Console
    Contact Us Start free

    Cloud DNS roles and permissions

    This page lists the IAM roles and permissions for Cloud DNS. To search through all roles and permissions, see the role and permission index .

    Cloud DNS roles

    Role
    Permissions

    ( roles/ dns.admin )

    Provides read-write access to all Cloud DNS resources.

    Lowest-level resources where you can grant this role:

    • Managed zone

    compute.networks.get

    compute.networks.list

    dns.changes.*

    • dns.changes.create
    • dns.changes.get
    • dns.changes.list

    dns.dnsKeys.*

    • dns.dnsKeys.get
    • dns.dnsKeys.list

    dns.gkeClusters.*

    • dns. gkeClusters. bindDNSResponsePolicy
    • dns. gkeClusters. bindPrivateDNSZone

    dns.managedZoneOperations.*

    • dns.managedZoneOperations.get
    • dns.managedZoneOperations.list

    dns.managedZones.create

    dns.managedZones.delete

    dns.managedZones.get

    dns.managedZones.getIamPolicy

    dns.managedZones.list

    dns.managedZones.update

    dns.networks.*

    • dns. networks. bindDNSResponsePolicy
    • dns. networks. bindPrivateDNSPolicy
    • dns. networks. bindPrivateDNSZone
    • dns. networks. targetWithPeeringZone
    • dns.networks.useHealthSignals

    dns.policies.*

    • dns.policies.create
    • dns.policies.delete
    • dns.policies.get
    • dns.policies.list
    • dns.policies.update

    dns.projects.get

    dns.resourceRecordSets.*

    • dns.resourceRecordSets.create
    • dns.resourceRecordSets.delete
    • dns.resourceRecordSets.get
    • dns.resourceRecordSets.list
    • dns.resourceRecordSets.update

    dns.responsePolicies.*

    • dns.responsePolicies.create
    • dns.responsePolicies.delete
    • dns.responsePolicies.get
    • dns.responsePolicies.list
    • dns.responsePolicies.update

    dns.responsePolicyRules.*

    • dns.responsePolicyRules.create
    • dns.responsePolicyRules.delete
    • dns.responsePolicyRules.get
    • dns.responsePolicyRules.list
    • dns.responsePolicyRules.update

    resourcemanager.projects.get

    resourcemanager.projects.list

    ( roles/ dns.peer )

    Access to target networks with DNS peering zones

    dns. networks. targetWithPeeringZone

    ( roles/ dns.reader )

    Provides read-only access to all Cloud DNS resources.

    Lowest-level resources where you can grant this role:

    • Managed zone

    compute.networks.get

    dns.changes.get

    dns.changes.list

    dns.dnsKeys.*

    • dns.dnsKeys.get
    • dns.dnsKeys.list

    dns.managedZoneOperations.*

    • dns.managedZoneOperations.get
    • dns.managedZoneOperations.list

    dns.managedZones.get

    dns.managedZones.list

    dns.policies.get

    dns.policies.list

    dns.projects.get

    dns.resourceRecordSets.get

    dns.resourceRecordSets.list

    dns.responsePolicies.get

    dns.responsePolicies.list

    dns.responsePolicyRules.get

    dns.responsePolicyRules.list

    resourcemanager.projects.get

    resourcemanager.projects.list

    ( roles/ dns.serviceAgent )

    Gives Cloud DNS Service Agent access to Cloud Platform resources.

    compute. globalNetworkEndpointGroups. attachNetworkEndpoints

    compute. globalNetworkEndpointGroups. create

    compute. globalNetworkEndpointGroups. delete

    compute. globalNetworkEndpointGroups. detachNetworkEndpoints

    compute. globalNetworkEndpointGroups. get

    compute.globalOperations.get

    compute.healthChecks.get

    Cloud DNS permissions

    Permission
    Included in roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    DNS Administrator ( roles/ dns.admin )

    Network Administrator ( roles/ iam.networkAdmin )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    DNS Administrator ( roles/ dns.admin )

    DNS Reader ( roles/ dns.reader )

    Network Administrator ( roles/ iam.networkAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    DNS Administrator ( roles/ dns.admin )

    DNS Reader ( roles/ dns.reader )

    Network Administrator ( roles/ iam.networkAdmin )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    DNS Administrator ( roles/ dns.admin )

    DNS Reader ( roles/ dns.reader )

    Network Administrator ( roles/ iam.networkAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    DNS Administrator ( roles/ dns.admin )

    DNS Reader ( roles/ dns.reader )

    Network Administrator ( roles/ iam.networkAdmin )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    DNS Administrator ( roles/ dns.admin )

    Network Administrator ( roles/ iam.networkAdmin )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    DNS Administrator ( roles/ dns.admin )

    Network Administrator ( roles/ iam.networkAdmin )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    DNS Administrator ( roles/ dns.admin )

    DNS Reader ( roles/ dns.reader )

    Network Administrator ( roles/ iam.networkAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    DNS Administrator ( roles/ dns.admin )

    DNS Reader ( roles/ dns.reader )

    Network Administrator ( roles/ iam.networkAdmin )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    DNS Administrator ( roles/ dns.admin )

    Network Administrator ( roles/ iam.networkAdmin )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    DNS Administrator ( roles/ dns.admin )

    Network Administrator ( roles/ iam.networkAdmin )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Composer Shared VPC Agent ( roles/ composer.sharedVpcAgent )

    DNS Administrator ( roles/ dns.admin )

    DNS Reader ( roles/ dns.reader )

    Network Administrator ( roles/ iam.networkAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    DNS Administrator ( roles/ dns.admin )

    Network Administrator ( roles/ iam.networkAdmin )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Composer Shared VPC Agent ( roles/ composer.sharedVpcAgent )

    DNS Administrator ( roles/ dns.admin )

    DNS Reader ( roles/ dns.reader )

    Network Administrator ( roles/ iam.networkAdmin )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Workload Manager Admin ( roles/ workloadmanager.admin )

    Workload Manager Deployment Admin ( roles/ workloadmanager.deploymentAdmin )

    Service agent roles

    Owner ( roles/ owner )

    Security Admin ( roles/ iam.securityAdmin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    DNS Administrator ( roles/ dns.admin )

    Network Administrator ( roles/ iam.networkAdmin )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Kubernetes Engine Host Service Agent User ( roles/ container.hostServiceAgentUser )

    DNS Administrator ( roles/ dns.admin )

    Network Administrator ( roles/ iam.networkAdmin )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Kubernetes Engine Host Service Agent User ( roles/ container.hostServiceAgentUser )

    DNS Administrator ( roles/ dns.admin )

    Network Administrator ( roles/ iam.networkAdmin )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Kubernetes Engine Host Service Agent User ( roles/ container.hostServiceAgentUser )

    DNS Administrator ( roles/ dns.admin )

    Network Administrator ( roles/ iam.networkAdmin )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Composer Shared VPC Agent ( roles/ composer.sharedVpcAgent )

    DNS Administrator ( roles/ dns.admin )

    DNS Peer ( roles/ dns.peer )

    Network Administrator ( roles/ iam.networkAdmin )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    DNS Administrator ( roles/ dns.admin )

    Network Administrator ( roles/ iam.networkAdmin )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    DNS Administrator ( roles/ dns.admin )

    Network Administrator ( roles/ iam.networkAdmin )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    DNS Administrator ( roles/ dns.admin )

    Network Administrator ( roles/ iam.networkAdmin )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    DNS Administrator ( roles/ dns.admin )

    DNS Reader ( roles/ dns.reader )

    Network Administrator ( roles/ iam.networkAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    DNS Administrator ( roles/ dns.admin )

    DNS Reader ( roles/ dns.reader )

    Network Administrator ( roles/ iam.networkAdmin )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    DNS Administrator ( roles/ dns.admin )

    Network Administrator ( roles/ iam.networkAdmin )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    DNS Administrator ( roles/ dns.admin )

    DNS Reader ( roles/ dns.reader )

    Network Administrator ( roles/ iam.networkAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    DNS Administrator ( roles/ dns.admin )

    Network Administrator ( roles/ iam.networkAdmin )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    DNS Administrator ( roles/ dns.admin )

    Network Administrator ( roles/ iam.networkAdmin )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    DNS Administrator ( roles/ dns.admin )

    DNS Reader ( roles/ dns.reader )

    Network Administrator ( roles/ iam.networkAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    DNS Administrator ( roles/ dns.admin )

    DNS Reader ( roles/ dns.reader )

    Network Administrator ( roles/ iam.networkAdmin )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    DNS Administrator ( roles/ dns.admin )

    Network Administrator ( roles/ iam.networkAdmin )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Kubernetes Engine Host Service Agent User ( roles/ container.hostServiceAgentUser )

    DNS Administrator ( roles/ dns.admin )

    Network Administrator ( roles/ iam.networkAdmin )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Kubernetes Engine Host Service Agent User ( roles/ container.hostServiceAgentUser )

    DNS Administrator ( roles/ dns.admin )

    Network Administrator ( roles/ iam.networkAdmin )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Kubernetes Engine Host Service Agent User ( roles/ container.hostServiceAgentUser )

    DNS Administrator ( roles/ dns.admin )

    DNS Reader ( roles/ dns.reader )

    Network Administrator ( roles/ iam.networkAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Kubernetes Engine Host Service Agent User ( roles/ container.hostServiceAgentUser )

    DNS Administrator ( roles/ dns.admin )

    DNS Reader ( roles/ dns.reader )

    Network Administrator ( roles/ iam.networkAdmin )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Kubernetes Engine Host Service Agent User ( roles/ container.hostServiceAgentUser )

    DNS Administrator ( roles/ dns.admin )

    Network Administrator ( roles/ iam.networkAdmin )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Kubernetes Engine Host Service Agent User ( roles/ container.hostServiceAgentUser )

    DNS Administrator ( roles/ dns.admin )

    Network Administrator ( roles/ iam.networkAdmin )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Kubernetes Engine Host Service Agent User ( roles/ container.hostServiceAgentUser )

    DNS Administrator ( roles/ dns.admin )

    Network Administrator ( roles/ iam.networkAdmin )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Kubernetes Engine Host Service Agent User ( roles/ container.hostServiceAgentUser )

    DNS Administrator ( roles/ dns.admin )

    DNS Reader ( roles/ dns.reader )

    Network Administrator ( roles/ iam.networkAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Kubernetes Engine Host Service Agent User ( roles/ container.hostServiceAgentUser )

    DNS Administrator ( roles/ dns.admin )

    DNS Reader ( roles/ dns.reader )

    Network Administrator ( roles/ iam.networkAdmin )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Kubernetes Engine Host Service Agent User ( roles/ container.hostServiceAgentUser )

    DNS Administrator ( roles/ dns.admin )

    Network Administrator ( roles/ iam.networkAdmin )

    Service agent roles

    Design a Mobile Site
    View Site in Mobile | Classic
    Share by: