To use GCP for backups, restores, conversions, and replications, you must assign the relevant permissions to your GCP service accounts.
If you plan to use shared virtual private cloud (VPC) networks, then assign the permissions described in the relevant section in addition to the relevant permissions in the General section.
General
|
Permission |
Backups |
Restores |
VM Conversions |
Replication |
|---|---|---|---|---|
|
compute.addresses.get |
-- |
Yes |
Yes |
Yes |
|
compute.addresses.useInternal |
-- |
Yes |
Yes |
Yes |
|
compute.disks.create |
Yes |
Yes |
Yes |
Yes |
|
compute.disks.createSnapshot |
Yes |
Yes |
Yes |
Yes |
|
compute.disks.delete |
Yes |
Yes |
Yes |
Yes |
|
compute.disks.get |
Yes |
Yes |
Yes |
Yes |
|
compute.disks.list |
Yes |
-- |
-- |
-- |
|
compute.disks.resize |
-- |
Yes |
Yes |
Yes |
|
compute.disks.setLabels |
Yes |
Yes |
Yes |
Yes |
|
compute.disks.use |
Yes |
Yes |
Yes |
Yes |
|
compute.diskTypes.get |
Yes |
-- |
-- |
-- |
|
compute.globalOperations.get |
Yes |
Yes |
Yes |
Yes |
|
compute.instances.attachDisk |
Yes |
Yes |
Yes |
Yes |
|
compute.instances.create |
-- |
Yes |
Yes |
Yes |
|
compute.instances.delete |
-- |
Yes |
Yes |
Yes |
|
compute.instances.detachDisk |
Yes |
Yes |
Yes |
Yes |
|
compute.instances.get |
Yes |
-- |
-- |
-- |
|
compute.instances.list |
Yes |
-- |
-- |
-- |
|
compute.instances.setLabels |
-- |
Yes |
Yes |
Yes |
|
compute.instances.setMetadata |
-- |
Yes |
Yes |
Yes |
|
compute.instances.setServiceAccount |
-- |
Yes |
Yes |
Yes |
|
compute.instances.setTags |
-- |
Yes |
Yes |
Yes |
|
compute.instances.start |
-- |
Yes |
Yes |
Yes |
|
compute.instances.stop |
-- |
Yes |
Yes |
Yes |
|
compute.instances.updateDisplayDevice |
-- |
Yes |
Yes |
Yes |
|
compute.machineTypes.get |
-- |
Yes |
Yes |
Yes |
|
compute.machineTypes.list |
-- |
Yes |
Yes |
Yes |
|
compute.networks.get |
-- |
Yes |
Yes |
Yes |
|
compute.networks.list |
-- |
Yes |
Yes |
Yes |
|
compute.projects.get |
Yes |
Yes |
Yes |
Yes |
|
compute.regionoperations.get |
Yes |
Yes |
Yes |
Yes |
|
compute.regions.get |
Yes |
Yes |
Yes |
Yes |
|
compute.regions.list |
Yes |
Yes |
Yes |
Yes |
|
compute.snapshots.create |
Yes |
Yes |
Yes |
Yes |
|
compute.snapshots.delete |
Yes |
Yes |
Yes |
Yes |
|
compute.snapshots.get |
Yes |
Yes |
Yes |
Yes |
|
compute.snapshots.setLabels |
Yes |
Yes |
Yes |
Yes |
|
compute.snapshots.useReadOnly |
Yes |
Yes |
Yes |
Yes |
|
compute.subnetworks.get |
Yes |
Yes |
Yes |
Yes |
|
compute.subnetworks.list |
-- |
Yes |
Yes |
Yes |
|
compute.subnetworks.use |
-- |
Yes |
Yes |
Yes |
|
compute.subnetworks.useExternalIp |
-- |
Yes |
Yes |
Yes |
|
compute.zoneOperations.get |
Yes |
Yes |
Yes |
Yes |
|
compute.zones.get |
Yes |
Yes |
Yes |
Yes |
|
compute.zones.list |
Yes |
Yes |
Yes |
Yes |
|
iam.serviceAccounts.actAs |
Yes |
Yes |
Yes |
Yes |
|
iam.serviceAccounts.get |
Yes |
Yes |
Yes |
Yes |
|
iam.serviceAccounts.list |
Yes |
Yes |
Yes |
Yes |
|
resourcemanager.projects.get |
Yes |
Yes |
Yes |
Yes |
|
resourcemanager.projects.list |
Yes |
Yes |
Yes |
Yes |
Shared VPC
|
Permission |
Backups |
Restores |
VM Conversions |
Replication |
|---|---|---|---|---|
|
compute.subnetworks.use |
-- |
Yes |
Yes |
Yes |