Required permissions for the Connector in Google Cloud
Cloud Manager requires permissions to perform actions in your cloud provider. These permissions are included in the policies provided by NetApp. You might want to understand what Cloud Manager does with these permissions.
The Cloud Manager policy for GCP includes the permissions that Cloud Manager needs to deploy and manage Cloud Volumes ONTAP.
Actions | Purpose |
---|---|
- compute.disks.create |
To create and manage disks for Cloud Volumes ONTAP. |
- compute.firewalls.create |
To create firewall rules for Cloud Volumes ONTAP. |
- compute.globalOperations.get |
To get the status of operations. |
- compute.images.get |
To get images for VM instances. |
- compute.instances.attachDisk |
To attach and detach disks to Cloud Volumes ONTAP. |
- compute.instances.create |
To create and delete Cloud Volumes ONTAP VM instances. |
- compute.instances.get |
To list VM instances. |
- compute.instances.getSerialPortOutput |
To get console logs. |
- compute.instances.list |
To retrieve the list of instances in a zone. |
- compute.instances.setDeletionProtection |
To set deletion protection on the instance. |
- compute.instances.setLabels |
To add labels. |
- compute.instances.setMachineType |
To change the machine type for Cloud Volumes ONTAP. |
- compute.instances.setMetadata |
To add metadata. |
- compute.instances.setTags |
To add tags for firewall rules. |
- compute.instances.start |
To start and stop Cloud Volumes ONTAP. |
- compute.machineTypes.get |
To get the numbers of cores to check qoutas. |
- compute.projects.get |
To support multi-projects. |
- compute.snapshots.create |
To create and manage persistent disk snapshots. |
- compute.networks.get |
To get the networking information needed to create a new Cloud Volumes ONTAP virtual machine instance. |
- deploymentmanager.compositeTypes.get |
To deploy the Cloud Volumes ONTAP virtual machine instance using Google Cloud Deployment Manager. |
- logging.logEntries.list |
To get stack log drives. |
- resourcemanager.projects.get |
To support multi-projects. |
- storage.buckets.create |
To create and manage a Google Cloud Storage bucket for data tiering. |
- cloudkms.cryptoKeyVersions.useToEncrypt |
To use customer-managed encryption keys from the Cloud Key Management Service with Cloud Volumes ONTAP. |
- compute.instances.setServiceAccount |
To set a service account on the Cloud Volumes ONTAP instance. This service account provides permissions for data tiering to a Google Cloud Storage bucket. |
- compute.addresses.list |
To deploy HA pairs. |
- compute.subnetworks.use |
To enable Cloud Data Sense. |
- container.clusters.get |
To discover Kubernetes clusters running in Google Kubernetes Engine. |