Workflows roles and permissions

This page lists the IAM roles and permissions for Workflows. To search through all roles and permissions, see the role and permission index .

Workflows roles

Role

Permissions

Workflows Admin

( roles/ workflows.admin )

Full access to workflows and related resources.

Lowest-level resources where you can grant this role:

Project

resourcemanager.projects.get

resourcemanager.projects.list

workflows.*

workflows.callbacks.list
workflows.callbacks.send
workflows.executions.cancel
workflows.executions.create
workflows.executions.get
workflows.executions.list
workflows.locations.get
workflows.locations.list
workflows.operations.cancel
workflows.operations.get
workflows.operations.list
workflows.stepEntries.get
workflows.stepEntries.list
workflows.workflows.create
workflows. workflows. createTagBinding
workflows.workflows.delete
workflows. workflows. deleteTagBinding
workflows.workflows.get
workflows.workflows.list
workflows. workflows. listEffectiveTags
workflows. workflows. listRevision
workflows. workflows. listTagBindings
workflows.workflows.update

Workflows Editor

( roles/ workflows.editor )

Read and write access to workflows and related resources, including development and debugging of workflows.

Lowest-level resources where you can grant this role:

Project

resourcemanager.projects.get

resourcemanager.projects.list

workflows.*

workflows.callbacks.list
workflows.callbacks.send
workflows.executions.cancel
workflows.executions.create
workflows.executions.get
workflows.executions.list
workflows.locations.get
workflows.locations.list
workflows.operations.cancel
workflows.operations.get
workflows.operations.list
workflows.stepEntries.get
workflows.stepEntries.list
workflows.workflows.create
workflows. workflows. createTagBinding
workflows.workflows.delete
workflows. workflows. deleteTagBinding
workflows.workflows.get
workflows.workflows.list
workflows. workflows. listEffectiveTags
workflows. workflows. listRevision
workflows. workflows. listTagBindings
workflows.workflows.update

Workflows Invoker

( roles/ workflows.invoker )

Access to execute workflows and manage the executions using the API. Does not provide access to develop and debug workflows.

Lowest-level resources where you can grant this role:

Project

resourcemanager.projects.get

resourcemanager.projects.list

workflows.callbacks.*

workflows.callbacks.list
workflows.callbacks.send

workflows.executions.*

workflows.executions.cancel
workflows.executions.create
workflows.executions.get
workflows.executions.list

workflows.stepEntries.*

workflows.stepEntries.get
workflows.stepEntries.list

Cloud Workflows Service Agent

( roles/ workflows.serviceAgent )

Gives Cloud Workflows service account access to managed resources.

container.clusters.connect

iam.serviceAccounts.get

iam. serviceAccounts. getAccessToken

iam. serviceAccounts. getOpenIdToken

serviceusage.services.use

Workflows Viewer

( roles/ workflows.viewer )

Read-only access to workflows and related resources.

Lowest-level resources where you can grant this role:

Project

resourcemanager.projects.get

resourcemanager.projects.list

workflows.callbacks.list

workflows.executions.get

workflows.executions.list

workflows.locations.*

workflows.locations.get
workflows.locations.list

workflows.operations.get

workflows.operations.list

workflows.stepEntries.*

workflows.stepEntries.get
workflows.stepEntries.list

workflows.workflows.get

workflows.workflows.list

workflows. workflows. listEffectiveTags

workflows. workflows. listRevision

workflows. workflows. listTagBindings

Workflows permissions

Permission

Included in roles

`workflows.callbacks.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

Workflows Admin ( roles/ workflows.admin )

Workflows Editor ( roles/ workflows.editor )

Workflows Invoker ( roles/ workflows.invoker )

Workflows Viewer ( roles/ workflows.viewer )

`workflows.callbacks.send`

Owner ( roles/ owner )

Editor ( roles/ editor )

Workflows Admin ( roles/ workflows.admin )

Workflows Editor ( roles/ workflows.editor )

Workflows Invoker ( roles/ workflows.invoker )

`workflows.executions.cancel`

Owner ( roles/ owner )

Editor ( roles/ editor )

Workflows Admin ( roles/ workflows.admin )

Workflows Editor ( roles/ workflows.editor )

Workflows Invoker ( roles/ workflows.invoker )

`workflows.executions.create`

Owner ( roles/ owner )

Editor ( roles/ editor )

Workflows Admin ( roles/ workflows.admin )

Workflows Editor ( roles/ workflows.editor )

Workflows Invoker ( roles/ workflows.invoker )

`workflows.executions.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Support User ( roles/ iam.supportUser )

Workflows Admin ( roles/ workflows.admin )

Workflows Editor ( roles/ workflows.editor )

Workflows Invoker ( roles/ workflows.invoker )

Workflows Viewer ( roles/ workflows.viewer )

`workflows.executions.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

Workflows Admin ( roles/ workflows.admin )

Workflows Editor ( roles/ workflows.editor )

Workflows Invoker ( roles/ workflows.invoker )

Workflows Viewer ( roles/ workflows.viewer )

`workflows.locations.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Support User ( roles/ iam.supportUser )

Workflows Admin ( roles/ workflows.admin )

Workflows Editor ( roles/ workflows.editor )

Workflows Viewer ( roles/ workflows.viewer )

`workflows.locations.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

Workflows Admin ( roles/ workflows.admin )

Workflows Editor ( roles/ workflows.editor )

Workflows Viewer ( roles/ workflows.viewer )

`workflows.operations.cancel`

Owner ( roles/ owner )

Editor ( roles/ editor )

Workflows Admin ( roles/ workflows.admin )

Workflows Editor ( roles/ workflows.editor )

`workflows.operations.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Support User ( roles/ iam.supportUser )

Workflows Admin ( roles/ workflows.admin )

Workflows Editor ( roles/ workflows.editor )

Workflows Viewer ( roles/ workflows.viewer )

Service agent roles

Cloud Deployment Manager Service Agent ( roles/ clouddeploymentmanager.serviceAgent )

`workflows.operations.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

Workflows Admin ( roles/ workflows.admin )

Workflows Editor ( roles/ workflows.editor )

Workflows Viewer ( roles/ workflows.viewer )

`workflows.stepEntries.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Support User ( roles/ iam.supportUser )

Workflows Admin ( roles/ workflows.admin )

Workflows Editor ( roles/ workflows.editor )

Workflows Invoker ( roles/ workflows.invoker )

Workflows Viewer ( roles/ workflows.viewer )

`workflows.stepEntries.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

Workflows Admin ( roles/ workflows.admin )

Workflows Editor ( roles/ workflows.editor )

Workflows Invoker ( roles/ workflows.invoker )

Workflows Viewer ( roles/ workflows.viewer )

`workflows.workflows.create`

Owner ( roles/ owner )

Editor ( roles/ editor )

Workflows Admin ( roles/ workflows.admin )

Workflows Editor ( roles/ workflows.editor )

Service agent roles

Cloud Deployment Manager Service Agent ( roles/ clouddeploymentmanager.serviceAgent )

`workflows. workflows. createTagBinding`

Owner ( roles/ owner )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Tag User ( roles/ resourcemanager.tagUser )

Workflows Admin ( roles/ workflows.admin )

Workflows Editor ( roles/ workflows.editor )

`workflows.workflows.delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

Workflows Admin ( roles/ workflows.admin )

Workflows Editor ( roles/ workflows.editor )

Service agent roles

Cloud Deployment Manager Service Agent ( roles/ clouddeploymentmanager.serviceAgent )

`workflows. workflows. deleteTagBinding`

Owner ( roles/ owner )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Tag User ( roles/ resourcemanager.tagUser )

Workflows Admin ( roles/ workflows.admin )

Workflows Editor ( roles/ workflows.editor )

`workflows.workflows.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Support User ( roles/ iam.supportUser )

Workflows Admin ( roles/ workflows.admin )

Workflows Editor ( roles/ workflows.editor )

Workflows Viewer ( roles/ workflows.viewer )

Service agent roles

Eventarc Service Agent ( roles/ eventarc.serviceAgent )
Cloud Deployment Manager Service Agent ( roles/ clouddeploymentmanager.serviceAgent )

`workflows.workflows.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

Workflows Admin ( roles/ workflows.admin )

Workflows Editor ( roles/ workflows.editor )

Workflows Viewer ( roles/ workflows.viewer )

`workflows. workflows. listEffectiveTags`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

Tag User ( roles/ resourcemanager.tagUser )

Tag Viewer ( roles/ resourcemanager.tagViewer )

Workflows Admin ( roles/ workflows.admin )

Workflows Editor ( roles/ workflows.editor )

Workflows Viewer ( roles/ workflows.viewer )

`workflows. workflows. listRevision`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Support User ( roles/ iam.supportUser )

Workflows Admin ( roles/ workflows.admin )

Workflows Editor ( roles/ workflows.editor )

Workflows Viewer ( roles/ workflows.viewer )

`workflows. workflows. listTagBindings`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

Tag User ( roles/ resourcemanager.tagUser )

Tag Viewer ( roles/ resourcemanager.tagViewer )

Workflows Admin ( roles/ workflows.admin )

Workflows Editor ( roles/ workflows.editor )

Workflows Viewer ( roles/ workflows.viewer )

`workflows.workflows.update`

Owner ( roles/ owner )

Editor ( roles/ editor )

Workflows Admin ( roles/ workflows.admin )

Workflows Editor ( roles/ workflows.editor )

Workflows roles and permissions Stay organized with collections Save and categorize content based on your preferences.

Workflows roles

Workflows Admin

Workflows Editor

Workflows Invoker

Cloud Workflows Service Agent

Workflows Viewer

Workflows permissions

workflows.callbacks.list

workflows.callbacks.send

workflows.executions.cancel

workflows.executions.create

workflows.executions.get

workflows.executions.list

workflows.locations.get

workflows.locations.list

workflows.operations.cancel

workflows.operations.get

workflows.operations.list

workflows.stepEntries.get

workflows.stepEntries.list

workflows.workflows.create

workflows. workflows. createTagBinding

workflows.workflows.delete

workflows. workflows. deleteTagBinding

workflows.workflows.get

workflows.workflows.list

workflows. workflows. listEffectiveTags

workflows. workflows. listRevision

workflows. workflows. listTagBindings

workflows.workflows.update

Workflows roles and permissions

`workflows.callbacks.list`

`workflows.callbacks.send`

`workflows.executions.cancel`

`workflows.executions.create`

`workflows.executions.get`

`workflows.executions.list`

`workflows.locations.get`

`workflows.locations.list`

`workflows.operations.cancel`

`workflows.operations.get`

`workflows.operations.list`

`workflows.stepEntries.get`

`workflows.stepEntries.list`

`workflows.workflows.create`

`workflows. workflows. createTagBinding`

`workflows.workflows.delete`

`workflows. workflows. deleteTagBinding`

`workflows.workflows.get`

`workflows.workflows.list`

`workflows. workflows. listEffectiveTags`

`workflows. workflows. listRevision`

`workflows. workflows. listTagBindings`

`workflows.workflows.update`