IAM으로 액세스 제어

이 페이지에서는 Eventarc에서 사용할 수 있는 액세스 제어 옵션을 설명합니다.

개요

Eventarc에서는 액세스 제어를 위해 ID 및 액세스 관리(IAM)가 사용됩니다.

IAM 및 해당 기능에 대한 소개는 IAM 개요를 참조하세요. 액세스 권한 부여 및 취소 방법을 알아보려면 리소스 액세스 권한 부여, 변경, 취소를 참조하세요.

Eventarc에서 지원되는 권한 및 역할 목록은 다음 섹션을 참조하세요.

Eventarc API 사용 설정

Eventarc의 IAM 역할을 보고 할당하려면 프로젝트에 Eventarc API를 사용 설정해야 합니다. API를 사용 설정할 때까지는 Google Cloud 콘솔에서 Eventarc 역할을 볼 수 없습니다.

API 사용 설정

사전 정의된 역할

다음 표에서는 Eventarc 사전 정의 IAM 역할과 각 역할에 포함된 모든 권한 목록을 보여줍니다.

사전 정의된 역할은 일반적인 사용 사례를 대부분 처리합니다. 사용 사례가 사전 정의된 역할로 처리되지 않는 경우, IAM 커스텀 역할을 만들 수 있습니다.

Eventarc 역할

Role Permissions

Role	Permissions
Eventarc Admin (`roles/eventarc.admin`) Full control over all Eventarc resources. Lowest-level resources where you can grant this role: Project	`eventarc.*` `eventarc.channelConnections.create` `eventarc.channelConnections.delete` `eventarc.channelConnections.get` `eventarc.channelConnections.getIamPolicy` `eventarc.channelConnections.list` `eventarc.channelConnections.publish` `eventarc.channelConnections.setIamPolicy` `eventarc.channels.attach` `eventarc.channels.create` `eventarc.channels.delete` `eventarc.channels.get` `eventarc.channels.getIamPolicy` `eventarc.channels.list` `eventarc.channels.publish` `eventarc.channels.setIamPolicy` `eventarc.channels.undelete` `eventarc.channels.update` `eventarc.events.receiveAuditLogWritten` `eventarc.events.receiveEvent` `eventarc.googleChannelConfigs.get` `eventarc.googleChannelConfigs.update` `eventarc.locations.get` `eventarc.locations.list` `eventarc.operations.cancel` `eventarc.operations.delete` `eventarc.operations.get` `eventarc.operations.list` `eventarc.providers.get` `eventarc.providers.list` `eventarc.triggers.create` `eventarc.triggers.delete` `eventarc.triggers.get` `eventarc.triggers.getIamPolicy` `eventarc.triggers.list` `eventarc.triggers.setIamPolicy` `eventarc.triggers.undelete` `eventarc.triggers.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Eventarc Connection Publisher ^Beta (`roles/eventarc.connectionPublisher`) Can publish events to Eventarc channel connections. Lowest-level resources where you can grant this role: Project	`eventarc.channelConnections.get` `eventarc.channelConnections.list` `eventarc.channelConnections.publish` `resourcemanager.projects.get` `resourcemanager.projects.list`
Eventarc Developer (`roles/eventarc.developer`) Access to read and write Eventarc resources. Lowest-level resources where you can grant this role: Project	`eventarc.channelConnections.create` `eventarc.channelConnections.delete` `eventarc.channelConnections.get` `eventarc.channelConnections.getIamPolicy` `eventarc.channelConnections.list` `eventarc.channelConnections.publish` `eventarc.channels.attach` `eventarc.channels.create` `eventarc.channels.delete` `eventarc.channels.get` `eventarc.channels.getIamPolicy` `eventarc.channels.list` `eventarc.channels.publish` `eventarc.channels.undelete` `eventarc.channels.update` `eventarc.googleChannelConfigs.` `eventarc.googleChannelConfigs.get` `eventarc.googleChannelConfigs.update` `eventarc.locations.` `eventarc.locations.get` `eventarc.locations.list` `eventarc.operations.` `eventarc.operations.cancel` `eventarc.operations.delete` `eventarc.operations.get` `eventarc.operations.list` `eventarc.providers.` `eventarc.providers.get` `eventarc.providers.list` `eventarc.triggers.create` `eventarc.triggers.delete` `eventarc.triggers.get` `eventarc.triggers.getIamPolicy` `eventarc.triggers.list` `eventarc.triggers.undelete` `eventarc.triggers.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Eventarc Event Receiver (`roles/eventarc.eventReceiver`) Can receive events from all event providers. Lowest-level resources where you can grant this role: Project	`eventarc.events.*` `eventarc.events.receiveAuditLogWritten` `eventarc.events.receiveEvent`
Eventarc Publisher ^Beta (`roles/eventarc.publisher`) Can publish events to Eventarc channels. Lowest-level resources where you can grant this role: Project	`eventarc.channels.get` `eventarc.channels.list` `eventarc.channels.publish` `resourcemanager.projects.get` `resourcemanager.projects.list`
Eventarc Viewer (`roles/eventarc.viewer`) Can view the state of all Eventarc resources, including IAM policies. Lowest-level resources where you can grant this role: Project	`eventarc.channelConnections.get` `eventarc.channelConnections.getIamPolicy` `eventarc.channelConnections.list` `eventarc.channels.get` `eventarc.channels.getIamPolicy` `eventarc.channels.list` `eventarc.googleChannelConfigs.get` `eventarc.locations.` `eventarc.locations.get` `eventarc.locations.list` `eventarc.operations.get` `eventarc.operations.list` `eventarc.providers.` `eventarc.providers.get` `eventarc.providers.list` `eventarc.triggers.get` `eventarc.triggers.getIamPolicy` `eventarc.triggers.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

Eventarc Admin

(roles/eventarc.admin)

Full control over all Eventarc resources.

Lowest-level resources where you can grant this role:

Project

eventarc.*

eventarc.channelConnections.create
eventarc.channelConnections.delete
eventarc.channelConnections.get
eventarc.channelConnections.getIamPolicy
eventarc.channelConnections.list
eventarc.channelConnections.publish
eventarc.channelConnections.setIamPolicy
eventarc.channels.attach
eventarc.channels.create
eventarc.channels.delete
eventarc.channels.get
eventarc.channels.getIamPolicy
eventarc.channels.list
eventarc.channels.publish
eventarc.channels.setIamPolicy
eventarc.channels.undelete
eventarc.channels.update
eventarc.events.receiveAuditLogWritten
eventarc.events.receiveEvent
eventarc.googleChannelConfigs.get
eventarc.googleChannelConfigs.update
eventarc.locations.get
eventarc.locations.list
eventarc.operations.cancel
eventarc.operations.delete
eventarc.operations.get
eventarc.operations.list
eventarc.providers.get
eventarc.providers.list
eventarc.triggers.create
eventarc.triggers.delete
eventarc.triggers.get
eventarc.triggers.getIamPolicy
eventarc.triggers.list
eventarc.triggers.setIamPolicy
eventarc.triggers.undelete
eventarc.triggers.update

resourcemanager.projects.get

resourcemanager.projects.list

Eventarc Connection Publisher ^Beta

(roles/eventarc.connectionPublisher)

Can publish events to Eventarc channel connections.

Lowest-level resources where you can grant this role:

Project

eventarc.channelConnections.get

eventarc.channelConnections.list

eventarc.channelConnections.publish

resourcemanager.projects.get

resourcemanager.projects.list

Eventarc Developer

(roles/eventarc.developer)

Access to read and write Eventarc resources.

Lowest-level resources where you can grant this role:

Project

eventarc.channelConnections.create

eventarc.channelConnections.delete

eventarc.channelConnections.get

eventarc.channelConnections.getIamPolicy

eventarc.channelConnections.list

eventarc.channelConnections.publish

eventarc.channels.attach

eventarc.channels.create

eventarc.channels.delete

eventarc.channels.get

eventarc.channels.getIamPolicy

eventarc.channels.list

eventarc.channels.publish

eventarc.channels.undelete

eventarc.channels.update

eventarc.googleChannelConfigs.*

eventarc.googleChannelConfigs.get
eventarc.googleChannelConfigs.update

eventarc.locations.*

eventarc.locations.get
eventarc.locations.list

eventarc.operations.*

eventarc.operations.cancel
eventarc.operations.delete
eventarc.operations.get
eventarc.operations.list

eventarc.providers.*

eventarc.providers.get
eventarc.providers.list

eventarc.triggers.create

eventarc.triggers.delete

eventarc.triggers.get

eventarc.triggers.getIamPolicy

eventarc.triggers.list

eventarc.triggers.undelete

eventarc.triggers.update

resourcemanager.projects.get

resourcemanager.projects.list

Eventarc Event Receiver

(roles/eventarc.eventReceiver)

Can receive events from all event providers.

Lowest-level resources where you can grant this role:

Project

eventarc.events.*

eventarc.events.receiveAuditLogWritten
eventarc.events.receiveEvent

Eventarc Publisher ^Beta

(roles/eventarc.publisher)

Can publish events to Eventarc channels.

Lowest-level resources where you can grant this role:

Project

eventarc.channels.get

eventarc.channels.list

eventarc.channels.publish

resourcemanager.projects.get

resourcemanager.projects.list

Eventarc Viewer

(roles/eventarc.viewer)

Can view the state of all Eventarc resources, including IAM policies.

Lowest-level resources where you can grant this role:

Project

eventarc.channelConnections.get

eventarc.channelConnections.getIamPolicy

eventarc.channelConnections.list

eventarc.channels.get

eventarc.channels.getIamPolicy

eventarc.channels.list

eventarc.googleChannelConfigs.get

eventarc.locations.*

eventarc.locations.get
eventarc.locations.list

eventarc.operations.get

eventarc.operations.list

eventarc.providers.*

eventarc.providers.get
eventarc.providers.list

eventarc.triggers.get

eventarc.triggers.getIamPolicy

eventarc.triggers.list

resourcemanager.projects.get

resourcemanager.projects.list

Eventarc 역할 및 권한에 대한 자세한 내용은 역할 및 권한을 참조하세요.

프로젝트 수준 IAM 관리

프로젝트 수준에서 Google Cloud Console, IAM API 또는 Google Cloud CLI를 사용하여 IAM 역할을 부여, 변경, 취소할 수 있습니다. 자세한 내용은 리소스에 대한 액세스 권한 부여, 변경, 취소를 참조하세요.

IAM으로 액세스 제어

개요

Eventarc API 사용 설정

사전 정의된 역할

Eventarc 역할

Eventarc Admin

Eventarc Connection Publisher Beta

Eventarc Developer

Eventarc Event Receiver

Eventarc Publisher Beta

Eventarc Viewer

프로젝트 수준 IAM 관리

Eventarc Connection Publisher ^Beta

Eventarc Publisher ^Beta