Roles and Permissions Required for a GCP Account

Before integrating with Virtana Platform, you need to create a service account and an associated custom role with the required permissions. The tables below describe the roles and permissions you must assign to a custom role for the service account.

Following are lists of all roles required for the integration with Virtana Platform. Any permissions not in these lists can be removed from the Virtana role that you create in GCP.

BigQuery permissions

bigquery.bireservations.get		bigquery.reservations.get
bigquery.capacityCommitments.get		bigquery.reservations.list
bigquery.capacityCommitments.list		bigquery.routines.get
bigquery.config.get		bigquery.routines.list
bigquery.datasets.create		bigquery.rowAccessPolicies.getFilteredData
bigquery.datasets.get		bigquery.savedqueries.get
bigquery.datasets.getIamPolicy		bigquery.savedqueries.list
bigquery.jobs.create		bigquery.tables.createSnapshot
bigquery.jobs.list		bigquery.tables.export
bigquery.models.export		bigquery.tables.get
bigquery.models.getData		bigquery.tables.getData
bigquery.models.getMetadata		bigquery.tables.getIamPolicy
bigquery.models.list		bigquery.tables.list
bigquery.reservationAssignments.list		bigquery.transfers.get
bigquery.reservationAssignments.search		bigquerymigration.translation.translate
bigquery.tables.create		Allows creation of temporary tables for materializing views before querying.(for FOCUS reports only)
bigquery.tables.delete		Enables cleanup of those temporary tables after processing is complete. (for FOCUS reports only)

Performance permissions

cloudnotifications.activities.list		monitoring.notificationChannelDescriptors.list
monitoring.alertPolicies.get		monitoring.notificationChannels.get
monitoring.alertPolicies.list		monitoring.notificationChannels.list
monitoring.dashboards.get		monitoring.publicWidgets.get
monitoring.dashboards.list		monitoring.publicWidgets.list
monitoring.groups.get		monitoring.services.get
monitoring.groups.list		monitoring.services.list
monitoring.metricDescriptors.create		monitoring.slos.get
monitoring.metricDescriptors.get		monitoring.slos.list
monitoring.metricDescriptors.list		monitoring.timeSeries.create
monitoring.monitoredResourceDescriptors.get		monitoring.timeSeries.list
monitoring.monitoredResourceDescriptors.list		monitoring.uptimeCheckConfigs.get
monitoring.notificationChannelDescriptors.get		monitoring.uptimeCheckConfigs.list

API permissions

opsconfigmonitoring.resourceMetadata.list		servicemanagement.services.get
resourcemanager.projects.get		servicemanagement.services.quota
servicemanagement.services.bind		servicemanagement.services.report
servicemanagement.services.check		stackdriver.projects.get

In this section:

Roles and Permissions Required for a GCP Account

Search results