Dataproc roles and permissions

This page lists the IAM roles and permissions for Dataproc. Tosearch through all roles and permissions, see therole andpermission index.

Dataproc roles

RolePermissions

Dataproc Administrator

(roles/dataproc.admin)

Full control of Dataproc resources.

cloudkms.keyHandles.*

  • cloudkms.keyHandles.create
  • cloudkms.keyHandles.get
  • cloudkms.keyHandles.list

cloudkms.operations.get

cloudkms.projects.showEffectiveAutokeyConfig

compute.machineTypes.*

  • compute.machineTypes.get
  • compute.machineTypes.list

compute.networks.get

compute.networks.list

compute.projects.get

compute.regions.*

  • compute.regions.get
  • compute.regions.list

compute.zones.*

  • compute.zones.get
  • compute.zones.list

dataproc.autoscalingPolicies.*

  • dataproc.autoscalingPolicies.create
  • dataproc.autoscalingPolicies.delete
  • dataproc.autoscalingPolicies.get
  • dataproc.autoscalingPolicies.getIamPolicy
  • dataproc.autoscalingPolicies.list
  • dataproc.autoscalingPolicies.setIamPolicy
  • dataproc.autoscalingPolicies.update
  • dataproc.autoscalingPolicies.use

dataproc.batches.*

  • dataproc.batches.analyze
  • dataproc.batches.cancel
  • dataproc.batches.create
  • dataproc.batches.delete
  • dataproc.batches.get
  • dataproc.batches.list
  • dataproc.batches.sparkApplicationRead
  • dataproc.batches.sparkApplicationWrite

dataproc.clusters.*

  • dataproc.clusters.create
  • dataproc.clusters.delete
  • dataproc.clusters.get
  • dataproc.clusters.getIamPolicy
  • dataproc.clusters.list
  • dataproc.clusters.repair
  • dataproc.clusters.setIamPolicy
  • dataproc.clusters.start
  • dataproc.clusters.stop
  • dataproc.clusters.update
  • dataproc.clusters.use

dataproc.jobs.*

  • dataproc.jobs.cancel
  • dataproc.jobs.create
  • dataproc.jobs.delete
  • dataproc.jobs.get
  • dataproc.jobs.getIamPolicy
  • dataproc.jobs.list
  • dataproc.jobs.setIamPolicy
  • dataproc.jobs.update

dataproc.nodeGroups.*

  • dataproc.nodeGroups.create
  • dataproc.nodeGroups.get
  • dataproc.nodeGroups.update

dataproc.operations.*

  • dataproc.operations.cancel
  • dataproc.operations.delete
  • dataproc.operations.get
  • dataproc.operations.getIamPolicy
  • dataproc.operations.list
  • dataproc.operations.setIamPolicy

dataproc.sessionTemplates.*

  • dataproc.sessionTemplates.create
  • dataproc.sessionTemplates.delete
  • dataproc.sessionTemplates.get
  • dataproc.sessionTemplates.list
  • dataproc.sessionTemplates.update

dataproc.sessions.*

  • dataproc.sessions.create
  • dataproc.sessions.delete
  • dataproc.sessions.get
  • dataproc.sessions.list
  • dataproc.sessions.sparkApplicationRead
  • dataproc.sessions.sparkApplicationWrite
  • dataproc.sessions.terminate

dataproc.workflowTemplates.*

  • dataproc.workflowTemplates.create
  • dataproc.workflowTemplates.delete
  • dataproc.workflowTemplates.get
  • dataproc.workflowTemplates.getIamPolicy
  • dataproc.workflowTemplates.instantiate
  • dataproc.workflowTemplates.instantiateInline
  • dataproc.workflowTemplates.list
  • dataproc.workflowTemplates.setIamPolicy
  • dataproc.workflowTemplates.update

dataprocrm.nodePools.*

  • dataprocrm.nodePools.create
  • dataprocrm.nodePools.delete
  • dataprocrm.nodePools.deleteNodes
  • dataprocrm.nodePools.get
  • dataprocrm.nodePools.list
  • dataprocrm.nodePools.resize

dataprocrm.nodes.get

dataprocrm.nodes.heartbeat

dataprocrm.nodes.list

dataprocrm.nodes.update

dataprocrm.operations.get

dataprocrm.operations.list

dataprocrm.workloads.*

  • dataprocrm.workloads.cancel
  • dataprocrm.workloads.create
  • dataprocrm.workloads.delete
  • dataprocrm.workloads.get
  • dataprocrm.workloads.list

resourcemanager.projects.get

resourcemanager.projects.list

Dataproc Editor

(roles/dataproc.editor)

Provides the permissions necessary for viewing the resources required tomanage Dataproc, including machine types, networks, projects,and zones.

Lowest-level resources where you can grant this role:

  • Cluster

cloudkms.keyHandles.*

  • cloudkms.keyHandles.create
  • cloudkms.keyHandles.get
  • cloudkms.keyHandles.list

cloudkms.operations.get

cloudkms.projects.showEffectiveAutokeyConfig

compute.machineTypes.*

  • compute.machineTypes.get
  • compute.machineTypes.list

compute.networks.get

compute.networks.list

compute.projects.get

compute.regions.*

  • compute.regions.get
  • compute.regions.list

compute.zones.*

  • compute.zones.get
  • compute.zones.list

dataproc.autoscalingPolicies.create

dataproc.autoscalingPolicies.delete

dataproc.autoscalingPolicies.get

dataproc.autoscalingPolicies.list

dataproc.autoscalingPolicies.update

dataproc.autoscalingPolicies.use

dataproc.batches.*

  • dataproc.batches.analyze
  • dataproc.batches.cancel
  • dataproc.batches.create
  • dataproc.batches.delete
  • dataproc.batches.get
  • dataproc.batches.list
  • dataproc.batches.sparkApplicationRead
  • dataproc.batches.sparkApplicationWrite

dataproc.clusters.create

dataproc.clusters.delete

dataproc.clusters.get

dataproc.clusters.list

dataproc.clusters.repair

dataproc.clusters.start

dataproc.clusters.stop

dataproc.clusters.update

dataproc.clusters.use

dataproc.jobs.cancel

dataproc.jobs.create

dataproc.jobs.delete

dataproc.jobs.get

dataproc.jobs.list

dataproc.jobs.update

dataproc.nodeGroups.*

  • dataproc.nodeGroups.create
  • dataproc.nodeGroups.get
  • dataproc.nodeGroups.update

dataproc.operations.cancel

dataproc.operations.delete

dataproc.operations.get

dataproc.operations.list

dataproc.sessionTemplates.*

  • dataproc.sessionTemplates.create
  • dataproc.sessionTemplates.delete
  • dataproc.sessionTemplates.get
  • dataproc.sessionTemplates.list
  • dataproc.sessionTemplates.update

dataproc.sessions.*

  • dataproc.sessions.create
  • dataproc.sessions.delete
  • dataproc.sessions.get
  • dataproc.sessions.list
  • dataproc.sessions.sparkApplicationRead
  • dataproc.sessions.sparkApplicationWrite
  • dataproc.sessions.terminate

dataproc.workflowTemplates.create

dataproc.workflowTemplates.delete

dataproc.workflowTemplates.get

dataproc.workflowTemplates.instantiate

dataproc.workflowTemplates.instantiateInline

dataproc.workflowTemplates.list

dataproc.workflowTemplates.update

dataprocrm.nodePools.*

  • dataprocrm.nodePools.create
  • dataprocrm.nodePools.delete
  • dataprocrm.nodePools.deleteNodes
  • dataprocrm.nodePools.get
  • dataprocrm.nodePools.list
  • dataprocrm.nodePools.resize

dataprocrm.nodes.get

dataprocrm.nodes.heartbeat

dataprocrm.nodes.list

dataprocrm.nodes.update

dataprocrm.operations.get

dataprocrm.operations.list

dataprocrm.workloads.*

  • dataprocrm.workloads.cancel
  • dataprocrm.workloads.create
  • dataprocrm.workloads.delete
  • dataprocrm.workloads.get
  • dataprocrm.workloads.list

resourcemanager.projects.get

resourcemanager.projects.list

Dataproc Hub Agent

(roles/dataproc.hubAgent)

Allows management of Dataproc resources. Intended for service accounts running Dataproc Hub instances.

compute.instances.get

compute.instances.setMetadata

compute.instances.setTags

compute.zoneOperations.get

compute.zones.list

dataproc.autoscalingPolicies.get

dataproc.autoscalingPolicies.list

dataproc.autoscalingPolicies.use

dataproc.clusters.create

dataproc.clusters.delete

dataproc.clusters.get

dataproc.clusters.list

dataproc.clusters.repair

dataproc.clusters.update

dataproc.operations.cancel

dataproc.operations.delete

dataproc.operations.get

dataproc.operations.list

iam.serviceAccounts.actAs

iam.serviceAccounts.get

iam.serviceAccounts.list

logging.buckets.get

logging.buckets.list

logging.exclusions.get

logging.exclusions.list

logging.links.get

logging.links.list

logging.locations.*

  • logging.locations.get
  • logging.locations.list

logging.logEntries.create

logging.logEntries.list

logging.logEntries.route

logging.logMetrics.get

logging.logMetrics.list

logging.logScopes.get

logging.logScopes.list

logging.logServiceIndexes.list

logging.logServices.list

logging.logs.list

logging.operations.get

logging.operations.list

logging.queries.getShared

logging.queries.listShared

logging.queries.usePrivate

logging.sinks.get

logging.sinks.list

logging.usage.get

logging.views.get

logging.views.list

observability.scopes.get

resourcemanager.projects.get

resourcemanager.projects.list

storage.buckets.get

storage.objects.get

storage.objects.list

Dataproc Serverless Editor

(roles/dataproc.serverlessEditor)

Permissions needed to run serverless sessions and batches as a user

cloudkms.keyHandles.*

  • cloudkms.keyHandles.create
  • cloudkms.keyHandles.get
  • cloudkms.keyHandles.list

cloudkms.operations.get

cloudkms.projects.showEffectiveAutokeyConfig

compute.projects.get

compute.regions.*

  • compute.regions.get
  • compute.regions.list

compute.zones.*

  • compute.zones.get
  • compute.zones.list

dataproc.batches.*

  • dataproc.batches.analyze
  • dataproc.batches.cancel
  • dataproc.batches.create
  • dataproc.batches.delete
  • dataproc.batches.get
  • dataproc.batches.list
  • dataproc.batches.sparkApplicationRead
  • dataproc.batches.sparkApplicationWrite

dataproc.operations.cancel

dataproc.operations.delete

dataproc.operations.get

dataproc.operations.list

dataproc.sessionTemplates.*

  • dataproc.sessionTemplates.create
  • dataproc.sessionTemplates.delete
  • dataproc.sessionTemplates.get
  • dataproc.sessionTemplates.list
  • dataproc.sessionTemplates.update

dataproc.sessions.*

  • dataproc.sessions.create
  • dataproc.sessions.delete
  • dataproc.sessions.get
  • dataproc.sessions.list
  • dataproc.sessions.sparkApplicationRead
  • dataproc.sessions.sparkApplicationWrite
  • dataproc.sessions.terminate

dataprocrm.nodePools.*

  • dataprocrm.nodePools.create
  • dataprocrm.nodePools.delete
  • dataprocrm.nodePools.deleteNodes
  • dataprocrm.nodePools.get
  • dataprocrm.nodePools.list
  • dataprocrm.nodePools.resize

dataprocrm.nodes.get

dataprocrm.nodes.heartbeat

dataprocrm.nodes.list

dataprocrm.nodes.update

dataprocrm.operations.get

dataprocrm.operations.list

dataprocrm.workloads.*

  • dataprocrm.workloads.cancel
  • dataprocrm.workloads.create
  • dataprocrm.workloads.delete
  • dataprocrm.workloads.get
  • dataprocrm.workloads.list

resourcemanager.projects.get

resourcemanager.projects.list

Dataproc Serverless Node.

(roles/dataproc.serverlessNode)

Node access to Dataproc Serverless sessions and batches. Intended for service accounts.

dataproc.batches.sparkApplicationWrite

dataproc.sessions.sparkApplicationRead

dataproc.sessions.sparkApplicationWrite

dataprocrm.nodePools.*

  • dataprocrm.nodePools.create
  • dataprocrm.nodePools.delete
  • dataprocrm.nodePools.deleteNodes
  • dataprocrm.nodePools.get
  • dataprocrm.nodePools.list
  • dataprocrm.nodePools.resize

dataprocrm.nodes.list

dataprocrm.operations.get

Dataproc Serverless Viewer

(roles/dataproc.serverlessViewer)

Permissions needed to view serverless sessions and batches

compute.projects.get

compute.regions.*

  • compute.regions.get
  • compute.regions.list

compute.zones.*

  • compute.zones.get
  • compute.zones.list

dataproc.batches.get

dataproc.batches.list

dataproc.sessionTemplates.get

dataproc.sessionTemplates.list

dataproc.sessions.get

dataproc.sessions.list

resourcemanager.projects.get

resourcemanager.projects.list

Dataproc Service Agent

(roles/dataproc.serviceAgent)

Gives Dataproc Service Account access to service accounts, compute resources, storage resources, and kubernetes resources. Includes access to service accounts.

Warning: Do not grant service agent roles to any principals exceptservice agents.

backupdr.backupPlanAssociations.createForComputeDisk

backupdr.backupPlanAssociations.createForComputeInstance

backupdr.backupPlanAssociations.deleteForComputeDisk

backupdr.backupPlanAssociations.deleteForComputeInstance

backupdr.backupPlanAssociations.fetchForComputeDisk

backupdr.backupPlanAssociations.getForComputeDisk

backupdr.backupPlanAssociations.list

backupdr.backupPlanAssociations.triggerBackupForComputeDisk

backupdr.backupPlanAssociations.triggerBackupForComputeInstance

backupdr.backupPlanAssociations.updateForComputeDisk

backupdr.backupPlanAssociations.updateForComputeInstance

backupdr.backupPlans.get

backupdr.backupPlans.list

backupdr.backupPlans.useForComputeDisk

backupdr.backupPlans.useForComputeInstance

backupdr.backupVaults.get

backupdr.backupVaults.list

backupdr.locations.list

backupdr.operations.get

backupdr.operations.list

backupdr.serviceConfig.initialize

compute.acceleratorTypes.*

  • compute.acceleratorTypes.get
  • compute.acceleratorTypes.list

compute.addresses.createInternal

compute.addresses.deleteInternal

compute.addresses.get

compute.addresses.list

compute.addresses.listEffectiveTags

compute.addresses.listTagBindings

compute.addresses.use

compute.addresses.useInternal

compute.autoscalers.*

  • compute.autoscalers.create
  • compute.autoscalers.delete
  • compute.autoscalers.get
  • compute.autoscalers.list
  • compute.autoscalers.update

compute.diskSettings.get

compute.diskTypes.*

  • compute.diskTypes.get
  • compute.diskTypes.list

compute.disks.create

compute.disks.createSnapshot

compute.disks.createTagBinding

compute.disks.delete

compute.disks.get

compute.disks.list

compute.disks.resize

compute.disks.setLabels

compute.disks.startAsyncReplication

compute.disks.stopAsyncReplication

compute.disks.stopGroupAsyncReplication

compute.disks.update

compute.disks.updateKmsKey

compute.disks.use

compute.disks.useReadOnly

compute.firewalls.get

compute.firewalls.list

compute.globalAddresses.get

compute.globalAddresses.list

compute.globalAddresses.listEffectiveTags

compute.globalAddresses.listTagBindings

compute.globalAddresses.use

compute.globalNetworkEndpointGroups.*

  • compute.globalNetworkEndpointGroups.attachNetworkEndpoints
  • compute.globalNetworkEndpointGroups.create
  • compute.globalNetworkEndpointGroups.createTagBinding
  • compute.globalNetworkEndpointGroups.delete
  • compute.globalNetworkEndpointGroups.deleteTagBinding
  • compute.globalNetworkEndpointGroups.detachNetworkEndpoints
  • compute.globalNetworkEndpointGroups.get
  • compute.globalNetworkEndpointGroups.list
  • compute.globalNetworkEndpointGroups.listEffectiveTags
  • compute.globalNetworkEndpointGroups.listTagBindings
  • compute.globalNetworkEndpointGroups.use

compute.globalOperations.get

compute.globalOperations.list

compute.images.get

compute.images.getFromFamily

compute.images.list

compute.images.useReadOnly

compute.instanceGroupManagers.*

  • compute.instanceGroupManagers.create
  • compute.instanceGroupManagers.createTagBinding
  • compute.instanceGroupManagers.delete
  • compute.instanceGroupManagers.deleteTagBinding
  • compute.instanceGroupManagers.get
  • compute.instanceGroupManagers.list
  • compute.instanceGroupManagers.listEffectiveTags
  • compute.instanceGroupManagers.listTagBindings
  • compute.instanceGroupManagers.update
  • compute.instanceGroupManagers.use

compute.instanceGroups.*

  • compute.instanceGroups.create
  • compute.instanceGroups.createTagBinding
  • compute.instanceGroups.delete
  • compute.instanceGroups.deleteTagBinding
  • compute.instanceGroups.get
  • compute.instanceGroups.list
  • compute.instanceGroups.listEffectiveTags
  • compute.instanceGroups.listTagBindings
  • compute.instanceGroups.update
  • compute.instanceGroups.use

compute.instanceSettings.get

compute.instanceTemplates.*

  • compute.instanceTemplates.create
  • compute.instanceTemplates.delete
  • compute.instanceTemplates.get
  • compute.instanceTemplates.getIamPolicy
  • compute.instanceTemplates.list
  • compute.instanceTemplates.setIamPolicy
  • compute.instanceTemplates.useReadOnly

compute.instances.*

  • compute.instances.addAccessConfig
  • compute.instances.addNetworkInterface
  • compute.instances.addResourcePolicies
  • compute.instances.attachDisk
  • compute.instances.create
  • compute.instances.createTagBinding
  • compute.instances.delete
  • compute.instances.deleteAccessConfig
  • compute.instances.deleteNetworkInterface
  • compute.instances.deleteTagBinding
  • compute.instances.detachDisk
  • compute.instances.get
  • compute.instances.getEffectiveFirewalls
  • compute.instances.getGuestAttributes
  • compute.instances.getIamPolicy
  • compute.instances.getScreenshot
  • compute.instances.getSerialPortOutput
  • compute.instances.getShieldedInstanceIdentity
  • compute.instances.getShieldedVmIdentity
  • compute.instances.list
  • compute.instances.listEffectiveTags
  • compute.instances.listReferrers
  • compute.instances.listTagBindings
  • compute.instances.osAdminLogin
  • compute.instances.osLogin
  • compute.instances.pscInterfaceCreate
  • compute.instances.removeResourcePolicies
  • compute.instances.reset
  • compute.instances.resume
  • compute.instances.sendDiagnosticInterrupt
  • compute.instances.setDeletionProtection
  • compute.instances.setDiskAutoDelete
  • compute.instances.setIamPolicy
  • compute.instances.setLabels
  • compute.instances.setMachineResources
  • compute.instances.setMachineType
  • compute.instances.setMetadata
  • compute.instances.setMinCpuPlatform
  • compute.instances.setName
  • compute.instances.setScheduling
  • compute.instances.setSecurityPolicy
  • compute.instances.setServiceAccount
  • compute.instances.setShieldedInstanceIntegrityPolicy
  • compute.instances.setShieldedVmIntegrityPolicy
  • compute.instances.setTags
  • compute.instances.simulateMaintenanceEvent
  • compute.instances.start
  • compute.instances.startWithEncryptionKey
  • compute.instances.stop
  • compute.instances.suspend
  • compute.instances.update
  • compute.instances.updateAccessConfig
  • compute.instances.updateDisplayDevice
  • compute.instances.updateNetworkInterface
  • compute.instances.updateSecurity
  • compute.instances.updateShieldedInstanceConfig
  • compute.instances.updateShieldedVmConfig
  • compute.instances.use
  • compute.instances.useReadOnly

compute.licenses.get

compute.licenses.list

compute.licenses.listEffectiveTags

compute.licenses.listTagBindings

compute.machineImages.*

  • compute.machineImages.create
  • compute.machineImages.createTagBinding
  • compute.machineImages.delete
  • compute.machineImages.deleteTagBinding
  • compute.machineImages.get
  • compute.machineImages.getIamPolicy
  • compute.machineImages.list
  • compute.machineImages.listEffectiveTags
  • compute.machineImages.listTagBindings
  • compute.machineImages.setIamPolicy
  • compute.machineImages.setLabels
  • compute.machineImages.useReadOnly

compute.machineTypes.*

  • compute.machineTypes.get
  • compute.machineTypes.list

compute.multiMig.*

  • compute.multiMig.create
  • compute.multiMig.delete
  • compute.multiMig.get
  • compute.multiMig.list

compute.networkEndpointGroups.*

  • compute.networkEndpointGroups.attachNetworkEndpoints
  • compute.networkEndpointGroups.create
  • compute.networkEndpointGroups.createTagBinding
  • compute.networkEndpointGroups.delete
  • compute.networkEndpointGroups.deleteTagBinding
  • compute.networkEndpointGroups.detachNetworkEndpoints
  • compute.networkEndpointGroups.get
  • compute.networkEndpointGroups.list
  • compute.networkEndpointGroups.listEffectiveTags
  • compute.networkEndpointGroups.listTagBindings
  • compute.networkEndpointGroups.use

compute.networks.get

compute.networks.getEffectiveFirewalls

compute.networks.list

compute.networks.listEffectiveTags

compute.networks.listTagBindings

compute.networks.setFirewallPolicy

compute.networks.use

compute.networks.useExternalIp

compute.nodeGroups.get

compute.nodeTypes.get

compute.projects.get

compute.regionFirewallPolicies.create

compute.regionFirewallPolicies.createTagBinding

compute.regionFirewallPolicies.get

compute.regionFirewallPolicies.update

compute.regionFirewallPolicies.use

compute.regionNetworkEndpointGroups.*

  • compute.regionNetworkEndpointGroups.attachNetworkEndpoints
  • compute.regionNetworkEndpointGroups.create
  • compute.regionNetworkEndpointGroups.createTagBinding
  • compute.regionNetworkEndpointGroups.delete
  • compute.regionNetworkEndpointGroups.deleteTagBinding
  • compute.regionNetworkEndpointGroups.detachNetworkEndpoints
  • compute.regionNetworkEndpointGroups.get
  • compute.regionNetworkEndpointGroups.list
  • compute.regionNetworkEndpointGroups.listEffectiveTags
  • compute.regionNetworkEndpointGroups.listTagBindings
  • compute.regionNetworkEndpointGroups.use

compute.regionOperations.get

compute.regionOperations.list

compute.regions.*

  • compute.regions.get
  • compute.regions.list

compute.reservationBlocks.get

compute.reservationBlocks.list

compute.reservationSubBlocks.*

  • compute.reservationSubBlocks.get
  • compute.reservationSubBlocks.list
  • compute.reservationSubBlocks.performMaintenance
  • compute.reservationSubBlocks.reportFaulty

compute.reservations.get

compute.reservations.list

compute.reservations.listEffectiveTags

compute.reservations.listTagBindings

compute.resourcePolicies.list

compute.resourcePolicies.useReadOnly

compute.storagePools.get

compute.storagePools.list

compute.storagePools.listEffectiveTags

compute.storagePools.listTagBindings

compute.storagePools.use

compute.subnetworks.get

compute.subnetworks.list

compute.subnetworks.listEffectiveTags

compute.subnetworks.listTagBindings

compute.subnetworks.setPrivateIpGoogleAccess

compute.subnetworks.use

compute.subnetworks.useExternalIp

compute.targetPools.get

compute.targetPools.list

compute.targetPools.listEffectiveTags

compute.targetPools.listTagBindings

compute.zoneOperations.get

compute.zoneOperations.list

compute.zones.*

  • compute.zones.get
  • compute.zones.list

container.clusterRoleBindings.*

  • container.clusterRoleBindings.create
  • container.clusterRoleBindings.delete
  • container.clusterRoleBindings.get
  • container.clusterRoleBindings.list
  • container.clusterRoleBindings.update

container.clusterRoles.*

  • container.clusterRoles.bind
  • container.clusterRoles.create
  • container.clusterRoles.delete
  • container.clusterRoles.escalate
  • container.clusterRoles.get
  • container.clusterRoles.list
  • container.clusterRoles.update

container.clusters.connect

container.clusters.get

container.clusters.update

container.customResourceDefinitions.create

container.customResourceDefinitions.delete

container.customResourceDefinitions.get

container.customResourceDefinitions.list

container.customResourceDefinitions.update

container.namespaces.create

container.namespaces.delete

container.namespaces.get

container.namespaces.list

container.namespaces.update

container.operations.get

container.roleBindings.*

  • container.roleBindings.create
  • container.roleBindings.delete
  • container.roleBindings.get
  • container.roleBindings.list
  • container.roleBindings.update

container.roles.bind

container.roles.escalate

dataproc.autoscalingPolicies.create

dataproc.autoscalingPolicies.delete

dataproc.autoscalingPolicies.get

dataproc.autoscalingPolicies.getIamPolicy

dataproc.autoscalingPolicies.list

dataproc.autoscalingPolicies.update

dataproc.autoscalingPolicies.use

dataproc.clusters.*

  • dataproc.clusters.create
  • dataproc.clusters.delete
  • dataproc.clusters.get
  • dataproc.clusters.getIamPolicy
  • dataproc.clusters.list
  • dataproc.clusters.repair
  • dataproc.clusters.setIamPolicy
  • dataproc.clusters.start
  • dataproc.clusters.stop
  • dataproc.clusters.update
  • dataproc.clusters.use

dataproc.jobs.*

  • dataproc.jobs.cancel
  • dataproc.jobs.create
  • dataproc.jobs.delete
  • dataproc.jobs.get
  • dataproc.jobs.getIamPolicy
  • dataproc.jobs.list
  • dataproc.jobs.setIamPolicy
  • dataproc.jobs.update

dataproc.nodeGroups.*

  • dataproc.nodeGroups.create
  • dataproc.nodeGroups.get
  • dataproc.nodeGroups.update

dataproc.operations.cancel

dataproc.sessionTemplates.get

dataproc.sessions.*

  • dataproc.sessions.create
  • dataproc.sessions.delete
  • dataproc.sessions.get
  • dataproc.sessions.list
  • dataproc.sessions.sparkApplicationRead
  • dataproc.sessions.sparkApplicationWrite
  • dataproc.sessions.terminate

dataprocrm.nodePools.*

  • dataprocrm.nodePools.create
  • dataprocrm.nodePools.delete
  • dataprocrm.nodePools.deleteNodes
  • dataprocrm.nodePools.get
  • dataprocrm.nodePools.list
  • dataprocrm.nodePools.resize

dataprocrm.nodes.*

  • dataprocrm.nodes.get
  • dataprocrm.nodes.heartbeat
  • dataprocrm.nodes.list
  • dataprocrm.nodes.mintOAuthToken
  • dataprocrm.nodes.update

dataprocrm.operations.cancel

dataprocrm.operations.get

dataprocrm.operations.list

dataprocrm.workloads.*

  • dataprocrm.workloads.cancel
  • dataprocrm.workloads.create
  • dataprocrm.workloads.delete
  • dataprocrm.workloads.get
  • dataprocrm.workloads.list

firebase.projects.get

iam.serviceAccounts.actAs

iam.serviceAccounts.getAccessToken

metastore.services.get

monitoring.timeSeries.create

orgpolicy.policy.get

recommender.iamPolicyInsights.*

  • recommender.iamPolicyInsights.get
  • recommender.iamPolicyInsights.list
  • recommender.iamPolicyInsights.update

recommender.iamPolicyRecommendations.*

  • recommender.iamPolicyRecommendations.get
  • recommender.iamPolicyRecommendations.list
  • recommender.iamPolicyRecommendations.update

recommender.storageBucketSoftDeleteInsights.*

  • recommender.storageBucketSoftDeleteInsights.get
  • recommender.storageBucketSoftDeleteInsights.list
  • recommender.storageBucketSoftDeleteInsights.update

recommender.storageBucketSoftDeleteRecommendations.*

  • recommender.storageBucketSoftDeleteRecommendations.get
  • recommender.storageBucketSoftDeleteRecommendations.list
  • recommender.storageBucketSoftDeleteRecommendations.update

resourcemanager.hierarchyNodes.listEffectiveTags

resourcemanager.projects.get

resourcemanager.projects.list

resourcemanager.tagKeys.create

resourcemanager.tagKeys.get

resourcemanager.tagKeys.getIamPolicy

resourcemanager.tagKeys.setIamPolicy

resourcemanager.tagValueBindings.*

  • resourcemanager.tagValueBindings.create
  • resourcemanager.tagValueBindings.delete

resourcemanager.tagValues.create

resourcemanager.tagValues.get

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

  • serviceusage.groups.list
  • serviceusage.groups.listExpandedMembers
  • serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.services.use

serviceusage.values.test

storage.anywhereCaches.*

  • storage.anywhereCaches.create
  • storage.anywhereCaches.disable
  • storage.anywhereCaches.get
  • storage.anywhereCaches.list
  • storage.anywhereCaches.pause
  • storage.anywhereCaches.resume
  • storage.anywhereCaches.update

storage.bucketOperations.*

  • storage.bucketOperations.cancel
  • storage.bucketOperations.get
  • storage.bucketOperations.list

storage.buckets.*

  • storage.buckets.create
  • storage.buckets.createTagBinding
  • storage.buckets.delete
  • storage.buckets.deleteTagBinding
  • storage.buckets.enableObjectRetention
  • storage.buckets.get
  • storage.buckets.getIamPolicy
  • storage.buckets.getIpFilter
  • storage.buckets.getObjectInsights
  • storage.buckets.list
  • storage.buckets.listEffectiveTags
  • storage.buckets.listTagBindings
  • storage.buckets.relocate
  • storage.buckets.restore
  • storage.buckets.setIamPolicy
  • storage.buckets.setIpFilter
  • storage.buckets.update
  • storage.buckets.viewIntelligenceDetails

storage.folders.*

  • storage.folders.create
  • storage.folders.delete
  • storage.folders.get
  • storage.folders.list
  • storage.folders.rename

storage.intelligenceConfigs.*

  • storage.intelligenceConfigs.get
  • storage.intelligenceConfigs.update

storage.managedFolders.*

  • storage.managedFolders.create
  • storage.managedFolders.delete
  • storage.managedFolders.get
  • storage.managedFolders.getIamPolicy
  • storage.managedFolders.list
  • storage.managedFolders.setIamPolicy

storage.multipartUploads.*

  • storage.multipartUploads.abort
  • storage.multipartUploads.create
  • storage.multipartUploads.list
  • storage.multipartUploads.listParts

storage.objects.*

  • storage.objects.create
  • storage.objects.createContext
  • storage.objects.delete
  • storage.objects.deleteContext
  • storage.objects.get
  • storage.objects.getIamPolicy
  • storage.objects.list
  • storage.objects.move
  • storage.objects.overrideUnlockedRetention
  • storage.objects.restore
  • storage.objects.setIamPolicy
  • storage.objects.setRetention
  • storage.objects.update
  • storage.objects.updateContext

storagebatchoperations.*

  • storagebatchoperations.bucketOperations.get
  • storagebatchoperations.bucketOperations.list
  • storagebatchoperations.jobs.cancel
  • storagebatchoperations.jobs.create
  • storagebatchoperations.jobs.delete
  • storagebatchoperations.jobs.get
  • storagebatchoperations.jobs.list
  • storagebatchoperations.locations.get
  • storagebatchoperations.locations.list
  • storagebatchoperations.operations.cancel
  • storagebatchoperations.operations.delete
  • storagebatchoperations.operations.get
  • storagebatchoperations.operations.list

Dataproc Viewer

(roles/dataproc.viewer)

Provides read-only access to Dataproc resources.

Lowest-level resources where you can grant this role:

  • Cluster

compute.machineTypes.get

compute.regions.*

  • compute.regions.get
  • compute.regions.list

compute.zones.*

  • compute.zones.get
  • compute.zones.list

dataproc.autoscalingPolicies.get

dataproc.autoscalingPolicies.list

dataproc.batches.analyze

dataproc.batches.get

dataproc.batches.list

dataproc.batches.sparkApplicationRead

dataproc.clusters.get

dataproc.clusters.list

dataproc.jobs.get

dataproc.jobs.list

dataproc.nodeGroups.get

dataproc.operations.get

dataproc.operations.list

dataproc.sessionTemplates.get

dataproc.sessionTemplates.list

dataproc.sessions.get

dataproc.sessions.list

dataproc.sessions.sparkApplicationRead

dataproc.workflowTemplates.get

dataproc.workflowTemplates.list

resourcemanager.projects.get

resourcemanager.projects.list

Dataproc Worker

(roles/dataproc.worker)

Provides worker access to Dataproc resources. Intended for service accounts.

cloudprofiler.profiles.create

cloudprofiler.profiles.update

datalineage.locations.processOpenLineageMessage

dataproc.agents.*

  • dataproc.agents.create
  • dataproc.agents.delete
  • dataproc.agents.get
  • dataproc.agents.list
  • dataproc.agents.update

dataproc.batches.sparkApplicationWrite

dataproc.sessions.sparkApplicationWrite

dataproc.tasks.*

  • dataproc.tasks.lease
  • dataproc.tasks.listInvalidatedLeases
  • dataproc.tasks.reportStatus

dataprocrm.nodePools.*

  • dataprocrm.nodePools.create
  • dataprocrm.nodePools.delete
  • dataprocrm.nodePools.deleteNodes
  • dataprocrm.nodePools.get
  • dataprocrm.nodePools.list
  • dataprocrm.nodePools.resize

dataprocrm.nodes.get

dataprocrm.nodes.heartbeat

dataprocrm.nodes.list

dataprocrm.nodes.mintOAuthToken

dataprocrm.operations.get

logging.logEntries.create

logging.logEntries.route

monitoring.metricDescriptors.create

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

  • monitoring.monitoredResourceDescriptors.get
  • monitoring.monitoredResourceDescriptors.list

monitoring.timeSeries.create

storage.buckets.get

storage.folders.*

  • storage.folders.create
  • storage.folders.delete
  • storage.folders.get
  • storage.folders.list
  • storage.folders.rename

storage.managedFolders.create

storage.managedFolders.delete

storage.managedFolders.get

storage.managedFolders.list

storage.multipartUploads.*

  • storage.multipartUploads.abort
  • storage.multipartUploads.create
  • storage.multipartUploads.list
  • storage.multipartUploads.listParts

storage.objects.create

storage.objects.createContext

storage.objects.delete

storage.objects.deleteContext

storage.objects.get

storage.objects.getIamPolicy

storage.objects.list

storage.objects.overrideUnlockedRetention

storage.objects.restore

storage.objects.setIamPolicy

storage.objects.setRetention

storage.objects.update

storage.objects.updateContext

telemetry.metrics.write

Dataproc permissions

PermissionIncluded in roles

dataproc.agents.create

Owner (roles/owner)

Editor (roles/editor)

Dataproc Worker (roles/dataproc.worker)

dataproc.agents.delete

Owner (roles/owner)

Editor (roles/editor)

Dataproc Worker (roles/dataproc.worker)

dataproc.agents.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Dataproc Worker (roles/dataproc.worker)

Support User (roles/iam.supportUser)

dataproc.agents.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Dataproc Worker (roles/dataproc.worker)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

dataproc.agents.update

Owner (roles/owner)

Editor (roles/editor)

Dataproc Worker (roles/dataproc.worker)

dataproc.autoscalingPolicies.create

Owner (roles/owner)

Editor (roles/editor)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

ML Engineer (roles/iam.mlEngineer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.autoscalingPolicies.delete

Owner (roles/owner)

Editor (roles/editor)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

ML Engineer (roles/iam.mlEngineer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.autoscalingPolicies.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Dataproc Hub Agent (roles/dataproc.hubAgent)

Dataproc Viewer (roles/dataproc.viewer)

Data Scientist (roles/iam.dataScientist)

ML Engineer (roles/iam.mlEngineer)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.autoscalingPolicies.getIamPolicy

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Dataproc Administrator (roles/dataproc.admin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.autoscalingPolicies.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Dataproc Hub Agent (roles/dataproc.hubAgent)

Dataproc Viewer (roles/dataproc.viewer)

Data Scientist (roles/iam.dataScientist)

ML Engineer (roles/iam.mlEngineer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.autoscalingPolicies.setIamPolicy

Owner (roles/owner)

Dataproc Administrator (roles/dataproc.admin)

Security Admin (roles/iam.securityAdmin)

dataproc.autoscalingPolicies.update

Owner (roles/owner)

Editor (roles/editor)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

ML Engineer (roles/iam.mlEngineer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.autoscalingPolicies.use

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Dataproc Hub Agent (roles/dataproc.hubAgent)

ML Engineer (roles/iam.mlEngineer)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.batches.analyze

Owner (roles/owner)

Editor (roles/editor)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery Studio User (roles/bigquery.studioUser)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Dataproc Serverless Editor (roles/dataproc.serverlessEditor)

Dataproc Viewer (roles/dataproc.viewer)

Data Scientist (roles/iam.dataScientist)

ML Engineer (roles/iam.mlEngineer)

Security Auditor (roles/iam.securityAuditor)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.batches.cancel

Owner (roles/owner)

Editor (roles/editor)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery Studio User (roles/bigquery.studioUser)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Dataproc Serverless Editor (roles/dataproc.serverlessEditor)

Data Scientist (roles/iam.dataScientist)

ML Engineer (roles/iam.mlEngineer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.batches.create

Owner (roles/owner)

Editor (roles/editor)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery Studio User (roles/bigquery.studioUser)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Dataproc Serverless Editor (roles/dataproc.serverlessEditor)

Data Scientist (roles/iam.dataScientist)

ML Engineer (roles/iam.mlEngineer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.batches.delete

Owner (roles/owner)

Editor (roles/editor)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery Studio User (roles/bigquery.studioUser)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Dataproc Serverless Editor (roles/dataproc.serverlessEditor)

Data Scientist (roles/iam.dataScientist)

ML Engineer (roles/iam.mlEngineer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.batches.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery Studio User (roles/bigquery.studioUser)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Dataproc Serverless Editor (roles/dataproc.serverlessEditor)

Dataproc Serverless Viewer (roles/dataproc.serverlessViewer)

Dataproc Viewer (roles/dataproc.viewer)

Data Scientist (roles/iam.dataScientist)

ML Engineer (roles/iam.mlEngineer)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.batches.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery Studio User (roles/bigquery.studioUser)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Dataproc Serverless Editor (roles/dataproc.serverlessEditor)

Dataproc Serverless Viewer (roles/dataproc.serverlessViewer)

Dataproc Viewer (roles/dataproc.viewer)

Data Scientist (roles/iam.dataScientist)

ML Engineer (roles/iam.mlEngineer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.batches.sparkApplicationRead

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery Studio User (roles/bigquery.studioUser)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Dataproc Serverless Editor (roles/dataproc.serverlessEditor)

Dataproc Viewer (roles/dataproc.viewer)

Data Scientist (roles/iam.dataScientist)

ML Engineer (roles/iam.mlEngineer)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.batches.sparkApplicationWrite

Owner (roles/owner)

Editor (roles/editor)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery Studio User (roles/bigquery.studioUser)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Dataproc Serverless Editor (roles/dataproc.serverlessEditor)

Dataproc Serverless Node. (roles/dataproc.serverlessNode)

Dataproc Worker (roles/dataproc.worker)

Data Scientist (roles/iam.dataScientist)

ML Engineer (roles/iam.mlEngineer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.clusters.create

Owner (roles/owner)

Editor (roles/editor)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Dataproc Hub Agent (roles/dataproc.hubAgent)

ML Engineer (roles/iam.mlEngineer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.clusters.delete

Owner (roles/owner)

Editor (roles/editor)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Dataproc Hub Agent (roles/dataproc.hubAgent)

ML Engineer (roles/iam.mlEngineer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.clusters.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Dataproc Hub Agent (roles/dataproc.hubAgent)

Dataproc Viewer (roles/dataproc.viewer)

Data Scientist (roles/iam.dataScientist)

ML Engineer (roles/iam.mlEngineer)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.clusters.getIamPolicy

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Dataproc Administrator (roles/dataproc.admin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.clusters.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Dataproc Hub Agent (roles/dataproc.hubAgent)

Dataproc Viewer (roles/dataproc.viewer)

Data Scientist (roles/iam.dataScientist)

ML Engineer (roles/iam.mlEngineer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.clusters.repair

Owner (roles/owner)

Editor (roles/editor)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Dataproc Hub Agent (roles/dataproc.hubAgent)

ML Engineer (roles/iam.mlEngineer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.clusters.setIamPolicy

Owner (roles/owner)

Dataproc Administrator (roles/dataproc.admin)

Security Admin (roles/iam.securityAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.clusters.start

Owner (roles/owner)

Editor (roles/editor)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

ML Engineer (roles/iam.mlEngineer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.clusters.stop

Owner (roles/owner)

Editor (roles/editor)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

ML Engineer (roles/iam.mlEngineer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.clusters.update

Owner (roles/owner)

Editor (roles/editor)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Dataproc Hub Agent (roles/dataproc.hubAgent)

ML Engineer (roles/iam.mlEngineer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.clusters.use

Owner (roles/owner)

Editor (roles/editor)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

ML Engineer (roles/iam.mlEngineer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.jobs.cancel

Owner (roles/owner)

Editor (roles/editor)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

ML Engineer (roles/iam.mlEngineer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.jobs.create

Owner (roles/owner)

Editor (roles/editor)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Data Scientist (roles/iam.dataScientist)

ML Engineer (roles/iam.mlEngineer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.jobs.delete

Owner (roles/owner)

Editor (roles/editor)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

ML Engineer (roles/iam.mlEngineer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.jobs.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Dataproc Viewer (roles/dataproc.viewer)

Data Scientist (roles/iam.dataScientist)

ML Engineer (roles/iam.mlEngineer)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.jobs.getIamPolicy

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Dataproc Administrator (roles/dataproc.admin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.jobs.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Dataproc Viewer (roles/dataproc.viewer)

Data Scientist (roles/iam.dataScientist)

ML Engineer (roles/iam.mlEngineer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.jobs.setIamPolicy

Owner (roles/owner)

Dataproc Administrator (roles/dataproc.admin)

Security Admin (roles/iam.securityAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.jobs.update

Owner (roles/owner)

Editor (roles/editor)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

ML Engineer (roles/iam.mlEngineer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.nodeGroups.create

Owner (roles/owner)

Editor (roles/editor)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

ML Engineer (roles/iam.mlEngineer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.nodeGroups.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Dataproc Viewer (roles/dataproc.viewer)

Data Scientist (roles/iam.dataScientist)

ML Engineer (roles/iam.mlEngineer)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.nodeGroups.update

Owner (roles/owner)

Editor (roles/editor)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

ML Engineer (roles/iam.mlEngineer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.operations.cancel

Owner (roles/owner)

Editor (roles/editor)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery Studio User (roles/bigquery.studioUser)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Dataproc Hub Agent (roles/dataproc.hubAgent)

Dataproc Serverless Editor (roles/dataproc.serverlessEditor)

Data Scientist (roles/iam.dataScientist)

ML Engineer (roles/iam.mlEngineer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.operations.delete

Owner (roles/owner)

Editor (roles/editor)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery Studio User (roles/bigquery.studioUser)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Dataproc Hub Agent (roles/dataproc.hubAgent)

Dataproc Serverless Editor (roles/dataproc.serverlessEditor)

Data Scientist (roles/iam.dataScientist)

ML Engineer (roles/iam.mlEngineer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.operations.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery Studio User (roles/bigquery.studioUser)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Dataproc Hub Agent (roles/dataproc.hubAgent)

Dataproc Serverless Editor (roles/dataproc.serverlessEditor)

Dataproc Viewer (roles/dataproc.viewer)

Data Scientist (roles/iam.dataScientist)

ML Engineer (roles/iam.mlEngineer)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.operations.getIamPolicy

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Dataproc Administrator (roles/dataproc.admin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

dataproc.operations.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery Studio User (roles/bigquery.studioUser)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Dataproc Hub Agent (roles/dataproc.hubAgent)

Dataproc Serverless Editor (roles/dataproc.serverlessEditor)

Dataproc Viewer (roles/dataproc.viewer)

Data Scientist (roles/iam.dataScientist)

ML Engineer (roles/iam.mlEngineer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.operations.setIamPolicy

Owner (roles/owner)

Dataproc Administrator (roles/dataproc.admin)

Security Admin (roles/iam.securityAdmin)

dataproc.sessionTemplates.create

Owner (roles/owner)

Editor (roles/editor)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery Studio User (roles/bigquery.studioUser)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Dataproc Serverless Editor (roles/dataproc.serverlessEditor)

Data Scientist (roles/iam.dataScientist)

ML Engineer (roles/iam.mlEngineer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.sessionTemplates.delete

Owner (roles/owner)

Editor (roles/editor)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery Studio User (roles/bigquery.studioUser)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Dataproc Serverless Editor (roles/dataproc.serverlessEditor)

Data Scientist (roles/iam.dataScientist)

ML Engineer (roles/iam.mlEngineer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.sessionTemplates.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery Studio User (roles/bigquery.studioUser)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Dataproc Serverless Editor (roles/dataproc.serverlessEditor)

Dataproc Serverless Viewer (roles/dataproc.serverlessViewer)

Dataproc Viewer (roles/dataproc.viewer)

Data Scientist (roles/iam.dataScientist)

ML Engineer (roles/iam.mlEngineer)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.sessionTemplates.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery Studio User (roles/bigquery.studioUser)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Dataproc Serverless Editor (roles/dataproc.serverlessEditor)

Dataproc Serverless Viewer (roles/dataproc.serverlessViewer)

Dataproc Viewer (roles/dataproc.viewer)

Data Scientist (roles/iam.dataScientist)

ML Engineer (roles/iam.mlEngineer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.sessionTemplates.update

Owner (roles/owner)

Editor (roles/editor)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery Studio User (roles/bigquery.studioUser)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Dataproc Serverless Editor (roles/dataproc.serverlessEditor)

Data Scientist (roles/iam.dataScientist)

ML Engineer (roles/iam.mlEngineer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.sessions.create

Owner (roles/owner)

Editor (roles/editor)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery Studio User (roles/bigquery.studioUser)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Dataproc Serverless Editor (roles/dataproc.serverlessEditor)

Data Scientist (roles/iam.dataScientist)

ML Engineer (roles/iam.mlEngineer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.sessions.delete

Owner (roles/owner)

Editor (roles/editor)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery Studio User (roles/bigquery.studioUser)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Dataproc Serverless Editor (roles/dataproc.serverlessEditor)

Data Scientist (roles/iam.dataScientist)

ML Engineer (roles/iam.mlEngineer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.sessions.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery Studio User (roles/bigquery.studioUser)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Dataproc Serverless Editor (roles/dataproc.serverlessEditor)

Dataproc Serverless Viewer (roles/dataproc.serverlessViewer)

Dataproc Viewer (roles/dataproc.viewer)

Data Scientist (roles/iam.dataScientist)

ML Engineer (roles/iam.mlEngineer)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.sessions.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery Studio User (roles/bigquery.studioUser)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Dataproc Serverless Editor (roles/dataproc.serverlessEditor)

Dataproc Serverless Viewer (roles/dataproc.serverlessViewer)

Dataproc Viewer (roles/dataproc.viewer)

Data Scientist (roles/iam.dataScientist)

ML Engineer (roles/iam.mlEngineer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.sessions.sparkApplicationRead

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery Studio User (roles/bigquery.studioUser)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Dataproc Serverless Editor (roles/dataproc.serverlessEditor)

Dataproc Serverless Node. (roles/dataproc.serverlessNode)

Dataproc Viewer (roles/dataproc.viewer)

Data Scientist (roles/iam.dataScientist)

ML Engineer (roles/iam.mlEngineer)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.sessions.sparkApplicationWrite

Owner (roles/owner)

Editor (roles/editor)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery Studio User (roles/bigquery.studioUser)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Dataproc Serverless Editor (roles/dataproc.serverlessEditor)

Dataproc Serverless Node. (roles/dataproc.serverlessNode)

Dataproc Worker (roles/dataproc.worker)

Data Scientist (roles/iam.dataScientist)

ML Engineer (roles/iam.mlEngineer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.sessions.terminate

Owner (roles/owner)

Editor (roles/editor)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery Studio User (roles/bigquery.studioUser)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Dataproc Serverless Editor (roles/dataproc.serverlessEditor)

Data Scientist (roles/iam.dataScientist)

ML Engineer (roles/iam.mlEngineer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.tasks.lease

Owner (roles/owner)

Editor (roles/editor)

Dataproc Worker (roles/dataproc.worker)

dataproc.tasks.listInvalidatedLeases

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Dataproc Worker (roles/dataproc.worker)

Support User (roles/iam.supportUser)

dataproc.tasks.reportStatus

Owner (roles/owner)

Editor (roles/editor)

Dataproc Worker (roles/dataproc.worker)

dataproc.workflowTemplates.create

Owner (roles/owner)

Editor (roles/editor)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

ML Engineer (roles/iam.mlEngineer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.workflowTemplates.delete

Owner (roles/owner)

Editor (roles/editor)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

ML Engineer (roles/iam.mlEngineer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.workflowTemplates.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Dataproc Viewer (roles/dataproc.viewer)

Data Scientist (roles/iam.dataScientist)

ML Engineer (roles/iam.mlEngineer)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.workflowTemplates.getIamPolicy

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Dataproc Administrator (roles/dataproc.admin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

dataproc.workflowTemplates.instantiate

Owner (roles/owner)

Editor (roles/editor)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

ML Engineer (roles/iam.mlEngineer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.workflowTemplates.instantiateInline

Owner (roles/owner)

Editor (roles/editor)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

ML Engineer (roles/iam.mlEngineer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.workflowTemplates.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

Dataproc Viewer (roles/dataproc.viewer)

Data Scientist (roles/iam.dataScientist)

ML Engineer (roles/iam.mlEngineer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

dataproc.workflowTemplates.setIamPolicy

Owner (roles/owner)

Dataproc Administrator (roles/dataproc.admin)

Security Admin (roles/iam.securityAdmin)

dataproc.workflowTemplates.update

Owner (roles/owner)

Editor (roles/editor)

Dataproc Administrator (roles/dataproc.admin)

Dataproc Editor (roles/dataproc.editor)

ML Engineer (roles/iam.mlEngineer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2026-02-19 UTC.