请参阅 Application Integration 支持的连接器

预定义的 Application Integration IAM 角色

预定义角色可授予对特定 Google Cloud 资源的精细访问权限。这些角色由 Google 创建和维护。Google 会根据需要自动更新用户的权限,例如在 Google Cloud 添加新功能或服务时。

下表列出了适用于 Application Integration 的所有预定义 IAM 角色:

权限

roles/advisorynotifications.admin

授予对 Advisory Notifications 中的设置的写入权限

advisorynotifications.*

resourcemanager.organizations.get

resourcemanager.projects.get

(roles/advisorynotifications.viewer)

授予在 Advisory Notifications 中查看消息的访问权限

advisorynotifications.notifications.*

advisorynotifications.settings.get

resourcemanager.organizations.get

resourcemanager.projects.get

roles/apihub.admin

拥有对所有 API Hub 资源的完整访问权限。

apihub.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/apihub.attributeAdmin

拥有对所有 Cloud API hub 属性资源的完整访问权限。

apihub.attributes.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/apihub.editor

对大多数 Cloud API Hub 资源拥有修改权限。

apihub.apiHubInstances.get

apihub.apiHubInstances.list

apihub.apiOperations.*

apihub.apis.*

apihub.attributes.get

apihub.attributes.list

apihub.definitions.*

apihub.dependencies.*

apihub.deployments.*

apihub.externalApis.*

apihub.hostProjectRegistrations.get

apihub.hostProjectRegistrations.list

apihub.llmEnablements.*

apihub.locations.searchResources

apihub.operations.get

apihub.operations.list

apihub.plugins.get

apihub.plugins.list

apihub.runTimeProjectAttachments.get

apihub.runTimeProjectAttachments.list

apihub.specs.*

apihub.styleGuides.get

apihub.versions.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/apihub.pluginAdmin

拥有对所有 Cloud API Hub 插件资源的完整访问权限。

apihub.plugins.*

apihub.specs.lint

apihub.styleGuides.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/apihub.provisioningAdmin

拥有对 Cloud API Hub 预配相关资源的完整访问权限。

apihub.apiHubInstances.*

apihub.hostProjectRegistrations.*

apihub.operations.*

apihub.runTimeProjectAttachments.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/apihub.viewer

拥有对所有 Cloud API hub 资源的查看权限。

apihub.apiHubInstances.get

apihub.apiHubInstances.list

apihub.apiOperations.get

apihub.apiOperations.list

apihub.apis.get

apihub.apis.list

apihub.attributes.get

apihub.attributes.list

apihub.definitions.get

apihub.definitions.list

apihub.dependencies.get

apihub.dependencies.list

apihub.deployments.get

apihub.deployments.list

apihub.externalApis.get

apihub.externalApis.list

apihub.hostProjectRegistrations.get

apihub.hostProjectRegistrations.list

apihub.llmEnablements.get

apihub.llmEnablements.list

apihub.locations.searchResources

apihub.operations.get

apihub.operations.list

apihub.plugins.get

apihub.plugins.list

apihub.runTimeProjectAttachments.get

apihub.runTimeProjectAttachments.list

apihub.specs.get

apihub.specs.list

apihub.styleGuides.get

apihub.versions.get

apihub.versions.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/apim.admin

拥有对 API 管理资源的完整访问权限。

apim.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/apim.viewer

拥有对 API 管理资源的只读权限。

apim.apiObservations.get

apim.apiObservations.list

apim.apiOperations.*

apim.locations.*

apim.observationJobs.get

apim.observationJobs.list

apim.observationSources.get

apim.observationSources.list

apim.operations.get

apim.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/apphub.admin

拥有对 App Hub 资源的完整访问权限。

apphub.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/apphub.editor

拥有对 App Hub 资源的修改权限。

apphub.applications.create

apphub.applications.delete

apphub.applications.get

apphub.applications.list

apphub.applications.update

apphub.discoveredServices.*

apphub.discoveredWorkloads.*

apphub.locations.*

apphub.operations.*

apphub.serviceProjectAttachments.lookup

apphub.services.*

apphub.workloads.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/apphub.viewer

拥有对 App Hub 资源的查看权限。

apphub.applications.get

apphub.applications.list

apphub.discoveredServices.get

apphub.discoveredServices.list

apphub.discoveredWorkloads.get

apphub.discoveredWorkloads.list

apphub.locations.*

apphub.operations.get

apphub.operations.list

apphub.serviceProjectAttachments.lookup

apphub.services.get

apphub.services.list

apphub.workloads.get

apphub.workloads.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/applianceactivation.approver)

可授予用于批准要在设备上运行的命令的权限

applianceactivation.rttCommands.approve

applianceactivation.rttCommands.get

resourcemanager.projects.get

resourcemanager.projects.list

(roles/applianceactivation.client)

可授予读取设备命令及发送其结果的权限。

applianceactivation.rttCommands.get

applianceactivation.rttCommands.sendResult

(roles/applianceactivation.troubleshooter)

可授予用于发送要在设备上运行的新命令和查看输出的权限

applianceactivation.rttCommands.create

applianceactivation.rttCommands.get

applianceactivation.rttCommands.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/assuredoss.admin

拥有使用 Assured OSS 和管理配置的权限。

artifactregistry.attachments.get

artifactregistry.attachments.list

artifactregistry.dockerimages.*

artifactregistry.files.download

artifactregistry.files.get

artifactregistry.files.list

artifactregistry.locations.*

artifactregistry.mavenartifacts.*

artifactregistry.npmpackages.*

artifactregistry.packages.get

artifactregistry.packages.list

artifactregistry.projectsettings.get

artifactregistry.pythonpackages.*

artifactregistry.repositories.create

artifactregistry.repositories.downloadArtifacts

artifactregistry.repositories.get

artifactregistry.repositories.list

artifactregistry.repositories.listEffectiveTags

artifactregistry.repositories.listTagBindings

artifactregistry.repositories.readViaVirtualRepository

artifactregistry.rules.get

artifactregistry.rules.list

artifactregistry.tags.get

artifactregistry.tags.list

artifactregistry.versions.get

artifactregistry.versions.list

assuredoss.*

iam.serviceAccountKeys.create

iam.serviceAccounts.create

iam.serviceAccounts.get

pubsub.schemas.get

pubsub.schemas.list

pubsub.schemas.listRevisions

pubsub.schemas.validate

pubsub.snapshots.get

pubsub.snapshots.list

pubsub.subscriptions.create

pubsub.subscriptions.get

pubsub.subscriptions.list

pubsub.subscriptions.update

pubsub.topics.get

pubsub.topics.list

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.enable

serviceusage.services.get

serviceusage.services.list

roles/assuredoss.projectAdmin

拥有使用 Assured OSS 和管理配置的权限。

artifactregistry.attachments.get

artifactregistry.attachments.list

artifactregistry.dockerimages.*

artifactregistry.files.download

artifactregistry.files.get

artifactregistry.files.list

artifactregistry.locations.*

artifactregistry.mavenartifacts.*

artifactregistry.npmpackages.*

artifactregistry.packages.get

artifactregistry.packages.list

artifactregistry.projectsettings.get

artifactregistry.pythonpackages.*

artifactregistry.repositories.create

artifactregistry.repositories.downloadArtifacts

artifactregistry.repositories.get

artifactregistry.repositories.list

artifactregistry.repositories.listEffectiveTags

artifactregistry.repositories.listTagBindings

artifactregistry.repositories.readViaVirtualRepository

artifactregistry.rules.get

artifactregistry.rules.list

artifactregistry.tags.get

artifactregistry.tags.list

artifactregistry.versions.get

artifactregistry.versions.list

assuredoss.*

iam.serviceAccounts.create

iam.serviceAccounts.get

pubsub.schemas.get

pubsub.schemas.list

pubsub.schemas.listRevisions

pubsub.schemas.validate

pubsub.snapshots.get

pubsub.snapshots.list

pubsub.subscriptions.get

pubsub.subscriptions.list

pubsub.topics.get

pubsub.topics.list

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.enable

serviceusage.services.get

serviceusage.services.list

roles/assuredoss.reader

拥有使用 Assured OSS 和查看 Assured OSS 配置的权限。

artifactregistry.attachments.get

artifactregistry.attachments.list

artifactregistry.dockerimages.*

artifactregistry.files.download

artifactregistry.files.get

artifactregistry.files.list

artifactregistry.locations.*

artifactregistry.mavenartifacts.*

artifactregistry.npmpackages.*

artifactregistry.packages.get

artifactregistry.packages.list

artifactregistry.projectsettings.get

artifactregistry.pythonpackages.*

artifactregistry.repositories.downloadArtifacts

artifactregistry.repositories.get

artifactregistry.repositories.list

artifactregistry.repositories.listEffectiveTags

artifactregistry.repositories.listTagBindings

artifactregistry.repositories.readViaVirtualRepository

artifactregistry.rules.get

artifactregistry.rules.list

artifactregistry.tags.get

artifactregistry.tags.list

artifactregistry.versions.get

artifactregistry.versions.list

assuredoss.config.get

assuredoss.locations.*

assuredoss.metadata.*

assuredoss.operations.get

assuredoss.operations.list

pubsub.schemas.get

pubsub.schemas.list

pubsub.schemas.listRevisions

pubsub.schemas.validate

pubsub.snapshots.get

pubsub.snapshots.list

pubsub.subscriptions.get

pubsub.subscriptions.list

pubsub.topics.get

pubsub.topics.list

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

roles/assuredoss.user

拥有使用 Assured OSS 的权限。

artifactregistry.attachments.get

artifactregistry.attachments.list

artifactregistry.dockerimages.*

artifactregistry.files.download

artifactregistry.files.get

artifactregistry.files.list

artifactregistry.locations.*

artifactregistry.mavenartifacts.*

artifactregistry.npmpackages.*

artifactregistry.packages.get

artifactregistry.packages.list

artifactregistry.projectsettings.get

artifactregistry.pythonpackages.*

artifactregistry.repositories.downloadArtifacts

artifactregistry.repositories.get

artifactregistry.repositories.list

artifactregistry.repositories.listEffectiveTags

artifactregistry.repositories.listTagBindings

artifactregistry.repositories.readViaVirtualRepository

artifactregistry.rules.get

artifactregistry.rules.list

artifactregistry.tags.get

artifactregistry.tags.list

artifactregistry.versions.get

artifactregistry.versions.list

assuredoss.locations.*

assuredoss.metadata.*

assuredoss.operations.get

assuredoss.operations.list

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

roles/auditmanager.admin

拥有对 Audit Manager 资源的完整访问权限。

auditmanager.*

cloudasset.assets.searchAllResources

resourcemanager.folders.get

resourcemanager.folders.list

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

roles/auditmanager.auditor

允许创建和查看审核报告。

auditmanager.auditReports.*

auditmanager.auditScopeReports.generate

auditmanager.controlReports.*

auditmanager.controls.list

auditmanager.findings.*

auditmanager.locations.get

auditmanager.locations.list

auditmanager.operations.*

auditmanager.resourceEnrollmentStatuses.*

cloudasset.assets.searchAllResources

resourcemanager.folders.get

resourcemanager.folders.list

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

roles/autoscaling.metricsWriter

能够写入针对自动扩缩站点的指标

autoscaling.sites.writeMetrics

roles/autoscaling.recommendationsReader

拥有从自动扩缩网站读取推荐内容的权限

autoscaling.sites.readRecommendations

roles/autoscaling.sitesAdmin

具有对所有自动扩缩站点功能的完整访问权限

autoscaling.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/autoscaling.stateWriter

拥有写入自动扩缩网站状态的权限

autoscaling.sites.writeState

roles/batch.admin

Batch 资源的管理员

batch.jobs.*

batch.locations.*

batch.operations.*

batch.resourceAllowances.*

batch.tasks.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/batch.agentReporter

Batch 代理状态的报告者。

batch.states.report

roles/batch.jobsEditor

Batch 作业的编辑者

batch.jobs.*

batch.locations.*

batch.operations.*

batch.tasks.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/batch.jobsViewer

可以查看批量作业、任务组和任务

batch.jobs.get

batch.jobs.list

batch.locations.*

batch.operations.*

batch.tasks.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/batch.resourceAllowancesEditor

Batch ResourceAllowances 的编辑者

batch.locations.*

batch.operations.*

batch.resourceAllowances.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/batch.resourceAllowancesViewer

Batch ResourceAllowances 的 Viewer

batch.locations.*

batch.operations.*

batch.resourceAllowances.get

batch.resourceAllowances.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/biglake.admin)

提供对所有 BigLake 资源的完整访问权限。

biglake.*

resourcemanager.projects.get

resourcemanager.projects.list

(roles/biglake.viewer)

提供对所有 BigLake 资源的只读权限。

biglake.catalogs.get

biglake.catalogs.list

biglake.databases.get

biglake.databases.list

biglake.locks.list

biglake.tables.get

biglake.tables.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/bigquerymigration.editor

可以修改 EDW 迁移工作流。

bigquerymigration.locations.*

bigquerymigration.subtasks.get

bigquerymigration.subtasks.list

bigquerymigration.workflows.create

bigquerymigration.workflows.delete

bigquerymigration.workflows.get

bigquerymigration.workflows.list

bigquerymigration.workflows.update

roles/bigquerymigration.orchestrator

可以编排 EDW 迁移任务。

bigquerymigration.subtasks.create

bigquerymigration.taskTypes.*

bigquerymigration.workflows.orchestrateTask

storage.objects.list

(roles/bigquerymigration.translationUser)

可以使用 EDW 迁移交互式 SQL 转换服务。

bigquerymigration.translation.translate

roles/bigquerymigration.viewer

可以查看 EDW 迁移 MigrationWorkflow。

bigquerymigration.locations.*

bigquerymigration.subtasks.get

bigquerymigration.subtasks.list

bigquerymigration.workflows.get

bigquerymigration.workflows.list

roles/bigquerymigration.worker

执行 EDW 迁移子任务的工作器。

bigquerymigration.subtaskTypes.executeTask

bigquerymigration.subtasks.executeTask

storage.objects.create

storage.objects.get

storage.objects.list

roles/billing.carbonViewer

billing.accounts.get

billing.accounts.getCarbonInformation

billing.accounts.list

roles/blockchainnodeengine.admin

拥有对 Blockchain Node Engine 资源的完整访问权限。

blockchainnodeengine.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/blockchainnodeengine.viewer

拥有对 Blockchain Node Engine 资源的只读权限。

blockchainnodeengine.blockchainNodes.get

blockchainnodeengine.blockchainNodes.list

blockchainnodeengine.locations.*

blockchainnodeengine.operations.get

blockchainnodeengine.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/capacityplanner.viewer

拥有对容量规划工具用量资源的只读权限

capacityplanner.*

cloudquotas.quotas.get

compute.futureReservations.get

compute.futureReservations.list

compute.reservations.get

compute.reservations.list

monitoring.timeSeries.list

resourcemanager.folders.get

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

roles/carestudio.viewer

此角色可以查看患者的所有属性。

carestudio.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/chroniclesm.admin

Admin 可以查看和修改 Chronicle 服务详情。

chroniclesm.*

roles/chroniclesm.viewer

Viewer 可以查看 Chronicle 服务详情,但无法对其进行更改。

chroniclesm.gcpAssociations.get

chroniclesm.gcpLogFlowFilters.get

chroniclesm.gcpSettings.get

(roles/cloud.locationReader)

可以读取和枚举可用于创建资源的位置。

cloud.*

roles/cloudaicompanion.codeRepositoryIndexesAdmin

授予对代码库索引资源的完整访问权限。

cloudaicompanion.codeRepositoryIndexes.*

cloudaicompanion.operations.*

cloudaicompanion.repositoryGroups.create

cloudaicompanion.repositoryGroups.delete

cloudaicompanion.repositoryGroups.get

cloudaicompanion.repositoryGroups.getIamPolicy

cloudaicompanion.repositoryGroups.list

cloudaicompanion.repositoryGroups.setIamPolicy

cloudaicompanion.repositoryGroups.update

resourcemanager.projects.get

resourcemanager.projects.list

roles/cloudaicompanion.codeRepositoryIndexesViewer

授予对 Code Repository Indexes 资源的只读权限。

cloudaicompanion.codeRepositoryIndexes.get

cloudaicompanion.codeRepositoryIndexes.list

cloudaicompanion.operations.get

cloudaicompanion.operations.list

cloudaicompanion.repositoryGroups.get

cloudaicompanion.repositoryGroups.getIamPolicy

cloudaicompanion.repositoryGroups.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/cloudaicompanion.repositoryGroupsUser

授予对代码库索引代码库组的读取/使用权限。

cloudaicompanion.codeRepositoryIndexes.get

cloudaicompanion.repositoryGroups.get

cloudaicompanion.repositoryGroups.getIamPolicy

cloudaicompanion.repositoryGroups.use

roles/cloudaicompanion.user

可以使用 Gemini for Google Cloud 的用户

cloudaicompanion.companions.*

cloudaicompanion.entitlements.get

cloudaicompanion.instances.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/cloudcontrolspartner.admin

拥有对 Cloud Controls 合作伙伴资源的完全访问权限。

cloudcontrolspartner.accessapprovalrequests.list

cloudcontrolspartner.customers.*

cloudcontrolspartner.ekmconnections.get

cloudcontrolspartner.inspectabilityevents.get

cloudcontrolspartner.partnerpermissions.get

cloudcontrolspartner.partners.get

cloudcontrolspartner.platformcontrols.get

cloudcontrolspartner.violations.list

cloudcontrolspartner.workloads.list

roles/cloudcontrolspartner.editor

拥有对 Cloud Controls 合作伙伴资源的修改权限。

cloudcontrolspartner.*

roles/cloudcontrolspartner.inspectabilityReader

拥有对 Cloud Controls 合作伙伴可检查性资源的只读权限。

cloudcontrolspartner.customers.*

cloudcontrolspartner.inspectabilityevents.get

cloudcontrolspartner.platformcontrols.get

roles/cloudcontrolspartner.monitoringReader

拥有对 Cloud Controls 合作伙伴监控资源的只读权限。

cloudcontrolspartner.customers.*

cloudcontrolspartner.violations.*

cloudcontrolspartner.workloads.*

roles/cloudcontrolspartner.reader

拥有对 Cloud Controls 合作伙伴资源的只读权限。

cloudcontrolspartner.*

(roles/cloudoptimization.admin)

Cloud Optimization AI 资源的管理员

cloudoptimization.*

(roles/cloudoptimization.editor)

Cloud Optimization AI 资源的编辑者

cloudoptimization.*

(roles/cloudoptimization.viewer)

Cloud Optimization AI 资源的查看者

cloudoptimization.operations.get

roles/cloudquotas.admin

拥有对 Cloud 配额资源的完整访问权限。

cloudquotas.*

monitoring.timeSeries.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/cloudquotas.viewer

拥有对 Cloud 配额资源的只读权限。

cloudquotas.quotas.get

resourcemanager.projects.get

resourcemanager.projects.list

roles/commerceagreementpublishing.admin

可以管理 Commerce Agreement Publishing 服务

commerceagreementpublishing.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/commerceagreementpublishing.viewer

可以查看 Commerce Agreement Publishing 服务

commerceagreementpublishing.agreements.get

commerceagreementpublishing.agreements.list

commerceagreementpublishing.documents.get

commerceagreementpublishing.documents.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/confidentialcomputing.workloadUser)

授予生成证明令牌并在虚拟机中运行工作负载的权限。适用于在 Confidential Space 虚拟机上运行的服务账号。

confidentialcomputing.*

logging.logEntries.create

roles/configdelivery.configDeliveryAdmin

授予对所有 Config Delivery 资源的完整访问权限。让用户能够创建、移除和管理舰队软件包及资源包。

configdelivery.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/configdelivery.configDeliveryViewer

授予对所有 Config Delivery 资源的读取权限。让用户能够查看现有的舰队软件包和资源包,但不能进行任何更改。

configdelivery.fleetPackages.get

configdelivery.fleetPackages.list

configdelivery.locations.*

configdelivery.operations.get

configdelivery.operations.list

configdelivery.releases.get

configdelivery.releases.list

configdelivery.resourceBundles.get

configdelivery.resourceBundles.list

configdelivery.rollouts.get

configdelivery.rollouts.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/configdelivery.resourceBundlePublisher

授予对 Config Delivery ResourceBundle 和 Release 的读取和写入权限。

configdelivery.locations.*

configdelivery.operations.get

configdelivery.operations.list

configdelivery.releases.create

configdelivery.releases.get

configdelivery.releases.list

configdelivery.releases.update

configdelivery.resourceBundles.create

configdelivery.resourceBundles.get

configdelivery.resourceBundles.list

configdelivery.resourceBundles.update

resourcemanager.projects.get

resourcemanager.projects.list

roles/contactcenteraiplatform.admin

拥有对 Contact Center AI Platform 资源的完整访问权限。

contactcenteraiplatform.*

resourcemanager.projects.get

resourcemanager.projects.list

(roles/contactcenteraiplatform.viewer)

拥有对 Contact Center AI Platform 资源的只读权限。

contactcenteraiplatform.contactCenters.get

contactcenteraiplatform.contactCenters.list

contactcenteraiplatform.locations.*

contactcenteraiplatform.operations.get

contactcenteraiplatform.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/contactcenterinsights.editor)

可授予所有 Contact Center AI Insights 资源的读写权限。

contactcenterinsights.*

(roles/contactcenterinsights.viewer)

授予对所有 Contact Center AI Insights 资源的读取访问权限。

contactcenterinsights.analyses.get

contactcenterinsights.analyses.list

contactcenterinsights.analysisRules.get

contactcenterinsights.analysisRules.list

contactcenterinsights.conversations.get

contactcenterinsights.conversations.list

contactcenterinsights.faqEntries.get

contactcenterinsights.faqEntries.list

contactcenterinsights.faqModels.get

contactcenterinsights.faqModels.list

contactcenterinsights.feedbackLabels.get

contactcenterinsights.feedbackLabels.list

contactcenterinsights.issueModels.get

contactcenterinsights.issueModels.list

contactcenterinsights.issues.get

contactcenterinsights.issues.list

contactcenterinsights.operations.get

contactcenterinsights.operations.list

contactcenterinsights.phraseMatchers.get

contactcenterinsights.phraseMatchers.list

contactcenterinsights.qaQuestions.get

contactcenterinsights.qaQuestions.list

contactcenterinsights.qaScorecardRevisions.get

contactcenterinsights.qaScorecardRevisions.list

contactcenterinsights.qaScorecards.get

contactcenterinsights.qaScorecards.list

contactcenterinsights.settings.get

contactcenterinsights.views.get

contactcenterinsights.views.list

(roles/containersecurity.viewer)

拥有对 GKE Security Posture 资源的只读权限。

container.clusters.list

containersecurity.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/contentwarehouse.admin

授予对 Content Warehouse 中所有资源的完整访问权限

contentwarehouse.corpora.*

contentwarehouse.dataExportJobs.*

contentwarehouse.documentSchemas.*

contentwarehouse.documents.*

contentwarehouse.locations.*

contentwarehouse.operations.get

contentwarehouse.rawDocuments.*

contentwarehouse.ruleSets.*

contentwarehouse.synonymSets.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/contentwarehouse.documentAdmin

授予对 Content Warehouse 中的文档资源的完整访问权限

contentwarehouse.documentSchemas.get

contentwarehouse.documents.create

contentwarehouse.documents.delete

contentwarehouse.documents.get

contentwarehouse.documents.getIamPolicy

contentwarehouse.documents.setIamPolicy

contentwarehouse.documents.update

contentwarehouse.links.*

contentwarehouse.locations.getStatus

contentwarehouse.rawDocuments.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/contentwarehouse.documentCreator

授予在 Content Warehouse 中创建文档的权限

contentwarehouse.documentSchemas.get

contentwarehouse.documentSchemas.list

contentwarehouse.documents.create

contentwarehouse.locations.getStatus

resourcemanager.projects.get

resourcemanager.projects.list

roles/contentwarehouse.documentEditor

授予对 Content Warehouse 中的文档资源的更新权限

contentwarehouse.documentSchemas.get

contentwarehouse.documents.get

contentwarehouse.documents.getIamPolicy

contentwarehouse.documents.update

contentwarehouse.links.*

contentwarehouse.locations.getStatus

contentwarehouse.rawDocuments.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/contentwarehouse.documentSchemaViewer

授予在 Content Warehouse 中查看文档架构的权限

contentwarehouse.documentSchemas.get

contentwarehouse.documentSchemas.list

contentwarehouse.locations.getStatus

resourcemanager.projects.get

resourcemanager.projects.list

roles/contentwarehouse.documentViewer

授予查看 Content Warehouse 中所有资源的权限

contentwarehouse.documentSchemas.get

contentwarehouse.documents.get

contentwarehouse.documents.getIamPolicy

contentwarehouse.links.get

contentwarehouse.locations.getStatus

contentwarehouse.rawDocuments.download

resourcemanager.projects.get

resourcemanager.projects.list

roles/databasecenter.viewer

可以查看数据库中心资源数据的 Viewer 角色

cloudaicompanion.entitlements.get

databasecenter.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/databaseinsights.eventsViewer

可以查看事件服务数据的查看者角色

databaseinsights.aggregatedEvents.query

databaseinsights.clusterEvents.query

databaseinsights.instanceEvents.query

roles/databaseinsights.monitoringViewer

可以查看 Database Insights 监控数据

databaseinsights.activeQueries.fetch

databaseinsights.activitySummary.fetch

databaseinsights.aggregatedStats.query

databaseinsights.locations.*

databaseinsights.timeSeries.query

databaseinsights.workloadRecommendations.fetch

resourcemanager.projects.get

resourcemanager.projects.list

roles/databaseinsights.operationsAdmin

可执行 Database Insights 操作的管理员角色

databaseinsights.activeQuery.terminate

roles/databaseinsights.recommendationViewer

可以查看 Database Insights 建议数据

databaseinsights.locations.*

databaseinsights.recommendations.query

databaseinsights.resourceRecommendations.query

databaseinsights.workloadRecommendations.fetch

resourcemanager.projects.get

resourcemanager.projects.list

roles/databaseinsights.viewer

可以查看 Database Insights 数据

databaseinsights.activeQueries.fetch

databaseinsights.activitySummary.fetch

databaseinsights.aggregatedStats.query

databaseinsights.locations.*

databaseinsights.recommendations.query

databaseinsights.resourceRecommendations.query

databaseinsights.timeSeries.query

databaseinsights.workloadRecommendations.fetch

resourcemanager.projects.get

resourcemanager.projects.list

(roles/datalineage.admin)

可授予对 Data Lineage API 中所有资源的完整访问权限

datalineage.*

resourcemanager.projects.get

resourcemanager.projects.list

(roles/datalineage.editor)

可授予对 Data Lineage API 中所有资源的修改权限

datalineage.events.*

datalineage.locations.searchLinks

datalineage.operations.get

datalineage.processes.create

datalineage.processes.get

datalineage.processes.list

datalineage.processes.update

datalineage.runs.create

datalineage.runs.get

datalineage.runs.list

datalineage.runs.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/datalineage.producer)

可授予在 Data Lineage API 中创建所有资源的权限

datalineage.events.create

datalineage.processes.create

datalineage.processes.get

datalineage.processes.update

datalineage.runs.create

datalineage.runs.get

datalineage.runs.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/datalineage.viewer)

可授予对 Data Lineage API 中所有资源的读取权限

datalineage.events.get

datalineage.events.list

datalineage.locations.searchLinks

datalineage.processes.get

datalineage.processes.list

datalineage.runs.get

datalineage.runs.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/dataprocessing.admin

能够完全管理数据处理控制设置并查看所有数据源数据的 Data processing controls admin。

billing.accounts.get

billing.accounts.list

dataprocessing.*

roles/dataprocessing.dataSourceManager

可以获取、列出并更新底层数据的数据处理控制数据源管理员。

dataprocessing.datasources.list

dataprocessing.datasources.update

roles/dataprocrm.admin

授予对所有 Dataproc Resource Manager 资源的完整访问权限。适用于需要创建和删除任何 Dataproc Resource Manager 资源的用户。

dataprocrm.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/dataprocrm.viewer

授予对所有 Dataproc Resource Manager 资源的读取权限。适用于需要对 Dataproc Resource Manager 资源进行只读访问的用户。

dataprocrm.locations.*

dataprocrm.nodePools.get

dataprocrm.nodePools.list

dataprocrm.nodes.get

dataprocrm.nodes.list

dataprocrm.nodes.mintOAuthToken

dataprocrm.operations.get

dataprocrm.operations.list

dataprocrm.workloads.get

dataprocrm.workloads.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/developerconnect.admin

拥有对 Developer Connect 资源的完整访问权限。

developerconnect.connections.*

developerconnect.gitRepositoryLinks.create

developerconnect.gitRepositoryLinks.delete

developerconnect.gitRepositoryLinks.fetchGitRefs

developerconnect.gitRepositoryLinks.get

developerconnect.gitRepositoryLinks.list

developerconnect.locations.*

developerconnect.operations.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/developerconnect.readTokenAccessor

授予对只读令牌(PAT 和短期有效的令牌)的访问权限。此外,还可以授予查看 Git 代码库链接的权限。

developerconnect.connections.get

developerconnect.gitRepositoryLinks.fetchReadToken

developerconnect.gitRepositoryLinks.get

roles/developerconnect.tokenAccessor

授予对读写和只读令牌(PAT 和短期有效的令牌)的访问权限。此外,还可以授予查看 Git 代码库链接的权限。

developerconnect.connections.get

developerconnect.gitRepositoryLinks.fetchReadToken

developerconnect.gitRepositoryLinks.fetchReadWriteToken

developerconnect.gitRepositoryLinks.get

roles/developerconnect.user

授予查看连接和使用与实际代码库交互(例如从代码库中读取内容)的功能的权限

developerconnect.connections.fetchGitHubInstallations

developerconnect.connections.fetchLinkableGitRepositories

developerconnect.connections.get

developerconnect.connections.list

developerconnect.gitRepositoryLinks.fetchGitRefs

developerconnect.gitRepositoryLinks.get

developerconnect.gitRepositoryLinks.list

developerconnect.locations.*

developerconnect.operations.get

developerconnect.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/developerconnect.viewer

拥有对 Developer Connect 资源的只读权限。

developerconnect.connections.get

developerconnect.connections.list

developerconnect.gitRepositoryLinks.get

developerconnect.gitRepositoryLinks.list

developerconnect.locations.*

developerconnect.operations.get

developerconnect.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/discoveryengine.admin

授予对所有 Discovery Engine 资源的完整访问权限。

discoveryengine.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/discoveryengine.editor

授予对所有 Discovery Engine 资源的读写权限。

discoveryengine.aclConfigs.get

discoveryengine.analytics.*

discoveryengine.answers.get

discoveryengine.branches.*

discoveryengine.cmekConfigs.get

discoveryengine.cmekConfigs.list

discoveryengine.collections.get

discoveryengine.collections.list

discoveryengine.completionConfigs.completeQuery

discoveryengine.completionConfigs.get

discoveryengine.controls.get

discoveryengine.controls.list

discoveryengine.conversations.*

discoveryengine.dataStores.completeQuery

discoveryengine.dataStores.get

discoveryengine.dataStores.list

discoveryengine.documentProcessingConfigs.get

discoveryengine.documents.batchGetDocumentsMetadata

discoveryengine.documents.create

discoveryengine.documents.delete

discoveryengine.documents.get

discoveryengine.documents.import

discoveryengine.documents.list

discoveryengine.documents.update

discoveryengine.engines.get

discoveryengine.engines.list

discoveryengine.engines.pause

discoveryengine.engines.resume

discoveryengine.engines.tune

discoveryengine.evaluations.get

discoveryengine.evaluations.list

discoveryengine.groundingConfigs.check

discoveryengine.models.*

discoveryengine.operations.*

discoveryengine.projects.get

discoveryengine.rankingConfigs.rank

discoveryengine.sampleQueries.*

discoveryengine.sampleQuerySets.*

discoveryengine.schemas.get

discoveryengine.schemas.list

discoveryengine.schemas.preview

discoveryengine.schemas.validate

discoveryengine.servingConfigs.answer

discoveryengine.servingConfigs.get

discoveryengine.servingConfigs.list

discoveryengine.servingConfigs.recommend

discoveryengine.servingConfigs.search

discoveryengine.sessions.*

discoveryengine.siteSearchEngines.get

discoveryengine.targetSites.get

discoveryengine.targetSites.list

discoveryengine.userEvents.create

discoveryengine.userEvents.fetchStats

discoveryengine.userEvents.import

discoveryengine.widgetConfigs.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/discoveryengine.user

授予对 Discovery Engine 资源的用户级访问权限。

discoveryengine.answers.get

discoveryengine.servingConfigs.answer

discoveryengine.servingConfigs.search

discoveryengine.sessions.get

roles/discoveryengine.viewer

授予对所有 Discovery Engine 资源的读取权限。

discoveryengine.aclConfigs.get

discoveryengine.analytics.*

discoveryengine.answers.get

discoveryengine.branches.*

discoveryengine.cmekConfigs.get

discoveryengine.cmekConfigs.list

discoveryengine.collections.get

discoveryengine.collections.list

discoveryengine.completionConfigs.completeQuery

discoveryengine.completionConfigs.get

discoveryengine.controls.get

discoveryengine.controls.list

discoveryengine.conversations.converse

discoveryengine.conversations.get

discoveryengine.conversations.list

discoveryengine.dataStores.completeQuery

discoveryengine.dataStores.get

discoveryengine.dataStores.list

discoveryengine.documentProcessingConfigs.get

discoveryengine.documents.batchGetDocumentsMetadata

discoveryengine.documents.get

discoveryengine.documents.list

discoveryengine.engines.get

discoveryengine.engines.list

discoveryengine.evaluations.get

discoveryengine.evaluations.list

discoveryengine.groundingConfigs.check

discoveryengine.models.get

discoveryengine.models.list

discoveryengine.operations.*

discoveryengine.projects.get

discoveryengine.rankingConfigs.rank

discoveryengine.sampleQueries.get

discoveryengine.sampleQueries.list

discoveryengine.sampleQuerySets.get

discoveryengine.sampleQuerySets.list

discoveryengine.schemas.get

discoveryengine.schemas.list

discoveryengine.schemas.preview

discoveryengine.schemas.validate

discoveryengine.servingConfigs.answer

discoveryengine.servingConfigs.get

discoveryengine.servingConfigs.list

discoveryengine.servingConfigs.recommend

discoveryengine.servingConfigs.search

discoveryengine.sessions.get

discoveryengine.sessions.list

discoveryengine.siteSearchEngines.get

discoveryengine.targetSites.get

discoveryengine.targetSites.list

discoveryengine.userEvents.fetchStats

discoveryengine.widgetConfigs.get

resourcemanager.projects.get

resourcemanager.projects.list

roles/enterprisepurchasing.admin

拥有对 Enterprise Purchasing 资源的完整访问权限。

enterprisepurchasing.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/enterprisepurchasing.editor

拥有对 Enterprise Purchasing 资源的修改权限。

enterprisepurchasing.gcveCuds.get

enterprisepurchasing.gcveCuds.list

enterprisepurchasing.gcveNodePricingInfo.list

enterprisepurchasing.locations.*

enterprisepurchasing.operations.get

enterprisepurchasing.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/enterprisepurchasing.viewer

拥有对 Enterprise Purchasing 资源的只读权限。

enterprisepurchasing.gcveCuds.get

enterprisepurchasing.gcveCuds.list

enterprisepurchasing.gcveNodePricingInfo.list

enterprisepurchasing.locations.*

enterprisepurchasing.operations.get

enterprisepurchasing.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/essentialcontacts.admin

能够全面访问所有重要联系人

essentialcontacts.*

roles/essentialcontacts.viewer

能查看所有重要联系人

essentialcontacts.contacts.get

essentialcontacts.contacts.list

roles/firebasecloudmessaging.admin

拥有对 Firebase Cloud Messaging API 资源的完整读写权限。

cloudmessaging.messages.create

fcmdata.deliverydata.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/firebasecrash.symbolMappingsAdmin

拥有 Firebase 崩溃报告符号映射文件资源的完全读写权限。

firebase.clients.get

firebase.clients.list

resourcemanager.projects.get

roles/firebasedataconnect.admin

拥有对 Firebase Data Connect API 资源(包括数据)的完整访问权限。

firebasedataconnect.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/firebasedataconnect.dataAdmin

拥有对数据源的完整访问权限。

firebasedataconnect.services.executeGraphql

firebasedataconnect.services.executeGraphqlRead

roles/firebasedataconnect.dataViewer

拥有对数据源的只读权限。

firebasedataconnect.services.executeGraphqlRead

roles/firebasedataconnect.viewer

拥有对 Firebase Data Connect API 资源的只读权限。角色不授予对数据的访问权限。

firebasedataconnect.connectorRevisions.get

firebasedataconnect.connectorRevisions.list

firebasedataconnect.connectors.get

firebasedataconnect.connectors.list

firebasedataconnect.locations.*

firebasedataconnect.operations.get

firebasedataconnect.operations.list

firebasedataconnect.schemaRevisions.get

firebasedataconnect.schemaRevisions.list

firebasedataconnect.schemas.get

firebasedataconnect.schemas.list

firebasedataconnect.services.get

firebasedataconnect.services.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/gdchardwaremanagement.admin

拥有对 GDC Hardware Management 资源的完整访问权限。

gdchardwaremanagement.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/gdchardwaremanagement.operator

可以创建、读取和更新支持此类操作的 GDC Hardware Management 资源。还会授予对 HardwareGroup 资源的删除权限。

gdchardwaremanagement.changeLogEntries.*

gdchardwaremanagement.comments.*

gdchardwaremanagement.hardware.*

gdchardwaremanagement.hardwareGroups.*

gdchardwaremanagement.locations.*

gdchardwaremanagement.operations.get

gdchardwaremanagement.operations.list

gdchardwaremanagement.orders.create

gdchardwaremanagement.orders.get

gdchardwaremanagement.orders.list

gdchardwaremanagement.orders.update

gdchardwaremanagement.sites.*

gdchardwaremanagement.skus.*

gdchardwaremanagement.zones.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/gdchardwaremanagement.reader

拥有对 GDC Hardware Management 资源的只读权限。

gdchardwaremanagement.changeLogEntries.*

gdchardwaremanagement.comments.get

gdchardwaremanagement.comments.list

gdchardwaremanagement.hardware.get

gdchardwaremanagement.hardware.list

gdchardwaremanagement.hardwareGroups.get

gdchardwaremanagement.hardwareGroups.list

gdchardwaremanagement.locations.*

gdchardwaremanagement.operations.get

gdchardwaremanagement.operations.list

gdchardwaremanagement.orders.get

gdchardwaremanagement.orders.list

gdchardwaremanagement.sites.get

gdchardwaremanagement.sites.list

gdchardwaremanagement.skus.*

gdchardwaremanagement.zones.get

gdchardwaremanagement.zones.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/identityplatform.admin

拥有对 Identity Platform 资源的完全访问权限。

firebaseauth.*

identitytoolkit.*

roles/identityplatform.viewer

拥有对 Identity Platform 资源的读取权限。

firebaseauth.configs.get

firebaseauth.users.get

identitytoolkit.tenants.get

identitytoolkit.tenants.getIamPolicy

identitytoolkit.tenants.list

roles/identitytoolkit.admin

拥有对 Identity Toolkit 资源的完全访问权限。

firebaseauth.*

identitytoolkit.*

roles/identitytoolkit.viewer

拥有对 Identity Toolkit 资源的读取权限。

firebaseauth.configs.get

firebaseauth.users.get

identitytoolkit.tenants.get

identitytoolkit.tenants.getIamPolicy

identitytoolkit.tenants.list

roles/integrations.apigeeIntegrationAdminRole

拥有对所有 Apigee 集成的完整访问权限的用户。

connectors.actions.*

connectors.connections.executeSqlQuery

connectors.entities.*

connectors.entityTypes.list

integrations.apigeeAuthConfigs.*

integrations.apigeeCertificates.*

integrations.apigeeExecutions.list

integrations.apigeeIntegrationVers.*

integrations.apigeeIntegrations.*

integrations.apigeeSfdcChannels.*

integrations.apigeeSfdcInstances.*

integrations.apigeeSuspensions.*

integrations.authConfigs.*

integrations.certificates.*

integrations.executions.get

integrations.executions.list

integrations.integrationVersions.create

integrations.integrationVersions.delete

integrations.integrationVersions.deploy

integrations.integrationVersions.get

integrations.integrationVersions.list

integrations.integrationVersions.update

integrations.integrations.*

integrations.sfdcChannels.*

integrations.sfdcInstances.*

integrations.suspensions.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/integrations.apigeeIntegrationDeployerRole

可在集成运行时中部署/取消部署 Apigee 集成的开发者。

integrations.apigeeIntegrationVers.deploy

integrations.apigeeIntegrationVers.get

integrations.apigeeIntegrationVers.list

integrations.apigeeIntegrations.list

integrations.integrationVersions.deploy

integrations.integrationVersions.get

integrations.integrationVersions.list

integrations.integrations.deploy

integrations.integrations.get

integrations.integrations.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/integrations.apigeeIntegrationEditorRole

可以列出、创建和更新 Apigee 集成的开发者。

connectors.actions.*

connectors.connections.executeSqlQuery

connectors.entities.*

connectors.entityTypes.list

integrations.apigeeAuthConfigs.create

integrations.apigeeAuthConfigs.get

integrations.apigeeAuthConfigs.list

integrations.apigeeAuthConfigs.update

integrations.apigeeCertificates.create

integrations.apigeeCertificates.get

integrations.apigeeCertificates.list

integrations.apigeeCertificates.update

integrations.apigeeExecutions.list

integrations.apigeeIntegrationVers.*

integrations.apigeeIntegrations.*

integrations.apigeeSfdcChannels.create

integrations.apigeeSfdcChannels.get

integrations.apigeeSfdcChannels.list

integrations.apigeeSfdcChannels.update

integrations.apigeeSfdcInstances.create

integrations.apigeeSfdcInstances.get

integrations.apigeeSfdcInstances.list

integrations.apigeeSfdcInstances.update

integrations.authConfigs.create

integrations.authConfigs.get

integrations.authConfigs.list

integrations.authConfigs.update

integrations.certificates.get

integrations.executions.get

integrations.executions.list

integrations.integrationVersions.create

integrations.integrationVersions.delete

integrations.integrationVersions.deploy

integrations.integrationVersions.get

integrations.integrationVersions.list

integrations.integrationVersions.update

integrations.integrations.create

integrations.integrations.get

integrations.integrations.invoke

integrations.integrations.list

integrations.integrations.update

integrations.sfdcChannels.*

integrations.sfdcInstances.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/integrations.apigeeIntegrationInvokerRole

可以调用 Apigee 集成的角色。

connectors.actions.*

connectors.connections.executeSqlQuery

connectors.entities.*

connectors.entityTypes.list

integrations.apigeeExecutions.list

integrations.apigeeIntegrationVers.get

integrations.apigeeIntegrationVers.list

integrations.apigeeIntegrations.*

integrations.executions.get

integrations.executions.list

integrations.integrationVersions.get

integrations.integrationVersions.invoke

integrations.integrationVersions.list

integrations.integrations.get

integrations.integrations.invoke

integrations.integrations.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/integrations.apigeeIntegrationsViewer

可以列出和查看 Apigee 集成的开发者。

integrations.apigeeAuthConfigs.list

integrations.apigeeCertificates.list

integrations.apigeeIntegrationVers.get

integrations.apigeeIntegrationVers.list

integrations.apigeeIntegrations.list

integrations.apigeeSfdcChannels.list

integrations.apigeeSfdcInstances.list

integrations.authConfigs.get

integrations.authConfigs.list

integrations.certificates.get

integrations.certificates.list

integrations.executions.get

integrations.executions.list

integrations.integrationVersions.get

integrations.integrationVersions.list

integrations.integrations.get

integrations.integrations.list

integrations.sfdcChannels.list

integrations.sfdcInstances.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/integrations.apigeeSuspensionResolver

可以批准/拒绝包含暂停/等待任务的 Apigee 集成的角色。

integrations.apigeeSuspensions.*

integrations.suspensions.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/integrations.certificateViewer

可以列出和查看证书的开发者。

integrations.certificates.get

resourcemanager.projects.get

resourcemanager.projects.list

roles/integrations.integrationAdmin

拥有对所有集成的完整访问权限 (CRUD) 的用户。

integrations.apigeeAuthConfigs.*

integrations.apigeeCertificates.*

integrations.apigeeExecutions.list

integrations.apigeeIntegrationVers.*

integrations.apigeeIntegrations.*

integrations.apigeeSfdcChannels.*

integrations.apigeeSfdcInstances.*

integrations.apigeeSuspensions.*

integrations.authConfigs.*

integrations.certificates.*

integrations.executions.*

integrations.integrationVersions.create

integrations.integrationVersions.delete

integrations.integrationVersions.deploy

integrations.integrationVersions.get

integrations.integrationVersions.list

integrations.integrationVersions.update

integrations.integrations.*

integrations.sfdcChannels.*

integrations.sfdcInstances.*

integrations.suspensions.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/integrations.integrationDeployer

可在集成运行时中部署/取消部署集成的开发者。

integrations.apigeeIntegrationVers.deploy

integrations.apigeeIntegrationVers.get

integrations.apigeeIntegrationVers.list

integrations.apigeeIntegrations.list

integrations.integrationVersions.deploy

integrations.integrationVersions.get

integrations.integrationVersions.list

integrations.integrations.deploy

integrations.integrations.get

integrations.integrations.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/integrations.integrationEditor

可以列出、创建和更新集成的开发者。

integrations.apigeeAuthConfigs.create

integrations.apigeeAuthConfigs.get

integrations.apigeeAuthConfigs.list

integrations.apigeeAuthConfigs.update

integrations.apigeeCertificates.create

integrations.apigeeCertificates.get

integrations.apigeeCertificates.list

integrations.apigeeCertificates.update

integrations.apigeeExecutions.list

integrations.apigeeIntegrationVers.*

integrations.apigeeIntegrations.*

integrations.apigeeSfdcChannels.create

integrations.apigeeSfdcChannels.get

integrations.apigeeSfdcChannels.list

integrations.apigeeSfdcChannels.update

integrations.apigeeSfdcInstances.create

integrations.apigeeSfdcInstances.get

integrations.apigeeSfdcInstances.list

integrations.apigeeSfdcInstances.update

integrations.authConfigs.create

integrations.authConfigs.get

integrations.authConfigs.list

integrations.authConfigs.update

integrations.certificates.get

integrations.executions.*

integrations.integrationVersions.create

integrations.integrationVersions.delete

integrations.integrationVersions.deploy

integrations.integrationVersions.get

integrations.integrationVersions.list

integrations.integrationVersions.update

integrations.integrations.create

integrations.integrations.get

integrations.integrations.invoke

integrations.integrations.list

integrations.integrations.update

integrations.sfdcChannels.*

integrations.sfdcInstances.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/integrations.integrationInvoker

可以调用集成的角色。

integrations.apigeeExecutions.list

integrations.apigeeIntegrationVers.get

integrations.apigeeIntegrationVers.list

integrations.apigeeIntegrations.*

integrations.executions.*

integrations.integrationVersions.get

integrations.integrationVersions.invoke

integrations.integrationVersions.list

integrations.integrations.get

integrations.integrations.invoke

integrations.integrations.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/integrations.integrationViewer

可以列出和查看集成的开发者。

integrations.apigeeAuthConfigs.list

integrations.apigeeCertificates.list

integrations.apigeeIntegrationVers.get

integrations.apigeeIntegrationVers.list

integrations.apigeeIntegrations.list

integrations.apigeeSfdcChannels.list

integrations.apigeeSfdcInstances.list

integrations.authConfigs.get

integrations.authConfigs.list

integrations.certificates.get

integrations.certificates.list

integrations.executions.get

integrations.executions.list

integrations.integrationVersions.get

integrations.integrationVersions.list

integrations.integrations.get

integrations.integrations.list

integrations.sfdcChannels.list

integrations.sfdcInstances.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/integrations.securityIntegrationAdmin

拥有对所有安全集成的完整访问权限的用户。

integrations.securityAuthConfigs.*

integrations.securityExecutions.*

integrations.securityIntegTempVers.*

integrations.securityIntegrationVers.*

integrations.securityIntegrations.*

roles/integrations.sfdcInstanceAdmin

拥有对所有 SFDC 实例的完整访问权限 (CRUD) 的用户。

integrations.sfdcChannels.*

integrations.sfdcInstances.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/integrations.sfdcInstanceEditor

可以列出、创建和更新集成的开发者。

integrations.sfdcChannels.create

integrations.sfdcChannels.get

integrations.sfdcChannels.list

integrations.sfdcChannels.update

integrations.sfdcInstances.create

integrations.sfdcInstances.get

integrations.sfdcInstances.list

integrations.sfdcInstances.update

resourcemanager.projects.get

resourcemanager.projects.list

roles/integrations.sfdcInstanceViewer

可以列出和查看 SFDC 实例的开发者。

integrations.sfdcChannels.get

integrations.sfdcChannels.list

integrations.sfdcInstances.get

integrations.sfdcInstances.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/integrations.suspensionResolver

此角色可以解决已暂停的集成的相关问题。

integrations.apigeeSuspensions.*

integrations.suspensions.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/issuerswitch.accountManagerAdmin

此角色可以执行所有与账号管理员相关的操作

issuerswitch.accountManagerTransactions.*

issuerswitch.managedAccounts.*

issuerswitch.operations.get

issuerswitch.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/issuerswitch.accountManagerTransactionsAdmin

此角色可以执行所有与账号管理员事务相关的操作

issuerswitch.accountManagerTransactions.*

issuerswitch.operations.get

issuerswitch.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/issuerswitch.accountManagerTransactionsViewer

此角色可以查看所有账号管理员事务

issuerswitch.accountManagerTransactions.list

issuerswitch.operations.get

issuerswitch.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/issuerswitch.admin

拥有对所有颁发机构切换角色的权限

issuerswitch.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/issuerswitch.issuerParticipantsAdmin

拥有对 Issuerswitch 参与者的完整访问权限

issuerswitch.issuerParticipants.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/issuerswitch.resolutionsAdmin

拥有对颁发机构切换解决方案的完整访问权限

issuerswitch.complaintTransactions.list

issuerswitch.complaints.*

issuerswitch.disputes.*

issuerswitch.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

roles/issuerswitch.rulesAdmin

拥有对颁发机构切换规则的完整访问权限

issuerswitch.ruleMetadata.list

issuerswitch.ruleMetadataValues.*

issuerswitch.rules.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/issuerswitch.rulesViewer

此角色可以查看规则和相关元数据。

issuerswitch.ruleMetadata.list

issuerswitch.ruleMetadataValues.list

issuerswitch.rules.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/issuerswitch.transactionsViewer

此角色可以查看所有事务

issuerswitch.complaintTransactions.list

issuerswitch.financialTransactions.list

issuerswitch.mandateTransactions.list

issuerswitch.metadataTransactions.list

issuerswitch.operations.get

issuerswitch.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/kubernetesmetadata.publisher

Kubernetes 集群元数据的发布方

kubernetesmetadata.*

roles/managedflink.admin

拥有对托管式 Flink 资源的完整访问权限。

managedflink.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/managedflink.developer

拥有对托管式 Flink 作业和会话的完整访问权限以及对部署的读取权限。

managedflink.deployments.get

managedflink.deployments.list

managedflink.jobs.*

managedflink.locations.*

managedflink.operations.get

managedflink.operations.list

managedflink.sessions.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/managedflink.viewer

拥有对代管式 Flink 资源的只读权限。

managedflink.deployments.get

managedflink.deployments.list

managedflink.jobs.get

managedflink.jobs.list

managedflink.locations.*

managedflink.operations.get

managedflink.operations.list

managedflink.sessions.get

managedflink.sessions.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/managedkafka.admin

拥有对 Managed Kafka 资源的完整访问权限。

managedkafka.*

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

roles/managedkafka.client

提供连接集群中 Kafka 服务器的权限,例如提供 Kafka 数据平面访问权限。适用于一些用户,如提供方和使用方。

managedkafka.clusters.connect

managedkafka.clusters.get

managedkafka.clusters.list

managedkafka.consumerGroups.*

managedkafka.locations.*

managedkafka.operations.get

managedkafka.operations.list

managedkafka.topics.*

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

roles/managedkafka.clusterEditor

提供对 Kafka 集群的读写权限。适用于一些用户,例如,预配 Kafka 集群但无需读取或修改主题或使用方群组的 IT 部门。

managedkafka.clusters.create

managedkafka.clusters.delete

managedkafka.clusters.get

managedkafka.clusters.list

managedkafka.clusters.update

managedkafka.consumerGroups.get

managedkafka.consumerGroups.list

managedkafka.locations.*

managedkafka.operations.get

managedkafka.operations.list

managedkafka.topics.get

managedkafka.topics.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

roles/managedkafka.consumerGroupEditor

提供对使用方群组元数据的读写权限。适用于配置使用方群组的开发者等用户。

managedkafka.clusters.get

managedkafka.clusters.list

managedkafka.consumerGroups.*

managedkafka.locations.*

managedkafka.operations.get

managedkafka.operations.list

managedkafka.topics.get

managedkafka.topics.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

roles/managedkafka.topicEditor

提供对主题元数据的读写权限。适用于配置主题的开发者等用户。

managedkafka.clusters.get

managedkafka.clusters.list

managedkafka.consumerGroups.get

managedkafka.consumerGroups.list

managedkafka.locations.*

managedkafka.operations.get

managedkafka.operations.list

managedkafka.topics.*

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

roles/managedkafka.viewer

拥有对托管 Kafka 资源的只读权限。

managedkafka.clusters.get

managedkafka.clusters.list

managedkafka.consumerGroups.get

managedkafka.consumerGroups.list

managedkafka.locations.*

managedkafka.operations.get

managedkafka.operations.list

managedkafka.topics.get

managedkafka.topics.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

roles/mandiant.attackSurfaceManagementEditor

拥有对 Attack Surface Management 的写入权限

mandiant.genericAttackSurfaceManagements.create

mandiant.genericAttackSurfaceManagements.delete

mandiant.genericAttackSurfaceManagements.update

mandiant.genericPlatforms.create

mandiant.genericPlatforms.delete

mandiant.genericPlatforms.update

resourcemanager.projects.get

resourcemanager.projects.list

roles/mandiant.attackSurfaceManagementViewer

拥有对 Attack Surface Management 的读取权限

mandiant.genericAttackSurfaceManagements.get

mandiant.genericPlatforms.get

resourcemanager.projects.get

resourcemanager.projects.list

roles/mandiant.digitalThreatMonitoringEditor

拥有对 Digital Threat Monitoring 的写入权限

mandiant.genericDigitalThreatMonitorings.create

mandiant.genericDigitalThreatMonitorings.update

mandiant.genericPlatforms.create

mandiant.genericPlatforms.update

resourcemanager.projects.get

resourcemanager.projects.list

roles/mandiant.digitalThreatMonitoringViewer

拥有对 Digital Threat Monitoring 的读取权限

mandiant.genericDigitalThreatMonitorings.get

mandiant.genericPlatforms.get

resourcemanager.projects.get

resourcemanager.projects.list

roles/mandiant.expertiseOnDemandEditor

拥有对 Expertise On Demand 的写入权限

mandiant.genericExpertiseOnDemands.create

mandiant.genericExpertiseOnDemands.delete

mandiant.genericExpertiseOnDemands.update

mandiant.genericPlatforms.create

mandiant.genericPlatforms.delete

mandiant.genericPlatforms.update

resourcemanager.projects.get

resourcemanager.projects.list

roles/mandiant.expertiseOnDemandViewer

拥有对 Expertise On Demand 的读取权限

mandiant.genericExpertiseOnDemands.get

mandiant.genericPlatforms.get

resourcemanager.projects.get

resourcemanager.projects.list

roles/mandiant.threatIntelEditor

拥有对 Threat Intel 的写入权限

mandiant.genericPlatforms.create

mandiant.genericPlatforms.delete

mandiant.genericPlatforms.update

mandiant.genericThreatIntels.create

mandiant.genericThreatIntels.delete

mandiant.genericThreatIntels.update

resourcemanager.projects.get

resourcemanager.projects.list

roles/mandiant.threatIntelViewer

拥有对 Threat Intel 的读取权限

mandiant.genericPlatforms.get

mandiant.genericThreatIntels.get

resourcemanager.projects.get

resourcemanager.projects.list

roles/mandiant.validationEditor

拥有对 Validation 的写入权限

mandiant.genericPlatforms.create

mandiant.genericPlatforms.delete

mandiant.genericPlatforms.update

mandiant.genericValidations.create

mandiant.genericValidations.delete

mandiant.genericValidations.update

resourcemanager.projects.get

resourcemanager.projects.list

roles/mandiant.validationViewer

拥有对 Validation 的读取权限

mandiant.genericPlatforms.get

mandiant.genericValidations.get

resourcemanager.projects.get

resourcemanager.projects.list

roles/mapsanalytics.mobilitySolutionsOverageViewer

可授予对移动解决方案超额用量指标数据的只读权限。

mapsanalytics.metricData.queryMobilitySolutionsOverageData

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.services.list

roles/mapsanalytics.viewer

可授予对所有 Maps Analytics 资源的只读权限。

mapsanalytics.metricData.query

mapsanalytics.metricMetadata.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.services.list

(roles/mapsplatformdatasets.admin)

授予对所有 Maps Platform Datasets API 资源的读写权限

mapsadmin.clientStyles.*

mapsplatformdatasets.*

resourcemanager.projects.get

resourcemanager.projects.list

(roles/mapsplatformdatasets.viewer)

授予对所有 Maps Platform Datasets API 资源的只读权限

mapsadmin.clientStyles.get

mapsadmin.clientStyles.list

mapsplatformdatasets.datasets.export

mapsplatformdatasets.datasets.get

mapsplatformdatasets.datasets.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/marketplacesolutions.admin

拥有对 Marketplace 解决方案资源的完整访问权限。

marketplacesolutions.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/marketplacesolutions.editor

拥有对 Marketplace 解决方案资源的修改权限。

marketplacesolutions.locations.*

marketplacesolutions.operations.get

marketplacesolutions.operations.list

marketplacesolutions.powerImages.*

marketplacesolutions.powerInstances.get

marketplacesolutions.powerInstances.list

marketplacesolutions.powerInstances.update

marketplacesolutions.powerNetworks.*

marketplacesolutions.powerSshKeys.*

marketplacesolutions.powerVolumes.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/marketplacesolutions.viewer

拥有对 Marketplace 解决方案资源的只读权限。

marketplacesolutions.locations.*

marketplacesolutions.operations.get

marketplacesolutions.operations.list

marketplacesolutions.powerImages.*

marketplacesolutions.powerInstances.get

marketplacesolutions.powerInstances.list

marketplacesolutions.powerNetworks.*

marketplacesolutions.powerSshKeys.*

marketplacesolutions.powerVolumes.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/memorystore.admin

拥有对 Memorystore 资源的完整访问权限。

memorystore.instances.create

memorystore.instances.delete

memorystore.instances.get

memorystore.instances.list

memorystore.instances.update

memorystore.locations.*

memorystore.operations.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/memorystore.dbConnectionUser

可以连接到 Memorystore Server 数据库。

memorystore.instances.connect

roles/memorystore.viewer

拥有对 Memorystore 资源的只读权限。

memorystore.instances.get

memorystore.instances.list

memorystore.locations.*

memorystore.operations.get

memorystore.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/nestconsole.homeDeveloperAdmin)

拥有对 Google Home 开发者控制台资源的管理员权限

nestconsole.*

resourcemanager.projects.get

resourcemanager.projects.list

(roles/nestconsole.homeDeveloperEditor)

拥有对 Google Home 开发者控制台资源的读写权限

nestconsole.smarthomePreviews.update

nestconsole.smarthomeProjects.get

nestconsole.smarthomeProjects.update

nestconsole.smarthomeVersions.*

resourcemanager.projects.get

resourcemanager.projects.list

(roles/nestconsole.homeDeveloperViewer)

拥有对 Google Home 开发者控制台资源的只读权限

nestconsole.smarthomeProjects.get

nestconsole.smarthomeVersions.get

resourcemanager.projects.get

resourcemanager.projects.list

roles/netapp.admin

拥有对 Google Cloud NetApp Volumes 资源的完整访问权限。

netapp.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/netapp.viewer

拥有对 Google Cloud NetApp Volumes 资源的只读权限。

netapp.activeDirectories.get

netapp.activeDirectories.list

netapp.backupPolicies.get

netapp.backupPolicies.list

netapp.backupVaults.get

netapp.backupVaults.list

netapp.backups.get

netapp.backups.list

netapp.kmsConfigs.get

netapp.kmsConfigs.list

netapp.locations.*

netapp.operations.get

netapp.operations.list

netapp.replications.get

netapp.replications.list

netapp.snapshots.get

netapp.snapshots.list

netapp.storagePools.get

netapp.storagePools.list

netapp.volumes.get

netapp.volumes.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/oauthconfig.editor

拥有对 OAuth 配置资源的读写权限

clientauthconfig.*

oauthconfig.*

roles/oauthconfig.viewer

拥有对 OAuth 配置资源的只读权限

clientauthconfig.brands.get

clientauthconfig.brands.list

clientauthconfig.clients.get

clientauthconfig.clients.list

oauthconfig.clientpolicy.get

oauthconfig.testusers.get

oauthconfig.verification.get

roles/observability.admin

拥有对 Observability 资源的完整访问权限。

observability.*

roles/observability.editor

拥有对 Observability 资源的修改权限。

observability.*

roles/observability.viewer

拥有对 Observability 资源的只读权限。

observability.scopes.get

roles/oracledatabase.admin

可授予管理所有 Oracle 数据库资源的完整访问权限。

oracledatabase.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/oracledatabase.autonomousDatabaseAdmin

可授予管理所有 Autonomous Database 资源的完整访问权限。

oracledatabase.autonomousDatabaseBackups.*

oracledatabase.autonomousDatabaseCharacterSets.list

oracledatabase.autonomousDatabases.*

oracledatabase.autonomousDbVersions.list

oracledatabase.entitlements.list

oracledatabase.locations.*

oracledatabase.operations.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/oracledatabase.autonomousDatabaseViewer

授予查看所有 Autonomous Database 资源的读取权限。

oracledatabase.autonomousDatabaseBackups.get

oracledatabase.autonomousDatabaseBackups.list

oracledatabase.autonomousDatabaseCharacterSets.list

oracledatabase.autonomousDatabases.generateWallet

oracledatabase.autonomousDatabases.get

oracledatabase.autonomousDatabases.list

oracledatabase.autonomousDbVersions.list

oracledatabase.entitlements.list

oracledatabase.locations.*

oracledatabase.operations.get

oracledatabase.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/oracledatabase.cloudExadataInfrastructureAdmin

可授予管理所有 Exadata Infrastructure 资源的完整访问权限。

oracledatabase.cloudExadataInfrastructures.create

oracledatabase.cloudExadataInfrastructures.delete

oracledatabase.cloudExadataInfrastructures.get

oracledatabase.cloudExadataInfrastructures.list

oracledatabase.cloudExadataInfrastructures.update

oracledatabase.dbServers.list

oracledatabase.dbSystemShapes.list

oracledatabase.entitlements.list

oracledatabase.giVersions.list

oracledatabase.locations.*

oracledatabase.operations.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/oracledatabase.cloudExadataInfrastructureViewer

授予查看所有 Exadata Infrastructure 资源的读取权限。

oracledatabase.cloudExadataInfrastructures.get

oracledatabase.cloudExadataInfrastructures.list

oracledatabase.dbServers.list

oracledatabase.dbSystemShapes.list

oracledatabase.entitlements.list

oracledatabase.giVersions.list

oracledatabase.locations.*

oracledatabase.operations.get

oracledatabase.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/oracledatabase.cloudVmClusterAdmin

授予管理所有虚拟机集群资源的完整权限。

oracledatabase.cloudExadataInfrastructures.use

oracledatabase.cloudVmClusters.*

oracledatabase.dbNodes.list

oracledatabase.entitlements.list

oracledatabase.locations.*

oracledatabase.operations.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/oracledatabase.cloudVmClusterViewer

授予查看所有虚拟机集群资源的读取权限。

oracledatabase.cloudVmClusters.get

oracledatabase.cloudVmClusters.list

oracledatabase.dbNodes.list

oracledatabase.entitlements.list

oracledatabase.locations.*

oracledatabase.operations.get

oracledatabase.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/oracledatabase.viewer

授予对所有 Oracle 数据库资源的查看权限。

oracledatabase.autonomousDatabaseBackups.get

oracledatabase.autonomousDatabaseBackups.list

oracledatabase.autonomousDatabaseCharacterSets.list

oracledatabase.autonomousDatabases.generateWallet

oracledatabase.autonomousDatabases.get

oracledatabase.autonomousDatabases.list

oracledatabase.autonomousDbVersions.list

oracledatabase.cloudExadataInfrastructures.get

oracledatabase.cloudExadataInfrastructures.list

oracledatabase.cloudVmClusters.get

oracledatabase.cloudVmClusters.list

oracledatabase.dbNodes.list

oracledatabase.dbServers.list

oracledatabase.dbSystemShapes.list

oracledatabase.entitlements.list

oracledatabase.giVersions.list

oracledatabase.locations.*

oracledatabase.operations.get

oracledatabase.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/paymentsresellersubscription.partnerAdmin

拥有对所有 Payments Reseller 资源(包括订阅、产品和促销活动)的完全访问权限

paymentsresellersubscription.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/paymentsresellersubscription.partnerViewer

拥有对所有 Payments Reseller 资源(包括订阅、产品和促销活动)的读取权限

paymentsresellersubscription.products.list

paymentsresellersubscription.promotions.list

paymentsresellersubscription.subscriptions.get

resourcemanager.projects.get

resourcemanager.projects.list

roles/paymentsresellersubscription.productViewer

拥有对 Payments Reseller 产品资源的读取权限

paymentsresellersubscription.products.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/paymentsresellersubscription.promotionViewer

拥有对 Payments Reseller 促销活动资源的读取权限

paymentsresellersubscription.promotions.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/paymentsresellersubscription.subscriptionEditor

拥有对 Payments Reseller 订阅资源的写入权限

paymentsresellersubscription.subscriptions.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/paymentsresellersubscription.subscriptionViewer

拥有对 Payments Reseller 订阅资源的读取权限

paymentsresellersubscription.subscriptions.get

resourcemanager.projects.get

resourcemanager.projects.list

roles/policyanalyzer.activityAnalysisViewer

可以读取所有活动分析数据的 Viewer 用户。

policyanalyzer.*

roles/policyremediatormanager.policyRemediatorAdmin

授予启用和停用组织 Policy Remediator 的权限

policyremediatormanager.*

roles/policyremediatormanager.policyRemediatorReader

授予读取/查看组织的 Policy Remediator 状态的权限

policyremediatormanager.locations.*

policyremediatormanager.operations.get

policyremediatormanager.operations.list

policyremediatormanager.remediatorServices.get

roles/policysimulator.admin

可以运行和访问重放的管理员用户。

policysimulator.replayResults.list

policysimulator.replays.*

roles/policysimulator.orgPolicyAdmin

可以运行和访问模拟的组织政策管理员。

cloudasset.assets.analyzeOrgPolicy

cloudasset.assets.exportResource

cloudasset.assets.listResource

cloudasset.assets.searchAllResources

orgpolicy.customConstraints.get

orgpolicy.customConstraints.list

orgpolicy.policies.list

orgpolicy.policy.get

policysimulator.orgPolicyViolations.list

policysimulator.orgPolicyViolationsPreviews.*

resourcemanager.organizations.get

(roles/publicca.externalAccountKeyCreator)

此角色可以创建新的 externalAccountKey 资源。

publicca.externalAccountKeys.create

resourcemanager.projects.get

resourcemanager.projects.list

roles/readerrevenuesubscriptionlinking.admin

拥有对出版物读者资源的完整访问权限

readerrevenuesubscriptionlinking.*

resourcemanager.projects.get

resourcemanager.projects.list

roles/readerrevenuesubscriptionlinking.entitlementsViewer

此角色可以查看所有出版物读者权益

readerrevenuesubscriptionlinking.readerEntitlements.get

roles/readerrevenuesubscriptionlinking.viewer

此角色可以查看所有出版物读者资源

readerrevenuesubscriptionlinking.readerEntitlements.get

readerrevenuesubscriptionlinking.readers.get

resourcemanager.projects.get

resourcemanager.projects.list

roles/recommender.exporter

建议的导出方

recommender.resources.export

roles/remotebuildexecution.actionCacheWriter

Remote Build Execution 操作缓存写入者

remotebuildexecution.actions.set

remotebuildexecution.blobs.create

roles/remotebuildexecution.artifactAdmin

Remote Build Execution 工件管理员

remotebuildexecution.actions.create

remotebuildexecution.actions.delete

remotebuildexecution.actions.get

remotebuildexecution.blobs.*

remotebuildexecution.logstreams.*

roles/remotebuildexecution.artifactCreator

Remote Build Execution 工件创建者

remotebuildexecution.actions.create

remotebuildexecution.actions.get

remotebuildexecution.blobs.*

remotebuildexecution.logstreams.*

roles/remotebuildexecution.artifactViewer

Remote Build Execution 工件查看者

remotebuildexecution.actions.get

remotebuildexecution.blobs.get

remotebuildexecution.logstreams.get

roles/remotebuildexecution.configurationAdmin

Remote Build Execution 配置管理员

remotebuildexecution.instances.*

remotebuildexecution.workerpools.*

roles/remotebuildexecution.configurationViewer

Remote Build Execution 配置查看者

remotebuildexecution.instances.get

remotebuildexecution.instances.list

remotebuildexecution.workerpools.get

remotebuildexecution.workerpools.list

roles/remotebuildexecution.logstreamWriter

Remote Build Execution 日志流写入者

remotebuildexecution.logstreams.create

remotebuildexecution.logstreams.update

roles/remotebuildexecution.reservationAdmin

Remote Build Execution 预留管理员

remotebuildexecution.actions.create

remotebuildexecution.actions.delete

remotebuildexecution.actions.get

roles/remotebuildexecution.worker

Remote Build Execution 工作处理者

remotebuildexecution.actions.update

remotebuildexecution.blobs.*

remotebuildexecution.botsessions.*

remotebuildexecution.logstreams.create

remotebuildexecution.logstreams.update

roles/retail.admin

拥有对 Retail API 资源的完整访问权限。

automlrecommendations.apiKeys.create

automlrecommendations.apiKeys.delete

automlrecommendations.catalogItems.*

automlrecommendations.catalogs.*

automlrecommendations.eventStores.getStats

automlrecommendations.events.create

automlrecommendations.events.list

automlrecommendations.events.purge

automlrecommendations.events.rejoin

automlrecommendations.placements.*

automlrecommendations.recommendations.*

retail.*

roles/retail.editor

拥有对 Retail API 资源的完整访问权限,但不具备完全清除、重新加入和 setSponsorship 权限。

automlrecommendations.apiKeys.create

automlrecommendations.apiKeys.delete

automlrecommendations.catalogItems.*

automlrecommendations.catalogs.*

automlrecommendations.eventStores.getStats

automlrecommendations.events.create

automlrecommendations.events.list

automlrecommendations.placements.*

automlrecommendations.recommendations.*

retail.alertConfigs.*

retail.attributesConfigs.addCatalogAttribute

retail.attributesConfigs.exportCatalogAttributes

retail.attributesConfigs.get

retail.attributesConfigs.importCatalogAttributes

retail.attributesConfigs.replaceCatalogAttribute

retail.attributesConfigs.update

retail.branches.*

retail.catalogs.*

retail.controls.*

retail.experiments.*

retail.models.*

retail.operations.*

retail.placements.*

retail.products.create

retail.products.delete

retail.products.export

retail.products.get

retail.products.import

retail.products.list

retail.products.update

retail.retailProjects.get

retail.servingConfigs.*

retail.userEvents.create

retail.userEvents.import

roles/retail.viewer

授予读取 Retail 中所有资源的权限。

automlrecommendations.catalogItems.get

automlrecommendations.catalogItems.list

automlrecommendations.catalogs.getStats

automlrecommendations.catalogs.list

automlrecommendations.eventStores.getStats

automlrecommendations.events.list

automlrecommendations.placements.getStats

automlrecommendations.placements.list

automlrecommendations.recommendations.list

retail.alertConfigs.get

retail.attributesConfigs.exportCatalogAttributes

retail.attributesConfigs.get

retail.branches.*

retail.catalogs.completeQuery

retail.catalogs.exportAnalyticsMetrics

retail.catalogs.list

retail.controls.export

retail.controls.get

retail.controls.list

retail.experiments.get

retail.experiments.list

retail.experiments.loadExperimentLookerDashboard

retail.experiments.queryTrafficMetrics

retail.models.get

retail.models.list

retail.operations.*

retail.placements.*

retail.products.export

retail.products.get

retail.products.list

retail.retailProjects.get

retail.servingConfigs.get

retail.servingConfigs.list

retail.servingConfigs.predict

retail.servingConfigs.search

(roles/riscconfigs.admin)

拥有对 RISC 配置资源的读写权限。

clientauthconfig.clients.list

riscconfigurationservice.*

(roles/riscconfigs.viewer)

拥有对 RISC 配置资源的只读权限。

clientauthconfig.clients.list

riscconfigurationservice.riscconfigs.get

roles/routeoptimization.editor

此角色可以通过 BatchOptimizeTours 创建长时间运行的操作。

resourcemanager.projects.get

resourcemanager.projects.list

routeoptimization.*

roles/routeoptimization.viewer

此角色可以查看任何长时间运行的操作。

resourcemanager.projects.get

resourcemanager.projects.list

routeoptimization.operations.get

roles/runapps.developer

拥有创建和更改无服务器集成及其配置的权限。

resourcemanager.projects.get

resourcemanager.projects.list

runapps.applications.*

runapps.deployments.get

runapps.deployments.list

runapps.locations.*

runapps.operations.*

roles/runapps.operator

拥有部署无服务器集成的权限。

resourcemanager.projects.get

resourcemanager.projects.list

runapps.applications.get

runapps.applications.getStatus

runapps.applications.list

runapps.deployments.*

runapps.locations.*

runapps.operations.*

(roles/runapps.viewer)

拥有对无服务器集成资源的只读权限。

resourcemanager.projects.get

resourcemanager.projects.list

runapps.applications.get

runapps.applications.getStatus

runapps.applications.list

runapps.deployments.get

runapps.deployments.list

runapps.locations.*

runapps.operations.get

runapps.operations.list

roles/runtimeconfig.admin

拥有 RuntimeConfig 资源的完整访问权限。

runtimeconfig.*

roles/securedlandingzone.bqdwOrgRemediator

拥有在组织级修改(修复)SLZ BQDW Blueprint 中的资源的权限。

accesscontextmanager.servicePerimeters.get

accesscontextmanager.servicePerimeters.list

accesscontextmanager.servicePerimeters.update

roles/securedlandingzone.bqdwProjectRemediator

拥有在项目级修改(修复)SLZ BQDW Blueprint 中的资源的权限。

bigquery.datasets.get

bigquery.datasets.getIamPolicy

bigquery.datasets.setIamPolicy

bigquery.datasets.update

cloudkms.cryptoKeys.get

cloudkms.cryptoKeys.getIamPolicy

cloudkms.cryptoKeys.list

cloudkms.cryptoKeys.setIamPolicy

cloudkms.cryptoKeys.update

cloudkms.keyRings.getIamPolicy

cloudkms.keyRings.setIamPolicy

pubsub.topics.get

pubsub.topics.getIamPolicy

pubsub.topics.list

pubsub.topics.setIamPolicy

pubsub.topics.update

resourcemanager.projects.update

serviceusage.services.use

storage.buckets.get

storage.buckets.getIamPolicy

storage.buckets.list

storage.buckets.setIamPolicy

storage.buckets.update

roles/securedlandingzone.overwatchActivator

此角色可以启动或暂停 Overwatch

resourcemanager.projects.get

resourcemanager.projects.list

securedlandingzone.overwatches.activate

securedlandingzone.overwatches.suspend

roles/securedlandingzone.overwatchAdmin

拥有对 Overwatch 的完全访问权限

resourcemanager.projects.get

resourcemanager.projects.list

securedlandingzone.*

roles/securedlandingzone.overwatchViewer

此角色可以查看 Overwatch 的所有属性

resourcemanager.projects.get

resourcemanager.projects.list

securedlandingzone.operations.get

securedlandingzone.overwatches.get

securedlandingzone.overwatches.list

roles/securityposture.admin

拥有对 Security Posture 服务 API 的完整访问权限。

orgpolicy.*

resourcemanager.organizations.get

securitycenter.securityhealthanalyticssettings.*

securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.*

securitycentermanagement.securityHealthAnalyticsCustomModules.create

securitycentermanagement.securityHealthAnalyticsCustomModules.delete

securitycentermanagement.securityHealthAnalyticsCustomModules.get

securitycentermanagement.securityHealthAnalyticsCustomModules.list

securitycentermanagement.securityHealthAnalyticsCustomModules.update

securityposture.*

roles/securityposture.postureDeployer

拥有对 Posture Deployment 资源的更改和读取权限。

orgpolicy.*

resourcemanager.organizations.get

securitycenter.securityhealthanalyticssettings.*

securitycentermanagement.securityHealthAnalyticsCustomModules.create

securitycentermanagement.securityHealthAnalyticsCustomModules.delete

securitycentermanagement.securityHealthAnalyticsCustomModules.update

securityposture.operations.get

securityposture.postureDeployments.*

roles/securityposture.postureDeploymentsViewer

拥有对 Posture Deployment 资源的只读权限。

resourcemanager.organizations.get

securityposture.operations.get

securityposture.postureDeployments.get

securityposture.postureDeployments.list

roles/securityposture.postureEditor

拥有对 Posture 资源的更改和读取权限。

securityposture.operations.get

securityposture.postures.*

roles/securityposture.postureViewer

拥有对 Posture 资源的只读权限。

resourcemanager.organizations.get

securityposture.operations.get

securityposture.postures.get

securityposture.postures.list

roles/securityposture.reportCreator

拥有创建 IaC 验证报告等报告的权限。

securityposture.operations.get

securityposture.reports.*

roles/securityposture.viewer

拥有对所有 SecurityPosture 服务资源的只读权限。

resourcemanager.organizations.get

securityposture.operations.get

securityposture.postureDeployments.get

securityposture.postureDeployments.list

securityposture.postureTemplates.*

securityposture.postures.get

securityposture.postures.list

roles/servicehealth.viewer

拥有对 Personalized Service Health 资源的只读权限。

resourcemanager.projects.get

resourcemanager.projects.list

servicehealth.*

roles/servicesecurityinsights.securityInsightsViewer

拥有对 Security Insights 资源的只读权限

servicesecurityinsights.*

(roles/speakerid.admin)

授予对所有 Speaker ID 资源(包括项目设置)的完整访问权限。

speakerid.*

(roles/speakerid.editor)

授予读写所有 Speaker ID 资源的权限。

speakerid.phrases.*

speakerid.speakers.*

(roles/speakerid.verifier)

授予对所有 Speaker ID 资源的读取权限,并允许验证。

speakerid.phrases.get

speakerid.phrases.list

speakerid.speakers.get

speakerid.speakers.list

speakerid.speakers.verify

(roles/speakerid.viewer)

授予对所有 Speaker ID 资源的读取权限。

speakerid.phrases.get

speakerid.phrases.list

speakerid.speakers.get

speakerid.speakers.list

roles/speech.admin

授予对 Speech-to-text 中的所有资源的完全访问权限

speech.*

roles/speech.client

授予对识别 API 的访问权限。

speech.adaptations.execute

speech.customClasses.get

speech.customClasses.list

speech.locations.*

speech.operations.get

speech.operations.list

speech.operations.wait

speech.phraseSets.get

speech.phraseSets.list

speech.recognizers.get

speech.recognizers.list

speech.recognizers.recognize

roles/speech.editor

授予修改 Speech-to-text 中的资源的权限

speech.adaptations.execute

speech.customClasses.*

speech.locations.*

speech.operations.*

speech.phraseSets.*

speech.recognizers.*

(roles/storageinsights.admin)

拥有对存储空间分析资源的完整访问权限。

resourcemanager.projects.get

resourcemanager.projects.list

storageinsights.*

roles/storageinsights.analyst

拥有对存储空间分析的数据访问权限。

resourcemanager.projects.get

resourcemanager.projects.list

storageinsights.datasetConfigs.get

storageinsights.datasetConfigs.linkDataset

storageinsights.datasetConfigs.list

storageinsights.datasetConfigs.unlinkDataset

storageinsights.locations.*

storageinsights.operations.get

storageinsights.operations.list

storageinsights.reportConfigs.get

storageinsights.reportConfigs.list

storageinsights.reportDetails.*

(roles/storageinsights.viewer)

拥有对存储空间分析资源的只读权限。

resourcemanager.projects.get

resourcemanager.projects.list

storageinsights.datasetConfigs.get

storageinsights.datasetConfigs.list

storageinsights.locations.*

storageinsights.operations.get

storageinsights.operations.list

storageinsights.reportConfigs.get

storageinsights.reportConfigs.list

storageinsights.reportDetails.*

roles/subscribewithgoogledeveloper.developer

可以访问通过 Google 订阅的开发者工具。

resourcemanager.projects.get

resourcemanager.projects.list

subscribewithgoogledeveloper.tools.get

roles/telcoautomation.admin

拥有对 Telco Automation 资源的完整访问权限。

logging.buckets.get

logging.buckets.list

logging.exclusions.get

logging.exclusions.list

logging.links.get

logging.links.list

logging.locations.*

logging.logEntries.list

logging.logMetrics.get

logging.logMetrics.list

logging.logServiceIndexes.list

logging.logServices.list

logging.logs.list

logging.operations.get

logging.operations.list

logging.queries.getShared

logging.queries.listShared

logging.queries.usePrivate

logging.sinks.get

logging.sinks.list

logging.usage.get

logging.views.get

logging.views.list

monitoring.timeSeries.list

observability.scopes.get

resourcemanager.projects.get

serviceusage.quotas.*

serviceusage.services.*

source.repos.get

source.repos.list

telcoautomation.*

roles/telcoautomation.blueprintDesigner

能够管理蓝图

telcoautomation.blueprints.create

telcoautomation.blueprints.delete

telcoautomation.blueprints.get

telcoautomation.blueprints.list

telcoautomation.blueprints.propose

telcoautomation.blueprints.update

telcoautomation.deployments.computeStatus

telcoautomation.deployments.get

telcoautomation.deployments.list

telcoautomation.hydratedDeployments.get

telcoautomation.hydratedDeployments.list

telcoautomation.orchestrationClusters.get

telcoautomation.orchestrationClusters.list

telcoautomation.publicBlueprints.*

roles/telcoautomation.deploymentAdmin

能够管理部署

telcoautomation.blueprints.get

telcoautomation.blueprints.list

telcoautomation.deployments.*

telcoautomation.hydratedDeployments.*

telcoautomation.orchestrationClusters.get

telcoautomation.orchestrationClusters.list

roles/telcoautomation.opsAdminTier1

能够获取部署状态

logging.buckets.get

logging.buckets.list

logging.exclusions.get

logging.exclusions.list

logging.links.get

logging.links.list

logging.locations.*

logging.logEntries.list

logging.logMetrics.get

logging.logMetrics.list

logging.logServiceIndexes.list

logging.logServices.list

logging.logs.list

logging.operations.get

logging.operations.list

logging.queries.getShared

logging.queries.listShared

logging.queries.usePrivate

logging.sinks.get

logging.sinks.list

logging.usage.get

logging.views.get

logging.views.list

observability.scopes.get

resourcemanager.projects.get

telcoautomation.blueprints.get

telcoautomation.blueprints.list

telcoautomation.deployments.computeStatus

telcoautomation.deployments.get

telcoautomation.deployments.list

telcoautomation.hydratedDeployments.get

telcoautomation.hydratedDeployments.list

telcoautomation.orchestrationClusters.get

telcoautomation.orchestrationClusters.list

roles/telcoautomation.opsAdminTier4

能够管理部署及其状态

logging.buckets.get

logging.buckets.list

logging.exclusions.get

logging.exclusions.list

logging.links.get

logging.links.list

logging.locations.*

logging.logEntries.list

logging.logMetrics.get

logging.logMetrics.list

logging.logServiceIndexes.list

logging.logServices.list

logging.logs.list

logging.operations.get

logging.operations.list

logging.queries.getShared

logging.queries.listShared

logging.queries.usePrivate

logging.sinks.get

logging.sinks.list

logging.usage.get

logging.views.get

logging.views.list

observability.scopes.get

resourcemanager.projects.get

telcoautomation.blueprints.get

telcoautomation.blueprints.list

telcoautomation.deployments.*

telcoautomation.hydratedDeployments.*

telcoautomation.orchestrationClusters.get

telcoautomation.orchestrationClusters.list

roles/telcoautomation.serviceOrchestrator

能够管理部署

telcoautomation.blueprints.get

telcoautomation.blueprints.list

telcoautomation.deployments.*

telcoautomation.hydratedDeployments.*

telcoautomation.orchestrationClusters.get

telcoautomation.orchestrationClusters.list

roles/timeseriesinsights.datasetsEditor

拥有对数据集的修改权限。

timeseriesinsights.*

roles/timeseriesinsights.datasetsOwner

拥有数据集的完整访问权限。

timeseriesinsights.*

roles/timeseriesinsights.datasetsViewer

拥有对数据集的只读权限(列出和查询)。

timeseriesinsights.datasets.evaluate

timeseriesinsights.datasets.list

timeseriesinsights.datasets.query

timeseriesinsights.locations.*

roles/trafficdirector.client

提取服务配置和报告指标。

trafficdirector.*

roles/translationhub.admin

Translation Hub 的管理员

automl.models.get

automl.models.list

automl.models.predict

cloudtranslate.customModels.get

cloudtranslate.customModels.list

cloudtranslate.customModels.predict

cloudtranslate.glossaries.create

cloudtranslate.glossaries.delete

cloudtranslate.glossaries.get

cloudtranslate.glossaries.list

cloudtranslate.glossaries.predict

resourcemanager.projects.get

resourcemanager.projects.list

translationhub.*

roles/translationhub.portalUser

Translation Hub 的门户用户

automl.models.get

automl.models.list

automl.models.predict

cloudtranslate.customModels.get

cloudtranslate.customModels.list

cloudtranslate.customModels.predict

cloudtranslate.glossaries.get

cloudtranslate.glossaries.list

cloudtranslate.glossaries.predict

resourcemanager.projects.get

resourcemanager.projects.list

translationhub.portals.get

translationhub.portals.list

roles/visualinspection.editor

拥有对所有 Visual Inspection AI 资源(visualinspection.locations.reportUsageMetrics 除外)的读写权限

visualinspection.annotationSets.*

visualinspection.annotationSpecs.*

visualinspection.annotations.*

visualinspection.datasets.*

visualinspection.images.*

visualinspection.locations.get

visualinspection.locations.list

visualinspection.modelEvaluations.*

visualinspection.models.*

visualinspection.modules.*

visualinspection.operations.*

visualinspection.solutionArtifacts.*

visualinspection.solutions.*

roles/visualinspection.usageMetricsReporter

拥有对视觉检测 AI 服务的 ReportUsageMetric 访问权限

visualinspection.locations.reportUsageMetrics

roles/visualinspection.viewer

对 Visual Inspection AI 资源的读取权限

visualinspection.annotationSets.get

visualinspection.annotationSets.list

visualinspection.annotationSpecs.get

visualinspection.annotationSpecs.list

visualinspection.annotations.get

visualinspection.annotations.list

visualinspection.datasets.export

visualinspection.datasets.get

visualinspection.datasets.list

visualinspection.images.get

visualinspection.images.list

visualinspection.locations.get

visualinspection.locations.list

visualinspection.modelEvaluations.*

visualinspection.models.get

visualinspection.models.list

visualinspection.modules.get

visualinspection.modules.list

visualinspection.operations.*

visualinspection.solutionArtifacts.get

visualinspection.solutionArtifacts.list

visualinspection.solutionArtifacts.predict

visualinspection.solutions.get

visualinspection.solutions.list

如需详细了解预定义角色,请参阅角色和权限。如果在选择最适合的预定义角色时需要帮助,请参阅选择预定义角色