Google Cloud MCP servers roles and permissions

This page lists the IAM roles and permissions for Google Cloud MCP servers. To search through all roles and permissions, see the role and permission index.

Google Cloud MCP servers roles

Role Permissions

Role	Permissions
MCP tool user ^Beta (`roles/mcp.toolUser`) Role for calling tools on any MCP server enabled by the parent project.	`mcp.tools.call` `resourcemanager.projects.get` `resourcemanager.projects.list`

MCP tool user ^Beta

(roles/mcp.toolUser)

Role for calling tools on any MCP server enabled by the parent project.

mcp.tools.call

resourcemanager.projects.get

resourcemanager.projects.list

Google Cloud MCP servers permissions

Permission Included in roles

Permission	Included in roles
`mcp.tools.call`	Owner (`roles/owner`) Editor (`roles/editor`) MCP tool user (`roles/mcp.toolUser`)

`mcp.tools.call`

Owner (roles/owner)

Editor (roles/editor)

MCP tool user (roles/mcp.toolUser)

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-12-10 UTC.

Google Cloud MCP servers roles and permissions Stay organized with collections Save and categorize content based on your preferences.

Google Cloud MCP servers roles

MCP tool user Beta

Google Cloud MCP servers permissions

mcp.tools.call

Google Cloud MCP servers roles and permissions

MCP tool user ^Beta

`mcp.tools.call`