Artifact Registry roles and permissions

This page lists the IAM roles and permissions for Artifact Registry. Tosearch through all roles and permissions, see therole andpermission index.

Artifact Registry roles

Role Permissions

Role	Permissions
Artifact Registry Administrator (`roles/artifactregistry.admin`) Administrator access to create and manage repositories.	`artifactregistry.aptartifacts.create` `artifactregistry.attachments.` `artifactregistry.attachments.create` `artifactregistry.attachments.delete` `artifactregistry.attachments.get` `artifactregistry.attachments.list` `artifactregistry.dockerimages.` `artifactregistry.dockerimages.get` `artifactregistry.dockerimages.list` `artifactregistry.files.` `artifactregistry.files.delete` `artifactregistry.files.download` `artifactregistry.files.get` `artifactregistry.files.list` `artifactregistry.files.update` `artifactregistry.files.upload` `artifactregistry.kfpartifacts.create` `artifactregistry.locations.` `artifactregistry.locations.get` `artifactregistry.locations.list` `artifactregistry.mavenartifacts.` `artifactregistry.mavenartifacts.get` `artifactregistry.mavenartifacts.list` `artifactregistry.npmpackages.` `artifactregistry.npmpackages.get` `artifactregistry.npmpackages.list` `artifactregistry.packages.` `artifactregistry.packages.delete` `artifactregistry.packages.get` `artifactregistry.packages.list` `artifactregistry.packages.update` `artifactregistry.projectsettings.` `artifactregistry.projectsettings.get` `artifactregistry.projectsettings.update` `artifactregistry.pythonpackages.` `artifactregistry.pythonpackages.get` `artifactregistry.pythonpackages.list` `artifactregistry.repositories.create` `artifactregistry.repositories.createTagBinding` `artifactregistry.repositories.delete` `artifactregistry.repositories.deleteArtifacts` `artifactregistry.repositories.deleteTagBinding` `artifactregistry.repositories.downloadArtifacts` `artifactregistry.repositories.exportArtifacts` `artifactregistry.repositories.get` `artifactregistry.repositories.getIamPolicy` `artifactregistry.repositories.list` `artifactregistry.repositories.listEffectiveTags` `artifactregistry.repositories.listTagBindings` `artifactregistry.repositories.readViaVirtualRepository` `artifactregistry.repositories.setIamPolicy` `artifactregistry.repositories.update` `artifactregistry.repositories.uploadArtifacts` `artifactregistry.rules.` `artifactregistry.rules.create` `artifactregistry.rules.delete` `artifactregistry.rules.get` `artifactregistry.rules.list` `artifactregistry.rules.update` `artifactregistry.tags.` `artifactregistry.tags.create` `artifactregistry.tags.delete` `artifactregistry.tags.get` `artifactregistry.tags.list` `artifactregistry.tags.update` `artifactregistry.versions.` `artifactregistry.versions.delete` `artifactregistry.versions.get` `artifactregistry.versions.list` `artifactregistry.versions.update` `artifactregistry.yumartifacts.create` `cloudkms.keyHandles.*` `cloudkms.keyHandles.create` `cloudkms.keyHandles.get` `cloudkms.keyHandles.list` `cloudkms.operations.get` `cloudkms.projects.showEffectiveAutokeyConfig` `resourcemanager.projects.get`
Artifact Registry Attachment Reader (`roles/artifactregistry.attachmentReader`) Access to read attachments from a repository	`artifactregistry.attachments.get` `artifactregistry.attachments.list` `artifactregistry.files.download`
Artifact Registry Attachment Writer (`roles/artifactregistry.attachmentWriter`) Access to write attachments to a repository	`artifactregistry.attachments.*` `artifactregistry.attachments.create` `artifactregistry.attachments.delete` `artifactregistry.attachments.get` `artifactregistry.attachments.list` `artifactregistry.files.download` `artifactregistry.files.upload`
Container Registry -> Artifact Registry Migration Admin (`roles/artifactregistry.containerRegistryMigrationAdmin`) Access to run migration tooling to migrate from Container Registry to Artifact Registry	`artifactregistry.projectsettings.*` `artifactregistry.projectsettings.get` `artifactregistry.projectsettings.update` `artifactregistry.repositories.create` `artifactregistry.repositories.downloadArtifacts` `artifactregistry.repositories.get` `artifactregistry.repositories.getIamPolicy` `artifactregistry.repositories.list` `artifactregistry.repositories.setIamPolicy` `artifactregistry.repositories.uploadArtifacts` `cloudasset.assets.analyzeIamPolicy` `cloudasset.assets.searchAllIamPolicies` `cloudasset.assets.searchAllResources` `iam.roles.get` `resourcemanager.projects.get` `resourcemanager.projects.getIamPolicy` `serviceusage.services.use` `storage.objects.get` `storage.objects.list`
Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Access to manage artifacts in repositories, as well as create new repositories on push	`artifactregistry.aptartifacts.create` `artifactregistry.attachments.` `artifactregistry.attachments.create` `artifactregistry.attachments.delete` `artifactregistry.attachments.get` `artifactregistry.attachments.list` `artifactregistry.dockerimages.` `artifactregistry.dockerimages.get` `artifactregistry.dockerimages.list` `artifactregistry.files.` `artifactregistry.files.delete` `artifactregistry.files.download` `artifactregistry.files.get` `artifactregistry.files.list` `artifactregistry.files.update` `artifactregistry.files.upload` `artifactregistry.kfpartifacts.create` `artifactregistry.locations.` `artifactregistry.locations.get` `artifactregistry.locations.list` `artifactregistry.mavenartifacts.` `artifactregistry.mavenartifacts.get` `artifactregistry.mavenartifacts.list` `artifactregistry.npmpackages.` `artifactregistry.npmpackages.get` `artifactregistry.npmpackages.list` `artifactregistry.packages.` `artifactregistry.packages.delete` `artifactregistry.packages.get` `artifactregistry.packages.list` `artifactregistry.packages.update` `artifactregistry.projectsettings.get` `artifactregistry.pythonpackages.` `artifactregistry.pythonpackages.get` `artifactregistry.pythonpackages.list` `artifactregistry.repositories.createOnPush` `artifactregistry.repositories.deleteArtifacts` `artifactregistry.repositories.downloadArtifacts` `artifactregistry.repositories.exportArtifacts` `artifactregistry.repositories.get` `artifactregistry.repositories.list` `artifactregistry.repositories.listEffectiveTags` `artifactregistry.repositories.listTagBindings` `artifactregistry.repositories.readViaVirtualRepository` `artifactregistry.repositories.uploadArtifacts` `artifactregistry.rules.` `artifactregistry.rules.create` `artifactregistry.rules.delete` `artifactregistry.rules.get` `artifactregistry.rules.list` `artifactregistry.rules.update` `artifactregistry.tags.` `artifactregistry.tags.create` `artifactregistry.tags.delete` `artifactregistry.tags.get` `artifactregistry.tags.list` `artifactregistry.tags.update` `artifactregistry.versions.*` `artifactregistry.versions.delete` `artifactregistry.versions.get` `artifactregistry.versions.list` `artifactregistry.versions.update` `artifactregistry.yumartifacts.create` `resourcemanager.projects.get`
Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Access to read and write repository items, as well as create new repositories on push	`artifactregistry.aptartifacts.create` `artifactregistry.attachments.` `artifactregistry.attachments.create` `artifactregistry.attachments.delete` `artifactregistry.attachments.get` `artifactregistry.attachments.list` `artifactregistry.dockerimages.` `artifactregistry.dockerimages.get` `artifactregistry.dockerimages.list` `artifactregistry.files.download` `artifactregistry.files.get` `artifactregistry.files.list` `artifactregistry.files.update` `artifactregistry.files.upload` `artifactregistry.kfpartifacts.create` `artifactregistry.locations.` `artifactregistry.locations.get` `artifactregistry.locations.list` `artifactregistry.mavenartifacts.` `artifactregistry.mavenartifacts.get` `artifactregistry.mavenartifacts.list` `artifactregistry.npmpackages.` `artifactregistry.npmpackages.get` `artifactregistry.npmpackages.list` `artifactregistry.packages.get` `artifactregistry.packages.list` `artifactregistry.packages.update` `artifactregistry.projectsettings.get` `artifactregistry.pythonpackages.` `artifactregistry.pythonpackages.get` `artifactregistry.pythonpackages.list` `artifactregistry.repositories.createOnPush` `artifactregistry.repositories.downloadArtifacts` `artifactregistry.repositories.exportArtifacts` `artifactregistry.repositories.get` `artifactregistry.repositories.list` `artifactregistry.repositories.listEffectiveTags` `artifactregistry.repositories.listTagBindings` `artifactregistry.repositories.readViaVirtualRepository` `artifactregistry.repositories.uploadArtifacts` `artifactregistry.rules.get` `artifactregistry.rules.list` `artifactregistry.tags.create` `artifactregistry.tags.get` `artifactregistry.tags.list` `artifactregistry.tags.update` `artifactregistry.versions.get` `artifactregistry.versions.list` `artifactregistry.yumartifacts.create` `resourcemanager.projects.get`
Artifact Registry Reader (`roles/artifactregistry.reader`) Access to read repository items.	`artifactregistry.attachments.get` `artifactregistry.attachments.list` `artifactregistry.dockerimages.` `artifactregistry.dockerimages.get` `artifactregistry.dockerimages.list` `artifactregistry.files.download` `artifactregistry.files.get` `artifactregistry.files.list` `artifactregistry.locations.` `artifactregistry.locations.get` `artifactregistry.locations.list` `artifactregistry.mavenartifacts.` `artifactregistry.mavenartifacts.get` `artifactregistry.mavenartifacts.list` `artifactregistry.npmpackages.` `artifactregistry.npmpackages.get` `artifactregistry.npmpackages.list` `artifactregistry.packages.get` `artifactregistry.packages.list` `artifactregistry.projectsettings.get` `artifactregistry.pythonpackages.*` `artifactregistry.pythonpackages.get` `artifactregistry.pythonpackages.list` `artifactregistry.repositories.downloadArtifacts` `artifactregistry.repositories.exportArtifacts` `artifactregistry.repositories.get` `artifactregistry.repositories.list` `artifactregistry.repositories.listEffectiveTags` `artifactregistry.repositories.listTagBindings` `artifactregistry.repositories.readViaVirtualRepository` `artifactregistry.rules.get` `artifactregistry.rules.list` `artifactregistry.tags.get` `artifactregistry.tags.list` `artifactregistry.versions.get` `artifactregistry.versions.list` `resourcemanager.projects.get`
Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Access to manage artifacts in repositories.	`artifactregistry.aptartifacts.create` `artifactregistry.attachments.` `artifactregistry.attachments.create` `artifactregistry.attachments.delete` `artifactregistry.attachments.get` `artifactregistry.attachments.list` `artifactregistry.dockerimages.` `artifactregistry.dockerimages.get` `artifactregistry.dockerimages.list` `artifactregistry.files.` `artifactregistry.files.delete` `artifactregistry.files.download` `artifactregistry.files.get` `artifactregistry.files.list` `artifactregistry.files.update` `artifactregistry.files.upload` `artifactregistry.kfpartifacts.create` `artifactregistry.locations.` `artifactregistry.locations.get` `artifactregistry.locations.list` `artifactregistry.mavenartifacts.` `artifactregistry.mavenartifacts.get` `artifactregistry.mavenartifacts.list` `artifactregistry.npmpackages.` `artifactregistry.npmpackages.get` `artifactregistry.npmpackages.list` `artifactregistry.packages.` `artifactregistry.packages.delete` `artifactregistry.packages.get` `artifactregistry.packages.list` `artifactregistry.packages.update` `artifactregistry.projectsettings.get` `artifactregistry.pythonpackages.` `artifactregistry.pythonpackages.get` `artifactregistry.pythonpackages.list` `artifactregistry.repositories.deleteArtifacts` `artifactregistry.repositories.downloadArtifacts` `artifactregistry.repositories.exportArtifacts` `artifactregistry.repositories.get` `artifactregistry.repositories.list` `artifactregistry.repositories.listEffectiveTags` `artifactregistry.repositories.listTagBindings` `artifactregistry.repositories.readViaVirtualRepository` `artifactregistry.repositories.uploadArtifacts` `artifactregistry.rules.` `artifactregistry.rules.create` `artifactregistry.rules.delete` `artifactregistry.rules.get` `artifactregistry.rules.list` `artifactregistry.rules.update` `artifactregistry.tags.` `artifactregistry.tags.create` `artifactregistry.tags.delete` `artifactregistry.tags.get` `artifactregistry.tags.list` `artifactregistry.tags.update` `artifactregistry.versions.*` `artifactregistry.versions.delete` `artifactregistry.versions.get` `artifactregistry.versions.list` `artifactregistry.versions.update` `artifactregistry.yumartifacts.create` `resourcemanager.projects.get`
Artifact Registry Service Agent (`roles/artifactregistry.serviceAgent`) Gives the Artifact Registry service account access to managed resources. Warning: Do not grant service agent roles to any principals except service agents.	`artifactregistry.repositories.downloadArtifacts` `artifactregistry.repositories.get` `artifactregistry.repositories.readViaVirtualRepository` `artifactregistry.versions.delete` `pubsub.topics.publish`
Artifact Registry Writer (`roles/artifactregistry.writer`) Access to read and write repository items.	`artifactregistry.aptartifacts.create` `artifactregistry.attachments.` `artifactregistry.attachments.create` `artifactregistry.attachments.delete` `artifactregistry.attachments.get` `artifactregistry.attachments.list` `artifactregistry.dockerimages.` `artifactregistry.dockerimages.get` `artifactregistry.dockerimages.list` `artifactregistry.files.download` `artifactregistry.files.get` `artifactregistry.files.list` `artifactregistry.files.update` `artifactregistry.files.upload` `artifactregistry.kfpartifacts.create` `artifactregistry.locations.` `artifactregistry.locations.get` `artifactregistry.locations.list` `artifactregistry.mavenartifacts.` `artifactregistry.mavenartifacts.get` `artifactregistry.mavenartifacts.list` `artifactregistry.npmpackages.` `artifactregistry.npmpackages.get` `artifactregistry.npmpackages.list` `artifactregistry.packages.get` `artifactregistry.packages.list` `artifactregistry.packages.update` `artifactregistry.projectsettings.get` `artifactregistry.pythonpackages.` `artifactregistry.pythonpackages.get` `artifactregistry.pythonpackages.list` `artifactregistry.repositories.downloadArtifacts` `artifactregistry.repositories.exportArtifacts` `artifactregistry.repositories.get` `artifactregistry.repositories.list` `artifactregistry.repositories.listEffectiveTags` `artifactregistry.repositories.listTagBindings` `artifactregistry.repositories.readViaVirtualRepository` `artifactregistry.repositories.uploadArtifacts` `artifactregistry.rules.get` `artifactregistry.rules.list` `artifactregistry.tags.create` `artifactregistry.tags.get` `artifactregistry.tags.list` `artifactregistry.tags.update` `artifactregistry.versions.get` `artifactregistry.versions.list` `artifactregistry.yumartifacts.create` `resourcemanager.projects.get`

Artifact Registry Administrator

(roles/artifactregistry.admin)

Administrator access to create and manage repositories.

artifactregistry.aptartifacts.create

artifactregistry.attachments.*

artifactregistry.attachments.create
artifactregistry.attachments.delete
artifactregistry.attachments.get
artifactregistry.attachments.list

artifactregistry.dockerimages.*

artifactregistry.dockerimages.get
artifactregistry.dockerimages.list

artifactregistry.files.*

artifactregistry.files.delete
artifactregistry.files.download
artifactregistry.files.get
artifactregistry.files.list
artifactregistry.files.update
artifactregistry.files.upload

artifactregistry.kfpartifacts.create

artifactregistry.locations.*

artifactregistry.locations.get
artifactregistry.locations.list

artifactregistry.mavenartifacts.*

artifactregistry.mavenartifacts.get
artifactregistry.mavenartifacts.list

artifactregistry.npmpackages.*

artifactregistry.npmpackages.get
artifactregistry.npmpackages.list

artifactregistry.packages.*

artifactregistry.packages.delete
artifactregistry.packages.get
artifactregistry.packages.list
artifactregistry.packages.update

artifactregistry.projectsettings.*

artifactregistry.projectsettings.get
artifactregistry.projectsettings.update

artifactregistry.pythonpackages.*

artifactregistry.pythonpackages.get
artifactregistry.pythonpackages.list

artifactregistry.repositories.create

artifactregistry.repositories.createTagBinding

artifactregistry.repositories.delete

artifactregistry.repositories.deleteArtifacts

artifactregistry.repositories.deleteTagBinding

artifactregistry.repositories.downloadArtifacts

artifactregistry.repositories.exportArtifacts

artifactregistry.repositories.get

artifactregistry.repositories.getIamPolicy

artifactregistry.repositories.list

artifactregistry.repositories.listEffectiveTags

artifactregistry.repositories.listTagBindings

artifactregistry.repositories.readViaVirtualRepository

artifactregistry.repositories.setIamPolicy

artifactregistry.repositories.update

artifactregistry.repositories.uploadArtifacts

artifactregistry.rules.*

artifactregistry.rules.create
artifactregistry.rules.delete
artifactregistry.rules.get
artifactregistry.rules.list
artifactregistry.rules.update

artifactregistry.tags.*

artifactregistry.tags.create
artifactregistry.tags.delete
artifactregistry.tags.get
artifactregistry.tags.list
artifactregistry.tags.update

artifactregistry.versions.*

artifactregistry.versions.delete
artifactregistry.versions.get
artifactregistry.versions.list
artifactregistry.versions.update

artifactregistry.yumartifacts.create

cloudkms.keyHandles.*

cloudkms.keyHandles.create
cloudkms.keyHandles.get
cloudkms.keyHandles.list

cloudkms.operations.get

cloudkms.projects.showEffectiveAutokeyConfig

resourcemanager.projects.get

Artifact Registry Attachment Reader

(roles/artifactregistry.attachmentReader)

Access to read attachments from a repository

artifactregistry.attachments.get

artifactregistry.attachments.list

artifactregistry.files.download

Artifact Registry Attachment Writer

(roles/artifactregistry.attachmentWriter)

Access to write attachments to a repository

artifactregistry.attachments.*

artifactregistry.attachments.create
artifactregistry.attachments.delete
artifactregistry.attachments.get
artifactregistry.attachments.list

artifactregistry.files.download

artifactregistry.files.upload

Container Registry -> Artifact Registry Migration Admin

(roles/artifactregistry.containerRegistryMigrationAdmin)

Access to run migration tooling to migrate from Container Registry to Artifact Registry

artifactregistry.projectsettings.*

artifactregistry.projectsettings.get
artifactregistry.projectsettings.update

artifactregistry.repositories.create

artifactregistry.repositories.downloadArtifacts

artifactregistry.repositories.get

artifactregistry.repositories.getIamPolicy

artifactregistry.repositories.list

artifactregistry.repositories.setIamPolicy

artifactregistry.repositories.uploadArtifacts

cloudasset.assets.analyzeIamPolicy

cloudasset.assets.searchAllIamPolicies

cloudasset.assets.searchAllResources

iam.roles.get

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

serviceusage.services.use

storage.objects.get

storage.objects.list

Artifact Registry Create-on-Push Repository Administrator

(roles/artifactregistry.createOnPushRepoAdmin)

Access to manage artifacts in repositories, as well as create new repositories on push

artifactregistry.aptartifacts.create

artifactregistry.attachments.*

artifactregistry.attachments.create
artifactregistry.attachments.delete
artifactregistry.attachments.get
artifactregistry.attachments.list

artifactregistry.dockerimages.*

artifactregistry.dockerimages.get
artifactregistry.dockerimages.list

artifactregistry.files.*

artifactregistry.files.delete
artifactregistry.files.download
artifactregistry.files.get
artifactregistry.files.list
artifactregistry.files.update
artifactregistry.files.upload

artifactregistry.kfpartifacts.create

artifactregistry.locations.*

artifactregistry.locations.get
artifactregistry.locations.list

artifactregistry.mavenartifacts.*

artifactregistry.mavenartifacts.get
artifactregistry.mavenartifacts.list

artifactregistry.npmpackages.*

artifactregistry.npmpackages.get
artifactregistry.npmpackages.list

artifactregistry.packages.*

artifactregistry.packages.delete
artifactregistry.packages.get
artifactregistry.packages.list
artifactregistry.packages.update

artifactregistry.projectsettings.get

artifactregistry.pythonpackages.*

artifactregistry.pythonpackages.get
artifactregistry.pythonpackages.list

artifactregistry.repositories.createOnPush

artifactregistry.repositories.deleteArtifacts

artifactregistry.repositories.downloadArtifacts

artifactregistry.repositories.exportArtifacts

artifactregistry.repositories.get

artifactregistry.repositories.list

artifactregistry.repositories.listEffectiveTags

artifactregistry.repositories.listTagBindings

artifactregistry.repositories.readViaVirtualRepository

artifactregistry.repositories.uploadArtifacts

artifactregistry.rules.*

artifactregistry.rules.create
artifactregistry.rules.delete
artifactregistry.rules.get
artifactregistry.rules.list
artifactregistry.rules.update

artifactregistry.tags.*

artifactregistry.tags.create
artifactregistry.tags.delete
artifactregistry.tags.get
artifactregistry.tags.list
artifactregistry.tags.update

artifactregistry.versions.*

artifactregistry.versions.delete
artifactregistry.versions.get
artifactregistry.versions.list
artifactregistry.versions.update

artifactregistry.yumartifacts.create

resourcemanager.projects.get

Artifact Registry Create-on-Push Writer

(roles/artifactregistry.createOnPushWriter)

Access to read and write repository items, as well as create new repositories on push

artifactregistry.aptartifacts.create

artifactregistry.attachments.*

artifactregistry.attachments.create
artifactregistry.attachments.delete
artifactregistry.attachments.get
artifactregistry.attachments.list

artifactregistry.dockerimages.*

artifactregistry.dockerimages.get
artifactregistry.dockerimages.list

artifactregistry.files.download

artifactregistry.files.get

artifactregistry.files.list

artifactregistry.files.update

artifactregistry.files.upload

artifactregistry.kfpartifacts.create

artifactregistry.locations.*

artifactregistry.locations.get
artifactregistry.locations.list

artifactregistry.mavenartifacts.*

artifactregistry.mavenartifacts.get
artifactregistry.mavenartifacts.list

artifactregistry.npmpackages.*

artifactregistry.npmpackages.get
artifactregistry.npmpackages.list

artifactregistry.packages.get

artifactregistry.packages.list

artifactregistry.packages.update

artifactregistry.projectsettings.get

artifactregistry.pythonpackages.*

artifactregistry.pythonpackages.get
artifactregistry.pythonpackages.list

artifactregistry.repositories.createOnPush

artifactregistry.repositories.downloadArtifacts

artifactregistry.repositories.exportArtifacts

artifactregistry.repositories.get

artifactregistry.repositories.list

artifactregistry.repositories.listEffectiveTags

artifactregistry.repositories.listTagBindings

artifactregistry.repositories.readViaVirtualRepository

artifactregistry.repositories.uploadArtifacts

artifactregistry.rules.get

artifactregistry.rules.list

artifactregistry.tags.create

artifactregistry.tags.get

artifactregistry.tags.list

artifactregistry.tags.update

artifactregistry.versions.get

artifactregistry.versions.list

artifactregistry.yumartifacts.create

resourcemanager.projects.get

Artifact Registry Reader

(roles/artifactregistry.reader)

Access to read repository items.

artifactregistry.attachments.get

artifactregistry.attachments.list

artifactregistry.dockerimages.*

artifactregistry.dockerimages.get
artifactregistry.dockerimages.list

artifactregistry.files.download

artifactregistry.files.get

artifactregistry.files.list

artifactregistry.locations.*

artifactregistry.locations.get
artifactregistry.locations.list

artifactregistry.mavenartifacts.*

artifactregistry.mavenartifacts.get
artifactregistry.mavenartifacts.list

artifactregistry.npmpackages.*

artifactregistry.npmpackages.get
artifactregistry.npmpackages.list

artifactregistry.packages.get

artifactregistry.packages.list

artifactregistry.projectsettings.get

artifactregistry.pythonpackages.*

artifactregistry.pythonpackages.get
artifactregistry.pythonpackages.list

artifactregistry.repositories.downloadArtifacts

artifactregistry.repositories.exportArtifacts

artifactregistry.repositories.get

artifactregistry.repositories.list

artifactregistry.repositories.listEffectiveTags

artifactregistry.repositories.listTagBindings

artifactregistry.repositories.readViaVirtualRepository

artifactregistry.rules.get

artifactregistry.rules.list

artifactregistry.tags.get

artifactregistry.tags.list

artifactregistry.versions.get

artifactregistry.versions.list

resourcemanager.projects.get

Artifact Registry Repository Administrator

(roles/artifactregistry.repoAdmin)

Access to manage artifacts in repositories.

artifactregistry.aptartifacts.create

artifactregistry.attachments.*

artifactregistry.attachments.create
artifactregistry.attachments.delete
artifactregistry.attachments.get
artifactregistry.attachments.list

artifactregistry.dockerimages.*

artifactregistry.dockerimages.get
artifactregistry.dockerimages.list

artifactregistry.files.*

artifactregistry.files.delete
artifactregistry.files.download
artifactregistry.files.get
artifactregistry.files.list
artifactregistry.files.update
artifactregistry.files.upload

artifactregistry.kfpartifacts.create

artifactregistry.locations.*

artifactregistry.locations.get
artifactregistry.locations.list

artifactregistry.mavenartifacts.*

artifactregistry.mavenartifacts.get
artifactregistry.mavenartifacts.list

artifactregistry.npmpackages.*

artifactregistry.npmpackages.get
artifactregistry.npmpackages.list

artifactregistry.packages.*

artifactregistry.packages.delete
artifactregistry.packages.get
artifactregistry.packages.list
artifactregistry.packages.update

artifactregistry.projectsettings.get

artifactregistry.pythonpackages.*

artifactregistry.pythonpackages.get
artifactregistry.pythonpackages.list

artifactregistry.repositories.deleteArtifacts

artifactregistry.repositories.downloadArtifacts

artifactregistry.repositories.exportArtifacts

artifactregistry.repositories.get

artifactregistry.repositories.list

artifactregistry.repositories.listEffectiveTags

artifactregistry.repositories.listTagBindings

artifactregistry.repositories.readViaVirtualRepository

artifactregistry.repositories.uploadArtifacts

artifactregistry.rules.*

artifactregistry.rules.create
artifactregistry.rules.delete
artifactregistry.rules.get
artifactregistry.rules.list
artifactregistry.rules.update

artifactregistry.tags.*

artifactregistry.tags.create
artifactregistry.tags.delete
artifactregistry.tags.get
artifactregistry.tags.list
artifactregistry.tags.update

artifactregistry.versions.*

artifactregistry.versions.delete
artifactregistry.versions.get
artifactregistry.versions.list
artifactregistry.versions.update

artifactregistry.yumartifacts.create

resourcemanager.projects.get

Artifact Registry Service Agent

(roles/artifactregistry.serviceAgent)

Gives the Artifact Registry service account access to managed resources.

Warning: Do not grant service agent roles to any principals except service agents.

artifactregistry.repositories.downloadArtifacts

artifactregistry.repositories.get

artifactregistry.repositories.readViaVirtualRepository

artifactregistry.versions.delete

pubsub.topics.publish

Artifact Registry Writer

(roles/artifactregistry.writer)

Access to read and write repository items.

artifactregistry.aptartifacts.create

artifactregistry.attachments.*

artifactregistry.attachments.create
artifactregistry.attachments.delete
artifactregistry.attachments.get
artifactregistry.attachments.list

artifactregistry.dockerimages.*

artifactregistry.dockerimages.get
artifactregistry.dockerimages.list

artifactregistry.files.download

artifactregistry.files.get

artifactregistry.files.list

artifactregistry.files.update

artifactregistry.files.upload

artifactregistry.kfpartifacts.create

artifactregistry.locations.*

artifactregistry.locations.get
artifactregistry.locations.list

artifactregistry.mavenartifacts.*

artifactregistry.mavenartifacts.get
artifactregistry.mavenartifacts.list

artifactregistry.npmpackages.*

artifactregistry.npmpackages.get
artifactregistry.npmpackages.list

artifactregistry.packages.get

artifactregistry.packages.list

artifactregistry.packages.update

artifactregistry.projectsettings.get

artifactregistry.pythonpackages.*

artifactregistry.pythonpackages.get
artifactregistry.pythonpackages.list

artifactregistry.repositories.downloadArtifacts

artifactregistry.repositories.exportArtifacts

artifactregistry.repositories.get

artifactregistry.repositories.list

artifactregistry.repositories.listEffectiveTags

artifactregistry.repositories.listTagBindings

artifactregistry.repositories.readViaVirtualRepository

artifactregistry.repositories.uploadArtifacts

artifactregistry.rules.get

artifactregistry.rules.list

artifactregistry.tags.create

artifactregistry.tags.get

artifactregistry.tags.list

artifactregistry.tags.update

artifactregistry.versions.get

artifactregistry.versions.list

artifactregistry.yumartifacts.create

resourcemanager.projects.get

Artifact Registry permissions

Permission	Included in roles
`artifactregistry.aptartifacts.create`	Owner (`roles/owner`) Editor (`roles/editor`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Artifact Registry Writer (`roles/artifactregistry.writer`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Composer Worker (`roles/composer.worker`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Dev Ops (`roles/iam.devOps`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`)
`artifactregistry.attachments.create`	Owner (`roles/owner`) Editor (`roles/editor`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Attachment Writer (`roles/artifactregistry.attachmentWriter`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Artifact Registry Writer (`roles/artifactregistry.writer`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Composer Worker (`roles/composer.worker`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Dev Ops (`roles/iam.devOps`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`)
`artifactregistry.attachments.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Attachment Writer (`roles/artifactregistry.attachmentWriter`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Artifact Registry Writer (`roles/artifactregistry.writer`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Composer Worker (`roles/composer.worker`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Dev Ops (`roles/iam.devOps`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`)
`artifactregistry.attachments.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Attachment Reader (`roles/artifactregistry.attachmentReader`) Artifact Registry Attachment Writer (`roles/artifactregistry.attachmentWriter`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Artifact Registry Reader (`roles/artifactregistry.reader`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Artifact Registry Writer (`roles/artifactregistry.writer`) Assured OSS Admin (`roles/assuredoss.admin`) Assured OSS Project Admin (`roles/assuredoss.projectAdmin`) Assured OSS Reader (`roles/assuredoss.reader`) Assured OSS User (`roles/assuredoss.user`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Composer Worker (`roles/composer.worker`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Data Scientist (`roles/iam.dataScientist`) Dev Ops (`roles/iam.devOps`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Cloud Run Source Developer (`roles/run.sourceDeveloper`) Security Center Admin (`roles/securitycenter.admin`) Security Center Admin Editor (`roles/securitycenter.adminEditor`) Security Center Admin Viewer (`roles/securitycenter.adminViewer`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Container Analysis Service Agent (`roles/containeranalysis.ServiceAgent`) Container Scanner Service Agent (`roles/containerscanning.ServiceAgent`) AI Platform Service Agent (`roles/ml.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`)
`artifactregistry.attachments.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Attachment Reader (`roles/artifactregistry.attachmentReader`) Artifact Registry Attachment Writer (`roles/artifactregistry.attachmentWriter`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Artifact Registry Reader (`roles/artifactregistry.reader`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Artifact Registry Writer (`roles/artifactregistry.writer`) Assured OSS Admin (`roles/assuredoss.admin`) Assured OSS Project Admin (`roles/assuredoss.projectAdmin`) Assured OSS Reader (`roles/assuredoss.reader`) Assured OSS User (`roles/assuredoss.user`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Composer Worker (`roles/composer.worker`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Data Scientist (`roles/iam.dataScientist`) Dev Ops (`roles/iam.devOps`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Cloud Run Source Developer (`roles/run.sourceDeveloper`) Security Center Admin (`roles/securitycenter.admin`) Security Center Admin Editor (`roles/securitycenter.adminEditor`) Security Center Admin Viewer (`roles/securitycenter.adminViewer`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Container Analysis Service Agent (`roles/containeranalysis.ServiceAgent`) Container Scanner Service Agent (`roles/containerscanning.ServiceAgent`) AI Platform Service Agent (`roles/ml.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`)
`artifactregistry.dockerimages.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Artifact Registry Reader (`roles/artifactregistry.reader`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Artifact Registry Writer (`roles/artifactregistry.writer`) Assured OSS Admin (`roles/assuredoss.admin`) Assured OSS Project Admin (`roles/assuredoss.projectAdmin`) Assured OSS Reader (`roles/assuredoss.reader`) Assured OSS User (`roles/assuredoss.user`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Composer Worker (`roles/composer.worker`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Data Scientist (`roles/iam.dataScientist`) Dev Ops (`roles/iam.devOps`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Cloud Run Source Developer (`roles/run.sourceDeveloper`) Security Center Admin (`roles/securitycenter.admin`) Security Center Admin Editor (`roles/securitycenter.adminEditor`) Security Center Admin Viewer (`roles/securitycenter.adminViewer`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Binary Authorization Service Agent (`roles/binaryauthorization.serviceAgent`) Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Config Delivery Service Agent (`roles/configdelivery.serviceAgent`) Container Analysis Service Agent (`roles/containeranalysis.ServiceAgent`) Container Scanner Service Agent (`roles/containerscanning.ServiceAgent`) Firebase App Hosting Service Agent (`roles/firebaseapphosting.serviceAgent`) Anthos Multi-Cloud Control Plane Machine Service Agent (`roles/gkemulticloud.controlPlaneMachineServiceAgent`) Anthos Multi-Cloud Node Pool Machine Service Agent (`roles/gkemulticloud.nodePoolMachineServiceAgent`) AI Platform Service Agent (`roles/ml.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`)
`artifactregistry.dockerimages.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Artifact Registry Reader (`roles/artifactregistry.reader`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Artifact Registry Writer (`roles/artifactregistry.writer`) Assured OSS Admin (`roles/assuredoss.admin`) Assured OSS Project Admin (`roles/assuredoss.projectAdmin`) Assured OSS Reader (`roles/assuredoss.reader`) Assured OSS User (`roles/assuredoss.user`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Composer Worker (`roles/composer.worker`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Data Scientist (`roles/iam.dataScientist`) Dev Ops (`roles/iam.devOps`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Cloud Run Source Developer (`roles/run.sourceDeveloper`) Security Center Admin (`roles/securitycenter.admin`) Security Center Admin Editor (`roles/securitycenter.adminEditor`) Security Center Admin Viewer (`roles/securitycenter.adminViewer`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Config Delivery Service Agent (`roles/configdelivery.serviceAgent`) Container Analysis Service Agent (`roles/containeranalysis.ServiceAgent`) Container Scanner Service Agent (`roles/containerscanning.ServiceAgent`) Firebase App Hosting Service Agent (`roles/firebaseapphosting.serviceAgent`) AI Platform Service Agent (`roles/ml.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`)
`artifactregistry.files.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Composer Worker (`roles/composer.worker`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`)
`artifactregistry.files.download`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Attachment Reader (`roles/artifactregistry.attachmentReader`) Artifact Registry Attachment Writer (`roles/artifactregistry.attachmentWriter`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Artifact Registry Reader (`roles/artifactregistry.reader`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Artifact Registry Writer (`roles/artifactregistry.writer`) Assured OSS Admin (`roles/assuredoss.admin`) Assured OSS Project Admin (`roles/assuredoss.projectAdmin`) Assured OSS Reader (`roles/assuredoss.reader`) Assured OSS User (`roles/assuredoss.user`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Composer Worker (`roles/composer.worker`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Data Scientist (`roles/iam.dataScientist`) Dev Ops (`roles/iam.devOps`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Cloud Run Source Developer (`roles/run.sourceDeveloper`) Security Center Admin (`roles/securitycenter.admin`) Security Center Admin Editor (`roles/securitycenter.adminEditor`) Security Center Admin Viewer (`roles/securitycenter.adminViewer`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Container Analysis Service Agent (`roles/containeranalysis.ServiceAgent`) Container Scanner Service Agent (`roles/containerscanning.ServiceAgent`) AI Platform Service Agent (`roles/ml.serviceAgent`) Network Actions Service Agent (`roles/networkactions.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`)
`artifactregistry.files.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Artifact Registry Reader (`roles/artifactregistry.reader`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Artifact Registry Writer (`roles/artifactregistry.writer`) Assured OSS Admin (`roles/assuredoss.admin`) Assured OSS Project Admin (`roles/assuredoss.projectAdmin`) Assured OSS Reader (`roles/assuredoss.reader`) Assured OSS User (`roles/assuredoss.user`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Composer Worker (`roles/composer.worker`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Data Scientist (`roles/iam.dataScientist`) Dev Ops (`roles/iam.devOps`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Cloud Run Source Developer (`roles/run.sourceDeveloper`) Security Center Admin (`roles/securitycenter.admin`) Security Center Admin Editor (`roles/securitycenter.adminEditor`) Security Center Admin Viewer (`roles/securitycenter.adminViewer`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Container Analysis Service Agent (`roles/containeranalysis.ServiceAgent`) Container Scanner Service Agent (`roles/containerscanning.ServiceAgent`) AI Platform Service Agent (`roles/ml.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`)
`artifactregistry.files.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Artifact Registry Reader (`roles/artifactregistry.reader`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Artifact Registry Writer (`roles/artifactregistry.writer`) Assured OSS Admin (`roles/assuredoss.admin`) Assured OSS Project Admin (`roles/assuredoss.projectAdmin`) Assured OSS Reader (`roles/assuredoss.reader`) Assured OSS User (`roles/assuredoss.user`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Composer Worker (`roles/composer.worker`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Data Scientist (`roles/iam.dataScientist`) Dev Ops (`roles/iam.devOps`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Cloud Run Source Developer (`roles/run.sourceDeveloper`) Security Center Admin (`roles/securitycenter.admin`) Security Center Admin Editor (`roles/securitycenter.adminEditor`) Security Center Admin Viewer (`roles/securitycenter.adminViewer`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Container Analysis Service Agent (`roles/containeranalysis.ServiceAgent`) Container Scanner Service Agent (`roles/containerscanning.ServiceAgent`) AI Platform Service Agent (`roles/ml.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`)
`artifactregistry.files.update`	Owner (`roles/owner`) Editor (`roles/editor`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Artifact Registry Writer (`roles/artifactregistry.writer`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Composer Worker (`roles/composer.worker`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Dev Ops (`roles/iam.devOps`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`)
`artifactregistry.files.upload`	Owner (`roles/owner`) Editor (`roles/editor`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Attachment Writer (`roles/artifactregistry.attachmentWriter`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Artifact Registry Writer (`roles/artifactregistry.writer`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Composer Worker (`roles/composer.worker`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Dev Ops (`roles/iam.devOps`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`)
`artifactregistry.kfpartifacts.create`	Owner (`roles/owner`) Editor (`roles/editor`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Artifact Registry Writer (`roles/artifactregistry.writer`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Composer Worker (`roles/composer.worker`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Dev Ops (`roles/iam.devOps`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`)
`artifactregistry.locations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Artifact Registry Reader (`roles/artifactregistry.reader`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Artifact Registry Writer (`roles/artifactregistry.writer`) Assured OSS Admin (`roles/assuredoss.admin`) Assured OSS Project Admin (`roles/assuredoss.projectAdmin`) Assured OSS Reader (`roles/assuredoss.reader`) Assured OSS User (`roles/assuredoss.user`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Composer Worker (`roles/composer.worker`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Data Scientist (`roles/iam.dataScientist`) Dev Ops (`roles/iam.devOps`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Cloud Run Source Developer (`roles/run.sourceDeveloper`) Security Center Admin (`roles/securitycenter.admin`) Security Center Admin Editor (`roles/securitycenter.adminEditor`) Security Center Admin Viewer (`roles/securitycenter.adminViewer`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Container Analysis Service Agent (`roles/containeranalysis.ServiceAgent`) Container Scanner Service Agent (`roles/containerscanning.ServiceAgent`) AI Platform Service Agent (`roles/ml.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`)
`artifactregistry.locations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Artifact Registry Reader (`roles/artifactregistry.reader`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Artifact Registry Writer (`roles/artifactregistry.writer`) Assured OSS Admin (`roles/assuredoss.admin`) Assured OSS Project Admin (`roles/assuredoss.projectAdmin`) Assured OSS Reader (`roles/assuredoss.reader`) Assured OSS User (`roles/assuredoss.user`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Composer Worker (`roles/composer.worker`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Data Scientist (`roles/iam.dataScientist`) Dev Ops (`roles/iam.devOps`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Service Extensions Admin (`roles/networkservices.serviceExtensionsAdmin`) Cloud Run Source Developer (`roles/run.sourceDeveloper`) Security Center Admin (`roles/securitycenter.admin`) Security Center Admin Editor (`roles/securitycenter.adminEditor`) Security Center Admin Viewer (`roles/securitycenter.adminViewer`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Container Analysis Service Agent (`roles/containeranalysis.ServiceAgent`) Container Scanner Service Agent (`roles/containerscanning.ServiceAgent`) AI Platform Service Agent (`roles/ml.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`)
`artifactregistry.mavenartifacts.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Artifact Registry Reader (`roles/artifactregistry.reader`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Artifact Registry Writer (`roles/artifactregistry.writer`) Assured OSS Admin (`roles/assuredoss.admin`) Assured OSS Project Admin (`roles/assuredoss.projectAdmin`) Assured OSS Reader (`roles/assuredoss.reader`) Assured OSS User (`roles/assuredoss.user`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Composer Worker (`roles/composer.worker`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Data Scientist (`roles/iam.dataScientist`) Dev Ops (`roles/iam.devOps`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Cloud Run Source Developer (`roles/run.sourceDeveloper`) Security Center Admin (`roles/securitycenter.admin`) Security Center Admin Editor (`roles/securitycenter.adminEditor`) Security Center Admin Viewer (`roles/securitycenter.adminViewer`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Container Analysis Service Agent (`roles/containeranalysis.ServiceAgent`) Container Scanner Service Agent (`roles/containerscanning.ServiceAgent`) AI Platform Service Agent (`roles/ml.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`)
`artifactregistry.mavenartifacts.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Artifact Registry Reader (`roles/artifactregistry.reader`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Artifact Registry Writer (`roles/artifactregistry.writer`) Assured OSS Admin (`roles/assuredoss.admin`) Assured OSS Project Admin (`roles/assuredoss.projectAdmin`) Assured OSS Reader (`roles/assuredoss.reader`) Assured OSS User (`roles/assuredoss.user`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Composer Worker (`roles/composer.worker`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Data Scientist (`roles/iam.dataScientist`) Dev Ops (`roles/iam.devOps`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Cloud Run Source Developer (`roles/run.sourceDeveloper`) Security Center Admin (`roles/securitycenter.admin`) Security Center Admin Editor (`roles/securitycenter.adminEditor`) Security Center Admin Viewer (`roles/securitycenter.adminViewer`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Container Analysis Service Agent (`roles/containeranalysis.ServiceAgent`) Container Scanner Service Agent (`roles/containerscanning.ServiceAgent`) AI Platform Service Agent (`roles/ml.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`)
`artifactregistry.npmpackages.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Artifact Registry Reader (`roles/artifactregistry.reader`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Artifact Registry Writer (`roles/artifactregistry.writer`) Assured OSS Admin (`roles/assuredoss.admin`) Assured OSS Project Admin (`roles/assuredoss.projectAdmin`) Assured OSS Reader (`roles/assuredoss.reader`) Assured OSS User (`roles/assuredoss.user`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Composer Worker (`roles/composer.worker`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Data Scientist (`roles/iam.dataScientist`) Dev Ops (`roles/iam.devOps`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Cloud Run Source Developer (`roles/run.sourceDeveloper`) Security Center Admin (`roles/securitycenter.admin`) Security Center Admin Editor (`roles/securitycenter.adminEditor`) Security Center Admin Viewer (`roles/securitycenter.adminViewer`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Container Analysis Service Agent (`roles/containeranalysis.ServiceAgent`) Container Scanner Service Agent (`roles/containerscanning.ServiceAgent`) AI Platform Service Agent (`roles/ml.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`)
`artifactregistry.npmpackages.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Artifact Registry Reader (`roles/artifactregistry.reader`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Artifact Registry Writer (`roles/artifactregistry.writer`) Assured OSS Admin (`roles/assuredoss.admin`) Assured OSS Project Admin (`roles/assuredoss.projectAdmin`) Assured OSS Reader (`roles/assuredoss.reader`) Assured OSS User (`roles/assuredoss.user`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Composer Worker (`roles/composer.worker`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Data Scientist (`roles/iam.dataScientist`) Dev Ops (`roles/iam.devOps`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Cloud Run Source Developer (`roles/run.sourceDeveloper`) Security Center Admin (`roles/securitycenter.admin`) Security Center Admin Editor (`roles/securitycenter.adminEditor`) Security Center Admin Viewer (`roles/securitycenter.adminViewer`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Container Analysis Service Agent (`roles/containeranalysis.ServiceAgent`) Container Scanner Service Agent (`roles/containerscanning.ServiceAgent`) AI Platform Service Agent (`roles/ml.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`)
`artifactregistry.packages.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Composer Worker (`roles/composer.worker`) Firebase Extensions API Service Agent (`roles/firebasemods.serviceAgent`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`)
`artifactregistry.packages.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Artifact Registry Reader (`roles/artifactregistry.reader`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Artifact Registry Writer (`roles/artifactregistry.writer`) Assured OSS Admin (`roles/assuredoss.admin`) Assured OSS Project Admin (`roles/assuredoss.projectAdmin`) Assured OSS Reader (`roles/assuredoss.reader`) Assured OSS User (`roles/assuredoss.user`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Composer Worker (`roles/composer.worker`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Data Scientist (`roles/iam.dataScientist`) Dev Ops (`roles/iam.devOps`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Cloud Run Source Developer (`roles/run.sourceDeveloper`) Security Center Admin (`roles/securitycenter.admin`) Security Center Admin Editor (`roles/securitycenter.adminEditor`) Security Center Admin Viewer (`roles/securitycenter.adminViewer`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Container Analysis Service Agent (`roles/containeranalysis.ServiceAgent`) Container Scanner Service Agent (`roles/containerscanning.ServiceAgent`) AI Platform Service Agent (`roles/ml.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`)
`artifactregistry.packages.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Artifact Registry Reader (`roles/artifactregistry.reader`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Artifact Registry Writer (`roles/artifactregistry.writer`) Assured OSS Admin (`roles/assuredoss.admin`) Assured OSS Project Admin (`roles/assuredoss.projectAdmin`) Assured OSS Reader (`roles/assuredoss.reader`) Assured OSS User (`roles/assuredoss.user`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Composer Worker (`roles/composer.worker`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Data Scientist (`roles/iam.dataScientist`) Dev Ops (`roles/iam.devOps`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Service Extensions Admin (`roles/networkservices.serviceExtensionsAdmin`) Cloud Run Source Developer (`roles/run.sourceDeveloper`) Security Center Admin (`roles/securitycenter.admin`) Security Center Admin Editor (`roles/securitycenter.adminEditor`) Security Center Admin Viewer (`roles/securitycenter.adminViewer`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Container Analysis Service Agent (`roles/containeranalysis.ServiceAgent`) Container Scanner Service Agent (`roles/containerscanning.ServiceAgent`) AI Platform Service Agent (`roles/ml.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`)
`artifactregistry.packages.update`	Owner (`roles/owner`) Editor (`roles/editor`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Artifact Registry Writer (`roles/artifactregistry.writer`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Composer Worker (`roles/composer.worker`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Dev Ops (`roles/iam.devOps`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`)
`artifactregistry.projectsettings.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) App Engine Admin (`roles/appengine.appAdmin`) App Engine Viewer (`roles/appengine.appViewer`) App Engine Code Viewer (`roles/appengine.codeViewer`) App Engine Deployer (`roles/appengine.deployer`) App Engine Service Admin (`roles/appengine.serviceAdmin`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Container Registry -> Artifact Registry Migration Admin (`roles/artifactregistry.containerRegistryMigrationAdmin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Artifact Registry Reader (`roles/artifactregistry.reader`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Artifact Registry Writer (`roles/artifactregistry.writer`) Assured OSS Admin (`roles/assuredoss.admin`) Assured OSS Project Admin (`roles/assuredoss.projectAdmin`) Assured OSS Reader (`roles/assuredoss.reader`) Assured OSS User (`roles/assuredoss.user`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Composer Worker (`roles/composer.worker`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Data Scientist (`roles/iam.dataScientist`) Dev Ops (`roles/iam.devOps`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Cloud Run Source Developer (`roles/run.sourceDeveloper`) Security Center Admin (`roles/securitycenter.admin`) Security Center Admin Editor (`roles/securitycenter.adminEditor`) Security Center Admin Viewer (`roles/securitycenter.adminViewer`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Config Delivery Service Agent (`roles/configdelivery.serviceAgent`) Container Analysis Service Agent (`roles/containeranalysis.ServiceAgent`) Container Scanner Service Agent (`roles/containerscanning.ServiceAgent`) AI Platform Service Agent (`roles/ml.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`)
`artifactregistry.projectsettings.update`	Owner (`roles/owner`) Editor (`roles/editor`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Container Registry -> Artifact Registry Migration Admin (`roles/artifactregistry.containerRegistryMigrationAdmin`) Composer Worker (`roles/composer.worker`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`)
`artifactregistry.pythonpackages.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Artifact Registry Reader (`roles/artifactregistry.reader`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Artifact Registry Writer (`roles/artifactregistry.writer`) Assured OSS Admin (`roles/assuredoss.admin`) Assured OSS Project Admin (`roles/assuredoss.projectAdmin`) Assured OSS Reader (`roles/assuredoss.reader`) Assured OSS User (`roles/assuredoss.user`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Composer Worker (`roles/composer.worker`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Data Scientist (`roles/iam.dataScientist`) Dev Ops (`roles/iam.devOps`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Cloud Run Source Developer (`roles/run.sourceDeveloper`) Security Center Admin (`roles/securitycenter.admin`) Security Center Admin Editor (`roles/securitycenter.adminEditor`) Security Center Admin Viewer (`roles/securitycenter.adminViewer`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Container Analysis Service Agent (`roles/containeranalysis.ServiceAgent`) Container Scanner Service Agent (`roles/containerscanning.ServiceAgent`) AI Platform Service Agent (`roles/ml.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`)
`artifactregistry.pythonpackages.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Artifact Registry Reader (`roles/artifactregistry.reader`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Artifact Registry Writer (`roles/artifactregistry.writer`) Assured OSS Admin (`roles/assuredoss.admin`) Assured OSS Project Admin (`roles/assuredoss.projectAdmin`) Assured OSS Reader (`roles/assuredoss.reader`) Assured OSS User (`roles/assuredoss.user`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Composer Worker (`roles/composer.worker`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Data Scientist (`roles/iam.dataScientist`) Dev Ops (`roles/iam.devOps`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Cloud Run Source Developer (`roles/run.sourceDeveloper`) Security Center Admin (`roles/securitycenter.admin`) Security Center Admin Editor (`roles/securitycenter.adminEditor`) Security Center Admin Viewer (`roles/securitycenter.adminViewer`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Container Analysis Service Agent (`roles/containeranalysis.ServiceAgent`) Container Scanner Service Agent (`roles/containerscanning.ServiceAgent`) AI Platform Service Agent (`roles/ml.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`)
`artifactregistry.repositories.create`	Owner (`roles/owner`) Editor (`roles/editor`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Container Registry -> Artifact Registry Migration Admin (`roles/artifactregistry.containerRegistryMigrationAdmin`) Assured OSS Admin (`roles/assuredoss.admin`) Assured OSS Project Admin (`roles/assuredoss.projectAdmin`) Composer Worker (`roles/composer.worker`) Cloud Run Source Developer (`roles/run.sourceDeveloper`) Security Center Admin (`roles/securitycenter.admin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Config Delivery Service Agent (`roles/configdelivery.serviceAgent`) Firebase App Hosting Service Agent (`roles/firebaseapphosting.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) Vertex AI Service Agent (`roles/aiplatform.serviceAgent`)
`artifactregistry.repositories.createOnPush`	Owner (`roles/owner`) Editor (`roles/editor`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Composer Worker (`roles/composer.worker`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`)
`artifactregistry.repositories.createTagBinding`	Owner (`roles/owner`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Composer Worker (`roles/composer.worker`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`)
`artifactregistry.repositories.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Composer Worker (`roles/composer.worker`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Firebase App Hosting Service Agent (`roles/firebaseapphosting.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`artifactregistry.repositories.deleteArtifacts`	Owner (`roles/owner`) Editor (`roles/editor`) App Engine Admin (`roles/appengine.appAdmin`) App Engine Deployer (`roles/appengine.deployer`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Composer Worker (`roles/composer.worker`) Cloud Run Builder (`roles/run.builder`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Firebase App Hosting Service Agent (`roles/firebaseapphosting.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`)
`artifactregistry.repositories.deleteTagBinding`	Owner (`roles/owner`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Composer Worker (`roles/composer.worker`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`)
`artifactregistry.repositories.downloadArtifacts`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) App Engine Admin (`roles/appengine.appAdmin`) App Engine Deployer (`roles/appengine.deployer`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Container Registry -> Artifact Registry Migration Admin (`roles/artifactregistry.containerRegistryMigrationAdmin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Artifact Registry Reader (`roles/artifactregistry.reader`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Artifact Registry Writer (`roles/artifactregistry.writer`) Assured OSS Admin (`roles/assuredoss.admin`) Assured OSS Project Admin (`roles/assuredoss.projectAdmin`) Assured OSS Reader (`roles/assuredoss.reader`) Assured OSS User (`roles/assuredoss.user`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Composer Worker (`roles/composer.worker`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Data Scientist (`roles/iam.dataScientist`) Dev Ops (`roles/iam.devOps`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Cloud Run Builder (`roles/run.builder`) Cloud Run Source Developer (`roles/run.sourceDeveloper`) Security Center Admin (`roles/securitycenter.admin`) Security Center Admin Editor (`roles/securitycenter.adminEditor`) Security Center Admin Viewer (`roles/securitycenter.adminViewer`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Artifact Registry Service Agent (`roles/artifactregistry.serviceAgent`) Binary Authorization Service Agent (`roles/binaryauthorization.serviceAgent`) Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Config Delivery Service Agent (`roles/configdelivery.serviceAgent`) Container Analysis Service Agent (`roles/containeranalysis.ServiceAgent`) Container Scanner Service Agent (`roles/containerscanning.ServiceAgent`) Firebase App Hosting Service Agent (`roles/firebaseapphosting.serviceAgent`) Anthos Multi-Cloud Control Plane Machine Service Agent (`roles/gkemulticloud.controlPlaneMachineServiceAgent`) Anthos Multi-Cloud Node Pool Machine Service Agent (`roles/gkemulticloud.nodePoolMachineServiceAgent`) AI Platform Service Agent (`roles/ml.serviceAgent`) Network Actions Service Agent (`roles/networkactions.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) SaaS Service Management Service Agent (`roles/saasservicemgmt.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) Vertex AI Custom Code Service Agent (`roles/aiplatform.customCodeServiceAgent`)
`artifactregistry.repositories.exportArtifacts`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Artifact Registry Reader (`roles/artifactregistry.reader`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Artifact Registry Writer (`roles/artifactregistry.writer`) Assured OSS Admin (`roles/assuredoss.admin`) Assured OSS Project Admin (`roles/assuredoss.projectAdmin`) Assured OSS Reader (`roles/assuredoss.reader`) Assured OSS User (`roles/assuredoss.user`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Composer Worker (`roles/composer.worker`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Data Scientist (`roles/iam.dataScientist`) Dev Ops (`roles/iam.devOps`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Cloud Run Source Developer (`roles/run.sourceDeveloper`) Security Center Admin (`roles/securitycenter.admin`) Security Center Admin Editor (`roles/securitycenter.adminEditor`) Security Center Admin Viewer (`roles/securitycenter.adminViewer`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Container Analysis Service Agent (`roles/containeranalysis.ServiceAgent`) Container Scanner Service Agent (`roles/containerscanning.ServiceAgent`) AI Platform Service Agent (`roles/ml.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`)
`artifactregistry.repositories.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Container Registry -> Artifact Registry Migration Admin (`roles/artifactregistry.containerRegistryMigrationAdmin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Artifact Registry Reader (`roles/artifactregistry.reader`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Artifact Registry Writer (`roles/artifactregistry.writer`) Assured OSS Admin (`roles/assuredoss.admin`) Assured OSS Project Admin (`roles/assuredoss.projectAdmin`) Assured OSS Reader (`roles/assuredoss.reader`) Assured OSS User (`roles/assuredoss.user`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Composer Worker (`roles/composer.worker`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Data Scientist (`roles/iam.dataScientist`) Dev Ops (`roles/iam.devOps`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Cloud Run Source Developer (`roles/run.sourceDeveloper`) Cloud Run Source Viewer (`roles/run.sourceViewer`) Security Center Admin (`roles/securitycenter.admin`) Security Center Admin Editor (`roles/securitycenter.adminEditor`) Security Center Admin Viewer (`roles/securitycenter.adminViewer`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Artifact Registry Service Agent (`roles/artifactregistry.serviceAgent`) Audit Manager Auditing Service Agent (`roles/auditmanager.serviceAgent`) Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Cloud Security Compliance Service Agent (`roles/cloudsecuritycompliance.serviceAgent`) Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Config Delivery Service Agent (`roles/configdelivery.serviceAgent`) Container Analysis Service Agent (`roles/containeranalysis.ServiceAgent`) Container Scanner Service Agent (`roles/containerscanning.ServiceAgent`) Firebase App Hosting Service Agent (`roles/firebaseapphosting.serviceAgent`) Anthos Multi-Cloud Control Plane Machine Service Agent (`roles/gkemulticloud.controlPlaneMachineServiceAgent`) Anthos Multi-Cloud Node Pool Machine Service Agent (`roles/gkemulticloud.nodePoolMachineServiceAgent`) AI Platform Service Agent (`roles/ml.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) Vertex AI Custom Code Service Agent (`roles/aiplatform.customCodeServiceAgent`)
`artifactregistry.repositories.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Container Registry -> Artifact Registry Migration Admin (`roles/artifactregistry.containerRegistryMigrationAdmin`) Composer Worker (`roles/composer.worker`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Config Delivery Service Agent (`roles/configdelivery.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`)
`artifactregistry.repositories.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Container Registry -> Artifact Registry Migration Admin (`roles/artifactregistry.containerRegistryMigrationAdmin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Artifact Registry Reader (`roles/artifactregistry.reader`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Artifact Registry Writer (`roles/artifactregistry.writer`) Assured OSS Admin (`roles/assuredoss.admin`) Assured OSS Project Admin (`roles/assuredoss.projectAdmin`) Assured OSS Reader (`roles/assuredoss.reader`) Assured OSS User (`roles/assuredoss.user`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Composer Worker (`roles/composer.worker`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Data Scientist (`roles/iam.dataScientist`) Dev Ops (`roles/iam.devOps`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Service Extensions Admin (`roles/networkservices.serviceExtensionsAdmin`) Cloud Run Source Developer (`roles/run.sourceDeveloper`) Cloud Run Source Viewer (`roles/run.sourceViewer`) Security Center Admin (`roles/securitycenter.admin`) Security Center Admin Editor (`roles/securitycenter.adminEditor`) Security Center Admin Viewer (`roles/securitycenter.adminViewer`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`) Audit Manager Auditing Service Agent (`roles/auditmanager.serviceAgent`) Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Cloud Security Compliance Service Agent (`roles/cloudsecuritycompliance.serviceAgent`) Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Config Delivery Service Agent (`roles/configdelivery.serviceAgent`) Container Analysis Service Agent (`roles/containeranalysis.ServiceAgent`) Container Scanner Service Agent (`roles/containerscanning.ServiceAgent`) AI Platform Service Agent (`roles/ml.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) Vertex AI Custom Code Service Agent (`roles/aiplatform.customCodeServiceAgent`)
`artifactregistry.repositories.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Artifact Registry Reader (`roles/artifactregistry.reader`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Artifact Registry Writer (`roles/artifactregistry.writer`) Assured OSS Admin (`roles/assuredoss.admin`) Assured OSS Project Admin (`roles/assuredoss.projectAdmin`) Assured OSS Reader (`roles/assuredoss.reader`) Assured OSS User (`roles/assuredoss.user`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Composer Worker (`roles/composer.worker`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Data Scientist (`roles/iam.dataScientist`) Dev Ops (`roles/iam.devOps`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Cloud Run Source Developer (`roles/run.sourceDeveloper`) Security Center Admin (`roles/securitycenter.admin`) Security Center Admin Editor (`roles/securitycenter.adminEditor`) Security Center Admin Viewer (`roles/securitycenter.adminViewer`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Config Delivery Service Agent (`roles/configdelivery.serviceAgent`) Container Analysis Service Agent (`roles/containeranalysis.ServiceAgent`) Container Scanner Service Agent (`roles/containerscanning.ServiceAgent`) AI Platform Service Agent (`roles/ml.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`)
`artifactregistry.repositories.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Artifact Registry Reader (`roles/artifactregistry.reader`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Artifact Registry Writer (`roles/artifactregistry.writer`) Assured OSS Admin (`roles/assuredoss.admin`) Assured OSS Project Admin (`roles/assuredoss.projectAdmin`) Assured OSS Reader (`roles/assuredoss.reader`) Assured OSS User (`roles/assuredoss.user`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Composer Worker (`roles/composer.worker`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Data Scientist (`roles/iam.dataScientist`) Dev Ops (`roles/iam.devOps`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Cloud Run Source Developer (`roles/run.sourceDeveloper`) Security Center Admin (`roles/securitycenter.admin`) Security Center Admin Editor (`roles/securitycenter.adminEditor`) Security Center Admin Viewer (`roles/securitycenter.adminViewer`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Config Delivery Service Agent (`roles/configdelivery.serviceAgent`) Container Analysis Service Agent (`roles/containeranalysis.ServiceAgent`) Container Scanner Service Agent (`roles/containerscanning.ServiceAgent`) AI Platform Service Agent (`roles/ml.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`)
`artifactregistry.repositories.readViaVirtualRepository`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Artifact Registry Reader (`roles/artifactregistry.reader`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Artifact Registry Writer (`roles/artifactregistry.writer`) Assured OSS Admin (`roles/assuredoss.admin`) Assured OSS Project Admin (`roles/assuredoss.projectAdmin`) Assured OSS Reader (`roles/assuredoss.reader`) Assured OSS User (`roles/assuredoss.user`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Composer Worker (`roles/composer.worker`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Data Scientist (`roles/iam.dataScientist`) Dev Ops (`roles/iam.devOps`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Cloud Run Source Developer (`roles/run.sourceDeveloper`) Security Center Admin (`roles/securitycenter.admin`) Security Center Admin Editor (`roles/securitycenter.adminEditor`) Security Center Admin Viewer (`roles/securitycenter.adminViewer`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Artifact Registry Service Agent (`roles/artifactregistry.serviceAgent`) Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Container Analysis Service Agent (`roles/containeranalysis.ServiceAgent`) Container Scanner Service Agent (`roles/containerscanning.ServiceAgent`) AI Platform Service Agent (`roles/ml.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`)
`artifactregistry.repositories.setIamPolicy`	Owner (`roles/owner`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Container Registry -> Artifact Registry Migration Admin (`roles/artifactregistry.containerRegistryMigrationAdmin`) Composer Worker (`roles/composer.worker`) Security Admin (`roles/iam.securityAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Config Delivery Service Agent (`roles/configdelivery.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`)
`artifactregistry.repositories.update`	Owner (`roles/owner`) Editor (`roles/editor`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Composer Worker (`roles/composer.worker`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Firebase App Hosting Service Agent (`roles/firebaseapphosting.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`artifactregistry.repositories.uploadArtifacts`	Owner (`roles/owner`) Editor (`roles/editor`) App Engine Admin (`roles/appengine.appAdmin`) App Engine Deployer (`roles/appengine.deployer`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Container Registry -> Artifact Registry Migration Admin (`roles/artifactregistry.containerRegistryMigrationAdmin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Artifact Registry Writer (`roles/artifactregistry.writer`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Composer Worker (`roles/composer.worker`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Dev Ops (`roles/iam.devOps`) Cloud Run Builder (`roles/run.builder`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Config Delivery Service Agent (`roles/configdelivery.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) Vertex AI Service Agent (`roles/aiplatform.serviceAgent`)
`artifactregistry.rules.create`	Owner (`roles/owner`) Editor (`roles/editor`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Composer Worker (`roles/composer.worker`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`)
`artifactregistry.rules.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Composer Worker (`roles/composer.worker`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`)
`artifactregistry.rules.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Artifact Registry Reader (`roles/artifactregistry.reader`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Artifact Registry Writer (`roles/artifactregistry.writer`) Assured OSS Admin (`roles/assuredoss.admin`) Assured OSS Project Admin (`roles/assuredoss.projectAdmin`) Assured OSS Reader (`roles/assuredoss.reader`) Assured OSS User (`roles/assuredoss.user`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Composer Worker (`roles/composer.worker`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Data Scientist (`roles/iam.dataScientist`) Dev Ops (`roles/iam.devOps`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Cloud Run Source Developer (`roles/run.sourceDeveloper`) Security Center Admin (`roles/securitycenter.admin`) Security Center Admin Editor (`roles/securitycenter.adminEditor`) Security Center Admin Viewer (`roles/securitycenter.adminViewer`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Container Analysis Service Agent (`roles/containeranalysis.ServiceAgent`) Container Scanner Service Agent (`roles/containerscanning.ServiceAgent`) AI Platform Service Agent (`roles/ml.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`)
`artifactregistry.rules.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Artifact Registry Reader (`roles/artifactregistry.reader`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Artifact Registry Writer (`roles/artifactregistry.writer`) Assured OSS Admin (`roles/assuredoss.admin`) Assured OSS Project Admin (`roles/assuredoss.projectAdmin`) Assured OSS Reader (`roles/assuredoss.reader`) Assured OSS User (`roles/assuredoss.user`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Composer Worker (`roles/composer.worker`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Data Scientist (`roles/iam.dataScientist`) Dev Ops (`roles/iam.devOps`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Cloud Run Source Developer (`roles/run.sourceDeveloper`) Security Center Admin (`roles/securitycenter.admin`) Security Center Admin Editor (`roles/securitycenter.adminEditor`) Security Center Admin Viewer (`roles/securitycenter.adminViewer`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Container Analysis Service Agent (`roles/containeranalysis.ServiceAgent`) Container Scanner Service Agent (`roles/containerscanning.ServiceAgent`) AI Platform Service Agent (`roles/ml.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`)
`artifactregistry.rules.update`	Owner (`roles/owner`) Editor (`roles/editor`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Composer Worker (`roles/composer.worker`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`)
`artifactregistry.tags.create`	Owner (`roles/owner`) Editor (`roles/editor`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Artifact Registry Writer (`roles/artifactregistry.writer`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Composer Worker (`roles/composer.worker`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Dev Ops (`roles/iam.devOps`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Config Delivery Service Agent (`roles/configdelivery.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`)
`artifactregistry.tags.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Composer Worker (`roles/composer.worker`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Config Delivery Service Agent (`roles/configdelivery.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`)
`artifactregistry.tags.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Artifact Registry Reader (`roles/artifactregistry.reader`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Artifact Registry Writer (`roles/artifactregistry.writer`) Assured OSS Admin (`roles/assuredoss.admin`) Assured OSS Project Admin (`roles/assuredoss.projectAdmin`) Assured OSS Reader (`roles/assuredoss.reader`) Assured OSS User (`roles/assuredoss.user`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Composer Worker (`roles/composer.worker`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Data Scientist (`roles/iam.dataScientist`) Dev Ops (`roles/iam.devOps`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Cloud Run Source Developer (`roles/run.sourceDeveloper`) Security Center Admin (`roles/securitycenter.admin`) Security Center Admin Editor (`roles/securitycenter.adminEditor`) Security Center Admin Viewer (`roles/securitycenter.adminViewer`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`) Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Config Delivery Service Agent (`roles/configdelivery.serviceAgent`) Container Analysis Service Agent (`roles/containeranalysis.ServiceAgent`) Container Scanner Service Agent (`roles/containerscanning.ServiceAgent`) AI Platform Service Agent (`roles/ml.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) Vertex AI Custom Code Service Agent (`roles/aiplatform.customCodeServiceAgent`)
`artifactregistry.tags.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Artifact Registry Reader (`roles/artifactregistry.reader`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Artifact Registry Writer (`roles/artifactregistry.writer`) Assured OSS Admin (`roles/assuredoss.admin`) Assured OSS Project Admin (`roles/assuredoss.projectAdmin`) Assured OSS Reader (`roles/assuredoss.reader`) Assured OSS User (`roles/assuredoss.user`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Composer Worker (`roles/composer.worker`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Data Scientist (`roles/iam.dataScientist`) Dev Ops (`roles/iam.devOps`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Cloud Run Source Developer (`roles/run.sourceDeveloper`) Security Center Admin (`roles/securitycenter.admin`) Security Center Admin Editor (`roles/securitycenter.adminEditor`) Security Center Admin Viewer (`roles/securitycenter.adminViewer`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Config Delivery Service Agent (`roles/configdelivery.serviceAgent`) Container Analysis Service Agent (`roles/containeranalysis.ServiceAgent`) Container Scanner Service Agent (`roles/containerscanning.ServiceAgent`) AI Platform Service Agent (`roles/ml.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`)
`artifactregistry.tags.update`	Owner (`roles/owner`) Editor (`roles/editor`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Artifact Registry Writer (`roles/artifactregistry.writer`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Composer Worker (`roles/composer.worker`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Dev Ops (`roles/iam.devOps`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Config Delivery Service Agent (`roles/configdelivery.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`)
`artifactregistry.versions.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Composer Worker (`roles/composer.worker`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Config Delivery Service Agent (`roles/configdelivery.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) Artifact Registry Service Agent (`roles/artifactregistry.serviceAgent`)
`artifactregistry.versions.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Artifact Registry Reader (`roles/artifactregistry.reader`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Artifact Registry Writer (`roles/artifactregistry.writer`) Assured OSS Admin (`roles/assuredoss.admin`) Assured OSS Project Admin (`roles/assuredoss.projectAdmin`) Assured OSS Reader (`roles/assuredoss.reader`) Assured OSS User (`roles/assuredoss.user`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Composer Worker (`roles/composer.worker`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Data Scientist (`roles/iam.dataScientist`) Dev Ops (`roles/iam.devOps`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Cloud Run Source Developer (`roles/run.sourceDeveloper`) Security Center Admin (`roles/securitycenter.admin`) Security Center Admin Editor (`roles/securitycenter.adminEditor`) Security Center Admin Viewer (`roles/securitycenter.adminViewer`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`) Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Config Delivery Service Agent (`roles/configdelivery.serviceAgent`) Container Analysis Service Agent (`roles/containeranalysis.ServiceAgent`) Container Scanner Service Agent (`roles/containerscanning.ServiceAgent`) AI Platform Service Agent (`roles/ml.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) Vertex AI Custom Code Service Agent (`roles/aiplatform.customCodeServiceAgent`)
`artifactregistry.versions.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Artifact Registry Reader (`roles/artifactregistry.reader`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Artifact Registry Writer (`roles/artifactregistry.writer`) Assured OSS Admin (`roles/assuredoss.admin`) Assured OSS Project Admin (`roles/assuredoss.projectAdmin`) Assured OSS Reader (`roles/assuredoss.reader`) Assured OSS User (`roles/assuredoss.user`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Composer Worker (`roles/composer.worker`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Data Scientist (`roles/iam.dataScientist`) Dev Ops (`roles/iam.devOps`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Service Extensions Admin (`roles/networkservices.serviceExtensionsAdmin`) Cloud Run Source Developer (`roles/run.sourceDeveloper`) Security Center Admin (`roles/securitycenter.admin`) Security Center Admin Editor (`roles/securitycenter.adminEditor`) Security Center Admin Viewer (`roles/securitycenter.adminViewer`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Config Delivery Service Agent (`roles/configdelivery.serviceAgent`) Container Analysis Service Agent (`roles/containeranalysis.ServiceAgent`) Container Scanner Service Agent (`roles/containerscanning.ServiceAgent`) AI Platform Service Agent (`roles/ml.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`)
`artifactregistry.versions.update`	Owner (`roles/owner`) Editor (`roles/editor`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Composer Worker (`roles/composer.worker`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`)
`artifactregistry.yumartifacts.create`	Owner (`roles/owner`) Editor (`roles/editor`) Artifact Registry Administrator (`roles/artifactregistry.admin`) Artifact Registry Create-on-Push Repository Administrator (`roles/artifactregistry.createOnPushRepoAdmin`) Artifact Registry Create-on-Push Writer (`roles/artifactregistry.createOnPushWriter`) Artifact Registry Repository Administrator (`roles/artifactregistry.repoAdmin`) Artifact Registry Writer (`roles/artifactregistry.writer`) Cloud Build Service Account (`roles/cloudbuild.builds.builder`) Composer Worker (`roles/composer.worker`) Firebase App Hosting Compute Runner (`roles/firebaseapphosting.computeRunner`) Dev Ops (`roles/iam.devOps`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Visual Inspection AI Service Agent (`roles/visualinspection.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`)

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-12-15 UTC.

Movatterモバイル変換

Artifact Registry roles and permissions Stay organized with collections Save and categorize content based on your preferences.