Console
    Contact Us Start free

    API Gateway roles and permissions

    This page lists the IAM roles and permissions for API Gateway. To search through all roles and permissions, see the role and permission index .

    API Gateway roles

    Role
    Permissions

    ( roles/ apigateway.admin )

    Full access to ApiGateway and related resources.

    apigateway.*

    • apigateway.apiconfigs.create
    • apigateway.apiconfigs.delete
    • apigateway.apiconfigs.get
    • apigateway. apiconfigs. getIamPolicy
    • apigateway.apiconfigs.list
    • apigateway. apiconfigs. setIamPolicy
    • apigateway.apiconfigs.update
    • apigateway.apis.create
    • apigateway. apis. createTagBinding
    • apigateway.apis.delete
    • apigateway. apis. deleteTagBinding
    • apigateway.apis.get
    • apigateway.apis.getIamPolicy
    • apigateway.apis.list
    • apigateway. apis. listEffectiveTags
    • apigateway. apis. listTagBindings
    • apigateway.apis.setIamPolicy
    • apigateway.apis.update
    • apigateway.gateways.create
    • apigateway. gateways. createTagBinding
    • apigateway.gateways.delete
    • apigateway. gateways. deleteTagBinding
    • apigateway.gateways.get
    • apigateway. gateways. getIamPolicy
    • apigateway.gateways.list
    • apigateway. gateways. listEffectiveTags
    • apigateway. gateways. listTagBindings
    • apigateway. gateways. setIamPolicy
    • apigateway.gateways.update
    • apigateway.locations.get
    • apigateway.locations.list
    • apigateway.operations.cancel
    • apigateway.operations.delete
    • apigateway.operations.get
    • apigateway.operations.list

    monitoring. metricDescriptors. list

    monitoring. monitoredResourceDescriptors. get

    monitoring.timeSeries.list

    resourcemanager.projects.get

    resourcemanager.projects.list

    servicemanagement.services.get

    serviceusage.services.get

    serviceusage.services.list

    ( roles/ apigateway.serviceAgent )

    Gives Cloud API Gateway service account access to Service Management check and reports as well as impersonation on user-specified service accounts.

    iam. serviceAccounts. getAccessToken

    iam. serviceAccounts. getOpenIdToken

    servicemanagement. services. check

    servicemanagement. services. quota

    servicemanagement. services. report

    ( roles/ apigateway.viewer )

    Read-only access to ApiGateway and related resources.

    apigateway.apiconfigs.get

    apigateway. apiconfigs. getIamPolicy

    apigateway.apiconfigs.list

    apigateway.apis.get

    apigateway.apis.getIamPolicy

    apigateway.apis.list

    apigateway. apis. listEffectiveTags

    apigateway. apis. listTagBindings

    apigateway.gateways.get

    apigateway. gateways. getIamPolicy

    apigateway.gateways.list

    apigateway. gateways. listEffectiveTags

    apigateway. gateways. listTagBindings

    apigateway.locations.*

    • apigateway.locations.get
    • apigateway.locations.list

    apigateway.operations.get

    apigateway.operations.list

    monitoring. metricDescriptors. list

    monitoring. monitoredResourceDescriptors. get

    monitoring.timeSeries.list

    resourcemanager.projects.get

    resourcemanager.projects.list

    servicemanagement.services.get

    serviceusage.services.get

    serviceusage.services.list

    ( roles/ apigateway_management.serviceAgent )

    Gives Cloud API Gateway service account access to retrieve a Service configuration.

    iam.serviceAccounts.get

    servicemanagement. services. create

    servicemanagement. services. delete

    servicemanagement.services.get

    servicemanagement. services. list

    servicemanagement. services. update

    serviceusage.services.get

    API Gateway permissions

    Permission
    Included in roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    ApiGateway Admin ( roles/ apigateway.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    ApiGateway Admin ( roles/ apigateway.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    ApiGateway Admin ( roles/ apigateway.admin )

    ApiGateway Viewer ( roles/ apigateway.viewer )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    ApiGateway Admin ( roles/ apigateway.admin )

    ApiGateway Viewer ( roles/ apigateway.viewer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    ApiGateway Admin ( roles/ apigateway.admin )

    ApiGateway Viewer ( roles/ apigateway.viewer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    ApiGateway Admin ( roles/ apigateway.admin )

    Security Admin ( roles/ iam.securityAdmin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    ApiGateway Admin ( roles/ apigateway.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    ApiGateway Admin ( roles/ apigateway.admin )

    Owner ( roles/ owner )

    ApiGateway Admin ( roles/ apigateway.admin )

    DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

    DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

    Tag User ( roles/ resourcemanager.tagUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    ApiGateway Admin ( roles/ apigateway.admin )

    Owner ( roles/ owner )

    ApiGateway Admin ( roles/ apigateway.admin )

    DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

    DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

    Tag User ( roles/ resourcemanager.tagUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    ApiGateway Admin ( roles/ apigateway.admin )

    ApiGateway Viewer ( roles/ apigateway.viewer )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    ApiGateway Admin ( roles/ apigateway.admin )

    ApiGateway Viewer ( roles/ apigateway.viewer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    ApiGateway Admin ( roles/ apigateway.admin )

    ApiGateway Viewer ( roles/ apigateway.viewer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    ApiGateway Admin ( roles/ apigateway.admin )

    ApiGateway Viewer ( roles/ apigateway.viewer )

    DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

    DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Tag User ( roles/ resourcemanager.tagUser )

    Tag Viewer ( roles/ resourcemanager.tagViewer )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    ApiGateway Admin ( roles/ apigateway.admin )

    ApiGateway Viewer ( roles/ apigateway.viewer )

    DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

    DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Tag User ( roles/ resourcemanager.tagUser )

    Tag Viewer ( roles/ resourcemanager.tagViewer )

    Owner ( roles/ owner )

    ApiGateway Admin ( roles/ apigateway.admin )

    Security Admin ( roles/ iam.securityAdmin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    ApiGateway Admin ( roles/ apigateway.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    ApiGateway Admin ( roles/ apigateway.admin )

    Owner ( roles/ owner )

    ApiGateway Admin ( roles/ apigateway.admin )

    DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

    DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

    Tag User ( roles/ resourcemanager.tagUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    ApiGateway Admin ( roles/ apigateway.admin )

    Owner ( roles/ owner )

    ApiGateway Admin ( roles/ apigateway.admin )

    DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

    DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

    Tag User ( roles/ resourcemanager.tagUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    ApiGateway Admin ( roles/ apigateway.admin )

    ApiGateway Viewer ( roles/ apigateway.viewer )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    ApiGateway Admin ( roles/ apigateway.admin )

    ApiGateway Viewer ( roles/ apigateway.viewer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    ApiGateway Admin ( roles/ apigateway.admin )

    ApiGateway Viewer ( roles/ apigateway.viewer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    ApiGateway Admin ( roles/ apigateway.admin )

    ApiGateway Viewer ( roles/ apigateway.viewer )

    DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

    DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Tag User ( roles/ resourcemanager.tagUser )

    Tag Viewer ( roles/ resourcemanager.tagViewer )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    ApiGateway Admin ( roles/ apigateway.admin )

    ApiGateway Viewer ( roles/ apigateway.viewer )

    DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

    DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Tag User ( roles/ resourcemanager.tagUser )

    Tag Viewer ( roles/ resourcemanager.tagViewer )

    Owner ( roles/ owner )

    ApiGateway Admin ( roles/ apigateway.admin )

    Security Admin ( roles/ iam.securityAdmin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    ApiGateway Admin ( roles/ apigateway.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    ApiGateway Admin ( roles/ apigateway.admin )

    ApiGateway Viewer ( roles/ apigateway.viewer )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    ApiGateway Admin ( roles/ apigateway.admin )

    ApiGateway Viewer ( roles/ apigateway.viewer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    ApiGateway Admin ( roles/ apigateway.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    ApiGateway Admin ( roles/ apigateway.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    ApiGateway Admin ( roles/ apigateway.admin )

    ApiGateway Viewer ( roles/ apigateway.viewer )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    ApiGateway Admin ( roles/ apigateway.admin )

    ApiGateway Viewer ( roles/ apigateway.viewer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )
    Design a Mobile Site
    View Site in Mobile | Classic
    Share by: