Distribuição por Tier
Project Owner
1Admin
77Editor
20Operator
12Developer
10Viewer
57Specialized
55Roles Privilegiadas
Project OwnerProject OwnerProject EditorEditorIAM AdminAdminSecurity AdminAdminService Account AdminAdminService Account Key AdminAdminService Account Token CreatorSpecializedOrganization Role AdminAdminRole AdminAdminWorkload Identity Pool AdminAdminOrganization AdminAdminFolder AdminAdminProject DeleterSpecializedCompute AdminAdminCompute OS Admin LoginSpecializedStorage AdminAdminBigQuery AdminAdminKubernetes Engine AdminAdminCloud SQL AdminAdminCloud Spanner AdminAdminCloud Datastore OwnerAdminFirebase AdminAdminPub/Sub AdminAdminCloud Functions AdminAdminCloud Run AdminAdminApp Engine AdminAdminArtifact Registry AdministratorAdminSecret Manager AdminAdminCloud KMS AdminAdminLogging AdminAdminSecurity Center AdminAdminVertex AI AdministratorAdminAI Platform AdminAdminDataproc AdministratorAdminBigtable AdministratorAdminBilling Account AdministratorAdminOrganization Policy AdministratorAdminAccess Context Manager Policy AdminAdminCA Service AdminAdminCloud Deploy AdminAdminAlloyDB AdminAdminBinary Authorization Policy AdministratorAdminAPI Keys AdminAdminService Management AdminAdminHealthcare Dataset AdminAdminLooker AdminAdmin
Por Categoria
O GCP IAM usa predefined roles que agrupam permissões granulares por serviço. Roles de alto nível como roles/owner e roles/iam.admin devem ser atribuídas apenas quando estritamente necessário — prefira roles de menor escopo como Viewer, User ou Invoker.