了解角色

使用集合让一切井井有条 根据您的偏好保存内容并对其进行分类。

本页面介绍 IAM 角色,并列出了您可以授予主帐号的预定义角色。

一个角色包含一组权限,可让您对 Google Cloud 资源执行特定操作。如需向主帐号(包括用户、群组和服务帐号)提供权限,您可以向主帐号授予角色。

本指南的先决条件

角色类型

IAM 中有三种类型的角色:

  • 基本角色:包括在引入 IAM 之前已存在的 Owner、Editor 和 Viewer 角色。
  • 预定义角色:针对特定服务提供精细访问权限,并由 Google Cloud 管理。
  • 自定义角色:根据用户指定的权限列表提供精细访问权限。

要确定基本角色、预定义角色或自定义角色中是否包含某项权限,您可以使用以下方法之一:

  • 运行 gcloud iam roles describe 命令可以列出角色中的权限。
  • 调用 roles.get() REST API 方法可以列出角色中的权限。
  • 仅适用于基本角色和预定义角色:搜索权限参考以查看该角色是否授予权限。
  • 仅适用于预定义角色:在本页上搜索预定义角色说明以查看该角色包含的权限。

以下各部分介绍了每种角色类型并提供了有关如何使用它们的示例。

基本角色

在引入 IAM 之前已存在多个基本角色:Owner、Editor 和 Viewer。这些角色是嵌套的;也就是说,Owner 角色具有 Editor 角色的权限,而 Editor 角色又具有 Viewer 角色的权限。它们最初称为“原初角色”。

下表汇总了基本角色针对所有 Google Cloud 服务所具有的权限:

基本角色定义

名称 称谓 权限
roles/viewer Viewer 拥有执行不会影响状态的只读操作的权限,例如查看(但无法修改)现有资源或数据。
roles/editor Editor 拥有所有查看权限,以及修改状态的操作(例如更改现有资源)的权限。
注意:Editor 角色包含为大多数 Google Cloud 服务创建和删除资源的权限。但是,它不包含对所有服务执行所有操作的权限。如需详细了解如何检查某个角色是否具有您所需的权限,请参阅本页面中的角色类型
roles/owner 所有者 拥有 Editor 的所有权限,此外还有权执行以下操作:
  • 管理项目和项目中所有资源的角色和权限。
  • 为项目设置结算。
注意
  • 在资源级层(如 Pub/Sub 主题)授予 Owner 角色并不会授予父级项目上的 Owner 角色。
  • 因此,在组织级层获授 Owner 角色后,您不能更新组织的元数据,不过您可以修改组织下的所有项目和其他资源。
  • 如需向组织外部的用户授予项目的 Owner 角色,您必须使用 Google Cloud 控制台,而不能使用 gcloud CLI。如果您的项目不属于组织,则必须使用 Google Cloud 控制台授予 Owner 角色。

您可以使用 Google Cloud 控制台、API 和 gcloud CLI 授予基本角色。如需授予项目、文件夹或组织的基本角色,请参阅管理对项目、文件夹和组织的访问权限。如需授予其他资源的基本角色,请参阅管理对其他资源的访问权限

预定义角色

除了基本角色之外,IAM 还提供其他预定义角色,这些角色可提供对特定 Google Cloud 资源的精细访问权限,同时阻止对其他资源的不必要的访问。 这些角色由 Google 创建和维护。Google 会根据需要自动更新其权限,例如 Google Cloud 添加新功能或服务时。

下表列出了这些角色、说明以及可设置这些角色的最低级层的资源类型。您可以为此资源类型授予特定角色,或者在大多数情况下可以为该类型在 Google Cloud 资源层次结构中的任何上级类型授予特定角色。

您可以在资源层次结构的任何级层向同一用户授予多个角色。例如,同一位用户可以拥有项目上的 Compute Network Admin 和 Logs Viewer 角色,并且对该项目中的 Pub/Sub 主题具有 Pub/Sub Publisher 角色。如需列出角色中包含的权限,请参阅获取角色元数据

如需有关选择最合适的预定义角色的帮助,请参阅选择预定义角色

Access Approval 角色

角色 权限

roles/accessapproval.approver

能够查看或操作访问权限审批请求以及查看配置

包含 3 项所有者权限

accessapproval.requests.*

  • accessapproval.requests.approve
  • accessapproval.requests.dismiss
  • accessapproval.requests.get
  • accessapproval.requests.invalidate
  • accessapproval.requests.list

accessapproval.serviceAccounts.get

accessapproval.settings.get

resourcemanager.projects.get

resourcemanager.projects.list

roles/accessapproval.configEditor

能够更新访问权限审批配置

包含 2 项所有者权限

accessapproval.serviceAccounts.get

accessapproval.settings.*

  • accessapproval.settings.delete
  • accessapproval.settings.get
  • accessapproval.settings.update

resourcemanager.projects.get

resourcemanager.projects.list

roles/accessapproval.invalidator

可使当前已获批准的审批请求失效

包含 1 项所有者权限

accessapproval.requests.invalidate

accessapproval.serviceAccounts.get

accessapproval.settings.get

resourcemanager.projects.get

resourcemanager.projects.list

roles/accessapproval.viewer

可查看访问权限审批请求和配置

accessapproval.requests.get

accessapproval.requests.list

accessapproval.serviceAccounts.get

accessapproval.settings.get

resourcemanager.projects.get

resourcemanager.projects.list

Access Context Manager 角色

角色 权限

roles/accesscontextmanager.gcpAccessAdmin

可以创建、修改和更改 Cloud 访问权限绑定。

accesscontextmanager.gcpUserAccessBindings.*

  • accesscontextmanager.gcpUserAccessBindings.create
  • accesscontextmanager.gcpUserAccessBindings.delete
  • accesscontextmanager.gcpUserAccessBindings.get
  • accesscontextmanager.gcpUserAccessBindings.list
  • accesscontextmanager.gcpUserAccessBindings.update

roles/accesscontextmanager.gcpAccessReader

拥有对 Cloud 访问权限绑定的读取权限。

accesscontextmanager.gcpUserAccessBindings.get

accesscontextmanager.gcpUserAccessBindings.list

roles/accesscontextmanager.policyAdmin

拥有对政策、访问权限级别和访问区域的完整访问权限

包含 2 项所有者权限

accesscontextmanager.accessLevels.*

  • accesscontextmanager.accessLevels.create
  • accesscontextmanager.accessLevels.delete
  • accesscontextmanager.accessLevels.get
  • accesscontextmanager.accessLevels.list
  • accesscontextmanager.accessLevels.replaceAll
  • accesscontextmanager.accessLevels.update

accesscontextmanager.accessPolicies.*

  • accesscontextmanager.accessPolicies.create
  • accesscontextmanager.accessPolicies.delete
  • accesscontextmanager.accessPolicies.get
  • accesscontextmanager.accessPolicies.getIamPolicy
  • accesscontextmanager.accessPolicies.list
  • accesscontextmanager.accessPolicies.setIamPolicy
  • accesscontextmanager.accessPolicies.update

accesscontextmanager.accessZones.*

  • accesscontextmanager.accessZones.create
  • accesscontextmanager.accessZones.delete
  • accesscontextmanager.accessZones.get
  • accesscontextmanager.accessZones.list
  • accesscontextmanager.accessZones.update

accesscontextmanager.policies.*

  • accesscontextmanager.policies.create
  • accesscontextmanager.policies.delete
  • accesscontextmanager.policies.get
  • accesscontextmanager.policies.getIamPolicy
  • accesscontextmanager.policies.list
  • accesscontextmanager.policies.setIamPolicy
  • accesscontextmanager.policies.update

accesscontextmanager.servicePerimeters.*

  • accesscontextmanager.servicePerimeters.commit
  • accesscontextmanager.servicePerimeters.create
  • accesscontextmanager.servicePerimeters.delete
  • accesscontextmanager.servicePerimeters.get
  • accesscontextmanager.servicePerimeters.list
  • accesscontextmanager.servicePerimeters.replaceAll
  • accesscontextmanager.servicePerimeters.update

cloudasset.assets.searchAllResources

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

roles/accesscontextmanager.policyEditor

拥有对政策的修改权限。可创建、修改和更改访问权限级别和访问区域。

accesscontextmanager.accessLevels.*

  • accesscontextmanager.accessLevels.create
  • accesscontextmanager.accessLevels.delete
  • accesscontextmanager.accessLevels.get
  • accesscontextmanager.accessLevels.list
  • accesscontextmanager.accessLevels.replaceAll
  • accesscontextmanager.accessLevels.update

accesscontextmanager.accessPolicies.create

accesscontextmanager.accessPolicies.delete

accesscontextmanager.accessPolicies.get

accesscontextmanager.accessPolicies.getIamPolicy

accesscontextmanager.accessPolicies.list

accesscontextmanager.accessPolicies.update

accesscontextmanager.accessZones.*

  • accesscontextmanager.accessZones.create
  • accesscontextmanager.accessZones.delete
  • accesscontextmanager.accessZones.get
  • accesscontextmanager.accessZones.list
  • accesscontextmanager.accessZones.update

accesscontextmanager.policies.create

accesscontextmanager.policies.delete

accesscontextmanager.policies.get

accesscontextmanager.policies.getIamPolicy

accesscontextmanager.policies.list

accesscontextmanager.policies.update

accesscontextmanager.servicePerimeters.*

  • accesscontextmanager.servicePerimeters.commit
  • accesscontextmanager.servicePerimeters.create
  • accesscontextmanager.servicePerimeters.delete
  • accesscontextmanager.servicePerimeters.get
  • accesscontextmanager.servicePerimeters.list
  • accesscontextmanager.servicePerimeters.replaceAll
  • accesscontextmanager.servicePerimeters.update

cloudasset.assets.searchAllResources

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

roles/accesscontextmanager.policyReader

拥有对政策、访问权限级别和访问区域的读取权限。

accesscontextmanager.accessLevels.get

accesscontextmanager.accessLevels.list

accesscontextmanager.accessPolicies.get

accesscontextmanager.accessPolicies.getIamPolicy

accesscontextmanager.accessPolicies.list

accesscontextmanager.accessZones.get

accesscontextmanager.accessZones.list

accesscontextmanager.policies.get

accesscontextmanager.policies.getIamPolicy

accesscontextmanager.policies.list

accesscontextmanager.servicePerimeters.get

accesscontextmanager.servicePerimeters.list

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

roles/accesscontextmanager.vpcScTroubleshooterViewer

accesscontextmanager.accessLevels.get

accesscontextmanager.accessLevels.list

accesscontextmanager.policies.get

accesscontextmanager.policies.getIamPolicy

accesscontextmanager.policies.list

accesscontextmanager.servicePerimeters.get

accesscontextmanager.servicePerimeters.list

logging.exclusions.get

logging.exclusions.list

logging.logEntries.list

logging.logMetrics.get

logging.logMetrics.list

logging.logServiceIndexes.list

logging.logServices.list

logging.logs.list

logging.sinks.get

logging.sinks.list

logging.usage.get

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

操作角色

角色 权限

roles/actions.Admin

拥有修改和部署某项操作的权限

actions.*

  • actions.agent.claimContentProvider
  • actions.agent.get
  • actions.agent.update
  • actions.agentVersions.create
  • actions.agentVersions.delete
  • actions.agentVersions.deploy
  • actions.agentVersions.get
  • actions.agentVersions.list

firebase.projects.get

firebase.projects.update

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.services.use

roles/actions.Viewer

拥有查看某项操作的权限

actions.agent.get

actions.agentVersions.get

actions.agentVersions.list

firebase.projects.get

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.services.use

AI Notebooks 角色

角色 权限

(roles/notebooks.admin)

拥有对笔记本中所有资源的完整访问权限。

您可以授予此角色的最低级层资源:

  • 实例

包含 5 项所有者权限

compute.acceleratorTypes.*

  • compute.acceleratorTypes.get
  • compute.acceleratorTypes.list

compute.addresses.get

compute.addresses.list

compute.autoscalers.get

compute.autoscalers.list

compute.backendBuckets.get

compute.backendBuckets.list

compute.backendServices.get

compute.backendServices.getIamPolicy

compute.backendServices.list

compute.commitments.get

compute.commitments.list

compute.diskTypes.*

  • compute.diskTypes.get
  • compute.diskTypes.list

compute.disks.get

compute.disks.getIamPolicy

compute.disks.list

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.externalVpnGateways.get

compute.externalVpnGateways.list

compute.firewallPolicies.get

compute.firewallPolicies.getIamPolicy

compute.firewallPolicies.list

compute.firewalls.get

compute.firewalls.list

compute.forwardingRules.get

compute.forwardingRules.list

compute.globalAddresses.get

compute.globalAddresses.list

compute.globalForwardingRules.get

compute.globalForwardingRules.list

compute.globalForwardingRules.pscGet

compute.globalNetworkEndpointGroups.get

compute.globalNetworkEndpointGroups.list

compute.globalOperations.get

compute.globalOperations.getIamPolicy

compute.globalOperations.list

compute.globalPublicDelegatedPrefixes.get

compute.globalPublicDelegatedPrefixes.list

compute.healthChecks.get

compute.healthChecks.list

compute.httpHealthChecks.get

compute.httpHealthChecks.list

compute.httpsHealthChecks.get

compute.httpsHealthChecks.list

compute.images.get

compute.images.getFromFamily

compute.images.getIamPolicy

compute.images.list

compute.images.listEffectiveTags

compute.images.listTagBindings

compute.instanceGroupManagers.get

compute.instanceGroupManagers.list

compute.instanceGroups.get

compute.instanceGroups.list

compute.instanceTemplates.get

compute.instanceTemplates.getIamPolicy

compute.instanceTemplates.list

compute.instances.get

compute.instances.getEffectiveFirewalls

compute.instances.getGuestAttributes

compute.instances.getIamPolicy

compute.instances.getScreenshot

compute.instances.getSerialPortOutput

compute.instances.getShieldedInstanceIdentity

compute.instances.getShieldedVmIdentity

compute.instances.list

compute.instances.listEffectiveTags

compute.instances.listReferrers

compute.instances.listTagBindings

compute.interconnectAttachments.get

compute.interconnectAttachments.list

compute.interconnectLocations.*

  • compute.interconnectLocations.get
  • compute.interconnectLocations.list

compute.interconnects.get

compute.interconnects.list

compute.licenseCodes.get

compute.licenseCodes.getIamPolicy

compute.licenseCodes.list

compute.licenses.get

compute.licenses.getIamPolicy

compute.licenses.list

compute.machineImages.get

compute.machineImages.getIamPolicy

compute.machineImages.list

compute.machineTypes.*

  • compute.machineTypes.get
  • compute.machineTypes.list

compute.maintenancePolicies.get

compute.maintenancePolicies.getIamPolicy

compute.maintenancePolicies.list

compute.networkEndpointGroups.get

compute.networkEndpointGroups.getIamPolicy

compute.networkEndpointGroups.list

compute.networks.get

compute.networks.getEffectiveFirewalls

compute.networks.getRegionEffectiveFirewalls

compute.networks.list

compute.networks.listPeeringRoutes

compute.nodeGroups.get

compute.nodeGroups.getIamPolicy

compute.nodeGroups.list

compute.nodeTemplates.get

compute.nodeTemplates.getIamPolicy

compute.nodeTemplates.list

compute.nodeTypes.*

  • compute.nodeTypes.get
  • compute.nodeTypes.list

compute.organizations.listAssociations

compute.packetMirrorings.get

compute.packetMirrorings.list

compute.projects.get

compute.publicAdvertisedPrefixes.get

compute.publicAdvertisedPrefixes.list

compute.publicDelegatedPrefixes.get

compute.publicDelegatedPrefixes.list

compute.regionBackendServices.get

compute.regionBackendServices.getIamPolicy

compute.regionBackendServices.list

compute.regionFirewallPolicies.get

compute.regionFirewallPolicies.getIamPolicy

compute.regionFirewallPolicies.list

compute.regionHealthCheckServices.get

compute.regionHealthCheckServices.list

compute.regionHealthChecks.get

compute.regionHealthChecks.list

compute.regionNetworkEndpointGroups.get

compute.regionNetworkEndpointGroups.list

compute.regionNotificationEndpoints.get

compute.regionNotificationEndpoints.list

compute.regionOperations.get

compute.regionOperations.getIamPolicy

compute.regionOperations.list

compute.regionSslCertificates.get

compute.regionSslCertificates.list

compute.regionTargetHttpProxies.get

compute.regionTargetHttpProxies.list

compute.regionTargetHttpsProxies.get

compute.regionTargetHttpsProxies.list

compute.regionUrlMaps.get

compute.regionUrlMaps.list

compute.regionUrlMaps.validate

compute.regions.*

  • compute.regions.get
  • compute.regions.list

compute.reservations.get

compute.reservations.list

compute.resourcePolicies.get

compute.resourcePolicies.list

compute.routers.get

compute.routers.list

compute.routes.get

compute.routes.list

compute.securityPolicies.get

compute.securityPolicies.getIamPolicy

compute.securityPolicies.list

compute.serviceAttachments.get

compute.serviceAttachments.list

compute.snapshots.get

compute.snapshots.getIamPolicy

compute.snapshots.list

compute.snapshots.listEffectiveTags

compute.snapshots.listTagBindings

compute.sslCertificates.get

compute.sslCertificates.list

compute.sslPolicies.get

compute.sslPolicies.list

compute.sslPolicies.listAvailableFeatures

compute.subnetworks.get

compute.subnetworks.getIamPolicy

compute.subnetworks.list

compute.targetGrpcProxies.get

compute.targetGrpcProxies.list

compute.targetHttpProxies.get

compute.targetHttpProxies.list

compute.targetHttpsProxies.get

compute.targetHttpsProxies.list

compute.targetInstances.get

compute.targetInstances.list

compute.targetPools.get

compute.targetPools.list

compute.targetSslProxies.get

compute.targetSslProxies.list

compute.targetTcpProxies.get

compute.targetTcpProxies.list

compute.targetVpnGateways.get

compute.targetVpnGateways.list

compute.urlMaps.get

compute.urlMaps.list

compute.urlMaps.validate

compute.vpnGateways.get

compute.vpnGateways.list

compute.vpnTunnels.get

compute.vpnTunnels.list

compute.zoneOperations.get

compute.zoneOperations.getIamPolicy

compute.zoneOperations.list

compute.zones.*

  • compute.zones.get
  • compute.zones.list

notebooks.*

  • notebooks.environments.create
  • notebooks.environments.delete
  • notebooks.environments.get
  • notebooks.environments.getIamPolicy
  • notebooks.nvironments.list
  • notebooks.environments.setIamPolicy
  • notebooks.executions.create
  • notebooks.executions.delete
  • notebooks.executions.get
  • notebooks.executions.getIamPolicy
  • notebooks.executions.list
  • notebooks.executions.setIamPolicy
  • notebooks.instances.checkUpgradability
  • notebooks.instances.create
  • notebooks.instances.delete
  • notebooks.instances.diagnose
  • notebooks.instances.get
  • notebooks.instances.getHealth
  • notebooks.instances.getIamPolicy
  • notebooks.instances.list
  • notebooks.instances.reset
  • notebooks.instances.setAccelerator
  • notebooks.instances.setIamPolicy
  • notebooks.instances.setLabels
  • notebooks.instances.setMachineType
  • notebooks.instances.start
  • notebooks.instances.stop
  • notebooks.instances.update
  • notebooks.instances.updateConfig
  • notebooks.instances.updateShieldInstanceConfig
  • notebooks.instances.upgrade
  • notebooks.instances.use
  • notebooks.locations.get
  • notebooks.locations.list
  • notebooks.operations.cancel
  • notebooks.operations.delete
  • notebooks.operations.get
  • notebooks.operations.list
  • notebooks.runtimes.create
  • notebooks.runtimes.delete
  • notebooks.runtimes.diagnose
  • notebooks.runtimes.get
  • notebooks.runtimes.getIamPolicy
  • notebooks.runtimes.list
  • notebooks.runtimes.reset
  • notebooks.runtimes.setIamPolicy
  • notebooks.runtimes.start
  • notebooks.runtimes.stop
  • notebooks.runtimes.switch
  • notebooks.runtimes.update
  • notebooks.schedules.create
  • notebooks.schedules.delete
  • notebooks.schedules.get
  • notebooks.schedules.getIamPolicy
  • notebooks.schedules.list
  • notebooks.schedules.setIamPolicy

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

(roles/notebooks.legacyAdmin)

具有通过 Compute API 访问笔记本中的所有资源的完整权限。

包含 35 项所有者权限

compute.*

  • compute.acceleratorTypes.get
  • compute.acceleratorTypes.list
  • compute.addresses.create
  • compute.addresses.createInternal
  • compute.addresses.delete
  • compute.addresses.deleteInternal
  • compute.addresses.get
  • compute.addresses.list
  • compute.addresses.setLabels
  • compute.addresses.use
  • compute.addresses.useInternal
  • compute.autoscalers.create
  • compute.autoscalers.delete
  • compute.autoscalers.get
  • compute.autoscalers.list
  • compute.autoscalers.update
  • compute.backendBuckets.create
  • compute.backendBuckets.delete
  • compute.backendBuckets.get
  • compute.backendBuckets.list
  • compute.backendBuckets.setSecurityPolicy
  • compute.backendBuckets.update
  • compute.backendBuckets.use
  • compute.backendServices.create
  • compute.backendServices.delete
  • compute.backendServices.get
  • compute.backendServices.getIamPolicy
  • compute.backendServices.list
  • compute.backendServices.setIamPolicy
  • compute.backendServices.setSecurityPolicy
  • compute.backendServices.update
  • compute.backendServices.use
  • compute.commitments.create
  • compute.commitments.get
  • compute.commitments.list
  • compute.commitments.update
  • compute.commitments.updateReservations
  • compute.diskTypes.get
  • compute.diskTypes.list
  • compute.disks.addResourcePolicies
  • compute.disks.create
  • compute.disks.createSnapshot
  • compute.disks.createTagBinding
  • compute.disks.delete
  • compute.disks.deleteTagBinding
  • compute.disks.get
  • compute.disks.getIamPolicy
  • compute.disks.list
  • compute.disks.listEffectiveTags
  • compute.disks.listTagBindings
  • compute.disks.removeResourcePolicies
  • compute.disks.resize
  • compute.disks.setIamPolicy
  • compute.disks.setLabels
  • compute.disks.update
  • compute.disks.use
  • compute.disks.useReadOnly
  • compute.externalVpnGateways.create
  • compute.externalVpnGateways.delete
  • compute.externalVpnGateways.get
  • compute.externalVpnGateways.list
  • compute.externalVpnGateways.setLabels
  • compute.externalVpnGateways.use
  • compute.firewallPolicies.addAssociation
  • compute.firewallPolicies.cloneRules
  • compute.firewallPolicies.copyRules
  • compute.firewallPolicies.create
  • compute.firewallPolicies.delete
  • compute.firewallPolicies.get
  • compute.firewallPolicies.getIamPolicy
  • compute.firewallPolicies.list
  • compute.firewallPolicies.move
  • compute.firewallPolicies.removeAssociation
  • compute.firewallPolicies.setIamPolicy
  • compute.firewallPolicies.update
  • compute.firewallPolicies.use
  • compute.firewalls.create
  • compute.firewalls.delete
  • compute.firewalls.get
  • compute.firewalls.list
  • compute.firewalls.update
  • compute.forwardingRules.create
  • compute.forwardingRules.delete
  • compute.forwardingRules.get
  • compute.forwardingRules.list
  • compute.forwardingRules.pscCreate
  • compute.forwardingRules.pscDelete
  • compute.forwardingRules.pscSetLabels
  • compute.forwardingRules.pscSetTarget
  • compute.forwardingRules.pscUpdate
  • compute.forwardingRules.setLabels
  • compute.forwardingRules.setTarget
  • compute.forwardingRules.update
  • compute.forwardingRules.use
  • compute.globalAddresses.create
  • compute.globalAddresses.createInternal
  • compute.globalAddresses.delete
  • compute.globalAddresses.deleteInternal
  • compute.globalAddresses.get
  • compute.globalAddresses.list
  • compute.globalAddresses.setLabels
  • compute.globalAddresses.use
  • compute.globalForwardingRules.create
  • compute.globalForwardingRules.delete
  • compute.globalForwardingRules.get
  • compute.globalForwardingRules.list
  • compute.globalForwardingRules.pscCreate
  • compute.globalForwardingRules.pscDelete
  • compute.globalForwardingRules.pscGet
  • compute.globalForwardingRules.pscSetLabels
  • compute.globalForwardingRules.pscSetTarget
  • compute.globalForwardingRules.pscUpdate
  • compute.globalForwardingRules.setLabels
  • compute.globalForwardingRules.setTarget
  • compute.globalForwardingRules.update
  • compute.globalNetworkEndpointGroups.attachNetworkEndpoints
  • compute.globalNetworkEndpointGroups.create
  • compute.globalNetworkEndpointGroups.delete
  • compute.globalNetworkEndpointGroups.detachNetworkEndpoints
  • compute.globalNetworkEndpointGroups.get
  • compute.globalNetworkEndpointGroups.list
  • compute.globalNetworkEndpointGroups.use
  • compute.globalOperations.delete
  • compute.globalOperations.get
  • compute.globalOperations.getIamPolicy
  • compute.globalOperations.list
  • compute.globalOperations.setIamPolicy
  • compute.globalPublicDelegatedPrefixes.create
  • compute.globalPublicDelegatedPrefixes.delete
  • compute.globalPublicDelegatedPrefixes.get
  • compute.globalPublicDelegatedPrefixes.list
  • compute.globalPublicDelegatedPrefixes.update
  • compute.globalPublicDelegatedPrefixes.updatePolicy
  • compute.globalPublicDelegatedPrefixes.use
  • compute.healthChecks.create
  • compute.healthChecks.delete
  • compute.healthChecks.get
  • compute.healthChecks.list
  • compute.healthChecks.update
  • compute.healthChecks.use
  • compute.healthChecks.useReadOnly
  • compute.httpHealthChecks.create
  • compute.httpHealthChecks.delete
  • compute.httpHealthChecks.get
  • compute.httpHealthChecks.list
  • compute.httpHealthChecks.update
  • compute.httpHealthChecks.use
  • compute.httpHealthChecks.useReadOnly
  • compute.httpsHealthChecks.create
  • compute.httpsHealthChecks.delete
  • compute.httpsHealthChecks.get
  • compute.httpsHealthChecks.list
  • compute.httpsHealthChecks.update
  • compute.httpsHealthChecks.use
  • compute.httpsHealthChecks.useReadOnly
  • compute.images.create
  • compute.images.createTagBinding
  • compute.images.delete
  • compute.images.deleteTagBinding
  • compute.images.deprecate
  • compute.images.get
  • compute.images.getFromFamily
  • compute.images.getIamPolicy
  • compute.images.list
  • compute.images.listEffectiveTags
  • compute.images.listTagBindings
  • compute.images.setIamPolicy
  • compute.images.setLabels
  • compute.images.update
  • compute.images.useReadOnly
  • compute.instanceGroupManagers.create
  • compute.instanceGroupManagers.delete
  • compute.instanceGroupManagers.get
  • compute.instanceGroupManagers.list
  • compute.instanceGroupManagers.update
  • compute.instanceGroupManagers.use
  • compute.instanceGroups.create
  • compute.instanceGroups.delete
  • compute.instanceGroups.get
  • compute.instanceGroups.list
  • compute.instanceGroups.update
  • compute.instanceGroups.use
  • compute.instanceTemplates.create
  • compute.instanceTemplates.delete
  • compute.instanceTemplates.get
  • compute.instanceTemplates.getIamPolicy
  • compute.instanceTemplates.list
  • compute.instanceTemplates.setIamPolicy
  • compute.instanceTemplates.useReadOnly
  • compute.instances.addAccessConfig
  • compute.instances.addMaintenancePolicies
  • compute.instances.addResourcePolicies
  • compute.instances.attachDisk
  • compute.instances.create
  • compute.instances.createTagBinding
  • compute.instances.delete
  • compute.instances.deleteAccessConfig
  • compute.instances.deleteTagBinding
  • compute.instances.detachDisk
  • compute.instances.get
  • compute.instances.getEffectiveFirewalls
  • compute.instances.getGuestAttributes
  • compute.instances.getIamPolicy
  • compute.instances.getScreenshot
  • compute.instances.getSerialPortOutput
  • compute.instances.getShieldedInstanceIdentity
  • compute.instances.getShieldedVmIdentity
  • compute.instances.list
  • compute.instances.listEffectiveTags
  • compute.instances.listReferrers
  • compute.instances.listTagBindings
  • compute.instances.osAdminLogin
  • compute.instances.osLogin
  • compute.instances.removeMaintenancePolicies
  • compute.instances.removeResourcePolicies
  • compute.instances.reset
  • compute.instances.resume
  • compute.instances.sendDiagnosticInterrupt
  • compute.instances.setDeletionProtection
  • compute.instances.setDiskAutoDelete
  • compute.instances.setIamPolicy
  • compute.instances.setLabels
  • compute.instances.setMachineResources
  • compute.instances.setMachineType
  • compute.instances.setMetadata
  • compute.instances.setMinCpuPlatform
  • compute.instances.setScheduling
  • compute.instances.setServiceAccount
  • compute.instances.setShieldedInstanceIntegrityPolicy
  • compute.instances.setShieldedVmIntegrityPolicy
  • compute.instances.setTags
  • compute.instances.start
  • compute.instances.startWithEncryptionKey
  • compute.instances.stop
  • compute.instances.suspend
  • compute.instances.update
  • compute.instances.updateAccessConfig
  • compute.instances.updateDisplayDevice
  • compute.instances.updateNetworkInterface
  • compute.instances.updateSecurity
  • compute.instances.updateShieldedInstanceConfig
  • compute.instances.updateShieldedVmConfig
  • compute.instances.use
  • compute.instances.useReadOnly
  • compute.interconnectAttachments.create
  • compute.interconnectAttachments.delete
  • compute.interconnectAttachments.get
  • compute.interconnectAttachments.list
  • compute.interconnectAttachments.setLabels
  • compute.interconnectAttachments.update
  • compute.interconnectAttachments.use
  • compute.interconnectLocations.get
  • compute.interconnectLocations.list
  • compute.interconnects.create
  • compute.interconnects.delete
  • compute.interconnects.get
  • compute.interconnects.list
  • compute.interconnects.setLabels
  • compute.interconnects.update
  • compute.interconnects.use
  • compute.licenseCodes.get
  • compute.licenseCodes.getIamPolicy
  • compute.licenseCodes.list
  • compute.licenseCodes.setIamPolicy
  • compute.licenseCodes.update
  • compute.licenseCodes.use
  • compute.licenses.create
  • compute.licenses.delete
  • compute.licenses.get
  • compute.licenses.getIamPolicy
  • compute.licenses.list
  • compute.licenses.setIamPolicy
  • compute.machineImages.create
  • compute.machineImages.delete
  • compute.machineImages.get
  • compute.machineImages.getIamPolicy
  • compute.machineImages.list
  • compute.machineImages.setIamPolicy
  • compute.machineImages.useReadOnly
  • compute.machineTypes.get
  • compute.machineTypes.list
  • compute.maintenancePolicies.create
  • compute.maintenancePolicies.delete
  • compute.maintenancePolicies.get
  • compute.maintenancePolicies.getIamPolicy
  • compute.maintenancePolicies.list
  • compute.maintenancePolicies.setIamPolicy
  • compute.maintenancePolicies.use
  • compute.networkEndpointGroups.attachNetworkEndpoints
  • compute.networkEndpointGroups.create
  • compute.networkEndpointGroups.delete
  • compute.networkEndpointGroups.detachNetworkEndpoints
  • compute.networkEndpointGroups.get
  • compute.networkEndpointGroups.getIamPolicy
  • compute.networkEndpointGroups.list
  • compute.networkEndpointGroups.setIamPolicy
  • compute.networkEndpointGroups.use
  • compute.networks.access
  • compute.networks.addPeering
  • compute.networks.create
  • compute.networks.delete
  • compute.networks.get
  • compute.networks.getEffectiveFirewalls
  • compute.networks.getRegionEffectiveFirewalls
  • compute.networks.list
  • compute.networks.listPeeringRoutes
  • compute.networks.mirror
  • compute.networks.removePeering
  • compute.networks.setFirewallPolicy
  • compute.networks.switchToCustomMode
  • compute.networks.update
  • compute.networks.updatePeering
  • compute.networks.updatePolicy
  • compute.networks.use
  • compute.networks.useExternalIp
  • compute.nodeGroups.addNodes
  • compute.nodeGroups.create
  • compute.nodeGroups.delete
  • compute.nodeGroups.deleteNodes
  • compute.nodeGroups.get
  • compute.nodeGroups.getIamPolicy
  • compute.nodeGroups.list
  • compute.nodeGroups.setIamPolicy
  • compute.nodeGroups.setNodeTemplate
  • compute.nodeGroups.update
  • compute.nodeTemplates.create
  • compute.nodeTemplates.delete
  • compute.nodeTemplates.get
  • compute.nodeTemplates.getIamPolicy
  • compute.nodeTemplates.list
  • compute.nodeTemplates.setIamPolicy
  • compute.nodeTypes.get
  • compute.nodeTypes.list
  • compute.organizations.administerXpn
  • compute.organizations.disableXpnHost
  • compute.organizations.disableXpnResource
  • compute.organizations.enableXpnHost
  • compute.organizations.enableXpnResource
  • compute.organizations.listAssociations
  • compute.organizations.setFirewallPolicy
  • compute.organizations.setSecurityPolicy
  • compute.oslogin.updateExternalUser
  • compute.packetMirrorings.create
  • compute.packetMirrorings.delete
  • compute.packetMirrorings.get
  • compute.packetMirrorings.list
  • compute.packetMirrorings.update
  • compute.projects.get
  • compute.projects.setCommonInstanceMetadata
  • compute.projects.setDefaultNetworkTier
  • compute.projects.setDefaultServiceAccount
  • compute.projects.setUsageExportBucket
  • compute.publicAdvertisedPrefixes.create
  • compute.publicAdvertisedPrefixes.delete
  • compute.publicAdvertisedPrefixes.get
  • compute.publicAdvertisedPrefixes.list
  • compute.publicAdvertisedPrefixes.update
  • compute.publicAdvertisedPrefixes.updatePolicy
  • compute.publicAdvertisedPrefixes.use
  • compute.publicDelegatedPrefixes.create
  • compute.publicDelegatedPrefixes.delete
  • compute.publicDelegatedPrefixes.get
  • compute.publicDelegatedPrefixes.list
  • compute.publicDelegatedPrefixes.update
  • compute.publicDelegatedPrefixes.updatePolicy
  • compute.publicDelegatedPrefixes.use
  • compute.regionBackendServices.create
  • compute.regionBackendServices.delete
  • compute.regionBackendServices.get
  • compute.regionBackendServices.getIamPolicy
  • compute.regionBackendServices.list
  • compute.regionBackendServices.setIamPolicy
  • compute.regionBackendServices.setSecurityPolicy
  • compute.regionBackendServices.update
  • compute.regionBackendServices.use
  • compute.regionFirewallPolicies.cloneRules
  • compute.regionFirewallPolicies.create
  • compute.regionFirewallPolicies.delete
  • compute.regionFirewallPolicies.get
  • compute.regionFirewallPolicies.getIamPolicy
  • compute.regionFirewallPolicies.list
  • compute.regionFirewallPolicies.setIamPolicy
  • compute.regionFirewallPolicies.update
  • compute.regionFirewallPolicies.use
  • compute.regionHealthCheckServices.create
  • compute.regionHealthCheckServices.delete
  • compute.regionHealthCheckServices.get
  • compute.regionHealthCheckServices.list
  • compute.regionHealthCheckServices.update
  • compute.regionHealthCheckServices.use
  • compute.regionHealthChecks.create
  • compute.regionHealthChecks.delete
  • compute.regionHealthChecks.get
  • compute.regionHealthChecks.list
  • compute.regionHealthChecks.update
  • compute.regionHealthChecks.use
  • compute.regionHealthChecks.useReadOnly
  • compute.regionNetworkEndpointGroups.create
  • compute.regionNetworkEndpointGroups.delete
  • compute.regionNetworkEndpointGroups.get
  • compute.regionNetworkEndpointGroups.list
  • compute.regionNetworkEndpointGroups.use
  • compute.regionNotificationEndpoints.create
  • compute.regionNotificationEndpoints.delete
  • compute.regionNotificationEndpoints.get
  • compute.regionNotificationEndpoints.list
  • compute.regionNotificationEndpoints.update
  • compute.regionNotificationEndpoints.use
  • compute.regionOperations.delete
  • compute.regionOperations.get
  • compute.regionOperations.getIamPolicy
  • compute.regionOperations.list
  • compute.regionOperations.setIamPolicy
  • compute.regionSslCertificates.create
  • compute.regionSslCertificates.delete
  • compute.regionSslCertificates.get
  • compute.regionSslCertificates.list
  • compute.regionTargetHttpProxies.create
  • compute.regionTargetHttpProxies.delete
  • compute.regionTargetHttpProxies.get
  • compute.regionTargetHttpProxies.list
  • compute.regionTargetHttpProxies.setUrlMap
  • compute.regionTargetHttpProxies.use
  • compute.regionTargetHttpsProxies.create
  • compute.regionTargetHttpsProxies.delete
  • compute.regionTargetHttpsProxies.get
  • compute.regionTargetHttpsProxies.list
  • compute.regionTargetHttpsProxies.setSslCertificates
  • compute.regionTargetHttpsProxies.setUrlMap
  • compute.regionTargetHttpsProxies.update
  • compute.regionTargetHttpsProxies.use
  • compute.regionUrlMaps.create
  • compute.regionUrlMaps.delete
  • compute.regionUrlMaps.get
  • compute.regionUrlMaps.invalidateCache
  • compute.regionUrlMaps.list
  • compute.regionUrlMaps.update
  • compute.regionUrlMaps.use
  • compute.regionUrlMaps.validate
  • compute.regions.get
  • compute.regions.list
  • compute.reservations.create
  • compute.reservations.delete
  • compute.reservations.get
  • compute.reservations.list
  • compute.reservations.resize
  • compute.reservations.update
  • compute.resourcePolicies.create
  • compute.resourcePolicies.delete
  • compute.resourcePolicies.get
  • compute.resourcePolicies.list
  • compute.resourcePolicies.use
  • compute.routers.create
  • compute.routers.delete
  • compute.routers.get
  • compute.routers.list
  • compute.routers.update
  • compute.routers.use
  • compute.routes.create
  • compute.routes.delete
  • compute.routes.get
  • compute.routes.list
  • compute.securityPolicies.addAssociation
  • compute.securityPolicies.copyRules
  • compute.securityPolicies.create
  • compute.securityPolicies.delete
  • compute.securityPolicies.get
  • compute.securityPolicies.getIamPolicy
  • compute.securityPolicies.list
  • compute.securityPolicies.move
  • compute.securityPolicies.removeAssociation
  • compute.securityPolicies.setIamPolicy
  • compute.securityPolicies.update
  • compute.securityPolicies.use
  • compute.serviceAttachments.create
  • compute.serviceAttachments.delete
  • compute.serviceAttachments.get
  • compute.serviceAttachments.list
  • compute.serviceAttachments.update
  • compute.snapshots.create
  • compute.snapshots.createTagBinding
  • compute.snapshots.delete
  • compute.snapshots.deleteTagBinding
  • compute.snapshots.get
  • compute.snapshots.getIamPolicy
  • compute.snapshots.list
  • compute.snapshots.listEffectiveTags
  • compute.snapshots.listTagBindings
  • compute.snapshots.setIamPolicy
  • compute.snapshots.setLabels
  • compute.snapshots.useReadOnly
  • compute.sslCertificates.create
  • compute.sslCertificates.delete
  • compute.sslCertificates.get
  • compute.sslCertificates.list
  • compute.sslPolicies.create
  • compute.sslPolicies.delete
  • compute.sslPolicies.get
  • compute.sslPolicies.list
  • compute.sslPolicies.listAvailableFeatures
  • compute.sslPolicies.update
  • compute.sslPolicies.use
  • compute.subnetworks.create
  • compute.subnetworks.delete
  • compute.subnetworks.expandIpCidrRange
  • compute.subnetworks.get
  • compute.subnetworks.getIamPolicy
  • compute.subnetworks.list
  • compute.subnetworks.mirror
  • compute.subnetworks.setIamPolicy
  • compute.subnetworks.setPrivateIpGoogleAccess
  • compute.subnetworks.update
  • compute.subnetworks.use
  • compute.subnetworks.useExternalIp
  • compute.targetGrpcProxies.create
  • compute.targetGrpcProxies.delete
  • compute.targetGrpcProxies.get
  • compute.targetGrpcProxies.list
  • compute.targetGrpcProxies.update
  • compute.targetGrpcProxies.use
  • compute.targetHttpProxies.create
  • compute.targetHttpProxies.delete
  • compute.targetHttpProxies.get
  • compute.targetHttpProxies.list
  • compute.targetHttpProxies.setUrlMap
  • compute.targetHttpProxies.use
  • compute.targetHttpsProxies.create
  • compute.targetHttpsProxies.delete
  • compute.targetHttpsProxies.get
  • compute.targetHttpsProxies.list
  • compute.targetHttpsProxies.setSslCertificates
  • compute.targetHttpsProxies.setSslPolicy
  • compute.targetHttpsProxies.setUrlMap
  • compute.targetHttpsProxies.update
  • compute.targetHttpsProxies.use
  • compute.targetInstances.create
  • compute.targetInstances.delete
  • compute.targetInstances.get
  • compute.targetInstances.list
  • compute.targetInstances.use
  • compute.targetPools.addHealthCheck
  • compute.targetPools.addInstance
  • compute.targetPools.create
  • compute.targetPools.delete
  • compute.targetPools.get
  • compute.targetPools.list
  • compute.targetPools.removeHealthCheck
  • compute.targetPools.removeInstance
  • compute.targetPools.update
  • compute.targetPools.use
  • compute.targetSslProxies.create
  • compute.targetSslProxies.delete
  • compute.targetSslProxies.get
  • compute.targetSslProxies.list
  • compute.targetSslProxies.setBackendService
  • compute.targetSslProxies.setProxyHeader
  • compute.targetSslProxies.setSslCertificates
  • compute.targetSslProxies.use
  • compute.targetTcpProxies.create
  • compute.targetTcpProxies.delete
  • compute.targetTcpProxies.get
  • compute.targetTcpProxies.list
  • compute.targetTcpProxies.update
  • compute.targetTcpProxies.use
  • compute.targetVpnGateways.create
  • compute.targetVpnGateways.delete
  • compute.targetVpnGateways.get
  • compute.targetVpnGateways.list
  • compute.targetVpnGateways.setLabels
  • compute.targetVpnGateways.use
  • compute.urlMaps.create
  • compute.urlMaps.delete
  • compute.urlMaps.get
  • compute.urlMaps.invalidateCache
  • compute.urlMaps.list
  • compute.urlMaps.update
  • compute.urlMaps.use
  • compute.urlMaps.validate
  • compute.vpnGateways.create
  • compute.vpnGateways.delete
  • compute.vpnGateways.get
  • compute.vpnGateways.list
  • compute.vpnGateways.setLabels
  • compute.vpnGateways.use
  • compute.vpnTunnels.create
  • compute.vpnTunnels.delete
  • compute.vpnTunnels.get
  • compute.vpnTunnels.list
  • compute.vpnTunnels.setLabels
  • compute.zoneOperations.delete
  • compute.zoneOperations.get
  • compute.zoneOperations.getIamPolicy
  • compute.zoneOperations.list
  • compute.zoneOperations.setIamPolicy
  • compute.zones.get
  • compute.zones.list

notebooks.*

  • notebooks.environments.create
  • notebooks.environments.delete
  • notebooks.environments.get
  • notebooks.environments.getIamPolicy
  • notebooks.nvironments.list
  • notebooks.environments.setIamPolicy
  • notebooks.executions.create
  • notebooks.executions.delete
  • notebooks.executions.get
  • notebooks.executions.getIamPolicy
  • notebooks.executions.list
  • notebooks.executions.setIamPolicy
  • notebooks.instances.checkUpgradability
  • notebooks.instances.create
  • notebooks.instances.delete
  • notebooks.instances.diagnose
  • notebooks.instances.get
  • notebooks.instances.getHealth
  • notebooks.instances.getIamPolicy
  • notebooks.instances.list
  • notebooks.instances.reset
  • notebooks.instances.setAccelerator
  • notebooks.instances.setIamPolicy
  • notebooks.instances.setLabels
  • notebooks.instances.setMachineType
  • notebooks.instances.start
  • notebooks.instances.stop
  • notebooks.instances.update
  • notebooks.instances.updateConfig
  • notebooks.instances.updateShieldInstanceConfig
  • notebooks.instances.upgrade
  • notebooks.instances.use
  • notebooks.locations.get
  • notebooks.locations.list
  • notebooks.operations.cancel
  • notebooks.operations.delete
  • notebooks.operations.get
  • notebooks.operations.list
  • notebooks.runtimes.create
  • notebooks.runtimes.delete
  • notebooks.runtimes.diagnose
  • notebooks.runtimes.get
  • notebooks.runtimes.getIamPolicy
  • notebooks.runtimes.list
  • notebooks.runtimes.reset
  • notebooks.runtimes.setIamPolicy
  • notebooks.runtimes.start
  • notebooks.runtimes.stop
  • notebooks.runtimes.switch
  • notebooks.runtimes.update
  • notebooks.schedules.create
  • notebooks.schedules.delete
  • notebooks.schedules.get
  • notebooks.schedules.getIamPolicy
  • notebooks.schedules.list
  • notebooks.schedules.setIamPolicy

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

(roles/notebooks.legacyViewer)

拥有通过 Compute API 对笔记本中所有资源进行只读访问的权限。

compute.acceleratorTypes.*

  • compute.acceleratorTypes.get
  • compute.acceleratorTypes.list

compute.addresses.get

compute.addresses.list

compute.autoscalers.get

compute.autoscalers.list

compute.backendBuckets.get

compute.backendBuckets.list

compute.backendServices.get

compute.backendServices.getIamPolicy

compute.backendServices.list

compute.commitments.get

compute.commitments.list

compute.diskTypes.*

  • compute.diskTypes.get
  • compute.diskTypes.list

compute.disks.get

compute.disks.getIamPolicy

compute.disks.list

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.externalVpnGateways.get

compute.externalVpnGateways.list

compute.firewallPolicies.get

compute.firewallPolicies.getIamPolicy

compute.firewallPolicies.list

compute.firewalls.get

compute.firewalls.list

compute.forwardingRules.get

compute.forwardingRules.list

compute.globalAddresses.get

compute.globalAddresses.list

compute.globalForwardingRules.get

compute.globalForwardingRules.list

compute.globalForwardingRules.pscGet

compute.globalNetworkEndpointGroups.get

compute.globalNetworkEndpointGroups.list

compute.globalOperations.get

compute.globalOperations.getIamPolicy

compute.globalOperations.list

compute.globalPublicDelegatedPrefixes.get

compute.globalPublicDelegatedPrefixes.list

compute.healthChecks.get

compute.healthChecks.list

compute.httpHealthChecks.get

compute.httpHealthChecks.list

compute.httpsHealthChecks.get

compute.httpsHealthChecks.list

compute.images.get

compute.images.getFromFamily

compute.images.getIamPolicy

compute.images.list

compute.images.listEffectiveTags

compute.images.listTagBindings

compute.instanceGroupManagers.get

compute.instanceGroupManagers.list

compute.instanceGroups.get

compute.instanceGroups.list

compute.instanceTemplates.get

compute.instanceTemplates.getIamPolicy

compute.instanceTemplates.list

compute.instances.get

compute.instances.getEffectiveFirewalls

compute.instances.getGuestAttributes

compute.instances.getIamPolicy

compute.instances.getScreenshot

compute.instances.getSerialPortOutput

compute.instances.getShieldedInstanceIdentity

compute.instances.getShieldedVmIdentity

compute.instances.list

compute.instances.listEffectiveTags

compute.instances.listReferrers

compute.instances.listTagBindings

compute.interconnectAttachments.get

compute.interconnectAttachments.list

compute.interconnectLocations.*

  • compute.interconnectLocations.get
  • compute.interconnectLocations.list

compute.interconnects.get

compute.interconnects.list

compute.licenseCodes.get

compute.licenseCodes.getIamPolicy

compute.licenseCodes.list

compute.licenses.get

compute.licenses.getIamPolicy

compute.licenses.list

compute.machineImages.get

compute.machineImages.getIamPolicy

compute.machineImages.list

compute.machineTypes.*

  • compute.machineTypes.get
  • compute.machineTypes.list

compute.maintenancePolicies.get

compute.maintenancePolicies.getIamPolicy

compute.maintenancePolicies.list

compute.networkEndpointGroups.get

compute.networkEndpointGroups.getIamPolicy

compute.networkEndpointGroups.list

compute.networks.get

compute.networks.getEffectiveFirewalls

compute.networks.getRegionEffectiveFirewalls

compute.networks.list

compute.networks.listPeeringRoutes

compute.nodeGroups.get

compute.nodeGroups.getIamPolicy

compute.nodeGroups.list

compute.nodeTemplates.get

compute.nodeTemplates.getIamPolicy

compute.nodeTemplates.list

compute.nodeTypes.*

  • compute.nodeTypes.get
  • compute.nodeTypes.list

compute.organizations.listAssociations

compute.packetMirrorings.get

compute.packetMirrorings.list

compute.projects.get

compute.publicAdvertisedPrefixes.get

compute.publicAdvertisedPrefixes.list

compute.publicDelegatedPrefixes.get

compute.publicDelegatedPrefixes.list

compute.regionBackendServices.get

compute.regionBackendServices.getIamPolicy

compute.regionBackendServices.list

compute.regionFirewallPolicies.get

compute.regionFirewallPolicies.getIamPolicy

compute.regionFirewallPolicies.list

compute.regionHealthCheckServices.get

compute.regionHealthCheckServices.list

compute.regionHealthChecks.get

compute.regionHealthChecks.list

compute.regionNetworkEndpointGroups.get

compute.regionNetworkEndpointGroups.list

compute.regionNotificationEndpoints.get

compute.regionNotificationEndpoints.list

compute.regionOperations.get

compute.regionOperations.getIamPolicy

compute.regionOperations.list

compute.regionSslCertificates.get

compute.regionSslCertificates.list

compute.regionTargetHttpProxies.get

compute.regionTargetHttpProxies.list

compute.regionTargetHttpsProxies.get

compute.regionTargetHttpsProxies.list

compute.regionUrlMaps.get

compute.regionUrlMaps.list

compute.regionUrlMaps.validate

compute.regions.*

  • compute.regions.get
  • compute.regions.list

compute.reservations.get

compute.reservations.list

compute.resourcePolicies.get

compute.resourcePolicies.list

compute.routers.get

compute.routers.list

compute.routes.get

compute.routes.list

compute.securityPolicies.get

compute.securityPolicies.getIamPolicy

compute.securityPolicies.list

compute.serviceAttachments.get

compute.serviceAttachments.list

compute.snapshots.get

compute.snapshots.getIamPolicy

compute.snapshots.list

compute.snapshots.listEffectiveTags

compute.snapshots.listTagBindings

compute.sslCertificates.get

compute.sslCertificates.list

compute.sslPolicies.get

compute.sslPolicies.list

compute.sslPolicies.listAvailableFeatures

compute.subnetworks.get

compute.subnetworks.getIamPolicy

compute.subnetworks.list

compute.targetGrpcProxies.get

compute.targetGrpcProxies.list

compute.targetHttpProxies.get

compute.targetHttpProxies.list

compute.targetHttpsProxies.get

compute.targetHttpsProxies.list

compute.targetInstances.get

compute.targetInstances.list

compute.targetPools.get

compute.targetPools.list

compute.targetSslProxies.get

compute.targetSslProxies.list

compute.targetTcpProxies.get

compute.targetTcpProxies.list

compute.targetVpnGateways.get

compute.targetVpnGateways.list

compute.urlMaps.get

compute.urlMaps.list

compute.urlMaps.validate

compute.vpnGateways.get

compute.vpnGateways.list

compute.vpnTunnels.get

compute.vpnTunnels.list

compute.zoneOperations.get

compute.zoneOperations.getIamPolicy

compute.zoneOperations.list

compute.zones.*

  • compute.zones.get
  • compute.zones.list

notebooks.environments.get

notebooks.environments.getIamPolicy

notebooks.nvironments.list

notebooks.executions.get

notebooks.executions.getIamPolicy

notebooks.executions.list

notebooks.instances.checkUpgradability

notebooks.instances.get

notebooks.instances.getHealth

notebooks.instances.getIamPolicy

notebooks.instances.list

notebooks.locations.*

  • notebooks.locations.get
  • notebooks.locations.list

notebooks.operations.get

notebooks.operations.list

notebooks.runtimes.get

notebooks.runtimes.getIamPolicy

notebooks.runtimes.list

notebooks.schedules.get

notebooks.schedules.getIamPolicy

notebooks.schedules.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

(roles/notebooks.runner)

拥有受限的权限,能够运行已安排的笔记本。

compute.acceleratorTypes.*

  • compute.acceleratorTypes.get
  • compute.acceleratorTypes.list

compute.addresses.get

compute.addresses.list

compute.autoscalers.get

compute.autoscalers.list

compute.backendBuckets.get

compute.backendBuckets.list

compute.backendServices.get

compute.backendServices.getIamPolicy

compute.backendServices.list

compute.commitments.get

compute.commitments.list

compute.diskTypes.*

  • compute.diskTypes.get
  • compute.diskTypes.list

compute.disks.get

compute.disks.getIamPolicy

compute.disks.list

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.externalVpnGateways.get

compute.externalVpnGateways.list

compute.firewallPolicies.get

compute.firewallPolicies.getIamPolicy

compute.firewallPolicies.list

compute.firewalls.get

compute.firewalls.list

compute.forwardingRules.get

compute.forwardingRules.list

compute.globalAddresses.get

compute.globalAddresses.list

compute.globalForwardingRules.get

compute.globalForwardingRules.list

compute.globalForwardingRules.pscGet

compute.globalNetworkEndpointGroups.get

compute.globalNetworkEndpointGroups.list

compute.globalOperations.get

compute.globalOperations.getIamPolicy

compute.globalOperations.list

compute.globalPublicDelegatedPrefixes.get

compute.globalPublicDelegatedPrefixes.list

compute.healthChecks.get

compute.healthChecks.list

compute.httpHealthChecks.get

compute.httpHealthChecks.list

compute.httpsHealthChecks.get

compute.httpsHealthChecks.list

compute.images.get

compute.images.getFromFamily

compute.images.getIamPolicy

compute.images.list

compute.images.listEffectiveTags

compute.images.listTagBindings

compute.instanceGroupManagers.get

compute.instanceGroupManagers.list

compute.instanceGroups.get

compute.instanceGroups.list

compute.instanceTemplates.get

compute.instanceTemplates.getIamPolicy

compute.instanceTemplates.list

compute.instances.get

compute.instances.getEffectiveFirewalls

compute.instances.getGuestAttributes

compute.instances.getIamPolicy

compute.instances.getScreenshot

compute.instances.getSerialPortOutput

compute.instances.getShieldedInstanceIdentity

compute.instances.getShieldedVmIdentity

compute.instances.list

compute.instances.listEffectiveTags

compute.instances.listReferrers

compute.instances.listTagBindings

compute.interconnectAttachments.get

compute.interconnectAttachments.list

compute.interconnectLocations.*

  • compute.interconnectLocations.get
  • compute.interconnectLocations.list

compute.interconnects.get

compute.interconnects.list

compute.licenseCodes.get

compute.licenseCodes.getIamPolicy

compute.licenseCodes.list

compute.licenses.get

compute.licenses.getIamPolicy

compute.licenses.list

compute.machineImages.get

compute.machineImages.getIamPolicy

compute.machineImages.list

compute.machineTypes.*

  • compute.machineTypes.get
  • compute.machineTypes.list

compute.maintenancePolicies.get

compute.maintenancePolicies.getIamPolicy

compute.maintenancePolicies.list

compute.networkEndpointGroups.get

compute.networkEndpointGroups.getIamPolicy

compute.networkEndpointGroups.list

compute.networks.get

compute.networks.getEffectiveFirewalls

compute.networks.getRegionEffectiveFirewalls

compute.networks.list

compute.networks.listPeeringRoutes

compute.nodeGroups.get

compute.nodeGroups.getIamPolicy

compute.nodeGroups.list

compute.nodeTemplates.get

compute.nodeTemplates.getIamPolicy

compute.nodeTemplates.list

compute.nodeTypes.*

  • compute.nodeTypes.get
  • compute.nodeTypes.list

compute.organizations.listAssociations

compute.packetMirrorings.get

compute.packetMirrorings.list

compute.projects.get

compute.publicAdvertisedPrefixes.get

compute.publicAdvertisedPrefixes.list

compute.publicDelegatedPrefixes.get

compute.publicDelegatedPrefixes.list

compute.regionBackendServices.get

compute.regionBackendServices.getIamPolicy

compute.regionBackendServices.list

compute.regionFirewallPolicies.get

compute.regionFirewallPolicies.getIamPolicy

compute.regionFirewallPolicies.list

compute.regionHealthCheckServices.get

compute.regionHealthCheckServices.list

compute.regionHealthChecks.get

compute.regionHealthChecks.list

compute.regionNetworkEndpointGroups.get

compute.regionNetworkEndpointGroups.list

compute.regionNotificationEndpoints.get

compute.regionNotificationEndpoints.list

compute.regionOperations.get

compute.regionOperations.getIamPolicy

compute.regionOperations.list

compute.regionSslCertificates.get

compute.regionSslCertificates.list

compute.regionTargetHttpProxies.get

compute.regionTargetHttpProxies.list

compute.regionTargetHttpsProxies.get

compute.regionTargetHttpsProxies.list

compute.regionUrlMaps.get

compute.regionUrlMaps.list

compute.regionUrlMaps.validate

compute.regions.*

  • compute.regions.get
  • compute.regions.list

compute.reservations.get

compute.reservations.list

compute.resourcePolicies.get

compute.resourcePolicies.list

compute.routers.get

compute.routers.list

compute.routes.get

compute.routes.list

compute.securityPolicies.get

compute.securityPolicies.getIamPolicy

compute.securityPolicies.list

compute.serviceAttachments.get

compute.serviceAttachments.list

compute.snapshots.get

compute.snapshots.getIamPolicy

compute.snapshots.list

compute.snapshots.listEffectiveTags

compute.snapshots.listTagBindings

compute.sslCertificates.get

compute.sslCertificates.list

compute.sslPolicies.get

compute.sslPolicies.list

compute.sslPolicies.listAvailableFeatures

compute.subnetworks.get

compute.subnetworks.getIamPolicy

compute.subnetworks.list

compute.targetGrpcProxies.get

compute.targetGrpcProxies.list

compute.targetHttpProxies.get

compute.targetHttpProxies.list

compute.targetHttpsProxies.get

compute.targetHttpsProxies.list

compute.targetInstances.get

compute.targetInstances.list

compute.targetPools.get

compute.targetPools.list

compute.targetSslProxies.get

compute.targetSslProxies.list

compute.targetTcpProxies.get

compute.targetTcpProxies.list

compute.targetVpnGateways.get

compute.targetVpnGateways.list

compute.urlMaps.get

compute.urlMaps.list

compute.urlMaps.validate

compute.vpnGateways.get

compute.vpnGateways.list

compute.vpnTunnels.get

compute.vpnTunnels.list

compute.zoneOperations.get

compute.zoneOperations.getIamPolicy

compute.zoneOperations.list

compute.zones.*

  • compute.zones.get
  • compute.zones.list

notebooks.environments.get

notebooks.environments.getIamPolicy

notebooks.nvironments.list

notebooks.executions.create

notebooks.executions.get

notebooks.executions.getIamPolicy

notebooks.executions.list

notebooks.instances.checkUpgradability

notebooks.instances.create

notebooks.instances.get

notebooks.instances.getHealth

notebooks.instances.getIamPolicy

notebooks.instances.list

notebooks.locations.*

  • notebooks.locations.get
  • notebooks.locations.list

notebooks.operations.get

notebooks.operations.list

notebooks.runtimes.create

notebooks.runtimes.get

notebooks.runtimes.getIamPolicy

notebooks.runtimes.list

notebooks.schedules.create

notebooks.schedules.get

notebooks.schedules.getIamPolicy

notebooks.schedules.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

(roles/notebooks.viewer)

拥有对笔记本中所有资源的只读权限。

您可以授予此角色的最低级层资源:

  • 实例

compute.acceleratorTypes.*

  • compute.acceleratorTypes.get
  • compute.acceleratorTypes.list

compute.addresses.get

compute.addresses.list

compute.autoscalers.get

compute.autoscalers.list

compute.backendBuckets.get

compute.backendBuckets.list

compute.backendServices.get

compute.backendServices.getIamPolicy

compute.backendServices.list

compute.commitments.get

compute.commitments.list

compute.diskTypes.*

  • compute.diskTypes.get
  • compute.diskTypes.list

compute.disks.get

compute.disks.getIamPolicy

compute.disks.list

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.externalVpnGateways.get

compute.externalVpnGateways.list

compute.firewallPolicies.get

compute.firewallPolicies.getIamPolicy

compute.firewallPolicies.list

compute.firewalls.get

compute.firewalls.list

compute.forwardingRules.get

compute.forwardingRules.list

compute.globalAddresses.get

compute.globalAddresses.list

compute.globalForwardingRules.get

compute.globalForwardingRules.list

compute.globalForwardingRules.pscGet

compute.globalNetworkEndpointGroups.get

compute.globalNetworkEndpointGroups.list

compute.globalOperations.get

compute.globalOperations.getIamPolicy

compute.globalOperations.list

compute.globalPublicDelegatedPrefixes.get

compute.globalPublicDelegatedPrefixes.list

compute.healthChecks.get

compute.healthChecks.list

compute.httpHealthChecks.get

compute.httpHealthChecks.list

compute.httpsHealthChecks.get

compute.httpsHealthChecks.list

compute.images.get

compute.images.getFromFamily

compute.images.getIamPolicy

compute.images.list

compute.images.listEffectiveTags

compute.images.listTagBindings

compute.instanceGroupManagers.get

compute.instanceGroupManagers.list

compute.instanceGroups.get

compute.instanceGroups.list

compute.instanceTemplates.get

compute.instanceTemplates.getIamPolicy

compute.instanceTemplates.list

compute.instances.get

compute.instances.getEffectiveFirewalls

compute.instances.getGuestAttributes

compute.instances.getIamPolicy

compute.instances.getScreenshot

compute.instances.getSerialPortOutput

compute.instances.getShieldedInstanceIdentity

compute.instances.getShieldedVmIdentity

compute.instances.list

compute.instances.listEffectiveTags

compute.instances.listReferrers

compute.instances.listTagBindings

compute.interconnectAttachments.get

compute.interconnectAttachments.list

compute.interconnectLocations.*

  • compute.interconnectLocations.get
  • compute.interconnectLocations.list

compute.interconnects.get

compute.interconnects.list

compute.licenseCodes.get

compute.licenseCodes.getIamPolicy

compute.licenseCodes.list

compute.licenses.get

compute.licenses.getIamPolicy

compute.licenses.list

compute.machineImages.get

compute.machineImages.getIamPolicy

compute.machineImages.list

compute.machineTypes.*

  • compute.machineTypes.get
  • compute.machineTypes.list

compute.maintenancePolicies.get

compute.maintenancePolicies.getIamPolicy

compute.maintenancePolicies.list

compute.networkEndpointGroups.get

compute.networkEndpointGroups.getIamPolicy

compute.networkEndpointGroups.list

compute.networks.get

compute.networks.getEffectiveFirewalls

compute.networks.getRegionEffectiveFirewalls

compute.networks.list

compute.networks.listPeeringRoutes

compute.nodeGroups.get

compute.nodeGroups.getIamPolicy

compute.nodeGroups.list

compute.nodeTemplates.get

compute.nodeTemplates.getIamPolicy

compute.nodeTemplates.list

compute.nodeTypes.*

  • compute.nodeTypes.get
  • compute.nodeTypes.list

compute.organizations.listAssociations

compute.packetMirrorings.get

compute.packetMirrorings.list

compute.projects.get

compute.publicAdvertisedPrefixes.get

compute.publicAdvertisedPrefixes.list

compute.publicDelegatedPrefixes.get

compute.publicDelegatedPrefixes.list

compute.regionBackendServices.get

compute.regionBackendServices.getIamPolicy

compute.regionBackendServices.list

compute.regionFirewallPolicies.get

compute.regionFirewallPolicies.getIamPolicy

compute.regionFirewallPolicies.list

compute.regionHealthCheckServices.get

compute.regionHealthCheckServices.list

compute.regionHealthChecks.get

compute.regionHealthChecks.list

compute.regionNetworkEndpointGroups.get

compute.regionNetworkEndpointGroups.list

compute.regionNotificationEndpoints.get

compute.regionNotificationEndpoints.list

compute.regionOperations.get

compute.regionOperations.getIamPolicy

compute.regionOperations.list

compute.regionSslCertificates.get

compute.regionSslCertificates.list

compute.regionTargetHttpProxies.get

compute.regionTargetHttpProxies.list

compute.regionTargetHttpsProxies.get

compute.regionTargetHttpsProxies.list

compute.regionUrlMaps.get

compute.regionUrlMaps.list

compute.regionUrlMaps.validate

compute.regions.*

  • compute.regions.get
  • compute.regions.list

compute.reservations.get

compute.reservations.list

compute.resourcePolicies.get

compute.resourcePolicies.list

compute.routers.get

compute.routers.list

compute.routes.get

compute.routes.list

compute.securityPolicies.get

compute.securityPolicies.getIamPolicy

compute.securityPolicies.list

compute.serviceAttachments.get

compute.serviceAttachments.list

compute.snapshots.get

compute.snapshots.getIamPolicy

compute.snapshots.list

compute.snapshots.listEffectiveTags

compute.snapshots.listTagBindings

compute.sslCertificates.get

compute.sslCertificates.list

compute.sslPolicies.get

compute.sslPolicies.list

compute.sslPolicies.listAvailableFeatures

compute.subnetworks.get

compute.subnetworks.getIamPolicy

compute.subnetworks.list

compute.targetGrpcProxies.get

compute.targetGrpcProxies.list

compute.targetHttpProxies.get

compute.targetHttpProxies.list

compute.targetHttpsProxies.get

compute.targetHttpsProxies.list

compute.targetInstances.get

compute.targetInstances.list

compute.targetPools.get

compute.targetPools.list

compute.targetSslProxies.get

compute.targetSslProxies.list

compute.targetTcpProxies.get

compute.targetTcpProxies.list

compute.targetVpnGateways.get

compute.targetVpnGateways.list

compute.urlMaps.get

compute.urlMaps.list

compute.urlMaps.validate

compute.vpnGateways.get

compute.vpnGateways.list

compute.vpnTunnels.get

compute.vpnTunnels.list

compute.zoneOperations.get

compute.zoneOperations.getIamPolicy

compute.zoneOperations.list

compute.zones.*

  • compute.zones.get
  • compute.zones.list

notebooks.environments.get

notebooks.environments.getIamPolicy

notebooks.nvironments.list

notebooks.executions.get

notebooks.executions.getIamPolicy

notebooks.executions.list

notebooks.instances.checkUpgradability

notebooks.instances.get

notebooks.instances.getHealth

notebooks.instances.getIamPolicy

notebooks.instances.list

notebooks.locations.*

  • notebooks.locations.get
  • notebooks.locations.list

notebooks.operations.get

notebooks.operations.list

notebooks.runtimes.get

notebooks.runtimes.getIamPolicy

notebooks.runtimes.list

notebooks.schedules.get

notebooks.schedules.getIamPolicy

notebooks.schedules.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

AI Platform 角色

角色 权限

roles/ml.admin

提供 AI Platform 资源及其作业、操作、模型和版本的完整访问权限。

您可以授予此角色的最低级层资源:

  • 项目

包含 3 项所有者权限

ml.*

  • ml.jobs.cancel
  • ml.jobs.create
  • ml.jobs.get
  • ml.jobs.getIamPolicy
  • ml.jobs.list
  • ml.jobs.setIamPolicy
  • ml.jobs.update
  • ml.locations.get
  • ml.locations.list
  • ml.models.create
  • ml.models.delete
  • ml.models.get
  • ml.models.getIamPolicy
  • ml.models.list
  • ml.models.predict
  • ml.models.setIamPolicy
  • ml.models.update
  • ml.operations.cancel
  • ml.operations.get
  • ml.operations.list
  • ml.projects.getConfig
  • ml.studies.create
  • ml.studies.delete
  • ml.studies.get
  • ml.studies.getIamPolicy
  • ml.studies.list
  • ml.studies.setIamPolicy
  • ml.trials.create
  • ml.trials.delete
  • ml.trials.get
  • ml.trials.list
  • ml.trials.update
  • ml.versions.create
  • ml.versions.delete
  • ml.versions.get
  • ml.versions.list
  • ml.versions.predict
  • ml.versions.update

resourcemanager.projects.get

roles/ml.developer

能够使用 AI Platform 资源创建模型、版本、作业,以用于训练和预测以及发送在线预测请求。

您可以授予此角色的最低级层资源:

  • 项目

包含 1 项所有者权限

ml.jobs.create

ml.jobs.get

ml.jobs.getIamPolicy

ml.jobs.list

ml.locations.*

  • ml.locations.get
  • ml.locations.list

ml.models.create

ml.models.get

ml.models.getIamPolicy

ml.models.list

ml.models.predict

ml.operations.get

ml.operations.list

ml.projects.getConfig

ml.studies.*

  • ml.studies.create
  • ml.studies.delete
  • ml.studies.get
  • ml.studies.getIamPolicy
  • ml.studies.list
  • ml.studies.setIamPolicy

ml.trials.*

  • ml.trials.create
  • ml.trials.delete
  • ml.trials.get
  • ml.trials.list
  • ml.trials.update

ml.versions.get

ml.versions.list

ml.versions.predict

resourcemanager.projects.get

roles/ml.jobOwner

提供特定作业资源的所有权限的完整访问权限。系统会自动向创建该作业的用户授予此角色。

您可以授予此角色的最低级层资源:

  • 作业

包含 1 项所有者权限

ml.jobs.*

  • ml.jobs.cancel
  • ml.jobs.create
  • ml.jobs.get
  • ml.jobs.getIamPolicy
  • ml.jobs.list
  • ml.jobs.setIamPolicy
  • ml.jobs.update

roles/ml.modelOwner

提供模型及其版本的完整访问权限。系统会将此角色自动授予创建模型的用户。

您可以授予此角色的最低级层资源:

  • 模型

包含 1 项所有者权限

ml.models.*

  • ml.models.create
  • ml.models.delete
  • ml.models.get
  • ml.models.getIamPolicy
  • ml.models.list
  • ml.models.predict
  • ml.models.setIamPolicy
  • ml.models.update

ml.versions.*

  • ml.versions.create
  • ml.versions.delete
  • ml.versions.get
  • ml.versions.list
  • ml.versions.predict
  • ml.versions.update

roles/ml.modelUser

提供读取模型及其版本并使用其进行预测的权限。

您可以授予此角色的最低级层资源:

  • 模型

ml.models.get

ml.models.predict

ml.versions.get

ml.versions.list

ml.versions.predict

roles/ml.operationOwner

提供对特定操作资源的所有权限的完整访问权限。

您可以授予此角色的最低级层资源:

  • 操作

ml.operations.*

  • ml.operations.cancel
  • ml.operations.get
  • ml.operations.list

roles/ml.viewer

提供 AI Platform 资源的只读权限。

您可以授予此角色的最低级层资源:

  • 项目

ml.jobs.get

ml.jobs.list

ml.locations.*

  • ml.locations.get
  • ml.locations.list

ml.models.get

ml.models.list

ml.operations.get

ml.operations.list

ml.projects.getConfig

ml.studies.get

ml.studies.getIamPolicy

ml.studies.list

ml.trials.get

ml.trials.list

ml.versions.get

ml.versions.list

resourcemanager.projects.get

Analytics Hub 角色

角色 权限

roles/analyticshub.admin

可以管理数据交换和清单

包含 2 项所有者权限

analyticshub.dataExchanges.*

  • analyticshub.dataExchanges.create
  • analyticshub.dataExchanges.delete
  • analyticshub.dataExchanges.get
  • analyticshub.dataExchanges.getIamPolicy
  • analyticshub.dataExchanges.list
  • analyticshub.dataExchanges.setIamPolicy
  • analyticshub.dataExchanges.update

analyticshub.listings.create

analyticshub.listings.delete

analyticshub.listings.get

analyticshub.listings.getIamPolicy

analyticshub.listings.list

analyticshub.listings.setIamPolicy

analyticshub.listings.update

resourcemanager.projects.get

resourcemanager.projects.list

roles/analyticshub.listingAdmin

授予对商家信息的完全控制权,包括更新、删除和设置 ACL

包含 1 项所有者权限

analyticshub.dataExchanges.get

analyticshub.dataExchanges.getIamPolicy

analyticshub.dataExchanges.list

analyticshub.listings.delete

analyticshub.listings.get

analyticshub.listings.getIamPolicy

analyticshub.listings.list

analyticshub.listings.setIamPolicy

analyticshub.listings.update

resourcemanager.projects.get

resourcemanager.projects.list

roles/analyticshub.publisher

可以发布到数据交换,从而创建清单

analyticshub.dataExchanges.get

analyticshub.dataExchanges.getIamPolicy

analyticshub.dataExchanges.list

analyticshub.listings.create

analyticshub.listings.get

analyticshub.listings.getIamPolicy

analyticshub.listings.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/analyticshub.subscriber

可以浏览数据交换并订阅清单

包含 1 项所有者权限

analyticshub.dataExchanges.get

analyticshub.dataExchanges.getIamPolicy

analyticshub.dataExchanges.list

analyticshub.listings.get

analyticshub.listings.getIamPolicy

analyticshub.listings.list

analyticshub.listings.subscribe

resourcemanager.projects.get

resourcemanager.projects.list

roles/analyticshub.viewer

可以浏览数据交换和清单

analyticshub.dataExchanges.get

analyticshub.dataExchanges.getIamPolicy

analyticshub.dataExchanges.list

analyticshub.listings.get

analyticshub.listings.getIamPolicy

analyticshub.listings.list

resourcemanager.projects.get

resourcemanager.projects.list

Android 管理角色

角色 权限

roles/androidmanagement.user

拥有管理设备的完整权限。

androidmanagement.enterprises.manage

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Anthos 多云端角色

角色 权限

roles/gkemulticloud.admin

可以管理 Anthos 多云资源。

包含 2 项所有者权限

gkemulticloud.*

  • gkemulticloud.awsClusters.create
  • gkemulticloud.awsClusters.delete
  • gkemulticloud.awsClusters.generateAccessToken
  • gkemulticloud.awsClusters.get
  • gkemulticloud.awsClusters.getAdminKubeconfig
  • gkemulticloud.awsClusters.list
  • gkemulticloud.awsClusters.update
  • gkemulticloud.awsNodePools.create
  • gkemulticloud.awsNodePools.delete
  • gkemulticloud.awsNodePools.get
  • gkemulticloud.awsNodePools.list
  • gkemulticloud.awsNodePools.update
  • gkemulticloud.awsServerConfigs.get
  • gkemulticloud.azureClients.create
  • gkemulticloud.azureClients.delete
  • gkemulticloud.azureClients.get
  • gkemulticloud.azureClients.list
  • gkemulticloud.azureClusters.create
  • gkemulticloud.azureClusters.delete
  • gkemulticloud.azureClusters.generateAccessToken
  • gkemulticloud.azureClusters.get
  • gkemulticloud.azureClusters.getAdminKubeconfig
  • gkemulticloud.azureClusters.list
  • gkemulticloud.azureClusters.update
  • gkemulticloud.azureNodePools.create
  • gkemulticloud.azureNodePools.delete
  • gkemulticloud.azureNodePools.get
  • gkemulticloud.azureNodePools.list
  • gkemulticloud.azureNodePools.update
  • gkemulticloud.azureServerConfigs.get
  • gkemulticloud.operations.cancel
  • gkemulticloud.operations.delete
  • gkemulticloud.operations.get
  • gkemulticloud.operations.list
  • gkemulticloud.operations.wait

resourcemanager.projects.get

resourcemanager.projects.list

roles/gkemulticloud.telemetryWriter

授予写入集群遥测数据(例如日志、指标和资源元数据)的权限。

logging.logEntries.create

monitoring.metricDescriptors.create

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

  • monitoring.monitoredResourceDescriptors.get
  • monitoring.monitoredResourceDescriptors.list

monitoring.timeSeries.create

opsconfigmonitoring.resourceMetadata.write

roles/gkemulticloud.viewer

可以查看 Anthos 多云资源。

gkemulticloud.awsClusters.generateAccessToken

gkemulticloud.awsClusters.get

gkemulticloud.awsClusters.list

gkemulticloud.awsNodePools.get

gkemulticloud.awsNodePools.list

gkemulticloud.awsServerConfigs.get

gkemulticloud.azureClients.get

gkemulticloud.azureClients.list

gkemulticloud.azureClusters.generateAccessToken

gkemulticloud.azureClusters.get

gkemulticloud.azureClusters.list

gkemulticloud.azureNodePools.get

gkemulticloud.azureNodePools.list

gkemulticloud.azureServerConfigs.get

gkemulticloud.operations.get

gkemulticloud.operations.list

gkemulticloud.operations.wait

resourcemanager.projects.get

resourcemanager.projects.list

API Gateway 角色

角色 权限

roles/apigateway.admin

拥有对 ApiGateway 及相关资源的完全访问权限。

包含 3 项所有者权限

apigateway.*

  • apigateway.apiconfigs.create
  • apigateway.apiconfigs.delete
  • apigateway.apiconfigs.get
  • apigateway.apiconfigs.getIamPolicy
  • apigateway.apiconfigs.list
  • apigateway.apiconfigs.setIamPolicy
  • apigateway.apiconfigs.update
  • apigateway.apis.create
  • apigateway.apis.delete
  • apigateway.apis.get
  • apigateway.apis.getIamPolicy
  • apigateway.apis.list
  • apigateway.apis.setIamPolicy
  • apigateway.apis.update
  • apigateway.gateways.create
  • apigateway.gateways.delete
  • apigateway.gateways.get
  • apigateway.gateways.getIamPolicy
  • apigateway.gateways.list
  • apigateway.gateways.setIamPolicy
  • apigateway.gateways.update
  • apigateway.locations.get
  • apigateway.locations.list
  • apigateway.operations.cancel
  • apigateway.operations.delete
  • apigateway.operations.get
  • apigateway.operations.list

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.get

monitoring.timeSeries.list

resourcemanager.projects.get

resourcemanager.projects.list

servicemanagement.services.get

serviceusage.services.list

roles/apigateway.viewer

拥有对 ApiGateway 及相关资源的只读权限。

apigateway.apiconfigs.get

apigateway.apiconfigs.getIamPolicy

apigateway.apiconfigs.list

apigateway.apis.get

apigateway.apis.getIamPolicy

apigateway.apis.list

apigateway.gateways.get

apigateway.gateways.getIamPolicy

apigateway.gateways.list

apigateway.locations.*

  • apigateway.locations.get
  • apigateway.locations.list

apigateway.operations.get

apigateway.operations.list

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.get

monitoring.timeSeries.list

resourcemanager.projects.get

resourcemanager.projects.list

servicemanagement.services.get

serviceusage.services.list

Apigee 角色

角色 权限

roles/apigee.admin

拥有对所有 Apigee 资源功能的完全访问权限

包含 1 项所有者权限

apigee.*

  • apigee.apiproductattributes.createOrUpdateAll
  • apigee.apiproductattributes.delete
  • apigee.apiproductattributes.get
  • apigee.apiproductattributes.list
  • apigee.apiproductattributes.update
  • apigee.apiproducts.create
  • apigee.apiproducts.delete
  • apigee.apiproducts.get
  • apigee.apiproducts.list
  • apigee.apiproducts.update
  • apigee.appkeys.create
  • apigee.appkeys.delete
  • apigee.appkeys.get
  • apigee.appkeys.manage
  • apigee.apps.get
  • apigee.apps.list
  • apigee.archivedeployments.create
  • apigee.archivedeployments.delete
  • apigee.archivedeployments.download
  • apigee.archivedeployments.get
  • apigee.archivedeployments.list
  • apigee.archivedeployments.update
  • apigee.archivedeployments.upload
  • apigee.caches.delete
  • apigee.caches.list
  • apigee.canaryevaluations.create
  • apigee.canaryevaluations.get
  • apigee.datacollectors.create
  • apigee.datacollectors.delete
  • apigee.datacollectors.get
  • apigee.datacollectors.list
  • apigee.datacollectors.update
  • apigee.datalocation.get
  • apigee.datastores.create
  • apigee.datastores.delete
  • apigee.datastores.get
  • apigee.datastores.list
  • apigee.datastores.update
  • apigee.deployments.create
  • apigee.deployments.delete
  • apigee.deployments.get
  • apigee.deployments.list
  • apigee.deployments.update
  • apigee.developerappattributes.createOrUpdateAll
  • apigee.developerappattributes.delete
  • apigee.developerappattributes.get
  • apigee.developerappattributes.list
  • apigee.developerappattributes.update
  • apigee.developerapps.create
  • apigee.developelapps.delete
  • apigee.developerapps.get
  • apigee.developerapps.list
  • apigee.developerapps.manage
  • apigee.developerattributes.createOrUpdateAll
  • apigee.developerattributes.delete
  • apigee.developerattributes.get
  • apigee.developerattributes.list
  • apigee.developerattributes.update
  • apigee.developerbalances.adjust
  • apigee.developerbalances.get
  • apigee.developerbalances.update
  • apigee.developermonetizationconfigs.get
  • apigee.developermonetizationconfigs.update
  • apigee.developers.create
  • apigee.developers.delete
  • apigee.developers.get
  • apigee.developers.list
  • apigee.developers.update
  • apigee.developersubscriptions.create
  • apigee.developersubscriptions.get
  • apigee.developersubscriptions.list
  • apigee.developersubscriptions.update
  • apigee.endpointattachments.create
  • apigee.endpointattachments.delete
  • apigee.endpointattachments.get
  • apigee.endpointattachments.list
  • apigee.envgroupattachments.create
  • apigee.envgroupattachments.delete
  • apigee.envgroupattachments.get
  • apigee.envgroupattachments.list
  • apigee.envgroups.create
  • apigee.envgroups.delete
  • apigee.envgroups.get
  • apigee.envgroups.list
  • apigee.envgroups.update
  • apigee.environments.create
  • apigee.environments.delete
  • apigee.environments.get
  • apigee.environments.getDataLocation
  • apigee.environments.getIamPolicy
  • apigee.environments.getStats
  • apigee.environments.list
  • apigee.environments.manageRuntime
  • apigee.environments.setIamPolicy
  • apigee.environments.update
  • apigee.exports.create
  • apigee.exports.get
  • apigee.exports.list
  • apigee.flowhooks.attachSharedFlow
  • apigee.flowhooks.detachSharedFlow
  • apigee.flowhooks.getSharedFlow
  • apigee.flowhooks.list
  • apigee.hostqueries.create
  • apigee.hostqueries.get
  • apigee.hostqueries.list
  • apigee.hostsecurityreports.create
  • apigee.hostsecurityreports.get
  • apigee.hostsecurityreports.list
  • apigee.hoststats.get
  • apigee.ingressconfigs.get
  • apigee.instanceattachments.create
  • apigee.instanceattachments.delete
  • apigee.instanceattachments.get
  • apigee.instanceattachments.list
  • apigee.instances.create
  • apigee.instances.delete
  • apigee.instances.get
  • apigee.instances.list
  • apigee.instances.reportStatus
  • apigee.keystorealiases.create
  • apigee.keystorealiases.delete
  • apigee.keystorealiases.exportCertificate
  • apigee.keystorealiases.generateCSR
  • apigee.keystorealiases.get
  • apigee.keystorealiases.list
  • apigee.keystorealiases.update
  • apigee.keystores.create
  • apigee.keystores.delete
  • apigee.keystores.export
  • apigee.keystores.get
  • apigee.keystores.list
  • apigee.keyvaluemapentries.create
  • apigee.keyvaluemapentries.delete
  • apigee.keyvaluemapentries.get
  • apigee.keyvaluemapentries.list
  • apigee.keyvaluemaps.create
  • apigee.keyvaluemaps.delete
  • apigee.keyvaluemaps.list
  • apigee.maskconfigs.get
  • apigee.maskconfigs.update
  • apigee.operations.get
  • apigee.operations.list
  • apigee.organizations.create
  • apigee.organizations.delete
  • apigee.organizations.get
  • apigee.organizations.list
  • apigee.organizations.update
  • apigee.portals.create
  • apigee.portals.delete
  • apigee.portals.get
  • apigee.portals.list
  • apigee.portals.update
  • apigee.projects.update
  • apigee.proxies.create
  • apigee.proxies.delete
  • apigee.proxies.get
  • apigee.proxies.list
  • apigee.proxies.update
  • apigee.proxyrevisions.delete
  • apigee.proxyrevisions.deploy
  • apigee.proxyrevisions.get
  • apigee.proxyrevisions.list
  • apigee.proxyrevisions.undeploy
  • apigee.proxyrevisions.update
  • apigee.queries.create
  • apigee.queries.get
  • apigee.queries.list
  • apigee.rateplans.create
  • apigee.rateplans.delete
  • apigee.rateplans.get
  • apigee.rateplans.list
  • apigee.rateplans.update
  • apigee.references.create
  • apigee.references.delete
  • apigee.references.get
  • apigee.references.list
  • apigee.references.update
  • apigee.reports.create
  • apigee.reports.delete
  • apigee.reports.get
  • apigee.reports.list
  • apigee.reports.update
  • apigee.resourcefiles.create
  • apigee.resourcefiles.delete
  • apigee.resourcefiles.get
  • apigee.resourcefiles.list
  • apigee.resourcefiles.update
  • apigee.runtimeconfigs.get
  • apigee.securityProfileEnvironments.computeScore
  • apigee.securityProfileEnvironments.create
  • apigee.securityProfileEnvironments.delete
  • apigee.securityProfiles.get
  • apigee.securityProfiles.list
  • apigee.securityStats.queryTabularStats
  • apigee.securityStats.queryTimeSeriesStats
  • apigee.securityreports.create
  • apigee.securityreports.get
  • apigee.securityreports.list
  • apigee.sharedflowrevisions.delete
  • apigee.sharedflowrevisions.deploy
  • apigee.sharedflowrevisions.get
  • apigee.sharedflowrevisions.list
  • apigee.sharedflowrevisions.undeploy
  • apigee.sharedflowrevisions.update
  • apigee.sharedflows.create
  • apigee.sharedflows.delete
  • apigee.sharedflows.get
  • apigee.sharedflows.list
  • apigee.targetservers.create
  • apigee.targetservers.delete
  • apigee.targetservers.get
  • apigee.targetservers.list
  • apigee.targetservers.update
  • apigee.tracesessions.create
  • apigee.tracesessions.delete
  • apigee.tracesessions.get
  • apigee.tracesessions.list

monitoring.timeSeries.list

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

resourcemanager.projects.list

roles/apigee.analyticsAgent

提供一组特选权限,可让 Apigee Universal Data Collection Agent 管理 Apigee 组织的分析数据

apigee.datalocation.get

apigee.environments.getDataLocation

apigee.runtimeconfigs.get

roles/apigee.analyticsEditor

可修改 Apigee 组织的分析数据

apigee.datacollectors.*

  • apigee.datacollectors.create
  • apigee.datacollectors.delete
  • apigee.datacollectors.get
  • apigee.datacollectors.list
  • apigee.datacollectors.update

apigee.datastores.*

  • apigee.datastores.create
  • apigee.datastores.delete
  • apigee.datastores.get
  • apigee.datastores.list
  • apigee.datastores.update

apigee.envgroupattachments.get

apigee.envgroupattachments.list

apigee.envgroups.get

apigee.envgroups.list

apigee.environments.get

apigee.environments.getStats

apigee.environments.list

apigee.exports.*

  • apigee.exports.create
  • apigee.exports.get
  • apigee.exports.list

apigee.hostqueries.*

  • apigee.hostqueries.create
  • apigee.hostqueries.get
  • apigee.hostqueries.list

apigee.hoststats.get

apigee.organizations.get

apigee.organizations.list

apigee.queries.*

  • apigee.queries.create
  • apigee.queries.get
  • apigee.queries.list

apigee.reports.*

  • apigee.reports.create
  • apigee.reports.delete
  • apigee.reports.get
  • apigee.reports.list
  • apigee.reports.update

resourcemanager.projects.get

resourcemanager.projects.list

roles/apigee.analyticsViewer

可查看 Apigee 组织的分析数据

apigee.datacollectors.get

apigee.datacollectors.list

apigee.datastores.get

apigee.datastores.list

apigee.envgroupattachments.get

apigee.envgroupattachments.list

apigee.envgroups.get

apigee.envgroups.list

apigee.environments.get

apigee.environments.getStats

apigee.environments.list

apigee.exports.get

apigee.exports.list

apigee.hostqueries.get

apigee.hostqueries.list

apigee.hoststats.get

apigee.organizations.get

apigee.organizations.list

apigee.queries.get

apigee.queries.list

apigee.reports.get

apigee.reports.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/apigee.apiAdminV2

拥有对所有 Apigee API 资源的完整读写权限

apigee.apiproductattributes.*

  • apigee.apiproductattributes.createOrUpdateAll
  • apigee.apiproductattributes.delete
  • apigee.apiproductattributes.get
  • apigee.apiproductattributes.list
  • apigee.apiproductattributes.update

apigee.apiproducts.*

  • apigee.apiproducts.create
  • apigee.apiproducts.delete
  • apigee.apiproducts.get
  • apigee.apiproducts.list
  • apigee.apiproducts.update

apigee.envgroupattachments.get

apigee.envgroupattachments.list

apigee.envgroups.get

apigee.envgroups.list

apigee.environments.get

apigee.environments.getStats

apigee.environments.list

apigee.keyvaluemapentries.*

  • apigee.keyvaluemapentries.create
  • apigee.keyvaluemapentries.delete
  • apigee.keyvaluemapentries.get
  • apigee.keyvaluemapentries.list

apigee.keyvaluemaps.*

  • apigee.keyvaluemaps.create
  • apigee.keyvaluemaps.delete
  • apigee.keyvaluemaps.list

apigee.organizations.get

apigee.organizations.list

apigee.proxies.*

  • apigee.proxies.create
  • apigee.proxies.delete
  • apigee.proxies.get
  • apigee.proxies.list
  • apigee.proxies.update

apigee.proxyrevisions.*

  • apigee.proxyrevisions.delete
  • apigee.proxyrevisions.deploy
  • apigee.proxyrevisions.get
  • apigee.proxyrevisions.list
  • apigee.proxyrevisions.undeploy
  • apigee.proxyrevisions.update

apigee.sharedflowrevisions.*

  • apigee.sharedflowrevisions.delete
  • apigee.sharedflowrevisions.deploy
  • apigee.sharedflowrevisions.get
  • apigee.sharedflowrevisions.list
  • apigee.sharedflowrevisions.undeploy
  • apigee.sharedflowrevisions.update

apigee.sharedflows.*

  • apigee.sharedflows.create
  • apigee.sharedflows.delete
  • apigee.sharedflows.get
  • apigee.sharedflows.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/apigee.apiReaderV2

可以读取 apigee 资源

apigee.apiproductattributes.get

apigee.apiproductattributes.list

apigee.apiproducts.get

apigee.apiproducts.list

apigee.envgroupattachments.get

apigee.envgroupattachments.list

apigee.envgroups.get

apigee.envgroups.list

apigee.environments.get

apigee.environments.getStats

apigee.environments.list

apigee.keyvaluemapentries.get

apigee.keyvaluemapentries.list

apigee.keyvaluemaps.list

apigee.organizations.get

apigee.organizations.list

apigee.proxies.get

apigee.proxies.list

apigee.proxyrevisions.deploy

apigee.proxyrevisions.get

apigee.proxyrevisions.list

apigee.proxyrevisions.undeploy

apigee.sharedflowrevisions.deploy

apigee.sharedflowrevisions.get

apigee.sharedflowrevisions.list

apigee.sharedflowrevisions.undeploy

apigee.sharedflows.get

apigee.sharedflows.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/apigee.developerAdmin

可管理 Apigee 资源开发者

apigee.apiproductattributes.get

apigee.apiproductattributes.list

apigee.apiproducts.get

apigee.apiproducts.list

apigee.appkeys.*

  • apigee.appkeys.create
  • apigee.appkeys.delete
  • apigee.appkeys.get
  • apigee.appkeys.manage

apigee.apps.*

  • apigee.apps.get
  • apigee.apps.list

apigee.datacollectors.*

  • apigee.datacollectors.create
  • apigee.datacollectors.delete
  • apigee.datacollectors.get
  • apigee.datacollectors.list
  • apigee.datacollectors.update

apigee.developerappattributes.*

  • apigee.developerappattributes.createOrUpdateAll
  • apigee.developerappattributes.delete
  • apigee.developerappattributes.get
  • apigee.developerappattributes.list
  • apigee.developerappattributes.update

apigee.developerapps.*

  • apigee.developerapps.create
  • apigee.developelapps.delete
  • apigee.developerapps.get
  • apigee.developerapps.list
  • apigee.developerapps.manage

apigee.developerattributes.*

  • apigee.developerattributes.createOrUpdateAll
  • apigee.developerattributes.delete
  • apigee.developerattributes.get
  • apigee.developerattributes.list
  • apigee.developerattributes.update

apigee.developerbalances.*

  • apigee.developerbalances.adjust
  • apigee.developerbalances.get
  • apigee.developerbalances.update

apigee.developermonetizationconfigs.*

  • apigee.developermonetizationconfigs.get
  • apigee.developermonetizationconfigs.update

apigee.developers.*

  • apigee.developers.create
  • apigee.developers.delete
  • apigee.developers.get
  • apigee.developers.list
  • apigee.developers.update

apigee.developersubscriptions.*

  • apigee.developersubscriptions.create
  • apigee.developersubscriptions.get
  • apigee.developersubscriptions.list
  • apigee.developersubscriptions.update

apigee.environments.get

apigee.environments.getStats

apigee.hoststats.get

apigee.organizations.get

apigee.organizations.list

apigee.rateplans.get

apigee.rateplans.list

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

resourcemanager.projects.list

roles/apigee.environmentAdmin

拥有对 Apigee 环境资源(包括部署)的完整读写权限。

包含 1 项所有者权限

apigee.archivedeployments.*

  • apigee.archivedeployments.create
  • apigee.archivedeployments.delete
  • apigee.archivedeployments.download
  • apigee.archivedeployments.get
  • apigee.archivedeployments.list
  • apigee.archivedeployments.update
  • apigee.archivedeployments.upload

apigee.datacollectors.get

apigee.datacollectors.list

apigee.deployments.*

  • apigee.deployments.create
  • apigee.deployments.delete
  • apigee.deployments.get
  • apigee.deployments.list
  • apigee.deployments.update

apigee.envgroupattachments.get

apigee.envgroupattachments.list

apigee.envgroups.get

apigee.envgroups.list

apigee.environments.get

apigee.environments.getIamPolicy

apigee.environments.getStats

apigee.environments.list

apigee.environments.setIamPolicy

apigee.environments.update

apigee.flowhooks.*

  • apigee.flowhooks.attachSharedFlow
  • apigee.flowhooks.detachSharedFlow
  • apigee.flowhooks.getSharedFlow
  • apigee.flowhooks.list

apigee.ingressconfigs.get

apigee.keystorealiases.*

  • apigee.keystorealiases.create
  • apigee.keystorealiases.delete
  • apigee.keystorealiases.exportCertificate
  • apigee.keystorealiases.generateCSR
  • apigee.keystorealiases.get
  • apigee.keystorealiases.list
  • apigee.keystorealiases.update

apigee.keystores.*

  • apigee.keystores.create
  • apigee.keystores.delete
  • apigee.keystores.export
  • apigee.keystores.get
  • apigee.keystores.list

apigee.keyvaluemaps.*

  • apigee.keyvaluemaps.create
  • apigee.keyvaluemaps.delete
  • apigee.keyvaluemaps.list

apigee.maskconfigs.*

  • apigee.maskconfigs.get
  • apigee.maskconfigs.update

apigee.organizations.get

apigee.organizations.list

apigee.proxies.get

apigee.proxies.list

apigee.proxyrevisions.deploy

apigee.proxyrevisions.get

apigee.proxyrevisions.list

apigee.proxyrevisions.undeploy

apigee.references.*

  • apigee.references.create
  • apigee.references.delete
  • apigee.references.get
  • apigee.references.list
  • apigee.references.update

apigee.resourcefiles.*

  • apigee.resourcefiles.create
  • apigee.resourcefiles.delete
  • apigee.resourcefiles.get
  • apigee.resourcefiles.list
  • apigee.resourcefiles.update

apigee.sharedflowrevisions.deploy

apigee.sharedflowrevisions.get

apigee.sharedflowrevisions.list

apigee.sharedflowrevisions.undeploy

apigee.sharedflows.get

apigee.sharedflows.list

apigee.targetservers.*

  • apigee.targetservers.create
  • apigee.targetservers.delete
  • apigee.targetservers.get
  • apigee.targetservers.list
  • apigee.targetservers.update

apigee.tracesessions.*

  • apigee.tracesessions.create
  • apigee.tracesessions.delete
  • apigee.tracesessions.get
  • apigee.tracesessions.list

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

resourcemanager.projects.list

roles/apigee.monetizationAdmin

与获利相关的所有权限

apigee.apiproducts.get

apigee.apiproducts.list

apigee.developerbalances.*

  • apigee.developerbalances.adjust
  • apigee.developerbalances.get
  • apigee.developerbalances.update

apigee.developermonetizationconfigs.*

  • apigee.developermonetizationconfigs.get
  • apigee.developermonetizationconfigs.update

apigee.developersubscriptions.*

  • apigee.developersubscriptions.create
  • apigee.developersubscriptions.get
  • apigee.developersubscriptions.list
  • apigee.developersubscriptions.update

apigee.organizations.get

apigee.organizations.list

apigee.rateplans.*

  • apigee.rateplans.create
  • apigee.rateplans.delete
  • apigee.rateplans.get
  • apigee.rateplans.list
  • apigee.rateplans.update

resourcemanager.projects.get

resourcemanager.projects.list

roles/apigee.portalAdmin

可以管理 Apigee 组织的门户

apigee.organizations.get

apigee.organizations.list

apigee.portals.*

  • apigee.portals.create
  • apigee.portals.delete
  • apigee.portals.get
  • apigee.portals.list
  • apigee.portals.update

resourcemanager.projects.get

resourcemanager.projects.list

roles/apigee.readOnlyAdmin

可查看所有 Apigee 资源

apigee.apiproductattributes.get

apigee.apiproductattributes.list

apigee.apiproducts.get

apigee.apiproducts.list

apigee.appkeys.get

apigee.apps.*

  • apigee.apps.get
  • apigee.apps.list

apigee.archivedeployments.download

apigee.archivedeployments.get

apigee.archivedeployments.list

apigee.caches.list

apigee.canaryevaluations.get

apigee.datacollectors.get

apigee.datacollectors.list

apigee.datalocation.get

apigee.datastores.get

apigee.datastores.list

apigee.deployments.get

apigee.deployments.list

apigee.developerappattributes.get

apigee.developerappattributes.list

apigee.developerapps.get

apigee.developerapps.list

apigee.developerattributes.get

apigee.developerattributes.list

apigee.developerbalances.get

apigee.developermonetizationconfigs.get

apigee.developers.get

apigee.developers.list

apigee.developersubscriptions.get

apigee.developersubscriptions.list

apigee.endpointattachments.get

apigee.endpointattachments.list

apigee.envgroupattachments.get

apigee.envgroupattachments.list

apigee.envgroups.get

apigee.envgroups.list

apigee.environments.get

apigee.environments.getDataLocation

apigee.environments.getIamPolicy

apigee.environments.getStats

apigee.environments.list

apigee.exports.get

apigee.exports.list

apigee.flowhooks.getSharedFlow

apigee.flowhooks.list

apigee.hostqueries.get

apigee.hostqueries.list

apigee.hostsecurityreports.get

apigee.hostsecurityreports.list

apigee.hoststats.get

apigee.ingressconfigs.get

apigee.instanceattachments.get

apigee.instanceattachments.list

apigee.instances.get

apigee.instances.list

apigee.keystorealiases.get

apigee.keystorealiases.list

apigee.keystores.get

apigee.keystores.list

apigee.keyvaluemapentries.get

apigee.keyvaluemapentries.list

apigee.keyvaluemaps.list

apigee.maskconfigs.get

apigee.operations.*

  • apigee.operations.get
  • apigee.operations.list

apigee.organizations.get

apigee.organizations.list

apigee.portals.get

apigee.portals.list

apigee.proxies.get

apigee.proxies.list

apigee.proxyrevisions.get

apigee.proxyrevisions.list

apigee.queries.get

apigee.queries.list

apigee.rateplans.get

apigee.rateplans.list

apigee.references.get

apigee.references.list

apigee.reports.get

apigee.reports.list

apigee.resourcefiles.get

apigee.resourcefiles.list

apigee.runtimeconfigs.get

apigee.securityProfileEnvironments.computeScore

apigee.securityProfiles.*

  • apigee.securityProfiles.get
  • apigee.securityProfiles.list

apigee.securityStats.*

  • apigee.securityStats.queryTabularStats
  • apigee.securityStats.queryTimeSeriesStats

apigee.securityreports.get

apigee.securityreports.list

apigee.sharedflowrevisions.get

apigee.sharedflowrevisions.list

apigee.sharedflows.get

apigee.sharedflows.list

apigee.targetservers.get

apigee.targetservers.list

apigee.tracesessions.get

apigee.tracesessions.list

monitoring.timeSeries.list

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

resourcemanager.projects.list

roles/apigee.runtimeAgent

提供一组特选权限,可让运行时代理访问 Apigee 组织资源

apigee.canaryevaluations.*

  • apigee.canaryevaluations.create
  • apigee.canaryevaluations.get

apigee.ingressconfigs.get

apigee.instances.reportStatus

apigee.operations.*

  • apigee.operations.get
  • apigee.operations.list

apigee.organizations.get

apigee.runtimeconfigs.get

roles/apigee.securityAdmin

可以管理 Apigee 组织的安全设置

apigee.envgroupattachments.get

apigee.envgroupattachments.list

apigee.envgroups.get

apigee.envgroups.list

apigee.environments.get

apigee.environments.list

apigee.hostsecurityreports.*

  • apigee.hostsecurityreports.create
  • apigee.hostsecurityreports.get
  • apigee.hostsecurityreports.list

apigee.organizations.get

apigee.organizations.list

apigee.securityProfileEnvironments.*

  • apigee.securityProfileEnvironments.computeScore
  • apigee.securityProfileEnvironments.create
  • apigee.securityProfileEnvironments.delete

apigee.securityProfiles.*

  • apigee.securityProfiles.get
  • apigee.securityProfiles.list

apigee.securityStats.*

  • apigee.securityStats.queryTabularStats
  • apigee.securityStats.queryTimeSeriesStats

apigee.securityreports.*

  • apigee.securityreports.create
  • apigee.securityreports.get
  • apigee.securityreports.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/apigee.securityViewer

可查看 Apigee 组织的安全设置

apigee.envgroupattachments.get

apigee.envgroupattachments.list

apigee.envgroups.get

apigee.envgroups.list

apigee.environments.get

apigee.environments.list

apigee.hostsecurityreports.get

apigee.hostsecurityreports.list

apigee.organizations.get

apigee.organizations.list

apigee.securityProfileEnvironments.computeScore

apigee.securityProfiles.*

  • apigee.securityProfiles.get
  • apigee.securityProfiles.list

apigee.securityStats.*

  • apigee.securityStats.queryTabularStats
  • apigee.securityStats.queryTimeSeriesStats

apigee.securityreports.get

apigee.securityreports.list

resourcemanager.projects.get

resourcemanager.projects.list

roles/apigee.synchronizerManager

提供一组特选权限,可让 Synchronizer 管理 Apigee 组织中的环境

apigee.environments.get

apigee.environments.manageRuntime

apigee.ingressconfigs.get

roles/apigeeconnect.Admin

可以管理 Apigee Connect

apigeeconnect.connections.list

roles/apigeeconnect.Agent

能够在外部集群和 Google 之间设置 Apigee Connect 代理。

apigeeconnect.endpoints.connect

Apigee Registry 角色

角色 权限

roles/apigeeregistry.admin

拥有对 Cloud Apigee Registry 和运行时资源的完整访问权限。

包含 4 项所有者权限

apigeeregistry.*

  • apigeeregistry.apis.create
  • apigeeregistry.apis.delete
  • apigeeregistry.apis.get
  • apigeeregistry.apis.getIamPolicy
  • apigeeregistry.apis.list
  • apigeeregistry.apis.setIamPolicy
  • apigeeregistry.apis.update
  • apigeeregistry.artifacts.create
  • apigeeregistry.artifacts.delete
  • apigeeregistry.artifacts.get
  • apigeeregistry.artifacts.getIamPolicy
  • apigeeregistry.artifacts.list
  • apigeeregistry.artifacts.setIamPolicy
  • apigeeregistry.artifacts.update
  • apigeeregistry.deployments.create
  • apigeeregistry.deployments.delete
  • apigeeregistry.deployments.get
  • apigeeregistry.deployments.list
  • apigeeregistry.deployments.update
  • apigeeregistry.instances.get
  • apigeeregistry.instances.update
  • apigeeregistry.locations.get
  • apigeeregistry.locations.list
  • apigeeregistry.operations.cancel
  • apigeeregistry.operations.delete
  • apigeeregistry.operations.get
  • apigeeregistry.operations.list
  • apigeeregistry.specs.create
  • apigeeregistry.specs.delete
  • apigeeregistry.specs.get
  • apigeeregistry.specs.getIamPolicy
  • apigeeregistry.specs.list
  • apigeeregistry.specs.setIamPolicy
  • apigeeregistry.specs.update
  • apigeeregistry.versions.create
  • apigeeregistry.versions.delete
  • apigeeregistry.versions.get
  • apigeeregistry.versions.getIamPolicy
  • apigeeregistry.versions.list
  • apigeeregistry.versions.setIamPolicy
  • apigeeregistry.versions.update

resourcemanager.projects.get

resourcemanager.projects.list

roles/apigeeregistry.editor

拥有对 Cloud Apigee Registry 资源的修改权限。

apigeeregistry.apis.create

apigeeregistry.apis.delete

apigeeregistry.apis.get

apigeeregistry.apis.getIamPolicy

apigeeregistry.apis.list

apigeeregistry.apis.update

apigeeregistry.artifacts.create

apigeeregistry.artifacts.delete

apigeeregistry.artifacts.get

apigeeregistry.artifacts.getIamPolicy

apigeeregistry.artifacts.list

apigeeregistry.artifacts.update