BeBop OS is a managed services deployment. We provision all infra, network, and storage for the BeBop OS deployment. To effectively maintain the deployed application, the following roles and permissions need to be granted:

Access Required: 

  1. Compute Admin 
    1. Launch, terminate and troubleshoot GCP Compute Services as needed 
  2. DNS Administrator 
    1. Used to provision Internal DNS for Internal Services resolution. 
  3. Pub/Sub Editor 
    1. Used to provision compute instance status (started, running, stopped, deleted.. Etc) 
  4. Logging Admin 
    1. Used in provisioning step 3, Logging is a dependency to retrieve instance status. 
  5. Storage Admin 
    1. Used in provisioning Bebop Flex Storage Setup (Optional if Flex is not used) 
  6. Storage HMAC Key Admin 
    1. Used in provisioning Bebop Flex Storage Setup (Optional if Flex is not used) 
  7. Quota Administrator 
    1. Used to create instance quota raise requests under IAM.

Service Accounts Needed: 

  1. Username: bbpsrvcuser
    1. Roles: Compute Admin 
      1. Used for: Read Network / Subnet Info, Launch VMs, Terminate VMs 
  2. Username: bbpflexsrvcuser 
    1. Optional, If Flex is not used. 
    2. Roles: Storage Admin (Used for Flex Storage Setup – Optional when Flex is not needed) 
      1. Read/Write access to GCP Storage Buckets 
      2. Single Bucket Access 
      3. Flex Based Projects 

Reason for Console Access:

  1. For troubleshooting and creating certain initial alert settings from Stack Driver to BeBop, regarding instance statuses. 
  2. Google IAP for SSH/RDP access. 
  3. Manage Bebop Block Storage – Provision, Scale, Monitor and Backup/Restore. 


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.