Network Connectivity Center roles and permissions

This page lists the IAM roles and permissions for Network Connectivity Center. Tosearch through all roles and permissions, see therole andpermission index.

Network Connectivity Center roles

RolePermissions

Service Automation Consumer Network Admin

(roles/networkconnectivity.consumerNetworkAdmin)

Service Automation Consumer Network Admin is responsible for setting up ServiceConnectionPolicies.

networkconnectivity.serviceConnectionPolicies.*

  • networkconnectivity.serviceConnectionPolicies.create
  • networkconnectivity.serviceConnectionPolicies.delete
  • networkconnectivity.serviceConnectionPolicies.get
  • networkconnectivity.serviceConnectionPolicies.list
  • networkconnectivity.serviceConnectionPolicies.update

resourcemanager.projects.get

resourcemanager.projects.list

Group Admin

(roles/networkconnectivity.groupAdmin)

Enables full access to group resources and read-only access to hub and spoke resources

networkconnectivity.gatewayAdvertisedRoutes.get

networkconnectivity.gatewayAdvertisedRoutes.list

networkconnectivity.groups.*

  • networkconnectivity.groups.acceptSpoke
  • networkconnectivity.groups.acceptSpokeUpdate
  • networkconnectivity.groups.get
  • networkconnectivity.groups.getIamPolicy
  • networkconnectivity.groups.list
  • networkconnectivity.groups.rejectSpoke
  • networkconnectivity.groups.rejectSpokeUpdate
  • networkconnectivity.groups.setIamPolicy
  • networkconnectivity.groups.use

networkconnectivity.hubRouteTables.get

networkconnectivity.hubRouteTables.getIamPolicy

networkconnectivity.hubRouteTables.list

networkconnectivity.hubRoutes.get

networkconnectivity.hubRoutes.getIamPolicy

networkconnectivity.hubRoutes.list

networkconnectivity.hubs.get

networkconnectivity.hubs.getIamPolicy

networkconnectivity.hubs.list

networkconnectivity.locations.*

  • networkconnectivity.locations.get
  • networkconnectivity.locations.list

networkconnectivity.operations.get

networkconnectivity.operations.list

networkconnectivity.spokes.get

networkconnectivity.spokes.getIamPolicy

networkconnectivity.spokes.list

resourcemanager.projects.get

resourcemanager.projects.list

Group User

(roles/networkconnectivity.groupUser)

Enables use access on group resources

networkconnectivity.groups.use

Hub & Spoke Admin

(roles/networkconnectivity.hubAdmin)

Enables full access to hub and spoke resources.

Lowest-level resources where you can grant this role:

  • Project

networkconnectivity.gatewayAdvertisedRoutes.*

  • networkconnectivity.gatewayAdvertisedRoutes.create
  • networkconnectivity.gatewayAdvertisedRoutes.delete
  • networkconnectivity.gatewayAdvertisedRoutes.get
  • networkconnectivity.gatewayAdvertisedRoutes.list
  • networkconnectivity.gatewayAdvertisedRoutes.update

networkconnectivity.groups.*

  • networkconnectivity.groups.acceptSpoke
  • networkconnectivity.groups.acceptSpokeUpdate
  • networkconnectivity.groups.get
  • networkconnectivity.groups.getIamPolicy
  • networkconnectivity.groups.list
  • networkconnectivity.groups.rejectSpoke
  • networkconnectivity.groups.rejectSpokeUpdate
  • networkconnectivity.groups.setIamPolicy
  • networkconnectivity.groups.use

networkconnectivity.hubRouteTables.*

  • networkconnectivity.hubRouteTables.get
  • networkconnectivity.hubRouteTables.getIamPolicy
  • networkconnectivity.hubRouteTables.list
  • networkconnectivity.hubRouteTables.setIamPolicy

networkconnectivity.hubRoutes.*

  • networkconnectivity.hubRoutes.get
  • networkconnectivity.hubRoutes.getIamPolicy
  • networkconnectivity.hubRoutes.list
  • networkconnectivity.hubRoutes.setIamPolicy

networkconnectivity.hubs.*

  • networkconnectivity.hubs.create
  • networkconnectivity.hubs.delete
  • networkconnectivity.hubs.get
  • networkconnectivity.hubs.getIamPolicy
  • networkconnectivity.hubs.list
  • networkconnectivity.hubs.listSpokes
  • networkconnectivity.hubs.queryStatus
  • networkconnectivity.hubs.setIamPolicy
  • networkconnectivity.hubs.update

networkconnectivity.locations.*

  • networkconnectivity.locations.get
  • networkconnectivity.locations.list

networkconnectivity.operations.*

  • networkconnectivity.operations.cancel
  • networkconnectivity.operations.delete
  • networkconnectivity.operations.get
  • networkconnectivity.operations.list

networkconnectivity.spokes.*

  • networkconnectivity.spokes.create
  • networkconnectivity.spokes.delete
  • networkconnectivity.spokes.get
  • networkconnectivity.spokes.getIamPolicy
  • networkconnectivity.spokes.list
  • networkconnectivity.spokes.setIamPolicy
  • networkconnectivity.spokes.update

resourcemanager.projects.get

resourcemanager.projects.list

Hub & Spoke Viewer

(roles/networkconnectivity.hubViewer)

Enables read-only access to hub and spoke resources.

Lowest-level resources where you can grant this role:

  • Project

networkconnectivity.gatewayAdvertisedRoutes.get

networkconnectivity.gatewayAdvertisedRoutes.list

networkconnectivity.groups.get

networkconnectivity.groups.getIamPolicy

networkconnectivity.groups.list

networkconnectivity.hubRouteTables.get

networkconnectivity.hubRouteTables.getIamPolicy

networkconnectivity.hubRouteTables.list

networkconnectivity.hubRoutes.get

networkconnectivity.hubRoutes.getIamPolicy

networkconnectivity.hubRoutes.list

networkconnectivity.hubs.get

networkconnectivity.hubs.getIamPolicy

networkconnectivity.hubs.list

networkconnectivity.hubs.listSpokes

networkconnectivity.hubs.queryStatus

networkconnectivity.locations.*

  • networkconnectivity.locations.get
  • networkconnectivity.locations.list

networkconnectivity.spokes.get

networkconnectivity.spokes.getIamPolicy

networkconnectivity.spokes.list

resourcemanager.projects.get

resourcemanager.projects.list

Multicloud Data Transfer Config Admin

(roles/networkconnectivity.multicloudDataTransferConfigAdmin)

Full access to all Multicloud Data Transfer Config resources.

networkconnectivity.multicloudDataTransferConfigs.*

  • networkconnectivity.multicloudDataTransferConfigs.create
  • networkconnectivity.multicloudDataTransferConfigs.delete
  • networkconnectivity.multicloudDataTransferConfigs.get
  • networkconnectivity.multicloudDataTransferConfigs.list
  • networkconnectivity.multicloudDataTransferConfigs.update

networkconnectivity.multicloudDataTransferDestinations.*

  • networkconnectivity.multicloudDataTransferDestinations.create
  • networkconnectivity.multicloudDataTransferDestinations.delete
  • networkconnectivity.multicloudDataTransferDestinations.get
  • networkconnectivity.multicloudDataTransferDestinations.list
  • networkconnectivity.multicloudDataTransferDestinations.update

networkconnectivity.multicloudDataTransferSupportedServices.*

  • networkconnectivity.multicloudDataTransferSupportedServices.get
  • networkconnectivity.multicloudDataTransferSupportedServices.list

networkconnectivity.operations.get

networkconnectivity.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Multicloud Data Transfer Config Viewer

(roles/networkconnectivity.multicloudDataTransferConfigViewer)

Read-only access to all Multicloud Data Transfer Config resources.

networkconnectivity.multicloudDataTransferConfigs.get

networkconnectivity.multicloudDataTransferConfigs.list

networkconnectivity.multicloudDataTransferDestinations.get

networkconnectivity.multicloudDataTransferDestinations.list

networkconnectivity.multicloudDataTransferSupportedServices.*

  • networkconnectivity.multicloudDataTransferSupportedServices.get
  • networkconnectivity.multicloudDataTransferSupportedServices.list

networkconnectivity.operations.get

networkconnectivity.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Destination Admin

(roles/networkconnectivity.multicloudDataTransferDestinationAdmin)

Access to all Destination resources.

networkconnectivity.multicloudDataTransferDestinations.*

  • networkconnectivity.multicloudDataTransferDestinations.create
  • networkconnectivity.multicloudDataTransferDestinations.delete
  • networkconnectivity.multicloudDataTransferDestinations.get
  • networkconnectivity.multicloudDataTransferDestinations.list
  • networkconnectivity.multicloudDataTransferDestinations.update

networkconnectivity.multicloudDataTransferSupportedServices.*

  • networkconnectivity.multicloudDataTransferSupportedServices.get
  • networkconnectivity.multicloudDataTransferSupportedServices.list

networkconnectivity.operations.get

networkconnectivity.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Destination Viewer

(roles/networkconnectivity.multicloudDataTransferDestinationViewer)

Read-only access to all Destination resources.

networkconnectivity.multicloudDataTransferDestinations.get

networkconnectivity.multicloudDataTransferDestinations.list

networkconnectivity.multicloudDataTransferSupportedServices.*

  • networkconnectivity.multicloudDataTransferSupportedServices.get
  • networkconnectivity.multicloudDataTransferSupportedServices.list

networkconnectivity.operations.get

networkconnectivity.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Regional Endpoint Admin

(roles/networkconnectivity.regionalEndpointAdmin)

Full access to all Regional Endpoint resources.

networkconnectivity.regionalEndpoints.*

  • networkconnectivity.regionalEndpoints.create
  • networkconnectivity.regionalEndpoints.delete
  • networkconnectivity.regionalEndpoints.get
  • networkconnectivity.regionalEndpoints.list

resourcemanager.projects.get

resourcemanager.projects.list

Regional Endpoint Viewer

(roles/networkconnectivity.regionalEndpointViewer)

Read-only access to all Regional Endpoint resources.

networkconnectivity.regionalEndpoints.get

networkconnectivity.regionalEndpoints.list

resourcemanager.projects.get

resourcemanager.projects.list

Network Connectivity Service Agent

(roles/networkconnectivity.serviceAgent)

Grants the Network Connectivity API authority to read some networking resources. It does not mutate these resources.

Warning: Do not grant service agent roles to any principals exceptservice agents.

compute.addresses.create

compute.addresses.createInternal

compute.addresses.delete

compute.addresses.deleteInternal

compute.addresses.get

compute.addresses.setLabels

compute.addresses.use

compute.forwardingRules.create

compute.forwardingRules.delete

compute.forwardingRules.get

compute.forwardingRules.pscCreate

compute.forwardingRules.pscDelete

compute.forwardingRules.pscSetLabels

compute.forwardingRules.pscUpdate

compute.forwardingRules.setLabels

compute.instances.get

compute.interconnectAttachments.get

compute.networks.get

compute.networks.updatePolicy

compute.networks.use

compute.projects.get

compute.regionOperations.get

compute.routers.get

compute.subnetworks.create

compute.subnetworks.delete

compute.subnetworks.get

compute.subnetworks.getIamPolicy

compute.subnetworks.list

compute.subnetworks.setIamPolicy

compute.subnetworks.use

compute.vpnTunnels.get

dns.managedZones.create

dns.networks.bindPrivateDNSZone

networkconnectivity.hubRouteTables.get

networkconnectivity.hubRouteTables.list

networkconnectivity.hubRoutes.get

networkconnectivity.hubRoutes.list

networkconnectivity.internalRanges.create

networkconnectivity.internalRanges.delete

networkconnectivity.internalRanges.get

networkconnectivity.internalRanges.list

networkconnectivity.operations.get

servicedirectory.namespaces.associatePrivateZone

servicedirectory.namespaces.create

servicedirectory.namespaces.delete

servicedirectory.services.create

servicedirectory.services.delete

Service Class User

(roles/networkconnectivity.serviceClassUser)

Service Class User uses a ServiceClass

networkconnectivity.serviceClasses.get

networkconnectivity.serviceClasses.list

networkconnectivity.serviceClasses.use

resourcemanager.projects.get

resourcemanager.projects.list

Service Automation Service Producer Admin

(roles/networkconnectivity.serviceProducerAdmin)

Service Automation Producer Admin uses information from a consumer request to manage ServiceClasses and ServiceConnectionMaps

networkconnectivity.operations.get

networkconnectivity.operations.list

networkconnectivity.serviceClasses.*

  • networkconnectivity.serviceClasses.create
  • networkconnectivity.serviceClasses.delete
  • networkconnectivity.serviceClasses.get
  • networkconnectivity.serviceClasses.list
  • networkconnectivity.serviceClasses.update
  • networkconnectivity.serviceClasses.use

networkconnectivity.serviceConnectionMaps.*

  • networkconnectivity.serviceConnectionMaps.create
  • networkconnectivity.serviceConnectionMaps.delete
  • networkconnectivity.serviceConnectionMaps.get
  • networkconnectivity.serviceConnectionMaps.list
  • networkconnectivity.serviceConnectionMaps.update

resourcemanager.projects.get

resourcemanager.projects.list

Spoke Admin

(roles/networkconnectivity.spokeAdmin)

Enables full access to spoke resources and read-only access to hub resources.

Lowest-level resources where you can grant this role:

  • Project

networkconnectivity.gatewayAdvertisedRoutes.*

  • networkconnectivity.gatewayAdvertisedRoutes.create
  • networkconnectivity.gatewayAdvertisedRoutes.delete
  • networkconnectivity.gatewayAdvertisedRoutes.get
  • networkconnectivity.gatewayAdvertisedRoutes.list
  • networkconnectivity.gatewayAdvertisedRoutes.update

networkconnectivity.hubRouteTables.get

networkconnectivity.hubRouteTables.getIamPolicy

networkconnectivity.hubRouteTables.list

networkconnectivity.hubRoutes.get

networkconnectivity.hubRoutes.getIamPolicy

networkconnectivity.hubRoutes.list

networkconnectivity.hubs.get

networkconnectivity.hubs.getIamPolicy

networkconnectivity.hubs.list

networkconnectivity.locations.*

  • networkconnectivity.locations.get
  • networkconnectivity.locations.list

networkconnectivity.operations.get

networkconnectivity.operations.list

networkconnectivity.spokes.*

  • networkconnectivity.spokes.create
  • networkconnectivity.spokes.delete
  • networkconnectivity.spokes.get
  • networkconnectivity.spokes.getIamPolicy
  • networkconnectivity.spokes.list
  • networkconnectivity.spokes.setIamPolicy
  • networkconnectivity.spokes.update

resourcemanager.projects.get

resourcemanager.projects.list

Transport Admin

(roles/networkconnectivity.transportAdmin)

Enables full access to Transport resources

networkconnectivity.locations.*

  • networkconnectivity.locations.get
  • networkconnectivity.locations.list

networkconnectivity.operations.*

  • networkconnectivity.operations.cancel
  • networkconnectivity.operations.delete
  • networkconnectivity.operations.get
  • networkconnectivity.operations.list

networkconnectivity.remoteTransportProfiles.*

  • networkconnectivity.remoteTransportProfiles.get
  • networkconnectivity.remoteTransportProfiles.list

networkconnectivity.transports.*

  • networkconnectivity.transports.create
  • networkconnectivity.transports.delete
  • networkconnectivity.transports.get
  • networkconnectivity.transports.list
  • networkconnectivity.transports.update

resourcemanager.projects.get

resourcemanager.projects.list

Transport Viewer

(roles/networkconnectivity.transportViewer)

Enables view access to Transport resources

networkconnectivity.locations.*

  • networkconnectivity.locations.get
  • networkconnectivity.locations.list

networkconnectivity.operations.get

networkconnectivity.operations.list

networkconnectivity.remoteTransportProfiles.*

  • networkconnectivity.remoteTransportProfiles.get
  • networkconnectivity.remoteTransportProfiles.list

networkconnectivity.transports.get

networkconnectivity.transports.list

resourcemanager.projects.get

resourcemanager.projects.list

Network Connectivity Center permissions

PermissionIncluded in roles

networkconnectivity.gatewayAdvertisedRoutes.create

Owner (roles/owner)

Editor (roles/editor)

Network Administrator (roles/iam.networkAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

Spoke Admin (roles/networkconnectivity.spokeAdmin)

networkconnectivity.gatewayAdvertisedRoutes.delete

Owner (roles/owner)

Editor (roles/editor)

Network Administrator (roles/iam.networkAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

Spoke Admin (roles/networkconnectivity.spokeAdmin)

networkconnectivity.gatewayAdvertisedRoutes.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Network Administrator (roles/iam.networkAdmin)

Support User (roles/iam.supportUser)

Group Admin (roles/networkconnectivity.groupAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

Hub & Spoke Viewer (roles/networkconnectivity.hubViewer)

Spoke Admin (roles/networkconnectivity.spokeAdmin)

networkconnectivity.gatewayAdvertisedRoutes.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Group Admin (roles/networkconnectivity.groupAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

Hub & Spoke Viewer (roles/networkconnectivity.hubViewer)

Spoke Admin (roles/networkconnectivity.spokeAdmin)

networkconnectivity.gatewayAdvertisedRoutes.update

Owner (roles/owner)

Editor (roles/editor)

Network Administrator (roles/iam.networkAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

Spoke Admin (roles/networkconnectivity.spokeAdmin)

networkconnectivity.groups.acceptSpoke

Owner (roles/owner)

Editor (roles/editor)

Network Administrator (roles/iam.networkAdmin)

Group Admin (roles/networkconnectivity.groupAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

networkconnectivity.groups.acceptSpokeUpdate

Owner (roles/owner)

Editor (roles/editor)

Network Administrator (roles/iam.networkAdmin)

Group Admin (roles/networkconnectivity.groupAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

networkconnectivity.groups.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Network Administrator (roles/iam.networkAdmin)

Support User (roles/iam.supportUser)

Group Admin (roles/networkconnectivity.groupAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

Hub & Spoke Viewer (roles/networkconnectivity.hubViewer)

networkconnectivity.groups.getIamPolicy

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Group Admin (roles/networkconnectivity.groupAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

Hub & Spoke Viewer (roles/networkconnectivity.hubViewer)

networkconnectivity.groups.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Group Admin (roles/networkconnectivity.groupAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

Hub & Spoke Viewer (roles/networkconnectivity.hubViewer)

networkconnectivity.groups.rejectSpoke

Owner (roles/owner)

Editor (roles/editor)

Network Administrator (roles/iam.networkAdmin)

Group Admin (roles/networkconnectivity.groupAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

networkconnectivity.groups.rejectSpokeUpdate

Owner (roles/owner)

Editor (roles/editor)

Network Administrator (roles/iam.networkAdmin)

Group Admin (roles/networkconnectivity.groupAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

networkconnectivity.groups.setIamPolicy

Owner (roles/owner)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Group Admin (roles/networkconnectivity.groupAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

networkconnectivity.groups.use

Owner (roles/owner)

Editor (roles/editor)

Network Administrator (roles/iam.networkAdmin)

Group Admin (roles/networkconnectivity.groupAdmin)

Group User (roles/networkconnectivity.groupUser)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

networkconnectivity.hubRouteTables.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Network Administrator (roles/iam.networkAdmin)

Support User (roles/iam.supportUser)

Group Admin (roles/networkconnectivity.groupAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

Hub & Spoke Viewer (roles/networkconnectivity.hubViewer)

Spoke Admin (roles/networkconnectivity.spokeAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.hubRouteTables.getIamPolicy

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Group Admin (roles/networkconnectivity.groupAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

Hub & Spoke Viewer (roles/networkconnectivity.hubViewer)

Spoke Admin (roles/networkconnectivity.spokeAdmin)

networkconnectivity.hubRouteTables.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Group Admin (roles/networkconnectivity.groupAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

Hub & Spoke Viewer (roles/networkconnectivity.hubViewer)

Spoke Admin (roles/networkconnectivity.spokeAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.hubRouteTables.setIamPolicy

Owner (roles/owner)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

networkconnectivity.hubRoutes.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Network Administrator (roles/iam.networkAdmin)

Support User (roles/iam.supportUser)

Group Admin (roles/networkconnectivity.groupAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

Hub & Spoke Viewer (roles/networkconnectivity.hubViewer)

Spoke Admin (roles/networkconnectivity.spokeAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.hubRoutes.getIamPolicy

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Group Admin (roles/networkconnectivity.groupAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

Hub & Spoke Viewer (roles/networkconnectivity.hubViewer)

Spoke Admin (roles/networkconnectivity.spokeAdmin)

networkconnectivity.hubRoutes.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Group Admin (roles/networkconnectivity.groupAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

Hub & Spoke Viewer (roles/networkconnectivity.hubViewer)

Spoke Admin (roles/networkconnectivity.spokeAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.hubRoutes.setIamPolicy

Owner (roles/owner)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

networkconnectivity.hubs.create

Owner (roles/owner)

Editor (roles/editor)

Network Administrator (roles/iam.networkAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

networkconnectivity.hubs.delete

Owner (roles/owner)

Editor (roles/editor)

Network Administrator (roles/iam.networkAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

networkconnectivity.hubs.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Network Administrator (roles/iam.networkAdmin)

Support User (roles/iam.supportUser)

Group Admin (roles/networkconnectivity.groupAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

Hub & Spoke Viewer (roles/networkconnectivity.hubViewer)

Spoke Admin (roles/networkconnectivity.spokeAdmin)

networkconnectivity.hubs.getIamPolicy

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Group Admin (roles/networkconnectivity.groupAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

Hub & Spoke Viewer (roles/networkconnectivity.hubViewer)

Spoke Admin (roles/networkconnectivity.spokeAdmin)

networkconnectivity.hubs.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Group Admin (roles/networkconnectivity.groupAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

Hub & Spoke Viewer (roles/networkconnectivity.hubViewer)

Spoke Admin (roles/networkconnectivity.spokeAdmin)

networkconnectivity.hubs.listSpokes

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Network Administrator (roles/iam.networkAdmin)

Support User (roles/iam.supportUser)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

Hub & Spoke Viewer (roles/networkconnectivity.hubViewer)

networkconnectivity.hubs.queryStatus

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Network Administrator (roles/iam.networkAdmin)

Support User (roles/iam.supportUser)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

Hub & Spoke Viewer (roles/networkconnectivity.hubViewer)

networkconnectivity.hubs.setIamPolicy

Owner (roles/owner)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

networkconnectivity.hubs.update

Owner (roles/owner)

Editor (roles/editor)

Network Administrator (roles/iam.networkAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

networkconnectivity.internalRanges.create

Owner (roles/owner)

Editor (roles/editor)

Compute Network Admin (roles/compute.networkAdmin)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.internalRanges.delete

Owner (roles/owner)

Editor (roles/editor)

Compute Network Admin (roles/compute.networkAdmin)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.internalRanges.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Compute Network Admin (roles/compute.networkAdmin)

Compute Network User (roles/compute.networkUser)

Compute Network Viewer (roles/compute.networkViewer)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.internalRanges.getIamPolicy

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Compute Network Admin (roles/compute.networkAdmin)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.internalRanges.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Compute Network Admin (roles/compute.networkAdmin)

Compute Network User (roles/compute.networkUser)

Compute Network Viewer (roles/compute.networkViewer)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.internalRanges.setIamPolicy

Owner (roles/owner)

Compute Network Admin (roles/compute.networkAdmin)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.internalRanges.update

Owner (roles/owner)

Editor (roles/editor)

Compute Network Admin (roles/compute.networkAdmin)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.locations.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Compute Network Admin (roles/compute.networkAdmin)

Compute Network User (roles/compute.networkUser)

Compute Network Viewer (roles/compute.networkViewer)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Group Admin (roles/networkconnectivity.groupAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

Hub & Spoke Viewer (roles/networkconnectivity.hubViewer)

Spoke Admin (roles/networkconnectivity.spokeAdmin)

Transport Admin (roles/networkconnectivity.transportAdmin)

Transport Viewer (roles/networkconnectivity.transportViewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.locations.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Compute Network Admin (roles/compute.networkAdmin)

Compute Network User (roles/compute.networkUser)

Compute Network Viewer (roles/compute.networkViewer)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Group Admin (roles/networkconnectivity.groupAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

Hub & Spoke Viewer (roles/networkconnectivity.hubViewer)

Spoke Admin (roles/networkconnectivity.spokeAdmin)

Transport Admin (roles/networkconnectivity.transportAdmin)

Transport Viewer (roles/networkconnectivity.transportViewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.multicloudDataTransferConfigs.create

Owner (roles/owner)

Editor (roles/editor)

Multicloud Data Transfer Config Admin (roles/networkconnectivity.multicloudDataTransferConfigAdmin)

networkconnectivity.multicloudDataTransferConfigs.delete

Owner (roles/owner)

Editor (roles/editor)

Multicloud Data Transfer Config Admin (roles/networkconnectivity.multicloudDataTransferConfigAdmin)

networkconnectivity.multicloudDataTransferConfigs.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

Multicloud Data Transfer Config Admin (roles/networkconnectivity.multicloudDataTransferConfigAdmin)

Multicloud Data Transfer Config Viewer (roles/networkconnectivity.multicloudDataTransferConfigViewer)

networkconnectivity.multicloudDataTransferConfigs.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Multicloud Data Transfer Config Admin (roles/networkconnectivity.multicloudDataTransferConfigAdmin)

Multicloud Data Transfer Config Viewer (roles/networkconnectivity.multicloudDataTransferConfigViewer)

networkconnectivity.multicloudDataTransferConfigs.update

Owner (roles/owner)

Editor (roles/editor)

Multicloud Data Transfer Config Admin (roles/networkconnectivity.multicloudDataTransferConfigAdmin)

networkconnectivity.multicloudDataTransferDestinations.create

Owner (roles/owner)

Editor (roles/editor)

Multicloud Data Transfer Config Admin (roles/networkconnectivity.multicloudDataTransferConfigAdmin)

Destination Admin (roles/networkconnectivity.multicloudDataTransferDestinationAdmin)

networkconnectivity.multicloudDataTransferDestinations.delete

Owner (roles/owner)

Editor (roles/editor)

Multicloud Data Transfer Config Admin (roles/networkconnectivity.multicloudDataTransferConfigAdmin)

Destination Admin (roles/networkconnectivity.multicloudDataTransferDestinationAdmin)

networkconnectivity.multicloudDataTransferDestinations.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

Multicloud Data Transfer Config Admin (roles/networkconnectivity.multicloudDataTransferConfigAdmin)

Multicloud Data Transfer Config Viewer (roles/networkconnectivity.multicloudDataTransferConfigViewer)

Destination Admin (roles/networkconnectivity.multicloudDataTransferDestinationAdmin)

Destination Viewer (roles/networkconnectivity.multicloudDataTransferDestinationViewer)

networkconnectivity.multicloudDataTransferDestinations.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Multicloud Data Transfer Config Admin (roles/networkconnectivity.multicloudDataTransferConfigAdmin)

Multicloud Data Transfer Config Viewer (roles/networkconnectivity.multicloudDataTransferConfigViewer)

Destination Admin (roles/networkconnectivity.multicloudDataTransferDestinationAdmin)

Destination Viewer (roles/networkconnectivity.multicloudDataTransferDestinationViewer)

networkconnectivity.multicloudDataTransferDestinations.update

Owner (roles/owner)

Editor (roles/editor)

Multicloud Data Transfer Config Admin (roles/networkconnectivity.multicloudDataTransferConfigAdmin)

Destination Admin (roles/networkconnectivity.multicloudDataTransferDestinationAdmin)

networkconnectivity.multicloudDataTransferSupportedServices.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

Multicloud Data Transfer Config Admin (roles/networkconnectivity.multicloudDataTransferConfigAdmin)

Multicloud Data Transfer Config Viewer (roles/networkconnectivity.multicloudDataTransferConfigViewer)

Destination Admin (roles/networkconnectivity.multicloudDataTransferDestinationAdmin)

Destination Viewer (roles/networkconnectivity.multicloudDataTransferDestinationViewer)

networkconnectivity.multicloudDataTransferSupportedServices.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Multicloud Data Transfer Config Admin (roles/networkconnectivity.multicloudDataTransferConfigAdmin)

Multicloud Data Transfer Config Viewer (roles/networkconnectivity.multicloudDataTransferConfigViewer)

Destination Admin (roles/networkconnectivity.multicloudDataTransferDestinationAdmin)

Destination Viewer (roles/networkconnectivity.multicloudDataTransferDestinationViewer)

networkconnectivity.operations.cancel

Owner (roles/owner)

Editor (roles/editor)

Compute Network Admin (roles/compute.networkAdmin)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

Transport Admin (roles/networkconnectivity.transportAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.operations.delete

Owner (roles/owner)

Editor (roles/editor)

Compute Network Admin (roles/compute.networkAdmin)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

Transport Admin (roles/networkconnectivity.transportAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.operations.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Compute Network Admin (roles/compute.networkAdmin)

Compute Network User (roles/compute.networkUser)

Compute Network Viewer (roles/compute.networkViewer)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Group Admin (roles/networkconnectivity.groupAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

Multicloud Data Transfer Config Admin (roles/networkconnectivity.multicloudDataTransferConfigAdmin)

Multicloud Data Transfer Config Viewer (roles/networkconnectivity.multicloudDataTransferConfigViewer)

Destination Admin (roles/networkconnectivity.multicloudDataTransferDestinationAdmin)

Destination Viewer (roles/networkconnectivity.multicloudDataTransferDestinationViewer)

Service Automation Service Producer Admin (roles/networkconnectivity.serviceProducerAdmin)

Spoke Admin (roles/networkconnectivity.spokeAdmin)

Transport Admin (roles/networkconnectivity.transportAdmin)

Transport Viewer (roles/networkconnectivity.transportViewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.operations.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Compute Network Admin (roles/compute.networkAdmin)

Compute Network User (roles/compute.networkUser)

Compute Network Viewer (roles/compute.networkViewer)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Group Admin (roles/networkconnectivity.groupAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

Multicloud Data Transfer Config Admin (roles/networkconnectivity.multicloudDataTransferConfigAdmin)

Multicloud Data Transfer Config Viewer (roles/networkconnectivity.multicloudDataTransferConfigViewer)

Destination Admin (roles/networkconnectivity.multicloudDataTransferDestinationAdmin)

Destination Viewer (roles/networkconnectivity.multicloudDataTransferDestinationViewer)

Service Automation Service Producer Admin (roles/networkconnectivity.serviceProducerAdmin)

Spoke Admin (roles/networkconnectivity.spokeAdmin)

Transport Admin (roles/networkconnectivity.transportAdmin)

Transport Viewer (roles/networkconnectivity.transportViewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.policyBasedRoutes.create

Owner (roles/owner)

Editor (roles/editor)

Compute Network Admin (roles/compute.networkAdmin)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.policyBasedRoutes.delete

Owner (roles/owner)

Editor (roles/editor)

Compute Network Admin (roles/compute.networkAdmin)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.policyBasedRoutes.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Compute Network Admin (roles/compute.networkAdmin)

Compute Network User (roles/compute.networkUser)

Compute Network Viewer (roles/compute.networkViewer)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.policyBasedRoutes.getIamPolicy

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Compute Network Admin (roles/compute.networkAdmin)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.policyBasedRoutes.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Compute Network Admin (roles/compute.networkAdmin)

Compute Network User (roles/compute.networkUser)

Compute Network Viewer (roles/compute.networkViewer)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.policyBasedRoutes.setIamPolicy

Owner (roles/owner)

Compute Network Admin (roles/compute.networkAdmin)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.regionalEndpoints.create

Owner (roles/owner)

Editor (roles/editor)

Compute Network Admin (roles/compute.networkAdmin)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Regional Endpoint Admin (roles/networkconnectivity.regionalEndpointAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.regionalEndpoints.delete

Owner (roles/owner)

Editor (roles/editor)

Compute Network Admin (roles/compute.networkAdmin)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Regional Endpoint Admin (roles/networkconnectivity.regionalEndpointAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.regionalEndpoints.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Compute Network Admin (roles/compute.networkAdmin)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Support User (roles/iam.supportUser)

Regional Endpoint Admin (roles/networkconnectivity.regionalEndpointAdmin)

Regional Endpoint Viewer (roles/networkconnectivity.regionalEndpointViewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.regionalEndpoints.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Compute Network Admin (roles/compute.networkAdmin)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Regional Endpoint Admin (roles/networkconnectivity.regionalEndpointAdmin)

Regional Endpoint Viewer (roles/networkconnectivity.regionalEndpointViewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.remoteTransportProfiles.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

Transport Admin (roles/networkconnectivity.transportAdmin)

Transport Viewer (roles/networkconnectivity.transportViewer)

networkconnectivity.remoteTransportProfiles.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Transport Admin (roles/networkconnectivity.transportAdmin)

Transport Viewer (roles/networkconnectivity.transportViewer)

networkconnectivity.serviceClasses.create

Owner (roles/owner)

Editor (roles/editor)

Compute Network Admin (roles/compute.networkAdmin)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Service Automation Service Producer Admin (roles/networkconnectivity.serviceProducerAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.serviceClasses.delete

Owner (roles/owner)

Editor (roles/editor)

Compute Network Admin (roles/compute.networkAdmin)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Service Automation Service Producer Admin (roles/networkconnectivity.serviceProducerAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.serviceClasses.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Compute Network Admin (roles/compute.networkAdmin)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Support User (roles/iam.supportUser)

Service Class User (roles/networkconnectivity.serviceClassUser)

Service Automation Service Producer Admin (roles/networkconnectivity.serviceProducerAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.serviceClasses.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Compute Network Admin (roles/compute.networkAdmin)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Service Class User (roles/networkconnectivity.serviceClassUser)

Service Automation Service Producer Admin (roles/networkconnectivity.serviceProducerAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.serviceClasses.update

Owner (roles/owner)

Editor (roles/editor)

Compute Network Admin (roles/compute.networkAdmin)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Service Automation Service Producer Admin (roles/networkconnectivity.serviceProducerAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.serviceClasses.use

Owner (roles/owner)

Editor (roles/editor)

Compute Network Admin (roles/compute.networkAdmin)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Service Class User (roles/networkconnectivity.serviceClassUser)

Service Automation Service Producer Admin (roles/networkconnectivity.serviceProducerAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.serviceConnectionMaps.create

Owner (roles/owner)

Editor (roles/editor)

Compute Network Admin (roles/compute.networkAdmin)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Service Automation Service Producer Admin (roles/networkconnectivity.serviceProducerAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.serviceConnectionMaps.delete

Owner (roles/owner)

Editor (roles/editor)

Compute Network Admin (roles/compute.networkAdmin)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Service Automation Service Producer Admin (roles/networkconnectivity.serviceProducerAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.serviceConnectionMaps.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Compute Network Admin (roles/compute.networkAdmin)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Support User (roles/iam.supportUser)

Service Automation Service Producer Admin (roles/networkconnectivity.serviceProducerAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.serviceConnectionMaps.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Compute Network Admin (roles/compute.networkAdmin)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Service Automation Service Producer Admin (roles/networkconnectivity.serviceProducerAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.serviceConnectionMaps.update

Owner (roles/owner)

Editor (roles/editor)

Compute Network Admin (roles/compute.networkAdmin)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Service Automation Service Producer Admin (roles/networkconnectivity.serviceProducerAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.serviceConnectionPolicies.create

Owner (roles/owner)

Editor (roles/editor)

Compute Network Admin (roles/compute.networkAdmin)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Service Automation Consumer Network Admin (roles/networkconnectivity.consumerNetworkAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.serviceConnectionPolicies.delete

Owner (roles/owner)

Editor (roles/editor)

Compute Network Admin (roles/compute.networkAdmin)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Service Automation Consumer Network Admin (roles/networkconnectivity.consumerNetworkAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.serviceConnectionPolicies.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Compute Network Admin (roles/compute.networkAdmin)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Support User (roles/iam.supportUser)

Service Automation Consumer Network Admin (roles/networkconnectivity.consumerNetworkAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.serviceConnectionPolicies.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Compute Network Admin (roles/compute.networkAdmin)

Databases Admin (roles/iam.databasesAdmin)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Service Automation Consumer Network Admin (roles/networkconnectivity.consumerNetworkAdmin)

Cloud Memorystore Redis Admin (roles/redis.admin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.serviceConnectionPolicies.update

Owner (roles/owner)

Editor (roles/editor)

Compute Network Admin (roles/compute.networkAdmin)

Infrastructure Administrator (roles/iam.infrastructureAdmin)

Network Administrator (roles/iam.networkAdmin)

Service Automation Consumer Network Admin (roles/networkconnectivity.consumerNetworkAdmin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

networkconnectivity.spokes.create

Owner (roles/owner)

Editor (roles/editor)

Network Administrator (roles/iam.networkAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

Spoke Admin (roles/networkconnectivity.spokeAdmin)

networkconnectivity.spokes.delete

Owner (roles/owner)

Editor (roles/editor)

Network Administrator (roles/iam.networkAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

Spoke Admin (roles/networkconnectivity.spokeAdmin)

networkconnectivity.spokes.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Network Administrator (roles/iam.networkAdmin)

Support User (roles/iam.supportUser)

Group Admin (roles/networkconnectivity.groupAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

Hub & Spoke Viewer (roles/networkconnectivity.hubViewer)

Spoke Admin (roles/networkconnectivity.spokeAdmin)

networkconnectivity.spokes.getIamPolicy

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Group Admin (roles/networkconnectivity.groupAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

Hub & Spoke Viewer (roles/networkconnectivity.hubViewer)

Spoke Admin (roles/networkconnectivity.spokeAdmin)

networkconnectivity.spokes.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Group Admin (roles/networkconnectivity.groupAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

Hub & Spoke Viewer (roles/networkconnectivity.hubViewer)

Spoke Admin (roles/networkconnectivity.spokeAdmin)

networkconnectivity.spokes.setIamPolicy

Owner (roles/owner)

Network Administrator (roles/iam.networkAdmin)

Security Admin (roles/iam.securityAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

Spoke Admin (roles/networkconnectivity.spokeAdmin)

networkconnectivity.spokes.update

Owner (roles/owner)

Editor (roles/editor)

Network Administrator (roles/iam.networkAdmin)

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)

Spoke Admin (roles/networkconnectivity.spokeAdmin)

networkconnectivity.transports.create

Owner (roles/owner)

Editor (roles/editor)

Transport Admin (roles/networkconnectivity.transportAdmin)

networkconnectivity.transports.delete

Owner (roles/owner)

Editor (roles/editor)

Transport Admin (roles/networkconnectivity.transportAdmin)

networkconnectivity.transports.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

Transport Admin (roles/networkconnectivity.transportAdmin)

Transport Viewer (roles/networkconnectivity.transportViewer)

networkconnectivity.transports.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Transport Admin (roles/networkconnectivity.transportAdmin)

Transport Viewer (roles/networkconnectivity.transportViewer)

networkconnectivity.transports.update

Owner (roles/owner)

Editor (roles/editor)

Transport Admin (roles/networkconnectivity.transportAdmin)

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-12-16 UTC.