Roles and Required Permissions

There are two group of IAM roles and permissions, based on how you add your account into CloudVerse:

With Organization

Role Title
Role Type
Role Created At
Permissions

Billing Account Viewer

Default Role

Organization

  • Can view information about billing accounts

Viewer

Default Role

Organization

  • View most Google Cloud resources

CloudVerseRole

Custom Role

Organization

  • recommender.usageCommitmentRecommendations.update

  • recommender.computeAddressIdleResourceRecommendations.update

  • recommender.computeDiskIdleResourceRecommendations.update

  • recommender.computeImageIdleResourceRecommendations.update

  • recommender.computeInstanceGroupManagerMachineTypeRecommendations.update

  • recommender.computeInstanceIdleResourceRecommendations.update

  • recommender.computeInstanceMachineTypeRecommendations.update

  • recommender.iamPolicyRecommendations.update

  • cloudasset.assets.exportResource

  • billing.accounts.get

  • billing.resourceAssociations.list

  • resourcemanager.folders.get

  • resourcemanager.folders.list

  • resourcemanager.organizations.get

  • resourcemanager.projects.list

  • resourcemanager.projects.get

  • You have to assign the Viewer and CloudVerseRole roles to the CloudVerse Service Account in your Organization. Every project in your organization will inherit this assignment. CloudVerse will help you with this task by generating a script, which you only need to run once. After that, if you want to add any project that has the same Billing Account and Organization, you don't need to run the script again.

  • For more infomation about permissions, please see Permission Details.

Without Organization

Role Title
Role Type
Role Created At
Permissions

Billing Account Viewer

Default Role

Project

  • Can view information about billing accounts

Viewer

Default Role

Project

  • View most Google Cloud resources

CloudVerseRole

Custom Role

Project

  • recommender.usageCommitmentRecommendations.update

  • recommender.computeAddressIdleResourceRecommendations.update

  • recommender.computeDiskIdleResourceRecommendations.update

  • recommender.computeImageIdleResourceRecommendations.update

  • recommender.computeInstanceGroupManagerMachineTypeRecommendations.update

  • recommender.computeInstanceIdleResourceRecommendations.update

  • recommender.computeInstanceMachineTypeRecommendations.update

  • recommender.iamPolicyRecommendations.update

  • cloudasset.assets.exportResource

  • You have to assign Viewer and CloudVerseRole roles to the CloudVerse Service Account in every project that you want to add to CloudVerse and the project that contains Billing export BigQuery Dataset. CloudVerse will assist you by generating a script, that will help you to assign the roles automatially.

  • For more infomation about permissions, please see Permission Details.

APIs And Services

Name
Id
Usage

Compute Engine API

compute.googleapis.com

Getting compute assets details

Cloud Asset API

cloudasset.googleapis.com

Exporting assets inventory

Recommender API

recommender.googleapis.com

Collecting GCP recommendations

You have to enable these three API in every project that you want to add to CloudVerse.

CloudVerse will help you to do this job by generating a script, and you only need to run the script. If you want to do it manually, please see GCP | Enable and Disable Apis.

PreviousEssential Terms and DefinitionsNextPermission Details

Last updated