Send feedback Access control with IAM Stay organized with collections Save and categorize content based on your preferences.
Preview
This product is subject to the "Pre-GA Offerings Terms" in the General Service Terms section of the Service Specific Terms . Pre-GA products are available "as is" and might have limited support. For more information, see the launch stage descriptions .
This page describes Application Design Center roles and permissions. To control access to App Design Center, use Identity and Access Management (IAM) to assign roles to users, groups, and service accounts.
Predefined Application Design Center roles To grant access to specific Google Cloud resources and prevent unauthorized access to other resources, assign App Design Center's predefined roles on the app-enabled folder or management project:.
Use the following IAM roles to manage spaces and author templates:
Application Design Center Admin (roles/designcenter.admin) Application Design Center User (roles/designcenter.user) Application Design Center Viewer (roles/designcenter.viewer) Use the following IAM roles to create application configurations and manage deployment lifecycles:
Application Admin (roles/designcenter.applicationAdmin) Application Editor (roles/designcenter.applicationEditor) Application Viewer (roles/designcenter.applicationViewer) The Application Design Center Admin role includes all permissions in the other Application Design Center roles.
Application Design Center role descriptions The following table describes App Design Center roles and their typical responsibilities.
Role
Description
Purpose
Application Design Center Admin
Ability to create and manage all App Design Center artifacts, and delegate application control to other users.
To manage the full lifecycle of an application. Typically Platform Admins, who generally have administrative permissions and full visibility of the end-to-end architecture. Application Design Center User
Ability to create and update application templates.
To scale the capability to create, update, or delete application templates to ease the effort of Platform Admins. Typically a Platform Engineer who needs to create and manage application templates. Application Design Center Viewer
Ability to view spaces, catalogs, templates, applications, and their attributes.
To enable basic visibility across spaces, catalogs and applications, and their dependencies. Typically most personnel in the organization. To get the most value, grant all App Design Center users this role. Application Admin
Ability to create, manage and deploy applications, and delegate application control to other application developers.
To manage application drafts and deployments, as well as the ability to attach service projects required to store individual resources. Typically administrators and developers who are responsible for application creation. Application Editor
Ability to create, manage, and deploy applications.
To scale the capability to manage drafts and deployments to ease the effort of application administrators. Typically an application operator who has a good understanding of deployments. Application Viewer
Ability to view applications.
To enable basic visibility across templates and applications, and their dependencies. Typically most personnel in the organization. To get the most value, grant all Application Design Center users this role.
Application Design Center permissions The following table lists App Design Center IAM roles and their permissions.
Application Design Center Admin Beta (roles/designcenter.admin )
Full access to Application Design Center resources.
apphub.applications.create
apphub.applications.delete
apphub.applications.get
apphub.applications.list
apphub.applications.update
apphub.locations.*
apphub.locations.getapphub.locations.list apphub.serviceProjectAttachments.list
cloudbuild.builds.get
cloudbuild.builds.list
config.deployments.get
config.deployments.getIamPolicy
config.deployments.list
config.locations.*
config.locations.getconfig.locations.list config.operations.get
config.operations.list
config.previews.export
config.previews.get
config.previews.list
config.resources.*
config.resources.getconfig.resources.list config.revisions.get
config.revisions.list
config.terraformversions.*
config.terraformversions.getconfig.terraformversions.list designcenter.*
designcenter.applicationTemplateRevisions.delete designcenter.applicationTemplateRevisions.get designcenter.applicationTemplateRevisions.list designcenter.applicationTemplates.create designcenter.applicationTemplates.delete designcenter.applicationTemplates.get designcenter.applicationTemplates.list designcenter.applicationTemplates.update designcenter.applications.create designcenter.applications.delete designcenter.applications.getdesigncenter.applications.listdesigncenter.applications.update designcenter.catalogTemplateRevisions.create designcenter.catalogTemplateRevisions.delete designcenter.catalogTemplateRevisions.get designcenter.catalogTemplateRevisions.list designcenter.catalogTemplates.create designcenter.catalogTemplates.delete designcenter.catalogTemplates.get designcenter.catalogTemplates.list designcenter.catalogTemplates.update designcenter.catalogs.createdesigncenter.catalogs.deletedesigncenter.catalogs.getdesigncenter.catalogs.listdesigncenter.catalogs.updatedesigncenter.components.createdesigncenter.components.deletedesigncenter.components.getdesigncenter.components.listdesigncenter.components.updatedesigncenter.connections.create designcenter.connections.delete designcenter.connections.getdesigncenter.connections.listdesigncenter.connections.update designcenter.locations.getdesigncenter.locations.listdesigncenter.operations.canceldesigncenter.operations.deletedesigncenter.operations.getdesigncenter.operations.listdesigncenter.sharedTemplateRevisions.get designcenter.sharedTemplateRevisions.list designcenter.sharedTemplates.get designcenter.sharedTemplates.list designcenter.shares.createdesigncenter.shares.deletedesigncenter.shares.getdesigncenter.shares.listdesigncenter.spaces.createdesigncenter.spaces.deletedesigncenter.spaces.getdesigncenter.spaces.getIamPolicy designcenter.spaces.listdesigncenter.spaces.setIamPolicy designcenter.spaces.update monitoring.timeSeries.create
orgpolicy.policy.get
resourcemanager.projects.get
resourcemanager.projects.list
storage.folders.*
storage.folders.createstorage.folders.deletestorage.folders.getstorage.folders.liststorage.folders.rename storage.managedFolders.create
storage.managedFolders.delete
storage.managedFolders.get
storage.managedFolders.list
storage.multipartUploads.*
storage.multipartUploads.abortstorage.multipartUploads.create storage.multipartUploads.liststorage.multipartUploads.listParts storage.objects.create
storage.objects.delete
storage.objects.get
storage.objects.list
storage.objects.move
storage.objects.restore
storage.objects.update
Application Design Center User Beta (roles/designcenter.user )
Readonly access to Application Design Center resources.
apphub.serviceProjectAttachments.list
designcenter.applicationTemplateRevisions.*
designcenter.applicationTemplateRevisions.delete designcenter.applicationTemplateRevisions.get designcenter.applicationTemplateRevisions.list designcenter.applicationTemplates.*
designcenter.applicationTemplates.create designcenter.applicationTemplates.delete designcenter.applicationTemplates.get designcenter.applicationTemplates.list designcenter.applicationTemplates.update designcenter.applications.get
designcenter.applications.list
designcenter.catalogTemplateRevisions.get
designcenter.catalogTemplateRevisions.list
designcenter.catalogTemplates.get
designcenter.catalogTemplates.list
designcenter.catalogs.get
designcenter.catalogs.list
designcenter.components.*
designcenter.components.createdesigncenter.components.deletedesigncenter.components.getdesigncenter.components.listdesigncenter.components.update designcenter.connections.*
designcenter.connections.create designcenter.connections.delete designcenter.connections.getdesigncenter.connections.listdesigncenter.connections.update designcenter.locations.*
designcenter.locations.getdesigncenter.locations.list designcenter.operations.get
designcenter.operations.list
designcenter.sharedTemplateRevisions.*
designcenter.sharedTemplateRevisions.get designcenter.sharedTemplateRevisions.list designcenter.sharedTemplates.*
designcenter.sharedTemplates.get designcenter.sharedTemplates.list designcenter.shares.get
designcenter.shares.list
designcenter.spaces.get
designcenter.spaces.getIamPolicy
designcenter.spaces.list
monitoring.timeSeries.create
orgpolicy.policy.get
resourcemanager.projects.get
resourcemanager.projects.list
storage.folders.*
storage.folders.createstorage.folders.deletestorage.folders.getstorage.folders.liststorage.folders.rename storage.managedFolders.create
storage.managedFolders.delete
storage.managedFolders.get
storage.managedFolders.list
storage.multipartUploads.*
storage.multipartUploads.abortstorage.multipartUploads.create storage.multipartUploads.liststorage.multipartUploads.listParts storage.objects.create
storage.objects.delete
storage.objects.get
storage.objects.list
storage.objects.move
storage.objects.restore
storage.objects.update
Application Design Center Viewer Beta (roles/designcenter.viewer )
Readonly access to Application Design Center resources.
designcenter.applicationTemplateRevisions.get
designcenter.applicationTemplateRevisions.list
designcenter.applicationTemplates.get
designcenter.applicationTemplates.list
designcenter.applications.get
designcenter.applications.list
designcenter.catalogTemplateRevisions.get
designcenter.catalogTemplateRevisions.list
designcenter.catalogTemplates.get
designcenter.catalogTemplates.list
designcenter.catalogs.get
designcenter.catalogs.list
designcenter.components.get
designcenter.components.list
designcenter.connections.get
designcenter.connections.list
designcenter.locations.*
designcenter.locations.getdesigncenter.locations.list designcenter.operations.get
designcenter.operations.list
designcenter.sharedTemplateRevisions.*
designcenter.sharedTemplateRevisions.get designcenter.sharedTemplateRevisions.list designcenter.sharedTemplates.*
designcenter.sharedTemplates.get designcenter.sharedTemplates.list designcenter.shares.get
designcenter.shares.list
designcenter.spaces.get
designcenter.spaces.getIamPolicy
designcenter.spaces.list
resourcemanager.projects.get
resourcemanager.projects.list
storage.folders.get
storage.folders.list
storage.managedFolders.get
storage.managedFolders.list
storage.objects.get
storage.objects.list
Application Admin Beta (roles/designcenter.applicationAdmin )
Admin access to Application.
apphub.applications.create
apphub.applications.delete
apphub.applications.get
apphub.applications.list
apphub.applications.update
apphub.locations.*
apphub.locations.getapphub.locations.list apphub.serviceProjectAttachments.list
cloudbuild.builds.get
cloudbuild.builds.list
config.deployments.get
config.deployments.getIamPolicy
config.deployments.list
config.locations.*
config.locations.getconfig.locations.list config.operations.get
config.operations.list
config.previews.export
config.previews.get
config.previews.list
config.resources.*
config.resources.getconfig.resources.list config.revisions.get
config.revisions.list
config.terraformversions.*
config.terraformversions.getconfig.terraformversions.list designcenter.applicationTemplateRevisions.get
designcenter.applicationTemplateRevisions.list
designcenter.applicationTemplates.get
designcenter.applicationTemplates.list
designcenter.applications.*
designcenter.applications.create designcenter.applications.delete designcenter.applications.getdesigncenter.applications.listdesigncenter.applications.update designcenter.sharedTemplateRevisions.*
designcenter.sharedTemplateRevisions.get designcenter.sharedTemplateRevisions.list designcenter.sharedTemplates.*
designcenter.sharedTemplates.get designcenter.sharedTemplates.list designcenter.shares.get
designcenter.shares.list
designcenter.spaces.get
designcenter.spaces.list
resourcemanager.projects.get
resourcemanager.projects.list
Application Editor Beta (roles/designcenter.applicationEditor )
Read and Write access to Application.
apphub.applications.create
apphub.applications.delete
apphub.applications.get
apphub.applications.list
apphub.applications.update
apphub.locations.*
apphub.locations.getapphub.locations.list apphub.serviceProjectAttachments.list
cloudbuild.builds.get
cloudbuild.builds.list
config.deployments.get
config.deployments.getIamPolicy
config.deployments.list
config.locations.*
config.locations.getconfig.locations.list config.operations.get
config.operations.list
config.previews.export
config.previews.get
config.previews.list
config.resources.*
config.resources.getconfig.resources.list config.revisions.get
config.revisions.list
config.terraformversions.*
config.terraformversions.getconfig.terraformversions.list designcenter.applicationTemplateRevisions.get
designcenter.applicationTemplateRevisions.list
designcenter.applicationTemplates.get
designcenter.applicationTemplates.list
designcenter.applications.*
designcenter.applications.create designcenter.applications.delete designcenter.applications.getdesigncenter.applications.listdesigncenter.applications.update designcenter.sharedTemplateRevisions.*
designcenter.sharedTemplateRevisions.get designcenter.sharedTemplateRevisions.list designcenter.sharedTemplates.*
designcenter.sharedTemplates.get designcenter.sharedTemplates.list designcenter.shares.get
designcenter.shares.list
designcenter.spaces.get
designcenter.spaces.list
resourcemanager.projects.get
resourcemanager.projects.list
Application Viewer Beta (roles/designcenter.applicationViewer )
Readonly access to Application.
apphub.applications.get
apphub.applications.list
apphub.locations.*
apphub.locations.getapphub.locations.list config.deployments.get
config.deployments.getIamPolicy
config.deployments.list
config.locations.*
config.locations.getconfig.locations.list config.operations.get
config.operations.list
config.previews.get
config.previews.list
config.resources.*
config.resources.getconfig.resources.list config.revisions.get
config.revisions.list
config.terraformversions.*
config.terraformversions.getconfig.terraformversions.list designcenter.applicationTemplateRevisions.get
designcenter.applicationTemplateRevisions.list
designcenter.applicationTemplates.get
designcenter.applicationTemplates.list
designcenter.applications.get
designcenter.applications.list
designcenter.sharedTemplateRevisions.*
designcenter.sharedTemplateRevisions.get designcenter.sharedTemplateRevisions.list designcenter.sharedTemplates.*
designcenter.sharedTemplates.get designcenter.sharedTemplates.list designcenter.shares.get
designcenter.shares.list
designcenter.spaces.get
designcenter.spaces.list
resourcemanager.projects.get
resourcemanager.projects.list
What's next Send feedback
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License , and code samples are licensed under the Apache 2.0 License . For details, see the Google Developers Site Policies . Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-10-02 UTC.
Need to tell us more? [[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-10-02 UTC."],[],[]]
