You grant access to Parallelstore operations by granting Identity and Access Management (IAM) roles to users.
IAM permissions only control access to Parallelstore operations, like creating a Parallelstore instance. To control access to operations on the instance, like read or execute, use POSIX file permissions.
Permissions and roles
Parallelstore uses the following permissions:
Permission | Description |
---|---|
parallelstore.instances.create |
Create new instances |
parallelstore.instances.delete |
Delete instances |
parallelstore.instances.update |
Update instances. Does not allow deletion |
parallelstore.instances.get |
Retrieve instances |
parallelstore.instances.list |
List all instances |
parallelstore.instances.exportData
|
Export data from Parallelstore to Cloud Storage |
parallelstore.instances.importData
|
Import data from Cloud Storage to Parallelstore |
Google Cloud doesn't support granting individual permissions directly; you must grant a role that contains permissions. The following table lists the permissions granted by the predefined roles for Parallelstore, as well as the basic Editor role:
Capability | Editor (roles/editor ) |
Parallelstore (roles/parallelstore.* )
|
|
---|---|---|---|
admin |
viewer |
||
Create instances | |||
Delete instances | |||
Update instances | |||
Get instances | |||
List instances | |||
Import/export data from/to Cloud Storage |
Custom roles
If the available predefined roles don't meet your organization's access requirements, you can create and apply custom IAM roles.
When creating custom roles, we recommend using a combination of predefined roles to ensure that the correct permissions are included together.
Additional required Google Cloud permissions
In addition to the parallelstore
permissions, there are some Google Cloud
permissions required to complete specific tasks.
Task | Permission |
---|---|
Create a VPC network | servicenetworking.services.addPeering is required.
Grant roles/compute.networkAdmin or
roles/servicenetworking.networksAdmin . |
Import from Cloud Storage | The Parallelstore service account requires
roles/storage.admin on the source bucket.
See the Required permissions section of
Transfer data to or from Cloud Storage for instructions. |
Export to Cloud Storage | The Parallelstore service account requires
roles/storage.admin on the destination
bucket.
See the Required permissions section of
Transfer data to or from Cloud Storage for instructions. |
Create Compute Engine VMs | Compute Instance Admin (v1).
(roles/compute.instanceAdmin.v1 )
For more information, refer to the
Compute Engine documentation. |
Create and manage Google Kubernetes Engine clusters | Container Admin.
(roles/container.admin )
For more information, refer to the Google Kubernetes Engine documentation. |
Monitoring | The Monitoring Viewer (roles/monitoring.viewer ) role is
required. |