Cloud Source Repositories roles and permissions

This page lists the IAM roles and permissions for Cloud Source Repositories. To search through all roles and permissions, see the role and permission index.

Cloud Source Repositories roles

Role Permissions

Role	Permissions
Source Repository Administrator (`roles/source.admin`) Provides permissions to create, update, delete, list, clone, fetch, and browse repositories. Also provides permissions to read and change IAM policies. Lowest-level resources where you can grant this role: Repository	`source.*` `source.repos.create` `source.repos.delete` `source.repos.get` `source.repos.getIamPolicy` `source.repos.getProjectConfig` `source.repos.list` `source.repos.setIamPolicy` `source.repos.update` `source.repos.updateProjectConfig` `source.repos.updateRepoConfig`
Source Editor (`roles/source.editor`) Editor role for source	`resourcemanager.projects.get` `resourcemanager.projects.list` `source.repos.get` `source.repos.getIamPolicy` `source.repos.list` `source.repos.update`
Source Viewer (`roles/source.viewer`) Viewer role for source	`resourcemanager.projects.get` `resourcemanager.projects.list` `source.repos.get` `source.repos.getIamPolicy` `source.repos.list`
Source Repository Reader (`roles/source.reader`) Provides permissions to list, clone, fetch, and browse repositories. Lowest-level resources where you can grant this role: Repository	`source.repos.get` `source.repos.list`
Source Repository Writer (`roles/source.writer`) Provides permissions to list, clone, fetch, browse, and update repositories. Lowest-level resources where you can grant this role: Repository	`source.repos.get` `source.repos.list` `source.repos.update`

Source Repository Administrator

(roles/source.admin)

Provides permissions to create, update, delete, list, clone, fetch, and browse repositories. Also provides permissions to read and change IAM policies.

Lowest-level resources where you can grant this role:

Repository

source.*

source.repos.create
source.repos.delete
source.repos.get
source.repos.getIamPolicy
source.repos.getProjectConfig
source.repos.list
source.repos.setIamPolicy
source.repos.update
source.repos.updateProjectConfig
source.repos.updateRepoConfig

Source Editor

(roles/source.editor)

Editor role for source

resourcemanager.projects.get

resourcemanager.projects.list

source.repos.get

source.repos.getIamPolicy

source.repos.list

source.repos.update

Source Viewer

(roles/source.viewer)

Viewer role for source

resourcemanager.projects.get

resourcemanager.projects.list

source.repos.get

source.repos.getIamPolicy

source.repos.list

Source Repository Reader

(roles/source.reader)

Provides permissions to list, clone, fetch, and browse repositories.

Lowest-level resources where you can grant this role:

Repository

source.repos.get

source.repos.list

Source Repository Writer

(roles/source.writer)

Provides permissions to list, clone, fetch, browse, and update repositories.

Lowest-level resources where you can grant this role:

Repository

source.repos.get

source.repos.list

source.repos.update

Service agent roles

Service agent roles should only be granted to service agents.

Role Permissions

Role	Permissions
Cloud Source Repositories Service Agent (`roles/sourcerepo.serviceAgent`) Allow Cloud Source Repositories to integrate with other Cloud services. Warning: Do not grant service agent roles to any principals except service agents.	`iam.serviceAccounts.getAccessToken` `pubsub.topics.publish`

Cloud Source Repositories Service Agent

(roles/sourcerepo.serviceAgent)

Allow Cloud Source Repositories to integrate with other Cloud services.

iam.serviceAccounts.getAccessToken

pubsub.topics.publish

Cloud Source Repositories permissions

Permission	Included in roles
`source.repos.create`	Owner (`roles/owner`) Source Repository Administrator (`roles/source.admin`) Dev Ops (`roles/iam.devOps`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`source.repos.delete`	Owner (`roles/owner`) Source Repository Administrator (`roles/source.admin`) Dev Ops (`roles/iam.devOps`)
`source.repos.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Cloud Run Builder (`roles/run.builder`) Source Repository Administrator (`roles/source.admin`) Source Editor (`roles/source.editor`) Source Viewer (`roles/source.viewer`) Telco Automation Admin (`roles/telcoautomation.admin`) Composer Worker (`roles/composer.worker`) Dev Ops (`roles/iam.devOps`) Support User (`roles/iam.supportUser`) Source Repository Reader (`roles/source.reader`) Source Repository Writer (`roles/source.writer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Endpoints Portal Service Agent (`roles/endpointsportal.serviceAgent`)
`source.repos.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Source Repository Administrator (`roles/source.admin`) Source Editor (`roles/source.editor`) Source Viewer (`roles/source.viewer`) Dev Ops (`roles/iam.devOps`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`source.repos.getProjectConfig`	Owner (`roles/owner`) Source Repository Administrator (`roles/source.admin`) Dev Ops (`roles/iam.devOps`)
`source.repos.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Source Repository Administrator (`roles/source.admin`) Source Editor (`roles/source.editor`) Source Viewer (`roles/source.viewer`) Telco Automation Admin (`roles/telcoautomation.admin`) Composer Worker (`roles/composer.worker`) Dev Ops (`roles/iam.devOps`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Source Repository Reader (`roles/source.reader`) Source Repository Writer (`roles/source.writer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`)
`source.repos.setIamPolicy`	Owner (`roles/owner`) Security Admin (`roles/iam.securityAdmin`) Source Repository Administrator (`roles/source.admin`) Dev Ops (`roles/iam.devOps`)
`source.repos.update`	Owner (`roles/owner`) Editor (`roles/editor`) Source Repository Administrator (`roles/source.admin`) Source Editor (`roles/source.editor`) Dev Ops (`roles/iam.devOps`) Source Repository Writer (`roles/source.writer`)
`source.repos.updateProjectConfig`	Owner (`roles/owner`) Source Repository Administrator (`roles/source.admin`) Dev Ops (`roles/iam.devOps`)
`source.repos.updateRepoConfig`	Owner (`roles/owner`) Source Repository Administrator (`roles/source.admin`) Dev Ops (`roles/iam.devOps`)

Cloud Source Repositories roles and permissions