Compute Engine roles and permissions

This page lists the IAM roles and permissions for Compute Engine. Tosearch through all roles and permissions, see therole andpermission index.

Compute Engine roles

Role Permissions

Role	Permissions
Compute Admin (`roles/compute.admin`) Full control of all Compute Engine resources. If the user will be managing virtual machine instances that are configuredto run as a service account, you must also grant the`roles/iam.serviceAccountUser` role. Lowest-level resources where you can grant this role: Disk Image Instance Instance template Node group Node template Snapshot	`backupdr.backupPlanAssociations.createForComputeDisk` `backupdr.backupPlanAssociations.createForComputeInstance` `backupdr.backupPlanAssociations.deleteForComputeDisk` `backupdr.backupPlanAssociations.deleteForComputeInstance` `backupdr.backupPlanAssociations.fetchForComputeDisk` `backupdr.backupPlanAssociations.getForComputeDisk` `backupdr.backupPlanAssociations.list` `backupdr.backupPlanAssociations.triggerBackupForComputeDisk` `backupdr.backupPlanAssociations.triggerBackupForComputeInstance` `backupdr.backupPlanAssociations.updateForComputeDisk` `backupdr.backupPlanAssociations.updateForComputeInstance` `backupdr.backupPlans.get` `backupdr.backupPlans.list` `backupdr.backupPlans.useForComputeDisk` `backupdr.backupPlans.useForComputeInstance` `backupdr.backupVaults.get` `backupdr.backupVaults.list` `backupdr.locations.list` `backupdr.operations.get` `backupdr.operations.list` `backupdr.serviceConfig.initialize` `cloudkms.keyHandles.` `cloudkms.keyHandles.create` `cloudkms.keyHandles.get` `cloudkms.keyHandles.list` `cloudkms.operations.get` `cloudkms.projects.showEffectiveAutokeyConfig` `compute.` `compute.acceleratorTypes.get` `compute.acceleratorTypes.list` `compute.addresses.create` `compute.addresses.createInternal` `compute.addresses.createTagBinding` `compute.addresses.delete` `compute.addresses.deleteInternal` `compute.addresses.deleteTagBinding` `compute.addresses.get` `compute.addresses.list` `compute.addresses.listEffectiveTags` `compute.addresses.listTagBindings` `compute.addresses.setLabels` `compute.addresses.use` `compute.addresses.useInternal` `compute.advice.calendarMode` `compute.autoscalers.create` `compute.autoscalers.delete` `compute.autoscalers.get` `compute.autoscalers.list` `compute.autoscalers.update` `compute.backendBuckets.addSignedUrlKey` `compute.backendBuckets.create` `compute.backendBuckets.createTagBinding` `compute.backendBuckets.delete` `compute.backendBuckets.deleteSignedUrlKey` `compute.backendBuckets.deleteTagBinding` `compute.backendBuckets.get` `compute.backendBuckets.getIamPolicy` `compute.backendBuckets.list` `compute.backendBuckets.listEffectiveTags` `compute.backendBuckets.listTagBindings` `compute.backendBuckets.setIamPolicy` `compute.backendBuckets.setSecurityPolicy` `compute.backendBuckets.update` `compute.backendBuckets.use` `compute.backendServices.addSignedUrlKey` `compute.backendServices.create` `compute.backendServices.createTagBinding` `compute.backendServices.delete` `compute.backendServices.deleteSignedUrlKey` `compute.backendServices.deleteTagBinding` `compute.backendServices.get` `compute.backendServices.getIamPolicy` `compute.backendServices.list` `compute.backendServices.listEffectiveTags` `compute.backendServices.listTagBindings` `compute.backendServices.setIamPolicy` `compute.backendServices.setSecurityPolicy` `compute.backendServices.update` `compute.backendServices.use` `compute.commitments.create` `compute.commitments.get` `compute.commitments.list` `compute.commitments.update` `compute.commitments.updateReservations` `compute.crossSiteNetworks.create` `compute.crossSiteNetworks.delete` `compute.crossSiteNetworks.get` `compute.crossSiteNetworks.list` `compute.crossSiteNetworks.update` `compute.diskSettings.get` `compute.diskSettings.update` `compute.diskTypes.get` `compute.diskTypes.list` `compute.disks.addResourcePolicies` `compute.disks.create` `compute.disks.createSnapshot` `compute.disks.createTagBinding` `compute.disks.delete` `compute.disks.deleteTagBinding` `compute.disks.get` `compute.disks.getIamPolicy` `compute.disks.list` `compute.disks.listEffectiveTags` `compute.disks.listTagBindings` `compute.disks.removeResourcePolicies` `compute.disks.resize` `compute.disks.setIamPolicy` `compute.disks.setLabels` `compute.disks.startAsyncReplication` `compute.disks.stopAsyncReplication` `compute.disks.stopGroupAsyncReplication` `compute.disks.update` `compute.disks.updateKmsKey` `compute.disks.use` `compute.disks.useReadOnly` `compute.externalVpnGateways.create` `compute.externalVpnGateways.createTagBinding` `compute.externalVpnGateways.delete` `compute.externalVpnGateways.deleteTagBinding` `compute.externalVpnGateways.get` `compute.externalVpnGateways.list` `compute.externalVpnGateways.listEffectiveTags` `compute.externalVpnGateways.listTagBindings` `compute.externalVpnGateways.setLabels` `compute.externalVpnGateways.use` `compute.firewallPolicies.cloneRules` `compute.firewallPolicies.copyRules` `compute.firewallPolicies.create` `compute.firewallPolicies.createTagBinding` `compute.firewallPolicies.delete` `compute.firewallPolicies.deleteTagBinding` `compute.firewallPolicies.get` `compute.firewallPolicies.getIamPolicy` `compute.firewallPolicies.list` `compute.firewallPolicies.listEffectiveTags` `compute.firewallPolicies.listTagBindings` `compute.firewallPolicies.move` `compute.firewallPolicies.setIamPolicy` `compute.firewallPolicies.update` `compute.firewallPolicies.use` `compute.firewalls.create` `compute.firewalls.createTagBinding` `compute.firewalls.delete` `compute.firewalls.deleteTagBinding` `compute.firewalls.get` `compute.firewalls.list` `compute.firewalls.listEffectiveTags` `compute.firewalls.listTagBindings` `compute.firewalls.update` `compute.forwardingRules.create` `compute.forwardingRules.createTagBinding` `compute.forwardingRules.delete` `compute.forwardingRules.deleteTagBinding` `compute.forwardingRules.get` `compute.forwardingRules.list` `compute.forwardingRules.listEffectiveTags` `compute.forwardingRules.listTagBindings` `compute.forwardingRules.pscCreate` `compute.forwardingRules.pscDelete` `compute.forwardingRules.pscSetLabels` `compute.forwardingRules.pscUpdate` `compute.forwardingRules.setLabels` `compute.forwardingRules.setTarget` `compute.forwardingRules.update` `compute.forwardingRules.use` `compute.futureReservations.cancel` `compute.futureReservations.create` `compute.futureReservations.delete` `compute.futureReservations.get` `compute.futureReservations.getIamPolicy` `compute.futureReservations.list` `compute.futureReservations.setIamPolicy` `compute.futureReservations.update` `compute.globalAddresses.create` `compute.globalAddresses.createInternal` `compute.globalAddresses.createTagBinding` `compute.globalAddresses.delete` `compute.globalAddresses.deleteInternal` `compute.globalAddresses.deleteTagBinding` `compute.globalAddresses.get` `compute.globalAddresses.list` `compute.globalAddresses.listEffectiveTags` `compute.globalAddresses.listTagBindings` `compute.globalAddresses.setLabels` `compute.globalAddresses.use` `compute.globalForwardingRules.create` `compute.globalForwardingRules.createTagBinding` `compute.globalForwardingRules.delete` `compute.globalForwardingRules.deleteTagBinding` `compute.globalForwardingRules.get` `compute.globalForwardingRules.list` `compute.globalForwardingRules.listEffectiveTags` `compute.globalForwardingRules.listTagBindings` `compute.globalForwardingRules.pscCreate` `compute.globalForwardingRules.pscDelete` `compute.globalForwardingRules.pscSetLabels` `compute.globalForwardingRules.pscUpdate` `compute.globalForwardingRules.setLabels` `compute.globalForwardingRules.setTarget` `compute.globalForwardingRules.update` `compute.globalNetworkEndpointGroups.attachNetworkEndpoints` `compute.globalNetworkEndpointGroups.create` `compute.globalNetworkEndpointGroups.createTagBinding` `compute.globalNetworkEndpointGroups.delete` `compute.globalNetworkEndpointGroups.deleteTagBinding` `compute.globalNetworkEndpointGroups.detachNetworkEndpoints` `compute.globalNetworkEndpointGroups.get` `compute.globalNetworkEndpointGroups.list` `compute.globalNetworkEndpointGroups.listEffectiveTags` `compute.globalNetworkEndpointGroups.listTagBindings` `compute.globalNetworkEndpointGroups.use` `compute.globalOperations.delete` `compute.globalOperations.get` `compute.globalOperations.getIamPolicy` `compute.globalOperations.list` `compute.globalOperations.setIamPolicy` `compute.globalPublicDelegatedPrefixes.create` `compute.globalPublicDelegatedPrefixes.delete` `compute.globalPublicDelegatedPrefixes.get` `compute.globalPublicDelegatedPrefixes.list` `compute.globalPublicDelegatedPrefixes.updatePolicy` `compute.healthChecks.create` `compute.healthChecks.createTagBinding` `compute.healthChecks.delete` `compute.healthChecks.deleteTagBinding` `compute.healthChecks.get` `compute.healthChecks.list` `compute.healthChecks.listEffectiveTags` `compute.healthChecks.listTagBindings` `compute.healthChecks.update` `compute.healthChecks.use` `compute.healthChecks.useReadOnly` `compute.httpHealthChecks.create` `compute.httpHealthChecks.createTagBinding` `compute.httpHealthChecks.delete` `compute.httpHealthChecks.deleteTagBinding` `compute.httpHealthChecks.get` `compute.httpHealthChecks.list` `compute.httpHealthChecks.listEffectiveTags` `compute.httpHealthChecks.listTagBindings` `compute.httpHealthChecks.update` `compute.httpHealthChecks.use` `compute.httpHealthChecks.useReadOnly` `compute.httpsHealthChecks.create` `compute.httpsHealthChecks.createTagBinding` `compute.httpsHealthChecks.delete` `compute.httpsHealthChecks.deleteTagBinding` `compute.httpsHealthChecks.get` `compute.httpsHealthChecks.list` `compute.httpsHealthChecks.listEffectiveTags` `compute.httpsHealthChecks.listTagBindings` `compute.httpsHealthChecks.update` `compute.httpsHealthChecks.use` `compute.httpsHealthChecks.useReadOnly` `compute.images.create` `compute.images.createTagBinding` `compute.images.delete` `compute.images.deleteTagBinding` `compute.images.deprecate` `compute.images.get` `compute.images.getFromFamily` `compute.images.getIamPolicy` `compute.images.list` `compute.images.listEffectiveTags` `compute.images.listTagBindings` `compute.images.setIamPolicy` `compute.images.setLabels` `compute.images.update` `compute.images.useReadOnly` `compute.instanceGroupManagers.create` `compute.instanceGroupManagers.createTagBinding` `compute.instanceGroupManagers.delete` `compute.instanceGroupManagers.deleteTagBinding` `compute.instanceGroupManagers.get` `compute.instanceGroupManagers.list` `compute.instanceGroupManagers.listEffectiveTags` `compute.instanceGroupManagers.listTagBindings` `compute.instanceGroupManagers.update` `compute.instanceGroupManagers.use` `compute.instanceGroups.create` `compute.instanceGroups.createTagBinding` `compute.instanceGroups.delete` `compute.instanceGroups.deleteTagBinding` `compute.instanceGroups.get` `compute.instanceGroups.list` `compute.instanceGroups.listEffectiveTags` `compute.instanceGroups.listTagBindings` `compute.instanceGroups.update` `compute.instanceGroups.use` `compute.instanceSettings.get` `compute.instanceSettings.update` `compute.instanceTemplates.create` `compute.instanceTemplates.delete` `compute.instanceTemplates.get` `compute.instanceTemplates.getIamPolicy` `compute.instanceTemplates.list` `compute.instanceTemplates.setIamPolicy` `compute.instanceTemplates.useReadOnly` `compute.instances.addAccessConfig` `compute.instances.addNetworkInterface` `compute.instances.addResourcePolicies` `compute.instances.attachDisk` `compute.instances.create` `compute.instances.createTagBinding` `compute.instances.delete` `compute.instances.deleteAccessConfig` `compute.instances.deleteNetworkInterface` `compute.instances.deleteTagBinding` `compute.instances.detachDisk` `compute.instances.get` `compute.instances.getEffectiveFirewalls` `compute.instances.getGuestAttributes` `compute.instances.getIamPolicy` `compute.instances.getScreenshot` `compute.instances.getSerialPortOutput` `compute.instances.getShieldedInstanceIdentity` `compute.instances.getShieldedVmIdentity` `compute.instances.list` `compute.instances.listEffectiveTags` `compute.instances.listReferrers` `compute.instances.listTagBindings` `compute.instances.osAdminLogin` `compute.instances.osLogin` `compute.instances.pscInterfaceCreate` `compute.instances.removeResourcePolicies` `compute.instances.reset` `compute.instances.resume` `compute.instances.sendDiagnosticInterrupt` `compute.instances.setDeletionProtection` `compute.instances.setDiskAutoDelete` `compute.instances.setIamPolicy` `compute.instances.setLabels` `compute.instances.setMachineResources` `compute.instances.setMachineType` `compute.instances.setMetadata` `compute.instances.setMinCpuPlatform` `compute.instances.setName` `compute.instances.setScheduling` `compute.instances.setSecurityPolicy` `compute.instances.setServiceAccount` `compute.instances.setShieldedInstanceIntegrityPolicy` `compute.instances.setShieldedVmIntegrityPolicy` `compute.instances.setTags` `compute.instances.simulateMaintenanceEvent` `compute.instances.start` `compute.instances.startWithEncryptionKey` `compute.instances.stop` `compute.instances.suspend` `compute.instances.update` `compute.instances.updateAccessConfig` `compute.instances.updateDisplayDevice` `compute.instances.updateNetworkInterface` `compute.instances.updateSecurity` `compute.instances.updateShieldedInstanceConfig` `compute.instances.updateShieldedVmConfig` `compute.instances.use` `compute.instances.useReadOnly` `compute.instantSnapshots.create` `compute.instantSnapshots.createTagBinding` `compute.instantSnapshots.delete` `compute.instantSnapshots.deleteTagBinding` `compute.instantSnapshots.export` `compute.instantSnapshots.get` `compute.instantSnapshots.getIamPolicy` `compute.instantSnapshots.list` `compute.instantSnapshots.listEffectiveTags` `compute.instantSnapshots.listTagBindings` `compute.instantSnapshots.setIamPolicy` `compute.instantSnapshots.setLabels` `compute.instantSnapshots.useReadOnly` `compute.interconnectAttachmentGroups.create` `compute.interconnectAttachmentGroups.delete` `compute.interconnectAttachmentGroups.get` `compute.interconnectAttachmentGroups.list` `compute.interconnectAttachmentGroups.patch` `compute.interconnectAttachments.create` `compute.interconnectAttachments.createTagBinding` `compute.interconnectAttachments.delete` `compute.interconnectAttachments.deleteTagBinding` `compute.interconnectAttachments.get` `compute.interconnectAttachments.list` `compute.interconnectAttachments.listEffectiveTags` `compute.interconnectAttachments.listTagBindings` `compute.interconnectAttachments.setLabels` `compute.interconnectAttachments.update` `compute.interconnectAttachments.use` `compute.interconnectGroups.create` `compute.interconnectGroups.delete` `compute.interconnectGroups.get` `compute.interconnectGroups.list` `compute.interconnectGroups.patch` `compute.interconnectLocations.get` `compute.interconnectLocations.list` `compute.interconnectRemoteLocations.get` `compute.interconnectRemoteLocations.list` `compute.interconnects.create` `compute.interconnects.createTagBinding` `compute.interconnects.delete` `compute.interconnects.deleteTagBinding` `compute.interconnects.get` `compute.interconnects.getMacsecConfig` `compute.interconnects.list` `compute.interconnects.listEffectiveTags` `compute.interconnects.listTagBindings` `compute.interconnects.setLabels` `compute.interconnects.update` `compute.interconnects.use` `compute.licenseCodes.get` `compute.licenseCodes.getIamPolicy` `compute.licenseCodes.list` `compute.licenseCodes.setIamPolicy` `compute.licenses.create` `compute.licenses.createTagBinding` `compute.licenses.delete` `compute.licenses.deleteTagBinding` `compute.licenses.get` `compute.licenses.getIamPolicy` `compute.licenses.list` `compute.licenses.listEffectiveTags` `compute.licenses.listTagBindings` `compute.licenses.setIamPolicy` `compute.licenses.update` `compute.machineImages.create` `compute.machineImages.createTagBinding` `compute.machineImages.delete` `compute.machineImages.deleteTagBinding` `compute.machineImages.get` `compute.machineImages.getIamPolicy` `compute.machineImages.list` `compute.machineImages.listEffectiveTags` `compute.machineImages.listTagBindings` `compute.machineImages.setIamPolicy` `compute.machineImages.setLabels` `compute.machineImages.useReadOnly` `compute.machineTypes.get` `compute.machineTypes.list` `compute.multiMig.create` `compute.multiMig.delete` `compute.multiMig.get` `compute.multiMig.list` `compute.multiMigMembers.get` `compute.multiMigMembers.list` `compute.networkAttachments.create` `compute.networkAttachments.createTagBinding` `compute.networkAttachments.delete` `compute.networkAttachments.deleteTagBinding` `compute.networkAttachments.get` `compute.networkAttachments.getIamPolicy` `compute.networkAttachments.list` `compute.networkAttachments.listEffectiveTags` `compute.networkAttachments.listTagBindings` `compute.networkAttachments.setIamPolicy` `compute.networkAttachments.update` `compute.networkAttachments.use` `compute.networkEdgeSecurityServices.create` `compute.networkEdgeSecurityServices.createTagBinding` `compute.networkEdgeSecurityServices.delete` `compute.networkEdgeSecurityServices.deleteTagBinding` `compute.networkEdgeSecurityServices.get` `compute.networkEdgeSecurityServices.list` `compute.networkEdgeSecurityServices.listEffectiveTags` `compute.networkEdgeSecurityServices.listTagBindings` `compute.networkEdgeSecurityServices.update` `compute.networkEndpointGroups.attachNetworkEndpoints` `compute.networkEndpointGroups.create` `compute.networkEndpointGroups.createTagBinding` `compute.networkEndpointGroups.delete` `compute.networkEndpointGroups.deleteTagBinding` `compute.networkEndpointGroups.detachNetworkEndpoints` `compute.networkEndpointGroups.get` `compute.networkEndpointGroups.list` `compute.networkEndpointGroups.listEffectiveTags` `compute.networkEndpointGroups.listTagBindings` `compute.networkEndpointGroups.use` `compute.networkProfiles.get` `compute.networkProfiles.list` `compute.networks.access` `compute.networks.addPeering` `compute.networks.create` `compute.networks.createTagBinding` `compute.networks.delete` `compute.networks.deleteTagBinding` `compute.networks.get` `compute.networks.getEffectiveFirewalls` `compute.networks.getRegionEffectiveFirewalls` `compute.networks.list` `compute.networks.listEffectiveTags` `compute.networks.listPeeringRoutes` `compute.networks.listTagBindings` `compute.networks.mirror` `compute.networks.removePeering` `compute.networks.setFirewallPolicy` `compute.networks.setNetworkPolicy` `compute.networks.switchToCustomMode` `compute.networks.update` `compute.networks.updatePeering` `compute.networks.updatePolicy` `compute.networks.use` `compute.networks.useExternalIp` `compute.nodeGroups.addNodes` `compute.nodeGroups.create` `compute.nodeGroups.delete` `compute.nodeGroups.deleteNodes` `compute.nodeGroups.get` `compute.nodeGroups.getIamPolicy` `compute.nodeGroups.list` `compute.nodeGroups.performMaintenance` `compute.nodeGroups.setIamPolicy` `compute.nodeGroups.setNodeTemplate` `compute.nodeGroups.simulateMaintenanceEvent` `compute.nodeGroups.update` `compute.nodeTemplates.create` `compute.nodeTemplates.delete` `compute.nodeTemplates.get` `compute.nodeTemplates.getIamPolicy` `compute.nodeTemplates.list` `compute.nodeTemplates.setIamPolicy` `compute.nodeTypes.get` `compute.nodeTypes.list` `compute.organizations.disableXpnHost` `compute.organizations.disableXpnResource` `compute.organizations.enableXpnHost` `compute.organizations.enableXpnResource` `compute.organizations.listAssociations` `compute.organizations.setFirewallPolicy` `compute.organizations.setSecurityPolicy` `compute.oslogin.updateExternalUser` `compute.packetMirrorings.create` `compute.packetMirrorings.createTagBinding` `compute.packetMirrorings.delete` `compute.packetMirrorings.deleteTagBinding` `compute.packetMirrorings.get` `compute.packetMirrorings.list` `compute.packetMirrorings.listEffectiveTags` `compute.packetMirrorings.listTagBindings` `compute.packetMirrorings.update` `compute.previewFeatures.get` `compute.previewFeatures.list` `compute.previewFeatures.update` `compute.projects.get` `compute.projects.setCloudArmorTier` `compute.projects.setCommonInstanceMetadata` `compute.projects.setDefaultNetworkTier` `compute.projects.setDefaultServiceAccount` `compute.projects.setManagedProtectionTier` `compute.projects.setUsageExportBucket` `compute.publicAdvertisedPrefixes.create` `compute.publicAdvertisedPrefixes.delete` `compute.publicAdvertisedPrefixes.get` `compute.publicAdvertisedPrefixes.list` `compute.publicAdvertisedPrefixes.update` `compute.publicAdvertisedPrefixes.updatePolicy` `compute.publicDelegatedPrefixes.announce` `compute.publicDelegatedPrefixes.create` `compute.publicDelegatedPrefixes.createTagBinding` `compute.publicDelegatedPrefixes.delete` `compute.publicDelegatedPrefixes.deleteTagBinding` `compute.publicDelegatedPrefixes.get` `compute.publicDelegatedPrefixes.list` `compute.publicDelegatedPrefixes.listEffectiveTags` `compute.publicDelegatedPrefixes.listTagBindings` `compute.publicDelegatedPrefixes.update` `compute.publicDelegatedPrefixes.updatePolicy` `compute.publicDelegatedPrefixes.use` `compute.publicDelegatedPrefixes.withdraw` `compute.regionBackendBuckets.create` `compute.regionBackendBuckets.createTagBinding` `compute.regionBackendBuckets.delete` `compute.regionBackendBuckets.deleteTagBinding` `compute.regionBackendBuckets.get` `compute.regionBackendBuckets.getIamPolicy` `compute.regionBackendBuckets.list` `compute.regionBackendBuckets.listEffectiveTags` `compute.regionBackendBuckets.listTagBindings` `compute.regionBackendBuckets.setIamPolicy` `compute.regionBackendBuckets.update` `compute.regionBackendBuckets.use` `compute.regionBackendServices.create` `compute.regionBackendServices.createTagBinding` `compute.regionBackendServices.delete` `compute.regionBackendServices.deleteTagBinding` `compute.regionBackendServices.get` `compute.regionBackendServices.getIamPolicy` `compute.regionBackendServices.list` `compute.regionBackendServices.listEffectiveTags` `compute.regionBackendServices.listTagBindings` `compute.regionBackendServices.setIamPolicy` `compute.regionBackendServices.setSecurityPolicy` `compute.regionBackendServices.update` `compute.regionBackendServices.use` `compute.regionCompositeHealthChecks.create` `compute.regionCompositeHealthChecks.delete` `compute.regionCompositeHealthChecks.get` `compute.regionCompositeHealthChecks.list` `compute.regionCompositeHealthChecks.update` `compute.regionFirewallPolicies.cloneRules` `compute.regionFirewallPolicies.create` `compute.regionFirewallPolicies.createTagBinding` `compute.regionFirewallPolicies.delete` `compute.regionFirewallPolicies.deleteTagBinding` `compute.regionFirewallPolicies.get` `compute.regionFirewallPolicies.getIamPolicy` `compute.regionFirewallPolicies.list` `compute.regionFirewallPolicies.listEffectiveTags` `compute.regionFirewallPolicies.listTagBindings` `compute.regionFirewallPolicies.setIamPolicy` `compute.regionFirewallPolicies.update` `compute.regionFirewallPolicies.use` `compute.regionHealthAggregationPolicies.create` `compute.regionHealthAggregationPolicies.delete` `compute.regionHealthAggregationPolicies.get` `compute.regionHealthAggregationPolicies.list` `compute.regionHealthAggregationPolicies.update` `compute.regionHealthCheckServices.create` `compute.regionHealthCheckServices.delete` `compute.regionHealthCheckServices.get` `compute.regionHealthCheckServices.list` `compute.regionHealthCheckServices.update` `compute.regionHealthCheckServices.use` `compute.regionHealthChecks.create` `compute.regionHealthChecks.createTagBinding` `compute.regionHealthChecks.delete` `compute.regionHealthChecks.deleteTagBinding` `compute.regionHealthChecks.get` `compute.regionHealthChecks.list` `compute.regionHealthChecks.listEffectiveTags` `compute.regionHealthChecks.listTagBindings` `compute.regionHealthChecks.update` `compute.regionHealthChecks.use` `compute.regionHealthChecks.useReadOnly` `compute.regionHealthSources.create` `compute.regionHealthSources.delete` `compute.regionHealthSources.get` `compute.regionHealthSources.list` `compute.regionHealthSources.update` `compute.regionNetworkEndpointGroups.attachNetworkEndpoints` `compute.regionNetworkEndpointGroups.create` `compute.regionNetworkEndpointGroups.createTagBinding` `compute.regionNetworkEndpointGroups.delete` `compute.regionNetworkEndpointGroups.deleteTagBinding` `compute.regionNetworkEndpointGroups.detachNetworkEndpoints` `compute.regionNetworkEndpointGroups.get` `compute.regionNetworkEndpointGroups.list` `compute.regionNetworkEndpointGroups.listEffectiveTags` `compute.regionNetworkEndpointGroups.listTagBindings` `compute.regionNetworkEndpointGroups.use` `compute.regionNetworkPolicies.create` `compute.regionNetworkPolicies.delete` `compute.regionNetworkPolicies.get` `compute.regionNetworkPolicies.list` `compute.regionNetworkPolicies.update` `compute.regionNetworkPolicies.use` `compute.regionNotificationEndpoints.create` `compute.regionNotificationEndpoints.delete` `compute.regionNotificationEndpoints.get` `compute.regionNotificationEndpoints.list` `compute.regionNotificationEndpoints.update` `compute.regionNotificationEndpoints.use` `compute.regionOperations.delete` `compute.regionOperations.get` `compute.regionOperations.getIamPolicy` `compute.regionOperations.list` `compute.regionOperations.setIamPolicy` `compute.regionSecurityPolicies.create` `compute.regionSecurityPolicies.createTagBinding` `compute.regionSecurityPolicies.delete` `compute.regionSecurityPolicies.deleteTagBinding` `compute.regionSecurityPolicies.get` `compute.regionSecurityPolicies.list` `compute.regionSecurityPolicies.listEffectiveTags` `compute.regionSecurityPolicies.listTagBindings` `compute.regionSecurityPolicies.update` `compute.regionSecurityPolicies.use` `compute.regionSslCertificates.create` `compute.regionSslCertificates.createTagBinding` `compute.regionSslCertificates.delete` `compute.regionSslCertificates.deleteTagBinding` `compute.regionSslCertificates.get` `compute.regionSslCertificates.list` `compute.regionSslCertificates.listEffectiveTags` `compute.regionSslCertificates.listTagBindings` `compute.regionSslPolicies.create` `compute.regionSslPolicies.createTagBinding` `compute.regionSslPolicies.delete` `compute.regionSslPolicies.deleteTagBinding` `compute.regionSslPolicies.get` `compute.regionSslPolicies.list` `compute.regionSslPolicies.listAvailableFeatures` `compute.regionSslPolicies.listEffectiveTags` `compute.regionSslPolicies.listTagBindings` `compute.regionSslPolicies.update` `compute.regionSslPolicies.use` `compute.regionTargetHttpProxies.create` `compute.regionTargetHttpProxies.createTagBinding` `compute.regionTargetHttpProxies.delete` `compute.regionTargetHttpProxies.deleteTagBinding` `compute.regionTargetHttpProxies.get` `compute.regionTargetHttpProxies.list` `compute.regionTargetHttpProxies.listEffectiveTags` `compute.regionTargetHttpProxies.listTagBindings` `compute.regionTargetHttpProxies.setUrlMap` `compute.regionTargetHttpProxies.use` `compute.regionTargetHttpsProxies.create` `compute.regionTargetHttpsProxies.createTagBinding` `compute.regionTargetHttpsProxies.delete` `compute.regionTargetHttpsProxies.deleteTagBinding` `compute.regionTargetHttpsProxies.get` `compute.regionTargetHttpsProxies.list` `compute.regionTargetHttpsProxies.listEffectiveTags` `compute.regionTargetHttpsProxies.listTagBindings` `compute.regionTargetHttpsProxies.setSslCertificates` `compute.regionTargetHttpsProxies.setUrlMap` `compute.regionTargetHttpsProxies.update` `compute.regionTargetHttpsProxies.use` `compute.regionTargetTcpProxies.create` `compute.regionTargetTcpProxies.createTagBinding` `compute.regionTargetTcpProxies.delete` `compute.regionTargetTcpProxies.deleteTagBinding` `compute.regionTargetTcpProxies.get` `compute.regionTargetTcpProxies.list` `compute.regionTargetTcpProxies.listEffectiveTags` `compute.regionTargetTcpProxies.listTagBindings` `compute.regionTargetTcpProxies.use` `compute.regionUrlMaps.create` `compute.regionUrlMaps.createTagBinding` `compute.regionUrlMaps.delete` `compute.regionUrlMaps.deleteTagBinding` `compute.regionUrlMaps.get` `compute.regionUrlMaps.invalidateCache` `compute.regionUrlMaps.list` `compute.regionUrlMaps.listEffectiveTags` `compute.regionUrlMaps.listTagBindings` `compute.regionUrlMaps.update` `compute.regionUrlMaps.use` `compute.regionUrlMaps.validate` `compute.regions.get` `compute.regions.list` `compute.reservationBlocks.get` `compute.reservationBlocks.list` `compute.reservationBlocks.performMaintenance` `compute.reservationSubBlocks.get` `compute.reservationSubBlocks.list` `compute.reservationSubBlocks.performMaintenance` `compute.reservationSubBlocks.reportFaulty` `compute.reservations.create` `compute.reservations.delete` `compute.reservations.get` `compute.reservations.list` `compute.reservations.performMaintenance` `compute.reservations.resize` `compute.reservations.update` `compute.resourcePolicies.create` `compute.resourcePolicies.delete` `compute.resourcePolicies.get` `compute.resourcePolicies.getIamPolicy` `compute.resourcePolicies.list` `compute.resourcePolicies.setIamPolicy` `compute.resourcePolicies.update` `compute.resourcePolicies.use` `compute.resourcePolicies.useReadOnly` `compute.rolloutPlans.create` `compute.rolloutPlans.delete` `compute.rolloutPlans.get` `compute.rolloutPlans.list` `compute.rollouts.cancel` `compute.rollouts.delete` `compute.rollouts.get` `compute.rollouts.list` `compute.routers.create` `compute.routers.createTagBinding` `compute.routers.delete` `compute.routers.deleteRoutePolicy` `compute.routers.deleteTagBinding` `compute.routers.get` `compute.routers.getRoutePolicy` `compute.routers.list` `compute.routers.listBgpRoutes` `compute.routers.listEffectiveTags` `compute.routers.listRoutePolicies` `compute.routers.listTagBindings` `compute.routers.update` `compute.routers.updateRoutePolicy` `compute.routers.use` `compute.routes.create` `compute.routes.createTagBinding` `compute.routes.delete` `compute.routes.deleteTagBinding` `compute.routes.get` `compute.routes.list` `compute.routes.listEffectiveTags` `compute.routes.listTagBindings` `compute.securityPolicies.addAssociation` `compute.securityPolicies.copyRules` `compute.securityPolicies.create` `compute.securityPolicies.createTagBinding` `compute.securityPolicies.delete` `compute.securityPolicies.deleteTagBinding` `compute.securityPolicies.get` `compute.securityPolicies.list` `compute.securityPolicies.listEffectiveTags` `compute.securityPolicies.listTagBindings` `compute.securityPolicies.move` `compute.securityPolicies.removeAssociation` `compute.securityPolicies.setLabels` `compute.securityPolicies.update` `compute.securityPolicies.use` `compute.serviceAttachments.create` `compute.serviceAttachments.createTagBinding` `compute.serviceAttachments.delete` `compute.serviceAttachments.deleteTagBinding` `compute.serviceAttachments.get` `compute.serviceAttachments.getIamPolicy` `compute.serviceAttachments.list` `compute.serviceAttachments.listEffectiveTags` `compute.serviceAttachments.listTagBindings` `compute.serviceAttachments.setIamPolicy` `compute.serviceAttachments.update` `compute.serviceAttachments.use` `compute.snapshotSettings.get` `compute.snapshotSettings.update` `compute.snapshots.create` `compute.snapshots.createTagBinding` `compute.snapshots.delete` `compute.snapshots.deleteTagBinding` `compute.snapshots.get` `compute.snapshots.getIamPolicy` `compute.snapshots.list` `compute.snapshots.listEffectiveTags` `compute.snapshots.listTagBindings` `compute.snapshots.setIamPolicy` `compute.snapshots.setLabels` `compute.snapshots.updateKmsKey` `compute.snapshots.useReadOnly` `compute.spotAssistants.get` `compute.sslCertificates.create` `compute.sslCertificates.createTagBinding` `compute.sslCertificates.delete` `compute.sslCertificates.deleteTagBinding` `compute.sslCertificates.get` `compute.sslCertificates.list` `compute.sslCertificates.listEffectiveTags` `compute.sslCertificates.listTagBindings` `compute.sslPolicies.create` `compute.sslPolicies.createTagBinding` `compute.sslPolicies.delete` `compute.sslPolicies.deleteTagBinding` `compute.sslPolicies.get` `compute.sslPolicies.list` `compute.sslPolicies.listAvailableFeatures` `compute.sslPolicies.listEffectiveTags` `compute.sslPolicies.listTagBindings` `compute.sslPolicies.update` `compute.sslPolicies.use` `compute.storagePools.create` `compute.storagePools.createTagBinding` `compute.storagePools.delete` `compute.storagePools.deleteTagBinding` `compute.storagePools.get` `compute.storagePools.getIamPolicy` `compute.storagePools.list` `compute.storagePools.listEffectiveTags` `compute.storagePools.listTagBindings` `compute.storagePools.setIamPolicy` `compute.storagePools.update` `compute.storagePools.use` `compute.subnetworks.create` `compute.subnetworks.createTagBinding` `compute.subnetworks.delete` `compute.subnetworks.deleteTagBinding` `compute.subnetworks.expandIpCidrRange` `compute.subnetworks.get` `compute.subnetworks.getIamPolicy` `compute.subnetworks.list` `compute.subnetworks.listEffectiveTags` `compute.subnetworks.listTagBindings` `compute.subnetworks.mirror` `compute.subnetworks.setIamPolicy` `compute.subnetworks.setPrivateIpGoogleAccess` `compute.subnetworks.update` `compute.subnetworks.use` `compute.subnetworks.useExternalIp` `compute.subnetworks.usePeerMigration` `compute.targetGrpcProxies.create` `compute.targetGrpcProxies.createTagBinding` `compute.targetGrpcProxies.delete` `compute.targetGrpcProxies.deleteTagBinding` `compute.targetGrpcProxies.get` `compute.targetGrpcProxies.list` `compute.targetGrpcProxies.listEffectiveTags` `compute.targetGrpcProxies.listTagBindings` `compute.targetGrpcProxies.update` `compute.targetGrpcProxies.use` `compute.targetHttpProxies.create` `compute.targetHttpProxies.createTagBinding` `compute.targetHttpProxies.delete` `compute.targetHttpProxies.deleteTagBinding` `compute.targetHttpProxies.get` `compute.targetHttpProxies.list` `compute.targetHttpProxies.listEffectiveTags` `compute.targetHttpProxies.listTagBindings` `compute.targetHttpProxies.setUrlMap` `compute.targetHttpProxies.update` `compute.targetHttpProxies.use` `compute.targetHttpsProxies.create` `compute.targetHttpsProxies.createTagBinding` `compute.targetHttpsProxies.delete` `compute.targetHttpsProxies.deleteTagBinding` `compute.targetHttpsProxies.get` `compute.targetHttpsProxies.list` `compute.targetHttpsProxies.listEffectiveTags` `compute.targetHttpsProxies.listTagBindings` `compute.targetHttpsProxies.setCertificateMap` `compute.targetHttpsProxies.setQuicOverride` `compute.targetHttpsProxies.setSslCertificates` `compute.targetHttpsProxies.setSslPolicy` `compute.targetHttpsProxies.setUrlMap` `compute.targetHttpsProxies.update` `compute.targetHttpsProxies.use` `compute.targetInstances.create` `compute.targetInstances.createTagBinding` `compute.targetInstances.delete` `compute.targetInstances.deleteTagBinding` `compute.targetInstances.get` `compute.targetInstances.list` `compute.targetInstances.listEffectiveTags` `compute.targetInstances.listTagBindings` `compute.targetInstances.setSecurityPolicy` `compute.targetInstances.use` `compute.targetPools.addHealthCheck` `compute.targetPools.addInstance` `compute.targetPools.create` `compute.targetPools.createTagBinding` `compute.targetPools.delete` `compute.targetPools.deleteTagBinding` `compute.targetPools.get` `compute.targetPools.list` `compute.targetPools.listEffectiveTags` `compute.targetPools.listTagBindings` `compute.targetPools.removeHealthCheck` `compute.targetPools.removeInstance` `compute.targetPools.setSecurityPolicy` `compute.targetPools.update` `compute.targetPools.use` `compute.targetSslProxies.create` `compute.targetSslProxies.createTagBinding` `compute.targetSslProxies.delete` `compute.targetSslProxies.deleteTagBinding` `compute.targetSslProxies.get` `compute.targetSslProxies.list` `compute.targetSslProxies.listEffectiveTags` `compute.targetSslProxies.listTagBindings` `compute.targetSslProxies.setBackendService` `compute.targetSslProxies.setCertificateMap` `compute.targetSslProxies.setProxyHeader` `compute.targetSslProxies.setSslCertificates` `compute.targetSslProxies.setSslPolicy` `compute.targetSslProxies.update` `compute.targetSslProxies.use` `compute.targetTcpProxies.create` `compute.targetTcpProxies.createTagBinding` `compute.targetTcpProxies.delete` `compute.targetTcpProxies.deleteTagBinding` `compute.targetTcpProxies.get` `compute.targetTcpProxies.list` `compute.targetTcpProxies.listEffectiveTags` `compute.targetTcpProxies.listTagBindings` `compute.targetTcpProxies.update` `compute.targetTcpProxies.use` `compute.targetVpnGateways.create` `compute.targetVpnGateways.createTagBinding` `compute.targetVpnGateways.delete` `compute.targetVpnGateways.deleteTagBinding` `compute.targetVpnGateways.get` `compute.targetVpnGateways.list` `compute.targetVpnGateways.listEffectiveTags` `compute.targetVpnGateways.listTagBindings` `compute.targetVpnGateways.setLabels` `compute.targetVpnGateways.use` `compute.urlMaps.create` `compute.urlMaps.createTagBinding` `compute.urlMaps.delete` `compute.urlMaps.deleteTagBinding` `compute.urlMaps.get` `compute.urlMaps.invalidateCache` `compute.urlMaps.list` `compute.urlMaps.listEffectiveTags` `compute.urlMaps.listTagBindings` `compute.urlMaps.update` `compute.urlMaps.use` `compute.urlMaps.validate` `compute.vmExtensionPolicies.create` `compute.vmExtensionPolicies.delete` `compute.vmExtensionPolicies.get` `compute.vmExtensionPolicies.list` `compute.vmExtensionPolicies.update` `compute.vpnGateways.create` `compute.vpnGateways.createTagBinding` `compute.vpnGateways.delete` `compute.vpnGateways.deleteTagBinding` `compute.vpnGateways.get` `compute.vpnGateways.list` `compute.vpnGateways.listEffectiveTags` `compute.vpnGateways.listTagBindings` `compute.vpnGateways.setLabels` `compute.vpnGateways.use` `compute.vpnTunnels.create` `compute.vpnTunnels.createTagBinding` `compute.vpnTunnels.delete` `compute.vpnTunnels.deleteTagBinding` `compute.vpnTunnels.get` `compute.vpnTunnels.list` `compute.vpnTunnels.listEffectiveTags` `compute.vpnTunnels.listTagBindings` `compute.vpnTunnels.setLabels` `compute.wireGroups.create` `compute.wireGroups.delete` `compute.wireGroups.get` `compute.wireGroups.list` `compute.wireGroups.update` `compute.zoneOperations.delete` `compute.zoneOperations.get` `compute.zoneOperations.getIamPolicy` `compute.zoneOperations.list` `compute.zoneOperations.setIamPolicy` `compute.zones.get` `compute.zones.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.*` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`
Compute Future Reservation Admin^Beta (`roles/compute.futureReservationAdmin`)	`compute.acceleratorTypes.list` `compute.advice.calendarMode` `compute.futureReservations.cancel` `compute.futureReservations.create` `compute.futureReservations.delete` `compute.futureReservations.get` `compute.futureReservations.list` `compute.futureReservations.update` `compute.instanceTemplates.list` `compute.machineTypes.list` `compute.regions.list` `compute.reservationBlocks.performMaintenance` `compute.reservationSubBlocks.performMaintenance` `compute.reservationSubBlocks.reportFaulty` `compute.reservations.create` `compute.reservations.performMaintenance` `compute.zones.list`
Compute Future Reservation User^Beta (`roles/compute.futureReservationUser`)	`compute.acceleratorTypes.list` `compute.advice.calendarMode` `compute.futureReservations.create` `compute.futureReservations.delete` `compute.futureReservations.get` `compute.futureReservations.list` `compute.futureReservations.update` `compute.instanceTemplates.list` `compute.machineTypes.list` `compute.regions.list` `compute.reservations.create` `compute.zones.list`
Compute Future Reservation Viewer^Beta (`roles/compute.futureReservationViewer`)	`compute.acceleratorTypes.list` `compute.futureReservations.get` `compute.futureReservations.list` `compute.instanceTemplates.list` `compute.machineTypes.list` `compute.regions.list` `compute.zones.list`
Compute Image User (`roles/compute.imageUser`) Permission to list and read images without having other permissions on the image. Granting this roleat the project level gives users the ability to list all images in the project and create resources,such as instances and persistent disks, based on images in the project. Lowest-level resources where you can grant this role: Image	`compute.images.get` `compute.images.getFromFamily` `compute.images.list` `compute.images.useReadOnly` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.*` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`
Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Permissions to create, modify, and delete virtual machine instances.This includes permissions to create, modify, and delete disks, and also toconfigureShielded VMsettings. If the user will be managing virtual machine instances that are configuredto run as a service account, you must also grant the`roles/iam.serviceAccountUser` role. For example, if your company has someone who manages groups of virtualmachine instances but does not manage network or security settings anddoes not manage instances that run as service accounts, you can grant thisrole on the organization, folder, or project that contains the instances,or you can grant it on individual instances. Lowest-level resources where you can grant this role: Disk Image Instance Instance template Snapshot	`backupdr.backupPlanAssociations.createForComputeDisk` `backupdr.backupPlanAssociations.createForComputeInstance` `backupdr.backupPlanAssociations.deleteForComputeDisk` `backupdr.backupPlanAssociations.deleteForComputeInstance` `backupdr.backupPlanAssociations.fetchForComputeDisk` `backupdr.backupPlanAssociations.getForComputeDisk` `backupdr.backupPlanAssociations.list` `backupdr.backupPlanAssociations.triggerBackupForComputeDisk` `backupdr.backupPlanAssociations.triggerBackupForComputeInstance` `backupdr.backupPlanAssociations.updateForComputeDisk` `backupdr.backupPlanAssociations.updateForComputeInstance` `backupdr.backupPlans.get` `backupdr.backupPlans.list` `backupdr.backupPlans.useForComputeDisk` `backupdr.backupPlans.useForComputeInstance` `backupdr.backupVaults.get` `backupdr.backupVaults.list` `backupdr.locations.list` `backupdr.operations.get` `backupdr.operations.list` `backupdr.serviceConfig.initialize` `cloudkms.keyHandles.` `cloudkms.keyHandles.create` `cloudkms.keyHandles.get` `cloudkms.keyHandles.list` `cloudkms.operations.get` `cloudkms.projects.showEffectiveAutokeyConfig` `compute.acceleratorTypes.` `compute.acceleratorTypes.get` `compute.acceleratorTypes.list` `compute.addresses.createInternal` `compute.addresses.deleteInternal` `compute.addresses.get` `compute.addresses.list` `compute.addresses.listEffectiveTags` `compute.addresses.listTagBindings` `compute.addresses.use` `compute.addresses.useInternal` `compute.autoscalers.` `compute.autoscalers.create` `compute.autoscalers.delete` `compute.autoscalers.get` `compute.autoscalers.list` `compute.autoscalers.update` `compute.diskSettings.get` `compute.diskTypes.` `compute.diskTypes.get` `compute.diskTypes.list` `compute.disks.create` `compute.disks.createSnapshot` `compute.disks.delete` `compute.disks.get` `compute.disks.list` `compute.disks.resize` `compute.disks.setLabels` `compute.disks.startAsyncReplication` `compute.disks.stopAsyncReplication` `compute.disks.stopGroupAsyncReplication` `compute.disks.update` `compute.disks.updateKmsKey` `compute.disks.use` `compute.disks.useReadOnly` `compute.globalAddresses.get` `compute.globalAddresses.list` `compute.globalAddresses.listEffectiveTags` `compute.globalAddresses.listTagBindings` `compute.globalAddresses.use` `compute.globalNetworkEndpointGroups.` `compute.globalNetworkEndpointGroups.attachNetworkEndpoints` `compute.globalNetworkEndpointGroups.create` `compute.globalNetworkEndpointGroups.createTagBinding` `compute.globalNetworkEndpointGroups.delete` `compute.globalNetworkEndpointGroups.deleteTagBinding` `compute.globalNetworkEndpointGroups.detachNetworkEndpoints` `compute.globalNetworkEndpointGroups.get` `compute.globalNetworkEndpointGroups.list` `compute.globalNetworkEndpointGroups.listEffectiveTags` `compute.globalNetworkEndpointGroups.listTagBindings` `compute.globalNetworkEndpointGroups.use` `compute.globalOperations.get` `compute.globalOperations.list` `compute.images.get` `compute.images.getFromFamily` `compute.images.list` `compute.images.useReadOnly` `compute.instanceGroupManagers.` `compute.instanceGroupManagers.create` `compute.instanceGroupManagers.createTagBinding` `compute.instanceGroupManagers.delete` `compute.instanceGroupManagers.deleteTagBinding` `compute.instanceGroupManagers.get` `compute.instanceGroupManagers.list` `compute.instanceGroupManagers.listEffectiveTags` `compute.instanceGroupManagers.listTagBindings` `compute.instanceGroupManagers.update` `compute.instanceGroupManagers.use` `compute.instanceGroups.` `compute.instanceGroups.create` `compute.instanceGroups.createTagBinding` `compute.instanceGroups.delete` `compute.instanceGroups.deleteTagBinding` `compute.instanceGroups.get` `compute.instanceGroups.list` `compute.instanceGroups.listEffectiveTags` `compute.instanceGroups.listTagBindings` `compute.instanceGroups.update` `compute.instanceGroups.use` `compute.instanceSettings.get` `compute.instanceTemplates.` `compute.instanceTemplates.create` `compute.instanceTemplates.delete` `compute.instanceTemplates.get` `compute.instanceTemplates.getIamPolicy` `compute.instanceTemplates.list` `compute.instanceTemplates.setIamPolicy` `compute.instanceTemplates.useReadOnly` `compute.instances.` `compute.instances.addAccessConfig` `compute.instances.addNetworkInterface` `compute.instances.addResourcePolicies` `compute.instances.attachDisk` `compute.instances.create` `compute.instances.createTagBinding` `compute.instances.delete` `compute.instances.deleteAccessConfig` `compute.instances.deleteNetworkInterface` `compute.instances.deleteTagBinding` `compute.instances.detachDisk` `compute.instances.get` `compute.instances.getEffectiveFirewalls` `compute.instances.getGuestAttributes` `compute.instances.getIamPolicy` `compute.instances.getScreenshot` `compute.instances.getSerialPortOutput` `compute.instances.getShieldedInstanceIdentity` `compute.instances.getShieldedVmIdentity` `compute.instances.list` `compute.instances.listEffectiveTags` `compute.instances.listReferrers` `compute.instances.listTagBindings` `compute.instances.osAdminLogin` `compute.instances.osLogin` `compute.instances.pscInterfaceCreate` `compute.instances.removeResourcePolicies` `compute.instances.reset` `compute.instances.resume` `compute.instances.sendDiagnosticInterrupt` `compute.instances.setDeletionProtection` `compute.instances.setDiskAutoDelete` `compute.instances.setIamPolicy` `compute.instances.setLabels` `compute.instances.setMachineResources` `compute.instances.setMachineType` `compute.instances.setMetadata` `compute.instances.setMinCpuPlatform` `compute.instances.setName` `compute.instances.setScheduling` `compute.instances.setSecurityPolicy` `compute.instances.setServiceAccount` `compute.instances.setShieldedInstanceIntegrityPolicy` `compute.instances.setShieldedVmIntegrityPolicy` `compute.instances.setTags` `compute.instances.simulateMaintenanceEvent` `compute.instances.start` `compute.instances.startWithEncryptionKey` `compute.instances.stop` `compute.instances.suspend` `compute.instances.update` `compute.instances.updateAccessConfig` `compute.instances.updateDisplayDevice` `compute.instances.updateNetworkInterface` `compute.instances.updateSecurity` `compute.instances.updateShieldedInstanceConfig` `compute.instances.updateShieldedVmConfig` `compute.instances.use` `compute.instances.useReadOnly` `compute.licenses.get` `compute.licenses.list` `compute.licenses.listEffectiveTags` `compute.licenses.listTagBindings` `compute.machineImages.` `compute.machineImages.create` `compute.machineImages.createTagBinding` `compute.machineImages.delete` `compute.machineImages.deleteTagBinding` `compute.machineImages.get` `compute.machineImages.getIamPolicy` `compute.machineImages.list` `compute.machineImages.listEffectiveTags` `compute.machineImages.listTagBindings` `compute.machineImages.setIamPolicy` `compute.machineImages.setLabels` `compute.machineImages.useReadOnly` `compute.machineTypes.` `compute.machineTypes.get` `compute.machineTypes.list` `compute.multiMig.` `compute.multiMig.create` `compute.multiMig.delete` `compute.multiMig.get` `compute.multiMig.list` `compute.networkEndpointGroups.` `compute.networkEndpointGroups.attachNetworkEndpoints` `compute.networkEndpointGroups.create` `compute.networkEndpointGroups.createTagBinding` `compute.networkEndpointGroups.delete` `compute.networkEndpointGroups.deleteTagBinding` `compute.networkEndpointGroups.detachNetworkEndpoints` `compute.networkEndpointGroups.get` `compute.networkEndpointGroups.list` `compute.networkEndpointGroups.listEffectiveTags` `compute.networkEndpointGroups.listTagBindings` `compute.networkEndpointGroups.use` `compute.networks.get` `compute.networks.list` `compute.networks.listEffectiveTags` `compute.networks.listTagBindings` `compute.networks.use` `compute.networks.useExternalIp` `compute.projects.get` `compute.regionNetworkEndpointGroups.` `compute.regionNetworkEndpointGroups.attachNetworkEndpoints` `compute.regionNetworkEndpointGroups.create` `compute.regionNetworkEndpointGroups.createTagBinding` `compute.regionNetworkEndpointGroups.delete` `compute.regionNetworkEndpointGroups.deleteTagBinding` `compute.regionNetworkEndpointGroups.detachNetworkEndpoints` `compute.regionNetworkEndpointGroups.get` `compute.regionNetworkEndpointGroups.list` `compute.regionNetworkEndpointGroups.listEffectiveTags` `compute.regionNetworkEndpointGroups.listTagBindings` `compute.regionNetworkEndpointGroups.use` `compute.regionOperations.get` `compute.regionOperations.list` `compute.regions.` `compute.regions.get` `compute.regions.list` `compute.reservationBlocks.get` `compute.reservationBlocks.list` `compute.reservationSubBlocks.` `compute.reservationSubBlocks.get` `compute.reservationSubBlocks.list` `compute.reservationSubBlocks.performMaintenance` `compute.reservationSubBlocks.reportFaulty` `compute.reservations.get` `compute.reservations.list` `compute.resourcePolicies.list` `compute.resourcePolicies.useReadOnly` `compute.storagePools.get` `compute.storagePools.list` `compute.storagePools.listEffectiveTags` `compute.storagePools.listTagBindings` `compute.storagePools.use` `compute.subnetworks.get` `compute.subnetworks.list` `compute.subnetworks.listEffectiveTags` `compute.subnetworks.listTagBindings` `compute.subnetworks.use` `compute.subnetworks.useExternalIp` `compute.targetPools.get` `compute.targetPools.list` `compute.targetPools.listEffectiveTags` `compute.targetPools.listTagBindings` `compute.zoneOperations.get` `compute.zoneOperations.list` `compute.zones.` `compute.zones.get` `compute.zones.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`
Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Full control of Compute Engine instances, instance groups, disks, snapshots, and images.Read access to all Compute Engine networking resources. If you grant a user this role only at an instance level, then that user cannot create new instances.	`backupdr.backupPlanAssociations.createForComputeDisk` `backupdr.backupPlanAssociations.createForComputeInstance` `backupdr.backupPlanAssociations.deleteForComputeDisk` `backupdr.backupPlanAssociations.deleteForComputeInstance` `backupdr.backupPlanAssociations.fetchForComputeDisk` `backupdr.backupPlanAssociations.getForComputeDisk` `backupdr.backupPlanAssociations.list` `backupdr.backupPlanAssociations.triggerBackupForComputeDisk` `backupdr.backupPlanAssociations.triggerBackupForComputeInstance` `backupdr.backupPlanAssociations.updateForComputeDisk` `backupdr.backupPlanAssociations.updateForComputeInstance` `backupdr.backupPlans.get` `backupdr.backupPlans.list` `backupdr.backupPlans.useForComputeDisk` `backupdr.backupPlans.useForComputeInstance` `backupdr.backupVaults.get` `backupdr.backupVaults.list` `backupdr.locations.list` `backupdr.operations.get` `backupdr.operations.list` `backupdr.serviceConfig.initialize` `cloudkms.keyHandles.` `cloudkms.keyHandles.create` `cloudkms.keyHandles.get` `cloudkms.keyHandles.list` `cloudkms.operations.get` `cloudkms.projects.showEffectiveAutokeyConfig` `compute.acceleratorTypes.` `compute.acceleratorTypes.get` `compute.acceleratorTypes.list` `compute.addresses.createInternal` `compute.addresses.deleteInternal` `compute.addresses.get` `compute.addresses.list` `compute.addresses.listEffectiveTags` `compute.addresses.listTagBindings` `compute.addresses.use` `compute.addresses.useInternal` `compute.autoscalers.` `compute.autoscalers.create` `compute.autoscalers.delete` `compute.autoscalers.get` `compute.autoscalers.list` `compute.autoscalers.update` `compute.backendBuckets.get` `compute.backendBuckets.list` `compute.backendBuckets.listEffectiveTags` `compute.backendBuckets.listTagBindings` `compute.backendServices.get` `compute.backendServices.list` `compute.backendServices.listEffectiveTags` `compute.backendServices.listTagBindings` `compute.crossSiteNetworks.get` `compute.crossSiteNetworks.list` `compute.diskSettings.get` `compute.diskTypes.` `compute.diskTypes.get` `compute.diskTypes.list` `compute.disks.` `compute.disks.addResourcePolicies` `compute.disks.create` `compute.disks.createSnapshot` `compute.disks.createTagBinding` `compute.disks.delete` `compute.disks.deleteTagBinding` `compute.disks.get` `compute.disks.getIamPolicy` `compute.disks.list` `compute.disks.listEffectiveTags` `compute.disks.listTagBindings` `compute.disks.removeResourcePolicies` `compute.disks.resize` `compute.disks.setIamPolicy` `compute.disks.setLabels` `compute.disks.startAsyncReplication` `compute.disks.stopAsyncReplication` `compute.disks.stopGroupAsyncReplication` `compute.disks.update` `compute.disks.updateKmsKey` `compute.disks.use` `compute.disks.useReadOnly` `compute.externalVpnGateways.get` `compute.externalVpnGateways.list` `compute.externalVpnGateways.listEffectiveTags` `compute.externalVpnGateways.listTagBindings` `compute.firewalls.get` `compute.firewalls.list` `compute.firewalls.listEffectiveTags` `compute.firewalls.listTagBindings` `compute.forwardingRules.get` `compute.forwardingRules.list` `compute.forwardingRules.listEffectiveTags` `compute.forwardingRules.listTagBindings` `compute.globalAddresses.get` `compute.globalAddresses.list` `compute.globalAddresses.listEffectiveTags` `compute.globalAddresses.listTagBindings` `compute.globalAddresses.use` `compute.globalForwardingRules.get` `compute.globalForwardingRules.list` `compute.globalForwardingRules.listEffectiveTags` `compute.globalForwardingRules.listTagBindings` `compute.globalNetworkEndpointGroups.` `compute.globalNetworkEndpointGroups.attachNetworkEndpoints` `compute.globalNetworkEndpointGroups.create` `compute.globalNetworkEndpointGroups.createTagBinding` `compute.globalNetworkEndpointGroups.delete` `compute.globalNetworkEndpointGroups.deleteTagBinding` `compute.globalNetworkEndpointGroups.detachNetworkEndpoints` `compute.globalNetworkEndpointGroups.get` `compute.globalNetworkEndpointGroups.list` `compute.globalNetworkEndpointGroups.listEffectiveTags` `compute.globalNetworkEndpointGroups.listTagBindings` `compute.globalNetworkEndpointGroups.use` `compute.globalOperations.get` `compute.globalOperations.list` `compute.healthChecks.get` `compute.healthChecks.list` `compute.healthChecks.listEffectiveTags` `compute.healthChecks.listTagBindings` `compute.httpHealthChecks.get` `compute.httpHealthChecks.list` `compute.httpHealthChecks.listEffectiveTags` `compute.httpHealthChecks.listTagBindings` `compute.httpsHealthChecks.get` `compute.httpsHealthChecks.list` `compute.httpsHealthChecks.listEffectiveTags` `compute.httpsHealthChecks.listTagBindings` `compute.images.` `compute.images.create` `compute.images.createTagBinding` `compute.images.delete` `compute.images.deleteTagBinding` `compute.images.deprecate` `compute.images.get` `compute.images.getFromFamily` `compute.images.getIamPolicy` `compute.images.list` `compute.images.listEffectiveTags` `compute.images.listTagBindings` `compute.images.setIamPolicy` `compute.images.setLabels` `compute.images.update` `compute.images.useReadOnly` `compute.instanceGroupManagers.` `compute.instanceGroupManagers.create` `compute.instanceGroupManagers.createTagBinding` `compute.instanceGroupManagers.delete` `compute.instanceGroupManagers.deleteTagBinding` `compute.instanceGroupManagers.get` `compute.instanceGroupManagers.list` `compute.instanceGroupManagers.listEffectiveTags` `compute.instanceGroupManagers.listTagBindings` `compute.instanceGroupManagers.update` `compute.instanceGroupManagers.use` `compute.instanceGroups.` `compute.instanceGroups.create` `compute.instanceGroups.createTagBinding` `compute.instanceGroups.delete` `compute.instanceGroups.deleteTagBinding` `compute.instanceGroups.get` `compute.instanceGroups.list` `compute.instanceGroups.listEffectiveTags` `compute.instanceGroups.listTagBindings` `compute.instanceGroups.update` `compute.instanceGroups.use` `compute.instanceSettings.` `compute.instanceSettings.get` `compute.instanceSettings.update` `compute.instanceTemplates.` `compute.instanceTemplates.create` `compute.instanceTemplates.delete` `compute.instanceTemplates.get` `compute.instanceTemplates.getIamPolicy` `compute.instanceTemplates.list` `compute.instanceTemplates.setIamPolicy` `compute.instanceTemplates.useReadOnly` `compute.instances.` `compute.instances.addAccessConfig` `compute.instances.addNetworkInterface` `compute.instances.addResourcePolicies` `compute.instances.attachDisk` `compute.instances.create` `compute.instances.createTagBinding` `compute.instances.delete` `compute.instances.deleteAccessConfig` `compute.instances.deleteNetworkInterface` `compute.instances.deleteTagBinding` `compute.instances.detachDisk` `compute.instances.get` `compute.instances.getEffectiveFirewalls` `compute.instances.getGuestAttributes` `compute.instances.getIamPolicy` `compute.instances.getScreenshot` `compute.instances.getSerialPortOutput` `compute.instances.getShieldedInstanceIdentity` `compute.instances.getShieldedVmIdentity` `compute.instances.list` `compute.instances.listEffectiveTags` `compute.instances.listReferrers` `compute.instances.listTagBindings` `compute.instances.osAdminLogin` `compute.instances.osLogin` `compute.instances.pscInterfaceCreate` `compute.instances.removeResourcePolicies` `compute.instances.reset` `compute.instances.resume` `compute.instances.sendDiagnosticInterrupt` `compute.instances.setDeletionProtection` `compute.instances.setDiskAutoDelete` `compute.instances.setIamPolicy` `compute.instances.setLabels` `compute.instances.setMachineResources` `compute.instances.setMachineType` `compute.instances.setMetadata` `compute.instances.setMinCpuPlatform` `compute.instances.setName` `compute.instances.setScheduling` `compute.instances.setSecurityPolicy` `compute.instances.setServiceAccount` `compute.instances.setShieldedInstanceIntegrityPolicy` `compute.instances.setShieldedVmIntegrityPolicy` `compute.instances.setTags` `compute.instances.simulateMaintenanceEvent` `compute.instances.start` `compute.instances.startWithEncryptionKey` `compute.instances.stop` `compute.instances.suspend` `compute.instances.update` `compute.instances.updateAccessConfig` `compute.instances.updateDisplayDevice` `compute.instances.updateNetworkInterface` `compute.instances.updateSecurity` `compute.instances.updateShieldedInstanceConfig` `compute.instances.updateShieldedVmConfig` `compute.instances.use` `compute.instances.useReadOnly` `compute.instantSnapshots.` `compute.instantSnapshots.create` `compute.instantSnapshots.createTagBinding` `compute.instantSnapshots.delete` `compute.instantSnapshots.deleteTagBinding` `compute.instantSnapshots.export` `compute.instantSnapshots.get` `compute.instantSnapshots.getIamPolicy` `compute.instantSnapshots.list` `compute.instantSnapshots.listEffectiveTags` `compute.instantSnapshots.listTagBindings` `compute.instantSnapshots.setIamPolicy` `compute.instantSnapshots.setLabels` `compute.instantSnapshots.useReadOnly` `compute.interconnectAttachmentGroups.get` `compute.interconnectAttachmentGroups.list` `compute.interconnectAttachments.get` `compute.interconnectAttachments.list` `compute.interconnectAttachments.listEffectiveTags` `compute.interconnectAttachments.listTagBindings` `compute.interconnectGroups.get` `compute.interconnectGroups.list` `compute.interconnectLocations.` `compute.interconnectLocations.get` `compute.interconnectLocations.list` `compute.interconnectRemoteLocations.` `compute.interconnectRemoteLocations.get` `compute.interconnectRemoteLocations.list` `compute.interconnects.get` `compute.interconnects.list` `compute.interconnects.listEffectiveTags` `compute.interconnects.listTagBindings` `compute.licenseCodes.` `compute.licenseCodes.get` `compute.licenseCodes.getIamPolicy` `compute.licenseCodes.list` `compute.licenseCodes.setIamPolicy` `compute.licenses.` `compute.licenses.create` `compute.licenses.createTagBinding` `compute.licenses.delete` `compute.licenses.deleteTagBinding` `compute.licenses.get` `compute.licenses.getIamPolicy` `compute.licenses.list` `compute.licenses.listEffectiveTags` `compute.licenses.listTagBindings` `compute.licenses.setIamPolicy` `compute.licenses.update` `compute.machineImages.` `compute.machineImages.create` `compute.machineImages.createTagBinding` `compute.machineImages.delete` `compute.machineImages.deleteTagBinding` `compute.machineImages.get` `compute.machineImages.getIamPolicy` `compute.machineImages.list` `compute.machineImages.listEffectiveTags` `compute.machineImages.listTagBindings` `compute.machineImages.setIamPolicy` `compute.machineImages.setLabels` `compute.machineImages.useReadOnly` `compute.machineTypes.` `compute.machineTypes.get` `compute.machineTypes.list` `compute.multiMig.` `compute.multiMig.create` `compute.multiMig.delete` `compute.multiMig.get` `compute.multiMig.list` `compute.networkAttachments.get` `compute.networkAttachments.list` `compute.networkAttachments.listEffectiveTags` `compute.networkAttachments.listTagBindings` `compute.networkEndpointGroups.` `compute.networkEndpointGroups.attachNetworkEndpoints` `compute.networkEndpointGroups.create` `compute.networkEndpointGroups.createTagBinding` `compute.networkEndpointGroups.delete` `compute.networkEndpointGroups.deleteTagBinding` `compute.networkEndpointGroups.detachNetworkEndpoints` `compute.networkEndpointGroups.get` `compute.networkEndpointGroups.list` `compute.networkEndpointGroups.listEffectiveTags` `compute.networkEndpointGroups.listTagBindings` `compute.networkEndpointGroups.use` `compute.networkProfiles.` `compute.networkProfiles.get` `compute.networkProfiles.list` `compute.networks.get` `compute.networks.list` `compute.networks.listEffectiveTags` `compute.networks.listTagBindings` `compute.networks.use` `compute.networks.useExternalIp` `compute.projects.get` `compute.projects.setCommonInstanceMetadata` `compute.regionBackendBuckets.get` `compute.regionBackendBuckets.list` `compute.regionBackendBuckets.listEffectiveTags` `compute.regionBackendBuckets.listTagBindings` `compute.regionBackendServices.get` `compute.regionBackendServices.list` `compute.regionBackendServices.listEffectiveTags` `compute.regionBackendServices.listTagBindings` `compute.regionCompositeHealthChecks.get` `compute.regionCompositeHealthChecks.list` `compute.regionHealthAggregationPolicies.get` `compute.regionHealthAggregationPolicies.list` `compute.regionHealthCheckServices.get` `compute.regionHealthCheckServices.list` `compute.regionHealthChecks.get` `compute.regionHealthChecks.list` `compute.regionHealthChecks.listEffectiveTags` `compute.regionHealthChecks.listTagBindings` `compute.regionHealthSources.get` `compute.regionHealthSources.list` `compute.regionNetworkEndpointGroups.` `compute.regionNetworkEndpointGroups.attachNetworkEndpoints` `compute.regionNetworkEndpointGroups.create` `compute.regionNetworkEndpointGroups.createTagBinding` `compute.regionNetworkEndpointGroups.delete` `compute.regionNetworkEndpointGroups.deleteTagBinding` `compute.regionNetworkEndpointGroups.detachNetworkEndpoints` `compute.regionNetworkEndpointGroups.get` `compute.regionNetworkEndpointGroups.list` `compute.regionNetworkEndpointGroups.listEffectiveTags` `compute.regionNetworkEndpointGroups.listTagBindings` `compute.regionNetworkEndpointGroups.use` `compute.regionNotificationEndpoints.get` `compute.regionNotificationEndpoints.list` `compute.regionOperations.get` `compute.regionOperations.list` `compute.regionSslCertificates.get` `compute.regionSslCertificates.list` `compute.regionSslCertificates.listEffectiveTags` `compute.regionSslCertificates.listTagBindings` `compute.regionSslPolicies.get` `compute.regionSslPolicies.list` `compute.regionSslPolicies.listAvailableFeatures` `compute.regionSslPolicies.listEffectiveTags` `compute.regionSslPolicies.listTagBindings` `compute.regionTargetHttpProxies.get` `compute.regionTargetHttpProxies.list` `compute.regionTargetHttpProxies.listEffectiveTags` `compute.regionTargetHttpProxies.listTagBindings` `compute.regionTargetHttpsProxies.get` `compute.regionTargetHttpsProxies.list` `compute.regionTargetHttpsProxies.listEffectiveTags` `compute.regionTargetHttpsProxies.listTagBindings` `compute.regionTargetTcpProxies.get` `compute.regionTargetTcpProxies.list` `compute.regionTargetTcpProxies.listEffectiveTags` `compute.regionTargetTcpProxies.listTagBindings` `compute.regionUrlMaps.get` `compute.regionUrlMaps.list` `compute.regionUrlMaps.listEffectiveTags` `compute.regionUrlMaps.listTagBindings` `compute.regions.` `compute.regions.get` `compute.regions.list` `compute.reservationBlocks.get` `compute.reservationBlocks.list` `compute.reservationSubBlocks.get` `compute.reservationSubBlocks.list` `compute.reservations.get` `compute.reservations.list` `compute.resourcePolicies.` `compute.resourcePolicies.create` `compute.resourcePolicies.delete` `compute.resourcePolicies.get` `compute.resourcePolicies.getIamPolicy` `compute.resourcePolicies.list` `compute.resourcePolicies.setIamPolicy` `compute.resourcePolicies.update` `compute.resourcePolicies.use` `compute.resourcePolicies.useReadOnly` `compute.routers.get` `compute.routers.getRoutePolicy` `compute.routers.list` `compute.routers.listBgpRoutes` `compute.routers.listEffectiveTags` `compute.routers.listRoutePolicies` `compute.routers.listTagBindings` `compute.routes.get` `compute.routes.list` `compute.routes.listEffectiveTags` `compute.routes.listTagBindings` `compute.serviceAttachments.get` `compute.serviceAttachments.list` `compute.serviceAttachments.listEffectiveTags` `compute.serviceAttachments.listTagBindings` `compute.snapshots.` `compute.snapshots.create` `compute.snapshots.createTagBinding` `compute.snapshots.delete` `compute.snapshots.deleteTagBinding` `compute.snapshots.get` `compute.snapshots.getIamPolicy` `compute.snapshots.list` `compute.snapshots.listEffectiveTags` `compute.snapshots.listTagBindings` `compute.snapshots.setIamPolicy` `compute.snapshots.setLabels` `compute.snapshots.updateKmsKey` `compute.snapshots.useReadOnly` `compute.spotAssistants.get` `compute.sslCertificates.get` `compute.sslCertificates.list` `compute.sslCertificates.listEffectiveTags` `compute.sslCertificates.listTagBindings` `compute.sslPolicies.get` `compute.sslPolicies.list` `compute.sslPolicies.listAvailableFeatures` `compute.sslPolicies.listEffectiveTags` `compute.sslPolicies.listTagBindings` `compute.storagePools.get` `compute.storagePools.list` `compute.storagePools.listEffectiveTags` `compute.storagePools.listTagBindings` `compute.storagePools.use` `compute.subnetworks.get` `compute.subnetworks.list` `compute.subnetworks.listEffectiveTags` `compute.subnetworks.listTagBindings` `compute.subnetworks.use` `compute.subnetworks.useExternalIp` `compute.targetGrpcProxies.get` `compute.targetGrpcProxies.list` `compute.targetGrpcProxies.listEffectiveTags` `compute.targetGrpcProxies.listTagBindings` `compute.targetHttpProxies.get` `compute.targetHttpProxies.list` `compute.targetHttpProxies.listEffectiveTags` `compute.targetHttpProxies.listTagBindings` `compute.targetHttpsProxies.get` `compute.targetHttpsProxies.list` `compute.targetHttpsProxies.listEffectiveTags` `compute.targetHttpsProxies.listTagBindings` `compute.targetInstances.get` `compute.targetInstances.list` `compute.targetInstances.listEffectiveTags` `compute.targetInstances.listTagBindings` `compute.targetPools.get` `compute.targetPools.list` `compute.targetPools.listEffectiveTags` `compute.targetPools.listTagBindings` `compute.targetSslProxies.get` `compute.targetSslProxies.list` `compute.targetSslProxies.listEffectiveTags` `compute.targetSslProxies.listTagBindings` `compute.targetTcpProxies.get` `compute.targetTcpProxies.list` `compute.targetTcpProxies.listEffectiveTags` `compute.targetTcpProxies.listTagBindings` `compute.targetVpnGateways.get` `compute.targetVpnGateways.list` `compute.targetVpnGateways.listEffectiveTags` `compute.targetVpnGateways.listTagBindings` `compute.urlMaps.get` `compute.urlMaps.list` `compute.urlMaps.listEffectiveTags` `compute.urlMaps.listTagBindings` `compute.vpnGateways.get` `compute.vpnGateways.list` `compute.vpnGateways.listEffectiveTags` `compute.vpnGateways.listTagBindings` `compute.vpnTunnels.get` `compute.vpnTunnels.list` `compute.vpnTunnels.listEffectiveTags` `compute.vpnTunnels.listTagBindings` `compute.wireGroups.get` `compute.wireGroups.list` `compute.zoneOperations.get` `compute.zoneOperations.list` `compute.zones.` `compute.zones.get` `compute.zones.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`
Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Role containing all permissions required by Managed Instance Groups to create and manage instances. Warning: Do not grant service agent roles to any principals except service agents.	`compute.addresses.*` `compute.addresses.create` `compute.addresses.createInternal` `compute.addresses.createTagBinding` `compute.addresses.delete` `compute.addresses.deleteInternal` `compute.addresses.deleteTagBinding` `compute.addresses.get` `compute.addresses.list` `compute.addresses.listEffectiveTags` `compute.addresses.listTagBindings` `compute.addresses.setLabels` `compute.addresses.use` `compute.addresses.useInternal` `compute.disks.addResourcePolicies` `compute.disks.create` `compute.disks.createSnapshot` `compute.disks.createTagBinding` `compute.disks.delete` `compute.disks.deleteTagBinding` `compute.disks.get` `compute.disks.getIamPolicy` `compute.disks.list` `compute.disks.listEffectiveTags` `compute.disks.listTagBindings` `compute.disks.removeResourcePolicies` `compute.disks.resize` `compute.disks.setLabels` `compute.disks.startAsyncReplication` `compute.disks.stopAsyncReplication` `compute.disks.stopGroupAsyncReplication` `compute.disks.update` `compute.disks.updateKmsKey` `compute.disks.use` `compute.disks.useReadOnly` `compute.globalAddresses.get` `compute.globalOperations.get` `compute.healthChecks.get` `compute.httpHealthChecks.get` `compute.httpsHealthChecks.get` `compute.images.useReadOnly` `compute.instanceGroups.update` `compute.instanceTemplates.useReadOnly` `compute.instances.addAccessConfig` `compute.instances.addNetworkInterface` `compute.instances.addResourcePolicies` `compute.instances.attachDisk` `compute.instances.create` `compute.instances.createTagBinding` `compute.instances.delete` `compute.instances.deleteAccessConfig` `compute.instances.deleteNetworkInterface` `compute.instances.deleteTagBinding` `compute.instances.detachDisk` `compute.instances.get` `compute.instances.getEffectiveFirewalls` `compute.instances.getGuestAttributes` `compute.instances.getIamPolicy` `compute.instances.getScreenshot` `compute.instances.getSerialPortOutput` `compute.instances.getShieldedInstanceIdentity` `compute.instances.getShieldedVmIdentity` `compute.instances.list` `compute.instances.listEffectiveTags` `compute.instances.listReferrers` `compute.instances.listTagBindings` `compute.instances.osAdminLogin` `compute.instances.osLogin` `compute.instances.pscInterfaceCreate` `compute.instances.removeResourcePolicies` `compute.instances.reset` `compute.instances.resume` `compute.instances.sendDiagnosticInterrupt` `compute.instances.setDeletionProtection` `compute.instances.setDiskAutoDelete` `compute.instances.setLabels` `compute.instances.setMachineResources` `compute.instances.setMachineType` `compute.instances.setMetadata` `compute.instances.setMinCpuPlatform` `compute.instances.setName` `compute.instances.setScheduling` `compute.instances.setSecurityPolicy` `compute.instances.setServiceAccount` `compute.instances.setShieldedInstanceIntegrityPolicy` `compute.instances.setShieldedVmIntegrityPolicy` `compute.instances.setTags` `compute.instances.simulateMaintenanceEvent` `compute.instances.start` `compute.instances.startWithEncryptionKey` `compute.instances.stop` `compute.instances.suspend` `compute.instances.update` `compute.instances.updateAccessConfig` `compute.instances.updateDisplayDevice` `compute.instances.updateNetworkInterface` `compute.instances.updateSecurity` `compute.instances.updateShieldedInstanceConfig` `compute.instances.updateShieldedVmConfig` `compute.instances.use` `compute.instances.useReadOnly` `compute.networks.use` `compute.networks.useExternalIp` `compute.regionOperations.get` `compute.resourcePolicies.use` `compute.snapshots.useReadOnly` `compute.subnetworks.use` `compute.subnetworks.useExternalIp` `compute.targetPools.addInstance` `compute.targetPools.removeInstance` `compute.zoneOperations.get` `iam.serviceAccounts.actAs`
Interconnect Attachment Group Analyzer (`roles/compute.interconnectAttachmentGroupAnalyzer`) Analyze Interconnect Attachment Groups via their GetOperationalStatus method.	`cloudasset.assets.listComputeInterconnect` `cloudasset.assets.listComputeInterconnectAttachment` `cloudasset.assets.listComputeNetworks` `cloudasset.assets.listComputeRouters` `cloudasset.assets.listComputeVpnGateways` `compute.interconnectAttachmentGroups.get` `compute.interconnectAttachmentGroups.list` `compute.interconnectAttachments.get` `compute.interconnectAttachments.list` `compute.routers.get`
Interconnect Group Analyzer (`roles/compute.interconnectGroupAnalyzer`) Analyze Interconnect Groups via their GetOperationalStatus method.	`cloudasset.assets.listComputeInterconnect` `cloudasset.assets.listComputeInterconnectAttachment` `cloudasset.assets.listComputeNetworks` `cloudasset.assets.listComputeRouters` `cloudasset.assets.listComputeVpnGateways` `compute.interconnectGroups.get` `compute.interconnectGroups.list` `compute.interconnects.get` `compute.interconnects.list`
Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Permissions to create, modify, and delete load balancers and associateresources. For example, if your company has a load balancing team that manages loadbalancers, SSL certificates for load balancers, SSL policies, and otherload balancing resources, and a separate networking team that managesthe rest of the networking resources, then grant this role to the loadbalancing team's group. Lowest-level resources where you can grant this role: Instance	`certificatemanager.certmaps.get` `certificatemanager.certmaps.list` `certificatemanager.certmaps.use` `compute.addresses.` `compute.addresses.create` `compute.addresses.createInternal` `compute.addresses.createTagBinding` `compute.addresses.delete` `compute.addresses.deleteInternal` `compute.addresses.deleteTagBinding` `compute.addresses.get` `compute.addresses.list` `compute.addresses.listEffectiveTags` `compute.addresses.listTagBindings` `compute.addresses.setLabels` `compute.addresses.use` `compute.addresses.useInternal` `compute.backendBuckets.` `compute.backendBuckets.addSignedUrlKey` `compute.backendBuckets.create` `compute.backendBuckets.createTagBinding` `compute.backendBuckets.delete` `compute.backendBuckets.deleteSignedUrlKey` `compute.backendBuckets.deleteTagBinding` `compute.backendBuckets.get` `compute.backendBuckets.getIamPolicy` `compute.backendBuckets.list` `compute.backendBuckets.listEffectiveTags` `compute.backendBuckets.listTagBindings` `compute.backendBuckets.setIamPolicy` `compute.backendBuckets.setSecurityPolicy` `compute.backendBuckets.update` `compute.backendBuckets.use` `compute.backendServices.` `compute.backendServices.addSignedUrlKey` `compute.backendServices.create` `compute.backendServices.createTagBinding` `compute.backendServices.delete` `compute.backendServices.deleteSignedUrlKey` `compute.backendServices.deleteTagBinding` `compute.backendServices.get` `compute.backendServices.getIamPolicy` `compute.backendServices.list` `compute.backendServices.listEffectiveTags` `compute.backendServices.listTagBindings` `compute.backendServices.setIamPolicy` `compute.backendServices.setSecurityPolicy` `compute.backendServices.update` `compute.backendServices.use` `compute.disks.listEffectiveTags` `compute.disks.listTagBindings` `compute.forwardingRules.` `compute.forwardingRules.create` `compute.forwardingRules.createTagBinding` `compute.forwardingRules.delete` `compute.forwardingRules.deleteTagBinding` `compute.forwardingRules.get` `compute.forwardingRules.list` `compute.forwardingRules.listEffectiveTags` `compute.forwardingRules.listTagBindings` `compute.forwardingRules.pscCreate` `compute.forwardingRules.pscDelete` `compute.forwardingRules.pscSetLabels` `compute.forwardingRules.pscUpdate` `compute.forwardingRules.setLabels` `compute.forwardingRules.setTarget` `compute.forwardingRules.update` `compute.forwardingRules.use` `compute.globalAddresses.` `compute.globalAddresses.create` `compute.globalAddresses.createInternal` `compute.globalAddresses.createTagBinding` `compute.globalAddresses.delete` `compute.globalAddresses.deleteInternal` `compute.globalAddresses.deleteTagBinding` `compute.globalAddresses.get` `compute.globalAddresses.list` `compute.globalAddresses.listEffectiveTags` `compute.globalAddresses.listTagBindings` `compute.globalAddresses.setLabels` `compute.globalAddresses.use` `compute.globalForwardingRules.` `compute.globalForwardingRules.create` `compute.globalForwardingRules.createTagBinding` `compute.globalForwardingRules.delete` `compute.globalForwardingRules.deleteTagBinding` `compute.globalForwardingRules.get` `compute.globalForwardingRules.list` `compute.globalForwardingRules.listEffectiveTags` `compute.globalForwardingRules.listTagBindings` `compute.globalForwardingRules.pscCreate` `compute.globalForwardingRules.pscDelete` `compute.globalForwardingRules.pscSetLabels` `compute.globalForwardingRules.pscUpdate` `compute.globalForwardingRules.setLabels` `compute.globalForwardingRules.setTarget` `compute.globalForwardingRules.update` `compute.globalNetworkEndpointGroups.` `compute.globalNetworkEndpointGroups.attachNetworkEndpoints` `compute.globalNetworkEndpointGroups.create` `compute.globalNetworkEndpointGroups.createTagBinding` `compute.globalNetworkEndpointGroups.delete` `compute.globalNetworkEndpointGroups.deleteTagBinding` `compute.globalNetworkEndpointGroups.detachNetworkEndpoints` `compute.globalNetworkEndpointGroups.get` `compute.globalNetworkEndpointGroups.list` `compute.globalNetworkEndpointGroups.listEffectiveTags` `compute.globalNetworkEndpointGroups.listTagBindings` `compute.globalNetworkEndpointGroups.use` `compute.globalOperations.get` `compute.globalOperations.list` `compute.healthChecks.` `compute.healthChecks.create` `compute.healthChecks.createTagBinding` `compute.healthChecks.delete` `compute.healthChecks.deleteTagBinding` `compute.healthChecks.get` `compute.healthChecks.list` `compute.healthChecks.listEffectiveTags` `compute.healthChecks.listTagBindings` `compute.healthChecks.update` `compute.healthChecks.use` `compute.healthChecks.useReadOnly` `compute.httpHealthChecks.` `compute.httpHealthChecks.create` `compute.httpHealthChecks.createTagBinding` `compute.httpHealthChecks.delete` `compute.httpHealthChecks.deleteTagBinding` `compute.httpHealthChecks.get` `compute.httpHealthChecks.list` `compute.httpHealthChecks.listEffectiveTags` `compute.httpHealthChecks.listTagBindings` `compute.httpHealthChecks.update` `compute.httpHealthChecks.use` `compute.httpHealthChecks.useReadOnly` `compute.httpsHealthChecks.` `compute.httpsHealthChecks.create` `compute.httpsHealthChecks.createTagBinding` `compute.httpsHealthChecks.delete` `compute.httpsHealthChecks.deleteTagBinding` `compute.httpsHealthChecks.get` `compute.httpsHealthChecks.list` `compute.httpsHealthChecks.listEffectiveTags` `compute.httpsHealthChecks.listTagBindings` `compute.httpsHealthChecks.update` `compute.httpsHealthChecks.use` `compute.httpsHealthChecks.useReadOnly` `compute.images.listEffectiveTags` `compute.images.listTagBindings` `compute.instanceGroups.` `compute.instanceGroups.create` `compute.instanceGroups.createTagBinding` `compute.instanceGroups.delete` `compute.instanceGroups.deleteTagBinding` `compute.instanceGroups.get` `compute.instanceGroups.list` `compute.instanceGroups.listEffectiveTags` `compute.instanceGroups.listTagBindings` `compute.instanceGroups.update` `compute.instanceGroups.use` `compute.instances.get` `compute.instances.list` `compute.instances.listEffectiveTags` `compute.instances.listTagBindings` `compute.instances.use` `compute.instances.useReadOnly` `compute.networkEndpointGroups.` `compute.networkEndpointGroups.attachNetworkEndpoints` `compute.networkEndpointGroups.create` `compute.networkEndpointGroups.createTagBinding` `compute.networkEndpointGroups.delete` `compute.networkEndpointGroups.deleteTagBinding` `compute.networkEndpointGroups.detachNetworkEndpoints` `compute.networkEndpointGroups.get` `compute.networkEndpointGroups.list` `compute.networkEndpointGroups.listEffectiveTags` `compute.networkEndpointGroups.listTagBindings` `compute.networkEndpointGroups.use` `compute.networks.get` `compute.networks.list` `compute.networks.listEffectiveTags` `compute.networks.listTagBindings` `compute.networks.use` `compute.projects.get` `compute.regionBackendBuckets.` `compute.regionBackendBuckets.create` `compute.regionBackendBuckets.createTagBinding` `compute.regionBackendBuckets.delete` `compute.regionBackendBuckets.deleteTagBinding` `compute.regionBackendBuckets.get` `compute.regionBackendBuckets.getIamPolicy` `compute.regionBackendBuckets.list` `compute.regionBackendBuckets.listEffectiveTags` `compute.regionBackendBuckets.listTagBindings` `compute.regionBackendBuckets.setIamPolicy` `compute.regionBackendBuckets.update` `compute.regionBackendBuckets.use` `compute.regionBackendServices.` `compute.regionBackendServices.create` `compute.regionBackendServices.createTagBinding` `compute.regionBackendServices.delete` `compute.regionBackendServices.deleteTagBinding` `compute.regionBackendServices.get` `compute.regionBackendServices.getIamPolicy` `compute.regionBackendServices.list` `compute.regionBackendServices.listEffectiveTags` `compute.regionBackendServices.listTagBindings` `compute.regionBackendServices.setIamPolicy` `compute.regionBackendServices.setSecurityPolicy` `compute.regionBackendServices.update` `compute.regionBackendServices.use` `compute.regionHealthCheckServices.` `compute.regionHealthCheckServices.create` `compute.regionHealthCheckServices.delete` `compute.regionHealthCheckServices.get` `compute.regionHealthCheckServices.list` `compute.regionHealthCheckServices.update` `compute.regionHealthCheckServices.use` `compute.regionHealthChecks.` `compute.regionHealthChecks.create` `compute.regionHealthChecks.createTagBinding` `compute.regionHealthChecks.delete` `compute.regionHealthChecks.deleteTagBinding` `compute.regionHealthChecks.get` `compute.regionHealthChecks.list` `compute.regionHealthChecks.listEffectiveTags` `compute.regionHealthChecks.listTagBindings` `compute.regionHealthChecks.update` `compute.regionHealthChecks.use` `compute.regionHealthChecks.useReadOnly` `compute.regionNetworkEndpointGroups.` `compute.regionNetworkEndpointGroups.attachNetworkEndpoints` `compute.regionNetworkEndpointGroups.create` `compute.regionNetworkEndpointGroups.createTagBinding` `compute.regionNetworkEndpointGroups.delete` `compute.regionNetworkEndpointGroups.deleteTagBinding` `compute.regionNetworkEndpointGroups.detachNetworkEndpoints` `compute.regionNetworkEndpointGroups.get` `compute.regionNetworkEndpointGroups.list` `compute.regionNetworkEndpointGroups.listEffectiveTags` `compute.regionNetworkEndpointGroups.listTagBindings` `compute.regionNetworkEndpointGroups.use` `compute.regionNotificationEndpoints.` `compute.regionNotificationEndpoints.create` `compute.regionNotificationEndpoints.delete` `compute.regionNotificationEndpoints.get` `compute.regionNotificationEndpoints.list` `compute.regionNotificationEndpoints.update` `compute.regionNotificationEndpoints.use` `compute.regionOperations.get` `compute.regionOperations.list` `compute.regionSecurityPolicies.get` `compute.regionSecurityPolicies.list` `compute.regionSecurityPolicies.listEffectiveTags` `compute.regionSecurityPolicies.listTagBindings` `compute.regionSecurityPolicies.use` `compute.regionSslCertificates.` `compute.regionSslCertificates.create` `compute.regionSslCertificates.createTagBinding` `compute.regionSslCertificates.delete` `compute.regionSslCertificates.deleteTagBinding` `compute.regionSslCertificates.get` `compute.regionSslCertificates.list` `compute.regionSslCertificates.listEffectiveTags` `compute.regionSslCertificates.listTagBindings` `compute.regionSslPolicies.` `compute.regionSslPolicies.create` `compute.regionSslPolicies.createTagBinding` `compute.regionSslPolicies.delete` `compute.regionSslPolicies.deleteTagBinding` `compute.regionSslPolicies.get` `compute.regionSslPolicies.list` `compute.regionSslPolicies.listAvailableFeatures` `compute.regionSslPolicies.listEffectiveTags` `compute.regionSslPolicies.listTagBindings` `compute.regionSslPolicies.update` `compute.regionSslPolicies.use` `compute.regionTargetHttpProxies.` `compute.regionTargetHttpProxies.create` `compute.regionTargetHttpProxies.createTagBinding` `compute.regionTargetHttpProxies.delete` `compute.regionTargetHttpProxies.deleteTagBinding` `compute.regionTargetHttpProxies.get` `compute.regionTargetHttpProxies.list` `compute.regionTargetHttpProxies.listEffectiveTags` `compute.regionTargetHttpProxies.listTagBindings` `compute.regionTargetHttpProxies.setUrlMap` `compute.regionTargetHttpProxies.use` `compute.regionTargetHttpsProxies.` `compute.regionTargetHttpsProxies.create` `compute.regionTargetHttpsProxies.createTagBinding` `compute.regionTargetHttpsProxies.delete` `compute.regionTargetHttpsProxies.deleteTagBinding` `compute.regionTargetHttpsProxies.get` `compute.regionTargetHttpsProxies.list` `compute.regionTargetHttpsProxies.listEffectiveTags` `compute.regionTargetHttpsProxies.listTagBindings` `compute.regionTargetHttpsProxies.setSslCertificates` `compute.regionTargetHttpsProxies.setUrlMap` `compute.regionTargetHttpsProxies.update` `compute.regionTargetHttpsProxies.use` `compute.regionTargetTcpProxies.` `compute.regionTargetTcpProxies.create` `compute.regionTargetTcpProxies.createTagBinding` `compute.regionTargetTcpProxies.delete` `compute.regionTargetTcpProxies.deleteTagBinding` `compute.regionTargetTcpProxies.get` `compute.regionTargetTcpProxies.list` `compute.regionTargetTcpProxies.listEffectiveTags` `compute.regionTargetTcpProxies.listTagBindings` `compute.regionTargetTcpProxies.use` `compute.regionUrlMaps.` `compute.regionUrlMaps.create` `compute.regionUrlMaps.createTagBinding` `compute.regionUrlMaps.delete` `compute.regionUrlMaps.deleteTagBinding` `compute.regionUrlMaps.get` `compute.regionUrlMaps.invalidateCache` `compute.regionUrlMaps.list` `compute.regionUrlMaps.listEffectiveTags` `compute.regionUrlMaps.listTagBindings` `compute.regionUrlMaps.update` `compute.regionUrlMaps.use` `compute.regionUrlMaps.validate` `compute.securityPolicies.get` `compute.securityPolicies.list` `compute.securityPolicies.listEffectiveTags` `compute.securityPolicies.listTagBindings` `compute.securityPolicies.use` `compute.snapshots.listEffectiveTags` `compute.snapshots.listTagBindings` `compute.sslCertificates.` `compute.sslCertificates.create` `compute.sslCertificates.createTagBinding` `compute.sslCertificates.delete` `compute.sslCertificates.deleteTagBinding` `compute.sslCertificates.get` `compute.sslCertificates.list` `compute.sslCertificates.listEffectiveTags` `compute.sslCertificates.listTagBindings` `compute.sslPolicies.` `compute.sslPolicies.create` `compute.sslPolicies.createTagBinding` `compute.sslPolicies.delete` `compute.sslPolicies.deleteTagBinding` `compute.sslPolicies.get` `compute.sslPolicies.list` `compute.sslPolicies.listAvailableFeatures` `compute.sslPolicies.listEffectiveTags` `compute.sslPolicies.listTagBindings` `compute.sslPolicies.update` `compute.sslPolicies.use` `compute.subnetworks.get` `compute.subnetworks.list` `compute.subnetworks.listEffectiveTags` `compute.subnetworks.listTagBindings` `compute.subnetworks.use` `compute.targetGrpcProxies.` `compute.targetGrpcProxies.create` `compute.targetGrpcProxies.createTagBinding` `compute.targetGrpcProxies.delete` `compute.targetGrpcProxies.deleteTagBinding` `compute.targetGrpcProxies.get` `compute.targetGrpcProxies.list` `compute.targetGrpcProxies.listEffectiveTags` `compute.targetGrpcProxies.listTagBindings` `compute.targetGrpcProxies.update` `compute.targetGrpcProxies.use` `compute.targetHttpProxies.` `compute.targetHttpProxies.create` `compute.targetHttpProxies.createTagBinding` `compute.targetHttpProxies.delete` `compute.targetHttpProxies.deleteTagBinding` `compute.targetHttpProxies.get` `compute.targetHttpProxies.list` `compute.targetHttpProxies.listEffectiveTags` `compute.targetHttpProxies.listTagBindings` `compute.targetHttpProxies.setUrlMap` `compute.targetHttpProxies.update` `compute.targetHttpProxies.use` `compute.targetHttpsProxies.` `compute.targetHttpsProxies.create` `compute.targetHttpsProxies.createTagBinding` `compute.targetHttpsProxies.delete` `compute.targetHttpsProxies.deleteTagBinding` `compute.targetHttpsProxies.get` `compute.targetHttpsProxies.list` `compute.targetHttpsProxies.listEffectiveTags` `compute.targetHttpsProxies.listTagBindings` `compute.targetHttpsProxies.setCertificateMap` `compute.targetHttpsProxies.setQuicOverride` `compute.targetHttpsProxies.setSslCertificates` `compute.targetHttpsProxies.setSslPolicy` `compute.targetHttpsProxies.setUrlMap` `compute.targetHttpsProxies.update` `compute.targetHttpsProxies.use` `compute.targetInstances.` `compute.targetInstances.create` `compute.targetInstances.createTagBinding` `compute.targetInstances.delete` `compute.targetInstances.deleteTagBinding` `compute.targetInstances.get` `compute.targetInstances.list` `compute.targetInstances.listEffectiveTags` `compute.targetInstances.listTagBindings` `compute.targetInstances.setSecurityPolicy` `compute.targetInstances.use` `compute.targetPools.` `compute.targetPools.addHealthCheck` `compute.targetPools.addInstance` `compute.targetPools.create` `compute.targetPools.createTagBinding` `compute.targetPools.delete` `compute.targetPools.deleteTagBinding` `compute.targetPools.get` `compute.targetPools.list` `compute.targetPools.listEffectiveTags` `compute.targetPools.listTagBindings` `compute.targetPools.removeHealthCheck` `compute.targetPools.removeInstance` `compute.targetPools.setSecurityPolicy` `compute.targetPools.update` `compute.targetPools.use` `compute.targetSslProxies.` `compute.targetSslProxies.create` `compute.targetSslProxies.createTagBinding` `compute.targetSslProxies.delete` `compute.targetSslProxies.deleteTagBinding` `compute.targetSslProxies.get` `compute.targetSslProxies.list` `compute.targetSslProxies.listEffectiveTags` `compute.targetSslProxies.listTagBindings` `compute.targetSslProxies.setBackendService` `compute.targetSslProxies.setCertificateMap` `compute.targetSslProxies.setProxyHeader` `compute.targetSslProxies.setSslCertificates` `compute.targetSslProxies.setSslPolicy` `compute.targetSslProxies.update` `compute.targetSslProxies.use` `compute.targetTcpProxies.` `compute.targetTcpProxies.create` `compute.targetTcpProxies.createTagBinding` `compute.targetTcpProxies.delete` `compute.targetTcpProxies.deleteTagBinding` `compute.targetTcpProxies.get` `compute.targetTcpProxies.list` `compute.targetTcpProxies.listEffectiveTags` `compute.targetTcpProxies.listTagBindings` `compute.targetTcpProxies.update` `compute.targetTcpProxies.use` `compute.urlMaps.` `compute.urlMaps.create` `compute.urlMaps.createTagBinding` `compute.urlMaps.delete` `compute.urlMaps.deleteTagBinding` `compute.urlMaps.get` `compute.urlMaps.invalidateCache` `compute.urlMaps.list` `compute.urlMaps.listEffectiveTags` `compute.urlMaps.listTagBindings` `compute.urlMaps.update` `compute.urlMaps.use` `compute.urlMaps.validate` `compute.zoneOperations.get` `compute.zoneOperations.list` `networksecurity.clientTlsPolicies.get` `networksecurity.clientTlsPolicies.list` `networksecurity.clientTlsPolicies.use` `networksecurity.serverTlsPolicies.get` `networksecurity.serverTlsPolicies.list` `networksecurity.serverTlsPolicies.use` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.*` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`
Compute Load Balancer Services User (`roles/compute.loadBalancerServiceUser`) Permissions to use services from a load balancer in other projects.	`compute.backendBuckets.get` `compute.backendBuckets.list` `compute.backendBuckets.listEffectiveTags` `compute.backendBuckets.listTagBindings` `compute.backendBuckets.use` `compute.backendServices.get` `compute.backendServices.list` `compute.backendServices.listEffectiveTags` `compute.backendServices.listTagBindings` `compute.backendServices.use` `compute.projects.get` `compute.regionBackendBuckets.get` `compute.regionBackendBuckets.list` `compute.regionBackendBuckets.listEffectiveTags` `compute.regionBackendBuckets.listTagBindings` `compute.regionBackendBuckets.use` `compute.regionBackendServices.get` `compute.regionBackendServices.list` `compute.regionBackendServices.listEffectiveTags` `compute.regionBackendServices.listTagBindings` `compute.regionBackendServices.use` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.*` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`
Compute Network Admin (`roles/compute.networkAdmin`) Permissions to create, modify, and delete networking resources,except for firewall rules and SSL certificates. The network admin roleallows read-only access to firewall rules, SSL certificates, and instances(to view their ephemeral IP addresses). The network admin role does notallow a user to create, start, stop, or delete instances. For example, if your company has a security team that manages firewallsand SSL certificates and a networking team that manages the rest of thenetworking resources, then grant this role to the networking team's group.Or, if you have a combined team that manages both security and networking,then grant this role as well as the`roles/compute.securityAdmin` role to the combined team's group. Lowest-level resources where you can grant this role: Instance	`compute.acceleratorTypes.` `compute.acceleratorTypes.get` `compute.acceleratorTypes.list` `compute.addresses.` `compute.addresses.create` `compute.addresses.createInternal` `compute.addresses.createTagBinding` `compute.addresses.delete` `compute.addresses.deleteInternal` `compute.addresses.deleteTagBinding` `compute.addresses.get` `compute.addresses.list` `compute.addresses.listEffectiveTags` `compute.addresses.listTagBindings` `compute.addresses.setLabels` `compute.addresses.use` `compute.addresses.useInternal` `compute.autoscalers.get` `compute.autoscalers.list` `compute.backendBuckets.` `compute.backendBuckets.addSignedUrlKey` `compute.backendBuckets.create` `compute.backendBuckets.createTagBinding` `compute.backendBuckets.delete` `compute.backendBuckets.deleteSignedUrlKey` `compute.backendBuckets.deleteTagBinding` `compute.backendBuckets.get` `compute.backendBuckets.getIamPolicy` `compute.backendBuckets.list` `compute.backendBuckets.listEffectiveTags` `compute.backendBuckets.listTagBindings` `compute.backendBuckets.setIamPolicy` `compute.backendBuckets.setSecurityPolicy` `compute.backendBuckets.update` `compute.backendBuckets.use` `compute.backendServices.` `compute.backendServices.addSignedUrlKey` `compute.backendServices.create` `compute.backendServices.createTagBinding` `compute.backendServices.delete` `compute.backendServices.deleteSignedUrlKey` `compute.backendServices.deleteTagBinding` `compute.backendServices.get` `compute.backendServices.getIamPolicy` `compute.backendServices.list` `compute.backendServices.listEffectiveTags` `compute.backendServices.listTagBindings` `compute.backendServices.setIamPolicy` `compute.backendServices.setSecurityPolicy` `compute.backendServices.update` `compute.backendServices.use` `compute.crossSiteNetworks.` `compute.crossSiteNetworks.create` `compute.crossSiteNetworks.delete` `compute.crossSiteNetworks.get` `compute.crossSiteNetworks.list` `compute.crossSiteNetworks.update` `compute.disks.listEffectiveTags` `compute.disks.listTagBindings` `compute.externalVpnGateways.` `compute.externalVpnGateways.create` `compute.externalVpnGateways.createTagBinding` `compute.externalVpnGateways.delete` `compute.externalVpnGateways.deleteTagBinding` `compute.externalVpnGateways.get` `compute.externalVpnGateways.list` `compute.externalVpnGateways.listEffectiveTags` `compute.externalVpnGateways.listTagBindings` `compute.externalVpnGateways.setLabels` `compute.externalVpnGateways.use` `compute.firewallPolicies.get` `compute.firewallPolicies.list` `compute.firewallPolicies.listEffectiveTags` `compute.firewallPolicies.listTagBindings` `compute.firewallPolicies.use` `compute.firewalls.get` `compute.firewalls.list` `compute.firewalls.listEffectiveTags` `compute.firewalls.listTagBindings` `compute.forwardingRules.` `compute.forwardingRules.create` `compute.forwardingRules.createTagBinding` `compute.forwardingRules.delete` `compute.forwardingRules.deleteTagBinding` `compute.forwardingRules.get` `compute.forwardingRules.list` `compute.forwardingRules.listEffectiveTags` `compute.forwardingRules.listTagBindings` `compute.forwardingRules.pscCreate` `compute.forwardingRules.pscDelete` `compute.forwardingRules.pscSetLabels` `compute.forwardingRules.pscUpdate` `compute.forwardingRules.setLabels` `compute.forwardingRules.setTarget` `compute.forwardingRules.update` `compute.forwardingRules.use` `compute.globalAddresses.` `compute.globalAddresses.create` `compute.globalAddresses.createInternal` `compute.globalAddresses.createTagBinding` `compute.globalAddresses.delete` `compute.globalAddresses.deleteInternal` `compute.globalAddresses.deleteTagBinding` `compute.globalAddresses.get` `compute.globalAddresses.list` `compute.globalAddresses.listEffectiveTags` `compute.globalAddresses.listTagBindings` `compute.globalAddresses.setLabels` `compute.globalAddresses.use` `compute.globalForwardingRules.` `compute.globalForwardingRules.create` `compute.globalForwardingRules.createTagBinding` `compute.globalForwardingRules.delete` `compute.globalForwardingRules.deleteTagBinding` `compute.globalForwardingRules.get` `compute.globalForwardingRules.list` `compute.globalForwardingRules.listEffectiveTags` `compute.globalForwardingRules.listTagBindings` `compute.globalForwardingRules.pscCreate` `compute.globalForwardingRules.pscDelete` `compute.globalForwardingRules.pscSetLabels` `compute.globalForwardingRules.pscUpdate` `compute.globalForwardingRules.setLabels` `compute.globalForwardingRules.setTarget` `compute.globalForwardingRules.update` `compute.globalNetworkEndpointGroups.get` `compute.globalNetworkEndpointGroups.list` `compute.globalNetworkEndpointGroups.listEffectiveTags` `compute.globalNetworkEndpointGroups.listTagBindings` `compute.globalNetworkEndpointGroups.use` `compute.globalOperations.get` `compute.globalOperations.list` `compute.globalPublicDelegatedPrefixes.delete` `compute.globalPublicDelegatedPrefixes.get` `compute.globalPublicDelegatedPrefixes.list` `compute.globalPublicDelegatedPrefixes.updatePolicy` `compute.healthChecks.` `compute.healthChecks.create` `compute.healthChecks.createTagBinding` `compute.healthChecks.delete` `compute.healthChecks.deleteTagBinding` `compute.healthChecks.get` `compute.healthChecks.list` `compute.healthChecks.listEffectiveTags` `compute.healthChecks.listTagBindings` `compute.healthChecks.update` `compute.healthChecks.use` `compute.healthChecks.useReadOnly` `compute.httpHealthChecks.` `compute.httpHealthChecks.create` `compute.httpHealthChecks.createTagBinding` `compute.httpHealthChecks.delete` `compute.httpHealthChecks.deleteTagBinding` `compute.httpHealthChecks.get` `compute.httpHealthChecks.list` `compute.httpHealthChecks.listEffectiveTags` `compute.httpHealthChecks.listTagBindings` `compute.httpHealthChecks.update` `compute.httpHealthChecks.use` `compute.httpHealthChecks.useReadOnly` `compute.httpsHealthChecks.` `compute.httpsHealthChecks.create` `compute.httpsHealthChecks.createTagBinding` `compute.httpsHealthChecks.delete` `compute.httpsHealthChecks.deleteTagBinding` `compute.httpsHealthChecks.get` `compute.httpsHealthChecks.list` `compute.httpsHealthChecks.listEffectiveTags` `compute.httpsHealthChecks.listTagBindings` `compute.httpsHealthChecks.update` `compute.httpsHealthChecks.use` `compute.httpsHealthChecks.useReadOnly` `compute.images.listEffectiveTags` `compute.images.listTagBindings` `compute.instanceGroupManagers.get` `compute.instanceGroupManagers.list` `compute.instanceGroupManagers.listEffectiveTags` `compute.instanceGroupManagers.listTagBindings` `compute.instanceGroupManagers.update` `compute.instanceGroupManagers.use` `compute.instanceGroups.get` `compute.instanceGroups.list` `compute.instanceGroups.listEffectiveTags` `compute.instanceGroups.listTagBindings` `compute.instanceGroups.update` `compute.instanceGroups.use` `compute.instanceSettings.get` `compute.instances.get` `compute.instances.getGuestAttributes` `compute.instances.getScreenshot` `compute.instances.getSerialPortOutput` `compute.instances.list` `compute.instances.listEffectiveTags` `compute.instances.listReferrers` `compute.instances.listTagBindings` `compute.instances.updateSecurity` `compute.instances.use` `compute.instances.useReadOnly` `compute.interconnectAttachmentGroups.` `compute.interconnectAttachmentGroups.create` `compute.interconnectAttachmentGroups.delete` `compute.interconnectAttachmentGroups.get` `compute.interconnectAttachmentGroups.list` `compute.interconnectAttachmentGroups.patch` `compute.interconnectAttachments.` `compute.interconnectAttachments.create` `compute.interconnectAttachments.createTagBinding` `compute.interconnectAttachments.delete` `compute.interconnectAttachments.deleteTagBinding` `compute.interconnectAttachments.get` `compute.interconnectAttachments.list` `compute.interconnectAttachments.listEffectiveTags` `compute.interconnectAttachments.listTagBindings` `compute.interconnectAttachments.setLabels` `compute.interconnectAttachments.update` `compute.interconnectAttachments.use` `compute.interconnectGroups.` `compute.interconnectGroups.create` `compute.interconnectGroups.delete` `compute.interconnectGroups.get` `compute.interconnectGroups.list` `compute.interconnectGroups.patch` `compute.interconnectLocations.` `compute.interconnectLocations.get` `compute.interconnectLocations.list` `compute.interconnectRemoteLocations.` `compute.interconnectRemoteLocations.get` `compute.interconnectRemoteLocations.list` `compute.interconnects.` `compute.interconnects.create` `compute.interconnects.createTagBinding` `compute.interconnects.delete` `compute.interconnects.deleteTagBinding` `compute.interconnects.get` `compute.interconnects.getMacsecConfig` `compute.interconnects.list` `compute.interconnects.listEffectiveTags` `compute.interconnects.listTagBindings` `compute.interconnects.setLabels` `compute.interconnects.update` `compute.interconnects.use` `compute.machineTypes.` `compute.machineTypes.get` `compute.machineTypes.list` `compute.networkAttachments.` `compute.networkAttachments.create` `compute.networkAttachments.createTagBinding` `compute.networkAttachments.delete` `compute.networkAttachments.deleteTagBinding` `compute.networkAttachments.get` `compute.networkAttachments.getIamPolicy` `compute.networkAttachments.list` `compute.networkAttachments.listEffectiveTags` `compute.networkAttachments.listTagBindings` `compute.networkAttachments.setIamPolicy` `compute.networkAttachments.update` `compute.networkAttachments.use` `compute.networkEndpointGroups.get` `compute.networkEndpointGroups.list` `compute.networkEndpointGroups.listEffectiveTags` `compute.networkEndpointGroups.listTagBindings` `compute.networkEndpointGroups.use` `compute.networkProfiles.` `compute.networkProfiles.get` `compute.networkProfiles.list` `compute.networks.` `compute.networks.access` `compute.networks.addPeering` `compute.networks.create` `compute.networks.createTagBinding` `compute.networks.delete` `compute.networks.deleteTagBinding` `compute.networks.get` `compute.networks.getEffectiveFirewalls` `compute.networks.getRegionEffectiveFirewalls` `compute.networks.list` `compute.networks.listEffectiveTags` `compute.networks.listPeeringRoutes` `compute.networks.listTagBindings` `compute.networks.mirror` `compute.networks.removePeering` `compute.networks.setFirewallPolicy` `compute.networks.setNetworkPolicy` `compute.networks.switchToCustomMode` `compute.networks.update` `compute.networks.updatePeering` `compute.networks.updatePolicy` `compute.networks.use` `compute.networks.useExternalIp` `compute.packetMirrorings.get` `compute.packetMirrorings.list` `compute.packetMirrorings.listEffectiveTags` `compute.packetMirrorings.listTagBindings` `compute.projects.get` `compute.publicDelegatedPrefixes.delete` `compute.publicDelegatedPrefixes.get` `compute.publicDelegatedPrefixes.list` `compute.publicDelegatedPrefixes.listEffectiveTags` `compute.publicDelegatedPrefixes.listTagBindings` `compute.publicDelegatedPrefixes.update` `compute.publicDelegatedPrefixes.updatePolicy` `compute.regionBackendBuckets.` `compute.regionBackendBuckets.create` `compute.regionBackendBuckets.createTagBinding` `compute.regionBackendBuckets.delete` `compute.regionBackendBuckets.deleteTagBinding` `compute.regionBackendBuckets.get` `compute.regionBackendBuckets.getIamPolicy` `compute.regionBackendBuckets.list` `compute.regionBackendBuckets.listEffectiveTags` `compute.regionBackendBuckets.listTagBindings` `compute.regionBackendBuckets.setIamPolicy` `compute.regionBackendBuckets.update` `compute.regionBackendBuckets.use` `compute.regionBackendServices.` `compute.regionBackendServices.create` `compute.regionBackendServices.createTagBinding` `compute.regionBackendServices.delete` `compute.regionBackendServices.deleteTagBinding` `compute.regionBackendServices.get` `compute.regionBackendServices.getIamPolicy` `compute.regionBackendServices.list` `compute.regionBackendServices.listEffectiveTags` `compute.regionBackendServices.listTagBindings` `compute.regionBackendServices.setIamPolicy` `compute.regionBackendServices.setSecurityPolicy` `compute.regionBackendServices.update` `compute.regionBackendServices.use` `compute.regionCompositeHealthChecks.` `compute.regionCompositeHealthChecks.create` `compute.regionCompositeHealthChecks.delete` `compute.regionCompositeHealthChecks.get` `compute.regionCompositeHealthChecks.list` `compute.regionCompositeHealthChecks.update` `compute.regionFirewallPolicies.get` `compute.regionFirewallPolicies.list` `compute.regionFirewallPolicies.listEffectiveTags` `compute.regionFirewallPolicies.listTagBindings` `compute.regionFirewallPolicies.use` `compute.regionHealthAggregationPolicies.` `compute.regionHealthAggregationPolicies.create` `compute.regionHealthAggregationPolicies.delete` `compute.regionHealthAggregationPolicies.get` `compute.regionHealthAggregationPolicies.list` `compute.regionHealthAggregationPolicies.update` `compute.regionHealthCheckServices.` `compute.regionHealthCheckServices.create` `compute.regionHealthCheckServices.delete` `compute.regionHealthCheckServices.get` `compute.regionHealthCheckServices.list` `compute.regionHealthCheckServices.update` `compute.regionHealthCheckServices.use` `compute.regionHealthChecks.` `compute.regionHealthChecks.create` `compute.regionHealthChecks.createTagBinding` `compute.regionHealthChecks.delete` `compute.regionHealthChecks.deleteTagBinding` `compute.regionHealthChecks.get` `compute.regionHealthChecks.list` `compute.regionHealthChecks.listEffectiveTags` `compute.regionHealthChecks.listTagBindings` `compute.regionHealthChecks.update` `compute.regionHealthChecks.use` `compute.regionHealthChecks.useReadOnly` `compute.regionHealthSources.` `compute.regionHealthSources.create` `compute.regionHealthSources.delete` `compute.regionHealthSources.get` `compute.regionHealthSources.list` `compute.regionHealthSources.update` `compute.regionNetworkEndpointGroups.get` `compute.regionNetworkEndpointGroups.list` `compute.regionNetworkEndpointGroups.listEffectiveTags` `compute.regionNetworkEndpointGroups.listTagBindings` `compute.regionNetworkEndpointGroups.use` `compute.regionNetworkPolicies.` `compute.regionNetworkPolicies.create` `compute.regionNetworkPolicies.delete` `compute.regionNetworkPolicies.get` `compute.regionNetworkPolicies.list` `compute.regionNetworkPolicies.update` `compute.regionNetworkPolicies.use` `compute.regionNotificationEndpoints.` `compute.regionNotificationEndpoints.create` `compute.regionNotificationEndpoints.delete` `compute.regionNotificationEndpoints.get` `compute.regionNotificationEndpoints.list` `compute.regionNotificationEndpoints.update` `compute.regionNotificationEndpoints.use` `compute.regionOperations.get` `compute.regionOperations.list` `compute.regionSecurityPolicies.get` `compute.regionSecurityPolicies.list` `compute.regionSecurityPolicies.listEffectiveTags` `compute.regionSecurityPolicies.listTagBindings` `compute.regionSecurityPolicies.use` `compute.regionSslCertificates.get` `compute.regionSslCertificates.list` `compute.regionSslCertificates.listEffectiveTags` `compute.regionSslCertificates.listTagBindings` `compute.regionSslPolicies.` `compute.regionSslPolicies.create` `compute.regionSslPolicies.createTagBinding` `compute.regionSslPolicies.delete` `compute.regionSslPolicies.deleteTagBinding` `compute.regionSslPolicies.get` `compute.regionSslPolicies.list` `compute.regionSslPolicies.listAvailableFeatures` `compute.regionSslPolicies.listEffectiveTags` `compute.regionSslPolicies.listTagBindings` `compute.regionSslPolicies.update` `compute.regionSslPolicies.use` `compute.regionTargetHttpProxies.` `compute.regionTargetHttpProxies.create` `compute.regionTargetHttpProxies.createTagBinding` `compute.regionTargetHttpProxies.delete` `compute.regionTargetHttpProxies.deleteTagBinding` `compute.regionTargetHttpProxies.get` `compute.regionTargetHttpProxies.list` `compute.regionTargetHttpProxies.listEffectiveTags` `compute.regionTargetHttpProxies.listTagBindings` `compute.regionTargetHttpProxies.setUrlMap` `compute.regionTargetHttpProxies.use` `compute.regionTargetHttpsProxies.` `compute.regionTargetHttpsProxies.create` `compute.regionTargetHttpsProxies.createTagBinding` `compute.regionTargetHttpsProxies.delete` `compute.regionTargetHttpsProxies.deleteTagBinding` `compute.regionTargetHttpsProxies.get` `compute.regionTargetHttpsProxies.list` `compute.regionTargetHttpsProxies.listEffectiveTags` `compute.regionTargetHttpsProxies.listTagBindings` `compute.regionTargetHttpsProxies.setSslCertificates` `compute.regionTargetHttpsProxies.setUrlMap` `compute.regionTargetHttpsProxies.update` `compute.regionTargetHttpsProxies.use` `compute.regionTargetTcpProxies.` `compute.regionTargetTcpProxies.create` `compute.regionTargetTcpProxies.createTagBinding` `compute.regionTargetTcpProxies.delete` `compute.regionTargetTcpProxies.deleteTagBinding` `compute.regionTargetTcpProxies.get` `compute.regionTargetTcpProxies.list` `compute.regionTargetTcpProxies.listEffectiveTags` `compute.regionTargetTcpProxies.listTagBindings` `compute.regionTargetTcpProxies.use` `compute.regionUrlMaps.` `compute.regionUrlMaps.create` `compute.regionUrlMaps.createTagBinding` `compute.regionUrlMaps.delete` `compute.regionUrlMaps.deleteTagBinding` `compute.regionUrlMaps.get` `compute.regionUrlMaps.invalidateCache` `compute.regionUrlMaps.list` `compute.regionUrlMaps.listEffectiveTags` `compute.regionUrlMaps.listTagBindings` `compute.regionUrlMaps.update` `compute.regionUrlMaps.use` `compute.regionUrlMaps.validate` `compute.regions.` `compute.regions.get` `compute.regions.list` `compute.routers.` `compute.routers.create` `compute.routers.createTagBinding` `compute.routers.delete` `compute.routers.deleteRoutePolicy` `compute.routers.deleteTagBinding` `compute.routers.get` `compute.routers.getRoutePolicy` `compute.routers.list` `compute.routers.listBgpRoutes` `compute.routers.listEffectiveTags` `compute.routers.listRoutePolicies` `compute.routers.listTagBindings` `compute.routers.update` `compute.routers.updateRoutePolicy` `compute.routers.use` `compute.routes.` `compute.routes.create` `compute.routes.createTagBinding` `compute.routes.delete` `compute.routes.deleteTagBinding` `compute.routes.get` `compute.routes.list` `compute.routes.listEffectiveTags` `compute.routes.listTagBindings` `compute.securityPolicies.get` `compute.securityPolicies.list` `compute.securityPolicies.listEffectiveTags` `compute.securityPolicies.listTagBindings` `compute.securityPolicies.use` `compute.serviceAttachments.` `compute.serviceAttachments.create` `compute.serviceAttachments.createTagBinding` `compute.serviceAttachments.delete` `compute.serviceAttachments.deleteTagBinding` `compute.serviceAttachments.get` `compute.serviceAttachments.getIamPolicy` `compute.serviceAttachments.list` `compute.serviceAttachments.listEffectiveTags` `compute.serviceAttachments.listTagBindings` `compute.serviceAttachments.setIamPolicy` `compute.serviceAttachments.update` `compute.serviceAttachments.use` `compute.snapshots.listEffectiveTags` `compute.snapshots.listTagBindings` `compute.sslCertificates.get` `compute.sslCertificates.list` `compute.sslCertificates.listEffectiveTags` `compute.sslCertificates.listTagBindings` `compute.sslPolicies.` `compute.sslPolicies.create` `compute.sslPolicies.createTagBinding` `compute.sslPolicies.delete` `compute.sslPolicies.deleteTagBinding` `compute.sslPolicies.get` `compute.sslPolicies.list` `compute.sslPolicies.listAvailableFeatures` `compute.sslPolicies.listEffectiveTags` `compute.sslPolicies.listTagBindings` `compute.sslPolicies.update` `compute.sslPolicies.use` `compute.subnetworks.` `compute.subnetworks.create` `compute.subnetworks.createTagBinding` `compute.subnetworks.delete` `compute.subnetworks.deleteTagBinding` `compute.subnetworks.expandIpCidrRange` `compute.subnetworks.get` `compute.subnetworks.getIamPolicy` `compute.subnetworks.list` `compute.subnetworks.listEffectiveTags` `compute.subnetworks.listTagBindings` `compute.subnetworks.mirror` `compute.subnetworks.setIamPolicy` `compute.subnetworks.setPrivateIpGoogleAccess` `compute.subnetworks.update` `compute.subnetworks.use` `compute.subnetworks.useExternalIp` `compute.subnetworks.usePeerMigration` `compute.targetGrpcProxies.` `compute.targetGrpcProxies.create` `compute.targetGrpcProxies.createTagBinding` `compute.targetGrpcProxies.delete` `compute.targetGrpcProxies.deleteTagBinding` `compute.targetGrpcProxies.get` `compute.targetGrpcProxies.list` `compute.targetGrpcProxies.listEffectiveTags` `compute.targetGrpcProxies.listTagBindings` `compute.targetGrpcProxies.update` `compute.targetGrpcProxies.use` `compute.targetHttpProxies.` `compute.targetHttpProxies.create` `compute.targetHttpProxies.createTagBinding` `compute.targetHttpProxies.delete` `compute.targetHttpProxies.deleteTagBinding` `compute.targetHttpProxies.get` `compute.targetHttpProxies.list` `compute.targetHttpProxies.listEffectiveTags` `compute.targetHttpProxies.listTagBindings` `compute.targetHttpProxies.setUrlMap` `compute.targetHttpProxies.update` `compute.targetHttpProxies.use` `compute.targetHttpsProxies.` `compute.targetHttpsProxies.create` `compute.targetHttpsProxies.createTagBinding` `compute.targetHttpsProxies.delete` `compute.targetHttpsProxies.deleteTagBinding` `compute.targetHttpsProxies.get` `compute.targetHttpsProxies.list` `compute.targetHttpsProxies.listEffectiveTags` `compute.targetHttpsProxies.listTagBindings` `compute.targetHttpsProxies.setCertificateMap` `compute.targetHttpsProxies.setQuicOverride` `compute.targetHttpsProxies.setSslCertificates` `compute.targetHttpsProxies.setSslPolicy` `compute.targetHttpsProxies.setUrlMap` `compute.targetHttpsProxies.update` `compute.targetHttpsProxies.use` `compute.targetInstances.` `compute.targetInstances.create` `compute.targetInstances.createTagBinding` `compute.targetInstances.delete` `compute.targetInstances.deleteTagBinding` `compute.targetInstances.get` `compute.targetInstances.list` `compute.targetInstances.listEffectiveTags` `compute.targetInstances.listTagBindings` `compute.targetInstances.setSecurityPolicy` `compute.targetInstances.use` `compute.targetPools.` `compute.targetPools.addHealthCheck` `compute.targetPools.addInstance` `compute.targetPools.create` `compute.targetPools.createTagBinding` `compute.targetPools.delete` `compute.targetPools.deleteTagBinding` `compute.targetPools.get` `compute.targetPools.list` `compute.targetPools.listEffectiveTags` `compute.targetPools.listTagBindings` `compute.targetPools.removeHealthCheck` `compute.targetPools.removeInstance` `compute.targetPools.setSecurityPolicy` `compute.targetPools.update` `compute.targetPools.use` `compute.targetSslProxies.` `compute.targetSslProxies.create` `compute.targetSslProxies.createTagBinding` `compute.targetSslProxies.delete` `compute.targetSslProxies.deleteTagBinding` `compute.targetSslProxies.get` `compute.targetSslProxies.list` `compute.targetSslProxies.listEffectiveTags` `compute.targetSslProxies.listTagBindings` `compute.targetSslProxies.setBackendService` `compute.targetSslProxies.setCertificateMap` `compute.targetSslProxies.setProxyHeader` `compute.targetSslProxies.setSslCertificates` `compute.targetSslProxies.setSslPolicy` `compute.targetSslProxies.update` `compute.targetSslProxies.use` `compute.targetTcpProxies.` `compute.targetTcpProxies.create` `compute.targetTcpProxies.createTagBinding` `compute.targetTcpProxies.delete` `compute.targetTcpProxies.deleteTagBinding` `compute.targetTcpProxies.get` `compute.targetTcpProxies.list` `compute.targetTcpProxies.listEffectiveTags` `compute.targetTcpProxies.listTagBindings` `compute.targetTcpProxies.update` `compute.targetTcpProxies.use` `compute.targetVpnGateways.` `compute.targetVpnGateways.create` `compute.targetVpnGateways.createTagBinding` `compute.targetVpnGateways.delete` `compute.targetVpnGateways.deleteTagBinding` `compute.targetVpnGateways.get` `compute.targetVpnGateways.list` `compute.targetVpnGateways.listEffectiveTags` `compute.targetVpnGateways.listTagBindings` `compute.targetVpnGateways.setLabels` `compute.targetVpnGateways.use` `compute.urlMaps.` `compute.urlMaps.create` `compute.urlMaps.createTagBinding` `compute.urlMaps.delete` `compute.urlMaps.deleteTagBinding` `compute.urlMaps.get` `compute.urlMaps.invalidateCache` `compute.urlMaps.list` `compute.urlMaps.listEffectiveTags` `compute.urlMaps.listTagBindings` `compute.urlMaps.update` `compute.urlMaps.use` `compute.urlMaps.validate` `compute.vpnGateways.` `compute.vpnGateways.create` `compute.vpnGateways.createTagBinding` `compute.vpnGateways.delete` `compute.vpnGateways.deleteTagBinding` `compute.vpnGateways.get` `compute.vpnGateways.list` `compute.vpnGateways.listEffectiveTags` `compute.vpnGateways.listTagBindings` `compute.vpnGateways.setLabels` `compute.vpnGateways.use` `compute.vpnTunnels.` `compute.vpnTunnels.create` `compute.vpnTunnels.createTagBinding` `compute.vpnTunnels.delete` `compute.vpnTunnels.deleteTagBinding` `compute.vpnTunnels.get` `compute.vpnTunnels.list` `compute.vpnTunnels.listEffectiveTags` `compute.vpnTunnels.listTagBindings` `compute.vpnTunnels.setLabels` `compute.wireGroups.` `compute.wireGroups.create` `compute.wireGroups.delete` `compute.wireGroups.get` `compute.wireGroups.list` `compute.wireGroups.update` `compute.zoneOperations.get` `compute.zoneOperations.list` `compute.zones.` `compute.zones.get` `compute.zones.list` `networkconnectivity.internalRanges.` `networkconnectivity.internalRanges.create` `networkconnectivity.internalRanges.delete` `networkconnectivity.internalRanges.get` `networkconnectivity.internalRanges.getIamPolicy` `networkconnectivity.internalRanges.list` `networkconnectivity.internalRanges.setIamPolicy` `networkconnectivity.internalRanges.update` `networkconnectivity.locations.` `networkconnectivity.locations.get` `networkconnectivity.locations.list` `networkconnectivity.operations.` `networkconnectivity.operations.cancel` `networkconnectivity.operations.delete` `networkconnectivity.operations.get` `networkconnectivity.operations.list` `networkconnectivity.policyBasedRoutes.` `networkconnectivity.policyBasedRoutes.create` `networkconnectivity.policyBasedRoutes.delete` `networkconnectivity.policyBasedRoutes.get` `networkconnectivity.policyBasedRoutes.getIamPolicy` `networkconnectivity.policyBasedRoutes.list` `networkconnectivity.policyBasedRoutes.setIamPolicy` `networkconnectivity.regionalEndpoints.` `networkconnectivity.regionalEndpoints.create` `networkconnectivity.regionalEndpoints.delete` `networkconnectivity.regionalEndpoints.get` `networkconnectivity.regionalEndpoints.list` `networkconnectivity.serviceClasses.` `networkconnectivity.serviceClasses.create` `networkconnectivity.serviceClasses.delete` `networkconnectivity.serviceClasses.get` `networkconnectivity.serviceClasses.list` `networkconnectivity.serviceClasses.update` `networkconnectivity.serviceClasses.use` `networkconnectivity.serviceConnectionMaps.` `networkconnectivity.serviceConnectionMaps.create` `networkconnectivity.serviceConnectionMaps.delete` `networkconnectivity.serviceConnectionMaps.get` `networkconnectivity.serviceConnectionMaps.list` `networkconnectivity.serviceConnectionMaps.update` `networkconnectivity.serviceConnectionPolicies.` `networkconnectivity.serviceConnectionPolicies.create` `networkconnectivity.serviceConnectionPolicies.delete` `networkconnectivity.serviceConnectionPolicies.get` `networkconnectivity.serviceConnectionPolicies.list` `networkconnectivity.serviceConnectionPolicies.update` `networkmanagement.connectivitytests.get` `networkmanagement.connectivitytests.list` `networksecurity.addressGroups.` `networksecurity.addressGroups.create` `networksecurity.addressGroups.delete` `networksecurity.addressGroups.get` `networksecurity.addressGroups.getIamPolicy` `networksecurity.addressGroups.list` `networksecurity.addressGroups.setIamPolicy` `networksecurity.addressGroups.update` `networksecurity.addressGroups.use` `networksecurity.authorizationPolicies.` `networksecurity.authorizationPolicies.create` `networksecurity.authorizationPolicies.delete` `networksecurity.authorizationPolicies.get` `networksecurity.authorizationPolicies.getIamPolicy` `networksecurity.authorizationPolicies.list` `networksecurity.authorizationPolicies.setIamPolicy` `networksecurity.authorizationPolicies.update` `networksecurity.authorizationPolicies.use` `networksecurity.authzPolicies.` `networksecurity.authzPolicies.create` `networksecurity.authzPolicies.delete` `networksecurity.authzPolicies.get` `networksecurity.authzPolicies.getIamPolicy` `networksecurity.authzPolicies.list` `networksecurity.authzPolicies.setIamPolicy` `networksecurity.authzPolicies.update` `networksecurity.backendAuthenticationConfigs.` `networksecurity.backendAuthenticationConfigs.create` `networksecurity.backendAuthenticationConfigs.delete` `networksecurity.backendAuthenticationConfigs.get` `networksecurity.backendAuthenticationConfigs.list` `networksecurity.backendAuthenticationConfigs.update` `networksecurity.backendAuthenticationConfigs.use` `networksecurity.clientTlsPolicies.` `networksecurity.clientTlsPolicies.create` `networksecurity.clientTlsPolicies.delete` `networksecurity.clientTlsPolicies.get` `networksecurity.clientTlsPolicies.getIamPolicy` `networksecurity.clientTlsPolicies.list` `networksecurity.clientTlsPolicies.setIamPolicy` `networksecurity.clientTlsPolicies.update` `networksecurity.clientTlsPolicies.use` `networksecurity.firewallEndpointAssociations.` `networksecurity.firewallEndpointAssociations.create` `networksecurity.firewallEndpointAssociations.delete` `networksecurity.firewallEndpointAssociations.get` `networksecurity.firewallEndpointAssociations.list` `networksecurity.firewallEndpointAssociations.update` `networksecurity.firewallEndpoints.` `networksecurity.firewallEndpoints.create` `networksecurity.firewallEndpoints.delete` `networksecurity.firewallEndpoints.get` `networksecurity.firewallEndpoints.list` `networksecurity.firewallEndpoints.update` `networksecurity.firewallEndpoints.use` `networksecurity.gatewaySecurityPolicies.` `networksecurity.gatewaySecurityPolicies.create` `networksecurity.gatewaySecurityPolicies.delete` `networksecurity.gatewaySecurityPolicies.get` `networksecurity.gatewaySecurityPolicies.list` `networksecurity.gatewaySecurityPolicies.update` `networksecurity.gatewaySecurityPolicies.use` `networksecurity.gatewaySecurityPolicyRules.` `networksecurity.gatewaySecurityPolicyRules.create` `networksecurity.gatewaySecurityPolicyRules.delete` `networksecurity.gatewaySecurityPolicyRules.get` `networksecurity.gatewaySecurityPolicyRules.list` `networksecurity.gatewaySecurityPolicyRules.update` `networksecurity.gatewaySecurityPolicyRules.use` `networksecurity.locations.` `networksecurity.locations.get` `networksecurity.locations.list` `networksecurity.operations.` `networksecurity.operations.cancel` `networksecurity.operations.delete` `networksecurity.operations.get` `networksecurity.operations.list` `networksecurity.sacAttachments.` `networksecurity.sacAttachments.create` `networksecurity.sacAttachments.delete` `networksecurity.sacAttachments.get` `networksecurity.sacAttachments.list` `networksecurity.sacRealms.` `networksecurity.sacRealms.create` `networksecurity.sacRealms.delete` `networksecurity.sacRealms.get` `networksecurity.sacRealms.list` `networksecurity.securityProfileGroups.` `networksecurity.securityProfileGroups.create` `networksecurity.securityProfileGroups.delete` `networksecurity.securityProfileGroups.get` `networksecurity.securityProfileGroups.list` `networksecurity.securityProfileGroups.update` `networksecurity.securityProfileGroups.use` `networksecurity.securityProfiles.` `networksecurity.securityProfiles.create` `networksecurity.securityProfiles.delete` `networksecurity.securityProfiles.get` `networksecurity.securityProfiles.list` `networksecurity.securityProfiles.update` `networksecurity.securityProfiles.use` `networksecurity.serverTlsPolicies.` `networksecurity.serverTlsPolicies.create` `networksecurity.serverTlsPolicies.delete` `networksecurity.serverTlsPolicies.get` `networksecurity.serverTlsPolicies.getIamPolicy` `networksecurity.serverTlsPolicies.list` `networksecurity.serverTlsPolicies.setIamPolicy` `networksecurity.serverTlsPolicies.update` `networksecurity.serverTlsPolicies.use` `networksecurity.tlsInspectionPolicies.` `networksecurity.tlsInspectionPolicies.create` `networksecurity.tlsInspectionPolicies.delete` `networksecurity.tlsInspectionPolicies.get` `networksecurity.tlsInspectionPolicies.list` `networksecurity.tlsInspectionPolicies.update` `networksecurity.tlsInspectionPolicies.use` `networksecurity.urlLists.` `networksecurity.urlLists.create` `networksecurity.urlLists.delete` `networksecurity.urlLists.get` `networksecurity.urlLists.list` `networksecurity.urlLists.update` `networksecurity.urlLists.use` `networkservices.` `networkservices.authzExtensions.create` `networkservices.authzExtensions.delete` `networkservices.authzExtensions.get` `networkservices.authzExtensions.list` `networkservices.authzExtensions.update` `networkservices.authzExtensions.use` `networkservices.endpointPolicies.create` `networkservices.endpointPolicies.delete` `networkservices.endpointPolicies.get` `networkservices.endpointPolicies.list` `networkservices.endpointPolicies.update` `networkservices.gateways.create` `networkservices.gateways.delete` `networkservices.gateways.get` `networkservices.gateways.list` `networkservices.gateways.update` `networkservices.gateways.use` `networkservices.grpcRoutes.create` `networkservices.grpcRoutes.delete` `networkservices.grpcRoutes.get` `networkservices.grpcRoutes.list` `networkservices.grpcRoutes.update` `networkservices.httpFilters.create` `networkservices.httpFilters.delete` `networkservices.httpFilters.get` `networkservices.httpFilters.list` `networkservices.httpFilters.update` `networkservices.httpRoutes.create` `networkservices.httpRoutes.delete` `networkservices.httpRoutes.get` `networkservices.httpRoutes.list` `networkservices.httpRoutes.update` `networkservices.httpfilters.create` `networkservices.httpfilters.delete` `networkservices.httpfilters.get` `networkservices.httpfilters.getIamPolicy` `networkservices.httpfilters.list` `networkservices.httpfilters.setIamPolicy` `networkservices.httpfilters.update` `networkservices.httpfilters.use` `networkservices.lbEdgeExtensions.create` `networkservices.lbEdgeExtensions.delete` `networkservices.lbEdgeExtensions.get` `networkservices.lbEdgeExtensions.list` `networkservices.lbEdgeExtensions.update` `networkservices.lbRouteExtensions.create` `networkservices.lbRouteExtensions.delete` `networkservices.lbRouteExtensions.get` `networkservices.lbRouteExtensions.list` `networkservices.lbRouteExtensions.update` `networkservices.lbTcpExtensions.createForNetwork` `networkservices.lbTcpExtensions.deleteForNetwork` `networkservices.lbTcpExtensions.getForNetwork` `networkservices.lbTcpExtensions.listForNetwork` `networkservices.lbTcpExtensions.updateForNetwork` `networkservices.lbTrafficExtensions.create` `networkservices.lbTrafficExtensions.delete` `networkservices.lbTrafficExtensions.get` `networkservices.lbTrafficExtensions.list` `networkservices.lbTrafficExtensions.update` `networkservices.locations.get` `networkservices.locations.list` `networkservices.meshes.create` `networkservices.meshes.delete` `networkservices.meshes.get` `networkservices.meshes.list` `networkservices.meshes.update` `networkservices.meshes.use` `networkservices.operations.cancel` `networkservices.operations.delete` `networkservices.operations.get` `networkservices.operations.list` `networkservices.route_views.get` `networkservices.route_views.list` `networkservices.serviceBindings.create` `networkservices.serviceBindings.delete` `networkservices.serviceBindings.get` `networkservices.serviceBindings.list` `networkservices.serviceBindings.update` `networkservices.serviceLbPolicies.create` `networkservices.serviceLbPolicies.delete` `networkservices.serviceLbPolicies.get` `networkservices.serviceLbPolicies.list` `networkservices.serviceLbPolicies.update` `networkservices.swpSecurityExtensions.create` `networkservices.swpSecurityExtensions.delete` `networkservices.swpSecurityExtensions.get` `networkservices.swpSecurityExtensions.list` `networkservices.swpSecurityExtensions.update` `networkservices.tcpRoutes.create` `networkservices.tcpRoutes.delete` `networkservices.tcpRoutes.get` `networkservices.tcpRoutes.list` `networkservices.tcpRoutes.update` `networkservices.tlsRoutes.create` `networkservices.tlsRoutes.delete` `networkservices.tlsRoutes.get` `networkservices.tlsRoutes.list` `networkservices.tlsRoutes.update` `networkservices.wasmPlugins.create` `networkservices.wasmPlugins.delete` `networkservices.wasmPlugins.get` `networkservices.wasmPlugins.list` `networkservices.wasmPlugins.update` `networkservices.wasmPlugins.use` `resourcemanager.projects.get` `resourcemanager.projects.list` `servicedirectory.namespaces.create` `servicedirectory.namespaces.delete` `servicedirectory.services.create` `servicedirectory.services.delete` `servicenetworking.operations.get` `servicenetworking.services.addPeering` `servicenetworking.services.createPeeredDnsDomain` `servicenetworking.services.deleteConnection` `servicenetworking.services.deletePeeredDnsDomain` `servicenetworking.services.disableVpcServiceControls` `servicenetworking.services.enableVpcServiceControls` `servicenetworking.services.get` `servicenetworking.services.getVpcServiceControls` `servicenetworking.services.listPeeredDnsDomains` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test` `trafficdirector.` `trafficdirector.networks.getConfigs` `trafficdirector.networks.reportMetrics`
Compute Network User (`roles/compute.networkUser`) Provides access to a shared VPC network Once granted, service owners can use VPC networks and subnets that belongto the host project. For example, a network user can create a VM instancethat belongs to a host project network but they cannot delete or createnew networks in the host project. Lowest-level resources where you can grant this role: Subnetwork	`compute.addresses.createInternal` `compute.addresses.deleteInternal` `compute.addresses.get` `compute.addresses.list` `compute.addresses.listEffectiveTags` `compute.addresses.listTagBindings` `compute.addresses.useInternal` `compute.crossSiteNetworks.get` `compute.crossSiteNetworks.list` `compute.externalVpnGateways.get` `compute.externalVpnGateways.list` `compute.externalVpnGateways.listEffectiveTags` `compute.externalVpnGateways.listTagBindings` `compute.externalVpnGateways.use` `compute.firewalls.get` `compute.firewalls.list` `compute.firewalls.listEffectiveTags` `compute.firewalls.listTagBindings` `compute.instanceSettings.get` `compute.interconnectAttachmentGroups.get` `compute.interconnectAttachmentGroups.list` `compute.interconnectAttachments.get` `compute.interconnectAttachments.list` `compute.interconnectAttachments.listEffectiveTags` `compute.interconnectAttachments.listTagBindings` `compute.interconnectGroups.get` `compute.interconnectGroups.list` `compute.interconnectLocations.` `compute.interconnectLocations.get` `compute.interconnectLocations.list` `compute.interconnectRemoteLocations.` `compute.interconnectRemoteLocations.get` `compute.interconnectRemoteLocations.list` `compute.interconnects.get` `compute.interconnects.list` `compute.interconnects.listEffectiveTags` `compute.interconnects.listTagBindings` `compute.interconnects.use` `compute.networkAttachments.get` `compute.networkAttachments.list` `compute.networkAttachments.listEffectiveTags` `compute.networkAttachments.listTagBindings` `compute.networkProfiles.` `compute.networkProfiles.get` `compute.networkProfiles.list` `compute.networks.access` `compute.networks.get` `compute.networks.getEffectiveFirewalls` `compute.networks.getRegionEffectiveFirewalls` `compute.networks.list` `compute.networks.listEffectiveTags` `compute.networks.listPeeringRoutes` `compute.networks.listTagBindings` `compute.networks.use` `compute.networks.useExternalIp` `compute.projects.get` `compute.regionCompositeHealthChecks.get` `compute.regionCompositeHealthChecks.list` `compute.regionHealthAggregationPolicies.get` `compute.regionHealthAggregationPolicies.list` `compute.regionHealthSources.get` `compute.regionHealthSources.list` `compute.regionNetworkPolicies.get` `compute.regionNetworkPolicies.list` `compute.regionNetworkPolicies.use` `compute.regions.` `compute.regions.get` `compute.regions.list` `compute.routers.get` `compute.routers.getRoutePolicy` `compute.routers.list` `compute.routers.listBgpRoutes` `compute.routers.listEffectiveTags` `compute.routers.listRoutePolicies` `compute.routers.listTagBindings` `compute.routes.get` `compute.routes.list` `compute.routes.listEffectiveTags` `compute.routes.listTagBindings` `compute.serviceAttachments.get` `compute.serviceAttachments.list` `compute.serviceAttachments.listEffectiveTags` `compute.serviceAttachments.listTagBindings` `compute.subnetworks.get` `compute.subnetworks.list` `compute.subnetworks.listEffectiveTags` `compute.subnetworks.listTagBindings` `compute.subnetworks.use` `compute.subnetworks.useExternalIp` `compute.targetVpnGateways.get` `compute.targetVpnGateways.list` `compute.targetVpnGateways.listEffectiveTags` `compute.targetVpnGateways.listTagBindings` `compute.vpnGateways.get` `compute.vpnGateways.list` `compute.vpnGateways.listEffectiveTags` `compute.vpnGateways.listTagBindings` `compute.vpnGateways.use` `compute.vpnTunnels.get` `compute.vpnTunnels.list` `compute.vpnTunnels.listEffectiveTags` `compute.vpnTunnels.listTagBindings` `compute.wireGroups.get` `compute.wireGroups.list` `compute.zones.` `compute.zones.get` `compute.zones.list` `networkconnectivity.internalRanges.get` `networkconnectivity.internalRanges.list` `networkconnectivity.locations.` `networkconnectivity.locations.get` `networkconnectivity.locations.list` `networkconnectivity.operations.get` `networkconnectivity.operations.list` `networkconnectivity.policyBasedRoutes.get` `networkconnectivity.policyBasedRoutes.list` `networkmanagement.connectivitytests.get` `networkmanagement.connectivitytests.list` `networksecurity.addressGroups.get` `networksecurity.addressGroups.list` `networksecurity.addressGroups.use` `networksecurity.authorizationPolicies.get` `networksecurity.authorizationPolicies.list` `networksecurity.authorizationPolicies.use` `networksecurity.authzPolicies.get` `networksecurity.authzPolicies.list` `networksecurity.clientTlsPolicies.get` `networksecurity.clientTlsPolicies.list` `networksecurity.clientTlsPolicies.use` `networksecurity.firewallEndpointAssociations.get` `networksecurity.firewallEndpointAssociations.list` `networksecurity.firewallEndpoints.get` `networksecurity.firewallEndpoints.list` `networksecurity.firewallEndpoints.use` `networksecurity.gatewaySecurityPolicies.get` `networksecurity.gatewaySecurityPolicies.list` `networksecurity.gatewaySecurityPolicies.use` `networksecurity.gatewaySecurityPolicyRules.get` `networksecurity.gatewaySecurityPolicyRules.list` `networksecurity.gatewaySecurityPolicyRules.use` `networksecurity.locations.` `networksecurity.locations.get` `networksecurity.locations.list` `networksecurity.operations.get` `networksecurity.operations.list` `networksecurity.sacAttachments.` `networksecurity.sacAttachments.create` `networksecurity.sacAttachments.delete` `networksecurity.sacAttachments.get` `networksecurity.sacAttachments.list` `networksecurity.sacRealms.get` `networksecurity.sacRealms.list` `networksecurity.securityProfileGroups.get` `networksecurity.securityProfileGroups.list` `networksecurity.securityProfileGroups.use` `networksecurity.securityProfiles.get` `networksecurity.securityProfiles.list` `networksecurity.securityProfiles.use` `networksecurity.serverTlsPolicies.get` `networksecurity.serverTlsPolicies.list` `networksecurity.serverTlsPolicies.use` `networksecurity.tlsInspectionPolicies.get` `networksecurity.tlsInspectionPolicies.list` `networksecurity.tlsInspectionPolicies.use` `networksecurity.urlLists.get` `networksecurity.urlLists.list` `networksecurity.urlLists.use` `networkservices.authzExtensions.get` `networkservices.authzExtensions.list` `networkservices.authzExtensions.use` `networkservices.endpointPolicies.get` `networkservices.endpointPolicies.list` `networkservices.gateways.get` `networkservices.gateways.list` `networkservices.gateways.use` `networkservices.grpcRoutes.get` `networkservices.grpcRoutes.list` `networkservices.httpFilters.get` `networkservices.httpFilters.list` `networkservices.httpRoutes.get` `networkservices.httpRoutes.list` `networkservices.httpfilters.get` `networkservices.httpfilters.list` `networkservices.httpfilters.use` `networkservices.lbEdgeExtensions.get` `networkservices.lbEdgeExtensions.list` `networkservices.lbRouteExtensions.get` `networkservices.lbRouteExtensions.list` `networkservices.lbTrafficExtensions.get` `networkservices.lbTrafficExtensions.list` `networkservices.locations.` `networkservices.locations.get` `networkservices.locations.list` `networkservices.meshes.get` `networkservices.meshes.list` `networkservices.meshes.use` `networkservices.operations.get` `networkservices.operations.list` `networkservices.route_views.` `networkservices.route_views.get` `networkservices.route_views.list` `networkservices.serviceBindings.get` `networkservices.serviceBindings.list` `networkservices.serviceLbPolicies.get` `networkservices.serviceLbPolicies.list` `networkservices.swpSecurityExtensions.get` `networkservices.swpSecurityExtensions.list` `networkservices.tcpRoutes.get` `networkservices.tcpRoutes.list` `networkservices.tlsRoutes.get` `networkservices.tlsRoutes.list` `networkservices.wasmPlugins.get` `networkservices.wasmPlugins.list` `networkservices.wasmPlugins.use` `resourcemanager.projects.get` `resourcemanager.projects.list` `servicenetworking.services.get` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.*` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`
Compute Network Viewer (`roles/compute.networkViewer`) Read-only access to all networking resources For example, if you have software that inspects your networkconfiguration, you could grant this role to that software'sservice account. Lowest-level resources where you can grant this role: Instance	`compute.acceleratorTypes.` `compute.acceleratorTypes.get` `compute.acceleratorTypes.list` `compute.addresses.get` `compute.addresses.list` `compute.addresses.listEffectiveTags` `compute.addresses.listTagBindings` `compute.autoscalers.get` `compute.autoscalers.list` `compute.backendBuckets.get` `compute.backendBuckets.list` `compute.backendBuckets.listEffectiveTags` `compute.backendBuckets.listTagBindings` `compute.backendServices.get` `compute.backendServices.list` `compute.backendServices.listEffectiveTags` `compute.backendServices.listTagBindings` `compute.crossSiteNetworks.get` `compute.crossSiteNetworks.list` `compute.disks.listEffectiveTags` `compute.disks.listTagBindings` `compute.externalVpnGateways.get` `compute.externalVpnGateways.list` `compute.externalVpnGateways.listEffectiveTags` `compute.externalVpnGateways.listTagBindings` `compute.firewalls.get` `compute.firewalls.list` `compute.firewalls.listEffectiveTags` `compute.firewalls.listTagBindings` `compute.forwardingRules.get` `compute.forwardingRules.list` `compute.forwardingRules.listEffectiveTags` `compute.forwardingRules.listTagBindings` `compute.globalAddresses.get` `compute.globalAddresses.list` `compute.globalAddresses.listEffectiveTags` `compute.globalAddresses.listTagBindings` `compute.globalForwardingRules.get` `compute.globalForwardingRules.list` `compute.globalForwardingRules.listEffectiveTags` `compute.globalForwardingRules.listTagBindings` `compute.healthChecks.get` `compute.healthChecks.list` `compute.healthChecks.listEffectiveTags` `compute.healthChecks.listTagBindings` `compute.httpHealthChecks.get` `compute.httpHealthChecks.list` `compute.httpHealthChecks.listEffectiveTags` `compute.httpHealthChecks.listTagBindings` `compute.httpsHealthChecks.get` `compute.httpsHealthChecks.list` `compute.httpsHealthChecks.listEffectiveTags` `compute.httpsHealthChecks.listTagBindings` `compute.images.listEffectiveTags` `compute.images.listTagBindings` `compute.instanceGroupManagers.get` `compute.instanceGroupManagers.list` `compute.instanceGroupManagers.listEffectiveTags` `compute.instanceGroupManagers.listTagBindings` `compute.instanceGroups.get` `compute.instanceGroups.list` `compute.instanceGroups.listEffectiveTags` `compute.instanceGroups.listTagBindings` `compute.instanceSettings.get` `compute.instances.get` `compute.instances.getGuestAttributes` `compute.instances.getScreenshot` `compute.instances.getSerialPortOutput` `compute.instances.list` `compute.instances.listEffectiveTags` `compute.instances.listReferrers` `compute.instances.listTagBindings` `compute.interconnectAttachmentGroups.get` `compute.interconnectAttachmentGroups.list` `compute.interconnectAttachments.get` `compute.interconnectAttachments.list` `compute.interconnectAttachments.listEffectiveTags` `compute.interconnectAttachments.listTagBindings` `compute.interconnectGroups.get` `compute.interconnectGroups.list` `compute.interconnectLocations.` `compute.interconnectLocations.get` `compute.interconnectLocations.list` `compute.interconnectRemoteLocations.` `compute.interconnectRemoteLocations.get` `compute.interconnectRemoteLocations.list` `compute.interconnects.get` `compute.interconnects.list` `compute.interconnects.listEffectiveTags` `compute.interconnects.listTagBindings` `compute.machineTypes.` `compute.machineTypes.get` `compute.machineTypes.list` `compute.networkAttachments.get` `compute.networkAttachments.list` `compute.networkAttachments.listEffectiveTags` `compute.networkAttachments.listTagBindings` `compute.networkProfiles.` `compute.networkProfiles.get` `compute.networkProfiles.list` `compute.networks.get` `compute.networks.getEffectiveFirewalls` `compute.networks.getRegionEffectiveFirewalls` `compute.networks.list` `compute.networks.listEffectiveTags` `compute.networks.listPeeringRoutes` `compute.networks.listTagBindings` `compute.packetMirrorings.get` `compute.packetMirrorings.list` `compute.packetMirrorings.listEffectiveTags` `compute.packetMirrorings.listTagBindings` `compute.projects.get` `compute.regionBackendBuckets.get` `compute.regionBackendBuckets.list` `compute.regionBackendBuckets.listEffectiveTags` `compute.regionBackendBuckets.listTagBindings` `compute.regionBackendServices.get` `compute.regionBackendServices.list` `compute.regionBackendServices.listEffectiveTags` `compute.regionBackendServices.listTagBindings` `compute.regionCompositeHealthChecks.get` `compute.regionCompositeHealthChecks.list` `compute.regionHealthAggregationPolicies.get` `compute.regionHealthAggregationPolicies.list` `compute.regionHealthCheckServices.get` `compute.regionHealthCheckServices.list` `compute.regionHealthChecks.get` `compute.regionHealthChecks.list` `compute.regionHealthChecks.listEffectiveTags` `compute.regionHealthChecks.listTagBindings` `compute.regionHealthSources.get` `compute.regionHealthSources.list` `compute.regionNetworkPolicies.get` `compute.regionNetworkPolicies.list` `compute.regionNotificationEndpoints.get` `compute.regionNotificationEndpoints.list` `compute.regionSslCertificates.get` `compute.regionSslCertificates.list` `compute.regionSslCertificates.listEffectiveTags` `compute.regionSslCertificates.listTagBindings` `compute.regionSslPolicies.get` `compute.regionSslPolicies.list` `compute.regionSslPolicies.listAvailableFeatures` `compute.regionSslPolicies.listEffectiveTags` `compute.regionSslPolicies.listTagBindings` `compute.regionTargetHttpProxies.get` `compute.regionTargetHttpProxies.list` `compute.regionTargetHttpProxies.listEffectiveTags` `compute.regionTargetHttpProxies.listTagBindings` `compute.regionTargetHttpsProxies.get` `compute.regionTargetHttpsProxies.list` `compute.regionTargetHttpsProxies.listEffectiveTags` `compute.regionTargetHttpsProxies.listTagBindings` `compute.regionTargetTcpProxies.get` `compute.regionTargetTcpProxies.list` `compute.regionTargetTcpProxies.listEffectiveTags` `compute.regionTargetTcpProxies.listTagBindings` `compute.regionUrlMaps.get` `compute.regionUrlMaps.list` `compute.regionUrlMaps.listEffectiveTags` `compute.regionUrlMaps.listTagBindings` `compute.regions.` `compute.regions.get` `compute.regions.list` `compute.routers.get` `compute.routers.getRoutePolicy` `compute.routers.list` `compute.routers.listBgpRoutes` `compute.routers.listEffectiveTags` `compute.routers.listRoutePolicies` `compute.routers.listTagBindings` `compute.routes.get` `compute.routes.list` `compute.routes.listEffectiveTags` `compute.routes.listTagBindings` `compute.serviceAttachments.get` `compute.serviceAttachments.list` `compute.serviceAttachments.listEffectiveTags` `compute.serviceAttachments.listTagBindings` `compute.snapshots.listEffectiveTags` `compute.snapshots.listTagBindings` `compute.sslCertificates.get` `compute.sslCertificates.list` `compute.sslCertificates.listEffectiveTags` `compute.sslCertificates.listTagBindings` `compute.sslPolicies.get` `compute.sslPolicies.list` `compute.sslPolicies.listAvailableFeatures` `compute.sslPolicies.listEffectiveTags` `compute.sslPolicies.listTagBindings` `compute.subnetworks.get` `compute.subnetworks.list` `compute.subnetworks.listEffectiveTags` `compute.subnetworks.listTagBindings` `compute.targetGrpcProxies.get` `compute.targetGrpcProxies.list` `compute.targetGrpcProxies.listEffectiveTags` `compute.targetGrpcProxies.listTagBindings` `compute.targetHttpProxies.get` `compute.targetHttpProxies.list` `compute.targetHttpProxies.listEffectiveTags` `compute.targetHttpProxies.listTagBindings` `compute.targetHttpsProxies.get` `compute.targetHttpsProxies.list` `compute.targetHttpsProxies.listEffectiveTags` `compute.targetHttpsProxies.listTagBindings` `compute.targetInstances.get` `compute.targetInstances.list` `compute.targetInstances.listEffectiveTags` `compute.targetInstances.listTagBindings` `compute.targetPools.get` `compute.targetPools.list` `compute.targetPools.listEffectiveTags` `compute.targetPools.listTagBindings` `compute.targetSslProxies.get` `compute.targetSslProxies.list` `compute.targetSslProxies.listEffectiveTags` `compute.targetSslProxies.listTagBindings` `compute.targetTcpProxies.get` `compute.targetTcpProxies.list` `compute.targetTcpProxies.listEffectiveTags` `compute.targetTcpProxies.listTagBindings` `compute.targetVpnGateways.get` `compute.targetVpnGateways.list` `compute.targetVpnGateways.listEffectiveTags` `compute.targetVpnGateways.listTagBindings` `compute.urlMaps.get` `compute.urlMaps.list` `compute.urlMaps.listEffectiveTags` `compute.urlMaps.listTagBindings` `compute.vpnGateways.get` `compute.vpnGateways.list` `compute.vpnGateways.listEffectiveTags` `compute.vpnGateways.listTagBindings` `compute.vpnTunnels.get` `compute.vpnTunnels.list` `compute.vpnTunnels.listEffectiveTags` `compute.vpnTunnels.listTagBindings` `compute.wireGroups.get` `compute.wireGroups.list` `compute.zones.` `compute.zones.get` `compute.zones.list` `networkconnectivity.internalRanges.get` `networkconnectivity.internalRanges.list` `networkconnectivity.locations.` `networkconnectivity.locations.get` `networkconnectivity.locations.list` `networkconnectivity.operations.get` `networkconnectivity.operations.list` `networkconnectivity.policyBasedRoutes.get` `networkconnectivity.policyBasedRoutes.list` `networkmanagement.connectivitytests.get` `networkmanagement.connectivitytests.list` `networksecurity.addressGroups.get` `networksecurity.addressGroups.list` `networksecurity.authorizationPolicies.get` `networksecurity.authorizationPolicies.list` `networksecurity.authzPolicies.get` `networksecurity.authzPolicies.list` `networksecurity.clientTlsPolicies.get` `networksecurity.clientTlsPolicies.list` `networksecurity.firewallEndpointAssociations.get` `networksecurity.firewallEndpointAssociations.list` `networksecurity.firewallEndpoints.get` `networksecurity.firewallEndpoints.list` `networksecurity.gatewaySecurityPolicies.get` `networksecurity.gatewaySecurityPolicies.list` `networksecurity.gatewaySecurityPolicyRules.get` `networksecurity.gatewaySecurityPolicyRules.list` `networksecurity.locations.` `networksecurity.locations.get` `networksecurity.locations.list` `networksecurity.operations.get` `networksecurity.operations.list` `networksecurity.sacAttachments.get` `networksecurity.sacAttachments.list` `networksecurity.sacRealms.get` `networksecurity.sacRealms.list` `networksecurity.securityProfileGroups.get` `networksecurity.securityProfileGroups.list` `networksecurity.securityProfiles.get` `networksecurity.securityProfiles.list` `networksecurity.serverTlsPolicies.get` `networksecurity.serverTlsPolicies.list` `networksecurity.tlsInspectionPolicies.get` `networksecurity.tlsInspectionPolicies.list` `networksecurity.urlLists.get` `networksecurity.urlLists.list` `networkservices.authzExtensions.get` `networkservices.authzExtensions.list` `networkservices.endpointPolicies.get` `networkservices.endpointPolicies.list` `networkservices.gateways.get` `networkservices.gateways.list` `networkservices.grpcRoutes.get` `networkservices.grpcRoutes.list` `networkservices.httpFilters.get` `networkservices.httpFilters.list` `networkservices.httpRoutes.get` `networkservices.httpRoutes.list` `networkservices.httpfilters.get` `networkservices.httpfilters.list` `networkservices.lbEdgeExtensions.get` `networkservices.lbEdgeExtensions.list` `networkservices.lbRouteExtensions.get` `networkservices.lbRouteExtensions.list` `networkservices.lbTrafficExtensions.get` `networkservices.lbTrafficExtensions.list` `networkservices.locations.` `networkservices.locations.get` `networkservices.locations.list` `networkservices.meshes.get` `networkservices.meshes.list` `networkservices.operations.get` `networkservices.operations.list` `networkservices.route_views.` `networkservices.route_views.get` `networkservices.route_views.list` `networkservices.serviceBindings.get` `networkservices.serviceBindings.list` `networkservices.serviceLbPolicies.get` `networkservices.serviceLbPolicies.list` `networkservices.swpSecurityExtensions.get` `networkservices.swpSecurityExtensions.list` `networkservices.tcpRoutes.get` `networkservices.tcpRoutes.list` `networkservices.tlsRoutes.get` `networkservices.tlsRoutes.list` `networkservices.wasmPlugins.get` `networkservices.wasmPlugins.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `servicenetworking.services.get` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test` `trafficdirector.*` `trafficdirector.networks.getConfigs` `trafficdirector.networks.reportMetrics`
Compute Organization Firewall Policy Admin (`roles/compute.orgFirewallPolicyAdmin`) Full control of Compute Engine Organization Firewall Policies.	`compute.firewallPolicies.` `compute.firewallPolicies.cloneRules` `compute.firewallPolicies.copyRules` `compute.firewallPolicies.create` `compute.firewallPolicies.createTagBinding` `compute.firewallPolicies.delete` `compute.firewallPolicies.deleteTagBinding` `compute.firewallPolicies.get` `compute.firewallPolicies.getIamPolicy` `compute.firewallPolicies.list` `compute.firewallPolicies.listEffectiveTags` `compute.firewallPolicies.listTagBindings` `compute.firewallPolicies.move` `compute.firewallPolicies.setIamPolicy` `compute.firewallPolicies.update` `compute.firewallPolicies.use` `compute.globalOperations.get` `compute.globalOperations.getIamPolicy` `compute.globalOperations.list` `compute.globalOperations.setIamPolicy` `compute.projects.get` `compute.regionFirewallPolicies.` `compute.regionFirewallPolicies.cloneRules` `compute.regionFirewallPolicies.create` `compute.regionFirewallPolicies.createTagBinding` `compute.regionFirewallPolicies.delete` `compute.regionFirewallPolicies.deleteTagBinding` `compute.regionFirewallPolicies.get` `compute.regionFirewallPolicies.getIamPolicy` `compute.regionFirewallPolicies.list` `compute.regionFirewallPolicies.listEffectiveTags` `compute.regionFirewallPolicies.listTagBindings` `compute.regionFirewallPolicies.setIamPolicy` `compute.regionFirewallPolicies.update` `compute.regionFirewallPolicies.use` `compute.regionOperations.get` `compute.regionOperations.getIamPolicy` `compute.regionOperations.list` `compute.regionOperations.setIamPolicy` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.*` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`
Compute Organization Firewall Policy User (`roles/compute.orgFirewallPolicyUser`) View or use Compute Engine Firewall Policies to associate with the organization or folders.	`compute.firewallPolicies.get` `compute.firewallPolicies.list` `compute.firewallPolicies.listEffectiveTags` `compute.firewallPolicies.listTagBindings` `compute.firewallPolicies.use` `compute.globalOperations.get` `compute.globalOperations.getIamPolicy` `compute.globalOperations.list` `compute.projects.get` `compute.regionFirewallPolicies.get` `compute.regionFirewallPolicies.list` `compute.regionFirewallPolicies.listEffectiveTags` `compute.regionFirewallPolicies.listTagBindings` `compute.regionFirewallPolicies.use` `compute.regionOperations.get` `compute.regionOperations.getIamPolicy` `compute.regionOperations.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.*` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`
Compute Organization Security Policy Admin (`roles/compute.orgSecurityPolicyAdmin`) Full control of Compute Engine Organization Security Policies.	`compute.firewallPolicies.` `compute.firewallPolicies.cloneRules` `compute.firewallPolicies.copyRules` `compute.firewallPolicies.create` `compute.firewallPolicies.createTagBinding` `compute.firewallPolicies.delete` `compute.firewallPolicies.deleteTagBinding` `compute.firewallPolicies.get` `compute.firewallPolicies.getIamPolicy` `compute.firewallPolicies.list` `compute.firewallPolicies.listEffectiveTags` `compute.firewallPolicies.listTagBindings` `compute.firewallPolicies.move` `compute.firewallPolicies.setIamPolicy` `compute.firewallPolicies.update` `compute.firewallPolicies.use` `compute.globalOperations.get` `compute.globalOperations.getIamPolicy` `compute.globalOperations.list` `compute.globalOperations.setIamPolicy` `compute.projects.get` `compute.securityPolicies.addAssociation` `compute.securityPolicies.copyRules` `compute.securityPolicies.create` `compute.securityPolicies.createTagBinding` `compute.securityPolicies.delete` `compute.securityPolicies.deleteTagBinding` `compute.securityPolicies.get` `compute.securityPolicies.list` `compute.securityPolicies.listEffectiveTags` `compute.securityPolicies.listTagBindings` `compute.securityPolicies.move` `compute.securityPolicies.removeAssociation` `compute.securityPolicies.update` `compute.securityPolicies.use` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`
Compute Organization Security Policy User (`roles/compute.orgSecurityPolicyUser`) View or use Compute Engine Security Policies to associate with the organization or folders.	`compute.firewallPolicies.get` `compute.firewallPolicies.list` `compute.firewallPolicies.listEffectiveTags` `compute.firewallPolicies.listTagBindings` `compute.firewallPolicies.use` `compute.globalOperations.get` `compute.globalOperations.getIamPolicy` `compute.globalOperations.list` `compute.globalOperations.setIamPolicy` `compute.projects.get` `compute.securityPolicies.addAssociation` `compute.securityPolicies.get` `compute.securityPolicies.list` `compute.securityPolicies.listEffectiveTags` `compute.securityPolicies.listTagBindings` `compute.securityPolicies.removeAssociation` `compute.securityPolicies.use` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.*` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`
Compute Organization Resource Admin (`roles/compute.orgSecurityResourceAdmin`) Full control of Compute Engine Firewall Policy associations to the organization or folders.	`compute.globalOperations.get` `compute.globalOperations.getIamPolicy` `compute.globalOperations.list` `compute.globalOperations.setIamPolicy` `compute.organizations.listAssociations` `compute.organizations.setFirewallPolicy` `compute.organizations.setSecurityPolicy` `compute.projects.get` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.*` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`
Compute OS Admin Login (`roles/compute.osAdminLogin`) Access to log in to a Compute Engine instance as an administratoruser. Lowest-level resources where you can grant this role: Instance	`compute.disks.listEffectiveTags` `compute.disks.listTagBindings` `compute.images.listEffectiveTags` `compute.images.listTagBindings` `compute.instanceSettings.get` `compute.instances.get` `compute.instances.list` `compute.instances.listEffectiveTags` `compute.instances.listTagBindings` `compute.instances.osAdminLogin` `compute.instances.osLogin` `compute.projects.get` `compute.snapshots.listEffectiveTags` `compute.snapshots.listTagBindings` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.*` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`
Compute OS Login (`roles/compute.osLogin`) Access to log in to a Compute Engine instance as a standard user. Lowest-level resources where you can grant this role: Instance	`compute.disks.listEffectiveTags` `compute.disks.listTagBindings` `compute.images.listEffectiveTags` `compute.images.listTagBindings` `compute.instanceSettings.get` `compute.instances.get` `compute.instances.list` `compute.instances.listEffectiveTags` `compute.instances.listTagBindings` `compute.instances.osLogin` `compute.projects.get` `compute.snapshots.listEffectiveTags` `compute.snapshots.listTagBindings` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.*` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`
Compute OS Login External User (`roles/compute.osLoginExternalUser`) Available only at the organization level. Access for an external user to set OS Login information associated withthis organization. This role does not grant access to instances. Externalusers must be granted one of the requiredOS Login rolesin order to allow access to instances using SSH. Lowest-level resources where you can grant this role: Organization	`compute.oslogin.updateExternalUser`
Compute packet mirroring admin (`roles/compute.packetMirroringAdmin`) Specify resources to be mirrored.	`compute.instances.updateSecurity` `compute.networks.mirror` `compute.projects.get` `compute.subnetworks.mirror` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.*` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`
Compute packet mirroring user (`roles/compute.packetMirroringUser`) Use Compute Engine packet mirrorings.	`compute.packetMirrorings.` `compute.packetMirrorings.create` `compute.packetMirrorings.createTagBinding` `compute.packetMirrorings.delete` `compute.packetMirrorings.deleteTagBinding` `compute.packetMirrorings.get` `compute.packetMirrorings.list` `compute.packetMirrorings.listEffectiveTags` `compute.packetMirrorings.listTagBindings` `compute.packetMirrorings.update` `compute.projects.get` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`
Compute Peer Subnet Migration Admin (`roles/compute.peerSubnetMigrationAdmin`) Use subnetwork whose PURPOSE is "PEER_MIGRATION"	`compute.addresses.createInternal` `compute.addresses.deleteInternal` `compute.addresses.get` `compute.addresses.use` `compute.forwardingRules.create` `compute.forwardingRules.delete` `compute.forwardingRules.get` `compute.forwardingRules.list` `compute.forwardingRules.pscCreate` `compute.forwardingRules.pscDelete` `compute.forwardingRules.pscUpdate` `compute.forwardingRules.update` `compute.networks.use` `compute.regionOperations.get` `compute.regions.list` `compute.subnetworks.use` `compute.subnetworks.usePeerMigration` `servicedirectory.namespaces.create` `servicedirectory.services.create` `servicedirectory.services.delete`
Compute Public IP Admin (`roles/compute.publicIpAdmin`) Full control of public IP address management for Compute Engine.	`compute.addresses.` `compute.addresses.create` `compute.addresses.createInternal` `compute.addresses.createTagBinding` `compute.addresses.delete` `compute.addresses.deleteInternal` `compute.addresses.deleteTagBinding` `compute.addresses.get` `compute.addresses.list` `compute.addresses.listEffectiveTags` `compute.addresses.listTagBindings` `compute.addresses.setLabels` `compute.addresses.use` `compute.addresses.useInternal` `compute.globalAddresses.` `compute.globalAddresses.create` `compute.globalAddresses.createInternal` `compute.globalAddresses.createTagBinding` `compute.globalAddresses.delete` `compute.globalAddresses.deleteInternal` `compute.globalAddresses.deleteTagBinding` `compute.globalAddresses.get` `compute.globalAddresses.list` `compute.globalAddresses.listEffectiveTags` `compute.globalAddresses.listTagBindings` `compute.globalAddresses.setLabels` `compute.globalAddresses.use` `compute.globalPublicDelegatedPrefixes.` `compute.globalPublicDelegatedPrefixes.create` `compute.globalPublicDelegatedPrefixes.delete` `compute.globalPublicDelegatedPrefixes.get` `compute.globalPublicDelegatedPrefixes.list` `compute.globalPublicDelegatedPrefixes.updatePolicy` `compute.publicAdvertisedPrefixes.` `compute.publicAdvertisedPrefixes.create` `compute.publicAdvertisedPrefixes.delete` `compute.publicAdvertisedPrefixes.get` `compute.publicAdvertisedPrefixes.list` `compute.publicAdvertisedPrefixes.update` `compute.publicAdvertisedPrefixes.updatePolicy` `compute.publicDelegatedPrefixes.*` `compute.publicDelegatedPrefixes.announce` `compute.publicDelegatedPrefixes.create` `compute.publicDelegatedPrefixes.createTagBinding` `compute.publicDelegatedPrefixes.delete` `compute.publicDelegatedPrefixes.deleteTagBinding` `compute.publicDelegatedPrefixes.get` `compute.publicDelegatedPrefixes.list` `compute.publicDelegatedPrefixes.listEffectiveTags` `compute.publicDelegatedPrefixes.listTagBindings` `compute.publicDelegatedPrefixes.update` `compute.publicDelegatedPrefixes.updatePolicy` `compute.publicDelegatedPrefixes.use` `compute.publicDelegatedPrefixes.withdraw` `resourcemanager.projects.get` `resourcemanager.projects.list`
Compute Security Admin (`roles/compute.securityAdmin`) Permissions to create, modify, and delete firewall rules and SSLcertificates, and also toconfigureShielded VMsettings. For example, if your company has a security team that manages firewallsand SSL certificates and a networking team that manages the rest of thenetworking resources, then grant this role to the security team's group. Lowest-level resources where you can grant this role: Instance	`compute.backendBuckets.list` `compute.backendServices.list` `compute.firewallPolicies.` `compute.firewallPolicies.cloneRules` `compute.firewallPolicies.copyRules` `compute.firewallPolicies.create` `compute.firewallPolicies.createTagBinding` `compute.firewallPolicies.delete` `compute.firewallPolicies.deleteTagBinding` `compute.firewallPolicies.get` `compute.firewallPolicies.getIamPolicy` `compute.firewallPolicies.list` `compute.firewallPolicies.listEffectiveTags` `compute.firewallPolicies.listTagBindings` `compute.firewallPolicies.move` `compute.firewallPolicies.setIamPolicy` `compute.firewallPolicies.update` `compute.firewallPolicies.use` `compute.firewalls.` `compute.firewalls.create` `compute.firewalls.createTagBinding` `compute.firewalls.delete` `compute.firewalls.deleteTagBinding` `compute.firewalls.get` `compute.firewalls.list` `compute.firewalls.listEffectiveTags` `compute.firewalls.listTagBindings` `compute.firewalls.update` `compute.globalOperations.get` `compute.globalOperations.list` `compute.instanceSettings.get` `compute.instances.getEffectiveFirewalls` `compute.instances.list` `compute.instances.setShieldedInstanceIntegrityPolicy` `compute.instances.setShieldedVmIntegrityPolicy` `compute.instances.updateSecurity` `compute.instances.updateShieldedInstanceConfig` `compute.instances.updateShieldedVmConfig` `compute.networks.get` `compute.networks.getEffectiveFirewalls` `compute.networks.getRegionEffectiveFirewalls` `compute.networks.list` `compute.networks.listEffectiveTags` `compute.networks.listTagBindings` `compute.networks.updatePolicy` `compute.packetMirrorings.` `compute.packetMirrorings.create` `compute.packetMirrorings.createTagBinding` `compute.packetMirrorings.delete` `compute.packetMirrorings.deleteTagBinding` `compute.packetMirrorings.get` `compute.packetMirrorings.list` `compute.packetMirrorings.listEffectiveTags` `compute.packetMirrorings.listTagBindings` `compute.packetMirrorings.update` `compute.projects.get` `compute.regionBackendBuckets.list` `compute.regionBackendServices.list` `compute.regionFirewallPolicies.` `compute.regionFirewallPolicies.cloneRules` `compute.regionFirewallPolicies.create` `compute.regionFirewallPolicies.createTagBinding` `compute.regionFirewallPolicies.delete` `compute.regionFirewallPolicies.deleteTagBinding` `compute.regionFirewallPolicies.get` `compute.regionFirewallPolicies.getIamPolicy` `compute.regionFirewallPolicies.list` `compute.regionFirewallPolicies.listEffectiveTags` `compute.regionFirewallPolicies.listTagBindings` `compute.regionFirewallPolicies.setIamPolicy` `compute.regionFirewallPolicies.update` `compute.regionFirewallPolicies.use` `compute.regionOperations.get` `compute.regionOperations.list` `compute.regionSecurityPolicies.` `compute.regionSecurityPolicies.create` `compute.regionSecurityPolicies.createTagBinding` `compute.regionSecurityPolicies.delete` `compute.regionSecurityPolicies.deleteTagBinding` `compute.regionSecurityPolicies.get` `compute.regionSecurityPolicies.list` `compute.regionSecurityPolicies.listEffectiveTags` `compute.regionSecurityPolicies.listTagBindings` `compute.regionSecurityPolicies.update` `compute.regionSecurityPolicies.use` `compute.regionSslCertificates.` `compute.regionSslCertificates.create` `compute.regionSslCertificates.createTagBinding` `compute.regionSslCertificates.delete` `compute.regionSslCertificates.deleteTagBinding` `compute.regionSslCertificates.get` `compute.regionSslCertificates.list` `compute.regionSslCertificates.listEffectiveTags` `compute.regionSslCertificates.listTagBindings` `compute.regionSslPolicies.` `compute.regionSslPolicies.create` `compute.regionSslPolicies.createTagBinding` `compute.regionSslPolicies.delete` `compute.regionSslPolicies.deleteTagBinding` `compute.regionSslPolicies.get` `compute.regionSslPolicies.list` `compute.regionSslPolicies.listAvailableFeatures` `compute.regionSslPolicies.listEffectiveTags` `compute.regionSslPolicies.listTagBindings` `compute.regionSslPolicies.update` `compute.regionSslPolicies.use` `compute.regions.` `compute.regions.get` `compute.regions.list` `compute.routers.get` `compute.routers.getRoutePolicy` `compute.routers.list` `compute.routers.listBgpRoutes` `compute.routers.listEffectiveTags` `compute.routers.listRoutePolicies` `compute.routers.listTagBindings` `compute.routes.get` `compute.routes.list` `compute.routes.listEffectiveTags` `compute.routes.listTagBindings` `compute.securityPolicies.` `compute.securityPolicies.addAssociation` `compute.securityPolicies.copyRules` `compute.securityPolicies.create` `compute.securityPolicies.createTagBinding` `compute.securityPolicies.delete` `compute.securityPolicies.deleteTagBinding` `compute.securityPolicies.get` `compute.securityPolicies.list` `compute.securityPolicies.listEffectiveTags` `compute.securityPolicies.listTagBindings` `compute.securityPolicies.move` `compute.securityPolicies.removeAssociation` `compute.securityPolicies.setLabels` `compute.securityPolicies.update` `compute.securityPolicies.use` `compute.sslCertificates.` `compute.sslCertificates.create` `compute.sslCertificates.createTagBinding` `compute.sslCertificates.delete` `compute.sslCertificates.deleteTagBinding` `compute.sslCertificates.get` `compute.sslCertificates.list` `compute.sslCertificates.listEffectiveTags` `compute.sslCertificates.listTagBindings` `compute.sslPolicies.` `compute.sslPolicies.create` `compute.sslPolicies.createTagBinding` `compute.sslPolicies.delete` `compute.sslPolicies.deleteTagBinding` `compute.sslPolicies.get` `compute.sslPolicies.list` `compute.sslPolicies.listAvailableFeatures` `compute.sslPolicies.listEffectiveTags` `compute.sslPolicies.listTagBindings` `compute.sslPolicies.update` `compute.sslPolicies.use` `compute.subnetworks.get` `compute.subnetworks.list` `compute.subnetworks.listEffectiveTags` `compute.subnetworks.listTagBindings` `compute.targetInstances.list` `compute.targetPools.list` `compute.zoneOperations.get` `compute.zoneOperations.list` `compute.zones.` `compute.zones.get` `compute.zones.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.*` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`
Compute Engine Service Agent (`roles/compute.serviceAgent`) Gives Compute Engine Service Account access to assert service account authority. Includes access to service accounts. Warning: Do not grant service agent roles to any principals except service agents.	`cloudnotifications.activities.list` `compute.addresses.use` `compute.addresses.useInternal` `compute.disks.create` `compute.disks.createTagBinding` `compute.disks.delete` `compute.disks.get` `compute.disks.setLabels` `compute.disks.use` `compute.disks.useReadOnly` `compute.forwardingRules.create` `compute.forwardingRules.delete` `compute.forwardingRules.get` `compute.globalOperations.get` `compute.healthChecks.create` `compute.healthChecks.delete` `compute.healthChecks.get` `compute.healthChecks.update` `compute.images.useReadOnly` `compute.instanceGroupManagers.get` `compute.instanceTemplates.useReadOnly` `compute.instances.attachDisk` `compute.instances.create` `compute.instances.createTagBinding` `compute.instances.delete` `compute.instances.detachDisk` `compute.instances.get` `compute.instances.setDeletionProtection` `compute.instances.setLabels` `compute.instances.setMetadata` `compute.instances.setServiceAccount` `compute.instances.setTags` `compute.instances.start` `compute.instances.stop` `compute.instances.update` `compute.instances.updateDisplayDevice` `compute.instances.use` `compute.machineImages.useReadOnly` `compute.networkEndpointGroups.attachNetworkEndpoints` `compute.networkEndpointGroups.create` `compute.networkEndpointGroups.delete` `compute.networkEndpointGroups.use` `compute.networks.use` `compute.networks.useExternalIp` `compute.regionBackendServices.create` `compute.regionBackendServices.delete` `compute.regionBackendServices.get` `compute.regionBackendServices.update` `compute.regionBackendServices.use` `compute.regionOperations.get` `compute.resourcePolicies.use` `compute.snapshots.useReadOnly` `compute.subnetworks.use` `compute.subnetworks.useExternalIp` `compute.zoneOperations.get` `iam.serviceAccounts.actAs` `iam.serviceAccounts.getAccessToken` `iam.serviceAccounts.getOpenIdToken` `iam.serviceAccounts.implicitDelegation` `iam.serviceAccounts.signJwt` `logging.logEntries.create` `monitoring.alertPolicies.get` `monitoring.alertPolicies.list` `monitoring.alertPolicies.listEffectiveTags` `monitoring.alertPolicies.listTagBindings` `monitoring.alerts.` `monitoring.alerts.get` `monitoring.alerts.list` `monitoring.dashboards.get` `monitoring.dashboards.list` `monitoring.dashboards.listEffectiveTags` `monitoring.dashboards.listTagBindings` `monitoring.groups.get` `monitoring.groups.list` `monitoring.metricDescriptors.get` `monitoring.metricDescriptors.list` `monitoring.monitoredResourceDescriptors.` `monitoring.monitoredResourceDescriptors.get` `monitoring.monitoredResourceDescriptors.list` `monitoring.notificationChannelDescriptors.*` `monitoring.notificationChannelDescriptors.get` `monitoring.notificationChannelDescriptors.list` `monitoring.notificationChannels.get` `monitoring.notificationChannels.list` `monitoring.services.get` `monitoring.services.list` `monitoring.slos.get` `monitoring.slos.list` `monitoring.snoozes.get` `monitoring.snoozes.list` `monitoring.timeSeries.list` `monitoring.uptimeCheckConfigs.get` `monitoring.uptimeCheckConfigs.list` `opsconfigmonitoring.resourceMetadata.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `stackdriver.projects.get` `stackdriver.resourceMetadata.list` `storage.objects.create` `storage.objects.get` `storage.objects.list` `storage.objects.update`
Compute Sole Tenant Viewer (`roles/compute.soleTenantViewer`) Permissions to view sole tenancy node groups	`compute.nodeGroups.get` `compute.nodeGroups.getIamPolicy` `compute.nodeGroups.list` `compute.nodeTemplates.get` `compute.nodeTemplates.getIamPolicy` `compute.nodeTemplates.list` `compute.nodeTypes.*` `compute.nodeTypes.get` `compute.nodeTypes.list`
Compute Storage Admin (`roles/compute.storageAdmin`) Permissions to create, modify, and delete disks, images, and snapshots. For example, if your company has someone who manages project images andyou don't want them to have the editor role on the project, then grantthis role to their account on the project. Lowest-level resources where you can grant this role: Disk Image Snapshot	`backupdr.backupPlanAssociations.createForComputeDisk` `backupdr.backupPlanAssociations.deleteForComputeDisk` `backupdr.backupPlanAssociations.fetchForComputeDisk` `backupdr.backupPlanAssociations.getForComputeDisk` `backupdr.backupPlanAssociations.triggerBackupForComputeDisk` `backupdr.backupPlanAssociations.updateForComputeDisk` `backupdr.backupPlans.useForComputeDisk` `cloudkms.keyHandles.` `cloudkms.keyHandles.create` `cloudkms.keyHandles.get` `cloudkms.keyHandles.list` `cloudkms.operations.get` `cloudkms.projects.showEffectiveAutokeyConfig` `compute.diskSettings.` `compute.diskSettings.get` `compute.diskSettings.update` `compute.diskTypes.` `compute.diskTypes.get` `compute.diskTypes.list` `compute.disks.` `compute.disks.addResourcePolicies` `compute.disks.create` `compute.disks.createSnapshot` `compute.disks.createTagBinding` `compute.disks.delete` `compute.disks.deleteTagBinding` `compute.disks.get` `compute.disks.getIamPolicy` `compute.disks.list` `compute.disks.listEffectiveTags` `compute.disks.listTagBindings` `compute.disks.removeResourcePolicies` `compute.disks.resize` `compute.disks.setIamPolicy` `compute.disks.setLabels` `compute.disks.startAsyncReplication` `compute.disks.stopAsyncReplication` `compute.disks.stopGroupAsyncReplication` `compute.disks.update` `compute.disks.updateKmsKey` `compute.disks.use` `compute.disks.useReadOnly` `compute.globalOperations.get` `compute.globalOperations.list` `compute.images.` `compute.images.create` `compute.images.createTagBinding` `compute.images.delete` `compute.images.deleteTagBinding` `compute.images.deprecate` `compute.images.get` `compute.images.getFromFamily` `compute.images.getIamPolicy` `compute.images.list` `compute.images.listEffectiveTags` `compute.images.listTagBindings` `compute.images.setIamPolicy` `compute.images.setLabels` `compute.images.update` `compute.images.useReadOnly` `compute.instanceSettings.get` `compute.instantSnapshots.` `compute.instantSnapshots.create` `compute.instantSnapshots.createTagBinding` `compute.instantSnapshots.delete` `compute.instantSnapshots.deleteTagBinding` `compute.instantSnapshots.export` `compute.instantSnapshots.get` `compute.instantSnapshots.getIamPolicy` `compute.instantSnapshots.list` `compute.instantSnapshots.listEffectiveTags` `compute.instantSnapshots.listTagBindings` `compute.instantSnapshots.setIamPolicy` `compute.instantSnapshots.setLabels` `compute.instantSnapshots.useReadOnly` `compute.licenseCodes.` `compute.licenseCodes.get` `compute.licenseCodes.getIamPolicy` `compute.licenseCodes.list` `compute.licenseCodes.setIamPolicy` `compute.licenses.` `compute.licenses.create` `compute.licenses.createTagBinding` `compute.licenses.delete` `compute.licenses.deleteTagBinding` `compute.licenses.get` `compute.licenses.getIamPolicy` `compute.licenses.list` `compute.licenses.listEffectiveTags` `compute.licenses.listTagBindings` `compute.licenses.setIamPolicy` `compute.licenses.update` `compute.projects.get` `compute.regionOperations.get` `compute.regionOperations.list` `compute.regions.` `compute.regions.get` `compute.regions.list` `compute.resourcePolicies.` `compute.resourcePolicies.create` `compute.resourcePolicies.delete` `compute.resourcePolicies.get` `compute.resourcePolicies.getIamPolicy` `compute.resourcePolicies.list` `compute.resourcePolicies.setIamPolicy` `compute.resourcePolicies.update` `compute.resourcePolicies.use` `compute.resourcePolicies.useReadOnly` `compute.snapshots.` `compute.snapshots.create` `compute.snapshots.createTagBinding` `compute.snapshots.delete` `compute.snapshots.deleteTagBinding` `compute.snapshots.get` `compute.snapshots.getIamPolicy` `compute.snapshots.list` `compute.snapshots.listEffectiveTags` `compute.snapshots.listTagBindings` `compute.snapshots.setIamPolicy` `compute.snapshots.setLabels` `compute.snapshots.updateKmsKey` `compute.snapshots.useReadOnly` `compute.storagePools.` `compute.storagePools.create` `compute.storagePools.createTagBinding` `compute.storagePools.delete` `compute.storagePools.deleteTagBinding` `compute.storagePools.get` `compute.storagePools.getIamPolicy` `compute.storagePools.list` `compute.storagePools.listEffectiveTags` `compute.storagePools.listTagBindings` `compute.storagePools.setIamPolicy` `compute.storagePools.update` `compute.storagePools.use` `compute.zoneOperations.get` `compute.zoneOperations.list` `compute.zones.` `compute.zones.get` `compute.zones.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`
Compute Viewer (`roles/compute.viewer`) Read-only access to get and list Compute Engine resources, withoutbeing able to read the data stored on them. For example, an account with this role could inventory all of the disks ina project, but it could not read any of the data on those disks. Lowest-level resources where you can grant this role: Disk Image Instance Instance template Node group Node template Snapshot	`compute.acceleratorTypes.` `compute.acceleratorTypes.get` `compute.acceleratorTypes.list` `compute.addresses.get` `compute.addresses.list` `compute.addresses.listEffectiveTags` `compute.addresses.listTagBindings` `compute.autoscalers.get` `compute.autoscalers.list` `compute.backendBuckets.get` `compute.backendBuckets.getIamPolicy` `compute.backendBuckets.list` `compute.backendBuckets.listEffectiveTags` `compute.backendBuckets.listTagBindings` `compute.backendServices.get` `compute.backendServices.getIamPolicy` `compute.backendServices.list` `compute.backendServices.listEffectiveTags` `compute.backendServices.listTagBindings` `compute.commitments.get` `compute.commitments.list` `compute.crossSiteNetworks.get` `compute.crossSiteNetworks.list` `compute.diskSettings.get` `compute.diskTypes.` `compute.diskTypes.get` `compute.diskTypes.list` `compute.disks.get` `compute.disks.getIamPolicy` `compute.disks.list` `compute.disks.listEffectiveTags` `compute.disks.listTagBindings` `compute.externalVpnGateways.get` `compute.externalVpnGateways.list` `compute.externalVpnGateways.listEffectiveTags` `compute.externalVpnGateways.listTagBindings` `compute.firewallPolicies.get` `compute.firewallPolicies.getIamPolicy` `compute.firewallPolicies.list` `compute.firewallPolicies.listEffectiveTags` `compute.firewallPolicies.listTagBindings` `compute.firewalls.get` `compute.firewalls.list` `compute.firewalls.listEffectiveTags` `compute.firewalls.listTagBindings` `compute.forwardingRules.get` `compute.forwardingRules.list` `compute.forwardingRules.listEffectiveTags` `compute.forwardingRules.listTagBindings` `compute.futureReservations.get` `compute.futureReservations.getIamPolicy` `compute.futureReservations.list` `compute.globalAddresses.get` `compute.globalAddresses.list` `compute.globalAddresses.listEffectiveTags` `compute.globalAddresses.listTagBindings` `compute.globalForwardingRules.get` `compute.globalForwardingRules.list` `compute.globalForwardingRules.listEffectiveTags` `compute.globalForwardingRules.listTagBindings` `compute.globalNetworkEndpointGroups.get` `compute.globalNetworkEndpointGroups.list` `compute.globalNetworkEndpointGroups.listEffectiveTags` `compute.globalNetworkEndpointGroups.listTagBindings` `compute.globalOperations.get` `compute.globalOperations.getIamPolicy` `compute.globalOperations.list` `compute.globalPublicDelegatedPrefixes.get` `compute.globalPublicDelegatedPrefixes.list` `compute.healthChecks.get` `compute.healthChecks.list` `compute.healthChecks.listEffectiveTags` `compute.healthChecks.listTagBindings` `compute.httpHealthChecks.get` `compute.httpHealthChecks.list` `compute.httpHealthChecks.listEffectiveTags` `compute.httpHealthChecks.listTagBindings` `compute.httpsHealthChecks.get` `compute.httpsHealthChecks.list` `compute.httpsHealthChecks.listEffectiveTags` `compute.httpsHealthChecks.listTagBindings` `compute.images.get` `compute.images.getFromFamily` `compute.images.getIamPolicy` `compute.images.list` `compute.images.listEffectiveTags` `compute.images.listTagBindings` `compute.instanceGroupManagers.get` `compute.instanceGroupManagers.list` `compute.instanceGroupManagers.listEffectiveTags` `compute.instanceGroupManagers.listTagBindings` `compute.instanceGroups.get` `compute.instanceGroups.list` `compute.instanceGroups.listEffectiveTags` `compute.instanceGroups.listTagBindings` `compute.instanceSettings.get` `compute.instanceTemplates.get` `compute.instanceTemplates.getIamPolicy` `compute.instanceTemplates.list` `compute.instances.get` `compute.instances.getEffectiveFirewalls` `compute.instances.getGuestAttributes` `compute.instances.getIamPolicy` `compute.instances.getScreenshot` `compute.instances.getSerialPortOutput` `compute.instances.getShieldedInstanceIdentity` `compute.instances.getShieldedVmIdentity` `compute.instances.list` `compute.instances.listEffectiveTags` `compute.instances.listReferrers` `compute.instances.listTagBindings` `compute.instantSnapshots.get` `compute.instantSnapshots.getIamPolicy` `compute.instantSnapshots.list` `compute.instantSnapshots.listEffectiveTags` `compute.instantSnapshots.listTagBindings` `compute.interconnectAttachmentGroups.get` `compute.interconnectAttachmentGroups.list` `compute.interconnectAttachments.get` `compute.interconnectAttachments.list` `compute.interconnectAttachments.listEffectiveTags` `compute.interconnectAttachments.listTagBindings` `compute.interconnectGroups.get` `compute.interconnectGroups.list` `compute.interconnectLocations.` `compute.interconnectLocations.get` `compute.interconnectLocations.list` `compute.interconnectRemoteLocations.` `compute.interconnectRemoteLocations.get` `compute.interconnectRemoteLocations.list` `compute.interconnects.get` `compute.interconnects.list` `compute.interconnects.listEffectiveTags` `compute.interconnects.listTagBindings` `compute.licenseCodes.get` `compute.licenseCodes.getIamPolicy` `compute.licenseCodes.list` `compute.licenses.get` `compute.licenses.getIamPolicy` `compute.licenses.list` `compute.licenses.listEffectiveTags` `compute.licenses.listTagBindings` `compute.machineImages.get` `compute.machineImages.getIamPolicy` `compute.machineImages.list` `compute.machineImages.listEffectiveTags` `compute.machineImages.listTagBindings` `compute.machineTypes.` `compute.machineTypes.get` `compute.machineTypes.list` `compute.multiMig.get` `compute.multiMig.list` `compute.multiMigMembers.` `compute.multiMigMembers.get` `compute.multiMigMembers.list` `compute.networkAttachments.get` `compute.networkAttachments.getIamPolicy` `compute.networkAttachments.list` `compute.networkAttachments.listEffectiveTags` `compute.networkAttachments.listTagBindings` `compute.networkEdgeSecurityServices.get` `compute.networkEdgeSecurityServices.list` `compute.networkEdgeSecurityServices.listEffectiveTags` `compute.networkEdgeSecurityServices.listTagBindings` `compute.networkEndpointGroups.get` `compute.networkEndpointGroups.list` `compute.networkEndpointGroups.listEffectiveTags` `compute.networkEndpointGroups.listTagBindings` `compute.networkProfiles.` `compute.networkProfiles.get` `compute.networkProfiles.list` `compute.networks.get` `compute.networks.getEffectiveFirewalls` `compute.networks.getRegionEffectiveFirewalls` `compute.networks.list` `compute.networks.listEffectiveTags` `compute.networks.listPeeringRoutes` `compute.networks.listTagBindings` `compute.nodeGroups.get` `compute.nodeGroups.getIamPolicy` `compute.nodeGroups.list` `compute.nodeTemplates.get` `compute.nodeTemplates.getIamPolicy` `compute.nodeTemplates.list` `compute.nodeTypes.` `compute.nodeTypes.get` `compute.nodeTypes.list` `compute.organizations.listAssociations` `compute.packetMirrorings.get` `compute.packetMirrorings.list` `compute.packetMirrorings.listEffectiveTags` `compute.packetMirrorings.listTagBindings` `compute.previewFeatures.get` `compute.previewFeatures.list` `compute.projects.get` `compute.publicAdvertisedPrefixes.get` `compute.publicAdvertisedPrefixes.list` `compute.publicDelegatedPrefixes.get` `compute.publicDelegatedPrefixes.list` `compute.publicDelegatedPrefixes.listEffectiveTags` `compute.publicDelegatedPrefixes.listTagBindings` `compute.regionBackendBuckets.get` `compute.regionBackendBuckets.getIamPolicy` `compute.regionBackendBuckets.list` `compute.regionBackendBuckets.listEffectiveTags` `compute.regionBackendBuckets.listTagBindings` `compute.regionBackendServices.get` `compute.regionBackendServices.getIamPolicy` `compute.regionBackendServices.list` `compute.regionBackendServices.listEffectiveTags` `compute.regionBackendServices.listTagBindings` `compute.regionCompositeHealthChecks.get` `compute.regionCompositeHealthChecks.list` `compute.regionFirewallPolicies.get` `compute.regionFirewallPolicies.getIamPolicy` `compute.regionFirewallPolicies.list` `compute.regionFirewallPolicies.listEffectiveTags` `compute.regionFirewallPolicies.listTagBindings` `compute.regionHealthAggregationPolicies.get` `compute.regionHealthAggregationPolicies.list` `compute.regionHealthCheckServices.get` `compute.regionHealthCheckServices.list` `compute.regionHealthChecks.get` `compute.regionHealthChecks.list` `compute.regionHealthChecks.listEffectiveTags` `compute.regionHealthChecks.listTagBindings` `compute.regionHealthSources.get` `compute.regionHealthSources.list` `compute.regionNetworkEndpointGroups.get` `compute.regionNetworkEndpointGroups.list` `compute.regionNetworkEndpointGroups.listEffectiveTags` `compute.regionNetworkEndpointGroups.listTagBindings` `compute.regionNetworkPolicies.get` `compute.regionNetworkPolicies.list` `compute.regionNotificationEndpoints.get` `compute.regionNotificationEndpoints.list` `compute.regionOperations.get` `compute.regionOperations.getIamPolicy` `compute.regionOperations.list` `compute.regionSecurityPolicies.get` `compute.regionSecurityPolicies.list` `compute.regionSecurityPolicies.listEffectiveTags` `compute.regionSecurityPolicies.listTagBindings` `compute.regionSslCertificates.get` `compute.regionSslCertificates.list` `compute.regionSslCertificates.listEffectiveTags` `compute.regionSslCertificates.listTagBindings` `compute.regionSslPolicies.get` `compute.regionSslPolicies.list` `compute.regionSslPolicies.listAvailableFeatures` `compute.regionSslPolicies.listEffectiveTags` `compute.regionSslPolicies.listTagBindings` `compute.regionTargetHttpProxies.get` `compute.regionTargetHttpProxies.list` `compute.regionTargetHttpProxies.listEffectiveTags` `compute.regionTargetHttpProxies.listTagBindings` `compute.regionTargetHttpsProxies.get` `compute.regionTargetHttpsProxies.list` `compute.regionTargetHttpsProxies.listEffectiveTags` `compute.regionTargetHttpsProxies.listTagBindings` `compute.regionTargetTcpProxies.get` `compute.regionTargetTcpProxies.list` `compute.regionTargetTcpProxies.listEffectiveTags` `compute.regionTargetTcpProxies.listTagBindings` `compute.regionUrlMaps.get` `compute.regionUrlMaps.list` `compute.regionUrlMaps.listEffectiveTags` `compute.regionUrlMaps.listTagBindings` `compute.regionUrlMaps.validate` `compute.regions.` `compute.regions.get` `compute.regions.list` `compute.reservationBlocks.get` `compute.reservationBlocks.list` `compute.reservationSubBlocks.get` `compute.reservationSubBlocks.list` `compute.reservations.get` `compute.reservations.list` `compute.resourcePolicies.get` `compute.resourcePolicies.getIamPolicy` `compute.resourcePolicies.list` `compute.rolloutPlans.get` `compute.rolloutPlans.list` `compute.rollouts.get` `compute.rollouts.list` `compute.routers.get` `compute.routers.getRoutePolicy` `compute.routers.list` `compute.routers.listBgpRoutes` `compute.routers.listEffectiveTags` `compute.routers.listRoutePolicies` `compute.routers.listTagBindings` `compute.routes.get` `compute.routes.list` `compute.routes.listEffectiveTags` `compute.routes.listTagBindings` `compute.securityPolicies.get` `compute.securityPolicies.list` `compute.securityPolicies.listEffectiveTags` `compute.securityPolicies.listTagBindings` `compute.serviceAttachments.get` `compute.serviceAttachments.getIamPolicy` `compute.serviceAttachments.list` `compute.serviceAttachments.listEffectiveTags` `compute.serviceAttachments.listTagBindings` `compute.snapshotSettings.get` `compute.snapshots.get` `compute.snapshots.getIamPolicy` `compute.snapshots.list` `compute.snapshots.listEffectiveTags` `compute.snapshots.listTagBindings` `compute.spotAssistants.get` `compute.sslCertificates.get` `compute.sslCertificates.list` `compute.sslCertificates.listEffectiveTags` `compute.sslCertificates.listTagBindings` `compute.sslPolicies.get` `compute.sslPolicies.list` `compute.sslPolicies.listAvailableFeatures` `compute.sslPolicies.listEffectiveTags` `compute.sslPolicies.listTagBindings` `compute.storagePools.get` `compute.storagePools.getIamPolicy` `compute.storagePools.list` `compute.storagePools.listEffectiveTags` `compute.storagePools.listTagBindings` `compute.subnetworks.get` `compute.subnetworks.getIamPolicy` `compute.subnetworks.list` `compute.subnetworks.listEffectiveTags` `compute.subnetworks.listTagBindings` `compute.targetGrpcProxies.get` `compute.targetGrpcProxies.list` `compute.targetGrpcProxies.listEffectiveTags` `compute.targetGrpcProxies.listTagBindings` `compute.targetHttpProxies.get` `compute.targetHttpProxies.list` `compute.targetHttpProxies.listEffectiveTags` `compute.targetHttpProxies.listTagBindings` `compute.targetHttpsProxies.get` `compute.targetHttpsProxies.list` `compute.targetHttpsProxies.listEffectiveTags` `compute.targetHttpsProxies.listTagBindings` `compute.targetInstances.get` `compute.targetInstances.list` `compute.targetInstances.listEffectiveTags` `compute.targetInstances.listTagBindings` `compute.targetPools.get` `compute.targetPools.list` `compute.targetPools.listEffectiveTags` `compute.targetPools.listTagBindings` `compute.targetSslProxies.get` `compute.targetSslProxies.list` `compute.targetSslProxies.listEffectiveTags` `compute.targetSslProxies.listTagBindings` `compute.targetTcpProxies.get` `compute.targetTcpProxies.list` `compute.targetTcpProxies.listEffectiveTags` `compute.targetTcpProxies.listTagBindings` `compute.targetVpnGateways.get` `compute.targetVpnGateways.list` `compute.targetVpnGateways.listEffectiveTags` `compute.targetVpnGateways.listTagBindings` `compute.urlMaps.get` `compute.urlMaps.list` `compute.urlMaps.listEffectiveTags` `compute.urlMaps.listTagBindings` `compute.urlMaps.validate` `compute.vmExtensionPolicies.get` `compute.vmExtensionPolicies.list` `compute.vpnGateways.get` `compute.vpnGateways.list` `compute.vpnGateways.listEffectiveTags` `compute.vpnGateways.listTagBindings` `compute.vpnTunnels.get` `compute.vpnTunnels.list` `compute.vpnTunnels.listEffectiveTags` `compute.vpnTunnels.listTagBindings` `compute.wireGroups.get` `compute.wireGroups.list` `compute.zoneOperations.get` `compute.zoneOperations.getIamPolicy` `compute.zoneOperations.list` `compute.zones.` `compute.zones.get` `compute.zones.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.*` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`
Compute VM extension policy admin^Beta (`roles/compute.vmExtensionPolicyAdmin`) Administer zone/global VM extension policies.	`compute.instances.get` `compute.instances.list` `compute.instances.setLabels` `compute.instances.setTags` `compute.rolloutPlans.` `compute.rolloutPlans.create` `compute.rolloutPlans.delete` `compute.rolloutPlans.get` `compute.rolloutPlans.list` `compute.rollouts.` `compute.rollouts.cancel` `compute.rollouts.delete` `compute.rollouts.get` `compute.rollouts.list` `compute.vmExtensionPolicies.*` `compute.vmExtensionPolicies.create` `compute.vmExtensionPolicies.delete` `compute.vmExtensionPolicies.get` `compute.vmExtensionPolicies.list` `compute.vmExtensionPolicies.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Compute VM extension policy viewer^Beta (`roles/compute.vmExtensionPolicyViewer`) View zone/global VM extension policies.	`compute.instances.get` `compute.instances.list` `compute.rolloutPlans.get` `compute.rolloutPlans.list` `compute.rollouts.get` `compute.rollouts.list` `compute.vmExtensionPolicies.get` `compute.vmExtensionPolicies.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Compute Shared VPC Admin (`roles/compute.xpnAdmin`) Permissions to administershared VPC host projects,specifically enabling the host projects and associating shared VPC service projects to the hostproject's network. At the organization level, this role can only be granted by an organization admin. Google Cloud recommends that the Shared VPC Admin be the owner of the shared VPC host project. TheShared VPC Admin is responsible for granting the Compute Network User role(`roles/compute.networkUser`) to service owners, and the shared VPC host project ownercontrols the project itself. Managing the project is easier if a single principal (individual orgroup) can fulfill both roles. Lowest-level resources where you can grant this role: Folder	`compute.globalOperations.get` `compute.globalOperations.list` `compute.organizations.disableXpnHost` `compute.organizations.disableXpnResource` `compute.organizations.enableXpnHost` `compute.organizations.enableXpnResource` `compute.projects.get` `compute.subnetworks.getIamPolicy` `compute.subnetworks.setIamPolicy` `resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.getIamPolicy` `resourcemanager.projects.list`

Compute Admin

(roles/compute.admin)

Full control of all Compute Engine resources.

If the user will be managing virtual machine instances that are configuredto run as a service account, you must also grant theroles/iam.serviceAccountUser role.

Lowest-level resources where you can grant this role:

Disk
Image
Instance
Instance template
Node group
Node template
Snapshot

backupdr.backupPlanAssociations.createForComputeDisk

backupdr.backupPlanAssociations.createForComputeInstance

backupdr.backupPlanAssociations.deleteForComputeDisk

backupdr.backupPlanAssociations.deleteForComputeInstance

backupdr.backupPlanAssociations.fetchForComputeDisk

backupdr.backupPlanAssociations.getForComputeDisk

backupdr.backupPlanAssociations.list

backupdr.backupPlanAssociations.triggerBackupForComputeDisk

backupdr.backupPlanAssociations.triggerBackupForComputeInstance

backupdr.backupPlanAssociations.updateForComputeDisk

backupdr.backupPlanAssociations.updateForComputeInstance

backupdr.backupPlans.get

backupdr.backupPlans.list

backupdr.backupPlans.useForComputeDisk

backupdr.backupPlans.useForComputeInstance

backupdr.backupVaults.get

backupdr.backupVaults.list

backupdr.locations.list

backupdr.operations.get

backupdr.operations.list

backupdr.serviceConfig.initialize

cloudkms.keyHandles.*

cloudkms.keyHandles.create
cloudkms.keyHandles.get
cloudkms.keyHandles.list

cloudkms.operations.get

cloudkms.projects.showEffectiveAutokeyConfig

compute.*

compute.acceleratorTypes.get
compute.acceleratorTypes.list
compute.addresses.create
compute.addresses.createInternal
compute.addresses.createTagBinding
compute.addresses.delete
compute.addresses.deleteInternal
compute.addresses.deleteTagBinding
compute.addresses.get
compute.addresses.list
compute.addresses.listEffectiveTags
compute.addresses.listTagBindings
compute.addresses.setLabels
compute.addresses.use
compute.addresses.useInternal
compute.advice.calendarMode
compute.autoscalers.create
compute.autoscalers.delete
compute.autoscalers.get
compute.autoscalers.list
compute.autoscalers.update
compute.backendBuckets.addSignedUrlKey
compute.backendBuckets.create
compute.backendBuckets.createTagBinding
compute.backendBuckets.delete
compute.backendBuckets.deleteSignedUrlKey
compute.backendBuckets.deleteTagBinding
compute.backendBuckets.get
compute.backendBuckets.getIamPolicy
compute.backendBuckets.list
compute.backendBuckets.listEffectiveTags
compute.backendBuckets.listTagBindings
compute.backendBuckets.setIamPolicy
compute.backendBuckets.setSecurityPolicy
compute.backendBuckets.update
compute.backendBuckets.use
compute.backendServices.addSignedUrlKey
compute.backendServices.create
compute.backendServices.createTagBinding
compute.backendServices.delete
compute.backendServices.deleteSignedUrlKey
compute.backendServices.deleteTagBinding
compute.backendServices.get
compute.backendServices.getIamPolicy
compute.backendServices.list
compute.backendServices.listEffectiveTags
compute.backendServices.listTagBindings
compute.backendServices.setIamPolicy
compute.backendServices.setSecurityPolicy
compute.backendServices.update
compute.backendServices.use
compute.commitments.create
compute.commitments.get
compute.commitments.list
compute.commitments.update
compute.commitments.updateReservations
compute.crossSiteNetworks.create
compute.crossSiteNetworks.delete
compute.crossSiteNetworks.get
compute.crossSiteNetworks.list
compute.crossSiteNetworks.update
compute.diskSettings.get
compute.diskSettings.update
compute.diskTypes.get
compute.diskTypes.list
compute.disks.addResourcePolicies
compute.disks.create
compute.disks.createSnapshot
compute.disks.createTagBinding
compute.disks.delete
compute.disks.deleteTagBinding
compute.disks.get
compute.disks.getIamPolicy
compute.disks.list
compute.disks.listEffectiveTags
compute.disks.listTagBindings
compute.disks.removeResourcePolicies
compute.disks.resize
compute.disks.setIamPolicy
compute.disks.setLabels
compute.disks.startAsyncReplication
compute.disks.stopAsyncReplication
compute.disks.stopGroupAsyncReplication
compute.disks.update
compute.disks.updateKmsKey
compute.disks.use
compute.disks.useReadOnly
compute.externalVpnGateways.create
compute.externalVpnGateways.createTagBinding
compute.externalVpnGateways.delete
compute.externalVpnGateways.deleteTagBinding
compute.externalVpnGateways.get
compute.externalVpnGateways.list
compute.externalVpnGateways.listEffectiveTags
compute.externalVpnGateways.listTagBindings
compute.externalVpnGateways.setLabels
compute.externalVpnGateways.use
compute.firewallPolicies.cloneRules
compute.firewallPolicies.copyRules
compute.firewallPolicies.create
compute.firewallPolicies.createTagBinding
compute.firewallPolicies.delete
compute.firewallPolicies.deleteTagBinding
compute.firewallPolicies.get
compute.firewallPolicies.getIamPolicy
compute.firewallPolicies.list
compute.firewallPolicies.listEffectiveTags
compute.firewallPolicies.listTagBindings
compute.firewallPolicies.move
compute.firewallPolicies.setIamPolicy
compute.firewallPolicies.update
compute.firewallPolicies.use
compute.firewalls.create
compute.firewalls.createTagBinding
compute.firewalls.delete
compute.firewalls.deleteTagBinding
compute.firewalls.get
compute.firewalls.list
compute.firewalls.listEffectiveTags
compute.firewalls.listTagBindings
compute.firewalls.update
compute.forwardingRules.create
compute.forwardingRules.createTagBinding
compute.forwardingRules.delete
compute.forwardingRules.deleteTagBinding
compute.forwardingRules.get
compute.forwardingRules.list
compute.forwardingRules.listEffectiveTags
compute.forwardingRules.listTagBindings
compute.forwardingRules.pscCreate
compute.forwardingRules.pscDelete
compute.forwardingRules.pscSetLabels
compute.forwardingRules.pscUpdate
compute.forwardingRules.setLabels
compute.forwardingRules.setTarget
compute.forwardingRules.update
compute.forwardingRules.use
compute.futureReservations.cancel
compute.futureReservations.create
compute.futureReservations.delete
compute.futureReservations.get
compute.futureReservations.getIamPolicy
compute.futureReservations.list
compute.futureReservations.setIamPolicy
compute.futureReservations.update
compute.globalAddresses.create
compute.globalAddresses.createInternal
compute.globalAddresses.createTagBinding
compute.globalAddresses.delete
compute.globalAddresses.deleteInternal
compute.globalAddresses.deleteTagBinding
compute.globalAddresses.get
compute.globalAddresses.list
compute.globalAddresses.listEffectiveTags
compute.globalAddresses.listTagBindings
compute.globalAddresses.setLabels
compute.globalAddresses.use
compute.globalForwardingRules.create
compute.globalForwardingRules.createTagBinding
compute.globalForwardingRules.delete
compute.globalForwardingRules.deleteTagBinding
compute.globalForwardingRules.get
compute.globalForwardingRules.list
compute.globalForwardingRules.listEffectiveTags
compute.globalForwardingRules.listTagBindings
compute.globalForwardingRules.pscCreate
compute.globalForwardingRules.pscDelete
compute.globalForwardingRules.pscSetLabels
compute.globalForwardingRules.pscUpdate
compute.globalForwardingRules.setLabels
compute.globalForwardingRules.setTarget
compute.globalForwardingRules.update
compute.globalNetworkEndpointGroups.attachNetworkEndpoints
compute.globalNetworkEndpointGroups.create
compute.globalNetworkEndpointGroups.createTagBinding
compute.globalNetworkEndpointGroups.delete
compute.globalNetworkEndpointGroups.deleteTagBinding
compute.globalNetworkEndpointGroups.detachNetworkEndpoints
compute.globalNetworkEndpointGroups.get
compute.globalNetworkEndpointGroups.list
compute.globalNetworkEndpointGroups.listEffectiveTags
compute.globalNetworkEndpointGroups.listTagBindings
compute.globalNetworkEndpointGroups.use
compute.globalOperations.delete
compute.globalOperations.get
compute.globalOperations.getIamPolicy
compute.globalOperations.list
compute.globalOperations.setIamPolicy
compute.globalPublicDelegatedPrefixes.create
compute.globalPublicDelegatedPrefixes.delete
compute.globalPublicDelegatedPrefixes.get
compute.globalPublicDelegatedPrefixes.list
compute.globalPublicDelegatedPrefixes.updatePolicy
compute.healthChecks.create
compute.healthChecks.createTagBinding
compute.healthChecks.delete
compute.healthChecks.deleteTagBinding
compute.healthChecks.get
compute.healthChecks.list
compute.healthChecks.listEffectiveTags
compute.healthChecks.listTagBindings
compute.healthChecks.update
compute.healthChecks.use
compute.healthChecks.useReadOnly
compute.httpHealthChecks.create
compute.httpHealthChecks.createTagBinding
compute.httpHealthChecks.delete
compute.httpHealthChecks.deleteTagBinding
compute.httpHealthChecks.get
compute.httpHealthChecks.list
compute.httpHealthChecks.listEffectiveTags
compute.httpHealthChecks.listTagBindings
compute.httpHealthChecks.update
compute.httpHealthChecks.use
compute.httpHealthChecks.useReadOnly
compute.httpsHealthChecks.create
compute.httpsHealthChecks.createTagBinding
compute.httpsHealthChecks.delete
compute.httpsHealthChecks.deleteTagBinding
compute.httpsHealthChecks.get
compute.httpsHealthChecks.list
compute.httpsHealthChecks.listEffectiveTags
compute.httpsHealthChecks.listTagBindings
compute.httpsHealthChecks.update
compute.httpsHealthChecks.use
compute.httpsHealthChecks.useReadOnly
compute.images.create
compute.images.createTagBinding
compute.images.delete
compute.images.deleteTagBinding
compute.images.deprecate
compute.images.get
compute.images.getFromFamily
compute.images.getIamPolicy
compute.images.list
compute.images.listEffectiveTags
compute.images.listTagBindings
compute.images.setIamPolicy
compute.images.setLabels
compute.images.update
compute.images.useReadOnly
compute.instanceGroupManagers.create
compute.instanceGroupManagers.createTagBinding
compute.instanceGroupManagers.delete
compute.instanceGroupManagers.deleteTagBinding
compute.instanceGroupManagers.get
compute.instanceGroupManagers.list
compute.instanceGroupManagers.listEffectiveTags
compute.instanceGroupManagers.listTagBindings
compute.instanceGroupManagers.update
compute.instanceGroupManagers.use
compute.instanceGroups.create
compute.instanceGroups.createTagBinding
compute.instanceGroups.delete
compute.instanceGroups.deleteTagBinding
compute.instanceGroups.get
compute.instanceGroups.list
compute.instanceGroups.listEffectiveTags
compute.instanceGroups.listTagBindings
compute.instanceGroups.update
compute.instanceGroups.use
compute.instanceSettings.get
compute.instanceSettings.update
compute.instanceTemplates.create
compute.instanceTemplates.delete
compute.instanceTemplates.get
compute.instanceTemplates.getIamPolicy
compute.instanceTemplates.list
compute.instanceTemplates.setIamPolicy
compute.instanceTemplates.useReadOnly
compute.instances.addAccessConfig
compute.instances.addNetworkInterface
compute.instances.addResourcePolicies
compute.instances.attachDisk
compute.instances.create
compute.instances.createTagBinding
compute.instances.delete
compute.instances.deleteAccessConfig
compute.instances.deleteNetworkInterface
compute.instances.deleteTagBinding
compute.instances.detachDisk
compute.instances.get
compute.instances.getEffectiveFirewalls
compute.instances.getGuestAttributes
compute.instances.getIamPolicy
compute.instances.getScreenshot
compute.instances.getSerialPortOutput
compute.instances.getShieldedInstanceIdentity
compute.instances.getShieldedVmIdentity
compute.instances.list
compute.instances.listEffectiveTags
compute.instances.listReferrers
compute.instances.listTagBindings
compute.instances.osAdminLogin
compute.instances.osLogin
compute.instances.pscInterfaceCreate
compute.instances.removeResourcePolicies
compute.instances.reset
compute.instances.resume
compute.instances.sendDiagnosticInterrupt
compute.instances.setDeletionProtection
compute.instances.setDiskAutoDelete
compute.instances.setIamPolicy
compute.instances.setLabels
compute.instances.setMachineResources
compute.instances.setMachineType
compute.instances.setMetadata
compute.instances.setMinCpuPlatform
compute.instances.setName
compute.instances.setScheduling
compute.instances.setSecurityPolicy
compute.instances.setServiceAccount
compute.instances.setShieldedInstanceIntegrityPolicy
compute.instances.setShieldedVmIntegrityPolicy
compute.instances.setTags
compute.instances.simulateMaintenanceEvent
compute.instances.start
compute.instances.startWithEncryptionKey
compute.instances.stop
compute.instances.suspend
compute.instances.update
compute.instances.updateAccessConfig
compute.instances.updateDisplayDevice
compute.instances.updateNetworkInterface
compute.instances.updateSecurity
compute.instances.updateShieldedInstanceConfig
compute.instances.updateShieldedVmConfig
compute.instances.use
compute.instances.useReadOnly
compute.instantSnapshots.create
compute.instantSnapshots.createTagBinding
compute.instantSnapshots.delete
compute.instantSnapshots.deleteTagBinding
compute.instantSnapshots.export
compute.instantSnapshots.get
compute.instantSnapshots.getIamPolicy
compute.instantSnapshots.list
compute.instantSnapshots.listEffectiveTags
compute.instantSnapshots.listTagBindings
compute.instantSnapshots.setIamPolicy
compute.instantSnapshots.setLabels
compute.instantSnapshots.useReadOnly
compute.interconnectAttachmentGroups.create
compute.interconnectAttachmentGroups.delete
compute.interconnectAttachmentGroups.get
compute.interconnectAttachmentGroups.list
compute.interconnectAttachmentGroups.patch
compute.interconnectAttachments.create
compute.interconnectAttachments.createTagBinding
compute.interconnectAttachments.delete
compute.interconnectAttachments.deleteTagBinding
compute.interconnectAttachments.get
compute.interconnectAttachments.list
compute.interconnectAttachments.listEffectiveTags
compute.interconnectAttachments.listTagBindings
compute.interconnectAttachments.setLabels
compute.interconnectAttachments.update
compute.interconnectAttachments.use
compute.interconnectGroups.create
compute.interconnectGroups.delete
compute.interconnectGroups.get
compute.interconnectGroups.list
compute.interconnectGroups.patch
compute.interconnectLocations.get
compute.interconnectLocations.list
compute.interconnectRemoteLocations.get
compute.interconnectRemoteLocations.list
compute.interconnects.create
compute.interconnects.createTagBinding
compute.interconnects.delete
compute.interconnects.deleteTagBinding
compute.interconnects.get
compute.interconnects.getMacsecConfig
compute.interconnects.list
compute.interconnects.listEffectiveTags
compute.interconnects.listTagBindings
compute.interconnects.setLabels
compute.interconnects.update
compute.interconnects.use
compute.licenseCodes.get
compute.licenseCodes.getIamPolicy
compute.licenseCodes.list
compute.licenseCodes.setIamPolicy
compute.licenses.create
compute.licenses.createTagBinding
compute.licenses.delete
compute.licenses.deleteTagBinding
compute.licenses.get
compute.licenses.getIamPolicy
compute.licenses.list
compute.licenses.listEffectiveTags
compute.licenses.listTagBindings
compute.licenses.setIamPolicy
compute.licenses.update
compute.machineImages.create
compute.machineImages.createTagBinding
compute.machineImages.delete
compute.machineImages.deleteTagBinding
compute.machineImages.get
compute.machineImages.getIamPolicy
compute.machineImages.list
compute.machineImages.listEffectiveTags
compute.machineImages.listTagBindings
compute.machineImages.setIamPolicy
compute.machineImages.setLabels
compute.machineImages.useReadOnly
compute.machineTypes.get
compute.machineTypes.list
compute.multiMig.create
compute.multiMig.delete
compute.multiMig.get
compute.multiMig.list
compute.multiMigMembers.get
compute.multiMigMembers.list
compute.networkAttachments.create
compute.networkAttachments.createTagBinding
compute.networkAttachments.delete
compute.networkAttachments.deleteTagBinding
compute.networkAttachments.get
compute.networkAttachments.getIamPolicy
compute.networkAttachments.list
compute.networkAttachments.listEffectiveTags
compute.networkAttachments.listTagBindings
compute.networkAttachments.setIamPolicy
compute.networkAttachments.update
compute.networkAttachments.use
compute.networkEdgeSecurityServices.create
compute.networkEdgeSecurityServices.createTagBinding
compute.networkEdgeSecurityServices.delete
compute.networkEdgeSecurityServices.deleteTagBinding
compute.networkEdgeSecurityServices.get
compute.networkEdgeSecurityServices.list
compute.networkEdgeSecurityServices.listEffectiveTags
compute.networkEdgeSecurityServices.listTagBindings
compute.networkEdgeSecurityServices.update
compute.networkEndpointGroups.attachNetworkEndpoints
compute.networkEndpointGroups.create
compute.networkEndpointGroups.createTagBinding
compute.networkEndpointGroups.delete
compute.networkEndpointGroups.deleteTagBinding
compute.networkEndpointGroups.detachNetworkEndpoints
compute.networkEndpointGroups.get
compute.networkEndpointGroups.list
compute.networkEndpointGroups.listEffectiveTags
compute.networkEndpointGroups.listTagBindings
compute.networkEndpointGroups.use
compute.networkProfiles.get
compute.networkProfiles.list
compute.networks.access
compute.networks.addPeering
compute.networks.create
compute.networks.createTagBinding
compute.networks.delete
compute.networks.deleteTagBinding
compute.networks.get
compute.networks.getEffectiveFirewalls
compute.networks.getRegionEffectiveFirewalls
compute.networks.list
compute.networks.listEffectiveTags
compute.networks.listPeeringRoutes
compute.networks.listTagBindings
compute.networks.mirror
compute.networks.removePeering
compute.networks.setFirewallPolicy
compute.networks.setNetworkPolicy
compute.networks.switchToCustomMode
compute.networks.update
compute.networks.updatePeering
compute.networks.updatePolicy
compute.networks.use
compute.networks.useExternalIp
compute.nodeGroups.addNodes
compute.nodeGroups.create
compute.nodeGroups.delete
compute.nodeGroups.deleteNodes
compute.nodeGroups.get
compute.nodeGroups.getIamPolicy
compute.nodeGroups.list
compute.nodeGroups.performMaintenance
compute.nodeGroups.setIamPolicy
compute.nodeGroups.setNodeTemplate
compute.nodeGroups.simulateMaintenanceEvent
compute.nodeGroups.update
compute.nodeTemplates.create
compute.nodeTemplates.delete
compute.nodeTemplates.get
compute.nodeTemplates.getIamPolicy
compute.nodeTemplates.list
compute.nodeTemplates.setIamPolicy
compute.nodeTypes.get
compute.nodeTypes.list
compute.organizations.disableXpnHost
compute.organizations.disableXpnResource
compute.organizations.enableXpnHost
compute.organizations.enableXpnResource
compute.organizations.listAssociations
compute.organizations.setFirewallPolicy
compute.organizations.setSecurityPolicy
compute.oslogin.updateExternalUser
compute.packetMirrorings.create
compute.packetMirrorings.createTagBinding
compute.packetMirrorings.delete
compute.packetMirrorings.deleteTagBinding
compute.packetMirrorings.get
compute.packetMirrorings.list
compute.packetMirrorings.listEffectiveTags
compute.packetMirrorings.listTagBindings
compute.packetMirrorings.update
compute.previewFeatures.get
compute.previewFeatures.list
compute.previewFeatures.update
compute.projects.get
compute.projects.setCloudArmorTier
compute.projects.setCommonInstanceMetadata
compute.projects.setDefaultNetworkTier
compute.projects.setDefaultServiceAccount
compute.projects.setManagedProtectionTier
compute.projects.setUsageExportBucket
compute.publicAdvertisedPrefixes.create
compute.publicAdvertisedPrefixes.delete
compute.publicAdvertisedPrefixes.get
compute.publicAdvertisedPrefixes.list
compute.publicAdvertisedPrefixes.update
compute.publicAdvertisedPrefixes.updatePolicy
compute.publicDelegatedPrefixes.announce
compute.publicDelegatedPrefixes.create
compute.publicDelegatedPrefixes.createTagBinding
compute.publicDelegatedPrefixes.delete
compute.publicDelegatedPrefixes.deleteTagBinding
compute.publicDelegatedPrefixes.get
compute.publicDelegatedPrefixes.list
compute.publicDelegatedPrefixes.listEffectiveTags
compute.publicDelegatedPrefixes.listTagBindings
compute.publicDelegatedPrefixes.update
compute.publicDelegatedPrefixes.updatePolicy
compute.publicDelegatedPrefixes.use
compute.publicDelegatedPrefixes.withdraw
compute.regionBackendBuckets.create
compute.regionBackendBuckets.createTagBinding
compute.regionBackendBuckets.delete
compute.regionBackendBuckets.deleteTagBinding
compute.regionBackendBuckets.get
compute.regionBackendBuckets.getIamPolicy
compute.regionBackendBuckets.list
compute.regionBackendBuckets.listEffectiveTags
compute.regionBackendBuckets.listTagBindings
compute.regionBackendBuckets.setIamPolicy
compute.regionBackendBuckets.update
compute.regionBackendBuckets.use
compute.regionBackendServices.create
compute.regionBackendServices.createTagBinding
compute.regionBackendServices.delete
compute.regionBackendServices.deleteTagBinding
compute.regionBackendServices.get
compute.regionBackendServices.getIamPolicy
compute.regionBackendServices.list
compute.regionBackendServices.listEffectiveTags
compute.regionBackendServices.listTagBindings
compute.regionBackendServices.setIamPolicy
compute.regionBackendServices.setSecurityPolicy
compute.regionBackendServices.update
compute.regionBackendServices.use
compute.regionCompositeHealthChecks.create
compute.regionCompositeHealthChecks.delete
compute.regionCompositeHealthChecks.get
compute.regionCompositeHealthChecks.list
compute.regionCompositeHealthChecks.update
compute.regionFirewallPolicies.cloneRules
compute.regionFirewallPolicies.create
compute.regionFirewallPolicies.createTagBinding
compute.regionFirewallPolicies.delete
compute.regionFirewallPolicies.deleteTagBinding
compute.regionFirewallPolicies.get
compute.regionFirewallPolicies.getIamPolicy
compute.regionFirewallPolicies.list
compute.regionFirewallPolicies.listEffectiveTags
compute.regionFirewallPolicies.listTagBindings
compute.regionFirewallPolicies.setIamPolicy
compute.regionFirewallPolicies.update
compute.regionFirewallPolicies.use
compute.regionHealthAggregationPolicies.create
compute.regionHealthAggregationPolicies.delete
compute.regionHealthAggregationPolicies.get
compute.regionHealthAggregationPolicies.list
compute.regionHealthAggregationPolicies.update
compute.regionHealthCheckServices.create
compute.regionHealthCheckServices.delete
compute.regionHealthCheckServices.get
compute.regionHealthCheckServices.list
compute.regionHealthCheckServices.update
compute.regionHealthCheckServices.use
compute.regionHealthChecks.create
compute.regionHealthChecks.createTagBinding
compute.regionHealthChecks.delete
compute.regionHealthChecks.deleteTagBinding
compute.regionHealthChecks.get
compute.regionHealthChecks.list
compute.regionHealthChecks.listEffectiveTags
compute.regionHealthChecks.listTagBindings
compute.regionHealthChecks.update
compute.regionHealthChecks.use
compute.regionHealthChecks.useReadOnly
compute.regionHealthSources.create
compute.regionHealthSources.delete
compute.regionHealthSources.get
compute.regionHealthSources.list
compute.regionHealthSources.update
compute.regionNetworkEndpointGroups.attachNetworkEndpoints
compute.regionNetworkEndpointGroups.create
compute.regionNetworkEndpointGroups.createTagBinding
compute.regionNetworkEndpointGroups.delete
compute.regionNetworkEndpointGroups.deleteTagBinding
compute.regionNetworkEndpointGroups.detachNetworkEndpoints
compute.regionNetworkEndpointGroups.get
compute.regionNetworkEndpointGroups.list
compute.regionNetworkEndpointGroups.listEffectiveTags
compute.regionNetworkEndpointGroups.listTagBindings
compute.regionNetworkEndpointGroups.use
compute.regionNetworkPolicies.create
compute.regionNetworkPolicies.delete
compute.regionNetworkPolicies.get
compute.regionNetworkPolicies.list
compute.regionNetworkPolicies.update
compute.regionNetworkPolicies.use
compute.regionNotificationEndpoints.create
compute.regionNotificationEndpoints.delete
compute.regionNotificationEndpoints.get
compute.regionNotificationEndpoints.list
compute.regionNotificationEndpoints.update
compute.regionNotificationEndpoints.use
compute.regionOperations.delete
compute.regionOperations.get
compute.regionOperations.getIamPolicy
compute.regionOperations.list
compute.regionOperations.setIamPolicy
compute.regionSecurityPolicies.create
compute.regionSecurityPolicies.createTagBinding
compute.regionSecurityPolicies.delete
compute.regionSecurityPolicies.deleteTagBinding
compute.regionSecurityPolicies.get
compute.regionSecurityPolicies.list
compute.regionSecurityPolicies.listEffectiveTags
compute.regionSecurityPolicies.listTagBindings
compute.regionSecurityPolicies.update
compute.regionSecurityPolicies.use
compute.regionSslCertificates.create
compute.regionSslCertificates.createTagBinding
compute.regionSslCertificates.delete
compute.regionSslCertificates.deleteTagBinding
compute.regionSslCertificates.get
compute.regionSslCertificates.list
compute.regionSslCertificates.listEffectiveTags
compute.regionSslCertificates.listTagBindings
compute.regionSslPolicies.create
compute.regionSslPolicies.createTagBinding
compute.regionSslPolicies.delete
compute.regionSslPolicies.deleteTagBinding
compute.regionSslPolicies.get
compute.regionSslPolicies.list
compute.regionSslPolicies.listAvailableFeatures
compute.regionSslPolicies.listEffectiveTags
compute.regionSslPolicies.listTagBindings
compute.regionSslPolicies.update
compute.regionSslPolicies.use
compute.regionTargetHttpProxies.create
compute.regionTargetHttpProxies.createTagBinding
compute.regionTargetHttpProxies.delete
compute.regionTargetHttpProxies.deleteTagBinding
compute.regionTargetHttpProxies.get
compute.regionTargetHttpProxies.list
compute.regionTargetHttpProxies.listEffectiveTags
compute.regionTargetHttpProxies.listTagBindings
compute.regionTargetHttpProxies.setUrlMap
compute.regionTargetHttpProxies.use
compute.regionTargetHttpsProxies.create
compute.regionTargetHttpsProxies.createTagBinding
compute.regionTargetHttpsProxies.delete
compute.regionTargetHttpsProxies.deleteTagBinding
compute.regionTargetHttpsProxies.get
compute.regionTargetHttpsProxies.list
compute.regionTargetHttpsProxies.listEffectiveTags
compute.regionTargetHttpsProxies.listTagBindings
compute.regionTargetHttpsProxies.setSslCertificates
compute.regionTargetHttpsProxies.setUrlMap
compute.regionTargetHttpsProxies.update
compute.regionTargetHttpsProxies.use
compute.regionTargetTcpProxies.create
compute.regionTargetTcpProxies.createTagBinding
compute.regionTargetTcpProxies.delete
compute.regionTargetTcpProxies.deleteTagBinding
compute.regionTargetTcpProxies.get
compute.regionTargetTcpProxies.list
compute.regionTargetTcpProxies.listEffectiveTags
compute.regionTargetTcpProxies.listTagBindings
compute.regionTargetTcpProxies.use
compute.regionUrlMaps.create
compute.regionUrlMaps.createTagBinding
compute.regionUrlMaps.delete
compute.regionUrlMaps.deleteTagBinding
compute.regionUrlMaps.get
compute.regionUrlMaps.invalidateCache
compute.regionUrlMaps.list
compute.regionUrlMaps.listEffectiveTags
compute.regionUrlMaps.listTagBindings
compute.regionUrlMaps.update
compute.regionUrlMaps.use
compute.regionUrlMaps.validate
compute.regions.get
compute.regions.list
compute.reservationBlocks.get
compute.reservationBlocks.list
compute.reservationBlocks.performMaintenance
compute.reservationSubBlocks.get
compute.reservationSubBlocks.list
compute.reservationSubBlocks.performMaintenance
compute.reservationSubBlocks.reportFaulty
compute.reservations.create
compute.reservations.delete
compute.reservations.get
compute.reservations.list
compute.reservations.performMaintenance
compute.reservations.resize
compute.reservations.update
compute.resourcePolicies.create
compute.resourcePolicies.delete
compute.resourcePolicies.get
compute.resourcePolicies.getIamPolicy
compute.resourcePolicies.list
compute.resourcePolicies.setIamPolicy
compute.resourcePolicies.update
compute.resourcePolicies.use
compute.resourcePolicies.useReadOnly
compute.rolloutPlans.create
compute.rolloutPlans.delete
compute.rolloutPlans.get
compute.rolloutPlans.list
compute.rollouts.cancel
compute.rollouts.delete
compute.rollouts.get
compute.rollouts.list
compute.routers.create
compute.routers.createTagBinding
compute.routers.delete
compute.routers.deleteRoutePolicy
compute.routers.deleteTagBinding
compute.routers.get
compute.routers.getRoutePolicy
compute.routers.list
compute.routers.listBgpRoutes
compute.routers.listEffectiveTags
compute.routers.listRoutePolicies
compute.routers.listTagBindings
compute.routers.update
compute.routers.updateRoutePolicy
compute.routers.use
compute.routes.create
compute.routes.createTagBinding
compute.routes.delete
compute.routes.deleteTagBinding
compute.routes.get
compute.routes.list
compute.routes.listEffectiveTags
compute.routes.listTagBindings
compute.securityPolicies.addAssociation
compute.securityPolicies.copyRules
compute.securityPolicies.create
compute.securityPolicies.createTagBinding
compute.securityPolicies.delete
compute.securityPolicies.deleteTagBinding
compute.securityPolicies.get
compute.securityPolicies.list
compute.securityPolicies.listEffectiveTags
compute.securityPolicies.listTagBindings
compute.securityPolicies.move
compute.securityPolicies.removeAssociation
compute.securityPolicies.setLabels
compute.securityPolicies.update
compute.securityPolicies.use
compute.serviceAttachments.create
compute.serviceAttachments.createTagBinding
compute.serviceAttachments.delete
compute.serviceAttachments.deleteTagBinding
compute.serviceAttachments.get
compute.serviceAttachments.getIamPolicy
compute.serviceAttachments.list
compute.serviceAttachments.listEffectiveTags
compute.serviceAttachments.listTagBindings
compute.serviceAttachments.setIamPolicy
compute.serviceAttachments.update
compute.serviceAttachments.use
compute.snapshotSettings.get
compute.snapshotSettings.update
compute.snapshots.create
compute.snapshots.createTagBinding
compute.snapshots.delete
compute.snapshots.deleteTagBinding
compute.snapshots.get
compute.snapshots.getIamPolicy
compute.snapshots.list
compute.snapshots.listEffectiveTags
compute.snapshots.listTagBindings
compute.snapshots.setIamPolicy
compute.snapshots.setLabels
compute.snapshots.updateKmsKey
compute.snapshots.useReadOnly
compute.spotAssistants.get
compute.sslCertificates.create
compute.sslCertificates.createTagBinding
compute.sslCertificates.delete
compute.sslCertificates.deleteTagBinding
compute.sslCertificates.get
compute.sslCertificates.list
compute.sslCertificates.listEffectiveTags
compute.sslCertificates.listTagBindings
compute.sslPolicies.create
compute.sslPolicies.createTagBinding
compute.sslPolicies.delete
compute.sslPolicies.deleteTagBinding
compute.sslPolicies.get
compute.sslPolicies.list
compute.sslPolicies.listAvailableFeatures
compute.sslPolicies.listEffectiveTags
compute.sslPolicies.listTagBindings
compute.sslPolicies.update
compute.sslPolicies.use
compute.storagePools.create
compute.storagePools.createTagBinding
compute.storagePools.delete
compute.storagePools.deleteTagBinding
compute.storagePools.get
compute.storagePools.getIamPolicy
compute.storagePools.list
compute.storagePools.listEffectiveTags
compute.storagePools.listTagBindings
compute.storagePools.setIamPolicy
compute.storagePools.update
compute.storagePools.use
compute.subnetworks.create
compute.subnetworks.createTagBinding
compute.subnetworks.delete
compute.subnetworks.deleteTagBinding
compute.subnetworks.expandIpCidrRange
compute.subnetworks.get
compute.subnetworks.getIamPolicy
compute.subnetworks.list
compute.subnetworks.listEffectiveTags
compute.subnetworks.listTagBindings
compute.subnetworks.mirror
compute.subnetworks.setIamPolicy
compute.subnetworks.setPrivateIpGoogleAccess
compute.subnetworks.update
compute.subnetworks.use
compute.subnetworks.useExternalIp
compute.subnetworks.usePeerMigration
compute.targetGrpcProxies.create
compute.targetGrpcProxies.createTagBinding
compute.targetGrpcProxies.delete
compute.targetGrpcProxies.deleteTagBinding
compute.targetGrpcProxies.get
compute.targetGrpcProxies.list
compute.targetGrpcProxies.listEffectiveTags
compute.targetGrpcProxies.listTagBindings
compute.targetGrpcProxies.update
compute.targetGrpcProxies.use
compute.targetHttpProxies.create
compute.targetHttpProxies.createTagBinding
compute.targetHttpProxies.delete
compute.targetHttpProxies.deleteTagBinding
compute.targetHttpProxies.get
compute.targetHttpProxies.list
compute.targetHttpProxies.listEffectiveTags
compute.targetHttpProxies.listTagBindings
compute.targetHttpProxies.setUrlMap
compute.targetHttpProxies.update
compute.targetHttpProxies.use
compute.targetHttpsProxies.create
compute.targetHttpsProxies.createTagBinding
compute.targetHttpsProxies.delete
compute.targetHttpsProxies.deleteTagBinding
compute.targetHttpsProxies.get
compute.targetHttpsProxies.list
compute.targetHttpsProxies.listEffectiveTags
compute.targetHttpsProxies.listTagBindings
compute.targetHttpsProxies.setCertificateMap
compute.targetHttpsProxies.setQuicOverride
compute.targetHttpsProxies.setSslCertificates
compute.targetHttpsProxies.setSslPolicy
compute.targetHttpsProxies.setUrlMap
compute.targetHttpsProxies.update
compute.targetHttpsProxies.use
compute.targetInstances.create
compute.targetInstances.createTagBinding
compute.targetInstances.delete
compute.targetInstances.deleteTagBinding
compute.targetInstances.get
compute.targetInstances.list
compute.targetInstances.listEffectiveTags
compute.targetInstances.listTagBindings
compute.targetInstances.setSecurityPolicy
compute.targetInstances.use
compute.targetPools.addHealthCheck
compute.targetPools.addInstance
compute.targetPools.create
compute.targetPools.createTagBinding
compute.targetPools.delete
compute.targetPools.deleteTagBinding
compute.targetPools.get
compute.targetPools.list
compute.targetPools.listEffectiveTags
compute.targetPools.listTagBindings
compute.targetPools.removeHealthCheck
compute.targetPools.removeInstance
compute.targetPools.setSecurityPolicy
compute.targetPools.update
compute.targetPools.use
compute.targetSslProxies.create
compute.targetSslProxies.createTagBinding
compute.targetSslProxies.delete
compute.targetSslProxies.deleteTagBinding
compute.targetSslProxies.get
compute.targetSslProxies.list
compute.targetSslProxies.listEffectiveTags
compute.targetSslProxies.listTagBindings
compute.targetSslProxies.setBackendService
compute.targetSslProxies.setCertificateMap
compute.targetSslProxies.setProxyHeader
compute.targetSslProxies.setSslCertificates
compute.targetSslProxies.setSslPolicy
compute.targetSslProxies.update
compute.targetSslProxies.use
compute.targetTcpProxies.create
compute.targetTcpProxies.createTagBinding
compute.targetTcpProxies.delete
compute.targetTcpProxies.deleteTagBinding
compute.targetTcpProxies.get
compute.targetTcpProxies.list
compute.targetTcpProxies.listEffectiveTags
compute.targetTcpProxies.listTagBindings
compute.targetTcpProxies.update
compute.targetTcpProxies.use
compute.targetVpnGateways.create
compute.targetVpnGateways.createTagBinding
compute.targetVpnGateways.delete
compute.targetVpnGateways.deleteTagBinding
compute.targetVpnGateways.get
compute.targetVpnGateways.list
compute.targetVpnGateways.listEffectiveTags
compute.targetVpnGateways.listTagBindings
compute.targetVpnGateways.setLabels
compute.targetVpnGateways.use
compute.urlMaps.create
compute.urlMaps.createTagBinding
compute.urlMaps.delete
compute.urlMaps.deleteTagBinding
compute.urlMaps.get
compute.urlMaps.invalidateCache
compute.urlMaps.list
compute.urlMaps.listEffectiveTags
compute.urlMaps.listTagBindings
compute.urlMaps.update
compute.urlMaps.use
compute.urlMaps.validate
compute.vmExtensionPolicies.create
compute.vmExtensionPolicies.delete
compute.vmExtensionPolicies.get
compute.vmExtensionPolicies.list
compute.vmExtensionPolicies.update
compute.vpnGateways.create
compute.vpnGateways.createTagBinding
compute.vpnGateways.delete
compute.vpnGateways.deleteTagBinding
compute.vpnGateways.get
compute.vpnGateways.list
compute.vpnGateways.listEffectiveTags
compute.vpnGateways.listTagBindings
compute.vpnGateways.setLabels
compute.vpnGateways.use
compute.vpnTunnels.create
compute.vpnTunnels.createTagBinding
compute.vpnTunnels.delete
compute.vpnTunnels.deleteTagBinding
compute.vpnTunnels.get
compute.vpnTunnels.list
compute.vpnTunnels.listEffectiveTags
compute.vpnTunnels.listTagBindings
compute.vpnTunnels.setLabels
compute.wireGroups.create
compute.wireGroups.delete
compute.wireGroups.get
compute.wireGroups.list
compute.wireGroups.update
compute.zoneOperations.delete
compute.zoneOperations.get
compute.zoneOperations.getIamPolicy
compute.zoneOperations.list
compute.zoneOperations.setIamPolicy
compute.zones.get
compute.zones.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Compute Future Reservation Admin^Beta

(roles/compute.futureReservationAdmin)

compute.acceleratorTypes.list

compute.advice.calendarMode

compute.futureReservations.cancel

compute.futureReservations.create

compute.futureReservations.delete

compute.futureReservations.get

compute.futureReservations.list

compute.futureReservations.update

compute.instanceTemplates.list

compute.machineTypes.list

compute.regions.list

compute.reservationBlocks.performMaintenance

compute.reservationSubBlocks.performMaintenance

compute.reservationSubBlocks.reportFaulty

compute.reservations.create

compute.reservations.performMaintenance

compute.zones.list

Compute Future Reservation User^Beta

(roles/compute.futureReservationUser)

compute.acceleratorTypes.list

compute.advice.calendarMode

compute.futureReservations.create

compute.futureReservations.delete

compute.futureReservations.get

compute.futureReservations.list

compute.futureReservations.update

compute.instanceTemplates.list

compute.machineTypes.list

compute.regions.list

compute.reservations.create

compute.zones.list

Compute Future Reservation Viewer^Beta

(roles/compute.futureReservationViewer)

compute.acceleratorTypes.list

compute.futureReservations.get

compute.futureReservations.list

compute.instanceTemplates.list

compute.machineTypes.list

compute.regions.list

compute.zones.list

Compute Image User

(roles/compute.imageUser)

Permission to list and read images without having other permissions on the image. Granting this roleat the project level gives users the ability to list all images in the project and create resources,such as instances and persistent disks, based on images in the project.

Lowest-level resources where you can grant this role:

Image

compute.images.get

compute.images.getFromFamily

compute.images.list

compute.images.useReadOnly

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Compute Instance Admin (beta)

(roles/compute.instanceAdmin)

Permissions to create, modify, and delete virtual machine instances.This includes permissions to create, modify, and delete disks, and also toconfigureShielded VMsettings.

If the user will be managing virtual machine instances that are configuredto run as a service account, you must also grant theroles/iam.serviceAccountUser role.

For example, if your company has someone who manages groups of virtualmachine instances but does not manage network or security settings anddoes not manage instances that run as service accounts, you can grant thisrole on the organization, folder, or project that contains the instances,or you can grant it on individual instances.

Lowest-level resources where you can grant this role:

Disk
Image
Instance
Instance template
Snapshot

backupdr.backupPlanAssociations.createForComputeDisk

backupdr.backupPlanAssociations.createForComputeInstance

backupdr.backupPlanAssociations.deleteForComputeDisk

backupdr.backupPlanAssociations.deleteForComputeInstance

backupdr.backupPlanAssociations.fetchForComputeDisk

backupdr.backupPlanAssociations.getForComputeDisk

backupdr.backupPlanAssociations.list

backupdr.backupPlanAssociations.triggerBackupForComputeDisk

backupdr.backupPlanAssociations.triggerBackupForComputeInstance

backupdr.backupPlanAssociations.updateForComputeDisk

backupdr.backupPlanAssociations.updateForComputeInstance

backupdr.backupPlans.get

backupdr.backupPlans.list

backupdr.backupPlans.useForComputeDisk

backupdr.backupPlans.useForComputeInstance

backupdr.backupVaults.get

backupdr.backupVaults.list

backupdr.locations.list

backupdr.operations.get

backupdr.operations.list

backupdr.serviceConfig.initialize

cloudkms.keyHandles.*

cloudkms.keyHandles.create
cloudkms.keyHandles.get
cloudkms.keyHandles.list

cloudkms.operations.get

cloudkms.projects.showEffectiveAutokeyConfig

compute.acceleratorTypes.*

compute.acceleratorTypes.get
compute.acceleratorTypes.list

compute.addresses.createInternal

compute.addresses.deleteInternal

compute.addresses.get

compute.addresses.list

compute.addresses.listEffectiveTags

compute.addresses.listTagBindings

compute.addresses.use

compute.addresses.useInternal

compute.autoscalers.*

compute.autoscalers.create
compute.autoscalers.delete
compute.autoscalers.get
compute.autoscalers.list
compute.autoscalers.update

compute.diskSettings.get

compute.diskTypes.*

compute.diskTypes.get
compute.diskTypes.list

compute.disks.create

compute.disks.createSnapshot

compute.disks.delete

compute.disks.get

compute.disks.list

compute.disks.resize

compute.disks.setLabels

compute.disks.startAsyncReplication

compute.disks.stopAsyncReplication

compute.disks.stopGroupAsyncReplication

compute.disks.update

compute.disks.updateKmsKey

compute.disks.use

compute.disks.useReadOnly

compute.globalAddresses.get

compute.globalAddresses.list

compute.globalAddresses.listEffectiveTags

compute.globalAddresses.listTagBindings

compute.globalAddresses.use

compute.globalNetworkEndpointGroups.*

compute.globalNetworkEndpointGroups.attachNetworkEndpoints
compute.globalNetworkEndpointGroups.create
compute.globalNetworkEndpointGroups.createTagBinding
compute.globalNetworkEndpointGroups.delete
compute.globalNetworkEndpointGroups.deleteTagBinding
compute.globalNetworkEndpointGroups.detachNetworkEndpoints
compute.globalNetworkEndpointGroups.get
compute.globalNetworkEndpointGroups.list
compute.globalNetworkEndpointGroups.listEffectiveTags
compute.globalNetworkEndpointGroups.listTagBindings
compute.globalNetworkEndpointGroups.use

compute.globalOperations.get

compute.globalOperations.list

compute.images.get

compute.images.getFromFamily

compute.images.list

compute.images.useReadOnly

compute.instanceGroupManagers.*

compute.instanceGroupManagers.create
compute.instanceGroupManagers.createTagBinding
compute.instanceGroupManagers.delete
compute.instanceGroupManagers.deleteTagBinding
compute.instanceGroupManagers.get
compute.instanceGroupManagers.list
compute.instanceGroupManagers.listEffectiveTags
compute.instanceGroupManagers.listTagBindings
compute.instanceGroupManagers.update
compute.instanceGroupManagers.use

compute.instanceGroups.*

compute.instanceGroups.create
compute.instanceGroups.createTagBinding
compute.instanceGroups.delete
compute.instanceGroups.deleteTagBinding
compute.instanceGroups.get
compute.instanceGroups.list
compute.instanceGroups.listEffectiveTags
compute.instanceGroups.listTagBindings
compute.instanceGroups.update
compute.instanceGroups.use

compute.instanceSettings.get

compute.instanceTemplates.*

compute.instanceTemplates.create
compute.instanceTemplates.delete
compute.instanceTemplates.get
compute.instanceTemplates.getIamPolicy
compute.instanceTemplates.list
compute.instanceTemplates.setIamPolicy
compute.instanceTemplates.useReadOnly

compute.instances.*

compute.instances.addAccessConfig
compute.instances.addNetworkInterface
compute.instances.addResourcePolicies
compute.instances.attachDisk
compute.instances.create
compute.instances.createTagBinding
compute.instances.delete
compute.instances.deleteAccessConfig
compute.instances.deleteNetworkInterface
compute.instances.deleteTagBinding
compute.instances.detachDisk
compute.instances.get
compute.instances.getEffectiveFirewalls
compute.instances.getGuestAttributes
compute.instances.getIamPolicy
compute.instances.getScreenshot
compute.instances.getSerialPortOutput
compute.instances.getShieldedInstanceIdentity
compute.instances.getShieldedVmIdentity
compute.instances.list
compute.instances.listEffectiveTags
compute.instances.listReferrers
compute.instances.listTagBindings
compute.instances.osAdminLogin
compute.instances.osLogin
compute.instances.pscInterfaceCreate
compute.instances.removeResourcePolicies
compute.instances.reset
compute.instances.resume
compute.instances.sendDiagnosticInterrupt
compute.instances.setDeletionProtection
compute.instances.setDiskAutoDelete
compute.instances.setIamPolicy
compute.instances.setLabels
compute.instances.setMachineResources
compute.instances.setMachineType
compute.instances.setMetadata
compute.instances.setMinCpuPlatform
compute.instances.setName
compute.instances.setScheduling
compute.instances.setSecurityPolicy
compute.instances.setServiceAccount
compute.instances.setShieldedInstanceIntegrityPolicy
compute.instances.setShieldedVmIntegrityPolicy
compute.instances.setTags
compute.instances.simulateMaintenanceEvent
compute.instances.start
compute.instances.startWithEncryptionKey
compute.instances.stop
compute.instances.suspend
compute.instances.update
compute.instances.updateAccessConfig
compute.instances.updateDisplayDevice
compute.instances.updateNetworkInterface
compute.instances.updateSecurity
compute.instances.updateShieldedInstanceConfig
compute.instances.updateShieldedVmConfig
compute.instances.use
compute.instances.useReadOnly

compute.licenses.get

compute.licenses.list

compute.licenses.listEffectiveTags

compute.licenses.listTagBindings

compute.machineImages.*

compute.machineImages.create
compute.machineImages.createTagBinding
compute.machineImages.delete
compute.machineImages.deleteTagBinding
compute.machineImages.get
compute.machineImages.getIamPolicy
compute.machineImages.list
compute.machineImages.listEffectiveTags
compute.machineImages.listTagBindings
compute.machineImages.setIamPolicy
compute.machineImages.setLabels
compute.machineImages.useReadOnly

compute.machineTypes.*

compute.machineTypes.get
compute.machineTypes.list

compute.multiMig.*

compute.multiMig.create
compute.multiMig.delete
compute.multiMig.get
compute.multiMig.list

compute.networkEndpointGroups.*

compute.networkEndpointGroups.attachNetworkEndpoints
compute.networkEndpointGroups.create
compute.networkEndpointGroups.createTagBinding
compute.networkEndpointGroups.delete
compute.networkEndpointGroups.deleteTagBinding
compute.networkEndpointGroups.detachNetworkEndpoints
compute.networkEndpointGroups.get
compute.networkEndpointGroups.list
compute.networkEndpointGroups.listEffectiveTags
compute.networkEndpointGroups.listTagBindings
compute.networkEndpointGroups.use

compute.networks.get

compute.networks.list

compute.networks.listEffectiveTags

compute.networks.listTagBindings

compute.networks.use

compute.networks.useExternalIp

compute.projects.get

compute.regionNetworkEndpointGroups.*

compute.regionNetworkEndpointGroups.attachNetworkEndpoints
compute.regionNetworkEndpointGroups.create
compute.regionNetworkEndpointGroups.createTagBinding
compute.regionNetworkEndpointGroups.delete
compute.regionNetworkEndpointGroups.deleteTagBinding
compute.regionNetworkEndpointGroups.detachNetworkEndpoints
compute.regionNetworkEndpointGroups.get
compute.regionNetworkEndpointGroups.list
compute.regionNetworkEndpointGroups.listEffectiveTags
compute.regionNetworkEndpointGroups.listTagBindings
compute.regionNetworkEndpointGroups.use

compute.regionOperations.get

compute.regionOperations.list

compute.regions.*

compute.regions.get
compute.regions.list

compute.reservationBlocks.get

compute.reservationBlocks.list

compute.reservationSubBlocks.*

compute.reservationSubBlocks.get
compute.reservationSubBlocks.list
compute.reservationSubBlocks.performMaintenance
compute.reservationSubBlocks.reportFaulty

compute.reservations.get

compute.reservations.list

compute.resourcePolicies.list

compute.resourcePolicies.useReadOnly

compute.storagePools.get

compute.storagePools.list

compute.storagePools.listEffectiveTags

compute.storagePools.listTagBindings

compute.storagePools.use

compute.subnetworks.get

compute.subnetworks.list

compute.subnetworks.listEffectiveTags

compute.subnetworks.listTagBindings

compute.subnetworks.use

compute.subnetworks.useExternalIp

compute.targetPools.get

compute.targetPools.list

compute.targetPools.listEffectiveTags

compute.targetPools.listTagBindings

compute.zoneOperations.get

compute.zoneOperations.list

compute.zones.*

compute.zones.get
compute.zones.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Compute Instance Admin (v1)

(roles/compute.instanceAdmin.v1)

Full control of Compute Engine instances, instance groups, disks, snapshots, and images.Read access to all Compute Engine networking resources.

If you grant a user this role only at an instance level, then that user cannot create new instances.

backupdr.backupPlanAssociations.createForComputeDisk

backupdr.backupPlanAssociations.createForComputeInstance

backupdr.backupPlanAssociations.deleteForComputeDisk

backupdr.backupPlanAssociations.deleteForComputeInstance

backupdr.backupPlanAssociations.fetchForComputeDisk

backupdr.backupPlanAssociations.getForComputeDisk

backupdr.backupPlanAssociations.list

backupdr.backupPlanAssociations.triggerBackupForComputeDisk

backupdr.backupPlanAssociations.triggerBackupForComputeInstance

backupdr.backupPlanAssociations.updateForComputeDisk

backupdr.backupPlanAssociations.updateForComputeInstance

backupdr.backupPlans.get

backupdr.backupPlans.list

backupdr.backupPlans.useForComputeDisk

backupdr.backupPlans.useForComputeInstance

backupdr.backupVaults.get

backupdr.backupVaults.list

backupdr.locations.list

backupdr.operations.get

backupdr.operations.list

backupdr.serviceConfig.initialize

cloudkms.keyHandles.*

cloudkms.keyHandles.create
cloudkms.keyHandles.get
cloudkms.keyHandles.list

cloudkms.operations.get

cloudkms.projects.showEffectiveAutokeyConfig

compute.acceleratorTypes.*

compute.acceleratorTypes.get
compute.acceleratorTypes.list

compute.addresses.createInternal

compute.addresses.deleteInternal

compute.addresses.get

compute.addresses.list

compute.addresses.listEffectiveTags

compute.addresses.listTagBindings

compute.addresses.use

compute.addresses.useInternal

compute.autoscalers.*

compute.autoscalers.create
compute.autoscalers.delete
compute.autoscalers.get
compute.autoscalers.list
compute.autoscalers.update

compute.backendBuckets.get

compute.backendBuckets.list

compute.backendBuckets.listEffectiveTags

compute.backendBuckets.listTagBindings

compute.backendServices.get

compute.backendServices.list

compute.backendServices.listEffectiveTags

compute.backendServices.listTagBindings

compute.crossSiteNetworks.get

compute.crossSiteNetworks.list

compute.diskSettings.get

compute.diskTypes.*

compute.diskTypes.get
compute.diskTypes.list

compute.disks.*

compute.disks.addResourcePolicies
compute.disks.create
compute.disks.createSnapshot
compute.disks.createTagBinding
compute.disks.delete
compute.disks.deleteTagBinding
compute.disks.get
compute.disks.getIamPolicy
compute.disks.list
compute.disks.listEffectiveTags
compute.disks.listTagBindings
compute.disks.removeResourcePolicies
compute.disks.resize
compute.disks.setIamPolicy
compute.disks.setLabels
compute.disks.startAsyncReplication
compute.disks.stopAsyncReplication
compute.disks.stopGroupAsyncReplication
compute.disks.update
compute.disks.updateKmsKey
compute.disks.use
compute.disks.useReadOnly

compute.externalVpnGateways.get

compute.externalVpnGateways.list

compute.externalVpnGateways.listEffectiveTags

compute.externalVpnGateways.listTagBindings

compute.firewalls.get

compute.firewalls.list

compute.firewalls.listEffectiveTags

compute.firewalls.listTagBindings

compute.forwardingRules.get

compute.forwardingRules.list

compute.forwardingRules.listEffectiveTags

compute.forwardingRules.listTagBindings

compute.globalAddresses.get

compute.globalAddresses.list

compute.globalAddresses.listEffectiveTags

compute.globalAddresses.listTagBindings

compute.globalAddresses.use

compute.globalForwardingRules.get

compute.globalForwardingRules.list

compute.globalForwardingRules.listEffectiveTags

compute.globalForwardingRules.listTagBindings

compute.globalNetworkEndpointGroups.*

compute.globalNetworkEndpointGroups.attachNetworkEndpoints
compute.globalNetworkEndpointGroups.create
compute.globalNetworkEndpointGroups.createTagBinding
compute.globalNetworkEndpointGroups.delete
compute.globalNetworkEndpointGroups.deleteTagBinding
compute.globalNetworkEndpointGroups.detachNetworkEndpoints
compute.globalNetworkEndpointGroups.get
compute.globalNetworkEndpointGroups.list
compute.globalNetworkEndpointGroups.listEffectiveTags
compute.globalNetworkEndpointGroups.listTagBindings
compute.globalNetworkEndpointGroups.use

compute.globalOperations.get

compute.globalOperations.list

compute.healthChecks.get

compute.healthChecks.list

compute.healthChecks.listEffectiveTags

compute.healthChecks.listTagBindings

compute.httpHealthChecks.get

compute.httpHealthChecks.list

compute.httpHealthChecks.listEffectiveTags

compute.httpHealthChecks.listTagBindings

compute.httpsHealthChecks.get

compute.httpsHealthChecks.list

compute.httpsHealthChecks.listEffectiveTags

compute.httpsHealthChecks.listTagBindings

compute.images.*

compute.images.create
compute.images.createTagBinding
compute.images.delete
compute.images.deleteTagBinding
compute.images.deprecate
compute.images.get
compute.images.getFromFamily
compute.images.getIamPolicy
compute.images.list
compute.images.listEffectiveTags
compute.images.listTagBindings
compute.images.setIamPolicy
compute.images.setLabels
compute.images.update
compute.images.useReadOnly

compute.instanceGroupManagers.*

compute.instanceGroupManagers.create
compute.instanceGroupManagers.createTagBinding
compute.instanceGroupManagers.delete
compute.instanceGroupManagers.deleteTagBinding
compute.instanceGroupManagers.get
compute.instanceGroupManagers.list
compute.instanceGroupManagers.listEffectiveTags
compute.instanceGroupManagers.listTagBindings
compute.instanceGroupManagers.update
compute.instanceGroupManagers.use

compute.instanceGroups.*

compute.instanceGroups.create
compute.instanceGroups.createTagBinding
compute.instanceGroups.delete
compute.instanceGroups.deleteTagBinding
compute.instanceGroups.get
compute.instanceGroups.list
compute.instanceGroups.listEffectiveTags
compute.instanceGroups.listTagBindings
compute.instanceGroups.update
compute.instanceGroups.use

compute.instanceSettings.*

compute.instanceSettings.get
compute.instanceSettings.update

compute.instanceTemplates.*

compute.instanceTemplates.create
compute.instanceTemplates.delete
compute.instanceTemplates.get
compute.instanceTemplates.getIamPolicy
compute.instanceTemplates.list
compute.instanceTemplates.setIamPolicy
compute.instanceTemplates.useReadOnly

compute.instances.*

compute.instances.addAccessConfig
compute.instances.addNetworkInterface
compute.instances.addResourcePolicies
compute.instances.attachDisk
compute.instances.create
compute.instances.createTagBinding
compute.instances.delete
compute.instances.deleteAccessConfig
compute.instances.deleteNetworkInterface
compute.instances.deleteTagBinding
compute.instances.detachDisk
compute.instances.get
compute.instances.getEffectiveFirewalls
compute.instances.getGuestAttributes
compute.instances.getIamPolicy
compute.instances.getScreenshot
compute.instances.getSerialPortOutput
compute.instances.getShieldedInstanceIdentity
compute.instances.getShieldedVmIdentity
compute.instances.list
compute.instances.listEffectiveTags
compute.instances.listReferrers
compute.instances.listTagBindings
compute.instances.osAdminLogin
compute.instances.osLogin
compute.instances.pscInterfaceCreate
compute.instances.removeResourcePolicies
compute.instances.reset
compute.instances.resume
compute.instances.sendDiagnosticInterrupt
compute.instances.setDeletionProtection
compute.instances.setDiskAutoDelete
compute.instances.setIamPolicy
compute.instances.setLabels
compute.instances.setMachineResources
compute.instances.setMachineType
compute.instances.setMetadata
compute.instances.setMinCpuPlatform
compute.instances.setName
compute.instances.setScheduling
compute.instances.setSecurityPolicy
compute.instances.setServiceAccount
compute.instances.setShieldedInstanceIntegrityPolicy
compute.instances.setShieldedVmIntegrityPolicy
compute.instances.setTags
compute.instances.simulateMaintenanceEvent
compute.instances.start
compute.instances.startWithEncryptionKey
compute.instances.stop
compute.instances.suspend
compute.instances.update
compute.instances.updateAccessConfig
compute.instances.updateDisplayDevice
compute.instances.updateNetworkInterface
compute.instances.updateSecurity
compute.instances.updateShieldedInstanceConfig
compute.instances.updateShieldedVmConfig
compute.instances.use
compute.instances.useReadOnly

compute.instantSnapshots.*

compute.instantSnapshots.create
compute.instantSnapshots.createTagBinding
compute.instantSnapshots.delete
compute.instantSnapshots.deleteTagBinding
compute.instantSnapshots.export
compute.instantSnapshots.get
compute.instantSnapshots.getIamPolicy
compute.instantSnapshots.list
compute.instantSnapshots.listEffectiveTags
compute.instantSnapshots.listTagBindings
compute.instantSnapshots.setIamPolicy
compute.instantSnapshots.setLabels
compute.instantSnapshots.useReadOnly

compute.interconnectAttachmentGroups.get

compute.interconnectAttachmentGroups.list

compute.interconnectAttachments.get

compute.interconnectAttachments.list

compute.interconnectAttachments.listEffectiveTags

compute.interconnectAttachments.listTagBindings

compute.interconnectGroups.get

compute.interconnectGroups.list

compute.interconnectLocations.*

compute.interconnectLocations.get
compute.interconnectLocations.list

compute.interconnectRemoteLocations.*

compute.interconnectRemoteLocations.get
compute.interconnectRemoteLocations.list

compute.interconnects.get

compute.interconnects.list

compute.interconnects.listEffectiveTags

compute.interconnects.listTagBindings

compute.licenseCodes.*

compute.licenseCodes.get
compute.licenseCodes.getIamPolicy
compute.licenseCodes.list
compute.licenseCodes.setIamPolicy

compute.licenses.*

compute.licenses.create
compute.licenses.createTagBinding
compute.licenses.delete
compute.licenses.deleteTagBinding
compute.licenses.get
compute.licenses.getIamPolicy
compute.licenses.list
compute.licenses.listEffectiveTags
compute.licenses.listTagBindings
compute.licenses.setIamPolicy
compute.licenses.update

compute.machineImages.*

compute.machineImages.create
compute.machineImages.createTagBinding
compute.machineImages.delete
compute.machineImages.deleteTagBinding
compute.machineImages.get
compute.machineImages.getIamPolicy
compute.machineImages.list
compute.machineImages.listEffectiveTags
compute.machineImages.listTagBindings
compute.machineImages.setIamPolicy
compute.machineImages.setLabels
compute.machineImages.useReadOnly

compute.machineTypes.*

compute.machineTypes.get
compute.machineTypes.list

compute.multiMig.*

compute.multiMig.create
compute.multiMig.delete
compute.multiMig.get
compute.multiMig.list

compute.networkAttachments.get

compute.networkAttachments.list

compute.networkAttachments.listEffectiveTags

compute.networkAttachments.listTagBindings

compute.networkEndpointGroups.*

compute.networkEndpointGroups.attachNetworkEndpoints
compute.networkEndpointGroups.create
compute.networkEndpointGroups.createTagBinding
compute.networkEndpointGroups.delete
compute.networkEndpointGroups.deleteTagBinding
compute.networkEndpointGroups.detachNetworkEndpoints
compute.networkEndpointGroups.get
compute.networkEndpointGroups.list
compute.networkEndpointGroups.listEffectiveTags
compute.networkEndpointGroups.listTagBindings
compute.networkEndpointGroups.use

compute.networkProfiles.*

compute.networkProfiles.get
compute.networkProfiles.list

compute.networks.get

compute.networks.list

compute.networks.listEffectiveTags

compute.networks.listTagBindings

compute.networks.use

compute.networks.useExternalIp

compute.projects.get

compute.projects.setCommonInstanceMetadata

compute.regionBackendBuckets.get

compute.regionBackendBuckets.list

compute.regionBackendBuckets.listEffectiveTags

compute.regionBackendBuckets.listTagBindings

compute.regionBackendServices.get

compute.regionBackendServices.list

compute.regionBackendServices.listEffectiveTags

compute.regionBackendServices.listTagBindings

compute.regionCompositeHealthChecks.get

compute.regionCompositeHealthChecks.list

compute.regionHealthAggregationPolicies.get

compute.regionHealthAggregationPolicies.list

compute.regionHealthCheckServices.get

compute.regionHealthCheckServices.list

compute.regionHealthChecks.get

compute.regionHealthChecks.list

compute.regionHealthChecks.listEffectiveTags

compute.regionHealthChecks.listTagBindings

compute.regionHealthSources.get

compute.regionHealthSources.list

compute.regionNetworkEndpointGroups.*

compute.regionNetworkEndpointGroups.attachNetworkEndpoints
compute.regionNetworkEndpointGroups.create
compute.regionNetworkEndpointGroups.createTagBinding
compute.regionNetworkEndpointGroups.delete
compute.regionNetworkEndpointGroups.deleteTagBinding
compute.regionNetworkEndpointGroups.detachNetworkEndpoints
compute.regionNetworkEndpointGroups.get
compute.regionNetworkEndpointGroups.list
compute.regionNetworkEndpointGroups.listEffectiveTags
compute.regionNetworkEndpointGroups.listTagBindings
compute.regionNetworkEndpointGroups.use

compute.regionNotificationEndpoints.get

compute.regionNotificationEndpoints.list

compute.regionOperations.get

compute.regionOperations.list

compute.regionSslCertificates.get

compute.regionSslCertificates.list

compute.regionSslCertificates.listEffectiveTags

compute.regionSslCertificates.listTagBindings

compute.regionSslPolicies.get

compute.regionSslPolicies.list

compute.regionSslPolicies.listAvailableFeatures

compute.regionSslPolicies.listEffectiveTags

compute.regionSslPolicies.listTagBindings

compute.regionTargetHttpProxies.get

compute.regionTargetHttpProxies.list

compute.regionTargetHttpProxies.listEffectiveTags

compute.regionTargetHttpProxies.listTagBindings

compute.regionTargetHttpsProxies.get

compute.regionTargetHttpsProxies.list

compute.regionTargetHttpsProxies.listEffectiveTags

compute.regionTargetHttpsProxies.listTagBindings

compute.regionTargetTcpProxies.get

compute.regionTargetTcpProxies.list

compute.regionTargetTcpProxies.listEffectiveTags

compute.regionTargetTcpProxies.listTagBindings

compute.regionUrlMaps.get

compute.regionUrlMaps.list

compute.regionUrlMaps.listEffectiveTags

compute.regionUrlMaps.listTagBindings

compute.regions.*

compute.regions.get
compute.regions.list

compute.reservationBlocks.get

compute.reservationBlocks.list

compute.reservationSubBlocks.get

compute.reservationSubBlocks.list

compute.reservations.get

compute.reservations.list

compute.resourcePolicies.*

compute.resourcePolicies.create
compute.resourcePolicies.delete
compute.resourcePolicies.get
compute.resourcePolicies.getIamPolicy
compute.resourcePolicies.list
compute.resourcePolicies.setIamPolicy
compute.resourcePolicies.update
compute.resourcePolicies.use
compute.resourcePolicies.useReadOnly

compute.routers.get

compute.routers.getRoutePolicy

compute.routers.list

compute.routers.listBgpRoutes

compute.routers.listEffectiveTags

compute.routers.listRoutePolicies

compute.routers.listTagBindings

compute.routes.get

compute.routes.list

compute.routes.listEffectiveTags

compute.routes.listTagBindings

compute.serviceAttachments.get

compute.serviceAttachments.list

compute.serviceAttachments.listEffectiveTags

compute.serviceAttachments.listTagBindings

compute.snapshots.*

compute.snapshots.create
compute.snapshots.createTagBinding
compute.snapshots.delete
compute.snapshots.deleteTagBinding
compute.snapshots.get
compute.snapshots.getIamPolicy
compute.snapshots.list
compute.snapshots.listEffectiveTags
compute.snapshots.listTagBindings
compute.snapshots.setIamPolicy
compute.snapshots.setLabels
compute.snapshots.updateKmsKey
compute.snapshots.useReadOnly

compute.spotAssistants.get

compute.sslCertificates.get

compute.sslCertificates.list

compute.sslCertificates.listEffectiveTags

compute.sslCertificates.listTagBindings

compute.sslPolicies.get

compute.sslPolicies.list

compute.sslPolicies.listAvailableFeatures

compute.sslPolicies.listEffectiveTags

compute.sslPolicies.listTagBindings

compute.storagePools.get

compute.storagePools.list

compute.storagePools.listEffectiveTags

compute.storagePools.listTagBindings

compute.storagePools.use

compute.subnetworks.get

compute.subnetworks.list

compute.subnetworks.listEffectiveTags

compute.subnetworks.listTagBindings

compute.subnetworks.use

compute.subnetworks.useExternalIp

compute.targetGrpcProxies.get

compute.targetGrpcProxies.list

compute.targetGrpcProxies.listEffectiveTags

compute.targetGrpcProxies.listTagBindings

compute.targetHttpProxies.get

compute.targetHttpProxies.list

compute.targetHttpProxies.listEffectiveTags

compute.targetHttpProxies.listTagBindings

compute.targetHttpsProxies.get

compute.targetHttpsProxies.list

compute.targetHttpsProxies.listEffectiveTags

compute.targetHttpsProxies.listTagBindings

compute.targetInstances.get

compute.targetInstances.list

compute.targetInstances.listEffectiveTags

compute.targetInstances.listTagBindings

compute.targetPools.get

compute.targetPools.list

compute.targetPools.listEffectiveTags

compute.targetPools.listTagBindings

compute.targetSslProxies.get

compute.targetSslProxies.list

compute.targetSslProxies.listEffectiveTags

compute.targetSslProxies.listTagBindings

compute.targetTcpProxies.get

compute.targetTcpProxies.list

compute.targetTcpProxies.listEffectiveTags

compute.targetTcpProxies.listTagBindings

compute.targetVpnGateways.get

compute.targetVpnGateways.list

compute.targetVpnGateways.listEffectiveTags

compute.targetVpnGateways.listTagBindings

compute.urlMaps.get

compute.urlMaps.list

compute.urlMaps.listEffectiveTags

compute.urlMaps.listTagBindings

compute.vpnGateways.get

compute.vpnGateways.list

compute.vpnGateways.listEffectiveTags

compute.vpnGateways.listTagBindings

compute.vpnTunnels.get

compute.vpnTunnels.list

compute.vpnTunnels.listEffectiveTags

compute.vpnTunnels.listTagBindings

compute.wireGroups.get

compute.wireGroups.list

compute.zoneOperations.get

compute.zoneOperations.list

compute.zones.*

compute.zones.get
compute.zones.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Instance Group Manager Service Agent

(roles/compute.instanceGroupManagerServiceAgent)

Role containing all permissions required by Managed Instance Groups to create and manage instances.

Warning: Do not grant service agent roles to any principals except service agents.

compute.addresses.*

compute.addresses.create
compute.addresses.createInternal
compute.addresses.createTagBinding
compute.addresses.delete
compute.addresses.deleteInternal
compute.addresses.deleteTagBinding
compute.addresses.get
compute.addresses.list
compute.addresses.listEffectiveTags
compute.addresses.listTagBindings
compute.addresses.setLabels
compute.addresses.use
compute.addresses.useInternal

compute.disks.addResourcePolicies

compute.disks.create

compute.disks.createSnapshot

compute.disks.createTagBinding

compute.disks.delete

compute.disks.deleteTagBinding

compute.disks.get

compute.disks.getIamPolicy

compute.disks.list

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.disks.removeResourcePolicies

compute.disks.resize

compute.disks.setLabels

compute.disks.startAsyncReplication

compute.disks.stopAsyncReplication

compute.disks.stopGroupAsyncReplication

compute.disks.update

compute.disks.updateKmsKey

compute.disks.use

compute.disks.useReadOnly

compute.globalAddresses.get

compute.globalOperations.get

compute.healthChecks.get

compute.httpHealthChecks.get

compute.httpsHealthChecks.get

compute.images.useReadOnly

compute.instanceGroups.update

compute.instanceTemplates.useReadOnly

compute.instances.addAccessConfig

compute.instances.addNetworkInterface

compute.instances.addResourcePolicies

compute.instances.attachDisk

compute.instances.create

compute.instances.createTagBinding

compute.instances.delete

compute.instances.deleteAccessConfig

compute.instances.deleteNetworkInterface

compute.instances.deleteTagBinding

compute.instances.detachDisk

compute.instances.get

compute.instances.getEffectiveFirewalls

compute.instances.getGuestAttributes

compute.instances.getIamPolicy

compute.instances.getScreenshot

compute.instances.getSerialPortOutput

compute.instances.getShieldedInstanceIdentity

compute.instances.getShieldedVmIdentity

compute.instances.list

compute.instances.listEffectiveTags

compute.instances.listReferrers

compute.instances.listTagBindings

compute.instances.osAdminLogin

compute.instances.osLogin

compute.instances.pscInterfaceCreate

compute.instances.removeResourcePolicies

compute.instances.reset

compute.instances.resume

compute.instances.sendDiagnosticInterrupt

compute.instances.setDeletionProtection

compute.instances.setDiskAutoDelete

compute.instances.setLabels

compute.instances.setMachineResources

compute.instances.setMachineType

compute.instances.setMetadata

compute.instances.setMinCpuPlatform

compute.instances.setName

compute.instances.setScheduling

compute.instances.setSecurityPolicy

compute.instances.setServiceAccount

compute.instances.setShieldedInstanceIntegrityPolicy

compute.instances.setShieldedVmIntegrityPolicy

compute.instances.setTags

compute.instances.simulateMaintenanceEvent

compute.instances.start

compute.instances.startWithEncryptionKey

compute.instances.stop

compute.instances.suspend

compute.instances.update

compute.instances.updateAccessConfig

compute.instances.updateDisplayDevice

compute.instances.updateNetworkInterface

compute.instances.updateSecurity

compute.instances.updateShieldedInstanceConfig

compute.instances.updateShieldedVmConfig

compute.instances.use

compute.instances.useReadOnly

compute.networks.use

compute.networks.useExternalIp

compute.regionOperations.get

compute.resourcePolicies.use

compute.snapshots.useReadOnly

compute.subnetworks.use

compute.subnetworks.useExternalIp

compute.targetPools.addInstance

compute.targetPools.removeInstance

compute.zoneOperations.get

iam.serviceAccounts.actAs

Interconnect Attachment Group Analyzer

(roles/compute.interconnectAttachmentGroupAnalyzer)

Analyze Interconnect Attachment Groups via their GetOperationalStatus method.

cloudasset.assets.listComputeInterconnect

cloudasset.assets.listComputeInterconnectAttachment

cloudasset.assets.listComputeNetworks

cloudasset.assets.listComputeRouters

cloudasset.assets.listComputeVpnGateways

compute.interconnectAttachmentGroups.get

compute.interconnectAttachmentGroups.list

compute.interconnectAttachments.get

compute.interconnectAttachments.list

compute.routers.get

Interconnect Group Analyzer

(roles/compute.interconnectGroupAnalyzer)

Analyze Interconnect Groups via their GetOperationalStatus method.

cloudasset.assets.listComputeInterconnect

cloudasset.assets.listComputeInterconnectAttachment

cloudasset.assets.listComputeNetworks

cloudasset.assets.listComputeRouters

cloudasset.assets.listComputeVpnGateways

compute.interconnectGroups.get

compute.interconnectGroups.list

compute.interconnects.get

compute.interconnects.list

Compute Load Balancer Admin

(roles/compute.loadBalancerAdmin)

Permissions to create, modify, and delete load balancers and associateresources.

For example, if your company has a load balancing team that manages loadbalancers, SSL certificates for load balancers, SSL policies, and otherload balancing resources, and a separate networking team that managesthe rest of the networking resources, then grant this role to the loadbalancing team's group.

Lowest-level resources where you can grant this role:

Instance

certificatemanager.certmaps.get

certificatemanager.certmaps.list

certificatemanager.certmaps.use

compute.addresses.*

compute.addresses.create
compute.addresses.createInternal
compute.addresses.createTagBinding
compute.addresses.delete
compute.addresses.deleteInternal
compute.addresses.deleteTagBinding
compute.addresses.get
compute.addresses.list
compute.addresses.listEffectiveTags
compute.addresses.listTagBindings
compute.addresses.setLabels
compute.addresses.use
compute.addresses.useInternal

compute.backendBuckets.*

compute.backendBuckets.addSignedUrlKey
compute.backendBuckets.create
compute.backendBuckets.createTagBinding
compute.backendBuckets.delete
compute.backendBuckets.deleteSignedUrlKey
compute.backendBuckets.deleteTagBinding
compute.backendBuckets.get
compute.backendBuckets.getIamPolicy
compute.backendBuckets.list
compute.backendBuckets.listEffectiveTags
compute.backendBuckets.listTagBindings
compute.backendBuckets.setIamPolicy
compute.backendBuckets.setSecurityPolicy
compute.backendBuckets.update
compute.backendBuckets.use

compute.backendServices.*

compute.backendServices.addSignedUrlKey
compute.backendServices.create
compute.backendServices.createTagBinding
compute.backendServices.delete
compute.backendServices.deleteSignedUrlKey
compute.backendServices.deleteTagBinding
compute.backendServices.get
compute.backendServices.getIamPolicy
compute.backendServices.list
compute.backendServices.listEffectiveTags
compute.backendServices.listTagBindings
compute.backendServices.setIamPolicy
compute.backendServices.setSecurityPolicy
compute.backendServices.update
compute.backendServices.use

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.forwardingRules.*

compute.forwardingRules.create
compute.forwardingRules.createTagBinding
compute.forwardingRules.delete
compute.forwardingRules.deleteTagBinding
compute.forwardingRules.get
compute.forwardingRules.list
compute.forwardingRules.listEffectiveTags
compute.forwardingRules.listTagBindings
compute.forwardingRules.pscCreate
compute.forwardingRules.pscDelete
compute.forwardingRules.pscSetLabels
compute.forwardingRules.pscUpdate
compute.forwardingRules.setLabels
compute.forwardingRules.setTarget
compute.forwardingRules.update
compute.forwardingRules.use

compute.globalAddresses.*

compute.globalAddresses.create
compute.globalAddresses.createInternal
compute.globalAddresses.createTagBinding
compute.globalAddresses.delete
compute.globalAddresses.deleteInternal
compute.globalAddresses.deleteTagBinding
compute.globalAddresses.get
compute.globalAddresses.list
compute.globalAddresses.listEffectiveTags
compute.globalAddresses.listTagBindings
compute.globalAddresses.setLabels
compute.globalAddresses.use

compute.globalForwardingRules.*

compute.globalForwardingRules.create
compute.globalForwardingRules.createTagBinding
compute.globalForwardingRules.delete
compute.globalForwardingRules.deleteTagBinding
compute.globalForwardingRules.get
compute.globalForwardingRules.list
compute.globalForwardingRules.listEffectiveTags
compute.globalForwardingRules.listTagBindings
compute.globalForwardingRules.pscCreate
compute.globalForwardingRules.pscDelete
compute.globalForwardingRules.pscSetLabels
compute.globalForwardingRules.pscUpdate
compute.globalForwardingRules.setLabels
compute.globalForwardingRules.setTarget
compute.globalForwardingRules.update

compute.globalNetworkEndpointGroups.*

compute.globalNetworkEndpointGroups.attachNetworkEndpoints
compute.globalNetworkEndpointGroups.create
compute.globalNetworkEndpointGroups.createTagBinding
compute.globalNetworkEndpointGroups.delete
compute.globalNetworkEndpointGroups.deleteTagBinding
compute.globalNetworkEndpointGroups.detachNetworkEndpoints
compute.globalNetworkEndpointGroups.get
compute.globalNetworkEndpointGroups.list
compute.globalNetworkEndpointGroups.listEffectiveTags
compute.globalNetworkEndpointGroups.listTagBindings
compute.globalNetworkEndpointGroups.use

compute.globalOperations.get

compute.globalOperations.list

compute.healthChecks.*

compute.healthChecks.create
compute.healthChecks.createTagBinding
compute.healthChecks.delete
compute.healthChecks.deleteTagBinding
compute.healthChecks.get
compute.healthChecks.list
compute.healthChecks.listEffectiveTags
compute.healthChecks.listTagBindings
compute.healthChecks.update
compute.healthChecks.use
compute.healthChecks.useReadOnly

compute.httpHealthChecks.*

compute.httpHealthChecks.create
compute.httpHealthChecks.createTagBinding
compute.httpHealthChecks.delete
compute.httpHealthChecks.deleteTagBinding
compute.httpHealthChecks.get
compute.httpHealthChecks.list
compute.httpHealthChecks.listEffectiveTags
compute.httpHealthChecks.listTagBindings
compute.httpHealthChecks.update
compute.httpHealthChecks.use
compute.httpHealthChecks.useReadOnly

compute.httpsHealthChecks.*

compute.httpsHealthChecks.create
compute.httpsHealthChecks.createTagBinding
compute.httpsHealthChecks.delete
compute.httpsHealthChecks.deleteTagBinding
compute.httpsHealthChecks.get
compute.httpsHealthChecks.list
compute.httpsHealthChecks.listEffectiveTags
compute.httpsHealthChecks.listTagBindings
compute.httpsHealthChecks.update
compute.httpsHealthChecks.use
compute.httpsHealthChecks.useReadOnly

compute.images.listEffectiveTags

compute.images.listTagBindings

compute.instanceGroups.*

compute.instanceGroups.create
compute.instanceGroups.createTagBinding
compute.instanceGroups.delete
compute.instanceGroups.deleteTagBinding
compute.instanceGroups.get
compute.instanceGroups.list
compute.instanceGroups.listEffectiveTags
compute.instanceGroups.listTagBindings
compute.instanceGroups.update
compute.instanceGroups.use

compute.instances.get

compute.instances.list

compute.instances.listEffectiveTags

compute.instances.listTagBindings

compute.instances.use

compute.instances.useReadOnly

compute.networkEndpointGroups.*

compute.networkEndpointGroups.attachNetworkEndpoints
compute.networkEndpointGroups.create
compute.networkEndpointGroups.createTagBinding
compute.networkEndpointGroups.delete
compute.networkEndpointGroups.deleteTagBinding
compute.networkEndpointGroups.detachNetworkEndpoints
compute.networkEndpointGroups.get
compute.networkEndpointGroups.list
compute.networkEndpointGroups.listEffectiveTags
compute.networkEndpointGroups.listTagBindings
compute.networkEndpointGroups.use

compute.networks.get

compute.networks.list

compute.networks.listEffectiveTags

compute.networks.listTagBindings

compute.networks.use

compute.projects.get

compute.regionBackendBuckets.*

compute.regionBackendBuckets.create
compute.regionBackendBuckets.createTagBinding
compute.regionBackendBuckets.delete
compute.regionBackendBuckets.deleteTagBinding
compute.regionBackendBuckets.get
compute.regionBackendBuckets.getIamPolicy
compute.regionBackendBuckets.list
compute.regionBackendBuckets.listEffectiveTags
compute.regionBackendBuckets.listTagBindings
compute.regionBackendBuckets.setIamPolicy
compute.regionBackendBuckets.update
compute.regionBackendBuckets.use

compute.regionBackendServices.*

compute.regionBackendServices.create
compute.regionBackendServices.createTagBinding
compute.regionBackendServices.delete
compute.regionBackendServices.deleteTagBinding
compute.regionBackendServices.get
compute.regionBackendServices.getIamPolicy
compute.regionBackendServices.list
compute.regionBackendServices.listEffectiveTags
compute.regionBackendServices.listTagBindings
compute.regionBackendServices.setIamPolicy
compute.regionBackendServices.setSecurityPolicy
compute.regionBackendServices.update
compute.regionBackendServices.use

compute.regionHealthCheckServices.*

compute.regionHealthCheckServices.create
compute.regionHealthCheckServices.delete
compute.regionHealthCheckServices.get
compute.regionHealthCheckServices.list
compute.regionHealthCheckServices.update
compute.regionHealthCheckServices.use

compute.regionHealthChecks.*

compute.regionHealthChecks.create
compute.regionHealthChecks.createTagBinding
compute.regionHealthChecks.delete
compute.regionHealthChecks.deleteTagBinding
compute.regionHealthChecks.get
compute.regionHealthChecks.list
compute.regionHealthChecks.listEffectiveTags
compute.regionHealthChecks.listTagBindings
compute.regionHealthChecks.update
compute.regionHealthChecks.use
compute.regionHealthChecks.useReadOnly

compute.regionNetworkEndpointGroups.*

compute.regionNetworkEndpointGroups.attachNetworkEndpoints
compute.regionNetworkEndpointGroups.create
compute.regionNetworkEndpointGroups.createTagBinding
compute.regionNetworkEndpointGroups.delete
compute.regionNetworkEndpointGroups.deleteTagBinding
compute.regionNetworkEndpointGroups.detachNetworkEndpoints
compute.regionNetworkEndpointGroups.get
compute.regionNetworkEndpointGroups.list
compute.regionNetworkEndpointGroups.listEffectiveTags
compute.regionNetworkEndpointGroups.listTagBindings
compute.regionNetworkEndpointGroups.use

compute.regionNotificationEndpoints.*

compute.regionNotificationEndpoints.create
compute.regionNotificationEndpoints.delete
compute.regionNotificationEndpoints.get
compute.regionNotificationEndpoints.list
compute.regionNotificationEndpoints.update
compute.regionNotificationEndpoints.use

compute.regionOperations.get

compute.regionOperations.list

compute.regionSecurityPolicies.get

compute.regionSecurityPolicies.list

compute.regionSecurityPolicies.listEffectiveTags

compute.regionSecurityPolicies.listTagBindings

compute.regionSecurityPolicies.use

compute.regionSslCertificates.*

compute.regionSslCertificates.create
compute.regionSslCertificates.createTagBinding
compute.regionSslCertificates.delete
compute.regionSslCertificates.deleteTagBinding
compute.regionSslCertificates.get
compute.regionSslCertificates.list
compute.regionSslCertificates.listEffectiveTags
compute.regionSslCertificates.listTagBindings

compute.regionSslPolicies.*

compute.regionSslPolicies.create
compute.regionSslPolicies.createTagBinding
compute.regionSslPolicies.delete
compute.regionSslPolicies.deleteTagBinding
compute.regionSslPolicies.get
compute.regionSslPolicies.list
compute.regionSslPolicies.listAvailableFeatures
compute.regionSslPolicies.listEffectiveTags
compute.regionSslPolicies.listTagBindings
compute.regionSslPolicies.update
compute.regionSslPolicies.use

compute.regionTargetHttpProxies.*

compute.regionTargetHttpProxies.create
compute.regionTargetHttpProxies.createTagBinding
compute.regionTargetHttpProxies.delete
compute.regionTargetHttpProxies.deleteTagBinding
compute.regionTargetHttpProxies.get
compute.regionTargetHttpProxies.list
compute.regionTargetHttpProxies.listEffectiveTags
compute.regionTargetHttpProxies.listTagBindings
compute.regionTargetHttpProxies.setUrlMap
compute.regionTargetHttpProxies.use

compute.regionTargetHttpsProxies.*

compute.regionTargetHttpsProxies.create
compute.regionTargetHttpsProxies.createTagBinding
compute.regionTargetHttpsProxies.delete
compute.regionTargetHttpsProxies.deleteTagBinding
compute.regionTargetHttpsProxies.get
compute.regionTargetHttpsProxies.list
compute.regionTargetHttpsProxies.listEffectiveTags
compute.regionTargetHttpsProxies.listTagBindings
compute.regionTargetHttpsProxies.setSslCertificates
compute.regionTargetHttpsProxies.setUrlMap
compute.regionTargetHttpsProxies.update
compute.regionTargetHttpsProxies.use

compute.regionTargetTcpProxies.*

compute.regionTargetTcpProxies.create
compute.regionTargetTcpProxies.createTagBinding
compute.regionTargetTcpProxies.delete
compute.regionTargetTcpProxies.deleteTagBinding
compute.regionTargetTcpProxies.get
compute.regionTargetTcpProxies.list
compute.regionTargetTcpProxies.listEffectiveTags
compute.regionTargetTcpProxies.listTagBindings
compute.regionTargetTcpProxies.use

compute.regionUrlMaps.*

compute.regionUrlMaps.create
compute.regionUrlMaps.createTagBinding
compute.regionUrlMaps.delete
compute.regionUrlMaps.deleteTagBinding
compute.regionUrlMaps.get
compute.regionUrlMaps.invalidateCache
compute.regionUrlMaps.list
compute.regionUrlMaps.listEffectiveTags
compute.regionUrlMaps.listTagBindings
compute.regionUrlMaps.update
compute.regionUrlMaps.use
compute.regionUrlMaps.validate

compute.securityPolicies.get

compute.securityPolicies.list

compute.securityPolicies.listEffectiveTags

compute.securityPolicies.listTagBindings

compute.securityPolicies.use

compute.snapshots.listEffectiveTags

compute.snapshots.listTagBindings

compute.sslCertificates.*

compute.sslCertificates.create
compute.sslCertificates.createTagBinding
compute.sslCertificates.delete
compute.sslCertificates.deleteTagBinding
compute.sslCertificates.get
compute.sslCertificates.list
compute.sslCertificates.listEffectiveTags
compute.sslCertificates.listTagBindings

compute.sslPolicies.*

compute.sslPolicies.create
compute.sslPolicies.createTagBinding
compute.sslPolicies.delete
compute.sslPolicies.deleteTagBinding
compute.sslPolicies.get
compute.sslPolicies.list
compute.sslPolicies.listAvailableFeatures
compute.sslPolicies.listEffectiveTags
compute.sslPolicies.listTagBindings
compute.sslPolicies.update
compute.sslPolicies.use

compute.subnetworks.get

compute.subnetworks.list

compute.subnetworks.listEffectiveTags

compute.subnetworks.listTagBindings

compute.subnetworks.use

compute.targetGrpcProxies.*

compute.targetGrpcProxies.create
compute.targetGrpcProxies.createTagBinding
compute.targetGrpcProxies.delete
compute.targetGrpcProxies.deleteTagBinding
compute.targetGrpcProxies.get
compute.targetGrpcProxies.list
compute.targetGrpcProxies.listEffectiveTags
compute.targetGrpcProxies.listTagBindings
compute.targetGrpcProxies.update
compute.targetGrpcProxies.use

compute.targetHttpProxies.*

compute.targetHttpProxies.create
compute.targetHttpProxies.createTagBinding
compute.targetHttpProxies.delete
compute.targetHttpProxies.deleteTagBinding
compute.targetHttpProxies.get
compute.targetHttpProxies.list
compute.targetHttpProxies.listEffectiveTags
compute.targetHttpProxies.listTagBindings
compute.targetHttpProxies.setUrlMap
compute.targetHttpProxies.update
compute.targetHttpProxies.use

compute.targetHttpsProxies.*

compute.targetHttpsProxies.create
compute.targetHttpsProxies.createTagBinding
compute.targetHttpsProxies.delete
compute.targetHttpsProxies.deleteTagBinding
compute.targetHttpsProxies.get
compute.targetHttpsProxies.list
compute.targetHttpsProxies.listEffectiveTags
compute.targetHttpsProxies.listTagBindings
compute.targetHttpsProxies.setCertificateMap
compute.targetHttpsProxies.setQuicOverride
compute.targetHttpsProxies.setSslCertificates
compute.targetHttpsProxies.setSslPolicy
compute.targetHttpsProxies.setUrlMap
compute.targetHttpsProxies.update
compute.targetHttpsProxies.use

compute.targetInstances.*

compute.targetInstances.create
compute.targetInstances.createTagBinding
compute.targetInstances.delete
compute.targetInstances.deleteTagBinding
compute.targetInstances.get
compute.targetInstances.list
compute.targetInstances.listEffectiveTags
compute.targetInstances.listTagBindings
compute.targetInstances.setSecurityPolicy
compute.targetInstances.use

compute.targetPools.*

compute.targetPools.addHealthCheck
compute.targetPools.addInstance
compute.targetPools.create
compute.targetPools.createTagBinding
compute.targetPools.delete
compute.targetPools.deleteTagBinding
compute.targetPools.get
compute.targetPools.list
compute.targetPools.listEffectiveTags
compute.targetPools.listTagBindings
compute.targetPools.removeHealthCheck
compute.targetPools.removeInstance
compute.targetPools.setSecurityPolicy
compute.targetPools.update
compute.targetPools.use

compute.targetSslProxies.*

compute.targetSslProxies.create
compute.targetSslProxies.createTagBinding
compute.targetSslProxies.delete
compute.targetSslProxies.deleteTagBinding
compute.targetSslProxies.get
compute.targetSslProxies.list
compute.targetSslProxies.listEffectiveTags
compute.targetSslProxies.listTagBindings
compute.targetSslProxies.setBackendService
compute.targetSslProxies.setCertificateMap
compute.targetSslProxies.setProxyHeader
compute.targetSslProxies.setSslCertificates
compute.targetSslProxies.setSslPolicy
compute.targetSslProxies.update
compute.targetSslProxies.use

compute.targetTcpProxies.*

compute.targetTcpProxies.create
compute.targetTcpProxies.createTagBinding
compute.targetTcpProxies.delete
compute.targetTcpProxies.deleteTagBinding
compute.targetTcpProxies.get
compute.targetTcpProxies.list
compute.targetTcpProxies.listEffectiveTags
compute.targetTcpProxies.listTagBindings
compute.targetTcpProxies.update
compute.targetTcpProxies.use

compute.urlMaps.*

compute.urlMaps.create
compute.urlMaps.createTagBinding
compute.urlMaps.delete
compute.urlMaps.deleteTagBinding
compute.urlMaps.get
compute.urlMaps.invalidateCache
compute.urlMaps.list
compute.urlMaps.listEffectiveTags
compute.urlMaps.listTagBindings
compute.urlMaps.update
compute.urlMaps.use
compute.urlMaps.validate

compute.zoneOperations.get

compute.zoneOperations.list

networksecurity.clientTlsPolicies.get

networksecurity.clientTlsPolicies.list

networksecurity.clientTlsPolicies.use

networksecurity.serverTlsPolicies.get

networksecurity.serverTlsPolicies.list

networksecurity.serverTlsPolicies.use

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Compute Load Balancer Services User

(roles/compute.loadBalancerServiceUser)

Permissions to use services from a load balancer in other projects.

compute.backendBuckets.get

compute.backendBuckets.list

compute.backendBuckets.listEffectiveTags

compute.backendBuckets.listTagBindings

compute.backendBuckets.use

compute.backendServices.get

compute.backendServices.list

compute.backendServices.listEffectiveTags

compute.backendServices.listTagBindings

compute.backendServices.use

compute.projects.get

compute.regionBackendBuckets.get

compute.regionBackendBuckets.list

compute.regionBackendBuckets.listEffectiveTags

compute.regionBackendBuckets.listTagBindings

compute.regionBackendBuckets.use

compute.regionBackendServices.get

compute.regionBackendServices.list

compute.regionBackendServices.listEffectiveTags

compute.regionBackendServices.listTagBindings

compute.regionBackendServices.use

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Compute Network Admin

(roles/compute.networkAdmin)

Permissions to create, modify, and delete networking resources,except for firewall rules and SSL certificates. The network admin roleallows read-only access to firewall rules, SSL certificates, and instances(to view their ephemeral IP addresses). The network admin role does notallow a user to create, start, stop, or delete instances.

For example, if your company has a security team that manages firewallsand SSL certificates and a networking team that manages the rest of thenetworking resources, then grant this role to the networking team's group.Or, if you have a combined team that manages both security and networking,then grant this role as well as theroles/compute.securityAdmin role to the combined team's group.

Lowest-level resources where you can grant this role:

Instance

compute.acceleratorTypes.*

compute.acceleratorTypes.get
compute.acceleratorTypes.list

compute.addresses.*

compute.addresses.create
compute.addresses.createInternal
compute.addresses.createTagBinding
compute.addresses.delete
compute.addresses.deleteInternal
compute.addresses.deleteTagBinding
compute.addresses.get
compute.addresses.list
compute.addresses.listEffectiveTags
compute.addresses.listTagBindings
compute.addresses.setLabels
compute.addresses.use
compute.addresses.useInternal

compute.autoscalers.get

compute.autoscalers.list

compute.backendBuckets.*

compute.backendBuckets.addSignedUrlKey
compute.backendBuckets.create
compute.backendBuckets.createTagBinding
compute.backendBuckets.delete
compute.backendBuckets.deleteSignedUrlKey
compute.backendBuckets.deleteTagBinding
compute.backendBuckets.get
compute.backendBuckets.getIamPolicy
compute.backendBuckets.list
compute.backendBuckets.listEffectiveTags
compute.backendBuckets.listTagBindings
compute.backendBuckets.setIamPolicy
compute.backendBuckets.setSecurityPolicy
compute.backendBuckets.update
compute.backendBuckets.use

compute.backendServices.*

compute.backendServices.addSignedUrlKey
compute.backendServices.create
compute.backendServices.createTagBinding
compute.backendServices.delete
compute.backendServices.deleteSignedUrlKey
compute.backendServices.deleteTagBinding
compute.backendServices.get
compute.backendServices.getIamPolicy
compute.backendServices.list
compute.backendServices.listEffectiveTags
compute.backendServices.listTagBindings
compute.backendServices.setIamPolicy
compute.backendServices.setSecurityPolicy
compute.backendServices.update
compute.backendServices.use

compute.crossSiteNetworks.*

compute.crossSiteNetworks.create
compute.crossSiteNetworks.delete
compute.crossSiteNetworks.get
compute.crossSiteNetworks.list
compute.crossSiteNetworks.update

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.externalVpnGateways.*

compute.externalVpnGateways.create
compute.externalVpnGateways.createTagBinding
compute.externalVpnGateways.delete
compute.externalVpnGateways.deleteTagBinding
compute.externalVpnGateways.get
compute.externalVpnGateways.list
compute.externalVpnGateways.listEffectiveTags
compute.externalVpnGateways.listTagBindings
compute.externalVpnGateways.setLabels
compute.externalVpnGateways.use

compute.firewallPolicies.get

compute.firewallPolicies.list

compute.firewallPolicies.listEffectiveTags

compute.firewallPolicies.listTagBindings

compute.firewallPolicies.use

compute.firewalls.get

compute.firewalls.list

compute.firewalls.listEffectiveTags

compute.firewalls.listTagBindings

compute.forwardingRules.*

compute.forwardingRules.create
compute.forwardingRules.createTagBinding
compute.forwardingRules.delete
compute.forwardingRules.deleteTagBinding
compute.forwardingRules.get
compute.forwardingRules.list
compute.forwardingRules.listEffectiveTags
compute.forwardingRules.listTagBindings
compute.forwardingRules.pscCreate
compute.forwardingRules.pscDelete
compute.forwardingRules.pscSetLabels
compute.forwardingRules.pscUpdate
compute.forwardingRules.setLabels
compute.forwardingRules.setTarget
compute.forwardingRules.update
compute.forwardingRules.use

compute.globalAddresses.*

compute.globalAddresses.create
compute.globalAddresses.createInternal
compute.globalAddresses.createTagBinding
compute.globalAddresses.delete
compute.globalAddresses.deleteInternal
compute.globalAddresses.deleteTagBinding
compute.globalAddresses.get
compute.globalAddresses.list
compute.globalAddresses.listEffectiveTags
compute.globalAddresses.listTagBindings
compute.globalAddresses.setLabels
compute.globalAddresses.use

compute.globalForwardingRules.*

compute.globalForwardingRules.create
compute.globalForwardingRules.createTagBinding
compute.globalForwardingRules.delete
compute.globalForwardingRules.deleteTagBinding
compute.globalForwardingRules.get
compute.globalForwardingRules.list
compute.globalForwardingRules.listEffectiveTags
compute.globalForwardingRules.listTagBindings
compute.globalForwardingRules.pscCreate
compute.globalForwardingRules.pscDelete
compute.globalForwardingRules.pscSetLabels
compute.globalForwardingRules.pscUpdate
compute.globalForwardingRules.setLabels
compute.globalForwardingRules.setTarget
compute.globalForwardingRules.update

compute.globalNetworkEndpointGroups.get

compute.globalNetworkEndpointGroups.list

compute.globalNetworkEndpointGroups.listEffectiveTags

compute.globalNetworkEndpointGroups.listTagBindings

compute.globalNetworkEndpointGroups.use

compute.globalOperations.get

compute.globalOperations.list

compute.globalPublicDelegatedPrefixes.delete

compute.globalPublicDelegatedPrefixes.get

compute.globalPublicDelegatedPrefixes.list

compute.globalPublicDelegatedPrefixes.updatePolicy

compute.healthChecks.*

compute.healthChecks.create
compute.healthChecks.createTagBinding
compute.healthChecks.delete
compute.healthChecks.deleteTagBinding
compute.healthChecks.get
compute.healthChecks.list
compute.healthChecks.listEffectiveTags
compute.healthChecks.listTagBindings
compute.healthChecks.update
compute.healthChecks.use
compute.healthChecks.useReadOnly

compute.httpHealthChecks.*

compute.httpHealthChecks.create
compute.httpHealthChecks.createTagBinding
compute.httpHealthChecks.delete
compute.httpHealthChecks.deleteTagBinding
compute.httpHealthChecks.get
compute.httpHealthChecks.list
compute.httpHealthChecks.listEffectiveTags
compute.httpHealthChecks.listTagBindings
compute.httpHealthChecks.update
compute.httpHealthChecks.use
compute.httpHealthChecks.useReadOnly

compute.httpsHealthChecks.*

compute.httpsHealthChecks.create
compute.httpsHealthChecks.createTagBinding
compute.httpsHealthChecks.delete
compute.httpsHealthChecks.deleteTagBinding
compute.httpsHealthChecks.get
compute.httpsHealthChecks.list
compute.httpsHealthChecks.listEffectiveTags
compute.httpsHealthChecks.listTagBindings
compute.httpsHealthChecks.update
compute.httpsHealthChecks.use
compute.httpsHealthChecks.useReadOnly

compute.images.listEffectiveTags

compute.images.listTagBindings

compute.instanceGroupManagers.get

compute.instanceGroupManagers.list

compute.instanceGroupManagers.listEffectiveTags

compute.instanceGroupManagers.listTagBindings

compute.instanceGroupManagers.update

compute.instanceGroupManagers.use

compute.instanceGroups.get

compute.instanceGroups.list

compute.instanceGroups.listEffectiveTags

compute.instanceGroups.listTagBindings

compute.instanceGroups.update

compute.instanceGroups.use

compute.instanceSettings.get

compute.instances.get

compute.instances.getGuestAttributes

compute.instances.getScreenshot

compute.instances.getSerialPortOutput

compute.instances.list

compute.instances.listEffectiveTags

compute.instances.listReferrers

compute.instances.listTagBindings

compute.instances.updateSecurity

compute.instances.use

compute.instances.useReadOnly

compute.interconnectAttachmentGroups.*

compute.interconnectAttachmentGroups.create
compute.interconnectAttachmentGroups.delete
compute.interconnectAttachmentGroups.get
compute.interconnectAttachmentGroups.list
compute.interconnectAttachmentGroups.patch

compute.interconnectAttachments.*

compute.interconnectAttachments.create
compute.interconnectAttachments.createTagBinding
compute.interconnectAttachments.delete
compute.interconnectAttachments.deleteTagBinding
compute.interconnectAttachments.get
compute.interconnectAttachments.list
compute.interconnectAttachments.listEffectiveTags
compute.interconnectAttachments.listTagBindings
compute.interconnectAttachments.setLabels
compute.interconnectAttachments.update
compute.interconnectAttachments.use

compute.interconnectGroups.*

compute.interconnectGroups.create
compute.interconnectGroups.delete
compute.interconnectGroups.get
compute.interconnectGroups.list
compute.interconnectGroups.patch

compute.interconnectLocations.*

compute.interconnectLocations.get
compute.interconnectLocations.list

compute.interconnectRemoteLocations.*

compute.interconnectRemoteLocations.get
compute.interconnectRemoteLocations.list

compute.interconnects.*

compute.interconnects.create
compute.interconnects.createTagBinding
compute.interconnects.delete
compute.interconnects.deleteTagBinding
compute.interconnects.get
compute.interconnects.getMacsecConfig
compute.interconnects.list
compute.interconnects.listEffectiveTags
compute.interconnects.listTagBindings
compute.interconnects.setLabels
compute.interconnects.update
compute.interconnects.use

compute.machineTypes.*

compute.machineTypes.get
compute.machineTypes.list

compute.networkAttachments.*

compute.networkAttachments.create
compute.networkAttachments.createTagBinding
compute.networkAttachments.delete
compute.networkAttachments.deleteTagBinding
compute.networkAttachments.get
compute.networkAttachments.getIamPolicy
compute.networkAttachments.list
compute.networkAttachments.listEffectiveTags
compute.networkAttachments.listTagBindings
compute.networkAttachments.setIamPolicy
compute.networkAttachments.update
compute.networkAttachments.use

compute.networkEndpointGroups.get

compute.networkEndpointGroups.list

compute.networkEndpointGroups.listEffectiveTags

compute.networkEndpointGroups.listTagBindings

compute.networkEndpointGroups.use

compute.networkProfiles.*

compute.networkProfiles.get
compute.networkProfiles.list

compute.networks.*

compute.networks.access
compute.networks.addPeering
compute.networks.create
compute.networks.createTagBinding
compute.networks.delete
compute.networks.deleteTagBinding
compute.networks.get
compute.networks.getEffectiveFirewalls
compute.networks.getRegionEffectiveFirewalls
compute.networks.list
compute.networks.listEffectiveTags
compute.networks.listPeeringRoutes
compute.networks.listTagBindings
compute.networks.mirror
compute.networks.removePeering
compute.networks.setFirewallPolicy
compute.networks.setNetworkPolicy
compute.networks.switchToCustomMode
compute.networks.update
compute.networks.updatePeering
compute.networks.updatePolicy
compute.networks.use
compute.networks.useExternalIp

compute.packetMirrorings.get

compute.packetMirrorings.list

compute.packetMirrorings.listEffectiveTags

compute.packetMirrorings.listTagBindings

compute.projects.get

compute.publicDelegatedPrefixes.delete

compute.publicDelegatedPrefixes.get

compute.publicDelegatedPrefixes.list

compute.publicDelegatedPrefixes.listEffectiveTags

compute.publicDelegatedPrefixes.listTagBindings

compute.publicDelegatedPrefixes.update

compute.publicDelegatedPrefixes.updatePolicy

compute.regionBackendBuckets.*

compute.regionBackendBuckets.create
compute.regionBackendBuckets.createTagBinding
compute.regionBackendBuckets.delete
compute.regionBackendBuckets.deleteTagBinding
compute.regionBackendBuckets.get
compute.regionBackendBuckets.getIamPolicy
compute.regionBackendBuckets.list
compute.regionBackendBuckets.listEffectiveTags
compute.regionBackendBuckets.listTagBindings
compute.regionBackendBuckets.setIamPolicy
compute.regionBackendBuckets.update
compute.regionBackendBuckets.use

compute.regionBackendServices.*

compute.regionBackendServices.create
compute.regionBackendServices.createTagBinding
compute.regionBackendServices.delete
compute.regionBackendServices.deleteTagBinding
compute.regionBackendServices.get
compute.regionBackendServices.getIamPolicy
compute.regionBackendServices.list
compute.regionBackendServices.listEffectiveTags
compute.regionBackendServices.listTagBindings
compute.regionBackendServices.setIamPolicy
compute.regionBackendServices.setSecurityPolicy
compute.regionBackendServices.update
compute.regionBackendServices.use

compute.regionCompositeHealthChecks.*

compute.regionCompositeHealthChecks.create
compute.regionCompositeHealthChecks.delete
compute.regionCompositeHealthChecks.get
compute.regionCompositeHealthChecks.list
compute.regionCompositeHealthChecks.update

compute.regionFirewallPolicies.get

compute.regionFirewallPolicies.list

compute.regionFirewallPolicies.listEffectiveTags

compute.regionFirewallPolicies.listTagBindings

compute.regionFirewallPolicies.use

compute.regionHealthAggregationPolicies.*

compute.regionHealthAggregationPolicies.create
compute.regionHealthAggregationPolicies.delete
compute.regionHealthAggregationPolicies.get
compute.regionHealthAggregationPolicies.list
compute.regionHealthAggregationPolicies.update

compute.regionHealthCheckServices.*

compute.regionHealthCheckServices.create
compute.regionHealthCheckServices.delete
compute.regionHealthCheckServices.get
compute.regionHealthCheckServices.list
compute.regionHealthCheckServices.update
compute.regionHealthCheckServices.use

compute.regionHealthChecks.*

compute.regionHealthChecks.create
compute.regionHealthChecks.createTagBinding
compute.regionHealthChecks.delete
compute.regionHealthChecks.deleteTagBinding
compute.regionHealthChecks.get
compute.regionHealthChecks.list
compute.regionHealthChecks.listEffectiveTags
compute.regionHealthChecks.listTagBindings
compute.regionHealthChecks.update
compute.regionHealthChecks.use
compute.regionHealthChecks.useReadOnly

compute.regionHealthSources.*

compute.regionHealthSources.create
compute.regionHealthSources.delete
compute.regionHealthSources.get
compute.regionHealthSources.list
compute.regionHealthSources.update

compute.regionNetworkEndpointGroups.get

compute.regionNetworkEndpointGroups.list

compute.regionNetworkEndpointGroups.listEffectiveTags

compute.regionNetworkEndpointGroups.listTagBindings

compute.regionNetworkEndpointGroups.use

compute.regionNetworkPolicies.*

compute.regionNetworkPolicies.create
compute.regionNetworkPolicies.delete
compute.regionNetworkPolicies.get
compute.regionNetworkPolicies.list
compute.regionNetworkPolicies.update
compute.regionNetworkPolicies.use

compute.regionNotificationEndpoints.*

compute.regionNotificationEndpoints.create
compute.regionNotificationEndpoints.delete
compute.regionNotificationEndpoints.get
compute.regionNotificationEndpoints.list
compute.regionNotificationEndpoints.update
compute.regionNotificationEndpoints.use

compute.regionOperations.get

compute.regionOperations.list

compute.regionSecurityPolicies.get

compute.regionSecurityPolicies.list

compute.regionSecurityPolicies.listEffectiveTags

compute.regionSecurityPolicies.listTagBindings

compute.regionSecurityPolicies.use

compute.regionSslCertificates.get

compute.regionSslCertificates.list

compute.regionSslCertificates.listEffectiveTags

compute.regionSslCertificates.listTagBindings

compute.regionSslPolicies.*

compute.regionSslPolicies.create
compute.regionSslPolicies.createTagBinding
compute.regionSslPolicies.delete
compute.regionSslPolicies.deleteTagBinding
compute.regionSslPolicies.get
compute.regionSslPolicies.list
compute.regionSslPolicies.listAvailableFeatures
compute.regionSslPolicies.listEffectiveTags
compute.regionSslPolicies.listTagBindings
compute.regionSslPolicies.update
compute.regionSslPolicies.use

compute.regionTargetHttpProxies.*

compute.regionTargetHttpProxies.create
compute.regionTargetHttpProxies.createTagBinding
compute.regionTargetHttpProxies.delete
compute.regionTargetHttpProxies.deleteTagBinding
compute.regionTargetHttpProxies.get
compute.regionTargetHttpProxies.list
compute.regionTargetHttpProxies.listEffectiveTags
compute.regionTargetHttpProxies.listTagBindings
compute.regionTargetHttpProxies.setUrlMap
compute.regionTargetHttpProxies.use

compute.regionTargetHttpsProxies.*

compute.regionTargetHttpsProxies.create
compute.regionTargetHttpsProxies.createTagBinding
compute.regionTargetHttpsProxies.delete
compute.regionTargetHttpsProxies.deleteTagBinding
compute.regionTargetHttpsProxies.get
compute.regionTargetHttpsProxies.list
compute.regionTargetHttpsProxies.listEffectiveTags
compute.regionTargetHttpsProxies.listTagBindings
compute.regionTargetHttpsProxies.setSslCertificates
compute.regionTargetHttpsProxies.setUrlMap
compute.regionTargetHttpsProxies.update
compute.regionTargetHttpsProxies.use

compute.regionTargetTcpProxies.*

compute.regionTargetTcpProxies.create
compute.regionTargetTcpProxies.createTagBinding
compute.regionTargetTcpProxies.delete
compute.regionTargetTcpProxies.deleteTagBinding
compute.regionTargetTcpProxies.get
compute.regionTargetTcpProxies.list
compute.regionTargetTcpProxies.listEffectiveTags
compute.regionTargetTcpProxies.listTagBindings
compute.regionTargetTcpProxies.use

compute.regionUrlMaps.*

compute.regionUrlMaps.create
compute.regionUrlMaps.createTagBinding
compute.regionUrlMaps.delete
compute.regionUrlMaps.deleteTagBinding
compute.regionUrlMaps.get
compute.regionUrlMaps.invalidateCache
compute.regionUrlMaps.list
compute.regionUrlMaps.listEffectiveTags
compute.regionUrlMaps.listTagBindings
compute.regionUrlMaps.update
compute.regionUrlMaps.use
compute.regionUrlMaps.validate

compute.regions.*

compute.regions.get
compute.regions.list

compute.routers.*

compute.routers.create
compute.routers.createTagBinding
compute.routers.delete
compute.routers.deleteRoutePolicy
compute.routers.deleteTagBinding
compute.routers.get
compute.routers.getRoutePolicy
compute.routers.list
compute.routers.listBgpRoutes
compute.routers.listEffectiveTags
compute.routers.listRoutePolicies
compute.routers.listTagBindings
compute.routers.update
compute.routers.updateRoutePolicy
compute.routers.use

compute.routes.*

compute.routes.create
compute.routes.createTagBinding
compute.routes.delete
compute.routes.deleteTagBinding
compute.routes.get
compute.routes.list
compute.routes.listEffectiveTags
compute.routes.listTagBindings

compute.securityPolicies.get

compute.securityPolicies.list

compute.securityPolicies.listEffectiveTags

compute.securityPolicies.listTagBindings

compute.securityPolicies.use

compute.serviceAttachments.*

compute.serviceAttachments.create
compute.serviceAttachments.createTagBinding
compute.serviceAttachments.delete
compute.serviceAttachments.deleteTagBinding
compute.serviceAttachments.get
compute.serviceAttachments.getIamPolicy
compute.serviceAttachments.list
compute.serviceAttachments.listEffectiveTags
compute.serviceAttachments.listTagBindings
compute.serviceAttachments.setIamPolicy
compute.serviceAttachments.update
compute.serviceAttachments.use

compute.snapshots.listEffectiveTags

compute.snapshots.listTagBindings

compute.sslCertificates.get

compute.sslCertificates.list

compute.sslCertificates.listEffectiveTags

compute.sslCertificates.listTagBindings

compute.sslPolicies.*

compute.sslPolicies.create
compute.sslPolicies.createTagBinding
compute.sslPolicies.delete
compute.sslPolicies.deleteTagBinding
compute.sslPolicies.get
compute.sslPolicies.list
compute.sslPolicies.listAvailableFeatures
compute.sslPolicies.listEffectiveTags
compute.sslPolicies.listTagBindings
compute.sslPolicies.update
compute.sslPolicies.use

compute.subnetworks.*

compute.subnetworks.create
compute.subnetworks.createTagBinding
compute.subnetworks.delete
compute.subnetworks.deleteTagBinding
compute.subnetworks.expandIpCidrRange
compute.subnetworks.get
compute.subnetworks.getIamPolicy
compute.subnetworks.list
compute.subnetworks.listEffectiveTags
compute.subnetworks.listTagBindings
compute.subnetworks.mirror
compute.subnetworks.setIamPolicy
compute.subnetworks.setPrivateIpGoogleAccess
compute.subnetworks.update
compute.subnetworks.use
compute.subnetworks.useExternalIp
compute.subnetworks.usePeerMigration

compute.targetGrpcProxies.*

compute.targetGrpcProxies.create
compute.targetGrpcProxies.createTagBinding
compute.targetGrpcProxies.delete
compute.targetGrpcProxies.deleteTagBinding
compute.targetGrpcProxies.get
compute.targetGrpcProxies.list
compute.targetGrpcProxies.listEffectiveTags
compute.targetGrpcProxies.listTagBindings
compute.targetGrpcProxies.update
compute.targetGrpcProxies.use

compute.targetHttpProxies.*

compute.targetHttpProxies.create
compute.targetHttpProxies.createTagBinding
compute.targetHttpProxies.delete
compute.targetHttpProxies.deleteTagBinding
compute.targetHttpProxies.get
compute.targetHttpProxies.list
compute.targetHttpProxies.listEffectiveTags
compute.targetHttpProxies.listTagBindings
compute.targetHttpProxies.setUrlMap
compute.targetHttpProxies.update
compute.targetHttpProxies.use

compute.targetHttpsProxies.*

compute.targetHttpsProxies.create
compute.targetHttpsProxies.createTagBinding
compute.targetHttpsProxies.delete
compute.targetHttpsProxies.deleteTagBinding
compute.targetHttpsProxies.get
compute.targetHttpsProxies.list
compute.targetHttpsProxies.listEffectiveTags
compute.targetHttpsProxies.listTagBindings
compute.targetHttpsProxies.setCertificateMap
compute.targetHttpsProxies.setQuicOverride
compute.targetHttpsProxies.setSslCertificates
compute.targetHttpsProxies.setSslPolicy
compute.targetHttpsProxies.setUrlMap
compute.targetHttpsProxies.update
compute.targetHttpsProxies.use

compute.targetInstances.*

compute.targetInstances.create
compute.targetInstances.createTagBinding
compute.targetInstances.delete
compute.targetInstances.deleteTagBinding
compute.targetInstances.get
compute.targetInstances.list
compute.targetInstances.listEffectiveTags
compute.targetInstances.listTagBindings
compute.targetInstances.setSecurityPolicy
compute.targetInstances.use

compute.targetPools.*

compute.targetPools.addHealthCheck
compute.targetPools.addInstance
compute.targetPools.create
compute.targetPools.createTagBinding
compute.targetPools.delete
compute.targetPools.deleteTagBinding
compute.targetPools.get
compute.targetPools.list
compute.targetPools.listEffectiveTags
compute.targetPools.listTagBindings
compute.targetPools.removeHealthCheck
compute.targetPools.removeInstance
compute.targetPools.setSecurityPolicy
compute.targetPools.update
compute.targetPools.use

compute.targetSslProxies.*

compute.targetSslProxies.create
compute.targetSslProxies.createTagBinding
compute.targetSslProxies.delete
compute.targetSslProxies.deleteTagBinding
compute.targetSslProxies.get
compute.targetSslProxies.list
compute.targetSslProxies.listEffectiveTags
compute.targetSslProxies.listTagBindings
compute.targetSslProxies.setBackendService
compute.targetSslProxies.setCertificateMap
compute.targetSslProxies.setProxyHeader
compute.targetSslProxies.setSslCertificates
compute.targetSslProxies.setSslPolicy
compute.targetSslProxies.update
compute.targetSslProxies.use

compute.targetTcpProxies.*

compute.targetTcpProxies.create
compute.targetTcpProxies.createTagBinding
compute.targetTcpProxies.delete
compute.targetTcpProxies.deleteTagBinding
compute.targetTcpProxies.get
compute.targetTcpProxies.list
compute.targetTcpProxies.listEffectiveTags
compute.targetTcpProxies.listTagBindings
compute.targetTcpProxies.update
compute.targetTcpProxies.use

compute.targetVpnGateways.*

compute.targetVpnGateways.create
compute.targetVpnGateways.createTagBinding
compute.targetVpnGateways.delete
compute.targetVpnGateways.deleteTagBinding
compute.targetVpnGateways.get
compute.targetVpnGateways.list
compute.targetVpnGateways.listEffectiveTags
compute.targetVpnGateways.listTagBindings
compute.targetVpnGateways.setLabels
compute.targetVpnGateways.use

compute.urlMaps.*

compute.urlMaps.create
compute.urlMaps.createTagBinding
compute.urlMaps.delete
compute.urlMaps.deleteTagBinding
compute.urlMaps.get
compute.urlMaps.invalidateCache
compute.urlMaps.list
compute.urlMaps.listEffectiveTags
compute.urlMaps.listTagBindings
compute.urlMaps.update
compute.urlMaps.use
compute.urlMaps.validate

compute.vpnGateways.*

compute.vpnGateways.create
compute.vpnGateways.createTagBinding
compute.vpnGateways.delete
compute.vpnGateways.deleteTagBinding
compute.vpnGateways.get
compute.vpnGateways.list
compute.vpnGateways.listEffectiveTags
compute.vpnGateways.listTagBindings
compute.vpnGateways.setLabels
compute.vpnGateways.use

compute.vpnTunnels.*

compute.vpnTunnels.create
compute.vpnTunnels.createTagBinding
compute.vpnTunnels.delete
compute.vpnTunnels.deleteTagBinding
compute.vpnTunnels.get
compute.vpnTunnels.list
compute.vpnTunnels.listEffectiveTags
compute.vpnTunnels.listTagBindings
compute.vpnTunnels.setLabels

compute.wireGroups.*

compute.wireGroups.create
compute.wireGroups.delete
compute.wireGroups.get
compute.wireGroups.list
compute.wireGroups.update

compute.zoneOperations.get

compute.zoneOperations.list

compute.zones.*

compute.zones.get
compute.zones.list

networkconnectivity.internalRanges.*

networkconnectivity.internalRanges.create
networkconnectivity.internalRanges.delete
networkconnectivity.internalRanges.get
networkconnectivity.internalRanges.getIamPolicy
networkconnectivity.internalRanges.list
networkconnectivity.internalRanges.setIamPolicy
networkconnectivity.internalRanges.update

networkconnectivity.locations.*

networkconnectivity.locations.get
networkconnectivity.locations.list

networkconnectivity.operations.*

networkconnectivity.operations.cancel
networkconnectivity.operations.delete
networkconnectivity.operations.get
networkconnectivity.operations.list

networkconnectivity.policyBasedRoutes.*

networkconnectivity.policyBasedRoutes.create
networkconnectivity.policyBasedRoutes.delete
networkconnectivity.policyBasedRoutes.get
networkconnectivity.policyBasedRoutes.getIamPolicy
networkconnectivity.policyBasedRoutes.list
networkconnectivity.policyBasedRoutes.setIamPolicy

networkconnectivity.regionalEndpoints.*

networkconnectivity.regionalEndpoints.create
networkconnectivity.regionalEndpoints.delete
networkconnectivity.regionalEndpoints.get
networkconnectivity.regionalEndpoints.list

networkconnectivity.serviceClasses.*

networkconnectivity.serviceClasses.create
networkconnectivity.serviceClasses.delete
networkconnectivity.serviceClasses.get
networkconnectivity.serviceClasses.list
networkconnectivity.serviceClasses.update
networkconnectivity.serviceClasses.use

networkconnectivity.serviceConnectionMaps.*

networkconnectivity.serviceConnectionMaps.create
networkconnectivity.serviceConnectionMaps.delete
networkconnectivity.serviceConnectionMaps.get
networkconnectivity.serviceConnectionMaps.list
networkconnectivity.serviceConnectionMaps.update

networkconnectivity.serviceConnectionPolicies.*

networkconnectivity.serviceConnectionPolicies.create
networkconnectivity.serviceConnectionPolicies.delete
networkconnectivity.serviceConnectionPolicies.get
networkconnectivity.serviceConnectionPolicies.list
networkconnectivity.serviceConnectionPolicies.update

networkmanagement.connectivitytests.get

networkmanagement.connectivitytests.list

networksecurity.addressGroups.*

networksecurity.addressGroups.create
networksecurity.addressGroups.delete
networksecurity.addressGroups.get
networksecurity.addressGroups.getIamPolicy
networksecurity.addressGroups.list
networksecurity.addressGroups.setIamPolicy
networksecurity.addressGroups.update
networksecurity.addressGroups.use

networksecurity.authorizationPolicies.*

networksecurity.authorizationPolicies.create
networksecurity.authorizationPolicies.delete
networksecurity.authorizationPolicies.get
networksecurity.authorizationPolicies.getIamPolicy
networksecurity.authorizationPolicies.list
networksecurity.authorizationPolicies.setIamPolicy
networksecurity.authorizationPolicies.update
networksecurity.authorizationPolicies.use

networksecurity.authzPolicies.*

networksecurity.authzPolicies.create
networksecurity.authzPolicies.delete
networksecurity.authzPolicies.get
networksecurity.authzPolicies.getIamPolicy
networksecurity.authzPolicies.list
networksecurity.authzPolicies.setIamPolicy
networksecurity.authzPolicies.update

networksecurity.backendAuthenticationConfigs.*

networksecurity.backendAuthenticationConfigs.create
networksecurity.backendAuthenticationConfigs.delete
networksecurity.backendAuthenticationConfigs.get
networksecurity.backendAuthenticationConfigs.list
networksecurity.backendAuthenticationConfigs.update
networksecurity.backendAuthenticationConfigs.use

networksecurity.clientTlsPolicies.*

networksecurity.clientTlsPolicies.create
networksecurity.clientTlsPolicies.delete
networksecurity.clientTlsPolicies.get
networksecurity.clientTlsPolicies.getIamPolicy
networksecurity.clientTlsPolicies.list
networksecurity.clientTlsPolicies.setIamPolicy
networksecurity.clientTlsPolicies.update
networksecurity.clientTlsPolicies.use

networksecurity.firewallEndpointAssociations.*

networksecurity.firewallEndpointAssociations.create
networksecurity.firewallEndpointAssociations.delete
networksecurity.firewallEndpointAssociations.get
networksecurity.firewallEndpointAssociations.list
networksecurity.firewallEndpointAssociations.update

networksecurity.firewallEndpoints.*

networksecurity.firewallEndpoints.create
networksecurity.firewallEndpoints.delete
networksecurity.firewallEndpoints.get
networksecurity.firewallEndpoints.list
networksecurity.firewallEndpoints.update
networksecurity.firewallEndpoints.use

networksecurity.gatewaySecurityPolicies.*

networksecurity.gatewaySecurityPolicies.create
networksecurity.gatewaySecurityPolicies.delete
networksecurity.gatewaySecurityPolicies.get
networksecurity.gatewaySecurityPolicies.list
networksecurity.gatewaySecurityPolicies.update
networksecurity.gatewaySecurityPolicies.use

networksecurity.gatewaySecurityPolicyRules.*

networksecurity.gatewaySecurityPolicyRules.create
networksecurity.gatewaySecurityPolicyRules.delete
networksecurity.gatewaySecurityPolicyRules.get
networksecurity.gatewaySecurityPolicyRules.list
networksecurity.gatewaySecurityPolicyRules.update
networksecurity.gatewaySecurityPolicyRules.use

networksecurity.locations.*

networksecurity.locations.get
networksecurity.locations.list

networksecurity.operations.*

networksecurity.operations.cancel
networksecurity.operations.delete
networksecurity.operations.get
networksecurity.operations.list

networksecurity.sacAttachments.*

networksecurity.sacAttachments.create
networksecurity.sacAttachments.delete
networksecurity.sacAttachments.get
networksecurity.sacAttachments.list

networksecurity.sacRealms.*

networksecurity.sacRealms.create
networksecurity.sacRealms.delete
networksecurity.sacRealms.get
networksecurity.sacRealms.list

networksecurity.securityProfileGroups.*

networksecurity.securityProfileGroups.create
networksecurity.securityProfileGroups.delete
networksecurity.securityProfileGroups.get
networksecurity.securityProfileGroups.list
networksecurity.securityProfileGroups.update
networksecurity.securityProfileGroups.use

networksecurity.securityProfiles.*

networksecurity.securityProfiles.create
networksecurity.securityProfiles.delete
networksecurity.securityProfiles.get
networksecurity.securityProfiles.list
networksecurity.securityProfiles.update
networksecurity.securityProfiles.use

networksecurity.serverTlsPolicies.*

networksecurity.serverTlsPolicies.create
networksecurity.serverTlsPolicies.delete
networksecurity.serverTlsPolicies.get
networksecurity.serverTlsPolicies.getIamPolicy
networksecurity.serverTlsPolicies.list
networksecurity.serverTlsPolicies.setIamPolicy
networksecurity.serverTlsPolicies.update
networksecurity.serverTlsPolicies.use

networksecurity.tlsInspectionPolicies.*

networksecurity.tlsInspectionPolicies.create
networksecurity.tlsInspectionPolicies.delete
networksecurity.tlsInspectionPolicies.get
networksecurity.tlsInspectionPolicies.list
networksecurity.tlsInspectionPolicies.update
networksecurity.tlsInspectionPolicies.use

networksecurity.urlLists.*

networksecurity.urlLists.create
networksecurity.urlLists.delete
networksecurity.urlLists.get
networksecurity.urlLists.list
networksecurity.urlLists.update
networksecurity.urlLists.use

networkservices.*

networkservices.authzExtensions.create
networkservices.authzExtensions.delete
networkservices.authzExtensions.get
networkservices.authzExtensions.list
networkservices.authzExtensions.update
networkservices.authzExtensions.use
networkservices.endpointPolicies.create
networkservices.endpointPolicies.delete
networkservices.endpointPolicies.get
networkservices.endpointPolicies.list
networkservices.endpointPolicies.update
networkservices.gateways.create
networkservices.gateways.delete
networkservices.gateways.get
networkservices.gateways.list
networkservices.gateways.update
networkservices.gateways.use
networkservices.grpcRoutes.create
networkservices.grpcRoutes.delete
networkservices.grpcRoutes.get
networkservices.grpcRoutes.list
networkservices.grpcRoutes.update
networkservices.httpFilters.create
networkservices.httpFilters.delete
networkservices.httpFilters.get
networkservices.httpFilters.list
networkservices.httpFilters.update
networkservices.httpRoutes.create
networkservices.httpRoutes.delete
networkservices.httpRoutes.get
networkservices.httpRoutes.list
networkservices.httpRoutes.update
networkservices.httpfilters.create
networkservices.httpfilters.delete
networkservices.httpfilters.get
networkservices.httpfilters.getIamPolicy
networkservices.httpfilters.list
networkservices.httpfilters.setIamPolicy
networkservices.httpfilters.update
networkservices.httpfilters.use
networkservices.lbEdgeExtensions.create
networkservices.lbEdgeExtensions.delete
networkservices.lbEdgeExtensions.get
networkservices.lbEdgeExtensions.list
networkservices.lbEdgeExtensions.update
networkservices.lbRouteExtensions.create
networkservices.lbRouteExtensions.delete
networkservices.lbRouteExtensions.get
networkservices.lbRouteExtensions.list
networkservices.lbRouteExtensions.update
networkservices.lbTcpExtensions.createForNetwork
networkservices.lbTcpExtensions.deleteForNetwork
networkservices.lbTcpExtensions.getForNetwork
networkservices.lbTcpExtensions.listForNetwork
networkservices.lbTcpExtensions.updateForNetwork
networkservices.lbTrafficExtensions.create
networkservices.lbTrafficExtensions.delete
networkservices.lbTrafficExtensions.get
networkservices.lbTrafficExtensions.list
networkservices.lbTrafficExtensions.update
networkservices.locations.get
networkservices.locations.list
networkservices.meshes.create
networkservices.meshes.delete
networkservices.meshes.get
networkservices.meshes.list
networkservices.meshes.update
networkservices.meshes.use
networkservices.operations.cancel
networkservices.operations.delete
networkservices.operations.get
networkservices.operations.list
networkservices.route_views.get
networkservices.route_views.list
networkservices.serviceBindings.create
networkservices.serviceBindings.delete
networkservices.serviceBindings.get
networkservices.serviceBindings.list
networkservices.serviceBindings.update
networkservices.serviceLbPolicies.create
networkservices.serviceLbPolicies.delete
networkservices.serviceLbPolicies.get
networkservices.serviceLbPolicies.list
networkservices.serviceLbPolicies.update
networkservices.swpSecurityExtensions.create
networkservices.swpSecurityExtensions.delete
networkservices.swpSecurityExtensions.get
networkservices.swpSecurityExtensions.list
networkservices.swpSecurityExtensions.update
networkservices.tcpRoutes.create
networkservices.tcpRoutes.delete
networkservices.tcpRoutes.get
networkservices.tcpRoutes.list
networkservices.tcpRoutes.update
networkservices.tlsRoutes.create
networkservices.tlsRoutes.delete
networkservices.tlsRoutes.get
networkservices.tlsRoutes.list
networkservices.tlsRoutes.update
networkservices.wasmPlugins.create
networkservices.wasmPlugins.delete
networkservices.wasmPlugins.get
networkservices.wasmPlugins.list
networkservices.wasmPlugins.update
networkservices.wasmPlugins.use

resourcemanager.projects.get

resourcemanager.projects.list

servicedirectory.namespaces.create

servicedirectory.namespaces.delete

servicedirectory.services.create

servicedirectory.services.delete

servicenetworking.operations.get

servicenetworking.services.addPeering

servicenetworking.services.createPeeredDnsDomain

servicenetworking.services.deleteConnection

servicenetworking.services.deletePeeredDnsDomain

servicenetworking.services.disableVpcServiceControls

servicenetworking.services.enableVpcServiceControls

servicenetworking.services.get

servicenetworking.services.getVpcServiceControls

servicenetworking.services.listPeeredDnsDomains

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

trafficdirector.*

trafficdirector.networks.getConfigs
trafficdirector.networks.reportMetrics

Compute Network User

(roles/compute.networkUser)

Provides access to a shared VPC network

Once granted, service owners can use VPC networks and subnets that belongto the host project. For example, a network user can create a VM instancethat belongs to a host project network but they cannot delete or createnew networks in the host project.

Lowest-level resources where you can grant this role:

Subnetwork

compute.addresses.createInternal

compute.addresses.deleteInternal

compute.addresses.get

compute.addresses.list

compute.addresses.listEffectiveTags

compute.addresses.listTagBindings

compute.addresses.useInternal

compute.crossSiteNetworks.get

compute.crossSiteNetworks.list

compute.externalVpnGateways.get

compute.externalVpnGateways.list

compute.externalVpnGateways.listEffectiveTags

compute.externalVpnGateways.listTagBindings

compute.externalVpnGateways.use

compute.firewalls.get

compute.firewalls.list

compute.firewalls.listEffectiveTags

compute.firewalls.listTagBindings

compute.instanceSettings.get

compute.interconnectAttachmentGroups.get

compute.interconnectAttachmentGroups.list

compute.interconnectAttachments.get

compute.interconnectAttachments.list

compute.interconnectAttachments.listEffectiveTags

compute.interconnectAttachments.listTagBindings

compute.interconnectGroups.get

compute.interconnectGroups.list

compute.interconnectLocations.*

compute.interconnectLocations.get
compute.interconnectLocations.list

compute.interconnectRemoteLocations.*

compute.interconnectRemoteLocations.get
compute.interconnectRemoteLocations.list

compute.interconnects.get

compute.interconnects.list

compute.interconnects.listEffectiveTags

compute.interconnects.listTagBindings

compute.interconnects.use

compute.networkAttachments.get

compute.networkAttachments.list

compute.networkAttachments.listEffectiveTags

compute.networkAttachments.listTagBindings

compute.networkProfiles.*

compute.networkProfiles.get
compute.networkProfiles.list

compute.networks.access

compute.networks.get

compute.networks.getEffectiveFirewalls

compute.networks.getRegionEffectiveFirewalls

compute.networks.list

compute.networks.listEffectiveTags

compute.networks.listPeeringRoutes

compute.networks.listTagBindings

compute.networks.use

compute.networks.useExternalIp

compute.projects.get

compute.regionCompositeHealthChecks.get

compute.regionCompositeHealthChecks.list

compute.regionHealthAggregationPolicies.get

compute.regionHealthAggregationPolicies.list

compute.regionHealthSources.get

compute.regionHealthSources.list

compute.regionNetworkPolicies.get

compute.regionNetworkPolicies.list

compute.regionNetworkPolicies.use

compute.regions.*

compute.regions.get
compute.regions.list

compute.routers.get

compute.routers.getRoutePolicy

compute.routers.list

compute.routers.listBgpRoutes

compute.routers.listEffectiveTags

compute.routers.listRoutePolicies

compute.routers.listTagBindings

compute.routes.get

compute.routes.list

compute.routes.listEffectiveTags

compute.routes.listTagBindings

compute.serviceAttachments.get

compute.serviceAttachments.list

compute.serviceAttachments.listEffectiveTags

compute.serviceAttachments.listTagBindings

compute.subnetworks.get

compute.subnetworks.list

compute.subnetworks.listEffectiveTags

compute.subnetworks.listTagBindings

compute.subnetworks.use

compute.subnetworks.useExternalIp

compute.targetVpnGateways.get

compute.targetVpnGateways.list

compute.targetVpnGateways.listEffectiveTags

compute.targetVpnGateways.listTagBindings

compute.vpnGateways.get

compute.vpnGateways.list

compute.vpnGateways.listEffectiveTags

compute.vpnGateways.listTagBindings

compute.vpnGateways.use

compute.vpnTunnels.get

compute.vpnTunnels.list

compute.vpnTunnels.listEffectiveTags

compute.vpnTunnels.listTagBindings

compute.wireGroups.get

compute.wireGroups.list

compute.zones.*

compute.zones.get
compute.zones.list

networkconnectivity.internalRanges.get

networkconnectivity.internalRanges.list

networkconnectivity.locations.*

networkconnectivity.locations.get
networkconnectivity.locations.list

networkconnectivity.operations.get

networkconnectivity.operations.list

networkconnectivity.policyBasedRoutes.get

networkconnectivity.policyBasedRoutes.list

networkmanagement.connectivitytests.get

networkmanagement.connectivitytests.list

networksecurity.addressGroups.get

networksecurity.addressGroups.list

networksecurity.addressGroups.use

networksecurity.authorizationPolicies.get

networksecurity.authorizationPolicies.list

networksecurity.authorizationPolicies.use

networksecurity.authzPolicies.get

networksecurity.authzPolicies.list

networksecurity.clientTlsPolicies.get

networksecurity.clientTlsPolicies.list

networksecurity.clientTlsPolicies.use

networksecurity.firewallEndpointAssociations.get

networksecurity.firewallEndpointAssociations.list

networksecurity.firewallEndpoints.get

networksecurity.firewallEndpoints.list

networksecurity.firewallEndpoints.use

networksecurity.gatewaySecurityPolicies.get

networksecurity.gatewaySecurityPolicies.list

networksecurity.gatewaySecurityPolicies.use

networksecurity.gatewaySecurityPolicyRules.get

networksecurity.gatewaySecurityPolicyRules.list

networksecurity.gatewaySecurityPolicyRules.use

networksecurity.locations.*

networksecurity.locations.get
networksecurity.locations.list

networksecurity.operations.get

networksecurity.operations.list

networksecurity.sacAttachments.*

networksecurity.sacAttachments.create
networksecurity.sacAttachments.delete
networksecurity.sacAttachments.get
networksecurity.sacAttachments.list

networksecurity.sacRealms.get

networksecurity.sacRealms.list

networksecurity.securityProfileGroups.get

networksecurity.securityProfileGroups.list

networksecurity.securityProfileGroups.use

networksecurity.securityProfiles.get

networksecurity.securityProfiles.list

networksecurity.securityProfiles.use

networksecurity.serverTlsPolicies.get

networksecurity.serverTlsPolicies.list

networksecurity.serverTlsPolicies.use

networksecurity.tlsInspectionPolicies.get

networksecurity.tlsInspectionPolicies.list

networksecurity.tlsInspectionPolicies.use

networksecurity.urlLists.get

networksecurity.urlLists.list

networksecurity.urlLists.use

networkservices.authzExtensions.get

networkservices.authzExtensions.list

networkservices.authzExtensions.use

networkservices.endpointPolicies.get

networkservices.endpointPolicies.list

networkservices.gateways.get

networkservices.gateways.list

networkservices.gateways.use

networkservices.grpcRoutes.get

networkservices.grpcRoutes.list

networkservices.httpFilters.get

networkservices.httpFilters.list

networkservices.httpRoutes.get

networkservices.httpRoutes.list

networkservices.httpfilters.get

networkservices.httpfilters.list

networkservices.httpfilters.use

networkservices.lbEdgeExtensions.get

networkservices.lbEdgeExtensions.list

networkservices.lbRouteExtensions.get

networkservices.lbRouteExtensions.list

networkservices.lbTrafficExtensions.get

networkservices.lbTrafficExtensions.list

networkservices.locations.*

networkservices.locations.get
networkservices.locations.list

networkservices.meshes.get

networkservices.meshes.list

networkservices.meshes.use

networkservices.operations.get

networkservices.operations.list

networkservices.route_views.*

networkservices.route_views.get
networkservices.route_views.list

networkservices.serviceBindings.get

networkservices.serviceBindings.list

networkservices.serviceLbPolicies.get

networkservices.serviceLbPolicies.list

networkservices.swpSecurityExtensions.get

networkservices.swpSecurityExtensions.list

networkservices.tcpRoutes.get

networkservices.tcpRoutes.list

networkservices.tlsRoutes.get

networkservices.tlsRoutes.list

networkservices.wasmPlugins.get

networkservices.wasmPlugins.list

networkservices.wasmPlugins.use

resourcemanager.projects.get

resourcemanager.projects.list

servicenetworking.services.get

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Compute Network Viewer

(roles/compute.networkViewer)

Read-only access to all networking resources

For example, if you have software that inspects your networkconfiguration, you could grant this role to that software'sservice account.

Lowest-level resources where you can grant this role:

Instance

compute.acceleratorTypes.*

compute.acceleratorTypes.get
compute.acceleratorTypes.list

compute.addresses.get

compute.addresses.list

compute.addresses.listEffectiveTags

compute.addresses.listTagBindings

compute.autoscalers.get

compute.autoscalers.list

compute.backendBuckets.get

compute.backendBuckets.list

compute.backendBuckets.listEffectiveTags

compute.backendBuckets.listTagBindings

compute.backendServices.get

compute.backendServices.list

compute.backendServices.listEffectiveTags

compute.backendServices.listTagBindings

compute.crossSiteNetworks.get

compute.crossSiteNetworks.list

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.externalVpnGateways.get

compute.externalVpnGateways.list

compute.externalVpnGateways.listEffectiveTags

compute.externalVpnGateways.listTagBindings

compute.firewalls.get

compute.firewalls.list

compute.firewalls.listEffectiveTags

compute.firewalls.listTagBindings

compute.forwardingRules.get

compute.forwardingRules.list

compute.forwardingRules.listEffectiveTags

compute.forwardingRules.listTagBindings

compute.globalAddresses.get

compute.globalAddresses.list

compute.globalAddresses.listEffectiveTags

compute.globalAddresses.listTagBindings

compute.globalForwardingRules.get

compute.globalForwardingRules.list

compute.globalForwardingRules.listEffectiveTags

compute.globalForwardingRules.listTagBindings

compute.healthChecks.get

compute.healthChecks.list

compute.healthChecks.listEffectiveTags

compute.healthChecks.listTagBindings

compute.httpHealthChecks.get

compute.httpHealthChecks.list

compute.httpHealthChecks.listEffectiveTags

compute.httpHealthChecks.listTagBindings

compute.httpsHealthChecks.get

compute.httpsHealthChecks.list

compute.httpsHealthChecks.listEffectiveTags

compute.httpsHealthChecks.listTagBindings

compute.images.listEffectiveTags

compute.images.listTagBindings

compute.instanceGroupManagers.get

compute.instanceGroupManagers.list

compute.instanceGroupManagers.listEffectiveTags

compute.instanceGroupManagers.listTagBindings

compute.instanceGroups.get

compute.instanceGroups.list

compute.instanceGroups.listEffectiveTags

compute.instanceGroups.listTagBindings

compute.instanceSettings.get

compute.instances.get

compute.instances.getGuestAttributes

compute.instances.getScreenshot

compute.instances.getSerialPortOutput

compute.instances.list

compute.instances.listEffectiveTags

compute.instances.listReferrers

compute.instances.listTagBindings

compute.interconnectAttachmentGroups.get

compute.interconnectAttachmentGroups.list

compute.interconnectAttachments.get

compute.interconnectAttachments.list

compute.interconnectAttachments.listEffectiveTags

compute.interconnectAttachments.listTagBindings

compute.interconnectGroups.get

compute.interconnectGroups.list

compute.interconnectLocations.*

compute.interconnectLocations.get
compute.interconnectLocations.list

compute.interconnectRemoteLocations.*

compute.interconnectRemoteLocations.get
compute.interconnectRemoteLocations.list

compute.interconnects.get

compute.interconnects.list

compute.interconnects.listEffectiveTags

compute.interconnects.listTagBindings

compute.machineTypes.*

compute.machineTypes.get
compute.machineTypes.list

compute.networkAttachments.get

compute.networkAttachments.list

compute.networkAttachments.listEffectiveTags

compute.networkAttachments.listTagBindings

compute.networkProfiles.*

compute.networkProfiles.get
compute.networkProfiles.list

compute.networks.get

compute.networks.getEffectiveFirewalls

compute.networks.getRegionEffectiveFirewalls

compute.networks.list

compute.networks.listEffectiveTags

compute.networks.listPeeringRoutes

compute.networks.listTagBindings

compute.packetMirrorings.get

compute.packetMirrorings.list

compute.packetMirrorings.listEffectiveTags

compute.packetMirrorings.listTagBindings

compute.projects.get

compute.regionBackendBuckets.get

compute.regionBackendBuckets.list

compute.regionBackendBuckets.listEffectiveTags

compute.regionBackendBuckets.listTagBindings

compute.regionBackendServices.get

compute.regionBackendServices.list

compute.regionBackendServices.listEffectiveTags

compute.regionBackendServices.listTagBindings

compute.regionCompositeHealthChecks.get

compute.regionCompositeHealthChecks.list

compute.regionHealthAggregationPolicies.get

compute.regionHealthAggregationPolicies.list

compute.regionHealthCheckServices.get

compute.regionHealthCheckServices.list

compute.regionHealthChecks.get

compute.regionHealthChecks.list

compute.regionHealthChecks.listEffectiveTags

compute.regionHealthChecks.listTagBindings

compute.regionHealthSources.get

compute.regionHealthSources.list

compute.regionNetworkPolicies.get

compute.regionNetworkPolicies.list

compute.regionNotificationEndpoints.get

compute.regionNotificationEndpoints.list

compute.regionSslCertificates.get

compute.regionSslCertificates.list

compute.regionSslCertificates.listEffectiveTags

compute.regionSslCertificates.listTagBindings

compute.regionSslPolicies.get

compute.regionSslPolicies.list

compute.regionSslPolicies.listAvailableFeatures

compute.regionSslPolicies.listEffectiveTags

compute.regionSslPolicies.listTagBindings

compute.regionTargetHttpProxies.get

compute.regionTargetHttpProxies.list

compute.regionTargetHttpProxies.listEffectiveTags

compute.regionTargetHttpProxies.listTagBindings

compute.regionTargetHttpsProxies.get

compute.regionTargetHttpsProxies.list

compute.regionTargetHttpsProxies.listEffectiveTags

compute.regionTargetHttpsProxies.listTagBindings

compute.regionTargetTcpProxies.get

compute.regionTargetTcpProxies.list

compute.regionTargetTcpProxies.listEffectiveTags

compute.regionTargetTcpProxies.listTagBindings

compute.regionUrlMaps.get

compute.regionUrlMaps.list

compute.regionUrlMaps.listEffectiveTags

compute.regionUrlMaps.listTagBindings

compute.regions.*

compute.regions.get
compute.regions.list

compute.routers.get

compute.routers.getRoutePolicy

compute.routers.list

compute.routers.listBgpRoutes

compute.routers.listEffectiveTags

compute.routers.listRoutePolicies

compute.routers.listTagBindings

compute.routes.get

compute.routes.list

compute.routes.listEffectiveTags

compute.routes.listTagBindings

compute.serviceAttachments.get

compute.serviceAttachments.list

compute.serviceAttachments.listEffectiveTags

compute.serviceAttachments.listTagBindings

compute.snapshots.listEffectiveTags

compute.snapshots.listTagBindings

compute.sslCertificates.get

compute.sslCertificates.list

compute.sslCertificates.listEffectiveTags

compute.sslCertificates.listTagBindings

compute.sslPolicies.get

compute.sslPolicies.list

compute.sslPolicies.listAvailableFeatures

compute.sslPolicies.listEffectiveTags

compute.sslPolicies.listTagBindings

compute.subnetworks.get

compute.subnetworks.list

compute.subnetworks.listEffectiveTags

compute.subnetworks.listTagBindings

compute.targetGrpcProxies.get

compute.targetGrpcProxies.list

compute.targetGrpcProxies.listEffectiveTags

compute.targetGrpcProxies.listTagBindings

compute.targetHttpProxies.get

compute.targetHttpProxies.list

compute.targetHttpProxies.listEffectiveTags

compute.targetHttpProxies.listTagBindings

compute.targetHttpsProxies.get

compute.targetHttpsProxies.list

compute.targetHttpsProxies.listEffectiveTags

compute.targetHttpsProxies.listTagBindings

compute.targetInstances.get

compute.targetInstances.list

compute.targetInstances.listEffectiveTags

compute.targetInstances.listTagBindings

compute.targetPools.get

compute.targetPools.list

compute.targetPools.listEffectiveTags

compute.targetPools.listTagBindings

compute.targetSslProxies.get

compute.targetSslProxies.list

compute.targetSslProxies.listEffectiveTags

compute.targetSslProxies.listTagBindings

compute.targetTcpProxies.get

compute.targetTcpProxies.list

compute.targetTcpProxies.listEffectiveTags

compute.targetTcpProxies.listTagBindings

compute.targetVpnGateways.get

compute.targetVpnGateways.list

compute.targetVpnGateways.listEffectiveTags

compute.targetVpnGateways.listTagBindings

compute.urlMaps.get

compute.urlMaps.list

compute.urlMaps.listEffectiveTags

compute.urlMaps.listTagBindings

compute.vpnGateways.get

compute.vpnGateways.list

compute.vpnGateways.listEffectiveTags

compute.vpnGateways.listTagBindings

compute.vpnTunnels.get

compute.vpnTunnels.list

compute.vpnTunnels.listEffectiveTags

compute.vpnTunnels.listTagBindings

compute.wireGroups.get

compute.wireGroups.list

compute.zones.*

compute.zones.get
compute.zones.list

networkconnectivity.internalRanges.get

networkconnectivity.internalRanges.list

networkconnectivity.locations.*

networkconnectivity.locations.get
networkconnectivity.locations.list

networkconnectivity.operations.get

networkconnectivity.operations.list

networkconnectivity.policyBasedRoutes.get

networkconnectivity.policyBasedRoutes.list

networkmanagement.connectivitytests.get

networkmanagement.connectivitytests.list

networksecurity.addressGroups.get

networksecurity.addressGroups.list

networksecurity.authorizationPolicies.get

networksecurity.authorizationPolicies.list

networksecurity.authzPolicies.get

networksecurity.authzPolicies.list

networksecurity.clientTlsPolicies.get

networksecurity.clientTlsPolicies.list

networksecurity.firewallEndpointAssociations.get

networksecurity.firewallEndpointAssociations.list

networksecurity.firewallEndpoints.get

networksecurity.firewallEndpoints.list

networksecurity.gatewaySecurityPolicies.get

networksecurity.gatewaySecurityPolicies.list

networksecurity.gatewaySecurityPolicyRules.get

networksecurity.gatewaySecurityPolicyRules.list

networksecurity.locations.*

networksecurity.locations.get
networksecurity.locations.list

networksecurity.operations.get

networksecurity.operations.list

networksecurity.sacAttachments.get

networksecurity.sacAttachments.list

networksecurity.sacRealms.get

networksecurity.sacRealms.list

networksecurity.securityProfileGroups.get

networksecurity.securityProfileGroups.list

networksecurity.securityProfiles.get

networksecurity.securityProfiles.list

networksecurity.serverTlsPolicies.get

networksecurity.serverTlsPolicies.list

networksecurity.tlsInspectionPolicies.get

networksecurity.tlsInspectionPolicies.list

networksecurity.urlLists.get

networksecurity.urlLists.list

networkservices.authzExtensions.get

networkservices.authzExtensions.list

networkservices.endpointPolicies.get

networkservices.endpointPolicies.list

networkservices.gateways.get

networkservices.gateways.list

networkservices.grpcRoutes.get

networkservices.grpcRoutes.list

networkservices.httpFilters.get

networkservices.httpFilters.list

networkservices.httpRoutes.get

networkservices.httpRoutes.list

networkservices.httpfilters.get

networkservices.httpfilters.list

networkservices.lbEdgeExtensions.get

networkservices.lbEdgeExtensions.list

networkservices.lbRouteExtensions.get

networkservices.lbRouteExtensions.list

networkservices.lbTrafficExtensions.get

networkservices.lbTrafficExtensions.list

networkservices.locations.*

networkservices.locations.get
networkservices.locations.list

networkservices.meshes.get

networkservices.meshes.list

networkservices.operations.get

networkservices.operations.list

networkservices.route_views.*

networkservices.route_views.get
networkservices.route_views.list

networkservices.serviceBindings.get

networkservices.serviceBindings.list

networkservices.serviceLbPolicies.get

networkservices.serviceLbPolicies.list

networkservices.swpSecurityExtensions.get

networkservices.swpSecurityExtensions.list

networkservices.tcpRoutes.get

networkservices.tcpRoutes.list

networkservices.tlsRoutes.get

networkservices.tlsRoutes.list

networkservices.wasmPlugins.get

networkservices.wasmPlugins.list

resourcemanager.projects.get

resourcemanager.projects.list

servicenetworking.services.get

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

trafficdirector.*

trafficdirector.networks.getConfigs
trafficdirector.networks.reportMetrics

Compute Organization Firewall Policy Admin

(roles/compute.orgFirewallPolicyAdmin)

Full control of Compute Engine Organization Firewall Policies.

compute.firewallPolicies.*

compute.firewallPolicies.cloneRules
compute.firewallPolicies.copyRules
compute.firewallPolicies.create
compute.firewallPolicies.createTagBinding
compute.firewallPolicies.delete
compute.firewallPolicies.deleteTagBinding
compute.firewallPolicies.get
compute.firewallPolicies.getIamPolicy
compute.firewallPolicies.list
compute.firewallPolicies.listEffectiveTags
compute.firewallPolicies.listTagBindings
compute.firewallPolicies.move
compute.firewallPolicies.setIamPolicy
compute.firewallPolicies.update
compute.firewallPolicies.use

compute.globalOperations.get

compute.globalOperations.getIamPolicy

compute.globalOperations.list

compute.globalOperations.setIamPolicy

compute.projects.get

compute.regionFirewallPolicies.*

compute.regionFirewallPolicies.cloneRules
compute.regionFirewallPolicies.create
compute.regionFirewallPolicies.createTagBinding
compute.regionFirewallPolicies.delete
compute.regionFirewallPolicies.deleteTagBinding
compute.regionFirewallPolicies.get
compute.regionFirewallPolicies.getIamPolicy
compute.regionFirewallPolicies.list
compute.regionFirewallPolicies.listEffectiveTags
compute.regionFirewallPolicies.listTagBindings
compute.regionFirewallPolicies.setIamPolicy
compute.regionFirewallPolicies.update
compute.regionFirewallPolicies.use

compute.regionOperations.get

compute.regionOperations.getIamPolicy

compute.regionOperations.list

compute.regionOperations.setIamPolicy

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Compute Organization Firewall Policy User

(roles/compute.orgFirewallPolicyUser)

View or use Compute Engine Firewall Policies to associate with the organization or folders.

compute.firewallPolicies.get

compute.firewallPolicies.list

compute.firewallPolicies.listEffectiveTags

compute.firewallPolicies.listTagBindings

compute.firewallPolicies.use

compute.globalOperations.get

compute.globalOperations.getIamPolicy

compute.globalOperations.list

compute.projects.get

compute.regionFirewallPolicies.get

compute.regionFirewallPolicies.list

compute.regionFirewallPolicies.listEffectiveTags

compute.regionFirewallPolicies.listTagBindings

compute.regionFirewallPolicies.use

compute.regionOperations.get

compute.regionOperations.getIamPolicy

compute.regionOperations.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Compute Organization Security Policy Admin

(roles/compute.orgSecurityPolicyAdmin)

Full control of Compute Engine Organization Security Policies.

compute.firewallPolicies.*

compute.firewallPolicies.cloneRules
compute.firewallPolicies.copyRules
compute.firewallPolicies.create
compute.firewallPolicies.createTagBinding
compute.firewallPolicies.delete
compute.firewallPolicies.deleteTagBinding
compute.firewallPolicies.get
compute.firewallPolicies.getIamPolicy
compute.firewallPolicies.list
compute.firewallPolicies.listEffectiveTags
compute.firewallPolicies.listTagBindings
compute.firewallPolicies.move
compute.firewallPolicies.setIamPolicy
compute.firewallPolicies.update
compute.firewallPolicies.use

compute.globalOperations.get

compute.globalOperations.getIamPolicy

compute.globalOperations.list

compute.globalOperations.setIamPolicy

compute.projects.get

compute.securityPolicies.addAssociation

compute.securityPolicies.copyRules

compute.securityPolicies.create

compute.securityPolicies.createTagBinding

compute.securityPolicies.delete

compute.securityPolicies.deleteTagBinding

compute.securityPolicies.get

compute.securityPolicies.list

compute.securityPolicies.listEffectiveTags

compute.securityPolicies.listTagBindings

compute.securityPolicies.move

compute.securityPolicies.removeAssociation

compute.securityPolicies.update

compute.securityPolicies.use

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Compute Organization Security Policy User

(roles/compute.orgSecurityPolicyUser)

View or use Compute Engine Security Policies to associate with the organization or folders.

compute.firewallPolicies.get

compute.firewallPolicies.list

compute.firewallPolicies.listEffectiveTags

compute.firewallPolicies.listTagBindings

compute.firewallPolicies.use

compute.globalOperations.get

compute.globalOperations.getIamPolicy

compute.globalOperations.list

compute.globalOperations.setIamPolicy

compute.projects.get

compute.securityPolicies.addAssociation

compute.securityPolicies.get

compute.securityPolicies.list

compute.securityPolicies.listEffectiveTags

compute.securityPolicies.listTagBindings

compute.securityPolicies.removeAssociation

compute.securityPolicies.use

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Compute Organization Resource Admin

(roles/compute.orgSecurityResourceAdmin)

Full control of Compute Engine Firewall Policy associations to the organization or folders.

compute.globalOperations.get

compute.globalOperations.getIamPolicy

compute.globalOperations.list

compute.globalOperations.setIamPolicy

compute.organizations.listAssociations

compute.organizations.setFirewallPolicy

compute.organizations.setSecurityPolicy

compute.projects.get

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Compute OS Admin Login

(roles/compute.osAdminLogin)

Access to log in to a Compute Engine instance as an administratoruser.

Lowest-level resources where you can grant this role:

Instance

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.images.listEffectiveTags

compute.images.listTagBindings

compute.instanceSettings.get

compute.instances.get

compute.instances.list

compute.instances.listEffectiveTags

compute.instances.listTagBindings

compute.instances.osAdminLogin

compute.instances.osLogin

compute.projects.get

compute.snapshots.listEffectiveTags

compute.snapshots.listTagBindings

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Compute OS Login

(roles/compute.osLogin)

Access to log in to a Compute Engine instance as a standard user.

Lowest-level resources where you can grant this role:

Instance

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.images.listEffectiveTags

compute.images.listTagBindings

compute.instanceSettings.get

compute.instances.get

compute.instances.list

compute.instances.listEffectiveTags

compute.instances.listTagBindings

compute.instances.osLogin

compute.projects.get

compute.snapshots.listEffectiveTags

compute.snapshots.listTagBindings

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Compute OS Login External User

(roles/compute.osLoginExternalUser)

Available only at the organization level.

Access for an external user to set OS Login information associated withthis organization. This role does not grant access to instances. Externalusers must be granted one of the requiredOS Login rolesin order to allow access to instances using SSH.

Lowest-level resources where you can grant this role:

Organization

compute.oslogin.updateExternalUser

Compute packet mirroring admin

(roles/compute.packetMirroringAdmin)

Specify resources to be mirrored.

compute.instances.updateSecurity

compute.networks.mirror

compute.projects.get

compute.subnetworks.mirror

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Compute packet mirroring user

(roles/compute.packetMirroringUser)

Use Compute Engine packet mirrorings.

compute.packetMirrorings.*

compute.packetMirrorings.create
compute.packetMirrorings.createTagBinding
compute.packetMirrorings.delete
compute.packetMirrorings.deleteTagBinding
compute.packetMirrorings.get
compute.packetMirrorings.list
compute.packetMirrorings.listEffectiveTags
compute.packetMirrorings.listTagBindings
compute.packetMirrorings.update

compute.projects.get

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Compute Peer Subnet Migration Admin

(roles/compute.peerSubnetMigrationAdmin)

Use subnetwork whose PURPOSE is "PEER_MIGRATION"

compute.addresses.createInternal

compute.addresses.deleteInternal

compute.addresses.get

compute.addresses.use

compute.forwardingRules.create

compute.forwardingRules.delete

compute.forwardingRules.get

compute.forwardingRules.list

compute.forwardingRules.pscCreate

compute.forwardingRules.pscDelete

compute.forwardingRules.pscUpdate

compute.forwardingRules.update

compute.networks.use

compute.regionOperations.get

compute.regions.list

compute.subnetworks.use

compute.subnetworks.usePeerMigration

servicedirectory.namespaces.create

servicedirectory.services.create

servicedirectory.services.delete

Compute Public IP Admin

(roles/compute.publicIpAdmin)

Full control of public IP address management for Compute Engine.

compute.addresses.*

compute.addresses.create
compute.addresses.createInternal
compute.addresses.createTagBinding
compute.addresses.delete
compute.addresses.deleteInternal
compute.addresses.deleteTagBinding
compute.addresses.get
compute.addresses.list
compute.addresses.listEffectiveTags
compute.addresses.listTagBindings
compute.addresses.setLabels
compute.addresses.use
compute.addresses.useInternal

compute.globalAddresses.*

compute.globalAddresses.create
compute.globalAddresses.createInternal
compute.globalAddresses.createTagBinding
compute.globalAddresses.delete
compute.globalAddresses.deleteInternal
compute.globalAddresses.deleteTagBinding
compute.globalAddresses.get
compute.globalAddresses.list
compute.globalAddresses.listEffectiveTags
compute.globalAddresses.listTagBindings
compute.globalAddresses.setLabels
compute.globalAddresses.use

compute.globalPublicDelegatedPrefixes.*

compute.globalPublicDelegatedPrefixes.create
compute.globalPublicDelegatedPrefixes.delete
compute.globalPublicDelegatedPrefixes.get
compute.globalPublicDelegatedPrefixes.list
compute.globalPublicDelegatedPrefixes.updatePolicy

compute.publicAdvertisedPrefixes.*

compute.publicAdvertisedPrefixes.create
compute.publicAdvertisedPrefixes.delete
compute.publicAdvertisedPrefixes.get
compute.publicAdvertisedPrefixes.list
compute.publicAdvertisedPrefixes.update
compute.publicAdvertisedPrefixes.updatePolicy

compute.publicDelegatedPrefixes.*

compute.publicDelegatedPrefixes.announce
compute.publicDelegatedPrefixes.create
compute.publicDelegatedPrefixes.createTagBinding
compute.publicDelegatedPrefixes.delete
compute.publicDelegatedPrefixes.deleteTagBinding
compute.publicDelegatedPrefixes.get
compute.publicDelegatedPrefixes.list
compute.publicDelegatedPrefixes.listEffectiveTags
compute.publicDelegatedPrefixes.listTagBindings
compute.publicDelegatedPrefixes.update
compute.publicDelegatedPrefixes.updatePolicy
compute.publicDelegatedPrefixes.use
compute.publicDelegatedPrefixes.withdraw

resourcemanager.projects.get

resourcemanager.projects.list

Compute Security Admin

(roles/compute.securityAdmin)

Permissions to create, modify, and delete firewall rules and SSLcertificates, and also toconfigureShielded VMsettings.

Lowest-level resources where you can grant this role:

Instance

compute.backendBuckets.list

compute.backendServices.list

compute.firewallPolicies.*

compute.firewallPolicies.cloneRules
compute.firewallPolicies.copyRules
compute.firewallPolicies.create
compute.firewallPolicies.createTagBinding
compute.firewallPolicies.delete
compute.firewallPolicies.deleteTagBinding
compute.firewallPolicies.get
compute.firewallPolicies.getIamPolicy
compute.firewallPolicies.list
compute.firewallPolicies.listEffectiveTags
compute.firewallPolicies.listTagBindings
compute.firewallPolicies.move
compute.firewallPolicies.setIamPolicy
compute.firewallPolicies.update
compute.firewallPolicies.use

compute.firewalls.*

compute.firewalls.create
compute.firewalls.createTagBinding
compute.firewalls.delete
compute.firewalls.deleteTagBinding
compute.firewalls.get
compute.firewalls.list
compute.firewalls.listEffectiveTags
compute.firewalls.listTagBindings
compute.firewalls.update

compute.globalOperations.get

compute.globalOperations.list

compute.instanceSettings.get

compute.instances.getEffectiveFirewalls

compute.instances.list

compute.instances.setShieldedInstanceIntegrityPolicy

compute.instances.setShieldedVmIntegrityPolicy

compute.instances.updateSecurity

compute.instances.updateShieldedInstanceConfig

compute.instances.updateShieldedVmConfig

compute.networks.get

compute.networks.getEffectiveFirewalls

compute.networks.getRegionEffectiveFirewalls

compute.networks.list

compute.networks.listEffectiveTags

compute.networks.listTagBindings

compute.networks.updatePolicy

compute.packetMirrorings.*

compute.packetMirrorings.create
compute.packetMirrorings.createTagBinding
compute.packetMirrorings.delete
compute.packetMirrorings.deleteTagBinding
compute.packetMirrorings.get
compute.packetMirrorings.list
compute.packetMirrorings.listEffectiveTags
compute.packetMirrorings.listTagBindings
compute.packetMirrorings.update

compute.projects.get

compute.regionBackendBuckets.list

compute.regionBackendServices.list

compute.regionFirewallPolicies.*

compute.regionFirewallPolicies.cloneRules
compute.regionFirewallPolicies.create
compute.regionFirewallPolicies.createTagBinding
compute.regionFirewallPolicies.delete
compute.regionFirewallPolicies.deleteTagBinding
compute.regionFirewallPolicies.get
compute.regionFirewallPolicies.getIamPolicy
compute.regionFirewallPolicies.list
compute.regionFirewallPolicies.listEffectiveTags
compute.regionFirewallPolicies.listTagBindings
compute.regionFirewallPolicies.setIamPolicy
compute.regionFirewallPolicies.update
compute.regionFirewallPolicies.use

compute.regionOperations.get

compute.regionOperations.list

compute.regionSecurityPolicies.*

compute.regionSecurityPolicies.create
compute.regionSecurityPolicies.createTagBinding
compute.regionSecurityPolicies.delete
compute.regionSecurityPolicies.deleteTagBinding
compute.regionSecurityPolicies.get
compute.regionSecurityPolicies.list
compute.regionSecurityPolicies.listEffectiveTags
compute.regionSecurityPolicies.listTagBindings
compute.regionSecurityPolicies.update
compute.regionSecurityPolicies.use

compute.regionSslCertificates.*

compute.regionSslCertificates.create
compute.regionSslCertificates.createTagBinding
compute.regionSslCertificates.delete
compute.regionSslCertificates.deleteTagBinding
compute.regionSslCertificates.get
compute.regionSslCertificates.list
compute.regionSslCertificates.listEffectiveTags
compute.regionSslCertificates.listTagBindings

compute.regionSslPolicies.*

compute.regionSslPolicies.create
compute.regionSslPolicies.createTagBinding
compute.regionSslPolicies.delete
compute.regionSslPolicies.deleteTagBinding
compute.regionSslPolicies.get
compute.regionSslPolicies.list
compute.regionSslPolicies.listAvailableFeatures
compute.regionSslPolicies.listEffectiveTags
compute.regionSslPolicies.listTagBindings
compute.regionSslPolicies.update
compute.regionSslPolicies.use

compute.regions.*

compute.regions.get
compute.regions.list

compute.routers.get

compute.routers.getRoutePolicy

compute.routers.list

compute.routers.listBgpRoutes

compute.routers.listEffectiveTags

compute.routers.listRoutePolicies

compute.routers.listTagBindings

compute.routes.get

compute.routes.list

compute.routes.listEffectiveTags

compute.routes.listTagBindings

compute.securityPolicies.*

compute.securityPolicies.addAssociation
compute.securityPolicies.copyRules
compute.securityPolicies.create
compute.securityPolicies.createTagBinding
compute.securityPolicies.delete
compute.securityPolicies.deleteTagBinding
compute.securityPolicies.get
compute.securityPolicies.list
compute.securityPolicies.listEffectiveTags
compute.securityPolicies.listTagBindings
compute.securityPolicies.move
compute.securityPolicies.removeAssociation
compute.securityPolicies.setLabels
compute.securityPolicies.update
compute.securityPolicies.use

compute.sslCertificates.*

compute.sslCertificates.create
compute.sslCertificates.createTagBinding
compute.sslCertificates.delete
compute.sslCertificates.deleteTagBinding
compute.sslCertificates.get
compute.sslCertificates.list
compute.sslCertificates.listEffectiveTags
compute.sslCertificates.listTagBindings

compute.sslPolicies.*

compute.sslPolicies.create
compute.sslPolicies.createTagBinding
compute.sslPolicies.delete
compute.sslPolicies.deleteTagBinding
compute.sslPolicies.get
compute.sslPolicies.list
compute.sslPolicies.listAvailableFeatures
compute.sslPolicies.listEffectiveTags
compute.sslPolicies.listTagBindings
compute.sslPolicies.update
compute.sslPolicies.use

compute.subnetworks.get

compute.subnetworks.list

compute.subnetworks.listEffectiveTags

compute.subnetworks.listTagBindings

compute.targetInstances.list

compute.targetPools.list

compute.zoneOperations.get

compute.zoneOperations.list

compute.zones.*

compute.zones.get
compute.zones.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Compute Engine Service Agent

(roles/compute.serviceAgent)

Gives Compute Engine Service Account access to assert service account authority. Includes access to service accounts.

Warning: Do not grant service agent roles to any principals except service agents.

cloudnotifications.activities.list

compute.addresses.use

compute.addresses.useInternal

compute.disks.create

compute.disks.createTagBinding

compute.disks.delete

compute.disks.get

compute.disks.setLabels

compute.disks.use

compute.disks.useReadOnly

compute.forwardingRules.create

compute.forwardingRules.delete

compute.forwardingRules.get

compute.globalOperations.get

compute.healthChecks.create

compute.healthChecks.delete

compute.healthChecks.get

compute.healthChecks.update

compute.images.useReadOnly

compute.instanceGroupManagers.get

compute.instanceTemplates.useReadOnly

compute.instances.attachDisk

compute.instances.create

compute.instances.createTagBinding

compute.instances.delete

compute.instances.detachDisk

compute.instances.get

compute.instances.setDeletionProtection

compute.instances.setLabels

compute.instances.setMetadata

compute.instances.setServiceAccount

compute.instances.setTags

compute.instances.start

compute.instances.stop

compute.instances.update

compute.instances.updateDisplayDevice

compute.instances.use

compute.machineImages.useReadOnly

compute.networkEndpointGroups.attachNetworkEndpoints

compute.networkEndpointGroups.create

compute.networkEndpointGroups.delete

compute.networkEndpointGroups.use

compute.networks.use

compute.networks.useExternalIp

compute.regionBackendServices.create

compute.regionBackendServices.delete

compute.regionBackendServices.get

compute.regionBackendServices.update

compute.regionBackendServices.use

compute.regionOperations.get

compute.resourcePolicies.use

compute.snapshots.useReadOnly

compute.subnetworks.use

compute.subnetworks.useExternalIp

compute.zoneOperations.get

iam.serviceAccounts.actAs

iam.serviceAccounts.getAccessToken

iam.serviceAccounts.getOpenIdToken

iam.serviceAccounts.implicitDelegation

iam.serviceAccounts.signJwt

logging.logEntries.create

monitoring.alertPolicies.get

monitoring.alertPolicies.list

monitoring.alertPolicies.listEffectiveTags

monitoring.alertPolicies.listTagBindings

monitoring.alerts.*

monitoring.alerts.get
monitoring.alerts.list

monitoring.dashboards.get

monitoring.dashboards.list

monitoring.dashboards.listEffectiveTags

monitoring.dashboards.listTagBindings

monitoring.groups.get

monitoring.groups.list

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

monitoring.monitoredResourceDescriptors.get
monitoring.monitoredResourceDescriptors.list

monitoring.notificationChannelDescriptors.*

monitoring.notificationChannelDescriptors.get
monitoring.notificationChannelDescriptors.list

monitoring.notificationChannels.get

monitoring.notificationChannels.list

monitoring.services.get

monitoring.services.list

monitoring.slos.get

monitoring.slos.list

monitoring.snoozes.get

monitoring.snoozes.list

monitoring.timeSeries.list

monitoring.uptimeCheckConfigs.get

monitoring.uptimeCheckConfigs.list

opsconfigmonitoring.resourceMetadata.list

resourcemanager.projects.get

resourcemanager.projects.list

stackdriver.projects.get

stackdriver.resourceMetadata.list

storage.objects.create

storage.objects.get

storage.objects.list

storage.objects.update

Compute Sole Tenant Viewer

(roles/compute.soleTenantViewer)

Permissions to view sole tenancy node groups

compute.nodeGroups.get

compute.nodeGroups.getIamPolicy

compute.nodeGroups.list

compute.nodeTemplates.get

compute.nodeTemplates.getIamPolicy

compute.nodeTemplates.list

compute.nodeTypes.*

compute.nodeTypes.get
compute.nodeTypes.list

Compute Storage Admin

(roles/compute.storageAdmin)

Permissions to create, modify, and delete disks, images, and snapshots.

For example, if your company has someone who manages project images andyou don't want them to have the editor role on the project, then grantthis role to their account on the project.

Lowest-level resources where you can grant this role:

Disk
Image
Snapshot

backupdr.backupPlanAssociations.createForComputeDisk

backupdr.backupPlanAssociations.deleteForComputeDisk

backupdr.backupPlanAssociations.fetchForComputeDisk

backupdr.backupPlanAssociations.getForComputeDisk

backupdr.backupPlanAssociations.triggerBackupForComputeDisk

backupdr.backupPlanAssociations.updateForComputeDisk

backupdr.backupPlans.useForComputeDisk

cloudkms.keyHandles.*

cloudkms.keyHandles.create
cloudkms.keyHandles.get
cloudkms.keyHandles.list

cloudkms.operations.get

cloudkms.projects.showEffectiveAutokeyConfig

compute.diskSettings.*

compute.diskSettings.get
compute.diskSettings.update

compute.diskTypes.*

compute.diskTypes.get
compute.diskTypes.list

compute.disks.*

compute.disks.addResourcePolicies
compute.disks.create
compute.disks.createSnapshot
compute.disks.createTagBinding
compute.disks.delete
compute.disks.deleteTagBinding
compute.disks.get
compute.disks.getIamPolicy
compute.disks.list
compute.disks.listEffectiveTags
compute.disks.listTagBindings
compute.disks.removeResourcePolicies
compute.disks.resize
compute.disks.setIamPolicy
compute.disks.setLabels
compute.disks.startAsyncReplication
compute.disks.stopAsyncReplication
compute.disks.stopGroupAsyncReplication
compute.disks.update
compute.disks.updateKmsKey
compute.disks.use
compute.disks.useReadOnly

compute.globalOperations.get

compute.globalOperations.list

compute.images.*

compute.images.create
compute.images.createTagBinding
compute.images.delete
compute.images.deleteTagBinding
compute.images.deprecate
compute.images.get
compute.images.getFromFamily
compute.images.getIamPolicy
compute.images.list
compute.images.listEffectiveTags
compute.images.listTagBindings
compute.images.setIamPolicy
compute.images.setLabels
compute.images.update
compute.images.useReadOnly

compute.instanceSettings.get

compute.instantSnapshots.*

compute.instantSnapshots.create
compute.instantSnapshots.createTagBinding
compute.instantSnapshots.delete
compute.instantSnapshots.deleteTagBinding
compute.instantSnapshots.export
compute.instantSnapshots.get
compute.instantSnapshots.getIamPolicy
compute.instantSnapshots.list
compute.instantSnapshots.listEffectiveTags
compute.instantSnapshots.listTagBindings
compute.instantSnapshots.setIamPolicy
compute.instantSnapshots.setLabels
compute.instantSnapshots.useReadOnly

compute.licenseCodes.*

compute.licenseCodes.get
compute.licenseCodes.getIamPolicy
compute.licenseCodes.list
compute.licenseCodes.setIamPolicy

compute.licenses.*

compute.licenses.create
compute.licenses.createTagBinding
compute.licenses.delete
compute.licenses.deleteTagBinding
compute.licenses.get
compute.licenses.getIamPolicy
compute.licenses.list
compute.licenses.listEffectiveTags
compute.licenses.listTagBindings
compute.licenses.setIamPolicy
compute.licenses.update

compute.projects.get

compute.regionOperations.get

compute.regionOperations.list

compute.regions.*

compute.regions.get
compute.regions.list

compute.resourcePolicies.*

compute.resourcePolicies.create
compute.resourcePolicies.delete
compute.resourcePolicies.get
compute.resourcePolicies.getIamPolicy
compute.resourcePolicies.list
compute.resourcePolicies.setIamPolicy
compute.resourcePolicies.update
compute.resourcePolicies.use
compute.resourcePolicies.useReadOnly

compute.snapshots.*

compute.snapshots.create
compute.snapshots.createTagBinding
compute.snapshots.delete
compute.snapshots.deleteTagBinding
compute.snapshots.get
compute.snapshots.getIamPolicy
compute.snapshots.list
compute.snapshots.listEffectiveTags
compute.snapshots.listTagBindings
compute.snapshots.setIamPolicy
compute.snapshots.setLabels
compute.snapshots.updateKmsKey
compute.snapshots.useReadOnly

compute.storagePools.*

compute.storagePools.create
compute.storagePools.createTagBinding
compute.storagePools.delete
compute.storagePools.deleteTagBinding
compute.storagePools.get
compute.storagePools.getIamPolicy
compute.storagePools.list
compute.storagePools.listEffectiveTags
compute.storagePools.listTagBindings
compute.storagePools.setIamPolicy
compute.storagePools.update
compute.storagePools.use

compute.zoneOperations.get

compute.zoneOperations.list

compute.zones.*

compute.zones.get
compute.zones.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Compute Viewer

(roles/compute.viewer)

Read-only access to get and list Compute Engine resources, withoutbeing able to read the data stored on them.

For example, an account with this role could inventory all of the disks ina project, but it could not read any of the data on those disks.

Lowest-level resources where you can grant this role:

Disk
Image
Instance
Instance template
Node group
Node template
Snapshot

compute.acceleratorTypes.*

compute.acceleratorTypes.get
compute.acceleratorTypes.list

compute.addresses.get

compute.addresses.list

compute.addresses.listEffectiveTags

compute.addresses.listTagBindings

compute.autoscalers.get

compute.autoscalers.list

compute.backendBuckets.get

compute.backendBuckets.getIamPolicy

compute.backendBuckets.list

compute.backendBuckets.listEffectiveTags

compute.backendBuckets.listTagBindings

compute.backendServices.get

compute.backendServices.getIamPolicy

compute.backendServices.list

compute.backendServices.listEffectiveTags

compute.backendServices.listTagBindings

compute.commitments.get

compute.commitments.list

compute.crossSiteNetworks.get

compute.crossSiteNetworks.list

compute.diskSettings.get

compute.diskTypes.*

compute.diskTypes.get
compute.diskTypes.list

compute.disks.get

compute.disks.getIamPolicy

compute.disks.list

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.externalVpnGateways.get

compute.externalVpnGateways.list

compute.externalVpnGateways.listEffectiveTags

compute.externalVpnGateways.listTagBindings

compute.firewallPolicies.get

compute.firewallPolicies.getIamPolicy

compute.firewallPolicies.list

compute.firewallPolicies.listEffectiveTags

compute.firewallPolicies.listTagBindings

compute.firewalls.get

compute.firewalls.list

compute.firewalls.listEffectiveTags

compute.firewalls.listTagBindings

compute.forwardingRules.get

compute.forwardingRules.list

compute.forwardingRules.listEffectiveTags

compute.forwardingRules.listTagBindings

compute.futureReservations.get

compute.futureReservations.getIamPolicy

compute.futureReservations.list

compute.globalAddresses.get

compute.globalAddresses.list

compute.globalAddresses.listEffectiveTags

compute.globalAddresses.listTagBindings

compute.globalForwardingRules.get

compute.globalForwardingRules.list

compute.globalForwardingRules.listEffectiveTags

compute.globalForwardingRules.listTagBindings

compute.globalNetworkEndpointGroups.get

compute.globalNetworkEndpointGroups.list

compute.globalNetworkEndpointGroups.listEffectiveTags

compute.globalNetworkEndpointGroups.listTagBindings

compute.globalOperations.get

compute.globalOperations.getIamPolicy

compute.globalOperations.list

compute.globalPublicDelegatedPrefixes.get

compute.globalPublicDelegatedPrefixes.list

compute.healthChecks.get

compute.healthChecks.list

compute.healthChecks.listEffectiveTags

compute.healthChecks.listTagBindings

compute.httpHealthChecks.get

compute.httpHealthChecks.list

compute.httpHealthChecks.listEffectiveTags

compute.httpHealthChecks.listTagBindings

compute.httpsHealthChecks.get

compute.httpsHealthChecks.list

compute.httpsHealthChecks.listEffectiveTags

compute.httpsHealthChecks.listTagBindings

compute.images.get

compute.images.getFromFamily

compute.images.getIamPolicy

compute.images.list

compute.images.listEffectiveTags

compute.images.listTagBindings

compute.instanceGroupManagers.get

compute.instanceGroupManagers.list

compute.instanceGroupManagers.listEffectiveTags

compute.instanceGroupManagers.listTagBindings

compute.instanceGroups.get

compute.instanceGroups.list

compute.instanceGroups.listEffectiveTags

compute.instanceGroups.listTagBindings

compute.instanceSettings.get

compute.instanceTemplates.get

compute.instanceTemplates.getIamPolicy

compute.instanceTemplates.list

compute.instances.get

compute.instances.getEffectiveFirewalls

compute.instances.getGuestAttributes

compute.instances.getIamPolicy

compute.instances.getScreenshot

compute.instances.getSerialPortOutput

compute.instances.getShieldedInstanceIdentity

compute.instances.getShieldedVmIdentity

compute.instances.list

compute.instances.listEffectiveTags

compute.instances.listReferrers

compute.instances.listTagBindings

compute.instantSnapshots.get

compute.instantSnapshots.getIamPolicy

compute.instantSnapshots.list

compute.instantSnapshots.listEffectiveTags

compute.instantSnapshots.listTagBindings

compute.interconnectAttachmentGroups.get

compute.interconnectAttachmentGroups.list

compute.interconnectAttachments.get

compute.interconnectAttachments.list

compute.interconnectAttachments.listEffectiveTags

compute.interconnectAttachments.listTagBindings

compute.interconnectGroups.get

compute.interconnectGroups.list

compute.interconnectLocations.*

compute.interconnectLocations.get
compute.interconnectLocations.list

compute.interconnectRemoteLocations.*

compute.interconnectRemoteLocations.get
compute.interconnectRemoteLocations.list

compute.interconnects.get

compute.interconnects.list

compute.interconnects.listEffectiveTags

compute.interconnects.listTagBindings

compute.licenseCodes.get

compute.licenseCodes.getIamPolicy

compute.licenseCodes.list

compute.licenses.get

compute.licenses.getIamPolicy

compute.licenses.list

compute.licenses.listEffectiveTags

compute.licenses.listTagBindings

compute.machineImages.get

compute.machineImages.getIamPolicy

compute.machineImages.list

compute.machineImages.listEffectiveTags

compute.machineImages.listTagBindings

compute.machineTypes.*

compute.machineTypes.get
compute.machineTypes.list

compute.multiMig.get

compute.multiMig.list

compute.multiMigMembers.*

compute.multiMigMembers.get
compute.multiMigMembers.list

compute.networkAttachments.get

compute.networkAttachments.getIamPolicy

compute.networkAttachments.list

compute.networkAttachments.listEffectiveTags

compute.networkAttachments.listTagBindings

compute.networkEdgeSecurityServices.get

compute.networkEdgeSecurityServices.list

compute.networkEdgeSecurityServices.listEffectiveTags

compute.networkEdgeSecurityServices.listTagBindings

compute.networkEndpointGroups.get

compute.networkEndpointGroups.list

compute.networkEndpointGroups.listEffectiveTags

compute.networkEndpointGroups.listTagBindings

compute.networkProfiles.*

compute.networkProfiles.get
compute.networkProfiles.list

compute.networks.get

compute.networks.getEffectiveFirewalls

compute.networks.getRegionEffectiveFirewalls

compute.networks.list

compute.networks.listEffectiveTags

compute.networks.listPeeringRoutes

compute.networks.listTagBindings

compute.nodeGroups.get

compute.nodeGroups.getIamPolicy

compute.nodeGroups.list

compute.nodeTemplates.get

compute.nodeTemplates.getIamPolicy

compute.nodeTemplates.list

compute.nodeTypes.*

compute.nodeTypes.get
compute.nodeTypes.list

compute.organizations.listAssociations

compute.packetMirrorings.get

compute.packetMirrorings.list

compute.packetMirrorings.listEffectiveTags

compute.packetMirrorings.listTagBindings

compute.previewFeatures.get

compute.previewFeatures.list

compute.projects.get

compute.publicAdvertisedPrefixes.get

compute.publicAdvertisedPrefixes.list

compute.publicDelegatedPrefixes.get

compute.publicDelegatedPrefixes.list

compute.publicDelegatedPrefixes.listEffectiveTags

compute.publicDelegatedPrefixes.listTagBindings

compute.regionBackendBuckets.get

compute.regionBackendBuckets.getIamPolicy

compute.regionBackendBuckets.list

compute.regionBackendBuckets.listEffectiveTags

compute.regionBackendBuckets.listTagBindings

compute.regionBackendServices.get

compute.regionBackendServices.getIamPolicy

compute.regionBackendServices.list

compute.regionBackendServices.listEffectiveTags

compute.regionBackendServices.listTagBindings

compute.regionCompositeHealthChecks.get

compute.regionCompositeHealthChecks.list

compute.regionFirewallPolicies.get

compute.regionFirewallPolicies.getIamPolicy

compute.regionFirewallPolicies.list

compute.regionFirewallPolicies.listEffectiveTags

compute.regionFirewallPolicies.listTagBindings

compute.regionHealthAggregationPolicies.get

compute.regionHealthAggregationPolicies.list

compute.regionHealthCheckServices.get

compute.regionHealthCheckServices.list

compute.regionHealthChecks.get

compute.regionHealthChecks.list

compute.regionHealthChecks.listEffectiveTags

compute.regionHealthChecks.listTagBindings

compute.regionHealthSources.get

compute.regionHealthSources.list

compute.regionNetworkEndpointGroups.get

compute.regionNetworkEndpointGroups.list

compute.regionNetworkEndpointGroups.listEffectiveTags

compute.regionNetworkEndpointGroups.listTagBindings

compute.regionNetworkPolicies.get

compute.regionNetworkPolicies.list

compute.regionNotificationEndpoints.get

compute.regionNotificationEndpoints.list

compute.regionOperations.get

compute.regionOperations.getIamPolicy

compute.regionOperations.list

compute.regionSecurityPolicies.get

compute.regionSecurityPolicies.list

compute.regionSecurityPolicies.listEffectiveTags

compute.regionSecurityPolicies.listTagBindings

compute.regionSslCertificates.get

compute.regionSslCertificates.list

compute.regionSslCertificates.listEffectiveTags

compute.regionSslCertificates.listTagBindings

compute.regionSslPolicies.get

compute.regionSslPolicies.list

compute.regionSslPolicies.listAvailableFeatures

compute.regionSslPolicies.listEffectiveTags

compute.regionSslPolicies.listTagBindings

compute.regionTargetHttpProxies.get

compute.regionTargetHttpProxies.list

compute.regionTargetHttpProxies.listEffectiveTags

compute.regionTargetHttpProxies.listTagBindings

compute.regionTargetHttpsProxies.get

compute.regionTargetHttpsProxies.list

compute.regionTargetHttpsProxies.listEffectiveTags

compute.regionTargetHttpsProxies.listTagBindings

compute.regionTargetTcpProxies.get

compute.regionTargetTcpProxies.list

compute.regionTargetTcpProxies.listEffectiveTags

compute.regionTargetTcpProxies.listTagBindings

compute.regionUrlMaps.get

compute.regionUrlMaps.list

compute.regionUrlMaps.listEffectiveTags

compute.regionUrlMaps.listTagBindings

compute.regionUrlMaps.validate

compute.regions.*

compute.regions.get
compute.regions.list

compute.reservationBlocks.get

compute.reservationBlocks.list

compute.reservationSubBlocks.get

compute.reservationSubBlocks.list

compute.reservations.get

compute.reservations.list

compute.resourcePolicies.get

compute.resourcePolicies.getIamPolicy

compute.resourcePolicies.list

compute.rolloutPlans.get

compute.rolloutPlans.list

compute.rollouts.get

compute.rollouts.list

compute.routers.get

compute.routers.getRoutePolicy

compute.routers.list

compute.routers.listBgpRoutes

compute.routers.listEffectiveTags

compute.routers.listRoutePolicies

compute.routers.listTagBindings

compute.routes.get

compute.routes.list

compute.routes.listEffectiveTags

compute.routes.listTagBindings

compute.securityPolicies.get

compute.securityPolicies.list

compute.securityPolicies.listEffectiveTags

compute.securityPolicies.listTagBindings

compute.serviceAttachments.get

compute.serviceAttachments.getIamPolicy

compute.serviceAttachments.list

compute.serviceAttachments.listEffectiveTags

compute.serviceAttachments.listTagBindings

compute.snapshotSettings.get

compute.snapshots.get

compute.snapshots.getIamPolicy

compute.snapshots.list

compute.snapshots.listEffectiveTags

compute.snapshots.listTagBindings

compute.spotAssistants.get

compute.sslCertificates.get

compute.sslCertificates.list

compute.sslCertificates.listEffectiveTags

compute.sslCertificates.listTagBindings

compute.sslPolicies.get

compute.sslPolicies.list

compute.sslPolicies.listAvailableFeatures

compute.sslPolicies.listEffectiveTags

compute.sslPolicies.listTagBindings

compute.storagePools.get

compute.storagePools.getIamPolicy

compute.storagePools.list

compute.storagePools.listEffectiveTags

compute.storagePools.listTagBindings

compute.subnetworks.get

compute.subnetworks.getIamPolicy

compute.subnetworks.list

compute.subnetworks.listEffectiveTags

compute.subnetworks.listTagBindings

compute.targetGrpcProxies.get

compute.targetGrpcProxies.list

compute.targetGrpcProxies.listEffectiveTags

compute.targetGrpcProxies.listTagBindings

compute.targetHttpProxies.get

compute.targetHttpProxies.list

compute.targetHttpProxies.listEffectiveTags

compute.targetHttpProxies.listTagBindings

compute.targetHttpsProxies.get

compute.targetHttpsProxies.list

compute.targetHttpsProxies.listEffectiveTags

compute.targetHttpsProxies.listTagBindings

compute.targetInstances.get

compute.targetInstances.list

compute.targetInstances.listEffectiveTags

compute.targetInstances.listTagBindings

compute.targetPools.get

compute.targetPools.list

compute.targetPools.listEffectiveTags

compute.targetPools.listTagBindings

compute.targetSslProxies.get

compute.targetSslProxies.list

compute.targetSslProxies.listEffectiveTags

compute.targetSslProxies.listTagBindings

compute.targetTcpProxies.get

compute.targetTcpProxies.list

compute.targetTcpProxies.listEffectiveTags

compute.targetTcpProxies.listTagBindings

compute.targetVpnGateways.get

compute.targetVpnGateways.list

compute.targetVpnGateways.listEffectiveTags

compute.targetVpnGateways.listTagBindings

compute.urlMaps.get

compute.urlMaps.list

compute.urlMaps.listEffectiveTags

compute.urlMaps.listTagBindings

compute.urlMaps.validate

compute.vmExtensionPolicies.get

compute.vmExtensionPolicies.list

compute.vpnGateways.get

compute.vpnGateways.list

compute.vpnGateways.listEffectiveTags

compute.vpnGateways.listTagBindings

compute.vpnTunnels.get

compute.vpnTunnels.list

compute.vpnTunnels.listEffectiveTags

compute.vpnTunnels.listTagBindings

compute.wireGroups.get

compute.wireGroups.list

compute.zoneOperations.get

compute.zoneOperations.getIamPolicy

compute.zoneOperations.list

compute.zones.*

compute.zones.get
compute.zones.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Compute VM extension policy admin^Beta

(roles/compute.vmExtensionPolicyAdmin)

Administer zone/global VM extension policies.

compute.instances.get

compute.instances.list

compute.instances.setLabels

compute.instances.setTags

compute.rolloutPlans.*

compute.rolloutPlans.create
compute.rolloutPlans.delete
compute.rolloutPlans.get
compute.rolloutPlans.list

compute.rollouts.*

compute.rollouts.cancel
compute.rollouts.delete
compute.rollouts.get
compute.rollouts.list

compute.vmExtensionPolicies.*

compute.vmExtensionPolicies.create
compute.vmExtensionPolicies.delete
compute.vmExtensionPolicies.get
compute.vmExtensionPolicies.list
compute.vmExtensionPolicies.update

resourcemanager.projects.get

resourcemanager.projects.list

Compute VM extension policy viewer^Beta

(roles/compute.vmExtensionPolicyViewer)

View zone/global VM extension policies.

compute.instances.get

compute.instances.list

compute.rolloutPlans.get

compute.rolloutPlans.list

compute.rollouts.get

compute.rollouts.list

compute.vmExtensionPolicies.get

compute.vmExtensionPolicies.list

resourcemanager.projects.get

resourcemanager.projects.list

Compute Shared VPC Admin

(roles/compute.xpnAdmin)

Permissions to administershared VPC host projects,specifically enabling the host projects and associating shared VPC service projects to the hostproject's network.

At the organization level, this role can only be granted by an organization admin.

Google Cloud recommends that the Shared VPC Admin be the owner of the shared VPC host project. TheShared VPC Admin is responsible for granting the Compute Network User role(roles/compute.networkUser) to service owners, and the shared VPC host project ownercontrols the project itself. Managing the project is easier if a single principal (individual orgroup) can fulfill both roles.

Lowest-level resources where you can grant this role:

Folder

compute.globalOperations.get

compute.globalOperations.list

compute.organizations.disableXpnHost

compute.organizations.disableXpnResource

compute.organizations.enableXpnHost

compute.organizations.enableXpnResource

compute.projects.get

compute.subnetworks.getIamPolicy

compute.subnetworks.setIamPolicy

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

resourcemanager.projects.list

Compute Engine permissions

Permission	Included in roles
`compute.acceleratorTypes.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Cloud Workstations Admin (`roles/workstations.admin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.acceleratorTypes.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Future Reservation Admin (`roles/compute.futureReservationAdmin`) Compute Future Reservation User (`roles/compute.futureReservationUser`) Compute Future Reservation Viewer (`roles/compute.futureReservationViewer`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Workload Manager Admin (`roles/workloadmanager.admin`) Workload Manager Deployment Admin (`roles/workloadmanager.deploymentAdmin`) Cloud Workstations Admin (`roles/workstations.admin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.addresses.create`	Owner (`roles/owner`) Editor (`roles/editor`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) Cloud Workstations Network Admin (`roles/workstations.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Managed Kafka Service Agent (`roles/managedkafka.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`)
`compute.addresses.createInternal`	Owner (`roles/owner`) Editor (`roles/editor`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Peer Subnet Migration Admin (`roles/compute.peerSubnetMigrationAdmin`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) TPU Shared VPC Agent (`roles/tpu.xpnAgent`) Cloud Workstations Network Admin (`roles/workstations.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Managed Kafka Service Agent (`roles/managedkafka.serviceAgent`) Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`)
`compute.addresses.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.addresses.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) Cloud Workstations Network Admin (`roles/workstations.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Managed Kafka Service Agent (`roles/managedkafka.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`)
`compute.addresses.deleteInternal`	Owner (`roles/owner`) Editor (`roles/editor`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Peer Subnet Migration Admin (`roles/compute.peerSubnetMigrationAdmin`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) TPU Shared VPC Agent (`roles/tpu.xpnAgent`) Cloud Workstations Network Admin (`roles/workstations.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Managed Kafka Service Agent (`roles/managedkafka.serviceAgent`) Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`)
`compute.addresses.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.addresses.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Peer Subnet Migration Admin (`roles/compute.peerSubnetMigrationAdmin`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) TPU Shared VPC Agent (`roles/tpu.xpnAgent`) Cloud Workstations Network Admin (`roles/workstations.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) VM Migration Service Agent (`roles/vmmigration.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Vertex AI Colab Service Agent (`roles/aiplatform.colabServiceAgent`)
`compute.addresses.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Velostrata Manager (`roles/cloudmigration.inframanager`) Web Security Scanner Editor (`roles/cloudsecurityscanner.editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Security Center Admin (`roles/securitycenter.admin`) Security Center Admin Editor (`roles/securitycenter.adminEditor`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) TPU Shared VPC Agent (`roles/tpu.xpnAgent`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Managed Kafka Service Agent (`roles/managedkafka.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) VM Migration Service Agent (`roles/vmmigration.serviceAgent`) Cloud Web Security Scanner Service Agent (`roles/websecurityscanner.serviceAgent`) Vertex AI Colab Service Agent (`roles/aiplatform.colabServiceAgent`)
`compute.addresses.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.addresses.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.addresses.setLabels`	Owner (`roles/owner`) Editor (`roles/editor`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.addresses.use`	Owner (`roles/owner`) Editor (`roles/editor`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Peer Subnet Migration Admin (`roles/compute.peerSubnetMigrationAdmin`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) TPU Shared VPC Agent (`roles/tpu.xpnAgent`) Cloud Workstations Network Admin (`roles/workstations.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Managed Kafka Service Agent (`roles/managedkafka.serviceAgent`) Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) VM Migration Service Agent (`roles/vmmigration.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Vertex AI Colab Service Agent (`roles/aiplatform.colabServiceAgent`)
`compute.addresses.useInternal`	Owner (`roles/owner`) Editor (`roles/editor`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) TPU Shared VPC Agent (`roles/tpu.xpnAgent`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Managed Kafka Service Agent (`roles/managedkafka.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) VM Migration Service Agent (`roles/vmmigration.serviceAgent`) Vertex AI Colab Service Agent (`roles/aiplatform.colabServiceAgent`)
`compute.advice.calendarMode`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Future Reservation Admin (`roles/compute.futureReservationAdmin`) Compute Future Reservation User (`roles/compute.futureReservationUser`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.autoscalers.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Dataproc Metastore Managed Migration Admin (`roles/metastore.migrationAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.autoscalers.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Dataproc Metastore Managed Migration Admin (`roles/metastore.migrationAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.autoscalers.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.autoscalers.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Security Compliance Service Agent (`roles/cloudsecuritycompliance.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) Audit Manager Auditing Service Agent (`roles/auditmanager.serviceAgent`)
`compute.autoscalers.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.backendBuckets.addSignedUrlKey`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.backendBuckets.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.backendBuckets.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.backendBuckets.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.backendBuckets.deleteSignedUrlKey`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.backendBuckets.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.backendBuckets.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Load Balancer Services User (`roles/compute.loadBalancerServiceUser`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.backendBuckets.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.backendBuckets.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Load Balancer Services User (`roles/compute.loadBalancerServiceUser`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.backendBuckets.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Load Balancer Services User (`roles/compute.loadBalancerServiceUser`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.backendBuckets.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Load Balancer Services User (`roles/compute.loadBalancerServiceUser`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.backendBuckets.setIamPolicy`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.backendBuckets.setSecurityPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.backendBuckets.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.backendBuckets.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Load Balancer Services User (`roles/compute.loadBalancerServiceUser`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.backendServices.addSignedUrlKey`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.backendServices.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. APIM API Discovery Service Agent (`roles/apim.apiDiscoveryServiceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`)
`compute.backendServices.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.backendServices.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. APIM API Discovery Service Agent (`roles/apim.apiDiscoveryServiceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`)
`compute.backendServices.deleteSignedUrlKey`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.backendServices.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.backendServices.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Load Balancer Services User (`roles/compute.loadBalancerServiceUser`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. APIM API Discovery Service Agent (`roles/apim.apiDiscoveryServiceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Serverless Integrations Service Agent (`roles/runapps.serviceAgent`) Cloud Web Security Scanner Service Agent (`roles/websecurityscanner.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`)
`compute.backendServices.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.backendServices.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Load Balancer Services User (`roles/compute.loadBalancerServiceUser`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. APIM API Discovery Service Agent (`roles/apim.apiDiscoveryServiceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Audit Manager Auditing Service Agent (`roles/auditmanager.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Security Compliance Service Agent (`roles/cloudsecuritycompliance.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Cloud Firewall Insights Service Agent (`roles/firewallinsights.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Serverless Integrations Service Agent (`roles/runapps.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`)
`compute.backendServices.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Load Balancer Services User (`roles/compute.loadBalancerServiceUser`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.backendServices.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Load Balancer Services User (`roles/compute.loadBalancerServiceUser`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.backendServices.setIamPolicy`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.backendServices.setSecurityPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.backendServices.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. APIM API Discovery Service Agent (`roles/apim.apiDiscoveryServiceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`)
`compute.backendServices.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Load Balancer Services User (`roles/compute.loadBalancerServiceUser`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. APIM API Discovery Service Agent (`roles/apim.apiDiscoveryServiceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`)
`compute.commitments.create`	Owner (`roles/owner`) Editor (`roles/editor`) Billing Account Administrator (`roles/billing.admin`) Compute Admin (`roles/compute.admin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.commitments.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Billing Account Administrator (`roles/billing.admin`) Compute Admin (`roles/compute.admin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`)
`compute.commitments.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Billing Account Administrator (`roles/billing.admin`) Compute Admin (`roles/compute.admin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`)
`compute.commitments.update`	Owner (`roles/owner`) Editor (`roles/editor`) Billing Account Administrator (`roles/billing.admin`) Compute Admin (`roles/compute.admin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.commitments.updateReservations`	Owner (`roles/owner`) Editor (`roles/editor`) Billing Account Administrator (`roles/billing.admin`) Compute Admin (`roles/compute.admin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.crossSiteNetworks.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.crossSiteNetworks.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.crossSiteNetworks.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.crossSiteNetworks.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.crossSiteNetworks.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.diskSettings.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.diskSettings.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.diskTypes.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`)
`compute.diskTypes.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Workload Manager Admin (`roles/workloadmanager.admin`) Workload Manager Deployment Admin (`roles/workloadmanager.deploymentAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`)
`compute.disks.addResourcePolicies`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.disks.create`	Owner (`roles/owner`) Editor (`roles/editor`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Backup and DR Disk Operator (`roles/backupdr.diskOperator`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Dataproc Metastore Managed Migration Admin (`roles/metastore.migrationAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Backup for GKE Service Agent (`roles/gkebackup.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud Spanner API Service Agent (`roles/spanner.serviceAgent`) VM Migration Service Agent (`roles/vmmigration.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Vertex AI Colab Service Agent (`roles/aiplatform.colabServiceAgent`)
`compute.disks.createSnapshot`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Backup and DR Disk Operator (`roles/backupdr.diskOperator`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Backup for GKE Service Agent (`roles/gkebackup.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) VM Migration Service Agent (`roles/vmmigration.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Vertex AI Colab Service Agent (`roles/aiplatform.colabServiceAgent`)
`compute.disks.createTagBinding`	Owner (`roles/owner`) Backup and DR Disk Operator (`roles/backupdr.diskOperator`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud Spanner API Service Agent (`roles/spanner.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Vertex AI Colab Service Agent (`roles/aiplatform.colabServiceAgent`)
`compute.disks.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Dataproc Metastore Managed Migration Admin (`roles/metastore.migrationAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) VM Migration Service Agent (`roles/vmmigration.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Vertex AI Colab Service Agent (`roles/aiplatform.colabServiceAgent`)
`compute.disks.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.disks.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Backup and DR Disk Operator (`roles/backupdr.diskOperator`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Backup for GKE Service Agent (`roles/gkebackup.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) VM Migration Service Agent (`roles/vmmigration.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Vertex AI Colab Service Agent (`roles/aiplatform.colabServiceAgent`)
`compute.disks.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.disks.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Backup and DR Disk Operator (`roles/backupdr.diskOperator`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Audit Manager Auditing Service Agent (`roles/auditmanager.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Security Compliance Service Agent (`roles/cloudsecuritycompliance.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Backup for GKE Service Agent (`roles/gkebackup.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.disks.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute OS Admin Login (`roles/compute.osAdminLogin`) Compute OS Login (`roles/compute.osLogin`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Dev Ops (`roles/iam.devOps`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.disks.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute OS Admin Login (`roles/compute.osAdminLogin`) Compute OS Login (`roles/compute.osLogin`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Dev Ops (`roles/iam.devOps`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.disks.removeResourcePolicies`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.disks.resize`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.disks.setIamPolicy`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.disks.setLabels`	Owner (`roles/owner`) Editor (`roles/editor`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Backup and DR Disk Operator (`roles/backupdr.diskOperator`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Backup for GKE Service Agent (`roles/gkebackup.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) VM Migration Service Agent (`roles/vmmigration.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Vertex AI Colab Service Agent (`roles/aiplatform.colabServiceAgent`)
`compute.disks.startAsyncReplication`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.disks.stopAsyncReplication`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.disks.stopGroupAsyncReplication`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.disks.update`	Owner (`roles/owner`) Editor (`roles/editor`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.disks.updateKmsKey`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.disks.use`	Owner (`roles/owner`) Editor (`roles/editor`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud Spanner API Service Agent (`roles/spanner.serviceAgent`) VM Migration Service Agent (`roles/vmmigration.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Vertex AI Colab Service Agent (`roles/aiplatform.colabServiceAgent`)
`compute.disks.useReadOnly`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Backup and DR Disk Operator (`roles/backupdr.diskOperator`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Backup for GKE Service Agent (`roles/gkebackup.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Security Center Control Service Agent (`roles/securitycenter.controlServiceAgent`) Security Center Service Agent (`roles/securitycenter.serviceAgent`) VM Migration Service Agent (`roles/vmmigration.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Vertex AI Colab Service Agent (`roles/aiplatform.colabServiceAgent`)
`compute.externalVpnGateways.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Edge Container Service Agent (`roles/edgecontainer.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.externalVpnGateways.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.externalVpnGateways.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Edge Container Service Agent (`roles/edgecontainer.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.externalVpnGateways.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.externalVpnGateways.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Edge Container Service Agent (`roles/edgecontainer.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.externalVpnGateways.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.externalVpnGateways.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.externalVpnGateways.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.externalVpnGateways.setLabels`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.externalVpnGateways.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Edge Container Service Agent (`roles/edgecontainer.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.firewallPolicies.cloneRules`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Organization Firewall Policy Admin (`roles/compute.orgFirewallPolicyAdmin`) Compute Organization Security Policy Admin (`roles/compute.orgSecurityPolicyAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.firewallPolicies.copyRules`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Organization Firewall Policy Admin (`roles/compute.orgFirewallPolicyAdmin`) Compute Organization Security Policy Admin (`roles/compute.orgSecurityPolicyAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.firewallPolicies.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Organization Firewall Policy Admin (`roles/compute.orgFirewallPolicyAdmin`) Compute Organization Security Policy Admin (`roles/compute.orgSecurityPolicyAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.firewallPolicies.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Organization Firewall Policy Admin (`roles/compute.orgFirewallPolicyAdmin`) Compute Organization Security Policy Admin (`roles/compute.orgSecurityPolicyAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.firewallPolicies.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Organization Firewall Policy Admin (`roles/compute.orgFirewallPolicyAdmin`) Compute Organization Security Policy Admin (`roles/compute.orgSecurityPolicyAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.firewallPolicies.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Organization Firewall Policy Admin (`roles/compute.orgFirewallPolicyAdmin`) Compute Organization Security Policy Admin (`roles/compute.orgSecurityPolicyAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.firewallPolicies.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Organization Firewall Policy Admin (`roles/compute.orgFirewallPolicyAdmin`) Compute Organization Firewall Policy User (`roles/compute.orgFirewallPolicyUser`) Compute Organization Security Policy Admin (`roles/compute.orgSecurityPolicyAdmin`) Compute Organization Security Policy User (`roles/compute.orgSecurityPolicyUser`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.firewallPolicies.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Organization Firewall Policy Admin (`roles/compute.orgFirewallPolicyAdmin`) Compute Organization Security Policy Admin (`roles/compute.orgSecurityPolicyAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataprep Service Agent (`roles/dataprep.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.firewallPolicies.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Organization Firewall Policy Admin (`roles/compute.orgFirewallPolicyAdmin`) Compute Organization Firewall Policy User (`roles/compute.orgFirewallPolicyUser`) Compute Organization Security Policy Admin (`roles/compute.orgSecurityPolicyAdmin`) Compute Organization Security Policy User (`roles/compute.orgSecurityPolicyUser`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Security Compliance Service Agent (`roles/cloudsecuritycompliance.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Audit Manager Auditing Service Agent (`roles/auditmanager.serviceAgent`)
`compute.firewallPolicies.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Organization Firewall Policy Admin (`roles/compute.orgFirewallPolicyAdmin`) Compute Organization Firewall Policy User (`roles/compute.orgFirewallPolicyUser`) Compute Organization Security Policy Admin (`roles/compute.orgSecurityPolicyAdmin`) Compute Organization Security Policy User (`roles/compute.orgSecurityPolicyUser`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.firewallPolicies.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Organization Firewall Policy Admin (`roles/compute.orgFirewallPolicyAdmin`) Compute Organization Firewall Policy User (`roles/compute.orgFirewallPolicyUser`) Compute Organization Security Policy Admin (`roles/compute.orgSecurityPolicyAdmin`) Compute Organization Security Policy User (`roles/compute.orgSecurityPolicyUser`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.firewallPolicies.move`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Organization Firewall Policy Admin (`roles/compute.orgFirewallPolicyAdmin`) Compute Organization Security Policy Admin (`roles/compute.orgSecurityPolicyAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.firewallPolicies.setIamPolicy`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Organization Firewall Policy Admin (`roles/compute.orgFirewallPolicyAdmin`) Compute Organization Security Policy Admin (`roles/compute.orgSecurityPolicyAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.firewallPolicies.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Organization Firewall Policy Admin (`roles/compute.orgFirewallPolicyAdmin`) Compute Organization Security Policy Admin (`roles/compute.orgSecurityPolicyAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.firewallPolicies.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Organization Firewall Policy Admin (`roles/compute.orgFirewallPolicyAdmin`) Compute Organization Firewall Policy User (`roles/compute.orgFirewallPolicyUser`) Compute Organization Security Policy Admin (`roles/compute.orgSecurityPolicyAdmin`) Compute Organization Security Policy User (`roles/compute.orgSecurityPolicyUser`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.firewalls.create`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Build Integrations Owner (`roles/cloudbuild.integrationsOwner`) Compute Admin (`roles/compute.admin`) Compute Security Admin (`roles/compute.securityAdmin`) Dev Ops (`roles/iam.devOps`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) TPU Shared VPC Agent (`roles/tpu.xpnAgent`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`)
`compute.firewalls.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Security Admin (`roles/compute.securityAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.firewalls.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) TPU Shared VPC Agent (`roles/tpu.xpnAgent`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`)
`compute.firewalls.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Security Admin (`roles/compute.securityAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.firewalls.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Build Integrations Owner (`roles/cloudbuild.integrationsOwner`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Kubernetes Engine Host Service Agent User (`roles/container.hostServiceAgentUser`) Databases Admin (`roles/iam.databasesAdmin`) Dev Ops (`roles/iam.devOps`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) TPU Shared VPC Agent (`roles/tpu.xpnAgent`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Chronicle SOAR Service Agent (`roles/chronicle.soarServiceAgent`) Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud Firewall Insights Service Agent (`roles/firewallinsights.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`)
`compute.firewalls.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Cloud Build Integrations Owner (`roles/cloudbuild.integrationsOwner`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Dev Ops (`roles/iam.devOps`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Audit Manager Auditing Service Agent (`roles/auditmanager.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud Security Compliance Service Agent (`roles/cloudsecuritycompliance.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud Firewall Insights Service Agent (`roles/firewallinsights.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.firewalls.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.firewalls.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.firewalls.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) TPU Shared VPC Agent (`roles/tpu.xpnAgent`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Chronicle SOAR Service Agent (`roles/chronicle.soarServiceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`)
`compute.forwardingRules.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Peer Subnet Migration Admin (`roles/compute.peerSubnetMigrationAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Dataproc Metastore Managed Migration Admin (`roles/metastore.migrationAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Cloud Workstations Network Admin (`roles/workstations.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Managed Kafka Service Agent (`roles/managedkafka.serviceAgent`) Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.forwardingRules.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.forwardingRules.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Peer Subnet Migration Admin (`roles/compute.peerSubnetMigrationAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Dataproc Metastore Managed Migration Admin (`roles/metastore.migrationAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Cloud Workstations Network Admin (`roles/workstations.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Managed Kafka Service Agent (`roles/managedkafka.serviceAgent`) Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.forwardingRules.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.forwardingRules.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Peer Subnet Migration Admin (`roles/compute.peerSubnetMigrationAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Cloud Workstations Network Admin (`roles/workstations.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Mesh Data Plane Service Agent (`roles/meshdataplane.serviceAgent`) Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud Web Security Scanner Service Agent (`roles/websecurityscanner.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.forwardingRules.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Peer Subnet Migration Admin (`roles/compute.peerSubnetMigrationAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Security Compliance Service Agent (`roles/cloudsecuritycompliance.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Cloud Firewall Insights Service Agent (`roles/firewallinsights.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Managed Kafka Service Agent (`roles/managedkafka.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) Network Security Authz Service Agent (`roles/networksecurity.authzServiceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Audit Manager Auditing Service Agent (`roles/auditmanager.serviceAgent`)
`compute.forwardingRules.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.forwardingRules.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.forwardingRules.pscCreate`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Peer Subnet Migration Admin (`roles/compute.peerSubnetMigrationAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Cloud Workstations Network Admin (`roles/workstations.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Managed Kafka Service Agent (`roles/managedkafka.serviceAgent`) Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.forwardingRules.pscDelete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Peer Subnet Migration Admin (`roles/compute.peerSubnetMigrationAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Cloud Workstations Network Admin (`roles/workstations.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Managed Kafka Service Agent (`roles/managedkafka.serviceAgent`) Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.forwardingRules.pscSetLabels`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.forwardingRules.pscUpdate`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Peer Subnet Migration Admin (`roles/compute.peerSubnetMigrationAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.forwardingRules.setLabels`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.forwardingRules.setTarget`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.forwardingRules.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Peer Subnet Migration Admin (`roles/compute.peerSubnetMigrationAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Network Security Authz Service Agent (`roles/networksecurity.authzServiceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.forwardingRules.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Dataproc Metastore Managed Migration Admin (`roles/metastore.migrationAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Database Migration Service Agent (`roles/datamigration.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.futureReservations.cancel`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Future Reservation Admin (`roles/compute.futureReservationAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.futureReservations.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Future Reservation Admin (`roles/compute.futureReservationAdmin`) Compute Future Reservation User (`roles/compute.futureReservationUser`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.futureReservations.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Future Reservation Admin (`roles/compute.futureReservationAdmin`) Compute Future Reservation User (`roles/compute.futureReservationUser`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.futureReservations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Capacity Planner Usage Viewer (`roles/capacityplanner.viewer`) Cloud Hub Operator (`roles/cloudhub.operator`) Compute Admin (`roles/compute.admin`) Compute Future Reservation Admin (`roles/compute.futureReservationAdmin`) Compute Future Reservation User (`roles/compute.futureReservationUser`) Compute Future Reservation Viewer (`roles/compute.futureReservationViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`)
`compute.futureReservations.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`)
`compute.futureReservations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Capacity Planner Usage Viewer (`roles/capacityplanner.viewer`) Cloud Hub Operator (`roles/cloudhub.operator`) Compute Admin (`roles/compute.admin`) Compute Future Reservation Admin (`roles/compute.futureReservationAdmin`) Compute Future Reservation User (`roles/compute.futureReservationUser`) Compute Future Reservation Viewer (`roles/compute.futureReservationViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataprep Service Agent (`roles/dataprep.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.futureReservations.setIamPolicy`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.futureReservations.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Future Reservation Admin (`roles/compute.futureReservationAdmin`) Compute Future Reservation User (`roles/compute.futureReservationUser`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.globalAddresses.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Database Migration Service Agent (`roles/datamigration.serviceAgent`) Datastream Service Agent (`roles/datastream.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.globalAddresses.createInternal`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Database Migration Service Agent (`roles/datamigration.serviceAgent`) Datastream Service Agent (`roles/datastream.serviceAgent`) Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.globalAddresses.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.globalAddresses.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Database Migration Service Agent (`roles/datamigration.serviceAgent`) Datastream Service Agent (`roles/datastream.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.globalAddresses.deleteInternal`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Database Migration Service Agent (`roles/datamigration.serviceAgent`) Datastream Service Agent (`roles/datastream.serviceAgent`) Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.globalAddresses.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.globalAddresses.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Database Migration Service Agent (`roles/datamigration.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Datastream Service Agent (`roles/datastream.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Looker Service Agent (`roles/looker.restrictedServiceAgent`) Looker Service Agent (`roles/looker.serviceAgent`) Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Serverless Integrations Service Agent (`roles/runapps.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.globalAddresses.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Serverless Integrations Service Agent (`roles/runapps.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.globalAddresses.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.globalAddresses.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.globalAddresses.setLabels`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.globalAddresses.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.globalForwardingRules.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.globalForwardingRules.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.globalForwardingRules.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.globalForwardingRules.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.globalForwardingRules.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Mesh Data Plane Service Agent (`roles/meshdataplane.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Serverless Integrations Service Agent (`roles/runapps.serviceAgent`) Cloud Web Security Scanner Service Agent (`roles/websecurityscanner.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.globalForwardingRules.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Security Compliance Service Agent (`roles/cloudsecuritycompliance.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) Network Security Authz Service Agent (`roles/networksecurity.authzServiceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Serverless Integrations Service Agent (`roles/runapps.serviceAgent`) Audit Manager Auditing Service Agent (`roles/auditmanager.serviceAgent`)
`compute.globalForwardingRules.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.globalForwardingRules.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.globalForwardingRules.pscCreate`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.globalForwardingRules.pscDelete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.globalForwardingRules.pscSetLabels`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.globalForwardingRules.pscUpdate`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.globalForwardingRules.setLabels`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.globalForwardingRules.setTarget`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.globalForwardingRules.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Network Security Authz Service Agent (`roles/networksecurity.authzServiceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.globalNetworkEndpointGroups.attachNetworkEndpoints`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud DNS Service Agent (`roles/dns.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`)
`compute.globalNetworkEndpointGroups.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud DNS Service Agent (`roles/dns.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`)
`compute.globalNetworkEndpointGroups.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.globalNetworkEndpointGroups.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud DNS Service Agent (`roles/dns.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`)
`compute.globalNetworkEndpointGroups.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.globalNetworkEndpointGroups.detachNetworkEndpoints`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud DNS Service Agent (`roles/dns.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`)
`compute.globalNetworkEndpointGroups.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud DNS Service Agent (`roles/dns.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`)
`compute.globalNetworkEndpointGroups.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`)
`compute.globalNetworkEndpointGroups.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.globalNetworkEndpointGroups.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.globalNetworkEndpointGroups.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`)
`compute.globalOperations.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.globalOperations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Organization Firewall Policy Admin (`roles/compute.orgFirewallPolicyAdmin`) Compute Organization Firewall Policy User (`roles/compute.orgFirewallPolicyUser`) Compute Organization Security Policy Admin (`roles/compute.orgSecurityPolicyAdmin`) Compute Organization Security Policy User (`roles/compute.orgSecurityPolicyUser`) Compute Organization Resource Admin (`roles/compute.orgSecurityResourceAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) Compute Shared VPC Admin (`roles/compute.xpnAdmin`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) TPU Shared VPC Agent (`roles/tpu.xpnAgent`) Cloud Workstations Network Admin (`roles/workstations.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`) APIM API Discovery Service Agent (`roles/apim.apiDiscoveryServiceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Chronicle SOAR Service Agent (`roles/chronicle.soarServiceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Data Connectors Service Agent (`roles/dataconnectors.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Database Migration Service Agent (`roles/datamigration.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Datastream Service Agent (`roles/datastream.serviceAgent`) Cloud DNS Service Agent (`roles/dns.serviceAgent`) Edge Container Service Agent (`roles/edgecontainer.serviceAgent`) Cloud Filestore Service Agent (`roles/file.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Backup for GKE Service Agent (`roles/gkebackup.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Cloud Memorystore Memcached Service Agent (`roles/memcache.serviceAgent`) Cloud Memorystore Service Agent (`roles/memorystore.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Cloud OS Config Service Agent (`roles/osconfig.serviceAgent`) Cloud Memorystore Redis Service Agent (`roles/redis.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Security Center Control Service Agent (`roles/securitycenter.controlServiceAgent`) Security Health Analytics Service Agent (`roles/securitycenter.securityHealthAnalyticsServiceAgent`) Google Cloud Security Response Service Agent (`roles/securitycenter.securityResponseServiceAgent`) Security Center Service Agent (`roles/securitycenter.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) Cloud TPU API Service Agent (`roles/tpu.serviceAgent`) VM Migration Service Agent (`roles/vmmigration.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Vertex AI Colab Service Agent (`roles/aiplatform.colabServiceAgent`)
`compute.globalOperations.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Organization Firewall Policy Admin (`roles/compute.orgFirewallPolicyAdmin`) Compute Organization Firewall Policy User (`roles/compute.orgFirewallPolicyUser`) Compute Organization Security Policy Admin (`roles/compute.orgSecurityPolicyAdmin`) Compute Organization Security Policy User (`roles/compute.orgSecurityPolicyUser`) Compute Organization Resource Admin (`roles/compute.orgSecurityResourceAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`)
`compute.globalOperations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Organization Firewall Policy Admin (`roles/compute.orgFirewallPolicyAdmin`) Compute Organization Firewall Policy User (`roles/compute.orgFirewallPolicyUser`) Compute Organization Security Policy Admin (`roles/compute.orgSecurityPolicyAdmin`) Compute Organization Security Policy User (`roles/compute.orgSecurityPolicyUser`) Compute Organization Resource Admin (`roles/compute.orgSecurityResourceAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) Compute Shared VPC Admin (`roles/compute.xpnAdmin`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) VM Migration Service Agent (`roles/vmmigration.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.globalOperations.setIamPolicy`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Organization Firewall Policy Admin (`roles/compute.orgFirewallPolicyAdmin`) Compute Organization Security Policy Admin (`roles/compute.orgSecurityPolicyAdmin`) Compute Organization Security Policy User (`roles/compute.orgSecurityPolicyUser`) Compute Organization Resource Admin (`roles/compute.orgSecurityResourceAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.globalPublicDelegatedPrefixes.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.globalPublicDelegatedPrefixes.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.globalPublicDelegatedPrefixes.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.globalPublicDelegatedPrefixes.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.globalPublicDelegatedPrefixes.updatePolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.healthChecks.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`)
`compute.healthChecks.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.healthChecks.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`)
`compute.healthChecks.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.healthChecks.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Cloud DNS Service Agent (`roles/dns.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`)
`compute.healthChecks.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Cloud Firewall Insights Service Agent (`roles/firewallinsights.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`)
`compute.healthChecks.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.healthChecks.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.healthChecks.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`)
`compute.healthChecks.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`)
`compute.healthChecks.useReadOnly`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Support User (`roles/iam.supportUser`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`)
`compute.httpHealthChecks.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.httpHealthChecks.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.httpHealthChecks.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.httpHealthChecks.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.httpHealthChecks.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.httpHealthChecks.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Cloud Firewall Insights Service Agent (`roles/firewallinsights.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.httpHealthChecks.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.httpHealthChecks.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.httpHealthChecks.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.httpHealthChecks.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.httpHealthChecks.useReadOnly`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Support User (`roles/iam.supportUser`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.httpsHealthChecks.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.httpsHealthChecks.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.httpsHealthChecks.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.httpsHealthChecks.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.httpsHealthChecks.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.httpsHealthChecks.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Cloud Firewall Insights Service Agent (`roles/firewallinsights.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.httpsHealthChecks.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.httpsHealthChecks.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.httpsHealthChecks.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.httpsHealthChecks.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.httpsHealthChecks.useReadOnly`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Support User (`roles/iam.supportUser`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.images.create`	Owner (`roles/owner`) Editor (`roles/editor`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) VM Migration Service Agent (`roles/vmmigration.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`)
`compute.images.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.images.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`)
`compute.images.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.images.deprecate`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.images.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Image User (`roles/compute.imageUser`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Backup and DR Service Agent (`roles/backupdr.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) VM Migration Service Agent (`roles/vmmigration.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.images.getFromFamily`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Image User (`roles/compute.imageUser`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.images.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.images.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Image User (`roles/compute.imageUser`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.images.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute OS Admin Login (`roles/compute.osAdminLogin`) Compute OS Login (`roles/compute.osLogin`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Dev Ops (`roles/iam.devOps`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.images.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute OS Admin Login (`roles/compute.osAdminLogin`) Compute OS Login (`roles/compute.osLogin`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Dev Ops (`roles/iam.devOps`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.images.setIamPolicy`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.images.setLabels`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) VM Migration Service Agent (`roles/vmmigration.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.images.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.images.useReadOnly`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Image User (`roles/compute.imageUser`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Backup and DR Service Agent (`roles/backupdr.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) VM Migration Service Agent (`roles/vmmigration.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.instanceGroupManagers.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Dataproc Metastore Managed Migration Admin (`roles/metastore.migrationAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.instanceGroupManagers.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instanceGroupManagers.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Dataproc Metastore Managed Migration Admin (`roles/metastore.migrationAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.instanceGroupManagers.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instanceGroupManagers.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Eventarc Service Agent (`roles/eventarc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) KRM API Hosting AnthosApiEndpoint Service Agent (`roles/krmapihosting.anthosApiEndpointServiceAgent`) KRM API Hosting Service Agent (`roles/krmapihosting.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.instanceGroupManagers.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Security Compliance Service Agent (`roles/cloudsecuritycompliance.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Audit Manager Auditing Service Agent (`roles/auditmanager.serviceAgent`)
`compute.instanceGroupManagers.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instanceGroupManagers.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instanceGroupManagers.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Dataflow Worker (`roles/dataflow.worker`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.instanceGroupManagers.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Dataproc Metastore Managed Migration Admin (`roles/metastore.migrationAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.instanceGroups.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.instanceGroups.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instanceGroups.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Dataproc Metastore Managed Migration Admin (`roles/metastore.migrationAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.instanceGroups.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instanceGroups.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.instanceGroups.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Security Compliance Service Agent (`roles/cloudsecuritycompliance.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud Firewall Insights Service Agent (`roles/firewallinsights.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Audit Manager Auditing Service Agent (`roles/auditmanager.serviceAgent`)
`compute.instanceGroups.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instanceGroups.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instanceGroups.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.instanceGroups.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Dataproc Metastore Managed Migration Admin (`roles/metastore.migrationAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.instanceSettings.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute OS Admin Login (`roles/compute.osAdminLogin`) Compute OS Login (`roles/compute.osLogin`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Dev Ops (`roles/iam.devOps`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Remoting Cloud Service Agent (`roles/remotingcloud.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instanceSettings.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instanceTemplates.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Dataproc Metastore Managed Migration Admin (`roles/metastore.migrationAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.instanceTemplates.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Dataproc Metastore Managed Migration Admin (`roles/metastore.migrationAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.instanceTemplates.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Dataproc Metastore Managed Migration Admin (`roles/metastore.migrationAdmin`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.instanceTemplates.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instanceTemplates.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Future Reservation Admin (`roles/compute.futureReservationAdmin`) Compute Future Reservation User (`roles/compute.futureReservationUser`) Compute Future Reservation Viewer (`roles/compute.futureReservationViewer`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instanceTemplates.setIamPolicy`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.instanceTemplates.useReadOnly`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Dataproc Metastore Managed Migration Admin (`roles/metastore.migrationAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.instances.addAccessConfig`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instances.addNetworkInterface`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instances.addResourcePolicies`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instances.attachDisk`	Owner (`roles/owner`) Editor (`roles/editor`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Vertex AI Colab Service Agent (`roles/aiplatform.colabServiceAgent`)
`compute.instances.create`	Owner (`roles/owner`) Editor (`roles/editor`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Dataproc Metastore Managed Migration Admin (`roles/metastore.migrationAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud Spanner API Service Agent (`roles/spanner.serviceAgent`) VM Migration Service Agent (`roles/vmmigration.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Vertex AI Colab Service Agent (`roles/aiplatform.colabServiceAgent`)
`compute.instances.createTagBinding`	Owner (`roles/owner`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud Spanner API Service Agent (`roles/spanner.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Vertex AI Colab Service Agent (`roles/aiplatform.colabServiceAgent`)
`compute.instances.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Dataflow Worker (`roles/dataflow.worker`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Dataproc Metastore Managed Migration Admin (`roles/metastore.migrationAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud Spanner API Service Agent (`roles/spanner.serviceAgent`) VM Migration Service Agent (`roles/vmmigration.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Vertex AI Colab Service Agent (`roles/aiplatform.colabServiceAgent`)
`compute.instances.deleteAccessConfig`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Chronicle SOAR Service Agent (`roles/chronicle.soarServiceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Cloud Security Response Service Agent (`roles/securitycenter.securityResponseServiceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instances.deleteNetworkInterface`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instances.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instances.detachDisk`	Owner (`roles/owner`) Editor (`roles/editor`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Vertex AI Colab Service Agent (`roles/aiplatform.colabServiceAgent`)
`compute.instances.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute OS Admin Login (`roles/compute.osAdminLogin`) Compute OS Login (`roles/compute.osLogin`) Compute Viewer (`roles/compute.viewer`) Compute VM extension policy admin (`roles/compute.vmExtensionPolicyAdmin`) Compute VM extension policy viewer (`roles/compute.vmExtensionPolicyViewer`) Dataproc Hub Agent (`roles/dataproc.hubAgent`) Databases Admin (`roles/iam.databasesAdmin`) Dev Ops (`roles/iam.devOps`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Dataproc Metastore Managed Migration Admin (`roles/metastore.migrationAdmin`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Audit Manager Auditing Service Agent (`roles/auditmanager.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Chronicle SOAR Service Agent (`roles/chronicle.soarServiceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud Security Compliance Service Agent (`roles/cloudsecuritycompliance.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud Firewall Insights Service Agent (`roles/firewallinsights.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud OS Config Service Agent (`roles/osconfig.serviceAgent`) Remoting Cloud Service Agent (`roles/remotingcloud.serviceAgent`) Security Center Control Service Agent (`roles/securitycenter.controlServiceAgent`) Security Health Analytics Service Agent (`roles/securitycenter.securityHealthAnalyticsServiceAgent`) Google Cloud Security Response Service Agent (`roles/securitycenter.securityResponseServiceAgent`) Security Center Service Agent (`roles/securitycenter.serviceAgent`) Cloud Spanner API Service Agent (`roles/spanner.serviceAgent`) VM Migration Service Agent (`roles/vmmigration.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Vertex AI Colab Service Agent (`roles/aiplatform.colabServiceAgent`)
`compute.instances.getEffectiveFirewalls`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instances.getGuestAttributes`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud OS Config Service Agent (`roles/osconfig.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Vertex AI Colab Service Agent (`roles/aiplatform.colabServiceAgent`)
`compute.instances.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instances.getScreenshot`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instances.getSerialPortOutput`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.instances.getShieldedInstanceIdentity`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instances.getShieldedVmIdentity`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instances.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute OS Admin Login (`roles/compute.osAdminLogin`) Compute OS Login (`roles/compute.osLogin`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Compute VM extension policy admin (`roles/compute.vmExtensionPolicyAdmin`) Compute VM extension policy viewer (`roles/compute.vmExtensionPolicyViewer`) Databases Admin (`roles/iam.databasesAdmin`) Dev Ops (`roles/iam.devOps`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Audit Manager Auditing Service Agent (`roles/auditmanager.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Chronicle SOAR Service Agent (`roles/chronicle.soarServiceAgent`) Cloud Security Compliance Service Agent (`roles/cloudsecuritycompliance.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud Firewall Insights Service Agent (`roles/firewallinsights.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud OS Config Service Agent (`roles/osconfig.serviceAgent`) Security Center Control Service Agent (`roles/securitycenter.controlServiceAgent`) Security Health Analytics Service Agent (`roles/securitycenter.securityHealthAnalyticsServiceAgent`) Security Center Service Agent (`roles/securitycenter.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) Vertex AI Service Agent (`roles/aiplatform.serviceAgent`)
`compute.instances.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute OS Admin Login (`roles/compute.osAdminLogin`) Compute OS Login (`roles/compute.osLogin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Dev Ops (`roles/iam.devOps`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instances.listReferrers`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instances.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute OS Admin Login (`roles/compute.osAdminLogin`) Compute OS Login (`roles/compute.osLogin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Dev Ops (`roles/iam.devOps`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instances.osAdminLogin`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute OS Admin Login (`roles/compute.osAdminLogin`) Dev Ops (`roles/iam.devOps`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instances.osLogin`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute OS Admin Login (`roles/compute.osAdminLogin`) Compute OS Login (`roles/compute.osLogin`) Dev Ops (`roles/iam.devOps`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instances.pscInterfaceCreate`	Owner (`roles/owner`) Editor (`roles/editor`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instances.removeResourcePolicies`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instances.reset`	Owner (`roles/owner`) Editor (`roles/editor`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) Vertex AI Colab Service Agent (`roles/aiplatform.colabServiceAgent`)
`compute.instances.resume`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instances.sendDiagnosticInterrupt`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instances.setDeletionProtection`	Owner (`roles/owner`) Editor (`roles/editor`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instances.setDiskAutoDelete`	Owner (`roles/owner`) Editor (`roles/editor`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Dataflow Worker (`roles/dataflow.worker`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instances.setIamPolicy`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.instances.setLabels`	Owner (`roles/owner`) Editor (`roles/editor`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute VM extension policy admin (`roles/compute.vmExtensionPolicyAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud Spanner API Service Agent (`roles/spanner.serviceAgent`) VM Migration Service Agent (`roles/vmmigration.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Vertex AI Colab Service Agent (`roles/aiplatform.colabServiceAgent`)
`compute.instances.setMachineResources`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instances.setMachineType`	Owner (`roles/owner`) Editor (`roles/editor`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instances.setMetadata`	Owner (`roles/owner`) Editor (`roles/editor`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Dataproc Hub Agent (`roles/dataproc.hubAgent`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Dataproc Metastore Managed Migration Admin (`roles/metastore.migrationAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud OS Config Service Agent (`roles/osconfig.serviceAgent`) Google Cloud Security Response Service Agent (`roles/securitycenter.securityResponseServiceAgent`) Cloud Spanner API Service Agent (`roles/spanner.serviceAgent`) VM Migration Service Agent (`roles/vmmigration.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Vertex AI Colab Service Agent (`roles/aiplatform.colabServiceAgent`)
`compute.instances.setMinCpuPlatform`	Owner (`roles/owner`) Editor (`roles/editor`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instances.setName`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instances.setScheduling`	Owner (`roles/owner`) Editor (`roles/editor`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instances.setSecurityPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instances.setServiceAccount`	Owner (`roles/owner`) Editor (`roles/editor`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud Spanner API Service Agent (`roles/spanner.serviceAgent`) VM Migration Service Agent (`roles/vmmigration.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Vertex AI Colab Service Agent (`roles/aiplatform.colabServiceAgent`)
`compute.instances.setShieldedInstanceIntegrityPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instances.setShieldedVmIntegrityPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instances.setTags`	Owner (`roles/owner`) Editor (`roles/editor`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute VM extension policy admin (`roles/compute.vmExtensionPolicyAdmin`) Dataproc Hub Agent (`roles/dataproc.hubAgent`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) VM Migration Service Agent (`roles/vmmigration.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Vertex AI Colab Service Agent (`roles/aiplatform.colabServiceAgent`)
`compute.instances.simulateMaintenanceEvent`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instances.start`	Owner (`roles/owner`) Editor (`roles/editor`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Dev Ops (`roles/iam.devOps`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) Vertex AI Colab Service Agent (`roles/aiplatform.colabServiceAgent`)
`compute.instances.startWithEncryptionKey`	Owner (`roles/owner`) Editor (`roles/editor`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instances.stop`	Owner (`roles/owner`) Editor (`roles/editor`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Dev Ops (`roles/iam.devOps`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Chronicle SOAR Service Agent (`roles/chronicle.soarServiceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) VM Migration Service Agent (`roles/vmmigration.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) Vertex AI Colab Service Agent (`roles/aiplatform.colabServiceAgent`)
`compute.instances.suspend`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instances.update`	Owner (`roles/owner`) Editor (`roles/editor`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) VM Migration Service Agent (`roles/vmmigration.serviceAgent`) Vertex AI Service Agent (`roles/aiplatform.serviceAgent`)
`compute.instances.updateAccessConfig`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instances.updateDisplayDevice`	Owner (`roles/owner`) Editor (`roles/editor`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instances.updateNetworkInterface`	Owner (`roles/owner`) Editor (`roles/editor`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Chronicle SOAR Service Agent (`roles/chronicle.soarServiceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instances.updateSecurity`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute packet mirroring admin (`roles/compute.packetMirroringAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instances.updateShieldedInstanceConfig`	Owner (`roles/owner`) Editor (`roles/editor`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instances.updateShieldedVmConfig`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instances.use`	Owner (`roles/owner`) Editor (`roles/editor`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`)
`compute.instances.useReadOnly`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) VM Migration Service Agent (`roles/vmmigration.serviceAgent`) Vertex AI Colab Service Agent (`roles/aiplatform.colabServiceAgent`)
`compute.instantSnapshots.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instantSnapshots.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`)
`compute.instantSnapshots.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instantSnapshots.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`)
`compute.instantSnapshots.export`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instantSnapshots.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instantSnapshots.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instantSnapshots.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instantSnapshots.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instantSnapshots.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instantSnapshots.setIamPolicy`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.instantSnapshots.setLabels`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.instantSnapshots.useReadOnly`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.interconnectAttachmentGroups.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.interconnectAttachmentGroups.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.interconnectAttachmentGroups.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Interconnect Attachment Group Analyzer (`roles/compute.interconnectAttachmentGroupAnalyzer`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.interconnectAttachmentGroups.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Interconnect Attachment Group Analyzer (`roles/compute.interconnectAttachmentGroupAnalyzer`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.interconnectAttachmentGroups.patch`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.interconnectAttachments.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.interconnectAttachments.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.interconnectAttachments.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.interconnectAttachments.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.interconnectAttachments.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Interconnect Attachment Group Analyzer (`roles/compute.interconnectAttachmentGroupAnalyzer`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Bare Metal Solution Service Agent (`roles/baremetalsolution.serviceAgent`)
`compute.interconnectAttachments.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Interconnect Attachment Group Analyzer (`roles/compute.interconnectAttachmentGroupAnalyzer`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Bare Metal Solution Service Agent (`roles/baremetalsolution.serviceAgent`)
`compute.interconnectAttachments.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.interconnectAttachments.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.interconnectAttachments.setLabels`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.interconnectAttachments.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.interconnectAttachments.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.interconnectGroups.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.interconnectGroups.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.interconnectGroups.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Interconnect Group Analyzer (`roles/compute.interconnectGroupAnalyzer`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.interconnectGroups.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Interconnect Group Analyzer (`roles/compute.interconnectGroupAnalyzer`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.interconnectGroups.patch`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.interconnectLocations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.interconnectLocations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.interconnectRemoteLocations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.interconnectRemoteLocations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.interconnects.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.interconnects.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.interconnects.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.interconnects.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.interconnects.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Interconnect Group Analyzer (`roles/compute.interconnectGroupAnalyzer`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Bare Metal Solution Service Agent (`roles/baremetalsolution.serviceAgent`)
`compute.interconnects.getMacsecConfig`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.interconnects.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Interconnect Group Analyzer (`roles/compute.interconnectGroupAnalyzer`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Bare Metal Solution Service Agent (`roles/baremetalsolution.serviceAgent`)
`compute.interconnects.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.interconnects.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.interconnects.setLabels`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.interconnects.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.interconnects.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.licenseCodes.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.licenseCodes.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.licenseCodes.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.licenseCodes.setIamPolicy`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.licenses.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.licenses.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`)
`compute.licenses.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.licenses.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`)
`compute.licenses.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.licenses.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.licenses.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.licenses.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.licenses.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.licenses.setIamPolicy`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.licenses.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.machineImages.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) VM Migration Service Agent (`roles/vmmigration.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.machineImages.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`compute.machineImages.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.machineImages.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`)
`compute.machineImages.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) VM Migration Service Agent (`roles/vmmigration.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.machineImages.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.machineImages.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.machineImages.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.machineImages.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.machineImages.setIamPolicy`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.machineImages.setLabels`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.machineImages.useReadOnly`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.machineTypes.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Dataflow Admin (`roles/dataflow.admin`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Viewer (`roles/dataproc.viewer`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) ML Engineer (`roles/iam.mlEngineer`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Cloud Workstations Admin (`roles/workstations.admin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Datapipelines Service Agent (`roles/datapipelines.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud Vision AI Service Agent (`roles/visionai.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) Vertex AI Service Agent (`roles/aiplatform.serviceAgent`)
`compute.machineTypes.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Future Reservation Admin (`roles/compute.futureReservationAdmin`) Compute Future Reservation User (`roles/compute.futureReservationUser`) Compute Future Reservation Viewer (`roles/compute.futureReservationViewer`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) ML Engineer (`roles/iam.mlEngineer`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Dataproc Metastore Managed Migration Admin (`roles/metastore.migrationAdmin`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Workload Manager Admin (`roles/workloadmanager.admin`) Workload Manager Deployment Admin (`roles/workloadmanager.deploymentAdmin`) Cloud Workstations Admin (`roles/workstations.admin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) VM Migration Service Agent (`roles/vmmigration.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`)
`compute.multiMig.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.multiMig.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.multiMig.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.multiMig.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.multiMigMembers.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`)
`compute.multiMigMembers.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`)
`compute.networkAttachments.create`	Owner (`roles/owner`) Editor (`roles/editor`) Composer Shared VPC Agent (`roles/composer.sharedVpcAgent`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Managed Flink Service Agent (`roles/managedflink.serviceAgent`) Managed Kafka Service Agent (`roles/managedkafka.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.networkAttachments.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.networkAttachments.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Composer Shared VPC Agent (`roles/composer.sharedVpcAgent`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Managed Flink Service Agent (`roles/managedflink.serviceAgent`) Managed Kafka Service Agent (`roles/managedkafka.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.networkAttachments.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.networkAttachments.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Composer Shared VPC Agent (`roles/composer.sharedVpcAgent`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. BigQuery Data Transfer Service Agent (`roles/bigquerydatatransfer.serviceAgent`) Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Database Migration Service Agent (`roles/datamigration.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Datastream Service Agent (`roles/datastream.serviceAgent`) Eventarc Service Agent (`roles/eventarc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Managed Flink Service Agent (`roles/managedflink.serviceAgent`) Managed Kafka Service Agent (`roles/managedkafka.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.networkAttachments.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.networkAttachments.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Database Migration Service Agent (`roles/datamigration.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Datastream Service Agent (`roles/datastream.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Managed Flink Service Agent (`roles/managedflink.serviceAgent`) Managed Kafka Service Agent (`roles/managedkafka.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.networkAttachments.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.networkAttachments.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.networkAttachments.setIamPolicy`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.networkAttachments.update`	Owner (`roles/owner`) Editor (`roles/editor`) Composer Shared VPC Agent (`roles/composer.sharedVpcAgent`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Eventarc Service Agent (`roles/eventarc.serviceAgent`) Managed Flink Service Agent (`roles/managedflink.serviceAgent`) BigQuery Data Transfer Service Agent (`roles/bigquerydatatransfer.serviceAgent`)
`compute.networkAttachments.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Eventarc Service Agent (`roles/eventarc.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.networkEdgeSecurityServices.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.networkEdgeSecurityServices.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`)
`compute.networkEdgeSecurityServices.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.networkEdgeSecurityServices.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`)
`compute.networkEdgeSecurityServices.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`)
`compute.networkEdgeSecurityServices.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`)
`compute.networkEdgeSecurityServices.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`)
`compute.networkEdgeSecurityServices.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`)
`compute.networkEdgeSecurityServices.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.networkEndpointGroups.attachNetworkEndpoints`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`)
`compute.networkEndpointGroups.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`)
`compute.networkEndpointGroups.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.networkEndpointGroups.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`)
`compute.networkEndpointGroups.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.networkEndpointGroups.detachNetworkEndpoints`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`)
`compute.networkEndpointGroups.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Security Center Control Service Agent (`roles/securitycenter.controlServiceAgent`) Security Health Analytics Service Agent (`roles/securitycenter.securityHealthAnalyticsServiceAgent`) Security Center Service Agent (`roles/securitycenter.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`)
`compute.networkEndpointGroups.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`)
`compute.networkEndpointGroups.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.networkEndpointGroups.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.networkEndpointGroups.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`)
`compute.networkProfiles.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.networkProfiles.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.networks.access`	Owner (`roles/owner`) Editor (`roles/editor`) Composer Shared VPC Agent (`roles/composer.sharedVpcAgent`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) Serverless VPC Access User (`roles/vpcaccess.user`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Data Connectors Service Agent (`roles/dataconnectors.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`)
`compute.networks.addPeering`	Owner (`roles/owner`) Editor (`roles/editor`) Composer Shared VPC Agent (`roles/composer.sharedVpcAgent`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Database Migration Service Agent (`roles/datamigration.serviceAgent`) Datastream Service Agent (`roles/datastream.serviceAgent`) Cloud Filestore Service Agent (`roles/file.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Cloud Memorystore Memcached Service Agent (`roles/memcache.serviceAgent`) Cloud Memorystore Service Agent (`roles/memorystore.serviceAgent`) Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`) Cloud Memorystore Redis Service Agent (`roles/redis.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) Cloud TPU API Service Agent (`roles/tpu.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.networks.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) Cloud Spanner API Service Agent (`roles/spanner.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.networks.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.networks.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.networks.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.networks.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Build Integrations Owner (`roles/cloudbuild.integrationsOwner`) Velostrata Manager (`roles/cloudmigration.inframanager`) Composer Shared VPC Agent (`roles/composer.sharedVpcAgent`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Kubernetes Engine Host Service Agent User (`roles/container.hostServiceAgentUser`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) DNS Administrator (`roles/dns.admin`) DNS Reader (`roles/dns.reader`) Databases Admin (`roles/iam.databasesAdmin`) Dev Ops (`roles/iam.devOps`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) ML Engineer (`roles/iam.mlEngineer`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) TPU Shared VPC Agent (`roles/tpu.xpnAgent`) Cloud Workstations Admin (`roles/workstations.admin`) Cloud Workstations Network Admin (`roles/workstations.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Bare Metal Solution Service Agent (`roles/baremetalsolution.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Database Migration Service Agent (`roles/datamigration.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Datastream Service Agent (`roles/datastream.serviceAgent`) Edge Container Service Agent (`roles/edgecontainer.serviceAgent`) Cloud Filestore Service Agent (`roles/file.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Managed Flink Service Agent (`roles/managedflink.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Managed Kafka Service Agent (`roles/managedkafka.serviceAgent`) Cloud Memorystore Memcached Service Agent (`roles/memcache.serviceAgent`) Cloud Memorystore Service Agent (`roles/memorystore.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Cloud Memorystore Redis Service Agent (`roles/redis.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Serverless Integrations Service Agent (`roles/runapps.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) Cloud TPU API Service Agent (`roles/tpu.serviceAgent`) VM Migration Service Agent (`roles/vmmigration.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Vertex AI Colab Service Agent (`roles/aiplatform.colabServiceAgent`)
`compute.networks.getEffectiveFirewalls`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud Firewall Insights Service Agent (`roles/firewallinsights.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.networks.getRegionEffectiveFirewalls`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.networks.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Velostrata Manager (`roles/cloudmigration.inframanager`) Composer Shared VPC Agent (`roles/composer.sharedVpcAgent`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) DNS Administrator (`roles/dns.admin`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) ML Engineer (`roles/iam.mlEngineer`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Cloud Memorystore Memcached Admin (`roles/memcache.admin`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Cloud Memorystore Redis Admin (`roles/redis.admin`) Cloud Memorystore Redis Editor (`roles/redis.editor`) TPU Shared VPC Agent (`roles/tpu.xpnAgent`) Workload Manager Admin (`roles/workloadmanager.admin`) Workload Manager Deployment Admin (`roles/workloadmanager.deploymentAdmin`) Cloud Workstations Admin (`roles/workstations.admin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Bare Metal Solution Service Agent (`roles/baremetalsolution.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Database Migration Service Agent (`roles/datamigration.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud Firewall Insights Service Agent (`roles/firewallinsights.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Managed Flink Service Agent (`roles/managedflink.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Serverless Integrations Service Agent (`roles/runapps.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`)
`compute.networks.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.networks.listPeeringRoutes`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Composer Shared VPC Agent (`roles/composer.sharedVpcAgent`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Database Migration Service Agent (`roles/datamigration.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Datastream Service Agent (`roles/datastream.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.networks.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.networks.mirror`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute packet mirroring admin (`roles/compute.packetMirroringAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.networks.removePeering`	Owner (`roles/owner`) Editor (`roles/editor`) Composer Shared VPC Agent (`roles/composer.sharedVpcAgent`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Database Migration Service Agent (`roles/datamigration.serviceAgent`) Datastream Service Agent (`roles/datastream.serviceAgent`) Cloud Filestore Service Agent (`roles/file.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Cloud Memorystore Memcached Service Agent (`roles/memcache.serviceAgent`) Cloud Memorystore Service Agent (`roles/memorystore.serviceAgent`) Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`) Cloud Memorystore Redis Service Agent (`roles/redis.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) Cloud TPU API Service Agent (`roles/tpu.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.networks.setFirewallPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.networks.setNetworkPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.networks.switchToCustomMode`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.networks.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Filestore Service Agent (`roles/file.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Cloud Memorystore Memcached Service Agent (`roles/memcache.serviceAgent`) Cloud Memorystore Redis Service Agent (`roles/redis.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) Cloud TPU API Service Agent (`roles/tpu.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.networks.updatePeering`	Owner (`roles/owner`) Editor (`roles/editor`) Composer Shared VPC Agent (`roles/composer.sharedVpcAgent`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Filestore Service Agent (`roles/file.serviceAgent`) Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.networks.updatePolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Build Integrations Owner (`roles/cloudbuild.integrationsOwner`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Dev Ops (`roles/iam.devOps`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) TPU Shared VPC Agent (`roles/tpu.xpnAgent`) Cloud Workstations Network Admin (`roles/workstations.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Chronicle SOAR Service Agent (`roles/chronicle.soarServiceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Edge Container Service Agent (`roles/edgecontainer.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`)
`compute.networks.use`	Owner (`roles/owner`) Editor (`roles/editor`) Velostrata Manager (`roles/cloudmigration.inframanager`) Composer Shared VPC Agent (`roles/composer.sharedVpcAgent`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Peer Subnet Migration Admin (`roles/compute.peerSubnetMigrationAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) TPU Shared VPC Agent (`roles/tpu.xpnAgent`) Cloud Workstations Network Admin (`roles/workstations.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) APIM API Discovery Service Agent (`roles/apim.apiDiscoveryServiceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Database Migration Service Agent (`roles/datamigration.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Datastream Service Agent (`roles/datastream.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Managed Kafka Service Agent (`roles/managedkafka.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud Spanner API Service Agent (`roles/spanner.serviceAgent`) VM Migration Service Agent (`roles/vmmigration.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Vertex AI Colab Service Agent (`roles/aiplatform.colabServiceAgent`)
`compute.networks.useExternalIp`	Owner (`roles/owner`) Editor (`roles/editor`) Velostrata Manager (`roles/cloudmigration.inframanager`) Composer Shared VPC Agent (`roles/composer.sharedVpcAgent`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) TPU Shared VPC Agent (`roles/tpu.xpnAgent`) Cloud Workstations Network Admin (`roles/workstations.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud Spanner API Service Agent (`roles/spanner.serviceAgent`) VM Migration Service Agent (`roles/vmmigration.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Vertex AI Colab Service Agent (`roles/aiplatform.colabServiceAgent`)
`compute.nodeGroups.addNodes`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.nodeGroups.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.nodeGroups.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.nodeGroups.deleteNodes`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.nodeGroups.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Sole Tenant Viewer (`roles/compute.soleTenantViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`)
`compute.nodeGroups.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Sole Tenant Viewer (`roles/compute.soleTenantViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`)
`compute.nodeGroups.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Sole Tenant Viewer (`roles/compute.soleTenantViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataprep Service Agent (`roles/dataprep.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`)
`compute.nodeGroups.performMaintenance`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.nodeGroups.setIamPolicy`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.nodeGroups.setNodeTemplate`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.nodeGroups.simulateMaintenanceEvent`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.nodeGroups.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.nodeTemplates.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.nodeTemplates.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.nodeTemplates.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Compute Admin (`roles/compute.admin`) Compute Sole Tenant Viewer (`roles/compute.soleTenantViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataprep Service Agent (`roles/dataprep.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`)
`compute.nodeTemplates.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Sole Tenant Viewer (`roles/compute.soleTenantViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`)
`compute.nodeTemplates.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Sole Tenant Viewer (`roles/compute.soleTenantViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`)
`compute.nodeTemplates.setIamPolicy`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.nodeTypes.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Sole Tenant Viewer (`roles/compute.soleTenantViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`)
`compute.nodeTypes.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Sole Tenant Viewer (`roles/compute.soleTenantViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`)
`compute.organizations.disableXpnHost`	Compute Admin (`roles/compute.admin`) Compute Shared VPC Admin (`roles/compute.xpnAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.organizations.disableXpnResource`	Compute Admin (`roles/compute.admin`) Compute Shared VPC Admin (`roles/compute.xpnAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.organizations.enableXpnHost`	Compute Admin (`roles/compute.admin`) Compute Shared VPC Admin (`roles/compute.xpnAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.organizations.enableXpnResource`	Compute Admin (`roles/compute.admin`) Compute Shared VPC Admin (`roles/compute.xpnAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.organizations.listAssociations`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Organization Resource Admin (`roles/compute.orgSecurityResourceAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`)
`compute.organizations.setFirewallPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Organization Resource Admin (`roles/compute.orgSecurityResourceAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.organizations.setSecurityPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Organization Resource Admin (`roles/compute.orgSecurityResourceAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.oslogin.updateExternalUser`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute OS Login External User (`roles/compute.osLoginExternalUser`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.packetMirrorings.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute packet mirroring user (`roles/compute.packetMirroringUser`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.packetMirrorings.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute packet mirroring user (`roles/compute.packetMirroringUser`) Compute Security Admin (`roles/compute.securityAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.packetMirrorings.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute packet mirroring user (`roles/compute.packetMirroringUser`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.packetMirrorings.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute packet mirroring user (`roles/compute.packetMirroringUser`) Compute Security Admin (`roles/compute.securityAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.packetMirrorings.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute packet mirroring user (`roles/compute.packetMirroringUser`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.packetMirrorings.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute packet mirroring user (`roles/compute.packetMirroringUser`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.packetMirrorings.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute packet mirroring user (`roles/compute.packetMirroringUser`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.packetMirrorings.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute packet mirroring user (`roles/compute.packetMirroringUser`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.packetMirrorings.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute packet mirroring user (`roles/compute.packetMirroringUser`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.previewFeatures.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`)
`compute.previewFeatures.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`)
`compute.previewFeatures.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.projects.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Velostrata Manager (`roles/cloudmigration.inframanager`) Composer Shared VPC Agent (`roles/composer.sharedVpcAgent`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Load Balancer Services User (`roles/compute.loadBalancerServiceUser`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Organization Firewall Policy Admin (`roles/compute.orgFirewallPolicyAdmin`) Compute Organization Firewall Policy User (`roles/compute.orgFirewallPolicyUser`) Compute Organization Security Policy Admin (`roles/compute.orgSecurityPolicyAdmin`) Compute Organization Security Policy User (`roles/compute.orgSecurityPolicyUser`) Compute Organization Resource Admin (`roles/compute.orgSecurityResourceAdmin`) Compute OS Admin Login (`roles/compute.osAdminLogin`) Compute OS Login (`roles/compute.osLogin`) Compute packet mirroring admin (`roles/compute.packetMirroringAdmin`) Compute packet mirroring user (`roles/compute.packetMirroringUser`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) Compute Shared VPC Admin (`roles/compute.xpnAdmin`) Dataflow Admin (`roles/dataflow.admin`) Dataflow Developer (`roles/dataflow.developer`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Serverless Viewer (`roles/dataproc.serverlessViewer`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Dev Ops (`roles/iam.devOps`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) ML Engineer (`roles/iam.mlEngineer`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Workload Manager Admin (`roles/workloadmanager.admin`) Workload Manager Deployment Admin (`roles/workloadmanager.deploymentAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Backup and DR Service Agent (`roles/backupdr.serviceAgent`) Bare Metal Solution Service Agent (`roles/baremetalsolution.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Datapipelines Service Agent (`roles/datapipelines.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud Firewall Insights Service Agent (`roles/firewallinsights.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Cloud Memorystore Service Agent (`roles/memorystore.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Cloud OS Config Service Agent (`roles/osconfig.serviceAgent`) Cloud Memorystore Redis Service Agent (`roles/redis.serviceAgent`) Remoting Cloud Service Agent (`roles/remotingcloud.serviceAgent`) Security Center Control Service Agent (`roles/securitycenter.controlServiceAgent`) Security Health Analytics Service Agent (`roles/securitycenter.securityHealthAnalyticsServiceAgent`) Security Center Service Agent (`roles/securitycenter.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.projects.setCloudArmorTier`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.projects.setCommonInstanceMetadata`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud OS Config Service Agent (`roles/osconfig.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.projects.setDefaultNetworkTier`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.projects.setDefaultServiceAccount`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.projects.setManagedProtectionTier`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.projects.setUsageExportBucket`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.publicAdvertisedPrefixes.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.publicAdvertisedPrefixes.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.publicAdvertisedPrefixes.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`)
`compute.publicAdvertisedPrefixes.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`)
`compute.publicAdvertisedPrefixes.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.publicAdvertisedPrefixes.updatePolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.publicDelegatedPrefixes.announce`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.publicDelegatedPrefixes.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.publicDelegatedPrefixes.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`)
`compute.publicDelegatedPrefixes.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.publicDelegatedPrefixes.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`)
`compute.publicDelegatedPrefixes.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.publicDelegatedPrefixes.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.publicDelegatedPrefixes.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.publicDelegatedPrefixes.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.publicDelegatedPrefixes.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.publicDelegatedPrefixes.updatePolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.publicDelegatedPrefixes.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.publicDelegatedPrefixes.withdraw`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Public IP Admin (`roles/compute.publicIpAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.regionBackendBuckets.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionBackendBuckets.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionBackendBuckets.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionBackendBuckets.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionBackendBuckets.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Load Balancer Services User (`roles/compute.loadBalancerServiceUser`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionBackendBuckets.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionBackendBuckets.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Load Balancer Services User (`roles/compute.loadBalancerServiceUser`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionBackendBuckets.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Load Balancer Services User (`roles/compute.loadBalancerServiceUser`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionBackendBuckets.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Load Balancer Services User (`roles/compute.loadBalancerServiceUser`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionBackendBuckets.setIamPolicy`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionBackendBuckets.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionBackendBuckets.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Load Balancer Services User (`roles/compute.loadBalancerServiceUser`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionBackendServices.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Dataproc Metastore Managed Migration Admin (`roles/metastore.migrationAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) APIM API Discovery Service Agent (`roles/apim.apiDiscoveryServiceAgent`)
`compute.regionBackendServices.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionBackendServices.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Dataproc Metastore Managed Migration Admin (`roles/metastore.migrationAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) APIM API Discovery Service Agent (`roles/apim.apiDiscoveryServiceAgent`)
`compute.regionBackendServices.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionBackendServices.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Load Balancer Services User (`roles/compute.loadBalancerServiceUser`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) APIM API Discovery Service Agent (`roles/apim.apiDiscoveryServiceAgent`)
`compute.regionBackendServices.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionBackendServices.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Load Balancer Services User (`roles/compute.loadBalancerServiceUser`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) APIM API Discovery Service Agent (`roles/apim.apiDiscoveryServiceAgent`)
`compute.regionBackendServices.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Load Balancer Services User (`roles/compute.loadBalancerServiceUser`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionBackendServices.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Load Balancer Services User (`roles/compute.loadBalancerServiceUser`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionBackendServices.setIamPolicy`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionBackendServices.setSecurityPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionBackendServices.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) APIM API Discovery Service Agent (`roles/apim.apiDiscoveryServiceAgent`)
`compute.regionBackendServices.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Load Balancer Services User (`roles/compute.loadBalancerServiceUser`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Dataproc Metastore Managed Migration Admin (`roles/metastore.migrationAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) APIM API Discovery Service Agent (`roles/apim.apiDiscoveryServiceAgent`)
`compute.regionCompositeHealthChecks.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionCompositeHealthChecks.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionCompositeHealthChecks.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionCompositeHealthChecks.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionCompositeHealthChecks.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionFirewallPolicies.cloneRules`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Organization Firewall Policy Admin (`roles/compute.orgFirewallPolicyAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.regionFirewallPolicies.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Organization Firewall Policy Admin (`roles/compute.orgFirewallPolicyAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.regionFirewallPolicies.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Organization Firewall Policy Admin (`roles/compute.orgFirewallPolicyAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.regionFirewallPolicies.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Organization Firewall Policy Admin (`roles/compute.orgFirewallPolicyAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.regionFirewallPolicies.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Organization Firewall Policy Admin (`roles/compute.orgFirewallPolicyAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.regionFirewallPolicies.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Organization Firewall Policy Admin (`roles/compute.orgFirewallPolicyAdmin`) Compute Organization Firewall Policy User (`roles/compute.orgFirewallPolicyUser`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionFirewallPolicies.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Organization Firewall Policy Admin (`roles/compute.orgFirewallPolicyAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataprep Service Agent (`roles/dataprep.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.regionFirewallPolicies.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Organization Firewall Policy Admin (`roles/compute.orgFirewallPolicyAdmin`) Compute Organization Firewall Policy User (`roles/compute.orgFirewallPolicyUser`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionFirewallPolicies.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Organization Firewall Policy Admin (`roles/compute.orgFirewallPolicyAdmin`) Compute Organization Firewall Policy User (`roles/compute.orgFirewallPolicyUser`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionFirewallPolicies.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Organization Firewall Policy Admin (`roles/compute.orgFirewallPolicyAdmin`) Compute Organization Firewall Policy User (`roles/compute.orgFirewallPolicyUser`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionFirewallPolicies.setIamPolicy`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Organization Firewall Policy Admin (`roles/compute.orgFirewallPolicyAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.regionFirewallPolicies.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Organization Firewall Policy Admin (`roles/compute.orgFirewallPolicyAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.regionFirewallPolicies.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Organization Firewall Policy Admin (`roles/compute.orgFirewallPolicyAdmin`) Compute Organization Firewall Policy User (`roles/compute.orgFirewallPolicyUser`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionHealthAggregationPolicies.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionHealthAggregationPolicies.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionHealthAggregationPolicies.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionHealthAggregationPolicies.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionHealthAggregationPolicies.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionHealthCheckServices.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionHealthCheckServices.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionHealthCheckServices.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionHealthCheckServices.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionHealthCheckServices.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionHealthCheckServices.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionHealthChecks.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Dataproc Metastore Managed Migration Admin (`roles/metastore.migrationAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.regionHealthChecks.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionHealthChecks.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Dataproc Metastore Managed Migration Admin (`roles/metastore.migrationAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.regionHealthChecks.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionHealthChecks.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionHealthChecks.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionHealthChecks.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionHealthChecks.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionHealthChecks.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.regionHealthChecks.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Dataproc Metastore Managed Migration Admin (`roles/metastore.migrationAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.regionHealthChecks.useReadOnly`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Support User (`roles/iam.supportUser`) Dataproc Metastore Managed Migration Admin (`roles/metastore.migrationAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.regionHealthSources.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionHealthSources.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionHealthSources.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionHealthSources.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionHealthSources.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionNetworkEndpointGroups.attachNetworkEndpoints`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. APIM API Discovery Service Agent (`roles/apim.apiDiscoveryServiceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`)
`compute.regionNetworkEndpointGroups.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. APIM API Discovery Service Agent (`roles/apim.apiDiscoveryServiceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`)
`compute.regionNetworkEndpointGroups.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionNetworkEndpointGroups.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. APIM API Discovery Service Agent (`roles/apim.apiDiscoveryServiceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`)
`compute.regionNetworkEndpointGroups.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionNetworkEndpointGroups.detachNetworkEndpoints`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. APIM API Discovery Service Agent (`roles/apim.apiDiscoveryServiceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`)
`compute.regionNetworkEndpointGroups.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. APIM API Discovery Service Agent (`roles/apim.apiDiscoveryServiceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Serverless Integrations Service Agent (`roles/runapps.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`)
`compute.regionNetworkEndpointGroups.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. APIM API Discovery Service Agent (`roles/apim.apiDiscoveryServiceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Serverless Integrations Service Agent (`roles/runapps.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`)
`compute.regionNetworkEndpointGroups.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionNetworkEndpointGroups.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionNetworkEndpointGroups.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. APIM API Discovery Service Agent (`roles/apim.apiDiscoveryServiceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`)
`compute.regionNetworkPolicies.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionNetworkPolicies.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionNetworkPolicies.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionNetworkPolicies.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionNetworkPolicies.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionNetworkPolicies.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionNotificationEndpoints.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionNotificationEndpoints.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionNotificationEndpoints.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionNotificationEndpoints.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionNotificationEndpoints.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionNotificationEndpoints.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionOperations.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.regionOperations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Backup and DR Disk Operator (`roles/backupdr.diskOperator`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Organization Firewall Policy Admin (`roles/compute.orgFirewallPolicyAdmin`) Compute Organization Firewall Policy User (`roles/compute.orgFirewallPolicyUser`) Compute Peer Subnet Migration Admin (`roles/compute.peerSubnetMigrationAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) Cloud Workstations Network Admin (`roles/workstations.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) BigQuery Data Transfer Service Agent (`roles/bigquerydatatransfer.serviceAgent`) Chronicle SOAR Service Agent (`roles/chronicle.soarServiceAgent`) Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Database Migration Service Agent (`roles/datamigration.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Edge Container Service Agent (`roles/edgecontainer.serviceAgent`) Eventarc Service Agent (`roles/eventarc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Backup for GKE Service Agent (`roles/gkebackup.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Managed Flink Service Agent (`roles/managedflink.serviceAgent`) Managed Kafka Service Agent (`roles/managedkafka.serviceAgent`) Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Security Center Control Service Agent (`roles/securitycenter.controlServiceAgent`) Google Cloud Security Response Service Agent (`roles/securitycenter.securityResponseServiceAgent`) Security Center Service Agent (`roles/securitycenter.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) APIM API Discovery Service Agent (`roles/apim.apiDiscoveryServiceAgent`)
`compute.regionOperations.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Organization Firewall Policy Admin (`roles/compute.orgFirewallPolicyAdmin`) Compute Organization Firewall Policy User (`roles/compute.orgFirewallPolicyUser`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`)
`compute.regionOperations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Organization Firewall Policy Admin (`roles/compute.orgFirewallPolicyAdmin`) Compute Organization Firewall Policy User (`roles/compute.orgFirewallPolicyUser`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Database Migration Service Agent (`roles/datamigration.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionOperations.setIamPolicy`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Organization Firewall Policy Admin (`roles/compute.orgFirewallPolicyAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.regionSecurityPolicies.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.regionSecurityPolicies.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Security Admin (`roles/compute.securityAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.regionSecurityPolicies.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.regionSecurityPolicies.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Security Admin (`roles/compute.securityAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.regionSecurityPolicies.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionSecurityPolicies.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionSecurityPolicies.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionSecurityPolicies.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionSecurityPolicies.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.regionSecurityPolicies.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionSslCertificates.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.regionSslCertificates.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.regionSslCertificates.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.regionSslCertificates.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.regionSslCertificates.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionSslCertificates.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionSslCertificates.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionSslCertificates.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionSslPolicies.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionSslPolicies.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionSslPolicies.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionSslPolicies.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionSslPolicies.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionSslPolicies.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Security Compliance Service Agent (`roles/cloudsecuritycompliance.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Audit Manager Auditing Service Agent (`roles/auditmanager.serviceAgent`)
`compute.regionSslPolicies.listAvailableFeatures`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionSslPolicies.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionSslPolicies.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionSslPolicies.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionSslPolicies.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionTargetHttpProxies.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.regionTargetHttpProxies.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionTargetHttpProxies.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.regionTargetHttpProxies.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionTargetHttpProxies.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionTargetHttpProxies.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Security Compliance Service Agent (`roles/cloudsecuritycompliance.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Audit Manager Auditing Service Agent (`roles/auditmanager.serviceAgent`)
`compute.regionTargetHttpProxies.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionTargetHttpProxies.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionTargetHttpProxies.setUrlMap`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionTargetHttpProxies.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.regionTargetHttpsProxies.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.regionTargetHttpsProxies.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionTargetHttpsProxies.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.regionTargetHttpsProxies.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionTargetHttpsProxies.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionTargetHttpsProxies.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionTargetHttpsProxies.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionTargetHttpsProxies.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionTargetHttpsProxies.setSslCertificates`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionTargetHttpsProxies.setUrlMap`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionTargetHttpsProxies.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionTargetHttpsProxies.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.regionTargetTcpProxies.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionTargetTcpProxies.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionTargetTcpProxies.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionTargetTcpProxies.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionTargetTcpProxies.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionTargetTcpProxies.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Cloud Firewall Insights Service Agent (`roles/firewallinsights.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionTargetTcpProxies.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionTargetTcpProxies.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionTargetTcpProxies.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionUrlMaps.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.regionUrlMaps.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionUrlMaps.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.regionUrlMaps.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionUrlMaps.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionUrlMaps.invalidateCache`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionUrlMaps.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Security Compliance Service Agent (`roles/cloudsecuritycompliance.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Audit Manager Auditing Service Agent (`roles/auditmanager.serviceAgent`)
`compute.regionUrlMaps.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionUrlMaps.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.regionUrlMaps.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regionUrlMaps.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.regionUrlMaps.validate`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.regions.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Cloud Build Integrations Owner (`roles/cloudbuild.integrationsOwner`) Velostrata Manager (`roles/cloudmigration.inframanager`) Composer Shared VPC Agent (`roles/composer.sharedVpcAgent`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Serverless Viewer (`roles/dataproc.serverlessViewer`) Dataproc Viewer (`roles/dataproc.viewer`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Dev Ops (`roles/iam.devOps`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) ML Engineer (`roles/iam.mlEngineer`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Backup and DR Service Agent (`roles/backupdr.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) KRM API Hosting Service Agent (`roles/krmapihosting.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.regions.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Velostrata Manager (`roles/cloudmigration.inframanager`) Composer Shared VPC Agent (`roles/composer.sharedVpcAgent`) Compute Admin (`roles/compute.admin`) Compute Future Reservation Admin (`roles/compute.futureReservationAdmin`) Compute Future Reservation User (`roles/compute.futureReservationUser`) Compute Future Reservation Viewer (`roles/compute.futureReservationViewer`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Peer Subnet Migration Admin (`roles/compute.peerSubnetMigrationAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) Dataflow Admin (`roles/dataflow.admin`) Dataflow Developer (`roles/dataflow.developer`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Serverless Viewer (`roles/dataproc.serverlessViewer`) Dataproc Viewer (`roles/dataproc.viewer`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) ML Engineer (`roles/iam.mlEngineer`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Workload Manager Admin (`roles/workloadmanager.admin`) Workload Manager Deployment Admin (`roles/workloadmanager.deploymentAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Backup and DR Service Agent (`roles/backupdr.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Datapipelines Service Agent (`roles/datapipelines.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`)
`compute.reservationBlocks.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.reservationBlocks.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.reservationBlocks.performMaintenance`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Future Reservation Admin (`roles/compute.futureReservationAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.reservationSubBlocks.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.reservationSubBlocks.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.reservationSubBlocks.performMaintenance`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Future Reservation Admin (`roles/compute.futureReservationAdmin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.reservationSubBlocks.reportFaulty`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Future Reservation Admin (`roles/compute.futureReservationAdmin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.reservations.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Future Reservation Admin (`roles/compute.futureReservationAdmin`) Compute Future Reservation User (`roles/compute.futureReservationUser`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.reservations.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.reservations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Colab Enterprise Admin (`roles/aiplatform.colabEnterpriseAdmin`) Notebook Runtime Admin (`roles/aiplatform.notebookRuntimeAdmin`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Capacity Planner Usage Viewer (`roles/capacityplanner.viewer`) Cloud Hub Operator (`roles/cloudhub.operator`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) ML Engineer (`roles/iam.mlEngineer`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.reservations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Colab Enterprise Admin (`roles/aiplatform.colabEnterpriseAdmin`) Notebook Runtime Admin (`roles/aiplatform.notebookRuntimeAdmin`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Capacity Planner Usage Viewer (`roles/capacityplanner.viewer`) Cloud Hub Operator (`roles/cloudhub.operator`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) ML Engineer (`roles/iam.mlEngineer`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.reservations.performMaintenance`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Future Reservation Admin (`roles/compute.futureReservationAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.reservations.resize`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.reservations.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.resourcePolicies.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.resourcePolicies.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.resourcePolicies.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.resourcePolicies.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.resourcePolicies.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.resourcePolicies.setIamPolicy`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.resourcePolicies.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.resourcePolicies.use`	Owner (`roles/owner`) Editor (`roles/editor`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Backup and DR Disk Operator (`roles/backupdr.diskOperator`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.resourcePolicies.useReadOnly`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.rolloutPlans.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute VM extension policy admin (`roles/compute.vmExtensionPolicyAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.rolloutPlans.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute VM extension policy admin (`roles/compute.vmExtensionPolicyAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.rolloutPlans.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Viewer (`roles/compute.viewer`) Compute VM extension policy admin (`roles/compute.vmExtensionPolicyAdmin`) Compute VM extension policy viewer (`roles/compute.vmExtensionPolicyViewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`)
`compute.rolloutPlans.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Viewer (`roles/compute.viewer`) Compute VM extension policy admin (`roles/compute.vmExtensionPolicyAdmin`) Compute VM extension policy viewer (`roles/compute.vmExtensionPolicyViewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`)
`compute.rollouts.cancel`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute VM extension policy admin (`roles/compute.vmExtensionPolicyAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.rollouts.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute VM extension policy admin (`roles/compute.vmExtensionPolicyAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.rollouts.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Viewer (`roles/compute.viewer`) Compute VM extension policy admin (`roles/compute.vmExtensionPolicyAdmin`) Compute VM extension policy viewer (`roles/compute.vmExtensionPolicyViewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`)
`compute.rollouts.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Viewer (`roles/compute.viewer`) Compute VM extension policy admin (`roles/compute.vmExtensionPolicyAdmin`) Compute VM extension policy viewer (`roles/compute.vmExtensionPolicyViewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`)
`compute.routers.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Edge Container Service Agent (`roles/edgecontainer.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.routers.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.routers.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Edge Container Service Agent (`roles/edgecontainer.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.routers.deleteRoutePolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.routers.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.routers.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Interconnect Attachment Group Analyzer (`roles/compute.interconnectAttachmentGroupAnalyzer`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Edge Container Service Agent (`roles/edgecontainer.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.routers.getRoutePolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.routers.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Security Compliance Service Agent (`roles/cloudsecuritycompliance.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Database Migration Service Agent (`roles/datamigration.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Edge Container Service Agent (`roles/edgecontainer.serviceAgent`) Cloud Firewall Insights Service Agent (`roles/firewallinsights.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`) Audit Manager Auditing Service Agent (`roles/auditmanager.serviceAgent`)
`compute.routers.listBgpRoutes`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.routers.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.routers.listRoutePolicies`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.routers.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.routers.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Edge Container Service Agent (`roles/edgecontainer.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.routers.updateRoutePolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.routers.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Edge Container Service Agent (`roles/edgecontainer.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.routes.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.routes.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.routes.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.routes.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.routes.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Database Migration Service Agent (`roles/datamigration.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Datastream Service Agent (`roles/datastream.serviceAgent`) Cloud Firewall Insights Service Agent (`roles/firewallinsights.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Cloud Memorystore Memcached Service Agent (`roles/memcache.serviceAgent`) Cloud Memorystore Service Agent (`roles/memorystore.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Cloud Memorystore Redis Service Agent (`roles/redis.serviceAgent`) Cloud TPU API Service Agent (`roles/tpu.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.routes.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) TPU Shared VPC Agent (`roles/tpu.xpnAgent`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Database Migration Service Agent (`roles/datamigration.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Datastream Service Agent (`roles/datastream.serviceAgent`) Cloud Filestore Service Agent (`roles/file.serviceAgent`) Cloud Firewall Insights Service Agent (`roles/firewallinsights.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Cloud Memorystore Memcached Service Agent (`roles/memcache.serviceAgent`) Cloud Memorystore Service Agent (`roles/memorystore.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Cloud Memorystore Redis Service Agent (`roles/redis.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) Cloud TPU API Service Agent (`roles/tpu.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.routes.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.routes.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.securityPolicies.addAssociation`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Organization Security Policy Admin (`roles/compute.orgSecurityPolicyAdmin`) Compute Organization Security Policy User (`roles/compute.orgSecurityPolicyUser`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.securityPolicies.copyRules`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Organization Security Policy Admin (`roles/compute.orgSecurityPolicyAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.securityPolicies.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Organization Security Policy Admin (`roles/compute.orgSecurityPolicyAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.securityPolicies.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Organization Security Policy Admin (`roles/compute.orgSecurityPolicyAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.securityPolicies.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Organization Security Policy Admin (`roles/compute.orgSecurityPolicyAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.securityPolicies.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Organization Security Policy Admin (`roles/compute.orgSecurityPolicyAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.securityPolicies.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Organization Security Policy Admin (`roles/compute.orgSecurityPolicyAdmin`) Compute Organization Security Policy User (`roles/compute.orgSecurityPolicyUser`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.securityPolicies.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Organization Security Policy Admin (`roles/compute.orgSecurityPolicyAdmin`) Compute Organization Security Policy User (`roles/compute.orgSecurityPolicyUser`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Security Compliance Service Agent (`roles/cloudsecuritycompliance.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Audit Manager Auditing Service Agent (`roles/auditmanager.serviceAgent`)
`compute.securityPolicies.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Organization Security Policy Admin (`roles/compute.orgSecurityPolicyAdmin`) Compute Organization Security Policy User (`roles/compute.orgSecurityPolicyUser`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.securityPolicies.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Organization Security Policy Admin (`roles/compute.orgSecurityPolicyAdmin`) Compute Organization Security Policy User (`roles/compute.orgSecurityPolicyUser`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.securityPolicies.move`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Organization Security Policy Admin (`roles/compute.orgSecurityPolicyAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.securityPolicies.removeAssociation`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Organization Security Policy Admin (`roles/compute.orgSecurityPolicyAdmin`) Compute Organization Security Policy User (`roles/compute.orgSecurityPolicyUser`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.securityPolicies.setLabels`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.securityPolicies.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Organization Security Policy Admin (`roles/compute.orgSecurityPolicyAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.securityPolicies.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Organization Security Policy Admin (`roles/compute.orgSecurityPolicyAdmin`) Compute Organization Security Policy User (`roles/compute.orgSecurityPolicyUser`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.serviceAttachments.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Dataproc Metastore Managed Migration Admin (`roles/metastore.migrationAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.serviceAttachments.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.serviceAttachments.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Dataproc Metastore Managed Migration Admin (`roles/metastore.migrationAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.serviceAttachments.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.serviceAttachments.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Database Migration Service Agent (`roles/datamigration.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.serviceAttachments.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.serviceAttachments.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Database Migration Service Agent (`roles/datamigration.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.serviceAttachments.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.serviceAttachments.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.serviceAttachments.setIamPolicy`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.serviceAttachments.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Database Migration Service Agent (`roles/datamigration.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.serviceAttachments.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.snapshotSettings.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`)
`compute.snapshotSettings.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.snapshots.create`	Owner (`roles/owner`) Editor (`roles/editor`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Vertex AI Colab Service Agent (`roles/aiplatform.colabServiceAgent`)
`compute.snapshots.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.snapshots.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Backup for GKE Service Agent (`roles/gkebackup.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Vertex AI Colab Service Agent (`roles/aiplatform.colabServiceAgent`)
`compute.snapshots.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.snapshots.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Backup for GKE Service Agent (`roles/gkebackup.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`)
`compute.snapshots.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.snapshots.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.snapshots.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute OS Admin Login (`roles/compute.osAdminLogin`) Compute OS Login (`roles/compute.osLogin`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Dev Ops (`roles/iam.devOps`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.snapshots.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute OS Admin Login (`roles/compute.osAdminLogin`) Compute OS Login (`roles/compute.osLogin`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Dev Ops (`roles/iam.devOps`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.snapshots.setIamPolicy`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.snapshots.setLabels`	Owner (`roles/owner`) Editor (`roles/editor`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Backup and DR Disk Operator (`roles/backupdr.diskOperator`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`)
`compute.snapshots.updateKmsKey`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.snapshots.useReadOnly`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Backup and DR Disk Operator (`roles/backupdr.diskOperator`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Vertex AI Colab Service Agent (`roles/aiplatform.colabServiceAgent`)
`compute.spotAssistants.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.sslCertificates.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.sslCertificates.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.sslCertificates.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.sslCertificates.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.sslCertificates.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Serverless Integrations Service Agent (`roles/runapps.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.sslCertificates.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Security Compliance Service Agent (`roles/cloudsecuritycompliance.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Serverless Integrations Service Agent (`roles/runapps.serviceAgent`) Cloud Web Security Scanner Service Agent (`roles/websecurityscanner.serviceAgent`) Audit Manager Auditing Service Agent (`roles/auditmanager.serviceAgent`)
`compute.sslCertificates.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.sslCertificates.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.sslPolicies.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.sslPolicies.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.sslPolicies.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.sslPolicies.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.sslPolicies.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.sslPolicies.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Security Compliance Service Agent (`roles/cloudsecuritycompliance.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Audit Manager Auditing Service Agent (`roles/auditmanager.serviceAgent`)
`compute.sslPolicies.listAvailableFeatures`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.sslPolicies.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.sslPolicies.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.sslPolicies.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.sslPolicies.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.storagePools.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.storagePools.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Storage Admin (`roles/compute.storageAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`)
`compute.storagePools.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.storagePools.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Storage Admin (`roles/compute.storageAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`)
`compute.storagePools.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) VM Migration Service Agent (`roles/vmmigration.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.storagePools.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.storagePools.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.storagePools.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.storagePools.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.storagePools.setIamPolicy`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.storagePools.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`compute.storagePools.use`	Owner (`roles/owner`) Editor (`roles/editor`) Backup and DR Disk Operator (`roles/backupdr.diskOperator`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Storage Admin (`roles/compute.storageAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Backup for GKE Service Agent (`roles/gkebackup.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) VM Migration Service Agent (`roles/vmmigration.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.subnetworks.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) Cloud Spanner API Service Agent (`roles/spanner.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.subnetworks.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.subnetworks.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.subnetworks.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.subnetworks.expandIpCidrRange`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.subnetworks.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Build Integrations Owner (`roles/cloudbuild.integrationsOwner`) Velostrata Manager (`roles/cloudmigration.inframanager`) Composer Shared VPC Agent (`roles/composer.sharedVpcAgent`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Dev Ops (`roles/iam.devOps`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Dataproc Metastore Managed Migration Admin (`roles/metastore.migrationAdmin`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) TPU Shared VPC Agent (`roles/tpu.xpnAgent`) Cloud Workstations Admin (`roles/workstations.admin`) Cloud Workstations Network Admin (`roles/workstations.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Database Migration Service Agent (`roles/datamigration.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Datastream Service Agent (`roles/datastream.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Managed Flink Service Agent (`roles/managedflink.serviceAgent`) Managed Kafka Service Agent (`roles/managedkafka.serviceAgent`) Cloud Memorystore Memcached Service Agent (`roles/memcache.serviceAgent`) Cloud Memorystore Service Agent (`roles/memorystore.serviceAgent`) Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Cloud Memorystore Redis Service Agent (`roles/redis.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) Cloud TPU API Service Agent (`roles/tpu.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Vertex AI Colab Service Agent (`roles/aiplatform.colabServiceAgent`)
`compute.subnetworks.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Viewer (`roles/compute.viewer`) Compute Shared VPC Admin (`roles/compute.xpnAdmin`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.subnetworks.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Cloud Build Integrations Owner (`roles/cloudbuild.integrationsOwner`) Velostrata Manager (`roles/cloudmigration.inframanager`) Composer Shared VPC Agent (`roles/composer.sharedVpcAgent`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Dev Ops (`roles/iam.devOps`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) TPU Shared VPC Agent (`roles/tpu.xpnAgent`) Workload Manager Admin (`roles/workloadmanager.admin`) Workload Manager Deployment Admin (`roles/workloadmanager.deploymentAdmin`) Cloud Workstations Admin (`roles/workstations.admin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) Audit Manager Auditing Service Agent (`roles/auditmanager.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud Security Compliance Service Agent (`roles/cloudsecuritycompliance.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Database Migration Service Agent (`roles/datamigration.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Datastream Service Agent (`roles/datastream.serviceAgent`) Cloud Firewall Insights Service Agent (`roles/firewallinsights.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Managed Flink Service Agent (`roles/managedflink.serviceAgent`) Cloud Memorystore Memcached Service Agent (`roles/memcache.serviceAgent`) Cloud Memorystore Service Agent (`roles/memorystore.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Cloud Memorystore Redis Service Agent (`roles/redis.serviceAgent`) Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) Cloud TPU API Service Agent (`roles/tpu.serviceAgent`) VMware Engine Service Agent (`roles/vmwareengine.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) Vertex AI Colab Service Agent (`roles/aiplatform.colabServiceAgent`)
`compute.subnetworks.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.subnetworks.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.subnetworks.mirror`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute packet mirroring admin (`roles/compute.packetMirroringAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.subnetworks.setIamPolicy`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Shared VPC Admin (`roles/compute.xpnAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.subnetworks.setPrivateIpGoogleAccess`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.subnetworks.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.subnetworks.use`	Owner (`roles/owner`) Editor (`roles/editor`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Velostrata Manager (`roles/cloudmigration.inframanager`) Composer Shared VPC Agent (`roles/composer.sharedVpcAgent`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Peer Subnet Migration Admin (`roles/compute.peerSubnetMigrationAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Dataproc Metastore Managed Migration Admin (`roles/metastore.migrationAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) TPU Shared VPC Agent (`roles/tpu.xpnAgent`) Cloud Workstations Network Admin (`roles/workstations.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) APIM API Discovery Service Agent (`roles/apim.apiDiscoveryServiceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) BigQuery Data Transfer Service Agent (`roles/bigquerydatatransfer.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Database Migration Service Agent (`roles/datamigration.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Managed Flink Service Agent (`roles/managedflink.serviceAgent`) Managed Kafka Service Agent (`roles/managedkafka.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Cloud Spanner API Service Agent (`roles/spanner.serviceAgent`) VM Migration Service Agent (`roles/vmmigration.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Vertex AI Colab Service Agent (`roles/aiplatform.colabServiceAgent`)
`compute.subnetworks.useExternalIp`	Owner (`roles/owner`) Editor (`roles/editor`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Velostrata Manager (`roles/cloudmigration.inframanager`) Composer Shared VPC Agent (`roles/composer.sharedVpcAgent`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) TPU Shared VPC Agent (`roles/tpu.xpnAgent`) Cloud Workstations Network Admin (`roles/workstations.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud Spanner API Service Agent (`roles/spanner.serviceAgent`) VM Migration Service Agent (`roles/vmmigration.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Vertex AI Colab Service Agent (`roles/aiplatform.colabServiceAgent`)
`compute.subnetworks.usePeerMigration`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Peer Subnet Migration Admin (`roles/compute.peerSubnetMigrationAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.targetGrpcProxies.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.targetGrpcProxies.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.targetGrpcProxies.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.targetGrpcProxies.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.targetGrpcProxies.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.targetGrpcProxies.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.targetGrpcProxies.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.targetGrpcProxies.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.targetGrpcProxies.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.targetGrpcProxies.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.targetHttpProxies.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.targetHttpProxies.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.targetHttpProxies.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.targetHttpProxies.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.targetHttpProxies.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Serverless Integrations Service Agent (`roles/runapps.serviceAgent`) Cloud Web Security Scanner Service Agent (`roles/websecurityscanner.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.targetHttpProxies.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Security Compliance Service Agent (`roles/cloudsecuritycompliance.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Cloud Firewall Insights Service Agent (`roles/firewallinsights.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Serverless Integrations Service Agent (`roles/runapps.serviceAgent`) Audit Manager Auditing Service Agent (`roles/auditmanager.serviceAgent`)
`compute.targetHttpProxies.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.targetHttpProxies.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.targetHttpProxies.setUrlMap`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.targetHttpProxies.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.targetHttpProxies.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.targetHttpsProxies.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.targetHttpsProxies.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.targetHttpsProxies.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.targetHttpsProxies.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.targetHttpsProxies.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Serverless Integrations Service Agent (`roles/runapps.serviceAgent`) Cloud Web Security Scanner Service Agent (`roles/websecurityscanner.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.targetHttpsProxies.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Cloud Firewall Insights Service Agent (`roles/firewallinsights.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Serverless Integrations Service Agent (`roles/runapps.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.targetHttpsProxies.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.targetHttpsProxies.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.targetHttpsProxies.setCertificateMap`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.targetHttpsProxies.setQuicOverride`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.targetHttpsProxies.setSslCertificates`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.targetHttpsProxies.setSslPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.targetHttpsProxies.setUrlMap`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.targetHttpsProxies.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.targetHttpsProxies.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.targetInstances.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.targetInstances.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.targetInstances.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.targetInstances.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.targetInstances.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.targetInstances.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.targetInstances.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.targetInstances.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.targetInstances.setSecurityPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.targetInstances.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.targetPools.addHealthCheck`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.targetPools.addInstance`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.targetPools.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.targetPools.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.targetPools.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.targetPools.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.targetPools.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.targetPools.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud Firewall Insights Service Agent (`roles/firewallinsights.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.targetPools.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.targetPools.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.targetPools.removeHealthCheck`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.targetPools.removeInstance`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.targetPools.setSecurityPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.targetPools.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.targetPools.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.targetSslProxies.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.targetSslProxies.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.targetSslProxies.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.targetSslProxies.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.targetSslProxies.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.targetSslProxies.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Security Compliance Service Agent (`roles/cloudsecuritycompliance.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Cloud Firewall Insights Service Agent (`roles/firewallinsights.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Audit Manager Auditing Service Agent (`roles/auditmanager.serviceAgent`)
`compute.targetSslProxies.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.targetSslProxies.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.targetSslProxies.setBackendService`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.targetSslProxies.setCertificateMap`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.targetSslProxies.setProxyHeader`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.targetSslProxies.setSslCertificates`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.targetSslProxies.setSslPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.targetSslProxies.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.targetSslProxies.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.targetTcpProxies.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.targetTcpProxies.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.targetTcpProxies.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.targetTcpProxies.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.targetTcpProxies.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.targetTcpProxies.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Cloud Firewall Insights Service Agent (`roles/firewallinsights.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.targetTcpProxies.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.targetTcpProxies.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.targetTcpProxies.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.targetTcpProxies.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.targetVpnGateways.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.targetVpnGateways.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.targetVpnGateways.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.targetVpnGateways.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.targetVpnGateways.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.targetVpnGateways.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Cloud Firewall Insights Service Agent (`roles/firewallinsights.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.targetVpnGateways.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.targetVpnGateways.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.targetVpnGateways.setLabels`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.targetVpnGateways.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.urlMaps.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.urlMaps.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.urlMaps.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.urlMaps.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.urlMaps.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Serverless Integrations Service Agent (`roles/runapps.serviceAgent`) Cloud Web Security Scanner Service Agent (`roles/websecurityscanner.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.urlMaps.invalidateCache`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.urlMaps.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Security Compliance Service Agent (`roles/cloudsecuritycompliance.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Cloud Firewall Insights Service Agent (`roles/firewallinsights.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Serverless Integrations Service Agent (`roles/runapps.serviceAgent`) Audit Manager Auditing Service Agent (`roles/auditmanager.serviceAgent`)
`compute.urlMaps.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.urlMaps.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.urlMaps.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.urlMaps.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.urlMaps.validate`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Mesh Config Service Agent (`roles/meshconfig.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) Multi-Cluster Service Discovery Service Agent (`roles/multiclusterservicediscovery.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.vmExtensionPolicies.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute VM extension policy admin (`roles/compute.vmExtensionPolicyAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.vmExtensionPolicies.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute VM extension policy admin (`roles/compute.vmExtensionPolicyAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.vmExtensionPolicies.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Viewer (`roles/compute.viewer`) Compute VM extension policy admin (`roles/compute.vmExtensionPolicyAdmin`) Compute VM extension policy viewer (`roles/compute.vmExtensionPolicyViewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`)
`compute.vmExtensionPolicies.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Viewer (`roles/compute.viewer`) Compute VM extension policy admin (`roles/compute.vmExtensionPolicyAdmin`) Compute VM extension policy viewer (`roles/compute.vmExtensionPolicyViewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`)
`compute.vmExtensionPolicies.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute VM extension policy admin (`roles/compute.vmExtensionPolicyAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.vpnGateways.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Edge Container Service Agent (`roles/edgecontainer.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.vpnGateways.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.vpnGateways.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Edge Container Service Agent (`roles/edgecontainer.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.vpnGateways.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.vpnGateways.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Edge Container Service Agent (`roles/edgecontainer.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.vpnGateways.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Security Compliance Service Agent (`roles/cloudsecuritycompliance.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Cloud Firewall Insights Service Agent (`roles/firewallinsights.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Audit Manager Auditing Service Agent (`roles/auditmanager.serviceAgent`)
`compute.vpnGateways.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.vpnGateways.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.vpnGateways.setLabels`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.vpnGateways.use`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Edge Container Service Agent (`roles/edgecontainer.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.vpnTunnels.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Edge Container Service Agent (`roles/edgecontainer.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.vpnTunnels.createTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.vpnTunnels.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Edge Container Service Agent (`roles/edgecontainer.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.vpnTunnels.deleteTagBinding`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Tag User (`roles/resourcemanager.tagUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.vpnTunnels.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Edge Container Service Agent (`roles/edgecontainer.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Network Connectivity Service Agent (`roles/networkconnectivity.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.vpnTunnels.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Cloud Firewall Insights Service Agent (`roles/firewallinsights.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) GCP Network Management Service Agent (`roles/networkmanagement.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.vpnTunnels.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.vpnTunnels.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.vpnTunnels.setLabels`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`compute.wireGroups.create`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.wireGroups.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.wireGroups.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.wireGroups.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`)
`compute.wireGroups.update`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Compute Network Admin (`roles/compute.networkAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`compute.zoneOperations.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Admin (`roles/compute.admin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.zoneOperations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Backup and DR Disk Operator (`roles/backupdr.diskOperator`) Velostrata Manager (`roles/cloudmigration.inframanager`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) Dataproc Hub Agent (`roles/dataproc.hubAgent`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Cloud Run Service Agent (`roles/serverless.serviceAgent`) TPU Shared VPC Agent (`roles/tpu.xpnAgent`) Cloud Workstations Network Admin (`roles/workstations.networkAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI Service Agent (`roles/aiplatform.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Chronicle SOAR Service Agent (`roles/chronicle.soarServiceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Instance Group Manager Service Agent (`roles/compute.instanceGroupManagerServiceAgent`) Compute Engine Service Agent (`roles/compute.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Backup for GKE Service Agent (`roles/gkebackup.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Security Center Control Service Agent (`roles/securitycenter.controlServiceAgent`) Google Cloud Security Response Service Agent (`roles/securitycenter.securityResponseServiceAgent`) Security Center Service Agent (`roles/securitycenter.serviceAgent`) VM Migration Service Agent (`roles/vmmigration.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) Workstations Service Agent (`roles/workstations.serviceAgent`) Vertex AI Colab Service Agent (`roles/aiplatform.colabServiceAgent`)
`compute.zoneOperations.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`)
`compute.zoneOperations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) VM Migration Service Agent (`roles/vmmigration.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) Vertex AI Colab Service Agent (`roles/aiplatform.colabServiceAgent`)
`compute.zoneOperations.setIamPolicy`	Owner (`roles/owner`) Compute Admin (`roles/compute.admin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`)
`compute.zones.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Velostrata Manager (`roles/cloudmigration.inframanager`) Composer Shared VPC Agent (`roles/composer.sharedVpcAgent`) Compute Admin (`roles/compute.admin`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Serverless Viewer (`roles/dataproc.serverlessViewer`) Dataproc Viewer (`roles/dataproc.viewer`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) ML Engineer (`roles/iam.mlEngineer`) Network Administrator (`roles/iam.networkAdmin`) Security Auditor (`roles/iam.securityAuditor`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Cloud Workstations Admin (`roles/workstations.admin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Google Batch Service Agent (`roles/batch.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Cloud OS Config Service Agent (`roles/osconfig.serviceAgent`) Cloud TPU API Service Agent (`roles/tpu.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`)
`compute.zones.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Velostrata Manager (`roles/cloudmigration.inframanager`) Composer Shared VPC Agent (`roles/composer.sharedVpcAgent`) Compute Admin (`roles/compute.admin`) Compute Future Reservation Admin (`roles/compute.futureReservationAdmin`) Compute Future Reservation User (`roles/compute.futureReservationUser`) Compute Future Reservation Viewer (`roles/compute.futureReservationViewer`) Compute Instance Admin (beta) (`roles/compute.instanceAdmin`) Compute Instance Admin (v1) (`roles/compute.instanceAdmin.v1`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Compute Security Admin (`roles/compute.securityAdmin`) Compute Storage Admin (`roles/compute.storageAdmin`) Compute Viewer (`roles/compute.viewer`) Dataflow Admin (`roles/dataflow.admin`) Dataflow Developer (`roles/dataflow.developer`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Hub Agent (`roles/dataproc.hubAgent`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Serverless Viewer (`roles/dataproc.serverlessViewer`) Dataproc Viewer (`roles/dataproc.viewer`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Infrastructure Administrator (`roles/iam.infrastructureAdmin`) ML Engineer (`roles/iam.mlEngineer`) Network Administrator (`roles/iam.networkAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Site Reliability Engineer (`roles/iam.siteReliabilityEngineer`) Support User (`roles/iam.supportUser`) Dataproc Metastore Managed Migration Admin (`roles/metastore.migrationAdmin`) Notebooks Admin (`roles/notebooks.admin`) Notebooks Legacy Admin (`roles/notebooks.legacyAdmin`) Notebooks Legacy Viewer (`roles/notebooks.legacyViewer`) Notebooks Runner (`roles/notebooks.runner`) Notebooks Viewer (`roles/notebooks.viewer`) Workload Manager Admin (`roles/workloadmanager.admin`) Workload Manager Deployment Admin (`roles/workloadmanager.deploymentAdmin`) Cloud Workstations Admin (`roles/workstations.admin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. App Engine flexible environment Service Agent (`roles/appengineflex.serviceAgent`) Audit Manager Auditing Service Agent (`roles/auditmanager.serviceAgent`) Backup and DR Service Agent (`roles/backupdr.serviceAgent`) Google Batch Service Agent (`roles/batch.serviceAgent`) Chronicle SOAR Service Agent (`roles/chronicle.soarServiceAgent`) Cloud Security Compliance Service Agent (`roles/cloudsecuritycompliance.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Datapipelines Service Agent (`roles/datapipelines.serviceAgent`) Dataprep Service Agent (`roles/dataprep.serviceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`) Genomics Service Agent (`roles/genomics.serviceAgent`) Cloud Life Sciences Service Agent (`roles/lifesciences.serviceAgent`) AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Oracle Database@Google Cloud Service Agent (`roles/oci.serviceAgent`) Cloud OS Config Service Agent (`roles/osconfig.serviceAgent`) Cloud TPU API Service Agent (`roles/tpu.serviceAgent`) VM Migration Service Agent (`roles/vmmigration.serviceAgent`) Serverless VPC Access Service Agent (`roles/vpcaccess.serviceAgent`) Anthos Service Mesh Service Agent (`roles/anthosservicemesh.serviceAgent`)

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-12-16 UTC.

Movatterモバイル変換

Compute Engine roles and permissions Stay organized with collections Save and categorize content based on your preferences.