Halaman ini diterjemahkan oleh Cloud Translation API.

Kontrol akses dengan IAM

Lanjutan Standar

Halaman ini menjelaskan opsi kontrol akses yang tersedia untuk Anda di Eventarc.

Ringkasan

Eventarc menggunakan Identity and Access Management (IAM) untuk kontrol akses.

Untuk pengantar IAM dan fitur-fiturnya, lihat ringkasan IAM. Untuk mempelajari cara memberikan dan membatalkan akses, lihat Mengelola akses ke project, folder, dan organisasi.

Untuk mengetahui daftar izin dan peran yang didukung Eventarc, lihat bagian berikut.

Mengaktifkan Eventarc API

Untuk melihat dan menetapkan peran IAM untuk Eventarc, Anda harus mengaktifkan Eventarc API untuk project Anda. Anda tidak akan dapat melihat peran Eventarc di konsol Google Cloud hingga mengaktifkan API.

Enable the API

Peran yang telah ditetapkan

Tabel berikut mencantumkan peran IAM bawaan Eventarc dengan daftar terkait semua izin yang disertakan dalam setiap peran.

Peran bawaan mengatasi sebagian besar kasus penggunaan umum. Jika kasus penggunaan Anda tidak tercakup oleh peran yang telah ditetapkan, Anda dapat membuat peran khusus IAM.

Peran Eventarc

Role Permissions

Role	Permissions
Eventarc Admin (`roles/eventarc.admin`) Full control over all Eventarc resources. Lowest-level resources where you can grant this role: Project	`eventarc.*` `eventarc.channelConnections.create` `eventarc.channelConnections.delete` `eventarc.channelConnections.get` `eventarc.channelConnections.getIamPolicy` `eventarc.channelConnections.list` `eventarc.channelConnections.publish` `eventarc.channelConnections.setIamPolicy` `eventarc.channels.attach` `eventarc.channels.create` `eventarc.channels.delete` `eventarc.channels.get` `eventarc.channels.getIamPolicy` `eventarc.channels.list` `eventarc.channels.publish` `eventarc.channels.setIamPolicy` `eventarc.channels.undelete` `eventarc.channels.update` `eventarc.enrollments.create` `eventarc.enrollments.delete` `eventarc.enrollments.get` `eventarc.enrollments.getIamPolicy` `eventarc.enrollments.list` `eventarc.enrollments.setIamPolicy` `eventarc.enrollments.update` `eventarc.events.receiveAuditLogWritten` `eventarc.events.receiveEvent` `eventarc.googleApiSources.create` `eventarc.googleApiSources.delete` `eventarc.googleApiSources.get` `eventarc.googleApiSources.getIamPolicy` `eventarc.googleApiSources.list` `eventarc.googleApiSources.setIamPolicy` `eventarc.googleApiSources.update` `eventarc.googleChannelConfigs.get` `eventarc.googleChannelConfigs.update` `eventarc.kafkaSources.create` `eventarc.kafkaSources.delete` `eventarc.kafkaSources.get` `eventarc.kafkaSources.getIamPolicy` `eventarc.kafkaSources.list` `eventarc.kafkaSources.setIamPolicy` `eventarc.locations.get` `eventarc.locations.list` `eventarc.messageBuses.create` `eventarc.messageBuses.delete` `eventarc.messageBuses.get` `eventarc.messageBuses.getIamPolicy` `eventarc.messageBuses.list` `eventarc.messageBuses.publish` `eventarc.messageBuses.setIamPolicy` `eventarc.messageBuses.update` `eventarc.messageBuses.use` `eventarc.operations.cancel` `eventarc.operations.delete` `eventarc.operations.get` `eventarc.operations.list` `eventarc.pipelines.create` `eventarc.pipelines.delete` `eventarc.pipelines.get` `eventarc.pipelines.getIamPolicy` `eventarc.pipelines.list` `eventarc.pipelines.setIamPolicy` `eventarc.pipelines.update` `eventarc.providers.get` `eventarc.providers.list` `eventarc.triggers.create` `eventarc.triggers.delete` `eventarc.triggers.get` `eventarc.triggers.getIamPolicy` `eventarc.triggers.list` `eventarc.triggers.setIamPolicy` `eventarc.triggers.undelete` `eventarc.triggers.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Eventarc Connection Publisher ^Beta (`roles/eventarc.connectionPublisher`) Can publish events to Eventarc channel connections. Lowest-level resources where you can grant this role: Project	`eventarc.channelConnections.get` `eventarc.channelConnections.list` `eventarc.channelConnections.publish` `resourcemanager.projects.get` `resourcemanager.projects.list`
Eventarc Developer (`roles/eventarc.developer`) Access to read and write Eventarc resources. Lowest-level resources where you can grant this role: Project	`eventarc.channelConnections.create` `eventarc.channelConnections.delete` `eventarc.channelConnections.get` `eventarc.channelConnections.getIamPolicy` `eventarc.channelConnections.list` `eventarc.channelConnections.publish` `eventarc.channels.attach` `eventarc.channels.create` `eventarc.channels.delete` `eventarc.channels.get` `eventarc.channels.getIamPolicy` `eventarc.channels.list` `eventarc.channels.publish` `eventarc.channels.undelete` `eventarc.channels.update` `eventarc.enrollments.create` `eventarc.enrollments.delete` `eventarc.enrollments.get` `eventarc.enrollments.getIamPolicy` `eventarc.enrollments.list` `eventarc.enrollments.update` `eventarc.googleApiSources.create` `eventarc.googleApiSources.delete` `eventarc.googleApiSources.get` `eventarc.googleApiSources.getIamPolicy` `eventarc.googleApiSources.list` `eventarc.googleApiSources.update` `eventarc.googleChannelConfigs.` `eventarc.googleChannelConfigs.get` `eventarc.googleChannelConfigs.update` `eventarc.kafkaSources.create` `eventarc.kafkaSources.delete` `eventarc.kafkaSources.get` `eventarc.kafkaSources.getIamPolicy` `eventarc.kafkaSources.list` `eventarc.locations.` `eventarc.locations.get` `eventarc.locations.list` `eventarc.operations.` `eventarc.operations.cancel` `eventarc.operations.delete` `eventarc.operations.get` `eventarc.operations.list` `eventarc.pipelines.create` `eventarc.pipelines.delete` `eventarc.pipelines.get` `eventarc.pipelines.getIamPolicy` `eventarc.pipelines.list` `eventarc.pipelines.update` `eventarc.providers.` `eventarc.providers.get` `eventarc.providers.list` `eventarc.triggers.create` `eventarc.triggers.delete` `eventarc.triggers.get` `eventarc.triggers.getIamPolicy` `eventarc.triggers.list` `eventarc.triggers.undelete` `eventarc.triggers.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Eventarc Event Receiver (`roles/eventarc.eventReceiver`) Can receive events from all event providers. Lowest-level resources where you can grant this role: Project	`eventarc.events.*` `eventarc.events.receiveAuditLogWritten` `eventarc.events.receiveEvent`
Eventarc Message Bus Admin ^Beta (`roles/eventarc.messageBusAdmin`) Full control over Message Buses resources.	`eventarc.messageBuses.create` `eventarc.messageBuses.delete` `eventarc.messageBuses.get` `eventarc.messageBuses.getIamPolicy` `eventarc.messageBuses.list` `eventarc.messageBuses.publish` `eventarc.messageBuses.update` `eventarc.messageBuses.use`
Eventarc Message Bus User ^Beta (`roles/eventarc.messageBusUser`) Access to publish to or bind to a Message Bus.	`eventarc.messageBuses.get` `eventarc.messageBuses.list` `eventarc.messageBuses.publish` `eventarc.messageBuses.use`
Eventarc Publisher ^Beta (`roles/eventarc.publisher`) Can publish events to Eventarc channels. Lowest-level resources where you can grant this role: Project	`eventarc.channels.get` `eventarc.channels.list` `eventarc.channels.publish` `resourcemanager.projects.get` `resourcemanager.projects.list`
Eventarc Viewer (`roles/eventarc.viewer`) Can view the state of all Eventarc resources, including IAM policies. Lowest-level resources where you can grant this role: Project	`eventarc.channelConnections.get` `eventarc.channelConnections.getIamPolicy` `eventarc.channelConnections.list` `eventarc.channels.get` `eventarc.channels.getIamPolicy` `eventarc.channels.list` `eventarc.enrollments.get` `eventarc.enrollments.getIamPolicy` `eventarc.enrollments.list` `eventarc.googleApiSources.get` `eventarc.googleApiSources.getIamPolicy` `eventarc.googleApiSources.list` `eventarc.googleChannelConfigs.get` `eventarc.kafkaSources.get` `eventarc.kafkaSources.getIamPolicy` `eventarc.kafkaSources.list` `eventarc.locations.` `eventarc.locations.get` `eventarc.locations.list` `eventarc.messageBuses.get` `eventarc.messageBuses.getIamPolicy` `eventarc.messageBuses.list` `eventarc.messageBuses.use` `eventarc.operations.get` `eventarc.operations.list` `eventarc.pipelines.get` `eventarc.pipelines.getIamPolicy` `eventarc.pipelines.list` `eventarc.providers.` `eventarc.providers.get` `eventarc.providers.list` `eventarc.triggers.get` `eventarc.triggers.getIamPolicy` `eventarc.triggers.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

Eventarc Admin

(roles/eventarc.admin)

Full control over all Eventarc resources.

Lowest-level resources where you can grant this role:

Project

eventarc.*

eventarc.channelConnections.create
eventarc.channelConnections.delete
eventarc.channelConnections.get
eventarc.channelConnections.getIamPolicy
eventarc.channelConnections.list
eventarc.channelConnections.publish
eventarc.channelConnections.setIamPolicy
eventarc.channels.attach
eventarc.channels.create
eventarc.channels.delete
eventarc.channels.get
eventarc.channels.getIamPolicy
eventarc.channels.list
eventarc.channels.publish
eventarc.channels.setIamPolicy
eventarc.channels.undelete
eventarc.channels.update
eventarc.enrollments.create
eventarc.enrollments.delete
eventarc.enrollments.get
eventarc.enrollments.getIamPolicy
eventarc.enrollments.list
eventarc.enrollments.setIamPolicy
eventarc.enrollments.update
eventarc.events.receiveAuditLogWritten
eventarc.events.receiveEvent
eventarc.googleApiSources.create
eventarc.googleApiSources.delete
eventarc.googleApiSources.get
eventarc.googleApiSources.getIamPolicy
eventarc.googleApiSources.list
eventarc.googleApiSources.setIamPolicy
eventarc.googleApiSources.update
eventarc.googleChannelConfigs.get
eventarc.googleChannelConfigs.update
eventarc.kafkaSources.create
eventarc.kafkaSources.delete
eventarc.kafkaSources.get
eventarc.kafkaSources.getIamPolicy
eventarc.kafkaSources.list
eventarc.kafkaSources.setIamPolicy
eventarc.locations.get
eventarc.locations.list
eventarc.messageBuses.create
eventarc.messageBuses.delete
eventarc.messageBuses.get
eventarc.messageBuses.getIamPolicy
eventarc.messageBuses.list
eventarc.messageBuses.publish
eventarc.messageBuses.setIamPolicy
eventarc.messageBuses.update
eventarc.messageBuses.use
eventarc.operations.cancel
eventarc.operations.delete
eventarc.operations.get
eventarc.operations.list
eventarc.pipelines.create
eventarc.pipelines.delete
eventarc.pipelines.get
eventarc.pipelines.getIamPolicy
eventarc.pipelines.list
eventarc.pipelines.setIamPolicy
eventarc.pipelines.update
eventarc.providers.get
eventarc.providers.list
eventarc.triggers.create
eventarc.triggers.delete
eventarc.triggers.get
eventarc.triggers.getIamPolicy
eventarc.triggers.list
eventarc.triggers.setIamPolicy
eventarc.triggers.undelete
eventarc.triggers.update

resourcemanager.projects.get

resourcemanager.projects.list

Eventarc Connection Publisher ^Beta

(roles/eventarc.connectionPublisher)

Can publish events to Eventarc channel connections.

Lowest-level resources where you can grant this role:

Project

eventarc.channelConnections.get

eventarc.channelConnections.list

eventarc.channelConnections.publish

resourcemanager.projects.get

resourcemanager.projects.list

Eventarc Developer

(roles/eventarc.developer)

Access to read and write Eventarc resources.

Lowest-level resources where you can grant this role:

Project

eventarc.channelConnections.create

eventarc.channelConnections.delete

eventarc.channelConnections.get

eventarc.channelConnections.getIamPolicy

eventarc.channelConnections.list

eventarc.channelConnections.publish

eventarc.channels.attach

eventarc.channels.create

eventarc.channels.delete

eventarc.channels.get

eventarc.channels.getIamPolicy

eventarc.channels.list

eventarc.channels.publish

eventarc.channels.undelete

eventarc.channels.update

eventarc.enrollments.create

eventarc.enrollments.delete

eventarc.enrollments.get

eventarc.enrollments.getIamPolicy

eventarc.enrollments.list

eventarc.enrollments.update

eventarc.googleApiSources.create

eventarc.googleApiSources.delete

eventarc.googleApiSources.get

eventarc.googleApiSources.getIamPolicy

eventarc.googleApiSources.list

eventarc.googleApiSources.update

eventarc.googleChannelConfigs.*

eventarc.googleChannelConfigs.get
eventarc.googleChannelConfigs.update

eventarc.kafkaSources.create

eventarc.kafkaSources.delete

eventarc.kafkaSources.get

eventarc.kafkaSources.getIamPolicy

eventarc.kafkaSources.list

eventarc.locations.*

eventarc.locations.get
eventarc.locations.list

eventarc.operations.*

eventarc.operations.cancel
eventarc.operations.delete
eventarc.operations.get
eventarc.operations.list

eventarc.pipelines.create

eventarc.pipelines.delete

eventarc.pipelines.get

eventarc.pipelines.getIamPolicy

eventarc.pipelines.list

eventarc.pipelines.update

eventarc.providers.*

eventarc.providers.get
eventarc.providers.list

eventarc.triggers.create

eventarc.triggers.delete

eventarc.triggers.get

eventarc.triggers.getIamPolicy

eventarc.triggers.list

eventarc.triggers.undelete

eventarc.triggers.update

resourcemanager.projects.get

resourcemanager.projects.list

Eventarc Event Receiver

(roles/eventarc.eventReceiver)

Can receive events from all event providers.

Lowest-level resources where you can grant this role:

Project

eventarc.events.*

eventarc.events.receiveAuditLogWritten
eventarc.events.receiveEvent

Eventarc Message Bus Admin ^Beta

(roles/eventarc.messageBusAdmin)

Full control over Message Buses resources.

eventarc.messageBuses.create

eventarc.messageBuses.delete

eventarc.messageBuses.get

eventarc.messageBuses.getIamPolicy

eventarc.messageBuses.list

eventarc.messageBuses.publish

eventarc.messageBuses.update

eventarc.messageBuses.use

Eventarc Message Bus User ^Beta

(roles/eventarc.messageBusUser)

Access to publish to or bind to a Message Bus.

eventarc.messageBuses.get

eventarc.messageBuses.list

eventarc.messageBuses.publish

eventarc.messageBuses.use

Eventarc Publisher ^Beta

(roles/eventarc.publisher)

Can publish events to Eventarc channels.

Lowest-level resources where you can grant this role:

Project

eventarc.channels.get

eventarc.channels.list

eventarc.channels.publish

resourcemanager.projects.get

resourcemanager.projects.list

Eventarc Viewer

(roles/eventarc.viewer)

Can view the state of all Eventarc resources, including IAM policies.

Lowest-level resources where you can grant this role:

Project

eventarc.channelConnections.get

eventarc.channelConnections.getIamPolicy

eventarc.channelConnections.list

eventarc.channels.get

eventarc.channels.getIamPolicy

eventarc.channels.list

eventarc.enrollments.get

eventarc.enrollments.getIamPolicy

eventarc.enrollments.list

eventarc.googleApiSources.get

eventarc.googleApiSources.getIamPolicy

eventarc.googleApiSources.list

eventarc.googleChannelConfigs.get

eventarc.kafkaSources.get

eventarc.kafkaSources.getIamPolicy

eventarc.kafkaSources.list

eventarc.locations.*

eventarc.locations.get
eventarc.locations.list

eventarc.messageBuses.get

eventarc.messageBuses.getIamPolicy

eventarc.messageBuses.list

eventarc.messageBuses.use

eventarc.operations.get

eventarc.operations.list

eventarc.pipelines.get

eventarc.pipelines.getIamPolicy

eventarc.pipelines.list

eventarc.providers.*

eventarc.providers.get
eventarc.providers.list

eventarc.triggers.get

eventarc.triggers.getIamPolicy

eventarc.triggers.list

resourcemanager.projects.get

resourcemanager.projects.list

Pengelolaan IAM tingkat project

Di tingkat project, Anda dapat memberikan, mengubah, dan mencabut peran IAM menggunakan konsol Google Cloud, IAM API, atau Google Cloud CLI. Untuk mengetahui petunjuknya, lihat Mengelola akses ke project, folder, dan organisasi.

Kontrol akses dengan IAM

Ringkasan

Mengaktifkan Eventarc API

Peran yang telah ditetapkan

Peran Eventarc

Eventarc Admin

Eventarc Connection Publisher Beta

Eventarc Developer

Eventarc Event Receiver

Eventarc Message Bus Admin Beta

Eventarc Message Bus User Beta

Eventarc Publisher Beta

Eventarc Viewer

Pengelolaan IAM tingkat project

Eventarc Connection Publisher ^Beta

Eventarc Message Bus Admin ^Beta

Eventarc Message Bus User ^Beta

Eventarc Publisher ^Beta