Tetap teratur dengan koleksi
Simpan dan kategorikan konten berdasarkan preferensi Anda.
Halaman ini menjelaskan cara mengelola kontrol akses di registry Harbor-as-a-Service
sambil mematuhi prinsip hak istimewa terendah. Administrator IAM Organisasi yang terisolasi dari internet di Google Distributed Cloud (GDC) mengontrol siapa yang dapat diautentikasi dan diberi otorisasi untuk menggunakan API Harbor-as-a-Service. Untuk memberikan otorisasi
API dan akses dalam instance Harbor, gunakan
kontrol akses berbasis peran bawaan Harbor
di setiap project Harbor. Untuk mengetahui informasi selengkapnya, lihat https://goharbor.io/docs/2.8.0/administration/managing-users/.
Mengonfigurasi akses untuk API Harbor-as-a-Service
Setiap GDC Harbor-as-a-Service API mengharuskan akun utama yang membuat
permintaan memiliki izin yang diperlukan untuk menggunakan resource API. Izin diberikan kepada akun utama dengan menetapkan kebijakan yang memberikan peran yang telah ditentukan sebelumnya kepada akun utama pada resource.
Peran Harbor-as-a-Service yang telah ditetapkan
Harbor-as-a-Service menyediakan peran yang telah ditentukan yang memberikan akses ke resource API terkait dan mencegah akses tidak sah ke resource lainnya.
Gunakan peran standar berikut untuk mengelola resource Instance Harbor dan membuat resource Project Harbor:
Pelihat Instance Harbor: melihat dan mendapatkan instance Harbor. Minta Admin IAM Organisasi Anda untuk memberi Anda peran Harbor Instance Viewer (harbor-instance-viewer).
Admin Instance Harbor: membuat dan mengelola instance Harbor, serta
membuat project Harbor di instance Harbor. Minta Admin IAM Organisasi Anda untuk memberi Anda peran Admin Instance Harbor (harbor-instance-admin).
Pembuat Project Harbor: membuat project Harbor di instance Harbor.
Minta Admin IAM Organisasi Anda untuk memberi Anda peran Harbor Project Creator (harbor-project-creator).
Mengonfigurasi akses untuk API dan dalam instance Harbor
Dalam instance Harbor, gunakan kontrol akses berbasis peran bawaan Harbor di setiap project Harbor untuk mengontrol siapa yang diberi otorisasi untuk menggunakan API dan mengakses resource dalam project Harbor. Untuk mengetahui informasi selengkapnya, lihat
https://goharbor.io/docs/2.8.0/administration/managing-users/.
[[["Mudah dipahami","easyToUnderstand","thumb-up"],["Memecahkan masalah saya","solvedMyProblem","thumb-up"],["Lainnya","otherUp","thumb-up"]],[["Sulit dipahami","hardToUnderstand","thumb-down"],["Informasi atau kode contoh salah","incorrectInformationOrSampleCode","thumb-down"],["Informasi/contoh yang saya butuhkan tidak ada","missingTheInformationSamplesINeed","thumb-down"],["Masalah terjemahan","translationIssue","thumb-down"],["Lainnya","otherDown","thumb-down"]],["Terakhir diperbarui pada 2025-09-04 UTC."],[[["\u003cp\u003eGDC Organization IAM Administrators manage access to Harbor-as-a-Service APIs, controlling who can be authenticated and authorized.\u003c/p\u003e\n"],["\u003cp\u003eHarbor-as-a-Service uses predefined roles like Harbor Instance Viewer, Harbor Instance Admin, and Harbor Project Creator to manage access to API resources.\u003c/p\u003e\n"],["\u003cp\u003eWithin a Harbor instance, access is managed using Harbor's built-in role-based access control within each project.\u003c/p\u003e\n"],["\u003cp\u003eThe creator of a Harbor project is automatically assigned the \u003ccode\u003eProjectAdmin\u003c/code\u003e role, which allows them to manage other users' roles.\u003c/p\u003e\n"]]],[],null,["# Configure access control\n\nThis page describes how to manage access control in the Harbor-as-a-Service\nregistry while adhering to the principles of least privilege. Google Distributed Cloud (GDC) air-gapped Organization IAM Administrators control who can be\nauthenticated and authorized to use Harbor-as-a-Service APIs. For authorizing\nAPIs and access in a Harbor instance, use\nHarbor's built-in role-based access control\nin each Harbor project. For more information, see \u003chttps://goharbor.io/docs/2.8.0/administration/managing-users/\u003e.\n\nConfigure access for Harbor-as-a-Service APIs\n---------------------------------------------\n\nEvery GDC Harbor-as-a-Service API requires that the principal making the\nrequest has the required permissions to use the API resource. Permissions are\ngiven to principals by setting policies that grant the principal a predefined\nrole on the resource.\n\n### Predefined Harbor-as-a-Service roles\n\nHarbor-as-a-Service provides predefined roles that grant access to related API\nresources and prevent unauthorized access to other resources.\n\nUse the following predefined roles for managing the Harbor Instance resources\nand creating Harbor Project resources:\n\n- Harbor Instance Viewer: views and gets the Harbor instance. Ask your Organization IAM Admin to grant you the Harbor Instance Viewer (`harbor-instance-viewer`) role.\n- Harbor Instance Admin: creates and manages the Harbor instance, and creates Harbor projects in the Harbor instance. Ask your Organization IAM Admin to grant you the Harbor Instance Admin (`harbor-instance-admin`) role.\n- Harbor Project Creator: creates Harbor projects in the Harbor instance. Ask your Organization IAM Admin to grant you the Harbor Project Creator (`harbor-project-creator`) role.\n\nConfigure access for APIs and within a Harbor instance\n------------------------------------------------------\n\nWithin a Harbor instance, use Harbor's built-in role-based access control in\neach Harbor project to control who is authorized to use the APIs and access\nresources in the Harbor project. For more information, see\n\u003chttps://goharbor.io/docs/2.8.0/administration/managing-users/\u003e.\n\nThe user that creates the Harbor project is automatically assigned the\n`ProjectAdmin` role for the Harbor project. The `ProjectAdmin` user can assign\nroles for the Harbor project to other users. For all of the available roles, see\n\u003chttps://goharbor.io/docs/2.8.0/administration/managing-users/user-permissions-by-role/\u003e."]]