diff --git a/google/spanner/admin/database/v1/spanner.yaml b/google/spanner/admin/database/v1/spanner.yaml
new file mode 100644
index 000000000..b15d46664
--- /dev/null
+++ b/google/spanner/admin/database/v1/spanner.yaml
@@ -0,0 +1,68 @@
+type: google.api.Service
+config_version: 3
+name: spanner.googleapis.com
+title: Cloud Spanner API
+
+apis:
+- name: google.longrunning.Operations
+- name: google.spanner.admin.database.v1.DatabaseAdmin
+
+types:
+- name: google.spanner.admin.database.v1.CopyBackupMetadata
+- name: google.spanner.admin.database.v1.CreateBackupMetadata
+- name: google.spanner.admin.database.v1.CreateDatabaseMetadata
+- name: google.spanner.admin.database.v1.OptimizeRestoredDatabaseMetadata
+- name: google.spanner.admin.database.v1.RestoreDatabaseMetadata
+- name: google.spanner.admin.database.v1.UpdateDatabaseDdlMetadata
+
+documentation:
+  summary: |-
+    Cloud Spanner is a managed, mission-critical, globally consistent and
+    scalable relational database service.
+
+backend:
+  rules:
+  - selector: 'google.longrunning.Operations.*'
+    deadline: 3600.0
+  - selector: 'google.spanner.admin.database.v1.DatabaseAdmin.*'
+    deadline: 3600.0
+
+http:
+  rules:
+  - selector: google.longrunning.Operations.CancelOperation
+    post: '/v1/{name=projects/*/instances/*/databases/*/operations/*}:cancel'
+    additional_bindings:
+    - post: '/v1/{name=projects/*/instances/*/operations/*}:cancel'
+    - post: '/v1/{name=projects/*/instances/*/backups/*/operations/*}:cancel'
+    - post: '/v1/{name=projects/*/instanceConfigs/*/operations/*}:cancel'
+  - selector: google.longrunning.Operations.DeleteOperation
+    delete: '/v1/{name=projects/*/instances/*/databases/*/operations/*}'
+    additional_bindings:
+    - delete: '/v1/{name=projects/*/instances/*/operations/*}'
+    - delete: '/v1/{name=projects/*/instances/*/backups/*/operations/*}'
+    - delete: '/v1/{name=projects/*/instanceConfigs/*/operations/*}'
+  - selector: google.longrunning.Operations.GetOperation
+    get: '/v1/{name=projects/*/instances/*/databases/*/operations/*}'
+    additional_bindings:
+    - get: '/v1/{name=projects/*/instances/*/operations/*}'
+    - get: '/v1/{name=projects/*/instances/*/backups/*/operations/*}'
+    - get: '/v1/{name=projects/*/instanceConfigs/*/operations/*}'
+  - selector: google.longrunning.Operations.ListOperations
+    get: '/v1/{name=projects/*/instances/*/databases/*/operations}'
+    additional_bindings:
+    - get: '/v1/{name=projects/*/instances/*/operations}'
+    - get: '/v1/{name=projects/*/instances/*/backups/*/operations}'
+    - get: '/v1/{name=projects/*/instanceConfigs/*/operations}'
+
+authentication:
+  rules:
+  - selector: 'google.longrunning.Operations.*'
+    oauth:
+      canonical_scopes: |-
+        https://www.googleapis.com/auth/cloud-platform,
+        https://www.googleapis.com/auth/spanner.admin
+  - selector: 'google.spanner.admin.database.v1.DatabaseAdmin.*'
+    oauth:
+      canonical_scopes: |-
+        https://www.googleapis.com/auth/cloud-platform,
+        https://www.googleapis.com/auth/spanner.admin
diff --git a/google/spanner/admin/database/v1/spanner_admin_database_grpc_service_config.json b/google/spanner/admin/database/v1/spanner_admin_database_grpc_service_config.json
index 87c1aaad2..c839313c0 100755
--- a/google/spanner/admin/database/v1/spanner_admin_database_grpc_service_config.json
+++ b/google/spanner/admin/database/v1/spanner_admin_database_grpc_service_config.json
@@ -45,6 +45,10 @@
         {
           "service": "google.spanner.admin.database.v1.DatabaseAdmin",
           "method": "ListBackupOperations"
+        },
+        {
+          "service": "google.spanner.admin.database.v1.DatabaseAdmin",
+          "method": "ListDatabaseRoles"
         }
       ],
       "timeout": "3600s",
diff --git a/google/spanner/admin/database/v1/spanner_database_admin.proto b/google/spanner/admin/database/v1/spanner_database_admin.proto
index 38023e072..91489ae4b 100644
--- a/google/spanner/admin/database/v1/spanner_database_admin.proto
+++ b/google/spanner/admin/database/v1/spanner_database_admin.proto
@@ -187,6 +187,10 @@ service DatabaseAdmin {
         post: "/v1/{resource=projects/*/instances/*/backups/*}:testIamPermissions"
         body: "*"
       }
+      additional_bindings {
+        post: "/v1/{resource=projects/*/instances/*/databases/*/databaseRoles/*}:testIamPermissions"
+        body: "*"
+      }
     };
     option (google.api.method_signature) = "resource,permissions";
   }
@@ -334,6 +338,14 @@ service DatabaseAdmin {
     };
     option (google.api.method_signature) = "parent";
   }
+
+  // Lists Cloud Spanner database roles.
+  rpc ListDatabaseRoles(ListDatabaseRolesRequest) returns (ListDatabaseRolesResponse) {
+    option (google.api.http) = {
+      get: "/v1/{parent=projects/*/instances/*/databases/*}/databaseRoles"
+    };
+    option (google.api.method_signature) = "parent";
+  }
 }
 
 // Information about the database restore.
@@ -868,3 +880,51 @@ enum RestoreSourceType {
   // A backup was used as the source of the restore.
   BACKUP = 1;
 }
+
+// A Cloud Spanner database role.
+message DatabaseRole {
+  option (google.api.resource) = {
+    type: "spanner.googleapis.com/DatabaseRole"
+    pattern: "projects/{project}/instances/{instance}/databases/{database}/databaseRoles/{role}"
+  };
+
+  // Required. The name of the database role. Values are of the form
+  // `projects/<project>/instances/<instance>/databases/<database>/databaseRoles/
+  // {role}`, where `<role>` is as specified in the `CREATE ROLE`
+  // DDL statement. This name can be passed to Get/Set IAMPolicy methods to
+  // identify the database role.
+  string name = 1 [(google.api.field_behavior) = REQUIRED];
+}
+
+// The request for [ListDatabaseRoles][google.spanner.admin.database.v1.DatabaseAdmin.ListDatabaseRoles].
+message ListDatabaseRolesRequest {
+  // Required. The database whose roles should be listed.
+  // Values are of the form
+  // `projects/<project>/instances/<instance>/databases/<database>/databaseRoles`.
+  string parent = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "spanner.googleapis.com/Database"
+    }
+  ];
+
+  // Number of database roles to be returned in the response. If 0 or less,
+  // defaults to the server's maximum allowed page size.
+  int32 page_size = 2;
+
+  // If non-empty, `page_token` should contain a
+  // [next_page_token][google.spanner.admin.database.v1.ListDatabaseRolesResponse.next_page_token] from a
+  // previous [ListDatabaseRolesResponse][google.spanner.admin.database.v1.ListDatabaseRolesResponse].
+  string page_token = 3;
+}
+
+// The response for [ListDatabaseRoles][google.spanner.admin.database.v1.DatabaseAdmin.ListDatabaseRoles].
+message ListDatabaseRolesResponse {
+  // Database roles that matched the request.
+  repeated DatabaseRole database_roles = 1;
+
+  // `next_page_token` can be sent in a subsequent
+  // [ListDatabaseRoles][google.spanner.admin.database.v1.DatabaseAdmin.ListDatabaseRoles]
+  // call to fetch more of the matching roles.
+  string next_page_token = 2;
+}