Compute Engine IAM roles and permissions (original) (raw)
Compute Admin
(roles/compute.admin)
Full control of all Compute Engine resources.
If the user will be managing virtual machine instances that are configured to run as a service account, you must also grant theroles/iam.serviceAccountUser role.
Lowest-level resources where you can grant this role:
- Disk
- Image
- Instance
- Instance template
- Node group
- Node template
- Snapshot
backupdr.backupPlanAssociations.createForComputeDisk
backupdr.backupPlanAssociations.createForComputeInstance
backupdr.backupPlanAssociations.deleteForComputeDisk
backupdr.backupPlanAssociations.deleteForComputeInstance
backupdr.backupPlanAssociations.fetchForComputeDisk
backupdr.backupPlanAssociations.getForComputeDisk
backupdr.backupPlanAssociations.list
backupdr.backupPlanAssociations.triggerBackupForComputeDisk
backupdr.backupPlanAssociations.triggerBackupForComputeInstance
backupdr.backupPlanAssociations.updateForComputeDisk
backupdr.backupPlanAssociations.updateForComputeInstance
backupdr.backupPlans.get
backupdr.backupPlans.list
backupdr.backupPlans.useForComputeDisk
backupdr.backupPlans.useForComputeInstance
backupdr.backupVaults.get
backupdr.backupVaults.list
backupdr.locations.list
backupdr.operations.get
backupdr.operations.list
backupdr.serviceConfig.initialize
cloudkms.keyHandles.*
cloudkms.keyHandles.createcloudkms.keyHandles.getcloudkms.keyHandles.list
cloudkms.operations.get
cloudkms.projects.showEffectiveAutokeyConfig
compute.*
compute.acceleratorTypes.getcompute.acceleratorTypes.listcompute.addresses.createcompute.addresses.createInternalcompute.addresses.createTagBindingcompute.addresses.deletecompute.addresses.deleteInternalcompute.addresses.deleteTagBindingcompute.addresses.getcompute.addresses.listcompute.addresses.listEffectiveTagscompute.addresses.listTagBindingscompute.addresses.setLabelscompute.addresses.usecompute.addresses.useInternalcompute.advice.calendarModecompute.autoscalers.createcompute.autoscalers.deletecompute.autoscalers.getcompute.autoscalers.listcompute.autoscalers.updatecompute.backendBuckets.addSignedUrlKeycompute.backendBuckets.createcompute.backendBuckets.createTagBindingcompute.backendBuckets.deletecompute.backendBuckets.deleteSignedUrlKeycompute.backendBuckets.deleteTagBindingcompute.backendBuckets.getcompute.backendBuckets.getIamPolicycompute.backendBuckets.listcompute.backendBuckets.listEffectiveTagscompute.backendBuckets.listTagBindingscompute.backendBuckets.setIamPolicycompute.backendBuckets.setSecurityPolicycompute.backendBuckets.updatecompute.backendBuckets.usecompute.backendServices.addSignedUrlKeycompute.backendServices.createcompute.backendServices.createTagBindingcompute.backendServices.deletecompute.backendServices.deleteSignedUrlKeycompute.backendServices.deleteTagBindingcompute.backendServices.getcompute.backendServices.getIamPolicycompute.backendServices.listcompute.backendServices.listEffectiveTagscompute.backendServices.listTagBindingscompute.backendServices.setIamPolicycompute.backendServices.setSecurityPolicycompute.backendServices.updatecompute.backendServices.usecompute.commitments.createcompute.commitments.createTagBindingcompute.commitments.deleteTagBindingcompute.commitments.getcompute.commitments.listcompute.commitments.listEffectiveTagscompute.commitments.listTagBindingscompute.commitments.updatecompute.commitments.updateReservationscompute.crossSiteNetworks.createcompute.crossSiteNetworks.deletecompute.crossSiteNetworks.getcompute.crossSiteNetworks.listcompute.crossSiteNetworks.updatecompute.diskSettings.getcompute.diskSettings.updatecompute.diskTypes.getcompute.diskTypes.listcompute.disks.addResourcePoliciescompute.disks.createcompute.disks.createSnapshotcompute.disks.createTagBindingcompute.disks.deletecompute.disks.deleteTagBindingcompute.disks.getcompute.disks.getIamPolicycompute.disks.listcompute.disks.listEffectiveTagscompute.disks.listTagBindingscompute.disks.removeResourcePoliciescompute.disks.resizecompute.disks.setIamPolicycompute.disks.setLabelscompute.disks.startAsyncReplicationcompute.disks.stopAsyncReplicationcompute.disks.stopGroupAsyncReplicationcompute.disks.updatecompute.disks.updateKmsKeycompute.disks.usecompute.disks.useReadOnlycompute.externalVpnGateways.createcompute.externalVpnGateways.createTagBindingcompute.externalVpnGateways.deletecompute.externalVpnGateways.deleteTagBindingcompute.externalVpnGateways.getcompute.externalVpnGateways.listcompute.externalVpnGateways.listEffectiveTagscompute.externalVpnGateways.listTagBindingscompute.externalVpnGateways.setLabelscompute.externalVpnGateways.usecompute.firewallPolicies.cloneRulescompute.firewallPolicies.copyRulescompute.firewallPolicies.createcompute.firewallPolicies.createTagBindingcompute.firewallPolicies.deletecompute.firewallPolicies.deleteTagBindingcompute.firewallPolicies.getcompute.firewallPolicies.getIamPolicycompute.firewallPolicies.listcompute.firewallPolicies.listEffectiveTagscompute.firewallPolicies.listTagBindingscompute.firewallPolicies.movecompute.firewallPolicies.setIamPolicycompute.firewallPolicies.updatecompute.firewallPolicies.usecompute.firewalls.createcompute.firewalls.createTagBindingcompute.firewalls.deletecompute.firewalls.deleteTagBindingcompute.firewalls.getcompute.firewalls.listcompute.firewalls.listEffectiveTagscompute.firewalls.listTagBindingscompute.firewalls.updatecompute.forwardingRules.createcompute.forwardingRules.createTagBindingcompute.forwardingRules.deletecompute.forwardingRules.deleteTagBindingcompute.forwardingRules.getcompute.forwardingRules.listcompute.forwardingRules.listEffectiveTagscompute.forwardingRules.listTagBindingscompute.forwardingRules.pscCreatecompute.forwardingRules.pscDeletecompute.forwardingRules.pscSetLabelscompute.forwardingRules.pscUpdatecompute.forwardingRules.setLabelscompute.forwardingRules.setTargetcompute.forwardingRules.updatecompute.forwardingRules.usecompute.futureReservations.cancelcompute.futureReservations.createcompute.futureReservations.createTagBindingcompute.futureReservations.deletecompute.futureReservations.deleteTagBindingcompute.futureReservations.getcompute.futureReservations.getIamPolicycompute.futureReservations.listcompute.futureReservations.listEffectiveTagscompute.futureReservations.listTagBindingscompute.futureReservations.setIamPolicycompute.futureReservations.updatecompute.globalAddresses.createcompute.globalAddresses.createInternalcompute.globalAddresses.createTagBindingcompute.globalAddresses.deletecompute.globalAddresses.deleteInternalcompute.globalAddresses.deleteTagBindingcompute.globalAddresses.getcompute.globalAddresses.listcompute.globalAddresses.listEffectiveTagscompute.globalAddresses.listTagBindingscompute.globalAddresses.setLabelscompute.globalAddresses.usecompute.globalForwardingRules.createcompute.globalForwardingRules.createTagBindingcompute.globalForwardingRules.deletecompute.globalForwardingRules.deleteTagBindingcompute.globalForwardingRules.getcompute.globalForwardingRules.listcompute.globalForwardingRules.listEffectiveTagscompute.globalForwardingRules.listTagBindingscompute.globalForwardingRules.pscCreatecompute.globalForwardingRules.pscDeletecompute.globalForwardingRules.pscSetLabelscompute.globalForwardingRules.pscUpdatecompute.globalForwardingRules.setLabelscompute.globalForwardingRules.setTargetcompute.globalForwardingRules.updatecompute.globalNetworkEndpointGroups.attachNetworkEndpointscompute.globalNetworkEndpointGroups.createcompute.globalNetworkEndpointGroups.createTagBindingcompute.globalNetworkEndpointGroups.deletecompute.globalNetworkEndpointGroups.deleteTagBindingcompute.globalNetworkEndpointGroups.detachNetworkEndpointscompute.globalNetworkEndpointGroups.getcompute.globalNetworkEndpointGroups.listcompute.globalNetworkEndpointGroups.listEffectiveTagscompute.globalNetworkEndpointGroups.listTagBindingscompute.globalNetworkEndpointGroups.usecompute.globalOperations.deletecompute.globalOperations.getcompute.globalOperations.getIamPolicycompute.globalOperations.listcompute.globalOperations.setIamPolicycompute.globalPublicDelegatedPrefixes.createcompute.globalPublicDelegatedPrefixes.deletecompute.globalPublicDelegatedPrefixes.getcompute.globalPublicDelegatedPrefixes.listcompute.globalPublicDelegatedPrefixes.updatePolicycompute.healthChecks.createcompute.healthChecks.createTagBindingcompute.healthChecks.deletecompute.healthChecks.deleteTagBindingcompute.healthChecks.getcompute.healthChecks.listcompute.healthChecks.listEffectiveTagscompute.healthChecks.listTagBindingscompute.healthChecks.updatecompute.healthChecks.usecompute.healthChecks.useReadOnlycompute.httpHealthChecks.createcompute.httpHealthChecks.createTagBindingcompute.httpHealthChecks.deletecompute.httpHealthChecks.deleteTagBindingcompute.httpHealthChecks.getcompute.httpHealthChecks.listcompute.httpHealthChecks.listEffectiveTagscompute.httpHealthChecks.listTagBindingscompute.httpHealthChecks.updatecompute.httpHealthChecks.usecompute.httpHealthChecks.useReadOnlycompute.httpsHealthChecks.createcompute.httpsHealthChecks.createTagBindingcompute.httpsHealthChecks.deletecompute.httpsHealthChecks.deleteTagBindingcompute.httpsHealthChecks.getcompute.httpsHealthChecks.listcompute.httpsHealthChecks.listEffectiveTagscompute.httpsHealthChecks.listTagBindingscompute.httpsHealthChecks.updatecompute.httpsHealthChecks.usecompute.httpsHealthChecks.useReadOnlycompute.images.createcompute.images.createTagBindingcompute.images.deletecompute.images.deleteTagBindingcompute.images.deprecatecompute.images.getcompute.images.getFromFamilycompute.images.getIamPolicycompute.images.listcompute.images.listEffectiveTagscompute.images.listTagBindingscompute.images.setIamPolicycompute.images.setLabelscompute.images.updatecompute.images.useReadOnlycompute.instanceGroupManagers.createcompute.instanceGroupManagers.createTagBindingcompute.instanceGroupManagers.deletecompute.instanceGroupManagers.deleteTagBindingcompute.instanceGroupManagers.getcompute.instanceGroupManagers.listcompute.instanceGroupManagers.listEffectiveTagscompute.instanceGroupManagers.listTagBindingscompute.instanceGroupManagers.updatecompute.instanceGroupManagers.usecompute.instanceGroups.createcompute.instanceGroups.createTagBindingcompute.instanceGroups.deletecompute.instanceGroups.deleteTagBindingcompute.instanceGroups.getcompute.instanceGroups.listcompute.instanceGroups.listEffectiveTagscompute.instanceGroups.listTagBindingscompute.instanceGroups.updatecompute.instanceGroups.usecompute.instanceSettings.getcompute.instanceSettings.updatecompute.instanceTemplates.createcompute.instanceTemplates.deletecompute.instanceTemplates.getcompute.instanceTemplates.getIamPolicycompute.instanceTemplates.listcompute.instanceTemplates.setIamPolicycompute.instanceTemplates.useReadOnlycompute.instances.addAccessConfigcompute.instances.addNetworkInterfacecompute.instances.addResourcePoliciescompute.instances.attachDiskcompute.instances.createcompute.instances.createTagBindingcompute.instances.deletecompute.instances.deleteAccessConfigcompute.instances.deleteNetworkInterfacecompute.instances.deleteTagBindingcompute.instances.detachDiskcompute.instances.getcompute.instances.getEffectiveFirewallscompute.instances.getGuestAttributescompute.instances.getIamPolicycompute.instances.getScreenshotcompute.instances.getSerialPortOutputcompute.instances.getShieldedInstanceIdentitycompute.instances.getShieldedVmIdentitycompute.instances.listcompute.instances.listEffectiveTagscompute.instances.listReferrerscompute.instances.listTagBindingscompute.instances.osAdminLogincompute.instances.osLogincompute.instances.pscInterfaceCreatecompute.instances.removeResourcePoliciescompute.instances.resetcompute.instances.resumecompute.instances.sendDiagnosticInterruptcompute.instances.setDeletionProtectioncompute.instances.setDiskAutoDeletecompute.instances.setIamPolicycompute.instances.setLabelscompute.instances.setMachineResourcescompute.instances.setMachineTypecompute.instances.setMetadatacompute.instances.setMinCpuPlatformcompute.instances.setNamecompute.instances.setSchedulingcompute.instances.setSecurityPolicycompute.instances.setServiceAccountcompute.instances.setShieldedInstanceIntegrityPolicycompute.instances.setShieldedVmIntegrityPolicycompute.instances.setTagscompute.instances.simulateMaintenanceEventcompute.instances.startcompute.instances.startWithEncryptionKeycompute.instances.stopcompute.instances.suspendcompute.instances.updatecompute.instances.updateAccessConfigcompute.instances.updateDisplayDevicecompute.instances.updateNetworkInterfacecompute.instances.updateSecuritycompute.instances.updateShieldedInstanceConfigcompute.instances.updateShieldedVmConfigcompute.instances.usecompute.instances.useReadOnlycompute.instantSnapshotGroups.createcompute.instantSnapshotGroups.deletecompute.instantSnapshotGroups.getcompute.instantSnapshotGroups.getIamPolicycompute.instantSnapshotGroups.listcompute.instantSnapshotGroups.setIamPolicycompute.instantSnapshotGroups.useReadOnlycompute.instantSnapshots.createcompute.instantSnapshots.createTagBindingcompute.instantSnapshots.deletecompute.instantSnapshots.deleteTagBindingcompute.instantSnapshots.exportcompute.instantSnapshots.getcompute.instantSnapshots.getIamPolicycompute.instantSnapshots.listcompute.instantSnapshots.listEffectiveTagscompute.instantSnapshots.listTagBindingscompute.instantSnapshots.setIamPolicycompute.instantSnapshots.setLabelscompute.instantSnapshots.useReadOnlycompute.interconnectAttachmentGroups.createcompute.interconnectAttachmentGroups.deletecompute.interconnectAttachmentGroups.getcompute.interconnectAttachmentGroups.listcompute.interconnectAttachmentGroups.patchcompute.interconnectAttachments.createcompute.interconnectAttachments.createTagBindingcompute.interconnectAttachments.deletecompute.interconnectAttachments.deleteTagBindingcompute.interconnectAttachments.getcompute.interconnectAttachments.listcompute.interconnectAttachments.listEffectiveTagscompute.interconnectAttachments.listTagBindingscompute.interconnectAttachments.setLabelscompute.interconnectAttachments.updatecompute.interconnectAttachments.usecompute.interconnectGroups.createcompute.interconnectGroups.deletecompute.interconnectGroups.getcompute.interconnectGroups.listcompute.interconnectGroups.patchcompute.interconnectLocations.getcompute.interconnectLocations.listcompute.interconnectRemoteLocations.getcompute.interconnectRemoteLocations.listcompute.interconnects.createcompute.interconnects.createTagBindingcompute.interconnects.deletecompute.interconnects.deleteTagBindingcompute.interconnects.getcompute.interconnects.getMacsecConfigcompute.interconnects.listcompute.interconnects.listEffectiveTagscompute.interconnects.listTagBindingscompute.interconnects.setLabelscompute.interconnects.updatecompute.interconnects.usecompute.licenseCodes.getcompute.licenseCodes.getIamPolicycompute.licenseCodes.listcompute.licenseCodes.setIamPolicycompute.licenses.createcompute.licenses.createTagBindingcompute.licenses.deletecompute.licenses.deleteTagBindingcompute.licenses.getcompute.licenses.getIamPolicycompute.licenses.listcompute.licenses.listEffectiveTagscompute.licenses.listTagBindingscompute.licenses.setIamPolicycompute.licenses.updatecompute.machineImages.createcompute.machineImages.createTagBindingcompute.machineImages.deletecompute.machineImages.deleteTagBindingcompute.machineImages.getcompute.machineImages.getIamPolicycompute.machineImages.listcompute.machineImages.listEffectiveTagscompute.machineImages.listTagBindingscompute.machineImages.setIamPolicycompute.machineImages.setLabelscompute.machineImages.useReadOnlycompute.machineTypes.getcompute.machineTypes.listcompute.multiMig.createcompute.multiMig.deletecompute.multiMig.getcompute.multiMig.listcompute.multiMigMembers.getcompute.multiMigMembers.listcompute.networkAttachments.createcompute.networkAttachments.createTagBindingcompute.networkAttachments.deletecompute.networkAttachments.deleteTagBindingcompute.networkAttachments.getcompute.networkAttachments.getIamPolicycompute.networkAttachments.listcompute.networkAttachments.listEffectiveTagscompute.networkAttachments.listTagBindingscompute.networkAttachments.setIamPolicycompute.networkAttachments.updatecompute.networkAttachments.usecompute.networkEdgeSecurityServices.createcompute.networkEdgeSecurityServices.createTagBindingcompute.networkEdgeSecurityServices.deletecompute.networkEdgeSecurityServices.deleteTagBindingcompute.networkEdgeSecurityServices.getcompute.networkEdgeSecurityServices.listcompute.networkEdgeSecurityServices.listEffectiveTagscompute.networkEdgeSecurityServices.listTagBindingscompute.networkEdgeSecurityServices.updatecompute.networkEndpointGroups.attachNetworkEndpointscompute.networkEndpointGroups.createcompute.networkEndpointGroups.createTagBindingcompute.networkEndpointGroups.deletecompute.networkEndpointGroups.deleteTagBindingcompute.networkEndpointGroups.detachNetworkEndpointscompute.networkEndpointGroups.getcompute.networkEndpointGroups.listcompute.networkEndpointGroups.listEffectiveTagscompute.networkEndpointGroups.listTagBindingscompute.networkEndpointGroups.usecompute.networkProfiles.getcompute.networkProfiles.listcompute.networks.accesscompute.networks.addPeeringcompute.networks.createcompute.networks.createTagBindingcompute.networks.deletecompute.networks.deleteTagBindingcompute.networks.getcompute.networks.getEffectiveFirewallscompute.networks.getRegionEffectiveFirewallscompute.networks.listcompute.networks.listEffectiveTagscompute.networks.listPeeringRoutescompute.networks.listTagBindingscompute.networks.mirrorcompute.networks.removePeeringcompute.networks.setFirewallPolicycompute.networks.setNetworkPolicycompute.networks.switchToCustomModecompute.networks.updatecompute.networks.updatePeeringcompute.networks.updatePolicycompute.networks.usecompute.networks.useExternalIpcompute.nodeGroups.addNodescompute.nodeGroups.createcompute.nodeGroups.deletecompute.nodeGroups.deleteNodescompute.nodeGroups.getcompute.nodeGroups.getIamPolicycompute.nodeGroups.listcompute.nodeGroups.performMaintenancecompute.nodeGroups.setIamPolicycompute.nodeGroups.setNodeTemplatecompute.nodeGroups.simulateMaintenanceEventcompute.nodeGroups.updatecompute.nodeTemplates.createcompute.nodeTemplates.deletecompute.nodeTemplates.getcompute.nodeTemplates.getIamPolicycompute.nodeTemplates.listcompute.nodeTemplates.setIamPolicycompute.nodeTypes.getcompute.nodeTypes.listcompute.organizations.disableXpnHostcompute.organizations.disableXpnResourcecompute.organizations.enableXpnHostcompute.organizations.enableXpnResourcecompute.organizations.listAssociationscompute.organizations.setFirewallPolicycompute.organizations.setSecurityPolicycompute.oslogin.updateExternalUsercompute.packetMirrorings.createcompute.packetMirrorings.createTagBindingcompute.packetMirrorings.deletecompute.packetMirrorings.deleteTagBindingcompute.packetMirrorings.getcompute.packetMirrorings.listcompute.packetMirrorings.listEffectiveTagscompute.packetMirrorings.listTagBindingscompute.packetMirrorings.updatecompute.previewFeatures.getcompute.previewFeatures.listcompute.previewFeatures.updatecompute.projects.getcompute.projects.setCloudArmorTiercompute.projects.setCommonInstanceMetadatacompute.projects.setDefaultNetworkTiercompute.projects.setDefaultServiceAccountcompute.projects.setManagedProtectionTiercompute.projects.setUsageExportBucketcompute.publicAdvertisedPrefixes.createcompute.publicAdvertisedPrefixes.deletecompute.publicAdvertisedPrefixes.getcompute.publicAdvertisedPrefixes.listcompute.publicAdvertisedPrefixes.updatecompute.publicAdvertisedPrefixes.updatePolicycompute.publicDelegatedPrefixes.announcecompute.publicDelegatedPrefixes.createcompute.publicDelegatedPrefixes.createTagBindingcompute.publicDelegatedPrefixes.deletecompute.publicDelegatedPrefixes.deleteTagBindingcompute.publicDelegatedPrefixes.getcompute.publicDelegatedPrefixes.listcompute.publicDelegatedPrefixes.listEffectiveTagscompute.publicDelegatedPrefixes.listTagBindingscompute.publicDelegatedPrefixes.updatecompute.publicDelegatedPrefixes.updatePolicycompute.publicDelegatedPrefixes.usecompute.publicDelegatedPrefixes.withdrawcompute.regionBackendBuckets.createcompute.regionBackendBuckets.createTagBindingcompute.regionBackendBuckets.deletecompute.regionBackendBuckets.deleteTagBindingcompute.regionBackendBuckets.getcompute.regionBackendBuckets.getIamPolicycompute.regionBackendBuckets.listcompute.regionBackendBuckets.listEffectiveTagscompute.regionBackendBuckets.listTagBindingscompute.regionBackendBuckets.setIamPolicycompute.regionBackendBuckets.updatecompute.regionBackendBuckets.usecompute.regionBackendServices.createcompute.regionBackendServices.createTagBindingcompute.regionBackendServices.deletecompute.regionBackendServices.deleteTagBindingcompute.regionBackendServices.getcompute.regionBackendServices.getIamPolicycompute.regionBackendServices.listcompute.regionBackendServices.listEffectiveTagscompute.regionBackendServices.listTagBindingscompute.regionBackendServices.setIamPolicycompute.regionBackendServices.setSecurityPolicycompute.regionBackendServices.updatecompute.regionBackendServices.usecompute.regionCompositeHealthChecks.createcompute.regionCompositeHealthChecks.deletecompute.regionCompositeHealthChecks.getcompute.regionCompositeHealthChecks.listcompute.regionCompositeHealthChecks.updatecompute.regionFirewallPolicies.cloneRulescompute.regionFirewallPolicies.createcompute.regionFirewallPolicies.createTagBindingcompute.regionFirewallPolicies.deletecompute.regionFirewallPolicies.deleteTagBindingcompute.regionFirewallPolicies.getcompute.regionFirewallPolicies.getIamPolicycompute.regionFirewallPolicies.listcompute.regionFirewallPolicies.listEffectiveTagscompute.regionFirewallPolicies.listTagBindingscompute.regionFirewallPolicies.setIamPolicycompute.regionFirewallPolicies.updatecompute.regionFirewallPolicies.usecompute.regionHealthAggregationPolicies.createcompute.regionHealthAggregationPolicies.deletecompute.regionHealthAggregationPolicies.getcompute.regionHealthAggregationPolicies.listcompute.regionHealthAggregationPolicies.updatecompute.regionHealthCheckServices.createcompute.regionHealthCheckServices.deletecompute.regionHealthCheckServices.getcompute.regionHealthCheckServices.listcompute.regionHealthCheckServices.updatecompute.regionHealthCheckServices.usecompute.regionHealthChecks.createcompute.regionHealthChecks.createTagBindingcompute.regionHealthChecks.deletecompute.regionHealthChecks.deleteTagBindingcompute.regionHealthChecks.getcompute.regionHealthChecks.listcompute.regionHealthChecks.listEffectiveTagscompute.regionHealthChecks.listTagBindingscompute.regionHealthChecks.updatecompute.regionHealthChecks.usecompute.regionHealthChecks.useReadOnlycompute.regionHealthSources.createcompute.regionHealthSources.deletecompute.regionHealthSources.getcompute.regionHealthSources.listcompute.regionHealthSources.updatecompute.regionNetworkEndpointGroups.attachNetworkEndpointscompute.regionNetworkEndpointGroups.createcompute.regionNetworkEndpointGroups.createTagBindingcompute.regionNetworkEndpointGroups.deletecompute.regionNetworkEndpointGroups.deleteTagBindingcompute.regionNetworkEndpointGroups.detachNetworkEndpointscompute.regionNetworkEndpointGroups.getcompute.regionNetworkEndpointGroups.listcompute.regionNetworkEndpointGroups.listEffectiveTagscompute.regionNetworkEndpointGroups.listTagBindingscompute.regionNetworkEndpointGroups.usecompute.regionNetworkPolicies.createcompute.regionNetworkPolicies.deletecompute.regionNetworkPolicies.getcompute.regionNetworkPolicies.listcompute.regionNetworkPolicies.updatecompute.regionNetworkPolicies.usecompute.regionNotificationEndpoints.createcompute.regionNotificationEndpoints.deletecompute.regionNotificationEndpoints.getcompute.regionNotificationEndpoints.listcompute.regionNotificationEndpoints.updatecompute.regionNotificationEndpoints.usecompute.regionOperations.deletecompute.regionOperations.getcompute.regionOperations.getIamPolicycompute.regionOperations.listcompute.regionOperations.setIamPolicycompute.regionSecurityPolicies.createcompute.regionSecurityPolicies.createTagBindingcompute.regionSecurityPolicies.deletecompute.regionSecurityPolicies.deleteTagBindingcompute.regionSecurityPolicies.getcompute.regionSecurityPolicies.listcompute.regionSecurityPolicies.listEffectiveTagscompute.regionSecurityPolicies.listTagBindingscompute.regionSecurityPolicies.updatecompute.regionSecurityPolicies.usecompute.regionSslCertificates.createcompute.regionSslCertificates.createTagBindingcompute.regionSslCertificates.deletecompute.regionSslCertificates.deleteTagBindingcompute.regionSslCertificates.getcompute.regionSslCertificates.listcompute.regionSslCertificates.listEffectiveTagscompute.regionSslCertificates.listTagBindingscompute.regionSslPolicies.createcompute.regionSslPolicies.createTagBindingcompute.regionSslPolicies.deletecompute.regionSslPolicies.deleteTagBindingcompute.regionSslPolicies.getcompute.regionSslPolicies.listcompute.regionSslPolicies.listAvailableFeaturescompute.regionSslPolicies.listEffectiveTagscompute.regionSslPolicies.listTagBindingscompute.regionSslPolicies.updatecompute.regionSslPolicies.usecompute.regionTargetHttpProxies.createcompute.regionTargetHttpProxies.createTagBindingcompute.regionTargetHttpProxies.deletecompute.regionTargetHttpProxies.deleteTagBindingcompute.regionTargetHttpProxies.getcompute.regionTargetHttpProxies.listcompute.regionTargetHttpProxies.listEffectiveTagscompute.regionTargetHttpProxies.listTagBindingscompute.regionTargetHttpProxies.setUrlMapcompute.regionTargetHttpProxies.usecompute.regionTargetHttpsProxies.createcompute.regionTargetHttpsProxies.createTagBindingcompute.regionTargetHttpsProxies.deletecompute.regionTargetHttpsProxies.deleteTagBindingcompute.regionTargetHttpsProxies.getcompute.regionTargetHttpsProxies.listcompute.regionTargetHttpsProxies.listEffectiveTagscompute.regionTargetHttpsProxies.listTagBindingscompute.regionTargetHttpsProxies.setSslCertificatescompute.regionTargetHttpsProxies.setUrlMapcompute.regionTargetHttpsProxies.updatecompute.regionTargetHttpsProxies.usecompute.regionTargetTcpProxies.attachcompute.regionTargetTcpProxies.createcompute.regionTargetTcpProxies.createTagBindingcompute.regionTargetTcpProxies.deletecompute.regionTargetTcpProxies.deleteTagBindingcompute.regionTargetTcpProxies.getcompute.regionTargetTcpProxies.listcompute.regionTargetTcpProxies.listEffectiveTagscompute.regionTargetTcpProxies.listTagBindingscompute.regionTargetTcpProxies.usecompute.regionUrlMaps.createcompute.regionUrlMaps.createTagBindingcompute.regionUrlMaps.deletecompute.regionUrlMaps.deleteTagBindingcompute.regionUrlMaps.getcompute.regionUrlMaps.invalidateCachecompute.regionUrlMaps.listcompute.regionUrlMaps.listEffectiveTagscompute.regionUrlMaps.listTagBindingscompute.regionUrlMaps.updatecompute.regionUrlMaps.usecompute.regionUrlMaps.validatecompute.regions.getcompute.regions.listcompute.reservationBlocks.getcompute.reservationBlocks.listcompute.reservationBlocks.performMaintenancecompute.reservationSlots.getcompute.reservationSlots.listcompute.reservationSlots.updatecompute.reservationSubBlocks.getcompute.reservationSubBlocks.listcompute.reservationSubBlocks.performMaintenancecompute.reservationSubBlocks.reportFaultycompute.reservations.createcompute.reservations.createTagBindingcompute.reservations.deletecompute.reservations.deleteTagBindingcompute.reservations.getcompute.reservations.listcompute.reservations.listEffectiveTagscompute.reservations.listTagBindingscompute.reservations.performMaintenancecompute.reservations.resizecompute.reservations.updatecompute.resourcePolicies.createcompute.resourcePolicies.deletecompute.resourcePolicies.getcompute.resourcePolicies.getIamPolicycompute.resourcePolicies.listcompute.resourcePolicies.setIamPolicycompute.resourcePolicies.updatecompute.resourcePolicies.usecompute.resourcePolicies.useReadOnlycompute.rolloutPlans.createcompute.rolloutPlans.deletecompute.rolloutPlans.getcompute.rolloutPlans.listcompute.rollouts.cancelcompute.rollouts.deletecompute.rollouts.getcompute.rollouts.listcompute.routers.createcompute.routers.createTagBindingcompute.routers.deletecompute.routers.deleteRoutePolicycompute.routers.deleteTagBindingcompute.routers.getcompute.routers.getRoutePolicycompute.routers.listcompute.routers.listBgpRoutescompute.routers.listEffectiveTagscompute.routers.listRoutePoliciescompute.routers.listTagBindingscompute.routers.updatecompute.routers.updateRoutePolicycompute.routers.usecompute.routes.createcompute.routes.createTagBindingcompute.routes.deletecompute.routes.deleteTagBindingcompute.routes.getcompute.routes.listcompute.routes.listEffectiveTagscompute.routes.listTagBindingscompute.securityPolicies.addAssociationcompute.securityPolicies.copyRulescompute.securityPolicies.createcompute.securityPolicies.createTagBindingcompute.securityPolicies.deletecompute.securityPolicies.deleteTagBindingcompute.securityPolicies.getcompute.securityPolicies.listcompute.securityPolicies.listEffectiveTagscompute.securityPolicies.listTagBindingscompute.securityPolicies.movecompute.securityPolicies.removeAssociationcompute.securityPolicies.setLabelscompute.securityPolicies.updatecompute.securityPolicies.usecompute.serviceAttachments.createcompute.serviceAttachments.createTagBindingcompute.serviceAttachments.deletecompute.serviceAttachments.deleteTagBindingcompute.serviceAttachments.getcompute.serviceAttachments.getIamPolicycompute.serviceAttachments.listcompute.serviceAttachments.listEffectiveTagscompute.serviceAttachments.listTagBindingscompute.serviceAttachments.setIamPolicycompute.serviceAttachments.updatecompute.serviceAttachments.usecompute.snapshotGroups.createcompute.snapshotGroups.deletecompute.snapshotGroups.getcompute.snapshotGroups.getIamPolicycompute.snapshotGroups.listcompute.snapshotGroups.setIamPolicycompute.snapshotGroups.useReadOnlycompute.snapshotSettings.getcompute.snapshotSettings.updatecompute.snapshots.createcompute.snapshots.createTagBindingcompute.snapshots.deletecompute.snapshots.deleteTagBindingcompute.snapshots.getcompute.snapshots.getIamPolicycompute.snapshots.listcompute.snapshots.listEffectiveTagscompute.snapshots.listTagBindingscompute.snapshots.setIamPolicycompute.snapshots.setLabelscompute.snapshots.updateKmsKeycompute.snapshots.useReadOnlycompute.spotAssistants.getcompute.sslCertificates.createcompute.sslCertificates.createTagBindingcompute.sslCertificates.deletecompute.sslCertificates.deleteTagBindingcompute.sslCertificates.getcompute.sslCertificates.listcompute.sslCertificates.listEffectiveTagscompute.sslCertificates.listTagBindingscompute.sslPolicies.createcompute.sslPolicies.createTagBindingcompute.sslPolicies.deletecompute.sslPolicies.deleteTagBindingcompute.sslPolicies.getcompute.sslPolicies.listcompute.sslPolicies.listAvailableFeaturescompute.sslPolicies.listEffectiveTagscompute.sslPolicies.listTagBindingscompute.sslPolicies.updatecompute.sslPolicies.usecompute.storagePools.createcompute.storagePools.createTagBindingcompute.storagePools.deletecompute.storagePools.deleteTagBindingcompute.storagePools.getcompute.storagePools.getIamPolicycompute.storagePools.listcompute.storagePools.listEffectiveTagscompute.storagePools.listTagBindingscompute.storagePools.setIamPolicycompute.storagePools.updatecompute.storagePools.usecompute.subnetworks.createcompute.subnetworks.createTagBindingcompute.subnetworks.deletecompute.subnetworks.deleteTagBindingcompute.subnetworks.expandIpCidrRangecompute.subnetworks.getcompute.subnetworks.getIamPolicycompute.subnetworks.listcompute.subnetworks.listEffectiveTagscompute.subnetworks.listTagBindingscompute.subnetworks.mirrorcompute.subnetworks.setIamPolicycompute.subnetworks.setPrivateIpGoogleAccesscompute.subnetworks.updatecompute.subnetworks.usecompute.subnetworks.useExternalIpcompute.subnetworks.usePeerMigrationcompute.targetGrpcProxies.createcompute.targetGrpcProxies.createTagBindingcompute.targetGrpcProxies.deletecompute.targetGrpcProxies.deleteTagBindingcompute.targetGrpcProxies.getcompute.targetGrpcProxies.listcompute.targetGrpcProxies.listEffectiveTagscompute.targetGrpcProxies.listTagBindingscompute.targetGrpcProxies.updatecompute.targetGrpcProxies.usecompute.targetHttpProxies.createcompute.targetHttpProxies.createTagBindingcompute.targetHttpProxies.deletecompute.targetHttpProxies.deleteTagBindingcompute.targetHttpProxies.getcompute.targetHttpProxies.listcompute.targetHttpProxies.listEffectiveTagscompute.targetHttpProxies.listTagBindingscompute.targetHttpProxies.setUrlMapcompute.targetHttpProxies.updatecompute.targetHttpProxies.usecompute.targetHttpsProxies.createcompute.targetHttpsProxies.createTagBindingcompute.targetHttpsProxies.deletecompute.targetHttpsProxies.deleteTagBindingcompute.targetHttpsProxies.getcompute.targetHttpsProxies.listcompute.targetHttpsProxies.listEffectiveTagscompute.targetHttpsProxies.listTagBindingscompute.targetHttpsProxies.setCertificateMapcompute.targetHttpsProxies.setQuicOverridecompute.targetHttpsProxies.setSslCertificatescompute.targetHttpsProxies.setSslPolicycompute.targetHttpsProxies.setUrlMapcompute.targetHttpsProxies.updatecompute.targetHttpsProxies.usecompute.targetInstances.createcompute.targetInstances.createTagBindingcompute.targetInstances.deletecompute.targetInstances.deleteTagBindingcompute.targetInstances.getcompute.targetInstances.listcompute.targetInstances.listEffectiveTagscompute.targetInstances.listTagBindingscompute.targetInstances.setSecurityPolicycompute.targetInstances.usecompute.targetPools.addHealthCheckcompute.targetPools.addInstancecompute.targetPools.createcompute.targetPools.createTagBindingcompute.targetPools.deletecompute.targetPools.deleteTagBindingcompute.targetPools.getcompute.targetPools.listcompute.targetPools.listEffectiveTagscompute.targetPools.listTagBindingscompute.targetPools.removeHealthCheckcompute.targetPools.removeInstancecompute.targetPools.setSecurityPolicycompute.targetPools.updatecompute.targetPools.usecompute.targetSslProxies.createcompute.targetSslProxies.createTagBindingcompute.targetSslProxies.deletecompute.targetSslProxies.deleteTagBindingcompute.targetSslProxies.getcompute.targetSslProxies.listcompute.targetSslProxies.listEffectiveTagscompute.targetSslProxies.listTagBindingscompute.targetSslProxies.setBackendServicecompute.targetSslProxies.setCertificateMapcompute.targetSslProxies.setProxyHeadercompute.targetSslProxies.setSslCertificatescompute.targetSslProxies.setSslPolicycompute.targetSslProxies.updatecompute.targetSslProxies.usecompute.targetTcpProxies.attachcompute.targetTcpProxies.createcompute.targetTcpProxies.createTagBindingcompute.targetTcpProxies.deletecompute.targetTcpProxies.deleteTagBindingcompute.targetTcpProxies.getcompute.targetTcpProxies.listcompute.targetTcpProxies.listEffectiveTagscompute.targetTcpProxies.listTagBindingscompute.targetTcpProxies.updatecompute.targetTcpProxies.usecompute.targetVpnGateways.createcompute.targetVpnGateways.createTagBindingcompute.targetVpnGateways.deletecompute.targetVpnGateways.deleteTagBindingcompute.targetVpnGateways.getcompute.targetVpnGateways.listcompute.targetVpnGateways.listEffectiveTagscompute.targetVpnGateways.listTagBindingscompute.targetVpnGateways.setLabelscompute.targetVpnGateways.usecompute.urlMaps.createcompute.urlMaps.createTagBindingcompute.urlMaps.deletecompute.urlMaps.deleteTagBindingcompute.urlMaps.getcompute.urlMaps.invalidateCachecompute.urlMaps.listcompute.urlMaps.listEffectiveTagscompute.urlMaps.listTagBindingscompute.urlMaps.updatecompute.urlMaps.usecompute.urlMaps.validatecompute.vmExtensionPolicies.createcompute.vmExtensionPolicies.deletecompute.vmExtensionPolicies.getcompute.vmExtensionPolicies.listcompute.vmExtensionPolicies.updatecompute.vpnGateways.createcompute.vpnGateways.createTagBindingcompute.vpnGateways.deletecompute.vpnGateways.deleteTagBindingcompute.vpnGateways.getcompute.vpnGateways.listcompute.vpnGateways.listEffectiveTagscompute.vpnGateways.listTagBindingscompute.vpnGateways.setLabelscompute.vpnGateways.usecompute.vpnTunnels.createcompute.vpnTunnels.createTagBindingcompute.vpnTunnels.deletecompute.vpnTunnels.deleteTagBindingcompute.vpnTunnels.getcompute.vpnTunnels.listcompute.vpnTunnels.listEffectiveTagscompute.vpnTunnels.listTagBindingscompute.vpnTunnels.setLabelscompute.wireGroups.createcompute.wireGroups.deletecompute.wireGroups.getcompute.wireGroups.listcompute.wireGroups.updatecompute.zoneOperations.deletecompute.zoneOperations.getcompute.zoneOperations.getIamPolicycompute.zoneOperations.listcompute.zoneOperations.setIamPolicycompute.zones.getcompute.zones.list
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.consumerpolicy.analyze
serviceusage.consumerpolicy.get
serviceusage.effectivepolicy.get
serviceusage.groups.*
serviceusage.groups.listserviceusage.groups.listExpandedMembersserviceusage.groups.listMembers
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
serviceusage.values.test
Compute Editor
(roles/compute.editor)
Editor role for compute
compute.acceleratorTypes.*
compute.acceleratorTypes.getcompute.acceleratorTypes.list
compute.addresses.create
compute.addresses.createInternal
compute.addresses.delete
compute.addresses.deleteInternal
compute.addresses.get
compute.addresses.list
compute.addresses.listEffectiveTags
compute.addresses.listTagBindings
compute.addresses.setLabels
compute.addresses.use
compute.addresses.useInternal
compute.autoscalers.*
compute.autoscalers.createcompute.autoscalers.deletecompute.autoscalers.getcompute.autoscalers.listcompute.autoscalers.update
compute.backendBuckets.addSignedUrlKey
compute.backendBuckets.create
compute.backendBuckets.delete
compute.backendBuckets.deleteSignedUrlKey
compute.backendBuckets.get
compute.backendBuckets.getIamPolicy
compute.backendBuckets.list
compute.backendBuckets.listEffectiveTags
compute.backendBuckets.listTagBindings
compute.backendBuckets.setSecurityPolicy
compute.backendBuckets.update
compute.backendBuckets.use
compute.backendServices.addSignedUrlKey
compute.backendServices.create
compute.backendServices.delete
compute.backendServices.deleteSignedUrlKey
compute.backendServices.get
compute.backendServices.getIamPolicy
compute.backendServices.list
compute.backendServices.listEffectiveTags
compute.backendServices.listTagBindings
compute.backendServices.setSecurityPolicy
compute.backendServices.update
compute.backendServices.use
compute.commitments.create
compute.commitments.get
compute.commitments.list
compute.commitments.listEffectiveTags
compute.commitments.listTagBindings
compute.commitments.update
compute.commitments.updateReservations
compute.crossSiteNetworks.*
compute.crossSiteNetworks.createcompute.crossSiteNetworks.deletecompute.crossSiteNetworks.getcompute.crossSiteNetworks.listcompute.crossSiteNetworks.update
compute.diskSettings.*
compute.diskSettings.getcompute.diskSettings.update
compute.diskTypes.*
compute.diskTypes.getcompute.diskTypes.list
compute.disks.addResourcePolicies
compute.disks.create
compute.disks.createSnapshot
compute.disks.delete
compute.disks.get
compute.disks.getIamPolicy
compute.disks.list
compute.disks.listEffectiveTags
compute.disks.listTagBindings
compute.disks.removeResourcePolicies
compute.disks.resize
compute.disks.setLabels
compute.disks.startAsyncReplication
compute.disks.stopAsyncReplication
compute.disks.stopGroupAsyncReplication
compute.disks.update
compute.disks.updateKmsKey
compute.disks.use
compute.disks.useReadOnly
compute.externalVpnGateways.create
compute.externalVpnGateways.delete
compute.externalVpnGateways.get
compute.externalVpnGateways.list
compute.externalVpnGateways.listEffectiveTags
compute.externalVpnGateways.listTagBindings
compute.externalVpnGateways.setLabels
compute.externalVpnGateways.use
compute.firewallPolicies.cloneRules
compute.firewallPolicies.copyRules
compute.firewallPolicies.create
compute.firewallPolicies.delete
compute.firewallPolicies.get
compute.firewallPolicies.getIamPolicy
compute.firewallPolicies.list
compute.firewallPolicies.listEffectiveTags
compute.firewallPolicies.listTagBindings
compute.firewallPolicies.move
compute.firewallPolicies.update
compute.firewallPolicies.use
compute.firewalls.create
compute.firewalls.delete
compute.firewalls.get
compute.firewalls.list
compute.firewalls.listEffectiveTags
compute.firewalls.listTagBindings
compute.firewalls.update
compute.forwardingRules.create
compute.forwardingRules.delete
compute.forwardingRules.get
compute.forwardingRules.list
compute.forwardingRules.listEffectiveTags
compute.forwardingRules.listTagBindings
compute.forwardingRules.pscCreate
compute.forwardingRules.pscDelete
compute.forwardingRules.pscSetLabels
compute.forwardingRules.pscUpdate
compute.forwardingRules.setLabels
compute.forwardingRules.setTarget
compute.forwardingRules.update
compute.forwardingRules.use
compute.futureReservations.cancel
compute.futureReservations.create
compute.futureReservations.delete
compute.futureReservations.get
compute.futureReservations.getIamPolicy
compute.futureReservations.list
compute.futureReservations.listEffectiveTags
compute.futureReservations.listTagBindings
compute.futureReservations.update
compute.globalAddresses.create
compute.globalAddresses.createInternal
compute.globalAddresses.delete
compute.globalAddresses.deleteInternal
compute.globalAddresses.get
compute.globalAddresses.list
compute.globalAddresses.listEffectiveTags
compute.globalAddresses.listTagBindings
compute.globalAddresses.setLabels
compute.globalAddresses.use
compute.globalForwardingRules.create
compute.globalForwardingRules.delete
compute.globalForwardingRules.get
compute.globalForwardingRules.list
compute.globalForwardingRules.listEffectiveTags
compute.globalForwardingRules.listTagBindings
compute.globalForwardingRules.pscCreate
compute.globalForwardingRules.pscDelete
compute.globalForwardingRules.pscSetLabels
compute.globalForwardingRules.pscUpdate
compute.globalForwardingRules.setLabels
compute.globalForwardingRules.setTarget
compute.globalForwardingRules.update
compute.globalNetworkEndpointGroups.attachNetworkEndpoints
compute.globalNetworkEndpointGroups.create
compute.globalNetworkEndpointGroups.delete
compute.globalNetworkEndpointGroups.detachNetworkEndpoints
compute.globalNetworkEndpointGroups.get
compute.globalNetworkEndpointGroups.list
compute.globalNetworkEndpointGroups.listEffectiveTags
compute.globalNetworkEndpointGroups.listTagBindings
compute.globalNetworkEndpointGroups.use
compute.globalOperations.delete
compute.globalOperations.get
compute.globalOperations.getIamPolicy
compute.globalOperations.list
compute.globalPublicDelegatedPrefixes.*
compute.globalPublicDelegatedPrefixes.createcompute.globalPublicDelegatedPrefixes.deletecompute.globalPublicDelegatedPrefixes.getcompute.globalPublicDelegatedPrefixes.listcompute.globalPublicDelegatedPrefixes.updatePolicy
compute.healthChecks.create
compute.healthChecks.delete
compute.healthChecks.get
compute.healthChecks.list
compute.healthChecks.listEffectiveTags
compute.healthChecks.listTagBindings
compute.healthChecks.update
compute.healthChecks.use
compute.healthChecks.useReadOnly
compute.httpHealthChecks.create
compute.httpHealthChecks.delete
compute.httpHealthChecks.get
compute.httpHealthChecks.list
compute.httpHealthChecks.listEffectiveTags
compute.httpHealthChecks.listTagBindings
compute.httpHealthChecks.update
compute.httpHealthChecks.use
compute.httpHealthChecks.useReadOnly
compute.httpsHealthChecks.create
compute.httpsHealthChecks.delete
compute.httpsHealthChecks.get
compute.httpsHealthChecks.list
compute.httpsHealthChecks.listEffectiveTags
compute.httpsHealthChecks.listTagBindings
compute.httpsHealthChecks.update
compute.httpsHealthChecks.use
compute.httpsHealthChecks.useReadOnly
compute.images.create
compute.images.delete
compute.images.deprecate
compute.images.get
compute.images.getFromFamily
compute.images.getIamPolicy
compute.images.list
compute.images.listEffectiveTags
compute.images.listTagBindings
compute.images.setLabels
compute.images.update
compute.images.useReadOnly
compute.instanceGroupManagers.create
compute.instanceGroupManagers.delete
compute.instanceGroupManagers.get
compute.instanceGroupManagers.list
compute.instanceGroupManagers.listEffectiveTags
compute.instanceGroupManagers.listTagBindings
compute.instanceGroupManagers.update
compute.instanceGroupManagers.use
compute.instanceGroups.create
compute.instanceGroups.delete
compute.instanceGroups.get
compute.instanceGroups.list
compute.instanceGroups.listEffectiveTags
compute.instanceGroups.listTagBindings
compute.instanceGroups.update
compute.instanceGroups.use
compute.instanceSettings.*
compute.instanceSettings.getcompute.instanceSettings.update
compute.instanceTemplates.create
compute.instanceTemplates.delete
compute.instanceTemplates.get
compute.instanceTemplates.getIamPolicy
compute.instanceTemplates.list
compute.instanceTemplates.useReadOnly
compute.instances.addAccessConfig
compute.instances.addNetworkInterface
compute.instances.addResourcePolicies
compute.instances.attachDisk
compute.instances.create
compute.instances.delete
compute.instances.deleteAccessConfig
compute.instances.deleteNetworkInterface
compute.instances.detachDisk
compute.instances.get
compute.instances.getEffectiveFirewalls
compute.instances.getGuestAttributes
compute.instances.getIamPolicy
compute.instances.getScreenshot
compute.instances.getSerialPortOutput
compute.instances.getShieldedInstanceIdentity
compute.instances.getShieldedVmIdentity
compute.instances.list
compute.instances.listEffectiveTags
compute.instances.listReferrers
compute.instances.listTagBindings
compute.instances.osAdminLogin
compute.instances.osLogin
compute.instances.pscInterfaceCreate
compute.instances.removeResourcePolicies
compute.instances.reset
compute.instances.resume
compute.instances.sendDiagnosticInterrupt
compute.instances.setDeletionProtection
compute.instances.setDiskAutoDelete
compute.instances.setLabels
compute.instances.setMachineResources
compute.instances.setMachineType
compute.instances.setMetadata
compute.instances.setMinCpuPlatform
compute.instances.setName
compute.instances.setScheduling
compute.instances.setSecurityPolicy
compute.instances.setServiceAccount
compute.instances.setShieldedInstanceIntegrityPolicy
compute.instances.setShieldedVmIntegrityPolicy
compute.instances.setTags
compute.instances.simulateMaintenanceEvent
compute.instances.start
compute.instances.startWithEncryptionKey
compute.instances.stop
compute.instances.suspend
compute.instances.update
compute.instances.updateAccessConfig
compute.instances.updateDisplayDevice
compute.instances.updateNetworkInterface
compute.instances.updateSecurity
compute.instances.updateShieldedInstanceConfig
compute.instances.updateShieldedVmConfig
compute.instances.use
compute.instances.useReadOnly
compute.instantSnapshotGroups.create
compute.instantSnapshotGroups.delete
compute.instantSnapshotGroups.get
compute.instantSnapshotGroups.getIamPolicy
compute.instantSnapshotGroups.list
compute.instantSnapshotGroups.useReadOnly
compute.instantSnapshots.create
compute.instantSnapshots.delete
compute.instantSnapshots.export
compute.instantSnapshots.get
compute.instantSnapshots.getIamPolicy
compute.instantSnapshots.list
compute.instantSnapshots.listEffectiveTags
compute.instantSnapshots.listTagBindings
compute.instantSnapshots.setLabels
compute.instantSnapshots.useReadOnly
compute.interconnectAttachmentGroups.*
compute.interconnectAttachmentGroups.createcompute.interconnectAttachmentGroups.deletecompute.interconnectAttachmentGroups.getcompute.interconnectAttachmentGroups.listcompute.interconnectAttachmentGroups.patch
compute.interconnectAttachments.create
compute.interconnectAttachments.delete
compute.interconnectAttachments.get
compute.interconnectAttachments.list
compute.interconnectAttachments.listEffectiveTags
compute.interconnectAttachments.listTagBindings
compute.interconnectAttachments.setLabels
compute.interconnectAttachments.update
compute.interconnectAttachments.use
compute.interconnectGroups.*
compute.interconnectGroups.createcompute.interconnectGroups.deletecompute.interconnectGroups.getcompute.interconnectGroups.listcompute.interconnectGroups.patch
compute.interconnectLocations.*
compute.interconnectLocations.getcompute.interconnectLocations.list
compute.interconnectRemoteLocations.*
compute.interconnectRemoteLocations.getcompute.interconnectRemoteLocations.list
compute.interconnects.create
compute.interconnects.delete
compute.interconnects.get
compute.interconnects.list
compute.interconnects.listEffectiveTags
compute.interconnects.listTagBindings
compute.interconnects.setLabels
compute.interconnects.update
compute.interconnects.use
compute.licenseCodes.get
compute.licenseCodes.getIamPolicy
compute.licenseCodes.list
compute.licenses.create
compute.licenses.delete
compute.licenses.get
compute.licenses.getIamPolicy
compute.licenses.list
compute.licenses.listEffectiveTags
compute.licenses.listTagBindings
compute.licenses.update
compute.machineImages.create
compute.machineImages.delete
compute.machineImages.get
compute.machineImages.getIamPolicy
compute.machineImages.list
compute.machineImages.listEffectiveTags
compute.machineImages.listTagBindings
compute.machineImages.setLabels
compute.machineImages.useReadOnly
compute.machineTypes.*
compute.machineTypes.getcompute.machineTypes.list
compute.multiMig.*
compute.multiMig.createcompute.multiMig.deletecompute.multiMig.getcompute.multiMig.list
compute.multiMigMembers.*
compute.multiMigMembers.getcompute.multiMigMembers.list
compute.networkAttachments.create
compute.networkAttachments.delete
compute.networkAttachments.get
compute.networkAttachments.getIamPolicy
compute.networkAttachments.list
compute.networkAttachments.listEffectiveTags
compute.networkAttachments.listTagBindings
compute.networkAttachments.update
compute.networkAttachments.use
compute.networkEdgeSecurityServices.create
compute.networkEdgeSecurityServices.delete
compute.networkEdgeSecurityServices.get
compute.networkEdgeSecurityServices.list
compute.networkEdgeSecurityServices.listEffectiveTags
compute.networkEdgeSecurityServices.listTagBindings
compute.networkEdgeSecurityServices.update
compute.networkEndpointGroups.attachNetworkEndpoints
compute.networkEndpointGroups.create
compute.networkEndpointGroups.delete
compute.networkEndpointGroups.detachNetworkEndpoints
compute.networkEndpointGroups.get
compute.networkEndpointGroups.list
compute.networkEndpointGroups.listEffectiveTags
compute.networkEndpointGroups.listTagBindings
compute.networkEndpointGroups.use
compute.networkProfiles.*
compute.networkProfiles.getcompute.networkProfiles.list
compute.networks.access
compute.networks.addPeering
compute.networks.create
compute.networks.delete
compute.networks.get
compute.networks.getEffectiveFirewalls
compute.networks.getRegionEffectiveFirewalls
compute.networks.list
compute.networks.listEffectiveTags
compute.networks.listPeeringRoutes
compute.networks.listTagBindings
compute.networks.mirror
compute.networks.removePeering
compute.networks.setFirewallPolicy
compute.networks.setNetworkPolicy
compute.networks.switchToCustomMode
compute.networks.update
compute.networks.updatePeering
compute.networks.updatePolicy
compute.networks.use
compute.networks.useExternalIp
compute.nodeGroups.addNodes
compute.nodeGroups.create
compute.nodeGroups.delete
compute.nodeGroups.deleteNodes
compute.nodeGroups.get
compute.nodeGroups.getIamPolicy
compute.nodeGroups.list
compute.nodeGroups.performMaintenance
compute.nodeGroups.setNodeTemplate
compute.nodeGroups.simulateMaintenanceEvent
compute.nodeGroups.update
compute.nodeTemplates.create
compute.nodeTemplates.delete
compute.nodeTemplates.get
compute.nodeTemplates.getIamPolicy
compute.nodeTemplates.list
compute.nodeTypes.*
compute.nodeTypes.getcompute.nodeTypes.list
compute.organizations.listAssociations
compute.organizations.setFirewallPolicy
compute.organizations.setSecurityPolicy
compute.packetMirrorings.create
compute.packetMirrorings.delete
compute.packetMirrorings.get
compute.packetMirrorings.list
compute.packetMirrorings.listEffectiveTags
compute.packetMirrorings.listTagBindings
compute.packetMirrorings.update
compute.previewFeatures.*
compute.previewFeatures.getcompute.previewFeatures.listcompute.previewFeatures.update
compute.projects.*
compute.projects.getcompute.projects.setCloudArmorTiercompute.projects.setCommonInstanceMetadatacompute.projects.setDefaultNetworkTiercompute.projects.setDefaultServiceAccountcompute.projects.setManagedProtectionTiercompute.projects.setUsageExportBucket
compute.publicAdvertisedPrefixes.*
compute.publicAdvertisedPrefixes.createcompute.publicAdvertisedPrefixes.deletecompute.publicAdvertisedPrefixes.getcompute.publicAdvertisedPrefixes.listcompute.publicAdvertisedPrefixes.updatecompute.publicAdvertisedPrefixes.updatePolicy
compute.publicDelegatedPrefixes.announce
compute.publicDelegatedPrefixes.create
compute.publicDelegatedPrefixes.delete
compute.publicDelegatedPrefixes.get
compute.publicDelegatedPrefixes.list
compute.publicDelegatedPrefixes.listEffectiveTags
compute.publicDelegatedPrefixes.listTagBindings
compute.publicDelegatedPrefixes.update
compute.publicDelegatedPrefixes.updatePolicy
compute.publicDelegatedPrefixes.use
compute.publicDelegatedPrefixes.withdraw
compute.regionBackendBuckets.create
compute.regionBackendBuckets.delete
compute.regionBackendBuckets.get
compute.regionBackendBuckets.getIamPolicy
compute.regionBackendBuckets.list
compute.regionBackendBuckets.listEffectiveTags
compute.regionBackendBuckets.listTagBindings
compute.regionBackendBuckets.update
compute.regionBackendBuckets.use
compute.regionBackendServices.create
compute.regionBackendServices.delete
compute.regionBackendServices.get
compute.regionBackendServices.getIamPolicy
compute.regionBackendServices.list
compute.regionBackendServices.listEffectiveTags
compute.regionBackendServices.listTagBindings
compute.regionBackendServices.setSecurityPolicy
compute.regionBackendServices.update
compute.regionBackendServices.use
compute.regionCompositeHealthChecks.*
compute.regionCompositeHealthChecks.createcompute.regionCompositeHealthChecks.deletecompute.regionCompositeHealthChecks.getcompute.regionCompositeHealthChecks.listcompute.regionCompositeHealthChecks.update
compute.regionFirewallPolicies.cloneRules
compute.regionFirewallPolicies.create
compute.regionFirewallPolicies.delete
compute.regionFirewallPolicies.get
compute.regionFirewallPolicies.getIamPolicy
compute.regionFirewallPolicies.list
compute.regionFirewallPolicies.listEffectiveTags
compute.regionFirewallPolicies.listTagBindings
compute.regionFirewallPolicies.update
compute.regionFirewallPolicies.use
compute.regionHealthAggregationPolicies.*
compute.regionHealthAggregationPolicies.createcompute.regionHealthAggregationPolicies.deletecompute.regionHealthAggregationPolicies.getcompute.regionHealthAggregationPolicies.listcompute.regionHealthAggregationPolicies.update
compute.regionHealthCheckServices.*
compute.regionHealthCheckServices.createcompute.regionHealthCheckServices.deletecompute.regionHealthCheckServices.getcompute.regionHealthCheckServices.listcompute.regionHealthCheckServices.updatecompute.regionHealthCheckServices.use
compute.regionHealthChecks.create
compute.regionHealthChecks.delete
compute.regionHealthChecks.get
compute.regionHealthChecks.list
compute.regionHealthChecks.listEffectiveTags
compute.regionHealthChecks.listTagBindings
compute.regionHealthChecks.update
compute.regionHealthChecks.use
compute.regionHealthChecks.useReadOnly
compute.regionHealthSources.*
compute.regionHealthSources.createcompute.regionHealthSources.deletecompute.regionHealthSources.getcompute.regionHealthSources.listcompute.regionHealthSources.update
compute.regionNetworkEndpointGroups.attachNetworkEndpoints
compute.regionNetworkEndpointGroups.create
compute.regionNetworkEndpointGroups.delete
compute.regionNetworkEndpointGroups.detachNetworkEndpoints
compute.regionNetworkEndpointGroups.get
compute.regionNetworkEndpointGroups.list
compute.regionNetworkEndpointGroups.listEffectiveTags
compute.regionNetworkEndpointGroups.listTagBindings
compute.regionNetworkEndpointGroups.use
compute.regionNetworkPolicies.*
compute.regionNetworkPolicies.createcompute.regionNetworkPolicies.deletecompute.regionNetworkPolicies.getcompute.regionNetworkPolicies.listcompute.regionNetworkPolicies.updatecompute.regionNetworkPolicies.use
compute.regionNotificationEndpoints.*
compute.regionNotificationEndpoints.createcompute.regionNotificationEndpoints.deletecompute.regionNotificationEndpoints.getcompute.regionNotificationEndpoints.listcompute.regionNotificationEndpoints.updatecompute.regionNotificationEndpoints.use
compute.regionOperations.delete
compute.regionOperations.get
compute.regionOperations.getIamPolicy
compute.regionOperations.list
compute.regionSecurityPolicies.create
compute.regionSecurityPolicies.delete
compute.regionSecurityPolicies.get
compute.regionSecurityPolicies.list
compute.regionSecurityPolicies.listEffectiveTags
compute.regionSecurityPolicies.listTagBindings
compute.regionSecurityPolicies.update
compute.regionSecurityPolicies.use
compute.regionSslCertificates.create
compute.regionSslCertificates.delete
compute.regionSslCertificates.get
compute.regionSslCertificates.list
compute.regionSslCertificates.listEffectiveTags
compute.regionSslCertificates.listTagBindings
compute.regionSslPolicies.create
compute.regionSslPolicies.delete
compute.regionSslPolicies.get
compute.regionSslPolicies.list
compute.regionSslPolicies.listAvailableFeatures
compute.regionSslPolicies.listEffectiveTags
compute.regionSslPolicies.listTagBindings
compute.regionSslPolicies.update
compute.regionSslPolicies.use
compute.regionTargetHttpProxies.create
compute.regionTargetHttpProxies.delete
compute.regionTargetHttpProxies.get
compute.regionTargetHttpProxies.list
compute.regionTargetHttpProxies.listEffectiveTags
compute.regionTargetHttpProxies.listTagBindings
compute.regionTargetHttpProxies.setUrlMap
compute.regionTargetHttpProxies.use
compute.regionTargetHttpsProxies.create
compute.regionTargetHttpsProxies.delete
compute.regionTargetHttpsProxies.get
compute.regionTargetHttpsProxies.list
compute.regionTargetHttpsProxies.listEffectiveTags
compute.regionTargetHttpsProxies.listTagBindings
compute.regionTargetHttpsProxies.setSslCertificates
compute.regionTargetHttpsProxies.setUrlMap
compute.regionTargetHttpsProxies.update
compute.regionTargetHttpsProxies.use
compute.regionTargetTcpProxies.attach
compute.regionTargetTcpProxies.create
compute.regionTargetTcpProxies.delete
compute.regionTargetTcpProxies.get
compute.regionTargetTcpProxies.list
compute.regionTargetTcpProxies.listEffectiveTags
compute.regionTargetTcpProxies.listTagBindings
compute.regionTargetTcpProxies.use
compute.regionUrlMaps.create
compute.regionUrlMaps.delete
compute.regionUrlMaps.get
compute.regionUrlMaps.invalidateCache
compute.regionUrlMaps.list
compute.regionUrlMaps.listEffectiveTags
compute.regionUrlMaps.listTagBindings
compute.regionUrlMaps.update
compute.regionUrlMaps.use
compute.regionUrlMaps.validate
compute.regions.*
compute.regions.getcompute.regions.list
compute.reservationBlocks.*
compute.reservationBlocks.getcompute.reservationBlocks.listcompute.reservationBlocks.performMaintenance
compute.reservationSlots.*
compute.reservationSlots.getcompute.reservationSlots.listcompute.reservationSlots.update
compute.reservationSubBlocks.*
compute.reservationSubBlocks.getcompute.reservationSubBlocks.listcompute.reservationSubBlocks.performMaintenancecompute.reservationSubBlocks.reportFaulty
compute.reservations.create
compute.reservations.delete
compute.reservations.get
compute.reservations.list
compute.reservations.listEffectiveTags
compute.reservations.listTagBindings
compute.reservations.performMaintenance
compute.reservations.resize
compute.reservations.update
compute.resourcePolicies.create
compute.resourcePolicies.delete
compute.resourcePolicies.get
compute.resourcePolicies.getIamPolicy
compute.resourcePolicies.list
compute.resourcePolicies.update
compute.resourcePolicies.use
compute.resourcePolicies.useReadOnly
compute.rolloutPlans.*
compute.rolloutPlans.createcompute.rolloutPlans.deletecompute.rolloutPlans.getcompute.rolloutPlans.list
compute.rollouts.*
compute.rollouts.cancelcompute.rollouts.deletecompute.rollouts.getcompute.rollouts.list
compute.routers.create
compute.routers.delete
compute.routers.deleteRoutePolicy
compute.routers.get
compute.routers.getRoutePolicy
compute.routers.list
compute.routers.listBgpRoutes
compute.routers.listEffectiveTags
compute.routers.listRoutePolicies
compute.routers.listTagBindings
compute.routers.update
compute.routers.updateRoutePolicy
compute.routers.use
compute.routes.create
compute.routes.delete
compute.routes.get
compute.routes.list
compute.routes.listEffectiveTags
compute.routes.listTagBindings
compute.securityPolicies.addAssociation
compute.securityPolicies.copyRules
compute.securityPolicies.create
compute.securityPolicies.delete
compute.securityPolicies.get
compute.securityPolicies.list
compute.securityPolicies.listEffectiveTags
compute.securityPolicies.listTagBindings
compute.securityPolicies.move
compute.securityPolicies.removeAssociation
compute.securityPolicies.setLabels
compute.securityPolicies.update
compute.securityPolicies.use
compute.serviceAttachments.create
compute.serviceAttachments.delete
compute.serviceAttachments.get
compute.serviceAttachments.getIamPolicy
compute.serviceAttachments.list
compute.serviceAttachments.listEffectiveTags
compute.serviceAttachments.listTagBindings
compute.serviceAttachments.update
compute.serviceAttachments.use
compute.snapshotGroups.create
compute.snapshotGroups.delete
compute.snapshotGroups.get
compute.snapshotGroups.getIamPolicy
compute.snapshotGroups.list
compute.snapshotGroups.useReadOnly
compute.snapshotSettings.*
compute.snapshotSettings.getcompute.snapshotSettings.update
compute.snapshots.create
compute.snapshots.delete
compute.snapshots.get
compute.snapshots.getIamPolicy
compute.snapshots.list
compute.snapshots.listEffectiveTags
compute.snapshots.listTagBindings
compute.snapshots.setLabels
compute.snapshots.updateKmsKey
compute.snapshots.useReadOnly
compute.spotAssistants.get
compute.sslCertificates.create
compute.sslCertificates.delete
compute.sslCertificates.get
compute.sslCertificates.list
compute.sslCertificates.listEffectiveTags
compute.sslCertificates.listTagBindings
compute.sslPolicies.create
compute.sslPolicies.delete
compute.sslPolicies.get
compute.sslPolicies.list
compute.sslPolicies.listAvailableFeatures
compute.sslPolicies.listEffectiveTags
compute.sslPolicies.listTagBindings
compute.sslPolicies.update
compute.sslPolicies.use
compute.storagePools.create
compute.storagePools.delete
compute.storagePools.get
compute.storagePools.getIamPolicy
compute.storagePools.list
compute.storagePools.listEffectiveTags
compute.storagePools.listTagBindings
compute.storagePools.update
compute.storagePools.use
compute.subnetworks.create
compute.subnetworks.delete
compute.subnetworks.expandIpCidrRange
compute.subnetworks.get
compute.subnetworks.getIamPolicy
compute.subnetworks.list
compute.subnetworks.listEffectiveTags
compute.subnetworks.listTagBindings
compute.subnetworks.mirror
compute.subnetworks.setPrivateIpGoogleAccess
compute.subnetworks.update
compute.subnetworks.use
compute.subnetworks.useExternalIp
compute.subnetworks.usePeerMigration
compute.targetGrpcProxies.create
compute.targetGrpcProxies.delete
compute.targetGrpcProxies.get
compute.targetGrpcProxies.list
compute.targetGrpcProxies.listEffectiveTags
compute.targetGrpcProxies.listTagBindings
compute.targetGrpcProxies.update
compute.targetGrpcProxies.use
compute.targetHttpProxies.create
compute.targetHttpProxies.delete
compute.targetHttpProxies.get
compute.targetHttpProxies.list
compute.targetHttpProxies.listEffectiveTags
compute.targetHttpProxies.listTagBindings
compute.targetHttpProxies.setUrlMap
compute.targetHttpProxies.update
compute.targetHttpProxies.use
compute.targetHttpsProxies.create
compute.targetHttpsProxies.delete
compute.targetHttpsProxies.get
compute.targetHttpsProxies.list
compute.targetHttpsProxies.listEffectiveTags
compute.targetHttpsProxies.listTagBindings
compute.targetHttpsProxies.setCertificateMap
compute.targetHttpsProxies.setQuicOverride
compute.targetHttpsProxies.setSslCertificates
compute.targetHttpsProxies.setSslPolicy
compute.targetHttpsProxies.setUrlMap
compute.targetHttpsProxies.update
compute.targetHttpsProxies.use
compute.targetInstances.create
compute.targetInstances.delete
compute.targetInstances.get
compute.targetInstances.list
compute.targetInstances.listEffectiveTags
compute.targetInstances.listTagBindings
compute.targetInstances.setSecurityPolicy
compute.targetInstances.use
compute.targetPools.addHealthCheck
compute.targetPools.addInstance
compute.targetPools.create
compute.targetPools.delete
compute.targetPools.get
compute.targetPools.list
compute.targetPools.listEffectiveTags
compute.targetPools.listTagBindings
compute.targetPools.removeHealthCheck
compute.targetPools.removeInstance
compute.targetPools.setSecurityPolicy
compute.targetPools.update
compute.targetPools.use
compute.targetSslProxies.create
compute.targetSslProxies.delete
compute.targetSslProxies.get
compute.targetSslProxies.list
compute.targetSslProxies.listEffectiveTags
compute.targetSslProxies.listTagBindings
compute.targetSslProxies.setBackendService
compute.targetSslProxies.setCertificateMap
compute.targetSslProxies.setProxyHeader
compute.targetSslProxies.setSslCertificates
compute.targetSslProxies.setSslPolicy
compute.targetSslProxies.update
compute.targetSslProxies.use
compute.targetTcpProxies.attach
compute.targetTcpProxies.create
compute.targetTcpProxies.delete
compute.targetTcpProxies.get
compute.targetTcpProxies.list
compute.targetTcpProxies.listEffectiveTags
compute.targetTcpProxies.listTagBindings
compute.targetTcpProxies.update
compute.targetTcpProxies.use
compute.targetVpnGateways.create
compute.targetVpnGateways.delete
compute.targetVpnGateways.get
compute.targetVpnGateways.list
compute.targetVpnGateways.listEffectiveTags
compute.targetVpnGateways.listTagBindings
compute.targetVpnGateways.setLabels
compute.targetVpnGateways.use
compute.urlMaps.create
compute.urlMaps.delete
compute.urlMaps.get
compute.urlMaps.invalidateCache
compute.urlMaps.list
compute.urlMaps.listEffectiveTags
compute.urlMaps.listTagBindings
compute.urlMaps.update
compute.urlMaps.use
compute.urlMaps.validate
compute.vmExtensionPolicies.*
compute.vmExtensionPolicies.createcompute.vmExtensionPolicies.deletecompute.vmExtensionPolicies.getcompute.vmExtensionPolicies.listcompute.vmExtensionPolicies.update
compute.vpnGateways.create
compute.vpnGateways.delete
compute.vpnGateways.get
compute.vpnGateways.list
compute.vpnGateways.listEffectiveTags
compute.vpnGateways.listTagBindings
compute.vpnGateways.setLabels
compute.vpnGateways.use
compute.vpnTunnels.create
compute.vpnTunnels.delete
compute.vpnTunnels.get
compute.vpnTunnels.list
compute.vpnTunnels.listEffectiveTags
compute.vpnTunnels.listTagBindings
compute.vpnTunnels.setLabels
compute.wireGroups.*
compute.wireGroups.createcompute.wireGroups.deletecompute.wireGroups.getcompute.wireGroups.listcompute.wireGroups.update
compute.zoneOperations.delete
compute.zoneOperations.get
compute.zoneOperations.getIamPolicy
compute.zoneOperations.list
compute.zones.*
compute.zones.getcompute.zones.list
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.consumerpolicy.analyze
serviceusage.consumerpolicy.get
serviceusage.effectivepolicy.get
serviceusage.groups.*
serviceusage.groups.listserviceusage.groups.listExpandedMembersserviceusage.groups.listMembers
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
serviceusage.values.test
Compute Future Reservation AdminBeta
(roles/compute.futureReservationAdmin)
compute.acceleratorTypes.list
compute.advice.calendarMode
compute.futureReservations.cancel
compute.futureReservations.create
compute.futureReservations.delete
compute.futureReservations.get
compute.futureReservations.list
compute.futureReservations.update
compute.instanceTemplates.list
compute.machineTypes.list
compute.regions.list
compute.reservationBlocks.performMaintenance
compute.reservationSubBlocks.performMaintenance
compute.reservationSubBlocks.reportFaulty
compute.reservations.create
compute.reservations.performMaintenance
compute.zones.list
Compute Future Reservation UserBeta
(roles/compute.futureReservationUser)
compute.acceleratorTypes.list
compute.advice.calendarMode
compute.futureReservations.create
compute.futureReservations.delete
compute.futureReservations.get
compute.futureReservations.list
compute.futureReservations.update
compute.instanceTemplates.list
compute.machineTypes.list
compute.regions.list
compute.reservations.create
compute.zones.list
Compute Future Reservation ViewerBeta
(roles/compute.futureReservationViewer)
compute.acceleratorTypes.list
compute.futureReservations.get
compute.futureReservations.list
compute.instanceTemplates.list
compute.machineTypes.list
compute.regions.list
compute.zones.list
Compute Image User
(roles/compute.imageUser)
Permission to list and read images without having other permissions on the image. Granting this role at the project level gives users the ability to list all images in the project and create resources, such as instances and persistent disks, based on images in the project.
Lowest-level resources where you can grant this role:
- Image
compute.images.get
compute.images.getFromFamily
compute.images.list
compute.images.useReadOnly
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.consumerpolicy.analyze
serviceusage.consumerpolicy.get
serviceusage.effectivepolicy.get
serviceusage.groups.*
serviceusage.groups.listserviceusage.groups.listExpandedMembersserviceusage.groups.listMembers
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
serviceusage.values.test
Compute Instance Admin (beta)
(roles/compute.instanceAdmin)
Permissions to create, modify, and delete virtual machine instances. This includes permissions to create, modify, and delete disks, and also to configure Shielded VMsettings.
If the user will be managing virtual machine instances that are configured to run as a service account, you must also grant theroles/iam.serviceAccountUser role.
For example, if your company has someone who manages groups of virtual machine instances but does not manage network or security settings and does not manage instances that run as service accounts, you can grant this role on the organization, folder, or project that contains the instances, or you can grant it on individual instances.
Lowest-level resources where you can grant this role:
- Disk
- Image
- Instance
- Instance template
- Snapshot
backupdr.backupPlanAssociations.createForComputeDisk
backupdr.backupPlanAssociations.createForComputeInstance
backupdr.backupPlanAssociations.deleteForComputeDisk
backupdr.backupPlanAssociations.deleteForComputeInstance
backupdr.backupPlanAssociations.fetchForComputeDisk
backupdr.backupPlanAssociations.getForComputeDisk
backupdr.backupPlanAssociations.list
backupdr.backupPlanAssociations.triggerBackupForComputeDisk
backupdr.backupPlanAssociations.triggerBackupForComputeInstance
backupdr.backupPlanAssociations.updateForComputeDisk
backupdr.backupPlanAssociations.updateForComputeInstance
backupdr.backupPlans.get
backupdr.backupPlans.list
backupdr.backupPlans.useForComputeDisk
backupdr.backupPlans.useForComputeInstance
backupdr.backupVaults.get
backupdr.backupVaults.list
backupdr.locations.list
backupdr.operations.get
backupdr.operations.list
backupdr.serviceConfig.initialize
cloudkms.keyHandles.*
cloudkms.keyHandles.createcloudkms.keyHandles.getcloudkms.keyHandles.list
cloudkms.operations.get
cloudkms.projects.showEffectiveAutokeyConfig
compute.acceleratorTypes.*
compute.acceleratorTypes.getcompute.acceleratorTypes.list
compute.addresses.createInternal
compute.addresses.deleteInternal
compute.addresses.get
compute.addresses.list
compute.addresses.listEffectiveTags
compute.addresses.listTagBindings
compute.addresses.use
compute.addresses.useInternal
compute.autoscalers.*
compute.autoscalers.createcompute.autoscalers.deletecompute.autoscalers.getcompute.autoscalers.listcompute.autoscalers.update
compute.diskSettings.get
compute.diskTypes.*
compute.diskTypes.getcompute.diskTypes.list
compute.disks.create
compute.disks.createSnapshot
compute.disks.delete
compute.disks.get
compute.disks.list
compute.disks.resize
compute.disks.setLabels
compute.disks.startAsyncReplication
compute.disks.stopAsyncReplication
compute.disks.stopGroupAsyncReplication
compute.disks.update
compute.disks.updateKmsKey
compute.disks.use
compute.disks.useReadOnly
compute.globalAddresses.get
compute.globalAddresses.list
compute.globalAddresses.listEffectiveTags
compute.globalAddresses.listTagBindings
compute.globalAddresses.use
compute.globalNetworkEndpointGroups.*
compute.globalNetworkEndpointGroups.attachNetworkEndpointscompute.globalNetworkEndpointGroups.createcompute.globalNetworkEndpointGroups.createTagBindingcompute.globalNetworkEndpointGroups.deletecompute.globalNetworkEndpointGroups.deleteTagBindingcompute.globalNetworkEndpointGroups.detachNetworkEndpointscompute.globalNetworkEndpointGroups.getcompute.globalNetworkEndpointGroups.listcompute.globalNetworkEndpointGroups.listEffectiveTagscompute.globalNetworkEndpointGroups.listTagBindingscompute.globalNetworkEndpointGroups.use
compute.globalOperations.get
compute.globalOperations.list
compute.images.get
compute.images.getFromFamily
compute.images.list
compute.images.useReadOnly
compute.instanceGroupManagers.*
compute.instanceGroupManagers.createcompute.instanceGroupManagers.createTagBindingcompute.instanceGroupManagers.deletecompute.instanceGroupManagers.deleteTagBindingcompute.instanceGroupManagers.getcompute.instanceGroupManagers.listcompute.instanceGroupManagers.listEffectiveTagscompute.instanceGroupManagers.listTagBindingscompute.instanceGroupManagers.updatecompute.instanceGroupManagers.use
compute.instanceGroups.*
compute.instanceGroups.createcompute.instanceGroups.createTagBindingcompute.instanceGroups.deletecompute.instanceGroups.deleteTagBindingcompute.instanceGroups.getcompute.instanceGroups.listcompute.instanceGroups.listEffectiveTagscompute.instanceGroups.listTagBindingscompute.instanceGroups.updatecompute.instanceGroups.use
compute.instanceSettings.get
compute.instanceTemplates.*
compute.instanceTemplates.createcompute.instanceTemplates.deletecompute.instanceTemplates.getcompute.instanceTemplates.getIamPolicycompute.instanceTemplates.listcompute.instanceTemplates.setIamPolicycompute.instanceTemplates.useReadOnly
compute.instances.*
compute.instances.addAccessConfigcompute.instances.addNetworkInterfacecompute.instances.addResourcePoliciescompute.instances.attachDiskcompute.instances.createcompute.instances.createTagBindingcompute.instances.deletecompute.instances.deleteAccessConfigcompute.instances.deleteNetworkInterfacecompute.instances.deleteTagBindingcompute.instances.detachDiskcompute.instances.getcompute.instances.getEffectiveFirewallscompute.instances.getGuestAttributescompute.instances.getIamPolicycompute.instances.getScreenshotcompute.instances.getSerialPortOutputcompute.instances.getShieldedInstanceIdentitycompute.instances.getShieldedVmIdentitycompute.instances.listcompute.instances.listEffectiveTagscompute.instances.listReferrerscompute.instances.listTagBindingscompute.instances.osAdminLogincompute.instances.osLogincompute.instances.pscInterfaceCreatecompute.instances.removeResourcePoliciescompute.instances.resetcompute.instances.resumecompute.instances.sendDiagnosticInterruptcompute.instances.setDeletionProtectioncompute.instances.setDiskAutoDeletecompute.instances.setIamPolicycompute.instances.setLabelscompute.instances.setMachineResourcescompute.instances.setMachineTypecompute.instances.setMetadatacompute.instances.setMinCpuPlatformcompute.instances.setNamecompute.instances.setSchedulingcompute.instances.setSecurityPolicycompute.instances.setServiceAccountcompute.instances.setShieldedInstanceIntegrityPolicycompute.instances.setShieldedVmIntegrityPolicycompute.instances.setTagscompute.instances.simulateMaintenanceEventcompute.instances.startcompute.instances.startWithEncryptionKeycompute.instances.stopcompute.instances.suspendcompute.instances.updatecompute.instances.updateAccessConfigcompute.instances.updateDisplayDevicecompute.instances.updateNetworkInterfacecompute.instances.updateSecuritycompute.instances.updateShieldedInstanceConfigcompute.instances.updateShieldedVmConfigcompute.instances.usecompute.instances.useReadOnly
compute.licenses.get
compute.licenses.list
compute.licenses.listEffectiveTags
compute.licenses.listTagBindings
compute.machineImages.*
compute.machineImages.createcompute.machineImages.createTagBindingcompute.machineImages.deletecompute.machineImages.deleteTagBindingcompute.machineImages.getcompute.machineImages.getIamPolicycompute.machineImages.listcompute.machineImages.listEffectiveTagscompute.machineImages.listTagBindingscompute.machineImages.setIamPolicycompute.machineImages.setLabelscompute.machineImages.useReadOnly
compute.machineTypes.*
compute.machineTypes.getcompute.machineTypes.list
compute.multiMig.*
compute.multiMig.createcompute.multiMig.deletecompute.multiMig.getcompute.multiMig.list
compute.multiMigMembers.*
compute.multiMigMembers.getcompute.multiMigMembers.list
compute.networkEndpointGroups.*
compute.networkEndpointGroups.attachNetworkEndpointscompute.networkEndpointGroups.createcompute.networkEndpointGroups.createTagBindingcompute.networkEndpointGroups.deletecompute.networkEndpointGroups.deleteTagBindingcompute.networkEndpointGroups.detachNetworkEndpointscompute.networkEndpointGroups.getcompute.networkEndpointGroups.listcompute.networkEndpointGroups.listEffectiveTagscompute.networkEndpointGroups.listTagBindingscompute.networkEndpointGroups.use
compute.networks.get
compute.networks.list
compute.networks.listEffectiveTags
compute.networks.listTagBindings
compute.networks.use
compute.networks.useExternalIp
compute.projects.get
compute.regionNetworkEndpointGroups.*
compute.regionNetworkEndpointGroups.attachNetworkEndpointscompute.regionNetworkEndpointGroups.createcompute.regionNetworkEndpointGroups.createTagBindingcompute.regionNetworkEndpointGroups.deletecompute.regionNetworkEndpointGroups.deleteTagBindingcompute.regionNetworkEndpointGroups.detachNetworkEndpointscompute.regionNetworkEndpointGroups.getcompute.regionNetworkEndpointGroups.listcompute.regionNetworkEndpointGroups.listEffectiveTagscompute.regionNetworkEndpointGroups.listTagBindingscompute.regionNetworkEndpointGroups.use
compute.regionOperations.get
compute.regionOperations.list
compute.regions.*
compute.regions.getcompute.regions.list
compute.reservationBlocks.get
compute.reservationBlocks.list
compute.reservationSubBlocks.*
compute.reservationSubBlocks.getcompute.reservationSubBlocks.listcompute.reservationSubBlocks.performMaintenancecompute.reservationSubBlocks.reportFaulty
compute.reservations.get
compute.reservations.list
compute.reservations.listEffectiveTags
compute.reservations.listTagBindings
compute.resourcePolicies.list
compute.resourcePolicies.useReadOnly
compute.storagePools.get
compute.storagePools.list
compute.storagePools.listEffectiveTags
compute.storagePools.listTagBindings
compute.storagePools.use
compute.subnetworks.get
compute.subnetworks.list
compute.subnetworks.listEffectiveTags
compute.subnetworks.listTagBindings
compute.subnetworks.use
compute.subnetworks.useExternalIp
compute.targetPools.get
compute.targetPools.list
compute.targetPools.listEffectiveTags
compute.targetPools.listTagBindings
compute.zoneOperations.get
compute.zoneOperations.list
compute.zones.*
compute.zones.getcompute.zones.list
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.consumerpolicy.analyze
serviceusage.consumerpolicy.get
serviceusage.effectivepolicy.get
serviceusage.groups.*
serviceusage.groups.listserviceusage.groups.listExpandedMembersserviceusage.groups.listMembers
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
serviceusage.values.test
Compute Instance Admin (v1)
(roles/compute.instanceAdmin.v1)
Full control of Compute Engine instances, instance groups, disks, snapshots, and images. Read access to all Compute Engine networking resources.
If you grant a user this role only at an instance level, then that user cannot create new instances.
backupdr.backupPlanAssociations.createForComputeDisk
backupdr.backupPlanAssociations.createForComputeInstance
backupdr.backupPlanAssociations.deleteForComputeDisk
backupdr.backupPlanAssociations.deleteForComputeInstance
backupdr.backupPlanAssociations.fetchForComputeDisk
backupdr.backupPlanAssociations.getForComputeDisk
backupdr.backupPlanAssociations.list
backupdr.backupPlanAssociations.triggerBackupForComputeDisk
backupdr.backupPlanAssociations.triggerBackupForComputeInstance
backupdr.backupPlanAssociations.updateForComputeDisk
backupdr.backupPlanAssociations.updateForComputeInstance
backupdr.backupPlans.get
backupdr.backupPlans.list
backupdr.backupPlans.useForComputeDisk
backupdr.backupPlans.useForComputeInstance
backupdr.backupVaults.get
backupdr.backupVaults.list
backupdr.locations.list
backupdr.operations.get
backupdr.operations.list
backupdr.serviceConfig.initialize
cloudkms.keyHandles.*
cloudkms.keyHandles.createcloudkms.keyHandles.getcloudkms.keyHandles.list
cloudkms.operations.get
cloudkms.projects.showEffectiveAutokeyConfig
compute.acceleratorTypes.*
compute.acceleratorTypes.getcompute.acceleratorTypes.list
compute.addresses.createInternal
compute.addresses.deleteInternal
compute.addresses.get
compute.addresses.list
compute.addresses.listEffectiveTags
compute.addresses.listTagBindings
compute.addresses.use
compute.addresses.useInternal
compute.autoscalers.*
compute.autoscalers.createcompute.autoscalers.deletecompute.autoscalers.getcompute.autoscalers.listcompute.autoscalers.update
compute.backendBuckets.get
compute.backendBuckets.list
compute.backendBuckets.listEffectiveTags
compute.backendBuckets.listTagBindings
compute.backendServices.get
compute.backendServices.list
compute.backendServices.listEffectiveTags
compute.backendServices.listTagBindings
compute.crossSiteNetworks.get
compute.crossSiteNetworks.list
compute.diskSettings.get
compute.diskTypes.*
compute.diskTypes.getcompute.diskTypes.list
compute.disks.*
compute.disks.addResourcePoliciescompute.disks.createcompute.disks.createSnapshotcompute.disks.createTagBindingcompute.disks.deletecompute.disks.deleteTagBindingcompute.disks.getcompute.disks.getIamPolicycompute.disks.listcompute.disks.listEffectiveTagscompute.disks.listTagBindingscompute.disks.removeResourcePoliciescompute.disks.resizecompute.disks.setIamPolicycompute.disks.setLabelscompute.disks.startAsyncReplicationcompute.disks.stopAsyncReplicationcompute.disks.stopGroupAsyncReplicationcompute.disks.updatecompute.disks.updateKmsKeycompute.disks.usecompute.disks.useReadOnly
compute.externalVpnGateways.get
compute.externalVpnGateways.list
compute.externalVpnGateways.listEffectiveTags
compute.externalVpnGateways.listTagBindings
compute.firewalls.get
compute.firewalls.list
compute.firewalls.listEffectiveTags
compute.firewalls.listTagBindings
compute.forwardingRules.get
compute.forwardingRules.list
compute.forwardingRules.listEffectiveTags
compute.forwardingRules.listTagBindings
compute.globalAddresses.get
compute.globalAddresses.list
compute.globalAddresses.listEffectiveTags
compute.globalAddresses.listTagBindings
compute.globalAddresses.use
compute.globalForwardingRules.get
compute.globalForwardingRules.list
compute.globalForwardingRules.listEffectiveTags
compute.globalForwardingRules.listTagBindings
compute.globalNetworkEndpointGroups.*
compute.globalNetworkEndpointGroups.attachNetworkEndpointscompute.globalNetworkEndpointGroups.createcompute.globalNetworkEndpointGroups.createTagBindingcompute.globalNetworkEndpointGroups.deletecompute.globalNetworkEndpointGroups.deleteTagBindingcompute.globalNetworkEndpointGroups.detachNetworkEndpointscompute.globalNetworkEndpointGroups.getcompute.globalNetworkEndpointGroups.listcompute.globalNetworkEndpointGroups.listEffectiveTagscompute.globalNetworkEndpointGroups.listTagBindingscompute.globalNetworkEndpointGroups.use
compute.globalOperations.get
compute.globalOperations.list
compute.healthChecks.get
compute.healthChecks.list
compute.healthChecks.listEffectiveTags
compute.healthChecks.listTagBindings
compute.httpHealthChecks.get
compute.httpHealthChecks.list
compute.httpHealthChecks.listEffectiveTags
compute.httpHealthChecks.listTagBindings
compute.httpsHealthChecks.get
compute.httpsHealthChecks.list
compute.httpsHealthChecks.listEffectiveTags
compute.httpsHealthChecks.listTagBindings
compute.images.*
compute.images.createcompute.images.createTagBindingcompute.images.deletecompute.images.deleteTagBindingcompute.images.deprecatecompute.images.getcompute.images.getFromFamilycompute.images.getIamPolicycompute.images.listcompute.images.listEffectiveTagscompute.images.listTagBindingscompute.images.setIamPolicycompute.images.setLabelscompute.images.updatecompute.images.useReadOnly
compute.instanceGroupManagers.*
compute.instanceGroupManagers.createcompute.instanceGroupManagers.createTagBindingcompute.instanceGroupManagers.deletecompute.instanceGroupManagers.deleteTagBindingcompute.instanceGroupManagers.getcompute.instanceGroupManagers.listcompute.instanceGroupManagers.listEffectiveTagscompute.instanceGroupManagers.listTagBindingscompute.instanceGroupManagers.updatecompute.instanceGroupManagers.use
compute.instanceGroups.*
compute.instanceGroups.createcompute.instanceGroups.createTagBindingcompute.instanceGroups.deletecompute.instanceGroups.deleteTagBindingcompute.instanceGroups.getcompute.instanceGroups.listcompute.instanceGroups.listEffectiveTagscompute.instanceGroups.listTagBindingscompute.instanceGroups.updatecompute.instanceGroups.use
compute.instanceSettings.*
compute.instanceSettings.getcompute.instanceSettings.update
compute.instanceTemplates.*
compute.instanceTemplates.createcompute.instanceTemplates.deletecompute.instanceTemplates.getcompute.instanceTemplates.getIamPolicycompute.instanceTemplates.listcompute.instanceTemplates.setIamPolicycompute.instanceTemplates.useReadOnly
compute.instances.*
compute.instances.addAccessConfigcompute.instances.addNetworkInterfacecompute.instances.addResourcePoliciescompute.instances.attachDiskcompute.instances.createcompute.instances.createTagBindingcompute.instances.deletecompute.instances.deleteAccessConfigcompute.instances.deleteNetworkInterfacecompute.instances.deleteTagBindingcompute.instances.detachDiskcompute.instances.getcompute.instances.getEffectiveFirewallscompute.instances.getGuestAttributescompute.instances.getIamPolicycompute.instances.getScreenshotcompute.instances.getSerialPortOutputcompute.instances.getShieldedInstanceIdentitycompute.instances.getShieldedVmIdentitycompute.instances.listcompute.instances.listEffectiveTagscompute.instances.listReferrerscompute.instances.listTagBindingscompute.instances.osAdminLogincompute.instances.osLogincompute.instances.pscInterfaceCreatecompute.instances.removeResourcePoliciescompute.instances.resetcompute.instances.resumecompute.instances.sendDiagnosticInterruptcompute.instances.setDeletionProtectioncompute.instances.setDiskAutoDeletecompute.instances.setIamPolicycompute.instances.setLabelscompute.instances.setMachineResourcescompute.instances.setMachineTypecompute.instances.setMetadatacompute.instances.setMinCpuPlatformcompute.instances.setNamecompute.instances.setSchedulingcompute.instances.setSecurityPolicycompute.instances.setServiceAccountcompute.instances.setShieldedInstanceIntegrityPolicycompute.instances.setShieldedVmIntegrityPolicycompute.instances.setTagscompute.instances.simulateMaintenanceEventcompute.instances.startcompute.instances.startWithEncryptionKeycompute.instances.stopcompute.instances.suspendcompute.instances.updatecompute.instances.updateAccessConfigcompute.instances.updateDisplayDevicecompute.instances.updateNetworkInterfacecompute.instances.updateSecuritycompute.instances.updateShieldedInstanceConfigcompute.instances.updateShieldedVmConfigcompute.instances.usecompute.instances.useReadOnly
compute.instantSnapshotGroups.*
compute.instantSnapshotGroups.createcompute.instantSnapshotGroups.deletecompute.instantSnapshotGroups.getcompute.instantSnapshotGroups.getIamPolicycompute.instantSnapshotGroups.listcompute.instantSnapshotGroups.setIamPolicycompute.instantSnapshotGroups.useReadOnly
compute.instantSnapshots.*
compute.instantSnapshots.createcompute.instantSnapshots.createTagBindingcompute.instantSnapshots.deletecompute.instantSnapshots.deleteTagBindingcompute.instantSnapshots.exportcompute.instantSnapshots.getcompute.instantSnapshots.getIamPolicycompute.instantSnapshots.listcompute.instantSnapshots.listEffectiveTagscompute.instantSnapshots.listTagBindingscompute.instantSnapshots.setIamPolicycompute.instantSnapshots.setLabelscompute.instantSnapshots.useReadOnly
compute.interconnectAttachmentGroups.get
compute.interconnectAttachmentGroups.list
compute.interconnectAttachments.get
compute.interconnectAttachments.list
compute.interconnectAttachments.listEffectiveTags
compute.interconnectAttachments.listTagBindings
compute.interconnectGroups.get
compute.interconnectGroups.list
compute.interconnectLocations.*
compute.interconnectLocations.getcompute.interconnectLocations.list
compute.interconnectRemoteLocations.*
compute.interconnectRemoteLocations.getcompute.interconnectRemoteLocations.list
compute.interconnects.get
compute.interconnects.list
compute.interconnects.listEffectiveTags
compute.interconnects.listTagBindings
compute.licenseCodes.*
compute.licenseCodes.getcompute.licenseCodes.getIamPolicycompute.licenseCodes.listcompute.licenseCodes.setIamPolicy
compute.licenses.*
compute.licenses.createcompute.licenses.createTagBindingcompute.licenses.deletecompute.licenses.deleteTagBindingcompute.licenses.getcompute.licenses.getIamPolicycompute.licenses.listcompute.licenses.listEffectiveTagscompute.licenses.listTagBindingscompute.licenses.setIamPolicycompute.licenses.update
compute.machineImages.*
compute.machineImages.createcompute.machineImages.createTagBindingcompute.machineImages.deletecompute.machineImages.deleteTagBindingcompute.machineImages.getcompute.machineImages.getIamPolicycompute.machineImages.listcompute.machineImages.listEffectiveTagscompute.machineImages.listTagBindingscompute.machineImages.setIamPolicycompute.machineImages.setLabelscompute.machineImages.useReadOnly
compute.machineTypes.*
compute.machineTypes.getcompute.machineTypes.list
compute.multiMig.*
compute.multiMig.createcompute.multiMig.deletecompute.multiMig.getcompute.multiMig.list
compute.networkAttachments.get
compute.networkAttachments.list
compute.networkAttachments.listEffectiveTags
compute.networkAttachments.listTagBindings
compute.networkEndpointGroups.*
compute.networkEndpointGroups.attachNetworkEndpointscompute.networkEndpointGroups.createcompute.networkEndpointGroups.createTagBindingcompute.networkEndpointGroups.deletecompute.networkEndpointGroups.deleteTagBindingcompute.networkEndpointGroups.detachNetworkEndpointscompute.networkEndpointGroups.getcompute.networkEndpointGroups.listcompute.networkEndpointGroups.listEffectiveTagscompute.networkEndpointGroups.listTagBindingscompute.networkEndpointGroups.use
compute.networkProfiles.*
compute.networkProfiles.getcompute.networkProfiles.list
compute.networks.get
compute.networks.list
compute.networks.listEffectiveTags
compute.networks.listTagBindings
compute.networks.use
compute.networks.useExternalIp
compute.projects.get
compute.projects.setCommonInstanceMetadata
compute.regionBackendBuckets.get
compute.regionBackendBuckets.list
compute.regionBackendBuckets.listEffectiveTags
compute.regionBackendBuckets.listTagBindings
compute.regionBackendServices.get
compute.regionBackendServices.list
compute.regionBackendServices.listEffectiveTags
compute.regionBackendServices.listTagBindings
compute.regionCompositeHealthChecks.get
compute.regionCompositeHealthChecks.list
compute.regionHealthAggregationPolicies.get
compute.regionHealthAggregationPolicies.list
compute.regionHealthCheckServices.get
compute.regionHealthCheckServices.list
compute.regionHealthChecks.get
compute.regionHealthChecks.list
compute.regionHealthChecks.listEffectiveTags
compute.regionHealthChecks.listTagBindings
compute.regionHealthSources.get
compute.regionHealthSources.list
compute.regionNetworkEndpointGroups.*
compute.regionNetworkEndpointGroups.attachNetworkEndpointscompute.regionNetworkEndpointGroups.createcompute.regionNetworkEndpointGroups.createTagBindingcompute.regionNetworkEndpointGroups.deletecompute.regionNetworkEndpointGroups.deleteTagBindingcompute.regionNetworkEndpointGroups.detachNetworkEndpointscompute.regionNetworkEndpointGroups.getcompute.regionNetworkEndpointGroups.listcompute.regionNetworkEndpointGroups.listEffectiveTagscompute.regionNetworkEndpointGroups.listTagBindingscompute.regionNetworkEndpointGroups.use
compute.regionNotificationEndpoints.get
compute.regionNotificationEndpoints.list
compute.regionOperations.get
compute.regionOperations.list
compute.regionSslCertificates.get
compute.regionSslCertificates.list
compute.regionSslCertificates.listEffectiveTags
compute.regionSslCertificates.listTagBindings
compute.regionSslPolicies.get
compute.regionSslPolicies.list
compute.regionSslPolicies.listAvailableFeatures
compute.regionSslPolicies.listEffectiveTags
compute.regionSslPolicies.listTagBindings
compute.regionTargetHttpProxies.get
compute.regionTargetHttpProxies.list
compute.regionTargetHttpProxies.listEffectiveTags
compute.regionTargetHttpProxies.listTagBindings
compute.regionTargetHttpsProxies.get
compute.regionTargetHttpsProxies.list
compute.regionTargetHttpsProxies.listEffectiveTags
compute.regionTargetHttpsProxies.listTagBindings
compute.regionTargetTcpProxies.get
compute.regionTargetTcpProxies.list
compute.regionTargetTcpProxies.listEffectiveTags
compute.regionTargetTcpProxies.listTagBindings
compute.regionUrlMaps.get
compute.regionUrlMaps.list
compute.regionUrlMaps.listEffectiveTags
compute.regionUrlMaps.listTagBindings
compute.regions.*
compute.regions.getcompute.regions.list
compute.reservationBlocks.get
compute.reservationBlocks.list
compute.reservationSubBlocks.get
compute.reservationSubBlocks.list
compute.reservations.get
compute.reservations.list
compute.reservations.listEffectiveTags
compute.reservations.listTagBindings
compute.resourcePolicies.*
compute.resourcePolicies.createcompute.resourcePolicies.deletecompute.resourcePolicies.getcompute.resourcePolicies.getIamPolicycompute.resourcePolicies.listcompute.resourcePolicies.setIamPolicycompute.resourcePolicies.updatecompute.resourcePolicies.usecompute.resourcePolicies.useReadOnly
compute.routers.get
compute.routers.getRoutePolicy
compute.routers.list
compute.routers.listBgpRoutes
compute.routers.listEffectiveTags
compute.routers.listRoutePolicies
compute.routers.listTagBindings
compute.routes.get
compute.routes.list
compute.routes.listEffectiveTags
compute.routes.listTagBindings
compute.serviceAttachments.get
compute.serviceAttachments.list
compute.serviceAttachments.listEffectiveTags
compute.serviceAttachments.listTagBindings
compute.snapshotGroups.*
compute.snapshotGroups.createcompute.snapshotGroups.deletecompute.snapshotGroups.getcompute.snapshotGroups.getIamPolicycompute.snapshotGroups.listcompute.snapshotGroups.setIamPolicycompute.snapshotGroups.useReadOnly
compute.snapshots.*
compute.snapshots.createcompute.snapshots.createTagBindingcompute.snapshots.deletecompute.snapshots.deleteTagBindingcompute.snapshots.getcompute.snapshots.getIamPolicycompute.snapshots.listcompute.snapshots.listEffectiveTagscompute.snapshots.listTagBindingscompute.snapshots.setIamPolicycompute.snapshots.setLabelscompute.snapshots.updateKmsKeycompute.snapshots.useReadOnly
compute.spotAssistants.get
compute.sslCertificates.get
compute.sslCertificates.list
compute.sslCertificates.listEffectiveTags
compute.sslCertificates.listTagBindings
compute.sslPolicies.get
compute.sslPolicies.list
compute.sslPolicies.listAvailableFeatures
compute.sslPolicies.listEffectiveTags
compute.sslPolicies.listTagBindings
compute.storagePools.get
compute.storagePools.list
compute.storagePools.listEffectiveTags
compute.storagePools.listTagBindings
compute.storagePools.use
compute.subnetworks.get
compute.subnetworks.list
compute.subnetworks.listEffectiveTags
compute.subnetworks.listTagBindings
compute.subnetworks.use
compute.subnetworks.useExternalIp
compute.targetGrpcProxies.get
compute.targetGrpcProxies.list
compute.targetGrpcProxies.listEffectiveTags
compute.targetGrpcProxies.listTagBindings
compute.targetHttpProxies.get
compute.targetHttpProxies.list
compute.targetHttpProxies.listEffectiveTags
compute.targetHttpProxies.listTagBindings
compute.targetHttpsProxies.get
compute.targetHttpsProxies.list
compute.targetHttpsProxies.listEffectiveTags
compute.targetHttpsProxies.listTagBindings
compute.targetInstances.get
compute.targetInstances.list
compute.targetInstances.listEffectiveTags
compute.targetInstances.listTagBindings
compute.targetPools.get
compute.targetPools.list
compute.targetPools.listEffectiveTags
compute.targetPools.listTagBindings
compute.targetSslProxies.get
compute.targetSslProxies.list
compute.targetSslProxies.listEffectiveTags
compute.targetSslProxies.listTagBindings
compute.targetTcpProxies.get
compute.targetTcpProxies.list
compute.targetTcpProxies.listEffectiveTags
compute.targetTcpProxies.listTagBindings
compute.targetVpnGateways.get
compute.targetVpnGateways.list
compute.targetVpnGateways.listEffectiveTags
compute.targetVpnGateways.listTagBindings
compute.urlMaps.get
compute.urlMaps.list
compute.urlMaps.listEffectiveTags
compute.urlMaps.listTagBindings
compute.vpnGateways.get
compute.vpnGateways.list
compute.vpnGateways.listEffectiveTags
compute.vpnGateways.listTagBindings
compute.vpnTunnels.get
compute.vpnTunnels.list
compute.vpnTunnels.listEffectiveTags
compute.vpnTunnels.listTagBindings
compute.wireGroups.get
compute.wireGroups.list
compute.zoneOperations.get
compute.zoneOperations.list
compute.zones.*
compute.zones.getcompute.zones.list
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.consumerpolicy.analyze
serviceusage.consumerpolicy.get
serviceusage.effectivepolicy.get
serviceusage.groups.*
serviceusage.groups.listserviceusage.groups.listExpandedMembersserviceusage.groups.listMembers
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
serviceusage.values.test
Instance Group Manager Service Agent
(roles/compute.instanceGroupManagerServiceAgent)
Role containing all permissions required by Managed Instance Groups to create and manage instances.
compute.addresses.*
compute.addresses.createcompute.addresses.createInternalcompute.addresses.createTagBindingcompute.addresses.deletecompute.addresses.deleteInternalcompute.addresses.deleteTagBindingcompute.addresses.getcompute.addresses.listcompute.addresses.listEffectiveTagscompute.addresses.listTagBindingscompute.addresses.setLabelscompute.addresses.usecompute.addresses.useInternal
compute.disks.addResourcePolicies
compute.disks.create
compute.disks.createSnapshot
compute.disks.createTagBinding
compute.disks.delete
compute.disks.deleteTagBinding
compute.disks.get
compute.disks.getIamPolicy
compute.disks.list
compute.disks.listEffectiveTags
compute.disks.listTagBindings
compute.disks.removeResourcePolicies
compute.disks.resize
compute.disks.setLabels
compute.disks.startAsyncReplication
compute.disks.stopAsyncReplication
compute.disks.stopGroupAsyncReplication
compute.disks.update
compute.disks.updateKmsKey
compute.disks.use
compute.disks.useReadOnly
compute.globalAddresses.get
compute.globalOperations.get
compute.healthChecks.get
compute.httpHealthChecks.get
compute.httpsHealthChecks.get
compute.images.useReadOnly
compute.instanceGroups.update
compute.instanceTemplates.useReadOnly
compute.instances.addAccessConfig
compute.instances.addNetworkInterface
compute.instances.addResourcePolicies
compute.instances.attachDisk
compute.instances.create
compute.instances.createTagBinding
compute.instances.delete
compute.instances.deleteAccessConfig
compute.instances.deleteNetworkInterface
compute.instances.deleteTagBinding
compute.instances.detachDisk
compute.instances.get
compute.instances.getEffectiveFirewalls
compute.instances.getGuestAttributes
compute.instances.getIamPolicy
compute.instances.getScreenshot
compute.instances.getSerialPortOutput
compute.instances.getShieldedInstanceIdentity
compute.instances.getShieldedVmIdentity
compute.instances.list
compute.instances.listEffectiveTags
compute.instances.listReferrers
compute.instances.listTagBindings
compute.instances.osAdminLogin
compute.instances.osLogin
compute.instances.pscInterfaceCreate
compute.instances.removeResourcePolicies
compute.instances.reset
compute.instances.resume
compute.instances.sendDiagnosticInterrupt
compute.instances.setDeletionProtection
compute.instances.setDiskAutoDelete
compute.instances.setLabels
compute.instances.setMachineResources
compute.instances.setMachineType
compute.instances.setMetadata
compute.instances.setMinCpuPlatform
compute.instances.setName
compute.instances.setScheduling
compute.instances.setSecurityPolicy
compute.instances.setServiceAccount
compute.instances.setShieldedInstanceIntegrityPolicy
compute.instances.setShieldedVmIntegrityPolicy
compute.instances.setTags
compute.instances.simulateMaintenanceEvent
compute.instances.start
compute.instances.startWithEncryptionKey
compute.instances.stop
compute.instances.suspend
compute.instances.update
compute.instances.updateAccessConfig
compute.instances.updateDisplayDevice
compute.instances.updateNetworkInterface
compute.instances.updateSecurity
compute.instances.updateShieldedInstanceConfig
compute.instances.updateShieldedVmConfig
compute.instances.use
compute.instances.useReadOnly
compute.networks.use
compute.networks.useExternalIp
compute.regionOperations.get
compute.resourcePolicies.use
compute.snapshots.useReadOnly
compute.subnetworks.use
compute.subnetworks.useExternalIp
compute.targetPools.addInstance
compute.targetPools.removeInstance
compute.zoneOperations.get
iam.serviceAccounts.actAs
networkconnectivity.serviceClasses.use
resourcemanager.tagValueBindings.*
resourcemanager.tagValueBindings.createresourcemanager.tagValueBindings.delete
resourcemanager.tagValues.get
Interconnect Attachment Group Analyzer
(roles/compute.interconnectAttachmentGroupAnalyzer)
Analyze Interconnect Attachment Groups via their GetOperationalStatus method.
cloudasset.assets.listComputeInterconnect
cloudasset.assets.listComputeInterconnectAttachment
cloudasset.assets.listComputeNetworks
cloudasset.assets.listComputeRouters
cloudasset.assets.listComputeVpnGateways
compute.interconnectAttachmentGroups.get
compute.interconnectAttachmentGroups.list
compute.interconnectAttachments.get
compute.interconnectAttachments.list
compute.routers.get
Interconnect Group Analyzer
(roles/compute.interconnectGroupAnalyzer)
Analyze Interconnect Groups via their GetOperationalStatus method.
cloudasset.assets.listComputeInterconnect
cloudasset.assets.listComputeInterconnectAttachment
cloudasset.assets.listComputeNetworks
cloudasset.assets.listComputeRouters
cloudasset.assets.listComputeVpnGateways
compute.interconnectGroups.get
compute.interconnectGroups.list
compute.interconnects.get
compute.interconnects.list
Compute Load Balancer Admin
(roles/compute.loadBalancerAdmin)
Permissions to create, modify, and delete load balancers and associate resources.
For example, if your company has a load balancing team that manages load balancers, SSL certificates for load balancers, SSL policies, and other load balancing resources, and a separate networking team that manages the rest of the networking resources, then grant this role to the load balancing team's group.
Lowest-level resources where you can grant this role:
- Instance
certificatemanager.certmaps.get
certificatemanager.certmaps.list
certificatemanager.certmaps.use
compute.addresses.*
compute.addresses.createcompute.addresses.createInternalcompute.addresses.createTagBindingcompute.addresses.deletecompute.addresses.deleteInternalcompute.addresses.deleteTagBindingcompute.addresses.getcompute.addresses.listcompute.addresses.listEffectiveTagscompute.addresses.listTagBindingscompute.addresses.setLabelscompute.addresses.usecompute.addresses.useInternal
compute.backendBuckets.*
compute.backendBuckets.addSignedUrlKeycompute.backendBuckets.createcompute.backendBuckets.createTagBindingcompute.backendBuckets.deletecompute.backendBuckets.deleteSignedUrlKeycompute.backendBuckets.deleteTagBindingcompute.backendBuckets.getcompute.backendBuckets.getIamPolicycompute.backendBuckets.listcompute.backendBuckets.listEffectiveTagscompute.backendBuckets.listTagBindingscompute.backendBuckets.setIamPolicycompute.backendBuckets.setSecurityPolicycompute.backendBuckets.updatecompute.backendBuckets.use
compute.backendServices.*
compute.backendServices.addSignedUrlKeycompute.backendServices.createcompute.backendServices.createTagBindingcompute.backendServices.deletecompute.backendServices.deleteSignedUrlKeycompute.backendServices.deleteTagBindingcompute.backendServices.getcompute.backendServices.getIamPolicycompute.backendServices.listcompute.backendServices.listEffectiveTagscompute.backendServices.listTagBindingscompute.backendServices.setIamPolicycompute.backendServices.setSecurityPolicycompute.backendServices.updatecompute.backendServices.use
compute.disks.listEffectiveTags
compute.disks.listTagBindings
compute.forwardingRules.*
compute.forwardingRules.createcompute.forwardingRules.createTagBindingcompute.forwardingRules.deletecompute.forwardingRules.deleteTagBindingcompute.forwardingRules.getcompute.forwardingRules.listcompute.forwardingRules.listEffectiveTagscompute.forwardingRules.listTagBindingscompute.forwardingRules.pscCreatecompute.forwardingRules.pscDeletecompute.forwardingRules.pscSetLabelscompute.forwardingRules.pscUpdatecompute.forwardingRules.setLabelscompute.forwardingRules.setTargetcompute.forwardingRules.updatecompute.forwardingRules.use
compute.globalAddresses.*
compute.globalAddresses.createcompute.globalAddresses.createInternalcompute.globalAddresses.createTagBindingcompute.globalAddresses.deletecompute.globalAddresses.deleteInternalcompute.globalAddresses.deleteTagBindingcompute.globalAddresses.getcompute.globalAddresses.listcompute.globalAddresses.listEffectiveTagscompute.globalAddresses.listTagBindingscompute.globalAddresses.setLabelscompute.globalAddresses.use
compute.globalForwardingRules.*
compute.globalForwardingRules.createcompute.globalForwardingRules.createTagBindingcompute.globalForwardingRules.deletecompute.globalForwardingRules.deleteTagBindingcompute.globalForwardingRules.getcompute.globalForwardingRules.listcompute.globalForwardingRules.listEffectiveTagscompute.globalForwardingRules.listTagBindingscompute.globalForwardingRules.pscCreatecompute.globalForwardingRules.pscDeletecompute.globalForwardingRules.pscSetLabelscompute.globalForwardingRules.pscUpdatecompute.globalForwardingRules.setLabelscompute.globalForwardingRules.setTargetcompute.globalForwardingRules.update
compute.globalNetworkEndpointGroups.*
compute.globalNetworkEndpointGroups.attachNetworkEndpointscompute.globalNetworkEndpointGroups.createcompute.globalNetworkEndpointGroups.createTagBindingcompute.globalNetworkEndpointGroups.deletecompute.globalNetworkEndpointGroups.deleteTagBindingcompute.globalNetworkEndpointGroups.detachNetworkEndpointscompute.globalNetworkEndpointGroups.getcompute.globalNetworkEndpointGroups.listcompute.globalNetworkEndpointGroups.listEffectiveTagscompute.globalNetworkEndpointGroups.listTagBindingscompute.globalNetworkEndpointGroups.use
compute.globalOperations.get
compute.globalOperations.list
compute.healthChecks.*
compute.healthChecks.createcompute.healthChecks.createTagBindingcompute.healthChecks.deletecompute.healthChecks.deleteTagBindingcompute.healthChecks.getcompute.healthChecks.listcompute.healthChecks.listEffectiveTagscompute.healthChecks.listTagBindingscompute.healthChecks.updatecompute.healthChecks.usecompute.healthChecks.useReadOnly
compute.httpHealthChecks.*
compute.httpHealthChecks.createcompute.httpHealthChecks.createTagBindingcompute.httpHealthChecks.deletecompute.httpHealthChecks.deleteTagBindingcompute.httpHealthChecks.getcompute.httpHealthChecks.listcompute.httpHealthChecks.listEffectiveTagscompute.httpHealthChecks.listTagBindingscompute.httpHealthChecks.updatecompute.httpHealthChecks.usecompute.httpHealthChecks.useReadOnly
compute.httpsHealthChecks.*
compute.httpsHealthChecks.createcompute.httpsHealthChecks.createTagBindingcompute.httpsHealthChecks.deletecompute.httpsHealthChecks.deleteTagBindingcompute.httpsHealthChecks.getcompute.httpsHealthChecks.listcompute.httpsHealthChecks.listEffectiveTagscompute.httpsHealthChecks.listTagBindingscompute.httpsHealthChecks.updatecompute.httpsHealthChecks.usecompute.httpsHealthChecks.useReadOnly
compute.images.listEffectiveTags
compute.images.listTagBindings
compute.instanceGroups.*
compute.instanceGroups.createcompute.instanceGroups.createTagBindingcompute.instanceGroups.deletecompute.instanceGroups.deleteTagBindingcompute.instanceGroups.getcompute.instanceGroups.listcompute.instanceGroups.listEffectiveTagscompute.instanceGroups.listTagBindingscompute.instanceGroups.updatecompute.instanceGroups.use
compute.instances.get
compute.instances.list
compute.instances.listEffectiveTags
compute.instances.listTagBindings
compute.instances.use
compute.instances.useReadOnly
compute.networkEndpointGroups.*
compute.networkEndpointGroups.attachNetworkEndpointscompute.networkEndpointGroups.createcompute.networkEndpointGroups.createTagBindingcompute.networkEndpointGroups.deletecompute.networkEndpointGroups.deleteTagBindingcompute.networkEndpointGroups.detachNetworkEndpointscompute.networkEndpointGroups.getcompute.networkEndpointGroups.listcompute.networkEndpointGroups.listEffectiveTagscompute.networkEndpointGroups.listTagBindingscompute.networkEndpointGroups.use
compute.networks.get
compute.networks.list
compute.networks.listEffectiveTags
compute.networks.listTagBindings
compute.networks.use
compute.projects.get
compute.regionBackendBuckets.*
compute.regionBackendBuckets.createcompute.regionBackendBuckets.createTagBindingcompute.regionBackendBuckets.deletecompute.regionBackendBuckets.deleteTagBindingcompute.regionBackendBuckets.getcompute.regionBackendBuckets.getIamPolicycompute.regionBackendBuckets.listcompute.regionBackendBuckets.listEffectiveTagscompute.regionBackendBuckets.listTagBindingscompute.regionBackendBuckets.setIamPolicycompute.regionBackendBuckets.updatecompute.regionBackendBuckets.use
compute.regionBackendServices.*
compute.regionBackendServices.createcompute.regionBackendServices.createTagBindingcompute.regionBackendServices.deletecompute.regionBackendServices.deleteTagBindingcompute.regionBackendServices.getcompute.regionBackendServices.getIamPolicycompute.regionBackendServices.listcompute.regionBackendServices.listEffectiveTagscompute.regionBackendServices.listTagBindingscompute.regionBackendServices.setIamPolicycompute.regionBackendServices.setSecurityPolicycompute.regionBackendServices.updatecompute.regionBackendServices.use
compute.regionHealthCheckServices.*
compute.regionHealthCheckServices.createcompute.regionHealthCheckServices.deletecompute.regionHealthCheckServices.getcompute.regionHealthCheckServices.listcompute.regionHealthCheckServices.updatecompute.regionHealthCheckServices.use
compute.regionHealthChecks.*
compute.regionHealthChecks.createcompute.regionHealthChecks.createTagBindingcompute.regionHealthChecks.deletecompute.regionHealthChecks.deleteTagBindingcompute.regionHealthChecks.getcompute.regionHealthChecks.listcompute.regionHealthChecks.listEffectiveTagscompute.regionHealthChecks.listTagBindingscompute.regionHealthChecks.updatecompute.regionHealthChecks.usecompute.regionHealthChecks.useReadOnly
compute.regionNetworkEndpointGroups.*
compute.regionNetworkEndpointGroups.attachNetworkEndpointscompute.regionNetworkEndpointGroups.createcompute.regionNetworkEndpointGroups.createTagBindingcompute.regionNetworkEndpointGroups.deletecompute.regionNetworkEndpointGroups.deleteTagBindingcompute.regionNetworkEndpointGroups.detachNetworkEndpointscompute.regionNetworkEndpointGroups.getcompute.regionNetworkEndpointGroups.listcompute.regionNetworkEndpointGroups.listEffectiveTagscompute.regionNetworkEndpointGroups.listTagBindingscompute.regionNetworkEndpointGroups.use
compute.regionNotificationEndpoints.*
compute.regionNotificationEndpoints.createcompute.regionNotificationEndpoints.deletecompute.regionNotificationEndpoints.getcompute.regionNotificationEndpoints.listcompute.regionNotificationEndpoints.updatecompute.regionNotificationEndpoints.use
compute.regionOperations.get
compute.regionOperations.list
compute.regionSecurityPolicies.get
compute.regionSecurityPolicies.list
compute.regionSecurityPolicies.listEffectiveTags
compute.regionSecurityPolicies.listTagBindings
compute.regionSecurityPolicies.use
compute.regionSslCertificates.*
compute.regionSslCertificates.createcompute.regionSslCertificates.createTagBindingcompute.regionSslCertificates.deletecompute.regionSslCertificates.deleteTagBindingcompute.regionSslCertificates.getcompute.regionSslCertificates.listcompute.regionSslCertificates.listEffectiveTagscompute.regionSslCertificates.listTagBindings
compute.regionSslPolicies.*
compute.regionSslPolicies.createcompute.regionSslPolicies.createTagBindingcompute.regionSslPolicies.deletecompute.regionSslPolicies.deleteTagBindingcompute.regionSslPolicies.getcompute.regionSslPolicies.listcompute.regionSslPolicies.listAvailableFeaturescompute.regionSslPolicies.listEffectiveTagscompute.regionSslPolicies.listTagBindingscompute.regionSslPolicies.updatecompute.regionSslPolicies.use
compute.regionTargetHttpProxies.*
compute.regionTargetHttpProxies.createcompute.regionTargetHttpProxies.createTagBindingcompute.regionTargetHttpProxies.deletecompute.regionTargetHttpProxies.deleteTagBindingcompute.regionTargetHttpProxies.getcompute.regionTargetHttpProxies.listcompute.regionTargetHttpProxies.listEffectiveTagscompute.regionTargetHttpProxies.listTagBindingscompute.regionTargetHttpProxies.setUrlMapcompute.regionTargetHttpProxies.use
compute.regionTargetHttpsProxies.*
compute.regionTargetHttpsProxies.createcompute.regionTargetHttpsProxies.createTagBindingcompute.regionTargetHttpsProxies.deletecompute.regionTargetHttpsProxies.deleteTagBindingcompute.regionTargetHttpsProxies.getcompute.regionTargetHttpsProxies.listcompute.regionTargetHttpsProxies.listEffectiveTagscompute.regionTargetHttpsProxies.listTagBindingscompute.regionTargetHttpsProxies.setSslCertificatescompute.regionTargetHttpsProxies.setUrlMapcompute.regionTargetHttpsProxies.updatecompute.regionTargetHttpsProxies.use
compute.regionTargetTcpProxies.*
compute.regionTargetTcpProxies.attachcompute.regionTargetTcpProxies.createcompute.regionTargetTcpProxies.createTagBindingcompute.regionTargetTcpProxies.deletecompute.regionTargetTcpProxies.deleteTagBindingcompute.regionTargetTcpProxies.getcompute.regionTargetTcpProxies.listcompute.regionTargetTcpProxies.listEffectiveTagscompute.regionTargetTcpProxies.listTagBindingscompute.regionTargetTcpProxies.use
compute.regionUrlMaps.*
compute.regionUrlMaps.createcompute.regionUrlMaps.createTagBindingcompute.regionUrlMaps.deletecompute.regionUrlMaps.deleteTagBindingcompute.regionUrlMaps.getcompute.regionUrlMaps.invalidateCachecompute.regionUrlMaps.listcompute.regionUrlMaps.listEffectiveTagscompute.regionUrlMaps.listTagBindingscompute.regionUrlMaps.updatecompute.regionUrlMaps.usecompute.regionUrlMaps.validate
compute.securityPolicies.get
compute.securityPolicies.list
compute.securityPolicies.listEffectiveTags
compute.securityPolicies.listTagBindings
compute.securityPolicies.use
compute.snapshots.listEffectiveTags
compute.snapshots.listTagBindings
compute.sslCertificates.*
compute.sslCertificates.createcompute.sslCertificates.createTagBindingcompute.sslCertificates.deletecompute.sslCertificates.deleteTagBindingcompute.sslCertificates.getcompute.sslCertificates.listcompute.sslCertificates.listEffectiveTagscompute.sslCertificates.listTagBindings
compute.sslPolicies.*
compute.sslPolicies.createcompute.sslPolicies.createTagBindingcompute.sslPolicies.deletecompute.sslPolicies.deleteTagBindingcompute.sslPolicies.getcompute.sslPolicies.listcompute.sslPolicies.listAvailableFeaturescompute.sslPolicies.listEffectiveTagscompute.sslPolicies.listTagBindingscompute.sslPolicies.updatecompute.sslPolicies.use
compute.subnetworks.get
compute.subnetworks.list
compute.subnetworks.listEffectiveTags
compute.subnetworks.listTagBindings
compute.subnetworks.use
compute.targetGrpcProxies.*
compute.targetGrpcProxies.createcompute.targetGrpcProxies.createTagBindingcompute.targetGrpcProxies.deletecompute.targetGrpcProxies.deleteTagBindingcompute.targetGrpcProxies.getcompute.targetGrpcProxies.listcompute.targetGrpcProxies.listEffectiveTagscompute.targetGrpcProxies.listTagBindingscompute.targetGrpcProxies.updatecompute.targetGrpcProxies.use
compute.targetHttpProxies.*
compute.targetHttpProxies.createcompute.targetHttpProxies.createTagBindingcompute.targetHttpProxies.deletecompute.targetHttpProxies.deleteTagBindingcompute.targetHttpProxies.getcompute.targetHttpProxies.listcompute.targetHttpProxies.listEffectiveTagscompute.targetHttpProxies.listTagBindingscompute.targetHttpProxies.setUrlMapcompute.targetHttpProxies.updatecompute.targetHttpProxies.use
compute.targetHttpsProxies.*
compute.targetHttpsProxies.createcompute.targetHttpsProxies.createTagBindingcompute.targetHttpsProxies.deletecompute.targetHttpsProxies.deleteTagBindingcompute.targetHttpsProxies.getcompute.targetHttpsProxies.listcompute.targetHttpsProxies.listEffectiveTagscompute.targetHttpsProxies.listTagBindingscompute.targetHttpsProxies.setCertificateMapcompute.targetHttpsProxies.setQuicOverridecompute.targetHttpsProxies.setSslCertificatescompute.targetHttpsProxies.setSslPolicycompute.targetHttpsProxies.setUrlMapcompute.targetHttpsProxies.updatecompute.targetHttpsProxies.use
compute.targetInstances.*
compute.targetInstances.createcompute.targetInstances.createTagBindingcompute.targetInstances.deletecompute.targetInstances.deleteTagBindingcompute.targetInstances.getcompute.targetInstances.listcompute.targetInstances.listEffectiveTagscompute.targetInstances.listTagBindingscompute.targetInstances.setSecurityPolicycompute.targetInstances.use
compute.targetPools.*
compute.targetPools.addHealthCheckcompute.targetPools.addInstancecompute.targetPools.createcompute.targetPools.createTagBindingcompute.targetPools.deletecompute.targetPools.deleteTagBindingcompute.targetPools.getcompute.targetPools.listcompute.targetPools.listEffectiveTagscompute.targetPools.listTagBindingscompute.targetPools.removeHealthCheckcompute.targetPools.removeInstancecompute.targetPools.setSecurityPolicycompute.targetPools.updatecompute.targetPools.use
compute.targetSslProxies.*
compute.targetSslProxies.createcompute.targetSslProxies.createTagBindingcompute.targetSslProxies.deletecompute.targetSslProxies.deleteTagBindingcompute.targetSslProxies.getcompute.targetSslProxies.listcompute.targetSslProxies.listEffectiveTagscompute.targetSslProxies.listTagBindingscompute.targetSslProxies.setBackendServicecompute.targetSslProxies.setCertificateMapcompute.targetSslProxies.setProxyHeadercompute.targetSslProxies.setSslCertificatescompute.targetSslProxies.setSslPolicycompute.targetSslProxies.updatecompute.targetSslProxies.use
compute.targetTcpProxies.*
compute.targetTcpProxies.attachcompute.targetTcpProxies.createcompute.targetTcpProxies.createTagBindingcompute.targetTcpProxies.deletecompute.targetTcpProxies.deleteTagBindingcompute.targetTcpProxies.getcompute.targetTcpProxies.listcompute.targetTcpProxies.listEffectiveTagscompute.targetTcpProxies.listTagBindingscompute.targetTcpProxies.updatecompute.targetTcpProxies.use
compute.urlMaps.*
compute.urlMaps.createcompute.urlMaps.createTagBindingcompute.urlMaps.deletecompute.urlMaps.deleteTagBindingcompute.urlMaps.getcompute.urlMaps.invalidateCachecompute.urlMaps.listcompute.urlMaps.listEffectiveTagscompute.urlMaps.listTagBindingscompute.urlMaps.updatecompute.urlMaps.usecompute.urlMaps.validate
compute.zoneOperations.get
compute.zoneOperations.list
networksecurity.clientTlsPolicies.get
networksecurity.clientTlsPolicies.list
networksecurity.clientTlsPolicies.use
networksecurity.serverTlsPolicies.get
networksecurity.serverTlsPolicies.list
networksecurity.serverTlsPolicies.use
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.consumerpolicy.analyze
serviceusage.consumerpolicy.get
serviceusage.effectivepolicy.get
serviceusage.groups.*
serviceusage.groups.listserviceusage.groups.listExpandedMembersserviceusage.groups.listMembers
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
serviceusage.values.test
Compute Load Balancer Services User
(roles/compute.loadBalancerServiceUser)
Permissions to use services from a load balancer in other projects.
compute.backendBuckets.get
compute.backendBuckets.list
compute.backendBuckets.listEffectiveTags
compute.backendBuckets.listTagBindings
compute.backendBuckets.use
compute.backendServices.get
compute.backendServices.list
compute.backendServices.listEffectiveTags
compute.backendServices.listTagBindings
compute.backendServices.use
compute.projects.get
compute.regionBackendBuckets.get
compute.regionBackendBuckets.list
compute.regionBackendBuckets.listEffectiveTags
compute.regionBackendBuckets.listTagBindings
compute.regionBackendBuckets.use
compute.regionBackendServices.get
compute.regionBackendServices.list
compute.regionBackendServices.listEffectiveTags
compute.regionBackendServices.listTagBindings
compute.regionBackendServices.use
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.consumerpolicy.analyze
serviceusage.consumerpolicy.get
serviceusage.effectivepolicy.get
serviceusage.groups.*
serviceusage.groups.listserviceusage.groups.listExpandedMembersserviceusage.groups.listMembers
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
serviceusage.values.test
Compute Network Admin
(roles/compute.networkAdmin)
Permissions to create, modify, and delete networking resources, except for firewall rules and SSL certificates. The network admin role allows read-only access to firewall rules, SSL certificates, and instances (to view their ephemeral IP addresses). The network admin role does not allow a user to create, start, stop, or delete instances.
For example, if your company has a security team that manages firewalls and SSL certificates and a networking team that manages the rest of the networking resources, then grant this role to the networking team's group. Or, if you have a combined team that manages both security and networking, then grant this role as well as the roles/compute.securityAdmin role to the combined team's group.
Lowest-level resources where you can grant this role:
- Instance
compute.acceleratorTypes.*
compute.acceleratorTypes.getcompute.acceleratorTypes.list
compute.addresses.*
compute.addresses.createcompute.addresses.createInternalcompute.addresses.createTagBindingcompute.addresses.deletecompute.addresses.deleteInternalcompute.addresses.deleteTagBindingcompute.addresses.getcompute.addresses.listcompute.addresses.listEffectiveTagscompute.addresses.listTagBindingscompute.addresses.setLabelscompute.addresses.usecompute.addresses.useInternal
compute.autoscalers.get
compute.autoscalers.list
compute.backendBuckets.*
compute.backendBuckets.addSignedUrlKeycompute.backendBuckets.createcompute.backendBuckets.createTagBindingcompute.backendBuckets.deletecompute.backendBuckets.deleteSignedUrlKeycompute.backendBuckets.deleteTagBindingcompute.backendBuckets.getcompute.backendBuckets.getIamPolicycompute.backendBuckets.listcompute.backendBuckets.listEffectiveTagscompute.backendBuckets.listTagBindingscompute.backendBuckets.setIamPolicycompute.backendBuckets.setSecurityPolicycompute.backendBuckets.updatecompute.backendBuckets.use
compute.backendServices.*
compute.backendServices.addSignedUrlKeycompute.backendServices.createcompute.backendServices.createTagBindingcompute.backendServices.deletecompute.backendServices.deleteSignedUrlKeycompute.backendServices.deleteTagBindingcompute.backendServices.getcompute.backendServices.getIamPolicycompute.backendServices.listcompute.backendServices.listEffectiveTagscompute.backendServices.listTagBindingscompute.backendServices.setIamPolicycompute.backendServices.setSecurityPolicycompute.backendServices.updatecompute.backendServices.use
compute.crossSiteNetworks.*
compute.crossSiteNetworks.createcompute.crossSiteNetworks.deletecompute.crossSiteNetworks.getcompute.crossSiteNetworks.listcompute.crossSiteNetworks.update
compute.disks.listEffectiveTags
compute.disks.listTagBindings
compute.externalVpnGateways.*
compute.externalVpnGateways.createcompute.externalVpnGateways.createTagBindingcompute.externalVpnGateways.deletecompute.externalVpnGateways.deleteTagBindingcompute.externalVpnGateways.getcompute.externalVpnGateways.listcompute.externalVpnGateways.listEffectiveTagscompute.externalVpnGateways.listTagBindingscompute.externalVpnGateways.setLabelscompute.externalVpnGateways.use
compute.firewallPolicies.get
compute.firewallPolicies.list
compute.firewallPolicies.listEffectiveTags
compute.firewallPolicies.listTagBindings
compute.firewallPolicies.use
compute.firewalls.get
compute.firewalls.list
compute.firewalls.listEffectiveTags
compute.firewalls.listTagBindings
compute.forwardingRules.*
compute.forwardingRules.createcompute.forwardingRules.createTagBindingcompute.forwardingRules.deletecompute.forwardingRules.deleteTagBindingcompute.forwardingRules.getcompute.forwardingRules.listcompute.forwardingRules.listEffectiveTagscompute.forwardingRules.listTagBindingscompute.forwardingRules.pscCreatecompute.forwardingRules.pscDeletecompute.forwardingRules.pscSetLabelscompute.forwardingRules.pscUpdatecompute.forwardingRules.setLabelscompute.forwardingRules.setTargetcompute.forwardingRules.updatecompute.forwardingRules.use
compute.globalAddresses.*
compute.globalAddresses.createcompute.globalAddresses.createInternalcompute.globalAddresses.createTagBindingcompute.globalAddresses.deletecompute.globalAddresses.deleteInternalcompute.globalAddresses.deleteTagBindingcompute.globalAddresses.getcompute.globalAddresses.listcompute.globalAddresses.listEffectiveTagscompute.globalAddresses.listTagBindingscompute.globalAddresses.setLabelscompute.globalAddresses.use
compute.globalForwardingRules.*
compute.globalForwardingRules.createcompute.globalForwardingRules.createTagBindingcompute.globalForwardingRules.deletecompute.globalForwardingRules.deleteTagBindingcompute.globalForwardingRules.getcompute.globalForwardingRules.listcompute.globalForwardingRules.listEffectiveTagscompute.globalForwardingRules.listTagBindingscompute.globalForwardingRules.pscCreatecompute.globalForwardingRules.pscDeletecompute.globalForwardingRules.pscSetLabelscompute.globalForwardingRules.pscUpdatecompute.globalForwardingRules.setLabelscompute.globalForwardingRules.setTargetcompute.globalForwardingRules.update
compute.globalNetworkEndpointGroups.get
compute.globalNetworkEndpointGroups.list
compute.globalNetworkEndpointGroups.listEffectiveTags
compute.globalNetworkEndpointGroups.listTagBindings
compute.globalNetworkEndpointGroups.use
compute.globalOperations.get
compute.globalOperations.list
compute.globalPublicDelegatedPrefixes.delete
compute.globalPublicDelegatedPrefixes.get
compute.globalPublicDelegatedPrefixes.list
compute.globalPublicDelegatedPrefixes.updatePolicy
compute.healthChecks.*
compute.healthChecks.createcompute.healthChecks.createTagBindingcompute.healthChecks.deletecompute.healthChecks.deleteTagBindingcompute.healthChecks.getcompute.healthChecks.listcompute.healthChecks.listEffectiveTagscompute.healthChecks.listTagBindingscompute.healthChecks.updatecompute.healthChecks.usecompute.healthChecks.useReadOnly
compute.httpHealthChecks.*
compute.httpHealthChecks.createcompute.httpHealthChecks.createTagBindingcompute.httpHealthChecks.deletecompute.httpHealthChecks.deleteTagBindingcompute.httpHealthChecks.getcompute.httpHealthChecks.listcompute.httpHealthChecks.listEffectiveTagscompute.httpHealthChecks.listTagBindingscompute.httpHealthChecks.updatecompute.httpHealthChecks.usecompute.httpHealthChecks.useReadOnly
compute.httpsHealthChecks.*
compute.httpsHealthChecks.createcompute.httpsHealthChecks.createTagBindingcompute.httpsHealthChecks.deletecompute.httpsHealthChecks.deleteTagBindingcompute.httpsHealthChecks.getcompute.httpsHealthChecks.listcompute.httpsHealthChecks.listEffectiveTagscompute.httpsHealthChecks.listTagBindingscompute.httpsHealthChecks.updatecompute.httpsHealthChecks.usecompute.httpsHealthChecks.useReadOnly
compute.images.listEffectiveTags
compute.images.listTagBindings
compute.instanceGroupManagers.get
compute.instanceGroupManagers.list
compute.instanceGroupManagers.listEffectiveTags
compute.instanceGroupManagers.listTagBindings
compute.instanceGroupManagers.update
compute.instanceGroupManagers.use
compute.instanceGroups.get
compute.instanceGroups.list
compute.instanceGroups.listEffectiveTags
compute.instanceGroups.listTagBindings
compute.instanceGroups.update
compute.instanceGroups.use
compute.instanceSettings.get
compute.instances.get
compute.instances.getGuestAttributes
compute.instances.getScreenshot
compute.instances.getSerialPortOutput
compute.instances.list
compute.instances.listEffectiveTags
compute.instances.listReferrers
compute.instances.listTagBindings
compute.instances.updateSecurity
compute.instances.use
compute.instances.useReadOnly
compute.interconnectAttachmentGroups.*
compute.interconnectAttachmentGroups.createcompute.interconnectAttachmentGroups.deletecompute.interconnectAttachmentGroups.getcompute.interconnectAttachmentGroups.listcompute.interconnectAttachmentGroups.patch
compute.interconnectAttachments.*
compute.interconnectAttachments.createcompute.interconnectAttachments.createTagBindingcompute.interconnectAttachments.deletecompute.interconnectAttachments.deleteTagBindingcompute.interconnectAttachments.getcompute.interconnectAttachments.listcompute.interconnectAttachments.listEffectiveTagscompute.interconnectAttachments.listTagBindingscompute.interconnectAttachments.setLabelscompute.interconnectAttachments.updatecompute.interconnectAttachments.use
compute.interconnectGroups.*
compute.interconnectGroups.createcompute.interconnectGroups.deletecompute.interconnectGroups.getcompute.interconnectGroups.listcompute.interconnectGroups.patch
compute.interconnectLocations.*
compute.interconnectLocations.getcompute.interconnectLocations.list
compute.interconnectRemoteLocations.*
compute.interconnectRemoteLocations.getcompute.interconnectRemoteLocations.list
compute.interconnects.*
compute.interconnects.createcompute.interconnects.createTagBindingcompute.interconnects.deletecompute.interconnects.deleteTagBindingcompute.interconnects.getcompute.interconnects.getMacsecConfigcompute.interconnects.listcompute.interconnects.listEffectiveTagscompute.interconnects.listTagBindingscompute.interconnects.setLabelscompute.interconnects.updatecompute.interconnects.use
compute.machineTypes.*
compute.machineTypes.getcompute.machineTypes.list
compute.networkAttachments.*
compute.networkAttachments.createcompute.networkAttachments.createTagBindingcompute.networkAttachments.deletecompute.networkAttachments.deleteTagBindingcompute.networkAttachments.getcompute.networkAttachments.getIamPolicycompute.networkAttachments.listcompute.networkAttachments.listEffectiveTagscompute.networkAttachments.listTagBindingscompute.networkAttachments.setIamPolicycompute.networkAttachments.updatecompute.networkAttachments.use
compute.networkEndpointGroups.get
compute.networkEndpointGroups.list
compute.networkEndpointGroups.listEffectiveTags
compute.networkEndpointGroups.listTagBindings
compute.networkEndpointGroups.use
compute.networkProfiles.*
compute.networkProfiles.getcompute.networkProfiles.list
compute.networks.*
compute.networks.accesscompute.networks.addPeeringcompute.networks.createcompute.networks.createTagBindingcompute.networks.deletecompute.networks.deleteTagBindingcompute.networks.getcompute.networks.getEffectiveFirewallscompute.networks.getRegionEffectiveFirewallscompute.networks.listcompute.networks.listEffectiveTagscompute.networks.listPeeringRoutescompute.networks.listTagBindingscompute.networks.mirrorcompute.networks.removePeeringcompute.networks.setFirewallPolicycompute.networks.setNetworkPolicycompute.networks.switchToCustomModecompute.networks.updatecompute.networks.updatePeeringcompute.networks.updatePolicycompute.networks.usecompute.networks.useExternalIp
compute.packetMirrorings.get
compute.packetMirrorings.list
compute.packetMirrorings.listEffectiveTags
compute.packetMirrorings.listTagBindings
compute.projects.get
compute.publicDelegatedPrefixes.delete
compute.publicDelegatedPrefixes.get
compute.publicDelegatedPrefixes.list
compute.publicDelegatedPrefixes.listEffectiveTags
compute.publicDelegatedPrefixes.listTagBindings
compute.publicDelegatedPrefixes.update
compute.publicDelegatedPrefixes.updatePolicy
compute.regionBackendBuckets.*
compute.regionBackendBuckets.createcompute.regionBackendBuckets.createTagBindingcompute.regionBackendBuckets.deletecompute.regionBackendBuckets.deleteTagBindingcompute.regionBackendBuckets.getcompute.regionBackendBuckets.getIamPolicycompute.regionBackendBuckets.listcompute.regionBackendBuckets.listEffectiveTagscompute.regionBackendBuckets.listTagBindingscompute.regionBackendBuckets.setIamPolicycompute.regionBackendBuckets.updatecompute.regionBackendBuckets.use
compute.regionBackendServices.*
compute.regionBackendServices.createcompute.regionBackendServices.createTagBindingcompute.regionBackendServices.deletecompute.regionBackendServices.deleteTagBindingcompute.regionBackendServices.getcompute.regionBackendServices.getIamPolicycompute.regionBackendServices.listcompute.regionBackendServices.listEffectiveTagscompute.regionBackendServices.listTagBindingscompute.regionBackendServices.setIamPolicycompute.regionBackendServices.setSecurityPolicycompute.regionBackendServices.updatecompute.regionBackendServices.use
compute.regionCompositeHealthChecks.*
compute.regionCompositeHealthChecks.createcompute.regionCompositeHealthChecks.deletecompute.regionCompositeHealthChecks.getcompute.regionCompositeHealthChecks.listcompute.regionCompositeHealthChecks.update
compute.regionFirewallPolicies.get
compute.regionFirewallPolicies.list
compute.regionFirewallPolicies.listEffectiveTags
compute.regionFirewallPolicies.listTagBindings
compute.regionFirewallPolicies.use
compute.regionHealthAggregationPolicies.*
compute.regionHealthAggregationPolicies.createcompute.regionHealthAggregationPolicies.deletecompute.regionHealthAggregationPolicies.getcompute.regionHealthAggregationPolicies.listcompute.regionHealthAggregationPolicies.update
compute.regionHealthCheckServices.*
compute.regionHealthCheckServices.createcompute.regionHealthCheckServices.deletecompute.regionHealthCheckServices.getcompute.regionHealthCheckServices.listcompute.regionHealthCheckServices.updatecompute.regionHealthCheckServices.use
compute.regionHealthChecks.*
compute.regionHealthChecks.createcompute.regionHealthChecks.createTagBindingcompute.regionHealthChecks.deletecompute.regionHealthChecks.deleteTagBindingcompute.regionHealthChecks.getcompute.regionHealthChecks.listcompute.regionHealthChecks.listEffectiveTagscompute.regionHealthChecks.listTagBindingscompute.regionHealthChecks.updatecompute.regionHealthChecks.usecompute.regionHealthChecks.useReadOnly
compute.regionHealthSources.*
compute.regionHealthSources.createcompute.regionHealthSources.deletecompute.regionHealthSources.getcompute.regionHealthSources.listcompute.regionHealthSources.update
compute.regionNetworkEndpointGroups.get
compute.regionNetworkEndpointGroups.list
compute.regionNetworkEndpointGroups.listEffectiveTags
compute.regionNetworkEndpointGroups.listTagBindings
compute.regionNetworkEndpointGroups.use
compute.regionNetworkPolicies.*
compute.regionNetworkPolicies.createcompute.regionNetworkPolicies.deletecompute.regionNetworkPolicies.getcompute.regionNetworkPolicies.listcompute.regionNetworkPolicies.updatecompute.regionNetworkPolicies.use
compute.regionNotificationEndpoints.*
compute.regionNotificationEndpoints.createcompute.regionNotificationEndpoints.deletecompute.regionNotificationEndpoints.getcompute.regionNotificationEndpoints.listcompute.regionNotificationEndpoints.updatecompute.regionNotificationEndpoints.use
compute.regionOperations.get
compute.regionOperations.list
compute.regionSecurityPolicies.get
compute.regionSecurityPolicies.list
compute.regionSecurityPolicies.listEffectiveTags
compute.regionSecurityPolicies.listTagBindings
compute.regionSecurityPolicies.use
compute.regionSslCertificates.get
compute.regionSslCertificates.list
compute.regionSslCertificates.listEffectiveTags
compute.regionSslCertificates.listTagBindings
compute.regionSslPolicies.*
compute.regionSslPolicies.createcompute.regionSslPolicies.createTagBindingcompute.regionSslPolicies.deletecompute.regionSslPolicies.deleteTagBindingcompute.regionSslPolicies.getcompute.regionSslPolicies.listcompute.regionSslPolicies.listAvailableFeaturescompute.regionSslPolicies.listEffectiveTagscompute.regionSslPolicies.listTagBindingscompute.regionSslPolicies.updatecompute.regionSslPolicies.use
compute.regionTargetHttpProxies.*
compute.regionTargetHttpProxies.createcompute.regionTargetHttpProxies.createTagBindingcompute.regionTargetHttpProxies.deletecompute.regionTargetHttpProxies.deleteTagBindingcompute.regionTargetHttpProxies.getcompute.regionTargetHttpProxies.listcompute.regionTargetHttpProxies.listEffectiveTagscompute.regionTargetHttpProxies.listTagBindingscompute.regionTargetHttpProxies.setUrlMapcompute.regionTargetHttpProxies.use
compute.regionTargetHttpsProxies.*
compute.regionTargetHttpsProxies.createcompute.regionTargetHttpsProxies.createTagBindingcompute.regionTargetHttpsProxies.deletecompute.regionTargetHttpsProxies.deleteTagBindingcompute.regionTargetHttpsProxies.getcompute.regionTargetHttpsProxies.listcompute.regionTargetHttpsProxies.listEffectiveTagscompute.regionTargetHttpsProxies.listTagBindingscompute.regionTargetHttpsProxies.setSslCertificatescompute.regionTargetHttpsProxies.setUrlMapcompute.regionTargetHttpsProxies.updatecompute.regionTargetHttpsProxies.use
compute.regionTargetTcpProxies.*
compute.regionTargetTcpProxies.attachcompute.regionTargetTcpProxies.createcompute.regionTargetTcpProxies.createTagBindingcompute.regionTargetTcpProxies.deletecompute.regionTargetTcpProxies.deleteTagBindingcompute.regionTargetTcpProxies.getcompute.regionTargetTcpProxies.listcompute.regionTargetTcpProxies.listEffectiveTagscompute.regionTargetTcpProxies.listTagBindingscompute.regionTargetTcpProxies.use
compute.regionUrlMaps.*
compute.regionUrlMaps.createcompute.regionUrlMaps.createTagBindingcompute.regionUrlMaps.deletecompute.regionUrlMaps.deleteTagBindingcompute.regionUrlMaps.getcompute.regionUrlMaps.invalidateCachecompute.regionUrlMaps.listcompute.regionUrlMaps.listEffectiveTagscompute.regionUrlMaps.listTagBindingscompute.regionUrlMaps.updatecompute.regionUrlMaps.usecompute.regionUrlMaps.validate
compute.regions.*
compute.regions.getcompute.regions.list
compute.routers.*
compute.routers.createcompute.routers.createTagBindingcompute.routers.deletecompute.routers.deleteRoutePolicycompute.routers.deleteTagBindingcompute.routers.getcompute.routers.getRoutePolicycompute.routers.listcompute.routers.listBgpRoutescompute.routers.listEffectiveTagscompute.routers.listRoutePoliciescompute.routers.listTagBindingscompute.routers.updatecompute.routers.updateRoutePolicycompute.routers.use
compute.routes.*
compute.routes.createcompute.routes.createTagBindingcompute.routes.deletecompute.routes.deleteTagBindingcompute.routes.getcompute.routes.listcompute.routes.listEffectiveTagscompute.routes.listTagBindings
compute.securityPolicies.get
compute.securityPolicies.list
compute.securityPolicies.listEffectiveTags
compute.securityPolicies.listTagBindings
compute.securityPolicies.use
compute.serviceAttachments.*
compute.serviceAttachments.createcompute.serviceAttachments.createTagBindingcompute.serviceAttachments.deletecompute.serviceAttachments.deleteTagBindingcompute.serviceAttachments.getcompute.serviceAttachments.getIamPolicycompute.serviceAttachments.listcompute.serviceAttachments.listEffectiveTagscompute.serviceAttachments.listTagBindingscompute.serviceAttachments.setIamPolicycompute.serviceAttachments.updatecompute.serviceAttachments.use
compute.snapshots.listEffectiveTags
compute.snapshots.listTagBindings
compute.sslCertificates.get
compute.sslCertificates.list
compute.sslCertificates.listEffectiveTags
compute.sslCertificates.listTagBindings
compute.sslPolicies.*
compute.sslPolicies.createcompute.sslPolicies.createTagBindingcompute.sslPolicies.deletecompute.sslPolicies.deleteTagBindingcompute.sslPolicies.getcompute.sslPolicies.listcompute.sslPolicies.listAvailableFeaturescompute.sslPolicies.listEffectiveTagscompute.sslPolicies.listTagBindingscompute.sslPolicies.updatecompute.sslPolicies.use
compute.subnetworks.*
compute.subnetworks.createcompute.subnetworks.createTagBindingcompute.subnetworks.deletecompute.subnetworks.deleteTagBindingcompute.subnetworks.expandIpCidrRangecompute.subnetworks.getcompute.subnetworks.getIamPolicycompute.subnetworks.listcompute.subnetworks.listEffectiveTagscompute.subnetworks.listTagBindingscompute.subnetworks.mirrorcompute.subnetworks.setIamPolicycompute.subnetworks.setPrivateIpGoogleAccesscompute.subnetworks.updatecompute.subnetworks.usecompute.subnetworks.useExternalIpcompute.subnetworks.usePeerMigration
compute.targetGrpcProxies.*
compute.targetGrpcProxies.createcompute.targetGrpcProxies.createTagBindingcompute.targetGrpcProxies.deletecompute.targetGrpcProxies.deleteTagBindingcompute.targetGrpcProxies.getcompute.targetGrpcProxies.listcompute.targetGrpcProxies.listEffectiveTagscompute.targetGrpcProxies.listTagBindingscompute.targetGrpcProxies.updatecompute.targetGrpcProxies.use
compute.targetHttpProxies.*
compute.targetHttpProxies.createcompute.targetHttpProxies.createTagBindingcompute.targetHttpProxies.deletecompute.targetHttpProxies.deleteTagBindingcompute.targetHttpProxies.getcompute.targetHttpProxies.listcompute.targetHttpProxies.listEffectiveTagscompute.targetHttpProxies.listTagBindingscompute.targetHttpProxies.setUrlMapcompute.targetHttpProxies.updatecompute.targetHttpProxies.use
compute.targetHttpsProxies.*
compute.targetHttpsProxies.createcompute.targetHttpsProxies.createTagBindingcompute.targetHttpsProxies.deletecompute.targetHttpsProxies.deleteTagBindingcompute.targetHttpsProxies.getcompute.targetHttpsProxies.listcompute.targetHttpsProxies.listEffectiveTagscompute.targetHttpsProxies.listTagBindingscompute.targetHttpsProxies.setCertificateMapcompute.targetHttpsProxies.setQuicOverridecompute.targetHttpsProxies.setSslCertificatescompute.targetHttpsProxies.setSslPolicycompute.targetHttpsProxies.setUrlMapcompute.targetHttpsProxies.updatecompute.targetHttpsProxies.use
compute.targetInstances.*
compute.targetInstances.createcompute.targetInstances.createTagBindingcompute.targetInstances.deletecompute.targetInstances.deleteTagBindingcompute.targetInstances.getcompute.targetInstances.listcompute.targetInstances.listEffectiveTagscompute.targetInstances.listTagBindingscompute.targetInstances.setSecurityPolicycompute.targetInstances.use
compute.targetPools.*
compute.targetPools.addHealthCheckcompute.targetPools.addInstancecompute.targetPools.createcompute.targetPools.createTagBindingcompute.targetPools.deletecompute.targetPools.deleteTagBindingcompute.targetPools.getcompute.targetPools.listcompute.targetPools.listEffectiveTagscompute.targetPools.listTagBindingscompute.targetPools.removeHealthCheckcompute.targetPools.removeInstancecompute.targetPools.setSecurityPolicycompute.targetPools.updatecompute.targetPools.use
compute.targetSslProxies.*
compute.targetSslProxies.createcompute.targetSslProxies.createTagBindingcompute.targetSslProxies.deletecompute.targetSslProxies.deleteTagBindingcompute.targetSslProxies.getcompute.targetSslProxies.listcompute.targetSslProxies.listEffectiveTagscompute.targetSslProxies.listTagBindingscompute.targetSslProxies.setBackendServicecompute.targetSslProxies.setCertificateMapcompute.targetSslProxies.setProxyHeadercompute.targetSslProxies.setSslCertificatescompute.targetSslProxies.setSslPolicycompute.targetSslProxies.updatecompute.targetSslProxies.use
compute.targetTcpProxies.*
compute.targetTcpProxies.attachcompute.targetTcpProxies.createcompute.targetTcpProxies.createTagBindingcompute.targetTcpProxies.deletecompute.targetTcpProxies.deleteTagBindingcompute.targetTcpProxies.getcompute.targetTcpProxies.listcompute.targetTcpProxies.listEffectiveTagscompute.targetTcpProxies.listTagBindingscompute.targetTcpProxies.updatecompute.targetTcpProxies.use
compute.targetVpnGateways.*
compute.targetVpnGateways.createcompute.targetVpnGateways.createTagBindingcompute.targetVpnGateways.deletecompute.targetVpnGateways.deleteTagBindingcompute.targetVpnGateways.getcompute.targetVpnGateways.listcompute.targetVpnGateways.listEffectiveTagscompute.targetVpnGateways.listTagBindingscompute.targetVpnGateways.setLabelscompute.targetVpnGateways.use
compute.urlMaps.*
compute.urlMaps.createcompute.urlMaps.createTagBindingcompute.urlMaps.deletecompute.urlMaps.deleteTagBindingcompute.urlMaps.getcompute.urlMaps.invalidateCachecompute.urlMaps.listcompute.urlMaps.listEffectiveTagscompute.urlMaps.listTagBindingscompute.urlMaps.updatecompute.urlMaps.usecompute.urlMaps.validate
compute.vpnGateways.*
compute.vpnGateways.createcompute.vpnGateways.createTagBindingcompute.vpnGateways.deletecompute.vpnGateways.deleteTagBindingcompute.vpnGateways.getcompute.vpnGateways.listcompute.vpnGateways.listEffectiveTagscompute.vpnGateways.listTagBindingscompute.vpnGateways.setLabelscompute.vpnGateways.use
compute.vpnTunnels.*
compute.vpnTunnels.createcompute.vpnTunnels.createTagBindingcompute.vpnTunnels.deletecompute.vpnTunnels.deleteTagBindingcompute.vpnTunnels.getcompute.vpnTunnels.listcompute.vpnTunnels.listEffectiveTagscompute.vpnTunnels.listTagBindingscompute.vpnTunnels.setLabels
compute.wireGroups.*
compute.wireGroups.createcompute.wireGroups.deletecompute.wireGroups.getcompute.wireGroups.listcompute.wireGroups.update
compute.zoneOperations.get
compute.zoneOperations.list
compute.zones.*
compute.zones.getcompute.zones.list
networkconnectivity.internalRanges.*
networkconnectivity.internalRanges.createnetworkconnectivity.internalRanges.deletenetworkconnectivity.internalRanges.getnetworkconnectivity.internalRanges.getIamPolicynetworkconnectivity.internalRanges.listnetworkconnectivity.internalRanges.setIamPolicynetworkconnectivity.internalRanges.update
networkconnectivity.locations.*
networkconnectivity.locations.getnetworkconnectivity.locations.list
networkconnectivity.operations.*
networkconnectivity.operations.cancelnetworkconnectivity.operations.deletenetworkconnectivity.operations.getnetworkconnectivity.operations.list
networkconnectivity.policyBasedRoutes.*
networkconnectivity.policyBasedRoutes.createnetworkconnectivity.policyBasedRoutes.deletenetworkconnectivity.policyBasedRoutes.getnetworkconnectivity.policyBasedRoutes.getIamPolicynetworkconnectivity.policyBasedRoutes.listnetworkconnectivity.policyBasedRoutes.setIamPolicy
networkconnectivity.regionalEndpoints.*
networkconnectivity.regionalEndpoints.createnetworkconnectivity.regionalEndpoints.deletenetworkconnectivity.regionalEndpoints.getnetworkconnectivity.regionalEndpoints.list
networkconnectivity.serviceClasses.*
networkconnectivity.serviceClasses.createnetworkconnectivity.serviceClasses.deletenetworkconnectivity.serviceClasses.getnetworkconnectivity.serviceClasses.listnetworkconnectivity.serviceClasses.updatenetworkconnectivity.serviceClasses.use
networkconnectivity.serviceConnectionMaps.*
networkconnectivity.serviceConnectionMaps.createnetworkconnectivity.serviceConnectionMaps.deletenetworkconnectivity.serviceConnectionMaps.getnetworkconnectivity.serviceConnectionMaps.listnetworkconnectivity.serviceConnectionMaps.update
networkconnectivity.serviceConnectionPolicies.*
networkconnectivity.serviceConnectionPolicies.createnetworkconnectivity.serviceConnectionPolicies.deletenetworkconnectivity.serviceConnectionPolicies.getnetworkconnectivity.serviceConnectionPolicies.listnetworkconnectivity.serviceConnectionPolicies.update
networkmanagement.connectivitytests.get
networkmanagement.connectivitytests.list
networksecurity.addressGroups.*
networksecurity.addressGroups.createnetworksecurity.addressGroups.deletenetworksecurity.addressGroups.getnetworksecurity.addressGroups.getIamPolicynetworksecurity.addressGroups.listnetworksecurity.addressGroups.setIamPolicynetworksecurity.addressGroups.updatenetworksecurity.addressGroups.use
networksecurity.authorizationPolicies.*
networksecurity.authorizationPolicies.createnetworksecurity.authorizationPolicies.deletenetworksecurity.authorizationPolicies.getnetworksecurity.authorizationPolicies.getIamPolicynetworksecurity.authorizationPolicies.listnetworksecurity.authorizationPolicies.setIamPolicynetworksecurity.authorizationPolicies.updatenetworksecurity.authorizationPolicies.use
networksecurity.authzPolicies.*
networksecurity.authzPolicies.createnetworksecurity.authzPolicies.deletenetworksecurity.authzPolicies.getnetworksecurity.authzPolicies.getIamPolicynetworksecurity.authzPolicies.listnetworksecurity.authzPolicies.setIamPolicynetworksecurity.authzPolicies.update
networksecurity.backendAuthenticationConfigs.*
networksecurity.backendAuthenticationConfigs.createnetworksecurity.backendAuthenticationConfigs.deletenetworksecurity.backendAuthenticationConfigs.getnetworksecurity.backendAuthenticationConfigs.listnetworksecurity.backendAuthenticationConfigs.updatenetworksecurity.backendAuthenticationConfigs.use
networksecurity.clientTlsPolicies.*
networksecurity.clientTlsPolicies.createnetworksecurity.clientTlsPolicies.deletenetworksecurity.clientTlsPolicies.getnetworksecurity.clientTlsPolicies.getIamPolicynetworksecurity.clientTlsPolicies.listnetworksecurity.clientTlsPolicies.setIamPolicynetworksecurity.clientTlsPolicies.updatenetworksecurity.clientTlsPolicies.use
networksecurity.firewallEndpointAssociations.*
networksecurity.firewallEndpointAssociations.createnetworksecurity.firewallEndpointAssociations.deletenetworksecurity.firewallEndpointAssociations.getnetworksecurity.firewallEndpointAssociations.listnetworksecurity.firewallEndpointAssociations.update
networksecurity.firewallEndpoints.*
networksecurity.firewallEndpoints.createnetworksecurity.firewallEndpoints.deletenetworksecurity.firewallEndpoints.getnetworksecurity.firewallEndpoints.listnetworksecurity.firewallEndpoints.updatenetworksecurity.firewallEndpoints.use
networksecurity.gatewaySecurityPolicies.*
networksecurity.gatewaySecurityPolicies.createnetworksecurity.gatewaySecurityPolicies.deletenetworksecurity.gatewaySecurityPolicies.getnetworksecurity.gatewaySecurityPolicies.listnetworksecurity.gatewaySecurityPolicies.updatenetworksecurity.gatewaySecurityPolicies.use
networksecurity.gatewaySecurityPolicyRules.*
networksecurity.gatewaySecurityPolicyRules.createnetworksecurity.gatewaySecurityPolicyRules.deletenetworksecurity.gatewaySecurityPolicyRules.getnetworksecurity.gatewaySecurityPolicyRules.listnetworksecurity.gatewaySecurityPolicyRules.updatenetworksecurity.gatewaySecurityPolicyRules.use
networksecurity.locations.*
networksecurity.locations.getnetworksecurity.locations.list
networksecurity.operations.*
networksecurity.operations.cancelnetworksecurity.operations.deletenetworksecurity.operations.getnetworksecurity.operations.list
networksecurity.sacAttachments.*
networksecurity.sacAttachments.createnetworksecurity.sacAttachments.deletenetworksecurity.sacAttachments.getnetworksecurity.sacAttachments.list
networksecurity.sacRealms.*
networksecurity.sacRealms.createnetworksecurity.sacRealms.deletenetworksecurity.sacRealms.getnetworksecurity.sacRealms.list
networksecurity.securityProfileGroups.*
networksecurity.securityProfileGroups.createnetworksecurity.securityProfileGroups.deletenetworksecurity.securityProfileGroups.getnetworksecurity.securityProfileGroups.listnetworksecurity.securityProfileGroups.updatenetworksecurity.securityProfileGroups.use
networksecurity.securityProfiles.*
networksecurity.securityProfiles.createnetworksecurity.securityProfiles.deletenetworksecurity.securityProfiles.getnetworksecurity.securityProfiles.listnetworksecurity.securityProfiles.updatenetworksecurity.securityProfiles.use
networksecurity.serverTlsPolicies.*
networksecurity.serverTlsPolicies.createnetworksecurity.serverTlsPolicies.deletenetworksecurity.serverTlsPolicies.getnetworksecurity.serverTlsPolicies.getIamPolicynetworksecurity.serverTlsPolicies.listnetworksecurity.serverTlsPolicies.setIamPolicynetworksecurity.serverTlsPolicies.updatenetworksecurity.serverTlsPolicies.use
networksecurity.tlsInspectionPolicies.*
networksecurity.tlsInspectionPolicies.createnetworksecurity.tlsInspectionPolicies.deletenetworksecurity.tlsInspectionPolicies.getnetworksecurity.tlsInspectionPolicies.listnetworksecurity.tlsInspectionPolicies.updatenetworksecurity.tlsInspectionPolicies.use
networksecurity.urlLists.*
networksecurity.urlLists.createnetworksecurity.urlLists.deletenetworksecurity.urlLists.getnetworksecurity.urlLists.listnetworksecurity.urlLists.updatenetworksecurity.urlLists.use
networkservices.*
networkservices.authzExtensions.createnetworkservices.authzExtensions.deletenetworkservices.authzExtensions.getnetworkservices.authzExtensions.listnetworkservices.authzExtensions.updatenetworkservices.authzExtensions.usenetworkservices.endpointPolicies.createnetworkservices.endpointPolicies.deletenetworkservices.endpointPolicies.getnetworkservices.endpointPolicies.listnetworkservices.endpointPolicies.updatenetworkservices.gateways.createnetworkservices.gateways.deletenetworkservices.gateways.getnetworkservices.gateways.listnetworkservices.gateways.updatenetworkservices.gateways.usenetworkservices.grpcRoutes.createnetworkservices.grpcRoutes.deletenetworkservices.grpcRoutes.getnetworkservices.grpcRoutes.listnetworkservices.grpcRoutes.updatenetworkservices.httpFilters.createnetworkservices.httpFilters.deletenetworkservices.httpFilters.getnetworkservices.httpFilters.listnetworkservices.httpFilters.updatenetworkservices.httpRoutes.createnetworkservices.httpRoutes.deletenetworkservices.httpRoutes.getnetworkservices.httpRoutes.listnetworkservices.httpRoutes.updatenetworkservices.httpfilters.createnetworkservices.httpfilters.deletenetworkservices.httpfilters.getnetworkservices.httpfilters.getIamPolicynetworkservices.httpfilters.listnetworkservices.httpfilters.setIamPolicynetworkservices.httpfilters.updatenetworkservices.httpfilters.usenetworkservices.lbEdgeExtensions.createnetworkservices.lbEdgeExtensions.deletenetworkservices.lbEdgeExtensions.getnetworkservices.lbEdgeExtensions.listnetworkservices.lbEdgeExtensions.updatenetworkservices.lbRouteExtensions.createnetworkservices.lbRouteExtensions.deletenetworkservices.lbRouteExtensions.getnetworkservices.lbRouteExtensions.listnetworkservices.lbRouteExtensions.updatenetworkservices.lbTcpExtensions.createForNetworknetworkservices.lbTcpExtensions.deleteForNetworknetworkservices.lbTcpExtensions.getForNetworknetworkservices.lbTcpExtensions.listForNetworknetworkservices.lbTcpExtensions.updateForNetworknetworkservices.lbTrafficExtensions.createnetworkservices.lbTrafficExtensions.deletenetworkservices.lbTrafficExtensions.getnetworkservices.lbTrafficExtensions.listnetworkservices.lbTrafficExtensions.updatenetworkservices.locations.getnetworkservices.locations.listnetworkservices.meshes.createnetworkservices.meshes.deletenetworkservices.meshes.getnetworkservices.meshes.listnetworkservices.meshes.updatenetworkservices.meshes.usenetworkservices.operations.cancelnetworkservices.operations.deletenetworkservices.operations.getnetworkservices.operations.listnetworkservices.route_views.getnetworkservices.route_views.listnetworkservices.serviceBindings.createnetworkservices.serviceBindings.deletenetworkservices.serviceBindings.getnetworkservices.serviceBindings.listnetworkservices.serviceBindings.updatenetworkservices.serviceLbPolicies.createnetworkservices.serviceLbPolicies.deletenetworkservices.serviceLbPolicies.getnetworkservices.serviceLbPolicies.listnetworkservices.serviceLbPolicies.updatenetworkservices.swpSecurityExtensions.createnetworkservices.swpSecurityExtensions.deletenetworkservices.swpSecurityExtensions.getnetworkservices.swpSecurityExtensions.listnetworkservices.swpSecurityExtensions.updatenetworkservices.tcpRoutes.createnetworkservices.tcpRoutes.deletenetworkservices.tcpRoutes.getnetworkservices.tcpRoutes.listnetworkservices.tcpRoutes.updatenetworkservices.tlsRoutes.createnetworkservices.tlsRoutes.deletenetworkservices.tlsRoutes.getnetworkservices.tlsRoutes.listnetworkservices.tlsRoutes.updatenetworkservices.wasmPlugins.createnetworkservices.wasmPlugins.deletenetworkservices.wasmPlugins.getnetworkservices.wasmPlugins.listnetworkservices.wasmPlugins.updatenetworkservices.wasmPlugins.use
resourcemanager.projects.get
resourcemanager.projects.list
servicedirectory.namespaces.create
servicedirectory.namespaces.delete
servicedirectory.services.create
servicedirectory.services.delete
servicenetworking.operations.get
servicenetworking.services.addPeering
servicenetworking.services.createPeeredDnsDomain
servicenetworking.services.deleteConnection
servicenetworking.services.deletePeeredDnsDomain
servicenetworking.services.disableVpcServiceControls
servicenetworking.services.enableVpcServiceControls
servicenetworking.services.get
servicenetworking.services.getVpcServiceControls
servicenetworking.services.listPeeredDnsDomains
serviceusage.consumerpolicy.analyze
serviceusage.consumerpolicy.get
serviceusage.effectivepolicy.get
serviceusage.groups.*
serviceusage.groups.listserviceusage.groups.listExpandedMembersserviceusage.groups.listMembers
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
serviceusage.values.test
trafficdirector.*
trafficdirector.networks.getConfigstrafficdirector.networks.reportMetrics
Compute Network User
(roles/compute.networkUser)
Provides access to a shared VPC network
Once granted, service owners can use VPC networks and subnets that belong to the host project. For example, a network user can create a VM instance that belongs to a host project network but they cannot delete or create new networks in the host project.
Lowest-level resources where you can grant this role:
- Subnetwork
compute.addresses.createInternal
compute.addresses.deleteInternal
compute.addresses.get
compute.addresses.list
compute.addresses.listEffectiveTags
compute.addresses.listTagBindings
compute.addresses.useInternal
compute.crossSiteNetworks.get
compute.crossSiteNetworks.list
compute.externalVpnGateways.get
compute.externalVpnGateways.list
compute.externalVpnGateways.listEffectiveTags
compute.externalVpnGateways.listTagBindings
compute.externalVpnGateways.use
compute.firewalls.get
compute.firewalls.list
compute.firewalls.listEffectiveTags
compute.firewalls.listTagBindings
compute.instanceSettings.get
compute.interconnectAttachmentGroups.get
compute.interconnectAttachmentGroups.list
compute.interconnectAttachments.get
compute.interconnectAttachments.list
compute.interconnectAttachments.listEffectiveTags
compute.interconnectAttachments.listTagBindings
compute.interconnectGroups.get
compute.interconnectGroups.list
compute.interconnectLocations.*
compute.interconnectLocations.getcompute.interconnectLocations.list
compute.interconnectRemoteLocations.*
compute.interconnectRemoteLocations.getcompute.interconnectRemoteLocations.list
compute.interconnects.get
compute.interconnects.list
compute.interconnects.listEffectiveTags
compute.interconnects.listTagBindings
compute.interconnects.use
compute.networkAttachments.get
compute.networkAttachments.list
compute.networkAttachments.listEffectiveTags
compute.networkAttachments.listTagBindings
compute.networkProfiles.*
compute.networkProfiles.getcompute.networkProfiles.list
compute.networks.access
compute.networks.get
compute.networks.getEffectiveFirewalls
compute.networks.getRegionEffectiveFirewalls
compute.networks.list
compute.networks.listEffectiveTags
compute.networks.listPeeringRoutes
compute.networks.listTagBindings
compute.networks.use
compute.networks.useExternalIp
compute.projects.get
compute.regionCompositeHealthChecks.get
compute.regionCompositeHealthChecks.list
compute.regionHealthAggregationPolicies.get
compute.regionHealthAggregationPolicies.list
compute.regionHealthSources.get
compute.regionHealthSources.list
compute.regionNetworkPolicies.get
compute.regionNetworkPolicies.list
compute.regionNetworkPolicies.use
compute.regions.*
compute.regions.getcompute.regions.list
compute.routers.get
compute.routers.getRoutePolicy
compute.routers.list
compute.routers.listBgpRoutes
compute.routers.listEffectiveTags
compute.routers.listRoutePolicies
compute.routers.listTagBindings
compute.routes.get
compute.routes.list
compute.routes.listEffectiveTags
compute.routes.listTagBindings
compute.serviceAttachments.get
compute.serviceAttachments.list
compute.serviceAttachments.listEffectiveTags
compute.serviceAttachments.listTagBindings
compute.subnetworks.get
compute.subnetworks.list
compute.subnetworks.listEffectiveTags
compute.subnetworks.listTagBindings
compute.subnetworks.use
compute.subnetworks.useExternalIp
compute.targetVpnGateways.get
compute.targetVpnGateways.list
compute.targetVpnGateways.listEffectiveTags
compute.targetVpnGateways.listTagBindings
compute.vpnGateways.get
compute.vpnGateways.list
compute.vpnGateways.listEffectiveTags
compute.vpnGateways.listTagBindings
compute.vpnGateways.use
compute.vpnTunnels.get
compute.vpnTunnels.list
compute.vpnTunnels.listEffectiveTags
compute.vpnTunnels.listTagBindings
compute.wireGroups.get
compute.wireGroups.list
compute.zones.*
compute.zones.getcompute.zones.list
networkconnectivity.internalRanges.get
networkconnectivity.internalRanges.list
networkconnectivity.locations.*
networkconnectivity.locations.getnetworkconnectivity.locations.list
networkconnectivity.operations.get
networkconnectivity.operations.list
networkconnectivity.policyBasedRoutes.get
networkconnectivity.policyBasedRoutes.list
networkmanagement.connectivitytests.get
networkmanagement.connectivitytests.list
networksecurity.addressGroups.get
networksecurity.addressGroups.list
networksecurity.addressGroups.use
networksecurity.authorizationPolicies.get
networksecurity.authorizationPolicies.list
networksecurity.authorizationPolicies.use
networksecurity.authzPolicies.get
networksecurity.authzPolicies.list
networksecurity.clientTlsPolicies.get
networksecurity.clientTlsPolicies.list
networksecurity.clientTlsPolicies.use
networksecurity.firewallEndpointAssociations.get
networksecurity.firewallEndpointAssociations.list
networksecurity.firewallEndpoints.get
networksecurity.firewallEndpoints.list
networksecurity.firewallEndpoints.use
networksecurity.gatewaySecurityPolicies.get
networksecurity.gatewaySecurityPolicies.list
networksecurity.gatewaySecurityPolicies.use
networksecurity.gatewaySecurityPolicyRules.get
networksecurity.gatewaySecurityPolicyRules.list
networksecurity.gatewaySecurityPolicyRules.use
networksecurity.locations.*
networksecurity.locations.getnetworksecurity.locations.list
networksecurity.operations.get
networksecurity.operations.list
networksecurity.sacAttachments.*
networksecurity.sacAttachments.createnetworksecurity.sacAttachments.deletenetworksecurity.sacAttachments.getnetworksecurity.sacAttachments.list
networksecurity.sacRealms.get
networksecurity.sacRealms.list
networksecurity.securityProfileGroups.get
networksecurity.securityProfileGroups.list
networksecurity.securityProfileGroups.use
networksecurity.securityProfiles.get
networksecurity.securityProfiles.list
networksecurity.securityProfiles.use
networksecurity.serverTlsPolicies.get
networksecurity.serverTlsPolicies.list
networksecurity.serverTlsPolicies.use
networksecurity.tlsInspectionPolicies.get
networksecurity.tlsInspectionPolicies.list
networksecurity.tlsInspectionPolicies.use
networksecurity.urlLists.get
networksecurity.urlLists.list
networksecurity.urlLists.use
networkservices.authzExtensions.get
networkservices.authzExtensions.list
networkservices.authzExtensions.use
networkservices.endpointPolicies.get
networkservices.endpointPolicies.list
networkservices.gateways.get
networkservices.gateways.list
networkservices.gateways.use
networkservices.grpcRoutes.get
networkservices.grpcRoutes.list
networkservices.httpFilters.get
networkservices.httpFilters.list
networkservices.httpRoutes.get
networkservices.httpRoutes.list
networkservices.httpfilters.get
networkservices.httpfilters.list
networkservices.httpfilters.use
networkservices.lbEdgeExtensions.get
networkservices.lbEdgeExtensions.list
networkservices.lbRouteExtensions.get
networkservices.lbRouteExtensions.list
networkservices.lbTrafficExtensions.get
networkservices.lbTrafficExtensions.list
networkservices.locations.*
networkservices.locations.getnetworkservices.locations.list
networkservices.meshes.get
networkservices.meshes.list
networkservices.meshes.use
networkservices.operations.get
networkservices.operations.list
networkservices.route_views.*
networkservices.route_views.getnetworkservices.route_views.list
networkservices.serviceBindings.get
networkservices.serviceBindings.list
networkservices.serviceLbPolicies.get
networkservices.serviceLbPolicies.list
networkservices.swpSecurityExtensions.get
networkservices.swpSecurityExtensions.list
networkservices.tcpRoutes.get
networkservices.tcpRoutes.list
networkservices.tlsRoutes.get
networkservices.tlsRoutes.list
networkservices.wasmPlugins.get
networkservices.wasmPlugins.list
networkservices.wasmPlugins.use
resourcemanager.projects.get
resourcemanager.projects.list
servicenetworking.services.get
serviceusage.consumerpolicy.analyze
serviceusage.consumerpolicy.get
serviceusage.effectivepolicy.get
serviceusage.groups.*
serviceusage.groups.listserviceusage.groups.listExpandedMembersserviceusage.groups.listMembers
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
serviceusage.values.test
Compute Network Viewer
(roles/compute.networkViewer)
Read-only access to all networking resources
For example, if you have software that inspects your network configuration, you could grant this role to that software's service account.
Lowest-level resources where you can grant this role:
- Instance
compute.acceleratorTypes.*
compute.acceleratorTypes.getcompute.acceleratorTypes.list
compute.addresses.get
compute.addresses.list
compute.addresses.listEffectiveTags
compute.addresses.listTagBindings
compute.autoscalers.get
compute.autoscalers.list
compute.backendBuckets.get
compute.backendBuckets.list
compute.backendBuckets.listEffectiveTags
compute.backendBuckets.listTagBindings
compute.backendServices.get
compute.backendServices.list
compute.backendServices.listEffectiveTags
compute.backendServices.listTagBindings
compute.crossSiteNetworks.get
compute.crossSiteNetworks.list
compute.disks.listEffectiveTags
compute.disks.listTagBindings
compute.externalVpnGateways.get
compute.externalVpnGateways.list
compute.externalVpnGateways.listEffectiveTags
compute.externalVpnGateways.listTagBindings
compute.firewalls.get
compute.firewalls.list
compute.firewalls.listEffectiveTags
compute.firewalls.listTagBindings
compute.forwardingRules.get
compute.forwardingRules.list
compute.forwardingRules.listEffectiveTags
compute.forwardingRules.listTagBindings
compute.globalAddresses.get
compute.globalAddresses.list
compute.globalAddresses.listEffectiveTags
compute.globalAddresses.listTagBindings
compute.globalForwardingRules.get
compute.globalForwardingRules.list
compute.globalForwardingRules.listEffectiveTags
compute.globalForwardingRules.listTagBindings
compute.healthChecks.get
compute.healthChecks.list
compute.healthChecks.listEffectiveTags
compute.healthChecks.listTagBindings
compute.httpHealthChecks.get
compute.httpHealthChecks.list
compute.httpHealthChecks.listEffectiveTags
compute.httpHealthChecks.listTagBindings
compute.httpsHealthChecks.get
compute.httpsHealthChecks.list
compute.httpsHealthChecks.listEffectiveTags
compute.httpsHealthChecks.listTagBindings
compute.images.listEffectiveTags
compute.images.listTagBindings
compute.instanceGroupManagers.get
compute.instanceGroupManagers.list
compute.instanceGroupManagers.listEffectiveTags
compute.instanceGroupManagers.listTagBindings
compute.instanceGroups.get
compute.instanceGroups.list
compute.instanceGroups.listEffectiveTags
compute.instanceGroups.listTagBindings
compute.instanceSettings.get
compute.instances.get
compute.instances.getGuestAttributes
compute.instances.getScreenshot
compute.instances.getSerialPortOutput
compute.instances.list
compute.instances.listEffectiveTags
compute.instances.listReferrers
compute.instances.listTagBindings
compute.interconnectAttachmentGroups.get
compute.interconnectAttachmentGroups.list
compute.interconnectAttachments.get
compute.interconnectAttachments.list
compute.interconnectAttachments.listEffectiveTags
compute.interconnectAttachments.listTagBindings
compute.interconnectGroups.get
compute.interconnectGroups.list
compute.interconnectLocations.*
compute.interconnectLocations.getcompute.interconnectLocations.list
compute.interconnectRemoteLocations.*
compute.interconnectRemoteLocations.getcompute.interconnectRemoteLocations.list
compute.interconnects.get
compute.interconnects.list
compute.interconnects.listEffectiveTags
compute.interconnects.listTagBindings
compute.machineTypes.*
compute.machineTypes.getcompute.machineTypes.list
compute.networkAttachments.get
compute.networkAttachments.list
compute.networkAttachments.listEffectiveTags
compute.networkAttachments.listTagBindings
compute.networkProfiles.*
compute.networkProfiles.getcompute.networkProfiles.list
compute.networks.get
compute.networks.getEffectiveFirewalls
compute.networks.getRegionEffectiveFirewalls
compute.networks.list
compute.networks.listEffectiveTags
compute.networks.listPeeringRoutes
compute.networks.listTagBindings
compute.packetMirrorings.get
compute.packetMirrorings.list
compute.packetMirrorings.listEffectiveTags
compute.packetMirrorings.listTagBindings
compute.projects.get
compute.regionBackendBuckets.get
compute.regionBackendBuckets.list
compute.regionBackendBuckets.listEffectiveTags
compute.regionBackendBuckets.listTagBindings
compute.regionBackendServices.get
compute.regionBackendServices.list
compute.regionBackendServices.listEffectiveTags
compute.regionBackendServices.listTagBindings
compute.regionCompositeHealthChecks.get
compute.regionCompositeHealthChecks.list
compute.regionHealthAggregationPolicies.get
compute.regionHealthAggregationPolicies.list
compute.regionHealthCheckServices.get
compute.regionHealthCheckServices.list
compute.regionHealthChecks.get
compute.regionHealthChecks.list
compute.regionHealthChecks.listEffectiveTags
compute.regionHealthChecks.listTagBindings
compute.regionHealthSources.get
compute.regionHealthSources.list
compute.regionNetworkPolicies.get
compute.regionNetworkPolicies.list
compute.regionNotificationEndpoints.get
compute.regionNotificationEndpoints.list
compute.regionSslCertificates.get
compute.regionSslCertificates.list
compute.regionSslCertificates.listEffectiveTags
compute.regionSslCertificates.listTagBindings
compute.regionSslPolicies.get
compute.regionSslPolicies.list
compute.regionSslPolicies.listAvailableFeatures
compute.regionSslPolicies.listEffectiveTags
compute.regionSslPolicies.listTagBindings
compute.regionTargetHttpProxies.get
compute.regionTargetHttpProxies.list
compute.regionTargetHttpProxies.listEffectiveTags
compute.regionTargetHttpProxies.listTagBindings
compute.regionTargetHttpsProxies.get
compute.regionTargetHttpsProxies.list
compute.regionTargetHttpsProxies.listEffectiveTags
compute.regionTargetHttpsProxies.listTagBindings
compute.regionTargetTcpProxies.get
compute.regionTargetTcpProxies.list
compute.regionTargetTcpProxies.listEffectiveTags
compute.regionTargetTcpProxies.listTagBindings
compute.regionUrlMaps.get
compute.regionUrlMaps.list
compute.regionUrlMaps.listEffectiveTags
compute.regionUrlMaps.listTagBindings
compute.regions.*
compute.regions.getcompute.regions.list
compute.routers.get
compute.routers.getRoutePolicy
compute.routers.list
compute.routers.listBgpRoutes
compute.routers.listEffectiveTags
compute.routers.listRoutePolicies
compute.routers.listTagBindings
compute.routes.get
compute.routes.list
compute.routes.listEffectiveTags
compute.routes.listTagBindings
compute.serviceAttachments.get
compute.serviceAttachments.list
compute.serviceAttachments.listEffectiveTags
compute.serviceAttachments.listTagBindings
compute.snapshots.listEffectiveTags
compute.snapshots.listTagBindings
compute.sslCertificates.get
compute.sslCertificates.list
compute.sslCertificates.listEffectiveTags
compute.sslCertificates.listTagBindings
compute.sslPolicies.get
compute.sslPolicies.list
compute.sslPolicies.listAvailableFeatures
compute.sslPolicies.listEffectiveTags
compute.sslPolicies.listTagBindings
compute.subnetworks.get
compute.subnetworks.list
compute.subnetworks.listEffectiveTags
compute.subnetworks.listTagBindings
compute.targetGrpcProxies.get
compute.targetGrpcProxies.list
compute.targetGrpcProxies.listEffectiveTags
compute.targetGrpcProxies.listTagBindings
compute.targetHttpProxies.get
compute.targetHttpProxies.list
compute.targetHttpProxies.listEffectiveTags
compute.targetHttpProxies.listTagBindings
compute.targetHttpsProxies.get
compute.targetHttpsProxies.list
compute.targetHttpsProxies.listEffectiveTags
compute.targetHttpsProxies.listTagBindings
compute.targetInstances.get
compute.targetInstances.list
compute.targetInstances.listEffectiveTags
compute.targetInstances.listTagBindings
compute.targetPools.get
compute.targetPools.list
compute.targetPools.listEffectiveTags
compute.targetPools.listTagBindings
compute.targetSslProxies.get
compute.targetSslProxies.list
compute.targetSslProxies.listEffectiveTags
compute.targetSslProxies.listTagBindings
compute.targetTcpProxies.get
compute.targetTcpProxies.list
compute.targetTcpProxies.listEffectiveTags
compute.targetTcpProxies.listTagBindings
compute.targetVpnGateways.get
compute.targetVpnGateways.list
compute.targetVpnGateways.listEffectiveTags
compute.targetVpnGateways.listTagBindings
compute.urlMaps.get
compute.urlMaps.list
compute.urlMaps.listEffectiveTags
compute.urlMaps.listTagBindings
compute.vpnGateways.get
compute.vpnGateways.list
compute.vpnGateways.listEffectiveTags
compute.vpnGateways.listTagBindings
compute.vpnTunnels.get
compute.vpnTunnels.list
compute.vpnTunnels.listEffectiveTags
compute.vpnTunnels.listTagBindings
compute.wireGroups.get
compute.wireGroups.list
compute.zones.*
compute.zones.getcompute.zones.list
networkconnectivity.internalRanges.get
networkconnectivity.internalRanges.list
networkconnectivity.locations.*
networkconnectivity.locations.getnetworkconnectivity.locations.list
networkconnectivity.operations.get
networkconnectivity.operations.list
networkconnectivity.policyBasedRoutes.get
networkconnectivity.policyBasedRoutes.list
networkmanagement.connectivitytests.get
networkmanagement.connectivitytests.list
networksecurity.addressGroups.get
networksecurity.addressGroups.list
networksecurity.authorizationPolicies.get
networksecurity.authorizationPolicies.list
networksecurity.authzPolicies.get
networksecurity.authzPolicies.list
networksecurity.clientTlsPolicies.get
networksecurity.clientTlsPolicies.list
networksecurity.firewallEndpointAssociations.get
networksecurity.firewallEndpointAssociations.list
networksecurity.firewallEndpoints.get
networksecurity.firewallEndpoints.list
networksecurity.gatewaySecurityPolicies.get
networksecurity.gatewaySecurityPolicies.list
networksecurity.gatewaySecurityPolicyRules.get
networksecurity.gatewaySecurityPolicyRules.list
networksecurity.locations.*
networksecurity.locations.getnetworksecurity.locations.list
networksecurity.operations.get
networksecurity.operations.list
networksecurity.sacAttachments.get
networksecurity.sacAttachments.list
networksecurity.sacRealms.get
networksecurity.sacRealms.list
networksecurity.securityProfileGroups.get
networksecurity.securityProfileGroups.list
networksecurity.securityProfiles.get
networksecurity.securityProfiles.list
networksecurity.serverTlsPolicies.get
networksecurity.serverTlsPolicies.list
networksecurity.tlsInspectionPolicies.get
networksecurity.tlsInspectionPolicies.list
networksecurity.urlLists.get
networksecurity.urlLists.list
networkservices.authzExtensions.get
networkservices.authzExtensions.list
networkservices.endpointPolicies.get
networkservices.endpointPolicies.list
networkservices.gateways.get
networkservices.gateways.list
networkservices.grpcRoutes.get
networkservices.grpcRoutes.list
networkservices.httpFilters.get
networkservices.httpFilters.list
networkservices.httpRoutes.get
networkservices.httpRoutes.list
networkservices.httpfilters.get
networkservices.httpfilters.list
networkservices.lbEdgeExtensions.get
networkservices.lbEdgeExtensions.list
networkservices.lbRouteExtensions.get
networkservices.lbRouteExtensions.list
networkservices.lbTrafficExtensions.get
networkservices.lbTrafficExtensions.list
networkservices.locations.*
networkservices.locations.getnetworkservices.locations.list
networkservices.meshes.get
networkservices.meshes.list
networkservices.operations.get
networkservices.operations.list
networkservices.route_views.*
networkservices.route_views.getnetworkservices.route_views.list
networkservices.serviceBindings.get
networkservices.serviceBindings.list
networkservices.serviceLbPolicies.get
networkservices.serviceLbPolicies.list
networkservices.swpSecurityExtensions.get
networkservices.swpSecurityExtensions.list
networkservices.tcpRoutes.get
networkservices.tcpRoutes.list
networkservices.tlsRoutes.get
networkservices.tlsRoutes.list
networkservices.wasmPlugins.get
networkservices.wasmPlugins.list
resourcemanager.projects.get
resourcemanager.projects.list
servicenetworking.services.get
serviceusage.consumerpolicy.analyze
serviceusage.consumerpolicy.get
serviceusage.effectivepolicy.get
serviceusage.groups.*
serviceusage.groups.listserviceusage.groups.listExpandedMembersserviceusage.groups.listMembers
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
serviceusage.values.test
trafficdirector.*
trafficdirector.networks.getConfigstrafficdirector.networks.reportMetrics
Compute Organization Firewall Policy Admin
(roles/compute.orgFirewallPolicyAdmin)
Full control of Compute Engine Organization Firewall Policies.
compute.firewallPolicies.*
compute.firewallPolicies.cloneRulescompute.firewallPolicies.copyRulescompute.firewallPolicies.createcompute.firewallPolicies.createTagBindingcompute.firewallPolicies.deletecompute.firewallPolicies.deleteTagBindingcompute.firewallPolicies.getcompute.firewallPolicies.getIamPolicycompute.firewallPolicies.listcompute.firewallPolicies.listEffectiveTagscompute.firewallPolicies.listTagBindingscompute.firewallPolicies.movecompute.firewallPolicies.setIamPolicycompute.firewallPolicies.updatecompute.firewallPolicies.use
compute.globalOperations.get
compute.globalOperations.getIamPolicy
compute.globalOperations.list
compute.globalOperations.setIamPolicy
compute.projects.get
compute.regionFirewallPolicies.*
compute.regionFirewallPolicies.cloneRulescompute.regionFirewallPolicies.createcompute.regionFirewallPolicies.createTagBindingcompute.regionFirewallPolicies.deletecompute.regionFirewallPolicies.deleteTagBindingcompute.regionFirewallPolicies.getcompute.regionFirewallPolicies.getIamPolicycompute.regionFirewallPolicies.listcompute.regionFirewallPolicies.listEffectiveTagscompute.regionFirewallPolicies.listTagBindingscompute.regionFirewallPolicies.setIamPolicycompute.regionFirewallPolicies.updatecompute.regionFirewallPolicies.use
compute.regionOperations.get
compute.regionOperations.getIamPolicy
compute.regionOperations.list
compute.regionOperations.setIamPolicy
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.consumerpolicy.analyze
serviceusage.consumerpolicy.get
serviceusage.effectivepolicy.get
serviceusage.groups.*
serviceusage.groups.listserviceusage.groups.listExpandedMembersserviceusage.groups.listMembers
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
serviceusage.values.test
Compute Organization Firewall Policy User
(roles/compute.orgFirewallPolicyUser)
View or use Compute Engine Firewall Policies to associate with the organization or folders.
compute.firewallPolicies.get
compute.firewallPolicies.list
compute.firewallPolicies.listEffectiveTags
compute.firewallPolicies.listTagBindings
compute.firewallPolicies.use
compute.globalOperations.get
compute.globalOperations.getIamPolicy
compute.globalOperations.list
compute.projects.get
compute.regionFirewallPolicies.get
compute.regionFirewallPolicies.list
compute.regionFirewallPolicies.listEffectiveTags
compute.regionFirewallPolicies.listTagBindings
compute.regionFirewallPolicies.use
compute.regionOperations.get
compute.regionOperations.getIamPolicy
compute.regionOperations.list
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.consumerpolicy.analyze
serviceusage.consumerpolicy.get
serviceusage.effectivepolicy.get
serviceusage.groups.*
serviceusage.groups.listserviceusage.groups.listExpandedMembersserviceusage.groups.listMembers
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
serviceusage.values.test
Compute Organization Security Policy Admin
(roles/compute.orgSecurityPolicyAdmin)
Full control of Compute Engine Organization Security Policies.
compute.firewallPolicies.*
compute.firewallPolicies.cloneRulescompute.firewallPolicies.copyRulescompute.firewallPolicies.createcompute.firewallPolicies.createTagBindingcompute.firewallPolicies.deletecompute.firewallPolicies.deleteTagBindingcompute.firewallPolicies.getcompute.firewallPolicies.getIamPolicycompute.firewallPolicies.listcompute.firewallPolicies.listEffectiveTagscompute.firewallPolicies.listTagBindingscompute.firewallPolicies.movecompute.firewallPolicies.setIamPolicycompute.firewallPolicies.updatecompute.firewallPolicies.use
compute.globalOperations.get
compute.globalOperations.getIamPolicy
compute.globalOperations.list
compute.globalOperations.setIamPolicy
compute.projects.get
compute.securityPolicies.addAssociation
compute.securityPolicies.copyRules
compute.securityPolicies.create
compute.securityPolicies.createTagBinding
compute.securityPolicies.delete
compute.securityPolicies.deleteTagBinding
compute.securityPolicies.get
compute.securityPolicies.list
compute.securityPolicies.listEffectiveTags
compute.securityPolicies.listTagBindings
compute.securityPolicies.move
compute.securityPolicies.removeAssociation
compute.securityPolicies.update
compute.securityPolicies.use
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.consumerpolicy.analyze
serviceusage.consumerpolicy.get
serviceusage.effectivepolicy.get
serviceusage.groups.*
serviceusage.groups.listserviceusage.groups.listExpandedMembersserviceusage.groups.listMembers
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
serviceusage.values.test
Compute Organization Security Policy User
(roles/compute.orgSecurityPolicyUser)
View or use Compute Engine Security Policies to associate with the organization or folders.
compute.firewallPolicies.get
compute.firewallPolicies.list
compute.firewallPolicies.listEffectiveTags
compute.firewallPolicies.listTagBindings
compute.firewallPolicies.use
compute.globalOperations.get
compute.globalOperations.getIamPolicy
compute.globalOperations.list
compute.globalOperations.setIamPolicy
compute.projects.get
compute.securityPolicies.addAssociation
compute.securityPolicies.get
compute.securityPolicies.list
compute.securityPolicies.listEffectiveTags
compute.securityPolicies.listTagBindings
compute.securityPolicies.removeAssociation
compute.securityPolicies.use
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.consumerpolicy.analyze
serviceusage.consumerpolicy.get
serviceusage.effectivepolicy.get
serviceusage.groups.*
serviceusage.groups.listserviceusage.groups.listExpandedMembersserviceusage.groups.listMembers
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
serviceusage.values.test
Compute Organization Resource Admin
(roles/compute.orgSecurityResourceAdmin)
Full control of Compute Engine Firewall Policy associations to the organization or folders.
compute.globalOperations.get
compute.globalOperations.getIamPolicy
compute.globalOperations.list
compute.globalOperations.setIamPolicy
compute.organizations.listAssociations
compute.organizations.setFirewallPolicy
compute.organizations.setSecurityPolicy
compute.projects.get
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.consumerpolicy.analyze
serviceusage.consumerpolicy.get
serviceusage.effectivepolicy.get
serviceusage.groups.*
serviceusage.groups.listserviceusage.groups.listExpandedMembersserviceusage.groups.listMembers
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
serviceusage.values.test
Compute OS Admin Login
(roles/compute.osAdminLogin)
Access to log in to a Compute Engine instance as an administrator user.
Lowest-level resources where you can grant this role:
- Instance
compute.disks.listEffectiveTags
compute.disks.listTagBindings
compute.images.listEffectiveTags
compute.images.listTagBindings
compute.instanceSettings.get
compute.instances.get
compute.instances.list
compute.instances.listEffectiveTags
compute.instances.listTagBindings
compute.instances.osAdminLogin
compute.instances.osLogin
compute.projects.get
compute.snapshots.listEffectiveTags
compute.snapshots.listTagBindings
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.consumerpolicy.analyze
serviceusage.consumerpolicy.get
serviceusage.effectivepolicy.get
serviceusage.groups.*
serviceusage.groups.listserviceusage.groups.listExpandedMembersserviceusage.groups.listMembers
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
serviceusage.values.test
Compute OS Login
(roles/compute.osLogin)
Access to log in to a Compute Engine instance as a standard user.
Lowest-level resources where you can grant this role:
- Instance
compute.disks.listEffectiveTags
compute.disks.listTagBindings
compute.images.listEffectiveTags
compute.images.listTagBindings
compute.instanceSettings.get
compute.instances.get
compute.instances.list
compute.instances.listEffectiveTags
compute.instances.listTagBindings
compute.instances.osLogin
compute.projects.get
compute.snapshots.listEffectiveTags
compute.snapshots.listTagBindings
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.consumerpolicy.analyze
serviceusage.consumerpolicy.get
serviceusage.effectivepolicy.get
serviceusage.groups.*
serviceusage.groups.listserviceusage.groups.listExpandedMembersserviceusage.groups.listMembers
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
serviceusage.values.test
Compute OS Login External User
(roles/compute.osLoginExternalUser)
Available only at the organization level.
Access for an external user to set OS Login information associated with this organization. This role does not grant access to instances. External users must be granted one of the requiredOS Login roles in order to allow access to instances using SSH.
Lowest-level resources where you can grant this role:
- Organization
compute.oslogin.updateExternalUser
Compute packet mirroring admin
(roles/compute.packetMirroringAdmin)
Specify resources to be mirrored.
compute.instances.updateSecurity
compute.networks.mirror
compute.projects.get
compute.subnetworks.mirror
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.consumerpolicy.analyze
serviceusage.consumerpolicy.get
serviceusage.effectivepolicy.get
serviceusage.groups.*
serviceusage.groups.listserviceusage.groups.listExpandedMembersserviceusage.groups.listMembers
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
serviceusage.values.test
Compute packet mirroring user
(roles/compute.packetMirroringUser)
Use Compute Engine packet mirrorings.
compute.packetMirrorings.*
compute.packetMirrorings.createcompute.packetMirrorings.createTagBindingcompute.packetMirrorings.deletecompute.packetMirrorings.deleteTagBindingcompute.packetMirrorings.getcompute.packetMirrorings.listcompute.packetMirrorings.listEffectiveTagscompute.packetMirrorings.listTagBindingscompute.packetMirrorings.update
compute.projects.get
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.consumerpolicy.analyze
serviceusage.consumerpolicy.get
serviceusage.effectivepolicy.get
serviceusage.groups.*
serviceusage.groups.listserviceusage.groups.listExpandedMembersserviceusage.groups.listMembers
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
serviceusage.values.test
Compute Peer Subnet Migration Admin
(roles/compute.peerSubnetMigrationAdmin)
Use subnetwork whose PURPOSE is "PEER_MIGRATION"
compute.addresses.createInternal
compute.addresses.deleteInternal
compute.addresses.get
compute.addresses.use
compute.forwardingRules.create
compute.forwardingRules.delete
compute.forwardingRules.get
compute.forwardingRules.list
compute.forwardingRules.pscCreate
compute.forwardingRules.pscDelete
compute.forwardingRules.pscUpdate
compute.forwardingRules.update
compute.networks.use
compute.regionOperations.get
compute.regions.list
compute.subnetworks.use
compute.subnetworks.usePeerMigration
servicedirectory.namespaces.create
servicedirectory.services.create
servicedirectory.services.delete
Compute Public IP Admin
(roles/compute.publicIpAdmin)
Full control of public IP address management for Compute Engine.
compute.addresses.*
compute.addresses.createcompute.addresses.createInternalcompute.addresses.createTagBindingcompute.addresses.deletecompute.addresses.deleteInternalcompute.addresses.deleteTagBindingcompute.addresses.getcompute.addresses.listcompute.addresses.listEffectiveTagscompute.addresses.listTagBindingscompute.addresses.setLabelscompute.addresses.usecompute.addresses.useInternal
compute.globalAddresses.*
compute.globalAddresses.createcompute.globalAddresses.createInternalcompute.globalAddresses.createTagBindingcompute.globalAddresses.deletecompute.globalAddresses.deleteInternalcompute.globalAddresses.deleteTagBindingcompute.globalAddresses.getcompute.globalAddresses.listcompute.globalAddresses.listEffectiveTagscompute.globalAddresses.listTagBindingscompute.globalAddresses.setLabelscompute.globalAddresses.use
compute.globalPublicDelegatedPrefixes.*
compute.globalPublicDelegatedPrefixes.createcompute.globalPublicDelegatedPrefixes.deletecompute.globalPublicDelegatedPrefixes.getcompute.globalPublicDelegatedPrefixes.listcompute.globalPublicDelegatedPrefixes.updatePolicy
compute.publicAdvertisedPrefixes.*
compute.publicAdvertisedPrefixes.createcompute.publicAdvertisedPrefixes.deletecompute.publicAdvertisedPrefixes.getcompute.publicAdvertisedPrefixes.listcompute.publicAdvertisedPrefixes.updatecompute.publicAdvertisedPrefixes.updatePolicy
compute.publicDelegatedPrefixes.*
compute.publicDelegatedPrefixes.announcecompute.publicDelegatedPrefixes.createcompute.publicDelegatedPrefixes.createTagBindingcompute.publicDelegatedPrefixes.deletecompute.publicDelegatedPrefixes.deleteTagBindingcompute.publicDelegatedPrefixes.getcompute.publicDelegatedPrefixes.listcompute.publicDelegatedPrefixes.listEffectiveTagscompute.publicDelegatedPrefixes.listTagBindingscompute.publicDelegatedPrefixes.updatecompute.publicDelegatedPrefixes.updatePolicycompute.publicDelegatedPrefixes.usecompute.publicDelegatedPrefixes.withdraw
resourcemanager.projects.get
resourcemanager.projects.list
Compute Security Admin
(roles/compute.securityAdmin)
Permissions to create, modify, and delete firewall rules and SSL certificates, and also to configure Shielded VMsettings.
For example, if your company has a security team that manages firewalls and SSL certificates and a networking team that manages the rest of the networking resources, then grant this role to the security team's group.
Lowest-level resources where you can grant this role:
- Instance
compute.backendBuckets.list
compute.backendServices.list
compute.firewallPolicies.*
compute.firewallPolicies.cloneRulescompute.firewallPolicies.copyRulescompute.firewallPolicies.createcompute.firewallPolicies.createTagBindingcompute.firewallPolicies.deletecompute.firewallPolicies.deleteTagBindingcompute.firewallPolicies.getcompute.firewallPolicies.getIamPolicycompute.firewallPolicies.listcompute.firewallPolicies.listEffectiveTagscompute.firewallPolicies.listTagBindingscompute.firewallPolicies.movecompute.firewallPolicies.setIamPolicycompute.firewallPolicies.updatecompute.firewallPolicies.use
compute.firewalls.*
compute.firewalls.createcompute.firewalls.createTagBindingcompute.firewalls.deletecompute.firewalls.deleteTagBindingcompute.firewalls.getcompute.firewalls.listcompute.firewalls.listEffectiveTagscompute.firewalls.listTagBindingscompute.firewalls.update
compute.globalOperations.get
compute.globalOperations.list
compute.instanceSettings.get
compute.instances.getEffectiveFirewalls
compute.instances.list
compute.instances.setShieldedInstanceIntegrityPolicy
compute.instances.setShieldedVmIntegrityPolicy
compute.instances.updateSecurity
compute.instances.updateShieldedInstanceConfig
compute.instances.updateShieldedVmConfig
compute.networks.get
compute.networks.getEffectiveFirewalls
compute.networks.getRegionEffectiveFirewalls
compute.networks.list
compute.networks.listEffectiveTags
compute.networks.listTagBindings
compute.networks.updatePolicy
compute.packetMirrorings.*
compute.packetMirrorings.createcompute.packetMirrorings.createTagBindingcompute.packetMirrorings.deletecompute.packetMirrorings.deleteTagBindingcompute.packetMirrorings.getcompute.packetMirrorings.listcompute.packetMirrorings.listEffectiveTagscompute.packetMirrorings.listTagBindingscompute.packetMirrorings.update
compute.projects.get
compute.regionBackendBuckets.list
compute.regionBackendServices.list
compute.regionFirewallPolicies.*
compute.regionFirewallPolicies.cloneRulescompute.regionFirewallPolicies.createcompute.regionFirewallPolicies.createTagBindingcompute.regionFirewallPolicies.deletecompute.regionFirewallPolicies.deleteTagBindingcompute.regionFirewallPolicies.getcompute.regionFirewallPolicies.getIamPolicycompute.regionFirewallPolicies.listcompute.regionFirewallPolicies.listEffectiveTagscompute.regionFirewallPolicies.listTagBindingscompute.regionFirewallPolicies.setIamPolicycompute.regionFirewallPolicies.updatecompute.regionFirewallPolicies.use
compute.regionOperations.get
compute.regionOperations.list
compute.regionSecurityPolicies.*
compute.regionSecurityPolicies.createcompute.regionSecurityPolicies.createTagBindingcompute.regionSecurityPolicies.deletecompute.regionSecurityPolicies.deleteTagBindingcompute.regionSecurityPolicies.getcompute.regionSecurityPolicies.listcompute.regionSecurityPolicies.listEffectiveTagscompute.regionSecurityPolicies.listTagBindingscompute.regionSecurityPolicies.updatecompute.regionSecurityPolicies.use
compute.regionSslCertificates.*
compute.regionSslCertificates.createcompute.regionSslCertificates.createTagBindingcompute.regionSslCertificates.deletecompute.regionSslCertificates.deleteTagBindingcompute.regionSslCertificates.getcompute.regionSslCertificates.listcompute.regionSslCertificates.listEffectiveTagscompute.regionSslCertificates.listTagBindings
compute.regionSslPolicies.*
compute.regionSslPolicies.createcompute.regionSslPolicies.createTagBindingcompute.regionSslPolicies.deletecompute.regionSslPolicies.deleteTagBindingcompute.regionSslPolicies.getcompute.regionSslPolicies.listcompute.regionSslPolicies.listAvailableFeaturescompute.regionSslPolicies.listEffectiveTagscompute.regionSslPolicies.listTagBindingscompute.regionSslPolicies.updatecompute.regionSslPolicies.use
compute.regions.*
compute.regions.getcompute.regions.list
compute.routers.get
compute.routers.getRoutePolicy
compute.routers.list
compute.routers.listBgpRoutes
compute.routers.listEffectiveTags
compute.routers.listRoutePolicies
compute.routers.listTagBindings
compute.routes.get
compute.routes.list
compute.routes.listEffectiveTags
compute.routes.listTagBindings
compute.securityPolicies.*
compute.securityPolicies.addAssociationcompute.securityPolicies.copyRulescompute.securityPolicies.createcompute.securityPolicies.createTagBindingcompute.securityPolicies.deletecompute.securityPolicies.deleteTagBindingcompute.securityPolicies.getcompute.securityPolicies.listcompute.securityPolicies.listEffectiveTagscompute.securityPolicies.listTagBindingscompute.securityPolicies.movecompute.securityPolicies.removeAssociationcompute.securityPolicies.setLabelscompute.securityPolicies.updatecompute.securityPolicies.use
compute.sslCertificates.*
compute.sslCertificates.createcompute.sslCertificates.createTagBindingcompute.sslCertificates.deletecompute.sslCertificates.deleteTagBindingcompute.sslCertificates.getcompute.sslCertificates.listcompute.sslCertificates.listEffectiveTagscompute.sslCertificates.listTagBindings
compute.sslPolicies.*
compute.sslPolicies.createcompute.sslPolicies.createTagBindingcompute.sslPolicies.deletecompute.sslPolicies.deleteTagBindingcompute.sslPolicies.getcompute.sslPolicies.listcompute.sslPolicies.listAvailableFeaturescompute.sslPolicies.listEffectiveTagscompute.sslPolicies.listTagBindingscompute.sslPolicies.updatecompute.sslPolicies.use
compute.subnetworks.get
compute.subnetworks.list
compute.subnetworks.listEffectiveTags
compute.subnetworks.listTagBindings
compute.targetInstances.list
compute.targetPools.list
compute.zoneOperations.get
compute.zoneOperations.list
compute.zones.*
compute.zones.getcompute.zones.list
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.consumerpolicy.analyze
serviceusage.consumerpolicy.get
serviceusage.effectivepolicy.get
serviceusage.groups.*
serviceusage.groups.listserviceusage.groups.listExpandedMembersserviceusage.groups.listMembers
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
serviceusage.values.test
Compute Engine Service Agent
(roles/compute.serviceAgent)
Gives Compute Engine Service Account access to assert service account authority. Includes access to service accounts.
cloudnotifications.activities.list
compute.addresses.use
compute.addresses.useInternal
compute.disks.create
compute.disks.createTagBinding
compute.disks.delete
compute.disks.get
compute.disks.setLabels
compute.disks.use
compute.disks.useReadOnly
compute.forwardingRules.create
compute.forwardingRules.delete
compute.forwardingRules.get
compute.globalOperations.get
compute.healthChecks.create
compute.healthChecks.delete
compute.healthChecks.get
compute.healthChecks.update
compute.images.useReadOnly
compute.instanceGroupManagers.get
compute.instanceTemplates.useReadOnly
compute.instances.attachDisk
compute.instances.create
compute.instances.createTagBinding
compute.instances.delete
compute.instances.detachDisk
compute.instances.get
compute.instances.setDeletionProtection
compute.instances.setLabels
compute.instances.setMetadata
compute.instances.setServiceAccount
compute.instances.setTags
compute.instances.start
compute.instances.stop
compute.instances.update
compute.instances.updateDisplayDevice
compute.instances.use
compute.machineImages.useReadOnly
compute.networkEndpointGroups.attachNetworkEndpoints
compute.networkEndpointGroups.create
compute.networkEndpointGroups.delete
compute.networkEndpointGroups.use
compute.networks.use
compute.networks.useExternalIp
compute.regionBackendServices.create
compute.regionBackendServices.delete
compute.regionBackendServices.get
compute.regionBackendServices.update
compute.regionBackendServices.use
compute.regionOperations.get
compute.resourcePolicies.use
compute.snapshots.listEffectiveTags
compute.snapshots.useReadOnly
compute.subnetworks.use
compute.subnetworks.useExternalIp
compute.zoneOperations.get
iam.serviceAccounts.actAs
iam.serviceAccounts.getAccessToken
iam.serviceAccounts.getOpenIdToken
iam.serviceAccounts.implicitDelegation
iam.serviceAccounts.signJwt
logging.logEntries.create
monitoring.alertPolicies.get
monitoring.alertPolicies.list
monitoring.alertPolicies.listEffectiveTags
monitoring.alertPolicies.listTagBindings
monitoring.alerts.*
monitoring.alerts.getmonitoring.alerts.list
monitoring.dashboards.get
monitoring.dashboards.list
monitoring.dashboards.listEffectiveTags
monitoring.dashboards.listTagBindings
monitoring.groups.get
monitoring.groups.list
monitoring.metricDescriptors.get
monitoring.metricDescriptors.list
monitoring.monitoredResourceDescriptors.*
monitoring.monitoredResourceDescriptors.getmonitoring.monitoredResourceDescriptors.list
monitoring.notificationChannelDescriptors.*
monitoring.notificationChannelDescriptors.getmonitoring.notificationChannelDescriptors.list
monitoring.notificationChannels.get
monitoring.notificationChannels.list
monitoring.services.get
monitoring.services.list
monitoring.slos.get
monitoring.slos.list
monitoring.snoozes.get
monitoring.snoozes.list
monitoring.timeSeries.list
monitoring.uptimeCheckConfigs.get
monitoring.uptimeCheckConfigs.list
opsconfigmonitoring.resourceMetadata.list
resourcemanager.projects.get
resourcemanager.projects.list
stackdriver.projects.get
stackdriver.resourceMetadata.list
storage.objects.create
storage.objects.get
storage.objects.list
storage.objects.update
Compute Sole Tenant Viewer
(roles/compute.soleTenantViewer)
Permissions to view sole tenancy node groups
compute.nodeGroups.get
compute.nodeGroups.getIamPolicy
compute.nodeGroups.list
compute.nodeTemplates.get
compute.nodeTemplates.getIamPolicy
compute.nodeTemplates.list
compute.nodeTypes.*
compute.nodeTypes.getcompute.nodeTypes.list
Compute Storage Admin
(roles/compute.storageAdmin)
Permissions to create, modify, and delete disks, images, and snapshots.
For example, if your company has someone who manages project images and you don't want them to have the editor role on the project, then grant this role to their account on the project.
Lowest-level resources where you can grant this role:
- Disk
- Image
- Snapshot
backupdr.backupPlanAssociations.createForComputeDisk
backupdr.backupPlanAssociations.deleteForComputeDisk
backupdr.backupPlanAssociations.fetchForComputeDisk
backupdr.backupPlanAssociations.getForComputeDisk
backupdr.backupPlanAssociations.triggerBackupForComputeDisk
backupdr.backupPlanAssociations.updateForComputeDisk
backupdr.backupPlans.useForComputeDisk
cloudkms.keyHandles.*
cloudkms.keyHandles.createcloudkms.keyHandles.getcloudkms.keyHandles.list
cloudkms.operations.get
cloudkms.projects.showEffectiveAutokeyConfig
compute.diskSettings.*
compute.diskSettings.getcompute.diskSettings.update
compute.diskTypes.*
compute.diskTypes.getcompute.diskTypes.list
compute.disks.*
compute.disks.addResourcePoliciescompute.disks.createcompute.disks.createSnapshotcompute.disks.createTagBindingcompute.disks.deletecompute.disks.deleteTagBindingcompute.disks.getcompute.disks.getIamPolicycompute.disks.listcompute.disks.listEffectiveTagscompute.disks.listTagBindingscompute.disks.removeResourcePoliciescompute.disks.resizecompute.disks.setIamPolicycompute.disks.setLabelscompute.disks.startAsyncReplicationcompute.disks.stopAsyncReplicationcompute.disks.stopGroupAsyncReplicationcompute.disks.updatecompute.disks.updateKmsKeycompute.disks.usecompute.disks.useReadOnly
compute.globalOperations.get
compute.globalOperations.list
compute.images.*
compute.images.createcompute.images.createTagBindingcompute.images.deletecompute.images.deleteTagBindingcompute.images.deprecatecompute.images.getcompute.images.getFromFamilycompute.images.getIamPolicycompute.images.listcompute.images.listEffectiveTagscompute.images.listTagBindingscompute.images.setIamPolicycompute.images.setLabelscompute.images.updatecompute.images.useReadOnly
compute.instanceSettings.get
compute.instantSnapshotGroups.*
compute.instantSnapshotGroups.createcompute.instantSnapshotGroups.deletecompute.instantSnapshotGroups.getcompute.instantSnapshotGroups.getIamPolicycompute.instantSnapshotGroups.listcompute.instantSnapshotGroups.setIamPolicycompute.instantSnapshotGroups.useReadOnly
compute.instantSnapshots.*
compute.instantSnapshots.createcompute.instantSnapshots.createTagBindingcompute.instantSnapshots.deletecompute.instantSnapshots.deleteTagBindingcompute.instantSnapshots.exportcompute.instantSnapshots.getcompute.instantSnapshots.getIamPolicycompute.instantSnapshots.listcompute.instantSnapshots.listEffectiveTagscompute.instantSnapshots.listTagBindingscompute.instantSnapshots.setIamPolicycompute.instantSnapshots.setLabelscompute.instantSnapshots.useReadOnly
compute.licenseCodes.*
compute.licenseCodes.getcompute.licenseCodes.getIamPolicycompute.licenseCodes.listcompute.licenseCodes.setIamPolicy
compute.licenses.*
compute.licenses.createcompute.licenses.createTagBindingcompute.licenses.deletecompute.licenses.deleteTagBindingcompute.licenses.getcompute.licenses.getIamPolicycompute.licenses.listcompute.licenses.listEffectiveTagscompute.licenses.listTagBindingscompute.licenses.setIamPolicycompute.licenses.update
compute.projects.get
compute.regionOperations.get
compute.regionOperations.list
compute.regions.*
compute.regions.getcompute.regions.list
compute.resourcePolicies.*
compute.resourcePolicies.createcompute.resourcePolicies.deletecompute.resourcePolicies.getcompute.resourcePolicies.getIamPolicycompute.resourcePolicies.listcompute.resourcePolicies.setIamPolicycompute.resourcePolicies.updatecompute.resourcePolicies.usecompute.resourcePolicies.useReadOnly
compute.snapshotGroups.*
compute.snapshotGroups.createcompute.snapshotGroups.deletecompute.snapshotGroups.getcompute.snapshotGroups.getIamPolicycompute.snapshotGroups.listcompute.snapshotGroups.setIamPolicycompute.snapshotGroups.useReadOnly
compute.snapshots.*
compute.snapshots.createcompute.snapshots.createTagBindingcompute.snapshots.deletecompute.snapshots.deleteTagBindingcompute.snapshots.getcompute.snapshots.getIamPolicycompute.snapshots.listcompute.snapshots.listEffectiveTagscompute.snapshots.listTagBindingscompute.snapshots.setIamPolicycompute.snapshots.setLabelscompute.snapshots.updateKmsKeycompute.snapshots.useReadOnly
compute.storagePools.*
compute.storagePools.createcompute.storagePools.createTagBindingcompute.storagePools.deletecompute.storagePools.deleteTagBindingcompute.storagePools.getcompute.storagePools.getIamPolicycompute.storagePools.listcompute.storagePools.listEffectiveTagscompute.storagePools.listTagBindingscompute.storagePools.setIamPolicycompute.storagePools.updatecompute.storagePools.use
compute.zoneOperations.get
compute.zoneOperations.list
compute.zones.*
compute.zones.getcompute.zones.list
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.consumerpolicy.analyze
serviceusage.consumerpolicy.get
serviceusage.effectivepolicy.get
serviceusage.groups.*
serviceusage.groups.listserviceusage.groups.listExpandedMembersserviceusage.groups.listMembers
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
serviceusage.values.test
Compute Viewer
(roles/compute.viewer)
Read-only access to get and list Compute Engine resources, without being able to read the data stored on them.
For example, an account with this role could inventory all of the disks in a project, but it could not read any of the data on those disks.
Lowest-level resources where you can grant this role:
- Disk
- Image
- Instance
- Instance template
- Node group
- Node template
- Snapshot
compute.acceleratorTypes.*
compute.acceleratorTypes.getcompute.acceleratorTypes.list
compute.addresses.get
compute.addresses.list
compute.addresses.listEffectiveTags
compute.addresses.listTagBindings
compute.autoscalers.get
compute.autoscalers.list
compute.backendBuckets.get
compute.backendBuckets.getIamPolicy
compute.backendBuckets.list
compute.backendBuckets.listEffectiveTags
compute.backendBuckets.listTagBindings
compute.backendServices.get
compute.backendServices.getIamPolicy
compute.backendServices.list
compute.backendServices.listEffectiveTags
compute.backendServices.listTagBindings
compute.commitments.get
compute.commitments.list
compute.commitments.listEffectiveTags
compute.commitments.listTagBindings
compute.crossSiteNetworks.get
compute.crossSiteNetworks.list
compute.diskSettings.get
compute.diskTypes.*
compute.diskTypes.getcompute.diskTypes.list
compute.disks.get
compute.disks.getIamPolicy
compute.disks.list
compute.disks.listEffectiveTags
compute.disks.listTagBindings
compute.externalVpnGateways.get
compute.externalVpnGateways.list
compute.externalVpnGateways.listEffectiveTags
compute.externalVpnGateways.listTagBindings
compute.firewallPolicies.get
compute.firewallPolicies.getIamPolicy
compute.firewallPolicies.list
compute.firewallPolicies.listEffectiveTags
compute.firewallPolicies.listTagBindings
compute.firewalls.get
compute.firewalls.list
compute.firewalls.listEffectiveTags
compute.firewalls.listTagBindings
compute.forwardingRules.get
compute.forwardingRules.list
compute.forwardingRules.listEffectiveTags
compute.forwardingRules.listTagBindings
compute.futureReservations.get
compute.futureReservations.getIamPolicy
compute.futureReservations.list
compute.futureReservations.listEffectiveTags
compute.futureReservations.listTagBindings
compute.globalAddresses.get
compute.globalAddresses.list
compute.globalAddresses.listEffectiveTags
compute.globalAddresses.listTagBindings
compute.globalForwardingRules.get
compute.globalForwardingRules.list
compute.globalForwardingRules.listEffectiveTags
compute.globalForwardingRules.listTagBindings
compute.globalNetworkEndpointGroups.get
compute.globalNetworkEndpointGroups.list
compute.globalNetworkEndpointGroups.listEffectiveTags
compute.globalNetworkEndpointGroups.listTagBindings
compute.globalOperations.get
compute.globalOperations.getIamPolicy
compute.globalOperations.list
compute.globalPublicDelegatedPrefixes.get
compute.globalPublicDelegatedPrefixes.list
compute.healthChecks.get
compute.healthChecks.list
compute.healthChecks.listEffectiveTags
compute.healthChecks.listTagBindings
compute.httpHealthChecks.get
compute.httpHealthChecks.list
compute.httpHealthChecks.listEffectiveTags
compute.httpHealthChecks.listTagBindings
compute.httpsHealthChecks.get
compute.httpsHealthChecks.list
compute.httpsHealthChecks.listEffectiveTags
compute.httpsHealthChecks.listTagBindings
compute.images.get
compute.images.getFromFamily
compute.images.getIamPolicy
compute.images.list
compute.images.listEffectiveTags
compute.images.listTagBindings
compute.instanceGroupManagers.get
compute.instanceGroupManagers.list
compute.instanceGroupManagers.listEffectiveTags
compute.instanceGroupManagers.listTagBindings
compute.instanceGroups.get
compute.instanceGroups.list
compute.instanceGroups.listEffectiveTags
compute.instanceGroups.listTagBindings
compute.instanceSettings.get
compute.instanceTemplates.get
compute.instanceTemplates.getIamPolicy
compute.instanceTemplates.list
compute.instances.get
compute.instances.getEffectiveFirewalls
compute.instances.getGuestAttributes
compute.instances.getIamPolicy
compute.instances.getScreenshot
compute.instances.getSerialPortOutput
compute.instances.getShieldedInstanceIdentity
compute.instances.getShieldedVmIdentity
compute.instances.list
compute.instances.listEffectiveTags
compute.instances.listReferrers
compute.instances.listTagBindings
compute.instantSnapshotGroups.get
compute.instantSnapshotGroups.getIamPolicy
compute.instantSnapshotGroups.list
compute.instantSnapshots.get
compute.instantSnapshots.getIamPolicy
compute.instantSnapshots.list
compute.instantSnapshots.listEffectiveTags
compute.instantSnapshots.listTagBindings
compute.interconnectAttachmentGroups.get
compute.interconnectAttachmentGroups.list
compute.interconnectAttachments.get
compute.interconnectAttachments.list
compute.interconnectAttachments.listEffectiveTags
compute.interconnectAttachments.listTagBindings
compute.interconnectGroups.get
compute.interconnectGroups.list
compute.interconnectLocations.*
compute.interconnectLocations.getcompute.interconnectLocations.list
compute.interconnectRemoteLocations.*
compute.interconnectRemoteLocations.getcompute.interconnectRemoteLocations.list
compute.interconnects.get
compute.interconnects.list
compute.interconnects.listEffectiveTags
compute.interconnects.listTagBindings
compute.licenseCodes.get
compute.licenseCodes.getIamPolicy
compute.licenseCodes.list
compute.licenses.get
compute.licenses.getIamPolicy
compute.licenses.list
compute.licenses.listEffectiveTags
compute.licenses.listTagBindings
compute.machineImages.get
compute.machineImages.getIamPolicy
compute.machineImages.list
compute.machineImages.listEffectiveTags
compute.machineImages.listTagBindings
compute.machineTypes.*
compute.machineTypes.getcompute.machineTypes.list
compute.multiMig.get
compute.multiMig.list
compute.multiMigMembers.*
compute.multiMigMembers.getcompute.multiMigMembers.list
compute.networkAttachments.get
compute.networkAttachments.getIamPolicy
compute.networkAttachments.list
compute.networkAttachments.listEffectiveTags
compute.networkAttachments.listTagBindings
compute.networkEdgeSecurityServices.get
compute.networkEdgeSecurityServices.list
compute.networkEdgeSecurityServices.listEffectiveTags
compute.networkEdgeSecurityServices.listTagBindings
compute.networkEndpointGroups.get
compute.networkEndpointGroups.list
compute.networkEndpointGroups.listEffectiveTags
compute.networkEndpointGroups.listTagBindings
compute.networkProfiles.*
compute.networkProfiles.getcompute.networkProfiles.list
compute.networks.get
compute.networks.getEffectiveFirewalls
compute.networks.getRegionEffectiveFirewalls
compute.networks.list
compute.networks.listEffectiveTags
compute.networks.listPeeringRoutes
compute.networks.listTagBindings
compute.nodeGroups.get
compute.nodeGroups.getIamPolicy
compute.nodeGroups.list
compute.nodeTemplates.get
compute.nodeTemplates.getIamPolicy
compute.nodeTemplates.list
compute.nodeTypes.*
compute.nodeTypes.getcompute.nodeTypes.list
compute.organizations.listAssociations
compute.packetMirrorings.get
compute.packetMirrorings.list
compute.packetMirrorings.listEffectiveTags
compute.packetMirrorings.listTagBindings
compute.previewFeatures.get
compute.previewFeatures.list
compute.projects.get
compute.publicAdvertisedPrefixes.get
compute.publicAdvertisedPrefixes.list
compute.publicDelegatedPrefixes.get
compute.publicDelegatedPrefixes.list
compute.publicDelegatedPrefixes.listEffectiveTags
compute.publicDelegatedPrefixes.listTagBindings
compute.regionBackendBuckets.get
compute.regionBackendBuckets.getIamPolicy
compute.regionBackendBuckets.list
compute.regionBackendBuckets.listEffectiveTags
compute.regionBackendBuckets.listTagBindings
compute.regionBackendServices.get
compute.regionBackendServices.getIamPolicy
compute.regionBackendServices.list
compute.regionBackendServices.listEffectiveTags
compute.regionBackendServices.listTagBindings
compute.regionCompositeHealthChecks.get
compute.regionCompositeHealthChecks.list
compute.regionFirewallPolicies.get
compute.regionFirewallPolicies.getIamPolicy
compute.regionFirewallPolicies.list
compute.regionFirewallPolicies.listEffectiveTags
compute.regionFirewallPolicies.listTagBindings
compute.regionHealthAggregationPolicies.get
compute.regionHealthAggregationPolicies.list
compute.regionHealthCheckServices.get
compute.regionHealthCheckServices.list
compute.regionHealthChecks.get
compute.regionHealthChecks.list
compute.regionHealthChecks.listEffectiveTags
compute.regionHealthChecks.listTagBindings
compute.regionHealthSources.get
compute.regionHealthSources.list
compute.regionNetworkEndpointGroups.get
compute.regionNetworkEndpointGroups.list
compute.regionNetworkEndpointGroups.listEffectiveTags
compute.regionNetworkEndpointGroups.listTagBindings
compute.regionNetworkPolicies.get
compute.regionNetworkPolicies.list
compute.regionNotificationEndpoints.get
compute.regionNotificationEndpoints.list
compute.regionOperations.get
compute.regionOperations.getIamPolicy
compute.regionOperations.list
compute.regionSecurityPolicies.get
compute.regionSecurityPolicies.list
compute.regionSecurityPolicies.listEffectiveTags
compute.regionSecurityPolicies.listTagBindings
compute.regionSslCertificates.get
compute.regionSslCertificates.list
compute.regionSslCertificates.listEffectiveTags
compute.regionSslCertificates.listTagBindings
compute.regionSslPolicies.get
compute.regionSslPolicies.list
compute.regionSslPolicies.listAvailableFeatures
compute.regionSslPolicies.listEffectiveTags
compute.regionSslPolicies.listTagBindings
compute.regionTargetHttpProxies.get
compute.regionTargetHttpProxies.list
compute.regionTargetHttpProxies.listEffectiveTags
compute.regionTargetHttpProxies.listTagBindings
compute.regionTargetHttpsProxies.get
compute.regionTargetHttpsProxies.list
compute.regionTargetHttpsProxies.listEffectiveTags
compute.regionTargetHttpsProxies.listTagBindings
compute.regionTargetTcpProxies.get
compute.regionTargetTcpProxies.list
compute.regionTargetTcpProxies.listEffectiveTags
compute.regionTargetTcpProxies.listTagBindings
compute.regionUrlMaps.get
compute.regionUrlMaps.list
compute.regionUrlMaps.listEffectiveTags
compute.regionUrlMaps.listTagBindings
compute.regionUrlMaps.validate
compute.regions.*
compute.regions.getcompute.regions.list
compute.reservationBlocks.get
compute.reservationBlocks.list
compute.reservationSlots.get
compute.reservationSlots.list
compute.reservationSubBlocks.get
compute.reservationSubBlocks.list
compute.reservations.get
compute.reservations.list
compute.reservations.listEffectiveTags
compute.reservations.listTagBindings
compute.resourcePolicies.get
compute.resourcePolicies.getIamPolicy
compute.resourcePolicies.list
compute.rolloutPlans.get
compute.rolloutPlans.list
compute.rollouts.get
compute.rollouts.list
compute.routers.get
compute.routers.getRoutePolicy
compute.routers.list
compute.routers.listBgpRoutes
compute.routers.listEffectiveTags
compute.routers.listRoutePolicies
compute.routers.listTagBindings
compute.routes.get
compute.routes.list
compute.routes.listEffectiveTags
compute.routes.listTagBindings
compute.securityPolicies.get
compute.securityPolicies.list
compute.securityPolicies.listEffectiveTags
compute.securityPolicies.listTagBindings
compute.serviceAttachments.get
compute.serviceAttachments.getIamPolicy
compute.serviceAttachments.list
compute.serviceAttachments.listEffectiveTags
compute.serviceAttachments.listTagBindings
compute.snapshotGroups.get
compute.snapshotGroups.getIamPolicy
compute.snapshotGroups.list
compute.snapshotSettings.get
compute.snapshots.get
compute.snapshots.getIamPolicy
compute.snapshots.list
compute.snapshots.listEffectiveTags
compute.snapshots.listTagBindings
compute.spotAssistants.get
compute.sslCertificates.get
compute.sslCertificates.list
compute.sslCertificates.listEffectiveTags
compute.sslCertificates.listTagBindings
compute.sslPolicies.get
compute.sslPolicies.list
compute.sslPolicies.listAvailableFeatures
compute.sslPolicies.listEffectiveTags
compute.sslPolicies.listTagBindings
compute.storagePools.get
compute.storagePools.getIamPolicy
compute.storagePools.list
compute.storagePools.listEffectiveTags
compute.storagePools.listTagBindings
compute.subnetworks.get
compute.subnetworks.getIamPolicy
compute.subnetworks.list
compute.subnetworks.listEffectiveTags
compute.subnetworks.listTagBindings
compute.targetGrpcProxies.get
compute.targetGrpcProxies.list
compute.targetGrpcProxies.listEffectiveTags
compute.targetGrpcProxies.listTagBindings
compute.targetHttpProxies.get
compute.targetHttpProxies.list
compute.targetHttpProxies.listEffectiveTags
compute.targetHttpProxies.listTagBindings
compute.targetHttpsProxies.get
compute.targetHttpsProxies.list
compute.targetHttpsProxies.listEffectiveTags
compute.targetHttpsProxies.listTagBindings
compute.targetInstances.get
compute.targetInstances.list
compute.targetInstances.listEffectiveTags
compute.targetInstances.listTagBindings
compute.targetPools.get
compute.targetPools.list
compute.targetPools.listEffectiveTags
compute.targetPools.listTagBindings
compute.targetSslProxies.get
compute.targetSslProxies.list
compute.targetSslProxies.listEffectiveTags
compute.targetSslProxies.listTagBindings
compute.targetTcpProxies.get
compute.targetTcpProxies.list
compute.targetTcpProxies.listEffectiveTags
compute.targetTcpProxies.listTagBindings
compute.targetVpnGateways.get
compute.targetVpnGateways.list
compute.targetVpnGateways.listEffectiveTags
compute.targetVpnGateways.listTagBindings
compute.urlMaps.get
compute.urlMaps.list
compute.urlMaps.listEffectiveTags
compute.urlMaps.listTagBindings
compute.urlMaps.validate
compute.vmExtensionPolicies.get
compute.vmExtensionPolicies.list
compute.vpnGateways.get
compute.vpnGateways.list
compute.vpnGateways.listEffectiveTags
compute.vpnGateways.listTagBindings
compute.vpnTunnels.get
compute.vpnTunnels.list
compute.vpnTunnels.listEffectiveTags
compute.vpnTunnels.listTagBindings
compute.wireGroups.get
compute.wireGroups.list
compute.zoneOperations.get
compute.zoneOperations.getIamPolicy
compute.zoneOperations.list
compute.zones.*
compute.zones.getcompute.zones.list
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.consumerpolicy.analyze
serviceusage.consumerpolicy.get
serviceusage.effectivepolicy.get
serviceusage.groups.*
serviceusage.groups.listserviceusage.groups.listExpandedMembersserviceusage.groups.listMembers
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
serviceusage.values.test
Compute VM extension policy adminBeta
(roles/compute.vmExtensionPolicyAdmin)
Administer zone/global VM extension policies.
compute.instances.get
compute.instances.list
compute.instances.setLabels
compute.instances.setTags
compute.rolloutPlans.*
compute.rolloutPlans.createcompute.rolloutPlans.deletecompute.rolloutPlans.getcompute.rolloutPlans.list
compute.rollouts.*
compute.rollouts.cancelcompute.rollouts.deletecompute.rollouts.getcompute.rollouts.list
compute.vmExtensionPolicies.*
compute.vmExtensionPolicies.createcompute.vmExtensionPolicies.deletecompute.vmExtensionPolicies.getcompute.vmExtensionPolicies.listcompute.vmExtensionPolicies.update
resourcemanager.projects.get
resourcemanager.projects.list
Compute VM extension policy viewerBeta
(roles/compute.vmExtensionPolicyViewer)
View zone/global VM extension policies.
compute.instances.get
compute.instances.list
compute.rolloutPlans.get
compute.rolloutPlans.list
compute.rollouts.get
compute.rollouts.list
compute.vmExtensionPolicies.get
compute.vmExtensionPolicies.list
resourcemanager.projects.get
resourcemanager.projects.list
Compute Shared VPC Admin
(roles/compute.xpnAdmin)
Permissions to administer shared VPC host projects, specifically enabling the host projects and associating shared VPC service projects to the host project's network.
At the organization level, this role can only be granted by an organization admin.
Google Cloud recommends that the Shared VPC Admin be the owner of the shared VPC host project. The Shared VPC Admin is responsible for granting the Compute Network User role (roles/compute.networkUser) to service owners, and the shared VPC host project owner controls the project itself. Managing the project is easier if a single principal (individual or group) can fulfill both roles.
Lowest-level resources where you can grant this role:
- Folder
compute.globalOperations.get
compute.globalOperations.list
compute.organizations.disableXpnHost
compute.organizations.disableXpnResource
compute.organizations.enableXpnHost
compute.organizations.enableXpnResource
compute.projects.get
compute.subnetworks.getIamPolicy
compute.subnetworks.setIamPolicy
resourcemanager.organizations.get
resourcemanager.projects.get
resourcemanager.projects.getIamPolicy
resourcemanager.projects.list