Firestore roles and permissions
This page lists the IAM roles and permissions for Firestore. Tosearch through all roles and permissions, see therole andpermission index.
Firestore roles
| Role | Permissions |
|---|---|
Cloud Datastore Backup Schedules Admin( Manage backup schedules in Cloud Datastore. |
|
Cloud Datastore Backup Schedules Viewer( Read access to backup schedules in Cloud Datastore. |
|
Cloud Datastore Backups Admin( Read/Write access to metadata about backups in Cloud Datastore but restore is not allowed. |
|
Cloud Datastore Backups Viewer( Read access to metadata about backups in Cloud Datastore. |
|
Cloud Datastore Bulk Admin( Full access to manage bulk operations. |
|
Cloud Datastore Clone Admin( Clone Cloud Datastore Databases. |
|
Cloud Datastore Import Export Admin( Provides full access to manage imports and exports. Lowest-level resources where you can grant this role:
|
|
Cloud Datastore Index Admin( Provides full access to manage index definitions. Lowest-level resources where you can grant this role:
|
|
Cloud Datastore Key Visualizer Viewer( Full access to Key Visualizer scans. |
|
Cloud Datastore Owner( Provides full access to Datastore resources. Lowest-level resources where you can grant this role:
|
|
Cloud Datastore Restore Admin( Restore into Cloud Datastore Databases from Cloud Datastore Backups. |
|
Cloud Datastore User( Provides read/write access to data in a Datastore database. Lowest-level resources where you can grant this role:
|
|
Cloud Datastore User Creds Admin( Manage user creds in Cloud Datastore. |
|
Cloud Datastore User Creds Viewer( Read access to user creds in Cloud Datastore. |
|
Cloud Datastore Viewer( Provides read access to Datastore resources. Lowest-level resources where you can grant this role:
|
|
Firestore Service Agent( Gives Firestore service account access to managed resources. Warning: Do not grant service agent roles to any principals exceptservice agents. |
|
Firestore permissions
| Permission | Included in roles |
|---|---|
| Owner ( Editor ( Cloud Datastore Backup Schedules Admin ( Cloud Datastore Owner ( Firebase Admin ( Firebase Develop Admin ( Databases Admin ( |
| Owner ( Editor ( Cloud Datastore Backup Schedules Admin ( Cloud Datastore Owner ( Firebase Admin ( Firebase Develop Admin ( Databases Admin ( |
| Owner ( Editor ( Viewer ( Cloud Datastore Backup Schedules Admin ( Cloud Datastore Backup Schedules Viewer ( Cloud Datastore Owner ( Firebase Admin ( Firebase Develop Admin ( Databases Admin ( Support User ( |
| Owner ( Editor ( Viewer ( Cloud Datastore Backup Schedules Admin ( Cloud Datastore Backup Schedules Viewer ( Cloud Datastore Owner ( Firebase Admin ( Firebase Develop Admin ( Databases Admin ( Security Admin ( Security Auditor ( Security Reviewer ( Support User ( |
| Owner ( Editor ( Cloud Datastore Backup Schedules Admin ( Cloud Datastore Owner ( Firebase Admin ( Firebase Develop Admin ( Databases Admin ( |
| Owner ( Editor ( Cloud Datastore Backups Admin ( Cloud Datastore Owner ( Firebase Admin ( Firebase Develop Admin ( Databases Admin ( |
| Owner ( Editor ( Viewer ( Cloud Datastore Backups Admin ( Cloud Datastore Backups Viewer ( Cloud Datastore Owner ( Cloud Datastore Restore Admin ( Firebase Admin ( Firebase Develop Admin ( Firebase Develop Viewer ( Firebase Viewer ( Databases Admin ( Support User ( |
| Owner ( Editor ( Viewer ( Cloud Datastore Backups Admin ( Cloud Datastore Backups Viewer ( Cloud Datastore Owner ( Cloud Datastore Restore Admin ( Firebase Admin ( Firebase Develop Admin ( Firebase Develop Viewer ( Firebase Viewer ( Databases Admin ( Security Admin ( Security Auditor ( Security Reviewer ( Support User ( |
| Owner ( Cloud Datastore Owner ( Cloud Datastore Restore Admin ( Firebase Admin ( Firebase Develop Admin ( Databases Admin ( |
| Owner ( Cloud Datastore Bulk Admin ( Cloud Datastore Owner ( Firebase Admin ( Firebase Develop Admin ( Databases Admin ( |
| Owner ( Cloud Datastore Clone Admin ( Cloud Datastore Owner ( Firebase Admin ( Firebase Develop Admin ( |
| Owner ( Cloud Datastore Clone Admin ( Cloud Datastore Owner ( Cloud Datastore Restore Admin ( Firebase Admin ( Firebase Develop Admin ( Databases Admin ( Service agent roles Warning: Don't grant service agent roles to any principals exceptservice agents.
|
| Owner ( Cloud Datastore Owner ( DLP Organization Data Profiles Driver ( DLP Project Data Profiles Driver ( Firebase Admin ( Firebase Develop Admin ( Tag User ( |
| Owner ( Cloud Datastore Owner ( Firebase Admin ( Firebase Develop Admin ( |
| Owner ( Cloud Datastore Owner ( DLP Organization Data Profiles Driver ( DLP Project Data Profiles Driver ( Firebase Admin ( Firebase Develop Admin ( Tag User ( |
| Owner ( Cloud Datastore Import Export Admin ( Cloud Datastore Owner ( Firebase Admin ( Firebase Develop Admin ( Databases Admin ( Service agent roles Warning: Don't grant service agent roles to any principals exceptservice agents.
|
| Owner ( Editor ( Viewer ( Cloud Datastore Owner ( Cloud Datastore User ( Cloud Datastore Viewer ( Firebase Admin ( Firebase Develop Admin ( Firebase Develop Viewer ( Firebase Admin SDK Administrator Service Agent ( Firebase Viewer ( Firebase Rules System ( Data Scientist ( Support User ( Service agent roles Warning: Don't grant service agent roles to any principals exceptservice agents.
|
| Owner ( Editor ( Viewer ( Cloud Datastore Backup Schedules Admin ( Cloud Datastore Bulk Admin ( Cloud Datastore Clone Admin ( Cloud Datastore Import Export Admin ( Cloud Datastore Index Admin ( Cloud Datastore Key Visualizer Viewer ( Cloud Datastore Owner ( Cloud Datastore Restore Admin ( Cloud Datastore User ( Cloud Datastore User Creds Admin ( Cloud Datastore Viewer ( Firebase Admin ( Firebase Develop Admin ( Firebase Develop Viewer ( Firebase Admin SDK Administrator Service Agent ( Firebase Viewer ( Data Scientist ( Databases Admin ( Support User ( Service agent roles Warning: Don't grant service agent roles to any principals exceptservice agents.
|
| Owner ( Cloud Datastore Import Export Admin ( Cloud Datastore Owner ( Firebase Admin ( Firebase Develop Admin ( Databases Admin ( |
| Owner ( Editor ( Viewer ( Cloud Datastore Backup Schedules Admin ( Cloud Datastore Clone Admin ( Cloud Datastore Owner ( Cloud Datastore Restore Admin ( Cloud Datastore User ( Cloud Datastore User Creds Admin ( Cloud Datastore Viewer ( Firebase Admin ( Firebase Develop Admin ( Firebase Develop Viewer ( Firebase Admin SDK Administrator Service Agent ( Firebase Viewer ( Data Scientist ( Databases Admin ( Security Admin ( Security Auditor ( Security Reviewer ( Support User ( Service agent roles Warning: Don't grant service agent roles to any principals exceptservice agents.
|
| Owner ( Editor ( Viewer ( Cloud Datastore Owner ( DLP Organization Data Profiles Driver ( DLP Project Data Profiles Driver ( Firebase Admin ( Firebase Develop Admin ( Security Auditor ( Support User ( Tag User ( Tag Viewer ( |
| Owner ( Editor ( Viewer ( Cloud Datastore Owner ( DLP Organization Data Profiles Driver ( DLP Project Data Profiles Driver ( Firebase Admin ( Firebase Develop Admin ( Security Auditor ( Support User ( Tag User ( Tag Viewer ( |
| Owner ( Editor ( Cloud Datastore Owner ( Firebase Admin ( Firebase Develop Admin ( Service agent roles Warning: Don't grant service agent roles to any principals exceptservice agents.
|
| Owner ( Editor ( Cloud Datastore Owner ( Cloud Datastore User ( Firebase Admin ( Firebase Develop Admin ( Firebase Admin SDK Administrator Service Agent ( Firebase Rules System ( Service agent roles Warning: Don't grant service agent roles to any principals exceptservice agents.
|
| Owner ( Editor ( Cloud Datastore Owner ( Cloud Datastore User ( Firebase Admin ( Firebase Develop Admin ( Firebase Admin SDK Administrator Service Agent ( Firebase Rules System ( Service agent roles Warning: Don't grant service agent roles to any principals exceptservice agents.
|
| Owner ( Editor ( Cloud Datastore Owner ( Cloud Datastore User ( Firebase Admin ( Firebase Develop Admin ( Firebase Admin SDK Administrator Service Agent ( Firebase Rules System ( Service agent roles Warning: Don't grant service agent roles to any principals exceptservice agents.
|
| Owner ( Editor ( Viewer ( Cloud Datastore Owner ( Cloud Datastore User ( Cloud Datastore Viewer ( Firebase Admin ( Firebase Develop Admin ( Firebase Develop Viewer ( Firebase Admin SDK Administrator Service Agent ( Firebase Viewer ( Firebase Rules System ( Data Scientist ( Support User ( Service agent roles Warning: Don't grant service agent roles to any principals exceptservice agents.
|
| Owner ( Editor ( Viewer ( Cloud Datastore Owner ( Cloud Datastore User ( Cloud Datastore Viewer ( Firebase Admin ( Firebase Develop Admin ( Firebase Develop Viewer ( Firebase Admin SDK Administrator Service Agent ( Firebase Viewer ( Firebase Rules System ( Data Scientist ( Security Admin ( Security Auditor ( Security Reviewer ( Support User ( Service agent roles Warning: Don't grant service agent roles to any principals exceptservice agents.
|
| Owner ( Editor ( Cloud Datastore Owner ( Cloud Datastore User ( Firebase Admin ( Firebase Develop Admin ( Firebase Admin SDK Administrator Service Agent ( Firebase Rules System ( Service agent roles Warning: Don't grant service agent roles to any principals exceptservice agents.
|
| Owner ( Editor ( Cloud Datastore Index Admin ( Cloud Datastore Owner ( Firebase Admin ( Firebase Develop Admin ( Databases Admin ( |
| Owner ( Editor ( Cloud Datastore Index Admin ( Cloud Datastore Owner ( Firebase Admin ( Firebase Develop Admin ( Databases Admin ( |
| Owner ( Editor ( Viewer ( Cloud Datastore Index Admin ( Cloud Datastore Owner ( Cloud Datastore Viewer ( Firebase Admin ( Firebase Develop Admin ( Firebase Develop Viewer ( Firebase Admin SDK Administrator Service Agent ( Firebase Viewer ( Data Scientist ( Databases Admin ( Support User ( |
| Owner ( Editor ( Viewer ( Cloud Datastore Index Admin ( Cloud Datastore Owner ( Cloud Datastore User ( Cloud Datastore Viewer ( Firebase Admin ( Firebase Develop Admin ( Firebase Develop Viewer ( Firebase Admin SDK Administrator Service Agent ( Firebase Viewer ( Data Scientist ( Databases Admin ( Security Admin ( Security Auditor ( Security Reviewer ( Support User ( Service agent roles Warning: Don't grant service agent roles to any principals exceptservice agents.
|
| Owner ( Editor ( Cloud Datastore Index Admin ( Cloud Datastore Owner ( Firebase Admin ( Firebase Develop Admin ( Databases Admin ( |
| Owner ( Editor ( Viewer ( Cloud Datastore Owner ( Cloud Datastore Viewer ( Firebase Admin ( Firebase Develop Admin ( Firebase Admin SDK Administrator Service Agent ( Data Scientist ( Support User ( |
| Owner ( Editor ( Viewer ( Cloud Datastore Key Visualizer Viewer ( Cloud Datastore Owner ( Firebase Admin ( Firebase Develop Admin ( Support User ( |
| Owner ( Editor ( Viewer ( Cloud Datastore Key Visualizer Viewer ( Cloud Datastore Owner ( Firebase Admin ( Firebase Develop Admin ( Security Admin ( Security Auditor ( Security Reviewer ( Support User ( |
| Owner ( Cloud Datastore Owner ( Firebase Admin ( Firebase Develop Admin ( Service agent roles Warning: Don't grant service agent roles to any principals exceptservice agents.
|
| Owner ( Cloud Datastore Owner ( Firebase Admin ( Firebase Develop Admin ( Security Admin ( Security Auditor ( Security Reviewer ( Service agent roles Warning: Don't grant service agent roles to any principals exceptservice agents.
|
| Owner ( Editor ( Viewer ( Cloud Datastore Owner ( Cloud Datastore User ( Cloud Datastore Viewer ( Firebase Admin ( Firebase Develop Admin ( Firebase Develop Viewer ( Firebase Admin SDK Administrator Service Agent ( Firebase Viewer ( Data Scientist ( Support User ( Service agent roles Warning: Don't grant service agent roles to any principals exceptservice agents.
|
| Owner ( Editor ( Viewer ( Cloud Datastore Owner ( Cloud Datastore User ( Cloud Datastore Viewer ( Firebase Admin ( Firebase Develop Admin ( Firebase Develop Viewer ( Firebase Admin SDK Administrator Service Agent ( Firebase Viewer ( Data Scientist ( Security Admin ( Security Auditor ( Security Reviewer ( Support User ( Service agent roles Warning: Don't grant service agent roles to any principals exceptservice agents.
|
| Owner ( Cloud Datastore Bulk Admin ( Cloud Datastore Import Export Admin ( Cloud Datastore Owner ( Firebase Admin ( Firebase Develop Admin ( Databases Admin ( |
| Owner ( Cloud Datastore Owner ( Firebase Admin ( Firebase Develop Admin ( |
| Owner ( Editor ( Viewer ( Cloud Datastore Bulk Admin ( Cloud Datastore Clone Admin ( Cloud Datastore Import Export Admin ( Cloud Datastore Index Admin ( Cloud Datastore Owner ( Cloud Datastore Restore Admin ( Firebase Admin ( Firebase Develop Admin ( Databases Admin ( Support User ( Service agent roles Warning: Don't grant service agent roles to any principals exceptservice agents.
|
| Owner ( Editor ( Viewer ( Cloud Datastore Bulk Admin ( Cloud Datastore Clone Admin ( Cloud Datastore Import Export Admin ( Cloud Datastore Index Admin ( Cloud Datastore Owner ( Cloud Datastore Restore Admin ( Firebase Admin ( Firebase Develop Admin ( Databases Admin ( Security Admin ( Security Auditor ( Security Reviewer ( Support User ( Service agent roles Warning: Don't grant service agent roles to any principals exceptservice agents.
|
| Owner ( Editor ( Viewer ( Cloud Datastore Owner ( Cloud Datastore User ( Cloud Datastore Viewer ( Firebase Admin ( Firebase Develop Admin ( Firebase Develop Viewer ( Firebase Admin SDK Administrator Service Agent ( Firebase Viewer ( Data Scientist ( Support User ( Service agent roles Warning: Don't grant service agent roles to any principals exceptservice agents.
|
| Owner ( Editor ( Viewer ( Cloud Datastore Owner ( Cloud Datastore User ( Cloud Datastore Viewer ( Firebase Admin ( Firebase Develop Admin ( Firebase Develop Viewer ( Firebase Admin SDK Administrator Service Agent ( Firebase Viewer ( Data Scientist ( Security Admin ( Security Auditor ( Security Reviewer ( Support User ( Service agent roles Warning: Don't grant service agent roles to any principals exceptservice agents.
|
| Owner ( Editor ( Cloud Datastore Owner ( Cloud Datastore User Creds Admin ( Firebase Admin ( Firebase Develop Admin ( Databases Admin ( |
| Owner ( Editor ( Cloud Datastore Owner ( Cloud Datastore User Creds Admin ( Firebase Admin ( Firebase Develop Admin ( Databases Admin ( |
| Owner ( Editor ( Viewer ( Cloud Datastore Owner ( Cloud Datastore User Creds Admin ( Cloud Datastore User Creds Viewer ( Firebase Admin ( Firebase Develop Admin ( Databases Admin ( Support User ( |
| Owner ( Editor ( Viewer ( Cloud Datastore Owner ( Cloud Datastore User Creds Admin ( Cloud Datastore User Creds Viewer ( Firebase Admin ( Firebase Develop Admin ( Databases Admin ( Security Admin ( Security Auditor ( Security Reviewer ( Support User ( |
| Owner ( Editor ( Cloud Datastore Owner ( Cloud Datastore User Creds Admin ( Firebase Admin ( Firebase Develop Admin ( Databases Admin ( |
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-02-18 UTC.