This page describes the Identity and Access Management (IAM) roles and permissions needed for
setting up a Secure Web Proxy instance.
You can grant users or service accounts permissions or a predefined role, or
you can create a custom role that uses permissions that you specify. The
following table describes the IAM predefined roles and their
associated permissions.
For more information, see the IAM
permissions reference.
Description |
Role |
Permissions (methods) |
Provision and manage a Secure Web Proxy instance |
Create a custom role with the specified permissions. For information about creating a custom role, see Create a custom role.
|
certificatemanager.certs.get
certificatemanager.certs.list
certificatemanager.certs.use
compute.addresses.create
compute.addresses.createInternal
compute.addresses.list
compute.instances.update
compute.networks.get
compute.networks.list
compute.projects.get
compute.projects.get
compute.regionOperations.get
compute.regionOperations.wait
compute.routers.create
compute.routers.delete
compute.routers.get
compute.routers.list
compute.routers.update
compute.subnetworks.get
compute.subnetworks.list
networksecurity.GatewaySecurityPolicies.get
networksecurity.GatewaySecurityPolicies.list
networksecurity.GatewaySecurityPolicies.use
networksecurity.GatewaySecurityPolicyRules.get
networksecurity.GatewaySecurityPolicyRules.list
networksecurity.locations.list
networksecurity.urlLists.get
networksecurity.urlLists.list
networksecurity.urlLists.use
networkservices.gateways.create
networkservices.gateways.delete
networkservices.gateways.get
networkservices.gateways.list
networkservices.gateways.update
networkservices.gateways.use
networkservices.locations.list
networkservices.operations.get
networkservices.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
|
View, create, update, list, and delete Secure Web Proxy policies |
Create a custom role with the specified permissions. For information about creating a custom role, see Create a custom role.
|
networksecurity.gatewaySecurityPolicies.create
networksecurity.gatewaySecurityPolicies.delete
networksecurity.gatewaySecurityPolicies.get
networksecurity.gatewaySecurityPolicies.list
networksecurity.gatewaySecurityPolicies.update
networksecurity.gatewaySecurityPolicyRules.create
networksecurity.gatewaySecurityPolicyRules.delete
networksecurity.gatewaySecurityPolicyRules.get
networksecurity.gatewaySecurityPolicyRules.list
networksecurity.gatewaySecurityPolicyRules.update
networksecurity.operations.get
networksecurity.tlsInspectionPolicies.list
networksecurity.tlsInspectionPolicies.use
networksecurity.urlLists.create
networksecurity.urlLists.delete
networksecurity.urlLists.get
networksecurity.urlLists.list
networksecurity.urlLists.update
networksecurity.urlLists.use
|
For more information about project roles and permissions, see the following:
What's next