Dataproc Resource Manager roles and permissions

This page lists the IAM roles and permissions for Dataproc Resource Manager. Tosearch through all roles and permissions, see therole andpermission index.

Dataproc Resource Manager roles

Role Permissions

Role	Permissions
Dataproc Resource Manager Admin^Beta (`roles/dataprocrm.admin`) Grants full access to all Dataproc Resource Manager resources. Intended for users that need to create and delete any Dataproc Resource Manager resources.	`dataprocrm.*` `dataprocrm.locations.get` `dataprocrm.locations.list` `dataprocrm.nodePools.create` `dataprocrm.nodePools.delete` `dataprocrm.nodePools.deleteNodes` `dataprocrm.nodePools.get` `dataprocrm.nodePools.list` `dataprocrm.nodePools.resize` `dataprocrm.nodes.get` `dataprocrm.nodes.heartbeat` `dataprocrm.nodes.list` `dataprocrm.nodes.mintOAuthToken` `dataprocrm.nodes.update` `dataprocrm.operations.cancel` `dataprocrm.operations.delete` `dataprocrm.operations.get` `dataprocrm.operations.list` `dataprocrm.workloads.cancel` `dataprocrm.workloads.create` `dataprocrm.workloads.delete` `dataprocrm.workloads.get` `dataprocrm.workloads.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataproc Resource Manager Node Service Agent (`roles/dataprocrm.nodeServiceAgent`) Dataproc Resource Manager Node Service Agent used to run managed resources in user project with restricted permissions. Warning: Do not grant service agent roles to any principals except service agents.	`dataprocrm.nodes.get` `dataprocrm.nodes.heartbeat` `dataprocrm.nodes.mintOAuthToken` `logging.logEntries.create` `logging.logEntries.route` `monitoring.metricDescriptors.create` `monitoring.metricDescriptors.get` `monitoring.metricDescriptors.list` `monitoring.monitoredResourceDescriptors.*` `monitoring.monitoredResourceDescriptors.get` `monitoring.monitoredResourceDescriptors.list` `monitoring.timeSeries.create` `serviceusage.services.use`
Dataproc Resource Manager Viewer^Beta (`roles/dataprocrm.viewer`) Grants read access to all Dataproc Resource Manager resources. Intended for users that need read-only access to Dataproc Resource Manager resources.	`dataprocrm.locations.*` `dataprocrm.locations.get` `dataprocrm.locations.list` `dataprocrm.nodePools.get` `dataprocrm.nodePools.list` `dataprocrm.nodes.get` `dataprocrm.nodes.list` `dataprocrm.nodes.mintOAuthToken` `dataprocrm.operations.get` `dataprocrm.operations.list` `dataprocrm.workloads.get` `dataprocrm.workloads.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

Dataproc Resource Manager Admin^Beta

(roles/dataprocrm.admin)

Grants full access to all Dataproc Resource Manager resources. Intended for users that need to create and delete any Dataproc Resource Manager resources.

dataprocrm.*

dataprocrm.locations.get
dataprocrm.locations.list
dataprocrm.nodePools.create
dataprocrm.nodePools.delete
dataprocrm.nodePools.deleteNodes
dataprocrm.nodePools.get
dataprocrm.nodePools.list
dataprocrm.nodePools.resize
dataprocrm.nodes.get
dataprocrm.nodes.heartbeat
dataprocrm.nodes.list
dataprocrm.nodes.mintOAuthToken
dataprocrm.nodes.update
dataprocrm.operations.cancel
dataprocrm.operations.delete
dataprocrm.operations.get
dataprocrm.operations.list
dataprocrm.workloads.cancel
dataprocrm.workloads.create
dataprocrm.workloads.delete
dataprocrm.workloads.get
dataprocrm.workloads.list

resourcemanager.projects.get

resourcemanager.projects.list

Dataproc Resource Manager Node Service Agent

(roles/dataprocrm.nodeServiceAgent)

Dataproc Resource Manager Node Service Agent used to run managed resources in user project with restricted permissions.

Warning: Do not grant service agent roles to any principals except service agents.

dataprocrm.nodes.get

dataprocrm.nodes.heartbeat

dataprocrm.nodes.mintOAuthToken

logging.logEntries.create

logging.logEntries.route

monitoring.metricDescriptors.create

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

monitoring.monitoredResourceDescriptors.get
monitoring.monitoredResourceDescriptors.list

monitoring.timeSeries.create

serviceusage.services.use

Dataproc Resource Manager Viewer^Beta

(roles/dataprocrm.viewer)

Grants read access to all Dataproc Resource Manager resources. Intended for users that need read-only access to Dataproc Resource Manager resources.

dataprocrm.locations.*

dataprocrm.locations.get
dataprocrm.locations.list

dataprocrm.nodePools.get

dataprocrm.nodePools.list

dataprocrm.nodes.get

dataprocrm.nodes.list

dataprocrm.nodes.mintOAuthToken

dataprocrm.operations.get

dataprocrm.operations.list

dataprocrm.workloads.get

dataprocrm.workloads.list

resourcemanager.projects.get

resourcemanager.projects.list

Dataproc Resource Manager permissions

Permission	Included in roles
`dataprocrm.locations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Dataproc Resource Manager Viewer (`roles/dataprocrm.viewer`) Support User (`roles/iam.supportUser`)
`dataprocrm.locations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Dataproc Resource Manager Viewer (`roles/dataprocrm.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`dataprocrm.nodePools.create`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Serverless Node. (`roles/dataproc.serverlessNode`) Dataproc Worker (`roles/dataproc.worker`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Data Scientist (`roles/iam.dataScientist`) ML Engineer (`roles/iam.mlEngineer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`)
`dataprocrm.nodePools.delete`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Serverless Node. (`roles/dataproc.serverlessNode`) Dataproc Worker (`roles/dataproc.worker`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Data Scientist (`roles/iam.dataScientist`) ML Engineer (`roles/iam.mlEngineer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`)
`dataprocrm.nodePools.deleteNodes`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Serverless Node. (`roles/dataproc.serverlessNode`) Dataproc Worker (`roles/dataproc.worker`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Data Scientist (`roles/iam.dataScientist`) ML Engineer (`roles/iam.mlEngineer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`)
`dataprocrm.nodePools.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Serverless Node. (`roles/dataproc.serverlessNode`) Dataproc Worker (`roles/dataproc.worker`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Dataproc Resource Manager Viewer (`roles/dataprocrm.viewer`) Data Scientist (`roles/iam.dataScientist`) ML Engineer (`roles/iam.mlEngineer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`)
`dataprocrm.nodePools.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Serverless Node. (`roles/dataproc.serverlessNode`) Dataproc Worker (`roles/dataproc.worker`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Dataproc Resource Manager Viewer (`roles/dataprocrm.viewer`) Data Scientist (`roles/iam.dataScientist`) ML Engineer (`roles/iam.mlEngineer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`)
`dataprocrm.nodePools.resize`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Serverless Node. (`roles/dataproc.serverlessNode`) Dataproc Worker (`roles/dataproc.worker`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Data Scientist (`roles/iam.dataScientist`) ML Engineer (`roles/iam.mlEngineer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`)
`dataprocrm.nodes.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Worker (`roles/dataproc.worker`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Dataproc Resource Manager Viewer (`roles/dataprocrm.viewer`) Data Scientist (`roles/iam.dataScientist`) ML Engineer (`roles/iam.mlEngineer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`) Dataproc Resource Manager Node Service Agent (`roles/dataprocrm.nodeServiceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`)
`dataprocrm.nodes.heartbeat`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Worker (`roles/dataproc.worker`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Data Scientist (`roles/iam.dataScientist`) ML Engineer (`roles/iam.mlEngineer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`) Dataproc Resource Manager Node Service Agent (`roles/dataprocrm.nodeServiceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`)
`dataprocrm.nodes.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Serverless Node. (`roles/dataproc.serverlessNode`) Dataproc Worker (`roles/dataproc.worker`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Dataproc Resource Manager Viewer (`roles/dataprocrm.viewer`) Data Scientist (`roles/iam.dataScientist`) ML Engineer (`roles/iam.mlEngineer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`)
`dataprocrm.nodes.mintOAuthToken`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Dataproc Worker (`roles/dataproc.worker`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Dataproc Resource Manager Viewer (`roles/dataprocrm.viewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Resource Manager Node Service Agent (`roles/dataprocrm.nodeServiceAgent`) Dataproc Service Agent (`roles/dataproc.serviceAgent`)
`dataprocrm.nodes.update`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Data Scientist (`roles/iam.dataScientist`) ML Engineer (`roles/iam.mlEngineer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`)
`dataprocrm.operations.cancel`	Owner (`roles/owner`) Editor (`roles/editor`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`)
`dataprocrm.operations.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`)
`dataprocrm.operations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Dataproc Resource Manager Viewer (`roles/dataprocrm.viewer`) Data Scientist (`roles/iam.dataScientist`) ML Engineer (`roles/iam.mlEngineer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`)
`dataprocrm.operations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Dataproc Resource Manager Viewer (`roles/dataprocrm.viewer`) Data Scientist (`roles/iam.dataScientist`) ML Engineer (`roles/iam.mlEngineer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`)
`dataprocrm.workloads.cancel`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Data Scientist (`roles/iam.dataScientist`) ML Engineer (`roles/iam.mlEngineer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`)
`dataprocrm.workloads.create`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Data Scientist (`roles/iam.dataScientist`) ML Engineer (`roles/iam.mlEngineer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`)
`dataprocrm.workloads.delete`	Owner (`roles/owner`) Editor (`roles/editor`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Data Scientist (`roles/iam.dataScientist`) ML Engineer (`roles/iam.mlEngineer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`)
`dataprocrm.workloads.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Dataproc Resource Manager Viewer (`roles/dataprocrm.viewer`) Data Scientist (`roles/iam.dataScientist`) ML Engineer (`roles/iam.mlEngineer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`)
`dataprocrm.workloads.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) BigQuery Studio Admin (`roles/bigquery.studioAdmin`) BigQuery Studio User (`roles/bigquery.studioUser`) Dataproc Administrator (`roles/dataproc.admin`) Dataproc Editor (`roles/dataproc.editor`) Dataproc Serverless Editor (`roles/dataproc.serverlessEditor`) Dataproc Resource Manager Admin (`roles/dataprocrm.admin`) Dataproc Resource Manager Viewer (`roles/dataprocrm.viewer`) Data Scientist (`roles/iam.dataScientist`) ML Engineer (`roles/iam.mlEngineer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`)

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-12-15 UTC.

Movatterモバイル変換

Dataproc Resource Manager roles and permissions