使用 IAM 控制访问权限

概览

AML AI 使用 Identity and Access Management (IAM) 进行访问权限控制。

您可以在项目级为 Financial Services API 配置访问权限控制。例如,您可以向开发者授予列出和获取项目中的所有数据集的权限。

如需详细了解 IAM 及其功能,请参阅 IAM 文档。尤其应参阅管理 IAM 政策部分。

每种 AML AI 方法都要求调用者拥有必要的权限。如需了解详情,请参阅权限角色

权限

本部分汇总了 IAM 支持的 AML AI 权限。

所需权限

下表列出了与 AML AI 关联的 IAM 权限。

projects.locations 方法名称 所需权限
projects.locations.get 针对特定 Google Cloud 项目的 financialservices.locations.get 权限
projects.locations.list 针对特定 Google Cloud 项目的 financialservices.locations.list 权限
instances 方法名称 所需权限
instances.create 针对父级位置的 financialservices.v1instances.create 权限,即特定的 Google Cloud 项目和数据位置组合
instances.delete 针对实例资源的 financialservices.v1instances.delete 权限
instances.get 针对实例资源的 financialservices.v1instances.get 权限
instances.list 针对父级位置的 financialservices.v1instances.list 权限,即特定的 Google Cloud 项目和数据位置组合
instances.patch 针对实例资源的 financialservices.v1instances.update 权限
instances.importRegisteredParties 针对实例资源的 financialservices.v1instances.importRegisteredParties 权限
instances.exportRegisteredParties 针对实例资源的 financialservices.v1instances.exportRegisteredParties 权限
instances.engineConfigs 方法名称 所需权限
instances.engineConfigs.create 针对父实例的 financialservices.v1engineconfigs.create 权限
instances.engineConfigs.delete 针对引擎配置资源的 financialservices.v1engineconfigs.delete 权限
instances.engineConfigs.get 针对引擎配置资源的 financialservices.v1engineconfigs.get 权限
instances.engineConfigs.list 针对父实例的 financialservices.v1engineconfigs.list 权限
instances.engineConfigs.patch 针对引擎配置资源的 financialservices.v1engineconfigs.update 权限
instances.engineConfigs.exportMetadata 针对引擎配置资源的 financialservices.v1engineconfigs.exportMetadata 权限
instances.engineVersions 方法名称 所需权限
instances.engineVersions.get 针对引擎版本资源的 financialservices.v1engineversions.get 权限
instances.engineVersions.list 针对父实例的 financialservices.v1engineversions.list 权限
instances.datasets 方法名称 所需权限
instances.datasets.create 针对父实例的 financialservices.v1datasets.create 权限
instances.datasets.delete 针对数据集资源的 financialservices.v1datasets.delete 权限
instances.datasets.get 针对数据集资源的 financialservices.v1datasets.get 权限
instances.datasets.list 针对父实例的 financialservices.v1datasets.list 权限
instances.datasets.patch 针对数据集资源的 financialservices.v1datasets.update 权限
instances.models 方法名称 所需权限
instances.models.create 针对父实例的 financialservices.v1models.create 权限
instances.models.delete 针对模型资源的 financialservices.v1models.delete 权限
instances.models.get 针对模型资源的 financialservices.v1models.get 权限
instances.models.list 针对父实例的 financialservices.v1models.list 权限
instances.models.patch 针对模型资源的 financialservices.v1models.update 权限
instances.models.exportMetadata 针对模型资源的 financialservices.v1models.exportMetadata 权限
instances.backtestResults 方法名称 所需权限
instances.backtestResults.create 针对父实例的 financialservices.v1backtests.create 权限
instances.backtestResults.delete 针对回测结果资源的 financialservices.v1backtests.delete 权限
instances.backtestResults.get 针对回测结果资源的 financialservices.v1backtests.get 权限
instances.backtestResults.list 针对父实例的 financialservices.v1backtests.list 权限
instances.backtestResults.patch 针对回测结果资源的 financialservices.v1backtests.update 权限
instances.backtestResults.exportMetadata 针对回测结果资源的 financialservices.v1backtests.exportMetadata 权限
instances.predictionResults 方法名称 所需权限
instances.predictionResults.create 针对父实例的 financialservices.v1predictions.create 权限
instances.predictionResults.delete 针对预测结果资源的 financialservices.v1predictions.delete 权限
instances.predictionResults.get 针对预测结果资源的 financialservices.v1predictions.get 权限
instances.predictionResults.list 针对父实例的 financialservices.v1predictions.list 权限
instances.predictionResults.patch 针对预测结果资源的 financialservices.v1predictions.update 权限
instances.predictionResults.exportMetadata 针对预测结果资源的 financialservices.v1predictions.exportMetadata 权限

以下方法继承自 google.longrunning.Operations

operations 方法名称 所需权限
operations.cancel 对特定 Google Cloud 项目的 financialservices.operations.cancel 权限
operations.delete 对特定 Google Cloud 项目的 financialservices.operations.delete 权限
operations.get 针对特定 Google Cloud 项目的 financialservices.operations.get 权限
operations.list 对特定 Google Cloud 项目的 financialservices.operations.list 权限

角色

下表列出了 AML AI IAM 角色,包括与每个角色关联的权限:

IAM 角色 权限

(roles/financialservices.viewer)

拥有对所有 Financial Services API 资源的查看权限。

financialservices.locations.*

  • financialservices.locations.get
  • financialservices.locations.list

financialservices.operations.get

financialservices.operations.list

financialservices.v1backtests.exportMetadata

financialservices.v1backtests.get

financialservices.v1backtests.list

financialservices.v1datasets.get

financialservices.v1datasets.list

financialservices.v1engineconfigs.exportMetadata

financialservices.v1engineconfigs.get

financialservices.v1engineconfigs.list

financialservices.v1engineversions.*

  • financialservices.v1engineversions.get
  • financialservices.v1engineversions.list

financialservices.v1instances.exportRegisteredParties

financialservices.v1instances.get

financialservices.v1instances.list

financialservices.v1models.exportMetadata

financialservices.v1models.get

financialservices.v1models.list

financialservices.v1predictions.exportMetadata

financialservices.v1predictions.get

financialservices.v1predictions.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/financialservices.admin)

拥有对所有 Financial Services API 资源的完整访问权限。

financialservices.*

  • financialservices.locations.get
  • financialservices.locations.list
  • financialservices.operations.cancel
  • financialservices.operations.delete
  • financialservices.operations.get
  • financialservices.operations.list
  • financialservices.v1backtests.create
  • financialservices.v1backtests.delete
  • financialservices.v1backtests.exportMetadata
  • financialservices.v1backtests.get
  • financialservices.v1backtests.list
  • financialservices.v1backtests.update
  • financialservices.v1datasets.create
  • financialservices.v1datasets.delete
  • financialservices.v1datasets.get
  • financialservices.v1datasets.list
  • financialservices.v1datasets.update
  • financialservices.v1engineconfigs.create
  • financialservices.v1engineconfigs.delete
  • financialservices.v1engineconfigs.exportMetadata
  • financialservices.v1engineconfigs.get
  • financialservices.v1engineconfigs.list
  • financialservices.v1engineconfigs.update
  • financialservices.v1engineversions.get
  • financialservices.v1engineversions.list
  • financialservices.v1instances.create
  • financialservices.v1instances.delete
  • financialservices.v1instances.exportRegisteredParties
  • financialservices.v1instances.get
  • financialservices.v1instances.importRegisteredParties
  • financialservices.v1instances.list
  • financialservices.v1instances.update
  • financialservices.v1models.create
  • financialservices.v1models.delete
  • financialservices.v1models.exportMetadata
  • financialservices.v1models.get
  • financialservices.v1models.list
  • financialservices.v1models.update
  • financialservices.v1predictions.create
  • financialservices.v1predictions.delete
  • financialservices.v1predictions.exportMetadata
  • financialservices.v1predictions.get
  • financialservices.v1predictions.list
  • financialservices.v1predictions.update

resourcemanager.projects.get

resourcemanager.projects.list

如需详细了解角色,请参阅 IAM 基本和预定义角色参考文档