Apigee Integration 使用 Identity and Access Management (IAM) 来控制对集成的访问权限。
在运行集成之前,请确保您已在 Google Cloud 项目中配置相关 IAM 角色。
预定义 IAM 角色
下表介绍了预定义的 Apigee Integration IAM 角色以及每个角色提供的权限。每个角色可提供一组适合特定角色范围的权限。
如需详细了解 IAM 中不同类型的角色,请参阅了解角色。
如需了解如何向主账号授予角色,请参阅授予、更改和撤消访问权限。
IAM 角色
|
角色范围
|
权限
|
说明
|
Pub/Sub Editor (roles/pubsub.editor) |
Cloud Pub/Sub 触发器 |
- pubsub.topics.attachSubscription
- pubsub.subscriptions.create
|
提供修改主题和订阅以及发布和使用消息的权限。 |
Cloud KMS CryptoKey Encrypter/Decrypter (roles/cloudkms.cryptoKeyEncrypterDecrypter) |
身份验证配置文件 |
- cloudkms.cryptoKeyVersions.useToDecrypt
- cloudkms.cryptoKeyVersions.useToEncrypt
|
仅提供使用 Cloud KMS 资源执行加密和解密操作的权限。 |
Apigee Integration Admin (roles/integrations.apigeeIntegrationAdminRole) |
所有任务和触发器 |
- integrations.apigeeIntegrations.list
- integrations.apigeeIntegrations.invoke
- integrations.apigeeIntegrationVers.list
- integrations.apigeeIntegrationVers.create
- integrations.apigeeIntegrationVers.get
- integrations.apigeeIntegrationVers.update
- integrations.apigeeIntegrationVers.delete
- integrations.apigeeIntegrationVers.deploy
- integrations.apigeeExecutions.list
- integrations.apigeeSuspensions.list
- integrations.apigeeSuspensions.resolve
- integrations.apigeeAuthConfigs.list
- integrations.apigeeAuthConfigs.create
- integrations.apigeeAuthConfigs.get
- integrations.apigeeAuthConfigs.update
- integrations.apigeeAuthConfigs.delete
- integrations.apigeeCertificates.get
- integrations.apigeeSfdcInstances.list
- integrations.apigeeSfdcInstances.create
- integrations.apigeeSfdcInstances.get
- integrations.apigeeSfdcInstances.update
- integrations.apigeeSfdcInstances.delete
- integrations.apigeeSfdcChannels.list
- integrations.apigeeSfdcChannels.create
- integrations.apigeeSfdcChannels.get
- integrations.apigeeSfdcChannels.update
- integrations.apigeeSfdcChannels.delete
- resourcemanager.projects.get
- resourcemanager.projects.list
|
提供对所有 Apigee 集成的完整访问权限。 |
Apigee Integration Viewer (roles/integrations.apigeeIntegrationsViewer) |
所有任务和触发器 |
- integrations.apigeeIntegrations.list
- integrations.apigeeIntegrationVers.list
- integrations.apigeeIntegrationVers.get
- integrations.apigeeAuthConfigs.list
- integrations.apigeeSfdcInstances.list
- integrations.apigeeSfdcChannels.list
- resourcemanager.projects.get
- resourcemanager.projects.list
|
提供列出和查看 Apigee 集成的权限。 |
Apigee Integration Editor (roles/integrations.apigeeIntegrationEditorRole) |
所有任务和触发器 |
- integrations.apigeeIntegrations.list
- integrations.apigeeIntegrations.invoke
- integrations.apigeeIntegrationVers.list
- integrations.apigeeIntegrationVers.create
- integrations.apigeeIntegrationVers.get
- integrations.apigeeIntegrationVers.update
- integrations.apigeeIntegrationVers.delete
- integrations.apigeeIntegrationVers.deploy
- integrations.apigeeExecutions.list
- integrations.apigeeAuthConfigs.list
- integrations.apigeeAuthConfigs.create
- integrations.apigeeAuthConfigs.get
- integrations.apigeeAuthConfigs.update
- integrations.apigeeCertificates.get
- integrations.apigeeSfdcInstances.list
- integrations.apigeeSfdcInstances.create
- integrations.apigeeSfdcInstances.get
- integrations.apigeeSfdcInstances.update
- integrations.apigeeSfdcChannels.list
- integrations.apigeeSfdcChannels.create
- integrations.apigeeSfdcChannels.get
- integrations.apigeeSfdcChannels.update
- resourcemanager.projects.get
- resourcemanager.projects.list
|
提供列出、创建和更新 Apigee 集成的权限。 |
Apigee Integration Deployer (roles/integrations.apigeeIntegrationDeployerRole) |
所有任务和触发器 |
- integrations.apigeeIntegrations.list
- integrations.apigeeIntegrationVers.list
- integrations.apigeeIntegrationVers.get
- integrations.apigeeIntegrationVers.deploy
- resourcemanager.projects.get
- resourcemanager.projects.list
|
提供在集成运行时中部署和取消部署 Apigee 集成的权限。 |
Apigee Integration Invoker (roles/integrations.apigeeIntegrationInvokerRole) |
所有任务和触发器 |
- integrations.apigeeIntegrations.list
- integrations.apigeeIntegrations.invoke
- integrations.apigeeIntegrationVers.list
- integrations.apigeeIntegrationVers.get
- integrations.apigeeExecutions.list
- resourcemanager.projects.get
- resourcemanager.projects.list
|
提供调用(运行)Apigee 集成的权限。 |
Apigee Integration Approver (roles/integrations.apigeeSuspensionResolver) |
暂停任务 |
- integrations.apigeeSuspensions.list
- integrations.apigeeSuspensions.resolve
- resourcemanager.projects.get
- resourcemanager.projects.list
|
提供批准或拒绝包含暂停任务的 Apigee 集成的权限。 |