Peran dan izin

Halaman ini mencantumkan izin yang diperlukan oleh Certificate Manager dan peran Identity and Access Management yang mencakupnya.

Izin

Bagian ini mencantumkan izin yang diperlukan untuk melakukan operasi tertentu di Certificate Manager.

Operasi dan metode	Resource	Izin
Buat sertifikat `certificates.create`	Sertifikat	`certificatemanager.certs.create` pada project Google Cloud target. Jika menggunakan otorisasi DNS, Anda juga memerlukan `certificatemanager.dnsauthorizations.use` pada setiap otorisasi DNS yang terkait.
Cantumkan sertifikat `certificates.list`	Sertifikat	`certificatemanager.certs.list` pada project Google Cloud target
Ambil sertifikat `certificates.get`	Sertifikat	`certificatemanager.certs.get` pada sertifikat target
Perbarui sertifikat `certificates.patch`	Sertifikat	`certificatemanager.certs.update` pada sertifikat target
Lampirkan sertifikat ke resource	Sertifikat	`certificatemanager.certs.use` pada sertifikat target
Hapus sertifikat `certificates.delete`	Sertifikat	`certificatemanager.certs.delete` pada sertifikat target
Buat peta sertifikat `certificateMaps.create`	Peta sertifikat	`certificatemanager.certmaps.create` pada project Google Cloud target
Cantumkan peta sertifikat `certificateMaps.list`	Peta sertifikat	`certificatemanager.certmaps.list` pada project Google Cloud target
Ambil peta sertifikat `certificateMaps.get`	Peta sertifikat	`certificatemanager.certmaps.get` pada peta sertifikat target
Perbarui peta sertifikat `certificateMaps.patch`	Peta sertifikat	`certificatemanager.certmaps.update` pada peta sertifikat target
Lampirkan peta sertifikat ke resource	Peta sertifikat	`certificatemanager.certmaps.use` pada peta sertifikat target
Hapus peta sertifikat `certificateMaps.delete`	Peta sertifikat	`certificatemanager.certmaps.delete` pada peta sertifikat target
Buat entri peta sertifikat `certificateMaps.certificateMapEntries.create`	Entri peta sertifikat	`certificatemanager.certmapentries.create` pada peta sertifikat target dan `certificatemanager.certs.use` pada setiap sertifikat yang terkait.
Cantumkan entri peta sertifikat `certificateMaps.certificateMapEntries.list`	Entri peta sertifikat	`certificatemanager.certmapentries.list` pada peta sertifikat target
Ambil entri peta sertifikat `certificateMaps.certificateMapEntries.get`	Entri peta sertifikat	`certificatemanager.certmapentries.get` pada entri peta sertifikat target
Perbarui entri peta sertifikat `certificateMaps.certificateMapEntries.patch`	Entri peta sertifikat	`certificatemanager.certmapentries.update` pada entri peta sertifikat target dan `certificatemanager.certs.use` pada setiap sertifikat yang terkait.
Hapus entri peta sertifikat `certificateMaps.certificateMapEntries.delete`	Entri peta sertifikat	`certificatemanager.certmapentries.delete` pada entri peta sertifikat target
Buat otorisasi DNS `dnsAuthorizations.create`	Otorisasi DNS	`certificatemanager.dnsauthorizations.create` pada project Google Cloud target
Cantumkan otorisasi DNS `dnsAuthorizations.list`	Otorisasi DNS	`certificatemanager.dnsauthorizations.list` pada project Google Cloud target
Ambil otorisasi DNS `dnsAuthorizations.get`	Otorisasi DNS	`certificatemanager.dnsauthorizations.get` pada otorisasi DNS target
Perbarui otorisasi DNS `dnsAuthorizations.patch`	Otorisasi DNS	`certificatemanager.dnsauthorizations.update` pada otorisasi DNS target
Menghapus otorisasi DNS `dnsAuthorizations.delete`	Otorisasi DNS	`certificatemanager.dnsauthorizations.delete` pada otorisasi DNS target
Buat konfigurasi penerbitan sertifikat `certificateIssuanceConfigs.create`	Konfigurasi penerbitan sertifikat	`certificatemanager.certissuanceconfigs.create` pada project Google Cloud target
Mencantumkan konfigurasi penerbitan sertifikat `certificateIssuanceConfigs.list`	Konfigurasi penerbitan sertifikat	`certificatemanager.certissuanceconfigs.list` pada project Google Cloud target
Mengambil konfigurasi penerbitan sertifikat `certificateIssuanceConfigs.get`	Konfigurasi penerbitan sertifikat	`certificatemanager.certissuanceconfigs.get` pada konfigurasi penerbitan sertifikat target
Menghapus konfigurasi penerbitan sertifikat `certificateIssuanceConfigs.delete`	Konfigurasi penerbitan sertifikat	`certificatemanager.certissuanceconfigs.delete` pada konfigurasi penerbitan sertifikat target
Membuat konfigurasi kepercayaan `trustConfigs.create`	Konfigurasi kepercayaan	`certificatemanager.trustconfigs.create` pada project Google Cloud target
Mencantumkan konfigurasi kepercayaan `trustConfigs.list`	Konfigurasi kepercayaan	`certificatemanager.trustconfigs.list` pada project Google Cloud target
Memperbarui konfigurasi kepercayaan `trustConfigs.patch`	Konfigurasi kepercayaan	`certificatemanager.trustconfigs.update` pada konfigurasi kepercayaan target
Mendapatkan status konfigurasi kepercayaan `trustConfigs.get`	Konfigurasi kepercayaan	`certificatemanager.trustconfigs.get` pada konfigurasi kepercayaan target
Melampirkan konfigurasi kepercayaan ke resource	Konfigurasi kepercayaan	`certificatemanager.trustconfigs.use` pada konfigurasi kepercayaan target
Menghapus konfigurasi kepercayaan `trustConfigs.delete`	Konfigurasi kepercayaan	`certificatemanager.trustconfigs.delete` pada konfigurasi kepercayaan target
Buat kunci akun eksternal `externalAccountKeys.create`	Kunci akun eksternal	`publicca.externalAccountKeys.create` pada project Google Cloud target

Peran

Bagian ini mencantumkan peran IAM yang merangkum izin Pengelola Sertifikat.

Peran Certificate Manager untuk project Google Cloud

Tabel berikut mencantumkan peran project Google Cloud dan izin Pengelola Sertifikat yang dienkapsulasi.

Role Permissions

Role	Permissions
Certificate Manager Editor (`roles/certificatemanager.editor`) Edit access to Certificate Manager all resources.	`certificatemanager.certissuanceconfigs.create` `certificatemanager.certissuanceconfigs.get` `certificatemanager.certissuanceconfigs.list` `certificatemanager.certissuanceconfigs.update` `certificatemanager.certissuanceconfigs.use` `certificatemanager.certmapentries.create` `certificatemanager.certmapentries.get` `certificatemanager.certmapentries.getIamPolicy` `certificatemanager.certmapentries.list` `certificatemanager.certmapentries.update` `certificatemanager.certmaps.create` `certificatemanager.certmaps.get` `certificatemanager.certmaps.getIamPolicy` `certificatemanager.certmaps.list` `certificatemanager.certmaps.update` `certificatemanager.certmaps.use` `certificatemanager.certs.create` `certificatemanager.certs.get` `certificatemanager.certs.getIamPolicy` `certificatemanager.certs.list` `certificatemanager.certs.update` `certificatemanager.certs.use` `certificatemanager.dnsauthorizations.create` `certificatemanager.dnsauthorizations.get` `certificatemanager.dnsauthorizations.getIamPolicy` `certificatemanager.dnsauthorizations.list` `certificatemanager.dnsauthorizations.update` `certificatemanager.dnsauthorizations.use` `certificatemanager.locations.*` `certificatemanager.locations.get` `certificatemanager.locations.list` `certificatemanager.operations.get` `certificatemanager.operations.list` `certificatemanager.trustconfigs.create` `certificatemanager.trustconfigs.get` `certificatemanager.trustconfigs.list` `certificatemanager.trustconfigs.update` `certificatemanager.trustconfigs.use` `resourcemanager.projects.get` `resourcemanager.projects.list`
Certificate Manager Owner (`roles/certificatemanager.owner`) Full access to Certificate Manager all resources.	`certificatemanager.*` `certificatemanager.certissuanceconfigs.create` `certificatemanager.certissuanceconfigs.delete` `certificatemanager.certissuanceconfigs.get` `certificatemanager.certissuanceconfigs.list` `certificatemanager.certissuanceconfigs.update` `certificatemanager.certissuanceconfigs.use` `certificatemanager.certmapentries.create` `certificatemanager.certmapentries.delete` `certificatemanager.certmapentries.get` `certificatemanager.certmapentries.getIamPolicy` `certificatemanager.certmapentries.list` `certificatemanager.certmapentries.setIamPolicy` `certificatemanager.certmapentries.update` `certificatemanager.certmaps.create` `certificatemanager.certmaps.delete` `certificatemanager.certmaps.get` `certificatemanager.certmaps.getIamPolicy` `certificatemanager.certmaps.list` `certificatemanager.certmaps.setIamPolicy` `certificatemanager.certmaps.update` `certificatemanager.certmaps.use` `certificatemanager.certs.create` `certificatemanager.certs.delete` `certificatemanager.certs.get` `certificatemanager.certs.getIamPolicy` `certificatemanager.certs.list` `certificatemanager.certs.setIamPolicy` `certificatemanager.certs.update` `certificatemanager.certs.use` `certificatemanager.dnsauthorizations.create` `certificatemanager.dnsauthorizations.delete` `certificatemanager.dnsauthorizations.get` `certificatemanager.dnsauthorizations.getIamPolicy` `certificatemanager.dnsauthorizations.list` `certificatemanager.dnsauthorizations.setIamPolicy` `certificatemanager.dnsauthorizations.update` `certificatemanager.dnsauthorizations.use` `certificatemanager.locations.get` `certificatemanager.locations.list` `certificatemanager.operations.cancel` `certificatemanager.operations.delete` `certificatemanager.operations.get` `certificatemanager.operations.list` `certificatemanager.trustconfigs.create` `certificatemanager.trustconfigs.delete` `certificatemanager.trustconfigs.get` `certificatemanager.trustconfigs.list` `certificatemanager.trustconfigs.update` `certificatemanager.trustconfigs.use` `resourcemanager.projects.get` `resourcemanager.projects.list`
Certificate Manager Viewer (`roles/certificatemanager.viewer`) Read-only access to Certificate Manager all resources.	`certificatemanager.certissuanceconfigs.get` `certificatemanager.certissuanceconfigs.list` `certificatemanager.certmapentries.get` `certificatemanager.certmapentries.getIamPolicy` `certificatemanager.certmapentries.list` `certificatemanager.certmaps.get` `certificatemanager.certmaps.getIamPolicy` `certificatemanager.certmaps.list` `certificatemanager.certs.get` `certificatemanager.certs.getIamPolicy` `certificatemanager.certs.list` `certificatemanager.dnsauthorizations.get` `certificatemanager.dnsauthorizations.getIamPolicy` `certificatemanager.dnsauthorizations.list` `certificatemanager.locations.*` `certificatemanager.locations.get` `certificatemanager.locations.list` `certificatemanager.operations.get` `certificatemanager.operations.list` `certificatemanager.trustconfigs.get` `certificatemanager.trustconfigs.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

Certificate Manager Editor

(roles/certificatemanager.editor)

Edit access to Certificate Manager all resources.

certificatemanager.certissuanceconfigs.create

certificatemanager.certissuanceconfigs.get

certificatemanager.certissuanceconfigs.list

certificatemanager.certissuanceconfigs.update

certificatemanager.certissuanceconfigs.use

certificatemanager.certmapentries.create

certificatemanager.certmapentries.get

certificatemanager.certmapentries.getIamPolicy

certificatemanager.certmapentries.list

certificatemanager.certmapentries.update

certificatemanager.certmaps.create

certificatemanager.certmaps.get

certificatemanager.certmaps.getIamPolicy

certificatemanager.certmaps.list

certificatemanager.certmaps.update

certificatemanager.certmaps.use

certificatemanager.certs.create

certificatemanager.certs.get

certificatemanager.certs.getIamPolicy

certificatemanager.certs.list

certificatemanager.certs.update

certificatemanager.certs.use

certificatemanager.dnsauthorizations.create

certificatemanager.dnsauthorizations.get

certificatemanager.dnsauthorizations.getIamPolicy

certificatemanager.dnsauthorizations.list

certificatemanager.dnsauthorizations.update

certificatemanager.dnsauthorizations.use

certificatemanager.locations.*

certificatemanager.locations.get
certificatemanager.locations.list

certificatemanager.operations.get

certificatemanager.operations.list

certificatemanager.trustconfigs.create

certificatemanager.trustconfigs.get

certificatemanager.trustconfigs.list

certificatemanager.trustconfigs.update

certificatemanager.trustconfigs.use

resourcemanager.projects.get

resourcemanager.projects.list

Certificate Manager Owner

(roles/certificatemanager.owner)

Full access to Certificate Manager all resources.

certificatemanager.*

certificatemanager.certissuanceconfigs.create
certificatemanager.certissuanceconfigs.delete
certificatemanager.certissuanceconfigs.get
certificatemanager.certissuanceconfigs.list
certificatemanager.certissuanceconfigs.update
certificatemanager.certissuanceconfigs.use
certificatemanager.certmapentries.create
certificatemanager.certmapentries.delete
certificatemanager.certmapentries.get
certificatemanager.certmapentries.getIamPolicy
certificatemanager.certmapentries.list
certificatemanager.certmapentries.setIamPolicy
certificatemanager.certmapentries.update
certificatemanager.certmaps.create
certificatemanager.certmaps.delete
certificatemanager.certmaps.get
certificatemanager.certmaps.getIamPolicy
certificatemanager.certmaps.list
certificatemanager.certmaps.setIamPolicy
certificatemanager.certmaps.update
certificatemanager.certmaps.use
certificatemanager.certs.create
certificatemanager.certs.delete
certificatemanager.certs.get
certificatemanager.certs.getIamPolicy
certificatemanager.certs.list
certificatemanager.certs.setIamPolicy
certificatemanager.certs.update
certificatemanager.certs.use
certificatemanager.dnsauthorizations.create
certificatemanager.dnsauthorizations.delete
certificatemanager.dnsauthorizations.get
certificatemanager.dnsauthorizations.getIamPolicy
certificatemanager.dnsauthorizations.list
certificatemanager.dnsauthorizations.setIamPolicy
certificatemanager.dnsauthorizations.update
certificatemanager.dnsauthorizations.use
certificatemanager.locations.get
certificatemanager.locations.list
certificatemanager.operations.cancel
certificatemanager.operations.delete
certificatemanager.operations.get
certificatemanager.operations.list
certificatemanager.trustconfigs.create
certificatemanager.trustconfigs.delete
certificatemanager.trustconfigs.get
certificatemanager.trustconfigs.list
certificatemanager.trustconfigs.update
certificatemanager.trustconfigs.use

resourcemanager.projects.get

resourcemanager.projects.list

Certificate Manager Viewer

(roles/certificatemanager.viewer)

Read-only access to Certificate Manager all resources.

certificatemanager.certissuanceconfigs.get

certificatemanager.certissuanceconfigs.list

certificatemanager.certmapentries.get

certificatemanager.certmapentries.getIamPolicy

certificatemanager.certmapentries.list

certificatemanager.certmaps.get

certificatemanager.certmaps.getIamPolicy

certificatemanager.certmaps.list

certificatemanager.certs.get

certificatemanager.certs.getIamPolicy

certificatemanager.certs.list

certificatemanager.dnsauthorizations.get

certificatemanager.dnsauthorizations.getIamPolicy

certificatemanager.dnsauthorizations.list

certificatemanager.locations.*

certificatemanager.locations.get
certificatemanager.locations.list

certificatemanager.operations.get

certificatemanager.operations.list

certificatemanager.trustconfigs.get

certificatemanager.trustconfigs.list

resourcemanager.projects.get

resourcemanager.projects.list

Peran CA publik untuk project Google Cloud

Peran berikut dan izin yang dienkapsulasi diperlukan secara khusus untuk operasi CA Publik:

Peran	Izin
Kreator Kunci Akun Eksternal CA Publik (`roles/publicca.externalAccountKeyCreator`) Membuat akses untuk resource akun kunci eksternal CA Publik.	resourcemanager.projects.get resourcemanager.projects.list publicca.externalAccountKeys.create

Peran khusus

Google Cloud juga memungkinkan Anda membuat peran khusus yang merangkum izin khusus untuk kebutuhan bisnis Anda, seperti prinsip hak istimewa yang paling tidak diperlukan. Untuk mengetahui petunjuknya, lihat Membuat dan mengelola peran khusus.

Peran dan izin

Izin

Peran

Peran Certificate Manager untuk project Google Cloud

Certificate Manager Editor

Certificate Manager Owner

Certificate Manager Viewer

Peran CA publik untuk project Google Cloud

Peran khusus

Langkah selanjutnya