Google Cloud Managed Service for Apache Kafka roles and permissions
Stay organized with collections Save and categorize content based on your preferences.
This page lists the IAM roles and permissions for Google Cloud Managed Service for Apache Kafka. To search through all roles and permissions, see the role and permission index.
Google Cloud Managed Service for Apache Kafka roles
Role
Permissions
Managed Kafka Admin
(roles/managedkafka.admin)
Full access to Managed Kafka resources.
cloudasset.assets.searchAllResources
managedkafka.*
managedkafka.clusters.attachConnectCluster
managedkafka.clusters.connect
managedkafka.clusters.create
managedkafka.clusters.delete
managedkafka.clusters.get
managedkafka.clusters.list
managedkafka.clusters.update
managedkafka.config.delete
managedkafka.config.get
managedkafka.config.update
managedkafka.connectClusters.create
managedkafka.connectClusters.delete
managedkafka.connectClusters.get
managedkafka.connectClusters.list
managedkafka.connectClusters.update
managedkafka.connectors.create
managedkafka.connectors.delete
managedkafka.connectors.get
managedkafka.connectors.list
managedkafka.connectors.pause
managedkafka.connectors.restart
managedkafka.connectors.resume
managedkafka.connectors.stop
managedkafka.connectors.update
managedkafka.consumerGroups.delete
managedkafka.consumerGroups.get
managedkafka.consumerGroups.list
managedkafka.consumerGroups.update
managedkafka.contexts.get
managedkafka.contexts.list
managedkafka.locations.get
managedkafka.locations.list
managedkafka.mode.delete
managedkafka.mode.get
managedkafka.mode.update
managedkafka.operations.cancel
managedkafka.operations.delete
managedkafka.operations.get
managedkafka.operations.list
managedkafka.schemaRegistries.create
managedkafka.schemaRegistries.delete
managedkafka.schemaRegistries.get
managedkafka.schemaRegistries.list
managedkafka.schemas.get
managedkafka.schemas.listSubjects
managedkafka.schemas.listTypes
managedkafka.schemas.listVersions
managedkafka.subjects.delete
managedkafka.subjects.list
managedkafka.subjects.lookup
managedkafka.topics.create
managedkafka.topics.delete
managedkafka.topics.get
managedkafka.topics.list
managedkafka.topics.update
managedkafka.versions.checkCompatibility
managedkafka.versions.create
managedkafka.versions.delete
managedkafka.versions.get
managedkafka.versions.list
managedkafka.versions.referencedby
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
Managed Kafka Client
(roles/managedkafka.client)
Provides access to connect to the Kafka servers in a cluster, i.e. provides Kafka data plane access. Intended for, e.g., producers and consumers.
cloudasset.assets.searchAllResources
managedkafka.clusters.attachConnectCluster
managedkafka.clusters.connect
managedkafka.clusters.get
managedkafka.clusters.list
managedkafka.config.get
managedkafka.connectClusters.get
managedkafka.connectClusters.list
managedkafka.connectors.get
managedkafka.connectors.list
managedkafka.consumerGroups.*
managedkafka.consumerGroups.delete
managedkafka.consumerGroups.get
managedkafka.consumerGroups.list
managedkafka.consumerGroups.update
managedkafka.contexts.*
managedkafka.contexts.get
managedkafka.contexts.list
managedkafka.locations.*
managedkafka.locations.get
managedkafka.locations.list
managedkafka.mode.get
managedkafka.operations.get
managedkafka.operations.list
managedkafka.schemaRegistries.get
managedkafka.schemaRegistries.list
managedkafka.schemas.*
managedkafka.schemas.get
managedkafka.schemas.listSubjects
managedkafka.schemas.listTypes
managedkafka.schemas.listVersions
managedkafka.subjects.list
managedkafka.subjects.lookup
managedkafka.topics.*
managedkafka.topics.create
managedkafka.topics.delete
managedkafka.topics.get
managedkafka.topics.list
managedkafka.topics.update
managedkafka.versions.checkCompatibility
managedkafka.versions.get
managedkafka.versions.list
managedkafka.versions.referencedby
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
Managed Kafka Cluster Editor
(roles/managedkafka.clusterEditor)
Provides read and write access to Kafka clusters. Intended for, e.g., IT Departments that provision Kafka clusters, but need not be able to read or modify topics or consumer groups.
cloudasset.assets.searchAllResources
managedkafka.clusters.create
managedkafka.clusters.delete
managedkafka.clusters.get
managedkafka.clusters.list
managedkafka.clusters.update
managedkafka.config.get
managedkafka.connectClusters.get
managedkafka.connectClusters.list
managedkafka.connectors.get
managedkafka.connectors.list
managedkafka.consumerGroups.get
managedkafka.consumerGroups.list
managedkafka.contexts.*
managedkafka.contexts.get
managedkafka.contexts.list
managedkafka.locations.*
managedkafka.locations.get
managedkafka.locations.list
managedkafka.mode.get
managedkafka.operations.get
managedkafka.operations.list
managedkafka.schemaRegistries.get
managedkafka.schemaRegistries.list
managedkafka.schemas.*
managedkafka.schemas.get
managedkafka.schemas.listSubjects
managedkafka.schemas.listTypes
managedkafka.schemas.listVersions
managedkafka.subjects.list
managedkafka.subjects.lookup
managedkafka.topics.get
managedkafka.topics.list
managedkafka.versions.checkCompatibility
managedkafka.versions.get
managedkafka.versions.list
managedkafka.versions.referencedby
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
Managed Kafka Connect Cluster Editor Beta
(roles/managedkafka.connectClusterEditor)
Provides read and write access to Kafka Connect clusters. Intended for, e.g., IT Departments that provision Kafka Connect clusters, but need not be able to read or modify connectors.
managedkafka.connectClusters.*
managedkafka.connectClusters.create
managedkafka.connectClusters.delete
managedkafka.connectClusters.get
managedkafka.connectClusters.list
managedkafka.connectClusters.update
managedkafka.connectors.get
managedkafka.connectors.list
Managed Kafka Connector Editor Beta
(roles/managedkafka.connectorEditor)
Provides read and write access to connectors. Intended for, e.g., developers who configure and operate connectors.
cloudasset.assets.searchAllResources
managedkafka.clusters.get
managedkafka.clusters.list
managedkafka.config.get
managedkafka.connectClusters.get
managedkafka.connectClusters.list
managedkafka.connectors.*
managedkafka.connectors.create
managedkafka.connectors.delete
managedkafka.connectors.get
managedkafka.connectors.list
managedkafka.connectors.pause
managedkafka.connectors.restart
managedkafka.connectors.resume
managedkafka.connectors.stop
managedkafka.connectors.update
managedkafka.consumerGroups.get
managedkafka.consumerGroups.list
managedkafka.contexts.*
managedkafka.contexts.get
managedkafka.contexts.list
managedkafka.locations.*
managedkafka.locations.get
managedkafka.locations.list
managedkafka.mode.get
managedkafka.operations.get
managedkafka.operations.list
managedkafka.schemaRegistries.get
managedkafka.schemaRegistries.list
managedkafka.schemas.*
managedkafka.schemas.get
managedkafka.schemas.listSubjects
managedkafka.schemas.listTypes
managedkafka.schemas.listVersions
managedkafka.subjects.list
managedkafka.subjects.lookup
managedkafka.topics.get
managedkafka.topics.list
managedkafka.versions.checkCompatibility
managedkafka.versions.get
managedkafka.versions.list
managedkafka.versions.referencedby
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
Managed Kafka Consumer Group Editor
(roles/managedkafka.consumerGroupEditor)
Provides read and write access to consumer group metadata. Intended for, e.g., developers who configure consumer groups.
cloudasset.assets.searchAllResources
managedkafka.clusters.get
managedkafka.clusters.list
managedkafka.config.get
managedkafka.connectClusters.get
managedkafka.connectClusters.list
managedkafka.connectors.get
managedkafka.connectors.list
managedkafka.consumerGroups.*
managedkafka.consumerGroups.delete
managedkafka.consumerGroups.get
managedkafka.consumerGroups.list
managedkafka.consumerGroups.update
managedkafka.contexts.*
managedkafka.contexts.get
managedkafka.contexts.list
managedkafka.locations.*
managedkafka.locations.get
managedkafka.locations.list
managedkafka.mode.get
managedkafka.operations.get
managedkafka.operations.list
managedkafka.schemaRegistries.get
managedkafka.schemaRegistries.list
managedkafka.schemas.*
managedkafka.schemas.get
managedkafka.schemas.listSubjects
managedkafka.schemas.listTypes
managedkafka.schemas.listVersions
managedkafka.subjects.list
managedkafka.subjects.lookup
managedkafka.topics.get
managedkafka.topics.list
managedkafka.versions.checkCompatibility
managedkafka.versions.get
managedkafka.versions.list
managedkafka.versions.referencedby
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
Schema Registry Admin Beta
(roles/managedkafka.schemaRegistryAdmin)
Full access to schemas, schema versions and configs
managedkafka.config.*
managedkafka.config.delete
managedkafka.config.get
managedkafka.config.update
managedkafka.contexts.*
managedkafka.contexts.get
managedkafka.contexts.list
managedkafka.mode.*
managedkafka.mode.delete
managedkafka.mode.get
managedkafka.mode.update
managedkafka.schemaRegistries.*
managedkafka.schemaRegistries.create
managedkafka.schemaRegistries.delete
managedkafka.schemaRegistries.get
managedkafka.schemaRegistries.list
managedkafka.schemas.*
managedkafka.schemas.get
managedkafka.schemas.listSubjects
managedkafka.schemas.listTypes
managedkafka.schemas.listVersions
managedkafka.subjects.*
managedkafka.subjects.delete
managedkafka.subjects.list
managedkafka.subjects.lookup
managedkafka.versions.*
managedkafka.versions.checkCompatibility
managedkafka.versions.create
managedkafka.versions.delete
managedkafka.versions.get
managedkafka.versions.list
managedkafka.versions.referencedby
Schema Registry Editor Beta
(roles/managedkafka.schemaRegistryEditor)
View and edit schemas and schema versions
managedkafka.config.get
managedkafka.contexts.*
managedkafka.contexts.get
managedkafka.contexts.list
managedkafka.mode.get
managedkafka.schemaRegistries.*
managedkafka.schemaRegistries.create
managedkafka.schemaRegistries.delete
managedkafka.schemaRegistries.get
managedkafka.schemaRegistries.list
managedkafka.schemas.*
managedkafka.schemas.get
managedkafka.schemas.listSubjects
managedkafka.schemas.listTypes
managedkafka.schemas.listVersions
managedkafka.subjects.*
managedkafka.subjects.delete
managedkafka.subjects.list
managedkafka.subjects.lookup
managedkafka.versions.*
managedkafka.versions.checkCompatibility
managedkafka.versions.create
managedkafka.versions.delete
managedkafka.versions.get
managedkafka.versions.list
managedkafka.versions.referencedby
Schema Registry Viewer Beta
(roles/managedkafka.schemaRegistryViewer)
View schemas and schema versions
managedkafka.config.get
managedkafka.contexts.*
managedkafka.contexts.get
managedkafka.contexts.list
managedkafka.mode.get
managedkafka.schemaRegistries.get
managedkafka.schemaRegistries.list
managedkafka.schemas.*
managedkafka.schemas.get
managedkafka.schemas.listSubjects
managedkafka.schemas.listTypes
managedkafka.schemas.listVersions
managedkafka.subjects.list
managedkafka.subjects.lookup
managedkafka.versions.checkCompatibility
managedkafka.versions.get
managedkafka.versions.list
managedkafka.versions.referencedby
Managed Kafka Service Agent
(roles/managedkafka.serviceAgent)
Gives Managed Kafka Service Agent access to Cloud Platform resources.
compute.addresses.create
compute.addresses.createInternal
compute.addresses.delete
compute.addresses.deleteInternal
compute.addresses.list
compute.addresses.use
compute.addresses.useInternal
compute.forwardingRules.create
compute.forwardingRules.delete
compute.forwardingRules.list
compute.forwardingRules.pscCreate
compute.forwardingRules.pscDelete
compute.networkAttachments.create
compute.networkAttachments.delete
compute.networkAttachments.get
compute.networkAttachments.list
compute.networks.get
compute.networks.use
compute.regionOperations.get
compute.subnetworks.get
compute.subnetworks.use
dns.changes.create
dns.managedZones.create
dns.managedZones.delete
dns.managedZones.list
dns.networks.bindPrivateDNSZone
dns.networks.targetWithPeeringZone
dns.resourceRecordSets.create
dns.resourceRecordSets.delete
dns.resourceRecordSets.list
dns.resourceRecordSets.update
managedkafka.clusters.connect
privateca.caPools.get
servicedirectory.namespaces.create
servicedirectory.services.create
servicedirectory.services.delete
Managed Kafka Topic Editor
(roles/managedkafka.topicEditor)
Provides read and write access to topic metadata. Intended for, e.g., developers who configure topics.
cloudasset.assets.searchAllResources
managedkafka.clusters.get
managedkafka.clusters.list
managedkafka.config.get
managedkafka.connectClusters.get
managedkafka.connectClusters.list
managedkafka.connectors.get
managedkafka.connectors.list
managedkafka.consumerGroups.get
managedkafka.consumerGroups.list
managedkafka.contexts.*
managedkafka.contexts.get
managedkafka.contexts.list
managedkafka.locations.*
managedkafka.locations.get
managedkafka.locations.list
managedkafka.mode.get
managedkafka.operations.get
managedkafka.operations.list
managedkafka.schemaRegistries.get
managedkafka.schemaRegistries.list
managedkafka.schemas.*
managedkafka.schemas.get
managedkafka.schemas.listSubjects
managedkafka.schemas.listTypes
managedkafka.schemas.listVersions
managedkafka.subjects.list
managedkafka.subjects.lookup
managedkafka.topics.*
managedkafka.topics.create
managedkafka.topics.delete
managedkafka.topics.get
managedkafka.topics.list
managedkafka.topics.update
managedkafka.versions.checkCompatibility
managedkafka.versions.get
managedkafka.versions.list
managedkafka.versions.referencedby
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
Managed Kafka Viewer
(roles/managedkafka.viewer)
Readonly access to Managed Kafka resources.
cloudasset.assets.searchAllResources
managedkafka.clusters.get
managedkafka.clusters.list
managedkafka.config.get
managedkafka.connectClusters.get
managedkafka.connectClusters.list
managedkafka.connectors.get
managedkafka.connectors.list
managedkafka.consumerGroups.get
managedkafka.consumerGroups.list
managedkafka.contexts.*
managedkafka.contexts.get
managedkafka.contexts.list
managedkafka.locations.*
managedkafka.locations.get
managedkafka.locations.list
managedkafka.mode.get
managedkafka.operations.get
managedkafka.operations.list
managedkafka.schemaRegistries.get
managedkafka.schemaRegistries.list
managedkafka.schemas.*
managedkafka.schemas.get
managedkafka.schemas.listSubjects
managedkafka.schemas.listTypes
managedkafka.schemas.listVersions
managedkafka.subjects.list
managedkafka.subjects.lookup
managedkafka.topics.get
managedkafka.topics.list
managedkafka.versions.checkCompatibility
managedkafka.versions.get
managedkafka.versions.list
managedkafka.versions.referencedby
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
Google Cloud Managed Service for Apache Kafka permissions
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-06-05 UTC."],[],[]]