These roles grant full read/write or read-only access to specific Firebase
products.
Assign these roles to your members using the
GCP console .
Note: The following permissions are in all
the Firebase product-level predefined roles:
- firebase.clients.get
- firebase.projects.get
- resourcemanager.projects.get
- resourcemanager.projects.list
Firebase App Distribution roles (beta)
Caution: These roles and their product-specific permissions are
beta releases . This means that the functionality might change in
backward-incompatible ways or have limited support. A beta release is not
subject to any SLA or deprecation policy.
Feature availability and support for these Firebase IAM roles will continue
to improve as the tool matures.
Role
Description
Permissions
Firebase App Distribution Admin
roles/firebaseappdistro.admin
(beta)
Full read/write access to App Distribution resources
App Distribution Admin
permissions
firebaseappdistro.releases.list
firebaseappdistro.releases.update
firebaseappdistro.testers.list
firebaseappdistro.testers.update
firebaseappdistro.groups.list
firebaseappdistro.groups.update
Firebase App Distribution Viewer
roles/firebaseappdistro.viewer
(beta)
Read-only access to App Distribution resources
App Distribution Viewer
permissions
firebaseappdistro.releases.list
firebaseappdistro.testers.list
firebaseappdistro.groups.list
Firebase Authentication roles
Role
Description
Permissions
Firebase Authentication Admin
roles/firebaseauth.admin
Full read/write access to Authentication resources
Authentication Admin
permissions
firebaseauth.configs.create
firebaseauth.configs.get
firebaseauth.configs.getHashConfig
firebaseauth.configs.update
firebaseauth.users.create
firebaseauth.users.createSession
firebaseauth.users.delete
firebaseauth.users.get
firebaseauth.users.sendEmail
firebaseauth.users.update
Firebase Authentication Viewer
roles/firebaseauth.viewer
Read-only access to Authentication resources
Authentication Viewer
permissions
firebaseauth.configs.get
firebaseauth.users.get
Firebase A/B Testing roles (beta)
Caution: These roles and their product-specific permissions are
beta releases . This means that the functionality might change in
backward-incompatible ways or have limited support. A beta release is not
subject to any SLA or deprecation policy.
Feature availability and support for these Firebase IAM roles will continue
to improve as the tool matures.
Role
Description
Permissions
Firebase A/B Testing Admin
roles/firebaseabt.admin
(beta)
Full read/write access to A/B Testing resources
A/B Testing Admin
permissions
firebaseabt.experimentresults.get
firebaseabt.experiments.create
firebaseabt.experiments.delete
firebaseabt.experiments.get
firebaseabt.experiments.list
firebaseabt.experiments.update
firebaseabt.projectmetadata.get
Additional permission: Read and analyze-level access
to Google Analytics in Firebase:
firebaseanalytics.resources.googleAnalyticsReadAndAnalyze
Firebase A/B Testing Viewer
roles/firebaseabt.viewer
(beta)
Read-only access to A/B Testing resources
A/B Testing Viewer
permissions
firebaseabt.experimentresults.get
firebaseabt.experiments.get
firebaseabt.experiments.list
firebaseabt.projectmetadata.get
Additional permission: Read and analyze-level access
to Google Analytics in Firebase:
firebaseanalytics.resources.googleAnalyticsReadAndAnalyze
Cloud Firestore roles
Find available Cloud Firestore roles in the
GCP documentation .
To allow a project member to edit and publish security rules in the
Firebase console or to deploy security rules via the Firebase CLI, you
can create then assign them a custom role
that includes the
firebaserules.*
permissions .
Cloud Storage roles
Find available Cloud Storage roles in the
GCP documentation .
To allow a project member to edit and publish security rules in the
Firebase console or to deploy security rules via the Firebase CLI, you
can create then assign them a custom role
that includes the
firebaserules.*
permissions .
Cloud Functions for Firebase roles
Find available Cloud Functions for Firebase roles in the
GCP documentation .
Firebase Cloud Messaging roles
Role
Description
Permissions
Firebase Cloud Messaging Admin
roles/firebasenotifications.admin
Full read/write access to Cloud Messaging resources
Cloud Messaging Admin
permissions
firebasenotifications.messages.create
firebasenotifications.messages.delete
firebasenotifications.messages.get
firebasenotifications.messages.list
firebasenotifications.messages.update
Additional permission: Read and analyze-level access
to Google Analytics in Firebase:
firebaseanalytics.resources.googleAnalyticsReadAndAnalyze
Firebase Cloud Messaging Viewer
roles/firebasenotifications.viewer
Read-only access to Cloud Messaging resources
Cloud Messaging Viewer
permissions
firebasenotifications.messages.get
firebasenotifications.messages.list
Additional permission: Read and analyze-level access
to Google Analytics in Firebase:
firebaseanalytics.resources.googleAnalyticsReadAndAnalyze
Firebase Crashlytics roles
Role
Description
Permissions
Firebase Crashlytics Admin
roles/firebasecrashlytics.admin
Full read/write access to Crashlytics resources
Crashlytics Admin
permissions
firebasecrashlytics.config.get
firebasecrashlytics.config.update
firebasecrashlytics.data.get
firebasecrashlytics.issues.get
firebasecrashlytics.issues.list
firebasecrashlytics.issues.update
firebasecrashlytics.sessions.get
Additional permission: Read and analyze-level access
to Google Analytics in Firebase:
firebaseanalytics.resources.googleAnalyticsReadAndAnalyze
Firebase Crashlytics Viewer
roles/firebasecrashlytics.viewer
Read-only access to Crashlytics resources
Crashlytics Viewer
permissions
firebasecrashlytics.config.get
firebasecrashlytics.data.get
firebasecrashlytics.issues.get
firebasecrashlytics.issues.list
firebasecrashlytics.sessions.get
Additional permission: Read and analyze-level access
to Google Analytics in Firebase:
firebaseanalytics.resources.googleAnalyticsReadAndAnalyze
Firebase Dynamic Links roles
Role
Description
Permissions
Firebase Dynamic Links Admin
roles/firebasedynamiclinks.admin
Full read/write access to Dynamic Links resources
Dynamic Links Admin
permissions
firebasedynamiclinks.destinations.list
firebasedynamiclinks.destinations.update
firebasedynamiclinks.domains.create
firebasedynamiclinks.domains.delete
firebasedynamiclinks.domains.get
firebasedynamiclinks.domains.list
firebasedynamiclinks.domains.update
firebasedynamiclinks.links.create
firebasedynamiclinks.links.get
firebasedynamiclinks.links.list
firebasedynamiclinks.links.update
firebasedynamiclinks.stats.get
Firebase Dynamic Links Viewer
roles/firebasedynamiclinks.viewer
Read-only access to Dynamic Links resources
Dynamic Links Viewer
permissions
firebasedynamiclinks.destinations.list
firebasedynamiclinks.domains.get
firebasedynamiclinks.domains.list
firebasedynamiclinks.links.get
firebasedynamiclinks.links.list
firebasedynamiclinks.stats.get
Firebase Hosting roles
Role
Description
Permissions
Firebase Hosting Admin
roles/firebasehosting.admin
Full read/write access to Hosting resources
Hosting Admin
permissions
firebasehosting.sites.create
firebasehosting.sites.delete
firebasehosting.sites.get
firebasehosting.sites.list
firebasehosting.sites.update
Firebase Hosting Viewer
roles/firebasehosting.viewer
Read-only access to Hosting resources
Hosting Viewer
permissions
firebasehosting.sites.get
firebasehosting.sites.list
Firebase In-App Messaging roles (beta)
Caution: These roles and their product-specific permissions are
beta releases . This means that the functionality might change in
backward-incompatible ways or have limited support. A beta release is not
subject to any SLA or deprecation policy.
Feature availability and support for these Firebase IAM roles will continue
to improve as the tool matures.
Role
Description
Permissions
Firebase In-App Messaging Admin
roles/firebaseinappmessaging.admin
(beta)
Full read/write access to In-App Messaging resources
In-App Messaging Admin
permissions
firebaseinappmessaging.campaigns.create
firebaseinappmessaging.campaigns.delete
firebaseinappmessaging.campaigns.get
firebaseinappmessaging.campaigns.list
firebaseinappmessaging.campaigns.update
Additional permission: Read and analyze-level access
to Google Analytics in Firebase:
firebaseanalytics.resources.googleAnalyticsReadAndAnalyze
Firebase In-App Messaging Viewer
roles/firebaseinappmessaging.viewer
(beta)
Read-only access to In-App Messaging resources
In-App Messaging Viewer
permissions
firebaseinappmessaging.campaigns.get
firebaseinappmessaging.campaigns.list
Additional permission: Read and analyze-level access
to Google Analytics in Firebase:
firebaseanalytics.resources.googleAnalyticsReadAndAnalyze
ML Kit for Firebase roles (beta)
Caution: These roles and their product-specific permissions are
beta releases . This means that the functionality might change in
backward-incompatible ways or have limited support. A beta release is not
subject to any SLA or deprecation policy.
Feature availability and support for these Firebase IAM roles will continue
to improve as the tool matures.
Role
Description
Permissions
ML Kit for Firebase Admin
roles/firebaseml.admin
(beta)
Full read/write access to ML Kit resources
ML Kit Admin
permissions
firebaseml.models.create
firebaseml.models.get
firebaseml.models.list
firebaseml.models.update
firebaseml.models.delete
firebaseml.modelversions.create
firebaseml.modelversions.get
firebaseml.modelversions.list
firebaseml.modelversions.update
firebaseml.modelversions.delete
firebaseml.compressionjobs.create
firebaseml.compressionjobs.get
firebaseml.compressionjobs.list
firebaseml.compressionjobs.update
firebaseml.compressionjobs.delete
firebaseml.compressionjobs.start
ML Kit for Firebase Viewer
roles/firebaseml.viewer
(beta)
Read-only access to ML Kit resources
ML Kit Viewer
permissions
firebaseml.models.get
firebaseml.models.list
firebaseml.modelversions.get
firebaseml.modelversions.list
firebaseml.compressionjobs.get
firebaseml.compressionjobs.list
Role
Description
Permissions
Firebase Performance Monitoring Admin
roles/firebaseperformance.admin
Full read/write access to Performance Monitoring resources
Performance Monitoring Admin
permissions
firebaseperformance.config.create
firebaseperformance.config.delete
firebaseperformance.config.update
firebaseperformance.data.get
Firebase Performance Monitoring Viewer
roles/firebaseperformance.viewer
Read-only access to Performance Monitoring resources
Performance Monitoring Viewer
permissions
firebaseperformance.data.get
Firebase Predictions roles
Role
Description
Permissions
Firebase Predictions Admin
roles/firebasepredictions.admin
Full read/write access to Predictions resources
Predictions Admin
permissions
firebasepredictions.predictions.create
firebasepredictions.predictions.delete
firebasepredictions.predictions.list
firebasepredictions.predictions.update
Additional permission: Read and analyze-level access
to Google Analytics in Firebase:
firebaseanalytics.resources.googleAnalyticsReadAndAnalyze
Firebase Predictions Viewer
roles/firebasepredictions.viewer
Read-only access to Predictions resources
Predictions Viewer
permissions
firebasepredictions.predictions.get
firebasepredictions.predictions.list
Additional permission: Read and analyze-level access
to Google Analytics in Firebase:
firebaseanalytics.resources.googleAnalyticsReadAndAnalyze
Firebase Realtime Database roles
Role
Description
Permissions
Firebase Realtime Database Admin
roles/firebasedatabase.admin
Full read/write access to Realtime Database resources
Realtime Database Admin
permissions
firebasedatabase.instances.create
firebasedatabase.instances.get
firebasedatabase.instances.list
firebasedatabase.instances.update
Firebase Realtime Database Viewer
roles/firebasedatabase.viewer
Read-only access to Realtime Database resources
Realtime Database Viewer
permissions
firebasedatabase.instances.get
firebasedatabase.instances.list
Firebase Remote Config roles
Role
Description
Permissions
Firebase Remote Config Admin
roles/cloudconfig.admin
Full read/write access to Remote Config resources
Remote Config Admin
permissions
cloudconfig.configs.get
cloudconfig.configs.update
Additional permission: Read and analyze-level access
to Google Analytics in Firebase:
firebaseanalytics.resources.googleAnalyticsReadAndAnalyze
Firebase Remote Config Viewer
roles/cloudconfig.viewer
Read-only access to Remote Config resources
Remote Config Viewer
permissions
cloudconfig.configs.get
Additional permission: Read and analyze-level access
to Google Analytics in Firebase:
firebaseanalytics.resources.googleAnalyticsReadAndAnalyze
Firebase Test Lab roles
Firebase Test Lab requires access to Cloud Storage buckets, so it
requires a very specific set of permissions that aren't all included in the
standard Firebase predefined roles. To grant access to Test Lab, use one of
the solutions described in the
Firebase Test Lab permissions
section.