Stream roles and permissions

This page lists the IAM roles and permissions for Stream. To search through all roles and permissions, see the role and permission index.

Stream roles

Role Permissions

Role	Permissions
Stream Admin (`roles/stream.admin`) Full access to Stream all resources.	`resourcemanager.projects.get` `resourcemanager.projects.list` `stream.*` `stream.locations.get` `stream.locations.list` `stream.operations.cancel` `stream.operations.delete` `stream.operations.get` `stream.operations.list` `stream.streamContents.build` `stream.streamContents.create` `stream.streamContents.delete` `stream.streamContents.get` `stream.streamContents.list` `stream.streamContents.update` `stream.streamInstances.create` `stream.streamInstances.delete` `stream.streamInstances.get` `stream.streamInstances.list` `stream.streamInstances.rollout` `stream.streamInstances.update`
Stream Viewer (`roles/stream.viewer`) Read-only access to Stream all resources.	`resourcemanager.projects.get` `resourcemanager.projects.list` `stream.locations.*` `stream.locations.get` `stream.locations.list` `stream.operations.get` `stream.operations.list` `stream.streamContents.get` `stream.streamContents.list` `stream.streamInstances.get` `stream.streamInstances.list`
Stream Content Admin (`roles/stream.contentAdmin`) Full access to all StreamContent resources.	`resourcemanager.projects.get` `resourcemanager.projects.list` `stream.streamContents.*` `stream.streamContents.build` `stream.streamContents.create` `stream.streamContents.delete` `stream.streamContents.get` `stream.streamContents.list` `stream.streamContents.update`
Stream Content Builder (`roles/stream.contentBuilder`) Read and build access to StreamContent resources.	`resourcemanager.projects.get` `resourcemanager.projects.list` `stream.streamContents.build` `stream.streamContents.get` `stream.streamContents.list`
Stream Instance Admin (`roles/stream.instanceAdmin`) Full access to all StreamInstance resources and Read access to all StreamContent resources.	`resourcemanager.projects.get` `resourcemanager.projects.list` `stream.streamContents.get` `stream.streamContents.list` `stream.streamInstances.*` `stream.streamInstances.create` `stream.streamInstances.delete` `stream.streamInstances.get` `stream.streamInstances.list` `stream.streamInstances.rollout` `stream.streamInstances.update`

Stream Admin

(roles/stream.admin)

Full access to Stream all resources.

resourcemanager.projects.get

resourcemanager.projects.list

stream.*

stream.locations.get
stream.locations.list
stream.operations.cancel
stream.operations.delete
stream.operations.get
stream.operations.list
stream.streamContents.build
stream.streamContents.create
stream.streamContents.delete
stream.streamContents.get
stream.streamContents.list
stream.streamContents.update
stream.streamInstances.create
stream.streamInstances.delete
stream.streamInstances.get
stream.streamInstances.list
stream.streamInstances.rollout
stream.streamInstances.update

Stream Viewer

(roles/stream.viewer)

Read-only access to Stream all resources.

resourcemanager.projects.get

resourcemanager.projects.list

stream.locations.*

stream.locations.get
stream.locations.list

stream.operations.get

stream.operations.list

stream.streamContents.get

stream.streamContents.list

stream.streamInstances.get

stream.streamInstances.list

Stream Content Admin

(roles/stream.contentAdmin)

Full access to all StreamContent resources.

resourcemanager.projects.get

resourcemanager.projects.list

stream.streamContents.*

stream.streamContents.build
stream.streamContents.create
stream.streamContents.delete
stream.streamContents.get
stream.streamContents.list
stream.streamContents.update

Stream Content Builder

(roles/stream.contentBuilder)

Read and build access to StreamContent resources.

resourcemanager.projects.get

resourcemanager.projects.list

stream.streamContents.build

stream.streamContents.get

stream.streamContents.list

Stream Instance Admin

(roles/stream.instanceAdmin)

Full access to all StreamInstance resources and Read access to all StreamContent resources.

resourcemanager.projects.get

resourcemanager.projects.list

stream.streamContents.get

stream.streamContents.list

stream.streamInstances.*

stream.streamInstances.create
stream.streamInstances.delete
stream.streamInstances.get
stream.streamInstances.list
stream.streamInstances.rollout
stream.streamInstances.update

Service agent roles

Service agent roles should only be granted to service agents.

Role Permissions

Role	Permissions
Stream Service Agent (`roles/stream.serviceAgent`) Gives Immersive Stream for XR access to the required resources. Warning: Do not grant service agent roles to any principals except service agents.	`resourcemanager.projects.get` `resourcemanager.projects.list` `storage.buckets.create` `storage.buckets.get` `storage.objects.create` `storage.objects.get` `storage.objects.list`

Stream Service Agent

(roles/stream.serviceAgent)

Gives Immersive Stream for XR access to the required resources.

resourcemanager.projects.get

resourcemanager.projects.list

storage.buckets.create

storage.buckets.get

storage.objects.create

storage.objects.get

storage.objects.list

Stream permissions

Permission	Included in roles
`stream.locations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Stream Admin (`roles/stream.admin`) Stream Viewer (`roles/stream.viewer`) Support User (`roles/iam.supportUser`)
`stream.locations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Stream Admin (`roles/stream.admin`) Stream Viewer (`roles/stream.viewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`stream.operations.cancel`	Owner (`roles/owner`) Editor (`roles/editor`) Stream Admin (`roles/stream.admin`)
`stream.operations.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Stream Admin (`roles/stream.admin`)
`stream.operations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Stream Admin (`roles/stream.admin`) Stream Viewer (`roles/stream.viewer`) Support User (`roles/iam.supportUser`)
`stream.operations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Stream Admin (`roles/stream.admin`) Stream Viewer (`roles/stream.viewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`stream.streamContents.build`	Owner (`roles/owner`) Editor (`roles/editor`) Stream Admin (`roles/stream.admin`) Stream Content Admin (`roles/stream.contentAdmin`) Stream Content Builder (`roles/stream.contentBuilder`)
`stream.streamContents.create`	Owner (`roles/owner`) Editor (`roles/editor`) Stream Admin (`roles/stream.admin`) Stream Content Admin (`roles/stream.contentAdmin`)
`stream.streamContents.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Stream Admin (`roles/stream.admin`) Stream Content Admin (`roles/stream.contentAdmin`)
`stream.streamContents.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Stream Admin (`roles/stream.admin`) Stream Viewer (`roles/stream.viewer`) Support User (`roles/iam.supportUser`) Stream Content Admin (`roles/stream.contentAdmin`) Stream Content Builder (`roles/stream.contentBuilder`) Stream Instance Admin (`roles/stream.instanceAdmin`)
`stream.streamContents.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Stream Admin (`roles/stream.admin`) Stream Viewer (`roles/stream.viewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Stream Content Admin (`roles/stream.contentAdmin`) Stream Content Builder (`roles/stream.contentBuilder`) Stream Instance Admin (`roles/stream.instanceAdmin`)
`stream.streamContents.update`	Owner (`roles/owner`) Editor (`roles/editor`) Stream Admin (`roles/stream.admin`) Stream Content Admin (`roles/stream.contentAdmin`)
`stream.streamInstances.create`	Owner (`roles/owner`) Editor (`roles/editor`) Stream Admin (`roles/stream.admin`) Stream Instance Admin (`roles/stream.instanceAdmin`)
`stream.streamInstances.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Stream Admin (`roles/stream.admin`) Stream Instance Admin (`roles/stream.instanceAdmin`)
`stream.streamInstances.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Stream Admin (`roles/stream.admin`) Stream Viewer (`roles/stream.viewer`) Support User (`roles/iam.supportUser`) Stream Instance Admin (`roles/stream.instanceAdmin`)
`stream.streamInstances.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Stream Admin (`roles/stream.admin`) Stream Viewer (`roles/stream.viewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Stream Instance Admin (`roles/stream.instanceAdmin`)
`stream.streamInstances.rollout`	Owner (`roles/owner`) Editor (`roles/editor`) Stream Admin (`roles/stream.admin`) Stream Instance Admin (`roles/stream.instanceAdmin`)
`stream.streamInstances.update`	Owner (`roles/owner`) Editor (`roles/editor`) Stream Admin (`roles/stream.admin`) Stream Instance Admin (`roles/stream.instanceAdmin`)

Stream roles and permissions

Stream roles

Stream Admin

Stream Viewer

Stream Content Admin

Stream Content Builder

Stream Instance Admin

Service agent roles

Stream Service Agent

Stream permissions

`stream.locations.get`

`stream.locations.list`

`stream.operations.cancel`

`stream.operations.delete`

`stream.operations.get`

`stream.operations.list`

`stream.streamContents.build`

`stream.streamContents.create`

`stream.streamContents.delete`

`stream.streamContents.get`

`stream.streamContents.list`

`stream.streamContents.update`

`stream.streamInstances.create`

`stream.streamInstances.delete`

`stream.streamInstances.get`

`stream.streamInstances.list`

`stream.streamInstances.rollout`

`stream.streamInstances.update`

Stream roles and permissions Stay organized with collections Save and categorize content based on your preferences.

Stream roles

Stream Admin

Stream Viewer

Stream Content Admin

Stream Content Builder

Stream Instance Admin

Service agent roles

Stream Service Agent

Stream permissions

stream.locations.get

stream.locations.list

stream.operations.cancel

stream.operations.delete

stream.operations.get

stream.operations.list

stream.streamContents.build

stream.streamContents.create

stream.streamContents.delete

stream.streamContents.get

stream.streamContents.list

stream.streamContents.update

stream.streamInstances.create

stream.streamInstances.delete

stream.streamInstances.get

stream.streamInstances.list

stream.streamInstances.rollout

stream.streamInstances.update

Stream roles and permissions

`stream.locations.get`

`stream.locations.list`

`stream.operations.cancel`

`stream.operations.delete`

`stream.operations.get`

`stream.operations.list`

`stream.streamContents.build`

`stream.streamContents.create`

`stream.streamContents.delete`

`stream.streamContents.get`

`stream.streamContents.list`

`stream.streamContents.update`

`stream.streamInstances.create`

`stream.streamInstances.delete`

`stream.streamInstances.get`

`stream.streamInstances.list`

`stream.streamInstances.rollout`

`stream.streamInstances.update`