Cloud Logging roles and permissions

This page lists the IAM roles and permissions for Cloud Logging. To search through all roles and permissions, see the role and permission index .

Cloud Logging roles

Role

Permissions

Logging Admin

( roles/ logging.admin )

Provides all permissions necessary to use all features of Cloud Logging.

Lowest-level resources where you can grant this role:

Project

logging.buckets.copyLogEntries

logging.buckets.create

logging. buckets. createTagBinding

logging.buckets.delete

logging. buckets. deleteTagBinding

logging.buckets.get

logging.buckets.list

logging. buckets. listEffectiveTags

logging. buckets. listTagBindings

logging.buckets.undelete

logging.buckets.update

logging.exclusions.*

logging.exclusions.create
logging.exclusions.delete
logging.exclusions.get
logging.exclusions.list
logging.exclusions.update

logging.fields.access

logging.links.*

logging.links.create
logging.links.delete
logging.links.get
logging.links.list

logging.locations.*

logging.locations.get
logging.locations.list

logging.logEntries.*

logging.logEntries.create
logging.logEntries.download
logging.logEntries.list
logging.logEntries.route

logging.logMetrics.*

logging.logMetrics.create
logging.logMetrics.delete
logging.logMetrics.get
logging.logMetrics.list
logging.logMetrics.update

logging.logScopes.*

logging.logScopes.create
logging.logScopes.delete
logging.logScopes.get
logging.logScopes.list
logging.logScopes.update

logging.logServiceIndexes.list

logging.logServices.list

logging.logs.*

logging.logs.delete
logging.logs.list

logging.notificationRules.*

logging. notificationRules. create
logging. notificationRules. delete
logging.notificationRules.get
logging.notificationRules.list
logging. notificationRules. update

logging.operations.*

logging.operations.cancel
logging.operations.get
logging.operations.list

logging.privateLogEntries.list

logging.queries.*

logging.queries.deleteShared
logging.queries.getShared
logging.queries.listShared
logging.queries.share
logging.queries.updateShared
logging.queries.usePrivate

logging.settings.*

logging.settings.get
logging.settings.update

logging.sinks.*

logging.sinks.create
logging.sinks.delete
logging.sinks.get
logging.sinks.list
logging.sinks.update

logging.sqlAlerts.*

logging.sqlAlerts.create
logging.sqlAlerts.update

logging.usage.get

logging.views.*

logging.views.access
logging.views.create
logging.views.delete
logging.views.get
logging.views.getIamPolicy
logging.views.list
logging.views.listLogs
logging.views.listResourceKeys
logging. views. listResourceValues
logging.views.setIamPolicy
logging.views.update

observability.scopes.get

resourcemanager.projects.get

resourcemanager.projects.list

Logs Bucket Writer

( roles/ logging.bucketWriter )

Ability to write logs to a log bucket.

Lowest-level resources where you can grant this role:

Project

logging.buckets.write

Logs Configuration Writer

( roles/ logging.configWriter )

Provides permissions to read and write the configurations of logs-based metrics and sinks for exporting logs.

Lowest-level resources where you can grant this role:

Project

logging.buckets.create

logging. buckets. createTagBinding

logging.buckets.delete

logging. buckets. deleteTagBinding

logging.buckets.get

logging.buckets.list

logging. buckets. listEffectiveTags

logging. buckets. listTagBindings

logging.buckets.undelete

logging.buckets.update

logging.exclusions.*

logging.exclusions.create
logging.exclusions.delete
logging.exclusions.get
logging.exclusions.list
logging.exclusions.update

logging.links.*

logging.links.create
logging.links.delete
logging.links.get
logging.links.list

logging.locations.*

logging.locations.get
logging.locations.list

logging.logMetrics.*

logging.logMetrics.create
logging.logMetrics.delete
logging.logMetrics.get
logging.logMetrics.list
logging.logMetrics.update

logging.logScopes.*

logging.logScopes.create
logging.logScopes.delete
logging.logScopes.get
logging.logScopes.list
logging.logScopes.update

logging.logServiceIndexes.list

logging.logServices.list

logging.logs.list

logging.notificationRules.*

logging. notificationRules. create
logging. notificationRules. delete
logging.notificationRules.get
logging.notificationRules.list
logging. notificationRules. update

logging.operations.*

logging.operations.cancel
logging.operations.get
logging.operations.list

logging.settings.*

logging.settings.get
logging.settings.update

logging.sinks.*

logging.sinks.create
logging.sinks.delete
logging.sinks.get
logging.sinks.list
logging.sinks.update

logging.sqlAlerts.*

logging.sqlAlerts.create
logging.sqlAlerts.update

logging.views.create

logging.views.delete

logging.views.get

logging.views.getIamPolicy

logging.views.list

logging.views.update

observability.scopes.get

resourcemanager.projects.get

resourcemanager.projects.list

Log Field Accessor

( roles/ logging.fieldAccessor )

Ability to read restricted fields in a log bucket.

Lowest-level resources where you can grant this role:

Project

logging.fields.access

Log Link Accessor

( roles/ logging.linkViewer )

Ability to see links for a bucket.

logging.links.get

logging.links.list

Logs Writer

( roles/ logging.logWriter )

Provides the permissions to write log entries.

Lowest-level resources where you can grant this role:

Project

logging.logEntries.create

logging.logEntries.route

Private Logs Viewer

( roles/ logging.privateLogViewer )

Provides permissions of the Logs Viewer role and in addition, provides read-only access to log entries in private logs.

Lowest-level resources where you can grant this role:

Project

logging.buckets.get

logging.buckets.list

logging.exclusions.get

logging.exclusions.list

logging.links.get

logging.links.list

logging.locations.*

logging.locations.get
logging.locations.list

logging.logEntries.list

logging.logMetrics.get

logging.logMetrics.list

logging.logServiceIndexes.list

logging.logServices.list

logging.logs.list

logging.operations.get

logging.operations.list

logging.privateLogEntries.list

logging.queries.getShared

logging.queries.listShared

logging.queries.usePrivate

logging.sinks.get

logging.sinks.list

logging.usage.get

logging.views.access

logging.views.get

logging.views.list

observability.scopes.get

resourcemanager.projects.get

Cloud Logging Service Agent

( roles/ logging.serviceAgent )

Grants a Cloud Logging Service Account the ability to create and link datasets.

bigquery.datasets.create

bigquery.datasets.get

bigquery.datasets.link

SQL Alert Writer ^Beta

( roles/ logging.sqlAlertWriter )

Ability to write SQL Alerts.

logging.sqlAlerts.*

logging.sqlAlerts.create
logging.sqlAlerts.update

Logs View Accessor

( roles/ logging.viewAccessor )

Ability to read logs in a view.

Lowest-level resources where you can grant this role:

Project

logging.logEntries.download

logging.views.access

logging.views.listLogs

logging.views.listResourceKeys

logging. views. listResourceValues

Logs Viewer

( roles/ logging.viewer )

Provides access to view logs.

Lowest-level resources where you can grant this role:

Project

logging.buckets.get

logging.buckets.list

logging.exclusions.get

logging.exclusions.list

logging.links.get

logging.links.list

logging.locations.*

logging.locations.get
logging.locations.list

logging.logEntries.list

logging.logMetrics.get

logging.logMetrics.list

logging.logScopes.get

logging.logScopes.list

logging.logServiceIndexes.list

logging.logServices.list

logging.logs.list

logging.operations.get

logging.operations.list

logging.queries.getShared

logging.queries.listShared

logging.queries.usePrivate

logging.sinks.get

logging.sinks.list

logging.usage.get

logging.views.get

logging.views.list

observability.scopes.get

resourcemanager.projects.get

Cloud Logging permissions

Permission

Included in roles

`logging.buckets.copyLogEntries`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Support User ( roles/ iam.supportUser )

Logging Admin ( roles/ logging.admin )

`logging.buckets.create`

Owner ( roles/ owner )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Service agent roles

Cloud Build Service Agent ( roles/ cloudbuild.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )
Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
GKE Hub Service Agent ( roles/ gkehub.serviceAgent )
Apigee Service Agent ( roles/ apigee.serviceAgent )

`logging. buckets. createTagBinding`

Owner ( roles/ owner )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Tag User ( roles/ resourcemanager.tagUser )

Service agent roles

Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )

`logging.buckets.delete`

Owner ( roles/ owner )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Service agent roles

Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )

`logging. buckets. deleteTagBinding`

Owner ( roles/ owner )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Tag User ( roles/ resourcemanager.tagUser )

Service agent roles

Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )

`logging.buckets.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Cloud Hub Operator ( roles/ cloudhub.operator )

Dataproc Hub Agent ( roles/ dataproc.hubAgent )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

ML Engineer ( roles/ iam.mlEngineer )

Network Administrator ( roles/ iam.networkAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

Support User ( roles/ iam.supportUser )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Private Logs Viewer ( roles/ logging.privateLogViewer )

Logs Viewer ( roles/ logging.viewer )

Telco Automation Admin ( roles/ telcoautomation.admin )

Telco Automation Tier 1 Operations Admin ( roles/ telcoautomation.opsAdminTier1 )

Telco Automation Tier 4 Operations Admin ( roles/ telcoautomation.opsAdminTier4 )

Service agent roles

Cloud Build Service Agent ( roles/ cloudbuild.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )
Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
GKE Hub Service Agent ( roles/ gkehub.serviceAgent )
Apigee Service Agent ( roles/ apigee.serviceAgent )

`logging.buckets.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Cloud Hub Operator ( roles/ cloudhub.operator )

Dataproc Hub Agent ( roles/ dataproc.hubAgent )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

ML Engineer ( roles/ iam.mlEngineer )

Network Administrator ( roles/ iam.networkAdmin )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

Support User ( roles/ iam.supportUser )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Private Logs Viewer ( roles/ logging.privateLogViewer )

Logs Viewer ( roles/ logging.viewer )

Telco Automation Admin ( roles/ telcoautomation.admin )

Telco Automation Tier 1 Operations Admin ( roles/ telcoautomation.opsAdminTier1 )

Telco Automation Tier 4 Operations Admin ( roles/ telcoautomation.opsAdminTier4 )

Service agent roles

Audit Manager Auditing Service Agent ( roles/ auditmanager.serviceAgent )
Cloud Build Service Agent ( roles/ cloudbuild.serviceAgent )
Cloud Security Compliance Service Agent ( roles/ cloudsecuritycompliance.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )
Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
GKE Hub Service Agent ( roles/ gkehub.serviceAgent )
Apigee Service Agent ( roles/ apigee.serviceAgent )

`logging. buckets. listEffectiveTags`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Tag User ( roles/ resourcemanager.tagUser )

Tag Viewer ( roles/ resourcemanager.tagViewer )

Service agent roles

Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )

`logging. buckets. listTagBindings`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Tag User ( roles/ resourcemanager.tagUser )

Tag Viewer ( roles/ resourcemanager.tagViewer )

Service agent roles

Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )

`logging.buckets.undelete`

Owner ( roles/ owner )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Service agent roles

Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )

`logging.buckets.update`

Owner ( roles/ owner )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Service agent roles

Cloud Composer API Service Agent ( roles/ composer.serviceAgent )
Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
GKE Hub Service Agent ( roles/ gkehub.serviceAgent )
Cloud Deployment Manager Service Agent ( roles/ clouddeploymentmanager.serviceAgent )

`logging.buckets.write`

Logs Bucket Writer ( roles/ logging.bucketWriter )

Service agent roles

Cloud Build Logging Service Agent ( roles/ cloudbuild.loggingServiceAgent )

`logging.exclusions.create`

Owner ( roles/ owner )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Service agent roles

Cloud Composer API Service Agent ( roles/ composer.serviceAgent )
Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
GKE Hub Service Agent ( roles/ gkehub.serviceAgent )
Cloud Deployment Manager Service Agent ( roles/ clouddeploymentmanager.serviceAgent )

`logging.exclusions.delete`

Owner ( roles/ owner )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Service agent roles

Cloud Composer API Service Agent ( roles/ composer.serviceAgent )
Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
GKE Hub Service Agent ( roles/ gkehub.serviceAgent )
Cloud Deployment Manager Service Agent ( roles/ clouddeploymentmanager.serviceAgent )

`logging.exclusions.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

VPC Service Controls Troubleshooter Viewer ( roles/ accesscontextmanager.vpcScTroubleshooterViewer )

Cloud Hub Operator ( roles/ cloudhub.operator )

Dataproc Hub Agent ( roles/ dataproc.hubAgent )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

ML Engineer ( roles/ iam.mlEngineer )

Network Administrator ( roles/ iam.networkAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

Support User ( roles/ iam.supportUser )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Private Logs Viewer ( roles/ logging.privateLogViewer )

Logs Viewer ( roles/ logging.viewer )

Telco Automation Admin ( roles/ telcoautomation.admin )

Telco Automation Tier 1 Operations Admin ( roles/ telcoautomation.opsAdminTier1 )

Telco Automation Tier 4 Operations Admin ( roles/ telcoautomation.opsAdminTier4 )

Service agent roles

Cloud Composer API Service Agent ( roles/ composer.serviceAgent )
Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
GKE Hub Service Agent ( roles/ gkehub.serviceAgent )
Cloud Deployment Manager Service Agent ( roles/ clouddeploymentmanager.serviceAgent )

`logging.exclusions.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

VPC Service Controls Troubleshooter Viewer ( roles/ accesscontextmanager.vpcScTroubleshooterViewer )

Cloud Hub Operator ( roles/ cloudhub.operator )

Dataproc Hub Agent ( roles/ dataproc.hubAgent )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

ML Engineer ( roles/ iam.mlEngineer )

Network Administrator ( roles/ iam.networkAdmin )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

Support User ( roles/ iam.supportUser )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Private Logs Viewer ( roles/ logging.privateLogViewer )

Logs Viewer ( roles/ logging.viewer )

Telco Automation Admin ( roles/ telcoautomation.admin )

Telco Automation Tier 1 Operations Admin ( roles/ telcoautomation.opsAdminTier1 )

Telco Automation Tier 4 Operations Admin ( roles/ telcoautomation.opsAdminTier4 )

Service agent roles

Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
GKE Hub Service Agent ( roles/ gkehub.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )

`logging.exclusions.update`

Owner ( roles/ owner )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Service agent roles

Cloud Composer API Service Agent ( roles/ composer.serviceAgent )
Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
GKE Hub Service Agent ( roles/ gkehub.serviceAgent )
Cloud Deployment Manager Service Agent ( roles/ clouddeploymentmanager.serviceAgent )

`logging.fields.access`

Owner ( roles/ owner )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Logging Admin ( roles/ logging.admin )

Log Field Accessor ( roles/ logging.fieldAccessor )

`logging.links.create`

Owner ( roles/ owner )

Editor ( roles/ editor )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Service agent roles

Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )

`logging.links.delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Service agent roles

Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )

`logging.links.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Cloud Hub Operator ( roles/ cloudhub.operator )

Dataproc Hub Agent ( roles/ dataproc.hubAgent )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

ML Engineer ( roles/ iam.mlEngineer )

Network Administrator ( roles/ iam.networkAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

Support User ( roles/ iam.supportUser )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Log Link Accessor ( roles/ logging.linkViewer )

Private Logs Viewer ( roles/ logging.privateLogViewer )

Logs Viewer ( roles/ logging.viewer )

Telco Automation Admin ( roles/ telcoautomation.admin )

Telco Automation Tier 1 Operations Admin ( roles/ telcoautomation.opsAdminTier1 )

Telco Automation Tier 4 Operations Admin ( roles/ telcoautomation.opsAdminTier4 )

Service agent roles

Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )

`logging.links.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Cloud Hub Operator ( roles/ cloudhub.operator )

Dataproc Hub Agent ( roles/ dataproc.hubAgent )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

ML Engineer ( roles/ iam.mlEngineer )

Network Administrator ( roles/ iam.networkAdmin )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

Support User ( roles/ iam.supportUser )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Log Link Accessor ( roles/ logging.linkViewer )

Private Logs Viewer ( roles/ logging.privateLogViewer )

Logs Viewer ( roles/ logging.viewer )

Telco Automation Admin ( roles/ telcoautomation.admin )

Telco Automation Tier 1 Operations Admin ( roles/ telcoautomation.opsAdminTier1 )

Telco Automation Tier 4 Operations Admin ( roles/ telcoautomation.opsAdminTier4 )

Service agent roles

Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Monitoring Service Agent ( roles/ monitoring.notificationServiceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )

`logging.locations.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Cloud Hub Operator ( roles/ cloudhub.operator )

Dataproc Hub Agent ( roles/ dataproc.hubAgent )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

ML Engineer ( roles/ iam.mlEngineer )

Network Administrator ( roles/ iam.networkAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

Support User ( roles/ iam.supportUser )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Private Logs Viewer ( roles/ logging.privateLogViewer )

Logs Viewer ( roles/ logging.viewer )

Telco Automation Admin ( roles/ telcoautomation.admin )

Telco Automation Tier 1 Operations Admin ( roles/ telcoautomation.opsAdminTier1 )

Telco Automation Tier 4 Operations Admin ( roles/ telcoautomation.opsAdminTier4 )

Service agent roles

Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )

`logging.locations.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Cloud Hub Operator ( roles/ cloudhub.operator )

Dataproc Hub Agent ( roles/ dataproc.hubAgent )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

ML Engineer ( roles/ iam.mlEngineer )

Network Administrator ( roles/ iam.networkAdmin )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

Support User ( roles/ iam.supportUser )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Private Logs Viewer ( roles/ logging.privateLogViewer )

Logs Viewer ( roles/ logging.viewer )

Telco Automation Admin ( roles/ telcoautomation.admin )

Telco Automation Tier 1 Operations Admin ( roles/ telcoautomation.opsAdminTier1 )

Telco Automation Tier 4 Operations Admin ( roles/ telcoautomation.opsAdminTier4 )

Service agent roles

Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )

`logging.logEntries.create`

Owner ( roles/ owner )

Editor ( roles/ editor )

Cloud Build Service Account ( roles/ cloudbuild.builds.builder )

Cloud Deploy Runner ( roles/ clouddeploy.jobRunner )

Composer Worker ( roles/ composer.worker )

Confidential Space Workload User ( roles/ confidentialcomputing.workloadUser )

Cloud Infrastructure Manager Agent ( roles/ config.agent )

Kubernetes Engine Default Node Service Account ( roles/ container.defaultNodeServiceAccount )

Dataflow Worker ( roles/ dataflow.worker )

Dataproc Hub Agent ( roles/ dataproc.hubAgent )

Dataproc Worker ( roles/ dataproc.worker )

Developer Connect Insights Config Agent ( roles/ developerconnect.insightsAgent )

Firebase App Hosting Compute Runner ( roles/ firebaseapphosting.computeRunner )

Anthos Multi-cloud Telemetry Writer ( roles/ gkemulticloud.telemetryWriter )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Logging Admin ( roles/ logging.admin )

Logs Writer ( roles/ logging.logWriter )

Cloud Run Builder ( roles/ run.builder )

Storage Transfer Agent ( roles/ storagetransfer.transferAgent )

Service agent roles

Vertex AI Extension Custom Code Service Agent ( roles/ aiplatform.extensionCustomCodeServiceAgent )
Vertex AI Extension Service Agent ( roles/ aiplatform.extensionServiceAgent )
Vertex AI Notebook Service Agent ( roles/ aiplatform.notebookServiceAgent )
Vertex AI RAG Data Service Agent ( roles/ aiplatform.ragServiceAgent )
Vertex AI Reasoning Engine Service Agent ( roles/ aiplatform.reasoningEngineServiceAgent )
Vertex AI Service Agent ( roles/ aiplatform.serviceAgent )
Vertex AI Telemetry Service Agent ( roles/ aiplatform.telemetryServiceAgent )
Anthos Service Mesh Service Agent ( roles/ anthosservicemesh.serviceAgent )
App Engine flexible environment Service Agent ( roles/ appengineflex.serviceAgent )
Recommendations AI Service Agent ( roles/ automlrecommendations.serviceAgent )
BigQuery Connection Service Agent ( roles/ bigqueryconnection.serviceAgent )
BigQuery Data Transfer Service Agent ( roles/ bigquerydatatransfer.serviceAgent )
Customer Engagement Suite Service Agent ( roles/ ces.serviceAgent )
Gemini for Google Cloud Service Agent ( roles/ cloudaicompanion.serviceAgent )
Cloud Build Service Agent ( roles/ cloudbuild.serviceAgent )
Infrastructure Manager Service Agent ( roles/ cloudconfig.serviceAgent )
Cloud Deploy Service Agent ( roles/ clouddeploy.serviceAgent )
Cloud Deployment Manager Service Agent ( roles/ clouddeploymentmanager.serviceAgent )
Cloud IoT Core Service Agent ( roles/ cloudiot.serviceAgent )
Cloud Scheduler Service Agent ( roles/ cloudscheduler.serviceAgent )
Cloud Tasks Service Agent ( roles/ cloudtasks.serviceAgent )
Cloud TPU V2 API Service Agent ( roles/ cloudtpu.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )
Compute Engine Service Agent ( roles/ compute.serviceAgent )
Kubernetes Engine Default Node Service Agent ( roles/ container.defaultNodeServiceAgent )
[Deprecated] Kubernetes Engine Node Service Agent ( roles/ container.nodeServiceAgent )
Kubernetes Engine Service Agent ( roles/ container.serviceAgent )
Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cloud Data Fusion API Service Agent ( roles/ datafusion.serviceAgent )
Cloud Dataplex Service Agent ( roles/ dataplex.serviceAgent )
Dataproc Resource Manager Node Service Agent ( roles/ dataprocrm.nodeServiceAgent )
Dialogflow Service Agent ( roles/ dialogflow.serviceAgent )
Discovery Engine Service Agent ( roles/ discoveryengine.serviceAgent )
Edge Container Cluster Service Agent ( roles/ edgecontainer.clusterServiceAgent )
Firebase Machine Learning Service Agent ( roles/ firebaseml.serviceAgent )
Anthos Multi-Cloud Container Service Agent ( roles/ gkemulticloud.containerServiceAgent )
Mesh Managed Control Plane Service Agent ( roles/ meshcontrolplane.serviceAgent )
Mesh Data Plane Service Agent ( roles/ meshdataplane.serviceAgent )
AI Platform Service Agent ( roles/ ml.serviceAgent )
RMA Service Agent ( roles/ rapidmigrationassessment.serviceAgent )
Retail Service Agent ( roles/ retail.serviceAgent )
Cloud Spanner API Service Agent ( roles/ spanner.serviceAgent )
Cloud Vision AI Service Agent ( roles/ visionai.serviceAgent )
Serverless VPC Access Service Agent ( roles/ vpcaccess.serviceAgent )
Vertex AI Custom Code Service Agent ( roles/ aiplatform.customCodeServiceAgent )

`logging.logEntries.download`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Support User ( roles/ iam.supportUser )

Logging Admin ( roles/ logging.admin )

Logs View Accessor ( roles/ logging.viewAccessor )

`logging.logEntries.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

VPC Service Controls Troubleshooter Viewer ( roles/ accesscontextmanager.vpcScTroubleshooterViewer )

Billing Account Administrator ( roles/ billing.admin )

Cloud Build Service Account ( roles/ cloudbuild.builds.builder )

Cloud Hub Operator ( roles/ cloudhub.operator )

Composer Worker ( roles/ composer.worker )

Dataproc Hub Agent ( roles/ dataproc.hubAgent )

Firebase Admin ( roles/ firebase.admin )

Firebase Develop Admin ( roles/ firebase.developAdmin )

Firebase Develop Viewer ( roles/ firebase.developViewer )

Firebase Viewer ( roles/ firebase.viewer )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

ML Engineer ( roles/ iam.mlEngineer )

Network Administrator ( roles/ iam.networkAdmin )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

Support User ( roles/ iam.supportUser )

Logging Admin ( roles/ logging.admin )

Private Logs Viewer ( roles/ logging.privateLogViewer )

Logs Viewer ( roles/ logging.viewer )

Telco Automation Admin ( roles/ telcoautomation.admin )

Telco Automation Tier 1 Operations Admin ( roles/ telcoautomation.opsAdminTier1 )

Telco Automation Tier 4 Operations Admin ( roles/ telcoautomation.opsAdminTier4 )

Service agent roles

Cloud Build Service Agent ( roles/ cloudbuild.serviceAgent )
Secured Landing Zone Service Agent ( roles/ securedlandingzone.serviceAgent )
Security Center Control Service Agent ( roles/ securitycenter.controlServiceAgent )
Security Center Service Agent ( roles/ securitycenter.serviceAgent )
Vertex AI Telemetry Service Agent ( roles/ aiplatform.telemetryServiceAgent )

`logging.logEntries.route`

Owner ( roles/ owner )

Editor ( roles/ editor )

Composer Worker ( roles/ composer.worker )

Dataflow Worker ( roles/ dataflow.worker )

Dataproc Hub Agent ( roles/ dataproc.hubAgent )

Dataproc Worker ( roles/ dataproc.worker )

Firebase App Hosting Compute Runner ( roles/ firebaseapphosting.computeRunner )

Anthos Multi-cloud Telemetry Writer ( roles/ gkemulticloud.telemetryWriter )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Logging Admin ( roles/ logging.admin )

Logs Writer ( roles/ logging.logWriter )

Service agent roles

Vertex AI Extension Custom Code Service Agent ( roles/ aiplatform.extensionCustomCodeServiceAgent )
Vertex AI Extension Service Agent ( roles/ aiplatform.extensionServiceAgent )
Vertex AI Notebook Service Agent ( roles/ aiplatform.notebookServiceAgent )
Vertex AI RAG Data Service Agent ( roles/ aiplatform.ragServiceAgent )
Vertex AI Reasoning Engine Service Agent ( roles/ aiplatform.reasoningEngineServiceAgent )
Vertex AI Service Agent ( roles/ aiplatform.serviceAgent )
Vertex AI Telemetry Service Agent ( roles/ aiplatform.telemetryServiceAgent )
Recommendations AI Service Agent ( roles/ automlrecommendations.serviceAgent )
BigQuery Connection Service Agent ( roles/ bigqueryconnection.serviceAgent )
BigQuery Data Transfer Service Agent ( roles/ bigquerydatatransfer.serviceAgent )
Customer Engagement Suite Service Agent ( roles/ ces.serviceAgent )
Gemini for Google Cloud Service Agent ( roles/ cloudaicompanion.serviceAgent )
Infrastructure Manager Service Agent ( roles/ cloudconfig.serviceAgent )
Cloud IoT Core Service Agent ( roles/ cloudiot.serviceAgent )
Cloud Scheduler Service Agent ( roles/ cloudscheduler.serviceAgent )
Cloud TPU V2 API Service Agent ( roles/ cloudtpu.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )
Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cloud Dataplex Service Agent ( roles/ dataplex.serviceAgent )
Dataproc Resource Manager Node Service Agent ( roles/ dataprocrm.nodeServiceAgent )
Dialogflow Service Agent ( roles/ dialogflow.serviceAgent )
Firebase Machine Learning Service Agent ( roles/ firebaseml.serviceAgent )
Anthos Multi-Cloud Container Service Agent ( roles/ gkemulticloud.containerServiceAgent )
Mesh Managed Control Plane Service Agent ( roles/ meshcontrolplane.serviceAgent )
Mesh Data Plane Service Agent ( roles/ meshdataplane.serviceAgent )
AI Platform Service Agent ( roles/ ml.serviceAgent )
Retail Service Agent ( roles/ retail.serviceAgent )
Vertex AI Custom Code Service Agent ( roles/ aiplatform.customCodeServiceAgent )

`logging.logMetrics.create`

Owner ( roles/ owner )

Editor ( roles/ editor )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Service agent roles

Cloud Deployment Manager Service Agent ( roles/ clouddeploymentmanager.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )
Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Serverless VPC Access Service Agent ( roles/ vpcaccess.serviceAgent )
App Engine flexible environment Service Agent ( roles/ appengineflex.serviceAgent )

`logging.logMetrics.delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Service agent roles

Cloud Deployment Manager Service Agent ( roles/ clouddeploymentmanager.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )
Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Serverless VPC Access Service Agent ( roles/ vpcaccess.serviceAgent )
App Engine flexible environment Service Agent ( roles/ appengineflex.serviceAgent )

`logging.logMetrics.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

VPC Service Controls Troubleshooter Viewer ( roles/ accesscontextmanager.vpcScTroubleshooterViewer )

Cloud Hub Operator ( roles/ cloudhub.operator )

Dataproc Hub Agent ( roles/ dataproc.hubAgent )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

ML Engineer ( roles/ iam.mlEngineer )

Network Administrator ( roles/ iam.networkAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

Support User ( roles/ iam.supportUser )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Private Logs Viewer ( roles/ logging.privateLogViewer )

Logs Viewer ( roles/ logging.viewer )

Telco Automation Admin ( roles/ telcoautomation.admin )

Telco Automation Tier 1 Operations Admin ( roles/ telcoautomation.opsAdminTier1 )

Telco Automation Tier 4 Operations Admin ( roles/ telcoautomation.opsAdminTier4 )

Service agent roles

Cloud Deployment Manager Service Agent ( roles/ clouddeploymentmanager.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )
Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Serverless VPC Access Service Agent ( roles/ vpcaccess.serviceAgent )
App Engine flexible environment Service Agent ( roles/ appengineflex.serviceAgent )

`logging.logMetrics.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

VPC Service Controls Troubleshooter Viewer ( roles/ accesscontextmanager.vpcScTroubleshooterViewer )

Cloud Hub Operator ( roles/ cloudhub.operator )

Dataproc Hub Agent ( roles/ dataproc.hubAgent )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

ML Engineer ( roles/ iam.mlEngineer )

Network Administrator ( roles/ iam.networkAdmin )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

Support User ( roles/ iam.supportUser )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Private Logs Viewer ( roles/ logging.privateLogViewer )

Logs Viewer ( roles/ logging.viewer )

Telco Automation Admin ( roles/ telcoautomation.admin )

Telco Automation Tier 1 Operations Admin ( roles/ telcoautomation.opsAdminTier1 )

Telco Automation Tier 4 Operations Admin ( roles/ telcoautomation.opsAdminTier4 )

Service agent roles

Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )

`logging.logMetrics.update`

Owner ( roles/ owner )

Editor ( roles/ editor )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Service agent roles

Cloud Deployment Manager Service Agent ( roles/ clouddeploymentmanager.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )
Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Serverless VPC Access Service Agent ( roles/ vpcaccess.serviceAgent )
App Engine flexible environment Service Agent ( roles/ appengineflex.serviceAgent )

`logging.logScopes.create`

Owner ( roles/ owner )

Editor ( roles/ editor )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Observability Scopes Editor ( roles/ observability.scopesEditor )

Service agent roles

Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )

`logging.logScopes.delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Observability Scopes Editor ( roles/ observability.scopesEditor )

Service agent roles

Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )

`logging.logScopes.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Cloud Hub Operator ( roles/ cloudhub.operator )

Dataproc Hub Agent ( roles/ dataproc.hubAgent )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

ML Engineer ( roles/ iam.mlEngineer )

Network Administrator ( roles/ iam.networkAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

Support User ( roles/ iam.supportUser )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Logs Viewer ( roles/ logging.viewer )

Observability Scopes Editor ( roles/ observability.scopesEditor )

Telco Automation Admin ( roles/ telcoautomation.admin )

Telco Automation Tier 1 Operations Admin ( roles/ telcoautomation.opsAdminTier1 )

Telco Automation Tier 4 Operations Admin ( roles/ telcoautomation.opsAdminTier4 )

Service agent roles

Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )

`logging.logScopes.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Cloud Hub Operator ( roles/ cloudhub.operator )

Dataproc Hub Agent ( roles/ dataproc.hubAgent )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

ML Engineer ( roles/ iam.mlEngineer )

Network Administrator ( roles/ iam.networkAdmin )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

Support User ( roles/ iam.supportUser )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Logs Viewer ( roles/ logging.viewer )

Observability Scopes Editor ( roles/ observability.scopesEditor )

Telco Automation Admin ( roles/ telcoautomation.admin )

Telco Automation Tier 1 Operations Admin ( roles/ telcoautomation.opsAdminTier1 )

Telco Automation Tier 4 Operations Admin ( roles/ telcoautomation.opsAdminTier4 )

Service agent roles

Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )

`logging.logScopes.update`

Owner ( roles/ owner )

Editor ( roles/ editor )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Observability Scopes Editor ( roles/ observability.scopesEditor )

Service agent roles

Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )

`logging.logServiceIndexes.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

VPC Service Controls Troubleshooter Viewer ( roles/ accesscontextmanager.vpcScTroubleshooterViewer )

Billing Account Administrator ( roles/ billing.admin )

Cloud Hub Operator ( roles/ cloudhub.operator )

Dataproc Hub Agent ( roles/ dataproc.hubAgent )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

ML Engineer ( roles/ iam.mlEngineer )

Network Administrator ( roles/ iam.networkAdmin )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

Support User ( roles/ iam.supportUser )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Private Logs Viewer ( roles/ logging.privateLogViewer )

Logs Viewer ( roles/ logging.viewer )

Telco Automation Admin ( roles/ telcoautomation.admin )

Telco Automation Tier 1 Operations Admin ( roles/ telcoautomation.opsAdminTier1 )

Telco Automation Tier 4 Operations Admin ( roles/ telcoautomation.opsAdminTier4 )

Service agent roles

Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )

`logging.logServices.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

VPC Service Controls Troubleshooter Viewer ( roles/ accesscontextmanager.vpcScTroubleshooterViewer )

Billing Account Administrator ( roles/ billing.admin )

Cloud Hub Operator ( roles/ cloudhub.operator )

Dataproc Hub Agent ( roles/ dataproc.hubAgent )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

ML Engineer ( roles/ iam.mlEngineer )

Network Administrator ( roles/ iam.networkAdmin )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

Support User ( roles/ iam.supportUser )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Private Logs Viewer ( roles/ logging.privateLogViewer )

Logs Viewer ( roles/ logging.viewer )

Telco Automation Admin ( roles/ telcoautomation.admin )

Telco Automation Tier 1 Operations Admin ( roles/ telcoautomation.opsAdminTier1 )

Telco Automation Tier 4 Operations Admin ( roles/ telcoautomation.opsAdminTier4 )

Service agent roles

Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )

`logging.logs.delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Logging Admin ( roles/ logging.admin )

`logging.logs.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

VPC Service Controls Troubleshooter Viewer ( roles/ accesscontextmanager.vpcScTroubleshooterViewer )

Billing Account Administrator ( roles/ billing.admin )

Cloud Hub Operator ( roles/ cloudhub.operator )

Dataproc Hub Agent ( roles/ dataproc.hubAgent )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

ML Engineer ( roles/ iam.mlEngineer )

Network Administrator ( roles/ iam.networkAdmin )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

Support User ( roles/ iam.supportUser )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Private Logs Viewer ( roles/ logging.privateLogViewer )

Logs Viewer ( roles/ logging.viewer )

Telco Automation Admin ( roles/ telcoautomation.admin )

Telco Automation Tier 1 Operations Admin ( roles/ telcoautomation.opsAdminTier1 )

Telco Automation Tier 4 Operations Admin ( roles/ telcoautomation.opsAdminTier4 )

Service agent roles

Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )

`logging. notificationRules. create`

Owner ( roles/ owner )

Editor ( roles/ editor )

Error Reporting Admin ( roles/ errorreporting.admin )

Error Reporting User ( roles/ errorreporting.user )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Service agent roles

Cloud Composer API Service Agent ( roles/ composer.serviceAgent )
Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cloud Deployment Manager Service Agent ( roles/ clouddeploymentmanager.serviceAgent )

`logging. notificationRules. delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

Error Reporting Admin ( roles/ errorreporting.admin )

Error Reporting User ( roles/ errorreporting.user )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Service agent roles

Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )

`logging.notificationRules.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Cloud Hub Operator ( roles/ cloudhub.operator )

Error Reporting Admin ( roles/ errorreporting.admin )

Error Reporting User ( roles/ errorreporting.user )

Error Reporting Viewer ( roles/ errorreporting.viewer )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

Support User ( roles/ iam.supportUser )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Service agent roles

Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )

`logging.notificationRules.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Cloud Hub Operator ( roles/ cloudhub.operator )

Error Reporting Admin ( roles/ errorreporting.admin )

Error Reporting User ( roles/ errorreporting.user )

Error Reporting Viewer ( roles/ errorreporting.viewer )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

Support User ( roles/ iam.supportUser )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Service agent roles

Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )

`logging. notificationRules. update`

Owner ( roles/ owner )

Editor ( roles/ editor )

Error Reporting Admin ( roles/ errorreporting.admin )

Error Reporting User ( roles/ errorreporting.user )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Service agent roles

Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )

`logging.operations.cancel`

Owner ( roles/ owner )

Editor ( roles/ editor )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Service agent roles

Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )

`logging.operations.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Cloud Hub Operator ( roles/ cloudhub.operator )

Dataproc Hub Agent ( roles/ dataproc.hubAgent )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

ML Engineer ( roles/ iam.mlEngineer )

Network Administrator ( roles/ iam.networkAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

Support User ( roles/ iam.supportUser )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Private Logs Viewer ( roles/ logging.privateLogViewer )

Logs Viewer ( roles/ logging.viewer )

Telco Automation Admin ( roles/ telcoautomation.admin )

Telco Automation Tier 1 Operations Admin ( roles/ telcoautomation.opsAdminTier1 )

Telco Automation Tier 4 Operations Admin ( roles/ telcoautomation.opsAdminTier4 )

Service agent roles

Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )

`logging.operations.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Cloud Hub Operator ( roles/ cloudhub.operator )

Dataproc Hub Agent ( roles/ dataproc.hubAgent )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

ML Engineer ( roles/ iam.mlEngineer )

Network Administrator ( roles/ iam.networkAdmin )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

Support User ( roles/ iam.supportUser )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Private Logs Viewer ( roles/ logging.privateLogViewer )

Logs Viewer ( roles/ logging.viewer )

Telco Automation Admin ( roles/ telcoautomation.admin )

Telco Automation Tier 1 Operations Admin ( roles/ telcoautomation.opsAdminTier1 )

Telco Automation Tier 4 Operations Admin ( roles/ telcoautomation.opsAdminTier4 )

Service agent roles

Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )

`logging.privateLogEntries.list`

Owner ( roles/ owner )

Billing Account Administrator ( roles/ billing.admin )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Logging Admin ( roles/ logging.admin )

Private Logs Viewer ( roles/ logging.privateLogViewer )

`logging.queries.deleteShared`

Owner ( roles/ owner )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Logging Admin ( roles/ logging.admin )

`logging.queries.getShared`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Cloud Hub Operator ( roles/ cloudhub.operator )

Dataproc Hub Agent ( roles/ dataproc.hubAgent )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

ML Engineer ( roles/ iam.mlEngineer )

Network Administrator ( roles/ iam.networkAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

Support User ( roles/ iam.supportUser )

Logging Admin ( roles/ logging.admin )

Private Logs Viewer ( roles/ logging.privateLogViewer )

Logs Viewer ( roles/ logging.viewer )

Observability Analytics User ( roles/ observability.analyticsUser )

Telco Automation Admin ( roles/ telcoautomation.admin )

Telco Automation Tier 1 Operations Admin ( roles/ telcoautomation.opsAdminTier1 )

Telco Automation Tier 4 Operations Admin ( roles/ telcoautomation.opsAdminTier4 )

`logging.queries.listShared`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Cloud Hub Operator ( roles/ cloudhub.operator )

Dataproc Hub Agent ( roles/ dataproc.hubAgent )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

ML Engineer ( roles/ iam.mlEngineer )

Network Administrator ( roles/ iam.networkAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

Support User ( roles/ iam.supportUser )

Logging Admin ( roles/ logging.admin )

Private Logs Viewer ( roles/ logging.privateLogViewer )

Logs Viewer ( roles/ logging.viewer )

Observability Analytics User ( roles/ observability.analyticsUser )

Telco Automation Admin ( roles/ telcoautomation.admin )

Telco Automation Tier 1 Operations Admin ( roles/ telcoautomation.opsAdminTier1 )

Telco Automation Tier 4 Operations Admin ( roles/ telcoautomation.opsAdminTier4 )

`logging.queries.share`

Owner ( roles/ owner )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Logging Admin ( roles/ logging.admin )

`logging.queries.updateShared`

Owner ( roles/ owner )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Logging Admin ( roles/ logging.admin )

`logging.queries.usePrivate`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Cloud Hub Operator ( roles/ cloudhub.operator )

Dataproc Hub Agent ( roles/ dataproc.hubAgent )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

ML Engineer ( roles/ iam.mlEngineer )

Network Administrator ( roles/ iam.networkAdmin )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

Support User ( roles/ iam.supportUser )

Logging Admin ( roles/ logging.admin )

Private Logs Viewer ( roles/ logging.privateLogViewer )

Logs Viewer ( roles/ logging.viewer )

Observability Analytics User ( roles/ observability.analyticsUser )

Telco Automation Admin ( roles/ telcoautomation.admin )

Telco Automation Tier 1 Operations Admin ( roles/ telcoautomation.opsAdminTier1 )

Telco Automation Tier 4 Operations Admin ( roles/ telcoautomation.opsAdminTier4 )

`logging.settings.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Support User ( roles/ iam.supportUser )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Service agent roles

Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )

`logging.settings.update`

Owner ( roles/ owner )

Editor ( roles/ editor )

Assured Workloads Administrator ( roles/ assuredworkloads.admin )

Assured Workloads Editor ( roles/ assuredworkloads.editor )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Service agent roles

Cloud Composer API Service Agent ( roles/ composer.serviceAgent )
Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cloud Security Compliance Service Agent ( roles/ cloudsecuritycompliance.serviceAgent )

`logging.sinks.create`

Owner ( roles/ owner )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Service agent roles

Cloud Composer API Service Agent ( roles/ composer.serviceAgent )
Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
GKE Hub Service Agent ( roles/ gkehub.serviceAgent )
KubeRun Events Control Plane Service Agent ( roles/ kuberun.eventsControlPlaneServiceAgent )
Cloud Deployment Manager Service Agent ( roles/ clouddeploymentmanager.serviceAgent )

`logging.sinks.delete`

Owner ( roles/ owner )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Service agent roles

Cloud Composer API Service Agent ( roles/ composer.serviceAgent )
Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
GKE Hub Service Agent ( roles/ gkehub.serviceAgent )
KubeRun Events Control Plane Service Agent ( roles/ kuberun.eventsControlPlaneServiceAgent )
Cloud Deployment Manager Service Agent ( roles/ clouddeploymentmanager.serviceAgent )

`logging.sinks.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

VPC Service Controls Troubleshooter Viewer ( roles/ accesscontextmanager.vpcScTroubleshooterViewer )

Cloud Hub Operator ( roles/ cloudhub.operator )

Dataproc Hub Agent ( roles/ dataproc.hubAgent )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

ML Engineer ( roles/ iam.mlEngineer )

Network Administrator ( roles/ iam.networkAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

Support User ( roles/ iam.supportUser )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Private Logs Viewer ( roles/ logging.privateLogViewer )

Logs Viewer ( roles/ logging.viewer )

Telco Automation Admin ( roles/ telcoautomation.admin )

Telco Automation Tier 1 Operations Admin ( roles/ telcoautomation.opsAdminTier1 )

Telco Automation Tier 4 Operations Admin ( roles/ telcoautomation.opsAdminTier4 )

Service agent roles

Cloud Composer API Service Agent ( roles/ composer.serviceAgent )
Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
GKE Hub Service Agent ( roles/ gkehub.serviceAgent )
KubeRun Events Control Plane Service Agent ( roles/ kuberun.eventsControlPlaneServiceAgent )
Cloud Deployment Manager Service Agent ( roles/ clouddeploymentmanager.serviceAgent )

`logging.sinks.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

VPC Service Controls Troubleshooter Viewer ( roles/ accesscontextmanager.vpcScTroubleshooterViewer )

Cloud Hub Operator ( roles/ cloudhub.operator )

Dataproc Hub Agent ( roles/ dataproc.hubAgent )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

ML Engineer ( roles/ iam.mlEngineer )

Network Administrator ( roles/ iam.networkAdmin )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

Support User ( roles/ iam.supportUser )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Private Logs Viewer ( roles/ logging.privateLogViewer )

Logs Viewer ( roles/ logging.viewer )

Telco Automation Admin ( roles/ telcoautomation.admin )

Telco Automation Tier 1 Operations Admin ( roles/ telcoautomation.opsAdminTier1 )

Telco Automation Tier 4 Operations Admin ( roles/ telcoautomation.opsAdminTier4 )

Service agent roles

Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
GKE Hub Service Agent ( roles/ gkehub.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )

`logging.sinks.update`

Owner ( roles/ owner )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Service agent roles

Cloud Composer API Service Agent ( roles/ composer.serviceAgent )
Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
GKE Hub Service Agent ( roles/ gkehub.serviceAgent )
Cloud Deployment Manager Service Agent ( roles/ clouddeploymentmanager.serviceAgent )

`logging.sqlAlerts.create`

Owner ( roles/ owner )

Editor ( roles/ editor )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

SQL Alert Writer ( roles/ logging.sqlAlertWriter )

Service agent roles

Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )

`logging.sqlAlerts.update`

Owner ( roles/ owner )

Editor ( roles/ editor )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

SQL Alert Writer ( roles/ logging.sqlAlertWriter )

Service agent roles

Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )

`logging.usage.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

VPC Service Controls Troubleshooter Viewer ( roles/ accesscontextmanager.vpcScTroubleshooterViewer )

Cloud Hub Operator ( roles/ cloudhub.operator )

Dataproc Hub Agent ( roles/ dataproc.hubAgent )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

ML Engineer ( roles/ iam.mlEngineer )

Network Administrator ( roles/ iam.networkAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

Support User ( roles/ iam.supportUser )

Logging Admin ( roles/ logging.admin )

Private Logs Viewer ( roles/ logging.privateLogViewer )

Logs Viewer ( roles/ logging.viewer )

Telco Automation Admin ( roles/ telcoautomation.admin )

Telco Automation Tier 1 Operations Admin ( roles/ telcoautomation.opsAdminTier1 )

Telco Automation Tier 4 Operations Admin ( roles/ telcoautomation.opsAdminTier4 )

`logging.views.access`

Owner ( roles/ owner )

Cloud Build Service Account ( roles/ cloudbuild.builds.builder )

Composer Worker ( roles/ composer.worker )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Logging Admin ( roles/ logging.admin )

Private Logs Viewer ( roles/ logging.privateLogViewer )

Logs View Accessor ( roles/ logging.viewAccessor )

Service agent roles

Cloud Build Service Agent ( roles/ cloudbuild.serviceAgent )

`logging.views.create`

Owner ( roles/ owner )

Editor ( roles/ editor )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Service agent roles

Cloud Composer API Service Agent ( roles/ composer.serviceAgent )
Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
GKE Hub Service Agent ( roles/ gkehub.serviceAgent )
Apigee Service Agent ( roles/ apigee.serviceAgent )

`logging.views.delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Service agent roles

Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )

`logging.views.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Cloud Hub Operator ( roles/ cloudhub.operator )

Dataproc Hub Agent ( roles/ dataproc.hubAgent )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

ML Engineer ( roles/ iam.mlEngineer )

Network Administrator ( roles/ iam.networkAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

Support User ( roles/ iam.supportUser )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Private Logs Viewer ( roles/ logging.privateLogViewer )

Logs Viewer ( roles/ logging.viewer )

Telco Automation Admin ( roles/ telcoautomation.admin )

Telco Automation Tier 1 Operations Admin ( roles/ telcoautomation.opsAdminTier1 )

Telco Automation Tier 4 Operations Admin ( roles/ telcoautomation.opsAdminTier4 )

Service agent roles

Cloud Composer API Service Agent ( roles/ composer.serviceAgent )
Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
GKE Hub Service Agent ( roles/ gkehub.serviceAgent )
Apigee Service Agent ( roles/ apigee.serviceAgent )

`logging.views.getIamPolicy`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Service agent roles

Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )

`logging.views.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Cloud Hub Operator ( roles/ cloudhub.operator )

Dataproc Hub Agent ( roles/ dataproc.hubAgent )

Data Scientist ( roles/ iam.dataScientist )

Databases Admin ( roles/ iam.databasesAdmin )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

ML Engineer ( roles/ iam.mlEngineer )

Network Administrator ( roles/ iam.networkAdmin )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

Support User ( roles/ iam.supportUser )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Private Logs Viewer ( roles/ logging.privateLogViewer )

Logs Viewer ( roles/ logging.viewer )

Telco Automation Admin ( roles/ telcoautomation.admin )

Telco Automation Tier 1 Operations Admin ( roles/ telcoautomation.opsAdminTier1 )

Telco Automation Tier 4 Operations Admin ( roles/ telcoautomation.opsAdminTier4 )

Service agent roles

Cloud Composer API Service Agent ( roles/ composer.serviceAgent )
Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
GKE Hub Service Agent ( roles/ gkehub.serviceAgent )
Apigee Service Agent ( roles/ apigee.serviceAgent )

`logging.views.listLogs`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Support User ( roles/ iam.supportUser )

Logging Admin ( roles/ logging.admin )

Logs View Accessor ( roles/ logging.viewAccessor )

`logging.views.listResourceKeys`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Support User ( roles/ iam.supportUser )

Logging Admin ( roles/ logging.admin )

Logs View Accessor ( roles/ logging.viewAccessor )

`logging. views. listResourceValues`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Support User ( roles/ iam.supportUser )

Logging Admin ( roles/ logging.admin )

Logs View Accessor ( roles/ logging.viewAccessor )

`logging.views.setIamPolicy`

Owner ( roles/ owner )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Security Admin ( roles/ iam.securityAdmin )

Logging Admin ( roles/ logging.admin )

`logging.views.update`

Owner ( roles/ owner )

Editor ( roles/ editor )

Dev Ops ( roles/ iam.devOps )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Logging Admin ( roles/ logging.admin )

Logs Configuration Writer ( roles/ logging.configWriter )

Service agent roles

Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
GKE Hub Service Agent ( roles/ gkehub.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )

Cloud Logging roles and permissions