Cloud Monitoring roles and permissions

This page lists the IAM roles and permissions for Cloud Monitoring. Tosearch through all roles and permissions, see therole andpermission index.

Cloud Monitoring roles

RolePermissions

Monitoring Admin

(roles/monitoring.admin)

Provides full access to Cloud Monitoring.

Lowest-level resources where you can grant this role:

  • Project

cloudnotifications.activities.list

monitoring.*

  • monitoring.alertPolicies.create
  • monitoring.alertPolicies.createTagBinding
  • monitoring.alertPolicies.delete
  • monitoring.alertPolicies.deleteTagBinding
  • monitoring.alertPolicies.get
  • monitoring.alertPolicies.list
  • monitoring.alertPolicies.listEffectiveTags
  • monitoring.alertPolicies.listTagBindings
  • monitoring.alertPolicies.update
  • monitoring.alerts.get
  • monitoring.alerts.list
  • monitoring.dashboards.create
  • monitoring.dashboards.createTagBinding
  • monitoring.dashboards.delete
  • monitoring.dashboards.deleteTagBinding
  • monitoring.dashboards.get
  • monitoring.dashboards.list
  • monitoring.dashboards.listEffectiveTags
  • monitoring.dashboards.listTagBindings
  • monitoring.dashboards.update
  • monitoring.groups.create
  • monitoring.groups.delete
  • monitoring.groups.get
  • monitoring.groups.list
  • monitoring.groups.update
  • monitoring.metricDescriptors.create
  • monitoring.metricDescriptors.delete
  • monitoring.metricDescriptors.get
  • monitoring.metricDescriptors.list
  • monitoring.metricsScopes.link
  • monitoring.monitoredResourceDescriptors.get
  • monitoring.monitoredResourceDescriptors.list
  • monitoring.notificationChannelDescriptors.get
  • monitoring.notificationChannelDescriptors.list
  • monitoring.notificationChannels.create
  • monitoring.notificationChannels.delete
  • monitoring.notificationChannels.get
  • monitoring.notificationChannels.getVerificationCode
  • monitoring.notificationChannels.list
  • monitoring.notificationChannels.sendVerificationCode
  • monitoring.notificationChannels.update
  • monitoring.notificationChannels.verify
  • monitoring.services.create
  • monitoring.services.delete
  • monitoring.services.get
  • monitoring.services.list
  • monitoring.services.update
  • monitoring.slos.create
  • monitoring.slos.delete
  • monitoring.slos.get
  • monitoring.slos.list
  • monitoring.slos.update
  • monitoring.snoozes.create
  • monitoring.snoozes.get
  • monitoring.snoozes.list
  • monitoring.snoozes.update
  • monitoring.timeSeries.create
  • monitoring.timeSeries.list
  • monitoring.uptimeCheckConfigs.create
  • monitoring.uptimeCheckConfigs.delete
  • monitoring.uptimeCheckConfigs.get
  • monitoring.uptimeCheckConfigs.list
  • monitoring.uptimeCheckConfigs.update

opsconfigmonitoring.*

  • opsconfigmonitoring.resourceMetadata.list
  • opsconfigmonitoring.resourceMetadata.write

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.*

  • serviceusage.consumerpolicy.analyze
  • serviceusage.consumerpolicy.get
  • serviceusage.consumerpolicy.update

serviceusage.effectivepolicy.get

serviceusage.groups.*

  • serviceusage.groups.list
  • serviceusage.groups.listExpandedMembers
  • serviceusage.groups.listMembers

serviceusage.services.enable

serviceusage.services.get

serviceusage.values.test

stackdriver.*

  • stackdriver.projects.edit
  • stackdriver.projects.get
  • stackdriver.resourceMetadata.list
  • stackdriver.resourceMetadata.write

telemetry.metrics.write

Monitoring AlertPolicy Editor

(roles/monitoring.alertPolicyEditor)

Read/write access to alerting policies.

monitoring.alertPolicies.*

  • monitoring.alertPolicies.create
  • monitoring.alertPolicies.createTagBinding
  • monitoring.alertPolicies.delete
  • monitoring.alertPolicies.deleteTagBinding
  • monitoring.alertPolicies.get
  • monitoring.alertPolicies.list
  • monitoring.alertPolicies.listEffectiveTags
  • monitoring.alertPolicies.listTagBindings
  • monitoring.alertPolicies.update

Monitoring AlertPolicy Viewer

(roles/monitoring.alertPolicyViewer)

Read-only access to alerting policies.

monitoring.alertPolicies.get

monitoring.alertPolicies.list

monitoring.alertPolicies.listEffectiveTags

monitoring.alertPolicies.listTagBindings

Monitoring Alert ViewerBeta

(roles/monitoring.alertViewer)

Read access to alerts.

monitoring.alerts.*

  • monitoring.alerts.get
  • monitoring.alerts.list

Monitoring Cloud Console Incident EditorBeta

(roles/monitoring.cloudConsoleIncidentEditor)

Read/write access to incidents from Cloud Console.

monitoring.alerts.*

  • monitoring.alerts.get
  • monitoring.alerts.list

Monitoring Cloud Console Incident ViewerBeta

(roles/monitoring.cloudConsoleIncidentViewer)

Read access to incidents from Cloud Console.

monitoring.alerts.*

  • monitoring.alerts.get
  • monitoring.alerts.list

Monitoring Dashboard Configuration Editor

(roles/monitoring.dashboardEditor)

Read/write access to dashboard configurations.

monitoring.dashboards.*

  • monitoring.dashboards.create
  • monitoring.dashboards.createTagBinding
  • monitoring.dashboards.delete
  • monitoring.dashboards.deleteTagBinding
  • monitoring.dashboards.get
  • monitoring.dashboards.list
  • monitoring.dashboards.listEffectiveTags
  • monitoring.dashboards.listTagBindings
  • monitoring.dashboards.update

Monitoring Dashboard Configuration Viewer

(roles/monitoring.dashboardViewer)

Read-only access to dashboard configurations.

monitoring.dashboards.get

monitoring.dashboards.list

monitoring.dashboards.listEffectiveTags

monitoring.dashboards.listTagBindings

Monitoring Editor

(roles/monitoring.editor)

Provides full access to information about all monitoring data andconfigurations.

Lowest-level resources where you can grant this role:

  • Project

cloudnotifications.activities.list

monitoring.alertPolicies.*

  • monitoring.alertPolicies.create
  • monitoring.alertPolicies.createTagBinding
  • monitoring.alertPolicies.delete
  • monitoring.alertPolicies.deleteTagBinding
  • monitoring.alertPolicies.get
  • monitoring.alertPolicies.list
  • monitoring.alertPolicies.listEffectiveTags
  • monitoring.alertPolicies.listTagBindings
  • monitoring.alertPolicies.update

monitoring.alerts.*

  • monitoring.alerts.get
  • monitoring.alerts.list

monitoring.dashboards.*

  • monitoring.dashboards.create
  • monitoring.dashboards.createTagBinding
  • monitoring.dashboards.delete
  • monitoring.dashboards.deleteTagBinding
  • monitoring.dashboards.get
  • monitoring.dashboards.list
  • monitoring.dashboards.listEffectiveTags
  • monitoring.dashboards.listTagBindings
  • monitoring.dashboards.update

monitoring.groups.*

  • monitoring.groups.create
  • monitoring.groups.delete
  • monitoring.groups.get
  • monitoring.groups.list
  • monitoring.groups.update

monitoring.metricDescriptors.*

  • monitoring.metricDescriptors.create
  • monitoring.metricDescriptors.delete
  • monitoring.metricDescriptors.get
  • monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

  • monitoring.monitoredResourceDescriptors.get
  • monitoring.monitoredResourceDescriptors.list

monitoring.notificationChannelDescriptors.*

  • monitoring.notificationChannelDescriptors.get
  • monitoring.notificationChannelDescriptors.list

monitoring.notificationChannels.create

monitoring.notificationChannels.delete

monitoring.notificationChannels.get

monitoring.notificationChannels.list

monitoring.notificationChannels.sendVerificationCode

monitoring.notificationChannels.update

monitoring.notificationChannels.verify

monitoring.services.*

  • monitoring.services.create
  • monitoring.services.delete
  • monitoring.services.get
  • monitoring.services.list
  • monitoring.services.update

monitoring.slos.*

  • monitoring.slos.create
  • monitoring.slos.delete
  • monitoring.slos.get
  • monitoring.slos.list
  • monitoring.slos.update

monitoring.snoozes.*

  • monitoring.snoozes.create
  • monitoring.snoozes.get
  • monitoring.snoozes.list
  • monitoring.snoozes.update

monitoring.timeSeries.*

  • monitoring.timeSeries.create
  • monitoring.timeSeries.list

monitoring.uptimeCheckConfigs.*

  • monitoring.uptimeCheckConfigs.create
  • monitoring.uptimeCheckConfigs.delete
  • monitoring.uptimeCheckConfigs.get
  • monitoring.uptimeCheckConfigs.list
  • monitoring.uptimeCheckConfigs.update

opsconfigmonitoring.*

  • opsconfigmonitoring.resourceMetadata.list
  • opsconfigmonitoring.resourceMetadata.write

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.*

  • serviceusage.consumerpolicy.analyze
  • serviceusage.consumerpolicy.get
  • serviceusage.consumerpolicy.update

serviceusage.effectivepolicy.get

serviceusage.groups.*

  • serviceusage.groups.list
  • serviceusage.groups.listExpandedMembers
  • serviceusage.groups.listMembers

serviceusage.services.enable

serviceusage.services.get

serviceusage.values.test

stackdriver.*

  • stackdriver.projects.edit
  • stackdriver.projects.get
  • stackdriver.resourceMetadata.list
  • stackdriver.resourceMetadata.write

telemetry.metrics.write

Monitoring Metric Writer

(roles/monitoring.metricWriter)

Provides write-only access to metrics. This provides exactly the permissionsneeded by the Cloud Monitoring agent and other systems that send metrics.

Lowest-level resources where you can grant this role:

  • Project

monitoring.metricDescriptors.create

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

  • monitoring.monitoredResourceDescriptors.get
  • monitoring.monitoredResourceDescriptors.list

monitoring.timeSeries.create

telemetry.metrics.write

Monitoring Metrics Scopes AdminBeta

(roles/monitoring.metricsScopesAdmin)

Access to add and remove monitored projects from metrics scopes.

monitoring.metricsScopes.link

resourcemanager.projects.get

resourcemanager.projects.list

Monitoring Metrics Scopes ViewerBeta

(roles/monitoring.metricsScopesViewer)

Read-only access to metrics scopes and their monitored projects.

resourcemanager.projects.get

resourcemanager.projects.list

Monitoring NotificationChannel EditorBeta

(roles/monitoring.notificationChannelEditor)

Read/write access to notification channels.

monitoring.notificationChannelDescriptors.*

  • monitoring.notificationChannelDescriptors.get
  • monitoring.notificationChannelDescriptors.list

monitoring.notificationChannels.create

monitoring.notificationChannels.delete

monitoring.notificationChannels.get

monitoring.notificationChannels.list

monitoring.notificationChannels.sendVerificationCode

monitoring.notificationChannels.update

monitoring.notificationChannels.verify

Monitoring NotificationChannel ViewerBeta

(roles/monitoring.notificationChannelViewer)

Read-only access to notification channels.

monitoring.notificationChannelDescriptors.*

  • monitoring.notificationChannelDescriptors.get
  • monitoring.notificationChannelDescriptors.list

monitoring.notificationChannels.get

monitoring.notificationChannels.list

Monitoring Service Agent

(roles/monitoring.notificationServiceAgent)

Grants permissions to deliver notifications directly to resources within the target project, such as delivering to Pub/Sub topics within the project.

Warning: Do not grant service agent roles to any principals exceptservice agents.

bigquery.jobs.create

cloudfunctions.functions.get

cloudtrace.traces.patch

logging.links.list

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

  • monitoring.monitoredResourceDescriptors.get
  • monitoring.monitoredResourceDescriptors.list

monitoring.timeSeries.list

run.routes.invoke

servicedirectory.networks.access

servicedirectory.services.resolve

serviceusage.services.use

Monitoring Services Editor

(roles/monitoring.servicesEditor)

Read/write access to services.

monitoring.services.*

  • monitoring.services.create
  • monitoring.services.delete
  • monitoring.services.get
  • monitoring.services.list
  • monitoring.services.update

monitoring.slos.*

  • monitoring.slos.create
  • monitoring.slos.delete
  • monitoring.slos.get
  • monitoring.slos.list
  • monitoring.slos.update

Monitoring Services Viewer

(roles/monitoring.servicesViewer)

Read-only access to services.

monitoring.services.get

monitoring.services.list

monitoring.slos.get

monitoring.slos.list

Monitoring Snooze Editor

(roles/monitoring.snoozeEditor)

monitoring.snoozes.*

  • monitoring.snoozes.create
  • monitoring.snoozes.get
  • monitoring.snoozes.list
  • monitoring.snoozes.update

Monitoring Snooze Viewer

(roles/monitoring.snoozeViewer)

monitoring.snoozes.get

monitoring.snoozes.list

Monitoring Uptime Check Configuration EditorBeta

(roles/monitoring.uptimeCheckConfigEditor)

Read/write access to uptime check configurations.

monitoring.uptimeCheckConfigs.*

  • monitoring.uptimeCheckConfigs.create
  • monitoring.uptimeCheckConfigs.delete
  • monitoring.uptimeCheckConfigs.get
  • monitoring.uptimeCheckConfigs.list
  • monitoring.uptimeCheckConfigs.update

Monitoring Uptime Check Configuration ViewerBeta

(roles/monitoring.uptimeCheckConfigViewer)

Read-only access to uptime check configurations.

monitoring.uptimeCheckConfigs.get

monitoring.uptimeCheckConfigs.list

Monitoring Viewer

(roles/monitoring.viewer)

Provides read-only access to get and list information about all monitoringdata and configurations.

Lowest-level resources where you can grant this role:

  • Project

cloudnotifications.activities.list

monitoring.alertPolicies.get

monitoring.alertPolicies.list

monitoring.alertPolicies.listEffectiveTags

monitoring.alertPolicies.listTagBindings

monitoring.alerts.*

  • monitoring.alerts.get
  • monitoring.alerts.list

monitoring.dashboards.get

monitoring.dashboards.list

monitoring.dashboards.listEffectiveTags

monitoring.dashboards.listTagBindings

monitoring.groups.get

monitoring.groups.list

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

  • monitoring.monitoredResourceDescriptors.get
  • monitoring.monitoredResourceDescriptors.list

monitoring.notificationChannelDescriptors.*

  • monitoring.notificationChannelDescriptors.get
  • monitoring.notificationChannelDescriptors.list

monitoring.notificationChannels.get

monitoring.notificationChannels.list

monitoring.services.get

monitoring.services.list

monitoring.slos.get

monitoring.slos.list

monitoring.snoozes.get

monitoring.snoozes.list

monitoring.timeSeries.list

monitoring.uptimeCheckConfigs.get

monitoring.uptimeCheckConfigs.list

opsconfigmonitoring.resourceMetadata.list

resourcemanager.projects.get

resourcemanager.projects.list

stackdriver.projects.get

stackdriver.resourceMetadata.list

Ops Config Monitoring Resource Metadata ViewerBeta

(roles/opsconfigmonitoring.resourceMetadata.viewer)

Read-only access to resource metadata.

opsconfigmonitoring.resourceMetadata.list

Ops Config Monitoring Resource Metadata WriterBeta

(roles/opsconfigmonitoring.resourceMetadata.writer)

Write-only access to resource metadata. This provides exactly the permissions needed by the Ops Config Monitoring metadata agent and other systems that send metadata.

opsconfigmonitoring.resourceMetadata.write

Stackdriver Accounts Editor

(roles/stackdriver.accounts.editor)

Read/write access to manage Stackdriver account structure.

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.*

  • serviceusage.consumerpolicy.analyze
  • serviceusage.consumerpolicy.get
  • serviceusage.consumerpolicy.update

serviceusage.effectivepolicy.get

serviceusage.groups.*

  • serviceusage.groups.list
  • serviceusage.groups.listExpandedMembers
  • serviceusage.groups.listMembers

serviceusage.services.enable

serviceusage.services.get

serviceusage.values.test

stackdriver.projects.*

  • stackdriver.projects.edit
  • stackdriver.projects.get

Stackdriver Accounts Viewer

(roles/stackdriver.accounts.viewer)

Read-only access to get and list information about Stackdriver account structure.

resourcemanager.projects.get

resourcemanager.projects.list

stackdriver.projects.get

Stackdriver Resource Metadata WriterBeta

(roles/stackdriver.resourceMetadata.writer)

Write-only access to resource metadata. This provides exactly the permissions needed by the Stackdriver metadata agent and other systems that send metadata.

stackdriver.resourceMetadata.write

Cloud Monitoring permissions

PermissionIncluded in roles

monitoring.alertPolicies.create

Owner (roles/owner)

Editor (roles/editor)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Monitoring Admin (roles/monitoring.admin)

Monitoring AlertPolicy Editor (roles/monitoring.alertPolicyEditor)

Monitoring Editor (roles/monitoring.editor)

Quota Administrator (roles/servicemanagement.quotaAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.alertPolicies.createTagBinding

Owner (roles/owner)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Monitoring Admin (roles/monitoring.admin)

Monitoring AlertPolicy Editor (roles/monitoring.alertPolicyEditor)

Monitoring Editor (roles/monitoring.editor)

Tag User (roles/resourcemanager.tagUser)

Quota Administrator (roles/servicemanagement.quotaAdmin)

monitoring.alertPolicies.delete

Owner (roles/owner)

Editor (roles/editor)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Monitoring Admin (roles/monitoring.admin)

Monitoring AlertPolicy Editor (roles/monitoring.alertPolicyEditor)

Monitoring Editor (roles/monitoring.editor)

Quota Administrator (roles/servicemanagement.quotaAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.alertPolicies.deleteTagBinding

Owner (roles/owner)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Monitoring Admin (roles/monitoring.admin)

Monitoring AlertPolicy Editor (roles/monitoring.alertPolicyEditor)

Monitoring Editor (roles/monitoring.editor)

Tag User (roles/resourcemanager.tagUser)

Quota Administrator (roles/servicemanagement.quotaAdmin)

monitoring.alertPolicies.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Hub Operator (roles/cloudhub.operator)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

ML Engineer (roles/iam.mlEngineer)

Network Administrator (roles/iam.networkAdmin)

Security Auditor (roles/iam.securityAuditor)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Support User (roles/iam.supportUser)

Monitoring Admin (roles/monitoring.admin)

Monitoring AlertPolicy Editor (roles/monitoring.alertPolicyEditor)

Monitoring AlertPolicy Viewer (roles/monitoring.alertPolicyViewer)

Monitoring Editor (roles/monitoring.editor)

Monitoring Viewer (roles/monitoring.viewer)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Quota Administrator (roles/servicemanagement.quotaAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.alertPolicies.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Hub Operator (roles/cloudhub.operator)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

ML Engineer (roles/iam.mlEngineer)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Support User (roles/iam.supportUser)

Monitoring Admin (roles/monitoring.admin)

Monitoring AlertPolicy Editor (roles/monitoring.alertPolicyEditor)

Monitoring AlertPolicy Viewer (roles/monitoring.alertPolicyViewer)

Monitoring Editor (roles/monitoring.editor)

Monitoring Viewer (roles/monitoring.viewer)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Quota Administrator (roles/servicemanagement.quotaAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.alertPolicies.listEffectiveTags

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Hub Operator (roles/cloudhub.operator)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

ML Engineer (roles/iam.mlEngineer)

Network Administrator (roles/iam.networkAdmin)

Security Auditor (roles/iam.securityAuditor)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Support User (roles/iam.supportUser)

Monitoring Admin (roles/monitoring.admin)

Monitoring AlertPolicy Editor (roles/monitoring.alertPolicyEditor)

Monitoring AlertPolicy Viewer (roles/monitoring.alertPolicyViewer)

Monitoring Editor (roles/monitoring.editor)

Monitoring Viewer (roles/monitoring.viewer)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Quota Administrator (roles/servicemanagement.quotaAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.alertPolicies.listTagBindings

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Hub Operator (roles/cloudhub.operator)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

ML Engineer (roles/iam.mlEngineer)

Network Administrator (roles/iam.networkAdmin)

Security Auditor (roles/iam.securityAuditor)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Support User (roles/iam.supportUser)

Monitoring Admin (roles/monitoring.admin)

Monitoring AlertPolicy Editor (roles/monitoring.alertPolicyEditor)

Monitoring AlertPolicy Viewer (roles/monitoring.alertPolicyViewer)

Monitoring Editor (roles/monitoring.editor)

Monitoring Viewer (roles/monitoring.viewer)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Quota Administrator (roles/servicemanagement.quotaAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.alertPolicies.update

Owner (roles/owner)

Editor (roles/editor)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Monitoring Admin (roles/monitoring.admin)

Monitoring AlertPolicy Editor (roles/monitoring.alertPolicyEditor)

Monitoring Editor (roles/monitoring.editor)

Quota Administrator (roles/servicemanagement.quotaAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.alerts.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Hub Operator (roles/cloudhub.operator)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

ML Engineer (roles/iam.mlEngineer)

Network Administrator (roles/iam.networkAdmin)

Security Auditor (roles/iam.securityAuditor)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Support User (roles/iam.supportUser)

Monitoring Admin (roles/monitoring.admin)

Monitoring Alert Viewer (roles/monitoring.alertViewer)

Monitoring Cloud Console Incident Editor (roles/monitoring.cloudConsoleIncidentEditor)

Monitoring Cloud Console Incident Viewer (roles/monitoring.cloudConsoleIncidentViewer)

Monitoring Editor (roles/monitoring.editor)

Monitoring Viewer (roles/monitoring.viewer)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.alerts.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Hub Operator (roles/cloudhub.operator)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

ML Engineer (roles/iam.mlEngineer)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Support User (roles/iam.supportUser)

Monitoring Admin (roles/monitoring.admin)

Monitoring Alert Viewer (roles/monitoring.alertViewer)

Monitoring Cloud Console Incident Editor (roles/monitoring.cloudConsoleIncidentEditor)

Monitoring Cloud Console Incident Viewer (roles/monitoring.cloudConsoleIncidentViewer)

Monitoring Editor (roles/monitoring.editor)

Monitoring Viewer (roles/monitoring.viewer)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.dashboards.create

Owner (roles/owner)

Editor (roles/editor)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Monitoring Admin (roles/monitoring.admin)

Monitoring Dashboard Configuration Editor (roles/monitoring.dashboardEditor)

Monitoring Editor (roles/monitoring.editor)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.dashboards.createTagBinding

Owner (roles/owner)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Monitoring Admin (roles/monitoring.admin)

Monitoring Dashboard Configuration Editor (roles/monitoring.dashboardEditor)

Monitoring Editor (roles/monitoring.editor)

Tag User (roles/resourcemanager.tagUser)

monitoring.dashboards.delete

Owner (roles/owner)

Editor (roles/editor)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Monitoring Admin (roles/monitoring.admin)

Monitoring Dashboard Configuration Editor (roles/monitoring.dashboardEditor)

Monitoring Editor (roles/monitoring.editor)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.dashboards.deleteTagBinding

Owner (roles/owner)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Monitoring Admin (roles/monitoring.admin)

Monitoring Dashboard Configuration Editor (roles/monitoring.dashboardEditor)

Monitoring Editor (roles/monitoring.editor)

Tag User (roles/resourcemanager.tagUser)

monitoring.dashboards.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Apigee Organization Admin (roles/apigee.admin)

Cloud API Hub Admin (roles/apihub.admin)

Cloud API hub Insights Viewer (roles/apihub.apiInsightsViewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Hub Operator (roles/cloudhub.operator)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

ML Engineer (roles/iam.mlEngineer)

Network Administrator (roles/iam.networkAdmin)

Security Auditor (roles/iam.securityAuditor)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Support User (roles/iam.supportUser)

Monitoring Admin (roles/monitoring.admin)

Monitoring Dashboard Configuration Editor (roles/monitoring.dashboardEditor)

Monitoring Dashboard Configuration Viewer (roles/monitoring.dashboardViewer)

Monitoring Editor (roles/monitoring.editor)

Monitoring Viewer (roles/monitoring.viewer)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.dashboards.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Apigee Organization Admin (roles/apigee.admin)

Cloud API Hub Admin (roles/apihub.admin)

Cloud API hub Insights Viewer (roles/apihub.apiInsightsViewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Hub Operator (roles/cloudhub.operator)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

ML Engineer (roles/iam.mlEngineer)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Support User (roles/iam.supportUser)

Monitoring Admin (roles/monitoring.admin)

Monitoring Dashboard Configuration Editor (roles/monitoring.dashboardEditor)

Monitoring Dashboard Configuration Viewer (roles/monitoring.dashboardViewer)

Monitoring Editor (roles/monitoring.editor)

Monitoring Viewer (roles/monitoring.viewer)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.dashboards.listEffectiveTags

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Hub Operator (roles/cloudhub.operator)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

ML Engineer (roles/iam.mlEngineer)

Network Administrator (roles/iam.networkAdmin)

Security Auditor (roles/iam.securityAuditor)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Support User (roles/iam.supportUser)

Monitoring Admin (roles/monitoring.admin)

Monitoring Dashboard Configuration Editor (roles/monitoring.dashboardEditor)

Monitoring Dashboard Configuration Viewer (roles/monitoring.dashboardViewer)

Monitoring Editor (roles/monitoring.editor)

Monitoring Viewer (roles/monitoring.viewer)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.dashboards.listTagBindings

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Hub Operator (roles/cloudhub.operator)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

ML Engineer (roles/iam.mlEngineer)

Network Administrator (roles/iam.networkAdmin)

Security Auditor (roles/iam.securityAuditor)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Support User (roles/iam.supportUser)

Monitoring Admin (roles/monitoring.admin)

Monitoring Dashboard Configuration Editor (roles/monitoring.dashboardEditor)

Monitoring Dashboard Configuration Viewer (roles/monitoring.dashboardViewer)

Monitoring Editor (roles/monitoring.editor)

Monitoring Viewer (roles/monitoring.viewer)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.dashboards.update

Owner (roles/owner)

Editor (roles/editor)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Monitoring Admin (roles/monitoring.admin)

Monitoring Dashboard Configuration Editor (roles/monitoring.dashboardEditor)

Monitoring Editor (roles/monitoring.editor)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.groups.create

Owner (roles/owner)

Editor (roles/editor)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.groups.delete

Owner (roles/owner)

Editor (roles/editor)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.groups.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Hub Operator (roles/cloudhub.operator)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

ML Engineer (roles/iam.mlEngineer)

Network Administrator (roles/iam.networkAdmin)

Security Auditor (roles/iam.securityAuditor)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Support User (roles/iam.supportUser)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring Viewer (roles/monitoring.viewer)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.groups.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Hub Operator (roles/cloudhub.operator)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

ML Engineer (roles/iam.mlEngineer)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Support User (roles/iam.supportUser)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring Viewer (roles/monitoring.viewer)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.groups.update

Owner (roles/owner)

Editor (roles/editor)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.metricDescriptors.create

Owner (roles/owner)

Editor (roles/editor)

Composer Worker (roles/composer.worker)

Kubernetes Engine Default Node Service Account (roles/container.defaultNodeServiceAccount)

Dataproc Worker (roles/dataproc.worker)

Firebase App Hosting Compute Runner (roles/firebaseapphosting.computeRunner)

Anthos Multi-cloud Telemetry Writer (roles/gkemulticloud.telemetryWriter)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring Metric Writer (roles/monitoring.metricWriter)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.metricDescriptors.delete

Owner (roles/owner)

Editor (roles/editor)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.metricDescriptors.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Apigee Organization Admin (roles/apigee.admin)

Cloud API Hub Admin (roles/apihub.admin)

Cloud API hub Insights Viewer (roles/apihub.apiInsightsViewer)

App Management Viewer (roles/apphub.appManagementViewer)

Bigtable Administrator (roles/bigtable.admin)

Bigtable Reader (roles/bigtable.reader)

Bigtable User (roles/bigtable.user)

Bigtable Viewer (roles/bigtable.viewer)

Cloud Hub Operator (roles/cloudhub.operator)

Composer Worker (roles/composer.worker)

Dataproc Worker (roles/dataproc.worker)

Firebase App Hosting Compute Runner (roles/firebaseapphosting.computeRunner)

Anthos Multi-cloud Telemetry Writer (roles/gkemulticloud.telemetryWriter)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

ML Engineer (roles/iam.mlEngineer)

Network Administrator (roles/iam.networkAdmin)

Security Auditor (roles/iam.securityAuditor)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Support User (roles/iam.supportUser)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring Metric Writer (roles/monitoring.metricWriter)

Monitoring Viewer (roles/monitoring.viewer)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.metricDescriptors.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

ApiGateway Admin (roles/apigateway.admin)

ApiGateway Viewer (roles/apigateway.viewer)

Apigee Organization Admin (roles/apigee.admin)

Cloud API Hub Admin (roles/apihub.admin)

Cloud API hub Insights Viewer (roles/apihub.apiInsightsViewer)

App Management Viewer (roles/apphub.appManagementViewer)

Bigtable Administrator (roles/bigtable.admin)

Bigtable Reader (roles/bigtable.reader)

Bigtable User (roles/bigtable.user)

Bigtable Viewer (roles/bigtable.viewer)

Cloud Hub Operator (roles/cloudhub.operator)

Composer Worker (roles/composer.worker)

Kubernetes Engine Default Node Service Account (roles/container.defaultNodeServiceAccount)

Dataproc Worker (roles/dataproc.worker)

Firebase App Hosting Compute Runner (roles/firebaseapphosting.computeRunner)

Anthos Multi-cloud Telemetry Writer (roles/gkemulticloud.telemetryWriter)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

ML Engineer (roles/iam.mlEngineer)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Support User (roles/iam.supportUser)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring Metric Writer (roles/monitoring.metricWriter)

Monitoring Viewer (roles/monitoring.viewer)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.metricsScopes.link

Owner (roles/owner)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Monitoring Admin (roles/monitoring.admin)

Monitoring Metrics Scopes Admin (roles/monitoring.metricsScopesAdmin)

Observability Scopes Editor (roles/observability.scopesEditor)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.monitoredResourceDescriptors.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

ApiGateway Admin (roles/apigateway.admin)

ApiGateway Viewer (roles/apigateway.viewer)

Apigee Organization Admin (roles/apigee.admin)

Cloud API Hub Admin (roles/apihub.admin)

Cloud API hub Insights Viewer (roles/apihub.apiInsightsViewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Hub Operator (roles/cloudhub.operator)

Composer Worker (roles/composer.worker)

Dataproc Worker (roles/dataproc.worker)

Firebase App Hosting Compute Runner (roles/firebaseapphosting.computeRunner)

Anthos Multi-cloud Telemetry Writer (roles/gkemulticloud.telemetryWriter)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

ML Engineer (roles/iam.mlEngineer)

Network Administrator (roles/iam.networkAdmin)

Security Auditor (roles/iam.securityAuditor)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Support User (roles/iam.supportUser)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring Metric Writer (roles/monitoring.metricWriter)

Monitoring Viewer (roles/monitoring.viewer)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.monitoredResourceDescriptors.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Apigee Organization Admin (roles/apigee.admin)

Cloud API Hub Admin (roles/apihub.admin)

Cloud API hub Insights Viewer (roles/apihub.apiInsightsViewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Hub Operator (roles/cloudhub.operator)

Composer Worker (roles/composer.worker)

Dataproc Worker (roles/dataproc.worker)

Firebase App Hosting Compute Runner (roles/firebaseapphosting.computeRunner)

Anthos Multi-cloud Telemetry Writer (roles/gkemulticloud.telemetryWriter)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

ML Engineer (roles/iam.mlEngineer)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Support User (roles/iam.supportUser)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring Metric Writer (roles/monitoring.metricWriter)

Monitoring Viewer (roles/monitoring.viewer)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.notificationChannelDescriptors.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Hub Operator (roles/cloudhub.operator)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

ML Engineer (roles/iam.mlEngineer)

Network Administrator (roles/iam.networkAdmin)

Security Auditor (roles/iam.securityAuditor)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Support User (roles/iam.supportUser)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring NotificationChannel Editor (roles/monitoring.notificationChannelEditor)

Monitoring NotificationChannel Viewer (roles/monitoring.notificationChannelViewer)

Monitoring Viewer (roles/monitoring.viewer)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.notificationChannelDescriptors.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Hub Operator (roles/cloudhub.operator)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

ML Engineer (roles/iam.mlEngineer)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Support User (roles/iam.supportUser)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring NotificationChannel Editor (roles/monitoring.notificationChannelEditor)

Monitoring NotificationChannel Viewer (roles/monitoring.notificationChannelViewer)

Monitoring Viewer (roles/monitoring.viewer)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.notificationChannels.create

Owner (roles/owner)

Editor (roles/editor)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring NotificationChannel Editor (roles/monitoring.notificationChannelEditor)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.notificationChannels.delete

Owner (roles/owner)

Editor (roles/editor)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring NotificationChannel Editor (roles/monitoring.notificationChannelEditor)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.notificationChannels.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Hub Operator (roles/cloudhub.operator)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

ML Engineer (roles/iam.mlEngineer)

Network Administrator (roles/iam.networkAdmin)

Security Auditor (roles/iam.securityAuditor)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Support User (roles/iam.supportUser)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring NotificationChannel Editor (roles/monitoring.notificationChannelEditor)

Monitoring NotificationChannel Viewer (roles/monitoring.notificationChannelViewer)

Monitoring Viewer (roles/monitoring.viewer)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.notificationChannels.getVerificationCode

Owner (roles/owner)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Monitoring Admin (roles/monitoring.admin)

monitoring.notificationChannels.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Hub Operator (roles/cloudhub.operator)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

ML Engineer (roles/iam.mlEngineer)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Support User (roles/iam.supportUser)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring NotificationChannel Editor (roles/monitoring.notificationChannelEditor)

Monitoring NotificationChannel Viewer (roles/monitoring.notificationChannelViewer)

Monitoring Viewer (roles/monitoring.viewer)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.notificationChannels.sendVerificationCode

Owner (roles/owner)

Editor (roles/editor)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring NotificationChannel Editor (roles/monitoring.notificationChannelEditor)

monitoring.notificationChannels.update

Owner (roles/owner)

Editor (roles/editor)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring NotificationChannel Editor (roles/monitoring.notificationChannelEditor)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.notificationChannels.verify

Owner (roles/owner)

Editor (roles/editor)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring NotificationChannel Editor (roles/monitoring.notificationChannelEditor)

monitoring.services.create

Owner (roles/owner)

Editor (roles/editor)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring Services Editor (roles/monitoring.servicesEditor)

monitoring.services.delete

Owner (roles/owner)

Editor (roles/editor)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring Services Editor (roles/monitoring.servicesEditor)

monitoring.services.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Hub Operator (roles/cloudhub.operator)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

ML Engineer (roles/iam.mlEngineer)

Network Administrator (roles/iam.networkAdmin)

Security Auditor (roles/iam.securityAuditor)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Support User (roles/iam.supportUser)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring Services Editor (roles/monitoring.servicesEditor)

Monitoring Services Viewer (roles/monitoring.servicesViewer)

Monitoring Viewer (roles/monitoring.viewer)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.services.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Hub Operator (roles/cloudhub.operator)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

ML Engineer (roles/iam.mlEngineer)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Support User (roles/iam.supportUser)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring Services Editor (roles/monitoring.servicesEditor)

Monitoring Services Viewer (roles/monitoring.servicesViewer)

Monitoring Viewer (roles/monitoring.viewer)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.services.update

Owner (roles/owner)

Editor (roles/editor)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring Services Editor (roles/monitoring.servicesEditor)

monitoring.slos.create

Owner (roles/owner)

Editor (roles/editor)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring Services Editor (roles/monitoring.servicesEditor)

monitoring.slos.delete

Owner (roles/owner)

Editor (roles/editor)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring Services Editor (roles/monitoring.servicesEditor)

monitoring.slos.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Hub Operator (roles/cloudhub.operator)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

ML Engineer (roles/iam.mlEngineer)

Network Administrator (roles/iam.networkAdmin)

Security Auditor (roles/iam.securityAuditor)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Support User (roles/iam.supportUser)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring Services Editor (roles/monitoring.servicesEditor)

Monitoring Services Viewer (roles/monitoring.servicesViewer)

Monitoring Viewer (roles/monitoring.viewer)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.slos.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Hub Operator (roles/cloudhub.operator)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

ML Engineer (roles/iam.mlEngineer)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Support User (roles/iam.supportUser)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring Services Editor (roles/monitoring.servicesEditor)

Monitoring Services Viewer (roles/monitoring.servicesViewer)

Monitoring Viewer (roles/monitoring.viewer)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.slos.update

Owner (roles/owner)

Editor (roles/editor)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring Services Editor (roles/monitoring.servicesEditor)

monitoring.snoozes.create

Owner (roles/owner)

Editor (roles/editor)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring Snooze Editor (roles/monitoring.snoozeEditor)

monitoring.snoozes.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Hub Operator (roles/cloudhub.operator)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

ML Engineer (roles/iam.mlEngineer)

Network Administrator (roles/iam.networkAdmin)

Security Auditor (roles/iam.securityAuditor)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Support User (roles/iam.supportUser)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring Snooze Editor (roles/monitoring.snoozeEditor)

Monitoring Snooze Viewer (roles/monitoring.snoozeViewer)

Monitoring Viewer (roles/monitoring.viewer)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.snoozes.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Hub Operator (roles/cloudhub.operator)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

ML Engineer (roles/iam.mlEngineer)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Support User (roles/iam.supportUser)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring Snooze Editor (roles/monitoring.snoozeEditor)

Monitoring Snooze Viewer (roles/monitoring.snoozeViewer)

Monitoring Viewer (roles/monitoring.viewer)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.snoozes.update

Owner (roles/owner)

Editor (roles/editor)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring Snooze Editor (roles/monitoring.snoozeEditor)

monitoring.timeSeries.create

Owner (roles/owner)

Editor (roles/editor)

AlloyDB Client (roles/alloydb.client)

Bigtable Administrator (roles/bigtable.admin)

Bigtable Reader (roles/bigtable.reader)

Bigtable User (roles/bigtable.user)

Environment and Storage Object Administrator (roles/composer.environmentAndStorageObjectAdmin)

Composer Worker (roles/composer.worker)

Kubernetes Engine Default Node Service Account (roles/container.defaultNodeServiceAccount)

Dataflow Worker (roles/dataflow.worker)

Dataproc Worker (roles/dataproc.worker)

Application Design Center Admin (roles/designcenter.admin)

Application Design Center User (roles/designcenter.user)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Firebase Admin (roles/firebase.admin)

Firebase Develop Admin (roles/firebase.developAdmin)

Firebase Admin SDK Administrator Service Agent (roles/firebase.sdkAdminServiceAgent)

Firebase App Hosting Compute Runner (roles/firebaseapphosting.computeRunner)

Anthos Multi-cloud Telemetry Writer (roles/gkemulticloud.telemetryWriter)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

ML Engineer (roles/iam.mlEngineer)

Network Administrator (roles/iam.networkAdmin)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring Metric Writer (roles/monitoring.metricWriter)

Cloud Spanner Admin (roles/spanner.admin)

Cloud Spanner Database Admin (roles/spanner.databaseAdmin)

Cloud Spanner Database Reader (roles/spanner.databaseReader)

Cloud Spanner Database Reader with DataBoost (roles/spanner.databaseReaderWithDataBoost)

Cloud Spanner Database User (roles/spanner.databaseUser)

Storage Admin (roles/storage.admin)

Storage Object Admin (roles/storage.objectAdmin)

Storage Object User (roles/storage.objectUser)

Storage Transfer Agent (roles/storagetransfer.transferAgent)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.timeSeries.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

ApiGateway Admin (roles/apigateway.admin)

ApiGateway Viewer (roles/apigateway.viewer)

Apigee Organization Admin (roles/apigee.admin)

Apigee Read-only Admin (roles/apigee.readOnlyAdmin)

App Management Viewer (roles/apphub.appManagementViewer)

Bigtable Administrator (roles/bigtable.admin)

Bigtable Reader (roles/bigtable.reader)

Bigtable User (roles/bigtable.user)

Bigtable Viewer (roles/bigtable.viewer)

Capacity Planner Usage Viewer (roles/capacityplanner.viewer)

Cloud Hub Operator (roles/cloudhub.operator)

Cloud Quotas Admin (roles/cloudquotas.admin)

Cloud SQL Admin (roles/cloudsql.admin)

Cloud SQL Editor (roles/cloudsql.editor)

Cloud SQL Viewer (roles/cloudsql.viewer)

Cloud Tasks Admin (roles/cloudtasks.admin)

Cloud Tasks Viewer (roles/cloudtasks.viewer)

Composer Worker (roles/composer.worker)

Cloud Infrastructure Manager Agent (roles/config.agent)

Kubernetes Engine Default Node Service Account (roles/container.defaultNodeServiceAccount)

Firebase Admin (roles/firebase.admin)

Firebase Develop Admin (roles/firebase.developAdmin)

Firebase Develop Viewer (roles/firebase.developViewer)

Firebase Grow Admin (roles/firebase.growthAdmin)

Firebase Grow Viewer (roles/firebase.growthViewer)

Firebase Quality Admin (roles/firebase.qualityAdmin)

Firebase Quality Viewer (roles/firebase.qualityViewer)

Firebase Viewer (roles/firebase.viewer)

Fleet Project-level Scope Editor (roles/gkehub.scopeEditorProjectLevel)

Fleet Project-level Scope Viewer (roles/gkehub.scopeViewerProjectLevel)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

ML Engineer (roles/iam.mlEngineer)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Support User (roles/iam.supportUser)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring Viewer (roles/monitoring.viewer)

Service Extensions Admin (roles/networkservices.serviceExtensionsAdmin)

Service Extensions Viewer (roles/networkservices.serviceExtensionsViewer)

reCAPTCHA Enterprise Admin (roles/recaptchaenterprise.admin)

reCAPTCHA Enterprise Viewer (roles/recaptchaenterprise.viewer)

Firewall Recommender Admin (roles/recommender.firewallAdmin)

Firewall Recommender Viewer (roles/recommender.firewallViewer)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Service Management Administrator (roles/servicemanagement.admin)

Quota Administrator (roles/servicemanagement.quotaAdmin)

Quota Viewer (roles/servicemanagement.quotaViewer)

Service Usage Admin (roles/serviceusage.serviceUsageAdmin)

Service Usage Consumer (roles/serviceusage.serviceUsageConsumer)

Service Usage Viewer (roles/serviceusage.serviceUsageViewer)

Cloud Spanner Admin (roles/spanner.admin)

Cloud Spanner Backup Admin (roles/spanner.backupAdmin)

Cloud Spanner Database Admin (roles/spanner.databaseAdmin)

Cloud Spanner Restore Admin (roles/spanner.restoreAdmin)

Cloud Spanner Viewer (roles/spanner.viewer)

Telco Automation Admin (roles/telcoautomation.admin)

Workload Manager Admin (roles/workloadmanager.admin)

Workload Manager Deployment Admin (roles/workloadmanager.deploymentAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.uptimeCheckConfigs.create

Owner (roles/owner)

Editor (roles/editor)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring Uptime Check Configuration Editor (roles/monitoring.uptimeCheckConfigEditor)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.uptimeCheckConfigs.delete

Owner (roles/owner)

Editor (roles/editor)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring Uptime Check Configuration Editor (roles/monitoring.uptimeCheckConfigEditor)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.uptimeCheckConfigs.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Hub Operator (roles/cloudhub.operator)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

ML Engineer (roles/iam.mlEngineer)

Network Administrator (roles/iam.networkAdmin)

Security Auditor (roles/iam.securityAuditor)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Support User (roles/iam.supportUser)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring Uptime Check Configuration Editor (roles/monitoring.uptimeCheckConfigEditor)

Monitoring Uptime Check Configuration Viewer (roles/monitoring.uptimeCheckConfigViewer)

Monitoring Viewer (roles/monitoring.viewer)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.uptimeCheckConfigs.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Hub Operator (roles/cloudhub.operator)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

ML Engineer (roles/iam.mlEngineer)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Support User (roles/iam.supportUser)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring Uptime Check Configuration Editor (roles/monitoring.uptimeCheckConfigEditor)

Monitoring Uptime Check Configuration Viewer (roles/monitoring.uptimeCheckConfigViewer)

Monitoring Viewer (roles/monitoring.viewer)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

monitoring.uptimeCheckConfigs.update

Owner (roles/owner)

Editor (roles/editor)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring Uptime Check Configuration Editor (roles/monitoring.uptimeCheckConfigEditor)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

opsconfigmonitoring.resourceMetadata.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Hub Operator (roles/cloudhub.operator)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

ML Engineer (roles/iam.mlEngineer)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Support User (roles/iam.supportUser)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring Viewer (roles/monitoring.viewer)

Ops Config Monitoring Resource Metadata Viewer (roles/opsconfigmonitoring.resourceMetadata.viewer)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

opsconfigmonitoring.resourceMetadata.write

Owner (roles/owner)

Editor (roles/editor)

Anthos Multi-cloud Telemetry Writer (roles/gkemulticloud.telemetryWriter)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Ops Config Monitoring Resource Metadata Writer (roles/opsconfigmonitoring.resourceMetadata.writer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

stackdriver.projects.edit

Owner (roles/owner)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Stackdriver Accounts Editor (roles/stackdriver.accounts.editor)

stackdriver.projects.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Hub Operator (roles/cloudhub.operator)

Error Reporting Admin (roles/errorreporting.admin)

Error Reporting User (roles/errorreporting.user)

Error Reporting Viewer (roles/errorreporting.viewer)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

ML Engineer (roles/iam.mlEngineer)

Network Administrator (roles/iam.networkAdmin)

Security Auditor (roles/iam.securityAuditor)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Support User (roles/iam.supportUser)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring Viewer (roles/monitoring.viewer)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Stackdriver Accounts Editor (roles/stackdriver.accounts.editor)

Stackdriver Accounts Viewer (roles/stackdriver.accounts.viewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

stackdriver.resourceMetadata.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Hub Operator (roles/cloudhub.operator)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

ML Engineer (roles/iam.mlEngineer)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Support User (roles/iam.supportUser)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Monitoring Viewer (roles/monitoring.viewer)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

stackdriver.resourceMetadata.write

Owner (roles/owner)

Editor (roles/editor)

Data Scientist (roles/iam.dataScientist)

Databases Admin (roles/iam.databasesAdmin)

Dev Ops (roles/iam.devOps)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Site Reliability Engineer (roles/iam.siteReliabilityEngineer)

Monitoring Admin (roles/monitoring.admin)

Monitoring Editor (roles/monitoring.editor)

Stackdriver Resource Metadata Writer (roles/stackdriver.resourceMetadata.writer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-12-16 UTC.