How do we set up a role for Firebase console user that allows the user to create funnels and audiences (Project Editor role) for analytics data, while restricting access to BigQuery and Cloud Storage resources?
Firebase now provides two predifined roles related to Google Analytics reports, roles/firebase.analyticsAdmin and roles/firebase.analyticsViewer. This allows basic access control, but not any sort of per-report or restricted editor permissions.
Note that BigQuery can be managed by IAM permissions through Cloud.