Some or all of the information on this page might not apply to Cloud de Confiance by S3NS. See Differences from Google Cloud for more details.

Database Migration Service roles and permissions

This page lists the IAM roles and permissions for Database Migration Service. To search through all roles and permissions, see the role and permission index.

Database Migration Service roles

Role Permissions

Role	Permissions
Database Migration Admin (`roles/datamigration.admin`) Full access to all resources of Database Migration.	`cloudaicompanion.entitlements.get` `datamigration.*` `datamigration.connectionProfiles.createTagBinding` `datamigration.connectionProfiles.deleteTagBinding` `datamigration.connectionProfiles.listEffectiveTags` `datamigration.connectionProfiles.listTagBindings` `datamigration.connectionprofiles.create` `datamigration.connectionprofiles.delete` `datamigration.connectionprofiles.get` `datamigration.connectionprofiles.getIamPolicy` `datamigration.connectionprofiles.list` `datamigration.connectionprofiles.setIamPolicy` `datamigration.connectionprofiles.update` `datamigration.conversionworkspaces.apply` `datamigration.conversionworkspaces.commit` `datamigration.conversionworkspaces.convert` `datamigration.conversionworkspaces.create` `datamigration.conversionworkspaces.delete` `datamigration.conversionworkspaces.get` `datamigration.conversionworkspaces.getIamPolicy` `datamigration.conversionworkspaces.list` `datamigration.conversionworkspaces.rollback` `datamigration.conversionworkspaces.seed` `datamigration.conversionworkspaces.setIamPolicy` `datamigration.conversionworkspaces.update` `datamigration.locations.fetchStaticIps` `datamigration.locations.get` `datamigration.locations.list` `datamigration.mappingrules.getIamPolicy` `datamigration.mappingrules.import` `datamigration.mappingrules.setIamPolicy` `datamigration.migrationJobs.createTagBinding` `datamigration.migrationJobs.deleteTagBinding` `datamigration.migrationJobs.listEffectiveTags` `datamigration.migrationJobs.listTagBindings` `datamigration.migrationjobs.create` `datamigration.migrationjobs.delete` `datamigration.migrationjobs.demoteDestination` `datamigration.migrationjobs.fetchSourceObjects` `datamigration.migrationjobs.generateSshScript` `datamigration.migrationjobs.generateTcpProxyScript` `datamigration.migrationjobs.get` `datamigration.migrationjobs.getIamPolicy` `datamigration.migrationjobs.list` `datamigration.migrationjobs.promote` `datamigration.migrationjobs.restart` `datamigration.migrationjobs.resume` `datamigration.migrationjobs.setIamPolicy` `datamigration.migrationjobs.start` `datamigration.migrationjobs.stop` `datamigration.migrationjobs.update` `datamigration.migrationjobs.verify` `datamigration.objects.get` `datamigration.objects.list` `datamigration.operations.cancel` `datamigration.operations.delete` `datamigration.operations.get` `datamigration.operations.list` `datamigration.privateConnections.createTagBinding` `datamigration.privateConnections.deleteTagBinding` `datamigration.privateConnections.listEffectiveTags` `datamigration.privateConnections.listTagBindings` `datamigration.privateconnections.create` `datamigration.privateconnections.delete` `datamigration.privateconnections.get` `datamigration.privateconnections.getIamPolicy` `datamigration.privateconnections.list` `datamigration.privateconnections.setIamPolicy` `resourcemanager.projects.get` `resourcemanager.projects.list`
Datamigration Editor (`roles/datamigration.editor`) Editor role for datamigration	`cloudaicompanion.entitlements.get` `datamigration.connectionProfiles.listEffectiveTags` `datamigration.connectionProfiles.listTagBindings` `datamigration.connectionprofiles.create` `datamigration.connectionprofiles.delete` `datamigration.connectionprofiles.get` `datamigration.connectionprofiles.getIamPolicy` `datamigration.connectionprofiles.list` `datamigration.connectionprofiles.update` `datamigration.conversionworkspaces.apply` `datamigration.conversionworkspaces.commit` `datamigration.conversionworkspaces.convert` `datamigration.conversionworkspaces.create` `datamigration.conversionworkspaces.delete` `datamigration.conversionworkspaces.get` `datamigration.conversionworkspaces.getIamPolicy` `datamigration.conversionworkspaces.list` `datamigration.conversionworkspaces.rollback` `datamigration.conversionworkspaces.seed` `datamigration.conversionworkspaces.update` `datamigration.locations.` `datamigration.locations.fetchStaticIps` `datamigration.locations.get` `datamigration.locations.list` `datamigration.mappingrules.getIamPolicy` `datamigration.mappingrules.import` `datamigration.migrationJobs.listEffectiveTags` `datamigration.migrationJobs.listTagBindings` `datamigration.migrationjobs.create` `datamigration.migrationjobs.delete` `datamigration.migrationjobs.demoteDestination` `datamigration.migrationjobs.fetchSourceObjects` `datamigration.migrationjobs.generateSshScript` `datamigration.migrationjobs.generateTcpProxyScript` `datamigration.migrationjobs.get` `datamigration.migrationjobs.getIamPolicy` `datamigration.migrationjobs.list` `datamigration.migrationjobs.promote` `datamigration.migrationjobs.restart` `datamigration.migrationjobs.resume` `datamigration.migrationjobs.start` `datamigration.migrationjobs.stop` `datamigration.migrationjobs.update` `datamigration.migrationjobs.verify` `datamigration.objects.` `datamigration.objects.get` `datamigration.objects.list` `datamigration.operations.*` `datamigration.operations.cancel` `datamigration.operations.delete` `datamigration.operations.get` `datamigration.operations.list` `datamigration.privateConnections.listEffectiveTags` `datamigration.privateConnections.listTagBindings` `datamigration.privateconnections.create` `datamigration.privateconnections.delete` `datamigration.privateconnections.get` `datamigration.privateconnections.getIamPolicy` `datamigration.privateconnections.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

Database Migration Admin

(roles/datamigration.admin)

Full access to all resources of Database Migration.

cloudaicompanion.entitlements.get

datamigration.*

datamigration.connectionProfiles.createTagBinding
datamigration.connectionProfiles.deleteTagBinding
datamigration.connectionProfiles.listEffectiveTags
datamigration.connectionProfiles.listTagBindings
datamigration.connectionprofiles.create
datamigration.connectionprofiles.delete
datamigration.connectionprofiles.get
datamigration.connectionprofiles.getIamPolicy
datamigration.connectionprofiles.list
datamigration.connectionprofiles.setIamPolicy
datamigration.connectionprofiles.update
datamigration.conversionworkspaces.apply
datamigration.conversionworkspaces.commit
datamigration.conversionworkspaces.convert
datamigration.conversionworkspaces.create
datamigration.conversionworkspaces.delete
datamigration.conversionworkspaces.get
datamigration.conversionworkspaces.getIamPolicy
datamigration.conversionworkspaces.list
datamigration.conversionworkspaces.rollback
datamigration.conversionworkspaces.seed
datamigration.conversionworkspaces.setIamPolicy
datamigration.conversionworkspaces.update
datamigration.locations.fetchStaticIps
datamigration.locations.get
datamigration.locations.list
datamigration.mappingrules.getIamPolicy
datamigration.mappingrules.import
datamigration.mappingrules.setIamPolicy
datamigration.migrationJobs.createTagBinding
datamigration.migrationJobs.deleteTagBinding
datamigration.migrationJobs.listEffectiveTags
datamigration.migrationJobs.listTagBindings
datamigration.migrationjobs.create
datamigration.migrationjobs.delete
datamigration.migrationjobs.demoteDestination
datamigration.migrationjobs.fetchSourceObjects
datamigration.migrationjobs.generateSshScript
datamigration.migrationjobs.generateTcpProxyScript
datamigration.migrationjobs.get
datamigration.migrationjobs.getIamPolicy
datamigration.migrationjobs.list
datamigration.migrationjobs.promote
datamigration.migrationjobs.restart
datamigration.migrationjobs.resume
datamigration.migrationjobs.setIamPolicy
datamigration.migrationjobs.start
datamigration.migrationjobs.stop
datamigration.migrationjobs.update
datamigration.migrationjobs.verify
datamigration.objects.get
datamigration.objects.list
datamigration.operations.cancel
datamigration.operations.delete
datamigration.operations.get
datamigration.operations.list
datamigration.privateConnections.createTagBinding
datamigration.privateConnections.deleteTagBinding
datamigration.privateConnections.listEffectiveTags
datamigration.privateConnections.listTagBindings
datamigration.privateconnections.create
datamigration.privateconnections.delete
datamigration.privateconnections.get
datamigration.privateconnections.getIamPolicy
datamigration.privateconnections.list
datamigration.privateconnections.setIamPolicy

resourcemanager.projects.get

resourcemanager.projects.list

Datamigration Editor

(roles/datamigration.editor)

Editor role for datamigration

cloudaicompanion.entitlements.get

datamigration.connectionProfiles.listEffectiveTags

datamigration.connectionProfiles.listTagBindings

datamigration.connectionprofiles.create

datamigration.connectionprofiles.delete

datamigration.connectionprofiles.get

datamigration.connectionprofiles.getIamPolicy

datamigration.connectionprofiles.list

datamigration.connectionprofiles.update

datamigration.conversionworkspaces.apply

datamigration.conversionworkspaces.commit

datamigration.conversionworkspaces.convert

datamigration.conversionworkspaces.create

datamigration.conversionworkspaces.delete

datamigration.conversionworkspaces.get

datamigration.conversionworkspaces.getIamPolicy

datamigration.conversionworkspaces.list

datamigration.conversionworkspaces.rollback

datamigration.conversionworkspaces.seed

datamigration.conversionworkspaces.update

datamigration.locations.*

datamigration.locations.fetchStaticIps
datamigration.locations.get
datamigration.locations.list

datamigration.mappingrules.getIamPolicy

datamigration.mappingrules.import

datamigration.migrationJobs.listEffectiveTags

datamigration.migrationJobs.listTagBindings

datamigration.migrationjobs.create

datamigration.migrationjobs.delete

datamigration.migrationjobs.demoteDestination

datamigration.migrationjobs.fetchSourceObjects

datamigration.migrationjobs.generateSshScript

datamigration.migrationjobs.generateTcpProxyScript

datamigration.migrationjobs.get

datamigration.migrationjobs.getIamPolicy

datamigration.migrationjobs.list

datamigration.migrationjobs.promote

datamigration.migrationjobs.restart

datamigration.migrationjobs.resume

datamigration.migrationjobs.start

datamigration.migrationjobs.stop

datamigration.migrationjobs.update

datamigration.migrationjobs.verify

datamigration.objects.*

datamigration.objects.get
datamigration.objects.list

datamigration.operations.*

datamigration.operations.cancel
datamigration.operations.delete
datamigration.operations.get
datamigration.operations.list

datamigration.privateConnections.listEffectiveTags

datamigration.privateConnections.listTagBindings

datamigration.privateconnections.create

datamigration.privateconnections.delete

datamigration.privateconnections.get

datamigration.privateconnections.getIamPolicy

datamigration.privateconnections.list

resourcemanager.projects.get

resourcemanager.projects.list

Service agent roles

Service agent roles should only be granted to service agents.

Role Permissions

Role	Permissions
Database Migration Service Agent (`roles/datamigration.serviceAgent`) Gives Cloud Database Migration service account access to Cloud SQL resources. Warning: Do not grant service agent roles to any principals except service agents.	`alloydb.clusters.create` `alloydb.clusters.delete` `alloydb.clusters.generateClientCertificate` `alloydb.clusters.get` `alloydb.clusters.import` `alloydb.clusters.list` `alloydb.clusters.update` `alloydb.instances.connect` `alloydb.instances.create` `alloydb.instances.delete` `alloydb.instances.executeSql` `alloydb.instances.get` `alloydb.instances.list` `alloydb.instances.update` `alloydb.operations.get` `alloydb.operations.list` `alloydb.users.login` `cloudsql.databases.delete` `cloudsql.databases.get` `cloudsql.databases.list` `cloudsql.instances.connect` `cloudsql.instances.create` `cloudsql.instances.delete` `cloudsql.instances.demoteMaster` `cloudsql.instances.executeSql` `cloudsql.instances.export` `cloudsql.instances.get` `cloudsql.instances.import` `cloudsql.instances.list` `cloudsql.instances.login` `cloudsql.instances.migrate` `cloudsql.instances.promoteReplica` `cloudsql.instances.restart` `cloudsql.instances.startReplica` `cloudsql.instances.stopReplica` `cloudsql.instances.update` `compute.forwardingRules.use` `compute.globalAddresses.create` `compute.globalAddresses.createInternal` `compute.globalAddresses.delete` `compute.globalAddresses.deleteInternal` `compute.globalAddresses.get` `compute.globalOperations.get` `compute.networkAttachments.get` `compute.networkAttachments.list` `compute.networks.addPeering` `compute.networks.get` `compute.networks.list` `compute.networks.listPeeringRoutes` `compute.networks.removePeering` `compute.networks.use` `compute.regionOperations.get` `compute.regionOperations.list` `compute.routers.list` `compute.routes.get` `compute.routes.list` `compute.serviceAttachments.get` `compute.serviceAttachments.list` `compute.serviceAttachments.update` `compute.subnetworks.get` `compute.subnetworks.list` `compute.subnetworks.use` `logging.logEntries.list` `logging.logServiceIndexes.list` `logging.logServices.list` `logging.logs.list` `networkmanagement.connectivitytests.list` `serviceusage.services.use` `storage.folders.delete` `storage.objects.get` `storage.objects.list`

Database Migration Service Agent

(roles/datamigration.serviceAgent)

Gives Cloud Database Migration service account access to Cloud SQL resources.

alloydb.clusters.create

alloydb.clusters.delete

alloydb.clusters.generateClientCertificate

alloydb.clusters.get

alloydb.clusters.import

alloydb.clusters.list

alloydb.clusters.update

alloydb.instances.connect

alloydb.instances.create

alloydb.instances.delete

alloydb.instances.executeSql

alloydb.instances.get

alloydb.instances.list

alloydb.instances.update

alloydb.operations.get

alloydb.operations.list

alloydb.users.login

cloudsql.databases.delete

cloudsql.databases.get

cloudsql.databases.list

cloudsql.instances.connect

cloudsql.instances.create

cloudsql.instances.delete

cloudsql.instances.demoteMaster

cloudsql.instances.executeSql

cloudsql.instances.export

cloudsql.instances.get

cloudsql.instances.import

cloudsql.instances.list

cloudsql.instances.login

cloudsql.instances.migrate

cloudsql.instances.promoteReplica

cloudsql.instances.restart

cloudsql.instances.startReplica

cloudsql.instances.stopReplica

cloudsql.instances.update

compute.forwardingRules.use

compute.globalAddresses.create

compute.globalAddresses.createInternal

compute.globalAddresses.delete

compute.globalAddresses.deleteInternal

compute.globalAddresses.get

compute.globalOperations.get

compute.networkAttachments.get

compute.networkAttachments.list

compute.networks.addPeering

compute.networks.get

compute.networks.list

compute.networks.listPeeringRoutes

compute.networks.removePeering

compute.networks.use

compute.regionOperations.get

compute.regionOperations.list

compute.routers.list

compute.routes.get

compute.routes.list

compute.serviceAttachments.get

compute.serviceAttachments.list

compute.serviceAttachments.update

compute.subnetworks.get

compute.subnetworks.list

compute.subnetworks.use

logging.logEntries.list

logging.logServiceIndexes.list

logging.logServices.list

logging.logs.list

networkmanagement.connectivitytests.list

serviceusage.services.use

storage.folders.delete

storage.objects.get

storage.objects.list

Database Migration Service permissions

Permission	Included in roles
`datamigration.connectionProfiles.createTagBinding`	Owner (`roles/owner`) Database Migration Admin (`roles/datamigration.admin`) Tag User (`roles/resourcemanager.tagUser`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`)
`datamigration.connectionProfiles.deleteTagBinding`	Owner (`roles/owner`) Database Migration Admin (`roles/datamigration.admin`) Tag User (`roles/resourcemanager.tagUser`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`)
`datamigration.connectionProfiles.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`datamigration.connectionProfiles.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`datamigration.connectionprofiles.create`	Owner (`roles/owner`) Editor (`roles/editor`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`)
`datamigration.connectionprofiles.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`)
`datamigration.connectionprofiles.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`) Support User (`roles/iam.supportUser`)
`datamigration.connectionprofiles.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`datamigration.connectionprofiles.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`datamigration.connectionprofiles.setIamPolicy`	Owner (`roles/owner`) Database Migration Admin (`roles/datamigration.admin`) Security Admin (`roles/iam.securityAdmin`)
`datamigration.connectionprofiles.update`	Owner (`roles/owner`) Editor (`roles/editor`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`)
`datamigration.conversionworkspaces.apply`	Owner (`roles/owner`) Editor (`roles/editor`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`)
`datamigration.conversionworkspaces.commit`	Owner (`roles/owner`) Editor (`roles/editor`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`)
`datamigration.conversionworkspaces.convert`	Owner (`roles/owner`) Editor (`roles/editor`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`)
`datamigration.conversionworkspaces.create`	Owner (`roles/owner`) Editor (`roles/editor`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`)
`datamigration.conversionworkspaces.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`)
`datamigration.conversionworkspaces.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`) Support User (`roles/iam.supportUser`)
`datamigration.conversionworkspaces.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`datamigration.conversionworkspaces.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`datamigration.conversionworkspaces.rollback`	Owner (`roles/owner`) Editor (`roles/editor`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`)
`datamigration.conversionworkspaces.seed`	Owner (`roles/owner`) Editor (`roles/editor`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`)
`datamigration.conversionworkspaces.setIamPolicy`	Owner (`roles/owner`) Database Migration Admin (`roles/datamigration.admin`) Security Admin (`roles/iam.securityAdmin`)
`datamigration.conversionworkspaces.update`	Owner (`roles/owner`) Editor (`roles/editor`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`)
`datamigration.locations.fetchStaticIps`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`) Support User (`roles/iam.supportUser`)
`datamigration.locations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`) Support User (`roles/iam.supportUser`)
`datamigration.locations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`datamigration.mappingrules.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`datamigration.mappingrules.import`	Owner (`roles/owner`) Editor (`roles/editor`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`)
`datamigration.mappingrules.setIamPolicy`	Owner (`roles/owner`) Database Migration Admin (`roles/datamigration.admin`) Security Admin (`roles/iam.securityAdmin`)
`datamigration.migrationJobs.createTagBinding`	Owner (`roles/owner`) Database Migration Admin (`roles/datamigration.admin`) Tag User (`roles/resourcemanager.tagUser`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`)
`datamigration.migrationJobs.deleteTagBinding`	Owner (`roles/owner`) Database Migration Admin (`roles/datamigration.admin`) Tag User (`roles/resourcemanager.tagUser`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`)
`datamigration.migrationJobs.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`datamigration.migrationJobs.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`datamigration.migrationjobs.create`	Owner (`roles/owner`) Editor (`roles/editor`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`)
`datamigration.migrationjobs.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`)
`datamigration.migrationjobs.demoteDestination`	Owner (`roles/owner`) Editor (`roles/editor`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`)
`datamigration.migrationjobs.fetchSourceObjects`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`) Support User (`roles/iam.supportUser`)
`datamigration.migrationjobs.generateSshScript`	Owner (`roles/owner`) Editor (`roles/editor`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`)
`datamigration.migrationjobs.generateTcpProxyScript`	Owner (`roles/owner`) Editor (`roles/editor`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`)
`datamigration.migrationjobs.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`) Support User (`roles/iam.supportUser`)
`datamigration.migrationjobs.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`datamigration.migrationjobs.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`datamigration.migrationjobs.promote`	Owner (`roles/owner`) Editor (`roles/editor`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`)
`datamigration.migrationjobs.restart`	Owner (`roles/owner`) Editor (`roles/editor`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`)
`datamigration.migrationjobs.resume`	Owner (`roles/owner`) Editor (`roles/editor`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`)
`datamigration.migrationjobs.setIamPolicy`	Owner (`roles/owner`) Database Migration Admin (`roles/datamigration.admin`) Security Admin (`roles/iam.securityAdmin`)
`datamigration.migrationjobs.start`	Owner (`roles/owner`) Editor (`roles/editor`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`)
`datamigration.migrationjobs.stop`	Owner (`roles/owner`) Editor (`roles/editor`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`)
`datamigration.migrationjobs.update`	Owner (`roles/owner`) Editor (`roles/editor`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`)
`datamigration.migrationjobs.verify`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`) Support User (`roles/iam.supportUser`)
`datamigration.objects.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`) Support User (`roles/iam.supportUser`)
`datamigration.objects.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`datamigration.operations.cancel`	Owner (`roles/owner`) Editor (`roles/editor`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`)
`datamigration.operations.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`)
`datamigration.operations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`) Support User (`roles/iam.supportUser`)
`datamigration.operations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`datamigration.privateConnections.createTagBinding`	Owner (`roles/owner`) Database Migration Admin (`roles/datamigration.admin`) Tag User (`roles/resourcemanager.tagUser`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`)
`datamigration.privateConnections.deleteTagBinding`	Owner (`roles/owner`) Database Migration Admin (`roles/datamigration.admin`) Tag User (`roles/resourcemanager.tagUser`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`)
`datamigration.privateConnections.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`datamigration.privateConnections.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`datamigration.privateconnections.create`	Owner (`roles/owner`) Editor (`roles/editor`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`)
`datamigration.privateconnections.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`)
`datamigration.privateconnections.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`) Support User (`roles/iam.supportUser`)
`datamigration.privateconnections.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`datamigration.privateconnections.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Database Migration Admin (`roles/datamigration.admin`) Datamigration Editor (`roles/datamigration.editor`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`datamigration.privateconnections.setIamPolicy`	Owner (`roles/owner`) Database Migration Admin (`roles/datamigration.admin`) Security Admin (`roles/iam.securityAdmin`)

Database Migration Service roles and permissions

Database Migration Service roles

Database Migration Admin

Datamigration Editor

Service agent roles

Database Migration Service Agent

Database Migration Service permissions

datamigration.connectionProfiles.createTagBinding

datamigration.connectionProfiles.deleteTagBinding

datamigration.connectionProfiles.listEffectiveTags

datamigration.connectionProfiles.listTagBindings

datamigration.connectionprofiles.create

datamigration.connectionprofiles.delete

datamigration.connectionprofiles.get

datamigration.connectionprofiles.getIamPolicy

datamigration.connectionprofiles.list

datamigration.connectionprofiles.setIamPolicy

datamigration.connectionprofiles.update

datamigration.conversionworkspaces.apply

datamigration.conversionworkspaces.commit

datamigration.conversionworkspaces.convert

datamigration.conversionworkspaces.create

datamigration.conversionworkspaces.delete

datamigration.conversionworkspaces.get

datamigration.conversionworkspaces.getIamPolicy

datamigration.conversionworkspaces.list

datamigration.conversionworkspaces.rollback

datamigration.conversionworkspaces.seed

datamigration.conversionworkspaces.setIamPolicy

datamigration.conversionworkspaces.update

datamigration.locations.fetchStaticIps

datamigration.locations.get

datamigration.locations.list

datamigration.mappingrules.getIamPolicy

datamigration.mappingrules.import

datamigration.mappingrules.setIamPolicy

datamigration.migrationJobs.createTagBinding

datamigration.migrationJobs.deleteTagBinding

datamigration.migrationJobs.listEffectiveTags

datamigration.migrationJobs.listTagBindings

datamigration.migrationjobs.create

datamigration.migrationjobs.delete

datamigration.migrationjobs.demoteDestination

datamigration.migrationjobs.fetchSourceObjects

datamigration.migrationjobs.generateSshScript

datamigration.migrationjobs.generateTcpProxyScript

datamigration.migrationjobs.get

datamigration.migrationjobs.getIamPolicy

datamigration.migrationjobs.list

datamigration.migrationjobs.promote

datamigration.migrationjobs.restart

datamigration.migrationjobs.resume

datamigration.migrationjobs.setIamPolicy

datamigration.migrationjobs.start

datamigration.migrationjobs.stop

datamigration.migrationjobs.update

datamigration.migrationjobs.verify

datamigration.objects.get

datamigration.objects.list

datamigration.operations.cancel

datamigration.operations.delete

datamigration.operations.get

datamigration.operations.list

datamigration.privateConnections.createTagBinding

datamigration.privateConnections.deleteTagBinding

datamigration.privateConnections.listEffectiveTags

datamigration.privateConnections.listTagBindings

datamigration.privateconnections.create

datamigration.privateconnections.delete

datamigration.privateconnections.get

datamigration.privateconnections.getIamPolicy

datamigration.privateconnections.list

datamigration.privateconnections.setIamPolicy

`datamigration.connectionProfiles.createTagBinding`

`datamigration.connectionProfiles.deleteTagBinding`

`datamigration.connectionProfiles.listEffectiveTags`

`datamigration.connectionProfiles.listTagBindings`

`datamigration.connectionprofiles.create`

`datamigration.connectionprofiles.delete`

`datamigration.connectionprofiles.get`

`datamigration.connectionprofiles.getIamPolicy`

`datamigration.connectionprofiles.list`

`datamigration.connectionprofiles.setIamPolicy`

`datamigration.connectionprofiles.update`

`datamigration.conversionworkspaces.apply`

`datamigration.conversionworkspaces.commit`

`datamigration.conversionworkspaces.convert`

`datamigration.conversionworkspaces.create`

`datamigration.conversionworkspaces.delete`

`datamigration.conversionworkspaces.get`

`datamigration.conversionworkspaces.getIamPolicy`

`datamigration.conversionworkspaces.list`

`datamigration.conversionworkspaces.rollback`

`datamigration.conversionworkspaces.seed`

`datamigration.conversionworkspaces.setIamPolicy`

`datamigration.conversionworkspaces.update`

`datamigration.locations.fetchStaticIps`

`datamigration.locations.get`

`datamigration.locations.list`

`datamigration.mappingrules.getIamPolicy`

`datamigration.mappingrules.import`

`datamigration.mappingrules.setIamPolicy`

`datamigration.migrationJobs.createTagBinding`

`datamigration.migrationJobs.deleteTagBinding`

`datamigration.migrationJobs.listEffectiveTags`

`datamigration.migrationJobs.listTagBindings`

`datamigration.migrationjobs.create`

`datamigration.migrationjobs.delete`

`datamigration.migrationjobs.demoteDestination`

`datamigration.migrationjobs.fetchSourceObjects`

`datamigration.migrationjobs.generateSshScript`

`datamigration.migrationjobs.generateTcpProxyScript`

`datamigration.migrationjobs.get`

`datamigration.migrationjobs.getIamPolicy`

`datamigration.migrationjobs.list`

`datamigration.migrationjobs.promote`

`datamigration.migrationjobs.restart`

`datamigration.migrationjobs.resume`

`datamigration.migrationjobs.setIamPolicy`

`datamigration.migrationjobs.start`

`datamigration.migrationjobs.stop`

`datamigration.migrationjobs.update`

`datamigration.migrationjobs.verify`

`datamigration.objects.get`

`datamigration.objects.list`

`datamigration.operations.cancel`

`datamigration.operations.delete`

`datamigration.operations.get`

`datamigration.operations.list`

`datamigration.privateConnections.createTagBinding`

`datamigration.privateConnections.deleteTagBinding`

`datamigration.privateConnections.listEffectiveTags`

`datamigration.privateConnections.listTagBindings`

`datamigration.privateconnections.create`

`datamigration.privateconnections.delete`

`datamigration.privateconnections.get`

`datamigration.privateconnections.getIamPolicy`

`datamigration.privateconnections.list`

`datamigration.privateconnections.setIamPolicy`