.gateways.createTagBinding

apigateway.gateways.deleteTagBinding

apigateway.gateways.listEffectiveTags

apigateway.gateways.listTagBindings

apihub.apis.createTagBinding

apihub.apis.deleteTagBinding

apihub.apis.listEffectiveTags

apihub.apis.listTagBindings

apihub.deployments.createTagBinding

apihub.deployments.deleteTagBinding

apihub.deployments.listEffectiveTags

apihub.deployments.listTagBindings

artifactregistry.repositories.createTagBinding

artifactregistry.repositories.deleteTagBinding

artifactregistry.repositories.listEffectiveTags

artifactregistry.repositories.listTagBindings

beyondcorp.appConnections.createTagBinding

beyondcorp.appConnections.deleteTagBinding

beyondcorp.appConnections.listEffectiveTags

beyondcorp.appConnections.listTagBindings

beyondcorp.appConnectors.createTagBinding

beyondcorp.appConnectors.deleteTagBinding

beyondcorp.appConnectors.listEffectiveTags

beyondcorp.appConnectors.listTagBindings

beyondcorp.appGateways.createTagBinding

beyondcorp.appGateways.deleteTagBinding

beyondcorp.appGateways.listEffectiveTags

beyondcorp.appGateways.listTagBindings

bigquery.datasets.createTagBinding

bigquery.datasets.deleteTagBinding

bigquery.datasets.listEffectiveTags

bigquery.datasets.listTagBindings

bigquery.tables.createTagBinding

bigquery.tables.deleteTagBinding

bigquery.tables.listEffectiveTags

bigquery.tables.listTagBindings

bigtable.authorizedViews.createTagBinding

bigtable.authorizedViews.deleteTagBinding

bigtable.authorizedViews.listEffectiveTags

bigtable.authorizedViews.listTagBindings

bigtable.instances.createTagBinding

bigtable.instances.deleteTagBinding

bigtable.instances.listEffectiveTags

bigtable.instances.listTagBindings

certificatemanager.certissuanceconfigs.createTagBinding

certificatemanager.certissuanceconfigs.deleteTagBinding

certificatemanager.certissuanceconfigs.listEffectiveTags

certificatemanager.certissuanceconfigs.listTagBindings

certificatemanager.certmapentries.createTagBinding

certificatemanager.certmapentries.deleteTagBinding

certificatemanager.certmapentries.listEffectiveTags

certificatemanager.certmapentries.listTagBindings

certificatemanager.certmaps.createTagBinding

certificatemanager.certmaps.deleteTagBinding

certificatemanager.certmaps.listEffectiveTags

certificatemanager.certmaps.listTagBindings

certificatemanager.certs.createTagBinding

certificatemanager.certs.deleteTagBinding

certificatemanager.certs.listEffectiveTags

certificatemanager.certs.listTagBindings

certificatemanager.dnsauthorizations.createTagBinding

certificatemanager.dnsauthorizations.deleteTagBinding

certificatemanager.dnsauthorizations.listEffectiveTags

certificatemanager.dnsauthorizations.listTagBindings

certificatemanager.trustconfigs.createTagBinding

certificatemanager.trustconfigs.deleteTagBinding

certificatemanager.trustconfigs.listEffectiveTags

certificatemanager.trustconfigs.listTagBindings

clouddeploy.deliveryPipelines.createTagBinding

clouddeploy.deliveryPipelines.deleteTagBinding

clouddeploy.deliveryPipelines.listEffectiveTags

clouddeploy.deliveryPipelines.listTagBindings

clouddeploy.targets.createTagBinding

clouddeploy.targets.deleteTagBinding

clouddeploy.targets.listEffectiveTags

clouddeploy.targets.listTagBindings

cloudkms.keyRings.createTagBinding

cloudkms.keyRings.deleteTagBinding

cloudkms.keyRings.listEffectiveTags

cloudkms.keyRings.listTagBindings

cloudsql.instances.createTagBinding

cloudsql.instances.deleteTagBinding

cloudsql.instances.listEffectiveTags

cloudsql.instances.listTagBindings

compute.addresses.createTagBinding

compute.addresses.deleteTagBinding

compute.addresses.listEffectiveTags

compute.addresses.listTagBindings

compute.backendBuckets.createTagBinding

compute.backendBuckets.deleteTagBinding

compute.backendBuckets.listEffectiveTags

compute.backendBuckets.listTagBindings

compute.backendServices.createTagBinding

compute.backendServices.deleteTagBinding

compute.backendServices.listEffectiveTags

compute.backendServices.listTagBindings

compute.commitments.createTagBinding

compute.commitments.deleteTagBinding

compute.commitments.listEffectiveTags

compute.commitments.listTagBindings

compute.disks.createTagBinding

compute.disks.deleteTagBinding

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.externalVpnGateways.createTagBinding

compute.externalVpnGateways.deleteTagBinding

compute.externalVpnGateways.listEffectiveTags

compute.externalVpnGateways.listTagBindings

compute.firewallPolicies.createTagBinding

compute.firewallPolicies.deleteTagBinding

compute.firewallPolicies.listEffectiveTags

compute.firewallPolicies.listTagBindings

compute.firewalls.createTagBinding

compute.firewalls.deleteTagBinding

compute.firewalls.listEffectiveTags

compute.firewalls.listTagBindings

compute.forwardingRules.createTagBinding

compute.forwardingRules.deleteTagBinding

compute.forwardingRules.listEffectiveTags

compute.forwardingRules.listTagBindings

compute.futureReservations.createTagBinding

compute.futureReservations.deleteTagBinding

compute.futureReservations.listEffectiveTags

compute.futureReservations.listTagBindings

compute.globalAddresses.createTagBinding

compute.globalAddresses.deleteTagBinding

compute.globalAddresses.listEffectiveTags

compute.globalAddresses.listTagBindings

compute.globalForwardingRules.createTagBinding

compute.globalForwardingRules.deleteTagBinding

compute.globalForwardingRules.listEffectiveTags

compute.globalForwardingRules.listTagBindings

compute.globalNetworkEndpointGroups.createTagBinding

compute.globalNetworkEndpointGroups.deleteTagBinding

compute.globalNetworkEndpointGroups.listEffectiveTags

compute.globalNetworkEndpointGroups.listTagBindings

compute.healthChecks.createTagBinding

compute.healthChecks.deleteTagBinding

compute.healthChecks.listEffectiveTags

compute.healthChecks.listTagBindings

compute.httpHealthChecks.createTagBinding

compute.httpHealthChecks.deleteTagBinding

compute.httpHealthChecks.listEffectiveTags

compute.httpHealthChecks.listTagBindings

compute.httpsHealthChecks.createTagBinding

compute.httpsHealthChecks.deleteTagBinding

compute.httpsHealthChecks.listEffectiveTags

compute.httpsHealthChecks.listTagBindings

compute.images.createTagBinding

compute.images.deleteTagBinding

compute.images.listEffectiveTags

compute.images.listTagBindings

compute.instanceGroupManagers.createTagBinding

compute.instanceGroupManagers.deleteTagBinding

compute.instanceGroupManagers.listEffectiveTags

compute.instanceGroupManagers.listTagBindings

compute.instanceGroups.createTagBinding

compute.instanceGroups.deleteTagBinding

compute.instanceGroups.listEffectiveTags

compute.instanceGroups.listTagBindings

compute.instances.createTagBinding

compute.instances.deleteTagBinding

compute.instances.listEffectiveTags

compute.instances.listTagBindings

compute.instantSnapshots.createTagBinding

compute.instantSnapshots.deleteTagBinding

compute.instantSnapshots.listEffectiveTags

compute.instantSnapshots.listTagBindings

compute.interconnectAttachments.createTagBinding

compute.interconnectAttachments.deleteTagBinding

compute.interconnectAttachments.listEffectiveTags

compute.interconnectAttachments.listTagBindings

compute.interconnects.createTagBinding

compute.interconnects.deleteTagBinding

compute.interconnects.listEffectiveTags

compute.interconnects.listTagBindings

compute.licenses.createTagBinding

compute.licenses.deleteTagBinding

compute.licenses.listEffectiveTags

compute.licenses.listTagBindings

compute.machineImages.createTagBinding

compute.machineImages.deleteTagBinding

compute.machineImages.listEffectiveTags

compute.machineImages.listTagBindings

compute.networkAttachments.createTagBinding

compute.networkAttachments.deleteTagBinding

compute.networkAttachments.listEffectiveTags

compute.networkAttachments.listTagBindings

compute.networkEdgeSecurityServices.createTagBinding

compute.networkEdgeSecurityServices.deleteTagBinding

compute.networkEdgeSecurityServices.listEffectiveTags

compute.networkEdgeSecurityServices.listTagBindings

compute.networkEndpointGroups.createTagBinding

compute.networkEndpointGroups.deleteTagBinding

compute.networkEndpointGroups.listEffectiveTags

compute.networkEndpointGroups.listTagBindings

compute.networks.createTagBinding

compute.networks.deleteTagBinding

compute.networks.listEffectiveTags

compute.networks.listTagBindings

compute.packetMirrorings.createTagBinding

compute.packetMirrorings.deleteTagBinding

compute.packetMirrorings.listEffectiveTags

compute.packetMirrorings.listTagBindings

compute.publicDelegatedPrefixes.createTagBinding

compute.publicDelegatedPrefixes.deleteTagBinding

compute.publicDelegatedPrefixes.listEffectiveTags

compute.publicDelegatedPrefixes.listTagBindings

compute.regionBackendBuckets.createTagBinding

compute.regionBackendBuckets.deleteTagBinding

compute.regionBackendBuckets.listEffectiveTags

compute.regionBackendBuckets.listTagBindings

compute.regionBackendServices.createTagBinding

compute.regionBackendServices.deleteTagBinding

compute.regionBackendServices.listEffectiveTags

compute.regionBackendServices.listTagBindings

compute.regionFirewallPolicies.createTagBinding

compute.regionFirewallPolicies.deleteTagBinding

compute.regionFirewallPolicies.listEffectiveTags

compute.regionFirewallPolicies.listTagBindings

compute.regionHealthChecks.createTagBinding

compute.regionHealthChecks.deleteTagBinding

compute.regionHealthChecks.listEffectiveTags

compute.regionHealthChecks.listTagBindings

compute.regionNetworkEndpointGroups.createTagBinding

compute.regionNetworkEndpointGroups.deleteTagBinding

compute.regionNetworkEndpointGroups.listEffectiveTags

compute.regionNetworkEndpointGroups.listTagBindings

compute.regionSecurityPolicies.createTagBinding

compute.regionSecurityPolicies.deleteTagBinding

compute.regionSecurityPolicies.listEffectiveTags

compute.regionSecurityPolicies.listTagBindings

compute.regionSslCertificates.createTagBinding

compute.regionSslCertificates.deleteTagBinding

compute.regionSslCertificates.listEffectiveTags

compute.regionSslCertificates.listTagBindings

compute.regionSslPolicies.createTagBinding

compute.regionSslPolicies.deleteTagBinding

compute.regionSslPolicies.listEffectiveTags

compute.regionSslPolicies.listTagBindings

compute.regionTargetHttpProxies.createTagBinding

compute.regionTargetHttpProxies.deleteTagBinding

compute.regionTargetHttpProxies.listEffectiveTags

compute.regionTargetHttpProxies.listTagBindings

compute.regionTargetHttpsProxies.createTagBinding

compute.regionTargetHttpsProxies.deleteTagBinding

compute.regionTargetHttpsProxies.listEffectiveTags

compute.regionTargetHttpsProxies.listTagBindings

compute.regionTargetTcpProxies.createTagBinding

compute.regionTargetTcpProxies.deleteTagBinding

compute.regionTargetTcpProxies.listEffectiveTags

compute.regionTargetTcpProxies.listTagBindings

compute.regionUrlMaps.createTagBinding

compute.regionUrlMaps.deleteTagBinding

compute.regionUrlMaps.listEffectiveTags

compute.regionUrlMaps.listTagBindings

compute.reservations.createTagBinding

compute.reservations.deleteTagBinding

compute.reservations.listEffectiveTags

compute.reservations.listTagBindings

compute.routers.createTagBinding

compute.routers.deleteTagBinding

compute.routers.listEffectiveTags

compute.routers.listTagBindings

compute.routes.createTagBinding

compute.routes.deleteTagBinding

compute.routes.listEffectiveTags

compute.routes.listTagBindings

compute.securityPolicies.createTagBinding

compute.securityPolicies.deleteTagBinding

compute.securityPolicies.listEffectiveTags

compute.securityPolicies.listTagBindings

compute.serviceAttachments.createTagBinding

compute.serviceAttachments.deleteTagBinding

compute.serviceAttachments.listEffectiveTags

compute.serviceAttachments.listTagBindings

compute.snapshots.createTagBinding

compute.snapshots.deleteTagBinding

compute.snapshots.listEffectiveTags

compute.snapshots.listTagBindings

compute.sslCertificates.createTagBinding

compute.sslCertificates.deleteTagBinding

compute.sslCertificates.listEffectiveTags

compute.sslCertificates.listTagBindings

compute.sslPolicies.createTagBinding

compute.sslPolicies.deleteTagBinding

compute.sslPolicies.listEffectiveTags

compute.sslPolicies.listTagBindings

compute.storagePools.createTagBinding

compute.storagePools.deleteTagBinding

compute.storagePools.listEffectiveTags

compute.storagePools.listTagBindings

compute.subnetworks.createTagBinding

compute.subnetworks.deleteTagBinding

compute.subnetworks.listEffectiveTags

compute.subnetworks.listTagBindings

compute.targetGrpcProxies.createTagBinding

compute.targetGrpcProxies.deleteTagBinding

compute.targetGrpcProxies.listEffectiveTags

compute.targetGrpcProxies.listTagBindings

compute.targetHttpProxies.createTagBinding

compute.targetHttpProxies.deleteTagBinding

compute.targetHttpProxies.listEffectiveTags

compute.targetHttpProxies.listTagBindings

compute.targetHttpsProxies.createTagBinding

compute.targetHttpsProxies.deleteTagBinding

compute.targetHttpsProxies.listEffectiveTags

compute.targetHttpsProxies.listTagBindings

compute.targetInstances.createTagBinding

compute.targetInstances.deleteTagBinding

compute.targetInstances.listEffectiveTags

compute.targetInstances.listTagBindings

compute.targetPools.createTagBinding

compute.targetPools.deleteTagBinding

compute.targetPools.listEffectiveTags

compute.targetPools.listTagBindings

compute.targetSslProxies.createTagBinding

compute.targetSslProxies.deleteTagBinding

compute.targetSslProxies.listEffectiveTags

compute.targetSslProxies.listTagBindings

compute.targetTcpProxies.createTagBinding

compute.targetTcpProxies.deleteTagBinding

compute.targetTcpProxies.listEffectiveTags

compute.targetTcpProxies.listTagBindings

compute.targetVpnGateways.createTagBinding

compute.targetVpnGateways.deleteTagBinding

compute.targetVpnGateways.listEffectiveTags

compute.targetVpnGateways.listTagBindings

compute.urlMaps.createTagBinding

compute.urlMaps.deleteTagBinding

compute.urlMaps.listEffectiveTags

compute.urlMaps.listTagBindings

compute.vpnGateways.createTagBinding

compute.vpnGateways.deleteTagBinding

compute.vpnGateways.listEffectiveTags

compute.vpnGateways.listTagBindings

compute.vpnTunnels.createTagBinding

compute.vpnTunnels.deleteTagBinding

compute.vpnTunnels.listEffectiveTags

compute.vpnTunnels.listTagBindings

container.clusters.createTagBinding

container.clusters.deleteTagBinding

container.clusters.listEffectiveTags

container.clusters.listTagBindings

datafusion.instances.createTagBinding

datafusion.instances.deleteTagBinding

datafusion.instances.listEffectiveTags

datafusion.instances.listTagBindings

datamigration.connectionProfiles.*

  • datamigration.connectionProfiles.createTagBinding
  • datamigration.connectionProfiles.deleteTagBinding
  • datamigration.connectionProfiles.listEffectiveTags
  • datamigration.connectionProfiles.listTagBindings

datamigration.migrationJobs.*

  • datamigration.migrationJobs.createTagBinding
  • datamigration.migrationJobs.deleteTagBinding
  • datamigration.migrationJobs.listEffectiveTags
  • datamigration.migrationJobs.listTagBindings

datamigration.privateConnections.*

  • datamigration.privateConnections.createTagBinding
  • datamigration.privateConnections.deleteTagBinding
  • datamigration.privateConnections.listEffectiveTags
  • datamigration.privateConnections.listTagBindings

datastore.databases.createTagBinding

datastore.databases.deleteTagBinding

datastore.databases.listEffectiveTags

datastore.databases.listTagBindings

datastream.connectionProfiles.createTagBinding

datastream.connectionProfiles.deleteTagBinding

datastream.connectionProfiles.listEffectiveTags

datastream.connectionProfiles.listTagBindings

datastream.privateConnections.createTagBinding

datastream.privateConnections.deleteTagBinding

datastream.privateConnections.listEffectiveTags

datastream.privateConnections.listTagBindings

datastream.streams.createTagBinding

datastream.streams.deleteTagBinding

datastream.streams.listEffectiveTags

datastream.streams.listTagBindings

dns.policies.createTagBinding

dns.policies.deleteTagBinding

dns.policies.listEffectiveTags

dns.policies.listTagBindings

domains.registrations.createTagBinding

domains.registrations.deleteTagBinding

domains.registrations.listEffectiveTags

domains.registrations.listTagBindings

file.backups.createTagBinding

file.backups.deleteTagBinding

file.backups.listEffectiveTags

file.backups.listTagBindings

file.instances.createTagBinding

file.instances.deleteTagBinding

file.instances.listEffectiveTags

file.instances.listTagBindings

file.snapshots.*

  • file.snapshots.createTagBinding
  • file.snapshots.deleteTagBinding
  • file.snapshots.listEffectiveTags
  • file.snapshots.listTagBindings

gkemulticloud.attachedClusters.createTagBinding

gkemulticloud.attachedClusters.deleteTagBinding

gkemulticloud.attachedClusters.listEffectiveTags

gkemulticloud.attachedClusters.listTagBindings

gkeonprem.bareMetalAdminClusters.createTagBinding

gkeonprem.bareMetalAdminClusters.deleteTagBinding

gkeonprem.bareMetalAdminClusters.listEffectiveTags

gkeonprem.bareMetalAdminClusters.listTagBindings

gkeonprem.bareMetalClusters.createTagBinding

gkeonprem.bareMetalClusters.deleteTagBinding

gkeonprem.bareMetalClusters.listEffectiveTags

gkeonprem.bareMetalClusters.listTagBindings

gkeonprem.vmwareAdminClusters.createTagBinding

gkeonprem.vmwareAdminClusters.deleteTagBinding

gkeonprem.vmwareAdminClusters.listEffectiveTags

gkeonprem.vmwareAdminClusters.listTagBindings

gkeonprem.vmwareClusters.createTagBinding

gkeonprem.vmwareClusters.deleteTagBinding

gkeonprem.vmwareClusters.listEffectiveTags

gkeonprem.vmwareClusters.listTagBindings

iam.roles.createTagBinding

iam.roles.deleteTagBinding

iam.roles.listEffectiveTags

iam.roles.listTagBindings

iam.serviceAccounts.createTagBinding

iam.serviceAccounts.deleteTagBinding

iam.serviceAccounts.listEffectiveTags

iam.serviceAccounts.listTagBindings

logging.buckets.createTagBinding

logging.buckets.deleteTagBinding

logging.buckets.listEffectiveTags

logging.buckets.listTagBindings

managedidentities.domains.createTagBinding

managedidentities.domains.deleteTagBinding

managedidentities.domains.listEffectiveTags

managedidentities.domains.listTagBindings

memcache.instances.createTagBinding

memcache.instances.deleteTagBinding

memcache.instances.listEffectiveTags

memcache.instances.listTagBindings

metastore.federations.createTagBinding

metastore.federations.deleteTagBinding

metastore.federations.listEffectiveTags

metastore.federations.listTagBindings

metastore.services.createTagBinding

metastore.services.deleteTagBinding

metastore.services.listEffectiveTags

metastore.services.listTagBindings

monitoring.alertPolicies.createTagBinding

monitoring.alertPolicies.deleteTagBinding

monitoring.alertPolicies.listEffectiveTags

monitoring.alertPolicies.listTagBindings

monitoring.dashboards.createTagBinding

monitoring.dashboards.deleteTagBinding

monitoring.dashboards.listEffectiveTags

monitoring.dashboards.listTagBindings

privateca.caPools.createTagBinding

privateca.caPools.deleteTagBinding

privateca.caPools.listEffectiveTags

privateca.caPools.listTagBindings

privateca.certificateTemplates.createTagBinding

privateca.certificateTemplates.deleteTagBinding

privateca.certificateTemplates.listEffectiveTags

privateca.certificateTemplates.listTagBindings

pubsub.snapshots.createTagBinding

pubsub.snapshots.deleteTagBinding

pubsub.snapshots.listEffectiveTags

pubsub.snapshots.listTagBindings

pubsub.subscriptions.createTagBinding

pubsub.subscriptions.deleteTagBinding

pubsub.subscriptions.listEffectiveTags

pubsub.subscriptions.listTagBindings

pubsub.topics.createTagBinding

pubsub.topics.deleteTagBinding

pubsub.topics.listEffectiveTags

pubsub.topics.listTagBindings

recaptchaenterprise.keys.createTagBinding

recaptchaenterprise.keys.deleteTagBinding

recaptchaenterprise.keys.listEffectiveTags

recaptchaenterprise.keys.listTagBindings

redis.instances.createTagBinding

redis.instances.deleteTagBinding

redis.instances.listEffectiveTags

redis.instances.listTagBindings

resourcemanager.hierarchyNodes.*

  • resourcemanager.hierarchyNodes.createTagBinding
  • resourcemanager.hierarchyNodes.deleteTagBinding
  • resourcemanager.hierarchyNodes.listEffectiveTags
  • resourcemanager.hierarchyNodes.listTagBindings

resourcemanager.projects.get

resourcemanager.tagKeys.get

resourcemanager.tagKeys.list

resourcemanager.tagValueBindings.*

  • resourcemanager.tagValueBindings.create
  • resourcemanager.tagValueBindings.delete

resourcemanager.tagValues.get

resourcemanager.tagValues.list

run.jobs.createTagBinding

run.jobs.deleteTagBinding

run.jobs.listEffectiveTags

run.jobs.listTagBindings

run.services.createTagBinding

run.services.deleteTagBinding

run.services.listEffectiveTags

run.services.listTagBindings

secretmanager.secrets.createTagBinding

secretmanager.secrets.deleteTagBinding

secretmanager.secrets.listEffectiveTags

secretmanager.secrets.listTagBindings

spanner.instances.createTagBinding

spanner.instances.deleteTagBinding

spanner.instances.listEffectiveTags

spanner.instances.listTagBindings

storage.buckets.createTagBinding

storage.buckets.deleteTagBinding

storage.buckets.listEffectiveTags

storage.buckets.listTagBindings

transcoder.jobTemplates.createTagBinding

transcoder.jobTemplates.deleteTagBinding

transcoder.jobTemplates.listEffectiveTags

transcoder.jobTemplates.listTagBindings

transcoder.jobs.createTagBinding

transcoder.jobs.deleteTagBinding

transcoder.jobs.listEffectiveTags

transcoder.jobs.listTagBindings

vmwareengine.networkPeerings.createTagBinding

vmwareengine.networkPeerings.deleteTagBinding

vmwareengine.networkPeerings.listEffectiveTags

vmwareengine.networkPeerings.listTagBindings

vmwareengine.networkPolicies.createTagBinding

vmwareengine.networkPolicies.deleteTagBinding

vmwareengine.networkPolicies.listEffectiveTags

vmwareengine.networkPolicies.listTagBindings

vmwareengine.privateClouds.createTagBinding

vmwareengine.privateClouds.deleteTagBinding

vmwareengine.privateClouds.listEffectiveTags

vmwareengine.privateClouds.listTagBindings

vmwareengine.privateConnections.createTagBinding

vmwareengine.privateConnections.deleteTagBinding

vmwareengine.privateConnections.listEffectiveTags

vmwareengine.privateConnections.listTagBindings

vmwareengine.vmwareEngineNetworks.createTagBinding

vmwareengine.vmwareEngineNetworks.deleteTagBinding

vmwareengine.vmwareEngineNetworks.listEffectiveTags

vmwareengine.vmwareEngineNetworks.listTagBindings

workflows.workflows.createTagBinding

workflows.workflows.deleteTagBinding

workflows.workflows.listEffectiveTags

workflows.workflows.listTagBindings

workstations.workstationClusters.createTagBinding

workstations.workstationClusters.deleteTagBinding

workstations.workstationClusters.listEffectiveTags

workstations.workstationClusters.listTagBindings

(roles/resourcemanager.tagViewer)

Access to list Tags and their associations with resources

alloydb.backups.listEffectiveTags

alloydb.backups.listTagBindings

alloydb.clusters.listEffectiveTags

alloydb.clusters.listTagBindings

apigateway.apis.listEffectiveTags

apigateway.apis.listTagBindings

apigateway.gateways.listEffectiveTags

apigateway.gateways.listTagBindings

apihub.apis.listEffectiveTags

apihub.apis.listTagBindings

apihub.deployments.listEffectiveTags

apihub.deployments.listTagBindings

artifactregistry.repositories.listEffectiveTags

artifactregistry.repositories.listTagBindings

beyondcorp.appConnections.listEffectiveTags

beyondcorp.appConnections.listTagBindings

beyondcorp.appConnectors.listEffectiveTags

beyondcorp.appConnectors.listTagBindings

beyondcorp.appGateways.listEffectiveTags

beyondcorp.appGateways.listTagBindings

bigquery.datasets.listEffectiveTags

bigquery.datasets.listTagBindings

bigquery.tables.listEffectiveTags

bigquery.tables.listTagBindings

bigtable.authorizedViews.listEffectiveTags

bigtable.authorizedViews.listTagBindings

bigtable.instances.listEffectiveTags

bigtable.instances.listTagBindings

certificatemanager.certissuanceconfigs.listEffectiveTags

certificatemanager.certissuanceconfigs.listTagBindings

certificatemanager.certmapentries.listEffectiveTags

certificatemanager.certmapentries.listTagBindings

certificatemanager.certmaps.listEffectiveTags

certificatemanager.certmaps.listTagBindings

certificatemanager.certs.listEffectiveTags

certificatemanager.certs.listTagBindings

certificatemanager.dnsauthorizations.listEffectiveTags

certificatemanager.dnsauthorizations.listTagBindings

certificatemanager.trustconfigs.listEffectiveTags

certificatemanager.trustconfigs.listTagBindings

clouddeploy.deliveryPipelines.listEffectiveTags

clouddeploy.deliveryPipelines.listTagBindings

clouddeploy.targets.listEffectiveTags

clouddeploy.targets.listTagBindings

cloudkms.keyRings.listEffectiveTags

cloudkms.keyRings.listTagBindings

cloudsql.instances.listEffectiveTags

cloudsql.instances.listTagBindings

compute.addresses.listEffectiveTags

compute.addresses.listTagBindings

compute.backendBuckets.listEffectiveTags

compute.backendBuckets.listTagBindings

compute.backendServices.listEffectiveTags

compute.backendServices.listTagBindings

compute.commitments.listEffectiveTags

compute.commitments.listTagBindings

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.externalVpnGateways.listEffectiveTags

compute.externalVpnGateways.listTagBindings

compute.firewallPolicies.listEffectiveTags

compute.firewallPolicies.listTagBindings

compute.firewalls.listEffectiveTags

compute.firewalls.listTagBindings

compute.forwardingRules.listEffectiveTags

compute.forwardingRules.listTagBindings

compute.futureReservations.listEffectiveTags

compute.futureReservations.listTagBindings

compute.globalAddresses.listEffectiveTags

compute.globalAddresses.listTagBindings

compute.globalForwardingRules.listEffectiveTags

compute.globalForwardingRules.listTagBindings

compute.globalNetworkEndpointGroups.listEffectiveTags

compute.globalNetworkEndpointGroups.listTagBindings

compute.healthChecks.listEffectiveTags

compute.healthChecks.listTagBindings

compute.httpHealthChecks.listEffectiveTags

compute.httpHealthChecks.listTagBindings

compute.httpsHealthChecks.listEffectiveTags

compute.httpsHealthChecks.listTagBindings

compute.images.listEffectiveTags

compute.images.listTagBindings

compute.instanceGroupManagers.listEffectiveTags

compute.instanceGroupManagers.listTagBindings

compute.instanceGroups.listEffectiveTags

compute.instanceGroups.listTagBindings

compute.instances.listEffectiveTags

compute.instances.listTagBindings

compute.instantSnapshots.listEffectiveTags

compute.instantSnapshots.listTagBindings

compute.interconnectAttachments.listEffectiveTags

compute.interconnectAttachments.listTagBindings

compute.interconnects.listEffectiveTags

compute.interconnects.listTagBindings

compute.licenses.listEffectiveTags

compute.licenses.listTagBindings

compute.machineImages.listEffectiveTags

compute.machineImages.listTagBindings

compute.networkAttachments.listEffectiveTags

compute.networkAttachments.listTagBindings

compute.networkEdgeSecurityServices.listEffectiveTags

compute.networkEdgeSecurityServices.listTagBindings

compute.networkEndpointGroups.listEffectiveTags

compute.networkEndpointGroups.listTagBindings

compute.networks.listEffectiveTags

compute.networks.listTagBindings

compute.packetMirrorings.listEffectiveTags

compute.packetMirrorings.listTagBindings

compute.publicDelegatedPrefixes.listEffectiveTags

compute.publicDelegatedPrefixes.listTagBindings

compute.regionBackendBuckets.listEffectiveTags

compute.regionBackendBuckets.listTagBindings

compute.regionBackendServices.listEffectiveTags

compute.regionBackendServices.listTagBindings

compute.regionFirewallPolicies.listEffectiveTags

compute.regionFirewallPolicies.listTagBindings

compute.regionHealthChecks.listEffectiveTags

compute.regionHealthChecks.listTagBindings

compute.regionNetworkEndpointGroups.listEffectiveTags

compute.regionNetworkEndpointGroups.listTagBindings

compute.regionSecurityPolicies.listEffectiveTags

compute.regionSecurityPolicies.listTagBindings

compute.regionSslCertificates.listEffectiveTags

compute.regionSslCertificates.listTagBindings

compute.regionSslPolicies.listEffectiveTags

compute.regionSslPolicies.listTagBindings

compute.regionTargetHttpProxies.listEffectiveTags

compute.regionTargetHttpProxies.listTagBindings

compute.regionTargetHttpsProxies.listEffectiveTags

compute.regionTargetHttpsProxies.listTagBindings

compute.regionTargetTcpProxies.listEffectiveTags

compute.regionTargetTcpProxies.listTagBindings

compute.regionUrlMaps.listEffectiveTags

compute.regionUrlMaps.listTagBindings

compute.reservations.listEffectiveTags

compute.reservations.listTagBindings

compute.routers.listEffectiveTags

compute.routers.listTagBindings

compute.routes.listEffectiveTags

compute.routes.listTagBindings

compute.securityPolicies.listEffectiveTags

compute.securityPolicies.listTagBindings

compute.serviceAttachments.listEffectiveTags

compute.serviceAttachments.listTagBindings

compute.snapshots.listEffectiveTags

compute.snapshots.listTagBindings

compute.sslCertificates.listEffectiveTags

compute.sslCertificates.listTagBindings

compute.sslPolicies.listEffectiveTags

compute.sslPolicies.listTagBindings

compute.storagePools.listEffectiveTags

compute.storagePools.listTagBindings

compute.subnetworks.listEffectiveTags

compute.subnetworks.listTagBindings

compute.targetGrpcProxies.listEffectiveTags

compute.targetGrpcProxies.listTagBindings

compute.targetHttpProxies.listEffectiveTags

compute.targetHttpProxies.listTagBindings

compute.targetHttpsProxies.listEffectiveTags

compute.targetHttpsProxies.listTagBindings

compute.targetInstances.listEffectiveTags

compute.targetInstances.listTagBindings

compute.targetPools.listEffectiveTags

compute.targetPools.listTagBindings

compute.targetSslProxies.listEffectiveTags

compute.targetSslProxies.listTagBindings

compute.targetTcpProxies.listEffectiveTags

compute.targetTcpProxies.listTagBindings

compute.targetVpnGateways.listEffectiveTags

compute.targetVpnGateways.listTagBindings

compute.urlMaps.listEffectiveTags

compute.urlMaps.listTagBindings

compute.vpnGateways.listEffectiveTags

compute.vpnGateways.listTagBindings

compute.vpnTunnels.listEffectiveTags

compute.vpnTunnels.listTagBindings

container.clusters.listEffectiveTags

container.clusters.listTagBindings

datafusion.instances.listEffectiveTags

datafusion.instances.listTagBindings

datamigration.connectionProfiles.listEffectiveTags

datamigration.connectionProfiles.listTagBindings

datamigration.migrationJobs.listEffectiveTags

datamigration.migrationJobs.listTagBindings

datamigration.privateConnections.listEffectiveTags

datamigration.privateConnections.listTagBindings

datastore.databases.listEffectiveTags

datastore.databases.listTagBindings

datastream.connectionProfiles.listEffectiveTags

datastream.connectionProfiles.listTagBindings

datastream.privateConnections.listEffectiveTags

datastream.privateConnections.listTagBindings

datastream.streams.listEffectiveTags

datastream.streams.listTagBindings

dns.policies.listEffectiveTags

dns.policies.listTagBindings

domains.registrations.listEffectiveTags

domains.registrations.listTagBindings

file.backups.listEffectiveTags

file.backups.listTagBindings

file.instances.listEffectiveTags

file.instances.listTagBindings

file.snapshots.listEffectiveTags

file.snapshots.listTagBindings

gkemulticloud.attachedClusters.listEffectiveTags

gkemulticloud.attachedClusters.listTagBindings

gkeonprem.bareMetalAdminClusters.listEffectiveTags

gkeonprem.bareMetalAdminClusters.listTagBindings

gkeonprem.bareMetalClusters.listEffectiveTags

gkeonprem.bareMetalClusters.listTagBindings

gkeonprem.vmwareAdminClusters.listEffectiveTags

gkeonprem.vmwareAdminClusters.listTagBindings

gkeonprem.vmwareClusters.listEffectiveTags

gkeonprem.vmwareClusters.listTagBindings

iam.roles.listEffectiveTags

iam.roles.listTagBindings

iam.serviceAccounts.listEffectiveTags

iam.serviceAccounts.listTagBindings

logging.buckets.listEffectiveTags

logging.buckets.listTagBindings

managedidentities.domains.listEffectiveTags

managedidentities.domains.listTagBindings

memcache.instances.listEffectiveTags

memcache.instances.listTagBindings

metastore.federations.listEffectiveTags

metastore.federations.listTagBindings

metastore.services.listEffectiveTags

metastore.services.listTagBindings

monitoring.alertPolicies.listEffectiveTags

monitoring.alertPolicies.listTagBindings

monitoring.dashboards.listEffectiveTags

monitoring.dashboards.listTagBindings

privateca.caPools.listEffectiveTags

privateca.caPools.listTagBindings

privateca.certificateTemplates.listEffectiveTags

privateca.certificateTemplates.listTagBindings

pubsub.snapshots.listEffectiveTags

pubsub.snapshots.listTagBindings

pubsub.subscriptions.listEffectiveTags

pubsub.subscriptions.listTagBindings

pubsub.topics.listEffectiveTags

pubsub.topics.listTagBindings

recaptchaenterprise.keys.listEffectiveTags

recaptchaenterprise.keys.listTagBindings

redis.instances.listEffectiveTags

redis.instances.listTagBindings

resourcemanager.hierarchyNodes.listEffectiveTags

resourcemanager.hierarchyNodes.listTagBindings

resourcemanager.tagHolds.list

resourcemanager.tagKeys.get

resourcemanager.tagKeys.list

resourcemanager.tagValues.get

resourcemanager.tagValues.list

run.jobs.listEffectiveTags

run.jobs.listTagBindings

run.services.listEffectiveTags

run.services.listTagBindings

secretmanager.secrets.listEffectiveTags

secretmanager.secrets.listTagBindings

spanner.instances.listEffectiveTags

spanner.instances.listTagBindings

storage.buckets.listEffectiveTags

storage.buckets.listTagBindings

transcoder.jobTemplates.listEffectiveTags

transcoder.jobTemplates.listTagBindings

transcoder.jobs.listEffectiveTags

transcoder.jobs.listTagBindings

vmwareengine.networkPeerings.listEffectiveTags

vmwareengine.networkPeerings.listTagBindings

vmwareengine.networkPolicies.listEffectiveTags

vmwareengine.networkPolicies.listTagBindings

vmwareengine.privateClouds.listEffectiveTags

vmwareengine.privateClouds.listTagBindings

vmwareengine.privateConnections.listEffectiveTags

vmwareengine.privateConnections.listTagBindings

vmwareengine.vmwareEngineNetworks.listEffectiveTags

vmwareengine.vmwareEngineNetworks.listTagBindings

workflows.workflows.listEffectiveTags

workflows.workflows.listTagBindings

workstations.workstationClusters.listEffectiveTags

workstations.workstationClusters.listTagBindings

(roles/resourcemanager.folderCreator)

Provides permissions needed to browse the hierarchy and create folders.

Lowest-level resources where you can grant this role:

  • Folder

essentialcontacts.contacts.get

essentialcontacts.contacts.list

orgpolicy.constraints.list

orgpolicy.policies.list

orgpolicy.policy.get

resourcemanager.capabilities.get

resourcemanager.folders.create

resourcemanager.folders.get

resourcemanager.folders.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/resourcemanager.folderEditor)

Provides permission to modify folders as well as to view a folder's allow policy.

Lowest-level resources where you can grant this role:

  • Folder

essentialcontacts.contacts.get

essentialcontacts.contacts.list

orgpolicy.constraints.list

orgpolicy.policies.list

orgpolicy.policy.get

resourcemanager.capabilities.*

  • resourcemanager.capabilities.get
  • resourcemanager.capabilities.update

resourcemanager.folders.delete

resourcemanager.folders.get

resourcemanager.folders.getIamPolicy

resourcemanager.folders.list

resourcemanager.folders.searchPolicyBindings

resourcemanager.folders.undelete

resourcemanager.folders.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/resourcemanager.folderIamAdmin)

Provides permissions to administer allow policies on folders.

Lowest-level resources where you can grant this role:

  • Folder

iam.policybindings.*

  • iam.policybindings.get
  • iam.policybindings.list

resourcemanager.folders.createPolicyBinding

resourcemanager.folders.deletePolicyBinding

resourcemanager.folders.get

resourcemanager.folders.getIamPolicy

resourcemanager.folders.searchPolicyBindings

resourcemanager.folders.setIamPolicy

resourcemanager.folders.updatePolicyBinding

(roles/resourcemanager.folderMover)

Provides permission to move projects and folders into and out of a parent organization or folder.

Lowest-level resources where you can grant this role:

  • Folder

resourcemanager.folders.move

resourcemanager.projects.move

(roles/resourcemanager.folderViewer)

Provides permission to get a folder and list the folders and projects below a resource.

Lowest-level resources where you can grant this role:

  • Folder

essentialcontacts.contacts.get

essentialcontacts.contacts.list

orgpolicy.constraints.list

orgpolicy.policies.list

orgpolicy.policy.get

resourcemanager.capabilities.get

resourcemanager.folders.get

resourcemanager.folders.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/resourcemanager.lienModifier)

Provides access to modify Liens on projects.

Lowest-level resources where you can grant this role:

  • Project

resourcemanager.projects.updateLiens

(roles/resourcemanager.organizationViewer)

Provides access to view an organization.

Lowest-level resources where you can grant this role:

  • Organization

resourcemanager.organizations.get

(roles/resourcemanager.projectCreator)

Provides access to create new projects. Once a user creates a project, they're automatically granted the owner role for that project.

Lowest-level resources where you can grant this role:

  • Folder

resourcemanager.organizations.get

resourcemanager.projects.create

(roles/resourcemanager.projectDeleter)

Provides access to delete Google Cloud projects.

Lowest-level resources where you can grant this role:

  • Project

resourcemanager.projects.delete

(roles/resourcemanager.tagHoldAdmin)

Access to create, delete and list TagHolds under a TagValue

resourcemanager.tagHolds.*

  • resourcemanager.tagHolds.create
  • resourcemanager.tagHolds.delete
  • resourcemanager.tagHolds.list

Resource Manager permissions

Permission Included in roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Folder Admin (roles/resourcemanager.folderAdmin)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Support User (roles/iam.supportUser)

Folder Creator (roles/resourcemanager.folderCreator)

Folder Editor (roles/resourcemanager.folderEditor)

Folder Viewer (roles/resourcemanager.folderViewer)

Owner (roles/owner)

Editor (roles/editor)

Folder Admin (roles/resourcemanager.folderAdmin)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Folder Editor (roles/resourcemanager.folderEditor)

Assured Workloads Administrator (roles/assuredworkloads.admin)

Assured Workloads Editor (roles/assuredworkloads.editor)

Folder Admin (roles/resourcemanager.folderAdmin)

Folder Creator (roles/resourcemanager.folderCreator)

Service agent roles

Owner (roles/owner)

Folder Admin (roles/resourcemanager.folderAdmin)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Folder IAM Admin (roles/resourcemanager.folderIamAdmin)

Folder Admin (roles/resourcemanager.folderAdmin)

Folder Editor (roles/resourcemanager.folderEditor)

Service agent roles

Owner (roles/owner)

Folder Admin (roles/resourcemanager.folderAdmin)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Folder IAM Admin (roles/resourcemanager.folderIamAdmin)

Assured Workloads Administrator (roles/assuredworkloads.admin)

Assured Workloads Editor (roles/assuredworkloads.editor)

Audit Manager Admin (roles/auditmanager.admin)

Capacity Planner Viewer (roles/capacityplanner.viewer)

Catalog Admin (roles/cloudprivatecatalogproducer.admin)

Folder Admin (roles/resourcemanager.folderAdmin)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Security Center Admin (roles/securitycenter.admin)

Service Management Administrator (roles/servicemanagement.admin)

App Management Viewer (roles/apphub.appManagementViewer)

Assured Workloads Reader (roles/assuredworkloads.reader)

Audit Manager Auditor (roles/auditmanager.auditor)

Browser (roles/browser)

Capacity Planner (roles/capacityplanner.planner)

Cloud Hub Operator (roles/cloudhub.operator)

Catalog Manager (roles/cloudprivatecatalogproducer.manager)

Catalog Org Admin (roles/cloudprivatecatalogproducer.orgAdmin)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Model Armor Floor Setting Admin (roles/modelarmor.floorSettingsAdmin)

Model Armor Floor Setting Viewer (roles/modelarmor.floorSettingsViewer)

Folder Creator (roles/resourcemanager.folderCreator)

Folder Editor (roles/resourcemanager.folderEditor)

Folder IAM Admin (roles/resourcemanager.folderIamAdmin)

Folder Viewer (roles/resourcemanager.folderViewer)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Security Center Assets Viewer (roles/securitycenter.assetsViewer)

Security Center BigQuery Exports Editor (roles/securitycenter.bigQueryExportsEditor)

Security Center BigQuery Exports Viewer (roles/securitycenter.bigQueryExportsViewer)

Security Center Findings Editor (roles/securitycenter.findingsEditor)

Security Center Findings Viewer (roles/securitycenter.findingsViewer)

Security Center Settings Admin (roles/securitycenter.settingsAdmin)

Security Center Settings Editor (roles/securitycenter.settingsEditor)

Security Center Settings Viewer (roles/securitycenter.settingsViewer)

Service agent roles

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Folder Admin (roles/resourcemanager.folderAdmin)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Folder Editor (roles/resourcemanager.folderEditor)

Folder IAM Admin (roles/resourcemanager.folderIamAdmin)

Service agent roles

Assured Workloads Administrator (roles/assuredworkloads.admin)

Assured Workloads Editor (roles/assuredworkloads.editor)

Audit Manager Admin (roles/auditmanager.admin)

Catalog Admin (roles/cloudprivatecatalogproducer.admin)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Folder Admin (roles/resourcemanager.folderAdmin)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Security Center Admin (roles/securitycenter.admin)

Service Management Administrator (roles/servicemanagement.admin)

App Management Viewer (roles/apphub.appManagementViewer)

Assured Workloads Reader (roles/assuredworkloads.reader)

Audit Manager Auditor (roles/auditmanager.auditor)

Browser (roles/browser)

Cloud Hub Operator (roles/cloudhub.operator)

Catalog Manager (roles/cloudprivatecatalogproducer.manager)

Catalog Org Admin (roles/cloudprivatecatalogproducer.orgAdmin)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Model Armor Floor Setting Admin (roles/modelarmor.floorSettingsAdmin)

Model Armor Floor Setting Viewer (roles/modelarmor.floorSettingsViewer)

Folder Creator (roles/resourcemanager.folderCreator)

Folder Editor (roles/resourcemanager.folderEditor)

Folder Viewer (roles/resourcemanager.folderViewer)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Security Center BigQuery Exports Editor (roles/securitycenter.bigQueryExportsEditor)

Security Center BigQuery Exports Viewer (roles/securitycenter.bigQueryExportsViewer)

Security Center Settings Admin (roles/securitycenter.settingsAdmin)

Security Center Settings Editor (roles/securitycenter.settingsEditor)

Security Center Settings Viewer (roles/securitycenter.settingsViewer)

Service agent roles

Folder Admin (roles/resourcemanager.folderAdmin)

Folder Mover (roles/resourcemanager.folderMover)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Folder Admin (roles/resourcemanager.folderAdmin)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Support User (roles/iam.supportUser)

Folder Editor (roles/resourcemanager.folderEditor)

Folder IAM Admin (roles/resourcemanager.folderIamAdmin)

Security Admin (roles/iam.securityAdmin)

Folder Admin (roles/resourcemanager.folderAdmin)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Folder IAM Admin (roles/resourcemanager.folderIamAdmin)

Service agent roles

Folder Admin (roles/resourcemanager.folderAdmin)

Folder Editor (roles/resourcemanager.folderEditor)

Folder Admin (roles/resourcemanager.folderAdmin)

Folder Editor (roles/resourcemanager.folderEditor)

Service agent roles

Owner (roles/owner)

Folder Admin (roles/resourcemanager.folderAdmin)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Folder IAM Admin (roles/resourcemanager.folderIamAdmin)

Owner (roles/owner)

Editor (roles/editor)

Folder Admin (roles/resourcemanager.folderAdmin)

Tag User (roles/resourcemanager.tagUser)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Folder Admin (roles/resourcemanager.folderAdmin)

Tag User (roles/resourcemanager.tagUser)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Firebase Admin (roles/firebase.admin)

Folder Admin (roles/resourcemanager.folderAdmin)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

Storage Admin (roles/storage.admin)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Firebase Develop Admin (roles/firebase.developAdmin)

Databases Admin (roles/iam.databasesAdmin)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Folder Admin (roles/resourcemanager.folderAdmin)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Service agent roles

Owner (roles/owner)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Owner (roles/owner)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Access Context Manager Admin (roles/accesscontextmanager.policyAdmin)

Advisory Notifications Admin (roles/advisorynotifications.admin)

Advisory Notifications Viewer (roles/advisorynotifications.viewer)

Assured OSS Admin (roles/assuredoss.admin)

Assured Workloads Administrator (roles/assuredworkloads.admin)

Assured Workloads Editor (roles/assuredworkloads.editor)

Audit Manager Admin (roles/auditmanager.admin)

Access Transparency Admin (roles/axt.admin)

Beyondcorp Editor (roles/beyondcorp.editor)

Cloud BeyondCorp Viewer (roles/beyondcorp.viewer)

Capacity Planner Viewer (roles/capacityplanner.viewer)

Chronicle API Admin (roles/chronicle.admin)

Catalog Admin (roles/cloudprivatecatalogproducer.admin)

Support Account Administrator (roles/cloudsupport.admin)

Commerce Business Enablement Configuration Admin (roles/commercebusinessenablement.admin)

Commerce Business Enablement Configuration Viewer (roles/commercebusinessenablement.viewer)

Data Security Posture Management Admin (roles/dspm.admin)

Data Security Posture Management Viewer (roles/dspm.viewer)

Network Management Admin (roles/networkmanagement.admin)

Networkmanagement Editor (roles/networkmanagement.editor)

Network Management Viewer (roles/networkmanagement.viewer)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Security Center Admin (roles/securitycenter.admin)

Security Center Management Admin (roles/securitycentermanagement.admin)

Securitycentermanagement Editor (roles/securitycentermanagement.editor)

Security Center Management Viewer (roles/securitycentermanagement.viewer)

Security Posture Admin (roles/securityposture.admin)

Security Posture Viewer (roles/securityposture.viewer)

Service Management Administrator (roles/servicemanagement.admin)

Access Context Manager Editor (roles/accesscontextmanager.policyEditor)

Access Context Manager Reader (roles/accesscontextmanager.policyReader)

VPC Service Controls Troubleshooter Viewer (roles/accesscontextmanager.vpcScTroubleshooterViewer)

Assured OSS Project Admin (roles/assuredoss.projectAdmin)

Assured OSS Reader (roles/assuredoss.reader)

Assured OSS User (roles/assuredoss.user)

Assured Workloads Reader (roles/assuredworkloads.reader)

Audit Manager Auditor (roles/auditmanager.auditor)

Custom Compliance Framework Admin (roles/auditmanager.ccfAdmin)

Custom Compliance Framework Viewer (roles/auditmanager.ccfViewer)

Cloud BeyondCorp Subscription Admin (roles/beyondcorp.subscriptionAdmin)

Cloud BeyondCorp Subscription Viewer (roles/beyondcorp.subscriptionViewer)

Billing Account Creator (roles/billing.creator)

Browser (roles/browser)

Capacity Planner (roles/capacityplanner.planner)

Chronicle SOAR Admin (roles/chronicle.soarAdmin)

Chronicle SOAR Threat Manager (roles/chronicle.soarThreatManager)

Chronicle SOAR Vulnerability Manager (roles/chronicle.soarVulnerabilityManager)

Cloud Hub Operator (roles/cloudhub.operator)

Catalog Manager (roles/cloudprivatecatalogproducer.manager)

Catalog Org Admin (roles/cloudprivatecatalogproducer.orgAdmin)

Commerce Business Enablement Reseller Discount Admin (roles/commercebusinessenablement.resellerDiscountAdmin)

Commerce Business Enablement Reseller Discount Viewer (roles/commercebusinessenablement.resellerDiscountViewer)

Compute Shared VPC Admin (roles/compute.xpnAdmin)

DataCatalog Migration Config Admin (roles/datacatalog.migrationConfigAdmin)

DataCatalog Search Admin (roles/datacatalog.searchAdmin)

Network Administrator (roles/iam.networkAdmin)

Organization Role Administrator (roles/iam.organizationRoleAdmin)

Organization Role Viewer (roles/iam.organizationRoleViewer)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Model Armor Floor Setting Admin (roles/modelarmor.floorSettingsAdmin)

Model Armor Floor Setting Viewer (roles/modelarmor.floorSettingsViewer)

Cloud Network Insights Admin (roles/networkmanagement.CloudNetworkInsightsAdmin)

Cloud Network Insights Editor (roles/networkmanagement.CloudNetworkInsightsEditor)

Cloud Network Insights Viewer (roles/networkmanagement.CloudNetworkInsightsViewer)

OrgPolicy Simulator Admin (roles/policysimulator.orgPolicyAdmin)

Organization Viewer (roles/resourcemanager.organizationViewer)

Project Creator (roles/resourcemanager.projectCreator)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Security Center Assets Viewer (roles/securitycenter.assetsViewer)

Security Center BigQuery Exports Editor (roles/securitycenter.bigQueryExportsEditor)

Security Center BigQuery Exports Viewer (roles/securitycenter.bigQueryExportsViewer)

Security Center Findings Editor (roles/securitycenter.findingsEditor)

Security Center Findings Viewer (roles/securitycenter.findingsViewer)

Security Center Settings Admin (roles/securitycenter.settingsAdmin)

Security Center Settings Editor (roles/securitycenter.settingsEditor)

Security Center Settings Viewer (roles/securitycenter.settingsViewer)

Security Center Sources Admin (roles/securitycenter.sourcesAdmin)

Security Center Sources Editor (roles/securitycenter.sourcesEditor)

Security Center Sources Viewer (roles/securitycenter.sourcesViewer)

Security Center Management Custom Modules Editor (roles/securitycentermanagement.customModulesEditor)

Security Center Management Custom Modules Viewer (roles/securitycentermanagement.customModulesViewer)

Security Center Management Custom ETD Modules Editor (roles/securitycentermanagement.etdCustomModulesEditor)

Security Center Management ETD Custom Modules Viewer (roles/securitycentermanagement.etdCustomModulesViewer)

Security Center Management Settings Editor (roles/securitycentermanagement.settingsEditor)

Security Center Management Settings Viewer (roles/securitycentermanagement.settingsViewer)

Security Center Management SHA Custom Modules Editor (roles/securitycentermanagement.shaCustomModulesEditor)

Security Center Management SHA Custom Modules Viewer (roles/securitycentermanagement.shaCustomModulesViewer)

Security Posture Deployer (roles/securityposture.postureDeployer)

Security Posture Deployments Viewer (roles/securityposture.postureDeploymentsViewer)

Security Posture Resource Viewer (roles/securityposture.postureViewer)

Quota Administrator (roles/servicemanagement.quotaAdmin)

Service agent roles

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Organization Role Administrator (roles/iam.organizationRoleAdmin)

Organization Role Viewer (roles/iam.organizationRoleViewer)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Support User (roles/iam.supportUser)

Security Admin (roles/iam.securityAdmin)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Service agent roles

Owner (roles/owner)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Assured Workloads Administrator (roles/assuredworkloads.admin)

Assured Workloads Editor (roles/assuredworkloads.editor)

Project Creator (roles/resourcemanager.projectCreator)

Service agent roles

Owner (roles/owner)

Billing Account Administrator (roles/billing.admin)

Project Billing Manager (roles/billing.projectManager)

Service agent roles

Owner (roles/owner)

Folder Admin (roles/resourcemanager.folderAdmin)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Project IAM Admin (roles/resourcemanager.projectIamAdmin)

Owner (roles/owner)

Project Deleter (roles/resourcemanager.projectDeleter)

Service agent roles

Owner (roles/owner)

Billing Account Administrator (roles/billing.admin)

Project Billing Manager (roles/billing.projectManager)

Service agent roles

Owner (roles/owner)

Folder Admin (roles/resourcemanager.folderAdmin)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Project IAM Admin (roles/resourcemanager.projectIamAdmin)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Accessapproval Admin (roles/accessapproval.admin)

Accessapproval Editor (roles/accessapproval.editor)

Access Approval Viewer (roles/accessapproval.viewer)

Access Context Manager Admin (roles/accesscontextmanager.policyAdmin)

Actions Admin (roles/actions.Admin)

Actions Viewer (roles/actions.Viewer)

Advisory Notifications Admin (roles/advisorynotifications.admin)

Advisory Notifications Viewer (roles/advisorynotifications.viewer)

Vertex AI Administrator (roles/aiplatform.admin)

Vertex AI Viewer (roles/aiplatform.viewer)

AlloyDB Admin (roles/alloydb.admin)

Alloydb Editor (roles/alloydb.editor)

AlloyDB Viewer (roles/alloydb.viewer)

Analytics Hub Admin (roles/analyticshub.admin)

Analyticshub Editor (roles/analyticshub.editor)

Analytics Hub Viewer (roles/analyticshub.viewer)

Androidmanagement Admin (roles/androidmanagement.admin)

ApiGateway Admin (roles/apigateway.admin)

Apigateway Editor (roles/apigateway.editor)

ApiGateway Viewer (roles/apigateway.viewer)

Apigee Organization Admin (roles/apigee.admin)

Apigee API Admin (roles/apigee.apiAdminV2)

Apigee Editor (roles/apigee.editor)

Apigee Viewer (roles/apigee.viewer)

Apigeeconnect Viewer (roles/apigeeconnect.viewer)

Cloud Apigee Registry Admin (roles/apigeeregistry.admin)

Cloud Apigee Registry Editor (roles/apigeeregistry.editor)

Cloud Apigee Registry Viewer (roles/apigeeregistry.viewer)

Cloud API Hub Admin (roles/apihub.admin)

Cloud API Hub Editor (roles/apihub.editor)

Cloud API hub Viewer (roles/apihub.viewer)

API Management Admin (roles/apim.admin)

API Management Viewer (roles/apim.viewer)

App Engine Admin (roles/appengine.appAdmin)

App Hub Admin (roles/apphub.admin)

App Hub Editor (roles/apphub.editor)

App Hub Viewer (roles/apphub.viewer)

App Topology Viewer (roles/apptopology.viewer)

Artifact Registry Administrator (roles/artifactregistry.admin)

Artifact Registry Repository Administrator (roles/artifactregistry.repoAdmin)

Assured OSS Admin (roles/assuredoss.admin)

Assuredoss Editor (roles/assuredoss.editor)

Assuredoss Viewer (roles/assuredoss.viewer)

Assured Workloads Administrator (roles/assuredworkloads.admin)

Assured Workloads Editor (roles/assuredworkloads.editor)

Audit Manager Admin (roles/auditmanager.admin)

AutoML Admin (roles/automl.admin)

AutoML Editor (roles/automl.editor)

AutoML Viewer (roles/automl.viewer)

Recommendations AI Admin (roles/automlrecommendations.admin)

Recommendations AI Editor (roles/automlrecommendations.editor)

Recommendations AI Viewer (roles/automlrecommendations.viewer)

Autoscaling Admin (roles/autoscaling.admin)

Autoscaling Editor (roles/autoscaling.editor)

Autoscaling Viewer (roles/autoscaling.viewer)

Access Transparency Admin (roles/axt.admin)

Backup and DR Admin (roles/backupdr.admin)

Backupdr Editor (roles/backupdr.editor)

Backup and DR Viewer (roles/backupdr.viewer)

Bare Metal Solution Admin (roles/baremetalsolution.admin)

Bare Metal Solution Editor (roles/baremetalsolution.editor)

Bare Metal Solution Viewer (roles/baremetalsolution.viewer)

Batch Administrator (roles/batch.admin)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

Beyondcorp Editor (roles/beyondcorp.editor)

Cloud BeyondCorp Viewer (roles/beyondcorp.viewer)

BigLake Admin (roles/biglake.admin)

BigLake Editor (roles/biglake.editor)

BigLake Viewer (roles/biglake.viewer)

BigQuery Admin (roles/bigquery.admin)

Bigquerydatapolicy Editor (roles/bigquerydatapolicy.editor)

Bigquerymigration Admin (roles/bigquerymigration.admin)

Bigtable Administrator (roles/bigtable.admin)

Bigtable Editor (roles/bigtable.editor)

Bigtable User (roles/bigtable.user)

Bigtable Viewer (roles/bigtable.viewer)

Billing Account Administrator (roles/billing.admin)

Binaryauthorization Admin (roles/binaryauthorization.admin)

Binaryauthorization Editor (roles/binaryauthorization.editor)

Binaryauthorization Viewer (roles/binaryauthorization.viewer)

Blockchain Node Engine Admin (roles/blockchainnodeengine.admin)

Blockchain Node Engine Viewer (roles/blockchainnodeengine.viewer)

Blockchain Validator Manager Admin (roles/blockchainvalidatormanager.admin)

Blockchain Validator Viewer (roles/blockchainvalidatormanager.viewer)

Capacity Planner Viewer (roles/capacityplanner.viewer)

Carestudio Admin (roles/carestudio.admin)

Care Studio Patients Viewer (roles/carestudio.viewer)

Certificatemanager Admin (roles/certificatemanager.admin)

Certificate Manager Editor (roles/certificatemanager.editor)

Certificate Manager Viewer (roles/certificatemanager.viewer)

Gemini Enterprise for Customer Experience Admin (roles/ces.admin)

Gemini Enterprise for Customer Experience Viewer (roles/ces.viewer)

Chat Admin (roles/chat.admin)

Chat Viewer (roles/chat.viewer)

Chronicle API Admin (roles/chronicle.admin)

Chronicle API Editor (roles/chronicle.editor)

Chronicle API Viewer (roles/chronicle.viewer)

Cloud Admin (roles/cloud.admin)

Cloud Viewer (roles/cloud.viewer)

Cloudbuild Admin (roles/cloudbuild.admin)

Cloud Build Service Account (roles/cloudbuild.builds.builder)

Cloudbuild Editor (roles/cloudbuild.editor)

Cloudbuild Viewer (roles/cloudbuild.viewer)

Firebase Remote Config Admin (roles/cloudconfig.admin)

Firebase Remote Config Viewer (roles/cloudconfig.viewer)

Cloudcontrolspartner Viewer (roles/cloudcontrolspartner.viewer)

Cloud Deploy Admin (roles/clouddeploy.admin)

Clouddeploy Editor (roles/clouddeploy.editor)

Cloud Deploy Viewer (roles/clouddeploy.viewer)

Cloud Functions Admin (roles/cloudfunctions.admin)

Cloudfunctions Editor (roles/cloudfunctions.editor)

Cloud Functions Viewer (roles/cloudfunctions.viewer)

Cloud Talent Solution Admin (roles/cloudjobdiscovery.admin)

Cloudjobdiscovery Viewer (roles/cloudjobdiscovery.viewer)

Cloud KMS Admin (roles/cloudkms.admin)

Cloud KMS CryptoKey Encrypter/Decrypter (roles/cloudkms.cryptoKeyEncrypterDecrypter)

Cloud KMS Viewer (roles/cloudkms.viewer)

Cloud Location Finder Admin (roles/cloudlocationfinder.admin)

Cloud Location Finder Viewer (roles/cloudlocationfinder.viewer)

Catalog Admin (roles/cloudprivatecatalogproducer.admin)

Cloudprivatecatalogproducer Editor (roles/cloudprivatecatalogproducer.editor)

Cloudprivatecatalogproducer Viewer (roles/cloudprivatecatalogproducer.viewer)

Cloudprofiler Admin (roles/cloudprofiler.admin)

Cloudprofiler Viewer (roles/cloudprofiler.viewer)

Cloud Quotas Admin (roles/cloudquotas.admin)

Cloud Quotas Viewer (roles/cloudquotas.viewer)

Cloud Scheduler Admin (roles/cloudscheduler.admin)

Cloud Scheduler Viewer (roles/cloudscheduler.viewer)

Compliance Manager Admin (roles/cloudsecuritycompliance.admin)

Compliance Manager Viewer (roles/cloudsecuritycompliance.viewer)

Web Security Scanner Editor (roles/cloudsecurityscanner.editor)

Cloud SQL Admin (roles/cloudsql.admin)

Cloud SQL Editor (roles/cloudsql.editor)

Cloud SQL Viewer (roles/cloudsql.viewer)

Cloud Tasks Admin (roles/cloudtasks.admin)

Cloudtasks Editor (roles/cloudtasks.editor)

Cloud Tasks Viewer (roles/cloudtasks.viewer)

Cloud Test Service Admin (roles/cloudtestservice.admin)

Cloud Test Service Viewer (roles/cloudtestservice.viewer)

Cloud Trace Admin (roles/cloudtrace.admin)

Cloud Trace User (roles/cloudtrace.user)

Cloud Translation API Admin (roles/cloudtranslate.admin)

Cloud Translation API Editor (roles/cloudtranslate.editor)

Cloud Translation API User (roles/cloudtranslate.user)

Cloud Translation API Viewer (roles/cloudtranslate.viewer)

Commerce Agreement Publishing Admin (roles/commerceagreementpublishing.admin)

Commerce Agreement Publishing Viewer (roles/commerceagreementpublishing.viewer)

Commerce Business Enablement Configuration Admin (roles/commercebusinessenablement.admin)

Commerce Business Enablement Configuration Viewer (roles/commercebusinessenablement.viewer)

Commerce Organization Governance Admin (roles/commerceorggovernance.admin)

Commerce Organization Governance Viewer (roles/commerceorggovernance.viewer)

Commercepricemanagement Editor (roles/commercepricemanagement.editor)

Commerce Price Management Viewer (roles/commercepricemanagement.viewer)

Commerce Producer Admin (roles/commerceproducer.admin)

Commerce Producer Viewer (roles/commerceproducer.viewer)

Composer Editor (roles/composer.editor)

Composer Viewer (roles/composer.viewer)

Compute Admin (roles/compute.admin)

Compute Editor (roles/compute.editor)

Compute Instance Admin (beta) (roles/compute.instanceAdmin)

Compute Instance Admin (v1) (roles/compute.instanceAdmin.v1)

Compute Load Balancer Admin (roles/compute.loadBalancerAdmin)

Compute Network Admin (roles/compute.networkAdmin)

Compute Network User (roles/compute.networkUser)

Compute Network Viewer (roles/compute.networkViewer)

Compute OS Admin Login (roles/compute.osAdminLogin)

Compute OS Login (roles/compute.osLogin)

Compute Security Admin (roles/compute.securityAdmin)

Compute Storage Admin (roles/compute.storageAdmin)

Compute Viewer (roles/compute.viewer)

Confidentialcomputing Admin (roles/confidentialcomputing.admin)

Confidentialcomputing Viewer (roles/confidentialcomputing.viewer)

Cloud Infrastructure Manager Admin (roles/config.admin)

Cloud Infrastructure Manager Editor (roles/config.editor)

Cloud Infrastructure Manager Viewer (roles/config.viewer)

Configdelivery Admin (roles/configdelivery.admin)

Configdelivery Viewer (roles/configdelivery.viewer)

Connector Admin (roles/connectors.admin)

Connectors Viewer (roles/connectors.viewer)

Contact Center AI Platform Admin (roles/contactcenteraiplatform.admin)

Contact Center AI Platform Viewer (roles/contactcenteraiplatform.viewer)

Kubernetes Engine Admin (roles/container.admin)

Kubernetes Engine Cluster Admin (roles/container.clusterAdmin)

Kubernetes Engine Developer (roles/container.developer)

Kubernetes Engine Editor (roles/container.editor)

Kubernetes Engine Viewer (roles/container.viewer)

Container Analysis Admin (roles/containeranalysis.admin)

Container Analysis Editor (roles/containeranalysis.editor)

Container Analysis Viewer (roles/containeranalysis.viewer)

Containersecurity Admin (roles/containersecurity.admin)

GKE Security Posture Viewer (roles/containersecurity.viewer)

Content Warehouse Admin (roles/contentwarehouse.admin)

Database Center Admin (roles/databasecenter.admin)

Database Center Viewer (roles/databasecenter.viewer)

Database Insights viewer (roles/databaseinsights.viewer)

Databasesconsole Editor (roles/databasesconsole.editor)

Databasesconsole Viewer (roles/databasesconsole.viewer)

Data Catalog Admin (roles/datacatalog.admin)

Datacatalog Editor (roles/datacatalog.editor)

Data Catalog Viewer (roles/datacatalog.viewer)

Dataconnectors Admin (roles/dataconnectors.admin)

Dataconnectors Editor (roles/dataconnectors.editor)

Dataconnectors Viewer (roles/dataconnectors.viewer)

Dataflow Admin (roles/dataflow.admin)

Dataflow Viewer (roles/dataflow.viewer)

Dataform Admin (roles/dataform.admin)

Dataform Editor (roles/dataform.editor)

Dataform Viewer (roles/dataform.viewer)

Cloud Data Fusion Admin (roles/datafusion.admin)

Cloud Data Fusion Viewer (roles/datafusion.viewer)

Data Labeling Service Admin (roles/datalabeling.admin)

Data Labeling Service Editor (roles/datalabeling.editor)

Data Labeling Service Viewer (roles/datalabeling.viewer)

Data Lineage Administrator (roles/datalineage.admin)

Data Lineage Editor (roles/datalineage.editor)

Data Lineage Viewer (roles/datalineage.viewer)

Database Migration Admin (roles/datamigration.admin)

Data pipelines Admin (roles/datapipelines.admin)

Data pipelines Viewer (roles/datapipelines.viewer)

Dataplex Administrator (roles/dataplex.admin)

Dataprep Admin (roles/dataprep.admin)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Dataproc Viewer (roles/dataproc.viewer)

Dataprocessing Editor (roles/dataprocessing.editor)

Dataprocessing Viewer (roles/dataprocessing.viewer)

Dataproc Resource Manager Admin (roles/dataprocrm.admin)

Dataproc Resource Manager Viewer (roles/dataprocrm.viewer)

Datastore Admin (roles/datastore.admin)

Datastore Editor (roles/datastore.editor)

Cloud Datastore User (roles/datastore.user)

Cloud Datastore Viewer (roles/datastore.viewer)

Datastream Admin (roles/datastream.admin)

Datastream Viewer (roles/datastream.viewer)

Data Studio Admin (roles/datastudio.admin)

Data Studio Asset Editor (roles/datastudio.editor)

Data Studio Asset Viewer (roles/datastudio.viewer)

Dell EMC Cloud OneFS Admin (roles/dellemccloudonefs.admin)

Dell EMC Cloud OneFS Viewer (roles/dellemccloudonefs.viewer)

Deployment Manager Editor (roles/deploymentmanager.editor)

Deployment Manager Viewer (roles/deploymentmanager.viewer)

Application Design Center Admin (roles/designcenter.admin)

Designcenter Editor (roles/designcenter.editor)

Application Design Center Viewer (roles/designcenter.viewer)

Developer Connect Admin (roles/developerconnect.admin)

Developerconnect Editor (roles/developerconnect.editor)

Developer Connect Viewer (roles/developerconnect.viewer)

Device Streaming Admin (roles/devicestreaming.admin)

Device Streaming Viewer (roles/devicestreaming.viewer)

Dialogflow API Admin (roles/dialogflow.admin)

Dialogflow Viewer (roles/dialogflow.viewer)

Discovery Engine Admin (roles/discoveryengine.admin)

Discovery Engine Editor (roles/discoveryengine.editor)

Discovery Engine Viewer (roles/discoveryengine.viewer)

DLP Administrator (roles/dlp.admin)

DLP Editor (roles/dlp.editor)

DLP Viewer (roles/dlp.viewer)

DNS Administrator (roles/dns.admin)

Document AI Administrator (roles/documentai.admin)

Document AI Editor (roles/documentai.editor)

Document AI Viewer (roles/documentai.viewer)

Cloud Domains Admin (roles/domains.admin)

Domains Editor (roles/domains.editor)

Cloud Domains Viewer (roles/domains.viewer)

Earth Admin (roles/earth.admin)

Earth Viewer (roles/earth.viewer)

Earth Engine Resource Admin (roles/earthengine.admin)

Earth Engine Resource Viewer (roles/earthengine.viewer)

Edge Container Admin (roles/edgecontainer.admin)

Edge Container Viewer (roles/edgecontainer.viewer)

Edge Network Admin (roles/edgenetwork.admin)

Edgenetwork Editor (roles/edgenetwork.editor)

Edge Network Viewer (roles/edgenetwork.viewer)

Enterprise Knowledge Graph Admin (roles/enterpriseknowledgegraph.admin)

Enterprise Knowledge Graph Editor (roles/enterpriseknowledgegraph.editor)

Enterprise Knowledge Graph Viewer (roles/enterpriseknowledgegraph.viewer)

Enterprise Purchasing Admin (roles/enterprisepurchasing.admin)

Enterprise Purchasing Editor (roles/enterprisepurchasing.editor)

Enterprise Purchasing Viewer (roles/enterprisepurchasing.viewer)

Error Reporting Admin (roles/errorreporting.admin)

Error Reporting User (roles/errorreporting.user)

Error Reporting Viewer (roles/errorreporting.viewer)

Eventarc Admin (roles/eventarc.admin)

Eventarc Editor (roles/eventarc.editor)

Eventarc Viewer (roles/eventarc.viewer)

File Admin (roles/file.admin)

Financial Services Admin (roles/financialservices.admin)

Financial Services Viewer (roles/financialservices.viewer)

Firebase Admin (roles/firebase.admin)

Firebase Editor (roles/firebase.editor)

Firebase Viewer (roles/firebase.viewer)

Firebase A/B Testing Admin (roles/firebaseabt.admin)

Firebase A/B Testing Viewer (roles/firebaseabt.viewer)

Firebase App Distribution Admin (roles/firebaseappdistro.admin)

Firebase App Distribution Viewer (roles/firebaseappdistro.viewer)

Firebase App Hosting Admin (roles/firebaseapphosting.admin)

Firebase App Hosting Viewer (roles/firebaseapphosting.viewer)

Firebase Authentication Admin (roles/firebaseauth.admin)

Firebase Authentication Viewer (roles/firebaseauth.viewer)

Firebase Cloud Messaging API Admin (roles/firebasecloudmessaging.admin)

Firebase Crashlytics Admin (roles/firebasecrashlytics.admin)

Firebase Crashlytics Viewer (roles/firebasecrashlytics.viewer)

Firebase Realtime Database Admin (roles/firebasedatabase.admin)

Firebase Realtime Database Viewer (roles/firebasedatabase.viewer)

Firebase Data Connect API Admin (roles/firebasedataconnect.admin)

Firebase Data Connect API Viewer (roles/firebasedataconnect.viewer)

Firebase Dynamic Links Admin (roles/firebasedynamiclinks.admin)

Firebasedynamiclinks Editor (roles/firebasedynamiclinks.editor)

Firebase Dynamic Links Viewer (roles/firebasedynamiclinks.viewer)

Firebaseextensions Editor (roles/firebaseextensions.editor)

Firebase Extensions Viewer (roles/firebaseextensions.viewer)

Firebaseextensionspublisher Admin (roles/firebaseextensionspublisher.admin)

Firebaseextensionspublisher Viewer (roles/firebaseextensionspublisher.viewer)

Firebase Hosting Admin (roles/firebasehosting.admin)

Firebase Hosting Viewer (roles/firebasehosting.viewer)

Firebase In-App Messaging Admin (roles/firebaseinappmessaging.admin)

Firebase In-App Messaging Viewer (roles/firebaseinappmessaging.viewer)

Firebase ML Kit Admin (roles/firebaseml.admin)

Firebase ML Kit Viewer (roles/firebaseml.viewer)

Firebase Cloud Messaging Admin (roles/firebasenotifications.admin)

Firebase Cloud Messaging Viewer (roles/firebasenotifications.viewer)

Firebase Performance Reporting Admin (roles/firebaseperformance.admin)

Firebase Performance Reporting Viewer (roles/firebaseperformance.viewer)

Firebase Rules Admin (roles/firebaserules.admin)

Firebase Rules System (roles/firebaserules.system)

Firebase Rules Viewer (roles/firebaserules.viewer)

Cloud Storage for Firebase Admin (roles/firebasestorage.admin)

Cloud Storage for Firebase Viewer (roles/firebasestorage.viewer)

Firebase AI Logic Admin (roles/firebasevertexai.admin)

Firebase AI Logic Viewer (roles/firebasevertexai.viewer)

GDC Hardware Management Admin (roles/gdchardwaremanagement.admin)

Backup for GKE Admin (roles/gkebackup.admin)

Backup for GKE Viewer (roles/gkebackup.viewer)

Fleet Admin (formerly GKE Hub Admin) (roles/gkehub.admin)

Fleet Editor (formerly GKE Hub Editor) (roles/gkehub.editor)

Fleet Viewer (formerly GKE Hub Viewer) (roles/gkehub.viewer)

Anthos Multi-cloud Admin (roles/gkemulticloud.admin)

Gkemulticloud Editor (roles/gkemulticloud.editor)

Anthos Multi-cloud Viewer (roles/gkemulticloud.viewer)

GKE on-prem Admin (roles/gkeonprem.admin)

GKE on-prem Viewer (roles/gkeonprem.viewer)

Gsuiteaddons Admin (roles/gsuiteaddons.admin)

Gsuiteaddons Viewer (roles/gsuiteaddons.viewer)

Hypercomputecluster Admin (roles/hypercomputecluster.admin)

Cluster Director Editor (roles/hypercomputecluster.editor)

Cluster Director Viewer (roles/hypercomputecluster.viewer)

Iam Admin (roles/iam.admin)

Iam Editor (roles/iam.editor)

Role Administrator (roles/iam.roleAdmin)

Role Viewer (roles/iam.roleViewer)

Service Account Admin (roles/iam.serviceAccountAdmin)

Create Service Accounts (roles/iam.serviceAccountCreator)

Service Account Key Admin (roles/iam.serviceAccountKeyAdmin)

Service Account Token Creator (roles/iam.serviceAccountTokenCreator)

Service Account User (roles/iam.serviceAccountUser)

View Service Accounts (roles/iam.serviceAccountViewer)

Iam Viewer (roles/iam.viewer)

Iap Editor (roles/iap.editor)

Iap Viewer (roles/iap.viewer)

Cloud IDS Admin (roles/ids.admin)

Ids Editor (roles/ids.editor)

Cloud IDS Viewer (roles/ids.viewer)

Integrations Admin (roles/integrations.admin)

Integrations Viewer (roles/integrations.viewer)

Issuerswitch Admin (roles/issuerswitch.admin)

Issuerswitch Viewer (roles/issuerswitch.viewer)

Config Controller Admin (roles/krmapihosting.admin)

Krmapihosting Editor (roles/krmapihosting.editor)

Config Controller Viewer (roles/krmapihosting.viewer)

Cloud License Manager Admin (roles/licensemanager.admin)

Cloud License Manager Viewer (roles/licensemanager.viewer)

Cloud Life Sciences Viewer (roles/lifesciences.viewer)

Live Stream Admin (roles/livestream.admin)

Live Stream Editor (roles/livestream.editor)

Live Stream Viewer (roles/livestream.viewer)

Logging Admin (roles/logging.admin)

Private Logs Viewer (roles/logging.privateLogViewer)

Logs Viewer (roles/logging.viewer)

Looker Admin (roles/looker.admin)

Looker Viewer (roles/looker.viewer)

Google Cloud Managed Lustre Admin (roles/lustre.admin)

Google Cloud Managed Lustre Viewer (roles/lustre.viewer)

Maintenance Admin (roles/maintenance.admin)

Maintenance API Viewer (roles/maintenance.viewer)

Managed Flink Admin (roles/managedflink.admin)

Managed Flink Viewer (roles/managedflink.viewer)

Google Cloud Managed Identities Admin (roles/managedidentities.admin)

Managedidentities Editor (roles/managedidentities.editor)

Google Cloud Managed Identities Viewer (roles/managedidentities.viewer)

Managed Kafka Admin (roles/managedkafka.admin)

Managed Kafka Viewer (roles/managedkafka.viewer)

Maps API Admin (roles/mapsadmin.admin)

Maps API Viewer (roles/mapsadmin.viewer)

Mapsanalytics Admin (roles/mapsanalytics.admin)

Maps Analytics Viewer (roles/mapsanalytics.viewer)

Maps Platform Datasets Admin (roles/mapsplatformdatasets.admin)

Maps Platform Datasets Viewer (roles/mapsplatformdatasets.viewer)

Marketplace Solutions Admin (roles/marketplacesolutions.admin)

Marketplace Solutions Editor (roles/marketplacesolutions.editor)

Marketplace Solutions Viewer (roles/marketplacesolutions.viewer)

MCP Admin (roles/mcp.admin)

Cloud Memorystore Memcached Admin (roles/memcache.admin)

Cloud Memorystore Memcached Editor (roles/memcache.editor)

Cloud Memorystore Memcached Viewer (roles/memcache.viewer)

Memorystore Admin (roles/memorystore.admin)

Memorystore Viewer (roles/memorystore.viewer)

Dataproc Metastore Admin (roles/metastore.admin)

Dataproc Metastore Editor (roles/metastore.editor)

Metastore Viewer (roles/metastore.viewer)

Migration Center Admin (roles/migrationcenter.admin)

Migration Center Viewer (roles/migrationcenter.viewer)

AI Platform Admin (roles/ml.admin)

AI Platform Viewer (roles/ml.viewer)

Model Armor Admin (roles/modelarmor.admin)

Model Armor Viewer (roles/modelarmor.viewer)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring Viewer (roles/monitoring.viewer)

Google Cloud NetApp Volumes Admin (roles/netapp.admin)

Google Cloud NetApp Volumes Viewer (roles/netapp.viewer)

NetApp Cloud Volumes Admin (roles/netappcloudvolumes.admin)

NetApp Cloud Volumes Viewer (roles/netappcloudvolumes.viewer)

Networkconnectivity Editor (roles/networkconnectivity.editor)

Network Management Admin (roles/networkmanagement.admin)

Networkmanagement Editor (roles/networkmanagement.editor)

Network Management Viewer (roles/networkmanagement.viewer)

Networksecurity Admin (roles/networksecurity.admin)

Networksecurity Editor (roles/networksecurity.editor)

Networksecurity Viewer (roles/networksecurity.viewer)

Network Services Admin (roles/networkservices.admin)

Network Services Editor (roles/networkservices.editor)

Network Services Viewer (roles/networkservices.viewer)

Notebooks Admin (roles/notebooks.admin)

Notebooks Editor (roles/notebooks.editor)

Notebooks Viewer (roles/notebooks.viewer)

On-Demand Scanning Viewer (roles/ondemandscanning.viewer)

Oracle Database@Google Cloud admin (roles/oracledatabase.admin)

Oracle Database@Google Cloud viewer (roles/oracledatabase.viewer)

Parallelstore Admin (roles/parallelstore.admin)

Parallelstore Viewer (roles/parallelstore.viewer)

Parameter Manager Admin (roles/parametermanager.admin)

Paymentsresellersubscription Admin (roles/paymentsresellersubscription.admin)

Paymentsresellersubscription Viewer (roles/paymentsresellersubscription.viewer)

Policyremediatormanager Admin (roles/policyremediatormanager.admin)

Policyremediatormanager Viewer (roles/policyremediatormanager.viewer)

CA Service Admin (roles/privateca.admin)

Privateca Editor (roles/privateca.editor)

Privateca Viewer (roles/privateca.viewer)

Privileged Access Manager Admin (roles/privilegedaccessmanager.admin)

Privilegedaccessmanager Editor (roles/privilegedaccessmanager.editor)

Privileged Access Manager Viewer (roles/privilegedaccessmanager.viewer)

Proximitybeacon Admin (roles/proximitybeacon.admin)

Proximitybeacon Editor (roles/proximitybeacon.editor)

Proximitybeacon Viewer (roles/proximitybeacon.viewer)

Pub/Sub Admin (roles/pubsub.admin)

Pub/Sub Editor (roles/pubsub.editor)

Pub/Sub Viewer (roles/pubsub.viewer)

Subscription Linking Admin (roles/readerrevenuesubscriptionlinking.admin)

Subscription Linking Viewer (roles/readerrevenuesubscriptionlinking.viewer)

reCAPTCHA Enterprise Admin (roles/recaptchaenterprise.admin)

reCAPTCHA Enterprise Viewer (roles/recaptchaenterprise.viewer)

Recommender Admin (roles/recommender.admin)

Recommender Editor (roles/recommender.editor)

Recommender Viewer (roles/recommender.viewer)

Cloud Memorystore Redis Admin (roles/redis.admin)

Cloud Memorystore Redis Editor (roles/redis.editor)

Cloud Memorystore Redis Viewer (roles/redis.viewer)

Redis Enterprise Cloud Admin (roles/redisenterprisecloud.admin)

Redis Enterprise Cloud Viewer (roles/redisenterprisecloud.viewer)

Remotebuildexecution Admin (roles/remotebuildexecution.admin)

Remotebuildexecution Editor (roles/remotebuildexecution.editor)

Remotebuildexecution Viewer (roles/remotebuildexecution.viewer)

Folder Admin (roles/resourcemanager.folderAdmin)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Project IAM Admin (roles/resourcemanager.projectIamAdmin)

Project Mover (roles/resourcemanager.projectMover)

Tag User (roles/resourcemanager.tagUser)

Retail Admin (roles/retail.admin)

Retail Editor (roles/retail.editor)

Retail Viewer (roles/retail.viewer)

Risk Manager Admin (roles/riskmanager.admin)

Risk Manager Editor (roles/riskmanager.editor)

Risk Manager Viewer (roles/riskmanager.viewer)

Rapid Migration Assessment Admin (roles/rma.admin)

Rapid Migration Assessment Viewer (roles/rma.viewer)

Routeoptimization Admin (roles/routeoptimization.admin)

Route Optimization Editor (roles/routeoptimization.editor)

Route Optimization Viewer (roles/routeoptimization.viewer)

Cloud Run Admin (roles/run.admin)

Cloud Run Developer (roles/run.developer)

Run Editor (roles/run.editor)

Cloud Run Viewer (roles/run.viewer)

Serverless Integrations Viewer (roles/runapps.viewer)

Runtimeconfig Editor (roles/runtimeconfig.editor)

Runtimeconfig Viewer (roles/runtimeconfig.viewer)

SaaS Service Management Admin (roles/saasservicemgmt.admin)

SaaS Service Management Viewer (roles/saasservicemgmt.viewer)

Secret Manager Admin (roles/secretmanager.admin)

Secret Manager Secret Accessor (roles/secretmanager.secretAccessor)

Secret Manager Viewer (roles/secretmanager.viewer)

Secure Source Manager Admin (roles/securesourcemanager.admin)

Securesourcemanager Editor (roles/securesourcemanager.editor)

Securesourcemanager Viewer (roles/securesourcemanager.viewer)

Security Center Admin (roles/securitycenter.admin)

Security Center Management Admin (roles/securitycentermanagement.admin)

Securitycentermanagement Editor (roles/securitycentermanagement.editor)

Security Center Management Viewer (roles/securitycentermanagement.viewer)

Serviceconsumermanagement Admin (roles/serviceconsumermanagement.admin)

Serviceconsumermanagement Viewer (roles/serviceconsumermanagement.viewer)

Service Directory Admin (roles/servicedirectory.admin)

Service Directory Editor (roles/servicedirectory.editor)

Service Directory Viewer (roles/servicedirectory.viewer)

Personalized Service Health Viewer (roles/servicehealth.viewer)

Service Management Administrator (roles/servicemanagement.admin)

Servicenetworking Admin (roles/servicenetworking.admin)

Servicenetworking Editor (roles/servicenetworking.editor)

Servicenetworking Viewer (roles/servicenetworking.viewer)

Source Editor (roles/source.editor)

Source Viewer (roles/source.viewer)

Cloud Spanner Admin (roles/spanner.admin)

Spanner Editor (roles/spanner.editor)

Cloud Spanner Viewer (roles/spanner.viewer)

Stackdriver Admin (roles/stackdriver.admin)

Stackdriver Viewer (roles/stackdriver.viewer)

Storage Admin (roles/storage.admin)

Storage Editor (roles/storage.editor)

Storage Folder Admin (roles/storage.folderAdmin)

Storage Object Admin (roles/storage.objectAdmin)

Storage Object Creator (roles/storage.objectCreator)

Storage Object User (roles/storage.objectUser)

Storage Object Viewer (roles/storage.objectViewer)

Storage Viewer (roles/storage.viewer)

Storage Batch Operations Admin (roles/storagebatchoperations.admin)

Storage Batch Operations Viewer (roles/storagebatchoperations.viewer)

Storage Insights Admin (roles/storageinsights.admin)

Storage Insights Viewer (roles/storageinsights.viewer)

Storage Transfer Admin (roles/storagetransfer.admin)

Storage Transfer Viewer (roles/storagetransfer.viewer)

Stream Admin (roles/stream.admin)

Stream Viewer (roles/stream.viewer)

Subscribewithgoogledeveloper Admin (roles/subscribewithgoogledeveloper.admin)

Subscribewithgoogledeveloper Viewer (roles/subscribewithgoogledeveloper.viewer)

Telco Automation Admin (roles/telcoautomation.admin)

Telemetry Admin (roles/telemetry.admin)

Telemetry Editor (roles/telemetry.editor)

TPU Admin (roles/tpu.admin)

TPU Viewer (roles/tpu.viewer)

Trafficdirector Admin (roles/trafficdirector.admin)

Trafficdirector Viewer (roles/trafficdirector.viewer)

Transcoder Admin (roles/transcoder.admin)

Transcoder Editor (roles/transcoder.editor)

Transcoder Viewer (roles/transcoder.viewer)

Transfer Appliance Admin (roles/transferappliance.admin)

Transfer Appliance Viewer (roles/transferappliance.viewer)

Translation Hub Admin (roles/translationhub.admin)

Vector Search Admin (roles/vectorsearch.admin)

Vector Search Viewer (roles/vectorsearch.viewer)

Video Stitcher Admin (roles/videostitcher.admin)

Video Stitcher Viewer (roles/videostitcher.viewer)

VisionAI Admin (roles/visionai.admin)

VisionAI Editor (roles/visionai.editor)

VisionAI Viewer (roles/visionai.viewer)

VM Migration Administrator (roles/vmmigration.admin)

VM Migration Viewer (roles/vmmigration.viewer)

Vmwareengine Admin (roles/vmwareengine.admin)

Vmwareengine Editor (roles/vmwareengine.editor)

Vmwareengine Viewer (roles/vmwareengine.viewer)

Serverless VPC Access Admin (roles/vpcaccess.admin)

Serverless VPC Access User (roles/vpcaccess.user)

Serverless VPC Access Viewer (roles/vpcaccess.viewer)

Workflows Admin (roles/workflows.admin)

Workflows Editor (roles/workflows.editor)

Workflows Viewer (roles/workflows.viewer)

Workload Certificate Admin (roles/workloadcertificate.admin)

Workload Certificate Viewer (roles/workloadcertificate.viewer)

Workload Manager Admin (roles/workloadmanager.admin)

Workload Manager Viewer (roles/workloadmanager.viewer)

Cloud Workstations Admin (roles/workstations.admin)

Workstations Editor (roles/workstations.editor)

Access Approval Approver (roles/accessapproval.approver)

Access Approval Config Editor (roles/accessapproval.configEditor)

Access Approval Invalidator (roles/accessapproval.invalidator)

Access Context Manager Editor (roles/accesscontextmanager.policyEditor)

Access Context Manager Reader (roles/accesscontextmanager.policyReader)

VPC Service Controls Troubleshooter Viewer (roles/accesscontextmanager.vpcScTroubleshooterViewer)

Colab Enterprise Admin (roles/aiplatform.colabEnterpriseAdmin)

Colab Enterprise User (roles/aiplatform.colabEnterpriseUser)

Vertex AI Feature Store EntityType owner (roles/aiplatform.entityTypeOwner)

Vertex AI Feature Store Admin (roles/aiplatform.featurestoreAdmin)

Vertex AI Feature Store Data Viewer (roles/aiplatform.featurestoreDataViewer)

Vertex AI Feature Store Data Writer (roles/aiplatform.featurestoreDataWriter)

Vertex AI Feature Store Resource Viewer (roles/aiplatform.featurestoreResourceViewer)

Vertex AI Feature Store User (roles/aiplatform.featurestoreUser)

Vertex AI User (roles/aiplatform.user)

AlloyDB Client (roles/alloydb.client)

AlloyDB Database User (roles/alloydb.databaseUser)

Analytics Hub Listing Admin (roles/analyticshub.listingAdmin)

Analytics Hub Publisher (roles/analyticshub.publisher)

Analytics Hub Subscriber (roles/analyticshub.subscriber)

Analytics Hub Subscription Owner (roles/analyticshub.subscriptionOwner)

Apigee Analytics Editor (roles/apigee.analyticsEditor)

Apigee Analytics Viewer (roles/apigee.analyticsViewer)

Apigee API Reader (roles/apigee.apiReaderV2)

Apigee Developer Admin (roles/apigee.developerAdmin)

Apigee Environment Admin (roles/apigee.environmentAdmin)

Apigee Monetization Admin (roles/apigee.monetizationAdmin)

Apigee Portal Admin (roles/apigee.portalAdmin)

Apigee Read-only Admin (roles/apigee.readOnlyAdmin)

Apigee Security Admin (roles/apigee.securityAdmin)

Apigee Security Viewer (roles/apigee.securityViewer)

Apigee Space Console User (roles/apigee.spaceConsoleUser)

Cloud Apigee Registry Worker (roles/apigeeregistry.worker)

Cloud API hub Addons Admin (roles/apihub.addonsAdmin)

Cloud API hub Attributes Admin (roles/apihub.attributeAdmin)

Cloud API hub Plugins Admin (roles/apihub.pluginAdmin)

Cloud API hub Provisioning Admin (roles/apihub.provisioningAdmin)

App Engine Creator (roles/appengine.appCreator)

App Engine Viewer (roles/appengine.appViewer)

App Engine Code Viewer (roles/appengine.codeViewer)

App Engine Managed VM Debug Access (roles/appengine.debugger)

App Engine Deployer (roles/appengine.deployer)

App Engine Memcache Data Admin (roles/appengine.memcacheDataAdmin)

App Engine Service Admin (roles/appengine.serviceAdmin)

App Management Viewer (roles/apphub.appManagementViewer)

Appliance troubleshooting commands approver (roles/applianceactivation.approver)

Appliance troubleshooter (roles/applianceactivation.troubleshooter)

Workspace Marketplace App Configuration Admin (roles/appmetadata.workspaceMarketplaceAppConfigurationAdmin)

Container Registry -> Artifact Registry Migration Admin (roles/artifactregistry.containerRegistryMigrationAdmin)

Artifact Registry Create-on-Push Repository Administrator (roles/artifactregistry.createOnPushRepoAdmin)

Artifact Registry Create-on-Push Writer (roles/artifactregistry.createOnPushWriter)

Artifact Registry Reader (roles/artifactregistry.reader)

Artifact Registry Writer (roles/artifactregistry.writer)

Assured OSS Project Admin (roles/assuredoss.projectAdmin)

Assured OSS Reader (roles/assuredoss.reader)

Assured OSS User (roles/assuredoss.user)

Assured Workloads Reader (roles/assuredworkloads.reader)

Audit Manager Auditor (roles/auditmanager.auditor)

AutoML Predictor (roles/automl.predictor)

Recommendations AI Admin Viewer (roles/automlrecommendations.adminViewer)

Autoscaling Site Admin (roles/autoscaling.sitesAdmin)

Backup and DR Backup User (roles/backupdr.backupUser)

Backup and DR Compute Engine Operator (roles/backupdr.computeEngineOperator)

Backup and DR Mount User (roles/backupdr.mountUser)

Backup and DR Restore User (roles/backupdr.restoreUser)

Backup and DR User (roles/backupdr.user)

Backup and DR User V2 (roles/backupdr.userv2)

Bare Metal Solution Instances Admin (roles/baremetalsolution.instancesadmin)

Bare Metal Solution Instances Viewer (roles/baremetalsolution.instancesviewer)

Bare Metal Solution Storage Admin (roles/baremetalsolution.storageadmin)

Batch Job Editor (roles/batch.jobsEditor)

Batch Job Viewer (roles/batch.jobsViewer)

Batch ResourceAllowance Editor (roles/batch.resourceAllowancesEditor)

Batch ResourceAllowance Viewer (roles/batch.resourceAllowancesViewer)

BigLake Metadata Viewer (roles/biglake.metadataViewer)

BigQuery Data Editor (roles/bigquery.dataEditor)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Data Viewer (roles/bigquery.dataViewer)

BigQuery Job User (roles/bigquery.jobUser)

BigQuery Metadata Viewer (roles/bigquery.metadataViewer)

BigQuery Read Session User (roles/bigquery.readSessionUser)

BigQuery Resource Admin (roles/bigquery.resourceAdmin)

BigQuery Resource Editor (roles/bigquery.resourceEditor)

BigQuery Resource Viewer (roles/bigquery.resourceViewer)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery Studio User (roles/bigquery.studioUser)

BigQuery User (roles/bigquery.user)

Bigtable Reader (roles/bigtable.reader)

Binary Authorization Attestor Admin (roles/binaryauthorization.attestorsAdmin)

Binary Authorization Attestor Editor (roles/binaryauthorization.attestorsEditor)

Binary Authorization Attestor Image Verifier (roles/binaryauthorization.attestorsVerifier)

Binary Authorization Attestor Viewer (roles/binaryauthorization.attestorsViewer)

Binary Authorization Policy Administrator (roles/binaryauthorization.policyAdmin)

Binary Authorization Policy Editor (roles/binaryauthorization.policyEditor)

Binary Authorization Policy Evaluator (roles/binaryauthorization.policyEvaluator)

Binary Authorization Policy Viewer (roles/binaryauthorization.policyViewer)

Browser (roles/browser)

Capacity Planner (roles/capacityplanner.planner)

Certificate Manager Owner (roles/certificatemanager.owner)

Gemini Enterprise for Customer Experience Agent Editor (roles/ces.agentEditor)

Gemini Enterprise for Customer Experience App Editor (roles/ces.appEditor)

Gemini Enterprise for Customer Experience Deployment Editor (roles/ces.deploymentEditor)

Gemini Enterprise for Customer Experience Evals Editor (roles/ces.evalsEditor)

Gemini Enterprise for Customer Experience Guardrails Editor (roles/ces.guardrailsEditor)

Gemini Enterprise for Customer Experience Security Settings Editor (roles/ces.securitySettingsEditor)

Gemini Enterprise for Customer Experience Tools Editor (roles/ces.toolsEditor)

Chronicle API Data Governor (roles/chronicle.dataGovernor)

Chronicle API Federation Admin (roles/chronicle.federationAdmin)

Chronicle API Federation Viewer (roles/chronicle.federationViewer)

Chronicle API Limited Viewer (roles/chronicle.limitedViewer)

Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)

Chronicle SOAR Admin (roles/chronicle.soarAdmin)

Chronicle SOAR Remote Agent (roles/chronicle.soarRemoteAgent)

Chronicle SOAR Threat Manager (roles/chronicle.soarThreatManager)

Chronicle SOAR Vulnerability Manager (roles/chronicle.soarVulnerabilityManager)

Code Repository Indexes Admin (roles/cloudaicompanion.codeRepositoryIndexesAdmin)

Code Repository Indexes Viewer (roles/cloudaicompanion.codeRepositoryIndexesViewer)

Gemini Code Assist Tools Admin (roles/cloudaicompanion.codeToolsAdmin)

Gemini Code Assist Tools User (roles/cloudaicompanion.codeToolsUser)

Gemini for Google Cloud User (roles/cloudaicompanion.user)

Cloud Build Approver (roles/cloudbuild.builds.approver)

Cloud Build Editor (roles/cloudbuild.builds.editor)

Cloud Build Viewer (roles/cloudbuild.builds.viewer)

Cloud Build Connection Admin (roles/cloudbuild.connectionAdmin)

Cloud Build Connection Viewer (roles/cloudbuild.connectionViewer)

Cloud Build Integrations Editor (roles/cloudbuild.integrationsEditor)

Cloud Build Integrations Owner (roles/cloudbuild.integrationsOwner)

Cloud Build Integrations Viewer (roles/cloudbuild.integrationsViewer)

Cloud Build WorkerPool Editor (roles/cloudbuild.workerPoolEditor)

Cloud Build WorkerPool Owner (roles/cloudbuild.workerPoolOwner)

Cloud Build WorkerPool Viewer (roles/cloudbuild.workerPoolViewer)

Cloud Deploy Approver (roles/clouddeploy.approver)

Cloud Deploy Custom Target Type Admin (roles/clouddeploy.customTargetTypeAdmin)

Cloud Deploy Developer (roles/clouddeploy.developer)

Cloud Deploy Operator (roles/clouddeploy.operator)

Cloud Deploy Policy Admin (roles/clouddeploy.policyAdmin)

Cloud Deploy Policy Overrider (roles/clouddeploy.policyOverrider)

Cloud Deploy Releaser (roles/clouddeploy.releaser)

Cloud Functions Developer (roles/cloudfunctions.developer)

Cloud Hub Operator (roles/cloudhub.operator)

Cloud Talent Solution Job Editor (roles/cloudjobdiscovery.jobsEditor)

Cloud Talent Solution Job Viewer (roles/cloudjobdiscovery.jobsViewer)

Cloud Talent Solution Profile Editor (roles/cloudjobdiscovery.profilesEditor)

Cloud Talent Solution Profile Viewer (roles/cloudjobdiscovery.profilesViewer)

Cloud KMS CryptoKey Decrypter (roles/cloudkms.cryptoKeyDecrypter)

Cloud KMS CryptoKey Decrypter Via Delegation (roles/cloudkms.cryptoKeyDecrypterViaDelegation)

Cloud KMS CryptoKey Encrypter (roles/cloudkms.cryptoKeyEncrypter)

Cloud KMS CryptoKey Encrypter/Decrypter Via Delegation (roles/cloudkms.cryptoKeyEncrypterDecrypterViaDelegation)

Cloud KMS CryptoKey Encrypter Via Delegation (roles/cloudkms.cryptoKeyEncrypterViaDelegation)

Cloud KMS Crypto Operator (roles/cloudkms.cryptoOperator)

Cloud KMS CryptoKey Decapsulator (roles/cloudkms.decapsulator)

Cloud KMS EkmConnections Admin (roles/cloudkms.ekmConnectionsAdmin)

Cloud KMS Expert PQ Asymmetric Signing Key Manager (roles/cloudkms.expertPqcSigner)

Cloud KMS Expert Raw AES-CBC Key Manager (roles/cloudkms.expertRawAesCbc)

Cloud KMS Expert Raw AES-CTR Key Manager (roles/cloudkms.expertRawAesCtr)

Cloud KMS Expert Raw PKCS#1 Key Manager (roles/cloudkms.expertRawPKCS1)

Cloud KMS Importer (roles/cloudkms.importer)

Cloud KMS CryptoKey Public Key Viewer (roles/cloudkms.publicKeyViewer)

Cloud KMS CryptoKey Signer (roles/cloudkms.signer)

Cloud KMS CryptoKey Signer/Verifier (roles/cloudkms.signerVerifier)

Cloud KMS CryptoKey Verifier (roles/cloudkms.verifier)

Velostrata Manager (roles/cloudmigration.inframanager)

Catalog Consumer (roles/cloudprivatecatalog.consumer)

Catalog Manager (roles/cloudprivatecatalogproducer.manager)

Catalog Org Admin (roles/cloudprivatecatalogproducer.orgAdmin)

Cloud Profiler User (roles/cloudprofiler.user)

Cloud Scheduler Job Runner (roles/cloudscheduler.jobRunner)

Advisory Support Editor (roles/cloudsupport.advisorySupportEditor)

Advisory Support Viewer (roles/cloudsupport.advisorySupportViewer)

Tech Support Editor (roles/cloudsupport.techSupportEditor)

Tech Support Viewer (roles/cloudsupport.techSupportViewer)

Cloud Tasks Enqueuer (roles/cloudtasks.enqueuer)

Cloud Tasks Queue Admin (roles/cloudtasks.queueAdmin)

Cloud Tasks Task Deleter (roles/cloudtasks.taskDeleter)

Cloud Tasks Task Runner (roles/cloudtasks.taskRunner)

Firebase Test Lab Direct Access Admin (roles/cloudtestservice.directAccessAdmin)

Firebase Test Lab Direct Access Viewer (roles/cloudtestservice.directAccessViewer)

Firebase Test Lab Admin (roles/cloudtestservice.testAdmin)

Firebase Test Lab Viewer (roles/cloudtestservice.testViewer)

Commerce Business Enablement PaymentConfig Admin (roles/commercebusinessenablement.paymentConfigAdmin)

Commerce Business Enablement PaymentConfig Viewer (roles/commercebusinessenablement.paymentConfigViewer)

Commerce Business Enablement Reseller Discount Admin (roles/commercebusinessenablement.resellerDiscountAdmin)

Commerce Business Enablement Reseller Discount Viewer (roles/commercebusinessenablement.resellerDiscountViewer)

Governed Marketplace User (roles/commerceorggovernance.user)

Commerce Price Management Events Viewer (roles/commercepricemanagement.eventsViewer)

Commerce Price Management Private Offers Admin (roles/commercepricemanagement.privateOffersAdmin)

Environment and Storage Object Administrator (roles/composer.environmentAndStorageObjectAdmin)

Environment and Storage Object User (roles/composer.environmentAndStorageObjectUser)

Environment and Storage Object Viewer (roles/composer.environmentAndStorageObjectViewer)

Composer Worker (roles/composer.worker)

Compute Image User (roles/compute.imageUser)

Compute Load Balancer Services User (roles/compute.loadBalancerServiceUser)

Compute Organization Firewall Policy Admin (roles/compute.orgFirewallPolicyAdmin)

Compute Organization Firewall Policy User (roles/compute.orgFirewallPolicyUser)

Compute Organization Security Policy Admin (roles/compute.orgSecurityPolicyAdmin)

Compute Organization Security Policy User (roles/compute.orgSecurityPolicyUser)

Compute Organization Resource Admin (roles/compute.orgSecurityResourceAdmin)

Compute packet mirroring admin (roles/compute.packetMirroringAdmin)

Compute packet mirroring user (roles/compute.packetMirroringUser)

Compute Public IP Admin (roles/compute.publicIpAdmin)

Compute VM extension policy admin (roles/compute.vmExtensionPolicyAdmin)

Compute VM extension policy viewer (roles/compute.vmExtensionPolicyViewer)

Compute Shared VPC Admin (roles/compute.xpnAdmin)

ConfigDelivery Admin (roles/configdelivery.configDeliveryAdmin)

ConfigDelivery Viewer (roles/configdelivery.configDeliveryViewer)

Config Delivery Resource Bundle Publisher (roles/configdelivery.resourceBundlePublisher)

Consumer Procurement Entitlement Manager (roles/consumerprocurement.entitlementManager)

Consumer Procurement Entitlement Viewer (roles/consumerprocurement.entitlementViewer)

Consumer Procurement Administrator (roles/consumerprocurement.procurementAdmin)

Consumer Procurement Viewer (roles/consumerprocurement.procurementViewer)

Kubernetes Engine KMS Crypto Key User (roles/container.cloudKmsKeyUser)

Kubernetes Engine Cluster Viewer (roles/container.clusterViewer)

Container Analysis Notes Editor (roles/containeranalysis.notes.editor)

Container Analysis Notes Viewer (roles/containeranalysis.notes.viewer)

Container Analysis Occurrences Editor (roles/containeranalysis.occurrences.editor)

Container Analysis Occurrences Viewer (roles/containeranalysis.occurrences.viewer)

Content Warehouse Document Admin (roles/contentwarehouse.documentAdmin)

Content Warehouse document creator (roles/contentwarehouse.documentCreator)

Content Warehouse Document Editor (roles/contentwarehouse.documentEditor)

Content Warehouse document schema viewer (roles/contentwarehouse.documentSchemaViewer)

Content Warehouse Viewer (roles/contentwarehouse.documentViewer)

Database Insights monitoring viewer (roles/databaseinsights.monitoringViewer)

Database Insights recommendation viewer (roles/databaseinsights.recommendationViewer)

Studio Query Admin (roles/databasesconsole.studioQueryAdmin)

Studio Query User (roles/databasesconsole.studioQueryUser)

Policy Tag Admin (roles/datacatalog.categoryAdmin)

DataCatalog Data Steward (roles/datacatalog.dataSteward)

DataCatalog EntryGroup Creator (roles/datacatalog.entryGroupCreator)

DataCatalog EntryGroup Owner (roles/datacatalog.entryGroupOwner)

DataCatalog Entry Owner (roles/datacatalog.entryOwner)

DataCatalog Entry Viewer (roles/datacatalog.entryViewer)

DataCatalog Migration Config Admin (roles/datacatalog.migrationConfigAdmin)

DataCatalog Search Admin (roles/datacatalog.searchAdmin)

Data Catalog TagTemplate Owner (roles/datacatalog.tagTemplateOwner)

Data Catalog TagTemplate User (roles/datacatalog.tagTemplateUser)

Data Catalog TagTemplate Viewer (roles/datacatalog.tagTemplateViewer)

Connector Admin (roles/dataconnectors.connectorAdmin)

Dataflow Developer (roles/dataflow.developer)

Code Commenter (roles/dataform.codeCommenter)

Code Creator (roles/dataform.codeCreator)

Code Editor (roles/dataform.codeEditor)

Code Owner (roles/dataform.codeOwner)

Code Viewer (roles/dataform.codeViewer)

Team Folder Commenter (roles/dataform.teamFolderCommenter)

Team Folder Contributor (roles/dataform.teamFolderContributor)

Team Folder Owner (roles/dataform.teamFolderOwner)

Team Folder Viewer (roles/dataform.teamFolderViewer)

Cloud Data Fusion Accessor (roles/datafusion.accessor)

Cloud Data Fusion Developer (roles/datafusion.developer)

Cloud Data Fusion Operator (roles/datafusion.operator)

Data Lineage Events Producer (roles/datalineage.producer)

Data pipelines Invoker (roles/datapipelines.invoker)

Dataplex Aspect Type Owner (roles/dataplex.aspectTypeOwner)

Dataplex Aspect Type User (roles/dataplex.aspectTypeUser)

Dataplex Catalog Admin (roles/dataplex.catalogAdmin)

Dataplex Catalog Editor (roles/dataplex.catalogEditor)

Dataplex Catalog Viewer (roles/dataplex.catalogViewer)

Dataplex Data Products Admin (roles/dataplex.dataProductsAdmin)

Dataplex Data Products Consumer (roles/dataplex.dataProductsConsumer)

Dataplex Data Products Editor (roles/dataplex.dataProductsEditor)

Dataplex Data Products Viewer (roles/dataplex.dataProductsViewer)

Dataplex Entry Group Exporter (roles/dataplex.entryGroupExporter)

Dataplex Entry Group Importer (roles/dataplex.entryGroupImporter)

Dataplex Entry Group Owner (roles/dataplex.entryGroupOwner)

Dataplex Entry and EntryLink Owner (roles/dataplex.entryOwner)

Dataplex Entry Type Owner (roles/dataplex.entryTypeOwner)

Dataplex Entry Type User (roles/dataplex.entryTypeUser)

Dataplex Metadata Feed Owner (roles/dataplex.metadataFeedOwner)

Dataplex Metadata Feed Viewer (roles/dataplex.metadataFeedViewer)

Dataplex Metadata Job Owner (roles/dataplex.metadataJobOwner)

Dataplex Metadata Job Viewer (roles/dataplex.metadataJobViewer)

Dataplex Metadata Reader (roles/dataplex.metadataReader)

Dataplex Metadata Writer (roles/dataplex.metadataWriter)

Dataprep User (roles/dataprep.projects.user)

Dataproc Hub Agent (roles/dataproc.hubAgent)

Dataproc Serverless Editor (roles/dataproc.serverlessEditor)

Dataproc Serverless Viewer (roles/dataproc.serverlessViewer)

Cloud Datastore Bulk Admin (roles/datastore.bulkAdmin)

Cloud Datastore Import Export Admin (roles/datastore.importExportAdmin)

Cloud Datastore Index Admin (roles/datastore.indexAdmin)

Cloud Datastore Key Visualizer Viewer (roles/datastore.keyVisualizerViewer)

Cloud Datastore Owner (roles/datastore.owner)

Data Studio Workspace Content Manager (roles/datastudio.contentManager)

Data Studio Workspace Contributor (roles/datastudio.contributor)

Data Studio Workspace Manager (roles/datastudio.manager)

Data Studio Workspace Viewer (roles/datastudio.workspaceViewer)

Dell EMC Cloud OneFS User (roles/dellemccloudonefs.user)

Deployment Manager Type Editor (roles/deploymentmanager.typeEditor)

Deployment Manager Type Viewer (roles/deploymentmanager.typeViewer)

Application Admin (roles/designcenter.applicationAdmin)

Application Editor (roles/designcenter.applicationEditor)

Application Viewer (roles/designcenter.applicationViewer)

Application Design Center User (roles/designcenter.user)

Developer Connect Insights Admin (roles/developerconnect.insightsAdmin)

Developer Connect Insights Viewer (roles/developerconnect.insightsViewer)

Developer Connect OAuth Admin (roles/developerconnect.oauthAdmin)

Developer Connect OAuth User (roles/developerconnect.oauthUser)

Developer Connect User (roles/developerconnect.user)

CX Premium Admin (roles/dialogflow.aamAdmin)

CX Premium Conversational Architect (roles/dialogflow.aamConversationalArchitect)

CX Premium Dialog Designer (roles/dialogflow.aamDialogDesigner)

CX Premium Lead Dialog Designer (roles/dialogflow.aamLeadDialogDesigner)

CX Premium Viewer (roles/dialogflow.aamViewer)

Dialogflow Console Agent Editor (roles/dialogflow.consoleAgentEditor)

Dialogflow Console Simulator User (roles/dialogflow.consoleSimulatorUser)

Dialogflow Console Smart Messaging Allowlist Editor (roles/dialogflow.consoleSmartMessagingAllowlistEditor)

Dialogflow API Reader (roles/dialogflow.reader)

Gemini Enterprise Admin (roles/discoveryengine.agentspaceAdmin)

Gemini Enterprise Editor (roles/discoveryengine.agentspaceEditor)

Gemini Enterprise User (roles/discoveryengine.agentspaceUser)

Gemini Enterprise Viewer (roles/discoveryengine.agentspaceViewer)

Cloud NotebookLM Admin (roles/discoveryengine.notebookLmOwner)

Cloud NotebookLM User (roles/discoveryengine.notebookLmUser)

Podcast API User (roles/discoveryengine.podcastApiUser)

Discovery Engine User (roles/discoveryengine.user)

DLP Connections Admin (roles/dlp.connectionsAdmin)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

DLP Subscription Admin (roles/dlp.subscriptionsAdmin)

DNS Reader (roles/dns.reader)

Earth Subscriptions Administrator (roles/earth.subscriptionsAdmin)

Earth Subscriptions Viewer (roles/earth.subscriptionsViewer)

Earth Engine Apps Publisher (roles/earthengine.appsPublisher)

Earth Engine Resource Writer (roles/earthengine.writer)

Edge Container Machine User (roles/edgecontainer.machineUser)

Edge Container Cluster offline Credential User (roles/edgecontainer.offlineCredentialUser)

Eventarc Connection Publisher (roles/eventarc.connectionPublisher)

Eventarc Developer (roles/eventarc.developer)

Eventarc Publisher (roles/eventarc.publisher)

Firebase Analytics Admin (roles/firebase.analyticsAdmin)

Firebase Analytics Viewer (roles/firebase.analyticsViewer)

Firebase Develop Admin (roles/firebase.developAdmin)

Firebase Develop Viewer (roles/firebase.developViewer)

Firebase Grow Admin (roles/firebase.growthAdmin)

Firebase Grow Viewer (roles/firebase.growthViewer)

Firebase Quality Admin (roles/firebase.qualityAdmin)

Firebase Quality Viewer (roles/firebase.qualityViewer)

Firebase App Hosting Compute Runner (roles/firebaseapphosting.computeRunner)

Firebase App Hosting Developer (roles/firebaseapphosting.developer)

Firebase Crash Symbol Uploader (roles/firebasecrash.symbolMappingsAdmin)

Firebase Extensions Developer (roles/firebaseextensions.developer)

Firebase Extensions Publisher - Extensions Admin (roles/firebaseextensionspublisher.extensionsAdmin)

Firebase Extensions Publisher - Extensions Viewer (roles/firebaseextensionspublisher.extensionsViewer)

Fleet Engine Delivery Admin (roles/fleetengine.deliveryAdmin)

Fleet Engine Delivery Super User (roles/fleetengine.deliverySuperUser)

Fleet Engine On-Demand Admin (roles/fleetengine.ondemandAdmin)

Fleet Engine Service Super User (roles/fleetengine.serviceSuperUser)

GDC Hardware Management Operator (roles/gdchardwaremanagement.operator)

GDC Hardware Management Reader (roles/gdchardwaremanagement.reader)

Gemini Cloud Assist Investigation Admin (roles/geminicloudassist.investigationAdmin)

Gemini Cloud Assist Investigation Creator (roles/geminicloudassist.investigationCreator)

Gemini Cloud Assist Investigation Editor (roles/geminicloudassist.investigationEditor)

Gemini Cloud Assist Investigation Owner (roles/geminicloudassist.investigationOwner)

Gemini Cloud Assist Investigation User (roles/geminicloudassist.investigationUser)

Gemini Cloud Assist Investigation Viewer (roles/geminicloudassist.investigationViewer)

Gemini Cloud Assist User (roles/geminicloudassist.user)

Backup for GKE Backup Admin (roles/gkebackup.backupAdmin)

Backup for GKE Restore Admin (roles/gkebackup.restoreAdmin)

Fleet Project-level Scope Editor (roles/gkehub.scopeEditorProjectLevel)

Fleet Project-level Scope Viewer (roles/gkehub.scopeViewerProjectLevel)

Google Workspace Add-ons Developer (roles/gsuiteaddons.developer)

Google Workspace Add-ons Reader (roles/gsuiteaddons.reader)

Google Workspace Add-ons Tester (roles/gsuiteaddons.tester)

Healthcare Annotation Editor (roles/healthcare.annotationEditor)

Healthcare Annotation Reader (roles/healthcare.annotationReader)

Healthcare Annotation Administrator (roles/healthcare.annotationStoreAdmin)

Healthcare Annotation Store Viewer (roles/healthcare.annotationStoreViewer)

Healthcare Attribute Definition Editor (roles/healthcare.attributeDefinitionEditor)

Healthcare Attribute Definition Reader (roles/healthcare.attributeDefinitionReader)

Healthcare Consent Artifact Administrator (roles/healthcare.consentArtifactAdmin)

Healthcare Consent Artifact Editor (roles/healthcare.consentArtifactEditor)

Healthcare Consent Artifact Reader (roles/healthcare.consentArtifactReader)

Healthcare Consent Editor (roles/healthcare.consentEditor)

Healthcare Consent Reader (roles/healthcare.consentReader)

Healthcare Consent Store Administrator (roles/healthcare.consentStoreAdmin)

Healthcare Consent Store Viewer (roles/healthcare.consentStoreViewer)

Healthcare Dataset Administrator (roles/healthcare.datasetAdmin)

Healthcare Dataset Viewer (roles/healthcare.datasetViewer)

Healthcare DICOM Editor (roles/healthcare.dicomEditor)

Healthcare DICOM Store Administrator (roles/healthcare.dicomStoreAdmin)

Healthcare DICOM Store Viewer (roles/healthcare.dicomStoreViewer)

Healthcare DICOM Viewer (roles/healthcare.dicomViewer)

Healthcare FHIR Resource Editor (roles/healthcare.fhirResourceEditor)

Healthcare FHIR Resource Reader (roles/healthcare.fhirResourceReader)

Healthcare FHIR Store Administrator (roles/healthcare.fhirStoreAdmin)

Healthcare FHIR Store Viewer (roles/healthcare.fhirStoreViewer)

Healthcare HL7v2 Message Consumer (roles/healthcare.hl7V2Consumer)

Healthcare HL7v2 Message Editor (roles/healthcare.hl7V2Editor)

Healthcare HL7v2 Message Ingest (roles/healthcare.hl7V2Ingest)

Healthcare HL7v2 Store Administrator (roles/healthcare.hl7V2StoreAdmin)

Healthcare HL7v2 Store Viewer (roles/healthcare.hl7V2StoreViewer)

Healthcare NLP Service Viewer (roles/healthcare.nlpServiceViewer)

Healthcare User Data Mapping Editor (roles/healthcare.userDataMappingEditor)

Healthcare User Data Mapping Reader (roles/healthcare.userDataMappingReader)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

ML Engineer (roles/iam.mlEngineer)

Network Administrator (roles/iam.networkAdmin)

IAM OAuth Client Admin (roles/iam.oauthClientAdmin)

IAM OAuth Client Viewer (roles/iam.oauthClientViewer)

Organization Role Administrator (roles/iam.organizationRoleAdmin)

Organization Role Viewer (roles/iam.organizationRoleViewer)

Security Auditor (roles/iam.securityAuditor)

Delete Service Accounts (roles/iam.serviceAccountDeleter)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Support User (roles/iam.supportUser)

IAM Workload Identity Pool Admin (roles/iam.workloadIdentityPoolAdmin)

IAM Workload Identity Pool Viewer (roles/iam.workloadIdentityPoolViewer)

Apigee Integration Admin (roles/integrations.apigeeIntegrationAdminRole)

Apigee Integration Deployer (roles/integrations.apigeeIntegrationDeployerRole)

Apigee Integration Editor (roles/integrations.apigeeIntegrationEditorRole)

Apigee Integration Invoker (roles/integrations.apigeeIntegrationInvokerRole)

Apigee Integration Viewer (roles/integrations.apigeeIntegrationsViewer)

Apigee Integration Approver (roles/integrations.apigeeSuspensionResolver)

Certificate Viewer (roles/integrations.certificateViewer)

Application Integration Admin (roles/integrations.integrationAdmin)

Application Integration Deployer (roles/integrations.integrationDeployer)

Application Integration Editor (roles/integrations.integrationEditor)

Application Integration Invoker (roles/integrations.integrationInvoker)

Application Integration Viewer (roles/integrations.integrationViewer)

Application Integration SFDC Instance Admin (roles/integrations.sfdcInstanceAdmin)

Application Integration SFDC Instance Editor (roles/integrations.sfdcInstanceEditor)

Application Integration SFDC Instance Viewer (roles/integrations.sfdcInstanceViewer)

Application Integration Approver (roles/integrations.suspensionResolver)

Issuerswitch Account Manager Admin (roles/issuerswitch.accountManagerAdmin)

Issuerswitch Account Manager Transactions Admin (roles/issuerswitch.accountManagerTransactionsAdmin)

Issuerswitch Account Manager Transactions Viewer (roles/issuerswitch.accountManagerTransactionsViewer)

Issuerswitch Participants Admin (roles/issuerswitch.issuerParticipantsAdmin)

Issuerswitch Resolutions Admin (roles/issuerswitch.resolutionsAdmin)

Issuerswitch Rules Admin (roles/issuerswitch.rulesAdmin)

Issuerswitch Rules Viewer (roles/issuerswitch.rulesViewer)

Issuerswitch Transactions Viewer (roles/issuerswitch.transactionsViewer)

Logs Configuration Writer (roles/logging.configWriter)

Looker Instance User (roles/looker.instanceUser)

Looker Admin (roles/lookerstudio.lookerAdmin)

Looker Studio Pro Manager (roles/lookerstudio.proManager)

Managed Flink Developer (roles/managedflink.developer)

Google Cloud Managed Identities Backup Admin (roles/managedidentities.backupAdmin)

Google Cloud Managed Identities Backup Viewer (roles/managedidentities.backupViewer)

Google Cloud Managed Identities Domain Admin (roles/managedidentities.domainAdmin)

Google Cloud Managed Identities Peering Admin (roles/managedidentities.peeringAdmin)

Google Cloud Managed Identities Peering Viewer (roles/managedidentities.peeringViewer)

Managed Kafka Client (roles/managedkafka.client)

Managed Kafka Cluster Editor (roles/managedkafka.clusterEditor)

Managed Kafka Connector Editor (roles/managedkafka.connectorEditor)

Managed Kafka Consumer Group Editor (roles/managedkafka.consumerGroupEditor)

Managed Kafka Topic Editor (roles/managedkafka.topicEditor)

Mandiant Attack Surface Management Editor (roles/mandiant.attackSurfaceManagementEditor)

Mandiant Attack Surface Management Viewer (roles/mandiant.attackSurfaceManagementViewer)

Mandiant Digital Threat Monitoring Editor (roles/mandiant.digitalThreatMonitoringEditor)

Mandiant Digital Threat Monitoring Viewer (roles/mandiant.digitalThreatMonitoringViewer)

Mandiant Expertise On Demand Editor (roles/mandiant.expertiseOnDemandEditor)

Mandiant Expertise On Demand Viewer (roles/mandiant.expertiseOnDemandViewer)

Mandiant Threat Intel Editor (roles/mandiant.threatIntelEditor)

Mandiant Threat Intel Viewer (roles/mandiant.threatIntelViewer)

Mandiant Validation Editor (roles/mandiant.validationEditor)

Mandiant Validation Viewer (roles/mandiant.validationViewer)

Mobility Solutions Overages Viewer (roles/mapsanalytics.mobilitySolutionsOverageViewer)

MCP Tool User (roles/mcp.toolUser)

Dataproc Metastore Metadata Operator (roles/metastore.metadataOperator)

Dataproc Metastore Viewer (roles/metastore.user)

Migration Center Discovery Client Registrator (roles/migrationcenter.discoveryClientRegistrator)

AI Platform Developer (roles/ml.developer)

Model Armor Callout User (roles/modelarmor.calloutUser)

Model Armor Floor Setting Admin (roles/modelarmor.floorSettingsAdmin)

Model Armor Floor Setting Viewer (roles/modelarmor.floorSettingsViewer)

Model Armor User (roles/modelarmor.user)

Monitoring Metrics Scopes Admin (roles/monitoring.metricsScopesAdmin)

Monitoring Metrics Scopes Viewer (roles/monitoring.metricsScopesViewer)

Google Home Developer Console Admin (roles/nestconsole.homeDeveloperAdmin)

Google Home Developer Console Editor (roles/nestconsole.homeDeveloperEditor)

Google Home Developer Console Reader (roles/nestconsole.homeDeveloperViewer)

Service Automation Consumer Network Admin (roles/networkconnectivity.consumerNetworkAdmin)

Group Admin (roles/networkconnectivity.groupAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

Hub & Spoke Viewer (roles/networkconnectivity.hubViewer)

Multicloud Data Transfer Config Admin (roles/networkconnectivity.multicloudDataTransferConfigAdmin)

Multicloud Data Transfer Config Viewer (roles/networkconnectivity.multicloudDataTransferConfigViewer)

Destination Admin (roles/networkconnectivity.multicloudDataTransferDestinationAdmin)

Destination Viewer (roles/networkconnectivity.multicloudDataTransferDestinationViewer)

Regional Endpoint Admin (roles/networkconnectivity.regionalEndpointAdmin)

Regional Endpoint Viewer (roles/networkconnectivity.regionalEndpointViewer)

Service Class User (roles/networkconnectivity.serviceClassUser)

Service Automation Service Producer Admin (roles/networkconnectivity.serviceProducerAdmin)

Spoke Admin (roles/networkconnectivity.spokeAdmin)

Transport Admin (roles/networkconnectivity.transportAdmin)

Transport Viewer (roles/networkconnectivity.transportViewer)

Cloud Network Insights Admin (roles/networkmanagement.CloudNetworkInsightsAdmin)

Cloud Network Insights Editor (roles/networkmanagement.CloudNetworkInsightsEditor)

Cloud Network Insights Viewer (roles/networkmanagement.CloudNetworkInsightsViewer)

DNS Threat Detector Admin (roles/networksecurity.dnsThreatDetectorAdmin)

DNS Threat Detector Viewer (roles/networksecurity.dnsThreatDetectorViewer)

Firewall Endpoint Admin (roles/networksecurity.firewallEndpointAdmin)

Intercept Deployment Admin (roles/networksecurity.interceptDeploymentAdmin)

Intercept Deployment Viewer (roles/networksecurity.interceptDeploymentViewer)

Intercept Endpoint Admin (roles/networksecurity.interceptEndpointAdmin)

Intercept Endpoint Viewer (roles/networksecurity.interceptEndpointViewer)

Mirroring Deployment Admin (roles/networksecurity.mirroringDeploymentAdmin)

Mirroring Deployment Viewer (roles/networksecurity.mirroringDeploymentViewer)

Mirroring Endpoint Admin (roles/networksecurity.mirroringEndpointAdmin)

Mirroring Endpoint Viewer (roles/networksecurity.mirroringEndpointViewer)

Security Profile Admin (roles/networksecurity.securityProfileAdmin)

Service Extensions Admin (roles/networkservices.serviceExtensionsAdmin)

Service Extensions Viewer (roles/networkservices.serviceExtensionsViewer)

Notebooks Legacy Admin (roles/notebooks.legacyAdmin)

Notebooks Legacy Viewer (roles/notebooks.legacyViewer)

Notebooks Runner (roles/notebooks.runner)

Oracle Database@Google Cloud Autonomous Database Admin (roles/oracledatabase.autonomousDatabaseAdmin)

Oracle Database@Google Cloud Autonomous Database Viewer (roles/oracledatabase.autonomousDatabaseViewer)

Oracle Database@Google Cloud Exadata Infrastructure Admin (roles/oracledatabase.cloudExadataInfrastructureAdmin)

Oracle Database@Google Cloud Exadata Infrastructure User (roles/oracledatabase.cloudExadataInfrastructureUser)

Oracle Database@Google Cloud Exadata Infrastructure Viewer (roles/oracledatabase.cloudExadataInfrastructureViewer)

Oracle Database@Google Cloud VM Cluster Admin (roles/oracledatabase.cloudVmClusterAdmin)

Oracle Database@Google Cloud VM Cluster Viewer (roles/oracledatabase.cloudVmClusterViewer)

Oracle Database@Google Cloud Container Database Viewer (roles/oracledatabase.databaseViewer)

Oracle Database@Google Cloud DB System Admin (roles/oracledatabase.dbSystemAdmin)

Oracle Database@Google Cloud DB System Viewer (roles/oracledatabase.dbSystemViewer)

Oracle Database@Google Cloud Exadata Database Service on Exascale Infrastructure VM Cluster Admin (roles/oracledatabase.exadbVmClusterAdmin)

Oracle Database@Google Cloud Exadata Database Service on Exascale Infrastructure VM Cluster Viewer (roles/oracledatabase.exadbVmClusterViewer)

Oracle Database@Google Cloud Exadata Database Service on Exascale Infrastructure Storage Vault Admin (roles/oracledatabase.exascaleDbStorageVaultAdmin)

Oracle Database@Google Cloud Exadata Database Service on Exascale Infrastructure Storage Vault Viewer (roles/oracledatabase.exascaleDbStorageVaultViewer)

Oracle Database@Google Cloud GoldenGate Connection Admin (roles/oracledatabase.goldenGateConnectionAdmin)

Oracle Database@Google Cloud GoldenGate Connection Assignment Admin (roles/oracledatabase.goldenGateConnectionAssignmentAdmin)

Oracle Database@Google Cloud GoldenGate Connection Assignment Viewer (roles/oracledatabase.goldenGateConnectionAssignmentViewer)

Oracle Database@Google Cloud GoldenGate Connection Viewer (roles/oracledatabase.goldenGateConnectionViewer)

Oracle Database@Google GoldenGate Connections User (roles/oracledatabase.goldenGateConnectionsUser)

Oracle Database@Google Cloud GoldenGate Deployment Admin (roles/oracledatabase.goldenGateDeploymentAdmin)

Oracle Database@Google Cloud GoldenGate Deployment Viewer (roles/oracledatabase.goldenGateDeploymentViewer)

Oracle Database@Google GoldenGate Deployments User (roles/oracledatabase.goldenGateDeploymentsUser)

Oracle Database@Google Network Admin (roles/oracledatabase.networkAdmin)

Oracle Database@Google ODB Network Admin (roles/oracledatabase.odbNetworkAdmin)

Oracle Database@Google ODB Network Viewer (roles/oracledatabase.odbNetworkViewer)

Oracle Database@Google ODB Subnet Admin (roles/oracledatabase.odbSubnetAdmin)

Oracle Database@Google ODB Subnet User (roles/oracledatabase.odbSubnetUser)

Oracle Database@Google ODB Subnet Viewer (roles/oracledatabase.odbSubnetViewer)

Oracle Database@Google Cloud Pluggable Database Viewer (roles/oracledatabase.pluggableDatabaseViewer)

GuestPolicy Admin (roles/osconfig.guestPolicyAdmin)

GuestPolicy Editor (roles/osconfig.guestPolicyEditor)

GuestPolicy Viewer (roles/osconfig.guestPolicyViewer)

InstanceOSPoliciesCompliance Viewer (roles/osconfig.instanceOSPoliciesComplianceViewer)

OS Inventory Viewer (roles/osconfig.inventoryViewer)

OSPolicyAssignment Admin (roles/osconfig.osPolicyAssignmentAdmin)

OSPolicyAssignment Editor (roles/osconfig.osPolicyAssignmentEditor)

OSPolicyAssignmentReport Viewer (roles/osconfig.osPolicyAssignmentReportViewer)

OSPolicyAssignment Viewer (roles/osconfig.osPolicyAssignmentViewer)

PatchDeployment Admin (roles/osconfig.patchDeploymentAdmin)

PatchDeployment Viewer (roles/osconfig.patchDeploymentViewer)

Patch Job Executor (roles/osconfig.patchJobExecutor)

Patch Job Viewer (roles/osconfig.patchJobViewer)

Project Feature Settings Editor (roles/osconfig.projectFeatureSettingsEditor)

Project Feature Settings Viewer (roles/osconfig.projectFeatureSettingsViewer)

Upgrade Report Viewer (roles/osconfig.upgradeReportViewer)

OS VulnerabilityReport Viewer (roles/osconfig.vulnerabilityReportViewer)

Parameter Manager Parameter Accessor (roles/parametermanager.parameterAccessor)

Parameter Manager Parameter Version Adder (roles/parametermanager.parameterVersionAdder)

Parameter Manager Parameter Version Manager (roles/parametermanager.parameterVersionManager)

Parameter Manager Parameter Viewer (roles/parametermanager.parameterViewer)

Payments Reseller Admin (roles/paymentsresellersubscription.partnerAdmin)

Payments Reseller Viewer (roles/paymentsresellersubscription.partnerViewer)

Payments Reseller Products Viewer (roles/paymentsresellersubscription.productViewer)

Payments Reseller Promotions Viewer (roles/paymentsresellersubscription.promotionViewer)

Payments Reseller Subscriptions Editor (roles/paymentsresellersubscription.subscriptionEditor)

Payments Reseller Subscriptions Viewer (roles/paymentsresellersubscription.subscriptionViewer)

CA Service Auditor (roles/privateca.auditor)

CA Service Operation Manager (roles/privateca.caManager)

CA Service Certificate Manager (roles/privateca.certificateManager)

Beacon Attachment Editor (roles/proximitybeacon.attachmentEditor)

Beacon Attachment Publisher (roles/proximitybeacon.attachmentPublisher)

Beacon Attachment Viewer (roles/proximitybeacon.attachmentViewer)

Beacon Editor (roles/proximitybeacon.beaconEditor)

External Account Key Creator (roles/publicca.externalAccountKeyCreator)

reCAPTCHA Enterprise Agent (roles/recaptchaenterprise.agent)

AlloyDB Recommender Admin (roles/recommender.alloydbAdmin)

AlloyDB Recommender Viewer (roles/recommender.alloydbViewer)

BigQuery Slot Recommender Admin (roles/recommender.bigQueryCapacityCommitmentsAdmin)

BigQuery Recommender Project Admin (roles/recommender.bigQueryCapacityCommitmentsProjectAdmin)

BigQuery Recommender Project Viewer (roles/recommender.bigQueryCapacityCommitmentsProjectViewer)

BigQuery Slot Recommender Viewer (roles/recommender.bigQueryCapacityCommitmentsViewer)

BigQuery Materialized View Recommender Admin (roles/recommender.bigqueryMaterializedViewAdmin)

BigQuery Materialized View Recommender Viewer (roles/recommender.bigqueryMaterializedViewViewer)

BigQuery Partitioning Clustering Recommender Admin (roles/recommender.bigqueryPartitionClusterAdmin)

BigQuery Partitioning Clustering Recommender Viewer (roles/recommender.bigqueryPartitionClusterViewer)

Bigtable Cluster Performance Recommender Admin (roles/recommender.bigtableClusterPerformanceAdmin)

Bigtable Cluster Performance Recommender Viewer (roles/recommender.bigtableClusterPerformanceViewer)

Cloud Asset Insights Admin (roles/recommender.cloudAssetInsightsAdmin)

Cloud Asset Insights Viewer (roles/recommender.cloudAssetInsightsViewer)

Cloud Cost General Recommendations Recommender Admin (roles/recommender.cloudCostRecommendationAdmin)

Cloud Cost General Recommendations Recommender Viewer (roles/recommender.cloudCostRecommendationViewer)

Cloud Deprecation General Recommender Admin (roles/recommender.cloudDeprecationRecommendationAdmin)

Cloud Deprecation General Recommender Viewer (roles/recommender.cloudDeprecationRecommendationViewer)

Cloud Manageability General Recommendations Recommender Admin (roles/recommender.cloudManageabilityRecommendationAdmin)

Cloud Manageability General Recommendations Recommender Viewer (roles/recommender.cloudManageabilityRecommendationViewer)

Cloud Performance General Recommendations Recommender Admin (roles/recommender.cloudPerformanceRecommendationAdmin)

Cloud Performance General Recommendations Recommender Viewer (roles/recommender.cloudPerformanceRecommendationViewer)

Cloud Reliability General Recommendations Recommender Admin (roles/recommender.cloudReliabilityRecommendationAdmin)

Cloud Reliability General Recommendations Recommender Viewer (roles/recommender.cloudReliabilityRecommendationViewer)

Cloud Security General Recommendations Recommender Admin (roles/recommender.cloudSecurityRecommendationAdmin)

Cloud Security General Recommendations Recommender Viewer (roles/recommender.cloudSecurityRecommendationViewer)

Cloud SQL Recommender Admin (roles/recommender.cloudsqlAdmin)

Cloud SQL Recommender Viewer (roles/recommender.cloudsqlViewer)

Compute Recommender Admin (roles/recommender.computeAdmin)

Compute Recommender Viewer (roles/recommender.computeViewer)

GKE Diagnosis Recommender Admin (roles/recommender.containerDiagnosisAdmin)

GKE Diagnosis Recommender Viewer (roles/recommender.containerDiagnosisViewer)

Dataflow Diagnostics Admin (roles/recommender.dataflowDiagnosticsAdmin)

Dataflow Diagnostics Viewer (roles/recommender.dataflowDiagnosticsViewer)

Error Reporting Recommender Admin (roles/recommender.errorReportingAdmin)

Error Reporting Recommender Viewer (roles/recommender.errorReportingViewer)

Firestore Database Firebase rules Recommender Admin (roles/recommender.firestoredatabasefirebaserulesAdmin)

Firestore Database Firebase rules Recommender Viewer (roles/recommender.firestoredatabasefirebaserulesViewer)

Firestore Database Reliability Recommender Admin (roles/recommender.firestoredatabasereliabilityAdmin)

Firestore Database Reliability Recommender Viewer (roles/recommender.firestoredatabasereliabilityViewer)

Firewall Recommender Admin (roles/recommender.firewallAdmin)

Firewall Recommender Viewer (roles/recommender.firewallViewer)

Google Maps Platform Insights/Recommendations Admin (roles/recommender.gmpAdmin)

Google Maps Platform Insights/Recommendations Viewer (roles/recommender.gmpViewer)

IAM Recommender Admin (roles/recommender.iamAdmin)

IAM Recommender Viewer (roles/recommender.iamViewer)

IAM Policy Change Risk Recommender Admin (roles/recommender.iampolicychangeriskAdmin)

IAM Policy Change Risk Recommender Viewer (roles/recommender.iampolicychangeriskViewer)

Memorystore Manageability Recommender Admin (roles/recommender.memorystoremanageabilityAdmin)

Memorystore Manageability Recommender Viewer (roles/recommender.memorystoremanageabilityViewer)

Memorystore Performance Recommender Admin (roles/recommender.memorystoreperformanceAdmin)

Memorystore Performance Recommender Viewer (roles/recommender.memorystoreperformanceViewer)

Memorystore Reliability Recommender Admin (roles/recommender.memorystorereliabilityAdmin)

Memorystore Reliability Recommender Viewer (roles/recommender.memorystorereliabilityViewer)

Network Analyzer Recommender Admin (roles/recommender.networkAnalyzerAdmin)

Network Analyzer Cloud SQL Recommender Admin (roles/recommender.networkAnalyzerCloudSqlAdmin)

Network Analyzer Cloud SQL Recommender Viewer (roles/recommender.networkAnalyzerCloudSqlViewer)

Network Analyzer Dynamic Route Recommender Admin (roles/recommender.networkAnalyzerDynamicRouteAdmin)

Network Analyzer Dynamic Route Recommender Viewer (roles/recommender.networkAnalyzerDynamicRouteViewer)

Network Analyzer GKE Connectivity Recommender Admin (roles/recommender.networkAnalyzerGkeConnectivityAdmin)

Network Analyzer GKE Connectivity Recommender Viewer (roles/recommender.networkAnalyzerGkeConnectivityViewer)

Network Analyzer GKE IP Address Recommender Admin (roles/recommender.networkAnalyzerGkeIpAddressAdmin)

Network Analyzer GKE IP Address Recommender Viewer (roles/recommender.networkAnalyzerGkeIpAddressViewer)

Network Analyzer GKE Service Account Insights Recommender Admin (roles/recommender.networkAnalyzerGkeServiceAccountAdmin)

Network Analyzer GKE Service Account Insights Recommender Viewer (roles/recommender.networkAnalyzerGkeServiceAccountViewer)

Network Analyzer IP Address Recommender Admin (roles/recommender.networkAnalyzerIpAddressAdmin)

Network Analyzer IP Address Recommender Viewer (roles/recommender.networkAnalyzerIpAddressViewer)

Network Analyzer Load Balancer Recommender Admin (roles/recommender.networkAnalyzerLoadBalancerAdmin)

Network Analyzer Load Balancer Recommender Viewer (roles/recommender.networkAnalyzerLoadBalancerViewer)

Network Analyzer Recommender Viewer (roles/recommender.networkAnalyzerViewer)

Network Analyzer VPC Connectivity Recommender Admin (roles/recommender.networkAnalyzerVpcConnectivityAdmin)

Network Analyzer VPC Connectivity Recommender Viewer (roles/recommender.networkAnalyzerVpcConnectivityViewer)

Org Policy Recommender Admin (roles/recommender.orgPolicyAdmin)

Org Policy Recommender Viewer (roles/recommender.orgPolicyViewer)

Product Suggestion Recommenders Admin (roles/recommender.productSuggestionAdmin)

Product Suggestion Recommenders Viewer (roles/recommender.productSuggestionViewer)

Project Usage Commitment Recommender Admin (roles/recommender.projectCudAdmin)

Project Usage Commitment Recommender Viewer (roles/recommender.projectCudViewer)

Project Utilization Recommender Admin (roles/recommender.projectUtilAdmin)

Project Utilization Recommender Viewer (roles/recommender.projectUtilViewer)

RecentChange RecommenderConfig Admin (roles/recommender.recentChangeConfigAdmin)

Recent Change Risk Recommender Admin (roles/recommender.recentchangeriskAdmin)

Recent Change Risk Recommender Viewer (roles/recommender.recentchangeriskViewer)

Service Limit Recommender Admin (roles/recommender.serviceLimitAdmin)

Service Limit Recommender Viewer (roles/recommender.serviceLimitViewer)

Service Account Change Risk Recommender Admin (roles/recommender.serviceaccntchangeriskAdmin)

Service Account Change Risk Recommender Viewer (roles/recommender.serviceaccntchangeriskViewer)

Spanner Project Reliability Recommender Admin (roles/recommender.spannerAdmin)

Spanner Project Reliability Recommender Viewer (roles/recommender.spannerViewer)

Folder Creator (roles/resourcemanager.folderCreator)

Folder Editor (roles/resourcemanager.folderEditor)

Folder Viewer (roles/resourcemanager.folderViewer)

Retail Merchant Approver (roles/retail.merchantApprover)

Retail Merchant Creator (roles/retail.merchantCreator)

Risk Manager Report Reviewer (roles/riskmanager.reviewer)

Rapid Migration Assessment Runner (roles/rma.runner)

Roads Selection Admin (roles/roads.roadsSelectionAdmin)

Roads Selection Viewer (roles/roads.roadsSelectionViewer)

Cloud Run Source Developer (roles/run.sourceDeveloper)

Cloud Run Source Viewer (roles/run.sourceViewer)

Serverless Integrations Developer (roles/runapps.developer)

Serverless Integrations Operator (roles/runapps.operator)

Secret Manager Secret Version Adder (roles/secretmanager.secretVersionAdder)

Secret Manager Secret Version Manager (roles/secretmanager.secretVersionManager)

Overwatch Activator (roles/securedlandingzone.overwatchActivator)

Overwatch Admin (roles/securedlandingzone.overwatchAdmin)

Overwatch Viewer (roles/securedlandingzone.overwatchViewer)

Secure Source Manager Developer Connect Linker (roles/securesourcemanager.developerConnectLinker)

Secure Source Manager Instance Accessor (roles/securesourcemanager.instanceAccessor)

Secure Source Manager Instance Manager (roles/securesourcemanager.instanceManager)

Secure Source Manager Instance Owner (roles/securesourcemanager.instanceOwner)

Secure Source Manager Instance Repository Creator (roles/securesourcemanager.instanceRepositoryCreator)

Secure Source Manager Repository Admin (roles/securesourcemanager.repoAdmin)

Secure Source Manager Repository Creator (roles/securesourcemanager.repoCreator)

Secure Source Manager Repository Pull Request Approver (roles/securesourcemanager.repoPullRequestApprover)

Secure Source Manager Repository Reader (roles/securesourcemanager.repoReader)

Secure Source Manager Repository Writer (roles/securesourcemanager.repoWriter)

Secure Source Manager SSH Key User (roles/securesourcemanager.sshKeyUser)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Security Center Assets Viewer (roles/securitycenter.assetsViewer)

Security Center BigQuery Exports Editor (roles/securitycenter.bigQueryExportsEditor)

Security Center BigQuery Exports Viewer (roles/securitycenter.bigQueryExportsViewer)

Security Center Findings Editor (roles/securitycenter.findingsEditor)

Security Center Findings Viewer (roles/securitycenter.findingsViewer)

Security Center Settings Admin (roles/securitycenter.settingsAdmin)

Security Center Settings Editor (roles/securitycenter.settingsEditor)

Security Center Settings Viewer (roles/securitycenter.settingsViewer)

Security Center Management Custom Modules Editor (roles/securitycentermanagement.customModulesEditor)

Security Center Management Custom Modules Viewer (roles/securitycentermanagement.customModulesViewer)

Security Center Management Custom ETD Modules Editor (roles/securitycentermanagement.etdCustomModulesEditor)

Security Center Management ETD Custom Modules Viewer (roles/securitycentermanagement.etdCustomModulesViewer)

Security Center Management Settings Editor (roles/securitycentermanagement.settingsEditor)

Security Center Management Settings Viewer (roles/securitycentermanagement.settingsViewer)

Security Center Management SHA Custom Modules Editor (roles/securitycentermanagement.shaCustomModulesEditor)

Security Center Management SHA Custom Modules Viewer (roles/securitycentermanagement.shaCustomModulesViewer)

Service Directory Network Attacher (roles/servicedirectory.networkAttacher)

Private Service Connect Authorized Service (roles/servicedirectory.pscAuthorizedService)

Quota Administrator (roles/servicemanagement.quotaAdmin)

Cloud Spanner Backup Admin (roles/spanner.backupAdmin)

Cloud Spanner Database Admin (roles/spanner.databaseAdmin)

Cloud Spanner Restore Admin (roles/spanner.restoreAdmin)

Stackdriver Accounts Editor (roles/stackdriver.accounts.editor)

Stackdriver Accounts Viewer (roles/stackdriver.accounts.viewer)

Storage HMAC Key Admin (roles/storage.hmacKeyAdmin)

Storage Insights Collector Service (roles/storage.insightsCollectorService)

Storage Insights Analyst (roles/storageinsights.analyst)

Storage Transfer User (roles/storagetransfer.user)

Stream Content Admin (roles/stream.contentAdmin)

Stream Content Builder (roles/stream.contentBuilder)

Stream Instance Admin (roles/stream.instanceAdmin)

Subscribe with Google Developer (roles/subscribewithgoogledeveloper.developer)

Telco Automation Tier 1 Operations Admin (roles/telcoautomation.opsAdminTier1)

Telco Automation Tier 4 Operations Admin (roles/telcoautomation.opsAdminTier4)

GTI Alert Admin (roles/threatintelligence.alertAdmin)

GTI Alert User (roles/threatintelligence.alertUser)

CTEM Admin (roles/threatintelligence.ctemAdmin)

CTEM Editor (roles/threatintelligence.ctemEditor)

CTEM Project Admin (roles/threatintelligence.ctemProjectAdmin)

CTEM Viewer (roles/threatintelligence.ctemViewer)

Translation Hub Portal User (roles/translationhub.portalUser)

Vector Search Collection Writer (roles/vectorsearch.collectionWriter)

Vector Search DataObject Writer (roles/vectorsearch.dataObjectWriter)

Vector Search Index Writer (roles/vectorsearch.indexWriter)

Video Stitcher User (roles/videostitcher.user)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

Workflows Invoker (roles/workflows.invoker)

Workload Certificate Registration Admin (roles/workloadcertificate.registrationAdmin)

Workload Certificate Registration Viewer (roles/workloadcertificate.registrationViewer)

Workload Manager Deployment Admin (roles/workloadmanager.deploymentAdmin)

Workload Manager Deployment Viewer (roles/workloadmanager.deploymentViewer)

Workload Manager Evaluation Admin (roles/workloadmanager.evaluationAdmin)

Workload Manager Evaluation Viewer (roles/workloadmanager.evaluationViewer)

Workload Manager Worker (roles/workloadmanager.worker)

Workload Manager Workload Viewer (roles/workloadmanager.workloadViewer)

Cloud Workstations Creator (roles/workstations.workstationCreator)

Cloud Workstations Limit Exempted Creator (roles/workstations.workstationLimitExemptedCreator)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Apigee Organization Admin (roles/apigee.admin)

Cloud Functions Admin (roles/cloudfunctions.admin)

Data Studio Asset Editor (roles/datastudio.editor)

Firebase Admin (roles/firebase.admin)

Firebase Editor (roles/firebase.editor)

Firebase Viewer (roles/firebase.viewer)

Role Administrator (roles/iam.roleAdmin)

Role Viewer (roles/iam.roleViewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Folder Admin (roles/resourcemanager.folderAdmin)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Project IAM Admin (roles/resourcemanager.projectIamAdmin)

Workload Manager Admin (roles/workloadmanager.admin)

Apigee Developer Admin (roles/apigee.developerAdmin)

Apigee Environment Admin (roles/apigee.environmentAdmin)

Apigee Read-only Admin (roles/apigee.readOnlyAdmin)

Container Registry -> Artifact Registry Migration Admin (roles/artifactregistry.containerRegistryMigrationAdmin)

Browser (roles/browser)

Compute Shared VPC Admin (roles/compute.xpnAdmin)

Data Studio Workspace Content Manager (roles/datastudio.contentManager)

Data Studio Workspace Contributor (roles/datastudio.contributor)

Data Studio Workspace Manager (roles/datastudio.manager)

Firebase Analytics Admin (roles/firebase.analyticsAdmin)

Firebase Analytics Viewer (roles/firebase.analyticsViewer)

Firebase Develop Admin (roles/firebase.developAdmin)

Firebase Develop Viewer (roles/firebase.developViewer)

Firebase Grow Admin (roles/firebase.growthAdmin)

Firebase Grow Viewer (roles/firebase.growthViewer)

Firebase Quality Admin (roles/firebase.qualityAdmin)

Firebase Quality Viewer (roles/firebase.qualityViewer)

Databases Admin (roles/iam.databasesAdmin)

Organization Role Administrator (roles/iam.organizationRoleAdmin)

Organization Role Viewer (roles/iam.organizationRoleViewer)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Looker Admin (roles/lookerstudio.lookerAdmin)

Workload Manager Deployment Admin (roles/workloadmanager.deploymentAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Accessapproval Admin (roles/accessapproval.admin)

Accessapproval Editor (roles/accessapproval.editor)

Access Approval Viewer (roles/accessapproval.viewer)

Access Context Manager Admin (roles/accesscontextmanager.policyAdmin)

Actions Admin (roles/actions.Admin)

Actions Viewer (roles/actions.Viewer)

Vertex AI Administrator (roles/aiplatform.admin)

Vertex AI Viewer (roles/aiplatform.viewer)

AlloyDB Admin (roles/alloydb.admin)

Alloydb Editor (roles/alloydb.editor)

AlloyDB Viewer (roles/alloydb.viewer)

Analytics Hub Admin (roles/analyticshub.admin)

Analyticshub Editor (roles/analyticshub.editor)

Analytics Hub Viewer (roles/analyticshub.viewer)

Androidmanagement Admin (roles/androidmanagement.admin)

ApiGateway Admin (roles/apigateway.admin)

Apigateway Editor (roles/apigateway.editor)

ApiGateway Viewer (roles/apigateway.viewer)

Apigee Organization Admin (roles/apigee.admin)

Apigee API Admin (roles/apigee.apiAdminV2)

Apigee Editor (roles/apigee.editor)

Apigee Viewer (roles/apigee.viewer)

Apigeeconnect Viewer (roles/apigeeconnect.viewer)

Cloud Apigee Registry Admin (roles/apigeeregistry.admin)

Cloud Apigee Registry Editor (roles/apigeeregistry.editor)

Cloud Apigee Registry Viewer (roles/apigeeregistry.viewer)

Cloud API Hub Admin (roles/apihub.admin)

Cloud API Hub Editor (roles/apihub.editor)

Cloud API hub Viewer (roles/apihub.viewer)

API Management Admin (roles/apim.admin)

API Management Viewer (roles/apim.viewer)

App Engine Admin (roles/appengine.appAdmin)

App Hub Admin (roles/apphub.admin)

App Hub Editor (roles/apphub.editor)

App Hub Viewer (roles/apphub.viewer)

App Topology Viewer (roles/apptopology.viewer)

Assured OSS Admin (roles/assuredoss.admin)

Assuredoss Editor (roles/assuredoss.editor)

Assuredoss Viewer (roles/assuredoss.viewer)

Assured Workloads Administrator (roles/assuredworkloads.admin)

Assured Workloads Editor (roles/assuredworkloads.editor)

Audit Manager Admin (roles/auditmanager.admin)

AutoML Admin (roles/automl.admin)

AutoML Editor (roles/automl.editor)

AutoML Viewer (roles/automl.viewer)

Recommendations AI Admin (roles/automlrecommendations.admin)

Recommendations AI Editor (roles/automlrecommendations.editor)

Recommendations AI Viewer (roles/automlrecommendations.viewer)

Autoscaling Admin (roles/autoscaling.admin)

Autoscaling Editor (roles/autoscaling.editor)

Autoscaling Viewer (roles/autoscaling.viewer)

Access Transparency Admin (roles/axt.admin)

Backup and DR Admin (roles/backupdr.admin)

Backupdr Editor (roles/backupdr.editor)

Backup and DR Viewer (roles/backupdr.viewer)

Bare Metal Solution Admin (roles/baremetalsolution.admin)

Bare Metal Solution Editor (roles/baremetalsolution.editor)

Bare Metal Solution Viewer (roles/baremetalsolution.viewer)

Batch Administrator (roles/batch.admin)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

Beyondcorp Editor (roles/beyondcorp.editor)

Cloud BeyondCorp Viewer (roles/beyondcorp.viewer)

BigLake Admin (roles/biglake.admin)

BigLake Editor (roles/biglake.editor)

BigLake Viewer (roles/biglake.viewer)

BigQuery Admin (roles/bigquery.admin)

Bigquerydatapolicy Editor (roles/bigquerydatapolicy.editor)

Bigquerymigration Admin (roles/bigquerymigration.admin)

Bigtable Editor (roles/bigtable.editor)

Billing Account Administrator (roles/billing.admin)

Binaryauthorization Admin (roles/binaryauthorization.admin)

Binaryauthorization Editor (roles/binaryauthorization.editor)

Binaryauthorization Viewer (roles/binaryauthorization.viewer)

Blockchain Node Engine Admin (roles/blockchainnodeengine.admin)

Blockchain Node Engine Viewer (roles/blockchainnodeengine.viewer)

Blockchain Validator Manager Admin (roles/blockchainvalidatormanager.admin)

Blockchain Validator Viewer (roles/blockchainvalidatormanager.viewer)

Capacity Planner Viewer (roles/capacityplanner.viewer)

Carestudio Admin (roles/carestudio.admin)

Care Studio Patients Viewer (roles/carestudio.viewer)

Certificatemanager Admin (roles/certificatemanager.admin)

Certificate Manager Editor (roles/certificatemanager.editor)

Certificate Manager Viewer (roles/certificatemanager.viewer)

Gemini Enterprise for Customer Experience Admin (roles/ces.admin)

Gemini Enterprise for Customer Experience Viewer (roles/ces.viewer)

Chat Admin (roles/chat.admin)

Chat Viewer (roles/chat.viewer)

Chronicle API Admin (roles/chronicle.admin)

Chronicle API Editor (roles/chronicle.editor)

Chronicle API Viewer (roles/chronicle.viewer)

Cloud Admin (roles/cloud.admin)

Cloud Viewer (roles/cloud.viewer)

Cloudbuild Admin (roles/cloudbuild.admin)

Cloud Build Service Account (roles/cloudbuild.builds.builder)

Cloudbuild Editor (roles/cloudbuild.editor)

Cloudbuild Viewer (roles/cloudbuild.viewer)

Firebase Remote Config Admin (roles/cloudconfig.admin)

Firebase Remote Config Viewer (roles/cloudconfig.viewer)

Cloudcontrolspartner Viewer (roles/cloudcontrolspartner.viewer)

Cloud Deploy Admin (roles/clouddeploy.admin)

Clouddeploy Editor (roles/clouddeploy.editor)

Cloud Deploy Viewer (roles/clouddeploy.viewer)

Cloud Functions Admin (roles/cloudfunctions.admin)

Cloudfunctions Editor (roles/cloudfunctions.editor)

Cloud Functions Viewer (roles/cloudfunctions.viewer)

Cloud Talent Solution Admin (roles/cloudjobdiscovery.admin)

Cloudjobdiscovery Viewer (roles/cloudjobdiscovery.viewer)

Cloud Location Finder Admin (roles/cloudlocationfinder.admin)

Cloud Location Finder Viewer (roles/cloudlocationfinder.viewer)

Catalog Admin (roles/cloudprivatecatalogproducer.admin)

Cloudprivatecatalogproducer Editor (roles/cloudprivatecatalogproducer.editor)

Cloudprivatecatalogproducer Viewer (roles/cloudprivatecatalogproducer.viewer)

Cloudprofiler Admin (roles/cloudprofiler.admin)

Cloudprofiler Viewer (roles/cloudprofiler.viewer)

Cloud Quotas Admin (roles/cloudquotas.admin)

Cloud Quotas Viewer (roles/cloudquotas.viewer)

Cloud Scheduler Admin (roles/cloudscheduler.admin)

Cloud Scheduler Viewer (roles/cloudscheduler.viewer)

Compliance Manager Admin (roles/cloudsecuritycompliance.admin)

Compliance Manager Viewer (roles/cloudsecuritycompliance.viewer)

Web Security Scanner Editor (roles/cloudsecurityscanner.editor)

Cloud SQL Admin (roles/cloudsql.admin)

Cloud SQL Editor (roles/cloudsql.editor)

Cloud SQL Viewer (roles/cloudsql.viewer)

Cloud Tasks Admin (roles/cloudtasks.admin)

Cloudtasks Editor (roles/cloudtasks.editor)

Cloud Tasks Viewer (roles/cloudtasks.viewer)

Cloud Test Service Admin (roles/cloudtestservice.admin)

Cloud Test Service Viewer (roles/cloudtestservice.viewer)

Cloud Trace Admin (roles/cloudtrace.admin)

Cloud Trace User (roles/cloudtrace.user)

Cloud Translation API Admin (roles/cloudtranslate.admin)

Cloud Translation API Editor (roles/cloudtranslate.editor)

Cloud Translation API User (roles/cloudtranslate.user)

Cloud Translation API Viewer (roles/cloudtranslate.viewer)

Commerce Agreement Publishing Admin (roles/commerceagreementpublishing.admin)

Commerce Agreement Publishing Viewer (roles/commerceagreementpublishing.viewer)

Commerce Business Enablement Configuration Admin (roles/commercebusinessenablement.admin)

Commerce Business Enablement Configuration Viewer (roles/commercebusinessenablement.viewer)

Commerce Organization Governance Admin (roles/commerceorggovernance.admin)

Commerce Organization Governance Viewer (roles/commerceorggovernance.viewer)

Commercepricemanagement Editor (roles/commercepricemanagement.editor)

Commerce Price Management Viewer (roles/commercepricemanagement.viewer)

Commerce Producer Admin (roles/commerceproducer.admin)

Commerce Producer Viewer (roles/commerceproducer.viewer)

Composer Editor (roles/composer.editor)

Composer Viewer (roles/composer.viewer)

Compute Admin (roles/compute.admin)

Compute Editor (roles/compute.editor)

Compute Instance Admin (beta) (roles/compute.instanceAdmin)

Compute Instance Admin (v1) (roles/compute.instanceAdmin.v1)

Compute Load Balancer Admin (roles/compute.loadBalancerAdmin)

Compute Network Admin (roles/compute.networkAdmin)

Compute Network User (roles/compute.networkUser)

Compute Network Viewer (roles/compute.networkViewer)

Compute OS Admin Login (roles/compute.osAdminLogin)

Compute OS Login (roles/compute.osLogin)

Compute Security Admin (roles/compute.securityAdmin)

Compute Storage Admin (roles/compute.storageAdmin)

Compute Viewer (roles/compute.viewer)

Confidentialcomputing Admin (roles/confidentialcomputing.admin)

Confidentialcomputing Viewer (roles/confidentialcomputing.viewer)

Cloud Infrastructure Manager Admin (roles/config.admin)

Cloud Infrastructure Manager Editor (roles/config.editor)

Cloud Infrastructure Manager Viewer (roles/config.viewer)

Configdelivery Admin (roles/configdelivery.admin)

Configdelivery Viewer (roles/configdelivery.viewer)

Connector Admin (roles/connectors.admin)

Connectors Viewer (roles/connectors.viewer)

Contact Center AI Platform Admin (roles/contactcenteraiplatform.admin)

Contact Center AI Platform Viewer (roles/contactcenteraiplatform.viewer)

Kubernetes Engine Admin (roles/container.admin)

Kubernetes Engine Cluster Admin (roles/container.clusterAdmin)

Kubernetes Engine Developer (roles/container.developer)

Kubernetes Engine Editor (roles/container.editor)

Kubernetes Engine Viewer (roles/container.viewer)

Container Analysis Admin (roles/containeranalysis.admin)

Container Analysis Editor (roles/containeranalysis.editor)

Container Analysis Viewer (roles/containeranalysis.viewer)

Containersecurity Admin (roles/containersecurity.admin)

GKE Security Posture Viewer (roles/containersecurity.viewer)

Content Warehouse Admin (roles/contentwarehouse.admin)

Database Center Admin (roles/databasecenter.admin)

Database Center Viewer (roles/databasecenter.viewer)

Database Insights viewer (roles/databaseinsights.viewer)

Databasesconsole Editor (roles/databasesconsole.editor)

Databasesconsole Viewer (roles/databasesconsole.viewer)

Data Catalog Admin (roles/datacatalog.admin)

Datacatalog Editor (roles/datacatalog.editor)

Data Catalog Viewer (roles/datacatalog.viewer)

Dataconnectors Admin (roles/dataconnectors.admin)

Dataconnectors Editor (roles/dataconnectors.editor)

Dataconnectors Viewer (roles/dataconnectors.viewer)

Dataflow Admin (roles/dataflow.admin)

Dataflow Viewer (roles/dataflow.viewer)

Dataform Admin (roles/dataform.admin)

Dataform Editor (roles/dataform.editor)

Dataform Viewer (roles/dataform.viewer)

Cloud Data Fusion Admin (roles/datafusion.admin)

Cloud Data Fusion Viewer (roles/datafusion.viewer)

Data Labeling Service Admin (roles/datalabeling.admin)

Data Labeling Service Editor (roles/datalabeling.editor)

Data Labeling Service Viewer (roles/datalabeling.viewer)

Data Lineage Administrator (roles/datalineage.admin)

Data Lineage Editor (roles/datalineage.editor)

Data Lineage Viewer (roles/datalineage.viewer)

Database Migration Admin (roles/datamigration.admin)

Data pipelines Admin (roles/datapipelines.admin)

Data pipelines Viewer (roles/datapipelines.viewer)

Dataplex Administrator (roles/dataplex.admin)

Dataprep Admin (roles/dataprep.admin)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Dataproc Viewer (roles/dataproc.viewer)

Dataprocessing Editor (roles/dataprocessing.editor)

Dataprocessing Viewer (roles/dataprocessing.viewer)

Dataproc Resource Manager Admin (roles/dataprocrm.admin)

Dataproc Resource Manager Viewer (roles/dataprocrm.viewer)

Datastore Admin (roles/datastore.admin)

Datastore Editor (roles/datastore.editor)

Cloud Datastore User (roles/datastore.user)

Cloud Datastore Viewer (roles/datastore.viewer)

Datastream Admin (roles/datastream.admin)

Datastream Viewer (roles/datastream.viewer)

Data Studio Admin (roles/datastudio.admin)

Dell EMC Cloud OneFS Admin (roles/dellemccloudonefs.admin)

Dell EMC Cloud OneFS Viewer (roles/dellemccloudonefs.viewer)

Deployment Manager Editor (roles/deploymentmanager.editor)

Deployment Manager Viewer (roles/deploymentmanager.viewer)

Application Design Center Admin (roles/designcenter.admin)

Designcenter Editor (roles/designcenter.editor)

Application Design Center Viewer (roles/designcenter.viewer)

Developer Connect Admin (roles/developerconnect.admin)

Developerconnect Editor (roles/developerconnect.editor)

Developer Connect Viewer (roles/developerconnect.viewer)

Device Streaming Admin (roles/devicestreaming.admin)

Device Streaming Viewer (roles/devicestreaming.viewer)

Dialogflow Viewer (roles/dialogflow.viewer)

Discovery Engine Admin (roles/discoveryengine.admin)

Discovery Engine Editor (roles/discoveryengine.editor)

Discovery Engine Viewer (roles/discoveryengine.viewer)

DLP Administrator (roles/dlp.admin)

DLP Editor (roles/dlp.editor)

DLP Viewer (roles/dlp.viewer)

DNS Administrator (roles/dns.admin)

Document AI Administrator (roles/documentai.admin)

Document AI Editor (roles/documentai.editor)

Document AI Viewer (roles/documentai.viewer)

Cloud Domains Admin (roles/domains.admin)

Domains Editor (roles/domains.editor)

Cloud Domains Viewer (roles/domains.viewer)

Earth Admin (roles/earth.admin)

Earth Viewer (roles/earth.viewer)

Earth Engine Resource Admin (roles/earthengine.admin)

Earth Engine Resource Viewer (roles/earthengine.viewer)

Edge Container Admin (roles/edgecontainer.admin)

Edge Container Viewer (roles/edgecontainer.viewer)

Edge Network Admin (roles/edgenetwork.admin)

Edgenetwork Editor (roles/edgenetwork.editor)

Edge Network Viewer (roles/edgenetwork.viewer)

Enterprise Knowledge Graph Admin (roles/enterpriseknowledgegraph.admin)

Enterprise Knowledge Graph Editor (roles/enterpriseknowledgegraph.editor)

Enterprise Knowledge Graph Viewer (roles/enterpriseknowledgegraph.viewer)

Enterprise Purchasing Admin (roles/enterprisepurchasing.admin)

Enterprise Purchasing Editor (roles/enterprisepurchasing.editor)

Enterprise Purchasing Viewer (roles/enterprisepurchasing.viewer)

Error Reporting Admin (roles/errorreporting.admin)

Error Reporting User (roles/errorreporting.user)

Error Reporting Viewer (roles/errorreporting.viewer)

Eventarc Admin (roles/eventarc.admin)

Eventarc Editor (roles/eventarc.editor)

Eventarc Viewer (roles/eventarc.viewer)

File Admin (roles/file.admin)

Financial Services Admin (roles/financialservices.admin)

Financial Services Viewer (roles/financialservices.viewer)

Firebase Admin (roles/firebase.admin)

Firebase Editor (roles/firebase.editor)

Firebase Viewer (roles/firebase.viewer)

Firebase A/B Testing Admin (roles/firebaseabt.admin)

Firebase A/B Testing Viewer (roles/firebaseabt.viewer)

Firebase App Distribution Admin (roles/firebaseappdistro.admin)

Firebase App Distribution Viewer (roles/firebaseappdistro.viewer)

Firebase App Hosting Admin (roles/firebaseapphosting.admin)

Firebase App Hosting Viewer (roles/firebaseapphosting.viewer)

Firebase Authentication Admin (roles/firebaseauth.admin)

Firebase Authentication Viewer (roles/firebaseauth.viewer)

Firebase Cloud Messaging API Admin (roles/firebasecloudmessaging.admin)

Firebase Crashlytics Admin (roles/firebasecrashlytics.admin)

Firebase Crashlytics Viewer (roles/firebasecrashlytics.viewer)

Firebase Realtime Database Admin (roles/firebasedatabase.admin)

Firebase Realtime Database Viewer (roles/firebasedatabase.viewer)

Firebase Data Connect API Admin (roles/firebasedataconnect.admin)

Firebase Data Connect API Viewer (roles/firebasedataconnect.viewer)

Firebase Dynamic Links Admin (roles/firebasedynamiclinks.admin)

Firebasedynamiclinks Editor (roles/firebasedynamiclinks.editor)

Firebase Dynamic Links Viewer (roles/firebasedynamiclinks.viewer)

Firebaseextensions Editor (roles/firebaseextensions.editor)

Firebase Extensions Viewer (roles/firebaseextensions.viewer)

Firebaseextensionspublisher Admin (roles/firebaseextensionspublisher.admin)

Firebaseextensionspublisher Viewer (roles/firebaseextensionspublisher.viewer)

Firebase Hosting Admin (roles/firebasehosting.admin)

Firebase Hosting Viewer (roles/firebasehosting.viewer)

Firebase In-App Messaging Admin (roles/firebaseinappmessaging.admin)

Firebase In-App Messaging Viewer (roles/firebaseinappmessaging.viewer)

Firebase ML Kit Admin (roles/firebaseml.admin)

Firebase ML Kit Viewer (roles/firebaseml.viewer)

Firebase Cloud Messaging Admin (roles/firebasenotifications.admin)

Firebase Cloud Messaging Viewer (roles/firebasenotifications.viewer)

Firebase Performance Reporting Admin (roles/firebaseperformance.admin)

Firebase Performance Reporting Viewer (roles/firebaseperformance.viewer)

Firebase Rules Admin (roles/firebaserules.admin)

Firebase Rules System (roles/firebaserules.system)

Firebase Rules Viewer (roles/firebaserules.viewer)

Cloud Storage for Firebase Admin (roles/firebasestorage.admin)

Cloud Storage for Firebase Viewer (roles/firebasestorage.viewer)

Firebase AI Logic Admin (roles/firebasevertexai.admin)

Firebase AI Logic Viewer (roles/firebasevertexai.viewer)

GDC Hardware Management Admin (roles/gdchardwaremanagement.admin)

Backup for GKE Admin (roles/gkebackup.admin)

Backup for GKE Viewer (roles/gkebackup.viewer)

Fleet Admin (formerly GKE Hub Admin) (roles/gkehub.admin)

Fleet Editor (formerly GKE Hub Editor) (roles/gkehub.editor)

Fleet Viewer (formerly GKE Hub Viewer) (roles/gkehub.viewer)

Anthos Multi-cloud Admin (roles/gkemulticloud.admin)

Gkemulticloud Editor (roles/gkemulticloud.editor)

Anthos Multi-cloud Viewer (roles/gkemulticloud.viewer)

GKE on-prem Admin (roles/gkeonprem.admin)

GKE on-prem Viewer (roles/gkeonprem.viewer)

Gsuiteaddons Admin (roles/gsuiteaddons.admin)

Gsuiteaddons Viewer (roles/gsuiteaddons.viewer)

Hypercomputecluster Admin (roles/hypercomputecluster.admin)

Cluster Director Editor (roles/hypercomputecluster.editor)

Cluster Director Viewer (roles/hypercomputecluster.viewer)

Iam Admin (roles/iam.admin)

Iam Editor (roles/iam.editor)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Service Account Admin (roles/iam.serviceAccountAdmin)

Create Service Accounts (roles/iam.serviceAccountCreator)

Service Account Key Admin (roles/iam.serviceAccountKeyAdmin)

Service Account Token Creator (roles/iam.serviceAccountTokenCreator)

Service Account User (roles/iam.serviceAccountUser)

View Service Accounts (roles/iam.serviceAccountViewer)

Iam Viewer (roles/iam.viewer)

Iap Editor (roles/iap.editor)

Iap Viewer (roles/iap.viewer)

Cloud IDS Admin (roles/ids.admin)

Ids Editor (roles/ids.editor)

Cloud IDS Viewer (roles/ids.viewer)

Integrations Admin (roles/integrations.admin)

Integrations Viewer (roles/integrations.viewer)

Issuerswitch Admin (roles/issuerswitch.admin)

Issuerswitch Viewer (roles/issuerswitch.viewer)

Config Controller Admin (roles/krmapihosting.admin)

Krmapihosting Editor (roles/krmapihosting.editor)

Config Controller Viewer (roles/krmapihosting.viewer)

Cloud License Manager Admin (roles/licensemanager.admin)

Cloud License Manager Viewer (roles/licensemanager.viewer)

Cloud Life Sciences Viewer (roles/lifesciences.viewer)

Live Stream Admin (roles/livestream.admin)

Live Stream Editor (roles/livestream.editor)

Live Stream Viewer (roles/livestream.viewer)

Logging Admin (roles/logging.admin)

Looker Admin (roles/looker.admin)

Looker Viewer (roles/looker.viewer)

Google Cloud Managed Lustre Admin (roles/lustre.admin)

Google Cloud Managed Lustre Viewer (roles/lustre.viewer)

Maintenance Admin (roles/maintenance.admin)

Maintenance API Viewer (roles/maintenance.viewer)

Managed Flink Admin (roles/managedflink.admin)

Managed Flink Viewer (roles/managedflink.viewer)

Google Cloud Managed Identities Admin (roles/managedidentities.admin)

Managedidentities Editor (roles/managedidentities.editor)

Google Cloud Managed Identities Viewer (roles/managedidentities.viewer)

Managed Kafka Admin (roles/managedkafka.admin)

Managed Kafka Viewer (roles/managedkafka.viewer)

Maps API Admin (roles/mapsadmin.admin)

Maps API Viewer (roles/mapsadmin.viewer)

Mapsanalytics Admin (roles/mapsanalytics.admin)

Maps Analytics Viewer (roles/mapsanalytics.viewer)

Maps Platform Datasets Admin (roles/mapsplatformdatasets.admin)

Maps Platform Datasets Viewer (roles/mapsplatformdatasets.viewer)

Marketplace Solutions Admin (roles/marketplacesolutions.admin)

Marketplace Solutions Editor (roles/marketplacesolutions.editor)

Marketplace Solutions Viewer (roles/marketplacesolutions.viewer)

MCP Admin (roles/mcp.admin)

Cloud Memorystore Memcached Admin (roles/memcache.admin)

Cloud Memorystore Memcached Editor (roles/memcache.editor)

Cloud Memorystore Memcached Viewer (roles/memcache.viewer)

Memorystore Admin (roles/memorystore.admin)

Memorystore Viewer (roles/memorystore.viewer)

Dataproc Metastore Admin (roles/metastore.admin)

Dataproc Metastore Editor (roles/metastore.editor)

Metastore Viewer (roles/metastore.viewer)

Migration Center Admin (roles/migrationcenter.admin)

Migration Center Viewer (roles/migrationcenter.viewer)

Model Armor Admin (roles/modelarmor.admin)

Model Armor Viewer (roles/modelarmor.viewer)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring Viewer (roles/monitoring.viewer)

Google Cloud NetApp Volumes Admin (roles/netapp.admin)

Google Cloud NetApp Volumes Viewer (roles/netapp.viewer)

NetApp Cloud Volumes Admin (roles/netappcloudvolumes.admin)

NetApp Cloud Volumes Viewer (roles/netappcloudvolumes.viewer)

Networkconnectivity Editor (roles/networkconnectivity.editor)

Network Management Admin (roles/networkmanagement.admin)

Networkmanagement Editor (roles/networkmanagement.editor)

Network Management Viewer (roles/networkmanagement.viewer)

Networksecurity Admin (roles/networksecurity.admin)

Networksecurity Editor (roles/networksecurity.editor)

Networksecurity Viewer (roles/networksecurity.viewer)

Network Services Admin (roles/networkservices.admin)

Network Services Editor (roles/networkservices.editor)

Network Services Viewer (roles/networkservices.viewer)

Notebooks Admin (roles/notebooks.admin)

Notebooks Editor (roles/notebooks.editor)

Notebooks Viewer (roles/notebooks.viewer)

On-Demand Scanning Viewer (roles/ondemandscanning.viewer)

Oracle Database@Google Cloud admin (roles/oracledatabase.admin)

Oracle Database@Google Cloud viewer (roles/oracledatabase.viewer)

Parallelstore Admin (roles/parallelstore.admin)

Parallelstore Viewer (roles/parallelstore.viewer)

Parameter Manager Admin (roles/parametermanager.admin)

Paymentsresellersubscription Admin (roles/paymentsresellersubscription.admin)

Paymentsresellersubscription Viewer (roles/paymentsresellersubscription.viewer)

Policyremediatormanager Admin (roles/policyremediatormanager.admin)

Policyremediatormanager Viewer (roles/policyremediatormanager.viewer)

CA Service Admin (roles/privateca.admin)

Privateca Editor (roles/privateca.editor)

Privateca Viewer (roles/privateca.viewer)

Privilegedaccessmanager Editor (roles/privilegedaccessmanager.editor)

Proximitybeacon Admin (roles/proximitybeacon.admin)

Proximitybeacon Editor (roles/proximitybeacon.editor)

Proximitybeacon Viewer (roles/proximitybeacon.viewer)

Subscription Linking Admin (roles/readerrevenuesubscriptionlinking.admin)

Subscription Linking Viewer (roles/readerrevenuesubscriptionlinking.viewer)

reCAPTCHA Enterprise Admin (roles/recaptchaenterprise.admin)

reCAPTCHA Enterprise Viewer (roles/recaptchaenterprise.viewer)

Recommender Admin (roles/recommender.admin)

Recommender Editor (roles/recommender.editor)

Cloud Memorystore Redis Admin (roles/redis.admin)

Cloud Memorystore Redis Editor (roles/redis.editor)

Cloud Memorystore Redis Viewer (roles/redis.viewer)

Redis Enterprise Cloud Admin (roles/redisenterprisecloud.admin)

Redis Enterprise Cloud Viewer (roles/redisenterprisecloud.viewer)

Remotebuildexecution Admin (roles/remotebuildexecution.admin)

Remotebuildexecution Editor (roles/remotebuildexecution.editor)

Remotebuildexecution Viewer (roles/remotebuildexecution.viewer)

Folder Admin (roles/resourcemanager.folderAdmin)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Retail Admin (roles/retail.admin)

Retail Editor (roles/retail.editor)

Risk Manager Admin (roles/riskmanager.admin)

Risk Manager Editor (roles/riskmanager.editor)

Risk Manager Viewer (roles/riskmanager.viewer)

Rapid Migration Assessment Admin (roles/rma.admin)

Rapid Migration Assessment Viewer (roles/rma.viewer)

Routeoptimization Admin (roles/routeoptimization.admin)

Route Optimization Editor (roles/routeoptimization.editor)

Route Optimization Viewer (roles/routeoptimization.viewer)

Cloud Run Admin (roles/run.admin)

Cloud Run Developer (roles/run.developer)

Run Editor (roles/run.editor)

Cloud Run Viewer (roles/run.viewer)

Serverless Integrations Viewer (roles/runapps.viewer)

Runtimeconfig Editor (roles/runtimeconfig.editor)

Runtimeconfig Viewer (roles/runtimeconfig.viewer)

SaaS Service Management Admin (roles/saasservicemgmt.admin)

SaaS Service Management Viewer (roles/saasservicemgmt.viewer)

Secret Manager Admin (roles/secretmanager.admin)

Secret Manager Secret Accessor (roles/secretmanager.secretAccessor)

Secret Manager Viewer (roles/secretmanager.viewer)

Secure Source Manager Admin (roles/securesourcemanager.admin)

Securesourcemanager Editor (roles/securesourcemanager.editor)

Securesourcemanager Viewer (roles/securesourcemanager.viewer)

Security Center Admin (roles/securitycenter.admin)

Security Center Management Admin (roles/securitycentermanagement.admin)

Securitycentermanagement Editor (roles/securitycentermanagement.editor)

Security Center Management Viewer (roles/securitycentermanagement.viewer)

Serviceconsumermanagement Admin (roles/serviceconsumermanagement.admin)

Serviceconsumermanagement Viewer (roles/serviceconsumermanagement.viewer)

Service Directory Admin (roles/servicedirectory.admin)

Service Directory Editor (roles/servicedirectory.editor)

Service Directory Viewer (roles/servicedirectory.viewer)

Personalized Service Health Viewer (roles/servicehealth.viewer)

Service Management Administrator (roles/servicemanagement.admin)

Servicenetworking Admin (roles/servicenetworking.admin)

Servicenetworking Editor (roles/servicenetworking.editor)

Servicenetworking Viewer (roles/servicenetworking.viewer)

Source Editor (roles/source.editor)

Source Viewer (roles/source.viewer)

Cloud Spanner Admin (roles/spanner.admin)

Spanner Editor (roles/spanner.editor)

Cloud Spanner Viewer (roles/spanner.viewer)

Stackdriver Admin (roles/stackdriver.admin)

Stackdriver Viewer (roles/stackdriver.viewer)

Storage Admin (roles/storage.admin)

Storage Editor (roles/storage.editor)

Storage Folder Admin (roles/storage.folderAdmin)

Storage Object Admin (roles/storage.objectAdmin)

Storage Object Creator (roles/storage.objectCreator)

Storage Object User (roles/storage.objectUser)

Storage Object Viewer (roles/storage.objectViewer)

Storage Viewer (roles/storage.viewer)

Storage Batch Operations Admin (roles/storagebatchoperations.admin)

Storage Batch Operations Viewer (roles/storagebatchoperations.viewer)

Storage Insights Admin (roles/storageinsights.admin)

Storage Insights Viewer (roles/storageinsights.viewer)

Storage Transfer Admin (roles/storagetransfer.admin)

Storage Transfer Viewer (roles/storagetransfer.viewer)

Stream Admin (roles/stream.admin)

Stream Viewer (roles/stream.viewer)

Subscribewithgoogledeveloper Admin (roles/subscribewithgoogledeveloper.admin)

Subscribewithgoogledeveloper Viewer (roles/subscribewithgoogledeveloper.viewer)

Telemetry Admin (roles/telemetry.admin)

Telemetry Editor (roles/telemetry.editor)

TPU Admin (roles/tpu.admin)

TPU Viewer (roles/tpu.viewer)

Trafficdirector Admin (roles/trafficdirector.admin)

Trafficdirector Viewer (roles/trafficdirector.viewer)

Transcoder Admin (roles/transcoder.admin)

Transcoder Editor (roles/transcoder.editor)

Transcoder Viewer (roles/transcoder.viewer)

Transfer Appliance Admin (roles/transferappliance.admin)

Transfer Appliance Viewer (roles/transferappliance.viewer)

Translation Hub Admin (roles/translationhub.admin)

Vector Search Admin (roles/vectorsearch.admin)

Vector Search Viewer (roles/vectorsearch.viewer)

Video Stitcher Admin (roles/videostitcher.admin)

Video Stitcher Viewer (roles/videostitcher.viewer)

VisionAI Admin (roles/visionai.admin)

VisionAI Editor (roles/visionai.editor)

VisionAI Viewer (roles/visionai.viewer)

VM Migration Administrator (roles/vmmigration.admin)

VM Migration Viewer (roles/vmmigration.viewer)

Vmwareengine Admin (roles/vmwareengine.admin)

Vmwareengine Editor (roles/vmwareengine.editor)

Vmwareengine Viewer (roles/vmwareengine.viewer)

Serverless VPC Access Admin (roles/vpcaccess.admin)

Serverless VPC Access User (roles/vpcaccess.user)

Serverless VPC Access Viewer (roles/vpcaccess.viewer)

Workflows Admin (roles/workflows.admin)

Workflows Editor (roles/workflows.editor)

Workflows Viewer (roles/workflows.viewer)

Workload Certificate Admin (roles/workloadcertificate.admin)

Workload Certificate Viewer (roles/workloadcertificate.viewer)

Workload Manager Admin (roles/workloadmanager.admin)

Workload Manager Viewer (roles/workloadmanager.viewer)

Cloud Workstations Admin (roles/workstations.admin)

Workstations Editor (roles/workstations.editor)

Access Approval Approver (roles/accessapproval.approver)

Access Approval Config Editor (roles/accessapproval.configEditor)

Access Approval Invalidator (roles/accessapproval.invalidator)

Access Context Manager Editor (roles/accesscontextmanager.policyEditor)

Access Context Manager Reader (roles/accesscontextmanager.policyReader)

VPC Service Controls Troubleshooter Viewer (roles/accesscontextmanager.vpcScTroubleshooterViewer)

Colab Enterprise Admin (roles/aiplatform.colabEnterpriseAdmin)

Colab Enterprise User (roles/aiplatform.colabEnterpriseUser)

Vertex AI Feature Store EntityType owner (roles/aiplatform.entityTypeOwner)

Vertex AI Feature Store Admin (roles/aiplatform.featurestoreAdmin)

Vertex AI Feature Store Data Viewer (roles/aiplatform.featurestoreDataViewer)

Vertex AI Feature Store Data Writer (roles/aiplatform.featurestoreDataWriter)

Vertex AI Feature Store Resource Viewer (roles/aiplatform.featurestoreResourceViewer)

Vertex AI Feature Store User (roles/aiplatform.featurestoreUser)

Vertex AI User (roles/aiplatform.user)

AlloyDB Client (roles/alloydb.client)

AlloyDB Database User (roles/alloydb.databaseUser)

Analytics Hub Listing Admin (roles/analyticshub.listingAdmin)

Analytics Hub Publisher (roles/analyticshub.publisher)

Analytics Hub Subscriber (roles/analyticshub.subscriber)

Analytics Hub Subscription Owner (roles/analyticshub.subscriptionOwner)

Apigee Analytics Editor (roles/apigee.analyticsEditor)

Apigee Analytics Viewer (roles/apigee.analyticsViewer)

Apigee API Reader (roles/apigee.apiReaderV2)

Apigee Developer Admin (roles/apigee.developerAdmin)

Apigee Environment Admin (roles/apigee.environmentAdmin)

Apigee Monetization Admin (roles/apigee.monetizationAdmin)

Apigee Portal Admin (roles/apigee.portalAdmin)

Apigee Read-only Admin (roles/apigee.readOnlyAdmin)

Apigee Security Admin (roles/apigee.securityAdmin)

Apigee Security Viewer (roles/apigee.securityViewer)

Apigee Space Console User (roles/apigee.spaceConsoleUser)

Cloud Apigee Registry Worker (roles/apigeeregistry.worker)

Cloud API hub Addons Admin (roles/apihub.addonsAdmin)

Cloud API hub Attributes Admin (roles/apihub.attributeAdmin)

Cloud API hub Plugins Admin (roles/apihub.pluginAdmin)

Cloud API hub Provisioning Admin (roles/apihub.provisioningAdmin)

App Engine Creator (roles/appengine.appCreator)

App Engine Viewer (roles/appengine.appViewer)

App Engine Code Viewer (roles/appengine.codeViewer)

App Engine Managed VM Debug Access (roles/appengine.debugger)

App Engine Deployer (roles/appengine.deployer)

App Engine Memcache Data Admin (roles/appengine.memcacheDataAdmin)

App Engine Service Admin (roles/appengine.serviceAdmin)

App Management Viewer (roles/apphub.appManagementViewer)

Appliance troubleshooting commands approver (roles/applianceactivation.approver)

Appliance troubleshooter (roles/applianceactivation.troubleshooter)

Assured OSS Project Admin (roles/assuredoss.projectAdmin)

Assured OSS Reader (roles/assuredoss.reader)

Assured OSS User (roles/assuredoss.user)

Assured Workloads Reader (roles/assuredworkloads.reader)

Audit Manager Auditor (roles/auditmanager.auditor)

AutoML Predictor (roles/automl.predictor)

Recommendations AI Admin Viewer (roles/automlrecommendations.adminViewer)

Autoscaling Site Admin (roles/autoscaling.sitesAdmin)

Backup and DR Backup User (roles/backupdr.backupUser)

Backup and DR Compute Engine Operator (roles/backupdr.computeEngineOperator)

Backup and DR Mount User (roles/backupdr.mountUser)

Backup and DR Restore User (roles/backupdr.restoreUser)

Backup and DR User (roles/backupdr.user)

Backup and DR User V2 (roles/backupdr.userv2)

Bare Metal Solution Instances Admin (roles/baremetalsolution.instancesadmin)

Bare Metal Solution Instances Viewer (roles/baremetalsolution.instancesviewer)

Bare Metal Solution Storage Admin (roles/baremetalsolution.storageadmin)

Batch Job Editor (roles/batch.jobsEditor)

Batch Job Viewer (roles/batch.jobsViewer)

Batch ResourceAllowance Editor (roles/batch.resourceAllowancesEditor)

Batch ResourceAllowance Viewer (roles/batch.resourceAllowancesViewer)

BigLake Metadata Viewer (roles/biglake.metadataViewer)

BigQuery Data Editor (roles/bigquery.dataEditor)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Data Viewer (roles/bigquery.dataViewer)

BigQuery Job User (roles/bigquery.jobUser)

BigQuery Metadata Viewer (roles/bigquery.metadataViewer)

BigQuery Read Session User (roles/bigquery.readSessionUser)

BigQuery Resource Admin (roles/bigquery.resourceAdmin)

BigQuery Resource Editor (roles/bigquery.resourceEditor)

BigQuery Resource Viewer (roles/bigquery.resourceViewer)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery Studio User (roles/bigquery.studioUser)

BigQuery User (roles/bigquery.user)

Binary Authorization Attestor Admin (roles/binaryauthorization.attestorsAdmin)

Binary Authorization Attestor Editor (roles/binaryauthorization.attestorsEditor)

Binary Authorization Attestor Image Verifier (roles/binaryauthorization.attestorsVerifier)

Binary Authorization Attestor Viewer (roles/binaryauthorization.attestorsViewer)

Binary Authorization Policy Administrator (roles/binaryauthorization.policyAdmin)

Binary Authorization Policy Editor (roles/binaryauthorization.policyEditor)

Binary Authorization Policy Evaluator (roles/binaryauthorization.policyEvaluator)

Binary Authorization Policy Viewer (roles/binaryauthorization.policyViewer)

Browser (roles/browser)

Capacity Planner (roles/capacityplanner.planner)

Certificate Manager Owner (roles/certificatemanager.owner)

Gemini Enterprise for Customer Experience Agent Editor (roles/ces.agentEditor)

Gemini Enterprise for Customer Experience App Editor (roles/ces.appEditor)

Gemini Enterprise for Customer Experience Deployment Editor (roles/ces.deploymentEditor)

Gemini Enterprise for Customer Experience Evals Editor (roles/ces.evalsEditor)

Gemini Enterprise for Customer Experience Guardrails Editor (roles/ces.guardrailsEditor)

Gemini Enterprise for Customer Experience Security Settings Editor (roles/ces.securitySettingsEditor)

Gemini Enterprise for Customer Experience Tools Editor (roles/ces.toolsEditor)

Chronicle API Data Governor (roles/chronicle.dataGovernor)

Chronicle API Federation Admin (roles/chronicle.federationAdmin)

Chronicle API Federation Viewer (roles/chronicle.federationViewer)

Chronicle API Limited Viewer (roles/chronicle.limitedViewer)

Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)

Chronicle SOAR Admin (roles/chronicle.soarAdmin)

Chronicle SOAR Remote Agent (roles/chronicle.soarRemoteAgent)

Chronicle SOAR Threat Manager (roles/chronicle.soarThreatManager)

Chronicle SOAR Vulnerability Manager (roles/chronicle.soarVulnerabilityManager)

Code Repository Indexes Admin (roles/cloudaicompanion.codeRepositoryIndexesAdmin)

Code Repository Indexes Viewer (roles/cloudaicompanion.codeRepositoryIndexesViewer)

Gemini Code Assist Tools Admin (roles/cloudaicompanion.codeToolsAdmin)

Gemini Code Assist Tools User (roles/cloudaicompanion.codeToolsUser)

Gemini for Google Cloud User (roles/cloudaicompanion.user)

Cloud Build Approver (roles/cloudbuild.builds.approver)

Cloud Build Editor (roles/cloudbuild.builds.editor)

Cloud Build Viewer (roles/cloudbuild.builds.viewer)

Cloud Build Connection Admin (roles/cloudbuild.connectionAdmin)

Cloud Build Connection Viewer (roles/cloudbuild.connectionViewer)

Cloud Build Integrations Editor (roles/cloudbuild.integrationsEditor)

Cloud Build Integrations Owner (roles/cloudbuild.integrationsOwner)

Cloud Build Integrations Viewer (roles/cloudbuild.integrationsViewer)

Cloud Build WorkerPool Editor (roles/cloudbuild.workerPoolEditor)

Cloud Build WorkerPool Owner (roles/cloudbuild.workerPoolOwner)

Cloud Build WorkerPool Viewer (roles/cloudbuild.workerPoolViewer)

Cloud Deploy Approver (roles/clouddeploy.approver)

Cloud Deploy Custom Target Type Admin (roles/clouddeploy.customTargetTypeAdmin)

Cloud Deploy Developer (roles/clouddeploy.developer)

Cloud Deploy Operator (roles/clouddeploy.operator)

Cloud Deploy Policy Admin (roles/clouddeploy.policyAdmin)

Cloud Deploy Policy Overrider (roles/clouddeploy.policyOverrider)

Cloud Deploy Releaser (roles/clouddeploy.releaser)

Cloud Functions Developer (roles/cloudfunctions.developer)

Cloud Hub Operator (roles/cloudhub.operator)

Cloud Talent Solution Job Editor (roles/cloudjobdiscovery.jobsEditor)

Cloud Talent Solution Job Viewer (roles/cloudjobdiscovery.jobsViewer)

Cloud Talent Solution Profile Editor (roles/cloudjobdiscovery.profilesEditor)

Cloud Talent Solution Profile Viewer (roles/cloudjobdiscovery.profilesViewer)

Cloud KMS CryptoKey Decrypter Via Delegation (roles/cloudkms.cryptoKeyDecrypterViaDelegation)

Cloud KMS CryptoKey Encrypter/Decrypter Via Delegation (roles/cloudkms.cryptoKeyEncrypterDecrypterViaDelegation)

Cloud KMS CryptoKey Encrypter Via Delegation (roles/cloudkms.cryptoKeyEncrypterViaDelegation)

Cloud KMS EkmConnections Admin (roles/cloudkms.ekmConnectionsAdmin)

Cloud KMS Expert PQ Asymmetric Signing Key Manager (roles/cloudkms.expertPqcSigner)

Cloud KMS Expert Raw AES-CBC Key Manager (roles/cloudkms.expertRawAesCbc)

Cloud KMS Expert Raw AES-CTR Key Manager (roles/cloudkms.expertRawAesCtr)

Cloud KMS Expert Raw PKCS#1 Key Manager (roles/cloudkms.expertRawPKCS1)

Catalog Consumer (roles/cloudprivatecatalog.consumer)

Catalog Manager (roles/cloudprivatecatalogproducer.manager)

Catalog Org Admin (roles/cloudprivatecatalogproducer.orgAdmin)

Cloud Profiler User (roles/cloudprofiler.user)

Cloud Scheduler Job Runner (roles/cloudscheduler.jobRunner)

Advisory Support Editor (roles/cloudsupport.advisorySupportEditor)

Advisory Support Viewer (roles/cloudsupport.advisorySupportViewer)

Tech Support Editor (roles/cloudsupport.techSupportEditor)

Tech Support Viewer (roles/cloudsupport.techSupportViewer)

Cloud Tasks Enqueuer (roles/cloudtasks.enqueuer)

Cloud Tasks Queue Admin (roles/cloudtasks.queueAdmin)

Cloud Tasks Task Deleter (roles/cloudtasks.taskDeleter)

Cloud Tasks Task Runner (roles/cloudtasks.taskRunner)

Firebase Test Lab Direct Access Admin (roles/cloudtestservice.directAccessAdmin)

Firebase Test Lab Direct Access Viewer (roles/cloudtestservice.directAccessViewer)

Firebase Test Lab Admin (roles/cloudtestservice.testAdmin)

Firebase Test Lab Viewer (roles/cloudtestservice.testViewer)

Commerce Business Enablement PaymentConfig Admin (roles/commercebusinessenablement.paymentConfigAdmin)

Commerce Business Enablement PaymentConfig Viewer (roles/commercebusinessenablement.paymentConfigViewer)

Commerce Business Enablement Reseller Discount Admin (roles/commercebusinessenablement.resellerDiscountAdmin)

Commerce Business Enablement Reseller Discount Viewer (roles/commercebusinessenablement.resellerDiscountViewer)

Governed Marketplace User (roles/commerceorggovernance.user)

Commerce Price Management Events Viewer (roles/commercepricemanagement.eventsViewer)

Commerce Price Management Private Offers Admin (roles/commercepricemanagement.privateOffersAdmin)

Environment and Storage Object Administrator (roles/composer.environmentAndStorageObjectAdmin)

Environment and Storage Object User (roles/composer.environmentAndStorageObjectUser)

Environment and Storage Object Viewer (roles/composer.environmentAndStorageObjectViewer)

Composer Worker (roles/composer.worker)

Compute Image User (roles/compute.imageUser)

Compute Load Balancer Services User (roles/compute.loadBalancerServiceUser)

Compute Organization Firewall Policy Admin (roles/compute.orgFirewallPolicyAdmin)

Compute Organization Firewall Policy User (roles/compute.orgFirewallPolicyUser)

Compute Organization Security Policy Admin (roles/compute.orgSecurityPolicyAdmin)

Compute Organization Security Policy User (roles/compute.orgSecurityPolicyUser)

Compute Organization Resource Admin (roles/compute.orgSecurityResourceAdmin)

Compute packet mirroring admin (roles/compute.packetMirroringAdmin)

Compute packet mirroring user (roles/compute.packetMirroringUser)

Compute Public IP Admin (roles/compute.publicIpAdmin)

Compute VM extension policy admin (roles/compute.vmExtensionPolicyAdmin)

Compute VM extension policy viewer (roles/compute.vmExtensionPolicyViewer)

Compute Shared VPC Admin (roles/compute.xpnAdmin)

ConfigDelivery Admin (roles/configdelivery.configDeliveryAdmin)

ConfigDelivery Viewer (roles/configdelivery.configDeliveryViewer)

Config Delivery Resource Bundle Publisher (roles/configdelivery.resourceBundlePublisher)

Consumer Procurement Entitlement Manager (roles/consumerprocurement.entitlementManager)

Consumer Procurement Entitlement Viewer (roles/consumerprocurement.entitlementViewer)

Consumer Procurement Administrator (roles/consumerprocurement.procurementAdmin)

Consumer Procurement Viewer (roles/consumerprocurement.procurementViewer)

Kubernetes Engine Cluster Viewer (roles/container.clusterViewer)

Container Analysis Notes Editor (roles/containeranalysis.notes.editor)

Container Analysis Notes Viewer (roles/containeranalysis.notes.viewer)

Container Analysis Occurrences Editor (roles/containeranalysis.occurrences.editor)

Container Analysis Occurrences Viewer (roles/containeranalysis.occurrences.viewer)

Content Warehouse Document Admin (roles/contentwarehouse.documentAdmin)

Content Warehouse document creator (roles/contentwarehouse.documentCreator)

Content Warehouse Document Editor (roles/contentwarehouse.documentEditor)

Content Warehouse document schema viewer (roles/contentwarehouse.documentSchemaViewer)

Content Warehouse Viewer (roles/contentwarehouse.documentViewer)

Database Insights monitoring viewer (roles/databaseinsights.monitoringViewer)

Database Insights recommendation viewer (roles/databaseinsights.recommendationViewer)

Studio Query Admin (roles/databasesconsole.studioQueryAdmin)

Studio Query User (roles/databasesconsole.studioQueryUser)

Policy Tag Admin (roles/datacatalog.categoryAdmin)

DataCatalog Data Steward (roles/datacatalog.dataSteward)

DataCatalog EntryGroup Creator (roles/datacatalog.entryGroupCreator)

DataCatalog EntryGroup Owner (roles/datacatalog.entryGroupOwner)

DataCatalog Entry Owner (roles/datacatalog.entryOwner)

DataCatalog Entry Viewer (roles/datacatalog.entryViewer)

DataCatalog Migration Config Admin (roles/datacatalog.migrationConfigAdmin)

DataCatalog Search Admin (roles/datacatalog.searchAdmin)

Data Catalog TagTemplate Owner (roles/datacatalog.tagTemplateOwner)

Data Catalog TagTemplate User (roles/datacatalog.tagTemplateUser)

Data Catalog TagTemplate Viewer (roles/datacatalog.tagTemplateViewer)

Connector Admin (roles/dataconnectors.connectorAdmin)

Dataflow Developer (roles/dataflow.developer)

Code Commenter (roles/dataform.codeCommenter)

Code Creator (roles/dataform.codeCreator)

Code Editor (roles/dataform.codeEditor)

Code Owner (roles/dataform.codeOwner)

Code Viewer (roles/dataform.codeViewer)

Team Folder Commenter (roles/dataform.teamFolderCommenter)

Team Folder Contributor (roles/dataform.teamFolderContributor)

Team Folder Owner (roles/dataform.teamFolderOwner)

Team Folder Viewer (roles/dataform.teamFolderViewer)

Cloud Data Fusion Accessor (roles/datafusion.accessor)

Cloud Data Fusion Developer (roles/datafusion.developer)

Cloud Data Fusion Operator (roles/datafusion.operator)

Data Lineage Events Producer (roles/datalineage.producer)

Data pipelines Invoker (roles/datapipelines.invoker)

Dataplex Aspect Type Owner (roles/dataplex.aspectTypeOwner)

Dataplex Aspect Type User (roles/dataplex.aspectTypeUser)

Dataplex Catalog Admin (roles/dataplex.catalogAdmin)

Dataplex Catalog Editor (roles/dataplex.catalogEditor)

Dataplex Catalog Viewer (roles/dataplex.catalogViewer)

Dataplex Data Products Admin (roles/dataplex.dataProductsAdmin)

Dataplex Data Products Consumer (roles/dataplex.dataProductsConsumer)

Dataplex Data Products Editor (roles/dataplex.dataProductsEditor)

Dataplex Data Products Viewer (roles/dataplex.dataProductsViewer)

Dataplex Entry Group Exporter (roles/dataplex.entryGroupExporter)

Dataplex Entry Group Importer (roles/dataplex.entryGroupImporter)

Dataplex Entry Group Owner (roles/dataplex.entryGroupOwner)

Dataplex Entry and EntryLink Owner (roles/dataplex.entryOwner)

Dataplex Entry Type Owner (roles/dataplex.entryTypeOwner)

Dataplex Entry Type User (roles/dataplex.entryTypeUser)

Dataplex Metadata Feed Owner (roles/dataplex.metadataFeedOwner)

Dataplex Metadata Feed Viewer (roles/dataplex.metadataFeedViewer)

Dataplex Metadata Job Owner (roles/dataplex.metadataJobOwner)

Dataplex Metadata Job Viewer (roles/dataplex.metadataJobViewer)

Dataplex Metadata Reader (roles/dataplex.metadataReader)

Dataplex Metadata Writer (roles/dataplex.metadataWriter)

Dataproc Hub Agent (roles/dataproc.hubAgent)

Dataproc Serverless Editor (roles/dataproc.serverlessEditor)

Dataproc Serverless Viewer (roles/dataproc.serverlessViewer)

Cloud Datastore Bulk Admin (roles/datastore.bulkAdmin)

Cloud Datastore Import Export Admin (roles/datastore.importExportAdmin)

Cloud Datastore Index Admin (roles/datastore.indexAdmin)

Cloud Datastore Key Visualizer Viewer (roles/datastore.keyVisualizerViewer)

Cloud Datastore Owner (roles/datastore.owner)

Dell EMC Cloud OneFS User (roles/dellemccloudonefs.user)

Deployment Manager Type Editor (roles/deploymentmanager.typeEditor)

Deployment Manager Type Viewer (roles/deploymentmanager.typeViewer)

Application Admin (roles/designcenter.applicationAdmin)

Application Editor (roles/designcenter.applicationEditor)

Application Viewer (roles/designcenter.applicationViewer)

Application Design Center User (roles/designcenter.user)

Developer Connect Insights Admin (roles/developerconnect.insightsAdmin)

Developer Connect Insights Viewer (roles/developerconnect.insightsViewer)

Developer Connect OAuth Admin (roles/developerconnect.oauthAdmin)

Developer Connect OAuth User (roles/developerconnect.oauthUser)

Developer Connect User (roles/developerconnect.user)

CX Premium Admin (roles/dialogflow.aamAdmin)

CX Premium Conversational Architect (roles/dialogflow.aamConversationalArchitect)

CX Premium Dialog Designer (roles/dialogflow.aamDialogDesigner)

CX Premium Lead Dialog Designer (roles/dialogflow.aamLeadDialogDesigner)

CX Premium Viewer (roles/dialogflow.aamViewer)

Dialogflow Console Simulator User (roles/dialogflow.consoleSimulatorUser)

Dialogflow Console Smart Messaging Allowlist Editor (roles/dialogflow.consoleSmartMessagingAllowlistEditor)

Gemini Enterprise Admin (roles/discoveryengine.agentspaceAdmin)

Gemini Enterprise Editor (roles/discoveryengine.agentspaceEditor)

Gemini Enterprise User (roles/discoveryengine.agentspaceUser)

Gemini Enterprise Viewer (roles/discoveryengine.agentspaceViewer)

Cloud NotebookLM Admin (roles/discoveryengine.notebookLmOwner)

Cloud NotebookLM User (roles/discoveryengine.notebookLmUser)

Podcast API User (roles/discoveryengine.podcastApiUser)

Discovery Engine User (roles/discoveryengine.user)

DLP Connections Admin (roles/dlp.connectionsAdmin)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

DLP Subscription Admin (roles/dlp.subscriptionsAdmin)

DNS Reader (roles/dns.reader)

Earth Subscriptions Administrator (roles/earth.subscriptionsAdmin)

Earth Subscriptions Viewer (roles/earth.subscriptionsViewer)

Earth Engine Resource Writer (roles/earthengine.writer)

Edge Container Machine User (roles/edgecontainer.machineUser)

Edge Container Cluster offline Credential User (roles/edgecontainer.offlineCredentialUser)

Eventarc Connection Publisher (roles/eventarc.connectionPublisher)

Eventarc Developer (roles/eventarc.developer)

Eventarc Publisher (roles/eventarc.publisher)

Firebase Analytics Admin (roles/firebase.analyticsAdmin)

Firebase Analytics Viewer (roles/firebase.analyticsViewer)

Firebase Develop Admin (roles/firebase.developAdmin)

Firebase Develop Viewer (roles/firebase.developViewer)

Firebase Grow Admin (roles/firebase.growthAdmin)

Firebase Grow Viewer (roles/firebase.growthViewer)

Firebase Quality Admin (roles/firebase.qualityAdmin)

Firebase Quality Viewer (roles/firebase.qualityViewer)

Firebase App Hosting Compute Runner (roles/firebaseapphosting.computeRunner)

Firebase App Hosting Developer (roles/firebaseapphosting.developer)

Firebase Extensions Developer (roles/firebaseextensions.developer)

Firebase Extensions Publisher - Extensions Admin (roles/firebaseextensionspublisher.extensionsAdmin)

Firebase Extensions Publisher - Extensions Viewer (roles/firebaseextensionspublisher.extensionsViewer)

Fleet Engine Delivery Admin (roles/fleetengine.deliveryAdmin)

Fleet Engine Delivery Super User (roles/fleetengine.deliverySuperUser)

Fleet Engine On-Demand Admin (roles/fleetengine.ondemandAdmin)

Fleet Engine Service Super User (roles/fleetengine.serviceSuperUser)

GDC Hardware Management Operator (roles/gdchardwaremanagement.operator)

GDC Hardware Management Reader (roles/gdchardwaremanagement.reader)

Gemini Cloud Assist Investigation Admin (roles/geminicloudassist.investigationAdmin)

Gemini Cloud Assist Investigation Creator (roles/geminicloudassist.investigationCreator)

Gemini Cloud Assist Investigation Editor (roles/geminicloudassist.investigationEditor)

Gemini Cloud Assist Investigation Owner (roles/geminicloudassist.investigationOwner)

Gemini Cloud Assist Investigation User (roles/geminicloudassist.investigationUser)

Gemini Cloud Assist Investigation Viewer (roles/geminicloudassist.investigationViewer)

Gemini Cloud Assist User (roles/geminicloudassist.user)

Backup for GKE Backup Admin (roles/gkebackup.backupAdmin)

Backup for GKE Restore Admin (roles/gkebackup.restoreAdmin)

Fleet Project-level Scope Editor (roles/gkehub.scopeEditorProjectLevel)

Fleet Project-level Scope Viewer (roles/gkehub.scopeViewerProjectLevel)

Google Workspace Add-ons Developer (roles/gsuiteaddons.developer)

Google Workspace Add-ons Reader (roles/gsuiteaddons.reader)

Google Workspace Add-ons Tester (roles/gsuiteaddons.tester)

Healthcare Annotation Editor (roles/healthcare.annotationEditor)

Healthcare Annotation Reader (roles/healthcare.annotationReader)

Healthcare Annotation Administrator (roles/healthcare.annotationStoreAdmin)

Healthcare Annotation Store Viewer (roles/healthcare.annotationStoreViewer)

Healthcare Attribute Definition Editor (roles/healthcare.attributeDefinitionEditor)

Healthcare Attribute Definition Reader (roles/healthcare.attributeDefinitionReader)

Healthcare Consent Artifact Administrator (roles/healthcare.consentArtifactAdmin)

Healthcare Consent Artifact Editor (roles/healthcare.consentArtifactEditor)

Healthcare Consent Artifact Reader (roles/healthcare.consentArtifactReader)

Healthcare Consent Editor (roles/healthcare.consentEditor)

Healthcare Consent Reader (roles/healthcare.consentReader)

Healthcare Consent Store Administrator (roles/healthcare.consentStoreAdmin)

Healthcare Consent Store Viewer (roles/healthcare.consentStoreViewer)

Healthcare Dataset Administrator (roles/healthcare.datasetAdmin)

Healthcare Dataset Viewer (roles/healthcare.datasetViewer)

Healthcare DICOM Editor (roles/healthcare.dicomEditor)

Healthcare DICOM Store Administrator (roles/healthcare.dicomStoreAdmin)

Healthcare DICOM Store Viewer (roles/healthcare.dicomStoreViewer)

Healthcare DICOM Viewer (roles/healthcare.dicomViewer)

Healthcare FHIR Resource Editor (roles/healthcare.fhirResourceEditor)

Healthcare FHIR Resource Reader (roles/healthcare.fhirResourceReader)

Healthcare FHIR Store Administrator (roles/healthcare.fhirStoreAdmin)

Healthcare FHIR Store Viewer (roles/healthcare.fhirStoreViewer)

Healthcare HL7v2 Message Consumer (roles/healthcare.hl7V2Consumer)

Healthcare HL7v2 Message Editor (roles/healthcare.hl7V2Editor)

Healthcare HL7v2 Message Ingest (roles/healthcare.hl7V2Ingest)

Healthcare HL7v2 Store Administrator (roles/healthcare.hl7V2StoreAdmin)

Healthcare HL7v2 Store Viewer (roles/healthcare.hl7V2StoreViewer)

Healthcare NLP Service Viewer (roles/healthcare.nlpServiceViewer)

Healthcare User Data Mapping Editor (roles/healthcare.userDataMappingEditor)

Healthcare User Data Mapping Reader (roles/healthcare.userDataMappingReader)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

ML Engineer (roles/iam.mlEngineer)

Network Administrator (roles/iam.networkAdmin)

IAM OAuth Client Admin (roles/iam.oauthClientAdmin)

IAM OAuth Client Viewer (roles/iam.oauthClientViewer)

Organization Role Administrator (roles/iam.organizationRoleAdmin)

Organization Role Viewer (roles/iam.organizationRoleViewer)

Security Auditor (roles/iam.securityAuditor)

Delete Service Accounts (roles/iam.serviceAccountDeleter)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Support User (roles/iam.supportUser)

IAM Workload Identity Pool Admin (roles/iam.workloadIdentityPoolAdmin)

IAM Workload Identity Pool Viewer (roles/iam.workloadIdentityPoolViewer)

Apigee Integration Admin (roles/integrations.apigeeIntegrationAdminRole)

Apigee Integration Deployer (roles/integrations.apigeeIntegrationDeployerRole)

Apigee Integration Editor (roles/integrations.apigeeIntegrationEditorRole)

Apigee Integration Invoker (roles/integrations.apigeeIntegrationInvokerRole)

Apigee Integration Viewer (roles/integrations.apigeeIntegrationsViewer)

Apigee Integration Approver (roles/integrations.apigeeSuspensionResolver)

Certificate Viewer (roles/integrations.certificateViewer)

Application Integration Admin (roles/integrations.integrationAdmin)

Application Integration Deployer (roles/integrations.integrationDeployer)

Application Integration Editor (roles/integrations.integrationEditor)

Application Integration Invoker (roles/integrations.integrationInvoker)

Application Integration Viewer (roles/integrations.integrationViewer)

Application Integration SFDC Instance Admin (roles/integrations.sfdcInstanceAdmin)

Application Integration SFDC Instance Editor (roles/integrations.sfdcInstanceEditor)

Application Integration SFDC Instance Viewer (roles/integrations.sfdcInstanceViewer)

Application Integration Approver (roles/integrations.suspensionResolver)

Issuerswitch Account Manager Admin (roles/issuerswitch.accountManagerAdmin)

Issuerswitch Account Manager Transactions Admin (roles/issuerswitch.accountManagerTransactionsAdmin)

Issuerswitch Account Manager Transactions Viewer (roles/issuerswitch.accountManagerTransactionsViewer)

Issuerswitch Participants Admin (roles/issuerswitch.issuerParticipantsAdmin)

Issuerswitch Resolutions Admin (roles/issuerswitch.resolutionsAdmin)

Issuerswitch Rules Admin (roles/issuerswitch.rulesAdmin)

Issuerswitch Rules Viewer (roles/issuerswitch.rulesViewer)

Issuerswitch Transactions Viewer (roles/issuerswitch.transactionsViewer)

Logs Configuration Writer (roles/logging.configWriter)

Looker Instance User (roles/looker.instanceUser)

Looker Studio Pro Manager (roles/lookerstudio.proManager)

Managed Flink Developer (roles/managedflink.developer)

Google Cloud Managed Identities Backup Admin (roles/managedidentities.backupAdmin)

Google Cloud Managed Identities Backup Viewer (roles/managedidentities.backupViewer)

Google Cloud Managed Identities Domain Admin (roles/managedidentities.domainAdmin)

Google Cloud Managed Identities Peering Admin (roles/managedidentities.peeringAdmin)

Google Cloud Managed Identities Peering Viewer (roles/managedidentities.peeringViewer)

Managed Kafka Client (roles/managedkafka.client)

Managed Kafka Cluster Editor (roles/managedkafka.clusterEditor)

Managed Kafka Connector Editor (roles/managedkafka.connectorEditor)

Managed Kafka Consumer Group Editor (roles/managedkafka.consumerGroupEditor)

Managed Kafka Topic Editor (roles/managedkafka.topicEditor)

Mandiant Attack Surface Management Editor (roles/mandiant.attackSurfaceManagementEditor)

Mandiant Attack Surface Management Viewer (roles/mandiant.attackSurfaceManagementViewer)

Mandiant Digital Threat Monitoring Editor (roles/mandiant.digitalThreatMonitoringEditor)

Mandiant Digital Threat Monitoring Viewer (roles/mandiant.digitalThreatMonitoringViewer)

Mandiant Expertise On Demand Editor (roles/mandiant.expertiseOnDemandEditor)

Mandiant Expertise On Demand Viewer (roles/mandiant.expertiseOnDemandViewer)

Mandiant Threat Intel Editor (roles/mandiant.threatIntelEditor)

Mandiant Threat Intel Viewer (roles/mandiant.threatIntelViewer)

Mandiant Validation Editor (roles/mandiant.validationEditor)

Mandiant Validation Viewer (roles/mandiant.validationViewer)

Mobility Solutions Overages Viewer (roles/mapsanalytics.mobilitySolutionsOverageViewer)

MCP Tool User (roles/mcp.toolUser)

Dataproc Metastore Metadata Operator (roles/metastore.metadataOperator)

Dataproc Metastore Viewer (roles/metastore.user)

Migration Center Discovery Client Registrator (roles/migrationcenter.discoveryClientRegistrator)

Model Armor Callout User (roles/modelarmor.calloutUser)

Model Armor Floor Setting Admin (roles/modelarmor.floorSettingsAdmin)

Model Armor Floor Setting Viewer (roles/modelarmor.floorSettingsViewer)

Model Armor User (roles/modelarmor.user)

Monitoring Metrics Scopes Admin (roles/monitoring.metricsScopesAdmin)

Monitoring Metrics Scopes Viewer (roles/monitoring.metricsScopesViewer)

Google Home Developer Console Admin (roles/nestconsole.homeDeveloperAdmin)

Google Home Developer Console Editor (roles/nestconsole.homeDeveloperEditor)

Google Home Developer Console Reader (roles/nestconsole.homeDeveloperViewer)

Service Automation Consumer Network Admin (roles/networkconnectivity.consumerNetworkAdmin)

Group Admin (roles/networkconnectivity.groupAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

Hub & Spoke Viewer (roles/networkconnectivity.hubViewer)

Multicloud Data Transfer Config Admin (roles/networkconnectivity.multicloudDataTransferConfigAdmin)

Multicloud Data Transfer Config Viewer (roles/networkconnectivity.multicloudDataTransferConfigViewer)

Destination Admin (roles/networkconnectivity.multicloudDataTransferDestinationAdmin)

Destination Viewer (roles/networkconnectivity.multicloudDataTransferDestinationViewer)

Regional Endpoint Admin (roles/networkconnectivity.regionalEndpointAdmin)

Regional Endpoint Viewer (roles/networkconnectivity.regionalEndpointViewer)

Service Class User (roles/networkconnectivity.serviceClassUser)

Service Automation Service Producer Admin (roles/networkconnectivity.serviceProducerAdmin)

Spoke Admin (roles/networkconnectivity.spokeAdmin)

Transport Admin (roles/networkconnectivity.transportAdmin)

Transport Viewer (roles/networkconnectivity.transportViewer)

Cloud Network Insights Admin (roles/networkmanagement.CloudNetworkInsightsAdmin)

Cloud Network Insights Editor (roles/networkmanagement.CloudNetworkInsightsEditor)

Cloud Network Insights Viewer (roles/networkmanagement.CloudNetworkInsightsViewer)

DNS Threat Detector Admin (roles/networksecurity.dnsThreatDetectorAdmin)

DNS Threat Detector Viewer (roles/networksecurity.dnsThreatDetectorViewer)

Firewall Endpoint Admin (roles/networksecurity.firewallEndpointAdmin)

Intercept Deployment Admin (roles/networksecurity.interceptDeploymentAdmin)

Intercept Deployment Viewer (roles/networksecurity.interceptDeploymentViewer)

Intercept Endpoint Admin (roles/networksecurity.interceptEndpointAdmin)

Intercept Endpoint Viewer (roles/networksecurity.interceptEndpointViewer)

Mirroring Deployment Admin (roles/networksecurity.mirroringDeploymentAdmin)

Mirroring Deployment Viewer (roles/networksecurity.mirroringDeploymentViewer)

Mirroring Endpoint Admin (roles/networksecurity.mirroringEndpointAdmin)

Mirroring Endpoint Viewer (roles/networksecurity.mirroringEndpointViewer)

Security Profile Admin (roles/networksecurity.securityProfileAdmin)

Service Extensions Admin (roles/networkservices.serviceExtensionsAdmin)

Service Extensions Viewer (roles/networkservices.serviceExtensionsViewer)

Notebooks Legacy Admin (roles/notebooks.legacyAdmin)

Notebooks Legacy Viewer (roles/notebooks.legacyViewer)

Notebooks Runner (roles/notebooks.runner)

Oracle Database@Google Cloud Autonomous Database Admin (roles/oracledatabase.autonomousDatabaseAdmin)

Oracle Database@Google Cloud Autonomous Database Viewer (roles/oracledatabase.autonomousDatabaseViewer)

Oracle Database@Google Cloud Exadata Infrastructure Admin (roles/oracledatabase.cloudExadataInfrastructureAdmin)

Oracle Database@Google Cloud Exadata Infrastructure User (roles/oracledatabase.cloudExadataInfrastructureUser)

Oracle Database@Google Cloud Exadata Infrastructure Viewer (roles/oracledatabase.cloudExadataInfrastructureViewer)

Oracle Database@Google Cloud VM Cluster Admin (roles/oracledatabase.cloudVmClusterAdmin)

Oracle Database@Google Cloud VM Cluster Viewer (roles/oracledatabase.cloudVmClusterViewer)

Oracle Database@Google Cloud Container Database Viewer (roles/oracledatabase.databaseViewer)

Oracle Database@Google Cloud DB System Admin (roles/oracledatabase.dbSystemAdmin)

Oracle Database@Google Cloud DB System Viewer (roles/oracledatabase.dbSystemViewer)

Oracle Database@Google Cloud Exadata Database Service on Exascale Infrastructure VM Cluster Admin (roles/oracledatabase.exadbVmClusterAdmin)

Oracle Database@Google Cloud Exadata Database Service on Exascale Infrastructure VM Cluster Viewer (roles/oracledatabase.exadbVmClusterViewer)

Oracle Database@Google Cloud Exadata Database Service on Exascale Infrastructure Storage Vault Admin (roles/oracledatabase.exascaleDbStorageVaultAdmin)

Oracle Database@Google Cloud Exadata Database Service on Exascale Infrastructure Storage Vault Viewer (roles/oracledatabase.exascaleDbStorageVaultViewer)

Oracle Database@Google Cloud GoldenGate Connection Admin (roles/oracledatabase.goldenGateConnectionAdmin)

Oracle Database@Google Cloud GoldenGate Connection Assignment Admin (roles/oracledatabase.goldenGateConnectionAssignmentAdmin)

Oracle Database@Google Cloud GoldenGate Connection Assignment Viewer (roles/oracledatabase.goldenGateConnectionAssignmentViewer)

Oracle Database@Google Cloud GoldenGate Connection Viewer (roles/oracledatabase.goldenGateConnectionViewer)

Oracle Database@Google GoldenGate Connections User (roles/oracledatabase.goldenGateConnectionsUser)

Oracle Database@Google Cloud GoldenGate Deployment Admin (roles/oracledatabase.goldenGateDeploymentAdmin)

Oracle Database@Google Cloud GoldenGate Deployment Viewer (roles/oracledatabase.goldenGateDeploymentViewer)

Oracle Database@Google GoldenGate Deployments User (roles/oracledatabase.goldenGateDeploymentsUser)

Oracle Database@Google Network Admin (roles/oracledatabase.networkAdmin)

Oracle Database@Google ODB Network Admin (roles/oracledatabase.odbNetworkAdmin)

Oracle Database@Google ODB Network Viewer (roles/oracledatabase.odbNetworkViewer)

Oracle Database@Google ODB Subnet Admin (roles/oracledatabase.odbSubnetAdmin)

Oracle Database@Google ODB Subnet User (roles/oracledatabase.odbSubnetUser)

Oracle Database@Google ODB Subnet Viewer (roles/oracledatabase.odbSubnetViewer)

Oracle Database@Google Cloud Pluggable Database Viewer (roles/oracledatabase.pluggableDatabaseViewer)

GuestPolicy Admin (roles/osconfig.guestPolicyAdmin)

GuestPolicy Editor (roles/osconfig.guestPolicyEditor)

GuestPolicy Viewer (roles/osconfig.guestPolicyViewer)

InstanceOSPoliciesCompliance Viewer (roles/osconfig.instanceOSPoliciesComplianceViewer)

OS Inventory Viewer (roles/osconfig.inventoryViewer)

OSPolicyAssignment Admin (roles/osconfig.osPolicyAssignmentAdmin)

OSPolicyAssignment Editor (roles/osconfig.osPolicyAssignmentEditor)

OSPolicyAssignmentReport Viewer (roles/osconfig.osPolicyAssignmentReportViewer)

OSPolicyAssignment Viewer (roles/osconfig.osPolicyAssignmentViewer)

PatchDeployment Admin (roles/osconfig.patchDeploymentAdmin)

PatchDeployment Viewer (roles/osconfig.patchDeploymentViewer)

Patch Job Executor (roles/osconfig.patchJobExecutor)

Patch Job Viewer (roles/osconfig.patchJobViewer)

Project Feature Settings Editor (roles/osconfig.projectFeatureSettingsEditor)

Project Feature Settings Viewer (roles/osconfig.projectFeatureSettingsViewer)

Upgrade Report Viewer (roles/osconfig.upgradeReportViewer)

OS VulnerabilityReport Viewer (roles/osconfig.vulnerabilityReportViewer)

Parameter Manager Parameter Accessor (roles/parametermanager.parameterAccessor)

Parameter Manager Parameter Version Adder (roles/parametermanager.parameterVersionAdder)

Parameter Manager Parameter Version Manager (roles/parametermanager.parameterVersionManager)

Parameter Manager Parameter Viewer (roles/parametermanager.parameterViewer)

Payments Reseller Admin (roles/paymentsresellersubscription.partnerAdmin)

Payments Reseller Viewer (roles/paymentsresellersubscription.partnerViewer)

Payments Reseller Products Viewer (roles/paymentsresellersubscription.productViewer)

Payments Reseller Promotions Viewer (roles/paymentsresellersubscription.promotionViewer)

Payments Reseller Subscriptions Editor (roles/paymentsresellersubscription.subscriptionEditor)

Payments Reseller Subscriptions Viewer (roles/paymentsresellersubscription.subscriptionViewer)

CA Service Auditor (roles/privateca.auditor)

CA Service Operation Manager (roles/privateca.caManager)

CA Service Certificate Manager (roles/privateca.certificateManager)

Beacon Attachment Editor (roles/proximitybeacon.attachmentEditor)

Beacon Attachment Publisher (roles/proximitybeacon.attachmentPublisher)

Beacon Attachment Viewer (roles/proximitybeacon.attachmentViewer)

Beacon Editor (roles/proximitybeacon.beaconEditor)

External Account Key Creator (roles/publicca.externalAccountKeyCreator)

reCAPTCHA Enterprise Agent (roles/recaptchaenterprise.agent)

AlloyDB Recommender Admin (roles/recommender.alloydbAdmin)

AlloyDB Recommender Viewer (roles/recommender.alloydbViewer)

BigQuery Slot Recommender Admin (roles/recommender.bigQueryCapacityCommitmentsAdmin)

BigQuery Recommender Project Admin (roles/recommender.bigQueryCapacityCommitmentsProjectAdmin)

BigQuery Recommender Project Viewer (roles/recommender.bigQueryCapacityCommitmentsProjectViewer)

BigQuery Slot Recommender Viewer (roles/recommender.bigQueryCapacityCommitmentsViewer)

BigQuery Materialized View Recommender Admin (roles/recommender.bigqueryMaterializedViewAdmin)

BigQuery Materialized View Recommender Viewer (roles/recommender.bigqueryMaterializedViewViewer)

BigQuery Partitioning Clustering Recommender Admin (roles/recommender.bigqueryPartitionClusterAdmin)

BigQuery Partitioning Clustering Recommender Viewer (roles/recommender.bigqueryPartitionClusterViewer)

Bigtable Cluster Performance Recommender Admin (roles/recommender.bigtableClusterPerformanceAdmin)

Bigtable Cluster Performance Recommender Viewer (roles/recommender.bigtableClusterPerformanceViewer)

Cloud Asset Insights Admin (roles/recommender.cloudAssetInsightsAdmin)

Cloud Asset Insights Viewer (roles/recommender.cloudAssetInsightsViewer)

Cloud Cost General Recommendations Recommender Admin (roles/recommender.cloudCostRecommendationAdmin)

Cloud Cost General Recommendations Recommender Viewer (roles/recommender.cloudCostRecommendationViewer)

Cloud Deprecation General Recommender Admin (roles/recommender.cloudDeprecationRecommendationAdmin)

Cloud Deprecation General Recommender Viewer (roles/recommender.cloudDeprecationRecommendationViewer)

Cloud Manageability General Recommendations Recommender Admin (roles/recommender.cloudManageabilityRecommendationAdmin)

Cloud Manageability General Recommendations Recommender Viewer (roles/recommender.cloudManageabilityRecommendationViewer)

Cloud Performance General Recommendations Recommender Admin (roles/recommender.cloudPerformanceRecommendationAdmin)

Cloud Performance General Recommendations Recommender Viewer (roles/recommender.cloudPerformanceRecommendationViewer)

Cloud Reliability General Recommendations Recommender Admin (roles/recommender.cloudReliabilityRecommendationAdmin)

Cloud Reliability General Recommendations Recommender Viewer (roles/recommender.cloudReliabilityRecommendationViewer)

Cloud Security General Recommendations Recommender Admin (roles/recommender.cloudSecurityRecommendationAdmin)

Cloud Security General Recommendations Recommender Viewer (roles/recommender.cloudSecurityRecommendationViewer)

Cloud SQL Recommender Admin (roles/recommender.cloudsqlAdmin)

Cloud SQL Recommender Viewer (roles/recommender.cloudsqlViewer)

Compute Recommender Admin (roles/recommender.computeAdmin)

Compute Recommender Viewer (roles/recommender.computeViewer)

GKE Diagnosis Recommender Admin (roles/recommender.containerDiagnosisAdmin)

GKE Diagnosis Recommender Viewer (roles/recommender.containerDiagnosisViewer)

Dataflow Diagnostics Admin (roles/recommender.dataflowDiagnosticsAdmin)

Dataflow Diagnostics Viewer (roles/recommender.dataflowDiagnosticsViewer)

Error Reporting Recommender Admin (roles/recommender.errorReportingAdmin)

Error Reporting Recommender Viewer (roles/recommender.errorReportingViewer)

Firestore Database Firebase rules Recommender Admin (roles/recommender.firestoredatabasefirebaserulesAdmin)

Firestore Database Firebase rules Recommender Viewer (roles/recommender.firestoredatabasefirebaserulesViewer)

Firestore Database Reliability Recommender Admin (roles/recommender.firestoredatabasereliabilityAdmin)

Firestore Database Reliability Recommender Viewer (roles/recommender.firestoredatabasereliabilityViewer)

Firewall Recommender Admin (roles/recommender.firewallAdmin)

Firewall Recommender Viewer (roles/recommender.firewallViewer)

Google Maps Platform Insights/Recommendations Admin (roles/recommender.gmpAdmin)

Google Maps Platform Insights/Recommendations Viewer (roles/recommender.gmpViewer)

IAM Recommender Admin (roles/recommender.iamAdmin)

IAM Recommender Viewer (roles/recommender.iamViewer)

IAM Policy Change Risk Recommender Admin (roles/recommender.iampolicychangeriskAdmin)

IAM Policy Change Risk Recommender Viewer (roles/recommender.iampolicychangeriskViewer)

Memorystore Manageability Recommender Admin (roles/recommender.memorystoremanageabilityAdmin)

Memorystore Manageability Recommender Viewer (roles/recommender.memorystoremanageabilityViewer)

Memorystore Performance Recommender Admin (roles/recommender.memorystoreperformanceAdmin)

Memorystore Performance Recommender Viewer (roles/recommender.memorystoreperformanceViewer)

Memorystore Reliability Recommender Admin (roles/recommender.memorystorereliabilityAdmin)

Memorystore Reliability Recommender Viewer (roles/recommender.memorystorereliabilityViewer)

Network Analyzer Recommender Admin (roles/recommender.networkAnalyzerAdmin)

Network Analyzer Cloud SQL Recommender Admin (roles/recommender.networkAnalyzerCloudSqlAdmin)

Network Analyzer Cloud SQL Recommender Viewer (roles/recommender.networkAnalyzerCloudSqlViewer)

Network Analyzer Dynamic Route Recommender Admin (roles/recommender.networkAnalyzerDynamicRouteAdmin)

Network Analyzer Dynamic Route Recommender Viewer (roles/recommender.networkAnalyzerDynamicRouteViewer)

Network Analyzer GKE Connectivity Recommender Admin (roles/recommender.networkAnalyzerGkeConnectivityAdmin)

Network Analyzer GKE Connectivity Recommender Viewer (roles/recommender.networkAnalyzerGkeConnectivityViewer)

Network Analyzer GKE IP Address Recommender Admin (roles/recommender.networkAnalyzerGkeIpAddressAdmin)

Network Analyzer GKE IP Address Recommender Viewer (roles/recommender.networkAnalyzerGkeIpAddressViewer)

Network Analyzer GKE Service Account Insights Recommender Admin (roles/recommender.networkAnalyzerGkeServiceAccountAdmin)

Network Analyzer GKE Service Account Insights Recommender Viewer (roles/recommender.networkAnalyzerGkeServiceAccountViewer)

Network Analyzer IP Address Recommender Admin (roles/recommender.networkAnalyzerIpAddressAdmin)

Network Analyzer IP Address Recommender Viewer (roles/recommender.networkAnalyzerIpAddressViewer)

Network Analyzer Load Balancer Recommender Admin (roles/recommender.networkAnalyzerLoadBalancerAdmin)

Network Analyzer Load Balancer Recommender Viewer (roles/recommender.networkAnalyzerLoadBalancerViewer)

Network Analyzer Recommender Viewer (roles/recommender.networkAnalyzerViewer)

Network Analyzer VPC Connectivity Recommender Admin (roles/recommender.networkAnalyzerVpcConnectivityAdmin)

Network Analyzer VPC Connectivity Recommender Viewer (roles/recommender.networkAnalyzerVpcConnectivityViewer)

Org Policy Recommender Admin (roles/recommender.orgPolicyAdmin)

Org Policy Recommender Viewer (roles/recommender.orgPolicyViewer)

Product Suggestion Recommenders Admin (roles/recommender.productSuggestionAdmin)

Product Suggestion Recommenders Viewer (roles/recommender.productSuggestionViewer)

Project Usage Commitment Recommender Admin (roles/recommender.projectCudAdmin)

Project Usage Commitment Recommender Viewer (roles/recommender.projectCudViewer)

Project Utilization Recommender Admin (roles/recommender.projectUtilAdmin)

Project Utilization Recommender Viewer (roles/recommender.projectUtilViewer)

RecentChange RecommenderConfig Admin (roles/recommender.recentChangeConfigAdmin)

Recent Change Risk Recommender Admin (roles/recommender.recentchangeriskAdmin)

Recent Change Risk Recommender Viewer (roles/recommender.recentchangeriskViewer)

Service Limit Recommender Admin (roles/recommender.serviceLimitAdmin)

Service Limit Recommender Viewer (roles/recommender.serviceLimitViewer)

Service Account Change Risk Recommender Admin (roles/recommender.serviceaccntchangeriskAdmin)

Service Account Change Risk Recommender Viewer (roles/recommender.serviceaccntchangeriskViewer)

Spanner Project Reliability Recommender Admin (roles/recommender.spannerAdmin)

Spanner Project Reliability Recommender Viewer (roles/recommender.spannerViewer)

Folder Creator (roles/resourcemanager.folderCreator)

Folder Editor (roles/resourcemanager.folderEditor)

Folder Viewer (roles/resourcemanager.folderViewer)

Retail Merchant Approver (roles/retail.merchantApprover)

Retail Merchant Creator (roles/retail.merchantCreator)

Risk Manager Report Reviewer (roles/riskmanager.reviewer)

Rapid Migration Assessment Runner (roles/rma.runner)

Roads Selection Admin (roles/roads.roadsSelectionAdmin)

Roads Selection Viewer (roles/roads.roadsSelectionViewer)

Cloud Run Source Developer (roles/run.sourceDeveloper)

Cloud Run Source Viewer (roles/run.sourceViewer)

Serverless Integrations Developer (roles/runapps.developer)

Serverless Integrations Operator (roles/runapps.operator)

Secret Manager Secret Version Adder (roles/secretmanager.secretVersionAdder)

Secret Manager Secret Version Manager (roles/secretmanager.secretVersionManager)

Overwatch Activator (roles/securedlandingzone.overwatchActivator)

Overwatch Admin (roles/securedlandingzone.overwatchAdmin)

Overwatch Viewer (roles/securedlandingzone.overwatchViewer)

Secure Source Manager Developer Connect Linker (roles/securesourcemanager.developerConnectLinker)

Secure Source Manager Instance Accessor (roles/securesourcemanager.instanceAccessor)

Secure Source Manager Instance Manager (roles/securesourcemanager.instanceManager)

Secure Source Manager Instance Owner (roles/securesourcemanager.instanceOwner)

Secure Source Manager Instance Repository Creator (roles/securesourcemanager.instanceRepositoryCreator)

Secure Source Manager Repository Admin (roles/securesourcemanager.repoAdmin)

Secure Source Manager Repository Creator (roles/securesourcemanager.repoCreator)

Secure Source Manager Repository Pull Request Approver (roles/securesourcemanager.repoPullRequestApprover)

Secure Source Manager Repository Reader (roles/securesourcemanager.repoReader)

Secure Source Manager Repository Writer (roles/securesourcemanager.repoWriter)

Secure Source Manager SSH Key User (roles/securesourcemanager.sshKeyUser)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Security Center BigQuery Exports Editor (roles/securitycenter.bigQueryExportsEditor)

Security Center BigQuery Exports Viewer (roles/securitycenter.bigQueryExportsViewer)

Security Center Settings Admin (roles/securitycenter.settingsAdmin)

Security Center Settings Editor (roles/securitycenter.settingsEditor)

Security Center Settings Viewer (roles/securitycenter.settingsViewer)

Security Center Management Custom Modules Editor (roles/securitycentermanagement.customModulesEditor)

Security Center Management Custom Modules Viewer (roles/securitycentermanagement.customModulesViewer)

Security Center Management Custom ETD Modules Editor (roles/securitycentermanagement.etdCustomModulesEditor)

Security Center Management ETD Custom Modules Viewer (roles/securitycentermanagement.etdCustomModulesViewer)

Security Center Management Settings Editor (roles/securitycentermanagement.settingsEditor)

Security Center Management Settings Viewer (roles/securitycentermanagement.settingsViewer)

Security Center Management SHA Custom Modules Editor (roles/securitycentermanagement.shaCustomModulesEditor)

Security Center Management SHA Custom Modules Viewer (roles/securitycentermanagement.shaCustomModulesViewer)

Service Directory Network Attacher (roles/servicedirectory.networkAttacher)

Private Service Connect Authorized Service (roles/servicedirectory.pscAuthorizedService)

Quota Administrator (roles/servicemanagement.quotaAdmin)

Cloud Spanner Backup Admin (roles/spanner.backupAdmin)

Cloud Spanner Database Admin (roles/spanner.databaseAdmin)

Cloud Spanner Restore Admin (roles/spanner.restoreAdmin)

Stackdriver Accounts Editor (roles/stackdriver.accounts.editor)

Stackdriver Accounts Viewer (roles/stackdriver.accounts.viewer)

Storage HMAC Key Admin (roles/storage.hmacKeyAdmin)

Storage Insights Collector Service (roles/storage.insightsCollectorService)

Storage Insights Analyst (roles/storageinsights.analyst)

Storage Transfer User (roles/storagetransfer.user)

Stream Content Admin (roles/stream.contentAdmin)

Stream Content Builder (roles/stream.contentBuilder)

Stream Instance Admin (roles/stream.instanceAdmin)

Subscribe with Google Developer (roles/subscribewithgoogledeveloper.developer)

GTI Alert Admin (roles/threatintelligence.alertAdmin)

GTI Alert User (roles/threatintelligence.alertUser)

CTEM Admin (roles/threatintelligence.ctemAdmin)

CTEM Editor (roles/threatintelligence.ctemEditor)

CTEM Project Admin (roles/threatintelligence.ctemProjectAdmin)

CTEM Viewer (roles/threatintelligence.ctemViewer)

Translation Hub Portal User (roles/translationhub.portalUser)

Vector Search Collection Writer (roles/vectorsearch.collectionWriter)

Vector Search DataObject Writer (roles/vectorsearch.dataObjectWriter)

Vector Search Index Writer (roles/vectorsearch.indexWriter)

Video Stitcher User (roles/videostitcher.user)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

Workflows Invoker (roles/workflows.invoker)

Workload Certificate Registration Admin (roles/workloadcertificate.registrationAdmin)

Workload Certificate Registration Viewer (roles/workloadcertificate.registrationViewer)

Workload Manager Deployment Admin (roles/workloadmanager.deploymentAdmin)

Workload Manager Deployment Viewer (roles/workloadmanager.deploymentViewer)

Workload Manager Evaluation Admin (roles/workloadmanager.evaluationAdmin)

Workload Manager Evaluation Viewer (roles/workloadmanager.evaluationViewer)

Workload Manager Worker (roles/workloadmanager.worker)

Workload Manager Workload Viewer (roles/workloadmanager.workloadViewer)

Cloud Workstations Creator (roles/workstations.workstationCreator)

Cloud Workstations Limit Exempted Creator (roles/workstations.workstationLimitExemptedCreator)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Folder Admin (roles/resourcemanager.folderAdmin)

Project Mover (roles/resourcemanager.projectMover)

Folder Mover (roles/resourcemanager.folderMover)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Folder Admin (roles/resourcemanager.folderAdmin)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Project IAM Admin (roles/resourcemanager.projectIamAdmin)

Support User (roles/iam.supportUser)

Owner (roles/owner)

Security Admin (roles/iam.securityAdmin)

Folder Admin (roles/resourcemanager.folderAdmin)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Project IAM Admin (roles/resourcemanager.projectIamAdmin)

Service agent roles

Owner (roles/owner)

Owner (roles/owner)

Editor (roles/editor)

Project Mover (roles/resourcemanager.projectMover)

SLZ BQDW Blueprint Project Level Remediator (roles/securedlandingzone.bqdwProjectRemediator)

Service agent roles

Owner (roles/owner)

Looker Studio Pro Manager (roles/lookerstudio.proManager)

Project Lien Modifier (roles/resourcemanager.lienModifier)

Service agent roles

Owner (roles/owner)

Folder Admin (roles/resourcemanager.folderAdmin)

Organization Administrator (roles/resourcemanager.organizationAdmin)

Project IAM Admin (roles/resourcemanager.projectIamAdmin)

Owner (roles/owner)

Editor (roles/editor)

Tag Administrator (roles/resourcemanager.tagAdmin)

Tag Hold Administrator (roles/resourcemanager.tagHoldAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Tag Administrator (roles/resourcemanager.tagAdmin)

Tag Hold Administrator (roles/resourcemanager.tagHoldAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Tag Administrator (roles/resourcemanager.tagAdmin)

Tag Viewer (roles/resourcemanager.tagViewer)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Tag Hold Administrator (roles/resourcemanager.tagHoldAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Tag Administrator (roles/resourcemanager.tagAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Tag Administrator (roles/resourcemanager.tagAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Tag Administrator (roles/resourcemanager.tagAdmin)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Tag Administrator (roles/resourcemanager.tagAdmin)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Tag Administrator (roles/resourcemanager.tagAdmin)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Service agent roles

Owner (roles/owner)

Security Admin (roles/iam.securityAdmin)

Tag Administrator (roles/resourcemanager.tagAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Tag Administrator (roles/resourcemanager.tagAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Tag User (roles/resourcemanager.tagUser)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Tag User (roles/resourcemanager.tagUser)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Tag Administrator (roles/resourcemanager.tagAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Tag Administrator (roles/resourcemanager.tagAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Tag Administrator (roles/resourcemanager.tagAdmin)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

Security Center Admin (roles/securitycenter.admin)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Security Center Resource Value Configurations Editor (roles/securitycenter.resourceValueConfigsEditor)

Security Center Resource Value Configurations Viewer (roles/securitycenter.resourceValueConfigsViewer)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Tag Administrator (roles/resourcemanager.tagAdmin)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Tag Administrator (roles/resourcemanager.tagAdmin)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Service agent roles

Owner (roles/owner)

Security Admin (roles/iam.securityAdmin)

Tag Administrator (roles/resourcemanager.tagAdmin)

Owner (roles/owner)

Editor (roles/editor)

Tag Administrator (roles/resourcemanager.tagAdmin)

Service agent roles