GCP Permissions used by CloudGuard Dome9

In this topic:

    This topic describes the GCP permissions that CloudGuard Dome9 uses to manage your account.

    In addition, permission is granted to Dome9 to accesses information in your account using GCP APIs.

    These GCP APIs are mandatory for Dome9:

    • Compute Engine API
    • Cloud Resource Manager API

    These APIs are optional:

    • GKE 
    • KMS
    • IAM
    • BigQuery
    • Admin

    These roles must be added to the service account used by Dome9 to access your GCP account:

    • Viewer (in Project)
    • Security Reviewer (in IAM)

    See also

    Onboard a GCP account to Dome9