This page describes Identity and Access Management (IAM) roles and permissions needed for running Firewall Insights.
You can grant users or service accounts permissions or a predefined role, or you can create a custom role that uses permissions that you specify. The following table describes the IAM predefined roles and their associated permissions.
For more information, see the IAM permissions reference.
Description | Role | Permissions |
---|---|---|
View firewalls and their details |
Grant one of the following roles:
|
compute.firewalls.list |
Only view insights | Grant one of the following roles:
|
projects.locations.insightTypes.insights.list |
View insights metrics | Grant one of the following roles:
|
monitoring.timeSeries.list |
View and modify insights | Grant the Firewall Recommender Admin role (roles/recommender.firewallAdmin )
|
For more information about project roles and permissions, see the following:
- Identity and Access Management documentation
- Compute Engine API documentation
- Cloud Monitoring API documentation
What's next
- To view metrics and insights, see Using Firewall Insights.