This page describes the Identity and Access Management (IAM) roles and permissions needed for
setting up a Secure Web Proxy instance.
You can grant users or service accounts permissions or a predefined role, or
you can create a custom role that uses permissions that you specify. The
following table describes the IAM predefined roles and their
associated permissions.
For more information, see the IAM
permissions reference.
Description |
Role |
Permissions (methods) |
Provision and manage a Secure Web Proxy instance |
Create a custom role with the specified permissions. For information about creating a custom role, see Create a custom role.
|
-
networkservices.gateways
-
compute.networks.get
compute.networks.list
-
compute.subnetworks.get
compute.subnetworks.list
compute.routers.create
compute.routers.delete
compute.routers.update
compute.routers.get
compute.routers.list
compute.addresses.list
compute.addresses.create
compute.addresses.createInternal
compute.instances.update
compute.regionOperations.get
compute.regionOperations.wait
networksecurity.GatewaySecurityPolicy.list
networksecurity.GatewaySecurityPolicy.get
networksecurity.GatewaySecurityPolicyRule.list
networksecurity.GatewaySecurityPolicyRule.get
networksecurity.urlList.list
networksecurity.urlList.get
compute.projects.get
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
certificatemanager.certs.get
certificatemanager.certs.list
certificatemanager.certs.use
|
View, create, update, list, and delete Secure Web Proxy policies |
Create a custom role with the specified permissions. For information about creating a custom role, see Create a custom role.
|
networksecurity.gatewaySecurityPolicies.create
networksecurity.gatewaySecurityPolicies.delete
networksecurity.gatewaySecurityPolicies.get
networksecurity.gatewaySecurityPolicies.list
networksecurity.gatewaySecurityPolicies.update
networksecurity.gatewaySecurityPolicyRules.create
networksecurity.gatewaySecurityPolicyRules.delete
networksecurity.gatewaySecurityPolicyRules.get
networksecurity.gatewaySecurityPolicyRules.list
networksecurity.gatewaySecurityPolicyRules.update
networksecurity.urlLists.create
networksecurity.urlLists.delete
networksecurity.urlLists.get
networksecurity.urlLists.list
networksecurity.urlLists.update
|
For more information about project roles and permissions, see the following:
What's next