Rôles et autorisations IAM de Compute Engine

Lorsque vous ajoutez un membre à votre projet, vous pouvez utiliser une stratégie Identity and Access Management (IAM) pour attribuer à ce membre un ou plusieurs rôles IAM. Chaque rôle IAM contient des autorisations qui accordent au membre l'accès à des ressources spécifiques.

Compute Engine dispose d'un ensemble de rôles IAM prédéfinis, qui sont décrits sur cette page. Vous pouvez également créer des rôles personnalisés contenant des sous-ensembles d'autorisations qui correspondent exactement à vos besoins.

Pour connaître les autorisations requises pour chaque méthode, consultez la documentation de référence de l'API Compute Engine :

Pour en savoir plus sur les autorisations d'accès, consultez les pages suivantes.

Pour savoir comment définir des stratégies IAM au niveau d'un projet, consultez la page Accorder, modifier et révoquer les accès à des ressources dans la documentation IAM.
Pour apprendre à définir des stratégies sur des ressources Compute Engine spécifiques, consultez la page Gérer l'accès aux ressources Compute Engine.
Pour savoir comment attribuer des rôles à un compte de service Compute Engine, consultez la page Créer et activer des comptes de service pour les instances.

Qu'est-ce qu'IAM ?

Cloud IAM est une solution qui vous permet d'attribuer un accès précis à des ressources spécifiques de Google Cloud et empêche tout accès non souhaité à d'autres ressources. IAM vous permet d'adopter le principe de sécurité du moindre privilège afin de n'accorder que l'accès nécessaire à vos ressources.

En définissant des stratégies IAM, vous pouvez contrôler qui (identité) dispose de quelles autorisations d'accès (rôles) pour quelles ressources. Ces stratégies permettent d'attribuer un ou plusieurs rôles spécifiques à un membre du projet, et ainsi d'accorder à cette identité certaines autorisations. Par exemple, pour une ressource donnée (comme un projet), vous pouvez attribuer le rôle roles/compute.networkAdmin à un compte Google. Celui-ci peut contrôler les ressources réseau du projet, mais pas les autres ressources, comme les instances et les disques. Vous pouvez également utiliser IAM pour gérer les anciens rôles de la console Google Cloud accordés aux membres de l'équipe de projet.

Rôle serviceAccountUser

Lorsqu'il est associé à roles/compute.instanceAdmin.v1, le rôle roles/iam.serviceAccountUser permet aux membres de créer et de gérer des instances qui utilisent un compte de service. Plus précisément, l'attribution de roles/iam.serviceAccountUser et de roles/compute.instanceAdmin.v1 permet aux membres de :

créer une instance qui s'exéctue en tant que compte de service ;
associer un disque persistant à une instance qui s'exécute en tant que compte de service ;
définir des métadonnées sur une instance qui s'exécute en tant que compte de service ;
se connecter via SSH à une instance qui s'exécute en tant que compte de service ;
reconfigurer une instance à exécuter en tant que compte de service.

Vous pouvez accorder le rôle roles/iam.serviceAccountUser de deux façons différentes :

Recommandation. Accordez le rôle à un membre sur un compte de service spécifique. Cela permet à un membre d'accéder au compte de service pour lequel il dispose du rôle iam.serviceAccountUser, mais l'empêche d'accéder à d'autres comptes de service pour lesquels le membre n'est pas un iam.serviceAccountUser.
Accordez le rôle à un membre au niveau du projet. Le membre a accès à tous les comptes de service du projet, y compris à ceux créés par la suite.

Si le concept ne vous est pas familier, lisez ces informations sur les comptes de service.

Autorisation d'accès à la console Google Cloud

Pour utiliser la console Google Cloud afin d'accéder aux ressources Compute Engine, vous devez disposer d'un rôle comportant l'autorisation suivante sur le projet :

compute.projects.get

Se connecter à une instance en tant qu'instanceAdmin

Une fois que vous avez accordé le rôle roles/compute.instanceAdmin.v1 à un membre du projet, celui-ci peut se connecter à des instances de machine virtuelle (VM) à l'aide des outils Google Cloud standards, tels que la gcloud CLI ou SSH dans le navigateur.

Lorsqu'un membre utilise la gcloud CLI ou SSH dans le navigateur, l'outil utilisé génère automatiquement une paire de clés publique/privée et ajoute la clé publique aux métadonnées du projet. Si le membre ne dispose pas des autorisations nécessaires pour modifier les métadonnées du projet, l'outil ajoute la clé publique du membre aux métadonnées de l'instance.

Si le membre souhaite utiliser une paire de clés existante, il peut ajouter manuellement sa clé publique aux métadonnées de l'instance. Apprenez-en plus sur l'ajout de clés SSH à une instance.

IAM avec des comptes de service

Créez des comptes de service personnalisés, puis accordez-leur des rôles IAM pour limiter l'accès de vos instances. Utilisez les rôles IAM avec des comptes de service personnalisés pour :

limiter l'accès de vos instances aux API Google Cloud à l'aide de rôles IAM précis ;
attribuer à chaque instance ou ensemble d'instances une identité unique ;
limiter l'accès à votre compte de service par défaut.

En savoir plus sur les comptes de service

Groupes d'instances gérés et IAM

Les groupes d'instances gérés (MIG) sont des ressources qui effectuent des actions au nom de l'utilisateur sans nécessiter d'intervention directe. Par exemple, le MIG peut ajouter des VM au groupe ou en supprimer.

Toutes les opérations réalisées par Compute Engine dans le MIG sont concrètement effectuées par l'agent de service des API Google, qui dispose d'une adresse e-mail au format suivant : PROJECT_ID@cloudservices.gserviceaccount.com

Par défaut, l'agent de service des API Google dispose du rôle Éditeur (roles/editor) au niveau du projet, lequel accorde des droits suffisants pour créer des ressources en fonction de la configuration du MIG. Si vous personnalisez l'accès de l'agent de service des API Google, attribuez-lui le rôle Administrateur d'instances Compute (v1) (roles/compute.instanceAdmin.v1) et, éventuellement, le rôle Utilisateur du compte de service (roles/iam.serviceAccountUser). Le rôle Utilisateur du compte de service n'est requis que si le MIG crée des VM pouvant s'exécuter via un compte de service.

Notez que l'agent de service des API Google est également utilisé par d'autres processus, y compris Deployment Manager.

Lorsque vous créez un MIG ou mettez à jour son modèle d'instance, Compute Engine vérifie que l'agent de service des API Google dispose du rôle et des autorisations suivants :

Rôle Utilisateur du compte de service, qui est important si vous envisagez de créer des instances pouvant s'exécuter via un compte de service
Autorisations pour toutes les ressources référencées dans les modèles d'instance, telles que des images, disques, réseaux VPC et sous-réseaux

Rôles IAM prédéfinis Compute Engine

Avec IAM, chaque méthode d'API Compute Engine nécessite que l'identité effectuant la requête API dispose des autorisations appropriées pour utiliser la ressource. Pour accorder des autorisations, vous devez définir des stratégies qui attribuent des rôles à un membre (utilisateur, groupe ou compte de service) du projet.

En plus des rôles de base (lecteur, éditeur et propriétaire) et des rôles personnalisés, vous pouvez attribuer les rôles prédéfinis Compute Engine suivants aux membres du projet :

Vous avez la possibilité d'accorder plusieurs rôles à un membre du projet sur la même ressource. Par exemple, si votre équipe réseau gère également les règles de pare-feu, vous pouvez attribuer les rôles roles/compute.networkAdmin et roles/compute.securityAdmin au groupe Google de l'équipe réseau.

Les tableaux suivants décrivent les rôles IAM prédéfinis Compute Engine, ainsi que les autorisations qu'ils contiennent. Chaque rôle comporte un ensemble d'autorisations adaptées à une tâche spécifique. Par exemple, les rôles d'administrateur d'instances accordent des autorisations permettant de gérer les instances, les rôles réseau contiennent des autorisations permettant de gérer les ressources liées au réseau et les rôles de sécurité attribuent des autorisations permettant de gérer les ressources liées à la sécurité, telles que les pare-feu et les certificats SSL.

Rôle d'administrateur de Compute

Détails Autorisations

Détails	Autorisations
Administrateur de Compute (`roles/compute.admin`) Contrôle complet des ressources Compute Engine. Si l'utilisateur est amené à gérer des instances de machines virtuelles configurées pour s'exécuter en tant que compte de service, vous devez également lui accorder le rôle `roles/iam.serviceAccountUser`. Ressources de niveau inférieur auxquelles vous pouvez attribuer ce rôle : Disque Image Instance Modèle d'instance Groupe de nœuds Modèle de nœud Instantané ^Bêta	compute.* compute.acceleratorTypes.get compute.acceleratorTypes.list compute.addresses.create compute.addresses.createInternal compute.addresses.delete compute.addresses.deleteInternal compute.addresses.get compute.addresses.list compute.addresses.setLabels compute.addresses.use compute.addresses.useInternal compute.autoscalers.create compute.autoscalers.delete compute.autoscalers.get compute.autoscalers.list compute.autoscalers.update compute.backendBuckets.addSignedUrlKey compute.backendBuckets.create compute.backendBuckets.delete compute.backendBuckets.deleteSignedUrlKey compute.backendBuckets.get compute.backendBuckets.getIamPolicy compute.backendBuckets.list compute.backendBuckets.setIamPolicy compute.backendBuckets.setSecurityPolicy compute.backendBuckets.update compute.backendBuckets.use compute.backendServices.addSignedUrlKey compute.backendServices.create compute.backendServices.delete compute.backendServices.deleteSignedUrlKey compute.backendServices.get compute.backendServices.getIamPolicy compute.backendServices.list compute.backendServices.setIamPolicy compute.backendServices.setSecurityPolicy compute.backendservices.update compute.backendServices.use compute.commitments.create compute.commitments.get compute.commitments.list compute.commitments.update compute.commitments.updateReservations compute.diskTypes.get compute.diskTypes.list compute.disks.addResourcePolicies compute.disks.create compute.disks.createSnapshot compute.disks.createTagBinding compute.disks.delete compute.disks.deleteTagBinding compute.disks.get compute.disks.getiamPolicy compute.disks.list compute.disks.listEffectiveTags compute.disks.listTagBindings compute.disks.removeResourcePolicies compute.disks.resize compute.disks.setIamPolicy compute.disks.setLabels compute.disks.startAsyncReplication compute.disks.stopAsyncReplication compute.disks.stopGroupAsyncReplication compute.disks.update compute.disks.use compute.disks.useReadOnly compute.externalVpnGateways.create compute.externalVpnGateways.delete compute.externalVpnGateways.get compute.externalVpnGateways.list compute.externalVpnGateways.setLabels compute.externalVpnGateways.use compute.firewallPolicies.addAssociation compute.firewallPolicies.cloneRules compute.firewallPolicies.copyRules compute.firewallPolicies.create compute.firewallPolicies.delete compute.firewallPolicies.get compute.firewallPolicies.getIamPolicy compute.firewallPolicies.list compute.firewallPolicies.move compute.firewallPolicies.removeAssociation compute.firewallPolicies.setIamPolicy compute.firewallPolicies.update compute.firewallPolicies.use compute.firewalls.create compute.firewalls.delete compute.firewalls.get compute.firewalls.list compute.firewalls.update compute.forwardingRules.create compute.forwardingRules.delete compute.forwardingRules.get compute.forwardingRules.list compute.forwardingRules.pscCreate compute.forwardingRules.pscDelete compute.forwardingRules.pscSetLabels compute.forwardingRules.pscSetTarget compute.forwardingRules.pscUpdate compute.forwardingRules.setLabels compute.forwardingRules.setTarget compute.forwardingRules.update compute.forwardingRules.use compute.globalAddresses.create compute.globalAddresses.createInternal compute.globalAddresses.delete compute.globalAddresses.deleteInternal compute.globalAddresses.get compute.globalAddresses.list compute.globalAddresses.setLabels compute.globalAddresses.use compute.globalForwardingRules.create compute.globalForwardingRules.delete compute.globalForwardingRules.get compute.globalForwardingRules.list compute.globalForwardingRules.pscCreate compute.globalForwardingRules.pscDelete compute.globalForwardingRules.pscGet compute.globalForwardingRules.pscSetLabels compute.globalForwardingRules.pscSetTarget compute.globalForwardingRules.pscUpdate compute.globalForwardingRules.setLabels compute.globalForwardingRules.setTarget compute.globalForwardingRules.update compute.globalNetworkEndpointGroups.attachNetworkEndpoints compute.globalNetworkEndpointGroups.create compute.globalNetworkEndpointGroups.delete compute.globalNetworkEndpointGroups.detachNetworkEndpoints compute.globalNetworkEndpointGroups.get compute.globalNetworkEndpointGroups.list compute.globalNetworkEndpointGroups.use compute.globalOperations.delete compute.globalOperations.get compute.globalOperations.getIamPolicy compute.globalOperations.list compute.globalOperations.setIamPolicy compute.globalPublicDelegatedPrefixes.create compute.globalPublicDelegatedPrefixes.delete compute.globalPublicDelegatedPrefixes.get compute.globalPublicDelegatedPrefixes.list compute.globalPublicDelegatedPrefixes.update compute.globalPublicDelegatedPrefixes.updatePolicy compute.globalPublicDelegatedPrefixes.use compute.healthChecks.create compute.healthChecks.delete compute.healthChecks.get compute.healthChecks.list compute.healthChecks.update compute.healthChecks.use compute.healthChecks.useReadOnly compute.httpHealthChecks.create compute.httpHealthChecks.delete compute.httpHealthChecks.get compute.httpHealthChecks.list compute.httpHealthChecks.update compute.httpHealthChecks.use compute.httpHealthChecks.useReadOnly compute.httpsHealthChecks.create compute.httpsHealthChecks.delete compute.httpsHealthChecks.get compute.httpsHealthChecks.list compute.httpsHealthChecks.update compute.httpsHealthChecks.use compute.httpsHealthChecks.useReadOnly compute.images.create compute.images.createTagBinding compute.images.delete compute.images.deleteTagBinding compute.images.deprecate compute.images.get compute.images.getFromFamily compute.images.getiamPolicy compute.images.list compute.images.listEffectiveTags compute.images.listTagBindings compute.images.setiamPolicy compute.images.setLabels compute.images.update compute.images.useReadOnly compute.instanceGroupManagers.create compute.instanceGroupManagers.delete compute.instanceGroupManagers.get compute.instanceGroupManagers.list compute.instanceGroupManagers.update compute.instanceGroupManagers.use compute.instanceGroups.create compute.instanceGroups.delete compute.instanceGroups.get compute.instanceGroups.list compute.instanceGroups.update compute.instanceGroups.use compute.instanceTemplates.create compute.instanceTemplates.delete compute.instanceTemplates.get compute.instanceTemplates.getIamPolicy compute.instanceTemplates.list compute.instanceTemplates.setIamPolicy compute.instanceTemplates.useReadOnly compute.instances.addAccessConfig compute.instances.addMaintenancePolicies compute.instances.addResourcePolicies compute.instances.attachDisk compute.instances.create compute.instances.createTagBinding compute.instances.delete compute.instances.deleteAccessConfig compute.instances.deleteTagBinding compute.instances.detachDisk compute.instances.get compute.instances.getEffectiveFirewalls compute.instances.getGuestAttributes compute.instances.getIamPolicy compute.instances.getScreenshot compute.instances.getSerialPortOutput compute.instances.getShieldedInstanceIdentity compute.instances.getShieldedVmIdentity compute.instances.list compute.instances.listEffectiveTags compute.instances.listReferrers compute.instances.listTagBindings compute.instances.osAdminLogin compute.instances.osLogin compute.instances.removeMaintenancePolicies compute.instances.removeResourcePolicies compute.instances.reset compute.instances.resume compute.instances.sendDiagnosticInterrupt compute.instances.setDeletionProtection compute.instances.setDiskAutoDelete compute.instances.setIamPolicy compute.instances.setLabels compute.instances.setMachineResources compute.instances.setMachineType compute.instances.setMetadata compute.instances.setMinCpuPlatform compute.instances.setName compute.instances.setScheduling compute.instances.setSecurityPolicy compute.instances.setServiceAccount compute.instances.setShieldedInstanceIntegrityPolicy compute.instances.setShieldedVmIntegrityPolicy compute.instances.setTags compute.instances.simulateMaintenanceEvent compute.instances.start compute.instances.startWithEncryptionKey compute.instances.stop compute.instances.suspend compute.instances.update compute.instances.updateAccessConfig compute.instances.updateDisplayDevice compute.instances.updateNetworkInterface compute.instances.updateSecurity compute.instances.updateShieldedInstanceConfig compute.instances.updateShieldedVmConfig compute.instances.use compute.instances.useReadOnly compute.instantSnapshots.create compute.instantSnapshots.delete compute.instantSnapshots.export compute.instantSnapshots.get compute.instantSnapshots.getIamPolicy compute.instantSnapshots.list compute.instantSnapshots.setIamPolicy compute.instantSnapshots.setLabels compute.instantSnapshots.useReadOnly compute.interconnectAttachments.create compute.interconnectAttachments.delete compute.interconnectAttachments.get compute.interconnectAttachments.list compute.interconnectAttachments.setLabels compute.interconnectAttachments.update compute.interconnectAttachments.use compute.interconnectLocations.get compute.interconnectLocations.list compute.interconnectRemoteLocations.get compute.interconnectRemoteLocations.list compute.interconnects.create compute.interconnects.delete compute.interconnects.get compute.interconnects.list compute.interconnects.setLabels compute.interconnects.update compute.interconnects.use compute.licenseCodes.get compute.licenseCodes.getIamPolicy compute.licenseCodes.list compute.licenseCodes.setIamPolicy compute.licenseCodes.update compute.licenseCodes.use compute.licenses.create compute.licenses.delete compute.licenses.get compute.licenses.getiamPolicy compute.licenses.list compute.licenses.setIamPolicy compute.machineImages.create compute.machineImages.delete compute.machineImages.get compute.machineImages.getIamPolicy compute.machineImages.list compute.machineImages.setIamPolicy compute.machineImages.useReadOnly compute.machineTypes.get compute.machineTypes.list compute.maintenancePolicies.create compute.maintenancePolicies.delete compute.maintenancePolicies.get compute.maintenancePolicies.getIamPolicy compute.maintenancePolicies.list compute.maintenancePolicies.setIamPolicy compute.maintenancePolicies.use compute.networkAttachments.create compute.networkAttachments.delete compute.networkAttachments.get compute.networkAttachments.list compute.networkEdgeSecurityServices.create compute.networkEdgeSecurityServices.delete compute.networkEdgeSecurityServices.get compute.networkEdgeSecurityServices.list compute.networkEdgeSecurityServices.update compute.networkEndpointGroups.attachNetworkEndpoints compute.networkEndpointGroups.create compute.networkEndpointGroups.delete compute.networkEndpointGroups.detachNetworkEndpoints compute.networkEndpointGroups.get compute.networkEndpointGroups.getIamPolicy compute.networkEndpointGroups.list compute.networkEndpointGroups.setIamPolicy compute.networkEndpointGroups.use compute.networks.access compute.networks.addPeering compute.networks.create compute.networks.delete compute.networks.get compute.networks.getEffectiveFirewalls compute.networks.getRegionEffectiveFirewalls compute.networks.list compute.networks.listPeeringRoutes compute.networks.mirror compute.networks.removePeering compute.networks.setFirewallPolicy compute.networks.switchToCustomMode compute.networks.update compute.networks.updatePeering compute.networks.updatePolicy compute.networks.use compute.networks.useExternalIp compute.nodeGroups.addNodes compute.nodeGroups.create compute.nodeGroups.delete compute.nodeGroups.deleteNodes compute.nodeGroups.get compute.nodeGroups.getIamPolicy compute.nodeGroups.list compute.nodeGroups.setIamPolicy compute.nodeGroups.setNodeTemplate compute.nodeGroups.simulateMaintenanceEvent compute.nodeGroups.update compute.nodeTemplates.create compute.nodeTemplates.delete compute.nodeTemplates.get compute.nodeTemplates.getIamPolicy compute.nodeTemplates.list compute.nodeTemplates.setIamPolicy compute.nodeTypes.get compute.nodeTypes.list compute.organizations.administerXpn compute.organizations.disableXpnHost compute.organizations.disableXpnResource compute.organizations.enableXpnHost compute.organizations.enableXpnResource compute.organizations.listAssociations compute.organizations.setFirewallPolicy compute.organizations.setSecurityPolicy compute.oslogin.updateExternalUser compute.packetMirrorings.create compute.packetMirrorings.delete compute.packetMirrorings.get compute.packetMirrorings.list compute.packetMirrorings.update compute.projects.get compute.projects.setCommonInstanceMetadata compute.projects.setDefaultNetworkTier compute.projects.setDefaultServiceAccount compute.projects.setUsageExportBucket compute.publicAdvertisedPrefixes.create compute.publicAdvertisedPrefixes.delete compute.publicAdvertisedPrefixes.get compute.publicAdvertisedPrefixes.list compute.publicAdvertisedPrefixes.update compute.publicAdvertisedPrefixes.updatePolicy compute.publicAdvertisedPrefixes.use compute.publicDelegatedPrefixes.create compute.publicDelegatedPrefixes.delete compute.publicDelegatedPrefixes.get compute.publicDelegatedPrefixes.list compute.publicDelegatedPrefixes.update compute.publicDelegatedPrefixes.updatePolicy compute.publicDelegatedPrefixes.use compute.regionBackendServices.create compute.regionBackendServices.delete compute.regionBackendServices.get compute.regionBackendServices.getIamPolicy compute.regionBackendServices.list compute.regionBackendServices.setIamPolicy compute.regionBackendServices.setSecurityPolicy compute.regionBackendServices.update compute.regionBackendServices.use compute.regionFirewallPolicies.cloneRules compute.regionFirewallPolicies.create compute.regionFirewallPolicies.delete compute.regionFirewallPolicies.get compute.regionFirewallPolicies.getIamPolicy compute.regionFirewallPolicies.list compute.regionFirewallPolicies.setIamPolicy compute.regionFirewallPolicies.update compute.regionFirewallPolicies.use compute.regionHealthCheckServices.create compute.regionHealthCheckServices.delete compute.regionHealthCheckServices.get compute.regionHealthCheckServices.list compute.regionHealthCheckServices.update compute.regionHealthCheckServices.use compute.regionHealthChecks.create compute.regionHealthChecks.delete compute.regionHealthChecks.get compute.regionHealthChecks.list compute.regionHealthChecks.update compute.regionHealthChecks.use compute.regionHealthChecks.useReadOnly compute.regionNetworkEndpointGroups.attachNetworkEndpoints compute.regionNetworkEndpointGroups.create compute.regionNetworkEndpointGroups.delete compute.regionNetworkEndpointGroups.detachNetworkEndpoints compute.regionNetworkEndpointGroups.get compute.regionNetworkEndpointGroups.list compute.regionNetworkEndpointGroups.use compute.regionNotificationEndpoints.create compute.regionNotificationEndpoints.delete compute.regionNotificationEndpoints.get compute.regionNotificationEndpoints.list compute.regionNotificationEndpoints.update compute.regionNotificationEndpoints.use compute.regionOperations.delete compute.regionOperations.get compute.regionOperations.getIamPolicy compute.regionOperations.list compute.regionOperations.setIamPolicy compute.regionSecurityPolicies.create compute.regionSecurityPolicies.delete compute.regionSecurityPolicies.get compute.regionSecurityPolicies.list compute.regionSecurityPolicies.update compute.regionSecurityPolicies.use compute.regionSslCertificates.create compute.regionSslCertificates.delete compute.regionSslCertificates.get compute.regionSslCertificates.list compute.regionSslPolicies.create compute.regionSslPolicies.delete compute.regionSslPolicies.get compute.regionSslPolicies.list compute.regionSslPolicies.listAvailableFeatures compute.regionSslPolicies.update compute.regionSslPolicies.use compute.regionTargetHttpProxies.create compute.regionTargetHttpProxies.delete compute.regionTargetHttpProxies.get compute.regionTargetHttpProxies.list compute.regionTargetHttpProxies.setUrlMap compute.regionTargetHttpProxies.update compute.regionTargetHttpProxies.use compute.regionTargetHttpsProxies.create compute.regionTargetHttpsProxies.delete compute.regionTargetHttpsProxies.get compute.regionTargetHttpsProxies.list compute.regionTargetHttpsProxies.setSslCertificates compute.regionTargetHttpsProxies.setUrlMap compute.regionTargetHttpsProxies.update compute.regionTargetHttpsProxies.use compute.regionTargetTcpProxies.create compute.regionTargetTcpProxies.delete compute.regionTargetTcpProxies.get compute.regionTargetTcpProxies.list compute.regionTargetTcpProxies.use compute.regionUrlMaps.create compute.regionUrlMaps.delete compute.regionUrlMaps.get compute.regionUrlMaps.invalidateCache compute.regionUrlMaps.list compute.regionUrlMaps.update compute.regionUrlMaps.use compute.regionUrlMaps.validate compute.regions.get compute.regions.list compute.reservations.create compute.reservations.delete compute.reservations.get compute.reservations.list compute.reservations.resize compute.reservations.update compute.resourcePolicies.create compute.resourcePolicies.delete compute.resourcePolicies.get compute.resourcePolicies.getIamPolicy compute.resourcePolicies.list compute.resourcePolicies.setIamPolicy compute.resourcePolicies.update compute.resourcePolicies.use compute.resourcePolicies.useReadOnly compute.routers.create compute.routers.delete compute.routers.get compute.routers.list compute.routers.update compute.routers.use compute.routes.create compute.routes.delete compute.routes.get compute.routes.list compute.securityPolicies.addAssociation compute.securityPolicies.copyRules compute.securityPolicies.create compute.securityPolicies.delete compute.securityPolicies.get compute.securityPolicies.getIamPolicy compute.securityPolicies.list compute.securityPolicies.move compute.securityPolicies.removeAssociation compute.securityPolicies.setIamPolicy compute.securityPolicies.setLabels compute.securityPolicies.update compute.securityPolicies.use compute.serviceAttachments.create compute.serviceAttachments.delete compute.serviceAttachments.get compute.serviceAttachments.getIamPolicy compute.serviceAttachments.list compute.serviceAttachments.setIamPolicy compute.serviceAttachments.update compute.serviceAttachments.use compute.snapshots.create compute.snapshots.createTagBinding compute.snapshots.delete compute.snapshots.deleteTagBinding compute.snapshots.get compute.snapshots.getiamPolicy compute.snapshots.list compute.snapshots.listEffectiveTags compute.snapshots.listTagBindings compute.snapshots.setiamPolicy compute.snapshots.setLabels compute.snapshots.useReadOnly compute.sslCertificates.create compute.sslCertificates.delete compute.sslCertificates.get compute.sslCertificates.list compute.sslPolicies.create compute.sslPolicies.delete compute.sslPolicies.get compute.sslPolicies.list compute.sslPolicies.listAvailableFeatures compute.sslPolicies.update compute.sslPolicies.use compute.subnetworks.create compute.subnetworks.delete compute.subnetworks.expandIpCidrRange compute.subnetworks.get compute.subnetworks.getIamPolicy compute.subnetworks.list compute.subnetworks.mirror compute.subnetworks.setIamPolicy compute.subnetworks.setPrivateIpGoogleAccess compute.subnetworks.update compute.subnetworks.use compute.subnetworks.useExternalIp compute.targetGrpcProxies.create compute.targetGrpcProxies.delete compute.targetGrpcProxies.get compute.targetGrpcProxies.list compute.targetGrpcProxies.update compute.targetGrpcProxies.use compute.targetHttpProxies.create compute.targetHttpProxies.delete compute.targetHttpProxies.get compute.targetHttpProxies.list compute.targetHttpProxies.setUrlMap compute.targetHttpProxies.update compute.targetHttpProxies.use compute.targetHttpsProxies.create compute.targetHttpsProxies.delete compute.targetHttpsProxies.get compute.targetHttpsProxies.list compute.targetHttpsProxies.setCertificateMap compute.targetHttpsProxies.setQuicOverride compute.targetHttpsProxies.setSslCertificates compute.targetHttpsProxies.setSslPolicy compute.targetHttpsProxies.setUrlMap compute.targetHttpsProxies.update compute.targetHttpsProxies.use compute.targetInstances.create compute.targetInstances.delete compute.targetInstances.get compute.targetInstances.list compute.targetInstances.setSecurityPolicy compute.targetInstances.use compute.targetPools.addHealthCheck compute.targetPools.addInstance compute.targetPools.create compute.targetPools.delete compute.targetPools.get compute.targetPools.list compute.targetPools.removeHealthCheck compute.targetPools.removeInstance compute.targetPools.setSecurityPolicy compute.targetPools.update compute.targetPools.use compute.targetSslProxies.create compute.targetSslProxies.delete compute.targetSslProxies.get compute.targetSslProxies.list compute.targetSslProxies.setBackendService compute.targetSslProxies.setCertificateMap compute.targetSslProxies.setProxyHeader compute.targetSslProxies.setSslCertificates compute.targetSslProxies.setSslPolicy compute.targetSslProxies.update compute.targetSslProxies.use compute.targetTcpProxies.create compute.targetTcpProxies.delete compute.targetTcpProxies.get compute.targetTcpProxies.list compute.targetTcpProxies.update compute.targetTcpProxies.use compute.targetVpnGateways.create compute.targetVpnGateways.delete compute.targetVpnGateways.get compute.targetVpnGateways.list compute.targetVpnGateways.setLabels compute.targetVpnGateways.use compute.urlMaps.create compute.urlMaps.delete compute.urlMaps.get compute.urlMaps.invalidateCache compute.urlMaps.list compute.urlMaps.update compute.urlMaps.use compute.urlMaps.validate compute.vpnGateways.create compute.vpnGateways.delete compute.vpnGateways.get compute.vpnGateways.list compute.vpnGateways.setLabels compute.vpnGateways.use compute.vpnTunnels.create compute.vpnTunnels.delete compute.vpnTunnels.get compute.vpnTunnels.list compute.vpnTunnels.setLabels compute.zoneOperations.delete compute.zoneOperations.get compute.zoneOperations.getIamPolicy compute.zoneOperations.list compute.zoneOperations.setIamPolicy compute.zones.get compute.zones.list resourcemanager.projects.get resourcemanager.projects.list serviceusage.quotas.get serviceusage.services.get serviceusage.services.list

Administrateur de Compute

(roles/compute.admin)

Contrôle complet des ressources Compute Engine.

Si l'utilisateur est amené à gérer des instances de machines virtuelles configurées pour s'exécuter en tant que compte de service, vous devez également lui accorder le rôle roles/iam.serviceAccountUser.

Ressources de niveau inférieur auxquelles vous pouvez attribuer ce rôle :

Disque
Image
Instance
Modèle d'instance
Groupe de nœuds
Modèle de nœud
Instantané ^Bêta

compute.*

compute.acceleratorTypes.get
compute.acceleratorTypes.list
compute.addresses.create
compute.addresses.createInternal
compute.addresses.delete
compute.addresses.deleteInternal
compute.addresses.get
compute.addresses.list
compute.addresses.setLabels
compute.addresses.use
compute.addresses.useInternal
compute.autoscalers.create
compute.autoscalers.delete
compute.autoscalers.get
compute.autoscalers.list
compute.autoscalers.update
compute.backendBuckets.addSignedUrlKey
compute.backendBuckets.create
compute.backendBuckets.delete
compute.backendBuckets.deleteSignedUrlKey
compute.backendBuckets.get
compute.backendBuckets.getIamPolicy
compute.backendBuckets.list
compute.backendBuckets.setIamPolicy
compute.backendBuckets.setSecurityPolicy
compute.backendBuckets.update
compute.backendBuckets.use
compute.backendServices.addSignedUrlKey
compute.backendServices.create
compute.backendServices.delete
compute.backendServices.deleteSignedUrlKey
compute.backendServices.get
compute.backendServices.getIamPolicy
compute.backendServices.list
compute.backendServices.setIamPolicy
compute.backendServices.setSecurityPolicy
compute.backendservices.update
compute.backendServices.use
compute.commitments.create
compute.commitments.get
compute.commitments.list
compute.commitments.update
compute.commitments.updateReservations
compute.diskTypes.get
compute.diskTypes.list
compute.disks.addResourcePolicies
compute.disks.create
compute.disks.createSnapshot
compute.disks.createTagBinding
compute.disks.delete
compute.disks.deleteTagBinding
compute.disks.get
compute.disks.getiamPolicy
compute.disks.list
compute.disks.listEffectiveTags
compute.disks.listTagBindings
compute.disks.removeResourcePolicies
compute.disks.resize
compute.disks.setIamPolicy
compute.disks.setLabels
compute.disks.startAsyncReplication
compute.disks.stopAsyncReplication
compute.disks.stopGroupAsyncReplication
compute.disks.update
compute.disks.use
compute.disks.useReadOnly
compute.externalVpnGateways.create
compute.externalVpnGateways.delete
compute.externalVpnGateways.get
compute.externalVpnGateways.list
compute.externalVpnGateways.setLabels
compute.externalVpnGateways.use
compute.firewallPolicies.addAssociation
compute.firewallPolicies.cloneRules
compute.firewallPolicies.copyRules
compute.firewallPolicies.create
compute.firewallPolicies.delete
compute.firewallPolicies.get
compute.firewallPolicies.getIamPolicy
compute.firewallPolicies.list
compute.firewallPolicies.move
compute.firewallPolicies.removeAssociation
compute.firewallPolicies.setIamPolicy
compute.firewallPolicies.update
compute.firewallPolicies.use
compute.firewalls.create
compute.firewalls.delete
compute.firewalls.get
compute.firewalls.list
compute.firewalls.update
compute.forwardingRules.create
compute.forwardingRules.delete
compute.forwardingRules.get
compute.forwardingRules.list
compute.forwardingRules.pscCreate
compute.forwardingRules.pscDelete
compute.forwardingRules.pscSetLabels
compute.forwardingRules.pscSetTarget
compute.forwardingRules.pscUpdate
compute.forwardingRules.setLabels
compute.forwardingRules.setTarget
compute.forwardingRules.update
compute.forwardingRules.use
compute.globalAddresses.create
compute.globalAddresses.createInternal
compute.globalAddresses.delete
compute.globalAddresses.deleteInternal
compute.globalAddresses.get
compute.globalAddresses.list
compute.globalAddresses.setLabels
compute.globalAddresses.use
compute.globalForwardingRules.create
compute.globalForwardingRules.delete
compute.globalForwardingRules.get
compute.globalForwardingRules.list
compute.globalForwardingRules.pscCreate
compute.globalForwardingRules.pscDelete
compute.globalForwardingRules.pscGet
compute.globalForwardingRules.pscSetLabels
compute.globalForwardingRules.pscSetTarget
compute.globalForwardingRules.pscUpdate
compute.globalForwardingRules.setLabels
compute.globalForwardingRules.setTarget
compute.globalForwardingRules.update
compute.globalNetworkEndpointGroups.attachNetworkEndpoints
compute.globalNetworkEndpointGroups.create
compute.globalNetworkEndpointGroups.delete
compute.globalNetworkEndpointGroups.detachNetworkEndpoints
compute.globalNetworkEndpointGroups.get
compute.globalNetworkEndpointGroups.list
compute.globalNetworkEndpointGroups.use
compute.globalOperations.delete
compute.globalOperations.get
compute.globalOperations.getIamPolicy
compute.globalOperations.list
compute.globalOperations.setIamPolicy
compute.globalPublicDelegatedPrefixes.create
compute.globalPublicDelegatedPrefixes.delete
compute.globalPublicDelegatedPrefixes.get
compute.globalPublicDelegatedPrefixes.list
compute.globalPublicDelegatedPrefixes.update
compute.globalPublicDelegatedPrefixes.updatePolicy
compute.globalPublicDelegatedPrefixes.use
compute.healthChecks.create
compute.healthChecks.delete
compute.healthChecks.get
compute.healthChecks.list
compute.healthChecks.update
compute.healthChecks.use
compute.healthChecks.useReadOnly
compute.httpHealthChecks.create
compute.httpHealthChecks.delete
compute.httpHealthChecks.get
compute.httpHealthChecks.list
compute.httpHealthChecks.update
compute.httpHealthChecks.use
compute.httpHealthChecks.useReadOnly
compute.httpsHealthChecks.create
compute.httpsHealthChecks.delete
compute.httpsHealthChecks.get
compute.httpsHealthChecks.list
compute.httpsHealthChecks.update
compute.httpsHealthChecks.use
compute.httpsHealthChecks.useReadOnly
compute.images.create
compute.images.createTagBinding
compute.images.delete
compute.images.deleteTagBinding
compute.images.deprecate
compute.images.get
compute.images.getFromFamily
compute.images.getiamPolicy
compute.images.list
compute.images.listEffectiveTags
compute.images.listTagBindings
compute.images.setiamPolicy
compute.images.setLabels
compute.images.update
compute.images.useReadOnly
compute.instanceGroupManagers.create
compute.instanceGroupManagers.delete
compute.instanceGroupManagers.get
compute.instanceGroupManagers.list
compute.instanceGroupManagers.update
compute.instanceGroupManagers.use
compute.instanceGroups.create
compute.instanceGroups.delete
compute.instanceGroups.get
compute.instanceGroups.list
compute.instanceGroups.update
compute.instanceGroups.use
compute.instanceTemplates.create
compute.instanceTemplates.delete
compute.instanceTemplates.get
compute.instanceTemplates.getIamPolicy
compute.instanceTemplates.list
compute.instanceTemplates.setIamPolicy
compute.instanceTemplates.useReadOnly
compute.instances.addAccessConfig
compute.instances.addMaintenancePolicies
compute.instances.addResourcePolicies
compute.instances.attachDisk
compute.instances.create
compute.instances.createTagBinding
compute.instances.delete
compute.instances.deleteAccessConfig
compute.instances.deleteTagBinding
compute.instances.detachDisk
compute.instances.get
compute.instances.getEffectiveFirewalls
compute.instances.getGuestAttributes
compute.instances.getIamPolicy
compute.instances.getScreenshot
compute.instances.getSerialPortOutput
compute.instances.getShieldedInstanceIdentity
compute.instances.getShieldedVmIdentity
compute.instances.list
compute.instances.listEffectiveTags
compute.instances.listReferrers
compute.instances.listTagBindings
compute.instances.osAdminLogin
compute.instances.osLogin
compute.instances.removeMaintenancePolicies
compute.instances.removeResourcePolicies
compute.instances.reset
compute.instances.resume
compute.instances.sendDiagnosticInterrupt
compute.instances.setDeletionProtection
compute.instances.setDiskAutoDelete
compute.instances.setIamPolicy
compute.instances.setLabels
compute.instances.setMachineResources
compute.instances.setMachineType
compute.instances.setMetadata
compute.instances.setMinCpuPlatform
compute.instances.setName
compute.instances.setScheduling
compute.instances.setSecurityPolicy
compute.instances.setServiceAccount
compute.instances.setShieldedInstanceIntegrityPolicy
compute.instances.setShieldedVmIntegrityPolicy
compute.instances.setTags
compute.instances.simulateMaintenanceEvent
compute.instances.start
compute.instances.startWithEncryptionKey
compute.instances.stop
compute.instances.suspend
compute.instances.update
compute.instances.updateAccessConfig
compute.instances.updateDisplayDevice
compute.instances.updateNetworkInterface
compute.instances.updateSecurity
compute.instances.updateShieldedInstanceConfig
compute.instances.updateShieldedVmConfig
compute.instances.use
compute.instances.useReadOnly
compute.instantSnapshots.create
compute.instantSnapshots.delete
compute.instantSnapshots.export
compute.instantSnapshots.get
compute.instantSnapshots.getIamPolicy
compute.instantSnapshots.list
compute.instantSnapshots.setIamPolicy
compute.instantSnapshots.setLabels
compute.instantSnapshots.useReadOnly
compute.interconnectAttachments.create
compute.interconnectAttachments.delete
compute.interconnectAttachments.get
compute.interconnectAttachments.list
compute.interconnectAttachments.setLabels
compute.interconnectAttachments.update
compute.interconnectAttachments.use
compute.interconnectLocations.get
compute.interconnectLocations.list
compute.interconnectRemoteLocations.get
compute.interconnectRemoteLocations.list
compute.interconnects.create
compute.interconnects.delete
compute.interconnects.get
compute.interconnects.list
compute.interconnects.setLabels
compute.interconnects.update
compute.interconnects.use
compute.licenseCodes.get
compute.licenseCodes.getIamPolicy
compute.licenseCodes.list
compute.licenseCodes.setIamPolicy
compute.licenseCodes.update
compute.licenseCodes.use
compute.licenses.create
compute.licenses.delete
compute.licenses.get
compute.licenses.getiamPolicy
compute.licenses.list
compute.licenses.setIamPolicy
compute.machineImages.create
compute.machineImages.delete
compute.machineImages.get
compute.machineImages.getIamPolicy
compute.machineImages.list
compute.machineImages.setIamPolicy
compute.machineImages.useReadOnly
compute.machineTypes.get
compute.machineTypes.list
compute.maintenancePolicies.create
compute.maintenancePolicies.delete
compute.maintenancePolicies.get
compute.maintenancePolicies.getIamPolicy
compute.maintenancePolicies.list
compute.maintenancePolicies.setIamPolicy
compute.maintenancePolicies.use
compute.networkAttachments.create
compute.networkAttachments.delete
compute.networkAttachments.get
compute.networkAttachments.list
compute.networkEdgeSecurityServices.create
compute.networkEdgeSecurityServices.delete
compute.networkEdgeSecurityServices.get
compute.networkEdgeSecurityServices.list
compute.networkEdgeSecurityServices.update
compute.networkEndpointGroups.attachNetworkEndpoints
compute.networkEndpointGroups.create
compute.networkEndpointGroups.delete
compute.networkEndpointGroups.detachNetworkEndpoints
compute.networkEndpointGroups.get
compute.networkEndpointGroups.getIamPolicy
compute.networkEndpointGroups.list
compute.networkEndpointGroups.setIamPolicy
compute.networkEndpointGroups.use
compute.networks.access
compute.networks.addPeering
compute.networks.create
compute.networks.delete
compute.networks.get
compute.networks.getEffectiveFirewalls
compute.networks.getRegionEffectiveFirewalls
compute.networks.list
compute.networks.listPeeringRoutes
compute.networks.mirror
compute.networks.removePeering
compute.networks.setFirewallPolicy
compute.networks.switchToCustomMode
compute.networks.update
compute.networks.updatePeering
compute.networks.updatePolicy
compute.networks.use
compute.networks.useExternalIp
compute.nodeGroups.addNodes
compute.nodeGroups.create
compute.nodeGroups.delete
compute.nodeGroups.deleteNodes
compute.nodeGroups.get
compute.nodeGroups.getIamPolicy
compute.nodeGroups.list
compute.nodeGroups.setIamPolicy
compute.nodeGroups.setNodeTemplate
compute.nodeGroups.simulateMaintenanceEvent
compute.nodeGroups.update
compute.nodeTemplates.create
compute.nodeTemplates.delete
compute.nodeTemplates.get
compute.nodeTemplates.getIamPolicy
compute.nodeTemplates.list
compute.nodeTemplates.setIamPolicy
compute.nodeTypes.get
compute.nodeTypes.list
compute.organizations.administerXpn
compute.organizations.disableXpnHost
compute.organizations.disableXpnResource
compute.organizations.enableXpnHost
compute.organizations.enableXpnResource
compute.organizations.listAssociations
compute.organizations.setFirewallPolicy
compute.organizations.setSecurityPolicy
compute.oslogin.updateExternalUser
compute.packetMirrorings.create
compute.packetMirrorings.delete
compute.packetMirrorings.get
compute.packetMirrorings.list
compute.packetMirrorings.update
compute.projects.get
compute.projects.setCommonInstanceMetadata
compute.projects.setDefaultNetworkTier
compute.projects.setDefaultServiceAccount
compute.projects.setUsageExportBucket
compute.publicAdvertisedPrefixes.create
compute.publicAdvertisedPrefixes.delete
compute.publicAdvertisedPrefixes.get
compute.publicAdvertisedPrefixes.list
compute.publicAdvertisedPrefixes.update
compute.publicAdvertisedPrefixes.updatePolicy
compute.publicAdvertisedPrefixes.use
compute.publicDelegatedPrefixes.create
compute.publicDelegatedPrefixes.delete
compute.publicDelegatedPrefixes.get
compute.publicDelegatedPrefixes.list
compute.publicDelegatedPrefixes.update
compute.publicDelegatedPrefixes.updatePolicy
compute.publicDelegatedPrefixes.use
compute.regionBackendServices.create
compute.regionBackendServices.delete
compute.regionBackendServices.get
compute.regionBackendServices.getIamPolicy
compute.regionBackendServices.list
compute.regionBackendServices.setIamPolicy
compute.regionBackendServices.setSecurityPolicy
compute.regionBackendServices.update
compute.regionBackendServices.use
compute.regionFirewallPolicies.cloneRules
compute.regionFirewallPolicies.create
compute.regionFirewallPolicies.delete
compute.regionFirewallPolicies.get
compute.regionFirewallPolicies.getIamPolicy
compute.regionFirewallPolicies.list
compute.regionFirewallPolicies.setIamPolicy
compute.regionFirewallPolicies.update
compute.regionFirewallPolicies.use
compute.regionHealthCheckServices.create
compute.regionHealthCheckServices.delete
compute.regionHealthCheckServices.get
compute.regionHealthCheckServices.list
compute.regionHealthCheckServices.update
compute.regionHealthCheckServices.use
compute.regionHealthChecks.create
compute.regionHealthChecks.delete
compute.regionHealthChecks.get
compute.regionHealthChecks.list
compute.regionHealthChecks.update
compute.regionHealthChecks.use
compute.regionHealthChecks.useReadOnly
compute.regionNetworkEndpointGroups.attachNetworkEndpoints
compute.regionNetworkEndpointGroups.create
compute.regionNetworkEndpointGroups.delete
compute.regionNetworkEndpointGroups.detachNetworkEndpoints
compute.regionNetworkEndpointGroups.get
compute.regionNetworkEndpointGroups.list
compute.regionNetworkEndpointGroups.use
compute.regionNotificationEndpoints.create
compute.regionNotificationEndpoints.delete
compute.regionNotificationEndpoints.get
compute.regionNotificationEndpoints.list
compute.regionNotificationEndpoints.update
compute.regionNotificationEndpoints.use
compute.regionOperations.delete
compute.regionOperations.get
compute.regionOperations.getIamPolicy
compute.regionOperations.list
compute.regionOperations.setIamPolicy
compute.regionSecurityPolicies.create
compute.regionSecurityPolicies.delete
compute.regionSecurityPolicies.get
compute.regionSecurityPolicies.list
compute.regionSecurityPolicies.update
compute.regionSecurityPolicies.use
compute.regionSslCertificates.create
compute.regionSslCertificates.delete
compute.regionSslCertificates.get
compute.regionSslCertificates.list
compute.regionSslPolicies.create
compute.regionSslPolicies.delete
compute.regionSslPolicies.get
compute.regionSslPolicies.list
compute.regionSslPolicies.listAvailableFeatures
compute.regionSslPolicies.update
compute.regionSslPolicies.use
compute.regionTargetHttpProxies.create
compute.regionTargetHttpProxies.delete
compute.regionTargetHttpProxies.get
compute.regionTargetHttpProxies.list
compute.regionTargetHttpProxies.setUrlMap
compute.regionTargetHttpProxies.update
compute.regionTargetHttpProxies.use
compute.regionTargetHttpsProxies.create
compute.regionTargetHttpsProxies.delete
compute.regionTargetHttpsProxies.get
compute.regionTargetHttpsProxies.list
compute.regionTargetHttpsProxies.setSslCertificates
compute.regionTargetHttpsProxies.setUrlMap
compute.regionTargetHttpsProxies.update
compute.regionTargetHttpsProxies.use
compute.regionTargetTcpProxies.create
compute.regionTargetTcpProxies.delete
compute.regionTargetTcpProxies.get
compute.regionTargetTcpProxies.list
compute.regionTargetTcpProxies.use
compute.regionUrlMaps.create
compute.regionUrlMaps.delete
compute.regionUrlMaps.get
compute.regionUrlMaps.invalidateCache
compute.regionUrlMaps.list
compute.regionUrlMaps.update
compute.regionUrlMaps.use
compute.regionUrlMaps.validate
compute.regions.get
compute.regions.list
compute.reservations.create
compute.reservations.delete
compute.reservations.get
compute.reservations.list
compute.reservations.resize
compute.reservations.update
compute.resourcePolicies.create
compute.resourcePolicies.delete
compute.resourcePolicies.get
compute.resourcePolicies.getIamPolicy
compute.resourcePolicies.list
compute.resourcePolicies.setIamPolicy
compute.resourcePolicies.update
compute.resourcePolicies.use
compute.resourcePolicies.useReadOnly
compute.routers.create
compute.routers.delete
compute.routers.get
compute.routers.list
compute.routers.update
compute.routers.use
compute.routes.create
compute.routes.delete
compute.routes.get
compute.routes.list
compute.securityPolicies.addAssociation
compute.securityPolicies.copyRules
compute.securityPolicies.create
compute.securityPolicies.delete
compute.securityPolicies.get
compute.securityPolicies.getIamPolicy
compute.securityPolicies.list
compute.securityPolicies.move
compute.securityPolicies.removeAssociation
compute.securityPolicies.setIamPolicy
compute.securityPolicies.setLabels
compute.securityPolicies.update
compute.securityPolicies.use
compute.serviceAttachments.create
compute.serviceAttachments.delete
compute.serviceAttachments.get
compute.serviceAttachments.getIamPolicy
compute.serviceAttachments.list
compute.serviceAttachments.setIamPolicy
compute.serviceAttachments.update
compute.serviceAttachments.use
compute.snapshots.create
compute.snapshots.createTagBinding
compute.snapshots.delete
compute.snapshots.deleteTagBinding
compute.snapshots.get
compute.snapshots.getiamPolicy
compute.snapshots.list
compute.snapshots.listEffectiveTags
compute.snapshots.listTagBindings
compute.snapshots.setiamPolicy
compute.snapshots.setLabels
compute.snapshots.useReadOnly
compute.sslCertificates.create
compute.sslCertificates.delete
compute.sslCertificates.get
compute.sslCertificates.list
compute.sslPolicies.create
compute.sslPolicies.delete
compute.sslPolicies.get
compute.sslPolicies.list
compute.sslPolicies.listAvailableFeatures
compute.sslPolicies.update
compute.sslPolicies.use
compute.subnetworks.create
compute.subnetworks.delete
compute.subnetworks.expandIpCidrRange
compute.subnetworks.get
compute.subnetworks.getIamPolicy
compute.subnetworks.list
compute.subnetworks.mirror
compute.subnetworks.setIamPolicy
compute.subnetworks.setPrivateIpGoogleAccess
compute.subnetworks.update
compute.subnetworks.use
compute.subnetworks.useExternalIp
compute.targetGrpcProxies.create
compute.targetGrpcProxies.delete
compute.targetGrpcProxies.get
compute.targetGrpcProxies.list
compute.targetGrpcProxies.update
compute.targetGrpcProxies.use
compute.targetHttpProxies.create
compute.targetHttpProxies.delete
compute.targetHttpProxies.get
compute.targetHttpProxies.list
compute.targetHttpProxies.setUrlMap
compute.targetHttpProxies.update
compute.targetHttpProxies.use
compute.targetHttpsProxies.create
compute.targetHttpsProxies.delete
compute.targetHttpsProxies.get
compute.targetHttpsProxies.list
compute.targetHttpsProxies.setCertificateMap
compute.targetHttpsProxies.setQuicOverride
compute.targetHttpsProxies.setSslCertificates
compute.targetHttpsProxies.setSslPolicy
compute.targetHttpsProxies.setUrlMap
compute.targetHttpsProxies.update
compute.targetHttpsProxies.use
compute.targetInstances.create
compute.targetInstances.delete
compute.targetInstances.get
compute.targetInstances.list
compute.targetInstances.setSecurityPolicy
compute.targetInstances.use
compute.targetPools.addHealthCheck
compute.targetPools.addInstance
compute.targetPools.create
compute.targetPools.delete
compute.targetPools.get
compute.targetPools.list
compute.targetPools.removeHealthCheck
compute.targetPools.removeInstance
compute.targetPools.setSecurityPolicy
compute.targetPools.update
compute.targetPools.use
compute.targetSslProxies.create
compute.targetSslProxies.delete
compute.targetSslProxies.get
compute.targetSslProxies.list
compute.targetSslProxies.setBackendService
compute.targetSslProxies.setCertificateMap
compute.targetSslProxies.setProxyHeader
compute.targetSslProxies.setSslCertificates
compute.targetSslProxies.setSslPolicy
compute.targetSslProxies.update
compute.targetSslProxies.use
compute.targetTcpProxies.create
compute.targetTcpProxies.delete
compute.targetTcpProxies.get
compute.targetTcpProxies.list
compute.targetTcpProxies.update
compute.targetTcpProxies.use
compute.targetVpnGateways.create
compute.targetVpnGateways.delete
compute.targetVpnGateways.get
compute.targetVpnGateways.list
compute.targetVpnGateways.setLabels
compute.targetVpnGateways.use
compute.urlMaps.create
compute.urlMaps.delete
compute.urlMaps.get
compute.urlMaps.invalidateCache
compute.urlMaps.list
compute.urlMaps.update
compute.urlMaps.use
compute.urlMaps.validate
compute.vpnGateways.create
compute.vpnGateways.delete
compute.vpnGateways.get
compute.vpnGateways.list
compute.vpnGateways.setLabels
compute.vpnGateways.use
compute.vpnTunnels.create
compute.vpnTunnels.delete
compute.vpnTunnels.get
compute.vpnTunnels.list
compute.vpnTunnels.setLabels
compute.zoneOperations.delete
compute.zoneOperations.get
compute.zoneOperations.getIamPolicy
compute.zoneOperations.list
compute.zoneOperations.setIamPolicy
compute.zones.get
compute.zones.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Rôle d'utilisateur d'images Compute

Détails Autorisations

Détails	Autorisations
Utilisateur d'images Compute (`roles/compute.imageUser`) Permet de répertorier et de lire des images sans disposer d'autres autorisations sur celles-ci. L'attribution de ce rôle au niveau du projet permet aux utilisateurs de répertorier toutes les images du projet et de créer des ressources, telles que des instances et des disques persistants, en fonction des images du projet. Ressources de niveau inférieur auxquelles vous pouvez attribuer ce rôle : Image^Bêta	compute.images.get compute.images.getFromFamily compute.images.list compute.images.useReadOnly resourcemanager.projects.get resourcemanager.projects.list serviceusage.quotas.get serviceusage.services.get serviceusage.services.list

Utilisateur d'images Compute

(roles/compute.imageUser)

Permet de répertorier et de lire des images sans disposer d'autres autorisations sur celles-ci. L'attribution de ce rôle au niveau du projet permet aux utilisateurs de répertorier toutes les images du projet et de créer des ressources, telles que des instances et des disques persistants, en fonction des images du projet.

Ressources de niveau inférieur auxquelles vous pouvez attribuer ce rôle :

Image^Bêta

compute.images.get

compute.images.getFromFamily

compute.images.list

compute.images.useReadOnly

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Rôle d'administrateur d'instances Compute (version bêta)

Détails Autorisations

Détails	Autorisations
Administrateur d'instances Compute (version bêta) (`roles/compute.instanceAdmin`) Autorisations permettant de créer, modifier et supprimer des instances de machine virtuelle. Cela inclut les autorisations nécessaires pour créer, modifier et supprimer des disques, ainsi que pour configurer les paramètres de VM protégée. Si l'utilisateur est amené à gérer des instances de machines virtuelles configurées pour s'exécuter en tant que compte de service, vous devez également lui accorder le rôle `roles/iam.serviceAccountUser`. Par exemple, une personne de votre entreprise gère des groupes d'instances de machine virtuelle, mais pas les paramètres réseau ou de sécurité, ni les instances qui s'exécutent en tant que comptes de service. Dans ce cas, vous pouvez accorder ce rôle au niveau de l'organisation, du dossier ou du projet contenant les instances, ou encore l'accorder au niveau d'instances individuelles. Ressources de niveau inférieur auxquelles vous pouvez attribuer ce rôle : Disque Image Instance Modèle d'instance Instantané ^Bêta	compute.acceleratorTypes.* compute.acceleratorTypes.get compute.acceleratorTypes.list compute.addresses.createInternal compute.addresses.deleteInternal compute.addresses.get compute.addresses.list compute.addresses.use compute.addresses.useInternal compute.autoscalers.* compute.autoscalers.create compute.autoscalers.delete compute.autoscalers.get compute.autoscalers.list compute.autoscalers.update compute.diskTypes.* compute.diskTypes.get compute.diskTypes.list compute.disks.create compute.disks.createSnapshot compute.disks.delete compute.disks.get compute.disks.list compute.disks.resize compute.disks.setLabels compute.disks.startAsyncReplication compute.disks.stopAsyncReplication compute.disks.stopGroupAsyncReplication compute.disks.update compute.disks.use compute.disks.useReadOnly compute.globalAddresses.get compute.globalAddresses.list compute.globalAddresses.use compute.globalNetworkEndpointGroups.* compute.globalNetworkEndpointGroups.attachNetworkEndpoints compute.globalNetworkEndpointGroups.create compute.globalNetworkEndpointGroups.delete compute.globalNetworkEndpointGroups.detachNetworkEndpoints compute.globalNetworkEndpointGroups.get compute.globalNetworkEndpointGroups.list compute.globalNetworkEndpointGroups.use compute.globalOperations.get compute.globalOperations.list compute.images.get compute.images.getFromFamily compute.images.list compute.images.useReadOnly compute.instanceGroupManagers.* compute.instanceGroupManagers.create compute.instanceGroupManagers.delete compute.instanceGroupManagers.get compute.instanceGroupManagers.list compute.instanceGroupManagers.update compute.instanceGroupManagers.use compute.instanceGroups.* compute.instanceGroups.create compute.instanceGroups.delete compute.instanceGroups.get compute.instanceGroups.list compute.instanceGroups.update compute.instanceGroups.use compute.instanceTemplates.* compute.instanceTemplates.create compute.instanceTemplates.delete compute.instanceTemplates.get compute.instanceTemplates.getIamPolicy compute.instanceTemplates.list compute.instanceTemplates.setIamPolicy compute.instanceTemplates.useReadOnly compute.instances.* compute.instances.addAccessConfig compute.instances.addMaintenancePolicies compute.instances.addResourcePolicies compute.instances.attachDisk compute.instances.create compute.instances.createTagBinding compute.instances.delete compute.instances.deleteAccessConfig compute.instances.deleteTagBinding compute.instances.detachDisk compute.instances.get compute.instances.getEffectiveFirewalls compute.instances.getGuestAttributes compute.instances.getIamPolicy compute.instances.getScreenshot compute.instances.getSerialPortOutput compute.instances.getShieldedInstanceIdentity compute.instances.getShieldedVmIdentity compute.instances.list compute.instances.listEffectiveTags compute.instances.listReferrers compute.instances.listTagBindings compute.instances.osAdminLogin compute.instances.osLogin compute.instances.removeMaintenancePolicies compute.instances.removeResourcePolicies compute.instances.reset compute.instances.resume compute.instances.sendDiagnosticInterrupt compute.instances.setDeletionProtection compute.instances.setDiskAutoDelete compute.instances.setIamPolicy compute.instances.setLabels compute.instances.setMachineResources compute.instances.setMachineType compute.instances.setMetadata compute.instances.setMinCpuPlatform compute.instances.setName compute.instances.setScheduling compute.instances.setSecurityPolicy compute.instances.setServiceAccount compute.instances.setShieldedInstanceIntegrityPolicy compute.instances.setShieldedVmIntegrityPolicy compute.instances.setTags compute.instances.simulateMaintenanceEvent compute.instances.start compute.instances.startWithEncryptionKey compute.instances.stop compute.instances.suspend compute.instances.update compute.instances.updateAccessConfig compute.instances.updateDisplayDevice compute.instances.updateNetworkInterface compute.instances.updateSecurity compute.instances.updateShieldedInstanceConfig compute.instances.updateShieldedVmConfig compute.instances.use compute.instances.useReadOnly compute.licenses.get compute.licenses.list compute.machineImages.* compute.machineImages.create compute.machineImages.delete compute.machineImages.get compute.machineImages.getIamPolicy compute.machineImages.list compute.machineImages.setIamPolicy compute.machineImages.useReadOnly compute.machineTypes.* compute.machineTypes.get compute.machineTypes.list compute.networkEndpointGroups.* compute.networkEndpointGroups.attachNetworkEndpoints compute.networkEndpointGroups.create compute.networkEndpointGroups.delete compute.networkEndpointGroups.detachNetworkEndpoints compute.networkEndpointGroups.get compute.networkEndpointGroups.getIamPolicy compute.networkEndpointGroups.list compute.networkEndpointGroups.setIamPolicy compute.networkEndpointGroups.use compute.networks.get compute.networks.list compute.networks.use compute.networks.useExternalIp compute.projects.get compute.regionNetworkEndpointGroups.* compute.regionNetworkEndpointGroups.attachNetworkEndpoints compute.regionNetworkEndpointGroups.create compute.regionNetworkEndpointGroups.delete compute.regionNetworkEndpointGroups.detachNetworkEndpoints compute.regionNetworkEndpointGroups.get compute.regionNetworkEndpointGroups.list compute.regionNetworkEndpointGroups.use compute.regionOperations.get compute.regionOperations.list compute.regions.* compute.regions.get compute.regions.list compute.reservations.get compute.reservations.list compute.resourcePolicies.useReadOnly compute.subnetworks.get compute.subnetworks.list compute.subnetworks.use compute.subnetworks.useExternalIp compute.targetPools.get compute.targetPools.list compute.zoneOperations.get compute.zoneOperations.list compute.zones.* compute.zones.get compute.zones.list resourcemanager.projects.get resourcemanager.projects.list serviceusage.quotas.get serviceusage.services.get serviceusage.services.list

Administrateur d'instances Compute (version bêta)

(roles/compute.instanceAdmin)

Autorisations permettant de créer, modifier et supprimer des instances de machine virtuelle. Cela inclut les autorisations nécessaires pour créer, modifier et supprimer des disques, ainsi que pour configurer les paramètres de VM protégée.

Par exemple, une personne de votre entreprise gère des groupes d'instances de machine virtuelle, mais pas les paramètres réseau ou de sécurité, ni les instances qui s'exécutent en tant que comptes de service. Dans ce cas, vous pouvez accorder ce rôle au niveau de l'organisation, du dossier ou du projet contenant les instances, ou encore l'accorder au niveau d'instances individuelles.

Ressources de niveau inférieur auxquelles vous pouvez attribuer ce rôle :

Disque
Image
Instance
Modèle d'instance
Instantané ^Bêta

compute.acceleratorTypes.*

compute.acceleratorTypes.get
compute.acceleratorTypes.list

compute.addresses.createInternal

compute.addresses.deleteInternal

compute.addresses.get

compute.addresses.list

compute.addresses.use

compute.addresses.useInternal

compute.autoscalers.*

compute.autoscalers.create
compute.autoscalers.delete
compute.autoscalers.get
compute.autoscalers.list
compute.autoscalers.update

compute.diskTypes.*

compute.diskTypes.get
compute.diskTypes.list

compute.disks.create

compute.disks.createSnapshot

compute.disks.delete

compute.disks.get

compute.disks.list

compute.disks.resize

compute.disks.setLabels

compute.disks.startAsyncReplication

compute.disks.stopAsyncReplication

compute.disks.stopGroupAsyncReplication

compute.disks.update

compute.disks.use

compute.disks.useReadOnly

compute.globalAddresses.get

compute.globalAddresses.list

compute.globalAddresses.use

compute.globalNetworkEndpointGroups.*

compute.globalNetworkEndpointGroups.attachNetworkEndpoints
compute.globalNetworkEndpointGroups.create
compute.globalNetworkEndpointGroups.delete
compute.globalNetworkEndpointGroups.detachNetworkEndpoints
compute.globalNetworkEndpointGroups.get
compute.globalNetworkEndpointGroups.list
compute.globalNetworkEndpointGroups.use

compute.globalOperations.get

compute.globalOperations.list

compute.images.get

compute.images.getFromFamily

compute.images.list

compute.images.useReadOnly

compute.instanceGroupManagers.*

compute.instanceGroupManagers.create
compute.instanceGroupManagers.delete
compute.instanceGroupManagers.get
compute.instanceGroupManagers.list
compute.instanceGroupManagers.update
compute.instanceGroupManagers.use

compute.instanceGroups.*

compute.instanceGroups.create
compute.instanceGroups.delete
compute.instanceGroups.get
compute.instanceGroups.list
compute.instanceGroups.update
compute.instanceGroups.use

compute.instanceTemplates.*

compute.instanceTemplates.create
compute.instanceTemplates.delete
compute.instanceTemplates.get
compute.instanceTemplates.getIamPolicy
compute.instanceTemplates.list
compute.instanceTemplates.setIamPolicy
compute.instanceTemplates.useReadOnly

compute.instances.*

compute.instances.addAccessConfig
compute.instances.addMaintenancePolicies
compute.instances.addResourcePolicies
compute.instances.attachDisk
compute.instances.create
compute.instances.createTagBinding
compute.instances.delete
compute.instances.deleteAccessConfig
compute.instances.deleteTagBinding
compute.instances.detachDisk
compute.instances.get
compute.instances.getEffectiveFirewalls
compute.instances.getGuestAttributes
compute.instances.getIamPolicy
compute.instances.getScreenshot
compute.instances.getSerialPortOutput
compute.instances.getShieldedInstanceIdentity
compute.instances.getShieldedVmIdentity
compute.instances.list
compute.instances.listEffectiveTags
compute.instances.listReferrers
compute.instances.listTagBindings
compute.instances.osAdminLogin
compute.instances.osLogin
compute.instances.removeMaintenancePolicies
compute.instances.removeResourcePolicies
compute.instances.reset
compute.instances.resume
compute.instances.sendDiagnosticInterrupt
compute.instances.setDeletionProtection
compute.instances.setDiskAutoDelete
compute.instances.setIamPolicy
compute.instances.setLabels
compute.instances.setMachineResources
compute.instances.setMachineType
compute.instances.setMetadata
compute.instances.setMinCpuPlatform
compute.instances.setName
compute.instances.setScheduling
compute.instances.setSecurityPolicy
compute.instances.setServiceAccount
compute.instances.setShieldedInstanceIntegrityPolicy
compute.instances.setShieldedVmIntegrityPolicy
compute.instances.setTags
compute.instances.simulateMaintenanceEvent
compute.instances.start
compute.instances.startWithEncryptionKey
compute.instances.stop
compute.instances.suspend
compute.instances.update
compute.instances.updateAccessConfig
compute.instances.updateDisplayDevice
compute.instances.updateNetworkInterface
compute.instances.updateSecurity
compute.instances.updateShieldedInstanceConfig
compute.instances.updateShieldedVmConfig
compute.instances.use
compute.instances.useReadOnly

compute.licenses.get

compute.licenses.list

compute.machineImages.*

compute.machineImages.create
compute.machineImages.delete
compute.machineImages.get
compute.machineImages.getIamPolicy
compute.machineImages.list
compute.machineImages.setIamPolicy
compute.machineImages.useReadOnly

compute.machineTypes.*

compute.machineTypes.get
compute.machineTypes.list

compute.networkEndpointGroups.*

compute.networkEndpointGroups.attachNetworkEndpoints
compute.networkEndpointGroups.create
compute.networkEndpointGroups.delete
compute.networkEndpointGroups.detachNetworkEndpoints
compute.networkEndpointGroups.get
compute.networkEndpointGroups.getIamPolicy
compute.networkEndpointGroups.list
compute.networkEndpointGroups.setIamPolicy
compute.networkEndpointGroups.use

compute.networks.get

compute.networks.list

compute.networks.use

compute.networks.useExternalIp

compute.projects.get

compute.regionNetworkEndpointGroups.*

compute.regionNetworkEndpointGroups.attachNetworkEndpoints
compute.regionNetworkEndpointGroups.create
compute.regionNetworkEndpointGroups.delete
compute.regionNetworkEndpointGroups.detachNetworkEndpoints
compute.regionNetworkEndpointGroups.get
compute.regionNetworkEndpointGroups.list
compute.regionNetworkEndpointGroups.use

compute.regionOperations.get

compute.regionOperations.list

compute.regions.*

compute.regions.get
compute.regions.list

compute.reservations.get

compute.reservations.list

compute.resourcePolicies.useReadOnly

compute.subnetworks.get

compute.subnetworks.list

compute.subnetworks.use

compute.subnetworks.useExternalIp

compute.targetPools.get

compute.targetPools.list

compute.zoneOperations.get

compute.zoneOperations.list

compute.zones.*

compute.zones.get
compute.zones.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Rôle d'administrateur d'instances Compute (v1)

Détails Autorisations

Détails	Autorisations
Administrateur d'instances Compute (v1) (`roles/compute.instanceAdmin.v1`) Contrôle complet des instances, groupes d'instances, disques, instantanés et images Compute Engine. Fournit un accès en lecture à toutes les ressources réseau Compute Engine. Si vous n'attribuez ce rôle à un utilisateur qu'au niveau d'une instance, cette personne ne peut pas créer d'instances.	compute.acceleratorTypes.* compute.acceleratorTypes.get compute.acceleratorTypes.list compute.addresses.createInternal compute.addresses.deleteInternal compute.addresses.get compute.addresses.list compute.addresses.use compute.addresses.useInternal compute.autoscalers.* compute.autoscalers.create compute.autoscalers.delete compute.autoscalers.get compute.autoscalers.list compute.autoscalers.update compute.backendBuckets.get compute.backendBuckets.list compute.backendServices.get compute.backendServices.list compute.diskTypes.* compute.diskTypes.get compute.diskTypes.list compute.disks.* compute.disks.addResourcePolicies compute.disks.create compute.disks.createSnapshot compute.disks.createTagBinding compute.disks.delete compute.disks.deleteTagBinding compute.disks.get compute.disks.getiamPolicy compute.disks.list compute.disks.listEffectiveTags compute.disks.listTagBindings compute.disks.removeResourcePolicies compute.disks.resize compute.disks.setIamPolicy compute.disks.setLabels compute.disks.startAsyncReplication compute.disks.stopAsyncReplication compute.disks.stopGroupAsyncReplication compute.disks.update compute.disks.use compute.disks.useReadOnly compute.externalVpnGateways.get compute.externalVpnGateways.list compute.firewalls.get compute.firewalls.list compute.forwardingRules.get compute.forwardingRules.list compute.globalAddresses.get compute.globalAddresses.list compute.globalAddresses.use compute.globalForwardingRules.get compute.globalForwardingRules.list compute.globalForwardingRules.pscGet compute.globalNetworkEndpointGroups.* compute.globalNetworkEndpointGroups.attachNetworkEndpoints compute.globalNetworkEndpointGroups.create compute.globalNetworkEndpointGroups.delete compute.globalNetworkEndpointGroups.detachNetworkEndpoints compute.globalNetworkEndpointGroups.get compute.globalNetworkEndpointGroups.list compute.globalNetworkEndpointGroups.use compute.globalOperations.get compute.globalOperations.list compute.healthChecks.get compute.healthChecks.list compute.httpHealthChecks.get compute.httpHealthChecks.list compute.httpsHealthChecks.get compute.httpsHealthChecks.list compute.images.* compute.images.create compute.images.createTagBinding compute.images.delete compute.images.deleteTagBinding compute.images.deprecate compute.images.get compute.images.getFromFamily compute.images.getiamPolicy compute.images.list compute.images.listEffectiveTags compute.images.listTagBindings compute.images.setiamPolicy compute.images.setLabels compute.images.update compute.images.useReadOnly compute.instanceGroupManagers.* compute.instanceGroupManagers.create compute.instanceGroupManagers.delete compute.instanceGroupManagers.get compute.instanceGroupManagers.list compute.instanceGroupManagers.update compute.instanceGroupManagers.use compute.instanceGroups.* compute.instanceGroups.create compute.instanceGroups.delete compute.instanceGroups.get compute.instanceGroups.list compute.instanceGroups.update compute.instanceGroups.use compute.instanceTemplates.* compute.instanceTemplates.create compute.instanceTemplates.delete compute.instanceTemplates.get compute.instanceTemplates.getIamPolicy compute.instanceTemplates.list compute.instanceTemplates.setIamPolicy compute.instanceTemplates.useReadOnly compute.instances.* compute.instances.addAccessConfig compute.instances.addMaintenancePolicies compute.instances.addResourcePolicies compute.instances.attachDisk compute.instances.create compute.instances.createTagBinding compute.instances.delete compute.instances.deleteAccessConfig compute.instances.deleteTagBinding compute.instances.detachDisk compute.instances.get compute.instances.getEffectiveFirewalls compute.instances.getGuestAttributes compute.instances.getIamPolicy compute.instances.getScreenshot compute.instances.getSerialPortOutput compute.instances.getShieldedInstanceIdentity compute.instances.getShieldedVmIdentity compute.instances.list compute.instances.listEffectiveTags compute.instances.listReferrers compute.instances.listTagBindings compute.instances.osAdminLogin compute.instances.osLogin compute.instances.removeMaintenancePolicies compute.instances.removeResourcePolicies compute.instances.reset compute.instances.resume compute.instances.sendDiagnosticInterrupt compute.instances.setDeletionProtection compute.instances.setDiskAutoDelete compute.instances.setIamPolicy compute.instances.setLabels compute.instances.setMachineResources compute.instances.setMachineType compute.instances.setMetadata compute.instances.setMinCpuPlatform compute.instances.setName compute.instances.setScheduling compute.instances.setSecurityPolicy compute.instances.setServiceAccount compute.instances.setShieldedInstanceIntegrityPolicy compute.instances.setShieldedVmIntegrityPolicy compute.instances.setTags compute.instances.simulateMaintenanceEvent compute.instances.start compute.instances.startWithEncryptionKey compute.instances.stop compute.instances.suspend compute.instances.update compute.instances.updateAccessConfig compute.instances.updateDisplayDevice compute.instances.updateNetworkInterface compute.instances.updateSecurity compute.instances.updateShieldedInstanceConfig compute.instances.updateShieldedVmConfig compute.instances.use compute.instances.useReadOnly compute.instantSnapshots.* compute.instantSnapshots.create compute.instantSnapshots.delete compute.instantSnapshots.export compute.instantSnapshots.get compute.instantSnapshots.getIamPolicy compute.instantSnapshots.list compute.instantSnapshots.setIamPolicy compute.instantSnapshots.setLabels compute.instantSnapshots.useReadOnly compute.interconnectAttachments.get compute.interconnectAttachments.list compute.interconnectLocations.* compute.interconnectLocations.get compute.interconnectLocations.list compute.interconnectRemoteLocations.* compute.interconnectRemoteLocations.get compute.interconnectRemoteLocations.list compute.interconnects.get compute.interconnects.list compute.licenseCodes.* compute.licenseCodes.get compute.licenseCodes.getIamPolicy compute.licenseCodes.list compute.licenseCodes.setIamPolicy compute.licenseCodes.update compute.licenseCodes.use compute.licenses.* compute.licenses.create compute.licenses.delete compute.licenses.get compute.licenses.getiamPolicy compute.licenses.list compute.licenses.setIamPolicy compute.machineImages.* compute.machineImages.create compute.machineImages.delete compute.machineImages.get compute.machineImages.getIamPolicy compute.machineImages.list compute.machineImages.setIamPolicy compute.machineImages.useReadOnly compute.machineTypes.* compute.machineTypes.get compute.machineTypes.list compute.networkAttachments.get compute.networkAttachments.list compute.networkEndpointGroups.* compute.networkEndpointGroups.attachNetworkEndpoints compute.networkEndpointGroups.create compute.networkEndpointGroups.delete compute.networkEndpointGroups.detachNetworkEndpoints compute.networkEndpointGroups.get compute.networkEndpointGroups.getIamPolicy compute.networkEndpointGroups.list compute.networkEndpointGroups.setIamPolicy compute.networkEndpointGroups.use compute.networks.get compute.networks.list compute.networks.use compute.networks.useExternalIp compute.projects.get compute.projects.setCommonInstanceMetadata compute.regionBackendServices.get compute.regionBackendServices.list compute.regionHealthCheckServices.get compute.regionHealthCheckServices.list compute.regionHealthChecks.get compute.regionHealthChecks.list compute.regionNetworkEndpointGroups.* compute.regionNetworkEndpointGroups.attachNetworkEndpoints compute.regionNetworkEndpointGroups.create compute.regionNetworkEndpointGroups.delete compute.regionNetworkEndpointGroups.detachNetworkEndpoints compute.regionNetworkEndpointGroups.get compute.regionNetworkEndpointGroups.list compute.regionNetworkEndpointGroups.use compute.regionNotificationEndpoints.get compute.regionNotificationEndpoints.list compute.regionOperations.get compute.regionOperations.list compute.regionSslCertificates.get compute.regionSslCertificates.list compute.regionSslPolicies.get compute.regionSslPolicies.list compute.regionSslPolicies.listAvailableFeatures compute.regionTargetHttpProxies.get compute.regionTargetHttpProxies.list compute.regionTargetHttpsProxies.get compute.regionTargetHttpsProxies.list compute.regionTargetTcpProxies.get compute.regionTargetTcpProxies.list compute.regionUrlMaps.get compute.regionUrlMaps.list compute.regions.* compute.regions.get compute.regions.list compute.reservations.get compute.reservations.list compute.resourcePolicies.* compute.resourcePolicies.create compute.resourcePolicies.delete compute.resourcePolicies.get compute.resourcePolicies.getIamPolicy compute.resourcePolicies.list compute.resourcePolicies.setIamPolicy compute.resourcePolicies.update compute.resourcePolicies.use compute.resourcePolicies.useReadOnly compute.routers.get compute.routers.list compute.routes.get compute.routes.list compute.serviceAttachments.get compute.serviceAttachments.list compute.snapshots.* compute.snapshots.create compute.snapshots.createTagBinding compute.snapshots.delete compute.snapshots.deleteTagBinding compute.snapshots.get compute.snapshots.getiamPolicy compute.snapshots.list compute.snapshots.listEffectiveTags compute.snapshots.listTagBindings compute.snapshots.setiamPolicy compute.snapshots.setLabels compute.snapshots.useReadOnly compute.sslCertificates.get compute.sslCertificates.list compute.sslPolicies.get compute.sslPolicies.list compute.sslPolicies.listAvailableFeatures compute.subnetworks.get compute.subnetworks.list compute.subnetworks.use compute.subnetworks.useExternalIp compute.targetGrpcProxies.get compute.targetGrpcProxies.list compute.targetHttpProxies.get compute.targetHttpProxies.list compute.targetHttpsProxies.get compute.targetHttpsProxies.list compute.targetInstances.get compute.targetInstances.list compute.targetPools.get compute.targetPools.list compute.targetSslProxies.get compute.targetSslProxies.list compute.targetTcpProxies.get compute.targetTcpProxies.list compute.targetVpnGateways.get compute.targetVpnGateways.list compute.urlMaps.get compute.urlMaps.list compute.vpnGateways.get compute.vpnGateways.list compute.vpnTunnels.get compute.vpnTunnels.list compute.zoneOperations.get compute.zoneOperations.list compute.zones.* compute.zones.get compute.zones.list resourcemanager.projects.get resourcemanager.projects.list serviceusage.quotas.get serviceusage.services.get serviceusage.services.list

Administrateur d'instances Compute (v1)

(roles/compute.instanceAdmin.v1)

Contrôle complet des instances, groupes d'instances, disques, instantanés et images Compute Engine. Fournit un accès en lecture à toutes les ressources réseau Compute Engine.

Si vous n'attribuez ce rôle à un utilisateur qu'au niveau d'une instance, cette personne ne peut pas créer d'instances.

compute.acceleratorTypes.*

compute.acceleratorTypes.get
compute.acceleratorTypes.list

compute.addresses.createInternal

compute.addresses.deleteInternal

compute.addresses.get

compute.addresses.list

compute.addresses.use

compute.addresses.useInternal

compute.autoscalers.*

compute.autoscalers.create
compute.autoscalers.delete
compute.autoscalers.get
compute.autoscalers.list
compute.autoscalers.update

compute.backendBuckets.get

compute.backendBuckets.list

compute.backendServices.get

compute.backendServices.list

compute.diskTypes.*

compute.diskTypes.get
compute.diskTypes.list

compute.disks.*

compute.disks.addResourcePolicies
compute.disks.create
compute.disks.createSnapshot
compute.disks.createTagBinding
compute.disks.delete
compute.disks.deleteTagBinding
compute.disks.get
compute.disks.getiamPolicy
compute.disks.list
compute.disks.listEffectiveTags
compute.disks.listTagBindings
compute.disks.removeResourcePolicies
compute.disks.resize
compute.disks.setIamPolicy
compute.disks.setLabels
compute.disks.startAsyncReplication
compute.disks.stopAsyncReplication
compute.disks.stopGroupAsyncReplication
compute.disks.update
compute.disks.use
compute.disks.useReadOnly

compute.externalVpnGateways.get

compute.externalVpnGateways.list

compute.firewalls.get

compute.firewalls.list

compute.forwardingRules.get

compute.forwardingRules.list

compute.globalAddresses.get

compute.globalAddresses.list

compute.globalAddresses.use

compute.globalForwardingRules.get

compute.globalForwardingRules.list

compute.globalForwardingRules.pscGet

compute.globalNetworkEndpointGroups.*

compute.globalNetworkEndpointGroups.attachNetworkEndpoints
compute.globalNetworkEndpointGroups.create
compute.globalNetworkEndpointGroups.delete
compute.globalNetworkEndpointGroups.detachNetworkEndpoints
compute.globalNetworkEndpointGroups.get
compute.globalNetworkEndpointGroups.list
compute.globalNetworkEndpointGroups.use

compute.globalOperations.get

compute.globalOperations.list

compute.healthChecks.get

compute.healthChecks.list

compute.httpHealthChecks.get

compute.httpHealthChecks.list

compute.httpsHealthChecks.get

compute.httpsHealthChecks.list

compute.images.*

compute.images.create
compute.images.createTagBinding
compute.images.delete
compute.images.deleteTagBinding
compute.images.deprecate
compute.images.get
compute.images.getFromFamily
compute.images.getiamPolicy
compute.images.list
compute.images.listEffectiveTags
compute.images.listTagBindings
compute.images.setiamPolicy
compute.images.setLabels
compute.images.update
compute.images.useReadOnly

compute.instanceGroupManagers.*

compute.instanceGroupManagers.create
compute.instanceGroupManagers.delete
compute.instanceGroupManagers.get
compute.instanceGroupManagers.list
compute.instanceGroupManagers.update
compute.instanceGroupManagers.use

compute.instanceGroups.*

compute.instanceGroups.create
compute.instanceGroups.delete
compute.instanceGroups.get
compute.instanceGroups.list
compute.instanceGroups.update
compute.instanceGroups.use

compute.instanceTemplates.*

compute.instanceTemplates.create
compute.instanceTemplates.delete
compute.instanceTemplates.get
compute.instanceTemplates.getIamPolicy
compute.instanceTemplates.list
compute.instanceTemplates.setIamPolicy
compute.instanceTemplates.useReadOnly

compute.instances.*

compute.instances.addAccessConfig
compute.instances.addMaintenancePolicies
compute.instances.addResourcePolicies
compute.instances.attachDisk
compute.instances.create
compute.instances.createTagBinding
compute.instances.delete
compute.instances.deleteAccessConfig
compute.instances.deleteTagBinding
compute.instances.detachDisk
compute.instances.get
compute.instances.getEffectiveFirewalls
compute.instances.getGuestAttributes
compute.instances.getIamPolicy
compute.instances.getScreenshot
compute.instances.getSerialPortOutput
compute.instances.getShieldedInstanceIdentity
compute.instances.getShieldedVmIdentity
compute.instances.list
compute.instances.listEffectiveTags
compute.instances.listReferrers
compute.instances.listTagBindings
compute.instances.osAdminLogin
compute.instances.osLogin
compute.instances.removeMaintenancePolicies
compute.instances.removeResourcePolicies
compute.instances.reset
compute.instances.resume
compute.instances.sendDiagnosticInterrupt
compute.instances.setDeletionProtection
compute.instances.setDiskAutoDelete
compute.instances.setIamPolicy
compute.instances.setLabels
compute.instances.setMachineResources
compute.instances.setMachineType
compute.instances.setMetadata
compute.instances.setMinCpuPlatform
compute.instances.setName
compute.instances.setScheduling
compute.instances.setSecurityPolicy
compute.instances.setServiceAccount
compute.instances.setShieldedInstanceIntegrityPolicy
compute.instances.setShieldedVmIntegrityPolicy
compute.instances.setTags
compute.instances.simulateMaintenanceEvent
compute.instances.start
compute.instances.startWithEncryptionKey
compute.instances.stop
compute.instances.suspend
compute.instances.update
compute.instances.updateAccessConfig
compute.instances.updateDisplayDevice
compute.instances.updateNetworkInterface
compute.instances.updateSecurity
compute.instances.updateShieldedInstanceConfig
compute.instances.updateShieldedVmConfig
compute.instances.use
compute.instances.useReadOnly

compute.instantSnapshots.*

compute.instantSnapshots.create
compute.instantSnapshots.delete
compute.instantSnapshots.export
compute.instantSnapshots.get
compute.instantSnapshots.getIamPolicy
compute.instantSnapshots.list
compute.instantSnapshots.setIamPolicy
compute.instantSnapshots.setLabels
compute.instantSnapshots.useReadOnly

compute.interconnectAttachments.get

compute.interconnectAttachments.list

compute.interconnectLocations.*

compute.interconnectLocations.get
compute.interconnectLocations.list

compute.interconnectRemoteLocations.*

compute.interconnectRemoteLocations.get
compute.interconnectRemoteLocations.list

compute.interconnects.get

compute.interconnects.list

compute.licenseCodes.*

compute.licenseCodes.get
compute.licenseCodes.getIamPolicy
compute.licenseCodes.list
compute.licenseCodes.setIamPolicy
compute.licenseCodes.update
compute.licenseCodes.use

compute.licenses.*

compute.licenses.create
compute.licenses.delete
compute.licenses.get
compute.licenses.getiamPolicy
compute.licenses.list
compute.licenses.setIamPolicy

compute.machineImages.*

compute.machineImages.create
compute.machineImages.delete
compute.machineImages.get
compute.machineImages.getIamPolicy
compute.machineImages.list
compute.machineImages.setIamPolicy
compute.machineImages.useReadOnly

compute.machineTypes.*

compute.machineTypes.get
compute.machineTypes.list

compute.networkAttachments.get

compute.networkAttachments.list

compute.networkEndpointGroups.*

compute.networkEndpointGroups.attachNetworkEndpoints
compute.networkEndpointGroups.create
compute.networkEndpointGroups.delete
compute.networkEndpointGroups.detachNetworkEndpoints
compute.networkEndpointGroups.get
compute.networkEndpointGroups.getIamPolicy
compute.networkEndpointGroups.list
compute.networkEndpointGroups.setIamPolicy
compute.networkEndpointGroups.use

compute.networks.get

compute.networks.list

compute.networks.use

compute.networks.useExternalIp

compute.projects.get

compute.projects.setCommonInstanceMetadata

compute.regionBackendServices.get

compute.regionBackendServices.list

compute.regionHealthCheckServices.get

compute.regionHealthCheckServices.list

compute.regionHealthChecks.get

compute.regionHealthChecks.list

compute.regionNetworkEndpointGroups.*

compute.regionNetworkEndpointGroups.attachNetworkEndpoints
compute.regionNetworkEndpointGroups.create
compute.regionNetworkEndpointGroups.delete
compute.regionNetworkEndpointGroups.detachNetworkEndpoints
compute.regionNetworkEndpointGroups.get
compute.regionNetworkEndpointGroups.list
compute.regionNetworkEndpointGroups.use

compute.regionNotificationEndpoints.get

compute.regionNotificationEndpoints.list

compute.regionOperations.get

compute.regionOperations.list

compute.regionSslCertificates.get

compute.regionSslCertificates.list

compute.regionSslPolicies.get

compute.regionSslPolicies.list

compute.regionSslPolicies.listAvailableFeatures

compute.regionTargetHttpProxies.get

compute.regionTargetHttpProxies.list

compute.regionTargetHttpsProxies.get

compute.regionTargetHttpsProxies.list

compute.regionTargetTcpProxies.get

compute.regionTargetTcpProxies.list

compute.regionUrlMaps.get

compute.regionUrlMaps.list

compute.regions.*

compute.regions.get
compute.regions.list

compute.reservations.get

compute.reservations.list

compute.resourcePolicies.*

compute.resourcePolicies.create
compute.resourcePolicies.delete
compute.resourcePolicies.get
compute.resourcePolicies.getIamPolicy
compute.resourcePolicies.list
compute.resourcePolicies.setIamPolicy
compute.resourcePolicies.update
compute.resourcePolicies.use
compute.resourcePolicies.useReadOnly

compute.routers.get

compute.routers.list

compute.routes.get

compute.routes.list

compute.serviceAttachments.get

compute.serviceAttachments.list

compute.snapshots.*

compute.snapshots.create
compute.snapshots.createTagBinding
compute.snapshots.delete
compute.snapshots.deleteTagBinding
compute.snapshots.get
compute.snapshots.getiamPolicy
compute.snapshots.list
compute.snapshots.listEffectiveTags
compute.snapshots.listTagBindings
compute.snapshots.setiamPolicy
compute.snapshots.setLabels
compute.snapshots.useReadOnly

compute.sslCertificates.get

compute.sslCertificates.list

compute.sslPolicies.get

compute.sslPolicies.list

compute.sslPolicies.listAvailableFeatures

compute.subnetworks.get

compute.subnetworks.list

compute.subnetworks.use

compute.subnetworks.useExternalIp

compute.targetGrpcProxies.get

compute.targetGrpcProxies.list

compute.targetHttpProxies.get

compute.targetHttpProxies.list

compute.targetHttpsProxies.get

compute.targetHttpsProxies.list

compute.targetInstances.get

compute.targetInstances.list

compute.targetPools.get

compute.targetPools.list

compute.targetSslProxies.get

compute.targetSslProxies.list

compute.targetTcpProxies.get

compute.targetTcpProxies.list

compute.targetVpnGateways.get

compute.targetVpnGateways.list

compute.urlMaps.get

compute.urlMaps.list

compute.vpnGateways.get

compute.vpnGateways.list

compute.vpnTunnels.get

compute.vpnTunnels.list

compute.zoneOperations.get

compute.zoneOperations.list

compute.zones.*

compute.zones.get
compute.zones.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Rôle d'administrateur de l'équilibreur de charge Compute

Détails Autorisations

Détails	Autorisations
Administrateur de l'équilibreur de charge Compute (`roles/compute.loadBalancerAdmin`) Permet de créer, de modifier et de supprimer des équilibreurs de charge, et d'associer des ressources. Par exemple, si votre entreprise dispose d'une équipe chargée de gérer les équilibreurs de charge, les certificats SSL associés, les règles SSL et d'autres ressources d'équilibrage de charge, ainsi que d'une équipe réseau distincte qui gère le reste des ressources réseau, attribuez ce rôle au groupe de l'équipe chargée de l'équilibrage de charge. Ressources de niveau inférieur auxquelles vous pouvez attribuer ce rôle : Instance^Bêta	certificatemanager.certmaps.get certificatemanager.certmaps.list certificatemanager.certmaps.use compute.addresses.* compute.addresses.create compute.addresses.createInternal compute.addresses.delete compute.addresses.deleteInternal compute.addresses.get compute.addresses.list compute.addresses.setLabels compute.addresses.use compute.addresses.useInternal compute.backendBuckets.* compute.backendBuckets.addSignedUrlKey compute.backendBuckets.create compute.backendBuckets.delete compute.backendBuckets.deleteSignedUrlKey compute.backendBuckets.get compute.backendBuckets.getIamPolicy compute.backendBuckets.list compute.backendBuckets.setIamPolicy compute.backendBuckets.setSecurityPolicy compute.backendBuckets.update compute.backendBuckets.use compute.backendServices.* compute.backendServices.addSignedUrlKey compute.backendServices.create compute.backendServices.delete compute.backendServices.deleteSignedUrlKey compute.backendServices.get compute.backendServices.getIamPolicy compute.backendServices.list compute.backendServices.setIamPolicy compute.backendServices.setSecurityPolicy compute.backendservices.update compute.backendServices.use compute.disks.listEffectiveTags compute.disks.listTagBindings compute.forwardingRules.* compute.forwardingRules.create compute.forwardingRules.delete compute.forwardingRules.get compute.forwardingRules.list compute.forwardingRules.pscCreate compute.forwardingRules.pscDelete compute.forwardingRules.pscSetLabels compute.forwardingRules.pscSetTarget compute.forwardingRules.pscUpdate compute.forwardingRules.setLabels compute.forwardingRules.setTarget compute.forwardingRules.update compute.forwardingRules.use compute.globalAddresses.* compute.globalAddresses.create compute.globalAddresses.createInternal compute.globalAddresses.delete compute.globalAddresses.deleteInternal compute.globalAddresses.get compute.globalAddresses.list compute.globalAddresses.setLabels compute.globalAddresses.use compute.globalForwardingRules.* compute.globalForwardingRules.create compute.globalForwardingRules.delete compute.globalForwardingRules.get compute.globalForwardingRules.list compute.globalForwardingRules.pscCreate compute.globalForwardingRules.pscDelete compute.globalForwardingRules.pscGet compute.globalForwardingRules.pscSetLabels compute.globalForwardingRules.pscSetTarget compute.globalForwardingRules.pscUpdate compute.globalForwardingRules.setLabels compute.globalForwardingRules.setTarget compute.globalForwardingRules.update compute.globalNetworkEndpointGroups.* compute.globalNetworkEndpointGroups.attachNetworkEndpoints compute.globalNetworkEndpointGroups.create compute.globalNetworkEndpointGroups.delete compute.globalNetworkEndpointGroups.detachNetworkEndpoints compute.globalNetworkEndpointGroups.get compute.globalNetworkEndpointGroups.list compute.globalNetworkEndpointGroups.use compute.healthChecks.* compute.healthChecks.create compute.healthChecks.delete compute.healthChecks.get compute.healthChecks.list compute.healthChecks.update compute.healthChecks.use compute.healthChecks.useReadOnly compute.httpHealthChecks.* compute.httpHealthChecks.create compute.httpHealthChecks.delete compute.httpHealthChecks.get compute.httpHealthChecks.list compute.httpHealthChecks.update compute.httpHealthChecks.use compute.httpHealthChecks.useReadOnly compute.httpsHealthChecks.* compute.httpsHealthChecks.create compute.httpsHealthChecks.delete compute.httpsHealthChecks.get compute.httpsHealthChecks.list compute.httpsHealthChecks.update compute.httpsHealthChecks.use compute.httpsHealthChecks.useReadOnly compute.images.listEffectiveTags compute.images.listTagBindings compute.instanceGroups.* compute.instanceGroups.create compute.instanceGroups.delete compute.instanceGroups.get compute.instanceGroups.list compute.instanceGroups.update compute.instanceGroups.use compute.instances.get compute.instances.list compute.instances.listEffectiveTags compute.instances.listTagBindings compute.instances.use compute.instances.useReadOnly compute.networkEndpointGroups.* compute.networkEndpointGroups.attachNetworkEndpoints compute.networkEndpointGroups.create compute.networkEndpointGroups.delete compute.networkEndpointGroups.detachNetworkEndpoints compute.networkEndpointGroups.get compute.networkEndpointGroups.getIamPolicy compute.networkEndpointGroups.list compute.networkEndpointGroups.setIamPolicy compute.networkEndpointGroups.use compute.networks.get compute.networks.list compute.networks.use compute.projects.get compute.regionBackendServices.* compute.regionBackendServices.create compute.regionBackendServices.delete compute.regionBackendServices.get compute.regionBackendServices.getIamPolicy compute.regionBackendServices.list compute.regionBackendServices.setIamPolicy compute.regionBackendServices.setSecurityPolicy compute.regionBackendServices.update compute.regionBackendServices.use compute.regionHealthCheckServices.* compute.regionHealthCheckServices.create compute.regionHealthCheckServices.delete compute.regionHealthCheckServices.get compute.regionHealthCheckServices.list compute.regionHealthCheckServices.update compute.regionHealthCheckServices.use compute.regionHealthChecks.* compute.regionHealthChecks.create compute.regionHealthChecks.delete compute.regionHealthChecks.get compute.regionHealthChecks.list compute.regionHealthChecks.update compute.regionHealthChecks.use compute.regionHealthChecks.useReadOnly compute.regionNetworkEndpointGroups.* compute.regionNetworkEndpointGroups.attachNetworkEndpoints compute.regionNetworkEndpointGroups.create compute.regionNetworkEndpointGroups.delete compute.regionNetworkEndpointGroups.detachNetworkEndpoints compute.regionNetworkEndpointGroups.get compute.regionNetworkEndpointGroups.list compute.regionNetworkEndpointGroups.use compute.regionNotificationEndpoints.* compute.regionNotificationEndpoints.create compute.regionNotificationEndpoints.delete compute.regionNotificationEndpoints.get compute.regionNotificationEndpoints.list compute.regionNotificationEndpoints.update compute.regionNotificationEndpoints.use compute.regionSecurityPolicies.get compute.regionSecurityPolicies.list compute.regionSecurityPolicies.use compute.regionSslCertificates.* compute.regionSslCertificates.create compute.regionSslCertificates.delete compute.regionSslCertificates.get compute.regionSslCertificates.list compute.regionSslPolicies.* compute.regionSslPolicies.create compute.regionSslPolicies.delete compute.regionSslPolicies.get compute.regionSslPolicies.list compute.regionSslPolicies.listAvailableFeatures compute.regionSslPolicies.update compute.regionSslPolicies.use compute.regionTargetHttpProxies.* compute.regionTargetHttpProxies.create compute.regionTargetHttpProxies.delete compute.regionTargetHttpProxies.get compute.regionTargetHttpProxies.list compute.regionTargetHttpProxies.setUrlMap compute.regionTargetHttpProxies.update compute.regionTargetHttpProxies.use compute.regionTargetHttpsProxies.* compute.regionTargetHttpsProxies.create compute.regionTargetHttpsProxies.delete compute.regionTargetHttpsProxies.get compute.regionTargetHttpsProxies.list compute.regionTargetHttpsProxies.setSslCertificates compute.regionTargetHttpsProxies.setUrlMap compute.regionTargetHttpsProxies.update compute.regionTargetHttpsProxies.use compute.regionTargetTcpProxies.* compute.regionTargetTcpProxies.create compute.regionTargetTcpProxies.delete compute.regionTargetTcpProxies.get compute.regionTargetTcpProxies.list compute.regionTargetTcpProxies.use compute.regionUrlMaps.* compute.regionUrlMaps.create compute.regionUrlMaps.delete compute.regionUrlMaps.get compute.regionUrlMaps.invalidateCache compute.regionUrlMaps.list compute.regionUrlMaps.update compute.regionUrlMaps.use compute.regionUrlMaps.validate compute.securityPolicies.get compute.securityPolicies.list compute.securityPolicies.use compute.snapshots.listEffectiveTags compute.snapshots.listTagBindings compute.sslCertificates.* compute.sslCertificates.create compute.sslCertificates.delete compute.sslCertificates.get compute.sslCertificates.list compute.sslPolicies.* compute.sslPolicies.create compute.sslPolicies.delete compute.sslPolicies.get compute.sslPolicies.list compute.sslPolicies.listAvailableFeatures compute.sslPolicies.update compute.sslPolicies.use compute.subnetworks.get compute.subnetworks.list compute.subnetworks.use compute.targetGrpcProxies.* compute.targetGrpcProxies.create compute.targetGrpcProxies.delete compute.targetGrpcProxies.get compute.targetGrpcProxies.list compute.targetGrpcProxies.update compute.targetGrpcProxies.use compute.targetHttpProxies.* compute.targetHttpProxies.create compute.targetHttpProxies.delete compute.targetHttpProxies.get compute.targetHttpProxies.list compute.targetHttpProxies.setUrlMap compute.targetHttpProxies.update compute.targetHttpProxies.use compute.targetHttpsProxies.* compute.targetHttpsProxies.create compute.targetHttpsProxies.delete compute.targetHttpsProxies.get compute.targetHttpsProxies.list compute.targetHttpsProxies.setCertificateMap compute.targetHttpsProxies.setQuicOverride compute.targetHttpsProxies.setSslCertificates compute.targetHttpsProxies.setSslPolicy compute.targetHttpsProxies.setUrlMap compute.targetHttpsProxies.update compute.targetHttpsProxies.use compute.targetInstances.* compute.targetInstances.create compute.targetInstances.delete compute.targetInstances.get compute.targetInstances.list compute.targetInstances.setSecurityPolicy compute.targetInstances.use compute.targetPools.* compute.targetPools.addHealthCheck compute.targetPools.addInstance compute.targetPools.create compute.targetPools.delete compute.targetPools.get compute.targetPools.list compute.targetPools.removeHealthCheck compute.targetPools.removeInstance compute.targetPools.setSecurityPolicy compute.targetPools.update compute.targetPools.use compute.targetSslProxies.* compute.targetSslProxies.create compute.targetSslProxies.delete compute.targetSslProxies.get compute.targetSslProxies.list compute.targetSslProxies.setBackendService compute.targetSslProxies.setCertificateMap compute.targetSslProxies.setProxyHeader compute.targetSslProxies.setSslCertificates compute.targetSslProxies.setSslPolicy compute.targetSslProxies.update compute.targetSslProxies.use compute.targetTcpProxies.* compute.targetTcpProxies.create compute.targetTcpProxies.delete compute.targetTcpProxies.get compute.targetTcpProxies.list compute.targetTcpProxies.update compute.targetTcpProxies.use compute.urlMaps.* compute.urlMaps.create compute.urlMaps.delete compute.urlMaps.get compute.urlMaps.invalidateCache compute.urlMaps.list compute.urlMaps.update compute.urlMaps.use compute.urlMaps.validate networksecurity.clientTlsPolicies.get networksecurity.clientTlsPolicies.list networksecurity.clientTlsPolicies.use networksecurity.serverTlsPolicies.get networksecurity.serverTlsPolicies.list networksecurity.serverTlsPolicies.use resourcemanager.projects.get resourcemanager.projects.list serviceusage.quotas.get serviceusage.services.get serviceusage.services.list

Administrateur de l'équilibreur de charge Compute

(roles/compute.loadBalancerAdmin)

Permet de créer, de modifier et de supprimer des équilibreurs de charge, et d'associer des ressources.

Par exemple, si votre entreprise dispose d'une équipe chargée de gérer les équilibreurs de charge, les certificats SSL associés, les règles SSL et d'autres ressources d'équilibrage de charge, ainsi que d'une équipe réseau distincte qui gère le reste des ressources réseau, attribuez ce rôle au groupe de l'équipe chargée de l'équilibrage de charge.

Ressources de niveau inférieur auxquelles vous pouvez attribuer ce rôle :

Instance^Bêta

certificatemanager.certmaps.get

certificatemanager.certmaps.list

certificatemanager.certmaps.use

compute.addresses.*

compute.addresses.create
compute.addresses.createInternal
compute.addresses.delete
compute.addresses.deleteInternal
compute.addresses.get
compute.addresses.list
compute.addresses.setLabels
compute.addresses.use
compute.addresses.useInternal

compute.backendBuckets.*

compute.backendBuckets.addSignedUrlKey
compute.backendBuckets.create
compute.backendBuckets.delete
compute.backendBuckets.deleteSignedUrlKey
compute.backendBuckets.get
compute.backendBuckets.getIamPolicy
compute.backendBuckets.list
compute.backendBuckets.setIamPolicy
compute.backendBuckets.setSecurityPolicy
compute.backendBuckets.update
compute.backendBuckets.use

compute.backendServices.*

compute.backendServices.addSignedUrlKey
compute.backendServices.create
compute.backendServices.delete
compute.backendServices.deleteSignedUrlKey
compute.backendServices.get
compute.backendServices.getIamPolicy
compute.backendServices.list
compute.backendServices.setIamPolicy
compute.backendServices.setSecurityPolicy
compute.backendservices.update
compute.backendServices.use

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.forwardingRules.*

compute.forwardingRules.create
compute.forwardingRules.delete
compute.forwardingRules.get
compute.forwardingRules.list
compute.forwardingRules.pscCreate
compute.forwardingRules.pscDelete
compute.forwardingRules.pscSetLabels
compute.forwardingRules.pscSetTarget
compute.forwardingRules.pscUpdate
compute.forwardingRules.setLabels
compute.forwardingRules.setTarget
compute.forwardingRules.update
compute.forwardingRules.use

compute.globalAddresses.*

compute.globalAddresses.create
compute.globalAddresses.createInternal
compute.globalAddresses.delete
compute.globalAddresses.deleteInternal
compute.globalAddresses.get
compute.globalAddresses.list
compute.globalAddresses.setLabels
compute.globalAddresses.use

compute.globalForwardingRules.*

compute.globalForwardingRules.create
compute.globalForwardingRules.delete
compute.globalForwardingRules.get
compute.globalForwardingRules.list
compute.globalForwardingRules.pscCreate
compute.globalForwardingRules.pscDelete
compute.globalForwardingRules.pscGet
compute.globalForwardingRules.pscSetLabels
compute.globalForwardingRules.pscSetTarget
compute.globalForwardingRules.pscUpdate
compute.globalForwardingRules.setLabels
compute.globalForwardingRules.setTarget
compute.globalForwardingRules.update

compute.globalNetworkEndpointGroups.*

compute.globalNetworkEndpointGroups.attachNetworkEndpoints
compute.globalNetworkEndpointGroups.create
compute.globalNetworkEndpointGroups.delete
compute.globalNetworkEndpointGroups.detachNetworkEndpoints
compute.globalNetworkEndpointGroups.get
compute.globalNetworkEndpointGroups.list
compute.globalNetworkEndpointGroups.use

compute.healthChecks.*

compute.healthChecks.create
compute.healthChecks.delete
compute.healthChecks.get
compute.healthChecks.list
compute.healthChecks.update
compute.healthChecks.use
compute.healthChecks.useReadOnly

compute.httpHealthChecks.*

compute.httpHealthChecks.create
compute.httpHealthChecks.delete
compute.httpHealthChecks.get
compute.httpHealthChecks.list
compute.httpHealthChecks.update
compute.httpHealthChecks.use
compute.httpHealthChecks.useReadOnly

compute.httpsHealthChecks.*

compute.httpsHealthChecks.create
compute.httpsHealthChecks.delete
compute.httpsHealthChecks.get
compute.httpsHealthChecks.list
compute.httpsHealthChecks.update
compute.httpsHealthChecks.use
compute.httpsHealthChecks.useReadOnly

compute.images.listEffectiveTags

compute.images.listTagBindings

compute.instanceGroups.*

compute.instanceGroups.create
compute.instanceGroups.delete
compute.instanceGroups.get
compute.instanceGroups.list
compute.instanceGroups.update
compute.instanceGroups.use

compute.instances.get

compute.instances.list

compute.instances.listEffectiveTags

compute.instances.listTagBindings

compute.instances.use

compute.instances.useReadOnly

compute.networkEndpointGroups.*

compute.networkEndpointGroups.attachNetworkEndpoints
compute.networkEndpointGroups.create
compute.networkEndpointGroups.delete
compute.networkEndpointGroups.detachNetworkEndpoints
compute.networkEndpointGroups.get
compute.networkEndpointGroups.getIamPolicy
compute.networkEndpointGroups.list
compute.networkEndpointGroups.setIamPolicy
compute.networkEndpointGroups.use

compute.networks.get

compute.networks.list

compute.networks.use

compute.projects.get

compute.regionBackendServices.*

compute.regionBackendServices.create
compute.regionBackendServices.delete
compute.regionBackendServices.get
compute.regionBackendServices.getIamPolicy
compute.regionBackendServices.list
compute.regionBackendServices.setIamPolicy
compute.regionBackendServices.setSecurityPolicy
compute.regionBackendServices.update
compute.regionBackendServices.use

compute.regionHealthCheckServices.*

compute.regionHealthCheckServices.create
compute.regionHealthCheckServices.delete
compute.regionHealthCheckServices.get
compute.regionHealthCheckServices.list
compute.regionHealthCheckServices.update
compute.regionHealthCheckServices.use

compute.regionHealthChecks.*

compute.regionHealthChecks.create
compute.regionHealthChecks.delete
compute.regionHealthChecks.get
compute.regionHealthChecks.list
compute.regionHealthChecks.update
compute.regionHealthChecks.use
compute.regionHealthChecks.useReadOnly

compute.regionNetworkEndpointGroups.*

compute.regionNetworkEndpointGroups.attachNetworkEndpoints
compute.regionNetworkEndpointGroups.create
compute.regionNetworkEndpointGroups.delete
compute.regionNetworkEndpointGroups.detachNetworkEndpoints
compute.regionNetworkEndpointGroups.get
compute.regionNetworkEndpointGroups.list
compute.regionNetworkEndpointGroups.use

compute.regionNotificationEndpoints.*

compute.regionNotificationEndpoints.create
compute.regionNotificationEndpoints.delete
compute.regionNotificationEndpoints.get
compute.regionNotificationEndpoints.list
compute.regionNotificationEndpoints.update
compute.regionNotificationEndpoints.use

compute.regionSecurityPolicies.get

compute.regionSecurityPolicies.list

compute.regionSecurityPolicies.use

compute.regionSslCertificates.*

compute.regionSslCertificates.create
compute.regionSslCertificates.delete
compute.regionSslCertificates.get
compute.regionSslCertificates.list

compute.regionSslPolicies.*

compute.regionSslPolicies.create
compute.regionSslPolicies.delete
compute.regionSslPolicies.get
compute.regionSslPolicies.list
compute.regionSslPolicies.listAvailableFeatures
compute.regionSslPolicies.update
compute.regionSslPolicies.use

compute.regionTargetHttpProxies.*

compute.regionTargetHttpProxies.create
compute.regionTargetHttpProxies.delete
compute.regionTargetHttpProxies.get
compute.regionTargetHttpProxies.list
compute.regionTargetHttpProxies.setUrlMap
compute.regionTargetHttpProxies.update
compute.regionTargetHttpProxies.use

compute.regionTargetHttpsProxies.*

compute.regionTargetHttpsProxies.create
compute.regionTargetHttpsProxies.delete
compute.regionTargetHttpsProxies.get
compute.regionTargetHttpsProxies.list
compute.regionTargetHttpsProxies.setSslCertificates
compute.regionTargetHttpsProxies.setUrlMap
compute.regionTargetHttpsProxies.update
compute.regionTargetHttpsProxies.use

compute.regionTargetTcpProxies.*

compute.regionTargetTcpProxies.create
compute.regionTargetTcpProxies.delete
compute.regionTargetTcpProxies.get
compute.regionTargetTcpProxies.list
compute.regionTargetTcpProxies.use

compute.regionUrlMaps.*

compute.regionUrlMaps.create
compute.regionUrlMaps.delete
compute.regionUrlMaps.get
compute.regionUrlMaps.invalidateCache
compute.regionUrlMaps.list
compute.regionUrlMaps.update
compute.regionUrlMaps.use
compute.regionUrlMaps.validate

compute.securityPolicies.get

compute.securityPolicies.list

compute.securityPolicies.use

compute.snapshots.listEffectiveTags

compute.snapshots.listTagBindings

compute.sslCertificates.*

compute.sslCertificates.create
compute.sslCertificates.delete
compute.sslCertificates.get
compute.sslCertificates.list

compute.sslPolicies.*

compute.sslPolicies.create
compute.sslPolicies.delete
compute.sslPolicies.get
compute.sslPolicies.list
compute.sslPolicies.listAvailableFeatures
compute.sslPolicies.update
compute.sslPolicies.use

compute.subnetworks.get

compute.subnetworks.list

compute.subnetworks.use

compute.targetGrpcProxies.*

compute.targetGrpcProxies.create
compute.targetGrpcProxies.delete
compute.targetGrpcProxies.get
compute.targetGrpcProxies.list
compute.targetGrpcProxies.update
compute.targetGrpcProxies.use

compute.targetHttpProxies.*

compute.targetHttpProxies.create
compute.targetHttpProxies.delete
compute.targetHttpProxies.get
compute.targetHttpProxies.list
compute.targetHttpProxies.setUrlMap
compute.targetHttpProxies.update
compute.targetHttpProxies.use

compute.targetHttpsProxies.*

compute.targetHttpsProxies.create
compute.targetHttpsProxies.delete
compute.targetHttpsProxies.get
compute.targetHttpsProxies.list
compute.targetHttpsProxies.setCertificateMap
compute.targetHttpsProxies.setQuicOverride
compute.targetHttpsProxies.setSslCertificates
compute.targetHttpsProxies.setSslPolicy
compute.targetHttpsProxies.setUrlMap
compute.targetHttpsProxies.update
compute.targetHttpsProxies.use

compute.targetInstances.*

compute.targetInstances.create
compute.targetInstances.delete
compute.targetInstances.get
compute.targetInstances.list
compute.targetInstances.setSecurityPolicy
compute.targetInstances.use

compute.targetPools.*

compute.targetPools.addHealthCheck
compute.targetPools.addInstance
compute.targetPools.create
compute.targetPools.delete
compute.targetPools.get
compute.targetPools.list
compute.targetPools.removeHealthCheck
compute.targetPools.removeInstance
compute.targetPools.setSecurityPolicy
compute.targetPools.update
compute.targetPools.use

compute.targetSslProxies.*

compute.targetSslProxies.create
compute.targetSslProxies.delete
compute.targetSslProxies.get
compute.targetSslProxies.list
compute.targetSslProxies.setBackendService
compute.targetSslProxies.setCertificateMap
compute.targetSslProxies.setProxyHeader
compute.targetSslProxies.setSslCertificates
compute.targetSslProxies.setSslPolicy
compute.targetSslProxies.update
compute.targetSslProxies.use

compute.targetTcpProxies.*

compute.targetTcpProxies.create
compute.targetTcpProxies.delete
compute.targetTcpProxies.get
compute.targetTcpProxies.list
compute.targetTcpProxies.update
compute.targetTcpProxies.use

compute.urlMaps.*

compute.urlMaps.create
compute.urlMaps.delete
compute.urlMaps.get
compute.urlMaps.invalidateCache
compute.urlMaps.list
compute.urlMaps.update
compute.urlMaps.use
compute.urlMaps.validate

networksecurity.clientTlsPolicies.get

networksecurity.clientTlsPolicies.list

networksecurity.clientTlsPolicies.use

networksecurity.serverTlsPolicies.get

networksecurity.serverTlsPolicies.list

networksecurity.serverTlsPolicies.use

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Rôle d'utilisateur des services de l'équilibreur de charge Compute

Détails Autorisations

Détails	Autorisations
Utilisateur des services de l'équilibreur de charge Compute (`roles/compute.loadBalancerServiceUser`) Ce rôle permet d'utiliser les services d'un équilibreur de charge dans d'autres projets.	compute.backendServices.get compute.backendServices.list compute.backendServices.use compute.projects.get compute.regionBackendServices.get compute.regionBackendServices.list compute.regionBackendServices.use resourcemanager.projects.get resourcemanager.projects.list serviceusage.quotas.get serviceusage.services.get serviceusage.services.list

Utilisateur des services de l'équilibreur de charge Compute

(roles/compute.loadBalancerServiceUser)

Ce rôle permet d'utiliser les services d'un équilibreur de charge dans d'autres projets.

compute.backendServices.get

compute.backendServices.list

compute.backendServices.use

compute.projects.get

compute.regionBackendServices.get

compute.regionBackendServices.list

compute.regionBackendServices.use

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Rôle d'administrateur réseau Compute

Détails Autorisations

Détails	Autorisations
Administrateur de réseaux Compute (`roles/compute.networkAdmin`) Permet de créer, de modifier et de supprimer des ressources réseau, à l'exception des règles de pare-feu et des certificats SSL. Le rôle d'administrateur réseau offre un accès en lecture seule aux règles de pare-feu, aux certificats SSL et aux instances (pour afficher leurs adresses IP éphémères). Il ne permet pas aux utilisateurs de créer, de démarrer, d'arrêter ou de supprimer des instances. Par exemple, si votre entreprise dispose d'une équipe de sécurité qui gère les pare-feu et les certificats SSL, ainsi que d'une équipe réseau qui gère le reste des ressources réseau, attribuez ce rôle au groupe de l'équipe réseau. Si vous disposez d'une équipe combinée qui gère à la fois la sécurité et la mise en réseau, attribuez ce rôle ainsi que le rôle `roles/compute.securityAdmin` au groupe de l'équipe combinée. Ressources de niveau inférieur auxquelles vous pouvez attribuer ce rôle : Instance^Bêta	compute.acceleratorTypes.* compute.acceleratorTypes.get compute.acceleratorTypes.list compute.addresses.* compute.addresses.create compute.addresses.createInternal compute.addresses.delete compute.addresses.deleteInternal compute.addresses.get compute.addresses.list compute.addresses.setLabels compute.addresses.use compute.addresses.useInternal compute.autoscalers.get compute.autoscalers.list compute.backendBuckets.* compute.backendBuckets.addSignedUrlKey compute.backendBuckets.create compute.backendBuckets.delete compute.backendBuckets.deleteSignedUrlKey compute.backendBuckets.get compute.backendBuckets.getIamPolicy compute.backendBuckets.list compute.backendBuckets.setIamPolicy compute.backendBuckets.setSecurityPolicy compute.backendBuckets.update compute.backendBuckets.use compute.backendServices.* compute.backendServices.addSignedUrlKey compute.backendServices.create compute.backendServices.delete compute.backendServices.deleteSignedUrlKey compute.backendServices.get compute.backendServices.getIamPolicy compute.backendServices.list compute.backendServices.setIamPolicy compute.backendServices.setSecurityPolicy compute.backendservices.update compute.backendServices.use compute.disks.listEffectiveTags compute.disks.listTagBindings compute.externalVpnGateways.* compute.externalVpnGateways.create compute.externalVpnGateways.delete compute.externalVpnGateways.get compute.externalVpnGateways.list compute.externalVpnGateways.setLabels compute.externalVpnGateways.use compute.firewallPolicies.get compute.firewallPolicies.list compute.firewallPolicies.use compute.firewalls.get compute.firewalls.list compute.forwardingRules.* compute.forwardingRules.create compute.forwardingRules.delete compute.forwardingRules.get compute.forwardingRules.list compute.forwardingRules.pscCreate compute.forwardingRules.pscDelete compute.forwardingRules.pscSetLabels compute.forwardingRules.pscSetTarget compute.forwardingRules.pscUpdate compute.forwardingRules.setLabels compute.forwardingRules.setTarget compute.forwardingRules.update compute.forwardingRules.use compute.globalAddresses.* compute.globalAddresses.create compute.globalAddresses.createInternal compute.globalAddresses.delete compute.globalAddresses.deleteInternal compute.globalAddresses.get compute.globalAddresses.list compute.globalAddresses.setLabels compute.globalAddresses.use compute.globalForwardingRules.* compute.globalForwardingRules.create compute.globalForwardingRules.delete compute.globalForwardingRules.get compute.globalForwardingRules.list compute.globalForwardingRules.pscCreate compute.globalForwardingRules.pscDelete compute.globalForwardingRules.pscGet compute.globalForwardingRules.pscSetLabels compute.globalForwardingRules.pscSetTarget compute.globalForwardingRules.pscUpdate compute.globalForwardingRules.setLabels compute.globalForwardingRules.setTarget compute.globalForwardingRules.update compute.globalNetworkEndpointGroups.get compute.globalNetworkEndpointGroups.list compute.globalNetworkEndpointGroups.use compute.globalOperations.get compute.globalOperations.list compute.globalPublicDelegatedPrefixes.delete compute.globalPublicDelegatedPrefixes.get compute.globalPublicDelegatedPrefixes.list compute.globalPublicDelegatedPrefixes.update compute.globalPublicDelegatedPrefixes.updatePolicy compute.healthChecks.* compute.healthChecks.create compute.healthChecks.delete compute.healthChecks.get compute.healthChecks.list compute.healthChecks.update compute.healthChecks.use compute.healthChecks.useReadOnly compute.httpHealthChecks.* compute.httpHealthChecks.create compute.httpHealthChecks.delete compute.httpHealthChecks.get compute.httpHealthChecks.list compute.httpHealthChecks.update compute.httpHealthChecks.use compute.httpHealthChecks.useReadOnly compute.httpsHealthChecks.* compute.httpsHealthChecks.create compute.httpsHealthChecks.delete compute.httpsHealthChecks.get compute.httpsHealthChecks.list compute.httpsHealthChecks.update compute.httpsHealthChecks.use compute.httpsHealthChecks.useReadOnly compute.images.listEffectiveTags compute.images.listTagBindings compute.instanceGroupManagers.get compute.instanceGroupManagers.list compute.instanceGroupManagers.update compute.instanceGroupManagers.use compute.instanceGroups.get compute.instanceGroups.list compute.instanceGroups.update compute.instanceGroups.use compute.instances.get compute.instances.getGuestAttributes compute.instances.getScreenshot compute.instances.getSerialPortOutput compute.instances.list compute.instances.listEffectiveTags compute.instances.listReferrers compute.instances.listTagBindings compute.instances.updateSecurity compute.instances.use compute.instances.useReadOnly compute.interconnectAttachments.* compute.interconnectAttachments.create compute.interconnectAttachments.delete compute.interconnectAttachments.get compute.interconnectAttachments.list compute.interconnectAttachments.setLabels compute.interconnectAttachments.update compute.interconnectAttachments.use compute.interconnectLocations.* compute.interconnectLocations.get compute.interconnectLocations.list compute.interconnectRemoteLocations.* compute.interconnectRemoteLocations.get compute.interconnectRemoteLocations.list compute.interconnects.* compute.interconnects.create compute.interconnects.delete compute.interconnects.get compute.interconnects.list compute.interconnects.setLabels compute.interconnects.update compute.interconnects.use compute.machineTypes.* compute.machineTypes.get compute.machineTypes.list compute.networkAttachments.* compute.networkAttachments.create compute.networkAttachments.delete compute.networkAttachments.get compute.networkAttachments.list compute.networkEndpointGroups.get compute.networkEndpointGroups.list compute.networkEndpointGroups.use compute.networks.* compute.networks.access compute.networks.addPeering compute.networks.create compute.networks.delete compute.networks.get compute.networks.getEffectiveFirewalls compute.networks.getRegionEffectiveFirewalls compute.networks.list compute.networks.listPeeringRoutes compute.networks.mirror compute.networks.removePeering compute.networks.setFirewallPolicy compute.networks.switchToCustomMode compute.networks.update compute.networks.updatePeering compute.networks.updatePolicy compute.networks.use compute.networks.useExternalIp compute.packetMirrorings.get compute.packetMirrorings.list compute.projects.get compute.publicDelegatedPrefixes.delete compute.publicDelegatedPrefixes.get compute.publicDelegatedPrefixes.list compute.publicDelegatedPrefixes.update compute.publicDelegatedPrefixes.updatePolicy compute.regionBackendServices.* compute.regionBackendServices.create compute.regionBackendServices.delete compute.regionBackendServices.get compute.regionBackendServices.getIamPolicy compute.regionBackendServices.list compute.regionBackendServices.setIamPolicy compute.regionBackendServices.setSecurityPolicy compute.regionBackendServices.update compute.regionBackendServices.use compute.regionFirewallPolicies.get compute.regionFirewallPolicies.list compute.regionFirewallPolicies.use compute.regionHealthCheckServices.* compute.regionHealthCheckServices.create compute.regionHealthCheckServices.delete compute.regionHealthCheckServices.get compute.regionHealthCheckServices.list compute.regionHealthCheckServices.update compute.regionHealthCheckServices.use compute.regionHealthChecks.* compute.regionHealthChecks.create compute.regionHealthChecks.delete compute.regionHealthChecks.get compute.regionHealthChecks.list compute.regionHealthChecks.update compute.regionHealthChecks.use compute.regionHealthChecks.useReadOnly compute.regionNetworkEndpointGroups.get compute.regionNetworkEndpointGroups.list compute.regionNetworkEndpointGroups.use compute.regionNotificationEndpoints.* compute.regionNotificationEndpoints.create compute.regionNotificationEndpoints.delete compute.regionNotificationEndpoints.get compute.regionNotificationEndpoints.list compute.regionNotificationEndpoints.update compute.regionNotificationEndpoints.use compute.regionOperations.get compute.regionOperations.list compute.regionSecurityPolicies.get compute.regionSecurityPolicies.list compute.regionSecurityPolicies.use compute.regionSslCertificates.get compute.regionSslCertificates.list compute.regionSslPolicies.* compute.regionSslPolicies.create compute.regionSslPolicies.delete compute.regionSslPolicies.get compute.regionSslPolicies.list compute.regionSslPolicies.listAvailableFeatures compute.regionSslPolicies.update compute.regionSslPolicies.use compute.regionTargetHttpProxies.* compute.regionTargetHttpProxies.create compute.regionTargetHttpProxies.delete compute.regionTargetHttpProxies.get compute.regionTargetHttpProxies.list compute.regionTargetHttpProxies.setUrlMap compute.regionTargetHttpProxies.update compute.regionTargetHttpProxies.use compute.regionTargetHttpsProxies.* compute.regionTargetHttpsProxies.create compute.regionTargetHttpsProxies.delete compute.regionTargetHttpsProxies.get compute.regionTargetHttpsProxies.list compute.regionTargetHttpsProxies.setSslCertificates compute.regionTargetHttpsProxies.setUrlMap compute.regionTargetHttpsProxies.update compute.regionTargetHttpsProxies.use compute.regionTargetTcpProxies.* compute.regionTargetTcpProxies.create compute.regionTargetTcpProxies.delete compute.regionTargetTcpProxies.get compute.regionTargetTcpProxies.list compute.regionTargetTcpProxies.use compute.regionUrlMaps.* compute.regionUrlMaps.create compute.regionUrlMaps.delete compute.regionUrlMaps.get compute.regionUrlMaps.invalidateCache compute.regionUrlMaps.list compute.regionUrlMaps.update compute.regionUrlMaps.use compute.regionUrlMaps.validate compute.regions.* compute.regions.get compute.regions.list compute.routers.* compute.routers.create compute.routers.delete compute.routers.get compute.routers.list compute.routers.update compute.routers.use compute.routes.* compute.routes.create compute.routes.delete compute.routes.get compute.routes.list compute.securityPolicies.get compute.securityPolicies.list compute.securityPolicies.use compute.serviceAttachments.* compute.serviceAttachments.create compute.serviceAttachments.delete compute.serviceAttachments.get compute.serviceAttachments.getIamPolicy compute.serviceAttachments.list compute.serviceAttachments.setIamPolicy compute.serviceAttachments.update compute.serviceAttachments.use compute.snapshots.listEffectiveTags compute.snapshots.listTagBindings compute.sslCertificates.get compute.sslCertificates.list compute.sslPolicies.* compute.sslPolicies.create compute.sslPolicies.delete compute.sslPolicies.get compute.sslPolicies.list compute.sslPolicies.listAvailableFeatures compute.sslPolicies.update compute.sslPolicies.use compute.subnetworks.* compute.subnetworks.create compute.subnetworks.delete compute.subnetworks.expandIpCidrRange compute.subnetworks.get compute.subnetworks.getIamPolicy compute.subnetworks.list compute.subnetworks.mirror compute.subnetworks.setIamPolicy compute.subnetworks.setPrivateIpGoogleAccess compute.subnetworks.update compute.subnetworks.use compute.subnetworks.useExternalIp compute.targetGrpcProxies.* compute.targetGrpcProxies.create compute.targetGrpcProxies.delete compute.targetGrpcProxies.get compute.targetGrpcProxies.list compute.targetGrpcProxies.update compute.targetGrpcProxies.use compute.targetHttpProxies.* compute.targetHttpProxies.create compute.targetHttpProxies.delete compute.targetHttpProxies.get compute.targetHttpProxies.list compute.targetHttpProxies.setUrlMap compute.targetHttpProxies.update compute.targetHttpProxies.use compute.targetHttpsProxies.* compute.targetHttpsProxies.create compute.targetHttpsProxies.delete compute.targetHttpsProxies.get compute.targetHttpsProxies.list compute.targetHttpsProxies.setCertificateMap compute.targetHttpsProxies.setQuicOverride compute.targetHttpsProxies.setSslCertificates compute.targetHttpsProxies.setSslPolicy compute.targetHttpsProxies.setUrlMap compute.targetHttpsProxies.update compute.targetHttpsProxies.use compute.targetInstances.* compute.targetInstances.create compute.targetInstances.delete compute.targetInstances.get compute.targetInstances.list compute.targetInstances.setSecurityPolicy compute.targetInstances.use compute.targetPools.* compute.targetPools.addHealthCheck compute.targetPools.addInstance compute.targetPools.create compute.targetPools.delete compute.targetPools.get compute.targetPools.list compute.targetPools.removeHealthCheck compute.targetPools.removeInstance compute.targetPools.setSecurityPolicy compute.targetPools.update compute.targetPools.use compute.targetSslProxies.* compute.targetSslProxies.create compute.targetSslProxies.delete compute.targetSslProxies.get compute.targetSslProxies.list compute.targetSslProxies.setBackendService compute.targetSslProxies.setCertificateMap compute.targetSslProxies.setProxyHeader compute.targetSslProxies.setSslCertificates compute.targetSslProxies.setSslPolicy compute.targetSslProxies.update compute.targetSslProxies.use compute.targetTcpProxies.* compute.targetTcpProxies.create compute.targetTcpProxies.delete compute.targetTcpProxies.get compute.targetTcpProxies.list compute.targetTcpProxies.update compute.targetTcpProxies.use compute.targetVpnGateways.* compute.targetVpnGateways.create compute.targetVpnGateways.delete compute.targetVpnGateways.get compute.targetVpnGateways.list compute.targetVpnGateways.setLabels compute.targetVpnGateways.use compute.urlMaps.* compute.urlMaps.create compute.urlMaps.delete compute.urlMaps.get compute.urlMaps.invalidateCache compute.urlMaps.list compute.urlMaps.update compute.urlMaps.use compute.urlMaps.validate compute.vpnGateways.* compute.vpnGateways.create compute.vpnGateways.delete compute.vpnGateways.get compute.vpnGateways.list compute.vpnGateways.setLabels compute.vpnGateways.use compute.vpnTunnels.* compute.vpnTunnels.create compute.vpnTunnels.delete compute.vpnTunnels.get compute.vpnTunnels.list compute.vpnTunnels.setLabels compute.zoneOperations.get compute.zoneOperations.list compute.zones.* compute.zones.get compute.zones.list networkconnectivity.internalRanges.* networkconnectivity.internalRanges.create networkconnectivity.internalRanges.delete networkconnectivity.internalRanges.get networkconnectivity.internalRanges.getIamPolicy networkconnectivity.internalRanges.list networkconnectivity.internalRanges.setIamPolicy networkconnectivity.internalRanges.update networkconnectivity.locations.* networkconnectivity.locations.get networkconnectivity.locations.list networkconnectivity.operations.* networkconnectivity.operations.cancel networkconnectivity.operations.delete networkconnectivity.operations.get networkconnectivity.operations.list networkconnectivity.policyBasedRoutes.* networkconnectivity.policyBasedRoutes.create networkconnectivity.policyBasedRoutes.delete networkconnectivity.policyBasedRoutes.get networkconnectivity.policyBasedRoutes.getIamPolicy networkconnectivity.policyBasedRoutes.list networkconnectivity.policyBasedRoutes.setIamPolicy networksecurity.* networksecurity.authorizationPolicies.create networksecurity.authorizationPolicies.delete networksecurity.authorizationPolicies.get networksecurity.authorizationPolicies.getIamPolicy networksecurity.authorizationPolicies.list networksecurity.authorizationPolicies.setIamPolicy networksecurity.authorizationPolicies.update networksecurity.authorizationPolicies.use networksecurity.clientTlsPolicies.create networksecurity.clientTlsPolicies.delete networksecurity.clientTlsPolicies.get networksecurity.clientTlsPolicies.getIamPolicy networksecurity.clientTlsPolicies.list networksecurity.clientTlsPolicies.setIamPolicy networksecurity.clientTlsPolicies.update networksecurity.clientTlsPolicies.use networksecurity.gatewaySecurityPolicies.create networksecurity.gatewaySecurityPolicies.delete networksecurity.gatewaySecurityPolicies.get networksecurity.gatewaySecurityPolicies.list networksecurity.gatewaySecurityPolicies.update networksecurity.gatewaySecurityPolicies.use networksecurity.gatewaySecurityPolicyRules.create networksecurity.gatewaySecurityPolicyRules.delete networksecurity.gatewaySecurityPolicyRules.get networksecurity.gatewaySecurityPolicyRules.list networksecurity.gatewaySecurityPolicyRules.update networksecurity.gatewaySecurityPolicyRules.use networksecurity.locations.get networksecurity.locations.list networksecurity.operations.cancel networksecurity.operations.delete networksecurity.operations.get networksecurity.operations.list networksecurity.serverTlsPolicies.create networksecurity.serverTlsPolicies.delete networksecurity.serverTlsPolicies.get networksecurity.serverTlsPolicies.getIamPolicy networksecurity.serverTlsPolicies.list networksecurity.serverTlsPolicies.setIamPolicy networksecurity.serverTlsPolicies.update networksecurity.serverTlsPolicies.use networksecurity.tlsInspectionPolicies.create networksecurity.tlsInspectionPolicies.delete networksecurity.tlsInspectionPolicies.get networksecurity.tlsInspectionPolicies.list networksecurity.tlsInspectionPolicies.update networksecurity.tlsInspectionPolicies.use networksecurity.urlLists.create networksecurity.urlLists.delete networksecurity.urlLists.get networksecurity.urlLists.list networksecurity.urlLists.update networksecurity.urlLists.use networkservices.* networkservices.endpointConfigSelectors.create networkservices.endpointConfigSelectors.delete networkservices.endpointConfigSelectors.get networkservices.endpointConfigSelectors.getIamPolicy networkservices.endpointConfigSelectors.list networkservices.endpointConfigSelectors.setIamPolicy networkservices.endpointConfigSelectors.update networkservices.endpointConfigSelectors.use networkservices.endpointPolicies.create networkservices.endpointPolicies.delete networkservices.endpointPolicies.get networkservices.endpointPolicies.getIamPolicy networkservices.endpointPolicies.list networkservices.endpointPolicies.setIamPolicy networkservices.endpointPolicies.update networkservices.endpointPolicies.use networkservices.gateways.create networkservices.gateways.delete networkservices.gateways.get networkservices.gateways.list networkservices.gateways.update networkservices.gateways.use networkservices.grpcRoutes.create networkservices.grpcRoutes.delete networkservices.grpcRoutes.get networkservices.grpcRoutes.getIamPolicy networkservices.grpcRoutes.list networkservices.grpcRoutes.setIamPolicy networkservices.grpcRoutes.update networkservices.grpcRoutes.use networkservices.httpFilters.create networkservices.httpFilters.delete networkservices.httpFilters.get networkservices.httpFilters.getIamPolicy networkservices.httpFilters.list networkservices.httpFilters.setIamPolicy networkservices.httpFilters.update networkservices.httpFilters.use networkservices.httpRoutes.create networkservices.httpRoutes.delete networkservices.httpRoutes.get networkservices.httpRoutes.getIamPolicy networkservices.httpRoutes.list networkservices.httpRoutes.setIamPolicy networkservices.httpRoutes.update networkservices.httpRoutes.use networkservices.httpfilters.create networkservices.httpfilters.delete networkservices.httpfilters.get networkservices.httpfilters.getIamPolicy networkservices.httpfilters.list networkservices.httpfilters.setIamPolicy networkservices.httpfilters.update networkservices.httpfilters.use networkservices.locations.get networkservices.locations.list networkservices.meshes.create networkservices.meshes.delete networkservices.meshes.get networkservices.meshes.getIamPolicy networkservices.meshes.list networkservices.meshes.setIamPolicy networkservices.meshes.update networkservices.meshes.use networkservices.operations.cancel networkservices.operations.delete networkservices.operations.get networkservices.operations.list networkservices.serviceBindings.create networkservices.serviceBindings.delete networkservices.serviceBindings.get networkservices.serviceBindings.list networkservices.serviceBindings.update networkservices.tcpRoutes.create networkservices.tcpRoutes.delete networkservices.tcpRoutes.get networkservices.tcpRoutes.getIamPolicy networkservices.tcpRoutes.list networkservices.tcpRoutes.setIamPolicy networkservices.tcpRoutes.update networkservices.tcpRoutes.use networkservices.tlsRoutes.create networkservices.tlsRoutes.delete networkservices.tlsRoutes.get networkservices.tlsRoutes.list networkservices.tlsRoutes.update networkservices.tlsRoutes.use resourcemanager.projects.get resourcemanager.projects.list servicedirectory.namespaces.create servicedirectory.namespaces.delete servicedirectory.services.create servicedirectory.services.delete servicenetworking.operations.get servicenetworking.services.addPeering servicenetworking.services.createPeeredDnsDomain servicenetworking.services.deleteConnection servicenetworking.services.deletePeeredDnsDomain servicenetworking.services.disableVpcServiceControls servicenetworking.services.enableVpcServiceControls servicenetworking.services.get servicenetworking.services.listPeeredDnsDomains serviceusage.quotas.get serviceusage.services.get serviceusage.services.list trafficdirector.* trafficdirector.networks.getConfigs trafficdirector.networks.reportMetrics

Administrateur de réseaux Compute

(roles/compute.networkAdmin)

Permet de créer, de modifier et de supprimer des ressources réseau, à l'exception des règles de pare-feu et des certificats SSL. Le rôle d'administrateur réseau offre un accès en lecture seule aux règles de pare-feu, aux certificats SSL et aux instances (pour afficher leurs adresses IP éphémères). Il ne permet pas aux utilisateurs de créer, de démarrer, d'arrêter ou de supprimer des instances.

Par exemple, si votre entreprise dispose d'une équipe de sécurité qui gère les pare-feu et les certificats SSL, ainsi que d'une équipe réseau qui gère le reste des ressources réseau, attribuez ce rôle au groupe de l'équipe réseau. Si vous disposez d'une équipe combinée qui gère à la fois la sécurité et la mise en réseau, attribuez ce rôle ainsi que le rôle roles/compute.securityAdmin au groupe de l'équipe combinée.

Ressources de niveau inférieur auxquelles vous pouvez attribuer ce rôle :

Instance^Bêta

compute.acceleratorTypes.*

compute.acceleratorTypes.get
compute.acceleratorTypes.list

compute.addresses.*

compute.addresses.create
compute.addresses.createInternal
compute.addresses.delete
compute.addresses.deleteInternal
compute.addresses.get
compute.addresses.list
compute.addresses.setLabels
compute.addresses.use
compute.addresses.useInternal

compute.autoscalers.get

compute.autoscalers.list

compute.backendBuckets.*

compute.backendBuckets.addSignedUrlKey
compute.backendBuckets.create
compute.backendBuckets.delete
compute.backendBuckets.deleteSignedUrlKey
compute.backendBuckets.get
compute.backendBuckets.getIamPolicy
compute.backendBuckets.list
compute.backendBuckets.setIamPolicy
compute.backendBuckets.setSecurityPolicy
compute.backendBuckets.update
compute.backendBuckets.use

compute.backendServices.*

compute.backendServices.addSignedUrlKey
compute.backendServices.create
compute.backendServices.delete
compute.backendServices.deleteSignedUrlKey
compute.backendServices.get
compute.backendServices.getIamPolicy
compute.backendServices.list
compute.backendServices.setIamPolicy
compute.backendServices.setSecurityPolicy
compute.backendservices.update
compute.backendServices.use

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.externalVpnGateways.*

compute.externalVpnGateways.create
compute.externalVpnGateways.delete
compute.externalVpnGateways.get
compute.externalVpnGateways.list
compute.externalVpnGateways.setLabels
compute.externalVpnGateways.use

compute.firewallPolicies.get

compute.firewallPolicies.list

compute.firewallPolicies.use

compute.firewalls.get

compute.firewalls.list

compute.forwardingRules.*

compute.forwardingRules.create
compute.forwardingRules.delete
compute.forwardingRules.get
compute.forwardingRules.list
compute.forwardingRules.pscCreate
compute.forwardingRules.pscDelete
compute.forwardingRules.pscSetLabels
compute.forwardingRules.pscSetTarget
compute.forwardingRules.pscUpdate
compute.forwardingRules.setLabels
compute.forwardingRules.setTarget
compute.forwardingRules.update
compute.forwardingRules.use

compute.globalAddresses.*

compute.globalAddresses.create
compute.globalAddresses.createInternal
compute.globalAddresses.delete
compute.globalAddresses.deleteInternal
compute.globalAddresses.get
compute.globalAddresses.list
compute.globalAddresses.setLabels
compute.globalAddresses.use

compute.globalForwardingRules.*

compute.globalForwardingRules.create
compute.globalForwardingRules.delete
compute.globalForwardingRules.get
compute.globalForwardingRules.list
compute.globalForwardingRules.pscCreate
compute.globalForwardingRules.pscDelete
compute.globalForwardingRules.pscGet
compute.globalForwardingRules.pscSetLabels
compute.globalForwardingRules.pscSetTarget
compute.globalForwardingRules.pscUpdate
compute.globalForwardingRules.setLabels
compute.globalForwardingRules.setTarget
compute.globalForwardingRules.update

compute.globalNetworkEndpointGroups.get

compute.globalNetworkEndpointGroups.list

compute.globalNetworkEndpointGroups.use

compute.globalOperations.get

compute.globalOperations.list

compute.globalPublicDelegatedPrefixes.delete

compute.globalPublicDelegatedPrefixes.get

compute.globalPublicDelegatedPrefixes.list

compute.globalPublicDelegatedPrefixes.update

compute.globalPublicDelegatedPrefixes.updatePolicy

compute.healthChecks.*

compute.healthChecks.create
compute.healthChecks.delete
compute.healthChecks.get
compute.healthChecks.list
compute.healthChecks.update
compute.healthChecks.use
compute.healthChecks.useReadOnly

compute.httpHealthChecks.*

compute.httpHealthChecks.create
compute.httpHealthChecks.delete
compute.httpHealthChecks.get
compute.httpHealthChecks.list
compute.httpHealthChecks.update
compute.httpHealthChecks.use
compute.httpHealthChecks.useReadOnly

compute.httpsHealthChecks.*

compute.httpsHealthChecks.create
compute.httpsHealthChecks.delete
compute.httpsHealthChecks.get
compute.httpsHealthChecks.list
compute.httpsHealthChecks.update
compute.httpsHealthChecks.use
compute.httpsHealthChecks.useReadOnly

compute.images.listEffectiveTags

compute.images.listTagBindings

compute.instanceGroupManagers.get

compute.instanceGroupManagers.list

compute.instanceGroupManagers.update

compute.instanceGroupManagers.use

compute.instanceGroups.get

compute.instanceGroups.list

compute.instanceGroups.update

compute.instanceGroups.use

compute.instances.get

compute.instances.getGuestAttributes

compute.instances.getScreenshot

compute.instances.getSerialPortOutput

compute.instances.list

compute.instances.listEffectiveTags

compute.instances.listReferrers

compute.instances.listTagBindings

compute.instances.updateSecurity

compute.instances.use

compute.instances.useReadOnly

compute.interconnectAttachments.*

compute.interconnectAttachments.create
compute.interconnectAttachments.delete
compute.interconnectAttachments.get
compute.interconnectAttachments.list
compute.interconnectAttachments.setLabels
compute.interconnectAttachments.update
compute.interconnectAttachments.use

compute.interconnectLocations.*

compute.interconnectLocations.get
compute.interconnectLocations.list

compute.interconnectRemoteLocations.*

compute.interconnectRemoteLocations.get
compute.interconnectRemoteLocations.list

compute.interconnects.*

compute.interconnects.create
compute.interconnects.delete
compute.interconnects.get
compute.interconnects.list
compute.interconnects.setLabels
compute.interconnects.update
compute.interconnects.use

compute.machineTypes.*

compute.machineTypes.get
compute.machineTypes.list

compute.networkAttachments.*

compute.networkAttachments.create
compute.networkAttachments.delete
compute.networkAttachments.get
compute.networkAttachments.list

compute.networkEndpointGroups.get

compute.networkEndpointGroups.list

compute.networkEndpointGroups.use

compute.networks.*

compute.networks.access
compute.networks.addPeering
compute.networks.create
compute.networks.delete
compute.networks.get
compute.networks.getEffectiveFirewalls
compute.networks.getRegionEffectiveFirewalls
compute.networks.list
compute.networks.listPeeringRoutes
compute.networks.mirror
compute.networks.removePeering
compute.networks.setFirewallPolicy
compute.networks.switchToCustomMode
compute.networks.update
compute.networks.updatePeering
compute.networks.updatePolicy
compute.networks.use
compute.networks.useExternalIp

compute.packetMirrorings.get

compute.packetMirrorings.list

compute.projects.get

compute.publicDelegatedPrefixes.delete

compute.publicDelegatedPrefixes.get

compute.publicDelegatedPrefixes.list

compute.publicDelegatedPrefixes.update

compute.publicDelegatedPrefixes.updatePolicy

compute.regionBackendServices.*

compute.regionBackendServices.create
compute.regionBackendServices.delete
compute.regionBackendServices.get
compute.regionBackendServices.getIamPolicy
compute.regionBackendServices.list
compute.regionBackendServices.setIamPolicy
compute.regionBackendServices.setSecurityPolicy
compute.regionBackendServices.update
compute.regionBackendServices.use

compute.regionFirewallPolicies.get

compute.regionFirewallPolicies.list

compute.regionFirewallPolicies.use

compute.regionHealthCheckServices.*

compute.regionHealthCheckServices.create
compute.regionHealthCheckServices.delete
compute.regionHealthCheckServices.get
compute.regionHealthCheckServices.list
compute.regionHealthCheckServices.update
compute.regionHealthCheckServices.use

compute.regionHealthChecks.*

compute.regionHealthChecks.create
compute.regionHealthChecks.delete
compute.regionHealthChecks.get
compute.regionHealthChecks.list
compute.regionHealthChecks.update
compute.regionHealthChecks.use
compute.regionHealthChecks.useReadOnly

compute.regionNetworkEndpointGroups.get

compute.regionNetworkEndpointGroups.list

compute.regionNetworkEndpointGroups.use

compute.regionNotificationEndpoints.*

compute.regionNotificationEndpoints.create
compute.regionNotificationEndpoints.delete
compute.regionNotificationEndpoints.get
compute.regionNotificationEndpoints.list
compute.regionNotificationEndpoints.update
compute.regionNotificationEndpoints.use

compute.regionOperations.get

compute.regionOperations.list

compute.regionSecurityPolicies.get

compute.regionSecurityPolicies.list

compute.regionSecurityPolicies.use

compute.regionSslCertificates.get

compute.regionSslCertificates.list

compute.regionSslPolicies.*

compute.regionSslPolicies.create
compute.regionSslPolicies.delete
compute.regionSslPolicies.get
compute.regionSslPolicies.list
compute.regionSslPolicies.listAvailableFeatures
compute.regionSslPolicies.update
compute.regionSslPolicies.use

compute.regionTargetHttpProxies.*

compute.regionTargetHttpProxies.create
compute.regionTargetHttpProxies.delete
compute.regionTargetHttpProxies.get
compute.regionTargetHttpProxies.list
compute.regionTargetHttpProxies.setUrlMap
compute.regionTargetHttpProxies.update
compute.regionTargetHttpProxies.use

compute.regionTargetHttpsProxies.*

compute.regionTargetHttpsProxies.create
compute.regionTargetHttpsProxies.delete
compute.regionTargetHttpsProxies.get
compute.regionTargetHttpsProxies.list
compute.regionTargetHttpsProxies.setSslCertificates
compute.regionTargetHttpsProxies.setUrlMap
compute.regionTargetHttpsProxies.update
compute.regionTargetHttpsProxies.use

compute.regionTargetTcpProxies.*

compute.regionTargetTcpProxies.create
compute.regionTargetTcpProxies.delete
compute.regionTargetTcpProxies.get
compute.regionTargetTcpProxies.list
compute.regionTargetTcpProxies.use

compute.regionUrlMaps.*

compute.regionUrlMaps.create
compute.regionUrlMaps.delete
compute.regionUrlMaps.get
compute.regionUrlMaps.invalidateCache
compute.regionUrlMaps.list
compute.regionUrlMaps.update
compute.regionUrlMaps.use
compute.regionUrlMaps.validate

compute.regions.*

compute.regions.get
compute.regions.list

compute.routers.*

compute.routers.create
compute.routers.delete
compute.routers.get
compute.routers.list
compute.routers.update
compute.routers.use

compute.routes.*

compute.routes.create
compute.routes.delete
compute.routes.get
compute.routes.list

compute.securityPolicies.get

compute.securityPolicies.list

compute.securityPolicies.use

compute.serviceAttachments.*

compute.serviceAttachments.create
compute.serviceAttachments.delete
compute.serviceAttachments.get
compute.serviceAttachments.getIamPolicy
compute.serviceAttachments.list
compute.serviceAttachments.setIamPolicy
compute.serviceAttachments.update
compute.serviceAttachments.use

compute.snapshots.listEffectiveTags

compute.snapshots.listTagBindings

compute.sslCertificates.get

compute.sslCertificates.list

compute.sslPolicies.*

compute.sslPolicies.create
compute.sslPolicies.delete
compute.sslPolicies.get
compute.sslPolicies.list
compute.sslPolicies.listAvailableFeatures
compute.sslPolicies.update
compute.sslPolicies.use

compute.subnetworks.*

compute.subnetworks.create
compute.subnetworks.delete
compute.subnetworks.expandIpCidrRange
compute.subnetworks.get
compute.subnetworks.getIamPolicy
compute.subnetworks.list
compute.subnetworks.mirror
compute.subnetworks.setIamPolicy
compute.subnetworks.setPrivateIpGoogleAccess
compute.subnetworks.update
compute.subnetworks.use
compute.subnetworks.useExternalIp

compute.targetGrpcProxies.*

compute.targetGrpcProxies.create
compute.targetGrpcProxies.delete
compute.targetGrpcProxies.get
compute.targetGrpcProxies.list
compute.targetGrpcProxies.update
compute.targetGrpcProxies.use

compute.targetHttpProxies.*

compute.targetHttpProxies.create
compute.targetHttpProxies.delete
compute.targetHttpProxies.get
compute.targetHttpProxies.list
compute.targetHttpProxies.setUrlMap
compute.targetHttpProxies.update
compute.targetHttpProxies.use

compute.targetHttpsProxies.*

compute.targetHttpsProxies.create
compute.targetHttpsProxies.delete
compute.targetHttpsProxies.get
compute.targetHttpsProxies.list
compute.targetHttpsProxies.setCertificateMap
compute.targetHttpsProxies.setQuicOverride
compute.targetHttpsProxies.setSslCertificates
compute.targetHttpsProxies.setSslPolicy
compute.targetHttpsProxies.setUrlMap
compute.targetHttpsProxies.update
compute.targetHttpsProxies.use

compute.targetInstances.*

compute.targetInstances.create
compute.targetInstances.delete
compute.targetInstances.get
compute.targetInstances.list
compute.targetInstances.setSecurityPolicy
compute.targetInstances.use

compute.targetPools.*

compute.targetPools.addHealthCheck
compute.targetPools.addInstance
compute.targetPools.create
compute.targetPools.delete
compute.targetPools.get
compute.targetPools.list
compute.targetPools.removeHealthCheck
compute.targetPools.removeInstance
compute.targetPools.setSecurityPolicy
compute.targetPools.update
compute.targetPools.use

compute.targetSslProxies.*

compute.targetSslProxies.create
compute.targetSslProxies.delete
compute.targetSslProxies.get
compute.targetSslProxies.list
compute.targetSslProxies.setBackendService
compute.targetSslProxies.setCertificateMap
compute.targetSslProxies.setProxyHeader
compute.targetSslProxies.setSslCertificates
compute.targetSslProxies.setSslPolicy
compute.targetSslProxies.update
compute.targetSslProxies.use

compute.targetTcpProxies.*

compute.targetTcpProxies.create
compute.targetTcpProxies.delete
compute.targetTcpProxies.get
compute.targetTcpProxies.list
compute.targetTcpProxies.update
compute.targetTcpProxies.use

compute.targetVpnGateways.*

compute.targetVpnGateways.create
compute.targetVpnGateways.delete
compute.targetVpnGateways.get
compute.targetVpnGateways.list
compute.targetVpnGateways.setLabels
compute.targetVpnGateways.use

compute.urlMaps.*

compute.urlMaps.create
compute.urlMaps.delete
compute.urlMaps.get
compute.urlMaps.invalidateCache
compute.urlMaps.list
compute.urlMaps.update
compute.urlMaps.use
compute.urlMaps.validate

compute.vpnGateways.*

compute.vpnGateways.create
compute.vpnGateways.delete
compute.vpnGateways.get
compute.vpnGateways.list
compute.vpnGateways.setLabels
compute.vpnGateways.use

compute.vpnTunnels.*

compute.vpnTunnels.create
compute.vpnTunnels.delete
compute.vpnTunnels.get
compute.vpnTunnels.list
compute.vpnTunnels.setLabels

compute.zoneOperations.get

compute.zoneOperations.list

compute.zones.*

compute.zones.get
compute.zones.list

networkconnectivity.internalRanges.*

networkconnectivity.internalRanges.create
networkconnectivity.internalRanges.delete
networkconnectivity.internalRanges.get
networkconnectivity.internalRanges.getIamPolicy
networkconnectivity.internalRanges.list
networkconnectivity.internalRanges.setIamPolicy
networkconnectivity.internalRanges.update

networkconnectivity.locations.*

networkconnectivity.locations.get
networkconnectivity.locations.list

networkconnectivity.operations.*

networkconnectivity.operations.cancel
networkconnectivity.operations.delete
networkconnectivity.operations.get
networkconnectivity.operations.list

networkconnectivity.policyBasedRoutes.*

networkconnectivity.policyBasedRoutes.create
networkconnectivity.policyBasedRoutes.delete
networkconnectivity.policyBasedRoutes.get
networkconnectivity.policyBasedRoutes.getIamPolicy
networkconnectivity.policyBasedRoutes.list
networkconnectivity.policyBasedRoutes.setIamPolicy

networksecurity.*

networksecurity.authorizationPolicies.create
networksecurity.authorizationPolicies.delete
networksecurity.authorizationPolicies.get
networksecurity.authorizationPolicies.getIamPolicy
networksecurity.authorizationPolicies.list
networksecurity.authorizationPolicies.setIamPolicy
networksecurity.authorizationPolicies.update
networksecurity.authorizationPolicies.use
networksecurity.clientTlsPolicies.create
networksecurity.clientTlsPolicies.delete
networksecurity.clientTlsPolicies.get
networksecurity.clientTlsPolicies.getIamPolicy
networksecurity.clientTlsPolicies.list
networksecurity.clientTlsPolicies.setIamPolicy
networksecurity.clientTlsPolicies.update
networksecurity.clientTlsPolicies.use
networksecurity.gatewaySecurityPolicies.create
networksecurity.gatewaySecurityPolicies.delete
networksecurity.gatewaySecurityPolicies.get
networksecurity.gatewaySecurityPolicies.list
networksecurity.gatewaySecurityPolicies.update
networksecurity.gatewaySecurityPolicies.use
networksecurity.gatewaySecurityPolicyRules.create
networksecurity.gatewaySecurityPolicyRules.delete
networksecurity.gatewaySecurityPolicyRules.get
networksecurity.gatewaySecurityPolicyRules.list
networksecurity.gatewaySecurityPolicyRules.update
networksecurity.gatewaySecurityPolicyRules.use
networksecurity.locations.get
networksecurity.locations.list
networksecurity.operations.cancel
networksecurity.operations.delete
networksecurity.operations.get
networksecurity.operations.list
networksecurity.serverTlsPolicies.create
networksecurity.serverTlsPolicies.delete
networksecurity.serverTlsPolicies.get
networksecurity.serverTlsPolicies.getIamPolicy
networksecurity.serverTlsPolicies.list
networksecurity.serverTlsPolicies.setIamPolicy
networksecurity.serverTlsPolicies.update
networksecurity.serverTlsPolicies.use
networksecurity.tlsInspectionPolicies.create
networksecurity.tlsInspectionPolicies.delete
networksecurity.tlsInspectionPolicies.get
networksecurity.tlsInspectionPolicies.list
networksecurity.tlsInspectionPolicies.update
networksecurity.tlsInspectionPolicies.use
networksecurity.urlLists.create
networksecurity.urlLists.delete
networksecurity.urlLists.get
networksecurity.urlLists.list
networksecurity.urlLists.update
networksecurity.urlLists.use

networkservices.*

networkservices.endpointConfigSelectors.create
networkservices.endpointConfigSelectors.delete
networkservices.endpointConfigSelectors.get
networkservices.endpointConfigSelectors.getIamPolicy
networkservices.endpointConfigSelectors.list
networkservices.endpointConfigSelectors.setIamPolicy
networkservices.endpointConfigSelectors.update
networkservices.endpointConfigSelectors.use
networkservices.endpointPolicies.create
networkservices.endpointPolicies.delete
networkservices.endpointPolicies.get
networkservices.endpointPolicies.getIamPolicy
networkservices.endpointPolicies.list
networkservices.endpointPolicies.setIamPolicy
networkservices.endpointPolicies.update
networkservices.endpointPolicies.use
networkservices.gateways.create
networkservices.gateways.delete
networkservices.gateways.get
networkservices.gateways.list
networkservices.gateways.update
networkservices.gateways.use
networkservices.grpcRoutes.create
networkservices.grpcRoutes.delete
networkservices.grpcRoutes.get
networkservices.grpcRoutes.getIamPolicy
networkservices.grpcRoutes.list
networkservices.grpcRoutes.setIamPolicy
networkservices.grpcRoutes.update
networkservices.grpcRoutes.use
networkservices.httpFilters.create
networkservices.httpFilters.delete
networkservices.httpFilters.get
networkservices.httpFilters.getIamPolicy
networkservices.httpFilters.list
networkservices.httpFilters.setIamPolicy
networkservices.httpFilters.update
networkservices.httpFilters.use
networkservices.httpRoutes.create
networkservices.httpRoutes.delete
networkservices.httpRoutes.get
networkservices.httpRoutes.getIamPolicy
networkservices.httpRoutes.list
networkservices.httpRoutes.setIamPolicy
networkservices.httpRoutes.update
networkservices.httpRoutes.use
networkservices.httpfilters.create
networkservices.httpfilters.delete
networkservices.httpfilters.get
networkservices.httpfilters.getIamPolicy
networkservices.httpfilters.list
networkservices.httpfilters.setIamPolicy
networkservices.httpfilters.update
networkservices.httpfilters.use
networkservices.locations.get
networkservices.locations.list
networkservices.meshes.create
networkservices.meshes.delete
networkservices.meshes.get
networkservices.meshes.getIamPolicy
networkservices.meshes.list
networkservices.meshes.setIamPolicy
networkservices.meshes.update
networkservices.meshes.use
networkservices.operations.cancel
networkservices.operations.delete
networkservices.operations.get
networkservices.operations.list
networkservices.serviceBindings.create
networkservices.serviceBindings.delete
networkservices.serviceBindings.get
networkservices.serviceBindings.list
networkservices.serviceBindings.update
networkservices.tcpRoutes.create
networkservices.tcpRoutes.delete
networkservices.tcpRoutes.get
networkservices.tcpRoutes.getIamPolicy
networkservices.tcpRoutes.list
networkservices.tcpRoutes.setIamPolicy
networkservices.tcpRoutes.update
networkservices.tcpRoutes.use
networkservices.tlsRoutes.create
networkservices.tlsRoutes.delete
networkservices.tlsRoutes.get
networkservices.tlsRoutes.list
networkservices.tlsRoutes.update
networkservices.tlsRoutes.use

resourcemanager.projects.get

resourcemanager.projects.list

servicedirectory.namespaces.create

servicedirectory.namespaces.delete

servicedirectory.services.create

servicedirectory.services.delete

servicenetworking.operations.get

servicenetworking.services.addPeering

servicenetworking.services.createPeeredDnsDomain

servicenetworking.services.deleteConnection

servicenetworking.services.deletePeeredDnsDomain

servicenetworking.services.disableVpcServiceControls

servicenetworking.services.enableVpcServiceControls

servicenetworking.services.get

servicenetworking.services.listPeeredDnsDomains

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

trafficdirector.*

trafficdirector.networks.getConfigs
trafficdirector.networks.reportMetrics

Rôle d'utilisateur de réseau de Compute

Détails Autorisations

Détails	Autorisations
Utilisateur de réseau Compute (`roles/compute.networkUser`) Fournit l'accès à un réseau VPC partagé Une fois ce rôle accordé, les propriétaires de service peuvent utiliser les réseaux et sous-réseaux VPC appartenant au projet hôte. Par exemple, un utilisateur du réseau peut créer une instance de VM appartenant à un réseau du projet hôte. Toutefois, il ne peut ni supprimer, ni créer des réseaux dans le projet hôte. Ressources de niveau inférieur auxquelles vous pouvez attribuer ce rôle : Projet	compute.addresses.createInternal compute.addresses.deleteInternal compute.addresses.get compute.addresses.list compute.addresses.useInternal compute.externalVpnGateways.get compute.externalVpnGateways.list compute.externalVpnGateways.use compute.firewalls.get compute.firewalls.list compute.interconnectAttachments.get compute.interconnectAttachments.list compute.interconnectLocations.* compute.interconnectLocations.get compute.interconnectLocations.list compute.interconnectRemoteLocations.* compute.interconnectRemoteLocations.get compute.interconnectRemoteLocations.list compute.interconnects.get compute.interconnects.list compute.interconnects.use compute.networkAttachments.get compute.networkAttachments.list compute.networks.access compute.networks.get compute.networks.getEffectiveFirewalls compute.networks.getRegionEffectiveFirewalls compute.networks.list compute.networks.listPeeringRoutes compute.networks.use compute.networks.useExternalIp compute.projects.get compute.regions.* compute.regions.get compute.regions.list compute.routers.get compute.routers.list compute.routes.get compute.routes.list compute.serviceAttachments.get compute.serviceAttachments.list compute.subnetworks.get compute.subnetworks.list compute.subnetworks.use compute.subnetworks.useExternalIp compute.targetVpnGateways.get compute.targetVpnGateways.list compute.vpnGateways.get compute.vpnGateways.list compute.vpnGateways.use compute.vpnTunnels.get compute.vpnTunnels.list compute.zones.* compute.zones.get compute.zones.list networkconnectivity.internalRanges.get networkconnectivity.internalRanges.list networkconnectivity.locations.* networkconnectivity.locations.get networkconnectivity.locations.list networkconnectivity.operations.get networkconnectivity.operations.list networkconnectivity.policyBasedRoutes.get networkconnectivity.policyBasedRoutes.list networksecurity.authorizationPolicies.get networksecurity.authorizationPolicies.list networksecurity.authorizationPolicies.use networksecurity.clientTlsPolicies.get networksecurity.clientTlsPolicies.list networksecurity.clientTlsPolicies.use networksecurity.gatewaySecurityPolicies.get networksecurity.gatewaySecurityPolicies.list networksecurity.gatewaySecurityPolicies.use networksecurity.gatewaySecurityPolicyRules.get networksecurity.gatewaySecurityPolicyRules.list networksecurity.gatewaySecurityPolicyRules.use networksecurity.locations.* networksecurity.locations.get networksecurity.locations.list networksecurity.operations.get networksecurity.operations.list networksecurity.serverTlsPolicies.get networksecurity.serverTlsPolicies.list networksecurity.serverTlsPolicies.use networksecurity.tlsInspectionPolicies.get networksecurity.tlsInspectionPolicies.list networksecurity.tlsInspectionPolicies.use networksecurity.urlLists.get networksecurity.urlLists.list networksecurity.urlLists.use networkservices.endpointConfigSelectors.get networkservices.endpointConfigSelectors.list networkservices.endpointConfigSelectors.use networkservices.endpointPolicies.get networkservices.endpointPolicies.list networkservices.endpointPolicies.use networkservices.gateways.get networkservices.gateways.list networkservices.gateways.use networkservices.grpcRoutes.get networkservices.grpcRoutes.list networkservices.grpcRoutes.use networkservices.httpFilters.get networkservices.httpFilters.list networkservices.httpFilters.use networkservices.httpRoutes.get networkservices.httpRoutes.list networkservices.httpRoutes.use networkservices.httpfilters.get networkservices.httpfilters.list networkservices.httpfilters.use networkservices.locations.* networkservices.locations.get networkservices.locations.list networkservices.meshes.get networkservices.meshes.list networkservices.meshes.use networkservices.operations.get networkservices.operations.list networkservices.serviceBindings.get networkservices.serviceBindings.list networkservices.tcpRoutes.get networkservices.tcpRoutes.list networkservices.tcpRoutes.use networkservices.tlsRoutes.get networkservices.tlsRoutes.list networkservices.tlsRoutes.use resourcemanager.projects.get resourcemanager.projects.list servicenetworking.services.get serviceusage.quotas.get serviceusage.services.get serviceusage.services.list

Utilisateur de réseau Compute

(roles/compute.networkUser)

Fournit l'accès à un réseau VPC partagé

Une fois ce rôle accordé, les propriétaires de service peuvent utiliser les réseaux et sous-réseaux VPC appartenant au projet hôte. Par exemple, un utilisateur du réseau peut créer une instance de VM appartenant à un réseau du projet hôte. Toutefois, il ne peut ni supprimer, ni créer des réseaux dans le projet hôte.

Ressources de niveau inférieur auxquelles vous pouvez attribuer ce rôle :

Projet

compute.addresses.createInternal

compute.addresses.deleteInternal

compute.addresses.get

compute.addresses.list

compute.addresses.useInternal

compute.externalVpnGateways.get

compute.externalVpnGateways.list

compute.externalVpnGateways.use

compute.firewalls.get

compute.firewalls.list

compute.interconnectAttachments.get

compute.interconnectAttachments.list

compute.interconnectLocations.*

compute.interconnectLocations.get
compute.interconnectLocations.list

compute.interconnectRemoteLocations.*

compute.interconnectRemoteLocations.get
compute.interconnectRemoteLocations.list

compute.interconnects.get

compute.interconnects.list

compute.interconnects.use

compute.networkAttachments.get

compute.networkAttachments.list

compute.networks.access

compute.networks.get

compute.networks.getEffectiveFirewalls

compute.networks.getRegionEffectiveFirewalls

compute.networks.list

compute.networks.listPeeringRoutes

compute.networks.use

compute.networks.useExternalIp

compute.projects.get

compute.regions.*

compute.regions.get
compute.regions.list

compute.routers.get

compute.routers.list

compute.routes.get

compute.routes.list

compute.serviceAttachments.get

compute.serviceAttachments.list

compute.subnetworks.get

compute.subnetworks.list

compute.subnetworks.use

compute.subnetworks.useExternalIp

compute.targetVpnGateways.get

compute.targetVpnGateways.list

compute.vpnGateways.get

compute.vpnGateways.list

compute.vpnGateways.use

compute.vpnTunnels.get

compute.vpnTunnels.list

compute.zones.*

compute.zones.get
compute.zones.list

networkconnectivity.internalRanges.get

networkconnectivity.internalRanges.list

networkconnectivity.locations.*

networkconnectivity.locations.get
networkconnectivity.locations.list

networkconnectivity.operations.get

networkconnectivity.operations.list

networkconnectivity.policyBasedRoutes.get

networkconnectivity.policyBasedRoutes.list

networksecurity.authorizationPolicies.get

networksecurity.authorizationPolicies.list

networksecurity.authorizationPolicies.use

networksecurity.clientTlsPolicies.get

networksecurity.clientTlsPolicies.list

networksecurity.clientTlsPolicies.use

networksecurity.gatewaySecurityPolicies.get

networksecurity.gatewaySecurityPolicies.list

networksecurity.gatewaySecurityPolicies.use

networksecurity.gatewaySecurityPolicyRules.get

networksecurity.gatewaySecurityPolicyRules.list

networksecurity.gatewaySecurityPolicyRules.use

networksecurity.locations.*

networksecurity.locations.get
networksecurity.locations.list

networksecurity.operations.get

networksecurity.operations.list

networksecurity.serverTlsPolicies.get

networksecurity.serverTlsPolicies.list

networksecurity.serverTlsPolicies.use

networksecurity.tlsInspectionPolicies.get

networksecurity.tlsInspectionPolicies.list

networksecurity.tlsInspectionPolicies.use

networksecurity.urlLists.get

networksecurity.urlLists.list

networksecurity.urlLists.use

networkservices.endpointConfigSelectors.get

networkservices.endpointConfigSelectors.list

networkservices.endpointConfigSelectors.use

networkservices.endpointPolicies.get

networkservices.endpointPolicies.list

networkservices.endpointPolicies.use

networkservices.gateways.get

networkservices.gateways.list

networkservices.gateways.use

networkservices.grpcRoutes.get

networkservices.grpcRoutes.list

networkservices.grpcRoutes.use

networkservices.httpFilters.get

networkservices.httpFilters.list

networkservices.httpFilters.use

networkservices.httpRoutes.get

networkservices.httpRoutes.list

networkservices.httpRoutes.use

networkservices.httpfilters.get

networkservices.httpfilters.list

networkservices.httpfilters.use

networkservices.locations.*

networkservices.locations.get
networkservices.locations.list

networkservices.meshes.get

networkservices.meshes.list

networkservices.meshes.use

networkservices.operations.get

networkservices.operations.list

networkservices.serviceBindings.get

networkservices.serviceBindings.list

networkservices.tcpRoutes.get

networkservices.tcpRoutes.list

networkservices.tcpRoutes.use

networkservices.tlsRoutes.get

networkservices.tlsRoutes.list

networkservices.tlsRoutes.use

resourcemanager.projects.get

resourcemanager.projects.list

servicenetworking.services.get

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Rôle de lecteur de réseau de Compute

Détails Autorisations

Détails	Autorisations
Lecteur de réseau Compute (`roles/compute.networkViewer`) Accès en lecture seule à toutes les ressources réseau. Par exemple, si vous disposez d'un logiciel qui inspecte la configuration de votre réseau, vous pouvez attribuer ce rôle au compte de service de ce logiciel. Ressources de niveau inférieur auxquelles vous pouvez attribuer ce rôle : Instance^Bêta	compute.acceleratorTypes.* compute.acceleratorTypes.get compute.acceleratorTypes.list compute.addresses.get compute.addresses.list compute.autoscalers.get compute.autoscalers.list compute.backendBuckets.get compute.backendBuckets.list compute.backendServices.get compute.backendServices.list compute.disks.listEffectiveTags compute.disks.listTagBindings compute.externalVpnGateways.get compute.externalVpnGateways.list compute.firewalls.get compute.firewalls.list compute.forwardingRules.get compute.forwardingRules.list compute.globalAddresses.get compute.globalAddresses.list compute.globalForwardingRules.get compute.globalForwardingRules.list compute.globalForwardingRules.pscGet compute.healthChecks.get compute.healthChecks.list compute.httpHealthChecks.get compute.httpHealthChecks.list compute.httpsHealthChecks.get compute.httpsHealthChecks.list compute.images.listEffectiveTags compute.images.listTagBindings compute.instanceGroupManagers.get compute.instanceGroupManagers.list compute.instanceGroups.get compute.instanceGroups.list compute.instances.get compute.instances.getGuestAttributes compute.instances.getScreenshot compute.instances.getSerialPortOutput compute.instances.list compute.instances.listEffectiveTags compute.instances.listReferrers compute.instances.listTagBindings compute.interconnectAttachments.get compute.interconnectAttachments.list compute.interconnectLocations.* compute.interconnectLocations.get compute.interconnectLocations.list compute.interconnectRemoteLocations.* compute.interconnectRemoteLocations.get compute.interconnectRemoteLocations.list compute.interconnects.get compute.interconnects.list compute.machineTypes.* compute.machineTypes.get compute.machineTypes.list compute.networkAttachments.get compute.networkAttachments.list compute.networks.get compute.networks.getEffectiveFirewalls compute.networks.getRegionEffectiveFirewalls compute.networks.list compute.networks.listPeeringRoutes compute.packetMirrorings.get compute.packetMirrorings.list compute.projects.get compute.regionBackendServices.get compute.regionBackendServices.list compute.regionHealthCheckServices.get compute.regionHealthCheckServices.list compute.regionHealthChecks.get compute.regionHealthChecks.list compute.regionNotificationEndpoints.get compute.regionNotificationEndpoints.list compute.regionSslCertificates.get compute.regionSslCertificates.list compute.regionSslPolicies.get compute.regionSslPolicies.list compute.regionSslPolicies.listAvailableFeatures compute.regionTargetHttpProxies.get compute.regionTargetHttpProxies.list compute.regionTargetHttpsProxies.get compute.regionTargetHttpsProxies.list compute.regionTargetTcpProxies.get compute.regionTargetTcpProxies.list compute.regionUrlMaps.get compute.regionUrlMaps.list compute.regions.* compute.regions.get compute.regions.list compute.routers.get compute.routers.list compute.routes.get compute.routes.list compute.serviceAttachments.get compute.serviceAttachments.list compute.snapshots.listEffectiveTags compute.snapshots.listTagBindings compute.sslCertificates.get compute.sslCertificates.list compute.sslPolicies.get compute.sslPolicies.list compute.sslPolicies.listAvailableFeatures compute.subnetworks.get compute.subnetworks.list compute.targetGrpcProxies.get compute.targetGrpcProxies.list compute.targetHttpProxies.get compute.targetHttpProxies.list compute.targetHttpsProxies.get compute.targetHttpsProxies.list compute.targetInstances.get compute.targetInstances.list compute.targetPools.get compute.targetPools.list compute.targetSslProxies.get compute.targetSslProxies.list compute.targetTcpProxies.get compute.targetTcpProxies.list compute.targetVpnGateways.get compute.targetVpnGateways.list compute.urlMaps.get compute.urlMaps.list compute.vpnGateways.get compute.vpnGateways.list compute.vpnTunnels.get compute.vpnTunnels.list compute.zones.* compute.zones.get compute.zones.list networkconnectivity.internalRanges.get networkconnectivity.internalRanges.list networkconnectivity.locations.* networkconnectivity.locations.get networkconnectivity.locations.list networkconnectivity.operations.get networkconnectivity.operations.list networkconnectivity.policyBasedRoutes.get networkconnectivity.policyBasedRoutes.list networksecurity.authorizationPolicies.get networksecurity.authorizationPolicies.list networksecurity.clientTlsPolicies.get networksecurity.clientTlsPolicies.list networksecurity.gatewaySecurityPolicies.get networksecurity.gatewaySecurityPolicies.list networksecurity.gatewaySecurityPolicyRules.get networksecurity.gatewaySecurityPolicyRules.list networksecurity.locations.* networksecurity.locations.get networksecurity.locations.list networksecurity.operations.get networksecurity.operations.list networksecurity.serverTlsPolicies.get networksecurity.serverTlsPolicies.list networksecurity.tlsInspectionPolicies.get networksecurity.tlsInspectionPolicies.list networksecurity.urlLists.get networksecurity.urlLists.list networkservices.endpointConfigSelectors.get networkservices.endpointConfigSelectors.list networkservices.endpointPolicies.get networkservices.endpointPolicies.list networkservices.gateways.get networkservices.gateways.list networkservices.grpcRoutes.get networkservices.grpcRoutes.list networkservices.httpFilters.get networkservices.httpFilters.list networkservices.httpRoutes.get networkservices.httpRoutes.list networkservices.httpfilters.get networkservices.httpfilters.list networkservices.locations.* networkservices.locations.get networkservices.locations.list networkservices.meshes.get networkservices.meshes.list networkservices.operations.get networkservices.operations.list networkservices.serviceBindings.get networkservices.serviceBindings.list networkservices.tcpRoutes.get networkservices.tcpRoutes.list networkservices.tlsRoutes.get networkservices.tlsRoutes.list resourcemanager.projects.get resourcemanager.projects.list servicenetworking.services.get serviceusage.quotas.get serviceusage.services.get serviceusage.services.list trafficdirector.* trafficdirector.networks.getConfigs trafficdirector.networks.reportMetrics

Lecteur de réseau Compute

(roles/compute.networkViewer)

Accès en lecture seule à toutes les ressources réseau.

Par exemple, si vous disposez d'un logiciel qui inspecte la configuration de votre réseau, vous pouvez attribuer ce rôle au compte de service de ce logiciel.

Ressources de niveau inférieur auxquelles vous pouvez attribuer ce rôle :

Instance^Bêta

compute.acceleratorTypes.*

compute.acceleratorTypes.get
compute.acceleratorTypes.list

compute.addresses.get

compute.addresses.list

compute.autoscalers.get

compute.autoscalers.list

compute.backendBuckets.get

compute.backendBuckets.list

compute.backendServices.get

compute.backendServices.list

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.externalVpnGateways.get

compute.externalVpnGateways.list

compute.firewalls.get

compute.firewalls.list

compute.forwardingRules.get

compute.forwardingRules.list

compute.globalAddresses.get

compute.globalAddresses.list

compute.globalForwardingRules.get

compute.globalForwardingRules.list

compute.globalForwardingRules.pscGet

compute.healthChecks.get

compute.healthChecks.list

compute.httpHealthChecks.get

compute.httpHealthChecks.list

compute.httpsHealthChecks.get

compute.httpsHealthChecks.list

compute.images.listEffectiveTags

compute.images.listTagBindings

compute.instanceGroupManagers.get

compute.instanceGroupManagers.list

compute.instanceGroups.get

compute.instanceGroups.list

compute.instances.get

compute.instances.getGuestAttributes

compute.instances.getScreenshot

compute.instances.getSerialPortOutput

compute.instances.list

compute.instances.listEffectiveTags

compute.instances.listReferrers

compute.instances.listTagBindings

compute.interconnectAttachments.get

compute.interconnectAttachments.list

compute.interconnectLocations.*

compute.interconnectLocations.get
compute.interconnectLocations.list

compute.interconnectRemoteLocations.*

compute.interconnectRemoteLocations.get
compute.interconnectRemoteLocations.list

compute.interconnects.get

compute.interconnects.list

compute.machineTypes.*

compute.machineTypes.get
compute.machineTypes.list

compute.networkAttachments.get

compute.networkAttachments.list

compute.networks.get

compute.networks.getEffectiveFirewalls

compute.networks.getRegionEffectiveFirewalls

compute.networks.list

compute.networks.listPeeringRoutes

compute.packetMirrorings.get

compute.packetMirrorings.list

compute.projects.get

compute.regionBackendServices.get

compute.regionBackendServices.list

compute.regionHealthCheckServices.get

compute.regionHealthCheckServices.list

compute.regionHealthChecks.get

compute.regionHealthChecks.list

compute.regionNotificationEndpoints.get

compute.regionNotificationEndpoints.list

compute.regionSslCertificates.get

compute.regionSslCertificates.list

compute.regionSslPolicies.get

compute.regionSslPolicies.list

compute.regionSslPolicies.listAvailableFeatures

compute.regionTargetHttpProxies.get

compute.regionTargetHttpProxies.list

compute.regionTargetHttpsProxies.get

compute.regionTargetHttpsProxies.list

compute.regionTargetTcpProxies.get

compute.regionTargetTcpProxies.list

compute.regionUrlMaps.get

compute.regionUrlMaps.list

compute.regions.*

compute.regions.get
compute.regions.list

compute.routers.get

compute.routers.list

compute.routes.get

compute.routes.list

compute.serviceAttachments.get

compute.serviceAttachments.list

compute.snapshots.listEffectiveTags

compute.snapshots.listTagBindings

compute.sslCertificates.get

compute.sslCertificates.list

compute.sslPolicies.get

compute.sslPolicies.list

compute.sslPolicies.listAvailableFeatures

compute.subnetworks.get

compute.subnetworks.list

compute.targetGrpcProxies.get

compute.targetGrpcProxies.list

compute.targetHttpProxies.get

compute.targetHttpProxies.list

compute.targetHttpsProxies.get

compute.targetHttpsProxies.list

compute.targetInstances.get

compute.targetInstances.list

compute.targetPools.get

compute.targetPools.list

compute.targetSslProxies.get

compute.targetSslProxies.list

compute.targetTcpProxies.get

compute.targetTcpProxies.list

compute.targetVpnGateways.get

compute.targetVpnGateways.list

compute.urlMaps.get

compute.urlMaps.list

compute.vpnGateways.get

compute.vpnGateways.list

compute.vpnTunnels.get

compute.vpnTunnels.list

compute.zones.*

compute.zones.get
compute.zones.list

networkconnectivity.internalRanges.get

networkconnectivity.internalRanges.list

networkconnectivity.locations.*

networkconnectivity.locations.get
networkconnectivity.locations.list

networkconnectivity.operations.get

networkconnectivity.operations.list

networkconnectivity.policyBasedRoutes.get

networkconnectivity.policyBasedRoutes.list

networksecurity.authorizationPolicies.get

networksecurity.authorizationPolicies.list

networksecurity.clientTlsPolicies.get

networksecurity.clientTlsPolicies.list

networksecurity.gatewaySecurityPolicies.get

networksecurity.gatewaySecurityPolicies.list

networksecurity.gatewaySecurityPolicyRules.get

networksecurity.gatewaySecurityPolicyRules.list

networksecurity.locations.*

networksecurity.locations.get
networksecurity.locations.list

networksecurity.operations.get

networksecurity.operations.list

networksecurity.serverTlsPolicies.get

networksecurity.serverTlsPolicies.list

networksecurity.tlsInspectionPolicies.get

networksecurity.tlsInspectionPolicies.list

networksecurity.urlLists.get

networksecurity.urlLists.list

networkservices.endpointConfigSelectors.get

networkservices.endpointConfigSelectors.list

networkservices.endpointPolicies.get

networkservices.endpointPolicies.list

networkservices.gateways.get

networkservices.gateways.list

networkservices.grpcRoutes.get

networkservices.grpcRoutes.list

networkservices.httpFilters.get

networkservices.httpFilters.list

networkservices.httpRoutes.get

networkservices.httpRoutes.list

networkservices.httpfilters.get

networkservices.httpfilters.list

networkservices.locations.*

networkservices.locations.get
networkservices.locations.list

networkservices.meshes.get

networkservices.meshes.list

networkservices.operations.get

networkservices.operations.list

networkservices.serviceBindings.get

networkservices.serviceBindings.list

networkservices.tcpRoutes.get

networkservices.tcpRoutes.list

networkservices.tlsRoutes.get

networkservices.tlsRoutes.list

resourcemanager.projects.get

resourcemanager.projects.list

servicenetworking.services.get

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

trafficdirector.*

trafficdirector.networks.getConfigs
trafficdirector.networks.reportMetrics

Rôle d'administrateur des stratégies de pare-feu de l'organisation Compute

Détails Autorisations

Détails	Autorisations
Administrateur des règles de pare-feu de l'organisation Compute (`roles/compute.orgFirewallPolicyAdmin`) Contrôle complet des règles de pare-feu de l'organisation Compute Engine.	compute.firewallPolicies.cloneRules compute.firewallPolicies.create compute.firewallPolicies.delete compute.firewallPolicies.get compute.firewallPolicies.getIamPolicy compute.firewallPolicies.list compute.firewallPolicies.move compute.firewallPolicies.setIamPolicy compute.firewallPolicies.update compute.firewallPolicies.use compute.globalOperations.get compute.globalOperations.getIamPolicy compute.globalOperations.list compute.globalOperations.setIamPolicy compute.projects.get compute.regionFirewallPolicies.* compute.regionFirewallPolicies.cloneRules compute.regionFirewallPolicies.create compute.regionFirewallPolicies.delete compute.regionFirewallPolicies.get compute.regionFirewallPolicies.getIamPolicy compute.regionFirewallPolicies.list compute.regionFirewallPolicies.setIamPolicy compute.regionFirewallPolicies.update compute.regionFirewallPolicies.use compute.regionOperations.get compute.regionOperations.getIamPolicy compute.regionOperations.list compute.regionOperations.setIamPolicy resourcemanager.projects.get resourcemanager.projects.list serviceusage.quotas.get serviceusage.services.get serviceusage.services.list

Administrateur des règles de pare-feu de l'organisation Compute

(roles/compute.orgFirewallPolicyAdmin)

Contrôle complet des règles de pare-feu de l'organisation Compute Engine.

compute.firewallPolicies.cloneRules

compute.firewallPolicies.create

compute.firewallPolicies.delete

compute.firewallPolicies.get

compute.firewallPolicies.getIamPolicy

compute.firewallPolicies.list

compute.firewallPolicies.move

compute.firewallPolicies.setIamPolicy

compute.firewallPolicies.update

compute.firewallPolicies.use

compute.globalOperations.get

compute.globalOperations.getIamPolicy

compute.globalOperations.list

compute.globalOperations.setIamPolicy

compute.projects.get

compute.regionFirewallPolicies.*

compute.regionFirewallPolicies.cloneRules
compute.regionFirewallPolicies.create
compute.regionFirewallPolicies.delete
compute.regionFirewallPolicies.get
compute.regionFirewallPolicies.getIamPolicy
compute.regionFirewallPolicies.list
compute.regionFirewallPolicies.setIamPolicy
compute.regionFirewallPolicies.update
compute.regionFirewallPolicies.use

compute.regionOperations.get

compute.regionOperations.getIamPolicy

compute.regionOperations.list

compute.regionOperations.setIamPolicy

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Rôle d'utilisateur des stratégies de pare-feu de l'organisation Compute

Détails Autorisations

Détails	Autorisations
Utilisateur des règles de pare-feu de l'organisation Compute (`roles/compute.orgFirewallPolicyUser`) Afficher ou utiliser des règles de pare-feu Compute Engine à associer à l'organisation ou aux dossiers.	compute.firewallPolicies.get compute.firewallPolicies.list compute.firewallPolicies.use compute.globalOperations.get compute.globalOperations.getIamPolicy compute.globalOperations.list compute.projects.get compute.regionFirewallPolicies.get compute.regionFirewallPolicies.list compute.regionFirewallPolicies.use compute.regionOperations.get compute.regionOperations.getIamPolicy compute.regionOperations.list resourcemanager.projects.get resourcemanager.projects.list serviceusage.quotas.get serviceusage.services.get serviceusage.services.list

Utilisateur des règles de pare-feu de l'organisation Compute

(roles/compute.orgFirewallPolicyUser)

Afficher ou utiliser des règles de pare-feu Compute Engine à associer à l'organisation ou aux dossiers.

compute.firewallPolicies.get

compute.firewallPolicies.list

compute.firewallPolicies.use

compute.globalOperations.get

compute.globalOperations.getIamPolicy

compute.globalOperations.list

compute.projects.get

compute.regionFirewallPolicies.get

compute.regionFirewallPolicies.list

compute.regionFirewallPolicies.use

compute.regionOperations.get

compute.regionOperations.getIamPolicy

compute.regionOperations.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Rôle d'administrateur des règles de sécurité de l'organisation Compute

Détails Autorisations

Détails	Autorisations
Administrateur des règles de sécurité Compute de l'organisation (`roles/compute.orgSecurityPolicyAdmin`) Contrôle complet des règles de sécurité Compute Engine de l'organisation.	compute.firewallPolicies.* compute.firewallPolicies.addAssociation compute.firewallPolicies.cloneRules compute.firewallPolicies.copyRules compute.firewallPolicies.create compute.firewallPolicies.delete compute.firewallPolicies.get compute.firewallPolicies.getIamPolicy compute.firewallPolicies.list compute.firewallPolicies.move compute.firewallPolicies.removeAssociation compute.firewallPolicies.setIamPolicy compute.firewallPolicies.update compute.firewallPolicies.use compute.globalOperations.get compute.globalOperations.getIamPolicy compute.globalOperations.list compute.globalOperations.setIamPolicy compute.projects.get compute.securityPolicies.addAssociation compute.securityPolicies.copyRules compute.securityPolicies.create compute.securityPolicies.delete compute.securityPolicies.get compute.securityPolicies.getIamPolicy compute.securityPolicies.list compute.securityPolicies.move compute.securityPolicies.removeAssociation compute.securityPolicies.setIamPolicy compute.securityPolicies.update compute.securityPolicies.use resourcemanager.projects.get resourcemanager.projects.list serviceusage.quotas.get serviceusage.services.get serviceusage.services.list

Administrateur des règles de sécurité Compute de l'organisation

(roles/compute.orgSecurityPolicyAdmin)

Contrôle complet des règles de sécurité Compute Engine de l'organisation.

compute.firewallPolicies.*

compute.firewallPolicies.addAssociation
compute.firewallPolicies.cloneRules
compute.firewallPolicies.copyRules
compute.firewallPolicies.create
compute.firewallPolicies.delete
compute.firewallPolicies.get
compute.firewallPolicies.getIamPolicy
compute.firewallPolicies.list
compute.firewallPolicies.move
compute.firewallPolicies.removeAssociation
compute.firewallPolicies.setIamPolicy
compute.firewallPolicies.update
compute.firewallPolicies.use

compute.globalOperations.get

compute.globalOperations.getIamPolicy

compute.globalOperations.list

compute.globalOperations.setIamPolicy

compute.projects.get

compute.securityPolicies.addAssociation

compute.securityPolicies.copyRules

compute.securityPolicies.create

compute.securityPolicies.delete

compute.securityPolicies.get

compute.securityPolicies.getIamPolicy

compute.securityPolicies.list

compute.securityPolicies.move

compute.securityPolicies.removeAssociation

compute.securityPolicies.setIamPolicy

compute.securityPolicies.update

compute.securityPolicies.use

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Règle d'utilisateur des règles de sécurité de l'organisation Compute

Détails Autorisations

Détails	Autorisations
Utilisateur des règles de sécurité Compute de l'organisation (`roles/compute.orgSecurityPolicyUser`) Affichez ou utilisez des règles de sécurité Compute Engine à associer à l'organisation ou aux dossiers.	compute.firewallPolicies.addAssociation compute.firewallPolicies.get compute.firewallPolicies.list compute.firewallPolicies.removeAssociation compute.firewallPolicies.use compute.globalOperations.get compute.globalOperations.getIamPolicy compute.globalOperations.list compute.globalOperations.setIamPolicy compute.projects.get compute.securityPolicies.addAssociation compute.securityPolicies.get compute.securityPolicies.list compute.securityPolicies.removeAssociation compute.securityPolicies.use resourcemanager.projects.get resourcemanager.projects.list serviceusage.quotas.get serviceusage.services.get serviceusage.services.list

Utilisateur des règles de sécurité Compute de l'organisation

(roles/compute.orgSecurityPolicyUser)

Affichez ou utilisez des règles de sécurité Compute Engine à associer à l'organisation ou aux dossiers.

compute.firewallPolicies.addAssociation

compute.firewallPolicies.get

compute.firewallPolicies.list

compute.firewallPolicies.removeAssociation

compute.firewallPolicies.use

compute.globalOperations.get

compute.globalOperations.getIamPolicy

compute.globalOperations.list

compute.globalOperations.setIamPolicy

compute.projects.get

compute.securityPolicies.addAssociation

compute.securityPolicies.get

compute.securityPolicies.list

compute.securityPolicies.removeAssociation

compute.securityPolicies.use

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Rôle d'administrateur des ressources de l'organisation Compute

Détails Autorisations

Détails	Autorisations
Administrateur des ressources de l'organisation Compute (`roles/compute.orgSecurityResourceAdmin`) Contrôle complet des associations des règles de pare-feu Compute Engine à l'organisation ou aux dossiers.	compute.globalOperations.get compute.globalOperations.getIamPolicy compute.globalOperations.list compute.globalOperations.setIamPolicy compute.organizations.listAssociations compute.organizations.setFirewallPolicy compute.organizations.setSecurityPolicy compute.projects.get resourcemanager.projects.get resourcemanager.projects.list serviceusage.quotas.get serviceusage.services.get serviceusage.services.list

Administrateur des ressources de l'organisation Compute

(roles/compute.orgSecurityResourceAdmin)

Contrôle complet des associations des règles de pare-feu Compute Engine à l'organisation ou aux dossiers.

compute.globalOperations.get

compute.globalOperations.getIamPolicy

compute.globalOperations.list

compute.globalOperations.setIamPolicy

compute.organizations.listAssociations

compute.organizations.setFirewallPolicy

compute.organizations.setSecurityPolicy

compute.projects.get

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Rôle de connexion administrateur au système d'exploitation Compute

Détails Autorisations

Détails	Autorisations
Connexion administrateur au système d'exploitation Compute (`roles/compute.osAdminLogin`) Permet de se connecter à une instance Compute Engine en tant qu'administrateur. Ressources de niveau inférieur auxquelles vous pouvez attribuer ce rôle : Instance^Bêta	compute.disks.listEffectiveTags compute.disks.listTagBindings compute.images.listEffectiveTags compute.images.listTagBindings compute.instances.get compute.instances.list compute.instances.listEffectiveTags compute.instances.listTagBindings compute.instances.osAdminLogin compute.instances.osLogin compute.projects.get compute.snapshots.listEffectiveTags compute.snapshots.listTagBindings resourcemanager.projects.get resourcemanager.projects.list serviceusage.quotas.get serviceusage.services.get serviceusage.services.list

Connexion administrateur au système d'exploitation Compute

(roles/compute.osAdminLogin)

Permet de se connecter à une instance Compute Engine en tant qu'administrateur.

Ressources de niveau inférieur auxquelles vous pouvez attribuer ce rôle :

Instance^Bêta

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.images.listEffectiveTags

compute.images.listTagBindings

compute.instances.get

compute.instances.list

compute.instances.listEffectiveTags

compute.instances.listTagBindings

compute.instances.osAdminLogin

compute.instances.osLogin

compute.projects.get

compute.snapshots.listEffectiveTags

compute.snapshots.listTagBindings

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Rôle de connexion au système d'exploitation Compute

Détails Autorisations

Détails	Autorisations
Connexion au système d'exploitation Compute (`roles/compute.osLogin`) Permet de se connecter à une instance Compute Engine en tant qu'utilisateur standard. Ressources de niveau inférieur auxquelles vous pouvez attribuer ce rôle : Instance^Bêta	compute.disks.listEffectiveTags compute.disks.listTagBindings compute.images.listEffectiveTags compute.images.listTagBindings compute.instances.get compute.instances.list compute.instances.listEffectiveTags compute.instances.listTagBindings compute.instances.osLogin compute.projects.get compute.snapshots.listEffectiveTags compute.snapshots.listTagBindings resourcemanager.projects.get resourcemanager.projects.list serviceusage.quotas.get serviceusage.services.get serviceusage.services.list

Connexion au système d'exploitation Compute

(roles/compute.osLogin)

Permet de se connecter à une instance Compute Engine en tant qu'utilisateur standard.

Ressources de niveau inférieur auxquelles vous pouvez attribuer ce rôle :

Instance^Bêta

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.images.listEffectiveTags

compute.images.listTagBindings

compute.instances.get

compute.instances.list

compute.instances.listEffectiveTags

compute.instances.listTagBindings

compute.instances.osLogin

compute.projects.get

compute.snapshots.listEffectiveTags

compute.snapshots.listTagBindings

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Rôle de connexion au système d'exploitation Compute en tant qu'utilisateur externe

Détails Autorisations

Détails	Autorisations
Connexion au système d'exploitation Compute en tant qu'utilisateur externe (`roles/compute.osLoginExternalUser`) Disponible uniquement au niveau de l'organisation. Permet à un utilisateur externe de définir les informations de connexion au système d'exploitation associées à cette organisation. Ce rôle n'accorde pas l'accès aux instances. Les utilisateurs externes doivent avoir l'un des rôles requis pour la connexion au système d'exploitation afin de pouvoir accéder aux instances via SSH. Ressources de niveau inférieur auxquelles vous pouvez attribuer ce rôle : Organisation	compute.oslogin.updateExternalUser

Connexion au système d'exploitation Compute en tant qu'utilisateur externe

(roles/compute.osLoginExternalUser)

Disponible uniquement au niveau de l'organisation.

Permet à un utilisateur externe de définir les informations de connexion au système d'exploitation associées à cette organisation. Ce rôle n'accorde pas l'accès aux instances. Les utilisateurs externes doivent avoir l'un des rôles requis pour la connexion au système d'exploitation afin de pouvoir accéder aux instances via SSH.

Ressources de niveau inférieur auxquelles vous pouvez attribuer ce rôle :

Organisation

compute.oslogin.updateExternalUser

Rôle d'administrateur de la mise en miroir de paquets Compute

Détails Autorisations

Détails	Autorisations
Administrateur de la mise en miroir de paquets Compute (`roles/compute.packetMirroringAdmin`) Spécifier les ressources à mettre en miroir.	compute.instances.updateSecurity compute.networks.mirror compute.projects.get compute.subnetworks.mirror resourcemanager.projects.get resourcemanager.projects.list serviceusage.quotas.get serviceusage.services.get serviceusage.services.list

Administrateur de la mise en miroir de paquets Compute

(roles/compute.packetMirroringAdmin)

Spécifier les ressources à mettre en miroir.

compute.instances.updateSecurity

compute.networks.mirror

compute.projects.get

compute.subnetworks.mirror

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Rôle utilisateur de la mise en miroir de paquets Compute

Détails Autorisations

Détails	Autorisations
Utilisateur de la mise en miroir de paquets Compute (`roles/compute.packetMirroringUser`) Utiliser les mises en miroir de paquets Compute Engine.	compute.packetMirrorings.* compute.packetMirrorings.create compute.packetMirrorings.delete compute.packetMirrorings.get compute.packetMirrorings.list compute.packetMirrorings.update compute.projects.get resourcemanager.projects.get resourcemanager.projects.list serviceusage.quotas.get serviceusage.services.get serviceusage.services.list

Utilisateur de la mise en miroir de paquets Compute

(roles/compute.packetMirroringUser)

Utiliser les mises en miroir de paquets Compute Engine.

compute.packetMirrorings.*

compute.packetMirrorings.create
compute.packetMirrorings.delete
compute.packetMirrorings.get
compute.packetMirrorings.list
compute.packetMirrorings.update

compute.projects.get

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Rôle d'administrateur d'adresses IP publiques Compute

Détails Autorisations

Détails	Autorisations
Administrateur d'adresse IP publique Compute (`roles/compute.publicIpAdmin`) Contrôle complet de la gestion des adresses IP publiques pour Compute Engine.	compute.addresses.* compute.addresses.create compute.addresses.createInternal compute.addresses.delete compute.addresses.deleteInternal compute.addresses.get compute.addresses.list compute.addresses.setLabels compute.addresses.use compute.addresses.useInternal compute.globalAddresses.* compute.globalAddresses.create compute.globalAddresses.createInternal compute.globalAddresses.delete compute.globalAddresses.deleteInternal compute.globalAddresses.get compute.globalAddresses.list compute.globalAddresses.setLabels compute.globalAddresses.use compute.globalPublicDelegatedPrefixes.* compute.globalPublicDelegatedPrefixes.create compute.globalPublicDelegatedPrefixes.delete compute.globalPublicDelegatedPrefixes.get compute.globalPublicDelegatedPrefixes.list compute.globalPublicDelegatedPrefixes.update compute.globalPublicDelegatedPrefixes.updatePolicy compute.globalPublicDelegatedPrefixes.use compute.publicAdvertisedPrefixes.* compute.publicAdvertisedPrefixes.create compute.publicAdvertisedPrefixes.delete compute.publicAdvertisedPrefixes.get compute.publicAdvertisedPrefixes.list compute.publicAdvertisedPrefixes.update compute.publicAdvertisedPrefixes.updatePolicy compute.publicAdvertisedPrefixes.use compute.publicDelegatedPrefixes.* compute.publicDelegatedPrefixes.create compute.publicDelegatedPrefixes.delete compute.publicDelegatedPrefixes.get compute.publicDelegatedPrefixes.list compute.publicDelegatedPrefixes.update compute.publicDelegatedPrefixes.updatePolicy compute.publicDelegatedPrefixes.use resourcemanager.projects.get resourcemanager.projects.list

Administrateur d'adresse IP publique Compute

(roles/compute.publicIpAdmin)

Contrôle complet de la gestion des adresses IP publiques pour Compute Engine.

compute.addresses.*

compute.addresses.create
compute.addresses.createInternal
compute.addresses.delete
compute.addresses.deleteInternal
compute.addresses.get
compute.addresses.list
compute.addresses.setLabels
compute.addresses.use
compute.addresses.useInternal

compute.globalAddresses.*

compute.globalAddresses.create
compute.globalAddresses.createInternal
compute.globalAddresses.delete
compute.globalAddresses.deleteInternal
compute.globalAddresses.get
compute.globalAddresses.list
compute.globalAddresses.setLabels
compute.globalAddresses.use

compute.globalPublicDelegatedPrefixes.*

compute.globalPublicDelegatedPrefixes.create
compute.globalPublicDelegatedPrefixes.delete
compute.globalPublicDelegatedPrefixes.get
compute.globalPublicDelegatedPrefixes.list
compute.globalPublicDelegatedPrefixes.update
compute.globalPublicDelegatedPrefixes.updatePolicy
compute.globalPublicDelegatedPrefixes.use

compute.publicAdvertisedPrefixes.*

compute.publicAdvertisedPrefixes.create
compute.publicAdvertisedPrefixes.delete
compute.publicAdvertisedPrefixes.get
compute.publicAdvertisedPrefixes.list
compute.publicAdvertisedPrefixes.update
compute.publicAdvertisedPrefixes.updatePolicy
compute.publicAdvertisedPrefixes.use

compute.publicDelegatedPrefixes.*

compute.publicDelegatedPrefixes.create
compute.publicDelegatedPrefixes.delete
compute.publicDelegatedPrefixes.get
compute.publicDelegatedPrefixes.list
compute.publicDelegatedPrefixes.update
compute.publicDelegatedPrefixes.updatePolicy
compute.publicDelegatedPrefixes.use

resourcemanager.projects.get

resourcemanager.projects.list

Rôle d'administrateur de sécurité de Compute

Détails Autorisations

Détails	Autorisations
Administrateur de sécurité de Compute (`roles/compute.securityAdmin`) Permet de créer, de modifier et de supprimer des règles de pare-feu et des certificats SSL, ainsi que de configurer les paramètres de VM protégée. Par exemple, si votre entreprise dispose d'une équipe de sécurité qui gère les pare-feu et les certificats SSL, ainsi que d'une équipe réseau qui gère le reste des ressources réseau, attribuez ce rôle au groupe de l'équipe de sécurité. Ressources de niveau inférieur auxquelles vous pouvez attribuer ce rôle : Instance^Bêta	compute.backendBuckets.list compute.backendServices.list compute.firewallPolicies.* compute.firewallPolicies.addAssociation compute.firewallPolicies.cloneRules compute.firewallPolicies.copyRules compute.firewallPolicies.create compute.firewallPolicies.delete compute.firewallPolicies.get compute.firewallPolicies.getIamPolicy compute.firewallPolicies.list compute.firewallPolicies.move compute.firewallPolicies.removeAssociation compute.firewallPolicies.setIamPolicy compute.firewallPolicies.update compute.firewallPolicies.use compute.firewalls.* compute.firewalls.create compute.firewalls.delete compute.firewalls.get compute.firewalls.list compute.firewalls.update compute.globalOperations.get compute.globalOperations.list compute.instances.getEffectiveFirewalls compute.instances.list compute.instances.setShieldedInstanceIntegrityPolicy compute.instances.setShieldedVmIntegrityPolicy compute.instances.updateSecurity compute.instances.updateShieldedInstanceConfig compute.instances.updateShieldedVmConfig compute.networks.get compute.networks.getEffectiveFirewalls compute.networks.getRegionEffectiveFirewalls compute.networks.list compute.networks.updatePolicy compute.packetMirrorings.* compute.packetMirrorings.create compute.packetMirrorings.delete compute.packetMirrorings.get compute.packetMirrorings.list compute.packetMirrorings.update compute.projects.get compute.regionBackendServices.list compute.regionFirewallPolicies.* compute.regionFirewallPolicies.cloneRules compute.regionFirewallPolicies.create compute.regionFirewallPolicies.delete compute.regionFirewallPolicies.get compute.regionFirewallPolicies.getIamPolicy compute.regionFirewallPolicies.list compute.regionFirewallPolicies.setIamPolicy compute.regionFirewallPolicies.update compute.regionFirewallPolicies.use compute.regionOperations.get compute.regionOperations.list compute.regionSecurityPolicies.* compute.regionSecurityPolicies.create compute.regionSecurityPolicies.delete compute.regionSecurityPolicies.get compute.regionSecurityPolicies.list compute.regionSecurityPolicies.update compute.regionSecurityPolicies.use compute.regionSslCertificates.* compute.regionSslCertificates.create compute.regionSslCertificates.delete compute.regionSslCertificates.get compute.regionSslCertificates.list compute.regionSslPolicies.* compute.regionSslPolicies.create compute.regionSslPolicies.delete compute.regionSslPolicies.get compute.regionSslPolicies.list compute.regionSslPolicies.listAvailableFeatures compute.regionSslPolicies.update compute.regionSslPolicies.use compute.regions.* compute.regions.get compute.regions.list compute.routers.get compute.routers.list compute.routes.get compute.routes.list compute.securityPolicies.* compute.securityPolicies.addAssociation compute.securityPolicies.copyRules compute.securityPolicies.create compute.securityPolicies.delete compute.securityPolicies.get compute.securityPolicies.getIamPolicy compute.securityPolicies.list compute.securityPolicies.move compute.securityPolicies.removeAssociation compute.securityPolicies.setIamPolicy compute.securityPolicies.setLabels compute.securityPolicies.update compute.securityPolicies.use compute.sslCertificates.* compute.sslCertificates.create compute.sslCertificates.delete compute.sslCertificates.get compute.sslCertificates.list compute.sslPolicies.* compute.sslPolicies.create compute.sslPolicies.delete compute.sslPolicies.get compute.sslPolicies.list compute.sslPolicies.listAvailableFeatures compute.sslPolicies.update compute.sslPolicies.use compute.subnetworks.get compute.subnetworks.list compute.targetInstances.list compute.targetPools.list compute.zoneOperations.get compute.zoneOperations.list compute.zones.* compute.zones.get compute.zones.list resourcemanager.projects.get resourcemanager.projects.list serviceusage.quotas.get serviceusage.services.get serviceusage.services.list

Administrateur de sécurité de Compute

(roles/compute.securityAdmin)

Permet de créer, de modifier et de supprimer des règles de pare-feu et des certificats SSL, ainsi que de configurer les paramètres de VM protégée.

Ressources de niveau inférieur auxquelles vous pouvez attribuer ce rôle :

Instance^Bêta

compute.backendBuckets.list

compute.backendServices.list

compute.firewallPolicies.*

compute.firewallPolicies.addAssociation
compute.firewallPolicies.cloneRules
compute.firewallPolicies.copyRules
compute.firewallPolicies.create
compute.firewallPolicies.delete
compute.firewallPolicies.get
compute.firewallPolicies.getIamPolicy
compute.firewallPolicies.list
compute.firewallPolicies.move
compute.firewallPolicies.removeAssociation
compute.firewallPolicies.setIamPolicy
compute.firewallPolicies.update
compute.firewallPolicies.use

compute.firewalls.*

compute.firewalls.create
compute.firewalls.delete
compute.firewalls.get
compute.firewalls.list
compute.firewalls.update

compute.globalOperations.get

compute.globalOperations.list

compute.instances.getEffectiveFirewalls

compute.instances.list

compute.instances.setShieldedInstanceIntegrityPolicy

compute.instances.setShieldedVmIntegrityPolicy

compute.instances.updateSecurity

compute.instances.updateShieldedInstanceConfig

compute.instances.updateShieldedVmConfig

compute.networks.get

compute.networks.getEffectiveFirewalls

compute.networks.getRegionEffectiveFirewalls

compute.networks.list

compute.networks.updatePolicy

compute.packetMirrorings.*

compute.packetMirrorings.create
compute.packetMirrorings.delete
compute.packetMirrorings.get
compute.packetMirrorings.list
compute.packetMirrorings.update

compute.projects.get

compute.regionBackendServices.list

compute.regionFirewallPolicies.*

compute.regionFirewallPolicies.cloneRules
compute.regionFirewallPolicies.create
compute.regionFirewallPolicies.delete
compute.regionFirewallPolicies.get
compute.regionFirewallPolicies.getIamPolicy
compute.regionFirewallPolicies.list
compute.regionFirewallPolicies.setIamPolicy
compute.regionFirewallPolicies.update
compute.regionFirewallPolicies.use

compute.regionOperations.get

compute.regionOperations.list

compute.regionSecurityPolicies.*

compute.regionSecurityPolicies.create
compute.regionSecurityPolicies.delete
compute.regionSecurityPolicies.get
compute.regionSecurityPolicies.list
compute.regionSecurityPolicies.update
compute.regionSecurityPolicies.use

compute.regionSslCertificates.*

compute.regionSslCertificates.create
compute.regionSslCertificates.delete
compute.regionSslCertificates.get
compute.regionSslCertificates.list

compute.regionSslPolicies.*

compute.regionSslPolicies.create
compute.regionSslPolicies.delete
compute.regionSslPolicies.get
compute.regionSslPolicies.list
compute.regionSslPolicies.listAvailableFeatures
compute.regionSslPolicies.update
compute.regionSslPolicies.use

compute.regions.*

compute.regions.get
compute.regions.list

compute.routers.get

compute.routers.list

compute.routes.get

compute.routes.list

compute.securityPolicies.*

compute.securityPolicies.addAssociation
compute.securityPolicies.copyRules
compute.securityPolicies.create
compute.securityPolicies.delete
compute.securityPolicies.get
compute.securityPolicies.getIamPolicy
compute.securityPolicies.list
compute.securityPolicies.move
compute.securityPolicies.removeAssociation
compute.securityPolicies.setIamPolicy
compute.securityPolicies.setLabels
compute.securityPolicies.update
compute.securityPolicies.use

compute.sslCertificates.*

compute.sslCertificates.create
compute.sslCertificates.delete
compute.sslCertificates.get
compute.sslCertificates.list

compute.sslPolicies.*

compute.sslPolicies.create
compute.sslPolicies.delete
compute.sslPolicies.get
compute.sslPolicies.list
compute.sslPolicies.listAvailableFeatures
compute.sslPolicies.update
compute.sslPolicies.use

compute.subnetworks.get

compute.subnetworks.list

compute.targetInstances.list

compute.targetPools.list

compute.zoneOperations.get

compute.zoneOperations.list

compute.zones.*

compute.zones.get
compute.zones.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Rôle de lecteur de locataire unique Compute

Détails Autorisations

Détails	Autorisations
Lecteur de groupe de nœuds de calcul à locataire unique (`roles/compute.soleTenantViewer`) Peut afficher les groupes de nœuds à locataire unique	compute.nodeGroups.get compute.nodeGroups.getIamPolicy compute.nodeGroups.list compute.nodeTemplates.get compute.nodeTemplates.getIamPolicy compute.nodeTemplates.list compute.nodeTypes.* compute.nodeTypes.get compute.nodeTypes.list

Lecteur de groupe de nœuds de calcul à locataire unique

(roles/compute.soleTenantViewer)

Peut afficher les groupes de nœuds à locataire unique

compute.nodeGroups.get

compute.nodeGroups.getIamPolicy

compute.nodeGroups.list

compute.nodeTemplates.get

compute.nodeTemplates.getIamPolicy

compute.nodeTemplates.list

compute.nodeTypes.*

compute.nodeTypes.get
compute.nodeTypes.list

Rôle d'administrateur Compute Storage

Détails Autorisations

Détails	Autorisations
Administrateur Compute Storage (`roles/compute.storageAdmin`) Permet de créer, modifier et supprimer des disques, des images et des instantanés. Par exemple, si une personne au sein de votre entreprise gère les images de projet et que vous ne souhaitez pas qu'elle dispose du rôle d'éditeur pour le projet, vous pouvez attribuer ce rôle à son compte. Ressources de niveau inférieur auxquelles vous pouvez attribuer ce rôle : Disque Image Instantané ^Bêta	compute.diskTypes.* compute.diskTypes.get compute.diskTypes.list compute.disks.* compute.disks.addResourcePolicies compute.disks.create compute.disks.createSnapshot compute.disks.createTagBinding compute.disks.delete compute.disks.deleteTagBinding compute.disks.get compute.disks.getiamPolicy compute.disks.list compute.disks.listEffectiveTags compute.disks.listTagBindings compute.disks.removeResourcePolicies compute.disks.resize compute.disks.setIamPolicy compute.disks.setLabels compute.disks.startAsyncReplication compute.disks.stopAsyncReplication compute.disks.stopGroupAsyncReplication compute.disks.update compute.disks.use compute.disks.useReadOnly compute.globalOperations.get compute.globalOperations.list compute.images.* compute.images.create compute.images.createTagBinding compute.images.delete compute.images.deleteTagBinding compute.images.deprecate compute.images.get compute.images.getFromFamily compute.images.getiamPolicy compute.images.list compute.images.listEffectiveTags compute.images.listTagBindings compute.images.setiamPolicy compute.images.setLabels compute.images.update compute.images.useReadOnly compute.instantSnapshots.* compute.instantSnapshots.create compute.instantSnapshots.delete compute.instantSnapshots.export compute.instantSnapshots.get compute.instantSnapshots.getIamPolicy compute.instantSnapshots.list compute.instantSnapshots.setIamPolicy compute.instantSnapshots.setLabels compute.instantSnapshots.useReadOnly compute.licenseCodes.* compute.licenseCodes.get compute.licenseCodes.getIamPolicy compute.licenseCodes.list compute.licenseCodes.setIamPolicy compute.licenseCodes.update compute.licenseCodes.use compute.licenses.* compute.licenses.create compute.licenses.delete compute.licenses.get compute.licenses.getiamPolicy compute.licenses.list compute.licenses.setIamPolicy compute.projects.get compute.regionOperations.get compute.regionOperations.list compute.regions.* compute.regions.get compute.regions.list compute.resourcePolicies.* compute.resourcePolicies.create compute.resourcePolicies.delete compute.resourcePolicies.get compute.resourcePolicies.getIamPolicy compute.resourcePolicies.list compute.resourcePolicies.setIamPolicy compute.resourcePolicies.update compute.resourcePolicies.use compute.resourcePolicies.useReadOnly compute.snapshots.* compute.snapshots.create compute.snapshots.createTagBinding compute.snapshots.delete compute.snapshots.deleteTagBinding compute.snapshots.get compute.snapshots.getiamPolicy compute.snapshots.list compute.snapshots.listEffectiveTags compute.snapshots.listTagBindings compute.snapshots.setiamPolicy compute.snapshots.setLabels compute.snapshots.useReadOnly compute.zoneOperations.get compute.zoneOperations.list compute.zones.* compute.zones.get compute.zones.list resourcemanager.projects.get resourcemanager.projects.list serviceusage.quotas.get serviceusage.services.get serviceusage.services.list

Administrateur Compute Storage

(roles/compute.storageAdmin)

Permet de créer, modifier et supprimer des disques, des images et des instantanés.

Par exemple, si une personne au sein de votre entreprise gère les images de projet et que vous ne souhaitez pas qu'elle dispose du rôle d'éditeur pour le projet, vous pouvez attribuer ce rôle à son compte.

Ressources de niveau inférieur auxquelles vous pouvez attribuer ce rôle :

Disque
Image
Instantané ^Bêta

compute.diskTypes.*

compute.diskTypes.get
compute.diskTypes.list

compute.disks.*

compute.disks.addResourcePolicies
compute.disks.create
compute.disks.createSnapshot
compute.disks.createTagBinding
compute.disks.delete
compute.disks.deleteTagBinding
compute.disks.get
compute.disks.getiamPolicy
compute.disks.list
compute.disks.listEffectiveTags
compute.disks.listTagBindings
compute.disks.removeResourcePolicies
compute.disks.resize
compute.disks.setIamPolicy
compute.disks.setLabels
compute.disks.startAsyncReplication
compute.disks.stopAsyncReplication
compute.disks.stopGroupAsyncReplication
compute.disks.update
compute.disks.use
compute.disks.useReadOnly

compute.globalOperations.get

compute.globalOperations.list

compute.images.*

compute.images.create
compute.images.createTagBinding
compute.images.delete
compute.images.deleteTagBinding
compute.images.deprecate
compute.images.get
compute.images.getFromFamily
compute.images.getiamPolicy
compute.images.list
compute.images.listEffectiveTags
compute.images.listTagBindings
compute.images.setiamPolicy
compute.images.setLabels
compute.images.update
compute.images.useReadOnly

compute.instantSnapshots.*

compute.instantSnapshots.create
compute.instantSnapshots.delete
compute.instantSnapshots.export
compute.instantSnapshots.get
compute.instantSnapshots.getIamPolicy
compute.instantSnapshots.list
compute.instantSnapshots.setIamPolicy
compute.instantSnapshots.setLabels
compute.instantSnapshots.useReadOnly

compute.licenseCodes.*

compute.licenseCodes.get
compute.licenseCodes.getIamPolicy
compute.licenseCodes.list
compute.licenseCodes.setIamPolicy
compute.licenseCodes.update
compute.licenseCodes.use

compute.licenses.*

compute.licenses.create
compute.licenses.delete
compute.licenses.get
compute.licenses.getiamPolicy
compute.licenses.list
compute.licenses.setIamPolicy

compute.projects.get

compute.regionOperations.get

compute.regionOperations.list

compute.regions.*

compute.regions.get
compute.regions.list

compute.resourcePolicies.*

compute.resourcePolicies.create
compute.resourcePolicies.delete
compute.resourcePolicies.get
compute.resourcePolicies.getIamPolicy
compute.resourcePolicies.list
compute.resourcePolicies.setIamPolicy
compute.resourcePolicies.update
compute.resourcePolicies.use
compute.resourcePolicies.useReadOnly

compute.snapshots.*

compute.snapshots.create
compute.snapshots.createTagBinding
compute.snapshots.delete
compute.snapshots.deleteTagBinding
compute.snapshots.get
compute.snapshots.getiamPolicy
compute.snapshots.list
compute.snapshots.listEffectiveTags
compute.snapshots.listTagBindings
compute.snapshots.setiamPolicy
compute.snapshots.setLabels
compute.snapshots.useReadOnly

compute.zoneOperations.get

compute.zoneOperations.list

compute.zones.*

compute.zones.get
compute.zones.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Rôle de lecteur de Compute

Détails Autorisations

Détails	Autorisations
Lecteur de Compute (`roles/compute.viewer`) Accès en lecture seule permettant d'obtenir et de répertorier des ressources Compute Engine, mais pas de lire les données stockées sur celles-ci. Par exemple, un compte doté de ce rôle est en mesure de répertorier tous les disques d'un projet, mais ne peut pas lire les données qu'ils contiennent. Ressources de niveau inférieur auxquelles vous pouvez attribuer ce rôle : Disque Image Instance Modèle d'instance Groupe de nœuds Modèle de nœud Instantané ^Bêta	compute.acceleratorTypes.* compute.acceleratorTypes.get compute.acceleratorTypes.list compute.addresses.get compute.addresses.list compute.autoscalers.get compute.autoscalers.list compute.backendBuckets.get compute.backendBuckets.getIamPolicy compute.backendBuckets.list compute.backendServices.get compute.backendServices.getIamPolicy compute.backendServices.list compute.commitments.get compute.commitments.list compute.diskTypes.* compute.diskTypes.get compute.diskTypes.list compute.disks.get compute.disks.getiamPolicy compute.disks.list compute.disks.listEffectiveTags compute.disks.listTagBindings compute.externalVpnGateways.get compute.externalVpnGateways.list compute.firewallPolicies.get compute.firewallPolicies.getIamPolicy compute.firewallPolicies.list compute.firewalls.get compute.firewalls.list compute.forwardingRules.get compute.forwardingRules.list compute.globalAddresses.get compute.globalAddresses.list compute.globalForwardingRules.get compute.globalForwardingRules.list compute.globalForwardingRules.pscGet compute.globalNetworkEndpointGroups.get compute.globalNetworkEndpointGroups.list compute.globalOperations.get compute.globalOperations.getIamPolicy compute.globalOperations.list compute.globalPublicDelegatedPrefixes.get compute.globalPublicDelegatedPrefixes.list compute.healthChecks.get compute.healthChecks.list compute.httpHealthChecks.get compute.httpHealthChecks.list compute.httpsHealthChecks.get compute.httpsHealthChecks.list compute.images.get compute.images.getFromFamily compute.images.getiamPolicy compute.images.list compute.images.listEffectiveTags compute.images.listTagBindings compute.instanceGroupManagers.get compute.instanceGroupManagers.list compute.instanceGroups.get compute.instanceGroups.list compute.instanceTemplates.get compute.instanceTemplates.getIamPolicy compute.instanceTemplates.list compute.instances.get compute.instances.getEffectiveFirewalls compute.instances.getGuestAttributes compute.instances.getIamPolicy compute.instances.getScreenshot compute.instances.getSerialPortOutput compute.instances.getShieldedInstanceIdentity compute.instances.getShieldedVmIdentity compute.instances.list compute.instances.listEffectiveTags compute.instances.listReferrers compute.instances.listTagBindings compute.instantSnapshots.get compute.instantSnapshots.getIamPolicy compute.instantSnapshots.list compute.interconnectAttachments.get compute.interconnectAttachments.list compute.interconnectLocations.* compute.interconnectLocations.get compute.interconnectLocations.list compute.interconnectRemoteLocations.* compute.interconnectRemoteLocations.get compute.interconnectRemoteLocations.list compute.interconnects.get compute.interconnects.list compute.licenseCodes.get compute.licenseCodes.getIamPolicy compute.licenseCodes.list compute.licenses.get compute.licenses.getiamPolicy compute.licenses.list compute.machineImages.get compute.machineImages.getIamPolicy compute.machineImages.list compute.machineTypes.* compute.machineTypes.get compute.machineTypes.list compute.maintenancePolicies.get compute.maintenancePolicies.getIamPolicy compute.maintenancePolicies.list compute.networkAttachments.get compute.networkAttachments.list compute.networkEdgeSecurityServices.get compute.networkEdgeSecurityServices.list compute.networkEndpointGroups.get compute.networkEndpointGroups.getIamPolicy compute.networkEndpointGroups.list compute.networks.get compute.networks.getEffectiveFirewalls compute.networks.getRegionEffectiveFirewalls compute.networks.list compute.networks.listPeeringRoutes compute.nodeGroups.get compute.nodeGroups.getIamPolicy compute.nodeGroups.list compute.nodeTemplates.get compute.nodeTemplates.getIamPolicy compute.nodeTemplates.list compute.nodeTypes.* compute.nodeTypes.get compute.nodeTypes.list compute.organizations.listAssociations compute.packetMirrorings.get compute.packetMirrorings.list compute.projects.get compute.publicAdvertisedPrefixes.get compute.publicAdvertisedPrefixes.list compute.publicDelegatedPrefixes.get compute.publicDelegatedPrefixes.list compute.regionBackendServices.get compute.regionBackendServices.getIamPolicy compute.regionBackendServices.list compute.regionFirewallPolicies.get compute.regionFirewallPolicies.getIamPolicy compute.regionFirewallPolicies.list compute.regionHealthCheckServices.get compute.regionHealthCheckServices.list compute.regionHealthChecks.get compute.regionHealthChecks.list compute.regionNetworkEndpointGroups.get compute.regionNetworkEndpointGroups.list compute.regionNotificationEndpoints.get compute.regionNotificationEndpoints.list compute.regionOperations.get compute.regionOperations.getIamPolicy compute.regionOperations.list compute.regionSecurityPolicies.get compute.regionSecurityPolicies.list compute.regionSslCertificates.get compute.regionSslCertificates.list compute.regionSslPolicies.get compute.regionSslPolicies.list compute.regionSslPolicies.listAvailableFeatures compute.regionTargetHttpProxies.get compute.regionTargetHttpProxies.list compute.regionTargetHttpsProxies.get compute.regionTargetHttpsProxies.list compute.regionTargetTcpProxies.get compute.regionTargetTcpProxies.list compute.regionUrlMaps.get compute.regionUrlMaps.list compute.regionUrlMaps.validate compute.regions.* compute.regions.get compute.regions.list compute.reservations.get compute.reservations.list compute.resourcePolicies.get compute.resourcePolicies.getIamPolicy compute.resourcePolicies.list compute.routers.get compute.routers.list compute.routes.get compute.routes.list compute.securityPolicies.get compute.securityPolicies.getIamPolicy compute.securityPolicies.list compute.serviceAttachments.get compute.serviceAttachments.getIamPolicy compute.serviceAttachments.list compute.snapshots.get compute.snapshots.getiamPolicy compute.snapshots.list compute.snapshots.listEffectiveTags compute.snapshots.listTagBindings compute.sslCertificates.get compute.sslCertificates.list compute.sslPolicies.get compute.sslPolicies.list compute.sslPolicies.listAvailableFeatures compute.subnetworks.get compute.subnetworks.getIamPolicy compute.subnetworks.list compute.targetGrpcProxies.get compute.targetGrpcProxies.list compute.targetHttpProxies.get compute.targetHttpProxies.list compute.targetHttpsProxies.get compute.targetHttpsProxies.list compute.targetInstances.get compute.targetInstances.list compute.targetPools.get compute.targetPools.list compute.targetSslProxies.get compute.targetSslProxies.list compute.targetTcpProxies.get compute.targetTcpProxies.list compute.targetVpnGateways.get compute.targetVpnGateways.list compute.urlMaps.get compute.urlMaps.list compute.urlMaps.validate compute.vpnGateways.get compute.vpnGateways.list compute.vpnTunnels.get compute.vpnTunnels.list compute.zoneOperations.get compute.zoneOperations.getIamPolicy compute.zoneOperations.list compute.zones.* compute.zones.get compute.zones.list resourcemanager.projects.get resourcemanager.projects.list serviceusage.quotas.get serviceusage.services.get serviceusage.services.list

Lecteur de Compute

(roles/compute.viewer)

Accès en lecture seule permettant d'obtenir et de répertorier des ressources Compute Engine, mais pas de lire les données stockées sur celles-ci.

Par exemple, un compte doté de ce rôle est en mesure de répertorier tous les disques d'un projet, mais ne peut pas lire les données qu'ils contiennent.

Ressources de niveau inférieur auxquelles vous pouvez attribuer ce rôle :

Disque
Image
Instance
Modèle d'instance
Groupe de nœuds
Modèle de nœud
Instantané ^Bêta

compute.acceleratorTypes.*

compute.acceleratorTypes.get
compute.acceleratorTypes.list

compute.addresses.get

compute.addresses.list

compute.autoscalers.get

compute.autoscalers.list

compute.backendBuckets.get

compute.backendBuckets.getIamPolicy

compute.backendBuckets.list

compute.backendServices.get

compute.backendServices.getIamPolicy

compute.backendServices.list

compute.commitments.get

compute.commitments.list

compute.diskTypes.*

compute.diskTypes.get
compute.diskTypes.list

compute.disks.get

compute.disks.getiamPolicy

compute.disks.list

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.externalVpnGateways.get

compute.externalVpnGateways.list

compute.firewallPolicies.get

compute.firewallPolicies.getIamPolicy

compute.firewallPolicies.list

compute.firewalls.get

compute.firewalls.list

compute.forwardingRules.get

compute.forwardingRules.list

compute.globalAddresses.get

compute.globalAddresses.list

compute.globalForwardingRules.get

compute.globalForwardingRules.list

compute.globalForwardingRules.pscGet

compute.globalNetworkEndpointGroups.get

compute.globalNetworkEndpointGroups.list

compute.globalOperations.get

compute.globalOperations.getIamPolicy

compute.globalOperations.list

compute.globalPublicDelegatedPrefixes.get

compute.globalPublicDelegatedPrefixes.list

compute.healthChecks.get

compute.healthChecks.list

compute.httpHealthChecks.get

compute.httpHealthChecks.list

compute.httpsHealthChecks.get

compute.httpsHealthChecks.list

compute.images.get

compute.images.getFromFamily

compute.images.getiamPolicy

compute.images.list

compute.images.listEffectiveTags

compute.images.listTagBindings

compute.instanceGroupManagers.get

compute.instanceGroupManagers.list

compute.instanceGroups.get

compute.instanceGroups.list

compute.instanceTemplates.get

compute.instanceTemplates.getIamPolicy

compute.instanceTemplates.list

compute.instances.get

compute.instances.getEffectiveFirewalls

compute.instances.getGuestAttributes

compute.instances.getIamPolicy

compute.instances.getScreenshot

compute.instances.getSerialPortOutput

compute.instances.getShieldedInstanceIdentity

compute.instances.getShieldedVmIdentity

compute.instances.list

compute.instances.listEffectiveTags

compute.instances.listReferrers

compute.instances.listTagBindings

compute.instantSnapshots.get

compute.instantSnapshots.getIamPolicy

compute.instantSnapshots.list

compute.interconnectAttachments.get

compute.interconnectAttachments.list

compute.interconnectLocations.*

compute.interconnectLocations.get
compute.interconnectLocations.list

compute.interconnectRemoteLocations.*

compute.interconnectRemoteLocations.get
compute.interconnectRemoteLocations.list

compute.interconnects.get

compute.interconnects.list

compute.licenseCodes.get

compute.licenseCodes.getIamPolicy

compute.licenseCodes.list

compute.licenses.get

compute.licenses.getiamPolicy

compute.licenses.list

compute.machineImages.get

compute.machineImages.getIamPolicy

compute.machineImages.list

compute.machineTypes.*

compute.machineTypes.get
compute.machineTypes.list

compute.maintenancePolicies.get

compute.maintenancePolicies.getIamPolicy

compute.maintenancePolicies.list

compute.networkAttachments.get

compute.networkAttachments.list

compute.networkEdgeSecurityServices.get

compute.networkEdgeSecurityServices.list

compute.networkEndpointGroups.get

compute.networkEndpointGroups.getIamPolicy

compute.networkEndpointGroups.list

compute.networks.get

compute.networks.getEffectiveFirewalls

compute.networks.getRegionEffectiveFirewalls

compute.networks.list

compute.networks.listPeeringRoutes

compute.nodeGroups.get

compute.nodeGroups.getIamPolicy

compute.nodeGroups.list

compute.nodeTemplates.get

compute.nodeTemplates.getIamPolicy

compute.nodeTemplates.list

compute.nodeTypes.*

compute.nodeTypes.get
compute.nodeTypes.list

compute.organizations.listAssociations

compute.packetMirrorings.get

compute.packetMirrorings.list

compute.projects.get

compute.publicAdvertisedPrefixes.get

compute.publicAdvertisedPrefixes.list

compute.publicDelegatedPrefixes.get

compute.publicDelegatedPrefixes.list

compute.regionBackendServices.get

compute.regionBackendServices.getIamPolicy

compute.regionBackendServices.list

compute.regionFirewallPolicies.get

compute.regionFirewallPolicies.getIamPolicy

compute.regionFirewallPolicies.list

compute.regionHealthCheckServices.get

compute.regionHealthCheckServices.list

compute.regionHealthChecks.get

compute.regionHealthChecks.list

compute.regionNetworkEndpointGroups.get

compute.regionNetworkEndpointGroups.list

compute.regionNotificationEndpoints.get

compute.regionNotificationEndpoints.list

compute.regionOperations.get

compute.regionOperations.getIamPolicy

compute.regionOperations.list

compute.regionSecurityPolicies.get

compute.regionSecurityPolicies.list

compute.regionSslCertificates.get

compute.regionSslCertificates.list

compute.regionSslPolicies.get

compute.regionSslPolicies.list

compute.regionSslPolicies.listAvailableFeatures

compute.regionTargetHttpProxies.get

compute.regionTargetHttpProxies.list

compute.regionTargetHttpsProxies.get

compute.regionTargetHttpsProxies.list

compute.regionTargetTcpProxies.get

compute.regionTargetTcpProxies.list

compute.regionUrlMaps.get

compute.regionUrlMaps.list

compute.regionUrlMaps.validate

compute.regions.*

compute.regions.get
compute.regions.list

compute.reservations.get

compute.reservations.list

compute.resourcePolicies.get

compute.resourcePolicies.getIamPolicy

compute.resourcePolicies.list

compute.routers.get

compute.routers.list

compute.routes.get

compute.routes.list

compute.securityPolicies.get

compute.securityPolicies.getIamPolicy

compute.securityPolicies.list

compute.serviceAttachments.get

compute.serviceAttachments.getIamPolicy

compute.serviceAttachments.list

compute.snapshots.get

compute.snapshots.getiamPolicy

compute.snapshots.list

compute.snapshots.listEffectiveTags

compute.snapshots.listTagBindings

compute.sslCertificates.get

compute.sslCertificates.list

compute.sslPolicies.get

compute.sslPolicies.list

compute.sslPolicies.listAvailableFeatures

compute.subnetworks.get

compute.subnetworks.getIamPolicy

compute.subnetworks.list

compute.targetGrpcProxies.get

compute.targetGrpcProxies.list

compute.targetHttpProxies.get

compute.targetHttpProxies.list

compute.targetHttpsProxies.get

compute.targetHttpsProxies.list

compute.targetInstances.get

compute.targetInstances.list

compute.targetPools.get

compute.targetPools.list

compute.targetSslProxies.get

compute.targetSslProxies.list

compute.targetTcpProxies.get

compute.targetTcpProxies.list

compute.targetVpnGateways.get

compute.targetVpnGateways.list

compute.urlMaps.get

compute.urlMaps.list

compute.urlMaps.validate

compute.vpnGateways.get

compute.vpnGateways.list

compute.vpnTunnels.get

compute.vpnTunnels.list

compute.zoneOperations.get

compute.zoneOperations.getIamPolicy

compute.zoneOperations.list

compute.zones.*

compute.zones.get
compute.zones.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Rôle d'administrateur VPC Compute partagé

Détails Autorisations

Détails	Autorisations
Administrateur VPC Compute partagé (`roles/compute.xpnAdmin`) Permet d'administrer les projets hôtes du VPC partagé, en particulier de les activer et d'associer les projets de service VPC partagé au réseau des projets hôtes. Au niveau de l'organisation, ce rôle ne peut être attribué que par un administrateur de l'organisation. Google Cloud recommande que l'administrateur VPC partagé soit le propriétaire du projet hôte de VPC partagé. L'administrateur VPC partagé est chargé d'attribuer le rôle Utilisateur de réseau Compute (`roles/compute.networkUser`) aux propriétaires de services, tandis que le propriétaire du projet hôte de VPC partagé contrôle le projet lui-même. Il est plus facile de gérer le projet si un seul principal (individu ou groupe) peut remplir ces deux rôles. Ressources de niveau inférieur auxquelles vous pouvez attribuer ce rôle : Dossier	compute.globalOperations.get compute.globalOperations.list compute.organizations.administerXpn compute.organizations.disableXpnHost compute.organizations.disableXpnResource compute.organizations.enableXpnHost compute.organizations.enableXpnResource compute.projects.get compute.subnetworks.getIamPolicy compute.subnetworks.setIamPolicy resourcemanager.organizations.get resourcemanager.projects.get resourcemanager.projects.getIamPolicy resourcemanager.projects.list

Administrateur VPC Compute partagé

(roles/compute.xpnAdmin)

Permet d'administrer les projets hôtes du VPC partagé, en particulier de les activer et d'associer les projets de service VPC partagé au réseau des projets hôtes.

Au niveau de l'organisation, ce rôle ne peut être attribué que par un administrateur de l'organisation.

Google Cloud recommande que l'administrateur VPC partagé soit le propriétaire du projet hôte de VPC partagé. L'administrateur VPC partagé est chargé d'attribuer le rôle Utilisateur de réseau Compute (roles/compute.networkUser) aux propriétaires de services, tandis que le propriétaire du projet hôte de VPC partagé contrôle le projet lui-même. Il est plus facile de gérer le projet si un seul principal (individu ou groupe) peut remplir ces deux rôles.

Ressources de niveau inférieur auxquelles vous pouvez attribuer ce rôle :

Dossier

compute.globalOperations.get

compute.globalOperations.list

compute.organizations.administerXpn

compute.organizations.disableXpnHost

compute.organizations.disableXpnResource

compute.organizations.enableXpnHost

compute.organizations.enableXpnResource

compute.projects.get

compute.subnetworks.getIamPolicy

compute.subnetworks.setIamPolicy

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

resourcemanager.projects.list

Rôle d'administrateur GuestPolicy

Détails Autorisations

Détails	Autorisations
Administrateur GuestPolicy ^Bêta (`roles/osconfig.guestPolicyAdmin`) Accès administrateur complet aux GuestPolicies	osconfig.guestPolicies.* osconfig.guestPolicies.create osconfig.guestPolicies.delete osconfig.guestPolicies.get osconfig.guestPolicies.list osconfig.guestPolicies.update resourcemanager.projects.get resourcemanager.projects.list

Administrateur GuestPolicy ^Bêta

(roles/osconfig.guestPolicyAdmin)

Accès administrateur complet aux GuestPolicies

osconfig.guestPolicies.*

osconfig.guestPolicies.create
osconfig.guestPolicies.delete
osconfig.guestPolicies.get
osconfig.guestPolicies.list
osconfig.guestPolicies.update

resourcemanager.projects.get

resourcemanager.projects.list

Rôle d'éditeur GuestPolicy

Détails Autorisations

Détails	Autorisations
Éditeur GuestPolicy ^Bêta (`roles/osconfig.guestPolicyEditor`) Éditeur de ressources GuestPolicy	osconfig.guestPolicies.get osconfig.guestPolicies.list osconfig.guestPolicies.update resourcemanager.projects.get resourcemanager.projects.list

Éditeur GuestPolicy ^Bêta

(roles/osconfig.guestPolicyEditor)

Éditeur de ressources GuestPolicy

osconfig.guestPolicies.get

osconfig.guestPolicies.list

osconfig.guestPolicies.update

resourcemanager.projects.get

resourcemanager.projects.list

Rôle de lecteur GuestPolicy

Détails Autorisations

Détails	Autorisations
Lecteur GuestPolicy ^Bêta (`roles/osconfig.guestPolicyViewer`) Lecteur de ressources GuestPolicy	osconfig.guestPolicies.get osconfig.guestPolicies.list resourcemanager.projects.get resourcemanager.projects.list

Lecteur GuestPolicy ^Bêta

(roles/osconfig.guestPolicyViewer)

Lecteur de ressources GuestPolicy

osconfig.guestPolicies.get

osconfig.guestPolicies.list

resourcemanager.projects.get

resourcemanager.projects.list

Rôle de lecteur instanceOSPoliciesCompliance

Détails Autorisations

Détails	Autorisations
Lecteur InstanceOSPoliciesCompliance ^Bêta (`roles/osconfig.instanceOSPoliciesComplianceViewer`) Lecteur de conformité avec les règles d'OS des instances de VM	osconfig.instanceOSPoliciesCompliances.* osconfig.instanceOSPoliciesCompliances.get osconfig.instanceOSPoliciesCompliances.list resourcemanager.projects.get resourcemanager.projects.list

Lecteur InstanceOSPoliciesCompliance ^Bêta

(roles/osconfig.instanceOSPoliciesComplianceViewer)

Lecteur de conformité avec les règles d'OS des instances de VM

osconfig.instanceOSPoliciesCompliances.*

osconfig.instanceOSPoliciesCompliances.get
osconfig.instanceOSPoliciesCompliances.list

resourcemanager.projects.get

resourcemanager.projects.list

Rôle de lecteur d'inventaire d'OS

Détails Autorisations

Détails	Autorisations
Lecteur d'inventaire d'OS (`roles/osconfig.inventoryViewer`) Lecteur des inventaires d'OS	osconfig.inventories.* osconfig.inventories.get osconfig.inventories.list resourcemanager.projects.get resourcemanager.projects.list

Lecteur d'inventaire d'OS

(roles/osconfig.inventoryViewer)

Lecteur des inventaires d'OS

osconfig.inventories.*

osconfig.inventories.get
osconfig.inventories.list

resourcemanager.projects.get

resourcemanager.projects.list

Rôle d'administrateur OSPolicyAssignment

Détails Autorisations

Détails	Autorisations
Administrateur OSPolicyAssignment (`roles/osconfig.osPolicyAssignmentAdmin`) Accès administrateur complet aux attributions de règles d'OS	osconfig.osPolicyAssignments.* osconfig.osPolicyAssignments.create osconfig.osPolicyAssignments.delete osconfig.osPolicyAssignments.get osconfig.osPolicyAssignments.list osconfig.osPolicyAssignments.update resourcemanager.projects.get resourcemanager.projects.list

Administrateur OSPolicyAssignment

(roles/osconfig.osPolicyAssignmentAdmin)

Accès administrateur complet aux attributions de règles d'OS

osconfig.osPolicyAssignments.*

osconfig.osPolicyAssignments.create
osconfig.osPolicyAssignments.delete
osconfig.osPolicyAssignments.get
osconfig.osPolicyAssignments.list
osconfig.osPolicyAssignments.update

resourcemanager.projects.get

resourcemanager.projects.list

Rôle d'éditeur OSPolicyAssignment

Détails Autorisations

Détails	Autorisations
Éditeur OSPolicyAssignment (`roles/osconfig.osPolicyAssignmentEditor`) Éditeur d'attributions de règles d'OS	osconfig.osPolicyAssignments.get osconfig.osPolicyAssignments.list osconfig.osPolicyAssignments.update resourcemanager.projects.get resourcemanager.projects.list

Éditeur OSPolicyAssignment

(roles/osconfig.osPolicyAssignmentEditor)

Éditeur d'attributions de règles d'OS

osconfig.osPolicyAssignments.get

osconfig.osPolicyAssignments.list

osconfig.osPolicyAssignments.update

resourcemanager.projects.get

resourcemanager.projects.list

Rôle de lecteur OSPolicyAssignmentReport

Détails Autorisations

Détails	Autorisations
Lecteur des ressources OSPolicyAssignmentReport (`roles/osconfig.osPolicyAssignmentReportViewer`) Lecteur des rapports sur l'attribution des règles d'OS pour les instances de VM	osconfig.osPolicyAssignmentReports.* osconfig.osPolicyAssignmentReports.get osconfig.osPolicyAssignmentReports.list resourcemanager.projects.get resourcemanager.projects.list

Lecteur des ressources OSPolicyAssignmentReport

(roles/osconfig.osPolicyAssignmentReportViewer)

Lecteur des rapports sur l'attribution des règles d'OS pour les instances de VM

osconfig.osPolicyAssignmentReports.*

osconfig.osPolicyAssignmentReports.get
osconfig.osPolicyAssignmentReports.list

resourcemanager.projects.get

resourcemanager.projects.list

Rôle de lecteur OSPolicyAssignment

Détails Autorisations

Détails	Autorisations
Lecteur des ressources OSPolicyAssignment (`roles/osconfig.osPolicyAssignmentViewer`) Lecteur d'attributions de règles d'OS	osconfig.osPolicyAssignments.get osconfig.osPolicyAssignments.list resourcemanager.projects.get resourcemanager.projects.list

Lecteur des ressources OSPolicyAssignment

(roles/osconfig.osPolicyAssignmentViewer)

Lecteur d'attributions de règles d'OS

osconfig.osPolicyAssignments.get

osconfig.osPolicyAssignments.list

resourcemanager.projects.get

resourcemanager.projects.list

Rôle d'administrateur PatchDeployment

Détails Autorisations

Détails	Autorisations
Administrateur des PatchDeployments (`roles/osconfig.patchDeploymentAdmin`) Accès administrateur complet aux PatchDeployments	osconfig.patchDeployments.* osconfig.patchDeployments.create osconfig.patchDeployments.delete osconfig.patchDeployments.execute osconfig.patchDeployments.get osconfig.patchDeployments.list osconfig.patchDeployments.pause osconfig.patchDeployments.resume osconfig.patchDeployments.update resourcemanager.projects.get resourcemanager.projects.list

Administrateur des PatchDeployments

(roles/osconfig.patchDeploymentAdmin)

Accès administrateur complet aux PatchDeployments

osconfig.patchDeployments.*

osconfig.patchDeployments.create
osconfig.patchDeployments.delete
osconfig.patchDeployments.execute
osconfig.patchDeployments.get
osconfig.patchDeployments.list
osconfig.patchDeployments.pause
osconfig.patchDeployments.resume
osconfig.patchDeployments.update

resourcemanager.projects.get

resourcemanager.projects.list

Rôle de lecteur PatchDeployment

Détails Autorisations

Détails	Autorisations
Lecteur des PatchDeployments (`roles/osconfig.patchDeploymentViewer`) Lecteur de ressources PatchDeployment	osconfig.patchDeployments.get osconfig.patchDeployments.list resourcemanager.projects.get resourcemanager.projects.list

Lecteur des PatchDeployments

(roles/osconfig.patchDeploymentViewer)

Lecteur de ressources PatchDeployment

osconfig.patchDeployments.get

osconfig.patchDeployments.list

resourcemanager.projects.get

resourcemanager.projects.list

Rôle d'exécuteur de tâches d'application de correctifs

Détails Autorisations

Détails	Autorisations
Exécuteur des tâches d'application de correctifs (`roles/osconfig.patchJobExecutor`) Accès permettant d'exécuter des tâches d'application de correctifs.	osconfig.patchJobs.* osconfig.patchJobs.exec osconfig.patchJobs.get osconfig.patchJobs.list resourcemanager.projects.get resourcemanager.projects.list

Exécuteur des tâches d'application de correctifs

(roles/osconfig.patchJobExecutor)

Accès permettant d'exécuter des tâches d'application de correctifs.

osconfig.patchJobs.*

osconfig.patchJobs.exec
osconfig.patchJobs.get
osconfig.patchJobs.list

resourcemanager.projects.get

resourcemanager.projects.list

Rôle de lecteur de tâches d'application de correctifs

Détails Autorisations

Détails	Autorisations
Lecteur des tâches d'application de correctifs (`roles/osconfig.patchJobViewer`) Accès permettant d'obtenir et de répertorier les tâches d'application de correctifs.	osconfig.patchJobs.get osconfig.patchJobs.list resourcemanager.projects.get resourcemanager.projects.list

Lecteur des tâches d'application de correctifs

(roles/osconfig.patchJobViewer)

Accès permettant d'obtenir et de répertorier les tâches d'application de correctifs.

osconfig.patchJobs.get

osconfig.patchJobs.list

resourcemanager.projects.get

resourcemanager.projects.list

Rôle de lecteur OS VulnerabilityReport

Détails Autorisations

Détails	Autorisations
Lecteur de rapports de failles d'OS (`roles/osconfig.vulnerabilityReportViewer`) Lecteur de rapports de failles d'OS	osconfig.vulnerabilityReports.* osconfig.vulnerabilityReports.get osconfig.vulnerabilityReports.list resourcemanager.projects.get resourcemanager.projects.list

Lecteur de rapports de failles d'OS

(roles/osconfig.vulnerabilityReportViewer)

Lecteur de rapports de failles d'OS

osconfig.vulnerabilityReports.*

osconfig.vulnerabilityReports.get
osconfig.vulnerabilityReports.list

resourcemanager.projects.get

resourcemanager.projects.list

DNS Administrator role

Details Permissions

Details	Permissions
DNS Administrator (`roles/dns.admin`) Provides read-write access to all Cloud DNS resources. Lowest-level resources where you can grant this role: Managed zone	`compute.networks.get` `compute.networks.list` `dns.changes.` `dns.changes.create` `dns.changes.get` `dns.changes.list` `dns.dnsKeys.` `dns.dnsKeys.get` `dns.dnsKeys.list` `dns.gkeClusters.` `dns.gkeClusters.bindDNSResponsePolicy` `dns.gkeClusters.bindPrivateDNSZone` `dns.managedZoneOperations.` `dns.managedZoneOperations.get` `dns.managedZoneOperations.list` `dns.managedZones.create` `dns.managedZones.delete` `dns.managedZones.get` `dns.managedZones.getIamPolicy` `dns.managedZones.list` `dns.managedZones.update` `dns.networks.` `dns.networks.bindDNSResponsePolicy` `dns.networks.bindPrivateDNSPolicy` `dns.networks.bindPrivateDNSZone` `dns.networks.targetWithPeeringZone` `dns.networks.useHealthSignals` `dns.policies.create` `dns.policies.delete` `dns.policies.get` `dns.policies.getIamPolicy` `dns.policies.list` `dns.policies.update` `dns.projects.get` `dns.resourceRecordSets.` `dns.resourceRecordSets.create` `dns.resourceRecordSets.delete` `dns.resourceRecordSets.get` `dns.resourceRecordSets.list` `dns.resourceRecordSets.update` `dns.responsePolicies.` `dns.responsePolicies.create` `dns.responsePolicies.delete` `dns.responsePolicies.get` `dns.responsePolicies.list` `dns.responsePolicies.update` `dns.responsePolicyRules.` `dns.responsePolicyRules.create` `dns.responsePolicyRules.delete` `dns.responsePolicyRules.get` `dns.responsePolicyRules.list` `dns.responsePolicyRules.update` `resourcemanager.projects.get` `resourcemanager.projects.list`

DNS Administrator

(roles/dns.admin)

Provides read-write access to all Cloud DNS resources.

Lowest-level resources where you can grant this role:

Managed zone

compute.networks.get

compute.networks.list

dns.changes.*

dns.changes.create
dns.changes.get
dns.changes.list

dns.dnsKeys.*

dns.dnsKeys.get
dns.dnsKeys.list

dns.gkeClusters.*

dns.gkeClusters.bindDNSResponsePolicy
dns.gkeClusters.bindPrivateDNSZone

dns.managedZoneOperations.*

dns.managedZoneOperations.get
dns.managedZoneOperations.list

dns.managedZones.create

dns.managedZones.delete

dns.managedZones.get

dns.managedZones.getIamPolicy

dns.managedZones.list

dns.managedZones.update

dns.networks.*

dns.networks.bindDNSResponsePolicy
dns.networks.bindPrivateDNSPolicy
dns.networks.bindPrivateDNSZone
dns.networks.targetWithPeeringZone
dns.networks.useHealthSignals

dns.policies.create

dns.policies.delete

dns.policies.get

dns.policies.getIamPolicy

dns.policies.list

dns.policies.update

dns.projects.get

dns.resourceRecordSets.*

dns.resourceRecordSets.create
dns.resourceRecordSets.delete
dns.resourceRecordSets.get
dns.resourceRecordSets.list
dns.resourceRecordSets.update

dns.responsePolicies.*

dns.responsePolicies.create
dns.responsePolicies.delete
dns.responsePolicies.get
dns.responsePolicies.list
dns.responsePolicies.update

dns.responsePolicyRules.*

dns.responsePolicyRules.create
dns.responsePolicyRules.delete
dns.responsePolicyRules.get
dns.responsePolicyRules.list
dns.responsePolicyRules.update

resourcemanager.projects.get

resourcemanager.projects.list

DNS Peer role

Details Permissions

Details	Permissions
DNS Peer (`roles/dns.peer`) Access to target networks with DNS peering zones	`dns.networks.targetWithPeeringZone`

DNS Peer

(roles/dns.peer)

Access to target networks with DNS peering zones

dns.networks.targetWithPeeringZone

DNS Reader role

Details Permissions

Details	Permissions
DNS Reader (`roles/dns.reader`) Provides read-only access to all Cloud DNS resources. Lowest-level resources where you can grant this role: Managed zone	`compute.networks.get` `dns.changes.get` `dns.changes.list` `dns.dnsKeys.` `dns.dnsKeys.get` `dns.dnsKeys.list` `dns.managedZoneOperations.` `dns.managedZoneOperations.get` `dns.managedZoneOperations.list` `dns.managedZones.get` `dns.managedZones.list` `dns.policies.get` `dns.policies.list` `dns.projects.get` `dns.resourceRecordSets.get` `dns.resourceRecordSets.list` `dns.responsePolicies.get` `dns.responsePolicies.list` `dns.responsePolicyRules.get` `dns.responsePolicyRules.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

DNS Reader

(roles/dns.reader)

Provides read-only access to all Cloud DNS resources.

Lowest-level resources where you can grant this role:

Managed zone

compute.networks.get

dns.changes.get

dns.changes.list

dns.dnsKeys.*

dns.dnsKeys.get
dns.dnsKeys.list

dns.managedZoneOperations.*

dns.managedZoneOperations.get
dns.managedZoneOperations.list

dns.managedZones.get

dns.managedZones.list

dns.policies.get

dns.policies.list

dns.projects.get

dns.resourceRecordSets.get

dns.resourceRecordSets.list

dns.responsePolicies.get

dns.responsePolicies.list

dns.responsePolicyRules.get

dns.responsePolicyRules.list

resourcemanager.projects.get

resourcemanager.projects.list

Service Account Admin role

Details Permissions

Details	Permissions
Service Account Admin (`roles/iam.serviceAccountAdmin`) Create and manage service accounts. Lowest-level resources where you can grant this role: Service Account	`iam.serviceAccounts.create` `iam.serviceAccounts.createTagBinding` `iam.serviceAccounts.delete` `iam.serviceAccounts.deleteTagBinding` `iam.serviceAccounts.disable` `iam.serviceAccounts.enable` `iam.serviceAccounts.get` `iam.serviceAccounts.getIamPolicy` `iam.serviceAccounts.list` `iam.serviceAccounts.listEffectiveTags` `iam.serviceAccounts.listTagBindings` `iam.serviceAccounts.setIamPolicy` `iam.serviceAccounts.undelete` `iam.serviceAccounts.update` `resourcemanager.projects.get` `resourcemanager.projects.list`

Service Account Admin

(roles/iam.serviceAccountAdmin)

Create and manage service accounts.

Lowest-level resources where you can grant this role:

Service Account

iam.serviceAccounts.create

iam.serviceAccounts.createTagBinding

iam.serviceAccounts.delete

iam.serviceAccounts.deleteTagBinding

iam.serviceAccounts.disable

iam.serviceAccounts.enable

iam.serviceAccounts.get

iam.serviceAccounts.getIamPolicy

iam.serviceAccounts.list

iam.serviceAccounts.listEffectiveTags

iam.serviceAccounts.listTagBindings

iam.serviceAccounts.setIamPolicy

iam.serviceAccounts.undelete

iam.serviceAccounts.update

resourcemanager.projects.get

resourcemanager.projects.list

Create Service Accounts role

Details Permissions

Details	Permissions
Create Service Accounts (`roles/iam.serviceAccountCreator`) Access to create service accounts.	`iam.serviceAccounts.create` `iam.serviceAccounts.get` `iam.serviceAccounts.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

Create Service Accounts

(roles/iam.serviceAccountCreator)

Access to create service accounts.

iam.serviceAccounts.create

iam.serviceAccounts.get

iam.serviceAccounts.list

resourcemanager.projects.get

resourcemanager.projects.list

Delete Service Accounts role

Details Permissions

Details	Permissions
Delete Service Accounts (`roles/iam.serviceAccountDeleter`) Access to delete service accounts.	`iam.serviceAccounts.delete` `iam.serviceAccounts.get` `iam.serviceAccounts.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

Delete Service Accounts

(roles/iam.serviceAccountDeleter)

Access to delete service accounts.

iam.serviceAccounts.delete

iam.serviceAccounts.get

iam.serviceAccounts.list

resourcemanager.projects.get

resourcemanager.projects.list

Service Account Key Admin role

Details Permissions

Details	Permissions
Service Account Key Admin (`roles/iam.serviceAccountKeyAdmin`) Create and manage (and rotate) service account keys. Lowest-level resources where you can grant this role: Service Account	`iam.serviceAccountKeys.*` `iam.serviceAccountKeys.create` `iam.serviceAccountKeys.delete` `iam.serviceAccountKeys.disable` `iam.serviceAccountKeys.enable` `iam.serviceAccountKeys.get` `iam.serviceAccountKeys.list` `iam.serviceAccounts.get` `iam.serviceAccounts.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

Service Account Key Admin

(roles/iam.serviceAccountKeyAdmin)

Create and manage (and rotate) service account keys.

Lowest-level resources where you can grant this role:

Service Account

iam.serviceAccountKeys.*

iam.serviceAccountKeys.create
iam.serviceAccountKeys.delete
iam.serviceAccountKeys.disable
iam.serviceAccountKeys.enable
iam.serviceAccountKeys.get
iam.serviceAccountKeys.list

iam.serviceAccounts.get

iam.serviceAccounts.list

resourcemanager.projects.get

resourcemanager.projects.list

Service Account OpenID Connect Identity Token Creator role

Details Permissions

Details	Permissions
Service Account OpenID Connect Identity Token Creator (`roles/iam.serviceAccountOpenIdTokenCreator`) Create OpenID Connect (OIDC) identity tokens	`iam.serviceAccounts.getOpenIdToken`

Service Account OpenID Connect Identity Token Creator

(roles/iam.serviceAccountOpenIdTokenCreator)

Create OpenID Connect (OIDC) identity tokens

iam.serviceAccounts.getOpenIdToken

Service Account Token Creator role

Details Permissions

Details	Permissions
Service Account Token Creator (`roles/iam.serviceAccountTokenCreator`) Impersonate service accounts (create OAuth2 access tokens, sign blobs or JWTs, etc). Lowest-level resources where you can grant this role: Service Account	`iam.serviceAccounts.get` `iam.serviceAccounts.getAccessToken` `iam.serviceAccounts.getOpenIdToken` `iam.serviceAccounts.implicitDelegation` `iam.serviceAccounts.list` `iam.serviceAccounts.signBlob` `iam.serviceAccounts.signJwt` `resourcemanager.projects.get` `resourcemanager.projects.list`

Service Account Token Creator

(roles/iam.serviceAccountTokenCreator)

Impersonate service accounts (create OAuth2 access tokens, sign blobs or JWTs, etc).

Lowest-level resources where you can grant this role:

Service Account

iam.serviceAccounts.get

iam.serviceAccounts.getAccessToken

iam.serviceAccounts.getOpenIdToken

iam.serviceAccounts.implicitDelegation

iam.serviceAccounts.list

iam.serviceAccounts.signBlob

iam.serviceAccounts.signJwt

resourcemanager.projects.get

resourcemanager.projects.list

Service Account User role

Details Permissions

Details	Permissions
Service Account User (`roles/iam.serviceAccountUser`) Run operations as the service account. Lowest-level resources where you can grant this role: Service Account	`iam.serviceAccounts.actAs` `iam.serviceAccounts.get` `iam.serviceAccounts.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

Service Account User

(roles/iam.serviceAccountUser)

Run operations as the service account.

Lowest-level resources where you can grant this role:

Service Account

iam.serviceAccounts.actAs

iam.serviceAccounts.get

iam.serviceAccounts.list

resourcemanager.projects.get

resourcemanager.projects.list

View Service Accounts role

Details Permissions

Details	Permissions
View Service Accounts (`roles/iam.serviceAccountViewer`) Read access to service accounts, metadata, and keys.	`iam.serviceAccountKeys.get` `iam.serviceAccountKeys.list` `iam.serviceAccounts.get` `iam.serviceAccounts.getIamPolicy` `iam.serviceAccounts.list` `iam.serviceAccounts.listEffectiveTags` `iam.serviceAccounts.listTagBindings` `resourcemanager.projects.get` `resourcemanager.projects.list`

View Service Accounts

(roles/iam.serviceAccountViewer)

Read access to service accounts, metadata, and keys.

iam.serviceAccountKeys.get

iam.serviceAccountKeys.list

iam.serviceAccounts.get

iam.serviceAccounts.getIamPolicy

iam.serviceAccounts.list

iam.serviceAccounts.listEffectiveTags

iam.serviceAccounts.listTagBindings

resourcemanager.projects.get

resourcemanager.projects.list

Workload Identity User role

Details Permissions

Workload Identity User

(roles/iam.workloadIdentityUser)

Impersonate service accounts from federated workloads.

iam.serviceAccounts.get

iam.serviceAccounts.getAccessToken

iam.serviceAccounts.getOpenIdToken

iam.serviceAccounts.list

Étapes suivantes

Apprenez-en plus sur IAM.
Découvrez comment créer et gérer des rôles IAM personnalisés.
Accordez des rôles IAM aux utilisateurs du projet.
Accordez des rôles IAM pour des ressources Compute Engine spécifiques.
Accordez des rôles IAM à des comptes de service.

Rôles et autorisations IAM de Compute Engine

Qu'est-ce qu'IAM ?

Rôle serviceAccountUser

Autorisation d'accès à la console Google Cloud

Se connecter à une instance en tant qu'instanceAdmin

IAM avec des comptes de service

Groupes d'instances gérés et IAM

Rôles IAM prédéfinis Compute Engine

Rôle d'administrateur de Compute

Administrateur de Compute

Rôle d'utilisateur d'images Compute

Utilisateur d'images Compute

Rôle d'administrateur d'instances Compute (version bêta)

Administrateur d'instances Compute (version bêta)

Rôle d'administrateur d'instances Compute (v1)

Administrateur d'instances Compute (v1)

Rôle d'administrateur de l'équilibreur de charge Compute

Administrateur de l'équilibreur de charge Compute

Rôle d'utilisateur des services de l'équilibreur de charge Compute

Utilisateur des services de l'équilibreur de charge Compute

Rôle d'administrateur réseau Compute

Administrateur de réseaux Compute

Rôle d'utilisateur de réseau de Compute

Utilisateur de réseau Compute

Rôle de lecteur de réseau de Compute

Lecteur de réseau Compute

Rôle d'administrateur des stratégies de pare-feu de l'organisation Compute

Administrateur des règles de pare-feu de l'organisation Compute

Rôle d'utilisateur des stratégies de pare-feu de l'organisation Compute

Utilisateur des règles de pare-feu de l'organisation Compute

Rôle d'administrateur des règles de sécurité de l'organisation Compute

Administrateur des règles de sécurité Compute de l'organisation

Règle d'utilisateur des règles de sécurité de l'organisation Compute

Utilisateur des règles de sécurité Compute de l'organisation

Rôle d'administrateur des ressources de l'organisation Compute

Administrateur des ressources de l'organisation Compute

Rôle de connexion administrateur au système d'exploitation Compute

Connexion administrateur au système d'exploitation Compute

Rôle de connexion au système d'exploitation Compute

Connexion au système d'exploitation Compute

Rôle de connexion au système d'exploitation Compute en tant qu'utilisateur externe

Connexion au système d'exploitation Compute en tant qu'utilisateur externe

Rôle d'administrateur de la mise en miroir de paquets Compute

Administrateur de la mise en miroir de paquets Compute

Rôle utilisateur de la mise en miroir de paquets Compute

Utilisateur de la mise en miroir de paquets Compute

Rôle d'administrateur d'adresses IP publiques Compute

Administrateur d'adresse IP publique Compute

Rôle d'administrateur de sécurité de Compute

Administrateur de sécurité de Compute

Rôle de lecteur de locataire unique Compute

Lecteur de groupe de nœuds de calcul à locataire unique

Rôle d'administrateur Compute Storage

Administrateur Compute Storage

Rôle de lecteur de Compute

Lecteur de Compute

Rôle d'administrateur VPC Compute partagé

Administrateur VPC Compute partagé

Rôle d'administrateur GuestPolicy

Administrateur GuestPolicy Bêta

Rôle d'éditeur GuestPolicy

Éditeur GuestPolicy Bêta

Rôle de lecteur GuestPolicy

Lecteur GuestPolicy Bêta

Rôle de lecteur instanceOSPoliciesCompliance

Lecteur InstanceOSPoliciesCompliance Bêta

Rôle de lecteur d'inventaire d'OS

Lecteur d'inventaire d'OS

Rôle d'administrateur OSPolicyAssignment

Administrateur OSPolicyAssignment

Rôle d'éditeur OSPolicyAssignment

Éditeur OSPolicyAssignment

Rôle de lecteur OSPolicyAssignmentReport

Lecteur des ressources OSPolicyAssignmentReport

Rôle de lecteur OSPolicyAssignment

Lecteur des ressources OSPolicyAssignment

Rôle d'administrateur PatchDeployment

Administrateur des PatchDeployments

Rôle de lecteur PatchDeployment

Lecteur des PatchDeployments

Administrateur GuestPolicy ^Bêta

Éditeur GuestPolicy ^Bêta

Lecteur GuestPolicy ^Bêta

Lecteur InstanceOSPoliciesCompliance ^Bêta