Roles and permissions

This page describes Identity and Access Management (IAM) roles and permissions needed for running Firewall Insights.

You can grant users or service accounts permissions or a predefined role, or you can create a custom role that uses permissions that you specify. The following table describes the IAM predefined roles and their associated permissions.

For more information, see the IAM permissions reference.

Description Role Permissions
View firewalls and their details

Grant one of the following roles:

  • Firewall Recommender Admin role (roles/recommender.firewallAdmin)
  • Firewall Recommender Viewer role (roles/recommender.firewallViewer)
 compute.firewalls.list
Only view insights

Grant one of the following roles:

  • Firewall Recommender Admin role (roles/recommender.firewallAdmin)
  • Firewall Recommender Viewer role (roles/recommender.firewallViewer)
 projects.locations.insightTypes.insights.list
View insights metrics

Grant one of the following roles:

  • Firewall Recommender Admin role (roles/recommender.firewallAdmin)
  • Firewall Recommender Viewer role (roles/recommender.firewallViewer)
 monitoring.timeSeries.list
View and modify insights Grant the Firewall Recommender Admin role (roles/recommender.firewallAdmin)

For more information about project roles and permissions, see the following:

What's next