Roles and Permissions Required for a GCP Account

Before integrating with Virtana Platform, you need to create a service account and an associated custom role with the required permissions. The tables below describe the roles and permissions you must assign to a custom role for the service account.

Following are lists of all roles required for the integration with Virtana Platform. Any permissions not in these lists can be removed from the Virtana role that you create in GCP.

BigQuery Permissions

bigquery.bireservations.get

bigquery.capacityCommitments.get

bigquery.capacityCommitments.list

bigquery.config.get

bigquery.datasets.create

bigquery.datasets.get

bigquery.datasets.getIamPolicy

bigquery.jobs.create

bigquery.jobs.list

bigquery.models.export

bigquery.models.getData

bigquery.models.getMetadata

bigquery.models.list

bigquery.reservationAssignments.list

bigquery.reservationAssignments.search

bigquery.tables.create

bigquery.tables.delete

bigquery.reservations.get

bigquery.reservations.list

bigquery.routines.get

bigquery.routines.list

bigquery.rowAccessPolicies.getFilteredData

bigquery.savedqueries.get

bigquery.savedqueries.list

bigquery.tables.createSnapshot

bigquery.tables.export

bigquery.tables.get

bigquery.tables.getData

bigquery.tables.getIamPolicy

bigquery.tables.list

bigquery.transfers.get

bigquerymigration.translation.translate

Performance Permissions

cloudnotifications.activities.list

compute.addresses.get

compute.addresses.list

compute.addresses.listEffectiveTags

compute.addresses.listTagBindings

compute.diskSettings.get

compute.disks.get

compute.disks.list

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.instanceSettings.get

compute.instances.get

compute.instances.list

compute.instances.listEffectiveTags

compute.instances.listReferrers

compute.instances.listTagBindings

compute.machineImages.get

compute.machineImages.list

compute.machineTypes.get

compute.machineTypes.list

compute.reservationSubBlocks.get

compute.reservationSubBlocks.list

compute.reservations.get

compute.reservations.list

compute.zones.get

compute.zones.list

container.clusters.get

container.clusters.list

container.clusters.listEffectiveTags

container.clusters.listTagBindings

edgecontainer.clusters.get

edgecontainer.clusters.list

monitoring.alertPolicies.get

monitoring.alertPolicies.list

monitoring.dashboards.get

monitoring.dashboards.list

monitoring.groups.get

monitoring.groups.list

monitoring.metricDescriptors.create

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.get

monitoring.monitoredResourceDescriptors.list

monitoring.notificationChannelDescriptors.get

monitoring.notificationChannelDescriptors.list

monitoring.notificationChannels.get

monitoring.notificationChannels.list

monitoring.services.get

monitoring.services.list

monitoring.slos.get

monitoring.slos.list

monitoring.timeSeries.create

monitoring.timeSeries.list

monitoring.uptimeCheckConfigs.get

monitoring.uptimeCheckConfigs.list

API Permissions

opsconfigmonitoring.resourceMetadata.list

recommender.cloudCostGeneralRecommendations.get

recommender.cloudCostGeneralRecommendations.list

recommender.cloudsqlIdleInstanceRecommendations.get

recommender.cloudsqlIdleInstanceRecommendations.list

recommender.commitmentUtilizationInsights.get

recommender.commitmentUtilizationInsights.list

recommender.computeAddressIdleResourceInsights.get

recommender.computeAddressIdleResourceInsights.list

recommender.computeAddressIdleResourceRecommendations.get

recommender.computeAddressIdleResourceRecommendations.list

recommender.computeDiskIdleResourceInsights.get

recommender.computeDiskIdleResourceInsights.list

recommender.computeDiskIdleResourceRecommendations.get

recommender.computeDiskIdleResourceRecommendations.list

recommender.computeImageIdleResourceInsights.get

recommender.computeImageIdleResourceInsights.list

recommender.computeImageIdleResourceRecommendations.get

recommender.computeImageIdleResourceRecommendations.list

recommender.computeInstanceCpuUsageInsights.get

recommender.computeInstanceCpuUsageInsights.list

recommender.computeInstanceCpuUsagePredictionInsights.get

recommender.computeInstanceCpuUsagePredictionInsights.list

recommender.computeInstanceCpuUsageTrendInsights.get

recommender.computeInstanceCpuUsageTrendInsights.list

recommender.computeInstanceGroupManagerCpuUsageInsights.get

recommender.computeInstanceGroupManagerCpuUsageInsights.list

recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.get

recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.list

recommender.computeInstanceGroupManagerCpuUsageTrendInsights.get

recommender.computeInstanceGroupManagerCpuUsageTrendInsights.list

recommender.computeInstanceGroupManagerMachineTypeRecommendations.get

recommender.computeInstanceGroupManagerMachineTypeRecommendations.list

recommender.computeInstanceGroupManagerMemoryUsageInsights.get

recommender.computeInstanceGroupManagerMemoryUsageInsights.list

recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.get

recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.list

recommender.computeInstanceIdleResourceRecommendations.get

recommender.computeInstanceIdleResourceRecommendations.list

recommender.computeInstanceIdleResourceRecommenderConfig.get

recommender.computeInstanceMachineTypeRecommendations.get

recommender.computeInstanceMachineTypeRecommendations.list

recommender.computeInstanceMemoryUsageInsights.get

recommender.computeInstanceMemoryUsageInsights.list

recommender.computeInstanceMemoryUsagePredictionInsights.get

recommender.computeInstanceMemoryUsagePredictionInsights.list

recommender.computeInstanceNetworkThroughputInsights.get

recommender.computeInstanceNetworkThroughputInsights.list

recommender.containerDiagnosisInsights.get

recommender.containerDiagnosisInsights.list

recommender.containerDiagnosisRecommendations.get

recommender.containerDiagnosisRecommendations.list

recommender.costInsights.get

recommender.costInsights.list

recommender.locations.get

recommender.locations.list

resourcemanager.projects.get

servicemanagement.services.bind

servicemanagement.services.check

servicemanagement.services.get

servicemanagement.services.quota

servicemanagement.services.report

stackdriver.projects.get

Note

Memory Utilization: The Ops Agent must be installed on VMs to collect memory metrics.
OS Information: The GCP VM Manager must be enabled to capture OS metadata.
Recommender Activation: You need to enable the Recommender API.
Permission Limitation: The Idle Reservation Recommender is currently in Pre-GA, so its permission cannot be included in a project-level custom role. You should explicitly provide the Compute Recommender viewer role to the service account.

In this section:

Roles and Permissions Required for a GCP Account

Note

Search results