| roles/networkconnectivity.regionalEndpointViewer |
Read-only access to all Regional Endpoint resources. |
Regional Endpoint Viewer |
['networkconnectivity.regionalEndpoints.get', 'networkconnectivity.regionalEndpoints.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/networkconnectivity.groupUser |
Enables use access on group resources |
Group User |
['networkconnectivity.groups.use'] |
|
GA |
| roles/networkconnectivity.spokeAdmin |
Enables full access to spoke resources and read-only access to hub resources |
Spoke Admin |
['networkconnectivity.hubRouteTables.get', 'networkconnectivity.hubRouteTables.getIamPolicy', 'networkconnectivity.hubRouteTables.list', 'networkconnectivity.hubRoutes.get', 'networkconnectivity.hubRoutes.getIamPolicy', 'networkconnectivity.hubRoutes.list', 'networkconnectivity.hubs.get', 'networkconnectivity.hubs.getIamPolicy', 'networkconnectivity.hubs.list', 'networkconnectivity.locations.get', 'networkconnectivity.locations.list', 'networkconnectivity.operations.get', 'networkconnectivity.operations.list', 'networkconnectivity.spokes.create', 'networkconnectivity.spokes.delete', 'networkconnectivity.spokes.get', 'networkconnectivity.spokes.getIamPolicy', 'networkconnectivity.spokes.list', 'networkconnectivity.spokes.setIamPolicy', 'networkconnectivity.spokes.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/networkconnectivity.hubAdmin |
Enables full access to hub and spoke resources |
Hub & Spoke Admin |
['networkconnectivity.groups.acceptSpoke', 'networkconnectivity.groups.get', 'networkconnectivity.groups.getIamPolicy', 'networkconnectivity.groups.list', 'networkconnectivity.groups.rejectSpoke', 'networkconnectivity.groups.setIamPolicy', 'networkconnectivity.groups.use', 'networkconnectivity.hubRouteTables.get', 'networkconnectivity.hubRouteTables.getIamPolicy', 'networkconnectivity.hubRouteTables.list', 'networkconnectivity.hubRouteTables.setIamPolicy', 'networkconnectivity.hubRoutes.get', 'networkconnectivity.hubRoutes.getIamPolicy', 'networkconnectivity.hubRoutes.list', 'networkconnectivity.hubRoutes.setIamPolicy', 'networkconnectivity.hubs.create', 'networkconnectivity.hubs.delete', 'networkconnectivity.hubs.get', 'networkconnectivity.hubs.getIamPolicy', 'networkconnectivity.hubs.list', 'networkconnectivity.hubs.listSpokes', 'networkconnectivity.hubs.queryStatus', 'networkconnectivity.hubs.setIamPolicy', 'networkconnectivity.hubs.update', 'networkconnectivity.locations.get', 'networkconnectivity.locations.list', 'networkconnectivity.operations.cancel', 'networkconnectivity.operations.delete', 'networkconnectivity.operations.get', 'networkconnectivity.operations.list', 'networkconnectivity.spokes.create', 'networkconnectivity.spokes.delete', 'networkconnectivity.spokes.get', 'networkconnectivity.spokes.getIamPolicy', 'networkconnectivity.spokes.list', 'networkconnectivity.spokes.setIamPolicy', 'networkconnectivity.spokes.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/networkconnectivity.consumerNetworkAdmin |
Service Automation Consumer Network Admin is responsible for setting up ServiceConnectionPolicies. |
Service Automation Consumer Network Admin |
['networkconnectivity.serviceConnectionPolicies.create', 'networkconnectivity.serviceConnectionPolicies.delete', 'networkconnectivity.serviceConnectionPolicies.get', 'networkconnectivity.serviceConnectionPolicies.list', 'networkconnectivity.serviceConnectionPolicies.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/networkconnectivity.hubViewer |
Enables read-only access to hub and spoke resources |
Hub & Spoke Viewer |
['networkconnectivity.groups.get', 'networkconnectivity.groups.getIamPolicy', 'networkconnectivity.groups.list', 'networkconnectivity.hubRouteTables.get', 'networkconnectivity.hubRouteTables.getIamPolicy', 'networkconnectivity.hubRouteTables.list', 'networkconnectivity.hubRoutes.get', 'networkconnectivity.hubRoutes.getIamPolicy', 'networkconnectivity.hubRoutes.list', 'networkconnectivity.hubs.get', 'networkconnectivity.hubs.getIamPolicy', 'networkconnectivity.hubs.list', 'networkconnectivity.hubs.listSpokes', 'networkconnectivity.hubs.queryStatus', 'networkconnectivity.locations.get', 'networkconnectivity.locations.list', 'networkconnectivity.spokes.get', 'networkconnectivity.spokes.getIamPolicy', 'networkconnectivity.spokes.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/networkconnectivity.serviceClassUser |
Service Class User uses a ServiceClass |
Service Class User |
['networkconnectivity.serviceClasses.get', 'networkconnectivity.serviceClasses.list', 'networkconnectivity.serviceClasses.use', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/networkconnectivity.serviceAgent |
Grants the Network Connectivity API authority to read some networking resources. It does not mutate these resources. |
Network Connectivity Service Agent |
['compute.addresses.create', 'compute.addresses.createInternal', 'compute.addresses.delete', 'compute.addresses.deleteInternal', 'compute.addresses.get', 'compute.addresses.setLabels', 'compute.addresses.use', 'compute.forwardingRules.create', 'compute.forwardingRules.delete', 'compute.forwardingRules.get', 'compute.forwardingRules.pscCreate', 'compute.forwardingRules.pscDelete', 'compute.forwardingRules.pscSetLabels', 'compute.forwardingRules.pscSetTarget', 'compute.forwardingRules.pscUpdate', 'compute.forwardingRules.setLabels', 'compute.instances.get', 'compute.interconnectAttachments.get', 'compute.networks.get', 'compute.networks.use', 'compute.projects.get', 'compute.regionOperations.get', 'compute.routers.get', 'compute.subnetworks.get', 'compute.subnetworks.getIamPolicy', 'compute.subnetworks.list', 'compute.subnetworks.setIamPolicy', 'compute.subnetworks.use', 'compute.vpnTunnels.get', 'dns.managedZones.create', 'dns.networks.bindPrivateDNSZone', 'networkconnectivity.operations.get', 'servicedirectory.namespaces.associatePrivateZone', 'servicedirectory.namespaces.create', 'servicedirectory.namespaces.delete', 'servicedirectory.services.create', 'servicedirectory.services.delete'] |
|
GA |
| roles/networkconnectivity.serviceProducerAdmin |
Service Automation Producer Admin uses information from a consumer request to manage ServiceClasses and ServiceConnectionMaps |
Service Automation Service Producer Admin |
['networkconnectivity.operations.get', 'networkconnectivity.operations.list', 'networkconnectivity.serviceClasses.create', 'networkconnectivity.serviceClasses.delete', 'networkconnectivity.serviceClasses.get', 'networkconnectivity.serviceClasses.list', 'networkconnectivity.serviceClasses.update', 'networkconnectivity.serviceClasses.use', 'networkconnectivity.serviceConnectionMaps.create', 'networkconnectivity.serviceConnectionMaps.delete', 'networkconnectivity.serviceConnectionMaps.get', 'networkconnectivity.serviceConnectionMaps.list', 'networkconnectivity.serviceConnectionMaps.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/networkconnectivity.regionalEndpointAdmin |
Full access to all Regional Endpoint resources. |
Regional Endpoint Admin |
['networkconnectivity.regionalEndpoints.create', 'networkconnectivity.regionalEndpoints.delete', 'networkconnectivity.regionalEndpoints.get', 'networkconnectivity.regionalEndpoints.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |