Service Directory roles and permissions

This page lists the IAM roles and permissions for Service Directory. To search through all roles and permissions, see the role and permission index .

Service Directory roles

Role

Permissions

Service Directory Admin

( roles/ servicedirectory.admin )

Full control of all Service Directory resources and permissions.

resourcemanager.projects.get

resourcemanager.projects.list

servicedirectory.endpoints.*

servicedirectory. endpoints. create
servicedirectory. endpoints. delete
servicedirectory.endpoints.get
servicedirectory. endpoints. getIamPolicy
servicedirectory. endpoints. list
servicedirectory. endpoints. setIamPolicy
servicedirectory. endpoints. update

servicedirectory.locations.*

servicedirectory.locations.get
servicedirectory. locations. list

servicedirectory.namespaces.*

servicedirectory. namespaces. associatePrivateZone
servicedirectory. namespaces. create
servicedirectory. namespaces. delete
servicedirectory. namespaces. get
servicedirectory. namespaces. getIamPolicy
servicedirectory. namespaces. list
servicedirectory. namespaces. setIamPolicy
servicedirectory. namespaces. update

servicedirectory. networks. attach

servicedirectory.services.*

servicedirectory.services.bind
servicedirectory. services. create
servicedirectory. services. delete
servicedirectory.services.get
servicedirectory. services. getIamPolicy
servicedirectory.services.list
servicedirectory. services. resolve
servicedirectory. services. setIamPolicy
servicedirectory. services. update

Service Directory Editor

( roles/ servicedirectory.editor )

Edit Service Directory resources.

resourcemanager.projects.get

resourcemanager.projects.list

servicedirectory. endpoints. create

servicedirectory. endpoints. delete

servicedirectory.endpoints.get

servicedirectory. endpoints. getIamPolicy

servicedirectory. endpoints. list

servicedirectory. endpoints. update

servicedirectory.locations.*

servicedirectory.locations.get
servicedirectory. locations. list

servicedirectory. namespaces. associatePrivateZone

servicedirectory. namespaces. create

servicedirectory. namespaces. delete

servicedirectory. namespaces. get

servicedirectory. namespaces. getIamPolicy

servicedirectory. namespaces. list

servicedirectory. namespaces. update

servicedirectory. networks. attach

servicedirectory.services.bind

servicedirectory. services. create

servicedirectory. services. delete

servicedirectory.services.get

servicedirectory. services. getIamPolicy

servicedirectory.services.list

servicedirectory. services. resolve

servicedirectory. services. update

Service Directory Network Attacher

( roles/ servicedirectory.networkAttacher )

Gives access to attach VPC Networks to Service Directory Endpoints

resourcemanager.projects.get

resourcemanager.projects.list

servicedirectory. networks. attach

Private Service Connect Authorized Service

( roles/ servicedirectory.pscAuthorizedService )

Gives access to VPC Networks via Service Directory

resourcemanager.projects.get

resourcemanager.projects.list

servicedirectory. networks. access

Service Directory Service Agent

( roles/ servicedirectory.serviceAgent )

Give the Service Directory service agent access to Cloud Platform resources.

container.clusters.get

gkehub.features.get

gkehub.gateway.delete

gkehub. gateway. generateCredentials

gkehub.gateway.get

gkehub.gateway.patch

gkehub.gateway.post

gkehub.gateway.put

gkehub.locations.*

gkehub.locations.get
gkehub.locations.list

gkehub.memberships.get

gkehub.memberships.list

resourcemanager.projects.get

resourcemanager.projects.list

servicedirectory. endpoints. create

servicedirectory. endpoints. delete

servicedirectory.endpoints.get

servicedirectory. endpoints. getIamPolicy

servicedirectory. endpoints. list

servicedirectory. endpoints. update

servicedirectory.locations.*

servicedirectory.locations.get
servicedirectory. locations. list

servicedirectory. namespaces. associatePrivateZone

servicedirectory. namespaces. create

servicedirectory. namespaces. delete

servicedirectory. namespaces. get

servicedirectory. namespaces. getIamPolicy

servicedirectory. namespaces. list

servicedirectory. namespaces. update

servicedirectory. networks. attach

servicedirectory.services.bind

servicedirectory. services. create

servicedirectory. services. delete

servicedirectory.services.get

servicedirectory. services. getIamPolicy

servicedirectory.services.list

servicedirectory. services. resolve

servicedirectory. services. update

Service Directory Viewer

( roles/ servicedirectory.viewer )

View Service Directory resources.

resourcemanager.projects.get

resourcemanager.projects.list

servicedirectory.endpoints.get

servicedirectory. endpoints. getIamPolicy

servicedirectory. endpoints. list

servicedirectory.locations.*

servicedirectory.locations.get
servicedirectory. locations. list

servicedirectory. namespaces. get

servicedirectory. namespaces. getIamPolicy

servicedirectory. namespaces. list

servicedirectory.services.get

servicedirectory. services. getIamPolicy

servicedirectory.services.list

servicedirectory. services. resolve

Service Directory permissions

Permission

Included in roles

`servicedirectory. endpoints. create`

Owner ( roles/ owner )

Editor ( roles/ editor )

Service Directory Admin ( roles/ servicedirectory.admin )

Service Directory Editor ( roles/ servicedirectory.editor )

Service agent roles

Service Directory Service Agent ( roles/ servicedirectory.serviceAgent )

`servicedirectory. endpoints. delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

Service Directory Admin ( roles/ servicedirectory.admin )

Service Directory Editor ( roles/ servicedirectory.editor )

Service agent roles

Service Directory Service Agent ( roles/ servicedirectory.serviceAgent )

`servicedirectory.endpoints.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Support User ( roles/ iam.supportUser )

Service Directory Admin ( roles/ servicedirectory.admin )

Service Directory Editor ( roles/ servicedirectory.editor )

Service Directory Viewer ( roles/ servicedirectory.viewer )

Service agent roles

Service Directory Service Agent ( roles/ servicedirectory.serviceAgent )
Cloud Build Service Agent ( roles/ cloudbuild.serviceAgent )

`servicedirectory. endpoints. getIamPolicy`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

Service Directory Admin ( roles/ servicedirectory.admin )

Service Directory Editor ( roles/ servicedirectory.editor )

Service Directory Viewer ( roles/ servicedirectory.viewer )

Service agent roles

Service Directory Service Agent ( roles/ servicedirectory.serviceAgent )
Cloud Build Service Agent ( roles/ cloudbuild.serviceAgent )

`servicedirectory. endpoints. list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

Service Directory Admin ( roles/ servicedirectory.admin )

Service Directory Editor ( roles/ servicedirectory.editor )

Service Directory Viewer ( roles/ servicedirectory.viewer )

Service agent roles

Service Directory Service Agent ( roles/ servicedirectory.serviceAgent )
Cloud Build Service Agent ( roles/ cloudbuild.serviceAgent )

`servicedirectory. endpoints. setIamPolicy`

Owner ( roles/ owner )

Security Admin ( roles/ iam.securityAdmin )

Service Directory Admin ( roles/ servicedirectory.admin )

`servicedirectory. endpoints. update`

Owner ( roles/ owner )

Editor ( roles/ editor )

Service Directory Admin ( roles/ servicedirectory.admin )

Service Directory Editor ( roles/ servicedirectory.editor )

Service agent roles

Service Directory Service Agent ( roles/ servicedirectory.serviceAgent )

`servicedirectory.locations.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Support User ( roles/ iam.supportUser )

Service Directory Admin ( roles/ servicedirectory.admin )

Service Directory Editor ( roles/ servicedirectory.editor )

Service Directory Viewer ( roles/ servicedirectory.viewer )

Service agent roles

Service Directory Service Agent ( roles/ servicedirectory.serviceAgent )
Cloud Build Service Agent ( roles/ cloudbuild.serviceAgent )

`servicedirectory. locations. list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

Service Directory Admin ( roles/ servicedirectory.admin )

Service Directory Editor ( roles/ servicedirectory.editor )

Service Directory Viewer ( roles/ servicedirectory.viewer )

Service agent roles

Service Directory Service Agent ( roles/ servicedirectory.serviceAgent )
Cloud Build Service Agent ( roles/ cloudbuild.serviceAgent )

`servicedirectory. namespaces. associatePrivateZone`

Owner ( roles/ owner )

Editor ( roles/ editor )

Service Directory Admin ( roles/ servicedirectory.admin )

Service Directory Editor ( roles/ servicedirectory.editor )

Service agent roles

Network Connectivity Service Agent ( roles/ networkconnectivity.serviceAgent )
Service Directory Service Agent ( roles/ servicedirectory.serviceAgent )
Cloud Deployment Manager Service Agent ( roles/ clouddeploymentmanager.serviceAgent )

`servicedirectory. namespaces. create`

Owner ( roles/ owner )

Editor ( roles/ editor )

Compute Network Admin ( roles/ compute.networkAdmin )

Compute Peer Subnet Migration Admin ( roles/ compute.peerSubnetMigrationAdmin )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Service Directory Admin ( roles/ servicedirectory.admin )

Service Directory Editor ( roles/ servicedirectory.editor )

Cloud Workstations Network Admin ( roles/ workstations.networkAdmin )

Service agent roles

Cloud TPU V2 API Service Agent ( roles/ cloudtpu.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )
Kubernetes Engine Service Agent ( roles/ container.serviceAgent )
Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Managed Kafka Service Agent ( roles/ managedkafka.serviceAgent )
Dataproc Metastore Service Agent ( roles/ metastore.serviceAgent )
Network Connectivity Service Agent ( roles/ networkconnectivity.serviceAgent )
Service Directory Service Agent ( roles/ servicedirectory.serviceAgent )
Workstations Service Agent ( roles/ workstations.serviceAgent )
Cloud Deployment Manager Service Agent ( roles/ clouddeploymentmanager.serviceAgent )

`servicedirectory. namespaces. delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

Compute Network Admin ( roles/ compute.networkAdmin )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Service Directory Admin ( roles/ servicedirectory.admin )

Service Directory Editor ( roles/ servicedirectory.editor )

Cloud Workstations Network Admin ( roles/ workstations.networkAdmin )

Service agent roles

Cloud TPU V2 API Service Agent ( roles/ cloudtpu.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )
Kubernetes Engine Service Agent ( roles/ container.serviceAgent )
Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Dataproc Metastore Service Agent ( roles/ metastore.serviceAgent )
Network Connectivity Service Agent ( roles/ networkconnectivity.serviceAgent )
Service Directory Service Agent ( roles/ servicedirectory.serviceAgent )
Workstations Service Agent ( roles/ workstations.serviceAgent )
Cloud Deployment Manager Service Agent ( roles/ clouddeploymentmanager.serviceAgent )

`servicedirectory. namespaces. get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Support User ( roles/ iam.supportUser )

Service Directory Admin ( roles/ servicedirectory.admin )

Service Directory Editor ( roles/ servicedirectory.editor )

Service Directory Viewer ( roles/ servicedirectory.viewer )

Service agent roles

Service Directory Service Agent ( roles/ servicedirectory.serviceAgent )
Cloud Build Service Agent ( roles/ cloudbuild.serviceAgent )

`servicedirectory. namespaces. getIamPolicy`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

Service Directory Admin ( roles/ servicedirectory.admin )

Service Directory Editor ( roles/ servicedirectory.editor )

Service Directory Viewer ( roles/ servicedirectory.viewer )

Service agent roles

Service Directory Service Agent ( roles/ servicedirectory.serviceAgent )
Cloud Build Service Agent ( roles/ cloudbuild.serviceAgent )

`servicedirectory. namespaces. list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

Service Directory Admin ( roles/ servicedirectory.admin )

Service Directory Editor ( roles/ servicedirectory.editor )

Service Directory Viewer ( roles/ servicedirectory.viewer )

Service agent roles

Service Directory Service Agent ( roles/ servicedirectory.serviceAgent )
Cloud Build Service Agent ( roles/ cloudbuild.serviceAgent )

`servicedirectory. namespaces. setIamPolicy`

Owner ( roles/ owner )

Security Admin ( roles/ iam.securityAdmin )

Service Directory Admin ( roles/ servicedirectory.admin )

`servicedirectory. namespaces. update`

Owner ( roles/ owner )

Editor ( roles/ editor )

Service Directory Admin ( roles/ servicedirectory.admin )

Service Directory Editor ( roles/ servicedirectory.editor )

Service agent roles

Service Directory Service Agent ( roles/ servicedirectory.serviceAgent )

`servicedirectory. networks. access`

Private Service Connect Authorized Service ( roles/ servicedirectory.pscAuthorizedService )

Service agent roles

Monitoring Service Agent ( roles/ monitoring.notificationServiceAgent )
Cloud Build Service Agent ( roles/ cloudbuild.serviceAgent )

`servicedirectory. networks. attach`

Owner ( roles/ owner )

Editor ( roles/ editor )

Service Directory Admin ( roles/ servicedirectory.admin )

Service Directory Editor ( roles/ servicedirectory.editor )

Service Directory Network Attacher ( roles/ servicedirectory.networkAttacher )

Service agent roles

Service Directory Service Agent ( roles/ servicedirectory.serviceAgent )

`servicedirectory.services.bind`

Owner ( roles/ owner )

Editor ( roles/ editor )

Service Directory Admin ( roles/ servicedirectory.admin )

Service Directory Editor ( roles/ servicedirectory.editor )

Service agent roles

Service Directory Service Agent ( roles/ servicedirectory.serviceAgent )

`servicedirectory. services. create`

Owner ( roles/ owner )

Editor ( roles/ editor )

Compute Network Admin ( roles/ compute.networkAdmin )

Compute Peer Subnet Migration Admin ( roles/ compute.peerSubnetMigrationAdmin )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Service Directory Admin ( roles/ servicedirectory.admin )

Service Directory Editor ( roles/ servicedirectory.editor )

Cloud Workstations Network Admin ( roles/ workstations.networkAdmin )

Service agent roles

Cloud TPU V2 API Service Agent ( roles/ cloudtpu.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )
Kubernetes Engine Service Agent ( roles/ container.serviceAgent )
Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Managed Kafka Service Agent ( roles/ managedkafka.serviceAgent )
Dataproc Metastore Service Agent ( roles/ metastore.serviceAgent )
Network Connectivity Service Agent ( roles/ networkconnectivity.serviceAgent )
Service Directory Service Agent ( roles/ servicedirectory.serviceAgent )
Workstations Service Agent ( roles/ workstations.serviceAgent )
Cloud Deployment Manager Service Agent ( roles/ clouddeploymentmanager.serviceAgent )

`servicedirectory. services. delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

Compute Network Admin ( roles/ compute.networkAdmin )

Compute Peer Subnet Migration Admin ( roles/ compute.peerSubnetMigrationAdmin )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Service Directory Admin ( roles/ servicedirectory.admin )

Service Directory Editor ( roles/ servicedirectory.editor )

Cloud Workstations Network Admin ( roles/ workstations.networkAdmin )

Service agent roles

Cloud Composer API Service Agent ( roles/ composer.serviceAgent )
Kubernetes Engine Service Agent ( roles/ container.serviceAgent )
Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Managed Kafka Service Agent ( roles/ managedkafka.serviceAgent )
Dataproc Metastore Service Agent ( roles/ metastore.serviceAgent )
Network Connectivity Service Agent ( roles/ networkconnectivity.serviceAgent )
Service Directory Service Agent ( roles/ servicedirectory.serviceAgent )
Workstations Service Agent ( roles/ workstations.serviceAgent )
Cloud TPU V2 API Service Agent ( roles/ cloudtpu.serviceAgent )

`servicedirectory.services.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Support User ( roles/ iam.supportUser )

Service Directory Admin ( roles/ servicedirectory.admin )

Service Directory Editor ( roles/ servicedirectory.editor )

Service Directory Viewer ( roles/ servicedirectory.viewer )

Service agent roles

Service Directory Service Agent ( roles/ servicedirectory.serviceAgent )
Cloud Build Service Agent ( roles/ cloudbuild.serviceAgent )

`servicedirectory. services. getIamPolicy`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

Service Directory Admin ( roles/ servicedirectory.admin )

Service Directory Editor ( roles/ servicedirectory.editor )

Service Directory Viewer ( roles/ servicedirectory.viewer )

Service agent roles

Service Directory Service Agent ( roles/ servicedirectory.serviceAgent )
Cloud Build Service Agent ( roles/ cloudbuild.serviceAgent )

`servicedirectory.services.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

Service Directory Admin ( roles/ servicedirectory.admin )

Service Directory Editor ( roles/ servicedirectory.editor )

Service Directory Viewer ( roles/ servicedirectory.viewer )

Service agent roles

Service Directory Service Agent ( roles/ servicedirectory.serviceAgent )
Cloud Build Service Agent ( roles/ cloudbuild.serviceAgent )

`servicedirectory. services. resolve`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Support User ( roles/ iam.supportUser )

Service Directory Admin ( roles/ servicedirectory.admin )

Service Directory Editor ( roles/ servicedirectory.editor )

Service Directory Viewer ( roles/ servicedirectory.viewer )

Service agent roles

Monitoring Service Agent ( roles/ monitoring.notificationServiceAgent )
Service Directory Service Agent ( roles/ servicedirectory.serviceAgent )
Cloud Build Service Agent ( roles/ cloudbuild.serviceAgent )

`servicedirectory. services. setIamPolicy`

Owner ( roles/ owner )

Security Admin ( roles/ iam.securityAdmin )

Service Directory Admin ( roles/ servicedirectory.admin )

`servicedirectory. services. update`

Owner ( roles/ owner )

Editor ( roles/ editor )

Service Directory Admin ( roles/ servicedirectory.admin )

Service Directory Editor ( roles/ servicedirectory.editor )

Service agent roles

Service Directory Service Agent ( roles/ servicedirectory.serviceAgent )