Verify that your environment meets the system requirements for Cloud Spanner data on a Google application.
Access Nodes
Package required on access nodes:
-
Virtual Server Agent
-
Cloud Apps Agent
Access nodes must have one of the following operating systems:
-
Red Hat Enterprise Linux 7.x and later
-
CentOS 7.x and later
-
Windows 2012
-
Windows 2016
Note
If you have network configuration enabled on the access nodes, before you deploy the Linux proxy, configure a firewall on the cloud proxy and on-premises. For more information, see Configuring a Firewall to Install the Virtual Server Agent on a Cloud VM or Instance.
Software, Roles and Permissions
-
Your Google account must contain Cloud Spanner, cloud storage, and a compute engine. The Dataflow API must be enabled for your account.
-
Verify that the service account has the following permissions to access the Google resources:
Role
Name of the Permission
Description
Permissions
Lowest Resource
roles/spanner.viewer
Cloud Spanner Viewer
-
You can view all instances but cannot modify them.
-
You can view all databases but cannot modify or read them.
-
monitoring.timeSeries.list
-
resourcemanager.projects.get
-
resourcemanager.projects.list
-
spanner.databases.list
-
spanner.instanceConfigs.*
-
spanner.instances.get
-
spanner.instances.list
Project
roles/dataflow.admin
Dataflow
- You can create and manage dataflow jobs.
-
compute.machineTypes.get
-
dataflow.*
-
resourcemanager.projects.get
-
resourcemanager.projects.list
-
storage.buckets.get
-
storage.objects.create
-
storage.objects.get
-
storage.objects.list
Not applicable
roles/storage.admin
Storage Admin
-
You have full of buckets and objects.
-
When applied to an individual bucket, you can control only the specified bucket and objects within the bucket.
-
firebase.projects.get
-
resourcemanager.projects.get
-
resourcemanager.projects.list
-
storage.buckets.*
-
storage.objects.*
Not applicable
roles/spanner.databaseReader
Cloud Spanner Database Reader
-
You can read from the database.
-
You can execute SQL queries on the database.
-
You can view schema for the database.
-
spanner.databases.beginReadOnlyTransaction
-
spanner.databases.getDdl
-
spanner.databases.partitionQuery
-
spanner.databases.partitionRead
-
spanner.databases.read
-
spanner.databases.select
-
spanner.instances.get
-
spanner.sessions.*
Instance
roles/spanner.databaseAdmin
Cloud Spanner Database Admin
-
You can get or list all instances in the project.
-
You can create, list, or drop databases in an instance.
-
You can grant or revoke access to the databases.
-
You can read from and write to all databases in the project.
-
monitoring.timeSeries.list
-
resourcemanager.projects.get
-
resourcemanager.projects.list
-
spanner.databaseOperations.*
-
spanner.databases.beginOrRollbackReadWriteTransaction
-
spanner.databases.beginPartitionedDmlTransaction
-
spanner.databases.beginReadOnlyTransaction
-
spanner.databases.create
-
spanner.databases.drop
-
spanner.databases.get
-
spanner.databases.getDdl
-
spanner.databases.getIamPolicy
-
spanner.databases.list
-
spanner.databases.partitionQuery
-
spanner.databases.partitionRead
-
spanner.databases.read
-
spanner.databases.select
-
spanner.databases.setIamPolicy
-
spanner.databases.update
-
spanner.databases.updateDdl
-
spanner.databases.write
-
spanner.instances.get
-
spanner.instances.getIamPolicy
-
spanner.instances.list
-
spanner.sessions.*
Instance
-