Appendix A: Required AROVA Permissions
This is a list of permissions required for the operation of AROVA.
|
Operation |
Required Permissions |
|
Project / region / zone configuration |
compute.regionOperations.get Compute.regions.get compute.zoneOperations.get Compute.zones.list |
|
Disk access / creation |
compute.disks.addResourcePolicies compute.disks.create compute.disks.delete compute.disks.get compute.disks.list compute.disks.removeResourcePolicies compute.disks.setLabels compute.disks.startAsyncReplication compute.disks.stopAsyncReplication compute.disks.stopGroupAsyncReplication compute.disks.update compute.disks.use compute.disks.useReadOnly |
|
VM access / creation |
compute.instances.addAccessConfig compute.instances.addMaintenancePolicies compute.instances.addResourcePolicies compute.instances.attachDisk compute.instances.create compute.instances.delete compute.instances.detachDisk compute.instances.get compute.instances.getGuestAttributes compute.instances.getIamPolicy compute.instances.list compute.instances.setDeletionProtection compute.instances.setIamPolicy compute.instances.setLabels compute.instances.setMetadata compute.instances.setServiceAccount compute.instances.setTags compute.instances.start compute.instances.stop compute.instances.updateDisplayDevice compute.machineTypes.list compute.machineTypes.get |
|
Network access |
compute.networks.get compute.networks.list compute.subnetworks.get compute.subnetworks.list compute.subnetworks.use compute.subnetworks.useExternalIp |
|
AROVA access validation |
iam.serviceAccounts.get iam.serviceAccounts.list iam.serviceAccounts.setIamPolicy |
|
VM access validation |
compute.resourcePolicies.create compute.resourcePolicies.delete compute.resourcePolicies.get compute.resourcePolicies.list compute.resourcePolicies.use compute.resourcePolicies.useReadOnly compute.serviceAttachments.getIamPolicy |
|
Guest VM OS policy management |
osconfig.guestPolicies.create osconfig.guestPolicies.delete osconfig.guestPolicies.get osconfig.guestPolicies.list osconfig.guestPolicies.update |
|
AROVA logging and monitoring |
logging.logEntries.create logging.logMetrics.create monitoring.timeSeries.list |
|
Read-only cryptographic key access |
cloudkms.keyRings.list cloudkms.cryptoKeys.list cloudkms.cryptoKeyVersions.useToDecrypt cloudkms.cryptoKeyVersions.useToEncrypt |
Table: Required permissions for AROVA.
Also see: