Nesta página, descrevemos as opções de controle de acesso disponíveis no Eventarc.
Informações gerais
O Eventarc usa o gerenciamento de identidade e acesso (IAM, na sigla em inglês) para controle de acesso.
Para uma introdução sobre o IAM e os recursos dele, consulte a
visão geral do IAM. Para saber como conceder e
revogar o acesso, consulte
Gerenciar o acesso a projetos, pastas e organizações.
Para ver listas de permissões e papéis compatíveis com o Eventarc, consulte as seções a seguir.
Ativar a API Eventarc
Para visualizar e atribuir papéis do IAM para o Eventarc, é preciso ativar a API Eventarc no projeto. Não será possível
ver os papéis do Eventarc no console do Google Cloud
até que você ative a API.
Enable the API
Papéis predefinidos
A tabela abaixo mostra os papéis de IAM do Eventarc com uma lista correspondente de todas as permissões que cada papel inclui.
Os papéis predefinidos abordam os casos de uso mais comuns. Se seu caso de uso não estiver coberto pelos papéis predefinidos, crie um papel personalizado do IAM.
Papéis do Eventarc
Role |
Permissions |
Eventarc Admin
(roles/eventarc.admin )
Full control over all Eventarc resources.
Lowest-level resources where you can grant this role:
|
eventarc.*
eventarc.channelConnections.create
eventarc.channelConnections.delete
eventarc.channelConnections.get
eventarc.channelConnections.getIamPolicy
eventarc.channelConnections.list
eventarc.channelConnections.publish
eventarc.channelConnections.setIamPolicy
eventarc.channels.attach
eventarc.channels.create
eventarc.channels.delete
eventarc.channels.get
eventarc.channels.getIamPolicy
eventarc.channels.list
eventarc.channels.publish
eventarc.channels.setIamPolicy
eventarc.channels.undelete
eventarc.channels.update
eventarc.enrollments.create
eventarc.enrollments.delete
eventarc.enrollments.get
eventarc.enrollments.getIamPolicy
eventarc.enrollments.list
eventarc.enrollments.setIamPolicy
eventarc.enrollments.update
eventarc.events.receiveAuditLogWritten
eventarc.events.receiveEvent
eventarc.googleApiSources.create
eventarc.googleApiSources.delete
eventarc.googleApiSources.get
eventarc.googleApiSources.getIamPolicy
eventarc.googleApiSources.list
eventarc.googleApiSources.setIamPolicy
eventarc.googleApiSources.update
eventarc.googleChannelConfigs.get
eventarc.googleChannelConfigs.update
eventarc.locations.get
eventarc.locations.list
eventarc.messageBuses.create
eventarc.messageBuses.delete
eventarc.messageBuses.get
eventarc.messageBuses.getIamPolicy
eventarc.messageBuses.list
eventarc.messageBuses.publish
eventarc.messageBuses.setIamPolicy
eventarc.messageBuses.update
eventarc.messageBuses.use
eventarc.operations.cancel
eventarc.operations.delete
eventarc.operations.get
eventarc.operations.list
eventarc.pipelines.create
eventarc.pipelines.delete
eventarc.pipelines.get
eventarc.pipelines.getIamPolicy
eventarc.pipelines.list
eventarc.pipelines.setIamPolicy
eventarc.pipelines.update
eventarc.providers.get
eventarc.providers.list
eventarc.triggers.create
eventarc.triggers.delete
eventarc.triggers.get
eventarc.triggers.getIamPolicy
eventarc.triggers.list
eventarc.triggers.setIamPolicy
eventarc.triggers.undelete
eventarc.triggers.update
resourcemanager.projects.get
resourcemanager.projects.list
|
Eventarc Connection Publisher
Beta
(roles/eventarc.connectionPublisher )
Can publish events to Eventarc channel connections.
Lowest-level resources where you can grant this role:
|
eventarc.channelConnections.get
eventarc.channelConnections.list
eventarc.channelConnections.publish
resourcemanager.projects.get
resourcemanager.projects.list
|
Eventarc Developer
(roles/eventarc.developer )
Access to read and write Eventarc resources.
Lowest-level resources where you can grant this role:
|
eventarc.channelConnections.create
eventarc.channelConnections.delete
eventarc.channelConnections.get
eventarc.channelConnections.getIamPolicy
eventarc.channelConnections.list
eventarc.channelConnections.publish
eventarc.channels.attach
eventarc.channels.create
eventarc.channels.delete
eventarc.channels.get
eventarc.channels.getIamPolicy
eventarc.channels.list
eventarc.channels.publish
eventarc.channels.undelete
eventarc.channels.update
eventarc.enrollments.create
eventarc.enrollments.delete
eventarc.enrollments.get
eventarc.enrollments.getIamPolicy
eventarc.enrollments.list
eventarc.enrollments.update
eventarc.googleApiSources.create
eventarc.googleApiSources.delete
eventarc.googleApiSources.get
eventarc.googleApiSources.getIamPolicy
eventarc.googleApiSources.list
eventarc.googleApiSources.update
eventarc.googleChannelConfigs.*
eventarc.googleChannelConfigs.get
eventarc.googleChannelConfigs.update
eventarc.locations.*
eventarc.locations.get
eventarc.locations.list
eventarc.operations.*
eventarc.operations.cancel
eventarc.operations.delete
eventarc.operations.get
eventarc.operations.list
eventarc.pipelines.create
eventarc.pipelines.delete
eventarc.pipelines.get
eventarc.pipelines.getIamPolicy
eventarc.pipelines.list
eventarc.pipelines.update
eventarc.providers.*
eventarc.providers.get
eventarc.providers.list
eventarc.triggers.create
eventarc.triggers.delete
eventarc.triggers.get
eventarc.triggers.getIamPolicy
eventarc.triggers.list
eventarc.triggers.undelete
eventarc.triggers.update
resourcemanager.projects.get
resourcemanager.projects.list
|
Eventarc Event Receiver
(roles/eventarc.eventReceiver )
Can receive events from all event providers.
Lowest-level resources where you can grant this role:
|
eventarc.events.*
eventarc.events.receiveAuditLogWritten
eventarc.events.receiveEvent
|
Eventarc Message Bus Admin
Beta
(roles/eventarc.messageBusAdmin )
Full control over Message Buses resources.
|
eventarc.messageBuses.create
eventarc.messageBuses.delete
eventarc.messageBuses.get
eventarc.messageBuses.getIamPolicy
eventarc.messageBuses.list
eventarc.messageBuses.publish
eventarc.messageBuses.update
eventarc.messageBuses.use
|
Eventarc Message Bus User
Beta
(roles/eventarc.messageBusUser )
Access to publish to or bind to a Message Bus.
|
eventarc.messageBuses.get
eventarc.messageBuses.list
eventarc.messageBuses.publish
eventarc.messageBuses.use
|
Eventarc Publisher
Beta
(roles/eventarc.publisher )
Can publish events to Eventarc channels.
Lowest-level resources where you can grant this role:
|
eventarc.channels.get
eventarc.channels.list
eventarc.channels.publish
resourcemanager.projects.get
resourcemanager.projects.list
|
Eventarc Viewer
(roles/eventarc.viewer )
Can view the state of all Eventarc resources, including IAM policies.
Lowest-level resources where you can grant this role:
|
eventarc.channelConnections.get
eventarc.channelConnections.getIamPolicy
eventarc.channelConnections.list
eventarc.channels.get
eventarc.channels.getIamPolicy
eventarc.channels.list
eventarc.enrollments.get
eventarc.enrollments.getIamPolicy
eventarc.enrollments.list
eventarc.googleApiSources.get
eventarc.googleApiSources.getIamPolicy
eventarc.googleApiSources.list
eventarc.googleChannelConfigs.get
eventarc.locations.*
eventarc.locations.get
eventarc.locations.list
eventarc.messageBuses.get
eventarc.messageBuses.getIamPolicy
eventarc.messageBuses.list
eventarc.messageBuses.use
eventarc.operations.get
eventarc.operations.list
eventarc.pipelines.get
eventarc.pipelines.getIamPolicy
eventarc.pipelines.list
eventarc.providers.*
eventarc.providers.get
eventarc.providers.list
eventarc.triggers.get
eventarc.triggers.getIamPolicy
eventarc.triggers.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Para mais informações sobre os papéis e permissões do Eventarc, consulte Papéis e permissões.
Gerenciamento do IAM no nível do projeto
No nível do projeto, é possível conceder, alterar e revogar papéis do IAM
usando o Console do Google Cloud, a API IAM ou a CLI do Google Cloud.
Para mais instruções, consulte
Gerenciar o acesso a projetos, pastas e organizações.