Console
    Contact Us Start free

    Cloud Key Management Service roles and permissions

    This page lists the IAM roles and permissions for Cloud Key Management Service. To search through all roles and permissions, see the role and permission index .

    Cloud Key Management Service roles

    Role
    Permissions

    ( roles/ cloudkms.admin )

    Provides access to Cloud KMS resources, except for access to restricted resource types and cryptographic operations.

    Lowest-level resources where you can grant this role:

    • CryptoKey

    cloudkms.autokeyConfigs.*

    • cloudkms.autokeyConfigs.get
    • cloudkms.autokeyConfigs.update

    cloudkms. cryptoKeyVersions. create

    cloudkms. cryptoKeyVersions. destroy

    cloudkms.cryptoKeyVersions.get

    cloudkms. cryptoKeyVersions. list

    cloudkms. cryptoKeyVersions. restore

    cloudkms. cryptoKeyVersions. update

    cloudkms. cryptoKeyVersions. useToDecryptViaDelegation

    cloudkms. cryptoKeyVersions. useToEncryptViaDelegation

    cloudkms.cryptoKeys.*

    • cloudkms.cryptoKeys.create
    • cloudkms.cryptoKeys.get
    • cloudkms. cryptoKeys. getIamPolicy
    • cloudkms.cryptoKeys.list
    • cloudkms. cryptoKeys. setIamPolicy
    • cloudkms.cryptoKeys.update

    cloudkms.ekmConfigs.*

    • cloudkms.ekmConfigs.get
    • cloudkms. ekmConfigs. getIamPolicy
    • cloudkms. ekmConfigs. setIamPolicy
    • cloudkms.ekmConfigs.update

    cloudkms.ekmConnections.*

    • cloudkms.ekmConnections.create
    • cloudkms.ekmConnections.get
    • cloudkms. ekmConnections. getIamPolicy
    • cloudkms.ekmConnections.list
    • cloudkms. ekmConnections. setIamPolicy
    • cloudkms.ekmConnections.update
    • cloudkms.ekmConnections.use
    • cloudkms. ekmConnections. verifyConnectivity

    cloudkms.importJobs.*

    • cloudkms.importJobs.create
    • cloudkms.importJobs.get
    • cloudkms. importJobs. getIamPolicy
    • cloudkms.importJobs.list
    • cloudkms. importJobs. setIamPolicy
    • cloudkms. importJobs. useToImport

    cloudkms.kajPolicyConfigs.*

    • cloudkms.kajPolicyConfigs.get
    • cloudkms. kajPolicyConfigs. update

    cloudkms.keyHandles.*

    • cloudkms.keyHandles.create
    • cloudkms.keyHandles.get
    • cloudkms.keyHandles.list

    cloudkms.keyRings.*

    • cloudkms.keyRings.create
    • cloudkms. keyRings. createTagBinding
    • cloudkms. keyRings. deleteTagBinding
    • cloudkms.keyRings.get
    • cloudkms.keyRings.getIamPolicy
    • cloudkms.keyRings.list
    • cloudkms. keyRings. listEffectiveTags
    • cloudkms. keyRings. listTagBindings
    • cloudkms.keyRings.setIamPolicy

    cloudkms.locations.get

    cloudkms.locations.list

    cloudkms. locations. optOutKeyDeletionMsa

    cloudkms.operations.get

    cloudkms.projects.*

    • cloudkms. projects. showEffectiveAutokeyConfig
    • cloudkms. projects. showEffectiveKajEnrollmentConfig
    • cloudkms. projects. showEffectiveKajPolicyConfig

    resourcemanager.projects.get

    ( roles/ cloudkms.autokeyAdmin )

    Enables management of AutokeyConfig.

    cloudkms.autokeyConfigs.*

    • cloudkms.autokeyConfigs.get
    • cloudkms.autokeyConfigs.update

    cloudkms. projects. showEffectiveAutokeyConfig

    ( roles/ cloudkms.autokeyUser )

    Grants ability to use KeyHandle resources.

    cloudkms.keyHandles.*

    • cloudkms.keyHandles.create
    • cloudkms.keyHandles.get
    • cloudkms.keyHandles.list

    cloudkms.operations.get

    cloudkms. projects. showEffectiveAutokeyConfig

    ( roles/ cloudkms.cryptoKeyDecrypter )

    Provides ability to use Cloud KMS resources for decrypt operations only.

    Lowest-level resources where you can grant this role:

    • CryptoKey

    cloudkms. cryptoKeyVersions. useToDecrypt

    cloudkms.locations.get

    cloudkms.locations.list

    resourcemanager.projects.get

    ( roles/ cloudkms.cryptoKeyDecrypterViaDelegation )

    Enables Decrypt operations via other Google Cloud services

    Lowest-level resources where you can grant this role:

    • CryptoKey

    cloudkms. cryptoKeyVersions. useToDecryptViaDelegation

    cloudkms.locations.get

    cloudkms.locations.list

    resourcemanager.projects.get

    resourcemanager.projects.list

    ( roles/ cloudkms.cryptoKeyEncrypter )

    Provides ability to use Cloud KMS resources for encrypt operations only.

    Lowest-level resources where you can grant this role:

    • CryptoKey

    cloudkms. cryptoKeyVersions. useToEncrypt

    cloudkms.locations.get

    cloudkms.locations.list

    resourcemanager.projects.get

    ( roles/ cloudkms.cryptoKeyEncrypterDecrypter )

    Provides ability to use Cloud KMS resources for encrypt and decrypt operations only.

    Lowest-level resources where you can grant this role:

    • CryptoKey

    cloudkms. cryptoKeyVersions. useToDecrypt

    cloudkms. cryptoKeyVersions. useToEncrypt

    cloudkms.locations.get

    cloudkms.locations.list

    resourcemanager.projects.get

    ( roles/ cloudkms.cryptoKeyEncrypterDecrypterViaDelegation )

    Enables Encrypt and Decrypt operations via other Google Cloud services

    Lowest-level resources where you can grant this role:

    • CryptoKey

    cloudkms. cryptoKeyVersions. useToDecryptViaDelegation

    cloudkms. cryptoKeyVersions. useToEncryptViaDelegation

    cloudkms.locations.get

    cloudkms.locations.list

    resourcemanager.projects.get

    resourcemanager.projects.list

    ( roles/ cloudkms.cryptoKeyEncrypterViaDelegation )

    Enables Encrypt operations via other Google Cloud services

    Lowest-level resources where you can grant this role:

    • CryptoKey

    cloudkms. cryptoKeyVersions. useToEncryptViaDelegation

    cloudkms.locations.get

    cloudkms.locations.list

    resourcemanager.projects.get

    resourcemanager.projects.list

    ( roles/ cloudkms.cryptoOperator )

    Enables all Crypto Operations.

    Lowest-level resources where you can grant this role:

    • CryptoKey

    cloudkms. cryptoKeyVersions. useToDecapsulate

    cloudkms. cryptoKeyVersions. useToDecrypt

    cloudkms. cryptoKeyVersions. useToEncrypt

    cloudkms. cryptoKeyVersions. useToSign

    cloudkms. cryptoKeyVersions. useToVerify

    cloudkms. cryptoKeyVersions. viewPublicKey

    cloudkms. locations. generateRandomBytes

    cloudkms.locations.get

    cloudkms.locations.list

    resourcemanager.projects.get

    ( roles/ cloudkms.decapsulator )

    Enables Decapsulate and GetPublicKey operations

    cloudkms. cryptoKeyVersions. useToDecapsulate

    cloudkms. cryptoKeyVersions. viewPublicKey

    cloudkms.locations.get

    cloudkms.locations.list

    resourcemanager.projects.get

    ( roles/ cloudkms.ekmConnectionsAdmin )

    Enables management of EkmConnections.

    cloudkms.ekmConfigs.get

    cloudkms.ekmConfigs.update

    cloudkms.ekmConnections.create

    cloudkms.ekmConnections.get

    cloudkms.ekmConnections.list

    cloudkms.ekmConnections.update

    cloudkms. ekmConnections. verifyConnectivity

    resourcemanager.projects.get

    resourcemanager.projects.list

    ( roles/ cloudkms.expertRawAesCbc )

    Enables raw AES-CBC keys management.

    Lowest-level resources where you can grant this role:

    • CryptoKey

    cloudkms. cryptoKeyVersions. manageRawAesCbcKeys

    cloudkms.locations.get

    cloudkms.locations.list

    resourcemanager.projects.get

    resourcemanager.projects.list

    ( roles/ cloudkms.expertRawAesCtr )

    Enables raw AES-CTR keys management.

    Lowest-level resources where you can grant this role:

    • CryptoKey

    cloudkms. cryptoKeyVersions. manageRawAesCtrKeys

    cloudkms.locations.get

    cloudkms.locations.list

    resourcemanager.projects.get

    resourcemanager.projects.list

    ( roles/ cloudkms.expertRawPKCS1 )

    Enables raw PKCS#1 keys management.

    Lowest-level resources where you can grant this role:

    • CryptoKey

    cloudkms. cryptoKeyVersions. manageRawPKCS1Keys

    cloudkms.locations.get

    cloudkms.locations.list

    resourcemanager.projects.get

    resourcemanager.projects.list

    ( roles/ cloudkms.importer )

    Enables ImportCryptoKeyVersion, CreateImportJob, ListImportJobs, and GetImportJob operations

    cloudkms.importJobs.create

    cloudkms.importJobs.get

    cloudkms.importJobs.list

    cloudkms. importJobs. useToImport

    cloudkms.locations.get

    cloudkms.locations.list

    resourcemanager.projects.get

    ( roles/ cloudkms.keyAccessJustificationsEnrollmentConfigViewer )

    Grant ability to view Key Access Justification enrollment configs of a project.

    cloudkms. projects. showEffectiveKajEnrollmentConfig

    ( roles/ cloudkms.keyAccessJustificationsPolicyConfigAdmin )

    Grant ability to manage Key Access Justifications Policy at parent resource level.

    cloudkms.kajPolicyConfigs.*

    • cloudkms.kajPolicyConfigs.get
    • cloudkms. kajPolicyConfigs. update

    cloudkms. projects. showEffectiveKajPolicyConfig

    ( roles/ cloudkms.orgServiceAgent )

    Gives Cloud KMS organization-level service account access to managed resources.

    cloudasset. assets. searchAllResources

    ( roles/ cloudkms.protectedResourcesViewer )

    Enables viewing protected resources.

    cloudkms. protectedResources. search

    ( roles/ cloudkms.publicKeyViewer )

    Enables GetPublicKey operations

    Lowest-level resources where you can grant this role:

    • CryptoKey

    cloudkms. cryptoKeyVersions. viewPublicKey

    cloudkms.locations.get

    cloudkms.locations.list

    resourcemanager.projects.get

    ( roles/ cloudkms.serviceAgent )

    Gives Cloud KMS service account access to managed resources.

    cloudasset. assets. listCloudkmsCryptoKeys

    ( roles/ cloudkms.signer )

    Enables Sign operations

    Lowest-level resources where you can grant this role:

    • CryptoKey

    cloudkms. cryptoKeyVersions. useToSign

    cloudkms.locations.get

    cloudkms.locations.list

    resourcemanager.projects.get

    ( roles/ cloudkms.signerVerifier )

    Enables Sign, Verify, and GetPublicKey operations

    Lowest-level resources where you can grant this role:

    • CryptoKey

    cloudkms. cryptoKeyVersions. useToSign

    cloudkms. cryptoKeyVersions. useToVerify

    cloudkms. cryptoKeyVersions. viewPublicKey

    cloudkms.locations.get

    cloudkms.locations.list

    resourcemanager.projects.get

    ( roles/ cloudkms.verifier )

    Enables Verify and GetPublicKey operations

    Lowest-level resources where you can grant this role:

    • CryptoKey

    cloudkms. cryptoKeyVersions. useToVerify

    cloudkms. cryptoKeyVersions. viewPublicKey

    cloudkms.locations.get

    cloudkms.locations.list

    resourcemanager.projects.get

    ( roles/ cloudkms.viewer )

    Enables Get and List operations.

    Lowest-level resources where you can grant this role:

    • CryptoKey

    cloudkms.autokeyConfigs.get

    cloudkms.cryptoKeyVersions.get

    cloudkms. cryptoKeyVersions. list

    cloudkms.cryptoKeys.get

    cloudkms.cryptoKeys.list

    cloudkms.ekmConfigs.get

    cloudkms.ekmConnections.get

    cloudkms.ekmConnections.list

    cloudkms.importJobs.get

    cloudkms.importJobs.list

    cloudkms.kajPolicyConfigs.get

    cloudkms.keyHandles.get

    cloudkms.keyHandles.list

    cloudkms.keyRings.get

    cloudkms.keyRings.list

    cloudkms.locations.get

    cloudkms.locations.list

    cloudkms.operations.get

    resourcemanager.projects.get

    ( roles/ cloudkmskacls.serviceAgent )

    Grants Cloud KMS KACLS Service Agent access to KMS resource permissions to perform DEK encryption/decryption.

    cloudkms. cryptoKeyVersions. useToDecrypt

    cloudkms. cryptoKeyVersions. useToEncrypt

    cloudkms.cryptoKeys.get

    Cloud Key Management Service permissions

    Permission
    Included in roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Cloud KMS Autokey Admin ( roles/ cloudkms.autokeyAdmin )

    Cloud KMS Viewer ( roles/ cloudkms.viewer )

    Databases Admin ( roles/ iam.databasesAdmin )

    ML Engineer ( roles/ iam.mlEngineer )

    Security Auditor ( roles/ iam.securityAuditor )

    Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Cloud KMS Autokey Admin ( roles/ cloudkms.autokeyAdmin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Owner ( roles/ owner )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Cloud KMS Viewer ( roles/ cloudkms.viewer )

    Kubernetes Engine KMS Crypto Key User ( roles/ container.cloudKmsKeyUser )

    Databases Admin ( roles/ iam.databasesAdmin )

    ML Engineer ( roles/ iam.mlEngineer )

    Security Auditor ( roles/ iam.securityAuditor )

    Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Cloud KMS Viewer ( roles/ cloudkms.viewer )

    Databases Admin ( roles/ iam.databasesAdmin )

    ML Engineer ( roles/ iam.mlEngineer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Cloud KMS Expert Raw AES-CBC Key Manager ( roles/ cloudkms.expertRawAesCbc )

    Owner ( roles/ owner )

    Cloud KMS Expert Raw AES-CTR Key Manager ( roles/ cloudkms.expertRawAesCtr )

    Owner ( roles/ owner )

    Cloud KMS Expert Raw PKCS#1 Key Manager ( roles/ cloudkms.expertRawPKCS1 )

    Owner ( roles/ owner )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Owner ( roles/ owner )

    Cloud KMS Crypto Operator ( roles/ cloudkms.cryptoOperator )

    Cloud KMS CryptoKey Decapsulator ( roles/ cloudkms.decapsulator )

    Owner ( roles/ owner )

    Cloud KMS CryptoKey Decrypter ( roles/ cloudkms.cryptoKeyDecrypter )

    Cloud KMS CryptoKey Encrypter/Decrypter ( roles/ cloudkms.cryptoKeyEncrypterDecrypter )

    Cloud KMS Crypto Operator ( roles/ cloudkms.cryptoOperator )

    Data Scientist ( roles/ iam.dataScientist )

    Dev Ops ( roles/ iam.devOps )

    Service agent roles

    Owner ( roles/ owner )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Cloud KMS CryptoKey Decrypter Via Delegation ( roles/ cloudkms.cryptoKeyDecrypterViaDelegation )

    Cloud KMS CryptoKey Encrypter/Decrypter Via Delegation ( roles/ cloudkms.cryptoKeyEncrypterDecrypterViaDelegation )

    Owner ( roles/ owner )

    Cloud KMS CryptoKey Encrypter ( roles/ cloudkms.cryptoKeyEncrypter )

    Cloud KMS CryptoKey Encrypter/Decrypter ( roles/ cloudkms.cryptoKeyEncrypterDecrypter )

    Cloud KMS Crypto Operator ( roles/ cloudkms.cryptoOperator )

    Data Scientist ( roles/ iam.dataScientist )

    Dev Ops ( roles/ iam.devOps )

    Service agent roles

    Owner ( roles/ owner )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Cloud KMS CryptoKey Encrypter/Decrypter Via Delegation ( roles/ cloudkms.cryptoKeyEncrypterDecrypterViaDelegation )

    Cloud KMS CryptoKey Encrypter Via Delegation ( roles/ cloudkms.cryptoKeyEncrypterViaDelegation )

    Owner ( roles/ owner )

    Cloud KMS Crypto Operator ( roles/ cloudkms.cryptoOperator )

    Cloud KMS CryptoKey Signer ( roles/ cloudkms.signer )

    Cloud KMS CryptoKey Signer/Verifier ( roles/ cloudkms.signerVerifier )

    Kubernetes Engine KMS Crypto Key User ( roles/ container.cloudKmsKeyUser )

    Owner ( roles/ owner )

    Cloud KMS Crypto Operator ( roles/ cloudkms.cryptoOperator )

    Cloud KMS CryptoKey Signer/Verifier ( roles/ cloudkms.signerVerifier )

    Cloud KMS CryptoKey Verifier ( roles/ cloudkms.verifier )

    Kubernetes Engine KMS Crypto Key User ( roles/ container.cloudKmsKeyUser )

    Owner ( roles/ owner )

    Cloud KMS Crypto Operator ( roles/ cloudkms.cryptoOperator )

    Cloud KMS CryptoKey Decapsulator ( roles/ cloudkms.decapsulator )

    Cloud KMS CryptoKey Public Key Viewer ( roles/ cloudkms.publicKeyViewer )

    Cloud KMS CryptoKey Signer/Verifier ( roles/ cloudkms.signerVerifier )

    Cloud KMS CryptoKey Verifier ( roles/ cloudkms.verifier )

    Kubernetes Engine KMS Crypto Key User ( roles/ container.cloudKmsKeyUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Cloud KMS Viewer ( roles/ cloudkms.viewer )

    Kubernetes Engine KMS Crypto Key User ( roles/ container.cloudKmsKeyUser )

    Databases Admin ( roles/ iam.databasesAdmin )

    ML Engineer ( roles/ iam.mlEngineer )

    Security Auditor ( roles/ iam.securityAuditor )

    Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

    Support User ( roles/ iam.supportUser )

    SLZ BQDW Blueprint Project Level Remediator ( roles/ securedlandingzone.bqdwProjectRemediator )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    SLZ BQDW Blueprint Project Level Remediator ( roles/ securedlandingzone.bqdwProjectRemediator )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Cloud KMS Viewer ( roles/ cloudkms.viewer )

    Databases Admin ( roles/ iam.databasesAdmin )

    ML Engineer ( roles/ iam.mlEngineer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

    Support User ( roles/ iam.supportUser )

    SLZ BQDW Blueprint Project Level Remediator ( roles/ securedlandingzone.bqdwProjectRemediator )

    Service agent roles

    Owner ( roles/ owner )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Security Admin ( roles/ iam.securityAdmin )

    SLZ BQDW Blueprint Project Level Remediator ( roles/ securedlandingzone.bqdwProjectRemediator )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    SLZ BQDW Blueprint Project Level Remediator ( roles/ securedlandingzone.bqdwProjectRemediator )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Cloud KMS EkmConnections Admin ( roles/ cloudkms.ekmConnectionsAdmin )

    Cloud KMS Viewer ( roles/ cloudkms.viewer )

    Databases Admin ( roles/ iam.databasesAdmin )

    ML Engineer ( roles/ iam.mlEngineer )

    Security Auditor ( roles/ iam.securityAuditor )

    Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Security Admin ( roles/ iam.securityAdmin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Cloud KMS EkmConnections Admin ( roles/ cloudkms.ekmConnectionsAdmin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Cloud KMS EkmConnections Admin ( roles/ cloudkms.ekmConnectionsAdmin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Cloud KMS EkmConnections Admin ( roles/ cloudkms.ekmConnectionsAdmin )

    Cloud KMS Viewer ( roles/ cloudkms.viewer )

    Databases Admin ( roles/ iam.databasesAdmin )

    ML Engineer ( roles/ iam.mlEngineer )

    Security Auditor ( roles/ iam.securityAuditor )

    Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Cloud KMS EkmConnections Admin ( roles/ cloudkms.ekmConnectionsAdmin )

    Cloud KMS Viewer ( roles/ cloudkms.viewer )

    Databases Admin ( roles/ iam.databasesAdmin )

    ML Engineer ( roles/ iam.mlEngineer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Security Admin ( roles/ iam.securityAdmin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Cloud KMS EkmConnections Admin ( roles/ cloudkms.ekmConnectionsAdmin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Cloud KMS EkmConnections Admin ( roles/ cloudkms.ekmConnectionsAdmin )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Cloud KMS Importer ( roles/ cloudkms.importer )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Cloud KMS Importer ( roles/ cloudkms.importer )

    Cloud KMS Viewer ( roles/ cloudkms.viewer )

    Databases Admin ( roles/ iam.databasesAdmin )

    ML Engineer ( roles/ iam.mlEngineer )

    Security Auditor ( roles/ iam.securityAuditor )

    Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Cloud KMS Importer ( roles/ cloudkms.importer )

    Cloud KMS Viewer ( roles/ cloudkms.viewer )

    Databases Admin ( roles/ iam.databasesAdmin )

    ML Engineer ( roles/ iam.mlEngineer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Security Admin ( roles/ iam.securityAdmin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Cloud KMS Importer ( roles/ cloudkms.importer )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Key Access Justifications Policy Config Admin ( roles/ cloudkms.keyAccessJustificationsPolicyConfigAdmin )

    Cloud KMS Viewer ( roles/ cloudkms.viewer )

    Databases Admin ( roles/ iam.databasesAdmin )

    ML Engineer ( roles/ iam.mlEngineer )

    Security Auditor ( roles/ iam.securityAuditor )

    Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Key Access Justifications Policy Config Admin ( roles/ cloudkms.keyAccessJustificationsPolicyConfigAdmin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    AlloyDB Admin ( roles/ alloydb.admin )

    Artifact Registry Administrator ( roles/ artifactregistry.admin )

    BigQuery Admin ( roles/ bigquery.admin )

    BigQuery Data Editor ( roles/ bigquery.dataEditor )

    BigQuery Data Owner ( roles/ bigquery.dataOwner )

    BigQuery Studio Admin ( roles/ bigquery.studioAdmin )

    BigQuery User ( roles/ bigquery.user )

    Bigtable Administrator ( roles/ bigtable.admin )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Cloud KMS Autokey User ( roles/ cloudkms.autokeyUser )

    Cloud SQL Admin ( roles/ cloudsql.admin )

    Composer Administrator ( roles/ composer.admin )

    Environment and Storage Object Administrator ( roles/ composer.environmentAndStorageObjectAdmin )

    Composer Worker ( roles/ composer.worker )

    Compute Admin ( roles/ compute.admin )

    Compute Instance Admin (beta) ( roles/ compute.instanceAdmin )

    Compute Instance Admin (v1) ( roles/ compute.instanceAdmin.v1 )

    Compute Storage Admin ( roles/ compute.storageAdmin )

    Dataflow Admin ( roles/ dataflow.admin )

    Dataflow Developer ( roles/ dataflow.developer )

    DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

    DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

    Firebase Admin ( roles/ firebase.admin )

    Firebase Develop Admin ( roles/ firebase.developAdmin )

    Data Scientist ( roles/ iam.dataScientist )

    Databases Admin ( roles/ iam.databasesAdmin )

    Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

    ML Engineer ( roles/ iam.mlEngineer )

    Network Administrator ( roles/ iam.networkAdmin )

    Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

    Notebooks Legacy Admin ( roles/ notebooks.legacyAdmin )

    Cloud Memorystore Redis Admin ( roles/ redis.admin )

    Secret Manager Admin ( roles/ secretmanager.admin )

    Cloud Spanner Admin ( roles/ spanner.admin )

    Cloud Spanner Database Admin ( roles/ spanner.databaseAdmin )

    Storage Admin ( roles/ storage.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    AlloyDB Admin ( roles/ alloydb.admin )

    Artifact Registry Administrator ( roles/ artifactregistry.admin )

    BigQuery Admin ( roles/ bigquery.admin )

    BigQuery Data Editor ( roles/ bigquery.dataEditor )

    BigQuery Data Owner ( roles/ bigquery.dataOwner )

    BigQuery Studio Admin ( roles/ bigquery.studioAdmin )

    BigQuery User ( roles/ bigquery.user )

    Bigtable Administrator ( roles/ bigtable.admin )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Cloud KMS Autokey User ( roles/ cloudkms.autokeyUser )

    Cloud KMS Viewer ( roles/ cloudkms.viewer )

    Cloud SQL Admin ( roles/ cloudsql.admin )

    Composer Administrator ( roles/ composer.admin )

    Environment and Storage Object Administrator ( roles/ composer.environmentAndStorageObjectAdmin )

    Composer Worker ( roles/ composer.worker )

    Compute Admin ( roles/ compute.admin )

    Compute Instance Admin (beta) ( roles/ compute.instanceAdmin )

    Compute Instance Admin (v1) ( roles/ compute.instanceAdmin.v1 )

    Compute Storage Admin ( roles/ compute.storageAdmin )

    Dataflow Admin ( roles/ dataflow.admin )

    Dataflow Developer ( roles/ dataflow.developer )

    DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

    DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

    Firebase Admin ( roles/ firebase.admin )

    Firebase Develop Admin ( roles/ firebase.developAdmin )

    Data Scientist ( roles/ iam.dataScientist )

    Databases Admin ( roles/ iam.databasesAdmin )

    Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

    ML Engineer ( roles/ iam.mlEngineer )

    Network Administrator ( roles/ iam.networkAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

    Support User ( roles/ iam.supportUser )

    Notebooks Legacy Admin ( roles/ notebooks.legacyAdmin )

    Cloud Memorystore Redis Admin ( roles/ redis.admin )

    Secret Manager Admin ( roles/ secretmanager.admin )

    Cloud Spanner Admin ( roles/ spanner.admin )

    Cloud Spanner Database Admin ( roles/ spanner.databaseAdmin )

    Storage Admin ( roles/ storage.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    AlloyDB Admin ( roles/ alloydb.admin )

    Artifact Registry Administrator ( roles/ artifactregistry.admin )

    BigQuery Admin ( roles/ bigquery.admin )

    BigQuery Data Editor ( roles/ bigquery.dataEditor )

    BigQuery Data Owner ( roles/ bigquery.dataOwner )

    BigQuery Studio Admin ( roles/ bigquery.studioAdmin )

    BigQuery User ( roles/ bigquery.user )

    Bigtable Administrator ( roles/ bigtable.admin )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Cloud KMS Autokey User ( roles/ cloudkms.autokeyUser )

    Cloud KMS Viewer ( roles/ cloudkms.viewer )

    Cloud SQL Admin ( roles/ cloudsql.admin )

    Composer Administrator ( roles/ composer.admin )

    Environment and Storage Object Administrator ( roles/ composer.environmentAndStorageObjectAdmin )

    Composer Worker ( roles/ composer.worker )

    Compute Admin ( roles/ compute.admin )

    Compute Instance Admin (beta) ( roles/ compute.instanceAdmin )

    Compute Instance Admin (v1) ( roles/ compute.instanceAdmin.v1 )

    Compute Storage Admin ( roles/ compute.storageAdmin )

    Dataflow Admin ( roles/ dataflow.admin )

    Dataflow Developer ( roles/ dataflow.developer )

    DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

    DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

    Firebase Admin ( roles/ firebase.admin )

    Firebase Develop Admin ( roles/ firebase.developAdmin )

    Data Scientist ( roles/ iam.dataScientist )

    Databases Admin ( roles/ iam.databasesAdmin )

    Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

    ML Engineer ( roles/ iam.mlEngineer )

    Network Administrator ( roles/ iam.networkAdmin )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

    Support User ( roles/ iam.supportUser )

    Notebooks Legacy Admin ( roles/ notebooks.legacyAdmin )

    Cloud Memorystore Redis Admin ( roles/ redis.admin )

    Secret Manager Admin ( roles/ secretmanager.admin )

    Cloud Spanner Admin ( roles/ spanner.admin )

    Cloud Spanner Database Admin ( roles/ spanner.databaseAdmin )

    Storage Admin ( roles/ storage.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Service agent roles

    Owner ( roles/ owner )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

    DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

    Tag User ( roles/ resourcemanager.tagUser )

    Owner ( roles/ owner )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

    DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

    Tag User ( roles/ resourcemanager.tagUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Cloud KMS Viewer ( roles/ cloudkms.viewer )

    Databases Admin ( roles/ iam.databasesAdmin )

    ML Engineer ( roles/ iam.mlEngineer )

    Security Auditor ( roles/ iam.securityAuditor )

    Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    SLZ BQDW Blueprint Project Level Remediator ( roles/ securedlandingzone.bqdwProjectRemediator )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Cloud KMS Viewer ( roles/ cloudkms.viewer )

    Databases Admin ( roles/ iam.databasesAdmin )

    ML Engineer ( roles/ iam.mlEngineer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

    DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Tag User ( roles/ resourcemanager.tagUser )

    Tag Viewer ( roles/ resourcemanager.tagViewer )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

    DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Tag User ( roles/ resourcemanager.tagUser )

    Tag Viewer ( roles/ resourcemanager.tagViewer )

    Owner ( roles/ owner )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Security Admin ( roles/ iam.securityAdmin )

    SLZ BQDW Blueprint Project Level Remediator ( roles/ securedlandingzone.bqdwProjectRemediator )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Cloud KMS Crypto Operator ( roles/ cloudkms.cryptoOperator )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Cloud KMS CryptoKey Decrypter ( roles/ cloudkms.cryptoKeyDecrypter )

    Cloud KMS CryptoKey Decrypter Via Delegation ( roles/ cloudkms.cryptoKeyDecrypterViaDelegation )

    Cloud KMS CryptoKey Encrypter ( roles/ cloudkms.cryptoKeyEncrypter )

    Cloud KMS CryptoKey Encrypter/Decrypter ( roles/ cloudkms.cryptoKeyEncrypterDecrypter )

    Cloud KMS CryptoKey Encrypter/Decrypter Via Delegation ( roles/ cloudkms.cryptoKeyEncrypterDecrypterViaDelegation )

    Cloud KMS CryptoKey Encrypter Via Delegation ( roles/ cloudkms.cryptoKeyEncrypterViaDelegation )

    Cloud KMS Crypto Operator ( roles/ cloudkms.cryptoOperator )

    Cloud KMS CryptoKey Decapsulator ( roles/ cloudkms.decapsulator )

    Cloud KMS Expert Raw AES-CBC Key Manager ( roles/ cloudkms.expertRawAesCbc )

    Cloud KMS Expert Raw AES-CTR Key Manager ( roles/ cloudkms.expertRawAesCtr )

    Cloud KMS Expert Raw PKCS#1 Key Manager ( roles/ cloudkms.expertRawPKCS1 )

    Cloud KMS Importer ( roles/ cloudkms.importer )

    Cloud KMS CryptoKey Public Key Viewer ( roles/ cloudkms.publicKeyViewer )

    Cloud KMS CryptoKey Signer ( roles/ cloudkms.signer )

    Cloud KMS CryptoKey Signer/Verifier ( roles/ cloudkms.signerVerifier )

    Cloud KMS CryptoKey Verifier ( roles/ cloudkms.verifier )

    Cloud KMS Viewer ( roles/ cloudkms.viewer )

    Kubernetes Engine KMS Crypto Key User ( roles/ container.cloudKmsKeyUser )

    Data Scientist ( roles/ iam.dataScientist )

    Databases Admin ( roles/ iam.databasesAdmin )

    Dev Ops ( roles/ iam.devOps )

    ML Engineer ( roles/ iam.mlEngineer )

    Security Auditor ( roles/ iam.securityAuditor )

    Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Cloud KMS CryptoKey Decrypter ( roles/ cloudkms.cryptoKeyDecrypter )

    Cloud KMS CryptoKey Decrypter Via Delegation ( roles/ cloudkms.cryptoKeyDecrypterViaDelegation )

    Cloud KMS CryptoKey Encrypter ( roles/ cloudkms.cryptoKeyEncrypter )

    Cloud KMS CryptoKey Encrypter/Decrypter ( roles/ cloudkms.cryptoKeyEncrypterDecrypter )

    Cloud KMS CryptoKey Encrypter/Decrypter Via Delegation ( roles/ cloudkms.cryptoKeyEncrypterDecrypterViaDelegation )

    Cloud KMS CryptoKey Encrypter Via Delegation ( roles/ cloudkms.cryptoKeyEncrypterViaDelegation )

    Cloud KMS Crypto Operator ( roles/ cloudkms.cryptoOperator )

    Cloud KMS CryptoKey Decapsulator ( roles/ cloudkms.decapsulator )

    Cloud KMS Expert Raw AES-CBC Key Manager ( roles/ cloudkms.expertRawAesCbc )

    Cloud KMS Expert Raw AES-CTR Key Manager ( roles/ cloudkms.expertRawAesCtr )

    Cloud KMS Expert Raw PKCS#1 Key Manager ( roles/ cloudkms.expertRawPKCS1 )

    Cloud KMS Importer ( roles/ cloudkms.importer )

    Cloud KMS CryptoKey Public Key Viewer ( roles/ cloudkms.publicKeyViewer )

    Cloud KMS CryptoKey Signer ( roles/ cloudkms.signer )

    Cloud KMS CryptoKey Signer/Verifier ( roles/ cloudkms.signerVerifier )

    Cloud KMS CryptoKey Verifier ( roles/ cloudkms.verifier )

    Cloud KMS Viewer ( roles/ cloudkms.viewer )

    Kubernetes Engine KMS Crypto Key User ( roles/ container.cloudKmsKeyUser )

    Data Scientist ( roles/ iam.dataScientist )

    Databases Admin ( roles/ iam.databasesAdmin )

    Dev Ops ( roles/ iam.devOps )

    ML Engineer ( roles/ iam.mlEngineer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    AlloyDB Admin ( roles/ alloydb.admin )

    Artifact Registry Administrator ( roles/ artifactregistry.admin )

    BigQuery Admin ( roles/ bigquery.admin )

    BigQuery Data Editor ( roles/ bigquery.dataEditor )

    BigQuery Data Owner ( roles/ bigquery.dataOwner )

    BigQuery Studio Admin ( roles/ bigquery.studioAdmin )

    BigQuery User ( roles/ bigquery.user )

    Bigtable Administrator ( roles/ bigtable.admin )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Cloud KMS Autokey User ( roles/ cloudkms.autokeyUser )

    Cloud KMS Viewer ( roles/ cloudkms.viewer )

    Cloud SQL Admin ( roles/ cloudsql.admin )

    Composer Administrator ( roles/ composer.admin )

    Environment and Storage Object Administrator ( roles/ composer.environmentAndStorageObjectAdmin )

    Composer Worker ( roles/ composer.worker )

    Compute Admin ( roles/ compute.admin )

    Compute Instance Admin (beta) ( roles/ compute.instanceAdmin )

    Compute Instance Admin (v1) ( roles/ compute.instanceAdmin.v1 )

    Compute Storage Admin ( roles/ compute.storageAdmin )

    Dataflow Admin ( roles/ dataflow.admin )

    Dataflow Developer ( roles/ dataflow.developer )

    DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

    DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

    Firebase Admin ( roles/ firebase.admin )

    Firebase Develop Admin ( roles/ firebase.developAdmin )

    Data Scientist ( roles/ iam.dataScientist )

    Databases Admin ( roles/ iam.databasesAdmin )

    Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

    ML Engineer ( roles/ iam.mlEngineer )

    Network Administrator ( roles/ iam.networkAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

    Support User ( roles/ iam.supportUser )

    Notebooks Legacy Admin ( roles/ notebooks.legacyAdmin )

    Cloud Memorystore Redis Admin ( roles/ redis.admin )

    Secret Manager Admin ( roles/ secretmanager.admin )

    Cloud Spanner Admin ( roles/ spanner.admin )

    Cloud Spanner Database Admin ( roles/ spanner.databaseAdmin )

    Storage Admin ( roles/ storage.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    AlloyDB Admin ( roles/ alloydb.admin )

    Artifact Registry Administrator ( roles/ artifactregistry.admin )

    BigQuery Admin ( roles/ bigquery.admin )

    BigQuery Data Editor ( roles/ bigquery.dataEditor )

    BigQuery Data Owner ( roles/ bigquery.dataOwner )

    BigQuery Studio Admin ( roles/ bigquery.studioAdmin )

    BigQuery User ( roles/ bigquery.user )

    Bigtable Administrator ( roles/ bigtable.admin )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Cloud KMS Autokey Admin ( roles/ cloudkms.autokeyAdmin )

    Cloud KMS Autokey User ( roles/ cloudkms.autokeyUser )

    Cloud SQL Admin ( roles/ cloudsql.admin )

    Composer Administrator ( roles/ composer.admin )

    Environment and Storage Object Administrator ( roles/ composer.environmentAndStorageObjectAdmin )

    Composer Worker ( roles/ composer.worker )

    Compute Admin ( roles/ compute.admin )

    Compute Instance Admin (beta) ( roles/ compute.instanceAdmin )

    Compute Instance Admin (v1) ( roles/ compute.instanceAdmin.v1 )

    Compute Storage Admin ( roles/ compute.storageAdmin )

    Dataflow Admin ( roles/ dataflow.admin )

    Dataflow Developer ( roles/ dataflow.developer )

    DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

    DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

    Firebase Admin ( roles/ firebase.admin )

    Firebase Develop Admin ( roles/ firebase.developAdmin )

    Data Scientist ( roles/ iam.dataScientist )

    Databases Admin ( roles/ iam.databasesAdmin )

    Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

    ML Engineer ( roles/ iam.mlEngineer )

    Network Administrator ( roles/ iam.networkAdmin )

    Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

    Support User ( roles/ iam.supportUser )

    Notebooks Legacy Admin ( roles/ notebooks.legacyAdmin )

    Cloud Memorystore Redis Admin ( roles/ redis.admin )

    Secret Manager Admin ( roles/ secretmanager.admin )

    Cloud Spanner Admin ( roles/ spanner.admin )

    Cloud Spanner Database Admin ( roles/ spanner.databaseAdmin )

    Storage Admin ( roles/ storage.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Key Access Justifications Enrollment Viewer ( roles/ cloudkms.keyAccessJustificationsEnrollmentConfigViewer )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Cloud KMS Admin ( roles/ cloudkms.admin )

    Key Access Justifications Policy Config Admin ( roles/ cloudkms.keyAccessJustificationsPolicyConfigAdmin )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Cloud KMS Protected Resources Viewer ( roles/ cloudkms.protectedResourcesViewer )

    Support User ( roles/ iam.supportUser )
    Design a Mobile Site
    View Site in Mobile | Classic
    Share by: