Network Management API roles and permissions

This page lists the IAM roles and permissions for Network Management API. To search through all roles and permissions, see the role and permission index .

Network Management API roles

Role

Permissions

Network Management Admin

( roles/ networkmanagement.admin )

Full access to Network Management resources.

Lowest-level resources where you can grant this role:

Project

networkmanagement.*

networkmanagement. connectivitytests. create
networkmanagement. connectivitytests. delete
networkmanagement. connectivitytests. get
networkmanagement. connectivitytests. getIamPolicy
networkmanagement. connectivitytests. list
networkmanagement. connectivitytests. rerun
networkmanagement. connectivitytests. setIamPolicy
networkmanagement. connectivitytests. update
networkmanagement. locations. get
networkmanagement. locations. list
networkmanagement. operations. cancel
networkmanagement. operations. delete
networkmanagement. operations. get
networkmanagement. operations. list
networkmanagement. vpcflowlogsconfigs. create
networkmanagement. vpcflowlogsconfigs. delete
networkmanagement. vpcflowlogsconfigs. get
networkmanagement. vpcflowlogsconfigs. list
networkmanagement. vpcflowlogsconfigs. update

resourcemanager. organizations. get

resourcemanager.projects.get

resourcemanager.projects.list

GCP Network Management Service Agent

( roles/ networkmanagement.serviceAgent )

Grants the GCP Network Management API the authority to complete analysis based on network configurations from Compute Engine and Container Engine.

cloudsql.instances.get

cloudsql.instances.list

compute.addresses.get

compute.addresses.list

compute.backendServices.get

compute.backendServices.list

compute. externalVpnGateways. get

compute. externalVpnGateways. list

compute.firewalls.get

compute.firewalls.list

compute.forwardingRules.get

compute.forwardingRules.list

compute.globalAddresses.get

compute.globalAddresses.list

compute. globalForwardingRules. get

compute. globalForwardingRules. list

compute. globalNetworkEndpointGroups. get

compute. globalNetworkEndpointGroups. list

compute.healthChecks.get

compute.healthChecks.list

compute.httpHealthChecks.get

compute.httpHealthChecks.list

compute.httpsHealthChecks.get

compute.httpsHealthChecks.list

compute.instanceGroups.get

compute.instanceGroups.list

compute.instances.get

compute.instances.list

compute. networkEndpointGroups. get

compute. networkEndpointGroups. list

compute.networks.get

compute. networks. getEffectiveFirewalls

compute.networks.list

compute. networks. listPeeringRoutes

compute.packetMirrorings.get

compute.packetMirrorings.list

compute. regionBackendServices. get

compute. regionBackendServices. list

compute.regionHealthChecks.get

compute. regionHealthChecks. list

compute. regionNetworkEndpointGroups. get

compute. regionNetworkEndpointGroups. list

compute. regionTargetHttpProxies. get

compute. regionTargetHttpProxies. list

compute. regionTargetHttpsProxies. get

compute. regionTargetHttpsProxies. list

compute. regionTargetTcpProxies. get

compute. regionTargetTcpProxies. list

compute.regionUrlMaps.get

compute.regionUrlMaps.list

compute.routers.get

compute.routers.list

compute.routes.get

compute.routes.list

compute.subnetworks.get

compute.subnetworks.list

compute.targetGrpcProxies.get

compute.targetGrpcProxies.list

compute.targetHttpProxies.get

compute.targetHttpProxies.list

compute.targetHttpsProxies.get

compute. targetHttpsProxies. list

compute.targetInstances.get

compute.targetInstances.list

compute.targetPools.get

compute.targetPools.list

compute.targetSslProxies.get

compute.targetSslProxies.list

compute.targetTcpProxies.get

compute.targetTcpProxies.list

compute.targetVpnGateways.get

compute.targetVpnGateways.list

compute.urlMaps.get

compute.urlMaps.list

compute.vpnGateways.get

compute.vpnGateways.list

compute.vpnTunnels.get

compute.vpnTunnels.list

container.clusters.get

container.clusters.list

container.nodes.get

container.nodes.list

Network Management Viewer

( roles/ networkmanagement.viewer )

Read-only access to Network Management resources.

Lowest-level resources where you can grant this role:

Project

networkmanagement. connectivitytests. get

networkmanagement. connectivitytests. getIamPolicy

networkmanagement. connectivitytests. list

networkmanagement.locations.*

networkmanagement. locations. get
networkmanagement. locations. list

networkmanagement. operations. get

networkmanagement. operations. list

networkmanagement. vpcflowlogsconfigs. get

networkmanagement. vpcflowlogsconfigs. list

resourcemanager. organizations. get

resourcemanager.projects.get

resourcemanager.projects.list

Network Management API permissions

Permission

Included in roles

`networkmanagement. connectivitytests. create`

Owner ( roles/ owner )

Editor ( roles/ editor )

Network Administrator ( roles/ iam.networkAdmin )

Network Management Admin ( roles/ networkmanagement.admin )

`networkmanagement. connectivitytests. delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

Network Administrator ( roles/ iam.networkAdmin )

Network Management Admin ( roles/ networkmanagement.admin )

`networkmanagement. connectivitytests. get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Compute Network Admin ( roles/ compute.networkAdmin )

Compute Network User ( roles/ compute.networkUser )

Compute Network Viewer ( roles/ compute.networkViewer )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

Network Management Admin ( roles/ networkmanagement.admin )

Network Management Viewer ( roles/ networkmanagement.viewer )

Service agent roles

Cloud Composer API Service Agent ( roles/ composer.serviceAgent )
Kubernetes Engine Service Agent ( roles/ container.serviceAgent )
Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cloud Data Fusion API Service Agent ( roles/ datafusion.serviceAgent )
Cloud TPU V2 API Service Agent ( roles/ cloudtpu.serviceAgent )

`networkmanagement. connectivitytests. getIamPolicy`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Network Administrator ( roles/ iam.networkAdmin )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

Network Management Admin ( roles/ networkmanagement.admin )

Network Management Viewer ( roles/ networkmanagement.viewer )

`networkmanagement. connectivitytests. list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Compute Network Admin ( roles/ compute.networkAdmin )

Compute Network User ( roles/ compute.networkUser )

Compute Network Viewer ( roles/ compute.networkViewer )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

Network Management Admin ( roles/ networkmanagement.admin )

Network Management Viewer ( roles/ networkmanagement.viewer )

Service agent roles

Cloud Composer API Service Agent ( roles/ composer.serviceAgent )
Kubernetes Engine Service Agent ( roles/ container.serviceAgent )
Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cloud Data Fusion API Service Agent ( roles/ datafusion.serviceAgent )
Database Migration Service Agent ( roles/ datamigration.serviceAgent )
Cloud TPU V2 API Service Agent ( roles/ cloudtpu.serviceAgent )

`networkmanagement. connectivitytests. rerun`

Owner ( roles/ owner )

Editor ( roles/ editor )

Network Administrator ( roles/ iam.networkAdmin )

Network Management Admin ( roles/ networkmanagement.admin )

`networkmanagement. connectivitytests. setIamPolicy`

Owner ( roles/ owner )

Network Administrator ( roles/ iam.networkAdmin )

Security Admin ( roles/ iam.securityAdmin )

Network Management Admin ( roles/ networkmanagement.admin )

`networkmanagement. connectivitytests. update`

Owner ( roles/ owner )

Editor ( roles/ editor )

Network Administrator ( roles/ iam.networkAdmin )

Network Management Admin ( roles/ networkmanagement.admin )

`networkmanagement. locations. get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Network Administrator ( roles/ iam.networkAdmin )

Support User ( roles/ iam.supportUser )

Network Management Admin ( roles/ networkmanagement.admin )

Network Management Viewer ( roles/ networkmanagement.viewer )

`networkmanagement. locations. list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Network Administrator ( roles/ iam.networkAdmin )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

Network Management Admin ( roles/ networkmanagement.admin )

Network Management Viewer ( roles/ networkmanagement.viewer )

`networkmanagement. operations. cancel`

Owner ( roles/ owner )

Editor ( roles/ editor )

Network Administrator ( roles/ iam.networkAdmin )

Network Management Admin ( roles/ networkmanagement.admin )

`networkmanagement. operations. delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

Network Administrator ( roles/ iam.networkAdmin )

Network Management Admin ( roles/ networkmanagement.admin )

`networkmanagement. operations. get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Network Administrator ( roles/ iam.networkAdmin )

Support User ( roles/ iam.supportUser )

Network Management Admin ( roles/ networkmanagement.admin )

Network Management Viewer ( roles/ networkmanagement.viewer )

`networkmanagement. operations. list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Network Administrator ( roles/ iam.networkAdmin )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

Network Management Admin ( roles/ networkmanagement.admin )

Network Management Viewer ( roles/ networkmanagement.viewer )

`networkmanagement. vpcflowlogsconfigs. create`

Owner ( roles/ owner )

Editor ( roles/ editor )

Network Administrator ( roles/ iam.networkAdmin )

Network Management Admin ( roles/ networkmanagement.admin )

`networkmanagement. vpcflowlogsconfigs. delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

Network Administrator ( roles/ iam.networkAdmin )

Network Management Admin ( roles/ networkmanagement.admin )

`networkmanagement. vpcflowlogsconfigs. get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Network Administrator ( roles/ iam.networkAdmin )

Support User ( roles/ iam.supportUser )

Network Management Admin ( roles/ networkmanagement.admin )

Network Management Viewer ( roles/ networkmanagement.viewer )

`networkmanagement. vpcflowlogsconfigs. list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Network Administrator ( roles/ iam.networkAdmin )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

Network Management Admin ( roles/ networkmanagement.admin )

Network Management Viewer ( roles/ networkmanagement.viewer )

`networkmanagement. vpcflowlogsconfigs. update`

Owner ( roles/ owner )

Editor ( roles/ editor )

Network Administrator ( roles/ iam.networkAdmin )

Network Management Admin ( roles/ networkmanagement.admin )

Network Management API roles and permissions Stay organized with collections Save and categorize content based on your preferences.