Roles and permissions

This page describes the Identity and Access Management (IAM) roles and permissions needed for setting up a Secure Web Proxy instance.

You can grant users or service accounts permissions or a predefined role, or you can create a custom role that uses permissions that you specify. The following table describes the IAM predefined roles and their associated permissions.

For more information, see the IAM permissions reference.

Description Role Permissions (methods)
Provision and manage a Secure Web Proxy instance

Create a custom role with the specified permissions. For information about creating a custom role, see Create a custom role.

  • certificatemanager.certs.get
  • certificatemanager.certs.list
  • certificatemanager.certs.use
  • compute.addresses.create
  • compute.addresses.createInternal
  • compute.addresses.list
  • compute.instances.update
  • compute.networks.get
  • compute.networks.list
  • compute.projects.get
  • compute.projects.get
  • compute.regionOperations.get
  • compute.regionOperations.wait
  • compute.routers.create
  • compute.routers.delete
  • compute.routers.get
  • compute.routers.list
  • compute.routers.update
  • compute.subnetworks.get
  • compute.subnetworks.list
  • networksecurity.GatewaySecurityPolicies.get
  • networksecurity.GatewaySecurityPolicies.list
  • networksecurity.GatewaySecurityPolicies.use
  • networksecurity.GatewaySecurityPolicyRules.get
  • networksecurity.GatewaySecurityPolicyRules.list
  • networksecurity.locations.list
  • networksecurity.urlLists.get
  • networksecurity.urlLists.list
  • networksecurity.urlLists.use
  • networkservices.gateways.create
  • networkservices.gateways.delete
  • networkservices.gateways.get
  • networkservices.gateways.list
  • networkservices.gateways.update
  • networkservices.gateways.use
  • networkservices.locations.list
  • networkservices.operations.get
  • networkservices.operations.list
  • resourcemanager.projects.get
  • resourcemanager.projects.list
  • serviceusage.quotas.get
  • serviceusage.services.get
  • serviceusage.services.list
View, create, update, list, and delete Secure Web Proxy policies

Create a custom role with the specified permissions. For information about creating a custom role, see Create a custom role.

  • networksecurity.gatewaySecurityPolicies.create
  • networksecurity.gatewaySecurityPolicies.delete
  • networksecurity.gatewaySecurityPolicies.get
  • networksecurity.gatewaySecurityPolicies.list
  • networksecurity.gatewaySecurityPolicies.update
  • networksecurity.gatewaySecurityPolicyRules.create
  • networksecurity.gatewaySecurityPolicyRules.delete
  • networksecurity.gatewaySecurityPolicyRules.get
  • networksecurity.gatewaySecurityPolicyRules.list
  • networksecurity.gatewaySecurityPolicyRules.update
  • networksecurity.operations.get
  • networksecurity.tlsInspectionPolicies.list
  • networksecurity.tlsInspectionPolicies.use
  • networksecurity.urlLists.create
  • networksecurity.urlLists.delete
  • networksecurity.urlLists.get
  • networksecurity.urlLists.list
  • networksecurity.urlLists.update
  • networksecurity.urlLists.use

For more information about project roles and permissions, see the following:

What's next