To use GCP for backups, restores, conversions, and replications, you must assign the relevant permissions to your GCP service accounts. If you plan to use encryption, shared virtual private cloud [VPC] networks, node affinity groups, or DVDF, then assign the permissions described in the relevant section in addition to the relevant permissions in the General section.
Permission Backups Restores VM Conversions Replication compute.addresses.get -- Yes Yes Yes compute.addresses.useInternal -- Yes Yes Yes compute.disks.create Yes Yes Yes Yes compute.disks.createSnapshot Yes Yes Yes Yes compute.disks.delete Yes Yes Yes Yes compute.disks.get Yes Yes Yes Yes compute.disks.list Yes -- -- -- compute.disks.resize -- Yes Yes Yes compute.disks.setLabels Yes Yes Yes Yes compute.disks.use Yes Yes Yes Yes compute.diskTypes.get Yes -- -- -- compute.globalOperations.get Yes Yes Yes Yes compute.instances.attachDisk Yes Yes Yes Yes compute.instances.create -- Yes Yes Yes compute.instances.delete -- Yes Yes Yes compute.instances.detachDisk Yes Yes Yes Yes compute.instances.get Yes -- -- -- compute.instances.list Yes -- -- -- compute.instances.setLabels -- Yes Yes Yes compute.instances.setMetadata -- Yes Yes Yes compute.instances.setServiceAccount -- Yes Yes Yes compute.instances.setTags -- Yes Yes Yes compute.instances.start -- Yes Yes Yes compute.instances.stop -- Yes Yes Yes compute.instances.updateDisplayDevice -- Yes Yes Yes compute.machineTypes.get -- Yes Yes Yes compute.machineTypes.list -- Yes Yes Yes compute.networks.get -- Yes Yes Yes compute.networks.list -- Yes Yes Yes compute.projects.get Yes Yes Yes Yes compute.regionoperations.get Yes Yes Yes Yes compute.regions.get Yes Yes Yes Yes compute.regions.list Yes Yes Yes Yes compute.snapshots.create Yes Yes Yes Yes compute.snapshots.delete Yes Yes Yes Yes compute.snapshots.get Yes Yes Yes Yes compute.snapshots.setLabels Yes Yes Yes Yes compute.snapshots.useReadOnly Yes Yes Yes Yes compute.subnetworks.get Yes Yes Yes Yes compute.subnetworks.list -- Yes Yes Yes compute.subnetworks.use -- Yes Yes Yes compute.subnetworks.useExternalIp -- Yes Yes Yes compute.zoneOperations.get Yes Yes Yes Yes compute.zones.get Yes Yes Yes Yes compute.zones.list Yes Yes Yes Yes iam.serviceAccounts.actAs Yes Yes Yes Yes iam.serviceAccounts.get Yes Yes Yes Yes iam.serviceAccounts.list Yes Yes Yes Yes resourcemanager.projects.get Yes Yes Yes Yes resourcemanager.projects.list Yes Yes Yes YesGeneral
DVDF
While replicating instances to a GCP destination using the Deploy virtual machine only during failover option, the software uses a JSON config file to create the instance. The software saves the JSON config file in a storage bucket during the replication operation, and then after the instance is created, deletes the JSON config file. Configure the relevant permissions for the GCP Service Account in the destination project to create a storage bucket, otherwise replication will fail.
storage.buckets.create | -- | -- | -- | Yes |
storage.buckets.delete | -- | -- | -- | Yes |
storage.buckets.get | -- | -- | -- | Yes |
storage.buckets.update | -- | -- | -- | Yes |
storage.objects.create | -- | -- | -- | Yes |
storage.objects.delete | -- | -- | -- | Yes |
storage.objects.get | -- | -- | -- | Yes |
storage.objects.list | -- | -- | -- | Yes |
storage.objects.update | -- | -- | -- | Yes |
Encryption
cloudkms.cryptoKeyEncrypterDecrypter | Yes | Yes | Yes | Yes |
cloudkms.cryptoKeyVersions.useToDecrypt | Yes | Yes | Yes | Yes |
cloudkms.cryptoKeyVersions.useToEncrypt | Yes | Yes | Yes | Yes |
cloudkms.cryptoKeys.create | Yes | Yes | Yes | Yes |
cloudkms.cryptoKeys.get | Yes | Yes | Yes | Yes |
cloudkms.cryptoKeys.update | Yes | Yes | Yes | Yes |
cloudkms.keyRings.create | Yes | Yes | Yes | Yes |
cloudkms.keyRings.get | Yes | Yes | Yes | Yes |
Node Affinity
compute.nodeGroups.get | -- | Yes | Yes | -- |
compute.nodeGroups.list | -- | Yes | Yes | -- |
compute.instances.list | Yes | Yes | Yes | Yes |
compute.instances.start | Yes | Yes | Yes | Yes |
compute.instances.stop | Yes | Yes | Yes | Yes |
compute.machineTypes.get | Yes | Yes | Yes | Yes |
compute.zone.list | Yes | Yes | Yes | Yes |
compute.subnetworks.use | -- | Yes | Yes | Yes |