Halaman ini diterjemahkan oleh Cloud Translation API.

Peran IAM Dataproc Metastore

Dataproc Metastore menentukan beberapa peran Identity and Access Management (IAM). Setiap peran standar berisi kumpulan izin IAM yang memungkinkan akun utama melakukan tindakan tertentu. Anda dapat menggunakan kebijakan IAM untuk memberikan satu atau beberapa peran IAM kepada akun utama.

Identity and Access Management (IAM) juga menawarkan kemampuan untuk membuat peran IAM yang disesuaikan. Anda dapat membuat peran IAM khusus dan menetapkan satu atau beberapa izin ke peran tersebut. Kemudian, Anda dapat memberikan peran baru tersebut kepada akun utama. Gunakan peran kustom untuk membuat model kontrol akses yang dipetakan langsung ke kebutuhan Anda, bersama dengan peran bawaan yang tersedia.

Halaman ini berfokus pada peran IAM yang relevan dengan Dataproc Metastore.

Sebelum memulai

Baca dokumentasi IAM.

Peran Dataproc Metastore

Peran IAM Dataproc Metastore adalah paket dari satu atau beberapa izin. Anda memberikan peran kepada akun utama untuk mengizinkan mereka melakukan tindakan pada resource Dataproc Metastore di project Anda. Misalnya, peran Dataproc Metastore User berisi izin metastore.*.get dan metastore.*.list, yang memungkinkan pengguna mendapatkan dan mencantumkan layanan Dataproc Metastore, impor metadata, pencadangan, dan operasi dalam project.

Tabel berikut mencantumkan semua peran Metastore Dataproc dan izin yang terkait dengan setiap peran:

Role Permissions

Role	Permissions
Dataproc Metastore Admin (`roles/metastore.admin`) Full access to all Dataproc Metastore resources.	`metastore.backups.` `metastore.backups.create` `metastore.backups.delete` `metastore.backups.get` `metastore.backups.getIamPolicy` `metastore.backups.list` `metastore.backups.setIamPolicy` `metastore.backups.use` `metastore.federations.` `metastore.federations.create` `metastore.federations.delete` `metastore.federations.get` `metastore.federations.getIamPolicy` `metastore.federations.list` `metastore.federations.setIamPolicy` `metastore.federations.update` `metastore.federations.use` `metastore.imports.` `metastore.imports.create` `metastore.imports.get` `metastore.imports.list` `metastore.imports.update` `metastore.locations.` `metastore.locations.get` `metastore.locations.list` `metastore.migrations.` `metastore.migrations.cancel` `metastore.migrations.complete` `metastore.migrations.delete` `metastore.migrations.get` `metastore.migrations.list` `metastore.migrations.start` `metastore.operations.` `metastore.operations.cancel` `metastore.operations.delete` `metastore.operations.get` `metastore.operations.list` `metastore.services.create` `metastore.services.delete` `metastore.services.export` `metastore.services.get` `metastore.services.getIamPolicy` `metastore.services.list` `metastore.services.restore` `metastore.services.setIamPolicy` `metastore.services.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataproc Metastore Editor (`roles/metastore.editor`) Read and write access to all Dataproc Metastore resources.	`metastore.backups.create` `metastore.backups.delete` `metastore.backups.get` `metastore.backups.list` `metastore.backups.use` `metastore.federations.create` `metastore.federations.delete` `metastore.federations.get` `metastore.federations.list` `metastore.federations.update` `metastore.imports.` `metastore.imports.create` `metastore.imports.get` `metastore.imports.list` `metastore.imports.update` `metastore.locations.` `metastore.locations.get` `metastore.locations.list` `metastore.migrations.` `metastore.migrations.cancel` `metastore.migrations.complete` `metastore.migrations.delete` `metastore.migrations.get` `metastore.migrations.list` `metastore.migrations.start` `metastore.operations.` `metastore.operations.cancel` `metastore.operations.delete` `metastore.operations.get` `metastore.operations.list` `metastore.services.create` `metastore.services.delete` `metastore.services.export` `metastore.services.get` `metastore.services.getIamPolicy` `metastore.services.list` `metastore.services.restore` `metastore.services.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Metastore Federation Accessor (`roles/metastore.federationAccessor`) Access to the Metastore Federation resource.	`metastore.federations.use`
Dataproc Metastore Metadata Editor (`roles/metastore.metadataEditor`) Access to read and modify the metadata of databases and tables under those databases.	`metastore.databases.create` `metastore.databases.delete` `metastore.databases.get` `metastore.databases.getIamPolicy` `metastore.databases.list` `metastore.databases.update` `metastore.services.get` `metastore.services.use` `metastore.tables.create` `metastore.tables.delete` `metastore.tables.get` `metastore.tables.getIamPolicy` `metastore.tables.list` `metastore.tables.update`
Dataproc Metastore Metadata Mutate Admin (`roles/metastore.metadataMutateAdmin`) Access to mutate metadata from a Dataproc Metastore service's underlying metadata store.	`metastore.services.mutateMetadata`
Dataproc Metastore Metadata Operator (`roles/metastore.metadataOperator`) Read-only access to Dataproc Metastore resources with additional metadata operations permission.	`metastore.backups.create` `metastore.backups.delete` `metastore.backups.get` `metastore.backups.list` `metastore.backups.use` `metastore.imports.` `metastore.imports.create` `metastore.imports.get` `metastore.imports.list` `metastore.imports.update` `metastore.locations.` `metastore.locations.get` `metastore.locations.list` `metastore.operations.get` `metastore.operations.list` `metastore.services.export` `metastore.services.get` `metastore.services.getIamPolicy` `metastore.services.list` `metastore.services.restore` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataproc Metastore Data Owner (`roles/metastore.metadataOwner`) Full access to the metadata of databases and tables under those databases.	`metastore.databases.` `metastore.databases.create` `metastore.databases.delete` `metastore.databases.get` `metastore.databases.getIamPolicy` `metastore.databases.list` `metastore.databases.setIamPolicy` `metastore.databases.update` `metastore.services.get` `metastore.services.getIamPolicy` `metastore.services.list` `metastore.services.use` `metastore.tables.` `metastore.tables.create` `metastore.tables.delete` `metastore.tables.get` `metastore.tables.getIamPolicy` `metastore.tables.list` `metastore.tables.setIamPolicy` `metastore.tables.update`
Dataproc Metastore Metadata Query Admin (`roles/metastore.metadataQueryAdmin`) Access to query metadata from a Dataproc Metastore service's underlying metadata store.	`metastore.services.queryMetadata`
Dataproc Metastore Metadata User (`roles/metastore.metadataUser`) Access to the Dataproc Metastore gRPC endpoint	`metastore.databases.get` `metastore.databases.list` `metastore.services.get` `metastore.services.use`
Dataproc Metastore Metadata Viewer (`roles/metastore.metadataViewer`) Access to read the metadata of databases and tables under those databases	`metastore.databases.get` `metastore.databases.getIamPolicy` `metastore.databases.list` `metastore.services.get` `metastore.services.use` `metastore.tables.get` `metastore.tables.getIamPolicy` `metastore.tables.list`
Dataproc Metastore Managed Migration Admin (`roles/metastore.migrationAdmin`) Access to Dataproc Metastore Managed Migration resources and workflow.	`cloudsql.instances.connect` `cloudsql.instances.get` `cloudsql.instances.login` `compute.autoscalers.create` `compute.autoscalers.delete` `compute.disks.create` `compute.disks.delete` `compute.forwardingRules.create` `compute.forwardingRules.delete` `compute.forwardingRules.use` `compute.instanceGroupManagers.create` `compute.instanceGroupManagers.delete` `compute.instanceGroupManagers.use` `compute.instanceGroups.delete` `compute.instanceGroups.use` `compute.instanceTemplates.create` `compute.instanceTemplates.delete` `compute.instanceTemplates.get` `compute.instanceTemplates.useReadOnly` `compute.instances.create` `compute.instances.delete` `compute.instances.get` `compute.instances.setMetadata` `compute.machineTypes.list` `compute.regionBackendServices.create` `compute.regionBackendServices.delete` `compute.regionBackendServices.use` `compute.regionHealthChecks.create` `compute.regionHealthChecks.delete` `compute.regionHealthChecks.use` `compute.regionHealthChecks.useReadOnly` `compute.serviceAttachments.create` `compute.serviceAttachments.delete` `compute.subnetworks.get` `compute.subnetworks.use` `compute.zones.list` `datastream.connectionProfiles.create` `datastream.connectionProfiles.delete` `datastream.objects.*` `datastream.objects.get` `datastream.objects.list` `datastream.objects.startBackfillJob` `datastream.objects.stopBackfillJob` `datastream.operations.get` `datastream.privateConnections.create` `datastream.privateConnections.delete` `datastream.streams.create` `datastream.streams.delete` `datastream.streams.get` `datastream.streams.update`
Dataproc Metastore Viewer (`roles/metastore.user`) Read-only access to all Dataproc Metastore resources.	`metastore.backups.get` `metastore.backups.list` `metastore.federations.get` `metastore.federations.getIamPolicy` `metastore.federations.list` `metastore.imports.get` `metastore.imports.list` `metastore.locations.*` `metastore.locations.get` `metastore.locations.list` `metastore.operations.get` `metastore.operations.list` `metastore.services.export` `metastore.services.get` `metastore.services.getIamPolicy` `metastore.services.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

Dataproc Metastore Admin

(roles/metastore.admin)

Full access to all Dataproc Metastore resources.

metastore.backups.*

metastore.backups.create
metastore.backups.delete
metastore.backups.get
metastore.backups.getIamPolicy
metastore.backups.list
metastore.backups.setIamPolicy
metastore.backups.use

metastore.federations.*

metastore.federations.create
metastore.federations.delete
metastore.federations.get
metastore.federations.getIamPolicy
metastore.federations.list
metastore.federations.setIamPolicy
metastore.federations.update
metastore.federations.use

metastore.imports.*

metastore.imports.create
metastore.imports.get
metastore.imports.list
metastore.imports.update

metastore.locations.*

metastore.locations.get
metastore.locations.list

metastore.migrations.*

metastore.migrations.cancel
metastore.migrations.complete
metastore.migrations.delete
metastore.migrations.get
metastore.migrations.list
metastore.migrations.start

metastore.operations.*

metastore.operations.cancel
metastore.operations.delete
metastore.operations.get
metastore.operations.list

metastore.services.create

metastore.services.delete

metastore.services.export

metastore.services.get

metastore.services.getIamPolicy

metastore.services.list

metastore.services.restore

metastore.services.setIamPolicy

metastore.services.update

resourcemanager.projects.get

resourcemanager.projects.list

Dataproc Metastore Editor

(roles/metastore.editor)

Read and write access to all Dataproc Metastore resources.

metastore.backups.create

metastore.backups.delete

metastore.backups.get

metastore.backups.list

metastore.backups.use

metastore.federations.create

metastore.federations.delete

metastore.federations.get

metastore.federations.list

metastore.federations.update

metastore.imports.*

metastore.imports.create
metastore.imports.get
metastore.imports.list
metastore.imports.update

metastore.locations.*

metastore.locations.get
metastore.locations.list

metastore.migrations.*

metastore.migrations.cancel
metastore.migrations.complete
metastore.migrations.delete
metastore.migrations.get
metastore.migrations.list
metastore.migrations.start

metastore.operations.*

metastore.operations.cancel
metastore.operations.delete
metastore.operations.get
metastore.operations.list

metastore.services.create

metastore.services.delete

metastore.services.export

metastore.services.get

metastore.services.getIamPolicy

metastore.services.list

metastore.services.restore

metastore.services.update

resourcemanager.projects.get

resourcemanager.projects.list

Metastore Federation Accessor

(roles/metastore.federationAccessor)

Access to the Metastore Federation resource.

metastore.federations.use

Dataproc Metastore Metadata Editor

(roles/metastore.metadataEditor)

Access to read and modify the metadata of databases and tables under those databases.

metastore.databases.create

metastore.databases.delete

metastore.databases.get

metastore.databases.getIamPolicy

metastore.databases.list

metastore.databases.update

metastore.services.get

metastore.services.use

metastore.tables.create

metastore.tables.delete

metastore.tables.get

metastore.tables.getIamPolicy

metastore.tables.list

metastore.tables.update

Dataproc Metastore Metadata Mutate Admin

(roles/metastore.metadataMutateAdmin)

Access to mutate metadata from a Dataproc Metastore service's underlying metadata store.

metastore.services.mutateMetadata

Dataproc Metastore Metadata Operator

(roles/metastore.metadataOperator)

Read-only access to Dataproc Metastore resources with additional metadata operations permission.

metastore.backups.create

metastore.backups.delete

metastore.backups.get

metastore.backups.list

metastore.backups.use

metastore.imports.*

metastore.imports.create
metastore.imports.get
metastore.imports.list
metastore.imports.update

metastore.locations.*

metastore.locations.get
metastore.locations.list

metastore.operations.get

metastore.operations.list

metastore.services.export

metastore.services.get

metastore.services.getIamPolicy

metastore.services.list

metastore.services.restore

resourcemanager.projects.get

resourcemanager.projects.list

Dataproc Metastore Data Owner

(roles/metastore.metadataOwner)

Full access to the metadata of databases and tables under those databases.

metastore.databases.*

metastore.databases.create
metastore.databases.delete
metastore.databases.get
metastore.databases.getIamPolicy
metastore.databases.list
metastore.databases.setIamPolicy
metastore.databases.update

metastore.services.get

metastore.services.getIamPolicy

metastore.services.list

metastore.services.use

metastore.tables.*

metastore.tables.create
metastore.tables.delete
metastore.tables.get
metastore.tables.getIamPolicy
metastore.tables.list
metastore.tables.setIamPolicy
metastore.tables.update

Dataproc Metastore Metadata Query Admin

(roles/metastore.metadataQueryAdmin)

Access to query metadata from a Dataproc Metastore service's underlying metadata store.

metastore.services.queryMetadata

Dataproc Metastore Metadata User

(roles/metastore.metadataUser)

Access to the Dataproc Metastore gRPC endpoint

metastore.databases.get

metastore.databases.list

metastore.services.get

metastore.services.use

Dataproc Metastore Metadata Viewer

(roles/metastore.metadataViewer)

Access to read the metadata of databases and tables under those databases

metastore.databases.get

metastore.databases.getIamPolicy

metastore.databases.list

metastore.services.get

metastore.services.use

metastore.tables.get

metastore.tables.getIamPolicy

metastore.tables.list

Dataproc Metastore Managed Migration Admin

(roles/metastore.migrationAdmin)

Access to Dataproc Metastore Managed Migration resources and workflow.

cloudsql.instances.connect

cloudsql.instances.get

cloudsql.instances.login

compute.autoscalers.create

compute.autoscalers.delete

compute.disks.create

compute.disks.delete

compute.forwardingRules.create

compute.forwardingRules.delete

compute.forwardingRules.use

compute.instanceGroupManagers.create

compute.instanceGroupManagers.delete

compute.instanceGroupManagers.use

compute.instanceGroups.delete

compute.instanceGroups.use

compute.instanceTemplates.create

compute.instanceTemplates.delete

compute.instanceTemplates.get

compute.instanceTemplates.useReadOnly

compute.instances.create

compute.instances.delete

compute.instances.get

compute.instances.setMetadata

compute.machineTypes.list

compute.regionBackendServices.create

compute.regionBackendServices.delete

compute.regionBackendServices.use

compute.regionHealthChecks.create

compute.regionHealthChecks.delete

compute.regionHealthChecks.use

compute.regionHealthChecks.useReadOnly

compute.serviceAttachments.create

compute.serviceAttachments.delete

compute.subnetworks.get

compute.subnetworks.use

compute.zones.list

datastream.connectionProfiles.create

datastream.connectionProfiles.delete

datastream.objects.*

datastream.objects.get
datastream.objects.list
datastream.objects.startBackfillJob
datastream.objects.stopBackfillJob

datastream.operations.get

datastream.privateConnections.create

datastream.privateConnections.delete

datastream.streams.create

datastream.streams.delete

datastream.streams.get

datastream.streams.update

Dataproc Metastore Viewer

(roles/metastore.user)

Read-only access to all Dataproc Metastore resources.

metastore.backups.get

metastore.backups.list

metastore.federations.get

metastore.federations.getIamPolicy

metastore.federations.list

metastore.imports.get

metastore.imports.list

metastore.locations.*

metastore.locations.get
metastore.locations.list

metastore.operations.get

metastore.operations.list

metastore.services.export

metastore.services.get

metastore.services.getIamPolicy

metastore.services.list

resourcemanager.projects.get

resourcemanager.projects.list

Langkah selanjutnya

Pelajari cara membuat peran IAM kustom.
Pelajari cara memberikan dan mengelola peran.
Lihat Pemetaan izin IAM Dataproc Metastore.