Firebase product-level predefined roles

These roles grant full read/write or read-only access to specific Firebase products.

Assign these roles to project members using the Google Cloud console.

Firebase App Check roles

Role Description Permissions
Firebase App Check Admin
roles/firebaseappcheck.admin
Full read/write access to
App Check resources
Firebase App Check Viewer
roles/firebaseappcheck.viewer
Read-only access to
App Check resources
Firebase App Check Token Verifier
roles/firebaseappcheck.tokenVerifier
Access to token verification capabilities for App Check

Firebase App Distribution roles

Role Description Permissions
Firebase App Distribution Admin
roles/firebaseappdistro.admin
Full read/write access to
App Distribution resources
Firebase App Distribution Viewer
roles/firebaseappdistro.viewer
Read-only access to
App Distribution resources

Firebase Authentication roles

Role Description Permissions
Firebase Authentication Admin
roles/firebaseauth.admin
Full read/write access to
Authentication resources
Firebase Authentication Viewer
roles/firebaseauth.viewer
Read-only access to
Authentication resources

Firebase A/B Testing roles (beta)

Role Description Permissions
Firebase A/B Testing Admin
roles/firebaseabt.admin
(beta)
Full read/write access to
A/B Testing resources
Firebase A/B Testing Viewer
roles/firebaseabt.viewer
(beta)
Read-only access to
A/B Testing resources

Cloud Firestore roles

Find available Cloud Firestore roles in the Google Cloud documentation.

To allow a project member to edit and publish security rules in the Firebase console or to deploy security rules via the Firebase CLI, you can create then assign them a custom role that includes the firebaserules.* permissions.

Cloud Storage roles

Find available Cloud Storage roles in the Google Cloud documentation.

To allow a project member to edit and publish security rules in the Firebase console or to deploy security rules via the Firebase CLI, you can create then assign them a custom role that includes the firebaserules.* permissions.

Cloud Functions for Firebase roles

Find available Cloud Functions for Firebase roles in the Google Cloud documentation.

Firebase messaging campaigns roles

These roles apply to campaigns for Firebase Cloud Messaging and Firebase In-App Messaging.

Role Description Permissions
Firebase messaging campaigns Admin
roles/firebasemessagingcampaigns.admin
Full read/write access to
campaigns resources for Cloud Messaging and In-App Messaging
Firebase messaging campaigns Viewer
roles/firebasemessagingcampaigns.viewer
Read-only access to
campaigns resources for Cloud Messaging and In-App Messaging

Firebase Cloud Messaging roles

Role Description Permissions
Firebase Cloud Messaging Admin
roles/firebasenotifications.admin
Full read/write access to
Cloud Messaging resources
Firebase Cloud Messaging Viewer
roles/firebasenotifications.viewer
Read-only access to
Cloud Messaging resources

Firebase Crashlytics roles

Role Description Permissions
Firebase Crashlytics Admin
roles/firebasecrashlytics.admin
Full read/write access to
Crashlytics resources
Firebase Crashlytics Viewer
roles/firebasecrashlytics.viewer
Read-only access to
Crashlytics resources
Role Description Permissions
Firebase Dynamic Links Admin
roles/firebasedynamiclinks.admin
Full read/write access to
Dynamic Links resources
Firebase Dynamic Links Viewer
roles/firebasedynamiclinks.viewer
Read-only access to
Dynamic Links resources

Firebase Extensions publisher roles

Role Description Permissions
Firebase Extensions Publisher - Extensions Admin
roles/firebaseextensionspublisher.extensionsAdmin
(beta)
Upload, publish, and view details and metrics for
Firebase Extensions
Firebase Extensions Publisher - Extensions Viewer
roles/firebaseextensionspublisher.extensionsViewer
(beta)
View details and metrics for
Firebase Extensions uploaded by this publisher

Firebase Hosting roles

Role Description Permissions
Firebase Hosting Admin
roles/firebasehosting.admin
Full read/write access to
Hosting resources
Firebase Hosting Viewer
roles/firebasehosting.viewer
Read-only access to
Hosting resources

Firebase In-App Messaging roles (beta)

Role Description Permissions
Firebase In-App Messaging Admin
roles/firebaseinappmessaging.admin
(beta)
Full read/write access to
In-App Messaging resources
Firebase In-App Messaging Viewer
roles/firebaseinappmessaging.viewer
(beta)
Read-only access to
In-App Messaging resources

Firebase ML roles (beta)

Role Description Permissions
Firebase ML Admin
roles/firebaseml.admin
(beta)
Full read/write access to
Firebase ML resources
Firebase ML Viewer
roles/firebaseml.viewer
(beta)
Read-only access to
Firebase ML resources

Firebase Performance Monitoring roles

Role Description Permissions
Firebase Performance Monitoring Admin
roles/firebaseperformance.admin
Full read/write access to
Performance Monitoring resources

Configure and receive Performance Monitoring alerts
Firebase Performance Monitoring Viewer
roles/firebaseperformance.viewer
Read-only access to
Performance Monitoring resources

Firebase Realtime Database roles

Role Description Permissions
Firebase Realtime Database Admin
roles/firebasedatabase.admin
Full read/write access to
Realtime Database resources
Firebase Realtime Database Viewer
roles/firebasedatabase.viewer
Read-only access to
Realtime Database resources

Firebase Remote Config roles

Role Description Permissions
Firebase Remote Config Admin
roles/cloudconfig.admin
Full read/write access to
Remote Config resources
Firebase Remote Config Viewer
roles/cloudconfig.viewer
Read-only access to
Remote Config resources

Firebase Test Lab roles

Firebase Test Lab requires access to Cloud Storage buckets, so it requires a very specific set of permissions that aren't all included in the standard Firebase predefined roles. To grant access to Test Lab, use one of the solutions described in the Firebase Test Lab permissions section.