Service Directory roles and permissions

This page lists the IAM roles and permissions for Service Directory. Tosearch through all roles and permissions, see therole andpermission index.

Service Directory roles

RolePermissions

Service Directory Admin

(roles/servicedirectory.admin)

Full control of all Service Directory resources and permissions.

resourcemanager.projects.get

resourcemanager.projects.list

servicedirectory.endpoints.*

  • servicedirectory.endpoints.create
  • servicedirectory.endpoints.delete
  • servicedirectory.endpoints.get
  • servicedirectory.endpoints.getIamPolicy
  • servicedirectory.endpoints.list
  • servicedirectory.endpoints.setIamPolicy
  • servicedirectory.endpoints.update

servicedirectory.locations.*

  • servicedirectory.locations.get
  • servicedirectory.locations.list

servicedirectory.namespaces.*

  • servicedirectory.namespaces.associatePrivateZone
  • servicedirectory.namespaces.create
  • servicedirectory.namespaces.delete
  • servicedirectory.namespaces.get
  • servicedirectory.namespaces.getIamPolicy
  • servicedirectory.namespaces.list
  • servicedirectory.namespaces.setIamPolicy
  • servicedirectory.namespaces.update

servicedirectory.networks.attach

servicedirectory.services.*

  • servicedirectory.services.bind
  • servicedirectory.services.create
  • servicedirectory.services.delete
  • servicedirectory.services.get
  • servicedirectory.services.getIamPolicy
  • servicedirectory.services.list
  • servicedirectory.services.resolve
  • servicedirectory.services.setIamPolicy
  • servicedirectory.services.update

Service Directory Editor

(roles/servicedirectory.editor)

Edit Service Directory resources.

resourcemanager.projects.get

resourcemanager.projects.list

servicedirectory.endpoints.create

servicedirectory.endpoints.delete

servicedirectory.endpoints.get

servicedirectory.endpoints.getIamPolicy

servicedirectory.endpoints.list

servicedirectory.endpoints.update

servicedirectory.locations.*

  • servicedirectory.locations.get
  • servicedirectory.locations.list

servicedirectory.namespaces.associatePrivateZone

servicedirectory.namespaces.create

servicedirectory.namespaces.delete

servicedirectory.namespaces.get

servicedirectory.namespaces.getIamPolicy

servicedirectory.namespaces.list

servicedirectory.namespaces.update

servicedirectory.networks.attach

servicedirectory.services.bind

servicedirectory.services.create

servicedirectory.services.delete

servicedirectory.services.get

servicedirectory.services.getIamPolicy

servicedirectory.services.list

servicedirectory.services.resolve

servicedirectory.services.update

Service Directory Network Attacher

(roles/servicedirectory.networkAttacher)

Gives access to attach VPC Networks to Service Directory Endpoints

resourcemanager.projects.get

resourcemanager.projects.list

servicedirectory.networks.attach

Private Service Connect Authorized Service

(roles/servicedirectory.pscAuthorizedService)

Gives access to VPC Networks via Service Directory

resourcemanager.projects.get

resourcemanager.projects.list

servicedirectory.networks.access

Service Directory Service Agent

(roles/servicedirectory.serviceAgent)

Give the Service Directory service agent access to Cloud Platform resources.

Warning: Do not grant service agent roles to any principals exceptservice agents.

container.clusters.get

gkehub.features.get

gkehub.gateway.delete

gkehub.gateway.generateCredentials

gkehub.gateway.get

gkehub.gateway.patch

gkehub.gateway.post

gkehub.gateway.put

gkehub.locations.*

  • gkehub.locations.get
  • gkehub.locations.list

gkehub.memberships.get

gkehub.memberships.list

resourcemanager.projects.get

resourcemanager.projects.list

servicedirectory.endpoints.create

servicedirectory.endpoints.delete

servicedirectory.endpoints.get

servicedirectory.endpoints.getIamPolicy

servicedirectory.endpoints.list

servicedirectory.endpoints.update

servicedirectory.locations.*

  • servicedirectory.locations.get
  • servicedirectory.locations.list

servicedirectory.namespaces.associatePrivateZone

servicedirectory.namespaces.create

servicedirectory.namespaces.delete

servicedirectory.namespaces.get

servicedirectory.namespaces.getIamPolicy

servicedirectory.namespaces.list

servicedirectory.namespaces.update

servicedirectory.networks.attach

servicedirectory.services.bind

servicedirectory.services.create

servicedirectory.services.delete

servicedirectory.services.get

servicedirectory.services.getIamPolicy

servicedirectory.services.list

servicedirectory.services.resolve

servicedirectory.services.update

Service Directory Viewer

(roles/servicedirectory.viewer)

View Service Directory resources.

resourcemanager.projects.get

resourcemanager.projects.list

servicedirectory.endpoints.get

servicedirectory.endpoints.getIamPolicy

servicedirectory.endpoints.list

servicedirectory.locations.*

  • servicedirectory.locations.get
  • servicedirectory.locations.list

servicedirectory.namespaces.get

servicedirectory.namespaces.getIamPolicy

servicedirectory.namespaces.list

servicedirectory.services.get

servicedirectory.services.getIamPolicy

servicedirectory.services.list

servicedirectory.services.resolve

Service Directory permissions

PermissionIncluded in roles

servicedirectory.endpoints.create

Owner (roles/owner)

Editor (roles/editor)

Service Directory Admin (roles/servicedirectory.admin)

Service Directory Editor (roles/servicedirectory.editor)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

servicedirectory.endpoints.delete

Owner (roles/owner)

Editor (roles/editor)

Service Directory Admin (roles/servicedirectory.admin)

Service Directory Editor (roles/servicedirectory.editor)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

servicedirectory.endpoints.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

Service Directory Admin (roles/servicedirectory.admin)

Service Directory Editor (roles/servicedirectory.editor)

Service Directory Viewer (roles/servicedirectory.viewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

servicedirectory.endpoints.getIamPolicy

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Service Directory Admin (roles/servicedirectory.admin)

Service Directory Editor (roles/servicedirectory.editor)

Service Directory Viewer (roles/servicedirectory.viewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

servicedirectory.endpoints.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Service Directory Admin (roles/servicedirectory.admin)

Service Directory Editor (roles/servicedirectory.editor)

Service Directory Viewer (roles/servicedirectory.viewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

servicedirectory.endpoints.setIamPolicy

Owner (roles/owner)

Security Admin (roles/iam.securityAdmin)

Service Directory Admin (roles/servicedirectory.admin)

servicedirectory.endpoints.update

Owner (roles/owner)

Editor (roles/editor)

Service Directory Admin (roles/servicedirectory.admin)

Service Directory Editor (roles/servicedirectory.editor)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

servicedirectory.locations.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

Service Directory Admin (roles/servicedirectory.admin)

Service Directory Editor (roles/servicedirectory.editor)

Service Directory Viewer (roles/servicedirectory.viewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

servicedirectory.locations.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Service Directory Admin (roles/servicedirectory.admin)

Service Directory Editor (roles/servicedirectory.editor)

Service Directory Viewer (roles/servicedirectory.viewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

servicedirectory.namespaces.associatePrivateZone

Owner (roles/owner)

Editor (roles/editor)

Service Directory Admin (roles/servicedirectory.admin)

Service Directory Editor (roles/servicedirectory.editor)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

servicedirectory.namespaces.create

Owner (roles/owner)

Editor (roles/editor)

Compute Network Admin (roles/compute.networkAdmin)

Compute Peer Subnet Migration Admin (roles/compute.peerSubnetMigrationAdmin)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Service Directory Admin (roles/servicedirectory.admin)

Service Directory Editor (roles/servicedirectory.editor)

Cloud Workstations Network Admin (roles/workstations.networkAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

servicedirectory.namespaces.delete

Owner (roles/owner)

Editor (roles/editor)

Compute Network Admin (roles/compute.networkAdmin)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Service Directory Admin (roles/servicedirectory.admin)

Service Directory Editor (roles/servicedirectory.editor)

Cloud Workstations Network Admin (roles/workstations.networkAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

servicedirectory.namespaces.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

Service Directory Admin (roles/servicedirectory.admin)

Service Directory Editor (roles/servicedirectory.editor)

Service Directory Viewer (roles/servicedirectory.viewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

servicedirectory.namespaces.getIamPolicy

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Service Directory Admin (roles/servicedirectory.admin)

Service Directory Editor (roles/servicedirectory.editor)

Service Directory Viewer (roles/servicedirectory.viewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

servicedirectory.namespaces.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Service Directory Admin (roles/servicedirectory.admin)

Service Directory Editor (roles/servicedirectory.editor)

Service Directory Viewer (roles/servicedirectory.viewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

servicedirectory.namespaces.setIamPolicy

Owner (roles/owner)

Security Admin (roles/iam.securityAdmin)

Service Directory Admin (roles/servicedirectory.admin)

servicedirectory.namespaces.update

Owner (roles/owner)

Editor (roles/editor)

Service Directory Admin (roles/servicedirectory.admin)

Service Directory Editor (roles/servicedirectory.editor)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

servicedirectory.networks.access

Private Service Connect Authorized Service (roles/servicedirectory.pscAuthorizedService)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

servicedirectory.networks.attach

Owner (roles/owner)

Editor (roles/editor)

Service Directory Admin (roles/servicedirectory.admin)

Service Directory Editor (roles/servicedirectory.editor)

Service Directory Network Attacher (roles/servicedirectory.networkAttacher)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

servicedirectory.services.bind

Owner (roles/owner)

Editor (roles/editor)

Service Directory Admin (roles/servicedirectory.admin)

Service Directory Editor (roles/servicedirectory.editor)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

servicedirectory.services.create

Owner (roles/owner)

Editor (roles/editor)

Compute Network Admin (roles/compute.networkAdmin)

Compute Peer Subnet Migration Admin (roles/compute.peerSubnetMigrationAdmin)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Service Directory Admin (roles/servicedirectory.admin)

Service Directory Editor (roles/servicedirectory.editor)

Cloud Workstations Network Admin (roles/workstations.networkAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

servicedirectory.services.delete

Owner (roles/owner)

Editor (roles/editor)

Compute Network Admin (roles/compute.networkAdmin)

Compute Peer Subnet Migration Admin (roles/compute.peerSubnetMigrationAdmin)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Service Directory Admin (roles/servicedirectory.admin)

Service Directory Editor (roles/servicedirectory.editor)

Cloud Workstations Network Admin (roles/workstations.networkAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

servicedirectory.services.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

Service Directory Admin (roles/servicedirectory.admin)

Service Directory Editor (roles/servicedirectory.editor)

Service Directory Viewer (roles/servicedirectory.viewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

servicedirectory.services.getIamPolicy

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Service Directory Admin (roles/servicedirectory.admin)

Service Directory Editor (roles/servicedirectory.editor)

Service Directory Viewer (roles/servicedirectory.viewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

servicedirectory.services.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Service Directory Admin (roles/servicedirectory.admin)

Service Directory Editor (roles/servicedirectory.editor)

Service Directory Viewer (roles/servicedirectory.viewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

servicedirectory.services.resolve

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

Service Directory Admin (roles/servicedirectory.admin)

Service Directory Editor (roles/servicedirectory.editor)

Service Directory Viewer (roles/servicedirectory.viewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

servicedirectory.services.setIamPolicy

Owner (roles/owner)

Security Admin (roles/iam.securityAdmin)

Service Directory Admin (roles/servicedirectory.admin)

servicedirectory.services.update

Owner (roles/owner)

Editor (roles/editor)

Service Directory Admin (roles/servicedirectory.admin)

Service Directory Editor (roles/servicedirectory.editor)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2026-02-19 UTC.