Google Cloud Support roles and permissions

This page lists the IAM roles and permissions for Google Cloud Support. Tosearch through all roles and permissions, see therole andpermission index.

Google Cloud Support roles

RolePermissions

Support Account Administrator

(roles/cloudsupport.admin)

Allows management of a support account without giving access to support cases.See theCloud Support documentationfor more information.

Lowest-level resources where you can grant this role:

  • Organization

cloudsupport.accounts.*

  • cloudsupport.accounts.create
  • cloudsupport.accounts.delete
  • cloudsupport.accounts.get
  • cloudsupport.accounts.getIamPolicy
  • cloudsupport.accounts.getUserRoles
  • cloudsupport.accounts.list
  • cloudsupport.accounts.purchase
  • cloudsupport.accounts.setIamPolicy
  • cloudsupport.accounts.update
  • cloudsupport.accounts.updateUserRoles

cloudsupport.operations.get

cloudsupport.properties.get

resourcemanager.organizations.get

Advisory Support Editor

(roles/cloudsupport.advisorySupportEditor)

Full read-write access to advisory support cases applicable for GCP Customer Care.

cloudasset.assets.searchAllResources

cloudsupport.properties.get

resourcemanager.projects.get

resourcemanager.projects.list

Advisory Support Viewer

(roles/cloudsupport.advisorySupportViewer)

Read-only access to advisory support cases applicable for GCP Customer Care.

cloudsupport.properties.get

resourcemanager.projects.get

resourcemanager.projects.list

Tech Support Editor

(roles/cloudsupport.techSupportEditor)

Full read-write access to technical support cases (applicable for GCP Customer Care and Mapssupport). See theCloud Support documentationfor more information.

billing.resourceAssociations.list

cloudasset.assets.searchAllResources

cloudsupport.properties.get

cloudsupport.techCases.*

  • cloudsupport.techCases.create
  • cloudsupport.techCases.escalate
  • cloudsupport.techCases.get
  • cloudsupport.techCases.list
  • cloudsupport.techCases.update

resourcemanager.projects.get

resourcemanager.projects.list

Tech Support Viewer

(roles/cloudsupport.techSupportViewer)

Read-only access to technical support cases (applicable for GCP Customer Care and Maps support).See theCloud Support documentationfor more information.

cloudsupport.properties.get

cloudsupport.techCases.get

cloudsupport.techCases.list

resourcemanager.projects.get

resourcemanager.projects.list

Support Account Viewer

(roles/cloudsupport.viewer)

Read-only access to details of a support account. This does not allow viewing cases.See theCloud Support documentationfor more information.

Lowest-level resources where you can grant this role:

  • Organization

cloudsupport.accounts.get

cloudsupport.accounts.getUserRoles

cloudsupport.accounts.list

cloudsupport.properties.get

Google Cloud Support permissions

PermissionIncluded in roles

cloudsupport.accounts.create

Owner (roles/owner)

Support Account Administrator (roles/cloudsupport.admin)

cloudsupport.accounts.delete

Owner (roles/owner)

Support Account Administrator (roles/cloudsupport.admin)

cloudsupport.accounts.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support Account Administrator (roles/cloudsupport.admin)

Support Account Viewer (roles/cloudsupport.viewer)

Support User (roles/iam.supportUser)

cloudsupport.accounts.getIamPolicy

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support Account Administrator (roles/cloudsupport.admin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

cloudsupport.accounts.getUserRoles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support Account Administrator (roles/cloudsupport.admin)

Support Account Viewer (roles/cloudsupport.viewer)

Support User (roles/iam.supportUser)

cloudsupport.accounts.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support Account Administrator (roles/cloudsupport.admin)

Support Account Viewer (roles/cloudsupport.viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

cloudsupport.accounts.purchase

Owner (roles/owner)

Support Account Administrator (roles/cloudsupport.admin)

cloudsupport.accounts.setIamPolicy

Owner (roles/owner)

Support Account Administrator (roles/cloudsupport.admin)

Security Admin (roles/iam.securityAdmin)

cloudsupport.accounts.update

Owner (roles/owner)

Editor (roles/editor)

Support Account Administrator (roles/cloudsupport.admin)

cloudsupport.accounts.updateUserRoles

Owner (roles/owner)

Editor (roles/editor)

Support Account Administrator (roles/cloudsupport.admin)

cloudsupport.operations.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support Account Administrator (roles/cloudsupport.admin)

Support User (roles/iam.supportUser)

cloudsupport.properties.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Billing Account Administrator (roles/billing.admin)

Cloud Hub Operator (roles/cloudhub.operator)

Support Account Administrator (roles/cloudsupport.admin)

Advisory Support Editor (roles/cloudsupport.advisorySupportEditor)

Advisory Support Viewer (roles/cloudsupport.advisorySupportViewer)

Tech Support Editor (roles/cloudsupport.techSupportEditor)

Tech Support Viewer (roles/cloudsupport.techSupportViewer)

Support Account Viewer (roles/cloudsupport.viewer)

Support User (roles/iam.supportUser)

cloudsupport.techCases.create

Owner (roles/owner)

Editor (roles/editor)

Billing Account Administrator (roles/billing.admin)

Tech Support Editor (roles/cloudsupport.techSupportEditor)

Support User (roles/iam.supportUser)

cloudsupport.techCases.escalate

Owner (roles/owner)

Editor (roles/editor)

Billing Account Administrator (roles/billing.admin)

Tech Support Editor (roles/cloudsupport.techSupportEditor)

Support User (roles/iam.supportUser)

cloudsupport.techCases.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Billing Account Administrator (roles/billing.admin)

Cloud Hub Operator (roles/cloudhub.operator)

Tech Support Editor (roles/cloudsupport.techSupportEditor)

Tech Support Viewer (roles/cloudsupport.techSupportViewer)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

cloudsupport.techCases.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Billing Account Administrator (roles/billing.admin)

Cloud Hub Operator (roles/cloudhub.operator)

Tech Support Editor (roles/cloudsupport.techSupportEditor)

Tech Support Viewer (roles/cloudsupport.techSupportViewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

cloudsupport.techCases.update

Owner (roles/owner)

Editor (roles/editor)

Billing Account Administrator (roles/billing.admin)

Tech Support Editor (roles/cloudsupport.techSupportEditor)

Support User (roles/iam.supportUser)

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-12-16 UTC.