Firestore roles and permissions

This page lists the IAM roles and permissions for Firestore. To search through all roles and permissions, see the role and permission index.

Firestore roles

Role Permissions

Role	Permissions
Cloud Datastore Backup Schedules Admin (`roles/datastore.backupSchedulesAdmin`) Manage backup schedules in Cloud Datastore.	`datastore.backupSchedules.*` `datastore.backupSchedules.create` `datastore.backupSchedules.delete` `datastore.backupSchedules.get` `datastore.backupSchedules.list` `datastore.backupSchedules.update` `datastore.databases.getMetadata` `datastore.databases.list`
Cloud Datastore Backup Schedules Viewer (`roles/datastore.backupSchedulesViewer`) Read access to backup schedules in Cloud Datastore.	`datastore.backupSchedules.get` `datastore.backupSchedules.list`
Cloud Datastore Backups Admin (`roles/datastore.backupsAdmin`) Read/Write access to metadata about backups in Cloud Datastore but restore is not allowed.	`datastore.backups.delete` `datastore.backups.get` `datastore.backups.list`
Cloud Datastore Backups Viewer (`roles/datastore.backupsViewer`) Read access to metadata about backups in Cloud Datastore.	`datastore.backups.get` `datastore.backups.list`
Cloud Datastore Bulk Admin (`roles/datastore.bulkAdmin`) Full access to manage bulk operations.	`datastore.databases.bulkDelete` `datastore.databases.getMetadata` `datastore.operations.cancel` `datastore.operations.get` `datastore.operations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Cloud Datastore Clone Admin (`roles/datastore.cloneAdmin`) Clone Cloud Datastore Databases.	`datastore.databases.clone` `datastore.databases.create` `datastore.databases.getMetadata` `datastore.databases.list` `datastore.operations.get` `datastore.operations.list`
Cloud Datastore Import Export Admin (`roles/datastore.importExportAdmin`) Provides full access to manage imports and exports. Lowest-level resources where you can grant this role: Project	`appengine.applications.get` `datastore.databases.export` `datastore.databases.getMetadata` `datastore.databases.import` `datastore.operations.cancel` `datastore.operations.get` `datastore.operations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Cloud Datastore Index Admin (`roles/datastore.indexAdmin`) Provides full access to manage index definitions. Lowest-level resources where you can grant this role: Project	`appengine.applications.get` `datastore.databases.getMetadata` `datastore.indexes.*` `datastore.indexes.create` `datastore.indexes.delete` `datastore.indexes.get` `datastore.indexes.list` `datastore.indexes.update` `datastore.operations.get` `datastore.operations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Cloud Datastore Key Visualizer Viewer (`roles/datastore.keyVisualizerViewer`) Full access to Key Visualizer scans.	`datastore.databases.getMetadata` `datastore.keyVisualizerScans.*` `datastore.keyVisualizerScans.get` `datastore.keyVisualizerScans.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Cloud Datastore Owner (`roles/datastore.owner`) Provides full access to Datastore resources. Lowest-level resources where you can grant this role: Project	`appengine.applications.get` `databasesconsole.locations.` `databasesconsole.locations.get` `databasesconsole.locations.list` `databasesconsole.studioQueries.` `databasesconsole.studioQueries.create` `databasesconsole.studioQueries.delete` `databasesconsole.studioQueries.get` `databasesconsole.studioQueries.list` `databasesconsole.studioQueries.search` `databasesconsole.studioQueries.update` `datastore.*` `datastore.backupSchedules.create` `datastore.backupSchedules.delete` `datastore.backupSchedules.get` `datastore.backupSchedules.list` `datastore.backupSchedules.update` `datastore.backups.delete` `datastore.backups.get` `datastore.backups.list` `datastore.backups.restoreDatabase` `datastore.databases.bulkDelete` `datastore.databases.clone` `datastore.databases.create` `datastore.databases.createTagBinding` `datastore.databases.delete` `datastore.databases.deleteTagBinding` `datastore.databases.export` `datastore.databases.get` `datastore.databases.getMetadata` `datastore.databases.import` `datastore.databases.list` `datastore.databases.listEffectiveTags` `datastore.databases.listTagBindings` `datastore.databases.update` `datastore.entities.allocateIds` `datastore.entities.create` `datastore.entities.delete` `datastore.entities.get` `datastore.entities.list` `datastore.entities.update` `datastore.indexes.create` `datastore.indexes.delete` `datastore.indexes.get` `datastore.indexes.list` `datastore.indexes.update` `datastore.insights.get` `datastore.keyVisualizerScans.get` `datastore.keyVisualizerScans.list` `datastore.locations.get` `datastore.locations.list` `datastore.namespaces.get` `datastore.namespaces.list` `datastore.operations.cancel` `datastore.operations.delete` `datastore.operations.get` `datastore.operations.list` `datastore.statistics.get` `datastore.statistics.list` `datastore.userCreds.create` `datastore.userCreds.delete` `datastore.userCreds.get` `datastore.userCreds.list` `datastore.userCreds.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Cloud Datastore Restore Admin (`roles/datastore.restoreAdmin`) Restore into Cloud Datastore Databases from Cloud Datastore Backups.	`datastore.backups.get` `datastore.backups.list` `datastore.backups.restoreDatabase` `datastore.databases.create` `datastore.databases.getMetadata` `datastore.databases.list` `datastore.operations.get` `datastore.operations.list`
Cloud Datastore User (`roles/datastore.user`) Provides read/write access to data in a Datastore database. Lowest-level resources where you can grant this role: Project	`appengine.applications.get` `databasesconsole.locations.` `databasesconsole.locations.get` `databasesconsole.locations.list` `databasesconsole.studioQueries.create` `databasesconsole.studioQueries.delete` `databasesconsole.studioQueries.search` `databasesconsole.studioQueries.update` `datastore.databases.get` `datastore.databases.getMetadata` `datastore.databases.list` `datastore.entities.` `datastore.entities.allocateIds` `datastore.entities.create` `datastore.entities.delete` `datastore.entities.get` `datastore.entities.list` `datastore.entities.update` `datastore.indexes.list` `datastore.namespaces.` `datastore.namespaces.get` `datastore.namespaces.list` `datastore.statistics.` `datastore.statistics.get` `datastore.statistics.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Cloud Datastore User Creds Admin (`roles/datastore.userCredsAdmin`) Manage user creds in Cloud Datastore.	`datastore.databases.getMetadata` `datastore.databases.list` `datastore.userCreds.*` `datastore.userCreds.create` `datastore.userCreds.delete` `datastore.userCreds.get` `datastore.userCreds.list` `datastore.userCreds.update`
Cloud Datastore User Creds Viewer (`roles/datastore.userCredsViewer`) Read access to user creds in Cloud Datastore.	`datastore.userCreds.get` `datastore.userCreds.list`
Cloud Datastore Viewer (`roles/datastore.viewer`) Provides read access to Datastore resources. Lowest-level resources where you can grant this role: Project	`appengine.applications.get` `databasesconsole.locations.` `databasesconsole.locations.get` `databasesconsole.locations.list` `databasesconsole.studioQueries.search` `datastore.databases.get` `datastore.databases.getMetadata` `datastore.databases.list` `datastore.entities.get` `datastore.entities.list` `datastore.indexes.get` `datastore.indexes.list` `datastore.insights.get` `datastore.namespaces.` `datastore.namespaces.get` `datastore.namespaces.list` `datastore.statistics.*` `datastore.statistics.get` `datastore.statistics.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Firestore Service Agent (`roles/firestore.serviceAgent`) Gives Firestore service account access to managed resources. Warning: Do not grant service agent roles to any principals except service agents.	`storage.buckets.get` `storage.objects.create` `storage.objects.delete` `storage.objects.get` `storage.objects.list`

Cloud Datastore Backup Schedules Admin

(roles/datastore.backupSchedulesAdmin)

Manage backup schedules in Cloud Datastore.

datastore.backupSchedules.*

datastore.backupSchedules.create
datastore.backupSchedules.delete
datastore.backupSchedules.get
datastore.backupSchedules.list
datastore.backupSchedules.update

datastore.databases.getMetadata

datastore.databases.list

Cloud Datastore Backup Schedules Viewer

(roles/datastore.backupSchedulesViewer)

Read access to backup schedules in Cloud Datastore.

datastore.backupSchedules.get

datastore.backupSchedules.list

Cloud Datastore Backups Admin

(roles/datastore.backupsAdmin)

Read/Write access to metadata about backups in Cloud Datastore but restore is not allowed.

datastore.backups.delete

datastore.backups.get

datastore.backups.list

Cloud Datastore Backups Viewer

(roles/datastore.backupsViewer)

Read access to metadata about backups in Cloud Datastore.

datastore.backups.get

datastore.backups.list

Cloud Datastore Bulk Admin

(roles/datastore.bulkAdmin)

Full access to manage bulk operations.

datastore.databases.bulkDelete

datastore.databases.getMetadata

datastore.operations.cancel

datastore.operations.get

datastore.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Cloud Datastore Clone Admin

(roles/datastore.cloneAdmin)

Clone Cloud Datastore Databases.

datastore.databases.clone

datastore.databases.create

datastore.databases.getMetadata

datastore.databases.list

datastore.operations.get

datastore.operations.list

Cloud Datastore Import Export Admin

(roles/datastore.importExportAdmin)

Provides full access to manage imports and exports.

Lowest-level resources where you can grant this role:

Project

appengine.applications.get

datastore.databases.export

datastore.databases.getMetadata

datastore.databases.import

datastore.operations.cancel

datastore.operations.get

datastore.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Cloud Datastore Index Admin

(roles/datastore.indexAdmin)

Provides full access to manage index definitions.

Lowest-level resources where you can grant this role:

Project

appengine.applications.get

datastore.databases.getMetadata

datastore.indexes.*

datastore.indexes.create
datastore.indexes.delete
datastore.indexes.get
datastore.indexes.list
datastore.indexes.update

datastore.operations.get

datastore.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Cloud Datastore Key Visualizer Viewer

(roles/datastore.keyVisualizerViewer)

Full access to Key Visualizer scans.

datastore.databases.getMetadata

datastore.keyVisualizerScans.*

datastore.keyVisualizerScans.get
datastore.keyVisualizerScans.list

resourcemanager.projects.get

resourcemanager.projects.list

Cloud Datastore Owner

(roles/datastore.owner)

Provides full access to Datastore resources.

Lowest-level resources where you can grant this role:

Project

appengine.applications.get

databasesconsole.locations.*

databasesconsole.locations.get
databasesconsole.locations.list

databasesconsole.studioQueries.*

databasesconsole.studioQueries.create
databasesconsole.studioQueries.delete
databasesconsole.studioQueries.get
databasesconsole.studioQueries.list
databasesconsole.studioQueries.search
databasesconsole.studioQueries.update

datastore.*

datastore.backupSchedules.create
datastore.backupSchedules.delete
datastore.backupSchedules.get
datastore.backupSchedules.list
datastore.backupSchedules.update
datastore.backups.delete
datastore.backups.get
datastore.backups.list
datastore.backups.restoreDatabase
datastore.databases.bulkDelete
datastore.databases.clone
datastore.databases.create
datastore.databases.createTagBinding
datastore.databases.delete
datastore.databases.deleteTagBinding
datastore.databases.export
datastore.databases.get
datastore.databases.getMetadata
datastore.databases.import
datastore.databases.list
datastore.databases.listEffectiveTags
datastore.databases.listTagBindings
datastore.databases.update
datastore.entities.allocateIds
datastore.entities.create
datastore.entities.delete
datastore.entities.get
datastore.entities.list
datastore.entities.update
datastore.indexes.create
datastore.indexes.delete
datastore.indexes.get
datastore.indexes.list
datastore.indexes.update
datastore.insights.get
datastore.keyVisualizerScans.get
datastore.keyVisualizerScans.list
datastore.locations.get
datastore.locations.list
datastore.namespaces.get
datastore.namespaces.list
datastore.operations.cancel
datastore.operations.delete
datastore.operations.get
datastore.operations.list
datastore.statistics.get
datastore.statistics.list
datastore.userCreds.create
datastore.userCreds.delete
datastore.userCreds.get
datastore.userCreds.list
datastore.userCreds.update

resourcemanager.projects.get

resourcemanager.projects.list

Cloud Datastore Restore Admin

(roles/datastore.restoreAdmin)

Restore into Cloud Datastore Databases from Cloud Datastore Backups.

datastore.backups.get

datastore.backups.list

datastore.backups.restoreDatabase

datastore.databases.create

datastore.databases.getMetadata

datastore.databases.list

datastore.operations.get

datastore.operations.list

Cloud Datastore User

(roles/datastore.user)

Provides read/write access to data in a Datastore database.

Lowest-level resources where you can grant this role:

Project

appengine.applications.get

databasesconsole.locations.*

databasesconsole.locations.get
databasesconsole.locations.list

databasesconsole.studioQueries.create

databasesconsole.studioQueries.delete

databasesconsole.studioQueries.search

databasesconsole.studioQueries.update

datastore.databases.get

datastore.databases.getMetadata

datastore.databases.list

datastore.entities.*

datastore.entities.allocateIds
datastore.entities.create
datastore.entities.delete
datastore.entities.get
datastore.entities.list
datastore.entities.update

datastore.indexes.list

datastore.namespaces.*

datastore.namespaces.get
datastore.namespaces.list

datastore.statistics.*

datastore.statistics.get
datastore.statistics.list

resourcemanager.projects.get

resourcemanager.projects.list

Cloud Datastore User Creds Admin

(roles/datastore.userCredsAdmin)

Manage user creds in Cloud Datastore.

datastore.databases.getMetadata

datastore.databases.list

datastore.userCreds.*

datastore.userCreds.create
datastore.userCreds.delete
datastore.userCreds.get
datastore.userCreds.list
datastore.userCreds.update

Cloud Datastore User Creds Viewer

(roles/datastore.userCredsViewer)

Read access to user creds in Cloud Datastore.

datastore.userCreds.get

datastore.userCreds.list

Cloud Datastore Viewer

(roles/datastore.viewer)

Provides read access to Datastore resources.

Lowest-level resources where you can grant this role:

Project

appengine.applications.get

databasesconsole.locations.*

databasesconsole.locations.get
databasesconsole.locations.list

databasesconsole.studioQueries.search

datastore.databases.get

datastore.databases.getMetadata

datastore.databases.list

datastore.entities.get

datastore.entities.list

datastore.indexes.get

datastore.indexes.list

datastore.insights.get

datastore.namespaces.*

datastore.namespaces.get
datastore.namespaces.list

datastore.statistics.*

datastore.statistics.get
datastore.statistics.list

resourcemanager.projects.get

resourcemanager.projects.list

Firestore Service Agent

(roles/firestore.serviceAgent)

Gives Firestore service account access to managed resources.

storage.buckets.get

storage.objects.create

storage.objects.delete

storage.objects.get

storage.objects.list

Firestore permissions

Permission	Included in roles
`datastore.backupSchedules.create`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Datastore Backup Schedules Admin (`roles/datastore.backupSchedulesAdmin`) Cloud Datastore Owner (`roles/datastore.owner`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Databases Admin (`roles/iam.databasesAdmin`)
`datastore.backupSchedules.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Datastore Backup Schedules Admin (`roles/datastore.backupSchedulesAdmin`) Cloud Datastore Owner (`roles/datastore.owner`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Databases Admin (`roles/iam.databasesAdmin`)
`datastore.backupSchedules.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Datastore Backup Schedules Admin (`roles/datastore.backupSchedulesAdmin`) Cloud Datastore Backup Schedules Viewer (`roles/datastore.backupSchedulesViewer`) Cloud Datastore Owner (`roles/datastore.owner`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Databases Admin (`roles/iam.databasesAdmin`) Support User (`roles/iam.supportUser`)
`datastore.backupSchedules.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Datastore Backup Schedules Admin (`roles/datastore.backupSchedulesAdmin`) Cloud Datastore Backup Schedules Viewer (`roles/datastore.backupSchedulesViewer`) Cloud Datastore Owner (`roles/datastore.owner`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Databases Admin (`roles/iam.databasesAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`datastore.backupSchedules.update`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Datastore Backup Schedules Admin (`roles/datastore.backupSchedulesAdmin`) Cloud Datastore Owner (`roles/datastore.owner`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Databases Admin (`roles/iam.databasesAdmin`)
`datastore.backups.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Datastore Backups Admin (`roles/datastore.backupsAdmin`) Cloud Datastore Owner (`roles/datastore.owner`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Databases Admin (`roles/iam.databasesAdmin`)
`datastore.backups.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Datastore Backups Admin (`roles/datastore.backupsAdmin`) Cloud Datastore Backups Viewer (`roles/datastore.backupsViewer`) Cloud Datastore Owner (`roles/datastore.owner`) Cloud Datastore Restore Admin (`roles/datastore.restoreAdmin`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase Develop Viewer (`roles/firebase.developViewer`) Firebase Viewer (`roles/firebase.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Support User (`roles/iam.supportUser`)
`datastore.backups.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Datastore Backups Admin (`roles/datastore.backupsAdmin`) Cloud Datastore Backups Viewer (`roles/datastore.backupsViewer`) Cloud Datastore Owner (`roles/datastore.owner`) Cloud Datastore Restore Admin (`roles/datastore.restoreAdmin`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase Develop Viewer (`roles/firebase.developViewer`) Firebase Viewer (`roles/firebase.viewer`) Databases Admin (`roles/iam.databasesAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`datastore.backups.restoreDatabase`	Owner (`roles/owner`) Cloud Datastore Owner (`roles/datastore.owner`) Cloud Datastore Restore Admin (`roles/datastore.restoreAdmin`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Databases Admin (`roles/iam.databasesAdmin`)
`datastore.databases.bulkDelete`	Owner (`roles/owner`) Cloud Datastore Bulk Admin (`roles/datastore.bulkAdmin`) Cloud Datastore Owner (`roles/datastore.owner`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Databases Admin (`roles/iam.databasesAdmin`)
`datastore.databases.clone`	Owner (`roles/owner`) Cloud Datastore Clone Admin (`roles/datastore.cloneAdmin`) Cloud Datastore Owner (`roles/datastore.owner`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`)
`datastore.databases.create`	Owner (`roles/owner`) Cloud Datastore Clone Admin (`roles/datastore.cloneAdmin`) Cloud Datastore Owner (`roles/datastore.owner`) Cloud Datastore Restore Admin (`roles/datastore.restoreAdmin`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Databases Admin (`roles/iam.databasesAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Firebase Service Management Service Agent (`roles/firebase.managementServiceAgent`)
`datastore.databases.createTagBinding`	Owner (`roles/owner`) Cloud Datastore Owner (`roles/datastore.owner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Tag User (`roles/resourcemanager.tagUser`)
`datastore.databases.delete`	Owner (`roles/owner`) Cloud Datastore Owner (`roles/datastore.owner`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`)
`datastore.databases.deleteTagBinding`	Owner (`roles/owner`) Cloud Datastore Owner (`roles/datastore.owner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Tag User (`roles/resourcemanager.tagUser`)
`datastore.databases.export`	Owner (`roles/owner`) Cloud Datastore Import Export Admin (`roles/datastore.importExportAdmin`) Cloud Datastore Owner (`roles/datastore.owner`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Databases Admin (`roles/iam.databasesAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Discovery Engine Service Agent (`roles/discoveryengine.serviceAgent`)
`datastore.databases.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Datastore Owner (`roles/datastore.owner`) Cloud Datastore User (`roles/datastore.user`) Cloud Datastore Viewer (`roles/datastore.viewer`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase Develop Viewer (`roles/firebase.developViewer`) Firebase Admin SDK Administrator Service Agent (`roles/firebase.sdkAdminServiceAgent`) Firebase Viewer (`roles/firebase.viewer`) Firebase Rules System (`roles/firebaserules.system`) Data Scientist (`roles/iam.dataScientist`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Discovery Engine Service Agent (`roles/discoveryengine.serviceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`) Firebase Service Management Service Agent (`roles/firebase.managementServiceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`)
`datastore.databases.getMetadata`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Datastore Backup Schedules Admin (`roles/datastore.backupSchedulesAdmin`) Cloud Datastore Bulk Admin (`roles/datastore.bulkAdmin`) Cloud Datastore Clone Admin (`roles/datastore.cloneAdmin`) Cloud Datastore Import Export Admin (`roles/datastore.importExportAdmin`) Cloud Datastore Index Admin (`roles/datastore.indexAdmin`) Cloud Datastore Key Visualizer Viewer (`roles/datastore.keyVisualizerViewer`) Cloud Datastore Owner (`roles/datastore.owner`) Cloud Datastore Restore Admin (`roles/datastore.restoreAdmin`) Cloud Datastore User (`roles/datastore.user`) Cloud Datastore User Creds Admin (`roles/datastore.userCredsAdmin`) Cloud Datastore Viewer (`roles/datastore.viewer`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase Develop Viewer (`roles/firebase.developViewer`) Firebase Admin SDK Administrator Service Agent (`roles/firebase.sdkAdminServiceAgent`) Firebase Viewer (`roles/firebase.viewer`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. DLP API Service Agent (`roles/dlp.serviceAgent`) Firebase Service Management Service Agent (`roles/firebase.managementServiceAgent`) Discovery Engine Service Agent (`roles/discoveryengine.serviceAgent`)
`datastore.databases.import`	Owner (`roles/owner`) Cloud Datastore Import Export Admin (`roles/datastore.importExportAdmin`) Cloud Datastore Owner (`roles/datastore.owner`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Databases Admin (`roles/iam.databasesAdmin`)
`datastore.databases.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Datastore Backup Schedules Admin (`roles/datastore.backupSchedulesAdmin`) Cloud Datastore Clone Admin (`roles/datastore.cloneAdmin`) Cloud Datastore Owner (`roles/datastore.owner`) Cloud Datastore Restore Admin (`roles/datastore.restoreAdmin`) Cloud Datastore User (`roles/datastore.user`) Cloud Datastore User Creds Admin (`roles/datastore.userCredsAdmin`) Cloud Datastore Viewer (`roles/datastore.viewer`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase Develop Viewer (`roles/firebase.developViewer`) Firebase Admin SDK Administrator Service Agent (`roles/firebase.sdkAdminServiceAgent`) Firebase Viewer (`roles/firebase.viewer`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Firebase Service Management Service Agent (`roles/firebase.managementServiceAgent`) DLP API Service Agent (`roles/dlp.serviceAgent`)
`datastore.databases.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Datastore Owner (`roles/datastore.owner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`)
`datastore.databases.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Datastore Owner (`roles/datastore.owner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`)
`datastore.databases.update`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Datastore Owner (`roles/datastore.owner`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Firebase Service Management Service Agent (`roles/firebase.managementServiceAgent`)
`datastore.entities.allocateIds`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Datastore Owner (`roles/datastore.owner`) Cloud Datastore User (`roles/datastore.user`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase Admin SDK Administrator Service Agent (`roles/firebase.sdkAdminServiceAgent`) Firebase Rules System (`roles/firebaserules.system`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. DLP API Service Agent (`roles/dlp.serviceAgent`)
`datastore.entities.create`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Datastore Owner (`roles/datastore.owner`) Cloud Datastore User (`roles/datastore.user`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase Admin SDK Administrator Service Agent (`roles/firebase.sdkAdminServiceAgent`) Firebase Rules System (`roles/firebaserules.system`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. DLP API Service Agent (`roles/dlp.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`)
`datastore.entities.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Datastore Owner (`roles/datastore.owner`) Cloud Datastore User (`roles/datastore.user`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase Admin SDK Administrator Service Agent (`roles/firebase.sdkAdminServiceAgent`) Firebase Rules System (`roles/firebaserules.system`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. DLP API Service Agent (`roles/dlp.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`)
`datastore.entities.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Datastore Owner (`roles/datastore.owner`) Cloud Datastore User (`roles/datastore.user`) Cloud Datastore Viewer (`roles/datastore.viewer`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase Develop Viewer (`roles/firebase.developViewer`) Firebase Admin SDK Administrator Service Agent (`roles/firebase.sdkAdminServiceAgent`) Firebase Viewer (`roles/firebase.viewer`) Firebase Rules System (`roles/firebaserules.system`) Data Scientist (`roles/iam.dataScientist`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. DLP API Service Agent (`roles/dlp.serviceAgent`) Firebase Rules Firestore Service Agent (`roles/firebaserules.firestoreServiceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`)
`datastore.entities.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Datastore Owner (`roles/datastore.owner`) Cloud Datastore User (`roles/datastore.user`) Cloud Datastore Viewer (`roles/datastore.viewer`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase Develop Viewer (`roles/firebase.developViewer`) Firebase Admin SDK Administrator Service Agent (`roles/firebase.sdkAdminServiceAgent`) Firebase Viewer (`roles/firebase.viewer`) Firebase Rules System (`roles/firebaserules.system`) Data Scientist (`roles/iam.dataScientist`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. DLP API Service Agent (`roles/dlp.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`)
`datastore.entities.update`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Datastore Owner (`roles/datastore.owner`) Cloud Datastore User (`roles/datastore.user`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase Admin SDK Administrator Service Agent (`roles/firebase.sdkAdminServiceAgent`) Firebase Rules System (`roles/firebaserules.system`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. DLP API Service Agent (`roles/dlp.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`)
`datastore.indexes.create`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Datastore Index Admin (`roles/datastore.indexAdmin`) Cloud Datastore Owner (`roles/datastore.owner`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Databases Admin (`roles/iam.databasesAdmin`)
`datastore.indexes.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Datastore Index Admin (`roles/datastore.indexAdmin`) Cloud Datastore Owner (`roles/datastore.owner`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Databases Admin (`roles/iam.databasesAdmin`)
`datastore.indexes.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Datastore Index Admin (`roles/datastore.indexAdmin`) Cloud Datastore Owner (`roles/datastore.owner`) Cloud Datastore Viewer (`roles/datastore.viewer`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase Develop Viewer (`roles/firebase.developViewer`) Firebase Admin SDK Administrator Service Agent (`roles/firebase.sdkAdminServiceAgent`) Firebase Viewer (`roles/firebase.viewer`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Support User (`roles/iam.supportUser`)
`datastore.indexes.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Datastore Index Admin (`roles/datastore.indexAdmin`) Cloud Datastore Owner (`roles/datastore.owner`) Cloud Datastore User (`roles/datastore.user`) Cloud Datastore Viewer (`roles/datastore.viewer`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase Develop Viewer (`roles/firebase.developViewer`) Firebase Admin SDK Administrator Service Agent (`roles/firebase.sdkAdminServiceAgent`) Firebase Viewer (`roles/firebase.viewer`) Data Scientist (`roles/iam.dataScientist`) Databases Admin (`roles/iam.databasesAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. DLP API Service Agent (`roles/dlp.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`)
`datastore.indexes.update`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Datastore Index Admin (`roles/datastore.indexAdmin`) Cloud Datastore Owner (`roles/datastore.owner`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Databases Admin (`roles/iam.databasesAdmin`)
`datastore.insights.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Datastore Owner (`roles/datastore.owner`) Cloud Datastore Viewer (`roles/datastore.viewer`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase Admin SDK Administrator Service Agent (`roles/firebase.sdkAdminServiceAgent`) Data Scientist (`roles/iam.dataScientist`) Support User (`roles/iam.supportUser`)
`datastore.keyVisualizerScans.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Datastore Key Visualizer Viewer (`roles/datastore.keyVisualizerViewer`) Cloud Datastore Owner (`roles/datastore.owner`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Support User (`roles/iam.supportUser`)
`datastore.keyVisualizerScans.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Datastore Key Visualizer Viewer (`roles/datastore.keyVisualizerViewer`) Cloud Datastore Owner (`roles/datastore.owner`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`datastore.locations.get`	Owner (`roles/owner`) Cloud Datastore Owner (`roles/datastore.owner`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Firebase Service Management Service Agent (`roles/firebase.managementServiceAgent`)
`datastore.locations.list`	Owner (`roles/owner`) Cloud Datastore Owner (`roles/datastore.owner`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Firebase Service Management Service Agent (`roles/firebase.managementServiceAgent`)
`datastore.namespaces.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Datastore Owner (`roles/datastore.owner`) Cloud Datastore User (`roles/datastore.user`) Cloud Datastore Viewer (`roles/datastore.viewer`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase Develop Viewer (`roles/firebase.developViewer`) Firebase Admin SDK Administrator Service Agent (`roles/firebase.sdkAdminServiceAgent`) Firebase Viewer (`roles/firebase.viewer`) Data Scientist (`roles/iam.dataScientist`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. DLP API Service Agent (`roles/dlp.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`)
`datastore.namespaces.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Datastore Owner (`roles/datastore.owner`) Cloud Datastore User (`roles/datastore.user`) Cloud Datastore Viewer (`roles/datastore.viewer`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase Develop Viewer (`roles/firebase.developViewer`) Firebase Admin SDK Administrator Service Agent (`roles/firebase.sdkAdminServiceAgent`) Firebase Viewer (`roles/firebase.viewer`) Data Scientist (`roles/iam.dataScientist`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. DLP API Service Agent (`roles/dlp.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`)
`datastore.operations.cancel`	Owner (`roles/owner`) Cloud Datastore Bulk Admin (`roles/datastore.bulkAdmin`) Cloud Datastore Import Export Admin (`roles/datastore.importExportAdmin`) Cloud Datastore Owner (`roles/datastore.owner`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Databases Admin (`roles/iam.databasesAdmin`)
`datastore.operations.delete`	Owner (`roles/owner`) Cloud Datastore Owner (`roles/datastore.owner`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`)
`datastore.operations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Datastore Bulk Admin (`roles/datastore.bulkAdmin`) Cloud Datastore Clone Admin (`roles/datastore.cloneAdmin`) Cloud Datastore Import Export Admin (`roles/datastore.importExportAdmin`) Cloud Datastore Index Admin (`roles/datastore.indexAdmin`) Cloud Datastore Owner (`roles/datastore.owner`) Cloud Datastore Restore Admin (`roles/datastore.restoreAdmin`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Databases Admin (`roles/iam.databasesAdmin`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Firebase Service Management Service Agent (`roles/firebase.managementServiceAgent`) Discovery Engine Service Agent (`roles/discoveryengine.serviceAgent`)
`datastore.operations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Datastore Bulk Admin (`roles/datastore.bulkAdmin`) Cloud Datastore Clone Admin (`roles/datastore.cloneAdmin`) Cloud Datastore Import Export Admin (`roles/datastore.importExportAdmin`) Cloud Datastore Index Admin (`roles/datastore.indexAdmin`) Cloud Datastore Owner (`roles/datastore.owner`) Cloud Datastore Restore Admin (`roles/datastore.restoreAdmin`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Databases Admin (`roles/iam.databasesAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Firebase Service Management Service Agent (`roles/firebase.managementServiceAgent`)
`datastore.statistics.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Datastore Owner (`roles/datastore.owner`) Cloud Datastore User (`roles/datastore.user`) Cloud Datastore Viewer (`roles/datastore.viewer`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase Develop Viewer (`roles/firebase.developViewer`) Firebase Admin SDK Administrator Service Agent (`roles/firebase.sdkAdminServiceAgent`) Firebase Viewer (`roles/firebase.viewer`) Data Scientist (`roles/iam.dataScientist`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. DLP API Service Agent (`roles/dlp.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`)
`datastore.statistics.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Datastore Owner (`roles/datastore.owner`) Cloud Datastore User (`roles/datastore.user`) Cloud Datastore Viewer (`roles/datastore.viewer`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase Develop Viewer (`roles/firebase.developViewer`) Firebase Admin SDK Administrator Service Agent (`roles/firebase.sdkAdminServiceAgent`) Firebase Viewer (`roles/firebase.viewer`) Data Scientist (`roles/iam.dataScientist`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. DLP API Service Agent (`roles/dlp.serviceAgent`) App Engine Standard Environment Service Agent (`roles/appengine.serviceAgent`)
`datastore.userCreds.create`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Datastore Owner (`roles/datastore.owner`) Cloud Datastore User Creds Admin (`roles/datastore.userCredsAdmin`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Databases Admin (`roles/iam.databasesAdmin`)
`datastore.userCreds.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Datastore Owner (`roles/datastore.owner`) Cloud Datastore User Creds Admin (`roles/datastore.userCredsAdmin`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Databases Admin (`roles/iam.databasesAdmin`)
`datastore.userCreds.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Datastore Owner (`roles/datastore.owner`) Cloud Datastore User Creds Admin (`roles/datastore.userCredsAdmin`) Cloud Datastore User Creds Viewer (`roles/datastore.userCredsViewer`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Databases Admin (`roles/iam.databasesAdmin`) Support User (`roles/iam.supportUser`)
`datastore.userCreds.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Datastore Owner (`roles/datastore.owner`) Cloud Datastore User Creds Admin (`roles/datastore.userCredsAdmin`) Cloud Datastore User Creds Viewer (`roles/datastore.userCredsViewer`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Databases Admin (`roles/iam.databasesAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`datastore.userCreds.update`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Datastore Owner (`roles/datastore.owner`) Cloud Datastore User Creds Admin (`roles/datastore.userCredsAdmin`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Databases Admin (`roles/iam.databasesAdmin`)

Firestore roles and permissions Stay organized with collections Save and categorize content based on your preferences.

Firestore roles

Cloud Datastore Backup Schedules Admin

Cloud Datastore Backup Schedules Viewer

Cloud Datastore Backups Admin

Cloud Datastore Backups Viewer

Cloud Datastore Bulk Admin

Cloud Datastore Clone Admin

Cloud Datastore Import Export Admin

Cloud Datastore Index Admin

Cloud Datastore Key Visualizer Viewer

Cloud Datastore Owner

Cloud Datastore Restore Admin

Cloud Datastore User

Cloud Datastore User Creds Admin

Cloud Datastore User Creds Viewer

Cloud Datastore Viewer

Firestore Service Agent

Firestore permissions

datastore.backupSchedules.create

datastore.backupSchedules.delete

datastore.backupSchedules.get

datastore.backupSchedules.list

datastore.backupSchedules.update

datastore.backups.delete

datastore.backups.get

datastore.backups.list

datastore.backups.restoreDatabase

datastore.databases.bulkDelete

datastore.databases.clone

datastore.databases.create

datastore.databases.createTagBinding

datastore.databases.delete

datastore.databases.deleteTagBinding

datastore.databases.export

datastore.databases.get

datastore.databases.getMetadata

datastore.databases.import

datastore.databases.list

datastore.databases.listEffectiveTags

datastore.databases.listTagBindings

datastore.databases.update

datastore.entities.allocateIds

datastore.entities.create

datastore.entities.delete

datastore.entities.get

datastore.entities.list

datastore.entities.update

datastore.indexes.create

datastore.indexes.delete

datastore.indexes.get

datastore.indexes.list

datastore.indexes.update

datastore.insights.get

datastore.keyVisualizerScans.get

datastore.keyVisualizerScans.list

datastore.locations.get

datastore.locations.list

datastore.namespaces.get

datastore.namespaces.list

datastore.operations.cancel

datastore.operations.delete

datastore.operations.get

datastore.operations.list

datastore.statistics.get

datastore.statistics.list

datastore.userCreds.create

datastore.userCreds.delete

datastore.userCreds.get

datastore.userCreds.list

datastore.userCreds.update

Firestore roles and permissions

`datastore.backupSchedules.create`

`datastore.backupSchedules.delete`

`datastore.backupSchedules.get`

`datastore.backupSchedules.list`

`datastore.backupSchedules.update`

`datastore.backups.delete`

`datastore.backups.get`

`datastore.backups.list`

`datastore.backups.restoreDatabase`

`datastore.databases.bulkDelete`

`datastore.databases.clone`

`datastore.databases.create`

`datastore.databases.createTagBinding`

`datastore.databases.delete`

`datastore.databases.deleteTagBinding`

`datastore.databases.export`

`datastore.databases.get`

`datastore.databases.getMetadata`

`datastore.databases.import`

`datastore.databases.list`

`datastore.databases.listEffectiveTags`

`datastore.databases.listTagBindings`

`datastore.databases.update`

`datastore.entities.allocateIds`

`datastore.entities.create`

`datastore.entities.delete`

`datastore.entities.get`

`datastore.entities.list`

`datastore.entities.update`

`datastore.indexes.create`

`datastore.indexes.delete`

`datastore.indexes.get`

`datastore.indexes.list`

`datastore.indexes.update`

`datastore.insights.get`

`datastore.keyVisualizerScans.get`

`datastore.keyVisualizerScans.list`

`datastore.locations.get`

`datastore.locations.list`

`datastore.namespaces.get`

`datastore.namespaces.list`

`datastore.operations.cancel`

`datastore.operations.delete`

`datastore.operations.get`

`datastore.operations.list`

`datastore.statistics.get`

`datastore.statistics.list`

`datastore.userCreds.create`

`datastore.userCreds.delete`

`datastore.userCreds.get`

`datastore.userCreds.list`

`datastore.userCreds.update`