Roles and permissions

Stay organized with collections Save and categorize content based on your preferences.

This page describes the permissions that you need to access Network Analyzer.

To access the analysis results of a project, you must have compute.networks.list and compute.instances.list permissions.

To access the analysis results of monitored projects of a Cloud Monitoring metrics scope, you must have compute.networks.list and compute.instances.list permissions on the scoping project of the metrics scope. On the Network Analyzer console of the scoping project, you can see the analysis results of all the monitoring projects.

Access Network Analyzer logs in Cloud Logging

Network Analyzer writes insights as platform logs within Cloud Logging. You can access Network Analyzer logs by using the following options: the Cloud Logging API, the Logs Explorer, and the Google Cloud CLI.

Access Network Analyzer insights in Recommender API

To access insights by using the Recommender API and the gcloud CLI, perform the following tasks:

  1. Enable the Recommender API for your project.
  2. Grant the required IAM roles and permissions to access Network Analyzer insight types in the Recommender API. For more information, see Recommender roles.