Google Cloud Platform (GCP) permission usage
The following tables contain information about why Cloud Snapshot Manager requires GCP permissions to discover and protect resources in your cloud environment:
| GCP Permission | Cloud Snapshot Manager features dependent on the permission | Comments |
|---|---|---|
| compute.disks.create | Restore VM instance and File Level Recovery | The permission is used to create a new persistent disk. |
| compute.disks.createSnapshot | OnDemand snapshot and Protection Plan | This permission is used to create a snapshot of a persistent disk. |
| compute.disks.delete | Restore process | The permission is used to delete the persistent disk, specifically when a restore process fails, and a newly created disk needs to be removed. |
| compute.disks.get | Get disk details | The permission is used to display details about the disk. |
| compute.disks.list | List disks | The permission is used to list the disk details. |
| compute.disks.setLabels | Restore VM Instance | The permission is used to set the label on the persistent disk. |
| compute.disks.use | Restore VM instance and File Level Recovery | The permission is used to attach the persistent disk to a VM instance. |
| GCP Permission | Cloud Snapshot Manager features dependent on the permission | Comments |
|---|---|---|
| compute.instances.attachDisk | Restore VM instance | The permission is used to attach a persistent disk to a specific instance. |
| compute.instances.create | Restore VM instance | The permission is used to create a VM in a specific project. |
| compute.instances.delete | Restore VM instance | The permission is used to delete an instance, specifically when a restore process fails, and a partially restored VM instance needs to be removed. |
| compute.instances.detachDisk | File Level Recovery | This permission enables the detachment of a persistent disk from a virtual machine (VM) that was previously attached for file-level recovery purposes. |
| compute.instances.get | Get instance details | The permission is used to display details about resources. |
| compute.instances.list | List instances | The permission is used for discovering resources. |
| compute.instances.setDeletionProtection | Restore VM instance | The permission is used to set the DeletionProtection configuration on a VM during the process of restoring it. |
| compute.instances.setLabels | Restore labels | The permission is used to set labels on the restored instance during the restore process, based on the labels that were set on the original resource. |
| compute.instances.setMetadata | Set metadata | The permission is used to set Metadata on the restored instance during the restore process, based on the Metadata that was set on the original resource. |
| compute.instances.setServiceAccount compute.instances.start compute.instances.stop | Restore VM instance | These permissions are related to managing the state of Compute Engine instances such as starting, stopping, restarting, and power on VM. |
| compute.instances.setTags | Restore tags | The permission is used to set the metadata tags on the VM instance. |
| GCP Permission | Cloud Snapshot Manager features dependent on the permission | Comments |
|---|---|---|
| compute.networks.list | List networks | The permission is used to list the GCP networks in the project. |
| GCP Permission | Cloud Snapshot Manager features dependent on the permission | Comments |
|---|---|---|
| compute.projects.get | Get project details | The permission is used to validate the information provided by the user during the creation of a Cloud Account. |
| GCP Permission | Cloud Snapshot Manager features dependent on the permission | Comments |
|---|---|---|
| compute.regions.list | List regions | The permission is used to list the available GCP regions. |
| compute.regionOperations.get | Snapshot, Restore and File Level Recovery | The permission is used to monitor the status and progress of the resources in a specific region. Such as snapshot, disk creation etc. |
| GCP Permission | Cloud Snapshot Manager features dependent on the permission | Comments |
|---|---|---|
| compute.snapshots.create | Create a snapshot | The permission is used to create snapshots of the persistent disk. |
| compute.snapshots.delete | Expiry | The permission is used to delete snapshots of the persistent disk in the GCP. |
| compute.snapshots.get | Get snapshot details | The permission is used to retrieve information about a snapshot. |
| compute.snapshots.list | List snapshots | The permission is used to list the snapshots in the GCP. |
| compute.snapshots.setLabels | Create Snapshot | The permission is used to set the CSM specific label on the snapshot. |
| compute.snapshots.useReadOnly | Restore VM and File Level Recovery | The permission is used for crating new disks pr attaching existing disk from snapshot. |
| GCP Permission | Cloud Snapshot Manager features dependent on the permission | Comments |
|---|---|---|
| compute.subnetworks.list | Restore Page | The permission is used to list the available subnetworks in GCP. |
| compute.subnetworks.use | Restore VM instance | The permission is used for managing VM instances that use subnets as their network. |
| GCP Permission | Cloud Snapshot Manager features dependent on the permission | Comments |
|---|---|---|
| compute.zones.get | Resource Discovery | The permission is used to retrieve the zones details. |
| compute.zones.list | List Zones | The permission is used to list the available zones in GCP on resource discovery, restore, protection plan pages. |
| compute.zoneOperations.get | Snapshot, Restore, and File Level Recovery | The permission is used to monitor the status and progress of the resources in specific zone. |
| GCP Permission | Cloud Snapshot Manager features dependent on the permission | Comments |
|---|---|---|
| iam.serviceAccounts.actAs | Restore VM instance | The permission is used to set the Service Account for the VM under API and identity management section. |