Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.

Fetches all Primitive and Predefined GCP IAM Roles

Fetch all roles

This repository fetches the ~1,170 primitive and predefined IAM Roles in JSON format to the roles directory. A GitHub Action is configured to refresh them daily. This allows for automatic tracking of changes as they are made by GCP.

A couple of helper scripts are provided to aid in searching/listing of the output. Note that jq should be installed and in your PATH:

  • grabs the unique list of all permissions contained in all roles fetched
  • list-alpha/beta/ lists the roles labeled by GCP as alpha, beta, or GA (generally available)
  • <api.resource.verb> lists the roles that contain a specific permission passed by the first argument. e.g.: ./ container.clusters.get
  • <> lists the permissions contained by the role named <>. e.g. ./ container.admin (no need to prepend the roles/)