GCP Permissions used by Dome9

In this topic:

    This topic describes the GCP role permissions that Dome9 uses to manage your account.

    The role permissions give Dome9 permission to manage specific entities (such as Security Groups, Instances, etc) in your GCP account. 

    You must enable the Compute Engine API, and create a new service account for Dome9. This account is used by Dome9 to connect to your GCP account.

    You must also add these roles for the service account:

    • Viewer (in Project)
    • Security Reviewer (in IAM)

    See also

    Onboard a GCP account to Dome9