Cloud Functions IAM Permissions

The following tables list the Identity and Access Management (IAM) permissions that are associated with Cloud Functions.

Functions

Permission	Description
`cloudfunctions.functions.call`	Call the `callFunction` API.
`cloudfunctions.functions.invoke`	Invoke an HTTP function via its public URL.
`cloudfunctions.functions.create`	Create new functions.
`cloudfunctions.functions.delete`	Delete functions.
`cloudfunctions.functions.get`	View functions, excluding IAM policies.
`cloudfunctions.functions.list`	List functions.
`cloudfunctions.functions.update`	Update existing functions.
`cloudfunctions.functions.sourceCodeGet`	View function source code.
`cloudfunctions.functions.sourceCodeSet`	Update function source code.
`cloudfunctions.functions.getIamPolicy`	View IAM policies associated with a function.
`cloudfunctions.functions.setIamPolicy`	Update IAM policies associated with a function.

Operations

Permission	Description
`cloudfunctions.operations.get`	Get an existing operation.
`cloudfunctions.operations.list`	List all operations.

Locations

Permission	Description
`cloudfunctions.locations.list`	List all locations.

For a reference of which IAM permissions are contained in each IAM role, see Cloud Functions IAM Roles.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-06-16 UTC.