某些 Identity and Access Management (IAM) 功能(例如排查访问权限问题和查看可针对资源授予的角色)会要求您提供完整资源名称。
本页面提供了常用 Google Cloud 服务的完整资源名称示例,但这并非完整列表。如需详细了解完整资源名称的格式,请参阅 API 设计指南的资源名称部分。
| 资源类型 | 完整资源名称格式 |
|---|---|
| BigQuery 数据集 | //bigquery.googleapis.com/projects/PROJECT_ID/datasets/DATASET_ID |
| Cloud Billing 账号 | //cloudbilling.googleapis.com/billingAccounts/BILLING_ACCOUNT_ID |
| Cloud Run 服务 | //run.googleapis.com/projects/PROJECT_ID/locations/LOCATION_ID/services/SERVICE_ID |
| Spanner 实例 | //spanner.googleapis.com/projects/PROJECT_ID/instances/INSTANCE_ID |
| Cloud SQL 实例 | //sqladmin.googleapis.com/projects/PROJECT_ID/instances/INSTANCE_ID |
| Cloud Storage 存储分区1 | //storage.googleapis.com/projects/_/buckets/BUCKET_ID |
| Compute Engine 实例 | //compute.googleapis.com/projects/PROJECT_ID/zones/ZONE/instances/INSTANCE_ID |
| Compute Engine 网络 | //compute.googleapis.com/projects/PROJECT_ID/global/networks/NETWORK |
| Compute Engine 子网 | //compute.googleapis.com/projects/PROJECT_ID/regions/REGION/subnetworks/SUBNETWORK |
| Google Kubernetes Engine 集群 | //container.googleapis.com/projects/PROJECT_ID/clusters/CLUSTER_ID |
| IAM 服务账号 | //iam.googleapis.com/projects/PROJECT_ID/ |
| IAM 服务账号密钥 | //iam.googleapis.com/projects/PROJECT_ID/ |
| Identity-Aware Proxy App Engine 应用服务 | //iap.googleapis.com/projects/PROJECT_NUMBER/iap_web/appengine-PROJECT_ID/services/APP_SERVICE_ID |
| Identity-Aware Proxy Compute Engine 后端服务 | //iap.googleapis.com/projects/PROJECT_NUMBER/iap_web/compute/services/BACKEND_SERVICE_ID_OR_NAME |
| Pub/Sub 主题 | //pubsub.googleapis.com/projects/PROJECT_ID/topics/TOPIC_ID |
| Resource Manager 组织 | //cloudresourcemanager.googleapis.com/organizations/ORGANIZATION_NUMBER |
| Resource Manager 文件夹 | //cloudresourcemanager.googleapis.com/folders/FOLDER_NUMBER |
| Resource Manager 项目 | //cloudresourcemanager.googleapis.com/projects/PROJECT_ID |
1 此处显示的格式与 IAM 兼容。某些服务对此资源类型使用的格式有所不同。
后续步骤
- 了解如何排查资源的访问权限问题。
- 了解如何查看您可以针对资源授予的角色。