roles/clouddeploymentmanager.serviceAgent
Title: Cloud Deployment Manager Service Agent
Description: Allows Deployment Manager service to actuate resources across DM projects and folders
Stage: GA
Role Type: Service Agent
669 Assigned Permissions:
- accesscontextmanager.accessLevels.create
- accesscontextmanager.accessLevels.delete
- accesscontextmanager.accessLevels.get
- accesscontextmanager.accessLevels.update
- accesscontextmanager.policies.list
- accesscontextmanager.servicePerimeters.create
- accesscontextmanager.servicePerimeters.delete
- accesscontextmanager.servicePerimeters.get
- accesscontextmanager.servicePerimeters.update
- appengine.applications.get
- appengine.operations.get
- appengine.services.update
- appengine.versions.create
- appengine.versions.delete
- appengine.versions.get
- appengine.versions.list
- artifactregistry.repositories.create
- artifactregistry.repositories.delete
- artifactregistry.repositories.get
- artifactregistry.repositories.update
- bigquery.connections.get
- bigquery.datasets.create
- bigquery.datasets.delete
- bigquery.datasets.get
- bigquery.datasets.getIamPolicy
- bigquery.datasets.update
- bigquery.jobs.create
- bigquery.routines.create
- bigquery.routines.get
- bigquery.routines.update
- bigquery.tables.create
- bigquery.tables.delete
- bigquery.tables.get
- bigquery.tables.getData
- bigquery.tables.setCategory
- bigquery.tables.update
- bigquery.tables.updateData
- bigtable.instances.create
- bigtable.instances.delete
- bigtable.instances.get
- bigtable.instances.update
- bigtable.tables.create
- bigtable.tables.delete
- bigtable.tables.get
- bigtable.tables.update
- billing.resourceAssociations.create
- billing.resourcebudgets.write
- cloudbuild.builds.create
- cloudbuild.builds.get
- cloudfunctions.functions.call
- cloudfunctions.functions.create
- cloudfunctions.functions.delete
- cloudfunctions.functions.get
- cloudfunctions.functions.getIamPolicy
- cloudfunctions.functions.list
- cloudfunctions.functions.update
- cloudfunctions.operations.get
- cloudprivatecatalog.targets.get
- cloudscheduler.jobs.create
- cloudscheduler.jobs.delete
- cloudscheduler.jobs.get
- cloudscheduler.jobs.update
- cloudsql.backupRuns.create
- cloudsql.databases.create
- cloudsql.databases.delete
- cloudsql.databases.get
- cloudsql.databases.list
- cloudsql.databases.update
- cloudsql.instances.create
- cloudsql.instances.delete
- cloudsql.instances.get
- cloudsql.instances.import
- cloudsql.instances.restart
- cloudsql.instances.update
- cloudsql.sslCerts.create
- cloudsql.sslCerts.delete
- cloudsql.sslCerts.get
- cloudsql.users.create
- cloudsql.users.delete
- cloudtasks.queues.create
- cloudtasks.queues.delete
- cloudtasks.queues.get
- compute.addresses.create
- compute.addresses.createInternal
- compute.addresses.delete
- compute.addresses.deleteInternal
- compute.addresses.get
- compute.addresses.list
- compute.addresses.setLabels
- compute.addresses.use
- compute.addresses.useInternal
- compute.autoscalers.create
- compute.autoscalers.delete
- compute.autoscalers.get
- compute.autoscalers.update
- compute.backendBuckets.create
- compute.backendBuckets.delete
- compute.backendBuckets.get
- compute.backendBuckets.update
- compute.backendBuckets.use
- compute.backendServices.create
- compute.backendServices.delete
- compute.backendServices.get
- compute.backendServices.setSecurityPolicy
- compute.backendServices.update
- compute.backendServices.use
- compute.disks.addResourcePolicies
- compute.disks.create
- compute.disks.delete
- compute.disks.get
- compute.disks.removeResourcePolicies
- compute.disks.resize
- compute.disks.setLabels
- compute.disks.update
- compute.disks.use
- compute.disks.useReadOnly
- compute.externalVpnGateways.create
- compute.externalVpnGateways.delete
- compute.externalVpnGateways.get
- compute.externalVpnGateways.setLabels
- compute.externalVpnGateways.use
- compute.firewallPolicies.create
- compute.firewallPolicies.delete
- compute.firewallPolicies.get
- compute.firewalls.create
- compute.firewalls.delete
- compute.firewalls.get
- compute.firewalls.list
- compute.firewalls.update
- compute.forwardingRules.create
- compute.forwardingRules.delete
- compute.forwardingRules.get
- compute.forwardingRules.pscCreate
- compute.forwardingRules.pscSetLabels
- compute.forwardingRules.setLabels
- compute.forwardingRules.setTarget
- compute.forwardingRules.update
- compute.forwardingRules.use
- compute.globalAddresses.create
- compute.globalAddresses.createInternal
- compute.globalAddresses.delete
- compute.globalAddresses.deleteInternal
- compute.globalAddresses.get
- compute.globalAddresses.setLabels
- compute.globalAddresses.use
- compute.globalForwardingRules.create
- compute.globalForwardingRules.delete
- compute.globalForwardingRules.get
- compute.globalForwardingRules.pscCreate
- compute.globalForwardingRules.pscDelete
- compute.globalForwardingRules.pscSetLabels
- compute.globalForwardingRules.setLabels
- compute.globalNetworkEndpointGroups.attachNetworkEndpoints
- compute.globalNetworkEndpointGroups.create
- compute.globalNetworkEndpointGroups.delete
- compute.globalNetworkEndpointGroups.get
- compute.globalNetworkEndpointGroups.use
- compute.globalOperations.get
- compute.healthChecks.create
- compute.healthChecks.delete
- compute.healthChecks.get
- compute.healthChecks.update
- compute.healthChecks.use
- compute.healthChecks.useReadOnly
- compute.httpHealthChecks.create
- compute.httpHealthChecks.delete
- compute.httpHealthChecks.get
- compute.httpHealthChecks.update
- compute.httpHealthChecks.use
- compute.httpHealthChecks.useReadOnly
- compute.httpsHealthChecks.create
- compute.httpsHealthChecks.delete
- compute.httpsHealthChecks.get
- compute.httpsHealthChecks.update
- compute.httpsHealthChecks.use
- compute.httpsHealthChecks.useReadOnly
- compute.images.create
- compute.images.delete
- compute.images.deprecate
- compute.images.get
- compute.images.setLabels
- compute.images.useReadOnly
- compute.instanceGroupManagers.create
- compute.instanceGroupManagers.delete
- compute.instanceGroupManagers.get
- compute.instanceGroupManagers.update
- compute.instanceGroupManagers.use
- compute.instanceGroups.create
- compute.instanceGroups.delete
- compute.instanceGroups.get
- compute.instanceGroups.update
- compute.instanceGroups.use
- compute.instanceTemplates.create
- compute.instanceTemplates.delete
- compute.instanceTemplates.get
- compute.instanceTemplates.useReadOnly
- compute.instances.addAccessConfig
- compute.instances.create
- compute.instances.delete
- compute.instances.deleteAccessConfig
- compute.instances.get
- compute.instances.listTagBindings
- compute.instances.resume
- compute.instances.setDeletionProtection
- compute.instances.setDiskAutoDelete
- compute.instances.setLabels
- compute.instances.setMetadata
- compute.instances.setServiceAccount
- compute.instances.setTags
- compute.instances.start
- compute.instances.stop
- compute.instances.suspend
- compute.instances.update
- compute.instances.updateDisplayDevice
- compute.instances.use
- compute.interconnectAttachments.create
- compute.interconnectAttachments.delete
- compute.interconnectAttachments.get
- compute.interconnectAttachments.setLabels
- compute.interconnectAttachments.update
- compute.interconnects.create
- compute.interconnects.delete
- compute.interconnects.get
- compute.interconnects.setLabels
- compute.interconnects.use
- compute.machineImages.useReadOnly
- compute.machineTypes.get
- compute.networkEndpointGroups.attachNetworkEndpoints
- compute.networkEndpointGroups.create
- compute.networkEndpointGroups.delete
- compute.networkEndpointGroups.get
- compute.networkEndpointGroups.use
- compute.networks.addPeering
- compute.networks.create
- compute.networks.delete
- compute.networks.get
- compute.networks.listPeeringRoutes
- compute.networks.removePeering
- compute.networks.switchToCustomMode
- compute.networks.update
- compute.networks.updatePolicy
- compute.networks.use
- compute.networks.useExternalIp
- compute.organizations.disableXpnResource
- compute.organizations.enableXpnHost
- compute.organizations.enableXpnResource
- compute.packetMirrorings.create
- compute.packetMirrorings.delete
- compute.packetMirrorings.get
- compute.projects.get
- compute.projects.setUsageExportBucket
- compute.regionBackendServices.create
- compute.regionBackendServices.delete
- compute.regionBackendServices.get
- compute.regionBackendServices.update
- compute.regionBackendServices.use
- compute.regionHealthChecks.create
- compute.regionHealthChecks.delete
- compute.regionHealthChecks.get
- compute.regionHealthChecks.update
- compute.regionHealthChecks.use
- compute.regionHealthChecks.useReadOnly
- compute.regionNetworkEndpointGroups.create
- compute.regionNetworkEndpointGroups.delete
- compute.regionNetworkEndpointGroups.get
- compute.regionNetworkEndpointGroups.use
- compute.regionOperations.get
- compute.regionSslCertificates.create
- compute.regionSslCertificates.delete
- compute.regionSslCertificates.get
- compute.regionTargetHttpProxies.create
- compute.regionTargetHttpProxies.delete
- compute.regionTargetHttpProxies.get
- compute.regionTargetHttpProxies.use
- compute.regionTargetHttpsProxies.create
- compute.regionTargetHttpsProxies.delete
- compute.regionTargetHttpsProxies.get
- compute.regionTargetHttpsProxies.use
- compute.regionUrlMaps.create
- compute.regionUrlMaps.delete
- compute.regionUrlMaps.get
- compute.regionUrlMaps.use
- compute.regions.get
- compute.reservations.list
- compute.resourcePolicies.create
- compute.resourcePolicies.delete
- compute.resourcePolicies.get
- compute.resourcePolicies.use
- compute.routers.create
- compute.routers.delete
- compute.routers.get
- compute.routers.update
- compute.routers.use
- compute.routes.create
- compute.routes.delete
- compute.routes.get
- compute.securityPolicies.create
- compute.securityPolicies.delete
- compute.securityPolicies.get
- compute.securityPolicies.setLabels
- compute.securityPolicies.update
- compute.securityPolicies.use
- compute.serviceAttachments.create
- compute.serviceAttachments.get
- compute.snapshots.useReadOnly
- compute.sslCertificates.create
- compute.sslCertificates.delete
- compute.sslCertificates.get
- compute.sslPolicies.create
- compute.sslPolicies.delete
- compute.sslPolicies.get
- compute.sslPolicies.use
- compute.subnetworks.create
- compute.subnetworks.delete
- compute.subnetworks.expandIpCidrRange
- compute.subnetworks.get
- compute.subnetworks.list
- compute.subnetworks.mirror
- compute.subnetworks.update
- compute.subnetworks.use
- compute.subnetworks.useExternalIp
- compute.targetHttpProxies.create
- compute.targetHttpProxies.delete
- compute.targetHttpProxies.get
- compute.targetHttpProxies.use
- compute.targetHttpsProxies.create
- compute.targetHttpsProxies.delete
- compute.targetHttpsProxies.get
- compute.targetHttpsProxies.setSslCertificates
- compute.targetHttpsProxies.setSslPolicy
- compute.targetHttpsProxies.use
- compute.targetInstances.create
- compute.targetInstances.delete
- compute.targetInstances.get
- compute.targetInstances.use
- compute.targetPools.addHealthCheck
- compute.targetPools.addInstance
- compute.targetPools.create
- compute.targetPools.delete
- compute.targetPools.get
- compute.targetPools.removeHealthCheck
- compute.targetPools.removeInstance
- compute.targetPools.use
- compute.targetSslProxies.create
- compute.targetSslProxies.delete
- compute.targetSslProxies.get
- compute.targetSslProxies.setSslCertificates
- compute.targetSslProxies.use
- compute.targetTcpProxies.create
- compute.targetTcpProxies.delete
- compute.targetTcpProxies.get
- compute.targetTcpProxies.use
- compute.targetVpnGateways.create
- compute.targetVpnGateways.delete
- compute.targetVpnGateways.get
- compute.targetVpnGateways.setLabels
- compute.targetVpnGateways.use
- compute.urlMaps.create
- compute.urlMaps.delete
- compute.urlMaps.get
- compute.urlMaps.update
- compute.urlMaps.use
- compute.vpnGateways.create
- compute.vpnGateways.delete
- compute.vpnGateways.get
- compute.vpnGateways.setLabels
- compute.vpnGateways.use
- compute.vpnTunnels.create
- compute.vpnTunnels.delete
- compute.vpnTunnels.get
- compute.vpnTunnels.setLabels
- compute.zoneOperations.get
- compute.zoneOperations.list
- compute.zones.get
- container.backendConfigs.create
- container.backendConfigs.delete
- container.backendConfigs.get
- container.clusterRoleBindings.create
- container.clusterRoleBindings.delete
- container.clusterRoleBindings.get
- container.clusterRoles.bind
- container.clusterRoles.create
- container.clusterRoles.delete
- container.clusterRoles.escalate
- container.clusterRoles.get
- container.clusters.create
- container.clusters.delete
- container.clusters.get
- container.clusters.getCredentials
- container.clusters.update
- container.configMaps.create
- container.configMaps.delete
- container.configMaps.get
- container.configMaps.update
- container.cronJobs.create
- container.cronJobs.delete
- container.cronJobs.get
- container.cronJobs.update
- container.daemonSets.create
- container.daemonSets.delete
- container.daemonSets.get
- container.daemonSets.update
- container.deployments.create
- container.deployments.delete
- container.deployments.get
- container.deployments.update
- container.frontendConfigs.create
- container.frontendConfigs.delete
- container.frontendConfigs.get
- container.horizontalPodAutoscalers.create
- container.horizontalPodAutoscalers.delete
- container.horizontalPodAutoscalers.get
- container.ingresses.create
- container.ingresses.delete
- container.ingresses.get
- container.jobs.create
- container.jobs.delete
- container.jobs.get
- container.managedCertificates.create
- container.managedCertificates.delete
- container.managedCertificates.get
- container.mutatingWebhookConfigurations.delete
- container.mutatingWebhookConfigurations.get
- container.namespaces.create
- container.namespaces.delete
- container.namespaces.get
- container.networkPolicies.create
- container.networkPolicies.delete
- container.networkPolicies.get
- container.operations.get
- container.podDisruptionBudgets.create
- container.podDisruptionBudgets.delete
- container.podDisruptionBudgets.get
- container.podSecurityPolicies.delete
- container.podSecurityPolicies.get
- container.priorityClasses.create
- container.priorityClasses.delete
- container.priorityClasses.get
- container.replicationControllers.create
- container.replicationControllers.delete
- container.replicationControllers.get
- container.roleBindings.create
- container.roleBindings.delete
- container.roleBindings.get
- container.roles.bind
- container.roles.create
- container.roles.delete
- container.roles.escalate
- container.roles.get
- container.roles.update
- container.secrets.create
- container.secrets.delete
- container.secrets.get
- container.secrets.update
- container.serviceAccounts.create
- container.serviceAccounts.delete
- container.serviceAccounts.get
- container.serviceAccounts.update
- container.services.create
- container.services.delete
- container.services.get
- container.statefulSets.create
- container.statefulSets.delete
- container.statefulSets.get
- container.statefulSets.update
- container.storageClasses.create
- container.storageClasses.delete
- container.storageClasses.get
- container.thirdPartyObjects.create
- container.thirdPartyObjects.delete
- container.thirdPartyObjects.get
- container.thirdPartyObjects.update
- container.validatingWebhookConfigurations.delete
- container.validatingWebhookConfigurations.get
- datacatalog.taxonomies.get
- dataproc.autoscalingPolicies.create
- dataproc.autoscalingPolicies.delete
- dataproc.autoscalingPolicies.get
- dataproc.autoscalingPolicies.use
- dataproc.clusters.create
- dataproc.clusters.delete
- dataproc.clusters.get
- dataproc.nodeGroups.create
- dataproc.operations.get
- dataproc.workflowTemplates.create
- dataproc.workflowTemplates.delete
- dataproc.workflowTemplates.get
- deploymentmanager.compositeTypes.get
- deploymentmanager.deployments.create
- deploymentmanager.deployments.delete
- deploymentmanager.deployments.get
- deploymentmanager.deployments.update
- deploymentmanager.operations.get
- deploymentmanager.typeProviders.create
- deploymentmanager.typeProviders.delete
- deploymentmanager.typeProviders.get
- deploymentmanager.typeProviders.update
- dns.changes.create
- dns.changes.get
- dns.changes.list
- dns.managedZones.create
- dns.managedZones.delete
- dns.managedZones.get
- dns.managedZones.list
- dns.managedZones.update
- dns.networks.bindPrivateDNSZone
- dns.networks.targetWithPeeringZone
- dns.policies.delete
- dns.policies.get
- dns.resourceRecordSets.create
- dns.resourceRecordSets.delete
- dns.resourceRecordSets.list
- dns.resourceRecordSets.update
- file.instances.create
- file.instances.delete
- file.instances.get
- file.instances.update
- file.operations.get
- firebase.projects.get
- firebase.projects.update
- firebaseanalytics.resources.googleAnalyticsEdit
- iam.roles.create
- iam.roles.delete
- iam.roles.get
- iam.roles.list
- iam.roles.update
- iam.serviceAccountKeys.delete
- iam.serviceAccountKeys.get
- iam.serviceAccounts.actAs
- iam.serviceAccounts.create
- iam.serviceAccounts.delete
- iam.serviceAccounts.get
- iam.serviceAccounts.list
- iam.serviceAccounts.update
- logging.buckets.update
- logging.exclusions.create
- logging.exclusions.delete
- logging.exclusions.get
- logging.exclusions.update
- logging.logEntries.create
- logging.logMetrics.create
- logging.logMetrics.delete
- logging.logMetrics.get
- logging.logMetrics.update
- logging.notificationRules.create
- logging.sinks.create
- logging.sinks.delete
- logging.sinks.get
- logging.sinks.update
- monitoring.alertPolicies.create
- monitoring.alertPolicies.delete
- monitoring.alertPolicies.get
- monitoring.alertPolicies.list
- monitoring.alertPolicies.update
- monitoring.dashboards.create
- monitoring.dashboards.delete
- monitoring.dashboards.get
- monitoring.dashboards.update
- monitoring.groups.create
- monitoring.groups.delete
- monitoring.groups.get
- monitoring.groups.update
- monitoring.metricDescriptors.create
- monitoring.metricDescriptors.delete
- monitoring.metricDescriptors.get
- monitoring.notificationChannels.create
- monitoring.notificationChannels.delete
- monitoring.notificationChannels.get
- monitoring.notificationChannels.update
- monitoring.uptimeCheckConfigs.create
- monitoring.uptimeCheckConfigs.delete
- monitoring.uptimeCheckConfigs.get
- monitoring.uptimeCheckConfigs.update
- networksecurity.serverTlsPolicies.use
- pubsub.schemas.attach
- pubsub.subscriptions.create
- pubsub.subscriptions.delete
- pubsub.subscriptions.get
- pubsub.subscriptions.update
- pubsub.topics.attachSubscription
- pubsub.topics.create
- pubsub.topics.delete
- pubsub.topics.get
- pubsub.topics.getIamPolicy
- pubsub.topics.publish
- pubsub.topics.update
- redis.instances.create
- redis.instances.delete
- redis.instances.get
- redis.instances.update
- redis.instances.updateAuth
- redis.operations.get
- resourcemanager.folders.create
- resourcemanager.folders.delete
- resourcemanager.folders.get
- resourcemanager.folders.getIamPolicy
- resourcemanager.folders.list
- resourcemanager.folders.update
- resourcemanager.organizations.getIamPolicy
- resourcemanager.projects.create
- resourcemanager.projects.createBillingAssignment
- resourcemanager.projects.delete
- resourcemanager.projects.deleteBillingAssignment
- resourcemanager.projects.get
- resourcemanager.projects.getIamPolicy
- resourcemanager.projects.list
- resourcemanager.projects.move
- resourcemanager.projects.update
- resourcemanager.projects.updateLiens
- resourcemanager.tagHolds.create
- resourcemanager.tagHolds.delete
- resourcemanager.tagValueBindings.create
- resourcemanager.tagValueBindings.delete
- resourcemanager.tagValues.get
- runtimeconfig.configs.create
- runtimeconfig.configs.delete
- runtimeconfig.configs.get
- runtimeconfig.configs.list
- runtimeconfig.configs.update
- runtimeconfig.variables.create
- runtimeconfig.variables.delete
- runtimeconfig.variables.get
- runtimeconfig.variables.list
- runtimeconfig.variables.update
- runtimeconfig.waiters.create
- runtimeconfig.waiters.delete
- runtimeconfig.waiters.get
- runtimeconfig.waiters.list
- servicedirectory.namespaces.associatePrivateZone
- servicedirectory.namespaces.create
- servicedirectory.namespaces.delete
- servicedirectory.services.create
- servicemanagement.services.bind
- servicenetworking.operations.get
- servicenetworking.services.addPeering
- servicenetworking.services.get
- serviceusage.services.disable
- serviceusage.services.enable
- serviceusage.services.get
- serviceusage.services.use
- source.repos.create
- spanner.databaseOperations.get
- spanner.databases.create
- spanner.databases.drop
- spanner.databases.get
- spanner.databases.updateDdl
- spanner.instanceOperations.get
- spanner.instances.create
- spanner.instances.delete
- spanner.instances.get
- spanner.instances.update
- storage.buckets.create
- storage.buckets.delete
- storage.buckets.get
- storage.buckets.getIamPolicy
- storage.buckets.update
- storage.hmacKeys.create
- storage.objects.create
- storage.objects.delete
- storage.objects.get
- storage.objects.getIamPolicy
- storage.objects.list
- vpcaccess.connectors.create
- vpcaccess.connectors.delete
- vpcaccess.operations.get
- workflows.operations.get
- workflows.workflows.create
- workflows.workflows.delete
- workflows.workflows.get