Filestore roles and permissions

This page lists the IAM roles and permissions for Filestore. Tosearch through all roles and permissions, see therole andpermission index.

Filestore roles

RolePermissions

Cloud Filestore EditorBeta

(roles/file.editor)

Read-write access to Filestore instances and related resources.

backupdr.backupPlanAssociations.createForFilestoreInstance

backupdr.backupPlanAssociations.deleteForFilestoreInstance

backupdr.backupPlanAssociations.fetchForFilestoreInstance

backupdr.backupPlanAssociations.getForFilestoreInstance

backupdr.backupPlanAssociations.triggerBackupForFilestoreInstance

backupdr.backupPlanAssociations.updateForFilestoreInstance

backupdr.backupPlans.get

backupdr.backupPlans.list

backupdr.backupPlans.useForFilestoreInstance

backupdr.backupVaults.get

backupdr.backupVaults.list

backupdr.bvbackups.useReadOnlyForFilestoreInstance

backupdr.dataSourceReferences.fetchForFilestoreInstance

backupdr.dataSourceReferences.getForFilestoreInstance

backupdr.locations.list

backupdr.operations.get

backupdr.serviceConfig.initialize

file.*

  • file.backups.create
  • file.backups.createTagBinding
  • file.backups.delete
  • file.backups.deleteTagBinding
  • file.backups.get
  • file.backups.list
  • file.backups.listEffectiveTags
  • file.backups.listTagBindings
  • file.backups.update
  • file.instances.create
  • file.instances.createTagBinding
  • file.instances.delete
  • file.instances.deleteTagBinding
  • file.instances.get
  • file.instances.list
  • file.instances.listEffectiveTags
  • file.instances.listTagBindings
  • file.instances.restore
  • file.instances.revert
  • file.instances.update
  • file.locations.get
  • file.locations.list
  • file.operations.cancel
  • file.operations.delete
  • file.operations.get
  • file.operations.list
  • file.snapshots.createTagBinding
  • file.snapshots.deleteTagBinding
  • file.snapshots.listEffectiveTags
  • file.snapshots.listTagBindings

Cloud Filestore Service Agent

(roles/file.serviceAgent)

Gives Cloud Filestore service account access to managed resources.

Warning: Do not grant service agent roles to any principals exceptservice agents.

compute.globalOperations.get

compute.networks.addPeering

compute.networks.get

compute.networks.removePeering

compute.networks.update

compute.networks.updatePeering

compute.routes.list

monitoring.metricDescriptors.create

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

  • monitoring.monitoredResourceDescriptors.get
  • monitoring.monitoredResourceDescriptors.list

monitoring.timeSeries.create

resourcemanager.projects.get

resourcemanager.projects.list

telemetry.metrics.write

Cloud Filestore ViewerBeta

(roles/file.viewer)

Read-only access to Filestore instances and related resources.

backupdr.backupPlanAssociations.fetchForFilestoreInstance

backupdr.backupPlanAssociations.getForFilestoreInstance

backupdr.dataSourceReferences.fetchForFilestoreInstance

backupdr.dataSourceReferences.getForFilestoreInstance

file.backups.get

file.backups.list

file.backups.listEffectiveTags

file.backups.listTagBindings

file.instances.get

file.instances.list

file.instances.listEffectiveTags

file.instances.listTagBindings

file.locations.*

  • file.locations.get
  • file.locations.list

file.operations.get

file.operations.list

file.snapshots.listEffectiveTags

file.snapshots.listTagBindings

Filestore permissions

PermissionIncluded in roles

file.backups.create

Owner (roles/owner)

Editor (roles/editor)

Backup and DR Filestore Operator (roles/backupdr.filestoreOperator)

Cloud Filestore Editor (roles/file.editor)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

file.backups.createTagBinding

Owner (roles/owner)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Cloud Filestore Editor (roles/file.editor)

Tag User (roles/resourcemanager.tagUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

file.backups.delete

Owner (roles/owner)

Editor (roles/editor)

Cloud Filestore Editor (roles/file.editor)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

file.backups.deleteTagBinding

Owner (roles/owner)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Cloud Filestore Editor (roles/file.editor)

Tag User (roles/resourcemanager.tagUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

file.backups.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud Filestore Editor (roles/file.editor)

Cloud Filestore Viewer (roles/file.viewer)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

file.backups.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud Filestore Editor (roles/file.editor)

Cloud Filestore Viewer (roles/file.viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

file.backups.listEffectiveTags

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Cloud Filestore Editor (roles/file.editor)

Cloud Filestore Viewer (roles/file.viewer)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

file.backups.listTagBindings

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Cloud Filestore Editor (roles/file.editor)

Cloud Filestore Viewer (roles/file.viewer)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

file.backups.update

Owner (roles/owner)

Editor (roles/editor)

Cloud Filestore Editor (roles/file.editor)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

file.instances.create

Owner (roles/owner)

Editor (roles/editor)

Cloud Filestore Editor (roles/file.editor)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

file.instances.createTagBinding

Owner (roles/owner)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Cloud Filestore Editor (roles/file.editor)

Tag User (roles/resourcemanager.tagUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

file.instances.delete

Owner (roles/owner)

Editor (roles/editor)

Cloud Filestore Editor (roles/file.editor)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

file.instances.deleteTagBinding

Owner (roles/owner)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Cloud Filestore Editor (roles/file.editor)

Tag User (roles/resourcemanager.tagUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

file.instances.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Backup and DR Filestore Operator (roles/backupdr.filestoreOperator)

Cloud Filestore Editor (roles/file.editor)

Cloud Filestore Viewer (roles/file.viewer)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

file.instances.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud Filestore Editor (roles/file.editor)

Cloud Filestore Viewer (roles/file.viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

file.instances.listEffectiveTags

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Cloud Filestore Editor (roles/file.editor)

Cloud Filestore Viewer (roles/file.viewer)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

file.instances.listTagBindings

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Cloud Filestore Editor (roles/file.editor)

Cloud Filestore Viewer (roles/file.viewer)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

file.instances.restore

Owner (roles/owner)

Editor (roles/editor)

Cloud Filestore Editor (roles/file.editor)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

file.instances.revert

Owner (roles/owner)

Editor (roles/editor)

Cloud Filestore Editor (roles/file.editor)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

file.instances.update

Owner (roles/owner)

Editor (roles/editor)

Cloud Filestore Editor (roles/file.editor)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

file.locations.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud Filestore Editor (roles/file.editor)

Cloud Filestore Viewer (roles/file.viewer)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

file.locations.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud Filestore Editor (roles/file.editor)

Cloud Filestore Viewer (roles/file.viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

file.operations.cancel

Owner (roles/owner)

Editor (roles/editor)

Cloud Filestore Editor (roles/file.editor)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

file.operations.delete

Owner (roles/owner)

Editor (roles/editor)

Cloud Filestore Editor (roles/file.editor)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

file.operations.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud Filestore Editor (roles/file.editor)

Cloud Filestore Viewer (roles/file.viewer)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

file.operations.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud Filestore Editor (roles/file.editor)

Cloud Filestore Viewer (roles/file.viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

file.snapshots.createTagBinding

Owner (roles/owner)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Cloud Filestore Editor (roles/file.editor)

Tag User (roles/resourcemanager.tagUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

file.snapshots.deleteTagBinding

Owner (roles/owner)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Cloud Filestore Editor (roles/file.editor)

Tag User (roles/resourcemanager.tagUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

file.snapshots.listEffectiveTags

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Cloud Filestore Editor (roles/file.editor)

Cloud Filestore Viewer (roles/file.viewer)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

file.snapshots.listTagBindings

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Cloud Filestore Editor (roles/file.editor)

Cloud Filestore Viewer (roles/file.viewer)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2026-02-19 UTC.