Stay organized with collections
Save and categorize content based on your preferences.
This page describes the permissions that you need to access Network Analyzer.
To access the analysis results of a project, you must have
compute.networks.list and compute.instances.list permissions.
To access the analysis results of monitored projects of a Cloud Monitoring
metrics scope, you must have compute.networks.list and
compute.instances.list permissions on the scoping project of the metrics
scope. On the Network Analyzer console of the scoping project, you can see
the analysis results of all the monitoring projects.
Grant the required IAM roles and permissions to access Network Analyzer
insight types in the Recommender API. For more information, see
Recommender roles.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[],[],null,["# Roles and permissions\n\nThis page describes the permissions that you need to access Network Analyzer.\n\nTo access the analysis results of a project, you must have\n`compute.networks.list` and `compute.instances.list` permissions.\n\nTo access the analysis results of monitored projects of a Cloud Monitoring\nmetrics scope, you must have `compute.networks.list` and\n`compute.instances.list` permissions on the scoping project of the metrics\nscope. On the Network Analyzer console of the scoping project, you can see\nthe analysis results of all the monitoring projects.\n\nAccess Network Analyzer logs in Cloud Logging\n---------------------------------------------\n\nNetwork Analyzer writes insights as [platform logs](/logging/docs/api/platform-logs#network_analyzer)\nwithin Cloud Logging. You can access Network Analyzer logs by using the\nfollowing options: the [Cloud Logging API](/logging/docs/reference/v2/rest), the\n[Logs Explorer](/logging/docs/view/logs-explorer-interface),\nand the\n[Google Cloud CLI](/logging/docs/reference/tools/gcloud-logging).\n\n- To receive Network Analyzer logs, you must enable the Logging API. For more information, see [Enable the Logging API](/logging/docs/api/enable-api).\n- To access the logs data in the [Logging API](/logging/docs/reference/v2/rest), the [Logs Explorer](/logging/docs/view/logs-explorer-interface), and the [gcloud CLI](/logging/docs/reference/tools/gcloud-logging), you must grant the required Identity and Access Management (IAM) roles and permissions. For more information, see [Access control with IAM](/logging/docs/access-control).\n\nAccess Network Analyzer insights in Recommender API\n---------------------------------------------------\n\nTo access insights by using the Recommender API and the gcloud CLI,\nperform the following tasks:\n\n1. Enable the [Recommender API](/recommender/docs/overview) for your project.\n2. Grant the required IAM roles and permissions to access Network Analyzer insight types in the Recommender API. For more information, see [Recommender roles](/iam/docs/understanding-roles#recommender-roles)."]]
