These roles grant full read/write or read-only access to specific Firebase
products.
Assign these roles to project members using the
Google Cloud Console .
Note: The following permissions are in all
the Firebase product-level predefined roles:
Firebase App Check roles
Role
Description
Permissions
Firebase App Check Admin roles/firebaseappcheck.admin
Full read/write access to
App Check Admin
permissions
firebaseappcheck.appAttestConfig.get
Firebase App Check Viewer roles/firebaseappcheck.viewer
Read-only access to
App Check Viewer
permissions
firebaseappcheck.appAttestConfig.get
Firebase App Distribution roles
Role
Description
Permissions
Firebase App Distribution Admin roles/firebaseappdistro.adminFull read/write access to
App Distribution Admin
permissions
firebaseappdistro.releases.list
Firebase App Distribution Viewer roles/firebaseappdistro.viewerRead-only access to
App Distribution Viewer
permissions
firebaseappdistro.releases.list
Firebase Authentication roles
Role
Description
Permissions
Firebase Authentication Admin roles/firebaseauth.admin
Full read/write access to
Authentication Admin
permissions
firebaseauth.configs.create
Firebase Authentication Viewer roles/firebaseauth.viewer
Read-only access to
Authentication Viewer
permissions
firebaseauth.configs.get
Firebase A/B Testing roles (beta)
Caution: These roles and their product-specific
permissions are beta releases . This means that the
functionality might change in backward-incompatible ways or have limited
support. A beta release is not subject to any SLA or deprecation policy.
Role
Description
Permissions
Firebase A/B Testing Admin roles/firebaseabt.admin(beta)
Full read/write access to
A/B Testing Admin
permissions
firebaseabt.experimentresults.get
Firebase A/B Testing Viewer roles/firebaseabt.viewer(beta)
Read-only access to
A/B Testing Viewer
permissions
firebaseabt.experimentresults.get
Cloud Firestore roles
Find available Cloud Firestore roles in the
Google Cloud documentation .
To allow a project member to edit and publish security rules in the
Firebase console or to deploy security rules via the Firebase CLI, you
can create then assign them a custom role
that includes the
firebaserules.* permissions
Cloud Storage roles
Find available Cloud Storage roles in the
Google Cloud documentation .
To allow a project member to edit and publish security rules in the
Firebase console or to deploy security rules via the Firebase CLI, you
can create then assign them a custom role
that includes the
firebaserules.* permissions
Cloud Functions for Firebase roles
Find available Cloud Functions for Firebase roles in the
Google Cloud documentation .
Firebase Cloud Messaging roles
Role
Description
Permissions
Firebase Cloud Messaging Admin roles/firebasenotifications.admin
Full read/write access to
Cloud Messaging Admin
permissions
firebasenotifications.messages.create
Firebase Cloud Messaging Viewer roles/firebasenotifications.viewer
Read-only access to
Cloud Messaging Viewer
permissions
firebasenotifications.messages.get
Firebase Crashlytics roles
Role
Description
Permissions
Firebase Crashlytics Admin roles/firebasecrashlytics.admin
Full read/write access to
Crashlytics Admin
permissions
firebasecrashlytics.config.get
Firebase Crashlytics Viewer roles/firebasecrashlytics.viewer
Read-only access to
Crashlytics Viewer
permissions
firebasecrashlytics.config.get
Firebase Dynamic Links roles
Role
Description
Permissions
Firebase Dynamic Links Admin roles/firebasedynamiclinks.admin
Full read/write access to
Dynamic Links Admin
permissions
firebasedynamiclinks.destinations.list
Firebase Dynamic Links Viewer roles/firebasedynamiclinks.viewer
Read-only access to
Dynamic Links Viewer
permissions
firebasedynamiclinks.destinations.list
Firebase Hosting roles
Role
Description
Permissions
Firebase Hosting Admin roles/firebasehosting.admin
Full read/write access to
Hosting Admin
permissions
firebasehosting.sites.create
Firebase Hosting Viewer roles/firebasehosting.viewer
Read-only access to
Hosting Viewer
permissions
firebasehosting.sites.get
Firebase In-App Messaging roles (beta)
Caution: These roles and their product-specific
permissions are beta releases . This means that the
functionality might change in backward-incompatible ways or have limited
support. A beta release is not subject to any SLA or deprecation policy.
Role
Description
Permissions
Firebase In-App Messaging Admin roles/firebaseinappmessaging.admin(beta)
Full read/write access to
In-App Messaging Admin
permissions
firebaseinappmessaging.campaigns.create
Firebase In-App Messaging Viewer roles/firebaseinappmessaging.viewer(beta)
Read-only access to
In-App Messaging Viewer
permissions
firebaseinappmessaging.campaigns.get
Firebase ML roles (beta)
Caution: These roles and their product-specific
permissions are beta releases . This means that the
functionality might change in backward-incompatible ways or have limited
support. A beta release is not subject to any SLA or deprecation policy.
Role
Description
Permissions
Firebase ML Admin roles/firebaseml.admin(beta)
Full read/write access to
Firebase ML Admin
permissions
firebaseml.models.create
Firebase ML Viewer roles/firebaseml.viewer(beta)
Read-only access to
Firebase ML Viewer
permissions
firebaseml.models.get
Role
Description
Permissions
Firebase Performance Monitoring Admin roles/firebaseperformance.admin
Full read/write access to
Performance Monitoring Admin
permissions
firebaseperformance.config.create
Firebase Performance Monitoring Viewer roles/firebaseperformance.viewer
Read-only access to
Performance Monitoring Viewer
permissions
firebaseperformance.data.get
Firebase Realtime Database roles
Role
Description
Permissions
Firebase Realtime Database Admin roles/firebasedatabase.admin
Full read/write access to
Realtime Database Admin
permissions
firebasedatabase.instances.create
Firebase Realtime Database Viewer roles/firebasedatabase.viewer
Read-only access to
Realtime Database Viewer
permissions
firebasedatabase.instances.get
Firebase Remote Config roles
Role
Description
Permissions
Firebase Remote Config Admin roles/cloudconfig.admin
Full read/write access to
Remote Config Admin
permissions
cloudconfig.configs.get
cloudconfig.configs.update
Firebase Remote Config Viewer roles/cloudconfig.viewer
Read-only access to
Remote Config Viewer
permissions
cloudconfig.configs.get
Firebase Test Lab roles
Firebase Test Lab requires access to Cloud Storage buckets, so it
requires a very specific set of permissions that aren't all included in the
standard Firebase predefined roles. To grant access to Test Lab, use one of
the solutions described in the
Firebase Test Lab permissions
section.
