Nesta página, descrevemos as opções de controle de acesso disponíveis no Eventarc.
Visão geral
O Eventarc usa o gerenciamento de identidade e acesso (IAM, na sigla em inglês) para controle de acesso.
Para uma introdução sobre o IAM e os recursos dele, consulte a
visão geral do IAM. Para saber como conceder e revogar acesso, consulte Como conceder, alterar e revogar o acesso a recursos.
Para ver listas de permissões e papéis compatíveis com o Eventarc, consulte as seções a seguir.
Como ativar a API Eventarc
Para visualizar e atribuir papéis do IAM para o Eventarc, é preciso ativar a API Eventarc no projeto. Você não conseguirá
ver os papéis do Eventarc no Console do Google Cloud
até ativar a API.
Ative a API
Papéis predefinidos
A tabela abaixo mostra os papéis de IAM do Eventarc com uma lista correspondente de todas as permissões que cada papel inclui.
Os papéis predefinidos abordam os casos de uso mais comuns. Se seu caso de uso não estiver coberto pelos papéis predefinidos, crie um papel personalizado do IAM.
Papéis do Eventarc
| Role |
Permissions |
Eventarc Admin
(roles/eventarc.admin)
Full control over all Eventarc resources.
Lowest-level resources where you can grant this role:
|
eventarc.*
eventarc.channelConnections.createeventarc.channelConnections.deleteeventarc.channelConnections.geteventarc.channelConnections.getIamPolicyeventarc.channelConnections.listeventarc.channelConnections.publisheventarc.channelConnections.setIamPolicyeventarc.channels.attacheventarc.channels.createeventarc.channels.deleteeventarc.channels.geteventarc.channels.getIamPolicyeventarc.channels.listeventarc.channels.publisheventarc.channels.setIamPolicyeventarc.channels.undeleteeventarc.channels.updateeventarc.events.receiveAuditLogWritteneventarc.events.receiveEventeventarc.googleChannelConfigs.geteventarc.googleChannelConfigs.updateeventarc.locations.geteventarc.locations.listeventarc.operations.canceleventarc.operations.deleteeventarc.operations.geteventarc.operations.listeventarc.providers.geteventarc.providers.listeventarc.triggers.createeventarc.triggers.deleteeventarc.triggers.geteventarc.triggers.getIamPolicyeventarc.triggers.listeventarc.triggers.setIamPolicyeventarc.triggers.undeleteeventarc.triggers.update
resourcemanager.projects.get
resourcemanager.projects.list
|
Eventarc Connection Publisher
Beta
(roles/eventarc.connectionPublisher)
Can publish events to Eventarc channel connections.
Lowest-level resources where you can grant this role:
|
eventarc.channelConnections.get
eventarc.channelConnections.list
eventarc.channelConnections.publish
resourcemanager.projects.get
resourcemanager.projects.list
|
Eventarc Developer
(roles/eventarc.developer)
Access to read and write Eventarc resources.
Lowest-level resources where you can grant this role:
|
eventarc.channelConnections.create
eventarc.channelConnections.delete
eventarc.channelConnections.get
eventarc.channelConnections.getIamPolicy
eventarc.channelConnections.list
eventarc.channelConnections.publish
eventarc.channels.attach
eventarc.channels.create
eventarc.channels.delete
eventarc.channels.get
eventarc.channels.getIamPolicy
eventarc.channels.list
eventarc.channels.publish
eventarc.channels.undelete
eventarc.channels.update
eventarc.googleChannelConfigs.*
eventarc.googleChannelConfigs.geteventarc.googleChannelConfigs.update
eventarc.locations.*
eventarc.locations.geteventarc.locations.list
eventarc.operations.*
eventarc.operations.canceleventarc.operations.deleteeventarc.operations.geteventarc.operations.list
eventarc.providers.*
eventarc.providers.geteventarc.providers.list
eventarc.triggers.create
eventarc.triggers.delete
eventarc.triggers.get
eventarc.triggers.getIamPolicy
eventarc.triggers.list
eventarc.triggers.undelete
eventarc.triggers.update
resourcemanager.projects.get
resourcemanager.projects.list
|
Eventarc Event Receiver
(roles/eventarc.eventReceiver)
Can receive events from all event providers.
Lowest-level resources where you can grant this role:
|
eventarc.events.*
eventarc.events.receiveAuditLogWritteneventarc.events.receiveEvent
|
Eventarc Publisher
Beta
(roles/eventarc.publisher)
Can publish events to Eventarc channels.
Lowest-level resources where you can grant this role:
|
eventarc.channels.get
eventarc.channels.list
eventarc.channels.publish
resourcemanager.projects.get
resourcemanager.projects.list
|
Eventarc Viewer
(roles/eventarc.viewer)
Can view the state of all Eventarc resources, including IAM policies.
Lowest-level resources where you can grant this role:
|
eventarc.channelConnections.get
eventarc.channelConnections.getIamPolicy
eventarc.channelConnections.list
eventarc.channels.get
eventarc.channels.getIamPolicy
eventarc.channels.list
eventarc.googleChannelConfigs.get
eventarc.locations.*
eventarc.locations.geteventarc.locations.list
eventarc.operations.get
eventarc.operations.list
eventarc.providers.*
eventarc.providers.geteventarc.providers.list
eventarc.triggers.get
eventarc.triggers.getIamPolicy
eventarc.triggers.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Para mais informações sobre os papéis e permissões do Eventarc, consulte Papéis e permissões.
Gerenciamento do IAM no nível do projeto
No nível do projeto, é possível conceder, alterar e revogar papéis do IAM
usando o Console do Google Cloud, a API IAM ou a CLI do Google Cloud.
Para instruções detalhadas, veja Como conceder, alterar e revogar acesso a recursos.
