When managing roles in Google Cloud IAM, all datastore.* permissions (such as datastore.entities.{create, list, get}) show up as greyed out with a yellow exclamation badge with a tool tip explaining "cannot assign permission."
I'm assuming this is why all datastore api calls result in "com.google.cloud.datastore.DatastoreException: Missing or insufficient permissions" even when assigning project level rights to the role.
Any idea how to grant these permissions to roles?