AlloyDB for PostgreSQL roles and permissions

This page lists the IAM roles and permissions for AlloyDB for PostgreSQL. To search through all roles and permissions, see the role and permission index .

AlloyDB for PostgreSQL roles

Role

Permissions

AlloyDB Admin

( roles/ alloydb.admin )

Full access to AlloyDB all resources.

alloydb.*

alloydb.backups.create
alloydb. backups. createTagBinding
alloydb.backups.delete
alloydb. backups. deleteTagBinding
alloydb.backups.get
alloydb.backups.list
alloydb. backups. listEffectiveTags
alloydb. backups. listTagBindings
alloydb.backups.update
alloydb.clusters.create
alloydb. clusters. createTagBinding
alloydb.clusters.delete
alloydb. clusters. deleteTagBinding
alloydb.clusters.export
alloydb. clusters. generateClientCertificate
alloydb.clusters.get
alloydb.clusters.import
alloydb.clusters.list
alloydb. clusters. listEffectiveTags
alloydb. clusters. listTagBindings
alloydb.clusters.promote
alloydb.clusters.switchover
alloydb.clusters.update
alloydb.clusters.upgrade
alloydb.databases.create
alloydb.databases.get
alloydb.databases.list
alloydb.instances.connect
alloydb.instances.create
alloydb.instances.delete
alloydb.instances.executeSql
alloydb. instances. executeSqlReadOnly
alloydb.instances.failover
alloydb.instances.get
alloydb.instances.injectFault
alloydb.instances.list
alloydb.instances.restart
alloydb.instances.update
alloydb.locations.get
alloydb.locations.list
alloydb.operations.cancel
alloydb.operations.delete
alloydb.operations.get
alloydb.operations.list
alloydb. supportedDatabaseFlags. get
alloydb. supportedDatabaseFlags. list
alloydb.users.create
alloydb.users.delete
alloydb.users.get
alloydb.users.list
alloydb.users.login
alloydb.users.update

backupdr. backupPlanAssociations. createForAlloydbCluster

backupdr. backupPlanAssociations. deleteForAlloydbCluster

backupdr. backupPlanAssociations. fetchForAlloydbCluster

backupdr. backupPlanAssociations. getForAlloydbCluster

backupdr. backupPlanAssociations. triggerBackupForAlloydbCluster

backupdr. backupPlanAssociations. updateForAlloydbCluster

backupdr.backupPlans.get

backupdr.backupPlans.list

backupdr. backupPlans. useForAlloydbCluster

backupdr.backupVaults.get

backupdr.backupVaults.list

backupdr. bvbackups. useReadOnlyForAlloydbCluster

backupdr. bvdataSources. useReadOnlyForAlloydbCluster

backupdr. dataSourceReferences. fetchForAlloydbCluster

backupdr. dataSourceReferences. getForAlloydbCluster

backupdr.locations.list

backupdr.operations.get

backupdr. serviceConfig. initialize

cloudaicompanion. entitlements. get

cloudkms.keyHandles.*

cloudkms.keyHandles.create
cloudkms.keyHandles.get
cloudkms.keyHandles.list

cloudkms.operations.get

cloudkms. projects. showEffectiveAutokeyConfig

databasesconsole.locations.*

databasesconsole.locations.get
databasesconsole. locations. list

databasesconsole. studioQueries.*

databasesconsole. studioQueries. create
databasesconsole. studioQueries. delete
databasesconsole. studioQueries. get
databasesconsole. studioQueries. list
databasesconsole. studioQueries. search
databasesconsole. studioQueries. update

recommender. alloydbClusterPerformanceInsights.*

recommender. alloydbClusterPerformanceInsights. get
recommender. alloydbClusterPerformanceInsights. list
recommender. alloydbClusterPerformanceInsights. update

recommender. alloydbClusterPerformanceRecommendations.*

recommender. alloydbClusterPerformanceRecommendations. get
recommender. alloydbClusterPerformanceRecommendations. list
recommender. alloydbClusterPerformanceRecommendations. update

recommender. alloydbClusterReliabilityInsights.*

recommender. alloydbClusterReliabilityInsights. get
recommender. alloydbClusterReliabilityInsights. list
recommender. alloydbClusterReliabilityInsights. update

recommender. alloydbClusterReliabilityRecommendations.*

recommender. alloydbClusterReliabilityRecommendations. get
recommender. alloydbClusterReliabilityRecommendations. list
recommender. alloydbClusterReliabilityRecommendations. update

recommender. alloydbInstanceSecurityInsights.*

recommender. alloydbInstanceSecurityInsights. get
recommender. alloydbInstanceSecurityInsights. list
recommender. alloydbInstanceSecurityInsights. update

recommender. alloydbInstanceSecurityRecommendations.*

recommender. alloydbInstanceSecurityRecommendations. get
recommender. alloydbInstanceSecurityRecommendations. list
recommender. alloydbInstanceSecurityRecommendations. update

resourcemanager.projects.get

resourcemanager.projects.list

AlloyDB Editor

( roles/ alloydb.editor )

Editor role for AlloyDB

alloydb.backups.create

alloydb.backups.delete

alloydb.backups.get

alloydb.backups.list

alloydb. backups. listEffectiveTags

alloydb. backups. listTagBindings

alloydb.backups.update

alloydb.clusters.create

alloydb.clusters.delete

alloydb.clusters.export

alloydb. clusters. generateClientCertificate

alloydb.clusters.get

alloydb.clusters.import

alloydb.clusters.list

alloydb. clusters. listEffectiveTags

alloydb. clusters. listTagBindings

alloydb.clusters.promote

alloydb.clusters.switchover

alloydb.clusters.update

alloydb.clusters.upgrade

alloydb.databases.*

alloydb.databases.create
alloydb.databases.get
alloydb.databases.list

alloydb.instances.*

alloydb.instances.connect
alloydb.instances.create
alloydb.instances.delete
alloydb.instances.executeSql
alloydb. instances. executeSqlReadOnly
alloydb.instances.failover
alloydb.instances.get
alloydb.instances.injectFault
alloydb.instances.list
alloydb.instances.restart
alloydb.instances.update

alloydb.locations.*

alloydb.locations.get
alloydb.locations.list

alloydb.operations.*

alloydb.operations.cancel
alloydb.operations.delete
alloydb.operations.get
alloydb.operations.list

alloydb. supportedDatabaseFlags.*

alloydb. supportedDatabaseFlags. get
alloydb. supportedDatabaseFlags. list

alloydb.users.*

alloydb.users.create
alloydb.users.delete
alloydb.users.get
alloydb.users.list
alloydb.users.login
alloydb.users.update

cloudaicompanion. entitlements. get

recommender. alloydbClusterPerformanceInsights. get

recommender. alloydbClusterPerformanceInsights. list

recommender. alloydbClusterPerformanceRecommendations. get

recommender. alloydbClusterPerformanceRecommendations. list

recommender. alloydbClusterReliabilityInsights. get

recommender. alloydbClusterReliabilityInsights. list

recommender. alloydbClusterReliabilityRecommendations. get

recommender. alloydbClusterReliabilityRecommendations. list

resourcemanager.projects.get

resourcemanager.projects.list

AlloyDB Viewer

( roles/ alloydb.viewer )

Read-only access to AlloyDB all resources.

alloydb.backups.get

alloydb.backups.list

alloydb. backups. listEffectiveTags

alloydb. backups. listTagBindings

alloydb.clusters.export

alloydb.clusters.get

alloydb.clusters.list

alloydb. clusters. listEffectiveTags

alloydb. clusters. listTagBindings

alloydb.databases.get

alloydb.databases.list

alloydb. instances. executeSqlReadOnly

alloydb.instances.get

alloydb.instances.list

alloydb.locations.*

alloydb.locations.get
alloydb.locations.list

alloydb.operations.get

alloydb.operations.list

alloydb. supportedDatabaseFlags.*

alloydb. supportedDatabaseFlags. get
alloydb. supportedDatabaseFlags. list

alloydb.users.get

alloydb.users.list

cloudaicompanion. entitlements. get

recommender. alloydbClusterPerformanceInsights. get

recommender. alloydbClusterPerformanceInsights. list

recommender. alloydbClusterPerformanceRecommendations. get

recommender. alloydbClusterPerformanceRecommendations. list

recommender. alloydbClusterReliabilityInsights. get

recommender. alloydbClusterReliabilityInsights. list

recommender. alloydbClusterReliabilityRecommendations. get

recommender. alloydbClusterReliabilityRecommendations. list

resourcemanager.projects.get

resourcemanager.projects.list

AlloyDB Admin for BackupDR

( roles/ alloydb.backupDrAdmin )

Full access to AlloyDB all clusters resources for BackupDR

alloydb.clusters.create

alloydb.clusters.get

alloydb.clusters.list

alloydb.instances.create

alloydb.instances.get

alloydb.instances.list

alloydb.operations.get

backupdr. backupPlanAssociations. createForAlloydbCluster

backupdr. backupPlanAssociations. deleteForAlloydbCluster

backupdr. backupPlanAssociations. fetchForAlloydbCluster

backupdr. backupPlanAssociations. getForAlloydbCluster

backupdr. backupPlanAssociations. triggerBackupForAlloydbCluster

backupdr. backupPlanAssociations. updateForAlloydbCluster

backupdr.backupPlans.get

backupdr.backupPlans.list

backupdr. backupPlans. useForAlloydbCluster

backupdr.backupVaults.get

backupdr.backupVaults.list

backupdr. bvbackups. useReadOnlyForAlloydbCluster

backupdr. bvdataSources. useReadOnlyForAlloydbCluster

backupdr. dataSourceReferences. fetchForAlloydbCluster

backupdr. dataSourceReferences. getForAlloydbCluster

backupdr.locations.list

backupdr.operations.get

backupdr. serviceConfig. initialize

AlloyDB Client

( roles/ alloydb.client )

Connectivity access to AlloyDB instances.

alloydb. clusters. generateClientCertificate

alloydb.clusters.get

alloydb.instances.connect

alloydb.instances.get

monitoring.timeSeries.create

resourcemanager.projects.get

resourcemanager.projects.list

AlloyDB Database User

( roles/ alloydb.databaseUser )

Role allowing access to login as a database user.

alloydb.clusters.get

alloydb.instances.executeSql

alloydb. instances. executeSqlReadOnly

alloydb.instances.get

alloydb.users.login

databasesconsole.locations.*

databasesconsole.locations.get
databasesconsole. locations. list

databasesconsole. studioQueries. search

resourcemanager.projects.get

resourcemanager.projects.list

Service agent roles

Service agent roles should only be granted to service agents .

Role Permissions

Role	Permissions
AlloyDB Service Agent ( `roles/ alloydb.serviceAgent` ) Gives the AlloyDB service account permission to manage customer resources Warning:Do not grant service agent roles to any principals except service agents .	`alloydb.clusters.list`

AlloyDB Service Agent

( roles/ alloydb.serviceAgent )

Gives the AlloyDB service account permission to manage customer resources

alloydb.clusters.list

AlloyDB for PostgreSQL permissions

Permission

Included in roles

`alloydb.backups.create`

Owner ( roles/ owner )

Editor ( roles/ editor )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

Databases Admin ( roles/ iam.databasesAdmin )

`alloydb. backups. createTagBinding`

Owner ( roles/ owner )

AlloyDB Admin ( roles/ alloydb.admin )

Tag User ( roles/ resourcemanager.tagUser )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Databases Admin ( roles/ iam.databasesAdmin )

`alloydb.backups.delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

Databases Admin ( roles/ iam.databasesAdmin )

`alloydb. backups. deleteTagBinding`

Owner ( roles/ owner )

AlloyDB Admin ( roles/ alloydb.admin )

Tag User ( roles/ resourcemanager.tagUser )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Databases Admin ( roles/ iam.databasesAdmin )

`alloydb.backups.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

AlloyDB Viewer ( roles/ alloydb.viewer )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Support User ( roles/ iam.supportUser )

`alloydb.backups.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

AlloyDB Viewer ( roles/ alloydb.viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Reviewer ( roles/ iam.securityReviewer )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

`alloydb. backups. listEffectiveTags`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

AlloyDB Viewer ( roles/ alloydb.viewer )

Tag User ( roles/ resourcemanager.tagUser )

Tag Viewer ( roles/ resourcemanager.tagViewer )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

`alloydb. backups. listTagBindings`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

AlloyDB Viewer ( roles/ alloydb.viewer )

Tag User ( roles/ resourcemanager.tagUser )

Tag Viewer ( roles/ resourcemanager.tagViewer )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

`alloydb.backups.update`

Owner ( roles/ owner )

Editor ( roles/ editor )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

Databases Admin ( roles/ iam.databasesAdmin )

`alloydb.clusters.create`

Owner ( roles/ owner )

Editor ( roles/ editor )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

AlloyDB Admin for BackupDR ( roles/ alloydb.backupDrAdmin )

Databases Admin ( roles/ iam.databasesAdmin )

Service agent roles

Database Migration Service Agent ( roles/ datamigration.serviceAgent )

`alloydb. clusters. createTagBinding`

Owner ( roles/ owner )

AlloyDB Admin ( roles/ alloydb.admin )

Tag User ( roles/ resourcemanager.tagUser )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Databases Admin ( roles/ iam.databasesAdmin )

`alloydb.clusters.delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

Databases Admin ( roles/ iam.databasesAdmin )

Service agent roles

Database Migration Service Agent ( roles/ datamigration.serviceAgent )

`alloydb. clusters. deleteTagBinding`

Owner ( roles/ owner )

AlloyDB Admin ( roles/ alloydb.admin )

Tag User ( roles/ resourcemanager.tagUser )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Databases Admin ( roles/ iam.databasesAdmin )

`alloydb.clusters.export`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

AlloyDB Viewer ( roles/ alloydb.viewer )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Support User ( roles/ iam.supportUser )

Service agent roles

Discovery Engine Service Agent ( roles/ discoveryengine.serviceAgent )

`alloydb. clusters. generateClientCertificate`

Owner ( roles/ owner )

Editor ( roles/ editor )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

AlloyDB Client ( roles/ alloydb.client )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Databases Admin ( roles/ iam.databasesAdmin )

Service agent roles

Database Migration Service Agent ( roles/ datamigration.serviceAgent )

`alloydb.clusters.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

AlloyDB Viewer ( roles/ alloydb.viewer )

AlloyDB Admin for BackupDR ( roles/ alloydb.backupDrAdmin )

AlloyDB Client ( roles/ alloydb.client )

AlloyDB Database User ( roles/ alloydb.databaseUser )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Support User ( roles/ iam.supportUser )

Service agent roles

Database Migration Service Agent ( roles/ datamigration.serviceAgent )

`alloydb.clusters.import`

Owner ( roles/ owner )

Editor ( roles/ editor )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

Databases Admin ( roles/ iam.databasesAdmin )

Service agent roles

Database Migration Service Agent ( roles/ datamigration.serviceAgent )

`alloydb.clusters.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

AlloyDB Viewer ( roles/ alloydb.viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Reviewer ( roles/ iam.securityReviewer )

AlloyDB Admin for BackupDR ( roles/ alloydb.backupDrAdmin )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

Service agent roles

AlloyDB Service Agent ( roles/ alloydb.serviceAgent )
Database Migration Service Agent ( roles/ datamigration.serviceAgent )

`alloydb. clusters. listEffectiveTags`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

AlloyDB Viewer ( roles/ alloydb.viewer )

Tag User ( roles/ resourcemanager.tagUser )

Tag Viewer ( roles/ resourcemanager.tagViewer )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

`alloydb. clusters. listTagBindings`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

AlloyDB Viewer ( roles/ alloydb.viewer )

Tag User ( roles/ resourcemanager.tagUser )

Tag Viewer ( roles/ resourcemanager.tagViewer )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

`alloydb.clusters.promote`

Owner ( roles/ owner )

Editor ( roles/ editor )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

Databases Admin ( roles/ iam.databasesAdmin )

`alloydb.clusters.switchover`

Owner ( roles/ owner )

Editor ( roles/ editor )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

Databases Admin ( roles/ iam.databasesAdmin )

`alloydb.clusters.update`

Owner ( roles/ owner )

Editor ( roles/ editor )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

Databases Admin ( roles/ iam.databasesAdmin )

Service agent roles

Database Migration Service Agent ( roles/ datamigration.serviceAgent )

`alloydb.clusters.upgrade`

Owner ( roles/ owner )

Editor ( roles/ editor )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

Databases Admin ( roles/ iam.databasesAdmin )

`alloydb.databases.create`

Owner ( roles/ owner )

Editor ( roles/ editor )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

Databases Admin ( roles/ iam.databasesAdmin )

`alloydb.databases.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

AlloyDB Viewer ( roles/ alloydb.viewer )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Support User ( roles/ iam.supportUser )

`alloydb.databases.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

AlloyDB Viewer ( roles/ alloydb.viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Reviewer ( roles/ iam.securityReviewer )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

Service agent roles

Discovery Engine Service Agent ( roles/ discoveryengine.serviceAgent )

`alloydb.instances.connect`

Owner ( roles/ owner )

Editor ( roles/ editor )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

AlloyDB Client ( roles/ alloydb.client )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Databases Admin ( roles/ iam.databasesAdmin )

Service agent roles

Database Migration Service Agent ( roles/ datamigration.serviceAgent )

`alloydb.instances.create`

Owner ( roles/ owner )

Editor ( roles/ editor )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

AlloyDB Admin for BackupDR ( roles/ alloydb.backupDrAdmin )

Databases Admin ( roles/ iam.databasesAdmin )

Service agent roles

Database Migration Service Agent ( roles/ datamigration.serviceAgent )

`alloydb.instances.delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

Databases Admin ( roles/ iam.databasesAdmin )

Service agent roles

Database Migration Service Agent ( roles/ datamigration.serviceAgent )

`alloydb.instances.executeSql`

Owner ( roles/ owner )

Editor ( roles/ editor )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

AlloyDB Database User ( roles/ alloydb.databaseUser )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Service agent roles

Database Migration Service Agent ( roles/ datamigration.serviceAgent )

`alloydb. instances. executeSqlReadOnly`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

AlloyDB Viewer ( roles/ alloydb.viewer )

AlloyDB Database User ( roles/ alloydb.databaseUser )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Support User ( roles/ iam.supportUser )

`alloydb.instances.failover`

Owner ( roles/ owner )

Editor ( roles/ editor )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

Databases Admin ( roles/ iam.databasesAdmin )

`alloydb.instances.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

AlloyDB Viewer ( roles/ alloydb.viewer )

AlloyDB Admin for BackupDR ( roles/ alloydb.backupDrAdmin )

AlloyDB Client ( roles/ alloydb.client )

AlloyDB Database User ( roles/ alloydb.databaseUser )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Support User ( roles/ iam.supportUser )

Service agent roles

Database Migration Service Agent ( roles/ datamigration.serviceAgent )
Discovery Engine Service Agent ( roles/ discoveryengine.serviceAgent )

`alloydb.instances.injectFault`

Owner ( roles/ owner )

Editor ( roles/ editor )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

Databases Admin ( roles/ iam.databasesAdmin )

`alloydb.instances.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

AlloyDB Viewer ( roles/ alloydb.viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Reviewer ( roles/ iam.securityReviewer )

AlloyDB Admin for BackupDR ( roles/ alloydb.backupDrAdmin )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

Service agent roles

Database Migration Service Agent ( roles/ datamigration.serviceAgent )

`alloydb.instances.restart`

Owner ( roles/ owner )

Editor ( roles/ editor )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

Databases Admin ( roles/ iam.databasesAdmin )

`alloydb.instances.update`

Owner ( roles/ owner )

Editor ( roles/ editor )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

Databases Admin ( roles/ iam.databasesAdmin )

Service agent roles

Database Migration Service Agent ( roles/ datamigration.serviceAgent )

`alloydb.locations.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

AlloyDB Viewer ( roles/ alloydb.viewer )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Support User ( roles/ iam.supportUser )

`alloydb.locations.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

AlloyDB Viewer ( roles/ alloydb.viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Reviewer ( roles/ iam.securityReviewer )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

`alloydb.operations.cancel`

Owner ( roles/ owner )

Editor ( roles/ editor )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

Databases Admin ( roles/ iam.databasesAdmin )

`alloydb.operations.delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

Databases Admin ( roles/ iam.databasesAdmin )

`alloydb.operations.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

AlloyDB Viewer ( roles/ alloydb.viewer )

AlloyDB Admin for BackupDR ( roles/ alloydb.backupDrAdmin )

Backup and DR AlloyDB Operator ( roles/ backupdr.alloydbOperator )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Support User ( roles/ iam.supportUser )

Service agent roles

Backup and DR Service Agent ( roles/ backupdr.serviceAgent )
Database Migration Service Agent ( roles/ datamigration.serviceAgent )
Discovery Engine Service Agent ( roles/ discoveryengine.serviceAgent )

`alloydb.operations.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

AlloyDB Viewer ( roles/ alloydb.viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Reviewer ( roles/ iam.securityReviewer )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

Service agent roles

Database Migration Service Agent ( roles/ datamigration.serviceAgent )

`alloydb. supportedDatabaseFlags. get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

AlloyDB Viewer ( roles/ alloydb.viewer )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Support User ( roles/ iam.supportUser )

`alloydb. supportedDatabaseFlags. list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

AlloyDB Viewer ( roles/ alloydb.viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Reviewer ( roles/ iam.securityReviewer )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

`alloydb.users.create`

Owner ( roles/ owner )

Editor ( roles/ editor )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

Databases Admin ( roles/ iam.databasesAdmin )

`alloydb.users.delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

Databases Admin ( roles/ iam.databasesAdmin )

`alloydb.users.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

AlloyDB Viewer ( roles/ alloydb.viewer )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Support User ( roles/ iam.supportUser )

`alloydb.users.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

AlloyDB Viewer ( roles/ alloydb.viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Reviewer ( roles/ iam.securityReviewer )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

`alloydb.users.login`

Owner ( roles/ owner )

Editor ( roles/ editor )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

AlloyDB Database User ( roles/ alloydb.databaseUser )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

`alloydb.users.update`

Owner ( roles/ owner )

Editor ( roles/ editor )

AlloyDB Admin ( roles/ alloydb.admin )

AlloyDB Editor ( roles/ alloydb.editor )

Databases Admin ( roles/ iam.databasesAdmin )

AlloyDB for PostgreSQL roles and permissions Stay organized with collections Save and categorize content based on your preferences.