Dataproc Metastore IAM 역할

Dataproc Metastore는 여러 Identity and Access Management(IAM) 역할을 정의합니다. 미리 정의된 각 역할에는 주 구성원이 특정 작업을 수행할 수 있게 허용하는 IAM 권한 집합이 포함되어 있습니다. IAM 정책을 사용하여 주 구성원에게 하나 이상의 IAM 역할을 부여할 수 있습니다.

Identity and Access Management(IAM)는 맞춤설정된 IAM 역할을 만드는 기능도 제공합니다. 커스텀 IAM 역할을 생성하고 역할에 하나 이상의 권한을 할당할 수 있습니다. 그런 다음 주 구성원에게 새 역할을 부여할 수 있습니다. 사용 가능한 미리 정의된 역할 외에도 커스텀 역할을 사용하면 필요에 따라 액세스 제어 모델을 만들 수 있습니다.

이 페이지에서는 Dataproc Metastore와 관련된 IAM 역할에 대해 자세히 살펴봅니다.

시작하기 전에

  • IAM 문서를 읽어봅니다.

Dataproc Metastore 역할

IAM Dataproc Metastore 역할은 하나 이상의 권한이 포함된 번들입니다. 프로젝트에서 Dataproc Metastore 리소스에 대해 작업을 수행할 수 있도록 주 구성원에게 역할을 부여합니다. 예를 들어 Dataproc Metastore 사용자 역할에는 사용자가 프로젝트에서 Dataproc Metastore 서비스, 메타데이터 가져오기, 백업 및 작업을 가져와서 나열할 수 있게 해주는 metastore.*.getmetastore.*.list 권한이 포함되어 있습니다.

다음 표에는 모든 Dataproc Metastore 역할과 각 역할과 연결된 권한이 나와 있습니다.

Role Permissions

(roles/metastore.admin)

Full access to all Dataproc Metastore resources.

metastore.backups.*

  • metastore.backups.create
  • metastore.backups.delete
  • metastore.backups.get
  • metastore.backups.getIamPolicy
  • metastore.backups.list
  • metastore.backups.setIamPolicy
  • metastore.backups.use

metastore.federations.*

  • metastore.federations.create
  • metastore.federations.delete
  • metastore.federations.get
  • metastore.federations.getIamPolicy
  • metastore.federations.list
  • metastore.federations.setIamPolicy
  • metastore.federations.update
  • metastore.federations.use

metastore.imports.*

  • metastore.imports.create
  • metastore.imports.get
  • metastore.imports.list
  • metastore.imports.update

metastore.locations.*

  • metastore.locations.get
  • metastore.locations.list

metastore.migrations.*

  • metastore.migrations.cancel
  • metastore.migrations.complete
  • metastore.migrations.delete
  • metastore.migrations.get
  • metastore.migrations.list
  • metastore.migrations.start

metastore.operations.*

  • metastore.operations.cancel
  • metastore.operations.delete
  • metastore.operations.get
  • metastore.operations.list

metastore.services.create

metastore.services.delete

metastore.services.export

metastore.services.get

metastore.services.getIamPolicy

metastore.services.list

metastore.services.restore

metastore.services.setIamPolicy

metastore.services.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/metastore.editor)

Read and write access to all Dataproc Metastore resources.

metastore.backups.create

metastore.backups.delete

metastore.backups.get

metastore.backups.list

metastore.backups.use

metastore.federations.create

metastore.federations.delete

metastore.federations.get

metastore.federations.list

metastore.federations.update

metastore.imports.*

  • metastore.imports.create
  • metastore.imports.get
  • metastore.imports.list
  • metastore.imports.update

metastore.locations.*

  • metastore.locations.get
  • metastore.locations.list

metastore.migrations.*

  • metastore.migrations.cancel
  • metastore.migrations.complete
  • metastore.migrations.delete
  • metastore.migrations.get
  • metastore.migrations.list
  • metastore.migrations.start

metastore.operations.*

  • metastore.operations.cancel
  • metastore.operations.delete
  • metastore.operations.get
  • metastore.operations.list

metastore.services.create

metastore.services.delete

metastore.services.export

metastore.services.get

metastore.services.getIamPolicy

metastore.services.list

metastore.services.restore

metastore.services.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/metastore.federationAccessor)

Access to the Metastore Federation resource.

metastore.federations.use

(roles/metastore.metadataEditor)

Access to read and modify the metadata of databases and tables under those databases.

metastore.databases.create

metastore.databases.delete

metastore.databases.get

metastore.databases.getIamPolicy

metastore.databases.list

metastore.databases.update

metastore.services.get

metastore.services.use

metastore.tables.create

metastore.tables.delete

metastore.tables.get

metastore.tables.getIamPolicy

metastore.tables.list

metastore.tables.update

(roles/metastore.metadataMutateAdmin)

Access to mutate metadata from a Dataproc Metastore service's underlying metadata store.

metastore.services.mutateMetadata

(roles/metastore.metadataOperator)

Read-only access to Dataproc Metastore resources with additional metadata operations permission.

metastore.backups.create

metastore.backups.delete

metastore.backups.get

metastore.backups.list

metastore.backups.use

metastore.imports.*

  • metastore.imports.create
  • metastore.imports.get
  • metastore.imports.list
  • metastore.imports.update

metastore.locations.*

  • metastore.locations.get
  • metastore.locations.list

metastore.operations.get

metastore.operations.list

metastore.services.export

metastore.services.get

metastore.services.getIamPolicy

metastore.services.list

metastore.services.restore

resourcemanager.projects.get

resourcemanager.projects.list

(roles/metastore.metadataOwner)

Full access to the metadata of databases and tables under those databases.

metastore.databases.*

  • metastore.databases.create
  • metastore.databases.delete
  • metastore.databases.get
  • metastore.databases.getIamPolicy
  • metastore.databases.list
  • metastore.databases.setIamPolicy
  • metastore.databases.update

metastore.services.get

metastore.services.getIamPolicy

metastore.services.list

metastore.services.use

metastore.tables.*

  • metastore.tables.create
  • metastore.tables.delete
  • metastore.tables.get
  • metastore.tables.getIamPolicy
  • metastore.tables.list
  • metastore.tables.setIamPolicy
  • metastore.tables.update

(roles/metastore.metadataQueryAdmin)

Access to query metadata from a Dataproc Metastore service's underlying metadata store.

metastore.services.queryMetadata

(roles/metastore.metadataUser)

Access to the Dataproc Metastore gRPC endpoint

metastore.databases.get

metastore.databases.list

metastore.services.get

metastore.services.use

(roles/metastore.metadataViewer)

Access to read the metadata of databases and tables under those databases

metastore.databases.get

metastore.databases.getIamPolicy

metastore.databases.list

metastore.services.get

metastore.services.use

metastore.tables.get

metastore.tables.getIamPolicy

metastore.tables.list

(roles/metastore.migrationAdmin)

Access to Dataproc Metastore Managed Migration resources and workflow.

cloudsql.instances.connect

cloudsql.instances.get

cloudsql.instances.login

compute.autoscalers.create

compute.autoscalers.delete

compute.disks.create

compute.disks.delete

compute.forwardingRules.create

compute.forwardingRules.delete

compute.forwardingRules.use

compute.instanceGroupManagers.create

compute.instanceGroupManagers.delete

compute.instanceGroupManagers.use

compute.instanceGroups.delete

compute.instanceGroups.use

compute.instanceTemplates.create

compute.instanceTemplates.delete

compute.instanceTemplates.get

compute.instanceTemplates.useReadOnly

compute.instances.create

compute.instances.delete

compute.instances.get

compute.instances.setMetadata

compute.machineTypes.list

compute.regionBackendServices.create

compute.regionBackendServices.delete

compute.regionBackendServices.use

compute.regionHealthChecks.create

compute.regionHealthChecks.delete

compute.regionHealthChecks.use

compute.regionHealthChecks.useReadOnly

compute.serviceAttachments.create

compute.serviceAttachments.delete

compute.subnetworks.get

compute.subnetworks.use

compute.zones.list

datastream.connectionProfiles.create

datastream.connectionProfiles.delete

datastream.objects.*

  • datastream.objects.get
  • datastream.objects.list
  • datastream.objects.startBackfillJob
  • datastream.objects.stopBackfillJob

datastream.operations.get

datastream.privateConnections.create

datastream.privateConnections.delete

datastream.streams.create

datastream.streams.delete

datastream.streams.get

datastream.streams.update

(roles/metastore.user)

Read-only access to all Dataproc Metastore resources.

metastore.backups.get

metastore.backups.list

metastore.federations.get

metastore.federations.getIamPolicy

metastore.federations.list

metastore.imports.get

metastore.imports.list

metastore.locations.*

  • metastore.locations.get
  • metastore.locations.list

metastore.operations.get

metastore.operations.list

metastore.services.export

metastore.services.get

metastore.services.getIamPolicy

metastore.services.list

resourcemanager.projects.get

resourcemanager.projects.list

다음 단계