This topic describes the GCP permissions that CloudGuard Dome9 uses to manage your account.
In addition, permission is granted to Dome9 to accesses information in your account using GCP APIs.
These GCP APIs are mandatory for Dome9:
- Compute Engine API
- Cloud Resource Manager API
These APIs are optional:
These roles must be added to the service account used by Dome9 to access your GCP account:
- Viewer (in Project)
- Security Reviewer (in IAM)