Firebase product-level predefined roles

These roles grant full read/write or read-only access to specific Firebase products.

Assign these roles to your members using the GCP console.

Firebase App Distribution roles (beta)

Role	Description	Permissions
Firebase App Distribution Admin `roles/firebaseappdistro.admin` (beta)	Full read/write access to App Distribution resources	App Distribution Admin permissions firebaseappdistro.releases.list firebaseappdistro.releases.update firebaseappdistro.testers.list firebaseappdistro.testers.update firebaseappdistro.groups.list firebaseappdistro.groups.update
Firebase App Distribution Viewer `roles/firebaseappdistro.viewer` (beta)	Read-only access to App Distribution resources	App Distribution Viewer permissions firebaseappdistro.releases.list firebaseappdistro.testers.list firebaseappdistro.groups.list

Firebase Authentication roles

Role	Description	Permissions
Firebase Authentication Admin `roles/firebaseauth.admin`	Full read/write access to Authentication resources	Authentication Admin permissions firebaseauth.configs.create firebaseauth.configs.get firebaseauth.configs.getHashConfig firebaseauth.configs.update firebaseauth.users.create firebaseauth.users.createSession firebaseauth.users.delete firebaseauth.users.get firebaseauth.users.sendEmail firebaseauth.users.update
Firebase Authentication Viewer `roles/firebaseauth.viewer`	Read-only access to Authentication resources	Authentication Viewer permissions firebaseauth.configs.get firebaseauth.users.get

Firebase A/B Testing roles (beta)

Role	Description	Permissions
Firebase A/B Testing Admin `roles/firebaseabt.admin` (beta)	Full read/write access to A/B Testing resources	A/B Testing Admin permissions firebaseabt.experimentresults.get firebaseabt.experiments.create firebaseabt.experiments.delete firebaseabt.experiments.get firebaseabt.experiments.list firebaseabt.experiments.update firebaseabt.projectmetadata.get Additional permission: Read and analyze-level access to Google Analytics in Firebase: firebaseanalytics.resources.googleAnalyticsReadAndAnalyze
Firebase A/B Testing Viewer `roles/firebaseabt.viewer` (beta)	Read-only access to A/B Testing resources	A/B Testing Viewer permissions firebaseabt.experimentresults.get firebaseabt.experiments.get firebaseabt.experiments.list firebaseabt.projectmetadata.get Additional permission: Read and analyze-level access to Google Analytics in Firebase: firebaseanalytics.resources.googleAnalyticsReadAndAnalyze

Cloud Firestore roles

Find available Cloud Firestore roles in the GCP documentation.

To allow a project member to edit and publish security rules in the Firebase console or to deploy security rules via the Firebase CLI, you can create then assign them a custom role that includes the firebaserules.* permissions.

Cloud Storage roles

Find available Cloud Storage roles in the GCP documentation.

Cloud Functions for Firebase roles

Find available Cloud Functions for Firebase roles in the GCP documentation.

Firebase Cloud Messaging roles

Role	Description	Permissions
Firebase Cloud Messaging Admin `roles/firebasenotifications.admin`	Full read/write access to Cloud Messaging resources	Cloud Messaging Admin permissions firebasenotifications.messages.create firebasenotifications.messages.delete firebasenotifications.messages.get firebasenotifications.messages.list firebasenotifications.messages.update Additional permission: Read and analyze-level access to Google Analytics in Firebase: firebaseanalytics.resources.googleAnalyticsReadAndAnalyze
Firebase Cloud Messaging Viewer `roles/firebasenotifications.viewer`	Read-only access to Cloud Messaging resources	Cloud Messaging Viewer permissions firebasenotifications.messages.get firebasenotifications.messages.list Additional permission: Read and analyze-level access to Google Analytics in Firebase: firebaseanalytics.resources.googleAnalyticsReadAndAnalyze

Firebase Crashlytics roles

Role	Description	Permissions
Firebase Crashlytics Admin `roles/firebasecrashlytics.admin`	Full read/write access to Crashlytics resources	Crashlytics Admin permissions firebasecrashlytics.config.get firebasecrashlytics.config.update firebasecrashlytics.data.get firebasecrashlytics.issues.get firebasecrashlytics.issues.list firebasecrashlytics.issues.update firebasecrashlytics.sessions.get Additional permission: Read and analyze-level access to Google Analytics in Firebase: firebaseanalytics.resources.googleAnalyticsReadAndAnalyze
Firebase Crashlytics Viewer `roles/firebasecrashlytics.viewer`	Read-only access to Crashlytics resources	Crashlytics Viewer permissions firebasecrashlytics.config.get firebasecrashlytics.data.get firebasecrashlytics.issues.get firebasecrashlytics.issues.list firebasecrashlytics.sessions.get Additional permission: Read and analyze-level access to Google Analytics in Firebase: firebaseanalytics.resources.googleAnalyticsReadAndAnalyze

Firebase Dynamic Links roles

Role	Description	Permissions
Firebase Dynamic Links Admin `roles/firebasedynamiclinks.admin`	Full read/write access to Dynamic Links resources	Dynamic Links Admin permissions firebasedynamiclinks.destinations.list firebasedynamiclinks.destinations.update firebasedynamiclinks.domains.create firebasedynamiclinks.domains.delete firebasedynamiclinks.domains.get firebasedynamiclinks.domains.list firebasedynamiclinks.domains.update firebasedynamiclinks.links.create firebasedynamiclinks.links.get firebasedynamiclinks.links.list firebasedynamiclinks.links.update firebasedynamiclinks.stats.get
Firebase Dynamic Links Viewer `roles/firebasedynamiclinks.viewer`	Read-only access to Dynamic Links resources	Dynamic Links Viewer permissions firebasedynamiclinks.destinations.list firebasedynamiclinks.domains.get firebasedynamiclinks.domains.list firebasedynamiclinks.links.get firebasedynamiclinks.links.list firebasedynamiclinks.stats.get

Firebase Hosting roles

Role	Description	Permissions
Firebase Hosting Admin `roles/firebasehosting.admin`	Full read/write access to Hosting resources	Hosting Admin permissions firebasehosting.sites.create firebasehosting.sites.delete firebasehosting.sites.get firebasehosting.sites.list firebasehosting.sites.update
Firebase Hosting Viewer `roles/firebasehosting.viewer`	Read-only access to Hosting resources	Hosting Viewer permissions firebasehosting.sites.get firebasehosting.sites.list

Firebase In-App Messaging roles (beta)

Role	Description	Permissions
Firebase In-App Messaging Admin `roles/firebaseinappmessaging.admin` (beta)	Full read/write access to In-App Messaging resources	In-App Messaging Admin permissions firebaseinappmessaging.campaigns.create firebaseinappmessaging.campaigns.delete firebaseinappmessaging.campaigns.get firebaseinappmessaging.campaigns.list firebaseinappmessaging.campaigns.update Additional permission: Read and analyze-level access to Google Analytics in Firebase: firebaseanalytics.resources.googleAnalyticsReadAndAnalyze
Firebase In-App Messaging Viewer `roles/firebaseinappmessaging.viewer` (beta)	Read-only access to In-App Messaging resources	In-App Messaging Viewer permissions firebaseinappmessaging.campaigns.get firebaseinappmessaging.campaigns.list Additional permission: Read and analyze-level access to Google Analytics in Firebase: firebaseanalytics.resources.googleAnalyticsReadAndAnalyze

ML Kit for Firebase roles (beta)

Role	Description	Permissions
ML Kit for Firebase Admin `roles/firebaseml.admin` (beta)	Full read/write access to ML Kit resources	ML Kit Admin permissions firebaseml.models.create firebaseml.models.get firebaseml.models.list firebaseml.models.update firebaseml.models.delete firebaseml.modelversions.create firebaseml.modelversions.get firebaseml.modelversions.list firebaseml.modelversions.update firebaseml.modelversions.delete firebaseml.compressionjobs.create firebaseml.compressionjobs.get firebaseml.compressionjobs.list firebaseml.compressionjobs.update firebaseml.compressionjobs.delete firebaseml.compressionjobs.start
ML Kit for Firebase Viewer `roles/firebaseml.viewer` (beta)	Read-only access to ML Kit resources	ML Kit Viewer permissions firebaseml.models.get firebaseml.models.list firebaseml.modelversions.get firebaseml.modelversions.list firebaseml.compressionjobs.get firebaseml.compressionjobs.list

Firebase Performance Monitoring roles

Role	Description	Permissions
Firebase Performance Monitoring Admin `roles/firebaseperformance.admin`	Full read/write access to Performance Monitoring resources	Performance Monitoring Admin permissions firebaseperformance.config.create firebaseperformance.config.delete firebaseperformance.config.update firebaseperformance.data.get
Firebase Performance Monitoring Viewer `roles/firebaseperformance.viewer`	Read-only access to Performance Monitoring resources	Performance Monitoring Viewer permissions firebaseperformance.data.get

Firebase Predictions roles

Role	Description	Permissions
Firebase Predictions Admin `roles/firebasepredictions.admin`	Full read/write access to Predictions resources	Predictions Admin permissions firebasepredictions.predictions.create firebasepredictions.predictions.delete firebasepredictions.predictions.list firebasepredictions.predictions.update Additional permission: Read and analyze-level access to Google Analytics in Firebase: firebaseanalytics.resources.googleAnalyticsReadAndAnalyze
Firebase Predictions Viewer `roles/firebasepredictions.viewer`	Read-only access to Predictions resources	Predictions Viewer permissions firebasepredictions.predictions.get firebasepredictions.predictions.list Additional permission: Read and analyze-level access to Google Analytics in Firebase: firebaseanalytics.resources.googleAnalyticsReadAndAnalyze

Firebase Realtime Database roles

Role	Description	Permissions
Firebase Realtime Database Admin `roles/firebasedatabase.admin`	Full read/write access to Realtime Database resources	Realtime Database Admin permissions firebasedatabase.instances.create firebasedatabase.instances.get firebasedatabase.instances.list firebasedatabase.instances.update
Firebase Realtime Database Viewer `roles/firebasedatabase.viewer`	Read-only access to Realtime Database resources	Realtime Database Viewer permissions firebasedatabase.instances.get firebasedatabase.instances.list

Firebase Remote Config roles

Role	Description	Permissions
Firebase Remote Config Admin `roles/cloudconfig.admin`	Full read/write access to Remote Config resources	Remote Config Admin permissions cloudconfig.configs.get cloudconfig.configs.update Additional permission: Read and analyze-level access to Google Analytics in Firebase: firebaseanalytics.resources.googleAnalyticsReadAndAnalyze
Firebase Remote Config Viewer `roles/cloudconfig.viewer`	Read-only access to Remote Config resources	Remote Config Viewer permissions cloudconfig.configs.get Additional permission: Read and analyze-level access to Google Analytics in Firebase: firebaseanalytics.resources.googleAnalyticsReadAndAnalyze

Firebase Test Lab roles

Firebase Test Lab requires access to Cloud Storage buckets, so it requires a very specific set of permissions that aren't all included in the standard Firebase predefined roles. To grant access to Test Lab, use one of the solutions described in the Firebase Test Lab permissions section.