Cloud Run functions 角色和权限

本页面列出了 Cloud Run functions 的 IAM 角色和权限。如需搜索所有角色和权限，请参阅角色和权限索引。

Cloud Run functions 角色

Role Permissions

Role	Permissions
Cloud Functions Admin (`roles/cloudfunctions.admin`) Full access to functions, operations and locations.	`artifactregistry.attachments.get` `artifactregistry.attachments.list` `artifactregistry.dockerimages.` `artifactregistry.dockerimages.get` `artifactregistry.dockerimages.list` `artifactregistry.files.download` `artifactregistry.files.get` `artifactregistry.files.list` `artifactregistry.locations.` `artifactregistry.locations.get` `artifactregistry.locations.list` `artifactregistry.mavenartifacts.` `artifactregistry.mavenartifacts.get` `artifactregistry.mavenartifacts.list` `artifactregistry.npmpackages.` `artifactregistry.npmpackages.get` `artifactregistry.npmpackages.list` `artifactregistry.packages.get` `artifactregistry.packages.list` `artifactregistry.projectsettings.get` `artifactregistry.pythonpackages.` `artifactregistry.pythonpackages.get` `artifactregistry.pythonpackages.list` `artifactregistry.repositories.downloadArtifacts` `artifactregistry.repositories.get` `artifactregistry.repositories.list` `artifactregistry.repositories.listEffectiveTags` `artifactregistry.repositories.listTagBindings` `artifactregistry.repositories.readViaVirtualRepository` `artifactregistry.rules.get` `artifactregistry.rules.list` `artifactregistry.tags.get` `artifactregistry.tags.list` `artifactregistry.versions.get` `artifactregistry.versions.list` `cloudasset.assets.searchAllResources` `cloudbuild.builds.get` `cloudbuild.builds.list` `cloudbuild.locations.` `cloudbuild.locations.get` `cloudbuild.locations.list` `cloudbuild.operations.` `cloudbuild.operations.get` `cloudbuild.operations.list` `cloudfunctions.` `cloudfunctions.functions.call` `cloudfunctions.functions.create` `cloudfunctions.functions.delete` `cloudfunctions.functions.generationUpgrade` `cloudfunctions.functions.get` `cloudfunctions.functions.getIamPolicy` `cloudfunctions.functions.invoke` `cloudfunctions.functions.list` `cloudfunctions.functions.setIamPolicy` `cloudfunctions.functions.sourceCodeGet` `cloudfunctions.functions.sourceCodeSet` `cloudfunctions.functions.update` `cloudfunctions.locations.list` `cloudfunctions.operations.get` `cloudfunctions.operations.list` `eventarc.` `eventarc.channelConnections.create` `eventarc.channelConnections.delete` `eventarc.channelConnections.get` `eventarc.channelConnections.getIamPolicy` `eventarc.channelConnections.list` `eventarc.channelConnections.publish` `eventarc.channelConnections.setIamPolicy` `eventarc.channels.attach` `eventarc.channels.create` `eventarc.channels.delete` `eventarc.channels.get` `eventarc.channels.getIamPolicy` `eventarc.channels.list` `eventarc.channels.publish` `eventarc.channels.setIamPolicy` `eventarc.channels.undelete` `eventarc.channels.update` `eventarc.enrollments.create` `eventarc.enrollments.delete` `eventarc.enrollments.get` `eventarc.enrollments.getIamPolicy` `eventarc.enrollments.list` `eventarc.enrollments.setIamPolicy` `eventarc.enrollments.update` `eventarc.events.receiveAuditLogWritten` `eventarc.events.receiveEvent` `eventarc.googleApiSources.create` `eventarc.googleApiSources.delete` `eventarc.googleApiSources.get` `eventarc.googleApiSources.getIamPolicy` `eventarc.googleApiSources.list` `eventarc.googleApiSources.setIamPolicy` `eventarc.googleApiSources.update` `eventarc.googleChannelConfigs.get` `eventarc.googleChannelConfigs.update` `eventarc.kafkaSources.create` `eventarc.kafkaSources.delete` `eventarc.kafkaSources.get` `eventarc.kafkaSources.getIamPolicy` `eventarc.kafkaSources.list` `eventarc.kafkaSources.setIamPolicy` `eventarc.locations.get` `eventarc.locations.list` `eventarc.messageBuses.create` `eventarc.messageBuses.delete` `eventarc.messageBuses.get` `eventarc.messageBuses.getIamPolicy` `eventarc.messageBuses.list` `eventarc.messageBuses.publish` `eventarc.messageBuses.setIamPolicy` `eventarc.messageBuses.update` `eventarc.messageBuses.use` `eventarc.operations.cancel` `eventarc.operations.delete` `eventarc.operations.get` `eventarc.operations.list` `eventarc.pipelines.create` `eventarc.pipelines.delete` `eventarc.pipelines.get` `eventarc.pipelines.getIamPolicy` `eventarc.pipelines.list` `eventarc.pipelines.setIamPolicy` `eventarc.pipelines.update` `eventarc.providers.get` `eventarc.providers.list` `eventarc.triggers.create` `eventarc.triggers.delete` `eventarc.triggers.get` `eventarc.triggers.getIamPolicy` `eventarc.triggers.list` `eventarc.triggers.setIamPolicy` `eventarc.triggers.undelete` `eventarc.triggers.update` `recommender.cloudFunctionsPerformanceInsights.` `recommender.cloudFunctionsPerformanceInsights.get` `recommender.cloudFunctionsPerformanceInsights.list` `recommender.cloudFunctionsPerformanceInsights.update` `recommender.cloudFunctionsPerformanceRecommendations.` `recommender.cloudFunctionsPerformanceRecommendations.get` `recommender.cloudFunctionsPerformanceRecommendations.list` `recommender.cloudFunctionsPerformanceRecommendations.update` `recommender.locations.` `recommender.locations.get` `recommender.locations.list` `recommender.runServiceCostInsights.` `recommender.runServiceCostInsights.get` `recommender.runServiceCostInsights.list` `recommender.runServiceCostInsights.update` `recommender.runServiceCostRecommendations.` `recommender.runServiceCostRecommendations.get` `recommender.runServiceCostRecommendations.list` `recommender.runServiceCostRecommendations.update` `recommender.runServiceIdentityInsights.` `recommender.runServiceIdentityInsights.get` `recommender.runServiceIdentityInsights.list` `recommender.runServiceIdentityInsights.update` `recommender.runServiceIdentityRecommendations.` `recommender.runServiceIdentityRecommendations.get` `recommender.runServiceIdentityRecommendations.list` `recommender.runServiceIdentityRecommendations.update` `recommender.runServicePerformanceInsights.` `recommender.runServicePerformanceInsights.get` `recommender.runServicePerformanceInsights.list` `recommender.runServicePerformanceInsights.update` `recommender.runServicePerformanceRecommendations.` `recommender.runServicePerformanceRecommendations.get` `recommender.runServicePerformanceRecommendations.list` `recommender.runServicePerformanceRecommendations.update` `recommender.runServiceSecurityInsights.` `recommender.runServiceSecurityInsights.get` `recommender.runServiceSecurityInsights.list` `recommender.runServiceSecurityInsights.update` `recommender.runServiceSecurityRecommendations.` `recommender.runServiceSecurityRecommendations.get` `recommender.runServiceSecurityRecommendations.list` `recommender.runServiceSecurityRecommendations.update` `remotebuildexecution.blobs.get` `resourcemanager.projects.get` `resourcemanager.projects.getIamPolicy` `resourcemanager.projects.list` `run.*` `run.configurations.get` `run.configurations.list` `run.executions.cancel` `run.executions.delete` `run.executions.get` `run.executions.list` `run.jobs.create` `run.jobs.createTagBinding` `run.jobs.delete` `run.jobs.deleteTagBinding` `run.jobs.get` `run.jobs.getIamPolicy` `run.jobs.list` `run.jobs.listEffectiveTags` `run.jobs.listTagBindings` `run.jobs.run` `run.jobs.runWithOverrides` `run.jobs.setIamPolicy` `run.jobs.update` `run.locations.list` `run.operations.delete` `run.operations.get` `run.operations.list` `run.revisions.delete` `run.revisions.get` `run.revisions.list` `run.routes.get` `run.routes.invoke` `run.routes.list` `run.services.create` `run.services.createTagBinding` `run.services.delete` `run.services.deleteTagBinding` `run.services.get` `run.services.getIamPolicy` `run.services.list` `run.services.listEffectiveTags` `run.services.listTagBindings` `run.services.setIamPolicy` `run.services.update` `run.tasks.get` `run.tasks.list` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list`
Cloud Functions Developer (`roles/cloudfunctions.developer`) Read and write access to all functions-related resources.	`artifactregistry.attachments.get` `artifactregistry.attachments.list` `artifactregistry.dockerimages.` `artifactregistry.dockerimages.get` `artifactregistry.dockerimages.list` `artifactregistry.files.download` `artifactregistry.files.get` `artifactregistry.files.list` `artifactregistry.locations.` `artifactregistry.locations.get` `artifactregistry.locations.list` `artifactregistry.mavenartifacts.` `artifactregistry.mavenartifacts.get` `artifactregistry.mavenartifacts.list` `artifactregistry.npmpackages.` `artifactregistry.npmpackages.get` `artifactregistry.npmpackages.list` `artifactregistry.packages.get` `artifactregistry.packages.list` `artifactregistry.projectsettings.get` `artifactregistry.pythonpackages.` `artifactregistry.pythonpackages.get` `artifactregistry.pythonpackages.list` `artifactregistry.repositories.downloadArtifacts` `artifactregistry.repositories.get` `artifactregistry.repositories.list` `artifactregistry.repositories.listEffectiveTags` `artifactregistry.repositories.listTagBindings` `artifactregistry.repositories.readViaVirtualRepository` `artifactregistry.rules.get` `artifactregistry.rules.list` `artifactregistry.tags.get` `artifactregistry.tags.list` `artifactregistry.versions.get` `artifactregistry.versions.list` `cloudasset.assets.searchAllResources` `cloudbuild.builds.get` `cloudbuild.builds.list` `cloudbuild.locations.` `cloudbuild.locations.get` `cloudbuild.locations.list` `cloudbuild.operations.` `cloudbuild.operations.get` `cloudbuild.operations.list` `cloudfunctions.functions.call` `cloudfunctions.functions.create` `cloudfunctions.functions.delete` `cloudfunctions.functions.generationUpgrade` `cloudfunctions.functions.get` `cloudfunctions.functions.invoke` `cloudfunctions.functions.list` `cloudfunctions.functions.sourceCodeGet` `cloudfunctions.functions.sourceCodeSet` `cloudfunctions.functions.update` `cloudfunctions.locations.list` `cloudfunctions.operations.` `cloudfunctions.operations.get` `cloudfunctions.operations.list` `eventarc.channelConnections.create` `eventarc.channelConnections.delete` `eventarc.channelConnections.get` `eventarc.channelConnections.getIamPolicy` `eventarc.channelConnections.list` `eventarc.channelConnections.publish` `eventarc.channels.attach` `eventarc.channels.create` `eventarc.channels.delete` `eventarc.channels.get` `eventarc.channels.getIamPolicy` `eventarc.channels.list` `eventarc.channels.publish` `eventarc.channels.undelete` `eventarc.channels.update` `eventarc.enrollments.create` `eventarc.enrollments.delete` `eventarc.enrollments.get` `eventarc.enrollments.getIamPolicy` `eventarc.enrollments.list` `eventarc.enrollments.update` `eventarc.googleApiSources.create` `eventarc.googleApiSources.delete` `eventarc.googleApiSources.get` `eventarc.googleApiSources.getIamPolicy` `eventarc.googleApiSources.list` `eventarc.googleApiSources.update` `eventarc.googleChannelConfigs.` `eventarc.googleChannelConfigs.get` `eventarc.googleChannelConfigs.update` `eventarc.kafkaSources.create` `eventarc.kafkaSources.delete` `eventarc.kafkaSources.get` `eventarc.kafkaSources.getIamPolicy` `eventarc.kafkaSources.list` `eventarc.locations.` `eventarc.locations.get` `eventarc.locations.list` `eventarc.operations.` `eventarc.operations.cancel` `eventarc.operations.delete` `eventarc.operations.get` `eventarc.operations.list` `eventarc.pipelines.create` `eventarc.pipelines.delete` `eventarc.pipelines.get` `eventarc.pipelines.getIamPolicy` `eventarc.pipelines.list` `eventarc.pipelines.update` `eventarc.providers.` `eventarc.providers.get` `eventarc.providers.list` `eventarc.triggers.create` `eventarc.triggers.delete` `eventarc.triggers.get` `eventarc.triggers.getIamPolicy` `eventarc.triggers.list` `eventarc.triggers.undelete` `eventarc.triggers.update` `recommender.cloudFunctionsPerformanceInsights.` `recommender.cloudFunctionsPerformanceInsights.get` `recommender.cloudFunctionsPerformanceInsights.list` `recommender.cloudFunctionsPerformanceInsights.update` `recommender.cloudFunctionsPerformanceRecommendations.` `recommender.cloudFunctionsPerformanceRecommendations.get` `recommender.cloudFunctionsPerformanceRecommendations.list` `recommender.cloudFunctionsPerformanceRecommendations.update` `recommender.locations.` `recommender.locations.get` `recommender.locations.list` `recommender.runServiceCostInsights.` `recommender.runServiceCostInsights.get` `recommender.runServiceCostInsights.list` `recommender.runServiceCostInsights.update` `recommender.runServiceCostRecommendations.` `recommender.runServiceCostRecommendations.get` `recommender.runServiceCostRecommendations.list` `recommender.runServiceCostRecommendations.update` `recommender.runServiceIdentityInsights.` `recommender.runServiceIdentityInsights.get` `recommender.runServiceIdentityInsights.list` `recommender.runServiceIdentityInsights.update` `recommender.runServiceIdentityRecommendations.` `recommender.runServiceIdentityRecommendations.get` `recommender.runServiceIdentityRecommendations.list` `recommender.runServiceIdentityRecommendations.update` `recommender.runServicePerformanceInsights.` `recommender.runServicePerformanceInsights.get` `recommender.runServicePerformanceInsights.list` `recommender.runServicePerformanceInsights.update` `recommender.runServicePerformanceRecommendations.` `recommender.runServicePerformanceRecommendations.get` `recommender.runServicePerformanceRecommendations.list` `recommender.runServicePerformanceRecommendations.update` `recommender.runServiceSecurityInsights.` `recommender.runServiceSecurityInsights.get` `recommender.runServiceSecurityInsights.list` `recommender.runServiceSecurityInsights.update` `recommender.runServiceSecurityRecommendations.` `recommender.runServiceSecurityRecommendations.get` `recommender.runServiceSecurityRecommendations.list` `recommender.runServiceSecurityRecommendations.update` `remotebuildexecution.blobs.get` `resourcemanager.projects.get` `resourcemanager.projects.list` `run.configurations.` `run.configurations.get` `run.configurations.list` `run.executions.` `run.executions.cancel` `run.executions.delete` `run.executions.get` `run.executions.list` `run.jobs.create` `run.jobs.delete` `run.jobs.get` `run.jobs.getIamPolicy` `run.jobs.list` `run.jobs.listEffectiveTags` `run.jobs.listTagBindings` `run.jobs.run` `run.jobs.runWithOverrides` `run.jobs.update` `run.locations.list` `run.operations.` `run.operations.delete` `run.operations.get` `run.operations.list` `run.revisions.` `run.revisions.delete` `run.revisions.get` `run.revisions.list` `run.routes.` `run.routes.get` `run.routes.invoke` `run.routes.list` `run.services.create` `run.services.delete` `run.services.get` `run.services.getIamPolicy` `run.services.list` `run.services.listEffectiveTags` `run.services.listTagBindings` `run.services.update` `run.tasks.*` `run.tasks.get` `run.tasks.list` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list`
Cloud Functions Invoker (`roles/cloudfunctions.invoker`) Ability to invoke 1st gen HTTP functions with restricted access. 2nd gen functions need the Cloud Run Invoker role instead.	`cloudfunctions.functions.invoke`
Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Gives Cloud Functions service account access to managed resources. Warning: Do not grant service agent roles to any principals except service agents.	`artifactregistry.aptartifacts.create` `artifactregistry.attachments.` `artifactregistry.attachments.create` `artifactregistry.attachments.delete` `artifactregistry.attachments.get` `artifactregistry.attachments.list` `artifactregistry.dockerimages.` `artifactregistry.dockerimages.get` `artifactregistry.dockerimages.list` `artifactregistry.files.` `artifactregistry.files.delete` `artifactregistry.files.download` `artifactregistry.files.get` `artifactregistry.files.list` `artifactregistry.files.update` `artifactregistry.files.upload` `artifactregistry.kfpartifacts.create` `artifactregistry.locations.` `artifactregistry.locations.get` `artifactregistry.locations.list` `artifactregistry.mavenartifacts.` `artifactregistry.mavenartifacts.get` `artifactregistry.mavenartifacts.list` `artifactregistry.npmpackages.` `artifactregistry.npmpackages.get` `artifactregistry.npmpackages.list` `artifactregistry.packages.` `artifactregistry.packages.delete` `artifactregistry.packages.get` `artifactregistry.packages.list` `artifactregistry.packages.update` `artifactregistry.projectsettings.` `artifactregistry.projectsettings.get` `artifactregistry.projectsettings.update` `artifactregistry.pythonpackages.` `artifactregistry.pythonpackages.get` `artifactregistry.pythonpackages.list` `artifactregistry.repositories.create` `artifactregistry.repositories.createTagBinding` `artifactregistry.repositories.delete` `artifactregistry.repositories.deleteArtifacts` `artifactregistry.repositories.deleteTagBinding` `artifactregistry.repositories.downloadArtifacts` `artifactregistry.repositories.get` `artifactregistry.repositories.getIamPolicy` `artifactregistry.repositories.list` `artifactregistry.repositories.listEffectiveTags` `artifactregistry.repositories.listTagBindings` `artifactregistry.repositories.readViaVirtualRepository` `artifactregistry.repositories.setIamPolicy` `artifactregistry.repositories.update` `artifactregistry.repositories.uploadArtifacts` `artifactregistry.rules.` `artifactregistry.rules.create` `artifactregistry.rules.delete` `artifactregistry.rules.get` `artifactregistry.rules.list` `artifactregistry.rules.update` `artifactregistry.tags.` `artifactregistry.tags.create` `artifactregistry.tags.delete` `artifactregistry.tags.get` `artifactregistry.tags.list` `artifactregistry.tags.update` `artifactregistry.versions.` `artifactregistry.versions.delete` `artifactregistry.versions.get` `artifactregistry.versions.list` `artifactregistry.versions.update` `artifactregistry.yumartifacts.create` `clientauthconfig.clients.list` `cloudbuild.builds.create` `cloudbuild.builds.get` `cloudbuild.builds.list` `cloudbuild.builds.update` `cloudbuild.locations.` `cloudbuild.locations.get` `cloudbuild.locations.list` `cloudbuild.operations.` `cloudbuild.operations.get` `cloudbuild.operations.list` `cloudbuild.workerpools.use` `cloudfunctions.functions.get` `cloudfunctions.functions.invoke` `cloudfunctions.functions.list` `cloudfunctions.operations.` `cloudfunctions.operations.get` `cloudfunctions.operations.list` `compute.globalOperations.get` `compute.networks.access` `eventarc.channelConnections.create` `eventarc.channelConnections.delete` `eventarc.channelConnections.get` `eventarc.channelConnections.getIamPolicy` `eventarc.channelConnections.list` `eventarc.channelConnections.publish` `eventarc.channels.attach` `eventarc.channels.create` `eventarc.channels.delete` `eventarc.channels.get` `eventarc.channels.getIamPolicy` `eventarc.channels.list` `eventarc.channels.publish` `eventarc.channels.undelete` `eventarc.channels.update` `eventarc.enrollments.create` `eventarc.enrollments.delete` `eventarc.enrollments.get` `eventarc.enrollments.getIamPolicy` `eventarc.enrollments.list` `eventarc.enrollments.update` `eventarc.googleApiSources.create` `eventarc.googleApiSources.delete` `eventarc.googleApiSources.get` `eventarc.googleApiSources.getIamPolicy` `eventarc.googleApiSources.list` `eventarc.googleApiSources.update` `eventarc.googleChannelConfigs.` `eventarc.googleChannelConfigs.get` `eventarc.googleChannelConfigs.update` `eventarc.kafkaSources.create` `eventarc.kafkaSources.delete` `eventarc.kafkaSources.get` `eventarc.kafkaSources.getIamPolicy` `eventarc.kafkaSources.list` `eventarc.locations.` `eventarc.locations.get` `eventarc.locations.list` `eventarc.operations.` `eventarc.operations.cancel` `eventarc.operations.delete` `eventarc.operations.get` `eventarc.operations.list` `eventarc.pipelines.create` `eventarc.pipelines.delete` `eventarc.pipelines.get` `eventarc.pipelines.getIamPolicy` `eventarc.pipelines.list` `eventarc.pipelines.update` `eventarc.providers.` `eventarc.providers.get` `eventarc.providers.list` `eventarc.triggers.create` `eventarc.triggers.delete` `eventarc.triggers.get` `eventarc.triggers.getIamPolicy` `eventarc.triggers.list` `eventarc.triggers.undelete` `eventarc.triggers.update` `firebasedatabase.instances.get` `firebasedatabase.instances.update` `iam.serviceAccounts.actAs` `iam.serviceAccounts.getAccessToken` `iam.serviceAccounts.getOpenIdToken` `iam.serviceAccounts.signBlob` `pubsub.subscriptions.` `pubsub.subscriptions.consume` `pubsub.subscriptions.create` `pubsub.subscriptions.delete` `pubsub.subscriptions.get` `pubsub.subscriptions.getIamPolicy` `pubsub.subscriptions.list` `pubsub.subscriptions.setIamPolicy` `pubsub.subscriptions.update` `pubsub.topics.attachSubscription` `pubsub.topics.create` `pubsub.topics.get` `pubsub.topics.list` `recommender.locations.` `recommender.locations.get` `recommender.locations.list` `recommender.runServiceCostInsights.` `recommender.runServiceCostInsights.get` `recommender.runServiceCostInsights.list` `recommender.runServiceCostInsights.update` `recommender.runServiceCostRecommendations.` `recommender.runServiceCostRecommendations.get` `recommender.runServiceCostRecommendations.list` `recommender.runServiceCostRecommendations.update` `recommender.runServiceIdentityInsights.` `recommender.runServiceIdentityInsights.get` `recommender.runServiceIdentityInsights.list` `recommender.runServiceIdentityInsights.update` `recommender.runServiceIdentityRecommendations.` `recommender.runServiceIdentityRecommendations.get` `recommender.runServiceIdentityRecommendations.list` `recommender.runServiceIdentityRecommendations.update` `recommender.runServicePerformanceInsights.` `recommender.runServicePerformanceInsights.get` `recommender.runServicePerformanceInsights.list` `recommender.runServicePerformanceInsights.update` `recommender.runServicePerformanceRecommendations.` `recommender.runServicePerformanceRecommendations.get` `recommender.runServicePerformanceRecommendations.list` `recommender.runServicePerformanceRecommendations.update` `recommender.runServiceSecurityInsights.` `recommender.runServiceSecurityInsights.get` `recommender.runServiceSecurityInsights.list` `recommender.runServiceSecurityInsights.update` `recommender.runServiceSecurityRecommendations.` `recommender.runServiceSecurityRecommendations.get` `recommender.runServiceSecurityRecommendations.list` `recommender.runServiceSecurityRecommendations.update` `remotebuildexecution.blobs.get` `resourcemanager.projects.get` `resourcemanager.projects.getIamPolicy` `resourcemanager.projects.list` `run.configurations.` `run.configurations.get` `run.configurations.list` `run.executions.` `run.executions.cancel` `run.executions.delete` `run.executions.get` `run.executions.list` `run.jobs.create` `run.jobs.delete` `run.jobs.get` `run.jobs.getIamPolicy` `run.jobs.list` `run.jobs.listEffectiveTags` `run.jobs.listTagBindings` `run.jobs.run` `run.jobs.runWithOverrides` `run.jobs.update` `run.locations.list` `run.operations.` `run.operations.delete` `run.operations.get` `run.operations.list` `run.revisions.` `run.revisions.delete` `run.revisions.get` `run.revisions.list` `run.routes.` `run.routes.get` `run.routes.invoke` `run.routes.list` `run.services.create` `run.services.delete` `run.services.get` `run.services.getIamPolicy` `run.services.list` `run.services.listEffectiveTags` `run.services.listTagBindings` `run.services.update` `run.tasks.*` `run.tasks.get` `run.tasks.list` `serviceusage.quotas.get` `serviceusage.services.disable` `serviceusage.services.enable` `serviceusage.services.get` `serviceusage.services.use` `source.repos.get` `source.repos.list` `storage.buckets.create` `storage.buckets.delete` `storage.buckets.get` `storage.buckets.update` `storage.objects.create` `storage.objects.delete` `storage.objects.get` `storage.objects.list` `vpcaccess.connectors.get` `vpcaccess.connectors.use`
Cloud Functions Viewer (`roles/cloudfunctions.viewer`) Read-only access to functions and locations.	`cloudasset.assets.searchAllResources` `cloudbuild.builds.get` `cloudbuild.builds.list` `cloudbuild.locations.` `cloudbuild.locations.get` `cloudbuild.locations.list` `cloudbuild.operations.` `cloudbuild.operations.get` `cloudbuild.operations.list` `cloudfunctions.functions.get` `cloudfunctions.functions.getIamPolicy` `cloudfunctions.functions.list` `cloudfunctions.locations.list` `cloudfunctions.operations.` `cloudfunctions.operations.get` `cloudfunctions.operations.list` `eventarc.channelConnections.get` `eventarc.channelConnections.getIamPolicy` `eventarc.channelConnections.list` `eventarc.channels.get` `eventarc.channels.getIamPolicy` `eventarc.channels.list` `eventarc.enrollments.get` `eventarc.enrollments.getIamPolicy` `eventarc.enrollments.list` `eventarc.googleApiSources.get` `eventarc.googleApiSources.getIamPolicy` `eventarc.googleApiSources.list` `eventarc.googleChannelConfigs.get` `eventarc.kafkaSources.get` `eventarc.kafkaSources.getIamPolicy` `eventarc.kafkaSources.list` `eventarc.locations.` `eventarc.locations.get` `eventarc.locations.list` `eventarc.messageBuses.get` `eventarc.messageBuses.getIamPolicy` `eventarc.messageBuses.list` `eventarc.messageBuses.use` `eventarc.operations.get` `eventarc.operations.list` `eventarc.pipelines.get` `eventarc.pipelines.getIamPolicy` `eventarc.pipelines.list` `eventarc.providers.` `eventarc.providers.get` `eventarc.providers.list` `eventarc.triggers.get` `eventarc.triggers.getIamPolicy` `eventarc.triggers.list` `recommender.cloudFunctionsPerformanceInsights.get` `recommender.cloudFunctionsPerformanceInsights.list` `recommender.cloudFunctionsPerformanceRecommendations.get` `recommender.cloudFunctionsPerformanceRecommendations.list` `recommender.locations.` `recommender.locations.get` `recommender.locations.list` `recommender.runServiceCostInsights.get` `recommender.runServiceCostInsights.list` `recommender.runServiceCostRecommendations.get` `recommender.runServiceCostRecommendations.list` `recommender.runServiceIdentityInsights.get` `recommender.runServiceIdentityInsights.list` `recommender.runServiceIdentityRecommendations.get` `recommender.runServiceIdentityRecommendations.list` `recommender.runServicePerformanceInsights.get` `recommender.runServicePerformanceInsights.list` `recommender.runServicePerformanceRecommendations.get` `recommender.runServicePerformanceRecommendations.list` `recommender.runServiceSecurityInsights.get` `recommender.runServiceSecurityInsights.list` `recommender.runServiceSecurityRecommendations.get` `recommender.runServiceSecurityRecommendations.list` `remotebuildexecution.blobs.get` `resourcemanager.projects.get` `resourcemanager.projects.list` `run.configurations.` `run.configurations.get` `run.configurations.list` `run.executions.get` `run.executions.list` `run.jobs.get` `run.jobs.getIamPolicy` `run.jobs.list` `run.jobs.listEffectiveTags` `run.jobs.listTagBindings` `run.locations.list` `run.operations.get` `run.operations.list` `run.revisions.get` `run.revisions.list` `run.routes.get` `run.routes.list` `run.services.get` `run.services.getIamPolicy` `run.services.list` `run.services.listEffectiveTags` `run.services.listTagBindings` `run.tasks.` `run.tasks.get` `run.tasks.list` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list`

Cloud Functions Admin

(roles/cloudfunctions.admin)

Full access to functions, operations and locations.

artifactregistry.attachments.get

artifactregistry.attachments.list

artifactregistry.dockerimages.*

artifactregistry.dockerimages.get
artifactregistry.dockerimages.list

artifactregistry.files.download

artifactregistry.files.get

artifactregistry.files.list

artifactregistry.locations.*

artifactregistry.locations.get
artifactregistry.locations.list

artifactregistry.mavenartifacts.*

artifactregistry.mavenartifacts.get
artifactregistry.mavenartifacts.list

artifactregistry.npmpackages.*

artifactregistry.npmpackages.get
artifactregistry.npmpackages.list

artifactregistry.packages.get

artifactregistry.packages.list

artifactregistry.projectsettings.get

artifactregistry.pythonpackages.*

artifactregistry.pythonpackages.get
artifactregistry.pythonpackages.list

artifactregistry.repositories.downloadArtifacts

artifactregistry.repositories.get

artifactregistry.repositories.list

artifactregistry.repositories.listEffectiveTags

artifactregistry.repositories.listTagBindings

artifactregistry.repositories.readViaVirtualRepository

artifactregistry.rules.get

artifactregistry.rules.list

artifactregistry.tags.get

artifactregistry.tags.list

artifactregistry.versions.get

artifactregistry.versions.list

cloudasset.assets.searchAllResources

cloudbuild.builds.get

cloudbuild.builds.list

cloudbuild.locations.*

cloudbuild.locations.get
cloudbuild.locations.list

cloudbuild.operations.*

cloudbuild.operations.get
cloudbuild.operations.list

cloudfunctions.*

cloudfunctions.functions.call
cloudfunctions.functions.create
cloudfunctions.functions.delete
cloudfunctions.functions.generationUpgrade
cloudfunctions.functions.get
cloudfunctions.functions.getIamPolicy
cloudfunctions.functions.invoke
cloudfunctions.functions.list
cloudfunctions.functions.setIamPolicy
cloudfunctions.functions.sourceCodeGet
cloudfunctions.functions.sourceCodeSet
cloudfunctions.functions.update
cloudfunctions.locations.list
cloudfunctions.operations.get
cloudfunctions.operations.list

eventarc.*

eventarc.channelConnections.create
eventarc.channelConnections.delete
eventarc.channelConnections.get
eventarc.channelConnections.getIamPolicy
eventarc.channelConnections.list
eventarc.channelConnections.publish
eventarc.channelConnections.setIamPolicy
eventarc.channels.attach
eventarc.channels.create
eventarc.channels.delete
eventarc.channels.get
eventarc.channels.getIamPolicy
eventarc.channels.list
eventarc.channels.publish
eventarc.channels.setIamPolicy
eventarc.channels.undelete
eventarc.channels.update
eventarc.enrollments.create
eventarc.enrollments.delete
eventarc.enrollments.get
eventarc.enrollments.getIamPolicy
eventarc.enrollments.list
eventarc.enrollments.setIamPolicy
eventarc.enrollments.update
eventarc.events.receiveAuditLogWritten
eventarc.events.receiveEvent
eventarc.googleApiSources.create
eventarc.googleApiSources.delete
eventarc.googleApiSources.get
eventarc.googleApiSources.getIamPolicy
eventarc.googleApiSources.list
eventarc.googleApiSources.setIamPolicy
eventarc.googleApiSources.update
eventarc.googleChannelConfigs.get
eventarc.googleChannelConfigs.update
eventarc.kafkaSources.create
eventarc.kafkaSources.delete
eventarc.kafkaSources.get
eventarc.kafkaSources.getIamPolicy
eventarc.kafkaSources.list
eventarc.kafkaSources.setIamPolicy
eventarc.locations.get
eventarc.locations.list
eventarc.messageBuses.create
eventarc.messageBuses.delete
eventarc.messageBuses.get
eventarc.messageBuses.getIamPolicy
eventarc.messageBuses.list
eventarc.messageBuses.publish
eventarc.messageBuses.setIamPolicy
eventarc.messageBuses.update
eventarc.messageBuses.use
eventarc.operations.cancel
eventarc.operations.delete
eventarc.operations.get
eventarc.operations.list
eventarc.pipelines.create
eventarc.pipelines.delete
eventarc.pipelines.get
eventarc.pipelines.getIamPolicy
eventarc.pipelines.list
eventarc.pipelines.setIamPolicy
eventarc.pipelines.update
eventarc.providers.get
eventarc.providers.list
eventarc.triggers.create
eventarc.triggers.delete
eventarc.triggers.get
eventarc.triggers.getIamPolicy
eventarc.triggers.list
eventarc.triggers.setIamPolicy
eventarc.triggers.undelete
eventarc.triggers.update

recommender.cloudFunctionsPerformanceInsights.*

recommender.cloudFunctionsPerformanceInsights.get
recommender.cloudFunctionsPerformanceInsights.list
recommender.cloudFunctionsPerformanceInsights.update

recommender.cloudFunctionsPerformanceRecommendations.*

recommender.cloudFunctionsPerformanceRecommendations.get
recommender.cloudFunctionsPerformanceRecommendations.list
recommender.cloudFunctionsPerformanceRecommendations.update

recommender.locations.*

recommender.locations.get
recommender.locations.list

recommender.runServiceCostInsights.*

recommender.runServiceCostInsights.get
recommender.runServiceCostInsights.list
recommender.runServiceCostInsights.update

recommender.runServiceCostRecommendations.*

recommender.runServiceCostRecommendations.get
recommender.runServiceCostRecommendations.list
recommender.runServiceCostRecommendations.update

recommender.runServiceIdentityInsights.*

recommender.runServiceIdentityInsights.get
recommender.runServiceIdentityInsights.list
recommender.runServiceIdentityInsights.update

recommender.runServiceIdentityRecommendations.*

recommender.runServiceIdentityRecommendations.get
recommender.runServiceIdentityRecommendations.list
recommender.runServiceIdentityRecommendations.update

recommender.runServicePerformanceInsights.*

recommender.runServicePerformanceInsights.get
recommender.runServicePerformanceInsights.list
recommender.runServicePerformanceInsights.update

recommender.runServicePerformanceRecommendations.*

recommender.runServicePerformanceRecommendations.get
recommender.runServicePerformanceRecommendations.list
recommender.runServicePerformanceRecommendations.update

recommender.runServiceSecurityInsights.*

recommender.runServiceSecurityInsights.get
recommender.runServiceSecurityInsights.list
recommender.runServiceSecurityInsights.update

recommender.runServiceSecurityRecommendations.*

recommender.runServiceSecurityRecommendations.get
recommender.runServiceSecurityRecommendations.list
recommender.runServiceSecurityRecommendations.update

remotebuildexecution.blobs.get

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

resourcemanager.projects.list

run.*

run.configurations.get
run.configurations.list
run.executions.cancel
run.executions.delete
run.executions.get
run.executions.list
run.jobs.create
run.jobs.createTagBinding
run.jobs.delete
run.jobs.deleteTagBinding
run.jobs.get
run.jobs.getIamPolicy
run.jobs.list
run.jobs.listEffectiveTags
run.jobs.listTagBindings
run.jobs.run
run.jobs.runWithOverrides
run.jobs.setIamPolicy
run.jobs.update
run.locations.list
run.operations.delete
run.operations.get
run.operations.list
run.revisions.delete
run.revisions.get
run.revisions.list
run.routes.get
run.routes.invoke
run.routes.list
run.services.create
run.services.createTagBinding
run.services.delete
run.services.deleteTagBinding
run.services.get
run.services.getIamPolicy
run.services.list
run.services.listEffectiveTags
run.services.listTagBindings
run.services.setIamPolicy
run.services.update
run.tasks.get
run.tasks.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Cloud Functions Developer

(roles/cloudfunctions.developer)

Read and write access to all functions-related resources.

artifactregistry.attachments.get

artifactregistry.attachments.list

artifactregistry.dockerimages.*

artifactregistry.dockerimages.get
artifactregistry.dockerimages.list

artifactregistry.files.download

artifactregistry.files.get

artifactregistry.files.list

artifactregistry.locations.*

artifactregistry.locations.get
artifactregistry.locations.list

artifactregistry.mavenartifacts.*

artifactregistry.mavenartifacts.get
artifactregistry.mavenartifacts.list

artifactregistry.npmpackages.*

artifactregistry.npmpackages.get
artifactregistry.npmpackages.list

artifactregistry.packages.get

artifactregistry.packages.list

artifactregistry.projectsettings.get

artifactregistry.pythonpackages.*

artifactregistry.pythonpackages.get
artifactregistry.pythonpackages.list

artifactregistry.repositories.downloadArtifacts

artifactregistry.repositories.get

artifactregistry.repositories.list

artifactregistry.repositories.listEffectiveTags

artifactregistry.repositories.listTagBindings

artifactregistry.repositories.readViaVirtualRepository

artifactregistry.rules.get

artifactregistry.rules.list

artifactregistry.tags.get

artifactregistry.tags.list

artifactregistry.versions.get

artifactregistry.versions.list

cloudasset.assets.searchAllResources

cloudbuild.builds.get

cloudbuild.builds.list

cloudbuild.locations.*

cloudbuild.locations.get
cloudbuild.locations.list

cloudbuild.operations.*

cloudbuild.operations.get
cloudbuild.operations.list

cloudfunctions.functions.call

cloudfunctions.functions.create

cloudfunctions.functions.delete

cloudfunctions.functions.generationUpgrade

cloudfunctions.functions.get

cloudfunctions.functions.invoke

cloudfunctions.functions.list

cloudfunctions.functions.sourceCodeGet

cloudfunctions.functions.sourceCodeSet

cloudfunctions.functions.update

cloudfunctions.locations.list

cloudfunctions.operations.*

cloudfunctions.operations.get
cloudfunctions.operations.list

eventarc.channelConnections.create

eventarc.channelConnections.delete

eventarc.channelConnections.get

eventarc.channelConnections.getIamPolicy

eventarc.channelConnections.list

eventarc.channelConnections.publish

eventarc.channels.attach

eventarc.channels.create

eventarc.channels.delete

eventarc.channels.get

eventarc.channels.getIamPolicy

eventarc.channels.list

eventarc.channels.publish

eventarc.channels.undelete

eventarc.channels.update

eventarc.enrollments.create

eventarc.enrollments.delete

eventarc.enrollments.get

eventarc.enrollments.getIamPolicy

eventarc.enrollments.list

eventarc.enrollments.update

eventarc.googleApiSources.create

eventarc.googleApiSources.delete

eventarc.googleApiSources.get

eventarc.googleApiSources.getIamPolicy

eventarc.googleApiSources.list

eventarc.googleApiSources.update

eventarc.googleChannelConfigs.*

eventarc.googleChannelConfigs.get
eventarc.googleChannelConfigs.update

eventarc.kafkaSources.create

eventarc.kafkaSources.delete

eventarc.kafkaSources.get

eventarc.kafkaSources.getIamPolicy

eventarc.kafkaSources.list

eventarc.locations.*

eventarc.locations.get
eventarc.locations.list

eventarc.operations.*

eventarc.operations.cancel
eventarc.operations.delete
eventarc.operations.get
eventarc.operations.list

eventarc.pipelines.create

eventarc.pipelines.delete

eventarc.pipelines.get

eventarc.pipelines.getIamPolicy

eventarc.pipelines.list

eventarc.pipelines.update

eventarc.providers.*

eventarc.providers.get
eventarc.providers.list

eventarc.triggers.create

eventarc.triggers.delete

eventarc.triggers.get

eventarc.triggers.getIamPolicy

eventarc.triggers.list

eventarc.triggers.undelete

eventarc.triggers.update

recommender.cloudFunctionsPerformanceInsights.*

recommender.cloudFunctionsPerformanceInsights.get
recommender.cloudFunctionsPerformanceInsights.list
recommender.cloudFunctionsPerformanceInsights.update

recommender.cloudFunctionsPerformanceRecommendations.*

recommender.cloudFunctionsPerformanceRecommendations.get
recommender.cloudFunctionsPerformanceRecommendations.list
recommender.cloudFunctionsPerformanceRecommendations.update

recommender.locations.*

recommender.locations.get
recommender.locations.list

recommender.runServiceCostInsights.*

recommender.runServiceCostInsights.get
recommender.runServiceCostInsights.list
recommender.runServiceCostInsights.update

recommender.runServiceCostRecommendations.*

recommender.runServiceCostRecommendations.get
recommender.runServiceCostRecommendations.list
recommender.runServiceCostRecommendations.update

recommender.runServiceIdentityInsights.*

recommender.runServiceIdentityInsights.get
recommender.runServiceIdentityInsights.list
recommender.runServiceIdentityInsights.update

recommender.runServiceIdentityRecommendations.*

recommender.runServiceIdentityRecommendations.get
recommender.runServiceIdentityRecommendations.list
recommender.runServiceIdentityRecommendations.update

recommender.runServicePerformanceInsights.*

recommender.runServicePerformanceInsights.get
recommender.runServicePerformanceInsights.list
recommender.runServicePerformanceInsights.update

recommender.runServicePerformanceRecommendations.*

recommender.runServicePerformanceRecommendations.get
recommender.runServicePerformanceRecommendations.list
recommender.runServicePerformanceRecommendations.update

recommender.runServiceSecurityInsights.*

recommender.runServiceSecurityInsights.get
recommender.runServiceSecurityInsights.list
recommender.runServiceSecurityInsights.update

recommender.runServiceSecurityRecommendations.*

recommender.runServiceSecurityRecommendations.get
recommender.runServiceSecurityRecommendations.list
recommender.runServiceSecurityRecommendations.update

remotebuildexecution.blobs.get

resourcemanager.projects.get

resourcemanager.projects.list

run.configurations.*

run.configurations.get
run.configurations.list

run.executions.*

run.executions.cancel
run.executions.delete
run.executions.get
run.executions.list

run.jobs.create

run.jobs.delete

run.jobs.get

run.jobs.getIamPolicy

run.jobs.list

run.jobs.listEffectiveTags

run.jobs.listTagBindings

run.jobs.run

run.jobs.runWithOverrides

run.jobs.update

run.locations.list

run.operations.*

run.operations.delete
run.operations.get
run.operations.list

run.revisions.*

run.revisions.delete
run.revisions.get
run.revisions.list

run.routes.*

run.routes.get
run.routes.invoke
run.routes.list

run.services.create

run.services.delete

run.services.get

run.services.getIamPolicy

run.services.list

run.services.listEffectiveTags

run.services.listTagBindings

run.services.update

run.tasks.*

run.tasks.get
run.tasks.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Cloud Functions Invoker

(roles/cloudfunctions.invoker)

Ability to invoke 1st gen HTTP functions with restricted access. 2nd gen functions need the Cloud Run Invoker role instead.

cloudfunctions.functions.invoke

Cloud Functions Service Agent

(roles/cloudfunctions.serviceAgent)

Gives Cloud Functions service account access to managed resources.

artifactregistry.aptartifacts.create

artifactregistry.attachments.*

artifactregistry.attachments.create
artifactregistry.attachments.delete
artifactregistry.attachments.get
artifactregistry.attachments.list

artifactregistry.dockerimages.*

artifactregistry.dockerimages.get
artifactregistry.dockerimages.list

artifactregistry.files.*

artifactregistry.files.delete
artifactregistry.files.download
artifactregistry.files.get
artifactregistry.files.list
artifactregistry.files.update
artifactregistry.files.upload

artifactregistry.kfpartifacts.create

artifactregistry.locations.*

artifactregistry.locations.get
artifactregistry.locations.list

artifactregistry.mavenartifacts.*

artifactregistry.mavenartifacts.get
artifactregistry.mavenartifacts.list

artifactregistry.npmpackages.*

artifactregistry.npmpackages.get
artifactregistry.npmpackages.list

artifactregistry.packages.*

artifactregistry.packages.delete
artifactregistry.packages.get
artifactregistry.packages.list
artifactregistry.packages.update

artifactregistry.projectsettings.*

artifactregistry.projectsettings.get
artifactregistry.projectsettings.update

artifactregistry.pythonpackages.*

artifactregistry.pythonpackages.get
artifactregistry.pythonpackages.list

artifactregistry.repositories.create

artifactregistry.repositories.createTagBinding

artifactregistry.repositories.delete

artifactregistry.repositories.deleteArtifacts

artifactregistry.repositories.deleteTagBinding

artifactregistry.repositories.downloadArtifacts

artifactregistry.repositories.get

artifactregistry.repositories.getIamPolicy

artifactregistry.repositories.list

artifactregistry.repositories.listEffectiveTags

artifactregistry.repositories.listTagBindings

artifactregistry.repositories.readViaVirtualRepository

artifactregistry.repositories.setIamPolicy

artifactregistry.repositories.update

artifactregistry.repositories.uploadArtifacts

artifactregistry.rules.*

artifactregistry.rules.create
artifactregistry.rules.delete
artifactregistry.rules.get
artifactregistry.rules.list
artifactregistry.rules.update

artifactregistry.tags.*

artifactregistry.tags.create
artifactregistry.tags.delete
artifactregistry.tags.get
artifactregistry.tags.list
artifactregistry.tags.update

artifactregistry.versions.*

artifactregistry.versions.delete
artifactregistry.versions.get
artifactregistry.versions.list
artifactregistry.versions.update

artifactregistry.yumartifacts.create

clientauthconfig.clients.list

cloudbuild.builds.create

cloudbuild.builds.get

cloudbuild.builds.list

cloudbuild.builds.update

cloudbuild.locations.*

cloudbuild.locations.get
cloudbuild.locations.list

cloudbuild.operations.*

cloudbuild.operations.get
cloudbuild.operations.list

cloudbuild.workerpools.use

cloudfunctions.functions.get

cloudfunctions.functions.invoke

cloudfunctions.functions.list

cloudfunctions.operations.*

cloudfunctions.operations.get
cloudfunctions.operations.list

compute.globalOperations.get

compute.networks.access

eventarc.channelConnections.create

eventarc.channelConnections.delete

eventarc.channelConnections.get

eventarc.channelConnections.getIamPolicy

eventarc.channelConnections.list

eventarc.channelConnections.publish

eventarc.channels.attach

eventarc.channels.create

eventarc.channels.delete

eventarc.channels.get

eventarc.channels.getIamPolicy

eventarc.channels.list

eventarc.channels.publish

eventarc.channels.undelete

eventarc.channels.update

eventarc.enrollments.create

eventarc.enrollments.delete

eventarc.enrollments.get

eventarc.enrollments.getIamPolicy

eventarc.enrollments.list

eventarc.enrollments.update

eventarc.googleApiSources.create

eventarc.googleApiSources.delete

eventarc.googleApiSources.get

eventarc.googleApiSources.getIamPolicy

eventarc.googleApiSources.list

eventarc.googleApiSources.update

eventarc.googleChannelConfigs.*

eventarc.googleChannelConfigs.get
eventarc.googleChannelConfigs.update

eventarc.kafkaSources.create

eventarc.kafkaSources.delete

eventarc.kafkaSources.get

eventarc.kafkaSources.getIamPolicy

eventarc.kafkaSources.list

eventarc.locations.*

eventarc.locations.get
eventarc.locations.list

eventarc.operations.*

eventarc.operations.cancel
eventarc.operations.delete
eventarc.operations.get
eventarc.operations.list

eventarc.pipelines.create

eventarc.pipelines.delete

eventarc.pipelines.get

eventarc.pipelines.getIamPolicy

eventarc.pipelines.list

eventarc.pipelines.update

eventarc.providers.*

eventarc.providers.get
eventarc.providers.list

eventarc.triggers.create

eventarc.triggers.delete

eventarc.triggers.get

eventarc.triggers.getIamPolicy

eventarc.triggers.list

eventarc.triggers.undelete

eventarc.triggers.update

firebasedatabase.instances.get

firebasedatabase.instances.update

iam.serviceAccounts.actAs

iam.serviceAccounts.getAccessToken

iam.serviceAccounts.getOpenIdToken

iam.serviceAccounts.signBlob

pubsub.subscriptions.*

pubsub.subscriptions.consume
pubsub.subscriptions.create
pubsub.subscriptions.delete
pubsub.subscriptions.get
pubsub.subscriptions.getIamPolicy
pubsub.subscriptions.list
pubsub.subscriptions.setIamPolicy
pubsub.subscriptions.update

pubsub.topics.attachSubscription

pubsub.topics.create

pubsub.topics.get

pubsub.topics.list

recommender.locations.*

recommender.locations.get
recommender.locations.list

recommender.runServiceCostInsights.*

recommender.runServiceCostInsights.get
recommender.runServiceCostInsights.list
recommender.runServiceCostInsights.update

recommender.runServiceCostRecommendations.*

recommender.runServiceCostRecommendations.get
recommender.runServiceCostRecommendations.list
recommender.runServiceCostRecommendations.update

recommender.runServiceIdentityInsights.*

recommender.runServiceIdentityInsights.get
recommender.runServiceIdentityInsights.list
recommender.runServiceIdentityInsights.update

recommender.runServiceIdentityRecommendations.*

recommender.runServiceIdentityRecommendations.get
recommender.runServiceIdentityRecommendations.list
recommender.runServiceIdentityRecommendations.update

recommender.runServicePerformanceInsights.*

recommender.runServicePerformanceInsights.get
recommender.runServicePerformanceInsights.list
recommender.runServicePerformanceInsights.update

recommender.runServicePerformanceRecommendations.*

recommender.runServicePerformanceRecommendations.get
recommender.runServicePerformanceRecommendations.list
recommender.runServicePerformanceRecommendations.update

recommender.runServiceSecurityInsights.*

recommender.runServiceSecurityInsights.get
recommender.runServiceSecurityInsights.list
recommender.runServiceSecurityInsights.update

recommender.runServiceSecurityRecommendations.*

recommender.runServiceSecurityRecommendations.get
recommender.runServiceSecurityRecommendations.list
recommender.runServiceSecurityRecommendations.update

remotebuildexecution.blobs.get

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

resourcemanager.projects.list

run.configurations.*

run.configurations.get
run.configurations.list

run.executions.*

run.executions.cancel
run.executions.delete
run.executions.get
run.executions.list

run.jobs.create

run.jobs.delete

run.jobs.get

run.jobs.getIamPolicy

run.jobs.list

run.jobs.listEffectiveTags

run.jobs.listTagBindings

run.jobs.run

run.jobs.runWithOverrides

run.jobs.update

run.locations.list

run.operations.*

run.operations.delete
run.operations.get
run.operations.list

run.revisions.*

run.revisions.delete
run.revisions.get
run.revisions.list

run.routes.*

run.routes.get
run.routes.invoke
run.routes.list

run.services.create

run.services.delete

run.services.get

run.services.getIamPolicy

run.services.list

run.services.listEffectiveTags

run.services.listTagBindings

run.services.update

run.tasks.*

run.tasks.get
run.tasks.list

serviceusage.quotas.get

serviceusage.services.disable

serviceusage.services.enable

serviceusage.services.get

serviceusage.services.use

source.repos.get

source.repos.list

storage.buckets.create

storage.buckets.delete

storage.buckets.get

storage.buckets.update

storage.objects.create

storage.objects.delete

storage.objects.get

storage.objects.list

vpcaccess.connectors.get

vpcaccess.connectors.use

Cloud Functions Viewer

(roles/cloudfunctions.viewer)

Read-only access to functions and locations.

cloudasset.assets.searchAllResources

cloudbuild.builds.get

cloudbuild.builds.list

cloudbuild.locations.*

cloudbuild.locations.get
cloudbuild.locations.list

cloudbuild.operations.*

cloudbuild.operations.get
cloudbuild.operations.list

cloudfunctions.functions.get

cloudfunctions.functions.getIamPolicy

cloudfunctions.functions.list

cloudfunctions.locations.list

cloudfunctions.operations.*

cloudfunctions.operations.get
cloudfunctions.operations.list

eventarc.channelConnections.get

eventarc.channelConnections.getIamPolicy

eventarc.channelConnections.list

eventarc.channels.get

eventarc.channels.getIamPolicy

eventarc.channels.list

eventarc.enrollments.get

eventarc.enrollments.getIamPolicy

eventarc.enrollments.list

eventarc.googleApiSources.get

eventarc.googleApiSources.getIamPolicy

eventarc.googleApiSources.list

eventarc.googleChannelConfigs.get

eventarc.kafkaSources.get

eventarc.kafkaSources.getIamPolicy

eventarc.kafkaSources.list

eventarc.locations.*

eventarc.locations.get
eventarc.locations.list

eventarc.messageBuses.get

eventarc.messageBuses.getIamPolicy

eventarc.messageBuses.list

eventarc.messageBuses.use

eventarc.operations.get

eventarc.operations.list

eventarc.pipelines.get

eventarc.pipelines.getIamPolicy

eventarc.pipelines.list

eventarc.providers.*

eventarc.providers.get
eventarc.providers.list

eventarc.triggers.get

eventarc.triggers.getIamPolicy

eventarc.triggers.list

recommender.cloudFunctionsPerformanceInsights.get

recommender.cloudFunctionsPerformanceInsights.list

recommender.cloudFunctionsPerformanceRecommendations.get

recommender.cloudFunctionsPerformanceRecommendations.list

recommender.locations.*

recommender.locations.get
recommender.locations.list

recommender.runServiceCostInsights.get

recommender.runServiceCostInsights.list

recommender.runServiceCostRecommendations.get

recommender.runServiceCostRecommendations.list

recommender.runServiceIdentityInsights.get

recommender.runServiceIdentityInsights.list

recommender.runServiceIdentityRecommendations.get

recommender.runServiceIdentityRecommendations.list

recommender.runServicePerformanceInsights.get

recommender.runServicePerformanceInsights.list

recommender.runServicePerformanceRecommendations.get

recommender.runServicePerformanceRecommendations.list

recommender.runServiceSecurityInsights.get

recommender.runServiceSecurityInsights.list

recommender.runServiceSecurityRecommendations.get

recommender.runServiceSecurityRecommendations.list

remotebuildexecution.blobs.get

resourcemanager.projects.get

resourcemanager.projects.list

run.configurations.*

run.configurations.get
run.configurations.list

run.executions.get

run.executions.list

run.jobs.get

run.jobs.getIamPolicy

run.jobs.list

run.jobs.listEffectiveTags

run.jobs.listTagBindings

run.locations.list

run.operations.get

run.operations.list

run.revisions.get

run.revisions.list

run.routes.get

run.routes.list

run.services.get

run.services.getIamPolicy

run.services.list

run.services.listEffectiveTags

run.services.listTagBindings

run.tasks.*

run.tasks.get
run.tasks.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Cloud Run functions 权限

权限	以下角色拥有此权限
`cloudfunctions.functions.call`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) 服务代理角色警告：请勿向服务代理以外的任何主账号授予服务代理角色。 Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`cloudfunctions.functions.create`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) 服务代理角色警告：请勿向服务代理以外的任何主账号授予服务代理角色。 Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`cloudfunctions.functions.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) 服务代理角色警告：请勿向服务代理以外的任何主账号授予服务代理角色。 Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`cloudfunctions.functions.generationUpgrade`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`)
`cloudfunctions.functions.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Cloud Functions Viewer (`roles/cloudfunctions.viewer`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase Develop Viewer (`roles/firebase.developViewer`) Firebase Viewer (`roles/firebase.viewer`) 服务代理角色警告：请勿向服务代理以外的任何主账号授予服务代理角色。 Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Eventarc Service Agent (`roles/eventarc.serviceAgent`) Monitoring Service Agent (`roles/monitoring.notificationServiceAgent`) Cloud Vision AI Service Agent (`roles/visionai.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`cloudfunctions.functions.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Viewer (`roles/cloudfunctions.viewer`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase Develop Viewer (`roles/firebase.developViewer`) Firebase Viewer (`roles/firebase.viewer`) Firebase Extensions API Service Agent (`roles/firebasemods.serviceAgent`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) 服务代理角色警告：请勿向服务代理以外的任何主账号授予服务代理角色。 Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`cloudfunctions.functions.invoke`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Cloud Functions Invoker (`roles/cloudfunctions.invoker`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) 服务代理角色警告：请勿向服务代理以外的任何主账号授予服务代理角色。 Content Warehouse Service Agent (`roles/contentwarehouse.serviceAgent`) Dialogflow Service Agent (`roles/dialogflow.serviceAgent`) Identity Platform Service Agent (`roles/identitytoolkit.serviceAgent`) Application Integration Service Agent (`roles/integrations.serviceAgent`) Cloud Vision AI Service Agent (`roles/visionai.serviceAgent`) Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`)
`cloudfunctions.functions.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Cloud Functions Viewer (`roles/cloudfunctions.viewer`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase Develop Viewer (`roles/firebase.developViewer`) Firebase Viewer (`roles/firebase.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) 服务代理角色警告：请勿向服务代理以外的任何主账号授予服务代理角色。 Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Cloud Vision AI Service Agent (`roles/visionai.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`cloudfunctions.functions.setIamPolicy`	Owner (`roles/owner`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase Extensions API Service Agent (`roles/firebasemods.serviceAgent`) Security Admin (`roles/iam.securityAdmin`)
`cloudfunctions.functions.sourceCodeGet`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`)
`cloudfunctions.functions.sourceCodeSet`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`)
`cloudfunctions.functions.update`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) 服务代理角色警告：请勿向服务代理以外的任何主账号授予服务代理角色。 Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`cloudfunctions.locations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Cloud Functions Viewer (`roles/cloudfunctions.viewer`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase Develop Viewer (`roles/firebase.developViewer`) Firebase Viewer (`roles/firebase.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`)
`cloudfunctions.operations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Cloud Functions Viewer (`roles/cloudfunctions.viewer`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase Develop Viewer (`roles/firebase.developViewer`) Firebase Viewer (`roles/firebase.viewer`) 服务代理角色警告：请勿向服务代理以外的任何主账号授予服务代理角色。 Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`cloudfunctions.operations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Functions Admin (`roles/cloudfunctions.admin`) Cloud Functions Developer (`roles/cloudfunctions.developer`) Cloud Functions Viewer (`roles/cloudfunctions.viewer`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase Develop Viewer (`roles/firebase.developViewer`) Firebase Viewer (`roles/firebase.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) 服务代理角色警告：请勿向服务代理以外的任何主账号授予服务代理角色。 Cloud Functions Service Agent (`roles/cloudfunctions.serviceAgent`)

Cloud Run functions 角色和权限