These roles grant full read/write or read-only access to specific Firebase
products.
Assign these roles to project members using the
Google Cloud Console .
Note: The following permissions are in all
the Firebase product-level predefined roles:
- firebase.clients.get
- firebase.clients.list
- firebase.projects.get
- resourcemanager.projects.get
- resourcemanager.projects.list
Firebase App Check roles
Role
Description
Permissions
Firebase App Check Admin
roles/firebaseappcheck.admin
Full read/write access to App Check resources
App Check Admin
permissions
firebaseappcheck.appAttestConfig.get
firebaseappcheck.appAttestConfig.update
firebaseappcheck.appCheckTokens.verify
firebaseappcheck.debugTokens.get
firebaseappcheck.debugTokens.update
firebaseappcheck.deviceCheckConfig.get
firebaseappcheck.deviceCheckConfig.update
firebaseappcheck.playIntegrityConfig.get
firebaseappcheck.playIntegrityConfig.update
firebaseappcheck.recaptchaEnterpriseConfig.get
firebaseappcheck.recaptchaEnterpriseConfig.update
firebaseappcheck.recaptchaV3Config.get
firebaseappcheck.recaptchaV3Config.update
firebaseappcheck.safetyNetConfig.get
firebaseappcheck.safetyNetConfig.update
firebaseappcheck.services.get
firebaseappcheck.services.update
Firebase App Check Viewer
roles/firebaseappcheck.viewer
Read-only access to App Check resources
App Check Viewer
permissions
firebaseappcheck.appAttestConfig.get
firebaseappcheck.debugTokens.get
firebaseappcheck.deviceCheckConfig.get
firebaseappcheck.playIntegrityConfig.get
firebaseappcheck.recaptchaEnterpriseConfig.get
firebaseappcheck.recaptchaV3Config.get
firebaseappcheck.safetyNetConfig.get
firebaseappcheck.services.get
Firebase App Check Token Verifier
roles/firebaseappcheck.tokenVerifier
Access to token verification capabilities for App Check
App Check Token Verifier
permissions
firebaseappcheck.appCheckTokens.verify
Firebase App Distribution roles
Role
Description
Permissions
Firebase App Distribution Admin
roles/firebaseappdistro.admin
Full read/write access to App Distribution resources
App Distribution Admin
permissions
firebaseappdistro.releases.list
firebaseappdistro.releases.update
firebaseappdistro.testers.list
firebaseappdistro.testers.update
firebaseappdistro.groups.list
firebaseappdistro.groups.update
Firebase App Distribution Viewer
roles/firebaseappdistro.viewer
Read-only access to App Distribution resources
App Distribution Viewer
permissions
firebaseappdistro.releases.list
firebaseappdistro.testers.list
firebaseappdistro.groups.list
Firebase Authentication roles
Role
Description
Permissions
Firebase Authentication Admin
roles/firebaseauth.admin
Full read/write access to Authentication resources
Authentication Admin
permissions
firebaseauth.configs.create
firebaseauth.configs.get
firebaseauth.configs.getHashConfig
firebaseauth.configs.getSecret
firebaseauth.configs.update
firebaseauth.users.create
firebaseauth.users.createSession
firebaseauth.users.delete
firebaseauth.users.get
firebaseauth.users.sendEmail
firebaseauth.users.update
Firebase Authentication Viewer
roles/firebaseauth.viewer
Read-only access to Authentication resources
Authentication Viewer
permissions
firebaseauth.configs.get
firebaseauth.users.get
Firebase A/B Testing roles (beta)
Caution: These roles and their product-specific
permissions are beta releases . This means that the
functionality might change in backward-incompatible ways or have limited
support. A beta release is not subject to any SLA or deprecation policy.
Feature availability and support for these Firebase IAM roles will
continue to improve as the tool matures.
Role
Description
Permissions
Firebase A/B Testing Admin
roles/firebaseabt.admin
(beta)
Full read/write access to A/B Testing resources
A/B Testing Admin
permissions
firebaseabt.experimentresults.get
firebaseabt.experiments.create
firebaseabt.experiments.delete
firebaseabt.experiments.get
firebaseabt.experiments.list
firebaseabt.experiments.update
firebaseabt.projectmetadata.get
Firebase A/B Testing Viewer
roles/firebaseabt.viewer
(beta)
Read-only access to A/B Testing resources
A/B Testing Viewer
permissions
firebaseabt.experimentresults.get
firebaseabt.experiments.get
firebaseabt.experiments.list
firebaseabt.projectmetadata.get
Cloud Firestore roles
Find available Cloud Firestore roles in the
Google Cloud documentation .
To allow a project member to edit and publish security rules in the
Firebase console or to deploy security rules via the Firebase CLI, you
can create then assign them a custom role
that includes the
firebaserules.*
permissions .
Cloud Storage roles
Find available Cloud Storage roles in the
Google Cloud documentation .
To allow a project member to edit and publish security rules in the
Firebase console or to deploy security rules via the Firebase CLI, you
can create then assign them a custom role
that includes the
firebaserules.*
permissions .
Cloud Functions for Firebase roles
Find available Cloud Functions for Firebase roles in the
Google Cloud documentation .
Firebase messaging campaigns roles
These roles apply to campaigns for Firebase Cloud Messaging and
Firebase In-App Messaging.
Role
Description
Permissions
Firebase messaging campaigns Admin
roles/firebasemessagingcampaigns.admin
Full read/write access to campaigns resources for
Cloud Messaging and In-App Messaging
Firebase messaging campaigns Admin
permissions
firebasemessagingcampaigns.campaigns.create
firebasemessagingcampaigns.campaigns.delete
firebasemessagingcampaigns.campaigns.get
firebasemessagingcampaigns.campaigns.list
firebasemessagingcampaigns.campaigns.update
firebasemessagingcampaigns.campaigns.start
firebasemessagingcampaigns.campaigns.stop
Firebase messaging campaigns Viewer
roles/firebasemessagingcampaigns.viewer
Read-only access to campaigns resources for Cloud Messaging and In-App Messaging
Firebase messaging campaigns Viewer
permissions
firebasemessagingcampaigns.campaigns.get
firebasemessagingcampaigns.campaigns.list
Firebase Cloud Messaging roles
Role
Description
Permissions
Firebase Cloud Messaging Admin
roles/firebasenotifications.admin
Full read/write access to Cloud Messaging resources
Cloud Messaging Admin
permissions
firebasenotifications.messages.create
firebasenotifications.messages.delete
firebasenotifications.messages.get
firebasenotifications.messages.list
firebasenotifications.messages.update
Firebase Cloud Messaging Viewer
roles/firebasenotifications.viewer
Read-only access to Cloud Messaging resources
Cloud Messaging Viewer
permissions
firebasenotifications.messages.get
firebasenotifications.messages.list
Firebase Crashlytics roles
Role
Description
Permissions
Firebase Crashlytics Admin
roles/firebasecrashlytics.admin
Full read/write access to Crashlytics resources
Crashlytics Admin
permissions
firebasecrashlytics.config.get
firebasecrashlytics.config.update
firebasecrashlytics.data.get
firebasecrashlytics.issues.get
firebasecrashlytics.issues.list
firebasecrashlytics.issues.update
firebasecrashlytics.sessions.get
Firebase Crashlytics Viewer
roles/firebasecrashlytics.viewer
Read-only access to Crashlytics resources
Crashlytics Viewer
permissions
firebasecrashlytics.config.get
firebasecrashlytics.data.get
firebasecrashlytics.issues.get
firebasecrashlytics.issues.list
firebasecrashlytics.sessions.get
Firebase Dynamic Links roles
Role
Description
Permissions
Firebase Dynamic Links Admin
roles/firebasedynamiclinks.admin
Full read/write access to Dynamic Links resources
Dynamic Links Admin
permissions
firebasedynamiclinks.destinations.list
firebasedynamiclinks.destinations.update
firebasedynamiclinks.domains.create
firebasedynamiclinks.domains.delete
firebasedynamiclinks.domains.get
firebasedynamiclinks.domains.list
firebasedynamiclinks.domains.update
firebasedynamiclinks.links.create
firebasedynamiclinks.links.get
firebasedynamiclinks.links.list
firebasedynamiclinks.links.update
firebasedynamiclinks.stats.get
Firebase Dynamic Links Viewer
roles/firebasedynamiclinks.viewer
Read-only access to Dynamic Links resources
Dynamic Links Viewer
permissions
firebasedynamiclinks.destinations.list
firebasedynamiclinks.domains.get
firebasedynamiclinks.domains.list
firebasedynamiclinks.links.get
firebasedynamiclinks.links.list
firebasedynamiclinks.stats.get
Firebase Extensions publisher roles
Caution: These roles and their product-specific
permissions are beta releases . This means that the
functionality might change in backward-incompatible ways or have limited
support. A beta release is not subject to any SLA or deprecation policy.
Feature availability and support for these Firebase IAM roles will
continue to improve as the tool matures.
Role
Description
Permissions
Firebase Extensions Publisher - Extensions Admin
roles/firebaseextensionspublisher.extensionsAdmin
(beta)
Upload, publish, and view details and metrics for Firebase Extensions
Firebase Extensions Publisher - Extensions Admin
permissions
firebaseextensionspublisher.extensions.create
firebaseextensionspublisher.extensions.delete
firebaseextensionspublisher.extensions.get
firebaseextensionspublisher.extensions.list
Firebase Extensions Publisher - Extensions Viewer
roles/firebaseextensionspublisher.extensionsViewer
(beta)
View details and metrics for Firebase Extensions uploaded by this publisher
Firebase Extensions Publisher - Extensions Viewer
permissions
firebaseextensionspublisher.extensions.get
firebaseextensionspublisher.extensions.list
Firebase Hosting roles
Role
Description
Permissions
Firebase Hosting Admin
roles/firebasehosting.admin
Full read/write access to Hosting resources
Hosting Admin
permissions
firebasehosting.sites.create
firebasehosting.sites.delete
firebasehosting.sites.get
firebasehosting.sites.list
firebasehosting.sites.update
Firebase Hosting Viewer
roles/firebasehosting.viewer
Read-only access to Hosting resources
Hosting Viewer
permissions
firebasehosting.sites.get
firebasehosting.sites.list
Firebase In-App Messaging roles (beta)
Caution: These roles and their product-specific
permissions are beta releases . This means that the
functionality might change in backward-incompatible ways or have limited
support. A beta release is not subject to any SLA or deprecation policy.
Feature availability and support for these Firebase IAM roles will
continue to improve as the tool matures.
Role
Description
Permissions
Firebase In-App Messaging Admin
roles/firebaseinappmessaging.admin
(beta)
Full read/write access to In-App Messaging resources
In-App Messaging Admin
permissions
firebaseinappmessaging.campaigns.create
firebaseinappmessaging.campaigns.delete
firebaseinappmessaging.campaigns.get
firebaseinappmessaging.campaigns.list
firebaseinappmessaging.campaigns.update
Firebase In-App Messaging Viewer
roles/firebaseinappmessaging.viewer
(beta)
Read-only access to In-App Messaging resources
In-App Messaging Viewer
permissions
firebaseinappmessaging.campaigns.get
firebaseinappmessaging.campaigns.list
Firebase ML roles (beta)
Caution: These roles and their product-specific
permissions are beta releases . This means that the
functionality might change in backward-incompatible ways or have limited
support. A beta release is not subject to any SLA or deprecation policy.
Feature availability and support for these Firebase IAM roles will
continue to improve as the tool matures.
Role
Description
Permissions
Firebase ML Admin
roles/firebaseml.admin
(beta)
Full read/write access to Firebase ML resources
Firebase ML Admin
permissions
firebaseml.models.create
firebaseml.models.get
firebaseml.models.list
firebaseml.models.update
firebaseml.models.delete
firebaseml.modelversions.create
firebaseml.modelversions.get
firebaseml.modelversions.list
firebaseml.modelversions.update
firebaseml.modelversions.delete
firebaseml.compressionjobs.create
firebaseml.compressionjobs.get
firebaseml.compressionjobs.list
firebaseml.compressionjobs.update
firebaseml.compressionjobs.delete
firebaseml.compressionjobs.start
Firebase ML Viewer
roles/firebaseml.viewer
(beta)
Read-only access to Firebase ML resources
Firebase ML Viewer
permissions
firebaseml.models.get
firebaseml.models.list
firebaseml.modelversions.get
firebaseml.modelversions.list
firebaseml.compressionjobs.get
firebaseml.compressionjobs.list
Role
Description
Permissions
Firebase Performance Monitoring Admin
roles/firebaseperformance.admin
Full read/write access to Performance Monitoring resources
Configure and receive Performance Monitoring alerts
Performance Monitoring Admin
permissions
firebaseperformance.config.create
firebaseperformance.config.delete
firebaseperformance.config.update
firebaseperformance.data.get
Firebase Performance Monitoring Viewer
roles/firebaseperformance.viewer
Read-only access to Performance Monitoring resources
Performance Monitoring Viewer
permissions
firebaseperformance.data.get
Firebase Realtime Database roles
Role
Description
Permissions
Firebase Realtime Database Admin
roles/firebasedatabase.admin
Full read/write access to Realtime Database resources
Realtime Database Admin
permissions
firebasedatabase.instances.create
firebasedatabase.instances.get
firebasedatabase.instances.list
firebasedatabase.instances.update
Firebase Realtime Database Viewer
roles/firebasedatabase.viewer
Read-only access to Realtime Database resources
Realtime Database Viewer
permissions
firebasedatabase.instances.get
firebasedatabase.instances.list
Firebase Remote Config roles
Role
Description
Permissions
Firebase Remote Config Admin
roles/cloudconfig.admin
Full read/write access to Remote Config resources
Remote Config Admin
permissions
cloudconfig.configs.get
cloudconfig.configs.update
Firebase Remote Config Viewer
roles/cloudconfig.viewer
Read-only access to Remote Config resources
Remote Config Viewer
permissions
cloudconfig.configs.get
Firebase Test Lab roles
Firebase Test Lab requires access to Cloud Storage buckets, so it
requires a very specific set of permissions that aren't all included in the
standard Firebase predefined roles. To grant access to Test Lab, use one of
the solutions described in the
Firebase Test Lab permissions
section.