This page describes the permissions that you need to access Network Analyzer.
To access the analysis results of a project, you must have
compute.networks.list and compute.instances.list permissions.
To access the analysis results of monitored projects of a Cloud Monitoring
metrics scope, you must have compute.networks.list and
compute.instances.list permissions on the scoping project of the metrics
scope. On the Network Analyzer console of the scoping project, you can see
the analysis results of all the monitoring projects.
Access Network Analyzer logs in Cloud Logging
Network Analyzer writes insights as platform logs within Cloud Logging. You can access Network Analyzer logs by using the following options: the Cloud Logging API, the Logs Explorer, and the Google Cloud CLI.
- To receive Network Analyzer logs, you must enable the Logging API. For more information, see Enable the Logging API.
- To access the logs data in the Logging API, the Logs Explorer, and the gcloud CLI, you must grant the required Identity and Access Management (IAM) roles and permissions. For more information, see Access control with IAM.
Access Network Analyzer insights in Recommender API
To access insights by using the Recommender API and the gcloud CLI, perform the following tasks:
- Enable the Recommender API for your project.
- Grant the required IAM roles and permissions to access Network Analyzer insight types in the Recommender API. For more information, see Recommender roles.