Console
    Contact Us Start free

    Service Management roles and permissions

    This page lists the IAM roles and permissions for Service Management. To search through all roles and permissions, see the role and permission index .

    Service Management roles

    Role
    Permissions

    ( roles/ servicemanagement.admin )

    Full control of Google Service Management resources.

    monitoring.timeSeries.list

    resourcemanager.folders.get

    resourcemanager.folders.list

    resourcemanager. organizations. get

    resourcemanager.projects.get

    resourcemanager.projects.list

    serviceconsumermanagement.*

    • serviceconsumermanagement. consumers. get
    • serviceconsumermanagement. quota. get
    • serviceconsumermanagement. quota. update
    • serviceconsumermanagement. tenancyu. addResource
    • serviceconsumermanagement. tenancyu. create
    • serviceconsumermanagement. tenancyu. delete
    • serviceconsumermanagement. tenancyu. list
    • serviceconsumermanagement. tenancyu. removeResource

    servicemanagement.*

    • servicemanagement. services. bind
    • servicemanagement. services. check
    • servicemanagement. services. create
    • servicemanagement. services. delete
    • servicemanagement.services.get
    • servicemanagement. services. getIamPolicy
    • servicemanagement. services. list
    • servicemanagement. services. quota
    • servicemanagement. services. report
    • servicemanagement. services. setIamPolicy
    • servicemanagement. services. update

    serviceusage. consumerpolicy. analyze

    serviceusage. consumerpolicy. get

    serviceusage. effectivepolicy. get

    serviceusage.groups.*

    • serviceusage.groups.list
    • serviceusage. groups. listExpandedMembers
    • serviceusage. groups. listMembers

    serviceusage.quotas.get

    serviceusage.services.get

    serviceusage.values.test

    ( roles/ servicemanagement.checker )

    Can check admission of a service during runtime.

    servicemanagement. services. check

    ( roles/ servicemanagement.configEditor )

    Access to update the service config and create rollouts.

    servicemanagement.services.get

    servicemanagement. services. update

    ( roles/ servicemanagement.quotaAdmin )

    Provides access to administer service quotas.

    Lowest-level resources where you can grant this role:

    • Project

    cloudquotas.*

    • cloudquotas.quotas.get
    • cloudquotas.quotas.update

    monitoring.alertPolicies.*

    • monitoring. alertPolicies. create
    • monitoring. alertPolicies. createTagBinding
    • monitoring. alertPolicies. delete
    • monitoring. alertPolicies. deleteTagBinding
    • monitoring.alertPolicies.get
    • monitoring.alertPolicies.list
    • monitoring. alertPolicies. listEffectiveTags
    • monitoring. alertPolicies. listTagBindings
    • monitoring. alertPolicies. update

    monitoring.timeSeries.list

    resourcemanager. organizations. get

    resourcemanager.projects.get

    resourcemanager.projects.list

    serviceusage.consumerpolicy.*

    • serviceusage. consumerpolicy. analyze
    • serviceusage. consumerpolicy. get
    • serviceusage. consumerpolicy. update

    serviceusage. effectivepolicy. get

    serviceusage.groups.*

    • serviceusage.groups.list
    • serviceusage. groups. listExpandedMembers
    • serviceusage. groups. listMembers

    serviceusage.quotas.*

    • serviceusage.quotas.get
    • serviceusage.quotas.update

    serviceusage.services.disable

    serviceusage.services.enable

    serviceusage.services.get

    serviceusage.services.list

    serviceusage.values.test

    ( roles/ servicemanagement.quotaViewer )

    Provides access to view service quotas.

    Lowest-level resources where you can grant this role:

    • Project

    cloudquotas.quotas.get

    monitoring.timeSeries.list

    serviceusage. consumerpolicy. analyze

    serviceusage. consumerpolicy. get

    serviceusage. effectivepolicy. get

    serviceusage.groups.*

    • serviceusage.groups.list
    • serviceusage. groups. listExpandedMembers
    • serviceusage. groups. listMembers

    serviceusage.quotas.get

    serviceusage.services.get

    serviceusage.services.list

    serviceusage.values.test

    ( roles/ servicemanagement.reporter )

    Can report usage of a service during runtime.

    servicemanagement. services. report

    ( roles/ servicemanagement.serviceConsumer )

    Can enable the service.

    servicemanagement. services. bind

    ( roles/ servicemanagement.serviceController )

    Can check preconditions and report usage of a service during runtime.

    Lowest-level resources where you can grant this role:

    • Project

    servicemanagement. services. check

    servicemanagement.services.get

    servicemanagement. services. quota

    servicemanagement. services. report

    Service Management permissions

    Permission
    Included in roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Firebase SDK Provisioning Service Agent ( roles/ firebase.sdkProvisioningServiceAgent )

    Service Management Administrator ( roles/ servicemanagement.admin )

    Service Consumer ( roles/ servicemanagement.serviceConsumer )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Service Management Administrator ( roles/ servicemanagement.admin )

    Service Checker ( roles/ servicemanagement.checker )

    Service Controller ( roles/ servicemanagement.serviceController )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Service Management Administrator ( roles/ servicemanagement.admin )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Service Management Administrator ( roles/ servicemanagement.admin )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    ApiGateway Admin ( roles/ apigateway.admin )

    ApiGateway Viewer ( roles/ apigateway.viewer )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Service Management Administrator ( roles/ servicemanagement.admin )

    Service Config Editor ( roles/ servicemanagement.configEditor )

    Service Controller ( roles/ servicemanagement.serviceController )

    Service agent roles

    Owner ( roles/ owner )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Service Management Administrator ( roles/ servicemanagement.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Service Management Administrator ( roles/ servicemanagement.admin )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Service Management Administrator ( roles/ servicemanagement.admin )

    Service Controller ( roles/ servicemanagement.serviceController )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Service Management Administrator ( roles/ servicemanagement.admin )

    Service Reporter ( roles/ servicemanagement.reporter )

    Service Controller ( roles/ servicemanagement.serviceController )

    Service agent roles

    Owner ( roles/ owner )

    Security Admin ( roles/ iam.securityAdmin )

    Service Management Administrator ( roles/ servicemanagement.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Service Management Administrator ( roles/ servicemanagement.admin )

    Service Config Editor ( roles/ servicemanagement.configEditor )

    Service agent roles

    Create a Mobile Website
    View Site in Mobile | Classic
    Share by: