Document toolboxDocument toolbox

Permissions required in GCP

Owned by Sri Raghu
Last updated: Sept 06, 2024
1 min read

The following permissions are required in GCP for discovery and inbound cloud forwarding:

  • Folder Viewer (Role)

  • Compute Viewer (Role)

  • DNS Reader (Role)

The following permissions are required in GCP for discovery and outbound cloud forwarding:

  • Folder Viewer (Role)

  • Compute Viewer (Role)

  • DNS Reader (Role)

  • dns.managedZones.create (Permission)

  • dns.managedZones.delete (Permission)

  • dns.managedZones.update (Permission)

  • dns.networks.bindPrivateDNSZone (Permission)

The following permissions are required in GCP for syncing Storage Tables. Create a Custom Role and add the following two permissions:

  • storage.buckets.list

  • storage.buckets.getIamPolicy

The two entries must be added to the default permissions.

The following permissions are required in GCP to sync Kubernetes cluster. Add the following role:

  •   Kubernetes Engine Cluster Viewer

The Role and Permission mentioned in parentheses () are for information only and not part of the role or permission name.

The following permissions are required in GCP to sync internal ranges. Create a Custom Role and add the following permissions:

  • networkconnectivity.internalRanges.create

  • networkconnectivity.internalRanges.delete

  • networkconnectivity.internalRanges.get

  • networkconnectivity.internalRanges.getIamPolicy

  • networkconnectivity.internalRanges.list

  • networkconnectivity.internalRanges.setIamPolicy

  • networkconnectivity.internalRanges.update

  • networkconnectivity.locations.get

  • networkconnectivity.locations.list

  • networkconnectivity.operations.cancel

  • networkconnectivity.operations.delete

  • networkconnectivity.operations.get

  • networkconnectivity.operations.list

When setting up the provider, ensure that tables related to Internal Ranges or Kubernetes Cluster permissions are excluded if not granted.

Â