These roles grant full read/write or read-only access to specific Firebase products.
Assign these roles to project members using the Google Cloud console.
Firebase App Check roles
Role | Description | Permissions |
---|---|---|
Firebase App Check Adminroles/firebaseappcheck.admin
|
Full read/write access to App Check resources |
App Check Admin permissions
firebaseappcheck.appAttestConfig.get
firebaseappcheck.appAttestConfig.update firebaseappcheck.appCheckTokens.verify firebaseappcheck.debugTokens.get firebaseappcheck.debugTokens.update firebaseappcheck.deviceCheckConfig.get firebaseappcheck.deviceCheckConfig.update firebaseappcheck.playIntegrityConfig.get firebaseappcheck.playIntegrityConfig.update firebaseappcheck.recaptchaEnterpriseConfig.get firebaseappcheck.recaptchaEnterpriseConfig.update firebaseappcheck.recaptchaV3Config.get firebaseappcheck.recaptchaV3Config.update firebaseappcheck.safetyNetConfig.get firebaseappcheck.safetyNetConfig.update firebaseappcheck.services.get firebaseappcheck.services.update |
Firebase App Check Viewerroles/firebaseappcheck.viewer
|
Read-only access to App Check resources |
App Check Viewer permissions
firebaseappcheck.appAttestConfig.get
firebaseappcheck.debugTokens.get firebaseappcheck.deviceCheckConfig.get firebaseappcheck.playIntegrityConfig.get firebaseappcheck.recaptchaEnterpriseConfig.get firebaseappcheck.recaptchaV3Config.get firebaseappcheck.safetyNetConfig.get firebaseappcheck.services.get |
Firebase App Check Token Verifierroles/firebaseappcheck.tokenVerifier
|
Access to token verification capabilities for App Check |
App Check Token Verifier permissions
firebaseappcheck.appCheckTokens.verify
|
Firebase App Distribution roles
Role | Description | Permissions |
---|---|---|
Firebase App Distribution Adminroles/firebaseappdistro.admin |
Full read/write access to App Distribution resources |
App Distribution Admin permissions
firebaseappdistro.releases.list
firebaseappdistro.releases.update firebaseappdistro.testers.list firebaseappdistro.testers.update firebaseappdistro.groups.list firebaseappdistro.groups.update |
Firebase App Distribution Viewerroles/firebaseappdistro.viewer |
Read-only access to App Distribution resources |
App Distribution Viewer permissions
firebaseappdistro.releases.list
firebaseappdistro.testers.list firebaseappdistro.groups.list |
Firebase App Hosting roles
Role | Description | Permissions |
---|---|---|
Firebase App Hosting Compute Runnerroles/firebaseapphosting.computeRunner |
Minimal access required to build and run App Hosting backends. Typically granted to service accounts. |
App Hosting Compute Runner permissions
firebaseapphosting.builds.update
storage.objects.setRetention As well as all permissions included in these roles: firebaseapphosting.viewer artifactregistry.createOnPushWriter logging.logWriter storage.objectUser developerconnect.readTokenAccessor |
Firebase App Hosting Adminroles/firebaseapphosting.admin |
Full read/write access to App Hosting resources |
App Hosting Admin permissions
firebaseapphosting.backends.create
firebaseapphosting.backends.delete firebaseapphosting.backends.get firebaseapphosting.backends.list firebaseapphosting.backends.update firebaseapphosting.builds.create firebaseapphosting.builds.delete firebaseapphosting.builds.get firebaseapphosting.builds.list firebaseapphosting.builds.update firebaseapphosting.domains.create firebaseapphosting.domains.delete firebaseapphosting.domains.get firebaseapphosting.domains.list firebaseapphosting.domains.update firebaseapphosting.locations.get firebaseapphosting.locations.list firebaseapphosting.operations.cancel firebaseapphosting.operations.delete firebaseapphosting.operations.get firebaseapphosting.operations.list firebaseapphosting.rollouts.create firebaseapphosting.rollouts.delete firebaseapphosting.rollouts.get firebaseapphosting.rollouts.list firebaseapphosting.rollouts.update firebaseapphosting.traffic.get firebaseapphosting.traffic.list firebaseapphosting.traffic.update |
Firebase App Hosting Viewer
roles/firebaseapphosting.viewer |
Read-only access to App Hosting resources |
App Hosting Viewer permissions
firebaseapphosting.backends.get
firebaseapphosting.backends.list firebaseapphosting.builds.get firebaseapphosting.builds.list firebaseapphosting.domains.get firebaseapphosting.domains.list firebaseapphosting.locations.get firebaseapphosting.locations.list firebaseapphosting.operations.list firebaseapphosting.operations.get firebaseapphosting.rollouts.get firebaseapphosting.rollouts.list firebaseapphosting.traffic.get firebaseapphosting.traffic.list |
Firebase App Hosting Developerroles/firebaseapphosting.developer |
Full read/write access to App Hosting backends, builds, and releases resources. |
App Hosting Developer permissions
firebaseapphosting.backends.update
firebaseapphosting.builds.create firebaseapphosting.builds.delete firebaseapphosting.builds.update firebaseapphosting.operations.delete firebaseapphosting.operations.cancel firebaseapphosting.rollouts.create firebaseapphosting.rollouts.delete firebaseapphosting.rollouts.update firebaseapphosting.traffic.update |
Firebase Authentication roles
Role | Description | Permissions |
---|---|---|
Firebase Authentication Adminroles/firebaseauth.admin
|
Full read/write access to Authentication resources |
Authentication Admin permissions
firebaseauth.configs.create
firebaseauth.configs.get firebaseauth.configs.getHashConfig firebaseauth.configs.getSecret firebaseauth.configs.update firebaseauth.users.create firebaseauth.users.createSession firebaseauth.users.delete firebaseauth.users.get firebaseauth.users.sendEmail firebaseauth.users.update |
Firebase Authentication Viewerroles/firebaseauth.viewer
|
Read-only access to Authentication resources |
Authentication Viewer permissions
firebaseauth.configs.get
firebaseauth.users.get |
Firebase A/B Testing roles (beta)
Role | Description | Permissions |
---|---|---|
Firebase A/B Testing Adminroles/firebaseabt.admin (beta) |
Full read/write access to A/B Testing resources |
A/B Testing Admin permissions
firebaseabt.experimentresults.get
firebaseabt.experiments.create firebaseabt.experiments.delete firebaseabt.experiments.get firebaseabt.experiments.list firebaseabt.experiments.update firebaseabt.projectmetadata.get |
Firebase A/B Testing Viewerroles/firebaseabt.viewer (beta) |
Read-only access to A/B Testing resources |
A/B Testing Viewer permissions
firebaseabt.experimentresults.get
firebaseabt.experiments.get firebaseabt.experiments.list firebaseabt.projectmetadata.get |
Cloud Firestore roles
Find available Cloud Firestore roles in the Google Cloud documentation.
To allow a project member to edit and publish security rules in the
Firebase console or to deploy security rules via the Firebase CLI, you
can create then assign them a custom role
that includes the
firebaserules.*
permissions.
Cloud Storage roles
Find available Cloud Storage roles in the Google Cloud documentation.
To allow a project member to edit and publish security rules in the
Firebase console or to deploy security rules via the Firebase CLI, you
can create then assign them a custom role
that includes the
firebaserules.*
permissions.
Cloud Functions for Firebase roles
Find available Cloud Functions for Firebase roles in the Google Cloud documentation.
Firebase messaging campaigns roles
These roles apply to campaigns for Firebase Cloud Messaging and Firebase In-App Messaging.
Role | Description | Permissions |
---|---|---|
Firebase messaging campaigns Adminroles/firebasemessagingcampaigns.admin
|
Full read/write access to campaigns resources for Cloud Messaging and In-App Messaging |
Firebase messaging campaigns Admin permissions
firebasemessagingcampaigns.campaigns.create
firebasemessagingcampaigns.campaigns.delete firebasemessagingcampaigns.campaigns.get firebasemessagingcampaigns.campaigns.list firebasemessagingcampaigns.campaigns.update firebasemessagingcampaigns.campaigns.start firebasemessagingcampaigns.campaigns.stop |
Firebase messaging campaigns Viewerroles/firebasemessagingcampaigns.viewer
|
Read-only access to campaigns resources for Cloud Messaging and In-App Messaging |
Firebase messaging campaigns Viewer permissions
firebasemessagingcampaigns.campaigns.get
firebasemessagingcampaigns.campaigns.list |
Firebase Cloud Messaging roles
Role | Description | Permissions |
---|---|---|
Firebase Cloud Messaging Adminroles/firebasenotifications.admin
|
Full read/write access to Cloud Messaging resources |
Cloud Messaging Admin permissions
firebasenotifications.messages.create
firebasenotifications.messages.delete firebasenotifications.messages.get firebasenotifications.messages.list firebasenotifications.messages.update |
Firebase Cloud Messaging Viewerroles/firebasenotifications.viewer
|
Read-only access to Cloud Messaging resources |
Cloud Messaging Viewer permissions
firebasenotifications.messages.get
firebasenotifications.messages.list |
Firebase Crashlytics roles
Role | Description | Permissions |
---|---|---|
Firebase Crashlytics Adminroles/firebasecrashlytics.admin
|
Full read/write access to Crashlytics resources |
Crashlytics Admin permissions
firebasecrashlytics.config.get
firebasecrashlytics.config.update firebasecrashlytics.data.get firebasecrashlytics.issues.get firebasecrashlytics.issues.list firebasecrashlytics.issues.update firebasecrashlytics.sessions.get |
Firebase Crashlytics Viewerroles/firebasecrashlytics.viewer
|
Read-only access to Crashlytics resources |
Crashlytics Viewer permissions
firebasecrashlytics.config.get
firebasecrashlytics.data.get firebasecrashlytics.issues.get firebasecrashlytics.issues.list firebasecrashlytics.sessions.get |
Firebase Dynamic Links roles
Role | Description | Permissions |
---|---|---|
Firebase Dynamic Links Adminroles/firebasedynamiclinks.admin
|
Full read/write access to Dynamic Links resources |
Dynamic Links Admin permissions
firebasedynamiclinks.destinations.list
firebasedynamiclinks.destinations.update firebasedynamiclinks.domains.create firebasedynamiclinks.domains.delete firebasedynamiclinks.domains.get firebasedynamiclinks.domains.list firebasedynamiclinks.domains.update firebasedynamiclinks.links.create firebasedynamiclinks.links.get firebasedynamiclinks.links.list firebasedynamiclinks.links.update firebasedynamiclinks.stats.get |
Firebase Dynamic Links Viewerroles/firebasedynamiclinks.viewer
|
Read-only access to Dynamic Links resources |
Dynamic Links Viewer permissions
firebasedynamiclinks.destinations.list
firebasedynamiclinks.domains.get firebasedynamiclinks.domains.list firebasedynamiclinks.links.get firebasedynamiclinks.links.list firebasedynamiclinks.stats.get |
Firebase Extensions publisher roles
Role | Description | Permissions |
---|---|---|
Firebase Extensions Publisher - Extensions Adminroles/firebaseextensionspublisher.extensionsAdmin (beta) |
Upload, publish, and view details and metrics for Firebase Extensions |
Firebase Extensions Publisher - Extensions Admin permissions
firebaseextensionspublisher.extensions.create
firebaseextensionspublisher.extensions.delete firebaseextensionspublisher.extensions.get firebaseextensionspublisher.extensions.list |
Firebase Extensions Publisher - Extensions Viewerroles/firebaseextensionspublisher.extensionsViewer (beta) |
View details and metrics for Firebase Extensions uploaded by this publisher |
Firebase Extensions Publisher - Extensions Viewer permissions
firebaseextensionspublisher.extensions.get
firebaseextensionspublisher.extensions.list |
Firebase Hosting roles
Role | Description | Permissions |
---|---|---|
Firebase Hosting Adminroles/firebasehosting.admin
|
Full read/write access to Hosting resources |
Hosting Admin permissions
firebasehosting.sites.create
firebasehosting.sites.delete firebasehosting.sites.get firebasehosting.sites.list firebasehosting.sites.update |
Firebase Hosting Viewerroles/firebasehosting.viewer
|
Read-only access to Hosting resources |
Hosting Viewer permissions
firebasehosting.sites.get
firebasehosting.sites.list |
Firebase In-App Messaging roles (beta)
Role | Description | Permissions |
---|---|---|
Firebase In-App Messaging Adminroles/firebaseinappmessaging.admin (beta) |
Full read/write access to In-App Messaging resources |
In-App Messaging Admin permissions
firebaseinappmessaging.campaigns.create
firebaseinappmessaging.campaigns.delete firebaseinappmessaging.campaigns.get firebaseinappmessaging.campaigns.list firebaseinappmessaging.campaigns.update |
Firebase In-App Messaging Viewerroles/firebaseinappmessaging.viewer (beta) |
Read-only access to In-App Messaging resources |
In-App Messaging Viewer permissions
firebaseinappmessaging.campaigns.get
firebaseinappmessaging.campaigns.list |
Firebase ML roles (beta)
Role | Description | Permissions |
---|---|---|
Firebase ML Adminroles/firebaseml.admin (beta) |
Full read/write access to Firebase ML resources |
Firebase ML Admin permissions
firebaseml.models.create
firebaseml.models.get firebaseml.models.list firebaseml.models.update firebaseml.models.delete firebaseml.modelversions.create firebaseml.modelversions.get firebaseml.modelversions.list firebaseml.modelversions.update firebaseml.modelversions.delete firebaseml.compressionjobs.create firebaseml.compressionjobs.get firebaseml.compressionjobs.list firebaseml.compressionjobs.update firebaseml.compressionjobs.delete firebaseml.compressionjobs.start |
Firebase ML Viewerroles/firebaseml.viewer (beta) |
Read-only access to Firebase ML resources |
Firebase ML Viewer permissions
firebaseml.models.get
firebaseml.models.list firebaseml.modelversions.get firebaseml.modelversions.list firebaseml.compressionjobs.get firebaseml.compressionjobs.list |
Firebase Performance Monitoring roles
Role | Description | Permissions |
---|---|---|
Firebase Performance Monitoring Adminroles/firebaseperformance.admin
|
Full read/write access to Performance Monitoring resources Configure and receive Performance Monitoring alerts |
Performance Monitoring Admin permissions
firebaseperformance.config.create
firebaseperformance.config.delete firebaseperformance.config.update firebaseperformance.data.get |
Firebase Performance Monitoring Viewerroles/firebaseperformance.viewer
|
Read-only access to Performance Monitoring resources |
Performance Monitoring Viewer permissions
firebaseperformance.data.get
|
Firebase Realtime Database roles
Role | Description | Permissions |
---|---|---|
Firebase Realtime Database Adminroles/firebasedatabase.admin
|
Full read/write access to Realtime Database resources |
Realtime Database Admin permissions
firebasedatabase.instances.create
firebasedatabase.instances.get firebasedatabase.instances.list firebasedatabase.instances.update |
Firebase Realtime Database Viewerroles/firebasedatabase.viewer
|
Read-only access to Realtime Database resources |
Realtime Database Viewer permissions
firebasedatabase.instances.get
firebasedatabase.instances.list |
Firebase Remote Config roles
Role | Description | Permissions |
---|---|---|
Firebase Remote Config Adminroles/cloudconfig.admin
|
Full read/write access to Remote Config resources |
Remote Config Admin permissions
cloudconfig.configs.get
cloudconfig.configs.update
|
Firebase Remote Config Viewerroles/cloudconfig.viewer
|
Read-only access to Remote Config resources |
Remote Config Viewer permissions
cloudconfig.configs.get
|
Firebase Test Lab roles
Firebase Test Lab requires access to Cloud Storage buckets, so it requires a very specific set of permissions that aren't all included in the standard Firebase predefined roles. To grant access to Test Lab, use one of the solutions described in the Firebase Test Lab permissions section.