Autorizzazioni minime richieste per l'account di servizio Cloud Data Fusion
Mantieni tutto organizzato con le raccolte
Salva e classifica i contenuti in base alle tue preferenze.
Questo documento spiega quali autorizzazioni concedere al service account Cloud Data Fusion quando crei un ruolo personalizzato che gli consenta di accedere alle tue risorse.
Per impostazione predefinita, il ruolo Identity and Access Management
Agente di servizio API Cloud Data Fusion
(roles/datafusion.serviceAgent) viene assegnato al service account Cloud Data Fusion. Questo ruolo è altamente permissivo.
Puoi invece utilizzare ruoli personalizzati per fornire solo le autorizzazioni necessarie all'entità dell'account di servizio.
Autorizzazioni richieste per il service account di Cloud Data Fusion
Quando crei un ruolo personalizzato per il service account Cloud Data Fusion, concedi le seguenti autorizzazioni in base alle attività che prevedi di eseguire nella tua istanza. In questo modo, Cloud Data Fusion può accedere alle tue risorse.
Attività
Autorizzazioni obbligatorie
Recupera cluster Dataproc
dataproc.clusters.get
Crea un bucket Cloud Storage per istanza Cloud Data Fusion
e carica i file per l'esecuzione del job Dataproc
[[["Facile da capire","easyToUnderstand","thumb-up"],["Il problema è stato risolto","solvedMyProblem","thumb-up"],["Altra","otherUp","thumb-up"]],[["Difficile da capire","hardToUnderstand","thumb-down"],["Informazioni o codice di esempio errati","incorrectInformationOrSampleCode","thumb-down"],["Mancano le informazioni o gli esempi di cui ho bisogno","missingTheInformationSamplesINeed","thumb-down"],["Problema di traduzione","translationIssue","thumb-down"],["Altra","otherDown","thumb-down"]],["Ultimo aggiornamento 2025-09-04 UTC."],[[["\u003cp\u003eThis document outlines the necessary permissions for the Cloud Data Fusion Service Account when using custom roles to access resources, as opposed to the default highly permissive role.\u003c/p\u003e\n"],["\u003cp\u003eCustom roles allow you to grant specific permissions to the service account principal, tailoring access to only what is needed for designated tasks.\u003c/p\u003e\n"],["\u003cp\u003ePermissions required for tasks such as instance creation, Dataproc cluster access, Cloud Storage interaction, and publishing logs or metrics are detailed in the provided table.\u003c/p\u003e\n"],["\u003cp\u003eAdditional configurations like VPC peering, DNS peering, and Private Service Connect each have their own specific permissions needed to create a Cloud Data Fusion instance.\u003c/p\u003e\n"]]],[],null,["# Minimum permissions required for the Cloud Data Fusion Service Account\n\nThis document explains which permissions to give to the\nCloud Data Fusion Service Account when you create a custom role that\nlets it access your resources.\n| **Note:** The principal name for the [Cloud Data Fusion Service Account](/data-fusion/docs/access-control#data-fusion-service-account) is `service-`\u003cvar translate=\"no\"\u003eCUSTOMER_PROJECT_NUMBER\u003c/var\u003e`@gcp-sa-datafusion.iam.gserviceaccount.com`\n\nBy default, the\n[Cloud Data Fusion API Service Agent](/iam/docs/understanding-roles#datafusion.serviceAgent)\n(`roles/datafusion.serviceAgent`) Identity and Access Management role is assigned to the\nCloud Data Fusion Service Account. This role is highly permissive.\nInstead, you can use custom roles to provide only the permissions that the\nservice account principal needs.\n\nFor more information about the Cloud Data Fusion service accounts, see\n[Service accounts in Cloud Data Fusion](/data-fusion/docs/concepts/service-accounts).\n\nFor more information about creating custom roles, see\n[Create a custom role](/iam/docs/creating-custom-roles#creating).\n\nRequired permissions for the Cloud Data Fusion Service Account\n--------------------------------------------------------------\n\nWhen you create a custom role for the Cloud Data Fusion Service Account,\ngive the following permissions based on the tasks you plan to perform in your\ninstance. This lets Cloud Data Fusion access your resources.\n\nWhat's next\n-----------\n\n- Learn more about [creating and managing custom roles](/iam/docs/creating-custom-roles).\n- Learn more about [access control options in Cloud Data Fusion](/data-fusion/docs/access-control)."]]
