基于资源类型的导出权限

本页面列出了基于资源类型的导出权限。这些权限仅适用于 RESOURCE 或未指定的内容类型。在使用 Cloud Asset API 导出资产时,可使用这些政策来限制允许的资源类型。例如,导出具有 RESOURCE 或未指定内容类型的资产时,对项目具有 cloudasset.assets.exportResource 权限的用户可以导出任何资源类型的资源。但是,如果用户仅对项目具有 cloudasset.assets.exportComputeDisks 权限并且尝试导出 compute.googleapis.com/Disk 以外的资源类型或未指定资源类型的资产,则会收到 PERMISSION_DENIED 错误。如需详细了解如何使用 IAM 权限,请参阅 IAM 方法指南

资源类型 基于资源类型的导出权限
cloudresourcemanager.googleapis.com/Organization cloudasset.assets.exportCloudresourcemanagerOrganizations
cloudresourcemanager.googleapis.com/Folder cloudasset.assets.exportCloudresourcemanagerFolders
cloudresourcemanager.googleapis.com/Project cloudasset.assets.exportCloudresourcemanagerProjects
compute.googleapis.com/Address cloudasset.assets.exportComputeAddress
compute.googleapis.com/GlobalAddress cloudasset.assets.exportComputeGlobalAddress
compute.googleapis.com/Autoscaler cloudasset.assets.exportComputeAutoscalers
compute.googleapis.com/BackendBucket cloudasset.assets.exportComputeBackendBuckets
compute.googleapis.com/BackendService cloudasset.assets.exportComputeBackendServices
compute.googleapis.com/Disk cloudasset.assets.exportComputeDisks
compute.googleapis.com/Firewall cloudasset.assets.exportComputeFirewalls
compute.googleapis.com/ForwardingRule cloudasset.assets.exportComputeForwardingRules
compute.googleapis.com/HealthCheck cloudasset.assets.exportComputeHealthChecks
compute.googleapis.com/HttpHealthCheck cloudasset.assets.exportComputeHttpHealthChecks
compute.googleapis.com/HttpsHealthCheck cloudasset.assets.exportComputeHttpsHealthChecks
compute.googleapis.com/Image cloudasset.assets.exportComputeImages
compute.googleapis.com/Instance cloudasset.assets.exportComputeInstances
compute.googleapis.com/InstanceGroup cloudasset.assets.exportComputeInstanceGroups
compute.googleapis.com/InstanceGroupManager cloudasset.assets.exportComputeInstanceGroupManagers
compute.googleapis.com/InstanceTemplate cloudasset.assets.exportComputeInstanceTemplates
compute.googleapis.com/Interconnect cloudasset.assets.exportComputeInterconnect
compute.googleapis.com/InterconnectAttachment cloudasset.assets.exportComputeInterconnectAttachment
compute.googleapis.com/License cloudasset.assets.exportComputeLicenses
compute.googleapis.com/Network cloudasset.assets.exportComputeNetworks
compute.googleapis.com/Project cloudasset.assets.exportComputeProjects
compute.googleapis.com/RegionDisk cloudasset.assets.exportComputeRegionDisk
compute.googleapis.com/Route cloudasset.assets.exportComputeRoutes
compute.googleapis.com/Router cloudasset.assets.exportComputeRouters
compute.googleapis.com/Snapshot cloudasset.assets.exportComputeSnapshots
compute.googleapis.com/SslCertificate cloudasset.assets.exportComputeSslCertificates
compute.googleapis.com/Subnetwork cloudasset.assets.exportComputeSubnetworks
compute.googleapis.com/TargetHttpProxy cloudasset.assets.exportComputeTargetHttpProxies
compute.googleapis.com/TargetHttpsProxy cloudasset.assets.exportComputeTargetHttpsProxies
compute.googleapis.com/TargetInstance cloudasset.assets.exportComputeTargetInstances
compute.googleapis.com/TargetPool cloudasset.assets.exportComputeTargetPools
compute.googleapis.com/TargetTcpProxy cloudasset.assets.exportComputeTargetTcpProxies
compute.googleapis.com/TargetSslProxy cloudasset.assets.exportComputeTargetSslProxies
compute.googleapis.com/TargetVpnGateway cloudasset.assets.exportComputeTargetVpnGateways
compute.googleapis.com/UrlMap cloudasset.assets.exportComputeUrlMaps
compute.googleapis.com/VpnTunnel cloudasset.assets.exportComputeVpnTunnels
appengine.googleapis.com/Application cloudasset.assets.exportAppengineApplications
appengine.googleapis.com/Service cloudasset.assets.exportAppengineServices
appengine.googleapis.com/Version cloudasset.assets.exportAppengineVersions
cloudbilling.googleapis.com/BillingAccount cloudasset.assets.exportCloudbillingBillingAccounts
storage.googleapis.com/Bucket cloudasset.assets.exportStorageBuckets
osconfig.googleapis.com/PatchDeployment cloudasset.assets.exportPatchDeployments
dns.googleapis.com/ManagedZone cloudasset.assets.exportDnsManagedZones
dns.googleapis.com/Policy cloudasset.assets.exportDnsPolicies
spanner.googleapis.com/Instance cloudasset.assets.exportSpannerInstances
spanner.googleapis.com/Database cloudasset.assets.exportSpannerDatabases
spanner.googleapis.com/Backup cloudasset.assets.exportSpannerBackups
bigquery.googleapis.com/Dataset cloudasset.assets.exportBigqueryDatasets
bigquery.googleapis.com/Table cloudasset.assets.exportBigqueryTables
iam.googleapis.com/Role cloudasset.assets.exportIamRoles
iam.googleapis.com/ServiceAccount cloudasset.assets.exportIamServiceAccounts
pubsub.googleapis.com/Topic cloudasset.assets.exportPubsubTopics
pubsub.googleapis.com/Subscription cloudasset.assets.exportPubsubSubscriptions
dataproc.googleapis.com/Cluster cloudasset.assets.exportDataprocClusters
dataproc.googleapis.com/Job cloudasset.assets.exportDataprocJobs
cloudkms.googleapis.com/KeyRing cloudasset.assets.exportCloudkmsKeyRings
cloudkms.googleapis.com/CryptoKey cloudasset.assets.exportCloudkmsCryptoKeys
cloudkms.googleapis.com/CryptoKeyVersion cloudasset.assets.exportCloudkmsCryptoKeyVersions
cloudkms.googleapis.com/ImportJob cloudasset.assets.exportCloudkmsImportJobs
container.googleapis.com/Cluster cloudasset.assets.exportContainerClusters
container.googleapis.com/NodePool cloudasset.assets.exportContainerNodepool
sqladmin.googleapis.com/Instance cloudasset.assets.exportSqladminInstances
bigtableadmin.googleapis.com/Cluster cloudasset.assets.exportBigtableCluster
bigtableadmin.googleapis.com/Instance cloudasset.assets.exportBigtableInstance
bigtableadmin.googleapis.com/Table cloudasset.assets.exportBigtableTable
k8s.io/Node cloudasset.assets.exportContainerNode
k8s.io/Pod cloudasset.assets.exportContainerPod
k8s.io/Namespace cloudasset.assets.exportContainerNamespace
rbac.authorization.k8s.io/Role cloudasset.assets.exportContainerRole
rbac.authorization.k8s.io/RoleBinding cloudasset.assets.exportContainerRolebinding
rbac.authorization.k8s.io/ClusterRole cloudasset.assets.exportContainerClusterrole
rbac.authorization.k8s.io/ClusterRoleBinding cloudasset.assets.exportContainerClusterrolebinding