本页面介绍 Eventarc 中可用的访问权限控制选项。
概览
Eventarc 使用 Identity and Access Management (IAM) 进行访问权限控制。
如需了解 IAM 及其功能,请参阅 IAM 概览。如需了解如何授予和撤消访问权限,请参阅管理对项目、文件夹和组织的访问权限。
如需查看 Eventarc 支持的权限和角色列表,请参阅以下各部分。
启用 Eventarc API
如需查看和分配 Eventarc 的 IAM 角色,您必须为项目启用 Eventarc API。在启用此 API 之前,您不会在 Google Cloud 控制台中看到 Eventarc 角色。
启用 API
预定义角色
下表列出了 Eventarc 预定义 IAM 角色以及每个角色包含的所有权限的列表。
预定义角色可满足大多数典型的用例。如果预定义角色无法满足您的用例,您可以创建 IAM 自定义角色。
Eventarc 角色
Role |
Permissions |
Eventarc Admin
(roles/eventarc.admin )
Full control over all Eventarc resources.
Lowest-level resources where you can grant this role:
|
eventarc.*
eventarc.channelConnections.create
eventarc.channelConnections.delete
eventarc.channelConnections.get
eventarc.channelConnections.getIamPolicy
eventarc.channelConnections.list
eventarc.channelConnections.publish
eventarc.channelConnections.setIamPolicy
eventarc.channels.attach
eventarc.channels.create
eventarc.channels.delete
eventarc.channels.get
eventarc.channels.getIamPolicy
eventarc.channels.list
eventarc.channels.publish
eventarc.channels.setIamPolicy
eventarc.channels.undelete
eventarc.channels.update
eventarc.events.receiveAuditLogWritten
eventarc.events.receiveEvent
eventarc.googleChannelConfigs.get
eventarc.googleChannelConfigs.update
eventarc.locations.get
eventarc.locations.list
eventarc.operations.cancel
eventarc.operations.delete
eventarc.operations.get
eventarc.operations.list
eventarc.providers.get
eventarc.providers.list
eventarc.triggers.create
eventarc.triggers.delete
eventarc.triggers.get
eventarc.triggers.getIamPolicy
eventarc.triggers.list
eventarc.triggers.setIamPolicy
eventarc.triggers.undelete
eventarc.triggers.update
resourcemanager.projects.get
resourcemanager.projects.list
|
Eventarc Connection Publisher
Beta
(roles/eventarc.connectionPublisher )
Can publish events to Eventarc channel connections.
Lowest-level resources where you can grant this role:
|
eventarc.channelConnections.get
eventarc.channelConnections.list
eventarc.channelConnections.publish
resourcemanager.projects.get
resourcemanager.projects.list
|
Eventarc Developer
(roles/eventarc.developer )
Access to read and write Eventarc resources.
Lowest-level resources where you can grant this role:
|
eventarc.channelConnections.create
eventarc.channelConnections.delete
eventarc.channelConnections.get
eventarc.channelConnections.getIamPolicy
eventarc.channelConnections.list
eventarc.channelConnections.publish
eventarc.channels.attach
eventarc.channels.create
eventarc.channels.delete
eventarc.channels.get
eventarc.channels.getIamPolicy
eventarc.channels.list
eventarc.channels.publish
eventarc.channels.undelete
eventarc.channels.update
eventarc.googleChannelConfigs.*
eventarc.googleChannelConfigs.get
eventarc.googleChannelConfigs.update
eventarc.locations.*
eventarc.locations.get
eventarc.locations.list
eventarc.operations.*
eventarc.operations.cancel
eventarc.operations.delete
eventarc.operations.get
eventarc.operations.list
eventarc.providers.*
eventarc.providers.get
eventarc.providers.list
eventarc.triggers.create
eventarc.triggers.delete
eventarc.triggers.get
eventarc.triggers.getIamPolicy
eventarc.triggers.list
eventarc.triggers.undelete
eventarc.triggers.update
resourcemanager.projects.get
resourcemanager.projects.list
|
Eventarc Event Receiver
(roles/eventarc.eventReceiver )
Can receive events from all event providers.
Lowest-level resources where you can grant this role:
|
eventarc.events.*
eventarc.events.receiveAuditLogWritten
eventarc.events.receiveEvent
|
Eventarc Publisher
Beta
(roles/eventarc.publisher )
Can publish events to Eventarc channels.
Lowest-level resources where you can grant this role:
|
eventarc.channels.get
eventarc.channels.list
eventarc.channels.publish
resourcemanager.projects.get
resourcemanager.projects.list
|
Eventarc Viewer
(roles/eventarc.viewer )
Can view the state of all Eventarc resources, including IAM policies.
Lowest-level resources where you can grant this role:
|
eventarc.channelConnections.get
eventarc.channelConnections.getIamPolicy
eventarc.channelConnections.list
eventarc.channels.get
eventarc.channels.getIamPolicy
eventarc.channels.list
eventarc.googleChannelConfigs.get
eventarc.locations.*
eventarc.locations.get
eventarc.locations.list
eventarc.operations.get
eventarc.operations.list
eventarc.providers.*
eventarc.providers.get
eventarc.providers.list
eventarc.triggers.get
eventarc.triggers.getIamPolicy
eventarc.triggers.list
resourcemanager.projects.get
resourcemanager.projects.list
|
如需详细了解 Eventarc 角色和权限,请参阅所有角色和权限。
项目级层 IAM 管理
在项目级层,您可以使用 Google Cloud Console、IAM API 或 Google Cloud CLI 来授予、更改和撤消 IAM 角色。如需查看相关说明,请参阅管理对项目、文件夹和组织的访问权限。