You are a Database Engineer responsible for setting up secure connectivity and access control for your organization's Google Cloud Memorystore for Redis instances. Which of the following IAM roles should be granted to a user who needs to manage the Memorystore instances, but should not have access to the actual data stored in the instances?