本页面介绍 Eventarc 中可用的访问权限控制选项。
概览
Eventarc 使用 Identity and Access Management (IAM) 进行访问权限控制。
如需了解 IAM 及其功能,请参阅 IAM 概览。如需了解如何授予和撤消访问权限,请参阅授予、更改和撤消对资源的访问权限。
如需查看 Eventarc 支持的权限和角色列表,请参阅以下各部分。
启用 Eventarc API
如需查看和分配 Eventarc 的 IAM 角色,您必须为项目启用 Eventarc API。在启用此 API 之前,您无法在 Google Cloud 控制台中查看 Eventarc 角色。
预定义角色
下表列出了 Eventarc 预定义 IAM 角色以及每个角色包含的所有权限的列表。
预定义角色可满足大多数典型的用例。如果预定义角色无法满足您的用例,您可以创建 IAM 自定义角色。
Eventarc 角色
Role | Permissions |
---|---|
Eventarc Admin( Full control over all Eventarc resources. Lowest-level resources where you can grant this role:
|
eventarc.*
resourcemanager.projects.get resourcemanager.projects.list |
Eventarc Connection Publisher Beta( Can publish events to Eventarc channel connections. Lowest-level resources where you can grant this role:
|
eventarc. eventarc. eventarc. resourcemanager.projects.get resourcemanager.projects.list |
Eventarc Developer( Access to read and write Eventarc resources. Lowest-level resources where you can grant this role:
|
eventarc. eventarc. eventarc. eventarc. eventarc. eventarc. eventarc.channels.attach eventarc.channels.create eventarc.channels.delete eventarc.channels.get eventarc.channels.getIamPolicy eventarc.channels.list eventarc.channels.publish eventarc.channels.undelete eventarc.channels.update
eventarc.
eventarc.locations.*
eventarc.operations.*
eventarc.providers.*
eventarc.triggers.create eventarc.triggers.delete eventarc.triggers.get eventarc.triggers.getIamPolicy eventarc.triggers.list eventarc.triggers.undelete eventarc.triggers.update resourcemanager.projects.get resourcemanager.projects.list |
Eventarc Event Receiver( Can receive events from all event providers. Lowest-level resources where you can grant this role:
|
eventarc.events.*
|
Eventarc Publisher Beta( Can publish events to Eventarc channels. Lowest-level resources where you can grant this role:
|
eventarc.channels.get eventarc.channels.list eventarc.channels.publish resourcemanager.projects.get resourcemanager.projects.list |
Eventarc Viewer( Can view the state of all Eventarc resources, including IAM policies. Lowest-level resources where you can grant this role:
|
eventarc. eventarc. eventarc. eventarc.channels.get eventarc.channels.getIamPolicy eventarc.channels.list eventarc. eventarc.locations.*
eventarc.operations.get eventarc.operations.list eventarc.providers.*
eventarc.triggers.get eventarc.triggers.getIamPolicy eventarc.triggers.list resourcemanager.projects.get resourcemanager.projects.list |
如需详细了解 Eventarc 角色和权限,请参阅角色和权限。
项目级层 IAM 管理
在项目级层,您可以使用 Google Cloud Console、IAM API 或 Google Cloud CLI 来授予、更改和撤消 IAM 角色。如需了解说明,请参阅授予、更改和撤消对资源的访问权限。