This page provides instructions for how to configure Identity and Access Management (IAM) permissions for Google Cloud NetApp Volumes.
Before you begin
NetApp Volumes uses Identity and Access Management (IAM) to control access to resources.
You grant access to NetApp Volumes operations by
granting IAM roles to users. Permissions are granted by the role
selected for the user. The two predefined roles are
roles/netapp.admin and roles/netapp.viewer. You can
assign these roles to specific users or service accounts.
IAM permissions only control access to NetApp Volumes administrative operations, like creating or deleting volumes. To control access to operations on the file share, like reading or deleting data, see NFS access control and SMB access control.
For more information, refer to the permissions and roles in the IAM overview.
Set up IAM
To follow step-by-step guidance for this task directly in the Google Cloud console, click Guide me:
Identity and Access Management roles and permissions
You can use predefined roles or you can define custom roles. NetApp Volumes supports a granular set of permissions.
Get or grant all permissions
To get the permissions that you need to perform all actions,
ask your administrator to grant you the
NetApp Volumes Admin (roles/netapp.admin) IAM role on your project.
For more information about granting roles, see Manage access.
You might also be able to get the required permissions through custom roles or other predefined roles.
Get or grant read-only permissions
To get the permissions that you need to have read-only access,
ask your administrator to grant you the
NetApp Volumes Viewer (roles/netapp.viewer) IAM role on your project.
For more information about granting roles, see Manage access.
You might also be able to get the required permissions through custom roles or other predefined roles.
Permission details
| Permission | Action | NetApp Volumes Admin | NetApp Volumes Viewer |
|---|---|---|---|
netapp.locations.list |
Lists information about the supported locations for this service | check | check |
netapp.locations.get |
Gets information about a location supported by this service | check | check |
netapp.volumes.create |
Creates a volume | check | |
netapp.volumes.list |
Lists all volumes in the project | check | check |
netapp.volumes.get |
Gets the details of a specific volume | check | check |
netapp.volumes.update |
Updates the volume | check | |
netapp.volumes.delete |
Deletes the volume | check | |
netapp.volumes.revert |
Reverts the volume | check | |
netapp.storagePools.create |
Creates a storage pool | check | |
netapp.storagePools.list |
Lists all of the pools in the project | check | check |
netapp.storagePools.get |
Gets the details of a specific pool | check | check |
netapp.storagePools.update |
Updates the pool | check | |
netapp.storagePools.delete |
Deletes the storage pool | check | |
netapp.snapshots.create |
Creates a snapshot | check | |
netapp.snapshots.list |
Lists all of the snapshots | check | check |
netapp.snapshots.get |
Gets the details of a specific snapshot | check | check |
netapp.snapshots.update |
Updates a snapshot | check | |
netapp.snapshots.delete |
Deletes a snapshot | check | |
netapp.backups.create |
Creates a backup | check | |
netapp.backups.list |
Lists all backups | check | check |
netapp.backups.get |
Gets details of a specific backup | check | check |
netapp.backups.update |
Updates a backup | check | |
netapp.backups.delete |
Deletes a backup | check | |
netapp.replications.create |
Creates a volume replication | check | |
netapp.replications.list |
Lists all of the replications in the project | check | check |
netapp.replications.get |
Gets the details of a specific replication | check | check |
netapp.replications.update |
Updates a volume replication | check | |
netapp.replications.delete |
Deletes a replication | check | |
netapp.replications.break |
Stops a replication | check | |
netapp.replications.resync |
Resumes a replication | check | |
netapp.activeDirectories.create |
Creates an Active Directory policy | check | |
netapp.activeDirectories.get |
Gets the details of a specific Active Directory policy | check | check |
netapp.activeDirectories.list |
Lists all of the Active Directory policies in the project | check | check |
netapp.activeDirectories.update |
Updates an Active Directory policy | check | |
netapp.activeDirectories.delete |
Deletes an Active Directory policy | check | |
netapp.kmsConfigs.create |
Creates a CMEK policy | check | |
netapp.kmsConfigs.get |
Gets the details of a specific CMEK policy | check | check |
netapp.kmsConfigs.list |
Lists all of the CMEK policies in the project | check | check |
netapp.kmsConfigs.update |
Updates a CMEK policy | check | |
netapp.kmsConfigs.delete |
Deletes a CMEK policy | check | |
netapp.kmsConfigs.verify |
Validates the key access of a CMEK policy | check | |
netapp.kmsConfigs.encrypt |
Runs the CMEK migrate action | check | |
netapp.operations.list |
Lists the running operations | check | check |
netapp.operations.get |
Gets the details of running operations | check | check |
netapp.operations.cancel |
Cancels a running operation | check | |
netapp.operations.delete |
Deletes an operation | check |
Define custom roles
If the predefined IAM roles don't meet your needs, you can
define a custom role with permissions that you specify using
IAM custom roles.
When you create custom roles for NetApp Volumes, make sure
that you include both resourcemanager.projects.get and
resourcemanager.projects.list so that the role has permission to query
project resources.
What's next
See the quickstart guide for how to create a storage pool.