Home Original page

Cloud Run functions roles and permissions

Cloud Functions Admin

(roles/cloudfunctions.admin)

Full access to functions, operations and locations.

artifactregistry.attachments.get

artifactregistry.attachments.list

artifactregistry.dockerimages.*

  • artifactregistry.dockerimages.get
  • artifactregistry.dockerimages.list

artifactregistry.files.download

artifactregistry.files.get

artifactregistry.files.list

artifactregistry.locations.*

  • artifactregistry.locations.get
  • artifactregistry.locations.list

artifactregistry.mavenartifacts.*

  • artifactregistry.mavenartifacts.get
  • artifactregistry.mavenartifacts.list

artifactregistry.npmpackages.*

  • artifactregistry.npmpackages.get
  • artifactregistry.npmpackages.list

artifactregistry.packages.get

artifactregistry.packages.list

artifactregistry.projectsettings.get

artifactregistry.pythonpackages.*

  • artifactregistry.pythonpackages.get
  • artifactregistry.pythonpackages.list

artifactregistry.repositories.downloadArtifacts

artifactregistry.repositories.exportArtifacts

artifactregistry.repositories.get

artifactregistry.repositories.list

artifactregistry.repositories.listEffectiveTags

artifactregistry.repositories.listTagBindings

artifactregistry.repositories.readViaVirtualRepository

artifactregistry.rules.get

artifactregistry.rules.list

artifactregistry.tags.get

artifactregistry.tags.list

artifactregistry.versions.get

artifactregistry.versions.list

cloudasset.assets.searchAllResources

cloudbuild.builds.get

cloudbuild.builds.list

cloudbuild.locations.*

  • cloudbuild.locations.get
  • cloudbuild.locations.list

cloudbuild.operations.*

  • cloudbuild.operations.get
  • cloudbuild.operations.list

cloudfunctions.*

  • cloudfunctions.functions.call
  • cloudfunctions.functions.create
  • cloudfunctions.functions.delete
  • cloudfunctions.functions.generationUpgrade
  • cloudfunctions.functions.get
  • cloudfunctions.functions.getIamPolicy
  • cloudfunctions.functions.invoke
  • cloudfunctions.functions.list
  • cloudfunctions.functions.setIamPolicy
  • cloudfunctions.functions.sourceCodeGet
  • cloudfunctions.functions.sourceCodeSet
  • cloudfunctions.functions.update
  • cloudfunctions.locations.list
  • cloudfunctions.operations.get
  • cloudfunctions.operations.list

eventarc.*

  • eventarc.channelConnections.create
  • eventarc.channelConnections.delete
  • eventarc.channelConnections.get
  • eventarc.channelConnections.getIamPolicy
  • eventarc.channelConnections.list
  • eventarc.channelConnections.publish
  • eventarc.channelConnections.setIamPolicy
  • eventarc.channels.attach
  • eventarc.channels.create
  • eventarc.channels.delete
  • eventarc.channels.get
  • eventarc.channels.getIamPolicy
  • eventarc.channels.list
  • eventarc.channels.publish
  • eventarc.channels.setIamPolicy
  • eventarc.channels.undelete
  • eventarc.channels.update
  • eventarc.enrollments.create
  • eventarc.enrollments.delete
  • eventarc.enrollments.get
  • eventarc.enrollments.getIamPolicy
  • eventarc.enrollments.list
  • eventarc.enrollments.setIamPolicy
  • eventarc.enrollments.update
  • eventarc.events.receiveAuditLogWritten
  • eventarc.events.receiveEvent
  • eventarc.googleApiSources.create
  • eventarc.googleApiSources.delete
  • eventarc.googleApiSources.get
  • eventarc.googleApiSources.getIamPolicy
  • eventarc.googleApiSources.list
  • eventarc.googleApiSources.setIamPolicy
  • eventarc.googleApiSources.update
  • eventarc.googleChannelConfigs.get
  • eventarc.googleChannelConfigs.update
  • eventarc.kafkaSources.create
  • eventarc.kafkaSources.delete
  • eventarc.kafkaSources.get
  • eventarc.kafkaSources.getIamPolicy
  • eventarc.kafkaSources.list
  • eventarc.kafkaSources.setIamPolicy
  • eventarc.locations.get
  • eventarc.locations.list
  • eventarc.messageBuses.create
  • eventarc.messageBuses.delete
  • eventarc.messageBuses.get
  • eventarc.messageBuses.getIamPolicy
  • eventarc.messageBuses.list
  • eventarc.messageBuses.publish
  • eventarc.messageBuses.setIamPolicy
  • eventarc.messageBuses.update
  • eventarc.messageBuses.use
  • eventarc.multiProjectSources.collectGoogleApiEvents
  • eventarc.operations.cancel
  • eventarc.operations.delete
  • eventarc.operations.get
  • eventarc.operations.list
  • eventarc.pipelines.create
  • eventarc.pipelines.delete
  • eventarc.pipelines.get
  • eventarc.pipelines.getIamPolicy
  • eventarc.pipelines.list
  • eventarc.pipelines.setIamPolicy
  • eventarc.pipelines.update
  • eventarc.providers.get
  • eventarc.providers.list
  • eventarc.triggers.create
  • eventarc.triggers.delete
  • eventarc.triggers.get
  • eventarc.triggers.getIamPolicy
  • eventarc.triggers.list
  • eventarc.triggers.setIamPolicy
  • eventarc.triggers.undelete
  • eventarc.triggers.update

recommender.cloudFunctionsPerformanceInsights.*

  • recommender.cloudFunctionsPerformanceInsights.get
  • recommender.cloudFunctionsPerformanceInsights.list
  • recommender.cloudFunctionsPerformanceInsights.update

recommender.cloudFunctionsPerformanceRecommendations.*

  • recommender.cloudFunctionsPerformanceRecommendations.get
  • recommender.cloudFunctionsPerformanceRecommendations.list
  • recommender.cloudFunctionsPerformanceRecommendations.update

recommender.locations.*

  • recommender.locations.get
  • recommender.locations.list

recommender.runServiceCostInsights.*

  • recommender.runServiceCostInsights.get
  • recommender.runServiceCostInsights.list
  • recommender.runServiceCostInsights.update

recommender.runServiceCostRecommendations.*

  • recommender.runServiceCostRecommendations.get
  • recommender.runServiceCostRecommendations.list
  • recommender.runServiceCostRecommendations.update

recommender.runServiceIdentityInsights.*

  • recommender.runServiceIdentityInsights.get
  • recommender.runServiceIdentityInsights.list
  • recommender.runServiceIdentityInsights.update

recommender.runServiceIdentityRecommendations.*

  • recommender.runServiceIdentityRecommendations.get
  • recommender.runServiceIdentityRecommendations.list
  • recommender.runServiceIdentityRecommendations.update

recommender.runServicePerformanceInsights.*

  • recommender.runServicePerformanceInsights.get
  • recommender.runServicePerformanceInsights.list
  • recommender.runServicePerformanceInsights.update

recommender.runServicePerformanceRecommendations.*

  • recommender.runServicePerformanceRecommendations.get
  • recommender.runServicePerformanceRecommendations.list
  • recommender.runServicePerformanceRecommendations.update

recommender.runServiceSecurityInsights.*

  • recommender.runServiceSecurityInsights.get
  • recommender.runServiceSecurityInsights.list
  • recommender.runServiceSecurityInsights.update

recommender.runServiceSecurityRecommendations.*

  • recommender.runServiceSecurityRecommendations.get
  • recommender.runServiceSecurityRecommendations.list
  • recommender.runServiceSecurityRecommendations.update

remotebuildexecution.blobs.get

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

resourcemanager.projects.list

run.*

  • run.configurations.get
  • run.configurations.list
  • run.executions.cancel
  • run.executions.delete
  • run.executions.get
  • run.executions.list
  • run.jobs.create
  • run.jobs.createTagBinding
  • run.jobs.delete
  • run.jobs.deleteTagBinding
  • run.jobs.get
  • run.jobs.getIamPolicy
  • run.jobs.list
  • run.jobs.listEffectiveTags
  • run.jobs.listTagBindings
  • run.jobs.run
  • run.jobs.runWithOverrides
  • run.jobs.setIamPolicy
  • run.jobs.update
  • run.locations.list
  • run.operations.delete
  • run.operations.get
  • run.operations.list
  • run.revisions.delete
  • run.revisions.get
  • run.revisions.list
  • run.routes.get
  • run.routes.invoke
  • run.routes.list
  • run.services.create
  • run.services.createTagBinding
  • run.services.delete
  • run.services.deleteTagBinding
  • run.services.get
  • run.services.getIamPolicy
  • run.services.list
  • run.services.listEffectiveTags
  • run.services.listTagBindings
  • run.services.setIamPolicy
  • run.services.update
  • run.tasks.get
  • run.tasks.list
  • run.workerpools.create
  • run.workerpools.delete
  • run.workerpools.get
  • run.workerpools.getIamPolicy
  • run.workerpools.list
  • run.workerpools.setIamPolicy
  • run.workerpools.update

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

  • serviceusage.groups.list
  • serviceusage.groups.listExpandedMembers
  • serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Cloud Functions Developer

(roles/cloudfunctions.developer)

Read and write access to all functions-related resources.

artifactregistry.attachments.get

artifactregistry.attachments.list

artifactregistry.dockerimages.*

  • artifactregistry.dockerimages.get
  • artifactregistry.dockerimages.list

artifactregistry.files.download

artifactregistry.files.get

artifactregistry.files.list

artifactregistry.locations.*

  • artifactregistry.locations.get
  • artifactregistry.locations.list

artifactregistry.mavenartifacts.*

  • artifactregistry.mavenartifacts.get
  • artifactregistry.mavenartifacts.list

artifactregistry.npmpackages.*

  • artifactregistry.npmpackages.get
  • artifactregistry.npmpackages.list

artifactregistry.packages.get

artifactregistry.packages.list

artifactregistry.projectsettings.get

artifactregistry.pythonpackages.*

  • artifactregistry.pythonpackages.get
  • artifactregistry.pythonpackages.list

artifactregistry.repositories.downloadArtifacts

artifactregistry.repositories.exportArtifacts

artifactregistry.repositories.get

artifactregistry.repositories.list

artifactregistry.repositories.listEffectiveTags

artifactregistry.repositories.listTagBindings

artifactregistry.repositories.readViaVirtualRepository

artifactregistry.rules.get

artifactregistry.rules.list

artifactregistry.tags.get

artifactregistry.tags.list

artifactregistry.versions.get

artifactregistry.versions.list

cloudasset.assets.searchAllResources

cloudbuild.builds.get

cloudbuild.builds.list

cloudbuild.locations.*

  • cloudbuild.locations.get
  • cloudbuild.locations.list

cloudbuild.operations.*

  • cloudbuild.operations.get
  • cloudbuild.operations.list

cloudfunctions.functions.call

cloudfunctions.functions.create

cloudfunctions.functions.delete

cloudfunctions.functions.generationUpgrade

cloudfunctions.functions.get

cloudfunctions.functions.invoke

cloudfunctions.functions.list

cloudfunctions.functions.sourceCodeGet

cloudfunctions.functions.sourceCodeSet

cloudfunctions.functions.update

cloudfunctions.locations.list

cloudfunctions.operations.*

  • cloudfunctions.operations.get
  • cloudfunctions.operations.list

eventarc.channelConnections.create

eventarc.channelConnections.delete

eventarc.channelConnections.get

eventarc.channelConnections.getIamPolicy

eventarc.channelConnections.list

eventarc.channelConnections.publish

eventarc.channels.attach

eventarc.channels.create

eventarc.channels.delete

eventarc.channels.get

eventarc.channels.getIamPolicy

eventarc.channels.list

eventarc.channels.publish

eventarc.channels.undelete

eventarc.channels.update

eventarc.enrollments.create

eventarc.enrollments.delete

eventarc.enrollments.get

eventarc.enrollments.getIamPolicy

eventarc.enrollments.list

eventarc.enrollments.update

eventarc.googleApiSources.create

eventarc.googleApiSources.delete

eventarc.googleApiSources.get

eventarc.googleApiSources.getIamPolicy

eventarc.googleApiSources.list

eventarc.googleApiSources.update

eventarc.googleChannelConfigs.*

  • eventarc.googleChannelConfigs.get
  • eventarc.googleChannelConfigs.update

eventarc.kafkaSources.create

eventarc.kafkaSources.delete

eventarc.kafkaSources.get

eventarc.kafkaSources.getIamPolicy

eventarc.kafkaSources.list

eventarc.locations.*

  • eventarc.locations.get
  • eventarc.locations.list

eventarc.operations.*

  • eventarc.operations.cancel
  • eventarc.operations.delete
  • eventarc.operations.get
  • eventarc.operations.list

eventarc.pipelines.create

eventarc.pipelines.delete

eventarc.pipelines.get

eventarc.pipelines.getIamPolicy

eventarc.pipelines.list

eventarc.pipelines.update

eventarc.providers.*

  • eventarc.providers.get
  • eventarc.providers.list

eventarc.triggers.create

eventarc.triggers.delete

eventarc.triggers.get

eventarc.triggers.getIamPolicy

eventarc.triggers.list

eventarc.triggers.undelete

eventarc.triggers.update

recommender.cloudFunctionsPerformanceInsights.*

  • recommender.cloudFunctionsPerformanceInsights.get
  • recommender.cloudFunctionsPerformanceInsights.list
  • recommender.cloudFunctionsPerformanceInsights.update

recommender.cloudFunctionsPerformanceRecommendations.*

  • recommender.cloudFunctionsPerformanceRecommendations.get
  • recommender.cloudFunctionsPerformanceRecommendations.list
  • recommender.cloudFunctionsPerformanceRecommendations.update

recommender.locations.*

  • recommender.locations.get
  • recommender.locations.list

recommender.runServiceCostInsights.*

  • recommender.runServiceCostInsights.get
  • recommender.runServiceCostInsights.list
  • recommender.runServiceCostInsights.update

recommender.runServiceCostRecommendations.*

  • recommender.runServiceCostRecommendations.get
  • recommender.runServiceCostRecommendations.list
  • recommender.runServiceCostRecommendations.update

recommender.runServiceIdentityInsights.*

  • recommender.runServiceIdentityInsights.get
  • recommender.runServiceIdentityInsights.list
  • recommender.runServiceIdentityInsights.update

recommender.runServiceIdentityRecommendations.*

  • recommender.runServiceIdentityRecommendations.get
  • recommender.runServiceIdentityRecommendations.list
  • recommender.runServiceIdentityRecommendations.update

recommender.runServicePerformanceInsights.*

  • recommender.runServicePerformanceInsights.get
  • recommender.runServicePerformanceInsights.list
  • recommender.runServicePerformanceInsights.update

recommender.runServicePerformanceRecommendations.*

  • recommender.runServicePerformanceRecommendations.get
  • recommender.runServicePerformanceRecommendations.list
  • recommender.runServicePerformanceRecommendations.update

recommender.runServiceSecurityInsights.*

  • recommender.runServiceSecurityInsights.get
  • recommender.runServiceSecurityInsights.list
  • recommender.runServiceSecurityInsights.update

recommender.runServiceSecurityRecommendations.*

  • recommender.runServiceSecurityRecommendations.get
  • recommender.runServiceSecurityRecommendations.list
  • recommender.runServiceSecurityRecommendations.update

remotebuildexecution.blobs.get

resourcemanager.projects.get

resourcemanager.projects.list

run.configurations.*

  • run.configurations.get
  • run.configurations.list

run.executions.*

  • run.executions.cancel
  • run.executions.delete
  • run.executions.get
  • run.executions.list

run.jobs.create

run.jobs.delete

run.jobs.get

run.jobs.getIamPolicy

run.jobs.list

run.jobs.listEffectiveTags

run.jobs.listTagBindings

run.jobs.run

run.jobs.runWithOverrides

run.jobs.update

run.locations.list

run.operations.*

  • run.operations.delete
  • run.operations.get
  • run.operations.list

run.revisions.*

  • run.revisions.delete
  • run.revisions.get
  • run.revisions.list

run.routes.*

  • run.routes.get
  • run.routes.invoke
  • run.routes.list

run.services.create

run.services.delete

run.services.get

run.services.getIamPolicy

run.services.list

run.services.listEffectiveTags

run.services.listTagBindings

run.services.update

run.tasks.*

  • run.tasks.get
  • run.tasks.list

run.workerpools.create

run.workerpools.delete

run.workerpools.get

run.workerpools.getIamPolicy

run.workerpools.list

run.workerpools.update

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

  • serviceusage.groups.list
  • serviceusage.groups.listExpandedMembers
  • serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Cloud Functions Invoker

(roles/cloudfunctions.invoker)

Ability to invoke 1st gen HTTP functions with restricted access. 2nd gen functions need the Cloud Run Invoker role instead.

cloudfunctions.functions.invoke

Cloud Functions Service Agent

(roles/cloudfunctions.serviceAgent)

Gives Cloud Functions service account access to managed resources.

artifactregistry.aptartifacts.create

artifactregistry.attachments.*

  • artifactregistry.attachments.create
  • artifactregistry.attachments.delete
  • artifactregistry.attachments.get
  • artifactregistry.attachments.list

artifactregistry.dockerimages.*

  • artifactregistry.dockerimages.get
  • artifactregistry.dockerimages.list

artifactregistry.files.*

  • artifactregistry.files.delete
  • artifactregistry.files.download
  • artifactregistry.files.get
  • artifactregistry.files.list
  • artifactregistry.files.update
  • artifactregistry.files.upload

artifactregistry.kfpartifacts.create

artifactregistry.locations.*

  • artifactregistry.locations.get
  • artifactregistry.locations.list

artifactregistry.mavenartifacts.*

  • artifactregistry.mavenartifacts.get
  • artifactregistry.mavenartifacts.list

artifactregistry.npmpackages.*

  • artifactregistry.npmpackages.get
  • artifactregistry.npmpackages.list

artifactregistry.packages.*

  • artifactregistry.packages.delete
  • artifactregistry.packages.get
  • artifactregistry.packages.list
  • artifactregistry.packages.update

artifactregistry.projectsettings.*

  • artifactregistry.projectsettings.get
  • artifactregistry.projectsettings.update

artifactregistry.pythonpackages.*

  • artifactregistry.pythonpackages.get
  • artifactregistry.pythonpackages.list

artifactregistry.repositories.create

artifactregistry.repositories.createTagBinding

artifactregistry.repositories.delete

artifactregistry.repositories.deleteArtifacts

artifactregistry.repositories.deleteTagBinding

artifactregistry.repositories.downloadArtifacts

artifactregistry.repositories.exportArtifacts

artifactregistry.repositories.get

artifactregistry.repositories.getIamPolicy

artifactregistry.repositories.list

artifactregistry.repositories.listEffectiveTags

artifactregistry.repositories.listTagBindings

artifactregistry.repositories.readViaVirtualRepository

artifactregistry.repositories.setIamPolicy

artifactregistry.repositories.update

artifactregistry.repositories.uploadArtifacts

artifactregistry.rules.*

  • artifactregistry.rules.create
  • artifactregistry.rules.delete
  • artifactregistry.rules.get
  • artifactregistry.rules.list
  • artifactregistry.rules.update

artifactregistry.tags.*

  • artifactregistry.tags.create
  • artifactregistry.tags.delete
  • artifactregistry.tags.get
  • artifactregistry.tags.list
  • artifactregistry.tags.update

artifactregistry.versions.*

  • artifactregistry.versions.delete
  • artifactregistry.versions.get
  • artifactregistry.versions.list
  • artifactregistry.versions.update

artifactregistry.yumartifacts.create

clientauthconfig.clients.list

cloudbuild.builds.create

cloudbuild.builds.get

cloudbuild.builds.list

cloudbuild.builds.update

cloudbuild.locations.*

  • cloudbuild.locations.get
  • cloudbuild.locations.list

cloudbuild.operations.*

  • cloudbuild.operations.get
  • cloudbuild.operations.list

cloudbuild.workerpools.use

cloudfunctions.functions.get

cloudfunctions.functions.invoke

cloudfunctions.functions.list

cloudfunctions.operations.*

  • cloudfunctions.operations.get
  • cloudfunctions.operations.list

compute.globalOperations.get

compute.networks.access

eventarc.channelConnections.create

eventarc.channelConnections.delete

eventarc.channelConnections.get

eventarc.channelConnections.getIamPolicy

eventarc.channelConnections.list

eventarc.channelConnections.publish

eventarc.channels.attach

eventarc.channels.create

eventarc.channels.delete

eventarc.channels.get

eventarc.channels.getIamPolicy

eventarc.channels.list

eventarc.channels.publish

eventarc.channels.undelete

eventarc.channels.update

eventarc.enrollments.create

eventarc.enrollments.delete

eventarc.enrollments.get

eventarc.enrollments.getIamPolicy

eventarc.enrollments.list

eventarc.enrollments.update

eventarc.googleApiSources.create

eventarc.googleApiSources.delete

eventarc.googleApiSources.get

eventarc.googleApiSources.getIamPolicy

eventarc.googleApiSources.list

eventarc.googleApiSources.update

eventarc.googleChannelConfigs.*

  • eventarc.googleChannelConfigs.get
  • eventarc.googleChannelConfigs.update

eventarc.kafkaSources.create

eventarc.kafkaSources.delete

eventarc.kafkaSources.get

eventarc.kafkaSources.getIamPolicy

eventarc.kafkaSources.list

eventarc.locations.*

  • eventarc.locations.get
  • eventarc.locations.list

eventarc.operations.*

  • eventarc.operations.cancel
  • eventarc.operations.delete
  • eventarc.operations.get
  • eventarc.operations.list

eventarc.pipelines.create

eventarc.pipelines.delete

eventarc.pipelines.get

eventarc.pipelines.getIamPolicy

eventarc.pipelines.list

eventarc.pipelines.update

eventarc.providers.*

  • eventarc.providers.get
  • eventarc.providers.list

eventarc.triggers.create

eventarc.triggers.delete

eventarc.triggers.get

eventarc.triggers.getIamPolicy

eventarc.triggers.list

eventarc.triggers.undelete

eventarc.triggers.update

firebasedatabase.instances.get

firebasedatabase.instances.update

iam.serviceAccounts.actAs

iam.serviceAccounts.getAccessToken

iam.serviceAccounts.getOpenIdToken

iam.serviceAccounts.signBlob

pubsub.subscriptions.consume

pubsub.subscriptions.create

pubsub.subscriptions.delete

pubsub.subscriptions.get

pubsub.subscriptions.getIamPolicy

pubsub.subscriptions.list

pubsub.subscriptions.listEffectiveTags

pubsub.subscriptions.listTagBindings

pubsub.subscriptions.setIamPolicy

pubsub.subscriptions.update

pubsub.topics.attachSubscription

pubsub.topics.create

pubsub.topics.get

pubsub.topics.list

recommender.locations.*

  • recommender.locations.get
  • recommender.locations.list

recommender.runServiceCostInsights.*

  • recommender.runServiceCostInsights.get
  • recommender.runServiceCostInsights.list
  • recommender.runServiceCostInsights.update

recommender.runServiceCostRecommendations.*

  • recommender.runServiceCostRecommendations.get
  • recommender.runServiceCostRecommendations.list
  • recommender.runServiceCostRecommendations.update

recommender.runServiceIdentityInsights.*

  • recommender.runServiceIdentityInsights.get
  • recommender.runServiceIdentityInsights.list
  • recommender.runServiceIdentityInsights.update

recommender.runServiceIdentityRecommendations.*

  • recommender.runServiceIdentityRecommendations.get
  • recommender.runServiceIdentityRecommendations.list
  • recommender.runServiceIdentityRecommendations.update

recommender.runServicePerformanceInsights.*

  • recommender.runServicePerformanceInsights.get
  • recommender.runServicePerformanceInsights.list
  • recommender.runServicePerformanceInsights.update

recommender.runServicePerformanceRecommendations.*

  • recommender.runServicePerformanceRecommendations.get
  • recommender.runServicePerformanceRecommendations.list
  • recommender.runServicePerformanceRecommendations.update

recommender.runServiceSecurityInsights.*

  • recommender.runServiceSecurityInsights.get
  • recommender.runServiceSecurityInsights.list
  • recommender.runServiceSecurityInsights.update

recommender.runServiceSecurityRecommendations.*

  • recommender.runServiceSecurityRecommendations.get
  • recommender.runServiceSecurityRecommendations.list
  • recommender.runServiceSecurityRecommendations.update

remotebuildexecution.blobs.get

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

resourcemanager.projects.list

run.configurations.*

  • run.configurations.get
  • run.configurations.list

run.executions.*

  • run.executions.cancel
  • run.executions.delete
  • run.executions.get
  • run.executions.list

run.jobs.create

run.jobs.delete

run.jobs.get

run.jobs.getIamPolicy

run.jobs.list

run.jobs.listEffectiveTags

run.jobs.listTagBindings

run.jobs.run

run.jobs.runWithOverrides

run.jobs.update

run.locations.list

run.operations.*

  • run.operations.delete
  • run.operations.get
  • run.operations.list

run.revisions.*

  • run.revisions.delete
  • run.revisions.get
  • run.revisions.list

run.routes.*

  • run.routes.get
  • run.routes.invoke
  • run.routes.list

run.services.create

run.services.delete

run.services.get

run.services.getIamPolicy

run.services.list

run.services.listEffectiveTags

run.services.listTagBindings

run.services.update

run.tasks.*

  • run.tasks.get
  • run.tasks.list

run.workerpools.create

run.workerpools.delete

run.workerpools.get

run.workerpools.getIamPolicy

run.workerpools.list

run.workerpools.update

serviceusage.consumerpolicy.*

  • serviceusage.consumerpolicy.analyze
  • serviceusage.consumerpolicy.get
  • serviceusage.consumerpolicy.update

serviceusage.effectivepolicy.get

serviceusage.groups.*

  • serviceusage.groups.list
  • serviceusage.groups.listExpandedMembers
  • serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.disable

serviceusage.services.enable

serviceusage.services.get

serviceusage.services.use

serviceusage.values.test

source.repos.get

source.repos.list

storage.buckets.create

storage.buckets.delete

storage.buckets.get

storage.buckets.update

storage.objects.create

storage.objects.delete

storage.objects.get

storage.objects.list

vpcaccess.connectors.get

vpcaccess.connectors.use

Cloud Functions Viewer

(roles/cloudfunctions.viewer)

Read-only access to functions and locations.

cloudasset.assets.searchAllResources

cloudbuild.builds.get

cloudbuild.builds.list

cloudbuild.locations.*

  • cloudbuild.locations.get
  • cloudbuild.locations.list

cloudbuild.operations.*

  • cloudbuild.operations.get
  • cloudbuild.operations.list

cloudfunctions.functions.get

cloudfunctions.functions.getIamPolicy

cloudfunctions.functions.list

cloudfunctions.locations.list

cloudfunctions.operations.*

  • cloudfunctions.operations.get
  • cloudfunctions.operations.list

eventarc.channelConnections.get

eventarc.channelConnections.getIamPolicy

eventarc.channelConnections.list

eventarc.channels.get

eventarc.channels.getIamPolicy

eventarc.channels.list

eventarc.enrollments.get

eventarc.enrollments.getIamPolicy

eventarc.enrollments.list

eventarc.googleApiSources.get

eventarc.googleApiSources.getIamPolicy

eventarc.googleApiSources.list

eventarc.googleChannelConfigs.get

eventarc.kafkaSources.get

eventarc.kafkaSources.getIamPolicy

eventarc.kafkaSources.list

eventarc.locations.*

  • eventarc.locations.get
  • eventarc.locations.list

eventarc.messageBuses.get

eventarc.messageBuses.getIamPolicy

eventarc.messageBuses.list

eventarc.messageBuses.use

eventarc.multiProjectSources.collectGoogleApiEvents

eventarc.operations.get

eventarc.operations.list

eventarc.pipelines.get

eventarc.pipelines.getIamPolicy

eventarc.pipelines.list

eventarc.providers.*

  • eventarc.providers.get
  • eventarc.providers.list

eventarc.triggers.get

eventarc.triggers.getIamPolicy

eventarc.triggers.list

recommender.cloudFunctionsPerformanceInsights.get

recommender.cloudFunctionsPerformanceInsights.list

recommender.cloudFunctionsPerformanceRecommendations.get

recommender.cloudFunctionsPerformanceRecommendations.list

recommender.locations.*

  • recommender.locations.get
  • recommender.locations.list

recommender.runServiceCostInsights.get

recommender.runServiceCostInsights.list

recommender.runServiceCostRecommendations.get

recommender.runServiceCostRecommendations.list

recommender.runServiceIdentityInsights.get

recommender.runServiceIdentityInsights.list

recommender.runServiceIdentityRecommendations.get

recommender.runServiceIdentityRecommendations.list

recommender.runServicePerformanceInsights.get

recommender.runServicePerformanceInsights.list

recommender.runServicePerformanceRecommendations.get

recommender.runServicePerformanceRecommendations.list

recommender.runServiceSecurityInsights.get

recommender.runServiceSecurityInsights.list

recommender.runServiceSecurityRecommendations.get

recommender.runServiceSecurityRecommendations.list

remotebuildexecution.blobs.get

resourcemanager.projects.get

resourcemanager.projects.list

run.configurations.*

  • run.configurations.get
  • run.configurations.list

run.executions.get

run.executions.list

run.jobs.get

run.jobs.getIamPolicy

run.jobs.list

run.jobs.listEffectiveTags

run.jobs.listTagBindings

run.locations.list

run.operations.get

run.operations.list

run.revisions.get

run.revisions.list

run.routes.get

run.routes.list

run.services.get

run.services.getIamPolicy

run.services.list

run.services.listEffectiveTags

run.services.listTagBindings

run.tasks.*

  • run.tasks.get
  • run.tasks.list

run.workerpools.get

run.workerpools.getIamPolicy

run.workerpools.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

  • serviceusage.groups.list
  • serviceusage.groups.listExpandedMembers
  • serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test