拒否ポリシーでサポートされる権限

Identity and Access Management(IAM)の権限の一部(すべてではありません)を拒否ポリシーで使用できます。

拒否ポリシーには、IAM v2beta 権限形式(SERVICE_FQDN/RESOURCE.ACTION)が必要です。SERVICE_FQDN の値は通常、v1 API の SERVICE_ID の値の後に .googleapis.com を付けたものです。たとえば、ロールを削除する権限は iam.googleapis.com/roles.delete です。例外については、このページに記載されています。

サポートされている権限

次の表に、拒否ポリシーで使用できる権限を示します。

検索するテキスト ボックスに、目的のサービスまたは権限名を入力します。

サービス サポートされている権限
API キー

apikeys.googleapis.com/apiKeys.regenerate

apikeys.googleapis.com/apiKeys.revert

apikeys.googleapis.com/keys.create

apikeys.googleapis.com/keys.delete

apikeys.googleapis.com/keys.get

apikeys.googleapis.com/keys.list

apikeys.googleapis.com/keys.lookup

apikeys.googleapis.com/keys.update

Client Auth Config

clientauthconfig.googleapis.com/brands.create

clientauthconfig.googleapis.com/brands.delete

clientauthconfig.googleapis.com/brands.update

clientauthconfig.googleapis.com/clients.create

clientauthconfig.googleapis.com/clients.createSecret

clientauthconfig.googleapis.com/clients.delete

clientauthconfig.googleapis.com/clients.get

clientauthconfig.googleapis.com/clients.getWithSecret

clientauthconfig.googleapis.com/clients.listWithSecrets

clientauthconfig.googleapis.com/clients.undelete

clientauthconfig.googleapis.com/clients.update

Resource Manager

cloudresourcemanager.googleapis.com/folders.create

cloudresourcemanager.googleapis.com/folders.delete

cloudresourcemanager.googleapis.com/folders.get

cloudresourcemanager.googleapis.com/folders.getIamPolicy

cloudresourcemanager.googleapis.com/folders.list

cloudresourcemanager.googleapis.com/folders.move

cloudresourcemanager.googleapis.com/folders.setIamPolicy

cloudresourcemanager.googleapis.com/folders.undelete

cloudresourcemanager.googleapis.com/folders.update

cloudresourcemanager.googleapis.com/organizations.get

cloudresourcemanager.googleapis.com/organizations.getIamPolicy

cloudresourcemanager.googleapis.com/organizations.setIamPolicy

cloudresourcemanager.googleapis.com/projects.create

cloudresourcemanager.googleapis.com/projects.createBillingAssignment

cloudresourcemanager.googleapis.com/projects.delete

cloudresourcemanager.googleapis.com/projects.deleteBillingAssignment

cloudresourcemanager.googleapis.com/projects.get

cloudresourcemanager.googleapis.com/projects.getIamPolicy

cloudresourcemanager.googleapis.com/projects.move

cloudresourcemanager.googleapis.com/projects.setIamPolicy

cloudresourcemanager.googleapis.com/projects.undelete

cloudresourcemanager.googleapis.com/projects.update

cloudresourcemanager.googleapis.com/projects.updateLiens

Compute Engine

compute.googleapis.com/oslogin.updateExternalUser

Cloud DNS

dns.googleapis.com/changes.create

dns.googleapis.com/changes.get

dns.googleapis.com/changes.list

dns.googleapis.com/dnsKeys.get

dns.googleapis.com/dnsKeys.list

dns.googleapis.com/managedZoneOperations.get

dns.googleapis.com/managedZoneOperations.list

dns.googleapis.com/managedZones.create

dns.googleapis.com/managedZones.delete

dns.googleapis.com/managedZones.get

dns.googleapis.com/managedZones.list

dns.googleapis.com/managedZones.update

dns.googleapis.com/policies.create

dns.googleapis.com/policies.delete

dns.googleapis.com/policies.get

dns.googleapis.com/policies.list

dns.googleapis.com/policies.update

dns.googleapis.com/projects.get

dns.googleapis.com/resourceRecordSets.create

dns.googleapis.com/resourceRecordSets.delete

dns.googleapis.com/resourceRecordSets.get

dns.googleapis.com/resourceRecordSets.list

dns.googleapis.com/resourceRecordSets.update

Identity and Access Management

iam.googleapis.com/roles.create

iam.googleapis.com/roles.delete

iam.googleapis.com/roles.get

iam.googleapis.com/roles.list

iam.googleapis.com/roles.undelete

iam.googleapis.com/roles.update

iam.googleapis.com/serviceAccountKeys.create

iam.googleapis.com/serviceAccountKeys.delete

iam.googleapis.com/serviceAccountKeys.get

iam.googleapis.com/serviceAccountKeys.list

iam.googleapis.com/serviceAccounts.create

iam.googleapis.com/serviceAccounts.delete

iam.googleapis.com/serviceAccounts.disable

iam.googleapis.com/serviceAccounts.enable

iam.googleapis.com/serviceAccounts.get

iam.googleapis.com/serviceAccounts.getAccessToken

iam.googleapis.com/serviceAccounts.getIamPolicy

iam.googleapis.com/serviceAccounts.getOpenIdToken

iam.googleapis.com/serviceAccounts.implicitDelegation

iam.googleapis.com/serviceAccounts.list

iam.googleapis.com/serviceAccounts.setIamPolicy

iam.googleapis.com/serviceAccounts.signBlob

iam.googleapis.com/serviceAccounts.signJwt

iam.googleapis.com/serviceAccounts.undelete

iam.googleapis.com/serviceAccounts.update

iam.googleapis.com/workloadIdentityPoolProviders.create

iam.googleapis.com/workloadIdentityPoolProviders.delete

iam.googleapis.com/workloadIdentityPoolProviders.get

iam.googleapis.com/workloadIdentityPoolProviders.list

iam.googleapis.com/workloadIdentityPoolProviders.undelete

iam.googleapis.com/workloadIdentityPoolProviders.update

iam.googleapis.com/workloadIdentityPools.create

iam.googleapis.com/workloadIdentityPools.delete

iam.googleapis.com/workloadIdentityPools.get

iam.googleapis.com/workloadIdentityPools.list

iam.googleapis.com/workloadIdentityPools.undelete

iam.googleapis.com/workloadIdentityPools.update

組織のポリシーのサービス

orgpolicy.googleapis.com/policy.set

Security Command Center

securitycenter.googleapis.com/assets.group

securitycenter.googleapis.com/assets.list

securitycenter.googleapis.com/assets.listAssetPropertyNames

securitycenter.googleapis.com/assets.runDiscovery

securitycenter.googleapis.com/assetsecuritymarks.update

securitycenter.googleapis.com/containerthreatdetectionsettings.calculate

securitycenter.googleapis.com/containerthreatdetectionsettings.get

securitycenter.googleapis.com/containerthreatdetectionsettings.update

securitycenter.googleapis.com/eventthreatdetectionsettings.calculate

securitycenter.googleapis.com/eventthreatdetectionsettings.get

securitycenter.googleapis.com/eventthreatdetectionsettings.update

securitycenter.googleapis.com/findings.bulkMuteUpdate

securitycenter.googleapis.com/findings.group

securitycenter.googleapis.com/findings.list

securitycenter.googleapis.com/findings.listFindingPropertyNames

securitycenter.googleapis.com/findings.setMute

securitycenter.googleapis.com/findings.setState

securitycenter.googleapis.com/findings.setWorkflowState

securitycenter.googleapis.com/findings.update

securitycenter.googleapis.com/findingsecuritymarks.update

securitycenter.googleapis.com/muteconfigs.create

securitycenter.googleapis.com/muteconfigs.delete

securitycenter.googleapis.com/muteconfigs.get

securitycenter.googleapis.com/muteconfigs.list

securitycenter.googleapis.com/muteconfigs.update

securitycenter.googleapis.com/notificationconfig.create

securitycenter.googleapis.com/notificationconfig.delete

securitycenter.googleapis.com/notificationconfig.get

securitycenter.googleapis.com/notificationconfig.list

securitycenter.googleapis.com/notificationconfig.update

securitycenter.googleapis.com/organizationsettings.get

securitycenter.googleapis.com/organizationsettings.update

securitycenter.googleapis.com/securitycentersettings.get

securitycenter.googleapis.com/securitycentersettings.update

securitycenter.googleapis.com/securityhealthanalyticssettings.calculate

securitycenter.googleapis.com/securityhealthanalyticssettings.get

securitycenter.googleapis.com/securityhealthanalyticssettings.update

securitycenter.googleapis.com/sources.get

securitycenter.googleapis.com/sources.getIamPolicy

securitycenter.googleapis.com/sources.list

securitycenter.googleapis.com/sources.setIamPolicy

securitycenter.googleapis.com/sources.update

securitycenter.googleapis.com/subscription.get

securitycenter.googleapis.com/userinterfacemetadata.get

securitycenter.googleapis.com/websecurityscannersettings.calculate

securitycenter.googleapis.com/websecurityscannersettings.get

securitycenter.googleapis.com/websecurityscannersettings.update

サービス ネットワーキング

servicenetworking.googleapis.com/services.addPeering

servicenetworking.googleapis.com/services.get

Service Usage

serviceusage.googleapis.com/operations.cancel

serviceusage.googleapis.com/operations.delete

serviceusage.googleapis.com/operations.get

serviceusage.googleapis.com/operations.list

serviceusage.googleapis.com/quotas.get

serviceusage.googleapis.com/quotas.update

serviceusage.googleapis.com/services.disable

serviceusage.googleapis.com/services.enable

serviceusage.googleapis.com/services.get

serviceusage.googleapis.com/services.list

serviceusage.googleapis.com/services.use

Cloud Storage

storage.googleapis.com/buckets.create

storage.googleapis.com/buckets.createTagBinding

storage.googleapis.com/buckets.delete

storage.googleapis.com/buckets.deleteTagBinding

storage.googleapis.com/buckets.get

storage.googleapis.com/buckets.getIamPolicy

storage.googleapis.com/buckets.list

storage.googleapis.com/buckets.listTagBindings

storage.googleapis.com/buckets.setIamPolicy

storage.googleapis.com/buckets.update

storage.googleapis.com/hmacKeys.create

storage.googleapis.com/hmacKeys.delete

storage.googleapis.com/hmacKeys.get

storage.googleapis.com/hmacKeys.list

storage.googleapis.com/hmacKeys.update

storage.googleapis.com/multipartUploads.abort

storage.googleapis.com/multipartUploads.create

storage.googleapis.com/multipartUploads.list

storage.googleapis.com/multipartUploads.listParts

サーバーレス VPC アクセス

vpcaccess.googleapis.com/connectors.create

vpcaccess.googleapis.com/connectors.delete

vpcaccess.googleapis.com/connectors.get

vpcaccess.googleapis.com/connectors.list

vpcaccess.googleapis.com/connectors.use

vpcaccess.googleapis.com/locations.list

vpcaccess.googleapis.com/operations.get

vpcaccess.googleapis.com/operations.list