roles/clouddeploymentmanager.serviceAgent 📋 Copy

Title: Cloud Deployment Manager Service Agent

Description: Allows Deployment Manager service to actuate resources across DM projects and folders

Stage: GA

669 Assigned Permissions:

• accesscontextmanager.accessLevels.create
• accesscontextmanager.accessLevels.delete
• accesscontextmanager.accessLevels.get
• accesscontextmanager.accessLevels.update
• accesscontextmanager.policies.list
• accesscontextmanager.servicePerimeters.create
• accesscontextmanager.servicePerimeters.delete
• accesscontextmanager.servicePerimeters.get
• accesscontextmanager.servicePerimeters.update
• appengine.applications.get
• appengine.operations.get
• appengine.services.update
• appengine.versions.create
• appengine.versions.delete
• appengine.versions.get
• appengine.versions.list
• artifactregistry.repositories.create
• artifactregistry.repositories.delete
• artifactregistry.repositories.get
• artifactregistry.repositories.update
• bigquery.connections.get
• bigquery.datasets.create
• bigquery.datasets.delete
• bigquery.datasets.get
• bigquery.datasets.getIamPolicy
• bigquery.datasets.update
• bigquery.jobs.create
• bigquery.routines.create
• bigquery.routines.get
• bigquery.routines.update
• bigquery.tables.create
• bigquery.tables.delete
• bigquery.tables.get
• bigquery.tables.getData
• bigquery.tables.setCategory
• bigquery.tables.update
• bigquery.tables.updateData
• bigtable.instances.create
• bigtable.instances.delete
• bigtable.instances.get
• bigtable.instances.update
• bigtable.tables.create
• bigtable.tables.delete
• bigtable.tables.get
• bigtable.tables.update
• billing.resourceAssociations.create
• billing.resourcebudgets.write
• cloudbuild.builds.create
• cloudbuild.builds.get
• cloudfunctions.functions.call
• cloudfunctions.functions.create
• cloudfunctions.functions.delete
• cloudfunctions.functions.get
• cloudfunctions.functions.getIamPolicy
• cloudfunctions.functions.list
• cloudfunctions.functions.update
• cloudfunctions.operations.get
• cloudprivatecatalog.targets.get
• cloudscheduler.jobs.create
• cloudscheduler.jobs.delete
• cloudscheduler.jobs.get
• cloudscheduler.jobs.update
• cloudsql.backupRuns.create
• cloudsql.databases.create
• cloudsql.databases.delete
• cloudsql.databases.get
• cloudsql.databases.list
• cloudsql.databases.update
• cloudsql.instances.create
• cloudsql.instances.delete
• cloudsql.instances.get
• cloudsql.instances.import
• cloudsql.instances.restart
• cloudsql.instances.update
• cloudsql.sslCerts.create
• cloudsql.sslCerts.delete
• cloudsql.sslCerts.get
• cloudsql.users.create
• cloudsql.users.delete
• cloudtasks.queues.create
• cloudtasks.queues.delete
• cloudtasks.queues.get
• compute.addresses.create
• compute.addresses.createInternal
• compute.addresses.delete
• compute.addresses.deleteInternal
• compute.addresses.get
• compute.addresses.list
• compute.addresses.setLabels
• compute.addresses.use
• compute.addresses.useInternal
• compute.autoscalers.create
• compute.autoscalers.delete
• compute.autoscalers.get
• compute.autoscalers.update
• compute.backendBuckets.create
• compute.backendBuckets.delete
• compute.backendBuckets.get
• compute.backendBuckets.update
• compute.backendBuckets.use
• compute.backendServices.create
• compute.backendServices.delete
• compute.backendServices.get
• compute.backendServices.setSecurityPolicy
• compute.backendServices.update
• compute.backendServices.use
• compute.disks.addResourcePolicies
• compute.disks.create
• compute.disks.delete
• compute.disks.get
• compute.disks.removeResourcePolicies
• compute.disks.resize
• compute.disks.setLabels
• compute.disks.update
• compute.disks.use
• compute.disks.useReadOnly
• compute.externalVpnGateways.create
• compute.externalVpnGateways.delete
• compute.externalVpnGateways.get
• compute.externalVpnGateways.setLabels
• compute.externalVpnGateways.use
• compute.firewallPolicies.create
• compute.firewallPolicies.delete
• compute.firewallPolicies.get
• compute.firewalls.create
• compute.firewalls.delete
• compute.firewalls.get
• compute.firewalls.list
• compute.firewalls.update
• compute.forwardingRules.create
• compute.forwardingRules.delete
• compute.forwardingRules.get
• compute.forwardingRules.pscCreate
• compute.forwardingRules.pscSetLabels
• compute.forwardingRules.setLabels
• compute.forwardingRules.setTarget
• compute.forwardingRules.update
• compute.forwardingRules.use
• compute.globalAddresses.create
• compute.globalAddresses.createInternal
• compute.globalAddresses.delete
• compute.globalAddresses.deleteInternal
• compute.globalAddresses.get
• compute.globalAddresses.setLabels
• compute.globalAddresses.use
• compute.globalForwardingRules.create
• compute.globalForwardingRules.delete
• compute.globalForwardingRules.get
• compute.globalForwardingRules.pscCreate
• compute.globalForwardingRules.pscDelete
• compute.globalForwardingRules.pscSetLabels
• compute.globalForwardingRules.setLabels
• compute.globalNetworkEndpointGroups.attachNetworkEndpoints
• compute.globalNetworkEndpointGroups.create
• compute.globalNetworkEndpointGroups.delete
• compute.globalNetworkEndpointGroups.get
• compute.globalNetworkEndpointGroups.use
• compute.globalOperations.get
• compute.healthChecks.create
• compute.healthChecks.delete
• compute.healthChecks.get
• compute.healthChecks.update
• compute.healthChecks.use
• compute.healthChecks.useReadOnly
• compute.httpHealthChecks.create
• compute.httpHealthChecks.delete
• compute.httpHealthChecks.get
• compute.httpHealthChecks.update
• compute.httpHealthChecks.use
• compute.httpHealthChecks.useReadOnly
• compute.httpsHealthChecks.create
• compute.httpsHealthChecks.delete
• compute.httpsHealthChecks.get
• compute.httpsHealthChecks.update
• compute.httpsHealthChecks.use
• compute.httpsHealthChecks.useReadOnly
• compute.images.create
• compute.images.delete
• compute.images.deprecate
• compute.images.get
• compute.images.setLabels
• compute.images.useReadOnly
• compute.instanceGroupManagers.create
• compute.instanceGroupManagers.delete
• compute.instanceGroupManagers.get
• compute.instanceGroupManagers.update
• compute.instanceGroupManagers.use
• compute.instanceGroups.create
• compute.instanceGroups.delete
• compute.instanceGroups.get
• compute.instanceGroups.update
• compute.instanceGroups.use
• compute.instanceTemplates.create
• compute.instanceTemplates.delete
• compute.instanceTemplates.get
• compute.instanceTemplates.useReadOnly
• compute.instances.addAccessConfig
• compute.instances.create
• compute.instances.delete
• compute.instances.deleteAccessConfig
• compute.instances.get
• compute.instances.listTagBindings
• compute.instances.resume
• compute.instances.setDeletionProtection
• compute.instances.setDiskAutoDelete
• compute.instances.setLabels
• compute.instances.setMetadata
• compute.instances.setServiceAccount
• compute.instances.setTags
• compute.instances.start
• compute.instances.stop
• compute.instances.suspend
• compute.instances.update
• compute.instances.updateDisplayDevice
• compute.instances.use
• compute.interconnectAttachments.create
• compute.interconnectAttachments.delete
• compute.interconnectAttachments.get
• compute.interconnectAttachments.setLabels
• compute.interconnectAttachments.update
• compute.interconnects.create
• compute.interconnects.delete
• compute.interconnects.get
• compute.interconnects.setLabels
• compute.interconnects.use
• compute.machineImages.useReadOnly
• compute.machineTypes.get
• compute.networkEndpointGroups.attachNetworkEndpoints
• compute.networkEndpointGroups.create
• compute.networkEndpointGroups.delete
• compute.networkEndpointGroups.get
• compute.networkEndpointGroups.use
• compute.networks.addPeering
• compute.networks.create
• compute.networks.delete
• compute.networks.get
• compute.networks.listPeeringRoutes
• compute.networks.removePeering
• compute.networks.switchToCustomMode
• compute.networks.update
• compute.networks.updatePolicy
• compute.networks.use
• compute.networks.useExternalIp
• compute.organizations.disableXpnResource
• compute.organizations.enableXpnHost
• compute.organizations.enableXpnResource
• compute.packetMirrorings.create
• compute.packetMirrorings.delete
• compute.packetMirrorings.get
• compute.projects.get
• compute.projects.setUsageExportBucket
• compute.regionBackendServices.create
• compute.regionBackendServices.delete
• compute.regionBackendServices.get
• compute.regionBackendServices.update
• compute.regionBackendServices.use
• compute.regionHealthChecks.create
• compute.regionHealthChecks.delete
• compute.regionHealthChecks.get
• compute.regionHealthChecks.update
• compute.regionHealthChecks.use
• compute.regionHealthChecks.useReadOnly
• compute.regionNetworkEndpointGroups.create
• compute.regionNetworkEndpointGroups.delete
• compute.regionNetworkEndpointGroups.get
• compute.regionNetworkEndpointGroups.use
• compute.regionOperations.get
• compute.regionSslCertificates.create
• compute.regionSslCertificates.delete
• compute.regionSslCertificates.get
• compute.regionTargetHttpProxies.create
• compute.regionTargetHttpProxies.delete
• compute.regionTargetHttpProxies.get
• compute.regionTargetHttpProxies.use
• compute.regionTargetHttpsProxies.create
• compute.regionTargetHttpsProxies.delete
• compute.regionTargetHttpsProxies.get
• compute.regionTargetHttpsProxies.use
• compute.regionUrlMaps.create
• compute.regionUrlMaps.delete
• compute.regionUrlMaps.get
• compute.regionUrlMaps.use
• compute.regions.get
• compute.reservations.list
• compute.resourcePolicies.create
• compute.resourcePolicies.delete
• compute.resourcePolicies.get
• compute.resourcePolicies.use
• compute.routers.create
• compute.routers.delete
• compute.routers.get
• compute.routers.update
• compute.routers.use
• compute.routes.create
• compute.routes.delete
• compute.routes.get
• compute.securityPolicies.create
• compute.securityPolicies.delete
• compute.securityPolicies.get
• compute.securityPolicies.setLabels
• compute.securityPolicies.update
• compute.securityPolicies.use
• compute.serviceAttachments.create
• compute.serviceAttachments.get
• compute.snapshots.useReadOnly
• compute.sslCertificates.create
• compute.sslCertificates.delete
• compute.sslCertificates.get
• compute.sslPolicies.create
• compute.sslPolicies.delete
• compute.sslPolicies.get
• compute.sslPolicies.use
• compute.subnetworks.create
• compute.subnetworks.delete
• compute.subnetworks.expandIpCidrRange
• compute.subnetworks.get
• compute.subnetworks.list
• compute.subnetworks.mirror
• compute.subnetworks.update
• compute.subnetworks.use
• compute.subnetworks.useExternalIp
• compute.targetHttpProxies.create
• compute.targetHttpProxies.delete
• compute.targetHttpProxies.get
• compute.targetHttpProxies.use
• compute.targetHttpsProxies.create
• compute.targetHttpsProxies.delete
• compute.targetHttpsProxies.get
• compute.targetHttpsProxies.setSslCertificates
• compute.targetHttpsProxies.setSslPolicy
• compute.targetHttpsProxies.use
• compute.targetInstances.create
• compute.targetInstances.delete
• compute.targetInstances.get
• compute.targetInstances.use
• compute.targetPools.addHealthCheck
• compute.targetPools.addInstance
• compute.targetPools.create
• compute.targetPools.delete
• compute.targetPools.get
• compute.targetPools.removeHealthCheck
• compute.targetPools.removeInstance
• compute.targetPools.use
• compute.targetSslProxies.create
• compute.targetSslProxies.delete
• compute.targetSslProxies.get
• compute.targetSslProxies.setSslCertificates
• compute.targetSslProxies.use
• compute.targetTcpProxies.create
• compute.targetTcpProxies.delete
• compute.targetTcpProxies.get
• compute.targetTcpProxies.use
• compute.targetVpnGateways.create
• compute.targetVpnGateways.delete
• compute.targetVpnGateways.get
• compute.targetVpnGateways.setLabels
• compute.targetVpnGateways.use
• compute.urlMaps.create
• compute.urlMaps.delete
• compute.urlMaps.get
• compute.urlMaps.update
• compute.urlMaps.use
• compute.vpnGateways.create
• compute.vpnGateways.delete
• compute.vpnGateways.get
• compute.vpnGateways.setLabels
• compute.vpnGateways.use
• compute.vpnTunnels.create
• compute.vpnTunnels.delete
• compute.vpnTunnels.get
• compute.vpnTunnels.setLabels
• compute.zoneOperations.get
• compute.zoneOperations.list
• compute.zones.get
• container.backendConfigs.create
• container.backendConfigs.delete
• container.backendConfigs.get
• container.clusterRoleBindings.create
• container.clusterRoleBindings.delete
• container.clusterRoleBindings.get
• container.clusterRoles.bind
• container.clusterRoles.create
• container.clusterRoles.delete
• container.clusterRoles.escalate
• container.clusterRoles.get
• container.clusters.create
• container.clusters.delete
• container.clusters.get
• container.clusters.getCredentials
• container.clusters.update
• container.configMaps.create
• container.configMaps.delete
• container.configMaps.get
• container.configMaps.update
• container.cronJobs.create
• container.cronJobs.delete
• container.cronJobs.get
• container.cronJobs.update
• container.daemonSets.create
• container.daemonSets.delete
• container.daemonSets.get
• container.daemonSets.update
• container.deployments.create
• container.deployments.delete
• container.deployments.get
• container.deployments.update
• container.frontendConfigs.create
• container.frontendConfigs.delete
• container.frontendConfigs.get
• container.horizontalPodAutoscalers.create
• container.horizontalPodAutoscalers.delete
• container.horizontalPodAutoscalers.get
• container.ingresses.create
• container.ingresses.delete
• container.ingresses.get
• container.jobs.create
• container.jobs.delete
• container.jobs.get
• container.managedCertificates.create
• container.managedCertificates.delete
• container.managedCertificates.get
• container.mutatingWebhookConfigurations.delete
• container.mutatingWebhookConfigurations.get
• container.namespaces.create
• container.namespaces.delete
• container.namespaces.get
• container.networkPolicies.create
• container.networkPolicies.delete
• container.networkPolicies.get
• container.operations.get
• container.podDisruptionBudgets.create
• container.podDisruptionBudgets.delete
• container.podDisruptionBudgets.get
• container.podSecurityPolicies.delete
• container.podSecurityPolicies.get
• container.priorityClasses.create
• container.priorityClasses.delete
• container.priorityClasses.get
• container.replicationControllers.create
• container.replicationControllers.delete
• container.replicationControllers.get
• container.roleBindings.create
• container.roleBindings.delete
• container.roleBindings.get
• container.roles.bind
• container.roles.create
• container.roles.delete
• container.roles.escalate
• container.roles.get
• container.roles.update
• container.secrets.create
• container.secrets.delete
• container.secrets.get
• container.secrets.update
• container.serviceAccounts.create
• container.serviceAccounts.delete
• container.serviceAccounts.get
• container.serviceAccounts.update
• container.services.create
• container.services.delete
• container.services.get
• container.statefulSets.create
• container.statefulSets.delete
• container.statefulSets.get
• container.statefulSets.update
• container.storageClasses.create
• container.storageClasses.delete
• container.storageClasses.get
• container.thirdPartyObjects.create
• container.thirdPartyObjects.delete
• container.thirdPartyObjects.get
• container.thirdPartyObjects.update
• container.validatingWebhookConfigurations.delete
• container.validatingWebhookConfigurations.get
• datacatalog.taxonomies.get
• dataproc.autoscalingPolicies.create
• dataproc.autoscalingPolicies.delete
• dataproc.autoscalingPolicies.get
• dataproc.autoscalingPolicies.use
• dataproc.clusters.create
• dataproc.clusters.delete
• dataproc.clusters.get
• dataproc.nodeGroups.create
• dataproc.operations.get
• dataproc.workflowTemplates.create
• dataproc.workflowTemplates.delete
• dataproc.workflowTemplates.get
• deploymentmanager.compositeTypes.get
• deploymentmanager.deployments.create
• deploymentmanager.deployments.delete
• deploymentmanager.deployments.get
• deploymentmanager.deployments.update
• deploymentmanager.operations.get
• deploymentmanager.typeProviders.create
• deploymentmanager.typeProviders.delete
• deploymentmanager.typeProviders.get
• deploymentmanager.typeProviders.update
• dns.changes.create
• dns.changes.get
• dns.changes.list
• dns.managedZones.create
• dns.managedZones.delete
• dns.managedZones.get
• dns.managedZones.list
• dns.managedZones.update
• dns.networks.bindPrivateDNSZone
• dns.networks.targetWithPeeringZone
• dns.policies.delete
• dns.policies.get
• dns.resourceRecordSets.create
• dns.resourceRecordSets.delete
• dns.resourceRecordSets.list
• dns.resourceRecordSets.update
• file.instances.create
• file.instances.delete
• file.instances.get
• file.instances.update
• file.operations.get
• firebase.projects.get
• firebase.projects.update
• firebaseanalytics.resources.googleAnalyticsEdit
• iam.roles.create
• iam.roles.delete
• iam.roles.get
• iam.roles.list
• iam.roles.update
• iam.serviceAccountKeys.delete
• iam.serviceAccountKeys.get
• iam.serviceAccounts.actAs
• iam.serviceAccounts.create
• iam.serviceAccounts.delete
• iam.serviceAccounts.get
• iam.serviceAccounts.list
• iam.serviceAccounts.update
• logging.buckets.update
• logging.exclusions.create
• logging.exclusions.delete
• logging.exclusions.get
• logging.exclusions.update
• logging.logEntries.create
• logging.logMetrics.create
• logging.logMetrics.delete
• logging.logMetrics.get
• logging.logMetrics.update
• logging.notificationRules.create
• logging.sinks.create
• logging.sinks.delete
• logging.sinks.get
• logging.sinks.update
• monitoring.alertPolicies.create
• monitoring.alertPolicies.delete
• monitoring.alertPolicies.get
• monitoring.alertPolicies.list
• monitoring.alertPolicies.update
• monitoring.dashboards.create
• monitoring.dashboards.delete
• monitoring.dashboards.get
• monitoring.dashboards.update
• monitoring.groups.create
• monitoring.groups.delete
• monitoring.groups.get
• monitoring.groups.update
• monitoring.metricDescriptors.create
• monitoring.metricDescriptors.delete
• monitoring.metricDescriptors.get
• monitoring.notificationChannels.create
• monitoring.notificationChannels.delete
• monitoring.notificationChannels.get
• monitoring.notificationChannels.update
• monitoring.uptimeCheckConfigs.create
• monitoring.uptimeCheckConfigs.delete
• monitoring.uptimeCheckConfigs.get
• monitoring.uptimeCheckConfigs.update
• networksecurity.serverTlsPolicies.use
• pubsub.schemas.attach
• pubsub.subscriptions.create
• pubsub.subscriptions.delete
• pubsub.subscriptions.get
• pubsub.subscriptions.update
• pubsub.topics.attachSubscription
• pubsub.topics.create
• pubsub.topics.delete
• pubsub.topics.get
• pubsub.topics.getIamPolicy
• pubsub.topics.publish
• pubsub.topics.update
• redis.instances.create
• redis.instances.delete
• redis.instances.get
• redis.instances.update
• redis.instances.updateAuth
• redis.operations.get
• resourcemanager.folders.create
• resourcemanager.folders.delete
• resourcemanager.folders.get
• resourcemanager.folders.getIamPolicy
• resourcemanager.folders.list
• resourcemanager.folders.update
• resourcemanager.organizations.getIamPolicy
• resourcemanager.projects.create
• resourcemanager.projects.createBillingAssignment
• resourcemanager.projects.delete
• resourcemanager.projects.deleteBillingAssignment
• resourcemanager.projects.get
• resourcemanager.projects.getIamPolicy
• resourcemanager.projects.list
• resourcemanager.projects.move
• resourcemanager.projects.update
• resourcemanager.projects.updateLiens
• resourcemanager.tagHolds.create
• resourcemanager.tagHolds.delete
• resourcemanager.tagValueBindings.create
• resourcemanager.tagValueBindings.delete
• resourcemanager.tagValues.get
• runtimeconfig.configs.create
• runtimeconfig.configs.delete
• runtimeconfig.configs.get
• runtimeconfig.configs.list
• runtimeconfig.configs.update
• runtimeconfig.variables.create
• runtimeconfig.variables.delete
• runtimeconfig.variables.get
• runtimeconfig.variables.list
• runtimeconfig.variables.update
• runtimeconfig.waiters.create
• runtimeconfig.waiters.delete
• runtimeconfig.waiters.get
• runtimeconfig.waiters.list
• servicedirectory.namespaces.associatePrivateZone
• servicedirectory.namespaces.create
• servicedirectory.namespaces.delete
• servicedirectory.services.create
• servicemanagement.services.bind
• servicenetworking.operations.get
• servicenetworking.services.addPeering
• servicenetworking.services.get
• serviceusage.services.disable
• serviceusage.services.enable
• serviceusage.services.get
• serviceusage.services.use
• source.repos.create
• spanner.databaseOperations.get
• spanner.databases.create
• spanner.databases.drop
• spanner.databases.get
• spanner.databases.updateDdl
• spanner.instanceOperations.get
• spanner.instances.create
• spanner.instances.delete
• spanner.instances.get
• spanner.instances.update
• storage.buckets.create
• storage.buckets.delete
• storage.buckets.get
• storage.buckets.getIamPolicy
• storage.buckets.update
• storage.hmacKeys.create
• storage.objects.create
• storage.objects.delete
• storage.objects.get
• storage.objects.getIamPolicy
• storage.objects.list
• vpcaccess.connectors.create
• vpcaccess.connectors.delete
• vpcaccess.operations.get
• workflows.operations.get
• workflows.workflows.create
• workflows.workflows.delete
• workflows.workflows.get