Apigee Integration 访问权限概览

Apigee Integration 使用 Identity and Access Management (IAM) 来控制对集成的访问权限。 在运行集成之前,请确保您已在 Google Cloud 项目中配置相关 IAM 角色。

预定义 IAM 角色

下表介绍了预定义的 Apigee Integration IAM 角色以及每个角色提供的权限。每个角色可提供一组适合特定角色范围的权限。

如需详细了解 IAM 中不同类型的角色,请参阅了解角色

如需了解如何向主账号授予角色,请参阅授予、更改和撤消访问权限

IAM 角色 角色范围 权限 说明
Pub/Sub Editor (roles/pubsub.editor) Cloud Pub/Sub 触发器
  • pubsub.topics.attachSubscription
  • pubsub.subscriptions.create
 提供修改主题和订阅以及发布和使用消息的权限。
Cloud KMS CryptoKey Encrypter/Decrypter (roles/cloudkms.cryptoKeyEncrypterDecrypter) 身份验证配置文件
  • cloudkms.cryptoKeyVersions.useToDecrypt
  • cloudkms.cryptoKeyVersions.useToEncrypt
 仅提供使用 Cloud KMS 资源执行加密和解密操作的权限。
Apigee Integration Admin (roles/integrations.apigeeIntegrationAdminRole) 所有任务和触发器
  • integrations.apigeeIntegrations.list
  • integrations.apigeeIntegrations.invoke
  • integrations.apigeeIntegrationVers.list
  • integrations.apigeeIntegrationVers.create
  • integrations.apigeeIntegrationVers.get
  • integrations.apigeeIntegrationVers.update
  • integrations.apigeeIntegrationVers.delete
  • integrations.apigeeIntegrationVers.deploy
  • integrations.apigeeExecutions.list
  • integrations.apigeeSuspensions.list
  • integrations.apigeeSuspensions.resolve
  • integrations.apigeeAuthConfigs.list
  • integrations.apigeeAuthConfigs.create
  • integrations.apigeeAuthConfigs.get
  • integrations.apigeeAuthConfigs.update
  • integrations.apigeeAuthConfigs.delete
  • integrations.apigeeCertificates.get
  • integrations.apigeeSfdcInstances.list
  • integrations.apigeeSfdcInstances.create
  • integrations.apigeeSfdcInstances.get
  • integrations.apigeeSfdcInstances.update
  • integrations.apigeeSfdcInstances.delete
  • integrations.apigeeSfdcChannels.list
  • integrations.apigeeSfdcChannels.create
  • integrations.apigeeSfdcChannels.get
  • integrations.apigeeSfdcChannels.update
  • integrations.apigeeSfdcChannels.delete
  • resourcemanager.projects.get
  • resourcemanager.projects.list
 提供对所有 Apigee 集成的完整访问权限。
Apigee Integration Viewer (roles/integrations.apigeeIntegrationsViewer) 所有任务和触发器
  • integrations.apigeeIntegrations.list
  • integrations.apigeeIntegrationVers.list
  • integrations.apigeeIntegrationVers.get
  • integrations.apigeeAuthConfigs.list
  • integrations.apigeeSfdcInstances.list
  • integrations.apigeeSfdcChannels.list
  • resourcemanager.projects.get
  • resourcemanager.projects.list
 提供列出和查看 Apigee 集成的权限。
Apigee Integration Editor (roles/integrations.apigeeIntegrationEditorRole) 所有任务和触发器
  • integrations.apigeeIntegrations.list
  • integrations.apigeeIntegrations.invoke
  • integrations.apigeeIntegrationVers.list
  • integrations.apigeeIntegrationVers.create
  • integrations.apigeeIntegrationVers.get
  • integrations.apigeeIntegrationVers.update
  • integrations.apigeeIntegrationVers.delete
  • integrations.apigeeIntegrationVers.deploy
  • integrations.apigeeExecutions.list
  • integrations.apigeeAuthConfigs.list
  • integrations.apigeeAuthConfigs.create
  • integrations.apigeeAuthConfigs.get
  • integrations.apigeeAuthConfigs.update
  • integrations.apigeeCertificates.get
  • integrations.apigeeSfdcInstances.list
  • integrations.apigeeSfdcInstances.create
  • integrations.apigeeSfdcInstances.get
  • integrations.apigeeSfdcInstances.update
  • integrations.apigeeSfdcChannels.list
  • integrations.apigeeSfdcChannels.create
  • integrations.apigeeSfdcChannels.get
  • integrations.apigeeSfdcChannels.update
  • resourcemanager.projects.get
  • resourcemanager.projects.list
 提供列出、创建和更新 Apigee 集成的权限。
Apigee Integration Deployer (roles/integrations.apigeeIntegrationDeployerRole) 所有任务和触发器
  • integrations.apigeeIntegrations.list
  • integrations.apigeeIntegrationVers.list
  • integrations.apigeeIntegrationVers.get
  • integrations.apigeeIntegrationVers.deploy
  • resourcemanager.projects.get
  • resourcemanager.projects.list
 提供在集成运行时中部署和取消部署 Apigee 集成的权限。
Apigee Integration Invoker (roles/integrations.apigeeIntegrationInvokerRole) 所有任务和触发器
  • integrations.apigeeIntegrations.list
  • integrations.apigeeIntegrations.invoke
  • integrations.apigeeIntegrationVers.list
  • integrations.apigeeIntegrationVers.get
  • integrations.apigeeExecutions.list
  • resourcemanager.projects.get
  • resourcemanager.projects.list
 提供调用(运行)Apigee 集成的权限。
Apigee Integration Approver (roles/integrations.apigeeSuspensionResolver) 暂停任务
  • integrations.apigeeSuspensions.list
  • integrations.apigeeSuspensions.resolve
  • resourcemanager.projects.get
  • resourcemanager.projects.list
 提供批准或拒绝包含暂停任务的 Apigee 集成的权限。