GCP Service Account Requirement for PX-Backup


Can someone point me to the right roles/permissions required for a Service Account used for PX-backup?


I am only seeing the following from the documentation
In GCP, create a Compute Engine default service account for use with your cluster. Modify the service account, adding Read Write access for each API. Save the JSON key for this service account for future reference.

Any option to define that in Role-based ?

Anyone seen this error?

Error starting ApplicationBackup for volumes: error triggering backup for volume: pvc-d713cbc8-a478-4985-86fb-ab18e9fd0bc1 (PVC: data-mysql-0, Namespace: ns-mysql): googleapi: Error 403: Request had insufficient authentication scopes. More details: Reason: insufficientPermissions, Message: Insufficient Permission

No idea what permission its looking for