Roles and permissions

This page describes the permissions that you need to carry out tasks in Network Topology.

Required roles and permissions

To get the permissions that you need to carry out tasks in Network Topology, ask your administrator to grant you the following IAM roles on your project:

• Network Management Viewer (roles/networkmanagement.viewer)
• Monitoring Viewer (roles/monitoring.viewer)

For more information about granting roles, see Manage access to projects, folders, and organizations.

These predefined roles contain the permissions required to carry out tasks in Network Topology. To see the exact permissions that are required, expand the Required permissions section:

Required permissions

The following permissions are required to carry out tasks in Network Topology:

• Open a project: resourcemanager.projects.get
• View the Network Topology graphs for a project and monitored projects: networkmanagement.topologygraphs.read
• View the metrics on the Network Topology graph: monitoring.timeSeries.list

You might also be able to get these permissions with custom roles or other predefined roles.

To view multiple projects, you need to have the networkmanagement.topologygraphs.read permission for the scoping project. For more information, see View metrics for multiple Cloud projects.

For more information about using Network Topology to visualize resources from multiple projects, see Multiple projects.