...
Logged-in users should have the privilege to launch deployment in GCP Deployment Manager.
Logged-in users must have the Viewer predefined role attached
Logged-in user will need access to VPN, Subnet, Network Interface/Security Group, and Service Account, which will be used by Kyvos to launch compute engines, Dataproc, and Instance Group.
You must create a custom role. To do this, click Roles > Create new role.
Provide a name like Kyvos-deployment-role; assign the following permissions, and then attach to the logged-in user service account.deploymentmanager.deployments.create
deploymentmanager.deployments.delete
deploymentmanager.deployments.get
deploymentmanager.deployments.list
deploymentmanager.deployments.update
deploymentmanager.manifests.get
deploymentmanager.operations.get
storage.objects.get
compute.subnetworks.use use
cloudfunctions.functions.setIamPolicy
| Panel | ||||||
|---|---|---|---|---|---|---|
| ||||||
Note The above permissions are only required to launch deployment. To view the resources after deployment, the user must have permission on the relevant resources. |
...