Database Migration Service roles and permissions

This page lists the IAM roles and permissions for Database Migration Service. To search through all roles and permissions, see the role and permission index.

Database Migration Service roles

Role Permissions

Database Migration Admin

(roles/datamigration.admin)

Full access to all resources of Database Migration.

cloudaicompanion.entitlements.get

datamigration.*

  • datamigration.connectionprofiles.create
  • datamigration.connectionprofiles.delete
  • datamigration.connectionprofiles.get
  • datamigration.connectionprofiles.getIamPolicy
  • datamigration.connectionprofiles.list
  • datamigration.connectionprofiles.setIamPolicy
  • datamigration.connectionprofiles.update
  • datamigration.conversionworkspaces.apply
  • datamigration.conversionworkspaces.commit
  • datamigration.conversionworkspaces.convert
  • datamigration.conversionworkspaces.create
  • datamigration.conversionworkspaces.delete
  • datamigration.conversionworkspaces.get
  • datamigration.conversionworkspaces.getIamPolicy
  • datamigration.conversionworkspaces.list
  • datamigration.conversionworkspaces.rollback
  • datamigration.conversionworkspaces.seed
  • datamigration.conversionworkspaces.setIamPolicy
  • datamigration.conversionworkspaces.update
  • datamigration.locations.fetchStaticIps
  • datamigration.locations.get
  • datamigration.locations.list
  • datamigration.mappingrules.getIamPolicy
  • datamigration.mappingrules.import
  • datamigration.mappingrules.setIamPolicy
  • datamigration.migrationjobs.create
  • datamigration.migrationjobs.delete
  • datamigration.migrationjobs.demoteDestination
  • datamigration.migrationjobs.fetchSourceObjects
  • datamigration.migrationjobs.generateSshScript
  • datamigration.migrationjobs.generateTcpProxyScript
  • datamigration.migrationjobs.get
  • datamigration.migrationjobs.getIamPolicy
  • datamigration.migrationjobs.list
  • datamigration.migrationjobs.promote
  • datamigration.migrationjobs.restart
  • datamigration.migrationjobs.resume
  • datamigration.migrationjobs.setIamPolicy
  • datamigration.migrationjobs.start
  • datamigration.migrationjobs.stop
  • datamigration.migrationjobs.update
  • datamigration.migrationjobs.verify
  • datamigration.objects.get
  • datamigration.objects.list
  • datamigration.operations.cancel
  • datamigration.operations.delete
  • datamigration.operations.get
  • datamigration.operations.list
  • datamigration.privateconnections.create
  • datamigration.privateconnections.delete
  • datamigration.privateconnections.get
  • datamigration.privateconnections.getIamPolicy
  • datamigration.privateconnections.list
  • datamigration.privateconnections.setIamPolicy

resourcemanager.projects.get

resourcemanager.projects.list

Database Migration Service Agent

(roles/datamigration.serviceAgent)

Gives Cloud Database Migration service account access to Cloud SQL resources.

alloydb.clusters.create

alloydb.clusters.delete

alloydb.clusters.generateClientCertificate

alloydb.clusters.get

alloydb.clusters.list

alloydb.clusters.update

alloydb.instances.connect

alloydb.instances.create

alloydb.instances.delete

alloydb.instances.executeSql

alloydb.instances.get

alloydb.instances.list

alloydb.instances.update

alloydb.operations.get

alloydb.operations.list

alloydb.users.login

cloudsql.databases.delete

cloudsql.databases.get

cloudsql.databases.list

cloudsql.instances.connect

cloudsql.instances.create

cloudsql.instances.delete

cloudsql.instances.demoteMaster

cloudsql.instances.executeSql

cloudsql.instances.export

cloudsql.instances.get

cloudsql.instances.import

cloudsql.instances.list

cloudsql.instances.login

cloudsql.instances.migrate

cloudsql.instances.promoteReplica

cloudsql.instances.restart

cloudsql.instances.startReplica

cloudsql.instances.stopReplica

cloudsql.instances.update

compute.forwardingRules.use

compute.globalAddresses.create

compute.globalAddresses.createInternal

compute.globalAddresses.delete

compute.globalAddresses.deleteInternal

compute.globalAddresses.get

compute.globalOperations.get

compute.networkAttachments.get

compute.networkAttachments.list

compute.networks.addPeering

compute.networks.get

compute.networks.list

compute.networks.listPeeringRoutes

compute.networks.removePeering

compute.networks.use

compute.regionOperations.get

compute.regionOperations.list

compute.routers.list

compute.routes.get

compute.routes.list

compute.serviceAttachments.get

compute.serviceAttachments.list

compute.serviceAttachments.update

compute.subnetworks.get

compute.subnetworks.list

compute.subnetworks.use

networkmanagement.connectivitytests.list

serviceusage.services.use

storage.folders.delete

storage.objects.get

storage.objects.list

Database Migration Service permissions

Permission Included in roles

datamigration.connectionprofiles.create

Owner (roles/owner)

Editor (roles/editor)

Database Migration Admin (roles/datamigration.admin)

datamigration.connectionprofiles.delete

Owner (roles/owner)

Editor (roles/editor)

Database Migration Admin (roles/datamigration.admin)

datamigration.connectionprofiles.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Database Migration Admin (roles/datamigration.admin)

Support User (roles/iam.supportUser)

datamigration.connectionprofiles.getIamPolicy

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Database Migration Admin (roles/datamigration.admin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

datamigration.connectionprofiles.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Database Migration Admin (roles/datamigration.admin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

datamigration.connectionprofiles.setIamPolicy

Owner (roles/owner)

Database Migration Admin (roles/datamigration.admin)

Security Admin (roles/iam.securityAdmin)

datamigration.connectionprofiles.update

Owner (roles/owner)

Editor (roles/editor)

Database Migration Admin (roles/datamigration.admin)

datamigration.conversionworkspaces.apply

Owner (roles/owner)

Editor (roles/editor)

Database Migration Admin (roles/datamigration.admin)

datamigration.conversionworkspaces.commit

Owner (roles/owner)

Editor (roles/editor)

Database Migration Admin (roles/datamigration.admin)

datamigration.conversionworkspaces.convert

Owner (roles/owner)

Editor (roles/editor)

Database Migration Admin (roles/datamigration.admin)

datamigration.conversionworkspaces.create

Owner (roles/owner)

Editor (roles/editor)

Database Migration Admin (roles/datamigration.admin)

datamigration.conversionworkspaces.delete

Owner (roles/owner)

Editor (roles/editor)

Database Migration Admin (roles/datamigration.admin)

datamigration.conversionworkspaces.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Database Migration Admin (roles/datamigration.admin)

Support User (roles/iam.supportUser)

datamigration.conversionworkspaces.getIamPolicy

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Database Migration Admin (roles/datamigration.admin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

datamigration.conversionworkspaces.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Database Migration Admin (roles/datamigration.admin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

datamigration.conversionworkspaces.rollback

Owner (roles/owner)

Editor (roles/editor)

Database Migration Admin (roles/datamigration.admin)

datamigration.conversionworkspaces.seed

Owner (roles/owner)

Editor (roles/editor)

Database Migration Admin (roles/datamigration.admin)

datamigration.conversionworkspaces.setIamPolicy

Owner (roles/owner)

Database Migration Admin (roles/datamigration.admin)

Security Admin (roles/iam.securityAdmin)

datamigration.conversionworkspaces.update

Owner (roles/owner)

Editor (roles/editor)

Database Migration Admin (roles/datamigration.admin)

datamigration.locations.fetchStaticIps

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Database Migration Admin (roles/datamigration.admin)

Support User (roles/iam.supportUser)

datamigration.locations.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Database Migration Admin (roles/datamigration.admin)

Support User (roles/iam.supportUser)

datamigration.locations.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Database Migration Admin (roles/datamigration.admin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

datamigration.mappingrules.getIamPolicy

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Database Migration Admin (roles/datamigration.admin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

datamigration.mappingrules.import

Owner (roles/owner)

Editor (roles/editor)

Database Migration Admin (roles/datamigration.admin)

datamigration.mappingrules.setIamPolicy

Owner (roles/owner)

Database Migration Admin (roles/datamigration.admin)

Security Admin (roles/iam.securityAdmin)

datamigration.migrationjobs.create

Owner (roles/owner)

Editor (roles/editor)

Database Migration Admin (roles/datamigration.admin)

datamigration.migrationjobs.delete

Owner (roles/owner)

Editor (roles/editor)

Database Migration Admin (roles/datamigration.admin)

datamigration.migrationjobs.demoteDestination

Owner (roles/owner)

Editor (roles/editor)

Database Migration Admin (roles/datamigration.admin)

datamigration.migrationjobs.fetchSourceObjects

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Database Migration Admin (roles/datamigration.admin)

Support User (roles/iam.supportUser)

datamigration.migrationjobs.generateSshScript

Owner (roles/owner)

Editor (roles/editor)

Database Migration Admin (roles/datamigration.admin)

datamigration.migrationjobs.generateTcpProxyScript

Owner (roles/owner)

Editor (roles/editor)

Database Migration Admin (roles/datamigration.admin)

datamigration.migrationjobs.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Database Migration Admin (roles/datamigration.admin)

Support User (roles/iam.supportUser)

datamigration.migrationjobs.getIamPolicy

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Database Migration Admin (roles/datamigration.admin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

datamigration.migrationjobs.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Database Migration Admin (roles/datamigration.admin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

datamigration.migrationjobs.promote

Owner (roles/owner)

Editor (roles/editor)

Database Migration Admin (roles/datamigration.admin)

datamigration.migrationjobs.restart

Owner (roles/owner)

Editor (roles/editor)

Database Migration Admin (roles/datamigration.admin)

datamigration.migrationjobs.resume

Owner (roles/owner)

Editor (roles/editor)

Database Migration Admin (roles/datamigration.admin)

datamigration.migrationjobs.setIamPolicy

Owner (roles/owner)

Database Migration Admin (roles/datamigration.admin)

Security Admin (roles/iam.securityAdmin)

datamigration.migrationjobs.start

Owner (roles/owner)

Editor (roles/editor)

Database Migration Admin (roles/datamigration.admin)

datamigration.migrationjobs.stop

Owner (roles/owner)

Editor (roles/editor)

Database Migration Admin (roles/datamigration.admin)

datamigration.migrationjobs.update

Owner (roles/owner)

Editor (roles/editor)

Database Migration Admin (roles/datamigration.admin)

datamigration.migrationjobs.verify

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Database Migration Admin (roles/datamigration.admin)

Support User (roles/iam.supportUser)

datamigration.objects.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Database Migration Admin (roles/datamigration.admin)

Support User (roles/iam.supportUser)

datamigration.objects.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Database Migration Admin (roles/datamigration.admin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

datamigration.operations.cancel

Owner (roles/owner)

Editor (roles/editor)

Database Migration Admin (roles/datamigration.admin)

datamigration.operations.delete

Owner (roles/owner)

Editor (roles/editor)

Database Migration Admin (roles/datamigration.admin)

datamigration.operations.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Database Migration Admin (roles/datamigration.admin)

Support User (roles/iam.supportUser)

datamigration.operations.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Database Migration Admin (roles/datamigration.admin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

datamigration.privateconnections.create

Owner (roles/owner)

Editor (roles/editor)

Database Migration Admin (roles/datamigration.admin)

datamigration.privateconnections.delete

Owner (roles/owner)

Editor (roles/editor)

Database Migration Admin (roles/datamigration.admin)

datamigration.privateconnections.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Database Migration Admin (roles/datamigration.admin)

Support User (roles/iam.supportUser)

datamigration.privateconnections.getIamPolicy

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Database Migration Admin (roles/datamigration.admin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

datamigration.privateconnections.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Database Migration Admin (roles/datamigration.admin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

datamigration.privateconnections.setIamPolicy

Owner (roles/owner)

Database Migration Admin (roles/datamigration.admin)

Security Admin (roles/iam.securityAdmin)

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025年11月10日 UTC.