了解角色

本页面介绍 IAM 角色，并列出了您可以授予主帐号的预定义角色。

一个角色包含一组权限，可让您对 Google Cloud 资源执行特定操作。如需向主帐号（包括用户、群组和服务帐号）提供权限，您可以向主帐号授予角色。

本指南的先决条件

了解 IAM 的基本概念

角色类型

IAM 中有三种类型的角色：

基本角色：包括在引入 IAM 之前已存在的 Owner、Editor 和 Viewer 角色。
预定义角色：针对特定服务提供精细访问权限，并由 Google Cloud 管理。
自定义角色：根据用户指定的权限列表提供精细访问权限。

要确定基本角色、预定义角色或自定义角色中是否包含某项权限，您可以使用以下方法之一：

运行 gcloud iam roles describe 命令可以列出角色中的权限。
调用 roles.get() REST API 方法可以列出角色中的权限。
仅适用于基本角色和预定义角色：搜索权限参考以查看该角色是否授予权限。
仅适用于预定义角色：在本页上搜索预定义角色说明以查看该角色包含的权限。

以下各部分介绍了每种角色类型并提供了有关如何使用它们的示例。

基本角色

在引入 IAM 之前已存在多个基本角色：Owner、Editor 和 Viewer。这些角色是嵌套的；也就是说，Owner 角色具有 Editor 角色的权限，而 Editor 角色又具有 Viewer 角色的权限。它们最初称为“原初角色”。

下表汇总了基本角色针对所有 Google Cloud 服务所具有的权限：

基本角色定义

名称	称谓	权限
`roles/viewer`	Viewer	拥有执行不会影响状态的只读操作的权限，例如查看（但无法修改）现有资源或数据。
`roles/editor`	Editor	拥有所有查看权限，以及修改状态的操作（例如更改现有资源）的权限。注意：Editor 角色包含为大多数 Google Cloud 服务创建和删除资源的权限。但是，它不包含对所有服务执行所有操作的权限。如需详细了解如何检查某个角色是否具有您所需的权限，请参阅本页面中的角色类型。
`roles/owner`	所有者	拥有 Editor 的所有权限，此外还有权执行以下操作：管理项目和项目中所有资源的角色和权限。为项目设置结算。注意：在资源级层（如 Pub/Sub 主题）授予 Owner 角色并不会授予父级项目上的 Owner 角色。因此，在组织级层获授 Owner 角色后，您不能更新组织的元数据，不过您可以修改组织下的所有项目和其他资源。如需向组织外部的用户授予项目的 Owner 角色，您必须使用 Google Cloud 控制台，而不能使用 gcloud CLI。如果您的项目不属于组织，则必须使用 Google Cloud 控制台授予 Owner 角色。

您可以使用 Google Cloud 控制台、API 和 gcloud CLI 授予基本角色。如需授予项目、文件夹或组织的基本角色，请参阅管理对项目、文件夹和组织的访问权限。如需授予其他资源的基本角色，请参阅管理对其他资源的访问权限。

预定义角色

除了基本角色之外，IAM 还提供其他预定义角色，这些角色可提供对特定 Google Cloud 资源的精细访问权限，同时阻止对其他资源的不必要的访问。这些角色由 Google 创建和维护。Google 会根据需要自动更新其权限，例如 Google Cloud 添加新功能或服务时。

下表列出了这些角色、说明以及可设置这些角色的最低级层的资源类型。您可以为此资源类型授予特定角色，或者在大多数情况下可以为该类型在 Google Cloud 资源层次结构中的任何上级类型授予特定角色。

您可以在资源层次结构的任何级层向同一用户授予多个角色。例如，同一位用户可以拥有项目上的 Compute Network Admin 和 Logs Viewer 角色，并且对该项目中的 Pub/Sub 主题具有 Pub/Sub Publisher 角色。如需列出角色中包含的权限，请参阅获取角色元数据。

如需有关选择最合适的预定义角色的帮助，请参阅选择预定义角色。

Access Approval 角色

Role Permissions

Role	Permissions
Access Approval Approver ^Beta (`roles/accessapproval.approver`) Ability to view or act on access approval requests and view configuration	accessapproval.requests.* accessapproval.requests.approve accessapproval.requests.dismiss accessapproval.requests.get accessapproval.requests.invalidate accessapproval.requests.list accessapproval.serviceAccounts.get accessapproval.settings.get resourcemanager.projects.get resourcemanager.projects.list
Access Approval Config Editor ^Beta (`roles/accessapproval.configEditor`) Ability to update the Access Approval configuration	accessapproval.serviceAccounts.get accessapproval.settings.* accessapproval.settings.delete accessapproval.settings.get accessapproval.settings.update resourcemanager.projects.get resourcemanager.projects.list
Access Approval Invalidator ^Beta (`roles/accessapproval.invalidator`) Ability to invalidate existing approved approval requests	accessapproval.requests.invalidate accessapproval.serviceAccounts.get accessapproval.settings.get resourcemanager.projects.get resourcemanager.projects.list
Access Approval Viewer ^Beta (`roles/accessapproval.viewer`) Ability to view access approval requests and configuration	accessapproval.requests.get accessapproval.requests.list accessapproval.serviceAccounts.get accessapproval.settings.get resourcemanager.projects.get resourcemanager.projects.list

Access Approval Approver ^Beta

(roles/accessapproval.approver)

Ability to view or act on access approval requests and view configuration

accessapproval.requests.*

accessapproval.requests.approve
accessapproval.requests.dismiss
accessapproval.requests.get
accessapproval.requests.invalidate
accessapproval.requests.list

accessapproval.serviceAccounts.get

accessapproval.settings.get

resourcemanager.projects.get

resourcemanager.projects.list

Access Approval Config Editor ^Beta

(roles/accessapproval.configEditor)

Ability to update the Access Approval configuration

accessapproval.serviceAccounts.get

accessapproval.settings.*

accessapproval.settings.delete
accessapproval.settings.get
accessapproval.settings.update

resourcemanager.projects.get

resourcemanager.projects.list

Access Approval Invalidator ^Beta

(roles/accessapproval.invalidator)

Ability to invalidate existing approved approval requests

accessapproval.requests.invalidate

accessapproval.serviceAccounts.get

accessapproval.settings.get

resourcemanager.projects.get

resourcemanager.projects.list

Access Approval Viewer ^Beta

(roles/accessapproval.viewer)

Ability to view access approval requests and configuration

accessapproval.requests.get

accessapproval.requests.list

accessapproval.serviceAccounts.get

accessapproval.settings.get

resourcemanager.projects.get

resourcemanager.projects.list

Access Context Manager 角色

Role Permissions

Role	Permissions
Cloud Access Binding Admin (`roles/accesscontextmanager.gcpAccessAdmin`) Create, edit, and change Cloud access bindings.	accesscontextmanager.gcpUserAccessBindings.* accesscontextmanager.gcpUserAccessBindings.create accesscontextmanager.gcpUserAccessBindings.delete accesscontextmanager.gcpUserAccessBindings.get accesscontextmanager.gcpUserAccessBindings.list accesscontextmanager.gcpUserAccessBindings.update
Cloud Access Binding Reader (`roles/accesscontextmanager.gcpAccessReader`) Read access to Cloud access bindings.	accesscontextmanager.gcpUserAccessBindings.get accesscontextmanager.gcpUserAccessBindings.list
Access Context Manager Admin (`roles/accesscontextmanager.policyAdmin`) Full access to policies, access levels, access zones and authorized orgs descs.	accesscontextmanager.accessLevels.* accesscontextmanager.accessLevels.create accesscontextmanager.accessLevels.delete accesscontextmanager.accessLevels.get accesscontextmanager.accessLevels.list accesscontextmanager.accessLevels.replaceAll accesscontextmanager.accessLevels.update accesscontextmanager.accessPolicies.* accesscontextmanager.accessPolicies.create accesscontextmanager.accessPolicies.delete accesscontextmanager.accessPolicies.get accesscontextmanager.accessPolicies.getIamPolicy accesscontextmanager.accessPolicies.list accesscontextmanager.accessPolicies.setIamPolicy accesscontextmanager.accessPolicies.update accesscontextmanager.accessZones.* accesscontextmanager.accessZones.create accesscontextmanager.accessZones.delete accesscontextmanager.accessZones.get accesscontextmanager.accessZones.list accesscontextmanager.accessZones.update accesscontextmanager.authorizedOrgsDescs.* accesscontextmanager.authorizedOrgsDescs.create accesscontextmanager.authorizedOrgsDescs.delete accesscontextmanager.authorizedOrgsDescs.get accesscontextmanager.authorizedOrgsDescs.list accesscontextmanager.authorizedOrgsDescs.update accesscontextmanager.policies.* accesscontextmanager.policies.create accesscontextmanager.policies.delete accesscontextmanager.policies.get accesscontextmanager.policies.getIamPolicy accesscontextmanager.policies.list accesscontextmanager.policies.setIamPolicy accesscontextmanager.policies.update accesscontextmanager.servicePerimeters.* accesscontextmanager.servicePerimeters.commit accesscontextmanager.servicePerimeters.create accesscontextmanager.servicePerimeters.delete accesscontextmanager.servicePerimeters.get accesscontextmanager.servicePerimeters.list accesscontextmanager.servicePerimeters.replaceAll accesscontextmanager.servicePerimeters.update cloudasset.assets.searchAllResources resourcemanager.organizations.get resourcemanager.projects.get resourcemanager.projects.list
Access Context Manager Editor (`roles/accesscontextmanager.policyEditor`) Edit access to policies. Create, edit, and change access levels, access zones and authorized orgs descs.	accesscontextmanager.accessLevels.* accesscontextmanager.accessLevels.create accesscontextmanager.accessLevels.delete accesscontextmanager.accessLevels.get accesscontextmanager.accessLevels.list accesscontextmanager.accessLevels.replaceAll accesscontextmanager.accessLevels.update accesscontextmanager.accessPolicies.create accesscontextmanager.accessPolicies.delete accesscontextmanager.accessPolicies.get accesscontextmanager.accessPolicies.getIamPolicy accesscontextmanager.accessPolicies.list accesscontextmanager.accessPolicies.update accesscontextmanager.accessZones.* accesscontextmanager.accessZones.create accesscontextmanager.accessZones.delete accesscontextmanager.accessZones.get accesscontextmanager.accessZones.list accesscontextmanager.accessZones.update accesscontextmanager.authorizedOrgsDescs.* accesscontextmanager.authorizedOrgsDescs.create accesscontextmanager.authorizedOrgsDescs.delete accesscontextmanager.authorizedOrgsDescs.get accesscontextmanager.authorizedOrgsDescs.list accesscontextmanager.authorizedOrgsDescs.update accesscontextmanager.policies.create accesscontextmanager.policies.delete accesscontextmanager.policies.get accesscontextmanager.policies.getIamPolicy accesscontextmanager.policies.list accesscontextmanager.policies.update accesscontextmanager.servicePerimeters.* accesscontextmanager.servicePerimeters.commit accesscontextmanager.servicePerimeters.create accesscontextmanager.servicePerimeters.delete accesscontextmanager.servicePerimeters.get accesscontextmanager.servicePerimeters.list accesscontextmanager.servicePerimeters.replaceAll accesscontextmanager.servicePerimeters.update cloudasset.assets.searchAllResources resourcemanager.organizations.get resourcemanager.projects.get resourcemanager.projects.list
Access Context Manager Reader (`roles/accesscontextmanager.policyReader`) Read access to policies, access levels, access zones and authorized orgs descs.	accesscontextmanager.accessLevels.get accesscontextmanager.accessLevels.list accesscontextmanager.accessPolicies.get accesscontextmanager.accessPolicies.getIamPolicy accesscontextmanager.accessPolicies.list accesscontextmanager.accessZones.get accesscontextmanager.accessZones.list accesscontextmanager.authorizedOrgsDescs.get accesscontextmanager.authorizedOrgsDescs.list accesscontextmanager.policies.get accesscontextmanager.policies.getIamPolicy accesscontextmanager.policies.list accesscontextmanager.servicePerimeters.get accesscontextmanager.servicePerimeters.list resourcemanager.organizations.get resourcemanager.projects.get resourcemanager.projects.list
VPC Service Controls Troubleshooter Viewer (`roles/accesscontextmanager.vpcScTroubleshooterViewer`)	accesscontextmanager.accessLevels.get accesscontextmanager.accessLevels.list accesscontextmanager.authorizedOrgsDescs.get accesscontextmanager.authorizedOrgsDescs.list accesscontextmanager.policies.get accesscontextmanager.policies.getIamPolicy accesscontextmanager.policies.list accesscontextmanager.servicePerimeters.get accesscontextmanager.servicePerimeters.list logging.exclusions.get logging.exclusions.list logging.logEntries.list logging.logMetrics.get logging.logMetrics.list logging.logServiceIndexes.list logging.logServices.list logging.logs.list logging.sinks.get logging.sinks.list logging.usage.get resourcemanager.organizations.get resourcemanager.projects.get resourcemanager.projects.list

Cloud Access Binding Admin

(roles/accesscontextmanager.gcpAccessAdmin)

Create, edit, and change Cloud access bindings.

accesscontextmanager.gcpUserAccessBindings.*

accesscontextmanager.gcpUserAccessBindings.create
accesscontextmanager.gcpUserAccessBindings.delete
accesscontextmanager.gcpUserAccessBindings.get
accesscontextmanager.gcpUserAccessBindings.list
accesscontextmanager.gcpUserAccessBindings.update

Cloud Access Binding Reader

(roles/accesscontextmanager.gcpAccessReader)

Read access to Cloud access bindings.

accesscontextmanager.gcpUserAccessBindings.get

accesscontextmanager.gcpUserAccessBindings.list

Access Context Manager Admin

(roles/accesscontextmanager.policyAdmin)

Full access to policies, access levels, access zones and authorized orgs descs.

accesscontextmanager.accessLevels.*

accesscontextmanager.accessLevels.create
accesscontextmanager.accessLevels.delete
accesscontextmanager.accessLevels.get
accesscontextmanager.accessLevels.list
accesscontextmanager.accessLevels.replaceAll
accesscontextmanager.accessLevels.update

accesscontextmanager.accessPolicies.*

accesscontextmanager.accessPolicies.create
accesscontextmanager.accessPolicies.delete
accesscontextmanager.accessPolicies.get
accesscontextmanager.accessPolicies.getIamPolicy
accesscontextmanager.accessPolicies.list
accesscontextmanager.accessPolicies.setIamPolicy
accesscontextmanager.accessPolicies.update

accesscontextmanager.accessZones.*

accesscontextmanager.accessZones.create
accesscontextmanager.accessZones.delete
accesscontextmanager.accessZones.get
accesscontextmanager.accessZones.list
accesscontextmanager.accessZones.update

accesscontextmanager.authorizedOrgsDescs.*

accesscontextmanager.authorizedOrgsDescs.create
accesscontextmanager.authorizedOrgsDescs.delete
accesscontextmanager.authorizedOrgsDescs.get
accesscontextmanager.authorizedOrgsDescs.list
accesscontextmanager.authorizedOrgsDescs.update

accesscontextmanager.policies.*

accesscontextmanager.policies.create
accesscontextmanager.policies.delete
accesscontextmanager.policies.get
accesscontextmanager.policies.getIamPolicy
accesscontextmanager.policies.list
accesscontextmanager.policies.setIamPolicy
accesscontextmanager.policies.update

accesscontextmanager.servicePerimeters.*

accesscontextmanager.servicePerimeters.commit
accesscontextmanager.servicePerimeters.create
accesscontextmanager.servicePerimeters.delete
accesscontextmanager.servicePerimeters.get
accesscontextmanager.servicePerimeters.list
accesscontextmanager.servicePerimeters.replaceAll
accesscontextmanager.servicePerimeters.update

cloudasset.assets.searchAllResources

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

Access Context Manager Editor

(roles/accesscontextmanager.policyEditor)

Edit access to policies. Create, edit, and change access levels, access zones and authorized orgs descs.

accesscontextmanager.accessLevels.*

accesscontextmanager.accessLevels.create
accesscontextmanager.accessLevels.delete
accesscontextmanager.accessLevels.get
accesscontextmanager.accessLevels.list
accesscontextmanager.accessLevels.replaceAll
accesscontextmanager.accessLevels.update

accesscontextmanager.accessPolicies.create

accesscontextmanager.accessPolicies.delete

accesscontextmanager.accessPolicies.get

accesscontextmanager.accessPolicies.getIamPolicy

accesscontextmanager.accessPolicies.list

accesscontextmanager.accessPolicies.update

accesscontextmanager.accessZones.*

accesscontextmanager.accessZones.create
accesscontextmanager.accessZones.delete
accesscontextmanager.accessZones.get
accesscontextmanager.accessZones.list
accesscontextmanager.accessZones.update

accesscontextmanager.authorizedOrgsDescs.*

accesscontextmanager.authorizedOrgsDescs.create
accesscontextmanager.authorizedOrgsDescs.delete
accesscontextmanager.authorizedOrgsDescs.get
accesscontextmanager.authorizedOrgsDescs.list
accesscontextmanager.authorizedOrgsDescs.update

accesscontextmanager.policies.create

accesscontextmanager.policies.delete

accesscontextmanager.policies.get

accesscontextmanager.policies.getIamPolicy

accesscontextmanager.policies.list

accesscontextmanager.policies.update

accesscontextmanager.servicePerimeters.*

accesscontextmanager.servicePerimeters.commit
accesscontextmanager.servicePerimeters.create
accesscontextmanager.servicePerimeters.delete
accesscontextmanager.servicePerimeters.get
accesscontextmanager.servicePerimeters.list
accesscontextmanager.servicePerimeters.replaceAll
accesscontextmanager.servicePerimeters.update

cloudasset.assets.searchAllResources

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

Access Context Manager Reader

(roles/accesscontextmanager.policyReader)

Read access to policies, access levels, access zones and authorized orgs descs.

accesscontextmanager.accessLevels.get

accesscontextmanager.accessLevels.list

accesscontextmanager.accessPolicies.get

accesscontextmanager.accessPolicies.getIamPolicy

accesscontextmanager.accessPolicies.list

accesscontextmanager.accessZones.get

accesscontextmanager.accessZones.list

accesscontextmanager.authorizedOrgsDescs.get

accesscontextmanager.authorizedOrgsDescs.list

accesscontextmanager.policies.get

accesscontextmanager.policies.getIamPolicy

accesscontextmanager.policies.list

accesscontextmanager.servicePerimeters.get

accesscontextmanager.servicePerimeters.list

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

VPC Service Controls Troubleshooter Viewer

(roles/accesscontextmanager.vpcScTroubleshooterViewer)

accesscontextmanager.accessLevels.get

accesscontextmanager.accessLevels.list

accesscontextmanager.authorizedOrgsDescs.get

accesscontextmanager.authorizedOrgsDescs.list

accesscontextmanager.policies.get

accesscontextmanager.policies.getIamPolicy

accesscontextmanager.policies.list

accesscontextmanager.servicePerimeters.get

accesscontextmanager.servicePerimeters.list

logging.exclusions.get

logging.exclusions.list

logging.logEntries.list

logging.logMetrics.get

logging.logMetrics.list

logging.logServiceIndexes.list

logging.logServices.list

logging.logs.list

logging.sinks.get

logging.sinks.list

logging.usage.get

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

操作角色

角色权限

角色	权限
Actions Admin (`roles/actions.Admin`) 拥有修改和部署某项操作的权限	actions.* actions.agent.claimContentProvider actions.agent.get actions.agent.update actions.agentVersions.create actions.agentVersions.delete actions.agentVersions.deploy actions.agentVersions.get actions.agentVersions.list firebase.projects.get firebase.projects.update resourcemanager.projects.get resourcemanager.projects.list serviceusage.services.use
Actions Viewer (`roles/actions.Viewer`) 拥有查看某项操作的权限	actions.agent.get actions.agentVersions.get actions.agentVersions.list firebase.projects.get resourcemanager.projects.get resourcemanager.projects.list serviceusage.services.use

Actions Admin

(roles/actions.Admin)

拥有修改和部署某项操作的权限

actions.*

actions.agent.claimContentProvider
actions.agent.get
actions.agent.update
actions.agentVersions.create
actions.agentVersions.delete
actions.agentVersions.deploy
actions.agentVersions.get
actions.agentVersions.list

firebase.projects.get

firebase.projects.update

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.services.use

Actions Viewer

(roles/actions.Viewer)

拥有查看某项操作的权限

actions.agent.get

actions.agentVersions.get

actions.agentVersions.list

firebase.projects.get

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.services.use

AI Notebooks 角色

角色权限

角色	权限
Notebooks Admin （`roles/notebooks.admin`）拥有对笔记本中所有资源的完整访问权限。您可以授予此角色的最低级层资源：实例	compute.acceleratorTypes.* compute.acceleratorTypes.get compute.acceleratorTypes.list compute.addresses.get compute.addresses.list compute.autoscalers.get compute.autoscalers.list compute.backendBuckets.get compute.backendBuckets.getIamPolicy compute.backendBuckets.list compute.backendServices.get compute.backendServices.getIamPolicy compute.backendServices.list compute.commitments.get compute.commitments.list compute.diskTypes.* compute.diskTypes.get compute.diskTypes.list compute.disks.get compute.disks.getIamPolicy compute.disks.list compute.disks.listEffectiveTags compute.disks.listTagBindings compute.externalVpnGateways.get compute.externalVpnGateways.list compute.firewallPolicies.get compute.firewallPolicies.getIamPolicy compute.firewallPolicies.list compute.firewalls.get compute.firewalls.list compute.forwardingRules.get compute.forwardingRules.list compute.globalAddresses.get compute.globalAddresses.list compute.globalForwardingRules.get compute.globalForwardingRules.list compute.globalForwardingRules.pscGet compute.globalNetworkEndpointGroups.get compute.globalNetworkEndpointGroups.list compute.globalOperations.get compute.globalOperations.getIamPolicy compute.globalOperations.list compute.globalPublicDelegatedPrefixes.get compute.globalPublicDelegatedPrefixes.list compute.healthChecks.get compute.healthChecks.list compute.httpHealthChecks.get compute.httpHealthChecks.list compute.httpsHealthChecks.get compute.httpsHealthChecks.list compute.images.get compute.images.getFromFamily compute.images.getIamPolicy compute.images.list compute.images.listEffectiveTags compute.images.listTagBindings compute.instanceGroupManagers.get compute.instanceGroupManagers.list compute.instanceGroups.get compute.instanceGroups.list compute.instanceTemplates.get compute.instanceTemplates.getIamPolicy compute.instanceTemplates.list compute.instances.get compute.instances.getEffectiveFirewalls compute.instances.getGuestAttributes compute.instances.getIamPolicy compute.instances.getScreenshot compute.instances.getSerialPortOutput compute.instances.getShieldedInstanceIdentity compute.instances.getShieldedVmIdentity compute.instances.list compute.instances.listEffectiveTags compute.instances.listReferrers compute.instances.listTagBindings compute.interconnectAttachments.get compute.interconnectAttachments.list compute.interconnectLocations.* compute.interconnectLocations.get compute.interconnectLocations.list compute.interconnectRemoteLocations.* compute.interconnectRemoteLocations.get compute.interconnectRemoteLocations.list compute.interconnects.get compute.interconnects.list compute.licenseCodes.get compute.licenseCodes.getIamPolicy compute.licenseCodes.list compute.licenses.get compute.licenses.getIamPolicy compute.licenses.list compute.machineImages.get compute.machineImages.getIamPolicy compute.machineImages.list compute.machineTypes.* compute.machineTypes.get compute.machineTypes.list compute.maintenancePolicies.get compute.maintenancePolicies.getIamPolicy compute.maintenancePolicies.list compute.networkAttachments.get compute.networkAttachments.list compute.networkEdgeSecurityServices.get compute.networkEdgeSecurityServices.list compute.networkEndpointGroups.get compute.networkEndpointGroups.getIamPolicy compute.networkEndpointGroups.list compute.networks.get compute.networks.getEffectiveFirewalls compute.networks.getRegionEffectiveFirewalls compute.networks.list compute.networks.listPeeringRoutes compute.nodeGroups.get compute.nodeGroups.getIamPolicy compute.nodeGroups.list compute.nodeTemplates.get compute.nodeTemplates.getIamPolicy compute.nodeTemplates.list compute.nodeTypes.* compute.nodeTypes.get compute.nodeTypes.list compute.organizations.listAssociations compute.packetMirrorings.get compute.packetMirrorings.list compute.projects.get compute.publicAdvertisedPrefixes.get compute.publicAdvertisedPrefixes.list compute.publicDelegatedPrefixes.get compute.publicDelegatedPrefixes.list compute.regionBackendServices.get compute.regionBackendServices.getIamPolicy compute.regionBackendServices.list compute.regionFirewallPolicies.get compute.regionFirewallPolicies.getIamPolicy compute.regionFirewallPolicies.list compute.regionHealthCheckServices.get compute.regionHealthCheckServices.list compute.regionHealthChecks.get compute.regionHealthChecks.list compute.regionNetworkEndpointGroups.get compute.regionNetworkEndpointGroups.list compute.regionNotificationEndpoints.get compute.regionNotificationEndpoints.list compute.regionOperations.get compute.regionOperations.getIamPolicy compute.regionOperations.list compute.regionSecurityPolicies.get compute.regionSecurityPolicies.list compute.regionSslCertificates.get compute.regionSslCertificates.list compute.regionSslPolicies.get compute.regionSslPolicies.list compute.regionSslPolicies.listAvailableFeatures compute.regionTargetHttpProxies.get compute.regionTargetHttpProxies.list compute.regionTargetHttpsProxies.get compute.regionTargetHttpsProxies.list compute.regionTargetTcpProxies.get compute.regionTargetTcpProxies.list compute.regionUrlMaps.get compute.regionUrlMaps.list compute.regionUrlMaps.validate compute.regions.* compute.regions.get compute.regions.list compute.reservations.get compute.reservations.list compute.resourcePolicies.get compute.resourcePolicies.getIamPolicy compute.resourcePolicies.list compute.routers.get compute.routers.list compute.routes.get compute.routes.list compute.securityPolicies.get compute.securityPolicies.getIamPolicy compute.securityPolicies.list compute.serviceAttachments.get compute.serviceAttachments.getIamPolicy compute.serviceAttachments.list compute.snapshots.get compute.snapshots.getIamPolicy compute.snapshots.list compute.snapshots.listEffectiveTags compute.snapshots.listTagBindings compute.sslCertificates.get compute.sslCertificates.list compute.sslPolicies.get compute.sslPolicies.list compute.sslPolicies.listAvailableFeatures compute.subnetworks.get compute.subnetworks.getIamPolicy compute.subnetworks.list compute.targetGrpcProxies.get compute.targetGrpcProxies.list compute.targetHttpProxies.get compute.targetHttpProxies.list compute.targetHttpsProxies.get compute.targetHttpsProxies.list compute.targetInstances.get compute.targetInstances.list compute.targetPools.get compute.targetPools.list compute.targetSslProxies.get compute.targetSslProxies.list compute.targetTcpProxies.get compute.targetTcpProxies.list compute.targetVpnGateways.get compute.targetVpnGateways.list compute.urlMaps.get compute.urlMaps.list compute.urlMaps.validate compute.vpnGateways.get compute.vpnGateways.list compute.vpnTunnels.get compute.vpnTunnels.list compute.zoneOperations.get compute.zoneOperations.getIamPolicy compute.zoneOperations.list compute.zones.* compute.zones.get compute.zones.list notebooks.* notebooks.environments.create notebooks.environments.delete notebooks.environments.get notebooks.environments.getIamPolicy notebooks.nvironments.list notebooks.environments.setIamPolicy notebooks.executions.create notebooks.executions.delete notebooks.executions.get notebooks.executions.getIamPolicy notebooks.executions.list notebooks.executions.setIamPolicy notebooks.instances.checkUpgradability notebooks.instances.create notebooks.instances.delete notebooks.instances.diagnose notebooks.instances.get notebooks.instances.getHealth notebooks.instances.getIamPolicy notebooks.instances.list notebooks.instances.reset notebooks.instances.setAccelerator notebooks.instances.setIamPolicy notebooks.instances.setLabels notebooks.instances.setMachineType notebooks.instances.start notebooks.instances.stop notebooks.instances.update notebooks.instances.updateConfig notebooks.instances.updateShieldInstanceConfig notebooks.instances.upgrade notebooks.instances.use notebooks.locations.get notebooks.locations.list notebooks.operations.cancel notebooks.operations.delete notebooks.operations.get notebooks.operations.list notebooks.runtimes.create notebooks.runtimes.delete notebooks.runtimes.diagnose notebooks.runtimes.get notebooks.runtimes.getIamPolicy notebooks.runtimes.list notebooks.runtimes.reset notebooks.runtimes.setIamPolicy notebooks.runtimes.start notebooks.runtimes.stop notebooks.runtimes.switch notebooks.runtimes.update notebooks.runtimes.upgrade notebooks.schedules.create notebooks.schedules.delete notebooks.schedules.get notebooks.schedules.getIamPolicy notebooks.schedules.list notebooks.schedules.setIamPolicy resourcemanager.projects.get resourcemanager.projects.list serviceusage.quotas.get serviceusage.services.get serviceusage.services.list
Notebooks Legacy Admin （`roles/notebooks.legacyAdmin`）具有通过 Compute API 访问笔记本中的所有资源的完整权限。	compute.* compute.acceleratorTypes.get compute.acceleratorTypes.list compute.addresses.create compute.addresses.createInternal compute.addresses.delete compute.addresses.deleteInternal compute.addresses.get compute.addresses.list compute.addresses.setLabels compute.addresses.use compute.addresses.useInternal compute.autoscalers.create compute.autoscalers.delete compute.autoscalers.get compute.autoscalers.list compute.autoscalers.update compute.backendBuckets.addSignedUrlKey compute.backendBuckets.create compute.backendBuckets.delete compute.backendBuckets.deleteSignedUrlKey compute.backendBuckets.get compute.backendBuckets.getIamPolicy compute.backendBuckets.list compute.backendBuckets.setIamPolicy compute.backendBuckets.setSecurityPolicy compute.backendBuckets.update compute.backendBuckets.use compute.backendServices.addSignedUrlKey compute.backendServices.create compute.backendServices.delete compute.backendServices.deleteSignedUrlKey compute.backendServices.get compute.backendServices.getIamPolicy compute.backendServices.list compute.backendServices.setIamPolicy compute.backendServices.setSecurityPolicy compute.backendServices.update compute.backendServices.use compute.commitments.create compute.commitments.get compute.commitments.list compute.commitments.update compute.commitments.updateReservations compute.diskTypes.get compute.diskTypes.list compute.disks.addResourcePolicies compute.disks.create compute.disks.createSnapshot compute.disks.createTagBinding compute.disks.delete compute.disks.deleteTagBinding compute.disks.get compute.disks.getIamPolicy compute.disks.list compute.disks.listEffectiveTags compute.disks.listTagBindings compute.disks.removeResourcePolicies compute.disks.resize compute.disks.setIamPolicy compute.disks.setLabels compute.disks.startAsyncReplication compute.disks.stopAsyncReplication compute.disks.stopGroupAsyncReplication compute.disks.update compute.disks.use compute.disks.useReadOnly compute.externalVpnGateways.create compute.externalVpnGateways.delete compute.externalVpnGateways.get compute.externalVpnGateways.list compute.externalVpnGateways.setLabels compute.externalVpnGateways.use compute.firewallPolicies.addAssociation compute.firewallPolicies.cloneRules compute.firewallPolicies.copyRules compute.firewallPolicies.create compute.firewallPolicies.delete compute.firewallPolicies.get compute.firewallPolicies.getIamPolicy compute.firewallPolicies.list compute.firewallPolicies.move compute.firewallPolicies.removeAssociation compute.firewallPolicies.setIamPolicy compute.firewallPolicies.update compute.firewallPolicies.use compute.firewalls.create compute.firewalls.delete compute.firewalls.get compute.firewalls.list compute.firewalls.update compute.forwardingRules.create compute.forwardingRules.delete compute.forwardingRules.get compute.forwardingRules.list compute.forwardingRules.pscCreate compute.forwardingRules.pscDelete compute.forwardingRules.pscSetLabels compute.forwardingRules.pscSetTarget compute.forwardingRules.pscUpdate compute.forwardingRules.setLabels compute.forwardingRules.setTarget compute.forwardingRules.update compute.forwardingRules.use compute.globalAddresses.create compute.globalAddresses.createInternal compute.globalAddresses.delete compute.globalAddresses.deleteInternal compute.globalAddresses.get compute.globalAddresses.list compute.globalAddresses.setLabels compute.globalAddresses.use compute.globalForwardingRules.create compute.globalForwardingRules.delete compute.globalForwardingRules.get compute.globalForwardingRules.list compute.globalForwardingRules.pscCreate compute.globalForwardingRules.pscDelete compute.globalForwardingRules.pscGet compute.globalForwardingRules.pscSetLabels compute.globalForwardingRules.pscSetTarget compute.globalForwardingRules.pscUpdate compute.globalForwardingRules.setLabels compute.globalForwardingRules.setTarget compute.globalForwardingRules.update compute.globalNetworkEndpointGroups.attachNetworkEndpoints compute.globalNetworkEndpointGroups.create compute.globalNetworkEndpointGroups.delete compute.globalNetworkEndpointGroups.detachNetworkEndpoints compute.globalNetworkEndpointGroups.get compute.globalNetworkEndpointGroups.list compute.globalNetworkEndpointGroups.use compute.globalOperations.delete compute.globalOperations.get compute.globalOperations.getIamPolicy compute.globalOperations.list compute.globalOperations.setIamPolicy compute.globalPublicDelegatedPrefixes.create compute.globalPublicDelegatedPrefixes.delete compute.globalPublicDelegatedPrefixes.get compute.globalPublicDelegatedPrefixes.list compute.globalPublicDelegatedPrefixes.update compute.globalPublicDelegatedPrefixes.updatePolicy compute.globalPublicDelegatedPrefixes.use compute.healthChecks.create compute.healthChecks.delete compute.healthChecks.get compute.healthChecks.list compute.healthChecks.update compute.healthChecks.use compute.healthChecks.useReadOnly compute.httpHealthChecks.create compute.httpHealthChecks.delete compute.httpHealthChecks.get compute.httpHealthChecks.list compute.httpHealthChecks.update compute.httpHealthChecks.use compute.httpHealthChecks.useReadOnly compute.httpsHealthChecks.create compute.httpsHealthChecks.delete compute.httpsHealthChecks.get compute.httpsHealthChecks.list compute.httpsHealthChecks.update compute.httpsHealthChecks.use compute.httpsHealthChecks.useReadOnly compute.images.create compute.images.createTagBinding compute.images.delete compute.images.deleteTagBinding compute.images.deprecate compute.images.get compute.images.getFromFamily compute.images.getIamPolicy compute.images.list compute.images.listEffectiveTags compute.images.listTagBindings compute.images.setIamPolicy compute.images.setLabels compute.images.update compute.images.useReadOnly compute.instanceGroupManagers.create compute.instanceGroupManagers.delete compute.instanceGroupManagers.get compute.instanceGroupManagers.list compute.instanceGroupManagers.update compute.instanceGroupManagers.use compute.instanceGroups.create compute.instanceGroups.delete compute.instanceGroups.get compute.instanceGroups.list compute.instanceGroups.update compute.instanceGroups.use compute.instanceTemplates.create compute.instanceTemplates.delete compute.instanceTemplates.get compute.instanceTemplates.getIamPolicy compute.instanceTemplates.list compute.instanceTemplates.setIamPolicy compute.instanceTemplates.useReadOnly compute.instances.addAccessConfig compute.instances.addMaintenancePolicies compute.instances.addResourcePolicies compute.instances.attachDisk compute.instances.create compute.instances.createTagBinding compute.instances.delete compute.instances.deleteAccessConfig compute.instances.deleteTagBinding compute.instances.detachDisk compute.instances.get compute.instances.getEffectiveFirewalls compute.instances.getGuestAttributes compute.instances.getIamPolicy compute.instances.getScreenshot compute.instances.getSerialPortOutput compute.instances.getShieldedInstanceIdentity compute.instances.getShieldedVmIdentity compute.instances.list compute.instances.listEffectiveTags compute.instances.listReferrers compute.instances.listTagBindings compute.instances.osAdminLogin compute.instances.osLogin compute.instances.removeMaintenancePolicies compute.instances.removeResourcePolicies compute.instances.reset compute.instances.resume compute.instances.sendDiagnosticInterrupt compute.instances.setDeletionProtection compute.instances.setDiskAutoDelete compute.instances.setIamPolicy compute.instances.setLabels compute.instances.setMachineResources compute.instances.setMachineType compute.instances.setMetadata compute.instances.setMinCpuPlatform compute.instances.setName compute.instances.setScheduling compute.instances.setServiceAccount compute.instances.setShieldedInstanceIntegrityPolicy compute.instances.setShieldedVmIntegrityPolicy compute.instances.setTags compute.instances.simulateMaintenanceEvent compute.instances.start compute.instances.startWithEncryptionKey compute.instances.stop compute.instances.suspend compute.instances.update compute.instances.updateAccessConfig compute.instances.updateDisplayDevice compute.instances.updateNetworkInterface compute.instances.updateSecurity compute.instances.updateShieldedInstanceConfig compute.instances.updateShieldedVmConfig compute.instances.use compute.instances.useReadOnly compute.interconnectAttachments.create compute.interconnectAttachments.delete compute.interconnectAttachments.get compute.interconnectAttachments.list compute.interconnectAttachments.setLabels compute.interconnectAttachments.update compute.interconnectAttachments.use compute.interconnectLocations.get compute.interconnectLocations.list compute.interconnectRemoteLocations.get compute.interconnectRemoteLocations.list compute.interconnects.create compute.interconnects.delete compute.interconnects.get compute.interconnects.list compute.interconnects.setLabels compute.interconnects.update compute.interconnects.use compute.licenseCodes.get compute.licenseCodes.getIamPolicy compute.licenseCodes.list compute.licenseCodes.setIamPolicy compute.licenseCodes.update compute.licenseCodes.use compute.licenses.create compute.licenses.delete compute.licenses.get compute.licenses.getIamPolicy compute.licenses.list compute.licenses.setIamPolicy compute.machineImages.create compute.machineImages.delete compute.machineImages.get compute.machineImages.getIamPolicy compute.machineImages.list compute.machineImages.setIamPolicy compute.machineImages.useReadOnly compute.machineTypes.get compute.machineTypes.list compute.maintenancePolicies.create compute.maintenancePolicies.delete compute.maintenancePolicies.get compute.maintenancePolicies.getIamPolicy compute.maintenancePolicies.list compute.maintenancePolicies.setIamPolicy compute.maintenancePolicies.use compute.networkAttachments.create compute.networkAttachments.delete compute.networkAttachments.get compute.networkAttachments.list compute.networkEdgeSecurityServices.create compute.networkEdgeSecurityServices.delete compute.networkEdgeSecurityServices.get compute.networkEdgeSecurityServices.list compute.networkEdgeSecurityServices.update compute.networkEndpointGroups.attachNetworkEndpoints compute.networkEndpointGroups.create compute.networkEndpointGroups.delete compute.networkEndpointGroups.detachNetworkEndpoints compute.networkEndpointGroups.get compute.networkEndpointGroups.getIamPolicy compute.networkEndpointGroups.list compute.networkEndpointGroups.setIamPolicy compute.networkEndpointGroups.use compute.networks.access compute.networks.addPeering compute.networks.create compute.networks.delete compute.networks.get compute.networks.getEffectiveFirewalls compute.networks.getRegionEffectiveFirewalls compute.networks.list compute.networks.listPeeringRoutes compute.networks.mirror compute.networks.removePeering compute.networks.setFirewallPolicy compute.networks.switchToCustomMode compute.networks.update compute.networks.updatePeering compute.networks.updatePolicy compute.networks.use compute.networks.useExternalIp compute.nodeGroups.addNodes compute.nodeGroups.create compute.nodeGroups.delete compute.nodeGroups.deleteNodes compute.nodeGroups.get compute.nodeGroups.getIamPolicy compute.nodeGroups.list compute.nodeGroups.setIamPolicy compute.nodeGroups.setNodeTemplate compute.nodeGroups.simulateMaintenanceEvent compute.nodeGroups.update compute.nodeTemplates.create compute.nodeTemplates.delete compute.nodeTemplates.get compute.nodeTemplates.getIamPolicy compute.nodeTemplates.list compute.nodeTemplates.setIamPolicy compute.nodeTypes.get compute.nodeTypes.list compute.organizations.administerXpn compute.organizations.disableXpnHost compute.organizations.disableXpnResource compute.organizations.enableXpnHost compute.organizations.enableXpnResource compute.organizations.listAssociations compute.organizations.setFirewallPolicy compute.organizations.setSecurityPolicy compute.oslogin.updateExternalUser compute.packetMirrorings.create compute.packetMirrorings.delete compute.packetMirrorings.get compute.packetMirrorings.list compute.packetMirrorings.update compute.projects.get compute.projects.setCommonInstanceMetadata compute.projects.setDefaultNetworkTier compute.projects.setDefaultServiceAccount compute.projects.setUsageExportBucket compute.publicAdvertisedPrefixes.create compute.publicAdvertisedPrefixes.delete compute.publicAdvertisedPrefixes.get compute.publicAdvertisedPrefixes.list compute.publicAdvertisedPrefixes.update compute.publicAdvertisedPrefixes.updatePolicy compute.publicAdvertisedPrefixes.use compute.publicDelegatedPrefixes.create compute.publicDelegatedPrefixes.delete compute.publicDelegatedPrefixes.get compute.publicDelegatedPrefixes.list compute.publicDelegatedPrefixes.update compute.publicDelegatedPrefixes.updatePolicy compute.publicDelegatedPrefixes.use compute.regionBackendServices.create compute.regionBackendServices.delete compute.regionBackendServices.get compute.regionBackendServices.getIamPolicy compute.regionBackendServices.list compute.regionBackendServices.setIamPolicy compute.regionBackendServices.setSecurityPolicy compute.regionBackendServices.update compute.regionBackendServices.use compute.regionFirewallPolicies.cloneRules compute.regionFirewallPolicies.create compute.regionFirewallPolicies.delete compute.regionFirewallPolicies.get compute.regionFirewallPolicies.getIamPolicy compute.regionFirewallPolicies.list compute.regionFirewallPolicies.setIamPolicy compute.regionFirewallPolicies.update compute.regionFirewallPolicies.use compute.regionHealthCheckServices.create compute.regionHealthCheckServices.delete compute.regionHealthCheckServices.get compute.regionHealthCheckServices.list compute.regionHealthCheckServices.update compute.regionHealthCheckServices.use compute.regionHealthChecks.create compute.regionHealthChecks.delete compute.regionHealthChecks.get compute.regionHealthChecks.list compute.regionHealthChecks.update compute.regionHealthChecks.use compute.regionHealthChecks.useReadOnly compute.regionNetworkEndpointGroups.create compute.regionNetworkEndpointGroups.delete compute.regionNetworkEndpointGroups.get compute.regionNetworkEndpointGroups.list compute.regionNetworkEndpointGroups.use compute.regionNotificationEndpoints.create compute.regionNotificationEndpoints.delete compute.regionNotificationEndpoints.get compute.regionNotificationEndpoints.list compute.regionNotificationEndpoints.update compute.regionNotificationEndpoints.use compute.regionOperations.delete compute.regionOperations.get compute.regionOperations.getIamPolicy compute.regionOperations.list compute.regionOperations.setIamPolicy compute.regionSecurityPolicies.create compute.regionSecurityPolicies.delete compute.regionSecurityPolicies.get compute.regionSecurityPolicies.list compute.regionSecurityPolicies.update compute.regionSecurityPolicies.use compute.regionSslCertificates.create compute.regionSslCertificates.delete compute.regionSslCertificates.get compute.regionSslCertificates.list compute.regionSslPolicies.create compute.regionSslPolicies.delete compute.regionSslPolicies.get compute.regionSslPolicies.list compute.regionSslPolicies.listAvailableFeatures compute.regionSslPolicies.update compute.regionSslPolicies.use compute.regionTargetHttpProxies.create compute.regionTargetHttpProxies.delete compute.regionTargetHttpProxies.get compute.regionTargetHttpProxies.list compute.regionTargetHttpProxies.setUrlMap compute.regionTargetHttpProxies.update compute.regionTargetHttpProxies.use compute.regionTargetHttpsProxies.create compute.regionTargetHttpsProxies.delete compute.regionTargetHttpsProxies.get compute.regionTargetHttpsProxies.list compute.regionTargetHttpsProxies.setSslCertificates compute.regionTargetHttpsProxies.setUrlMap compute.regionTargetHttpsProxies.update compute.regionTargetHttpsProxies.use compute.regionTargetTcpProxies.create compute.regionTargetTcpProxies.delete compute.regionTargetTcpProxies.get compute.regionTargetTcpProxies.list compute.regionTargetTcpProxies.use compute.regionUrlMaps.create compute.regionUrlMaps.delete compute.regionUrlMaps.get compute.regionUrlMaps.invalidateCache compute.regionUrlMaps.list compute.regionUrlMaps.update compute.regionUrlMaps.use compute.regionUrlMaps.validate compute.regions.get compute.regions.list compute.reservations.create compute.reservations.delete compute.reservations.get compute.reservations.list compute.reservations.resize compute.reservations.update compute.resourcePolicies.create compute.resourcePolicies.delete compute.resourcePolicies.get compute.resourcePolicies.getIamPolicy compute.resourcePolicies.list compute.resourcePolicies.setIamPolicy compute.resourcePolicies.update compute.resourcePolicies.use compute.resourcePolicies.useReadOnly compute.routers.create compute.routers.delete compute.routers.get compute.routers.list compute.routers.update compute.routers.use compute.routes.create compute.routes.delete compute.routes.get compute.routes.list compute.securityPolicies.addAssociation compute.securityPolicies.copyRules compute.securityPolicies.create compute.securityPolicies.delete compute.securityPolicies.get compute.securityPolicies.getIamPolicy compute.securityPolicies.list compute.securityPolicies.move compute.securityPolicies.removeAssociation compute.securityPolicies.setIamPolicy compute.securityPolicies.setLabels compute.securityPolicies.update compute.securityPolicies.use compute.serviceAttachments.create compute.serviceAttachments.delete compute.serviceAttachments.get compute.serviceAttachments.getIamPolicy compute.serviceAttachments.list compute.serviceAttachments.setIamPolicy compute.serviceAttachments.update compute.serviceAttachments.use compute.snapshots.create compute.snapshots.createTagBinding compute.snapshots.delete compute.snapshots.deleteTagBinding compute.snapshots.get compute.snapshots.getIamPolicy compute.snapshots.list compute.snapshots.listEffectiveTags compute.snapshots.listTagBindings compute.snapshots.setIamPolicy compute.snapshots.setLabels compute.snapshots.useReadOnly compute.sslCertificates.create compute.sslCertificates.delete compute.sslCertificates.get compute.sslCertificates.list compute.sslPolicies.create compute.sslPolicies.delete compute.sslPolicies.get compute.sslPolicies.list compute.sslPolicies.listAvailableFeatures compute.sslPolicies.update compute.sslPolicies.use compute.subnetworks.create compute.subnetworks.delete compute.subnetworks.expandIpCidrRange compute.subnetworks.get compute.subnetworks.getIamPolicy compute.subnetworks.list compute.subnetworks.mirror compute.subnetworks.setIamPolicy compute.subnetworks.setPrivateIpGoogleAccess compute.subnetworks.update compute.subnetworks.use compute.subnetworks.useExternalIp compute.targetGrpcProxies.create compute.targetGrpcProxies.delete compute.targetGrpcProxies.get compute.targetGrpcProxies.list compute.targetGrpcProxies.update compute.targetGrpcProxies.use compute.targetHttpProxies.create compute.targetHttpProxies.delete compute.targetHttpProxies.get compute.targetHttpProxies.list compute.targetHttpProxies.setUrlMap compute.targetHttpProxies.update compute.targetHttpProxies.use compute.targetHttpsProxies.create compute.targetHttpsProxies.delete compute.targetHttpsProxies.get compute.targetHttpsProxies.list compute.targetHttpsProxies.setCertificateMap compute.targetHttpsProxies.setQuicOverride compute.targetHttpsProxies.setSslCertificates compute.targetHttpsProxies.setSslPolicy compute.targetHttpsProxies.setUrlMap compute.targetHttpsProxies.update compute.targetHttpsProxies.use compute.targetInstances.create compute.targetInstances.delete compute.targetInstances.get compute.targetInstances.list compute.targetInstances.use compute.targetPools.addHealthCheck compute.targetPools.addInstance compute.targetPools.create compute.targetPools.delete compute.targetPools.get compute.targetPools.list compute.targetPools.removeHealthCheck compute.targetPools.removeInstance compute.targetPools.update compute.targetPools.use compute.targetSslProxies.create compute.targetSslProxies.delete compute.targetSslProxies.get compute.targetSslProxies.list compute.targetSslProxies.setBackendService compute.targetSslProxies.setCertificateMap compute.targetSslProxies.setProxyHeader compute.targetSslProxies.setSslCertificates compute.targetSslProxies.setSslPolicy compute.targetSslProxies.update compute.targetSslProxies.use compute.targetTcpProxies.create compute.targetTcpProxies.delete compute.targetTcpProxies.get compute.targetTcpProxies.list compute.targetTcpProxies.update compute.targetTcpProxies.use compute.targetVpnGateways.create compute.targetVpnGateways.delete compute.targetVpnGateways.get compute.targetVpnGateways.list compute.targetVpnGateways.setLabels compute.targetVpnGateways.use compute.urlMaps.create compute.urlMaps.delete compute.urlMaps.get compute.urlMaps.invalidateCache compute.urlMaps.list compute.urlMaps.update compute.urlMaps.use compute.urlMaps.validate compute.vpnGateways.create compute.vpnGateways.delete compute.vpnGateways.get compute.vpnGateways.list compute.vpnGateways.setLabels compute.vpnGateways.use compute.vpnTunnels.create compute.vpnTunnels.delete compute.vpnTunnels.get compute.vpnTunnels.list compute.vpnTunnels.setLabels compute.zoneOperations.delete compute.zoneOperations.get compute.zoneOperations.getIamPolicy compute.zoneOperations.list compute.zoneOperations.setIamPolicy compute.zones.get compute.zones.list notebooks.* notebooks.environments.create notebooks.environments.delete notebooks.environments.get notebooks.environments.getIamPolicy notebooks.nvironments.list notebooks.environments.setIamPolicy notebooks.executions.create notebooks.executions.delete notebooks.executions.get notebooks.executions.getIamPolicy notebooks.executions.list notebooks.executions.setIamPolicy notebooks.instances.checkUpgradability notebooks.instances.create notebooks.instances.delete notebooks.instances.diagnose notebooks.instances.get notebooks.instances.getHealth notebooks.instances.getIamPolicy notebooks.instances.list notebooks.instances.reset notebooks.instances.setAccelerator notebooks.instances.setIamPolicy notebooks.instances.setLabels notebooks.instances.setMachineType notebooks.instances.start notebooks.instances.stop notebooks.instances.update notebooks.instances.updateConfig notebooks.instances.updateShieldInstanceConfig notebooks.instances.upgrade notebooks.instances.use notebooks.locations.get notebooks.locations.list notebooks.operations.cancel notebooks.operations.delete notebooks.operations.get notebooks.operations.list notebooks.runtimes.create notebooks.runtimes.delete notebooks.runtimes.diagnose notebooks.runtimes.get notebooks.runtimes.getIamPolicy notebooks.runtimes.list notebooks.runtimes.reset notebooks.runtimes.setIamPolicy notebooks.runtimes.start notebooks.runtimes.stop notebooks.runtimes.switch notebooks.runtimes.update notebooks.runtimes.upgrade notebooks.schedules.create notebooks.schedules.delete notebooks.schedules.get notebooks.schedules.getIamPolicy notebooks.schedules.list notebooks.schedules.setIamPolicy resourcemanager.projects.get resourcemanager.projects.list serviceusage.quotas.get serviceusage.services.get serviceusage.services.list
Notebooks Legacy Viewer （`roles/notebooks.legacyViewer`）拥有通过 Compute API 对笔记本中所有资源进行只读访问的权限。	compute.acceleratorTypes.* compute.acceleratorTypes.get compute.acceleratorTypes.list compute.addresses.get compute.addresses.list compute.autoscalers.get compute.autoscalers.list compute.backendBuckets.get compute.backendBuckets.getIamPolicy compute.backendBuckets.list compute.backendServices.get compute.backendServices.getIamPolicy compute.backendServices.list compute.commitments.get compute.commitments.list compute.diskTypes.* compute.diskTypes.get compute.diskTypes.list compute.disks.get compute.disks.getIamPolicy compute.disks.list compute.disks.listEffectiveTags compute.disks.listTagBindings compute.externalVpnGateways.get compute.externalVpnGateways.list compute.firewallPolicies.get compute.firewallPolicies.getIamPolicy compute.firewallPolicies.list compute.firewalls.get compute.firewalls.list compute.forwardingRules.get compute.forwardingRules.list compute.globalAddresses.get compute.globalAddresses.list compute.globalForwardingRules.get compute.globalForwardingRules.list compute.globalForwardingRules.pscGet compute.globalNetworkEndpointGroups.get compute.globalNetworkEndpointGroups.list compute.globalOperations.get compute.globalOperations.getIamPolicy compute.globalOperations.list compute.globalPublicDelegatedPrefixes.get compute.globalPublicDelegatedPrefixes.list compute.healthChecks.get compute.healthChecks.list compute.httpHealthChecks.get compute.httpHealthChecks.list compute.httpsHealthChecks.get compute.httpsHealthChecks.list compute.images.get compute.images.getFromFamily compute.images.getIamPolicy compute.images.list compute.images.listEffectiveTags compute.images.listTagBindings compute.instanceGroupManagers.get compute.instanceGroupManagers.list compute.instanceGroups.get compute.instanceGroups.list compute.instanceTemplates.get compute.instanceTemplates.getIamPolicy compute.instanceTemplates.list compute.instances.get compute.instances.getEffectiveFirewalls compute.instances.getGuestAttributes compute.instances.getIamPolicy compute.instances.getScreenshot compute.instances.getSerialPortOutput compute.instances.getShieldedInstanceIdentity compute.instances.getShieldedVmIdentity compute.instances.list compute.instances.listEffectiveTags compute.instances.listReferrers compute.instances.listTagBindings compute.interconnectAttachments.get compute.interconnectAttachments.list compute.interconnectLocations.* compute.interconnectLocations.get compute.interconnectLocations.list compute.interconnectRemoteLocations.* compute.interconnectRemoteLocations.get compute.interconnectRemoteLocations.list compute.interconnects.get compute.interconnects.list compute.licenseCodes.get compute.licenseCodes.getIamPolicy compute.licenseCodes.list compute.licenses.get compute.licenses.getIamPolicy compute.licenses.list compute.machineImages.get compute.machineImages.getIamPolicy compute.machineImages.list compute.machineTypes.* compute.machineTypes.get compute.machineTypes.list compute.maintenancePolicies.get compute.maintenancePolicies.getIamPolicy compute.maintenancePolicies.list compute.networkAttachments.get compute.networkAttachments.list compute.networkEdgeSecurityServices.get compute.networkEdgeSecurityServices.list compute.networkEndpointGroups.get compute.networkEndpointGroups.getIamPolicy compute.networkEndpointGroups.list compute.networks.get compute.networks.getEffectiveFirewalls compute.networks.getRegionEffectiveFirewalls compute.networks.list compute.networks.listPeeringRoutes compute.nodeGroups.get compute.nodeGroups.getIamPolicy compute.nodeGroups.list compute.nodeTemplates.get compute.nodeTemplates.getIamPolicy compute.nodeTemplates.list compute.nodeTypes.* compute.nodeTypes.get compute.nodeTypes.list compute.organizations.listAssociations compute.packetMirrorings.get compute.packetMirrorings.list compute.projects.get compute.publicAdvertisedPrefixes.get compute.publicAdvertisedPrefixes.list compute.publicDelegatedPrefixes.get compute.publicDelegatedPrefixes.list compute.regionBackendServices.get compute.regionBackendServices.getIamPolicy compute.regionBackendServices.list compute.regionFirewallPolicies.get compute.regionFirewallPolicies.getIamPolicy compute.regionFirewallPolicies.list compute.regionHealthCheckServices.get compute.regionHealthCheckServices.list compute.regionHealthChecks.get compute.regionHealthChecks.list compute.regionNetworkEndpointGroups.get compute.regionNetworkEndpointGroups.list compute.regionNotificationEndpoints.get compute.regionNotificationEndpoints.list compute.regionOperations.get compute.regionOperations.getIamPolicy compute.regionOperations.list compute.regionSecurityPolicies.get compute.regionSecurityPolicies.list compute.regionSslCertificates.get compute.regionSslCertificates.list compute.regionSslPolicies.get compute.regionSslPolicies.list compute.regionSslPolicies.listAvailableFeatures compute.regionTargetHttpProxies.get compute.regionTargetHttpProxies.list compute.regionTargetHttpsProxies.get compute.regionTargetHttpsProxies.list compute.regionTargetTcpProxies.get compute.regionTargetTcpProxies.list compute.regionUrlMaps.get compute.regionUrlMaps.list compute.regionUrlMaps.validate compute.regions.* compute.regions.get compute.regions.list compute.reservations.get compute.reservations.list compute.resourcePolicies.get compute.resourcePolicies.getIamPolicy compute.resourcePolicies.list compute.routers.get compute.routers.list compute.routes.get compute.routes.list compute.securityPolicies.get compute.securityPolicies.getIamPolicy compute.securityPolicies.list compute.serviceAttachments.get compute.serviceAttachments.getIamPolicy compute.serviceAttachments.list compute.snapshots.get compute.snapshots.getIamPolicy compute.snapshots.list compute.snapshots.listEffectiveTags compute.snapshots.listTagBindings compute.sslCertificates.get compute.sslCertificates.list compute.sslPolicies.get compute.sslPolicies.list compute.sslPolicies.listAvailableFeatures compute.subnetworks.get compute.subnetworks.getIamPolicy compute.subnetworks.list compute.targetGrpcProxies.get compute.targetGrpcProxies.list compute.targetHttpProxies.get compute.targetHttpProxies.list compute.targetHttpsProxies.get compute.targetHttpsProxies.list compute.targetInstances.get compute.targetInstances.list compute.targetPools.get compute.targetPools.list compute.targetSslProxies.get compute.targetSslProxies.list compute.targetTcpProxies.get compute.targetTcpProxies.list compute.targetVpnGateways.get compute.targetVpnGateways.list compute.urlMaps.get compute.urlMaps.list compute.urlMaps.validate compute.vpnGateways.get compute.vpnGateways.list compute.vpnTunnels.get compute.vpnTunnels.list compute.zoneOperations.get compute.zoneOperations.getIamPolicy compute.zoneOperations.list compute.zones.* compute.zones.get compute.zones.list notebooks.environments.get notebooks.environments.getIamPolicy notebooks.nvironments.list notebooks.executions.get notebooks.executions.getIamPolicy notebooks.executions.list notebooks.instances.checkUpgradability notebooks.instances.get notebooks.instances.getHealth notebooks.instances.getIamPolicy notebooks.instances.list notebooks.locations.* notebooks.locations.get notebooks.locations.list notebooks.operations.get notebooks.operations.list notebooks.runtimes.get notebooks.runtimes.getIamPolicy notebooks.runtimes.list notebooks.schedules.get notebooks.schedules.getIamPolicy notebooks.schedules.list resourcemanager.projects.get resourcemanager.projects.list serviceusage.quotas.get serviceusage.services.get serviceusage.services.list
Notebooks Runner （`roles/notebooks.runner`）拥有受限的权限，能够运行已安排的笔记本。	compute.acceleratorTypes.* compute.acceleratorTypes.get compute.acceleratorTypes.list compute.addresses.get compute.addresses.list compute.autoscalers.get compute.autoscalers.list compute.backendBuckets.get compute.backendBuckets.getIamPolicy compute.backendBuckets.list compute.backendServices.get compute.backendServices.getIamPolicy compute.backendServices.list compute.commitments.get compute.commitments.list compute.diskTypes.* compute.diskTypes.get compute.diskTypes.list compute.disks.get compute.disks.getIamPolicy compute.disks.list compute.disks.listEffectiveTags compute.disks.listTagBindings compute.externalVpnGateways.get compute.externalVpnGateways.list compute.firewallPolicies.get compute.firewallPolicies.getIamPolicy compute.firewallPolicies.list compute.firewalls.get compute.firewalls.list compute.forwardingRules.get compute.forwardingRules.list compute.globalAddresses.get compute.globalAddresses.list compute.globalForwardingRules.get compute.globalForwardingRules.list compute.globalForwardingRules.pscGet compute.globalNetworkEndpointGroups.get compute.globalNetworkEndpointGroups.list compute.globalOperations.get compute.globalOperations.getIamPolicy compute.globalOperations.list compute.globalPublicDelegatedPrefixes.get compute.globalPublicDelegatedPrefixes.list compute.healthChecks.get compute.healthChecks.list compute.httpHealthChecks.get compute.httpHealthChecks.list compute.httpsHealthChecks.get compute.httpsHealthChecks.list compute.images.get compute.images.getFromFamily compute.images.getIamPolicy compute.images.list compute.images.listEffectiveTags compute.images.listTagBindings compute.instanceGroupManagers.get compute.instanceGroupManagers.list compute.instanceGroups.get compute.instanceGroups.list compute.instanceTemplates.get compute.instanceTemplates.getIamPolicy compute.instanceTemplates.list compute.instances.get compute.instances.getEffectiveFirewalls compute.instances.getGuestAttributes compute.instances.getIamPolicy compute.instances.getScreenshot compute.instances.getSerialPortOutput compute.instances.getShieldedInstanceIdentity compute.instances.getShieldedVmIdentity compute.instances.list compute.instances.listEffectiveTags compute.instances.listReferrers compute.instances.listTagBindings compute.interconnectAttachments.get compute.interconnectAttachments.list compute.interconnectLocations.* compute.interconnectLocations.get compute.interconnectLocations.list compute.interconnectRemoteLocations.* compute.interconnectRemoteLocations.get compute.interconnectRemoteLocations.list compute.interconnects.get compute.interconnects.list compute.licenseCodes.get compute.licenseCodes.getIamPolicy compute.licenseCodes.list compute.licenses.get compute.licenses.getIamPolicy compute.licenses.list compute.machineImages.get compute.machineImages.getIamPolicy compute.machineImages.list compute.machineTypes.* compute.machineTypes.get compute.machineTypes.list compute.maintenancePolicies.get compute.maintenancePolicies.getIamPolicy compute.maintenancePolicies.list compute.networkAttachments.get compute.networkAttachments.list compute.networkEdgeSecurityServices.get compute.networkEdgeSecurityServices.list compute.networkEndpointGroups.get compute.networkEndpointGroups.getIamPolicy compute.networkEndpointGroups.list compute.networks.get compute.networks.getEffectiveFirewalls compute.networks.getRegionEffectiveFirewalls compute.networks.list compute.networks.listPeeringRoutes compute.nodeGroups.get compute.nodeGroups.getIamPolicy compute.nodeGroups.list compute.nodeTemplates.get compute.nodeTemplates.getIamPolicy compute.nodeTemplates.list compute.nodeTypes.* compute.nodeTypes.get compute.nodeTypes.list compute.organizations.listAssociations compute.packetMirrorings.get compute.packetMirrorings.list compute.projects.get compute.publicAdvertisedPrefixes.get compute.publicAdvertisedPrefixes.list compute.publicDelegatedPrefixes.get compute.publicDelegatedPrefixes.list compute.regionBackendServices.get compute.regionBackendServices.getIamPolicy compute.regionBackendServices.list compute.regionFirewallPolicies.get compute.regionFirewallPolicies.getIamPolicy compute.regionFirewallPolicies.list compute.regionHealthCheckServices.get compute.regionHealthCheckServices.list compute.regionHealthChecks.get compute.regionHealthChecks.list compute.regionNetworkEndpointGroups.get compute.regionNetworkEndpointGroups.list compute.regionNotificationEndpoints.get compute.regionNotificationEndpoints.list compute.regionOperations.get compute.regionOperations.getIamPolicy compute.regionOperations.list compute.regionSecurityPolicies.get compute.regionSecurityPolicies.list compute.regionSslCertificates.get compute.regionSslCertificates.list compute.regionSslPolicies.get compute.regionSslPolicies.list compute.regionSslPolicies.listAvailableFeatures compute.regionTargetHttpProxies.get compute.regionTargetHttpProxies.list compute.regionTargetHttpsProxies.get compute.regionTargetHttpsProxies.list compute.regionTargetTcpProxies.get compute.regionTargetTcpProxies.list compute.regionUrlMaps.get compute.regionUrlMaps.list compute.regionUrlMaps.validate compute.regions.* compute.regions.get compute.regions.list compute.reservations.get compute.reservations.list compute.resourcePolicies.get compute.resourcePolicies.getIamPolicy compute.resourcePolicies.list compute.routers.get compute.routers.list compute.routes.get compute.routes.list compute.securityPolicies.get compute.securityPolicies.getIamPolicy compute.securityPolicies.list compute.serviceAttachments.get compute.serviceAttachments.getIamPolicy compute.serviceAttachments.list compute.snapshots.get compute.snapshots.getIamPolicy compute.snapshots.list compute.snapshots.listEffectiveTags compute.snapshots.listTagBindings compute.sslCertificates.get compute.sslCertificates.list compute.sslPolicies.get compute.sslPolicies.list compute.sslPolicies.listAvailableFeatures compute.subnetworks.get compute.subnetworks.getIamPolicy compute.subnetworks.list compute.targetGrpcProxies.get compute.targetGrpcProxies.list compute.targetHttpProxies.get compute.targetHttpProxies.list compute.targetHttpsProxies.get compute.targetHttpsProxies.list compute.targetInstances.get compute.targetInstances.list compute.targetPools.get compute.targetPools.list compute.targetSslProxies.get compute.targetSslProxies.list compute.targetTcpProxies.get compute.targetTcpProxies.list compute.targetVpnGateways.get compute.targetVpnGateways.list compute.urlMaps.get compute.urlMaps.list compute.urlMaps.validate compute.vpnGateways.get compute.vpnGateways.list compute.vpnTunnels.get compute.vpnTunnels.list compute.zoneOperations.get compute.zoneOperations.getIamPolicy compute.zoneOperations.list compute.zones.* compute.zones.get compute.zones.list notebooks.environments.get notebooks.environments.getIamPolicy notebooks.nvironments.list notebooks.executions.create notebooks.executions.get notebooks.executions.getIamPolicy notebooks.executions.list notebooks.instances.checkUpgradability notebooks.instances.create notebooks.instances.get notebooks.instances.getHealth notebooks.instances.getIamPolicy notebooks.instances.list notebooks.locations.* notebooks.locations.get notebooks.locations.list notebooks.operations.get notebooks.operations.list notebooks.runtimes.create notebooks.runtimes.get notebooks.runtimes.getIamPolicy notebooks.runtimes.list notebooks.schedules.create notebooks.schedules.get notebooks.schedules.getIamPolicy notebooks.schedules.list resourcemanager.projects.get resourcemanager.projects.list serviceusage.quotas.get serviceusage.services.get serviceusage.services.list
Notebooks Viewer （`roles/notebooks.viewer`）拥有对笔记本中所有资源的只读权限。您可以授予此角色的最低级层资源：实例	compute.acceleratorTypes.* compute.acceleratorTypes.get compute.acceleratorTypes.list compute.addresses.get compute.addresses.list compute.autoscalers.get compute.autoscalers.list compute.backendBuckets.get compute.backendBuckets.getIamPolicy compute.backendBuckets.list compute.backendServices.get compute.backendServices.getIamPolicy compute.backendServices.list compute.commitments.get compute.commitments.list compute.diskTypes.* compute.diskTypes.get compute.diskTypes.list compute.disks.get compute.disks.getIamPolicy compute.disks.list compute.disks.listEffectiveTags compute.disks.listTagBindings compute.externalVpnGateways.get compute.externalVpnGateways.list compute.firewallPolicies.get compute.firewallPolicies.getIamPolicy compute.firewallPolicies.list compute.firewalls.get compute.firewalls.list compute.forwardingRules.get compute.forwardingRules.list compute.globalAddresses.get compute.globalAddresses.list compute.globalForwardingRules.get compute.globalForwardingRules.list compute.globalForwardingRules.pscGet compute.globalNetworkEndpointGroups.get compute.globalNetworkEndpointGroups.list compute.globalOperations.get compute.globalOperations.getIamPolicy compute.globalOperations.list compute.globalPublicDelegatedPrefixes.get compute.globalPublicDelegatedPrefixes.list compute.healthChecks.get compute.healthChecks.list compute.httpHealthChecks.get compute.httpHealthChecks.list compute.httpsHealthChecks.get compute.httpsHealthChecks.list compute.images.get compute.images.getFromFamily compute.images.getIamPolicy compute.images.list compute.images.listEffectiveTags compute.images.listTagBindings compute.instanceGroupManagers.get compute.instanceGroupManagers.list compute.instanceGroups.get compute.instanceGroups.list compute.instanceTemplates.get compute.instanceTemplates.getIamPolicy compute.instanceTemplates.list compute.instances.get compute.instances.getEffectiveFirewalls compute.instances.getGuestAttributes compute.instances.getIamPolicy compute.instances.getScreenshot compute.instances.getSerialPortOutput compute.instances.getShieldedInstanceIdentity compute.instances.getShieldedVmIdentity compute.instances.list compute.instances.listEffectiveTags compute.instances.listReferrers compute.instances.listTagBindings compute.interconnectAttachments.get compute.interconnectAttachments.list compute.interconnectLocations.* compute.interconnectLocations.get compute.interconnectLocations.list compute.interconnectRemoteLocations.* compute.interconnectRemoteLocations.get compute.interconnectRemoteLocations.list compute.interconnects.get compute.interconnects.list compute.licenseCodes.get compute.licenseCodes.getIamPolicy compute.licenseCodes.list compute.licenses.get compute.licenses.getIamPolicy compute.licenses.list compute.machineImages.get compute.machineImages.getIamPolicy compute.machineImages.list compute.machineTypes.* compute.machineTypes.get compute.machineTypes.list compute.maintenancePolicies.get compute.maintenancePolicies.getIamPolicy compute.maintenancePolicies.list compute.networkAttachments.get compute.networkAttachments.list compute.networkEdgeSecurityServices.get compute.networkEdgeSecurityServices.list compute.networkEndpointGroups.get compute.networkEndpointGroups.getIamPolicy compute.networkEndpointGroups.list compute.networks.get compute.networks.getEffectiveFirewalls compute.networks.getRegionEffectiveFirewalls compute.networks.list compute.networks.listPeeringRoutes compute.nodeGroups.get compute.nodeGroups.getIamPolicy compute.nodeGroups.list compute.nodeTemplates.get compute.nodeTemplates.getIamPolicy compute.nodeTemplates.list compute.nodeTypes.* compute.nodeTypes.get compute.nodeTypes.list compute.organizations.listAssociations compute.packetMirrorings.get compute.packetMirrorings.list compute.projects.get compute.publicAdvertisedPrefixes.get compute.publicAdvertisedPrefixes.list compute.publicDelegatedPrefixes.get compute.publicDelegatedPrefixes.list compute.regionBackendServices.get compute.regionBackendServices.getIamPolicy compute.regionBackendServices.list compute.regionFirewallPolicies.get compute.regionFirewallPolicies.getIamPolicy compute.regionFirewallPolicies.list compute.regionHealthCheckServices.get compute.regionHealthCheckServices.list compute.regionHealthChecks.get compute.regionHealthChecks.list compute.regionNetworkEndpointGroups.get compute.regionNetworkEndpointGroups.list compute.regionNotificationEndpoints.get compute.regionNotificationEndpoints.list compute.regionOperations.get compute.regionOperations.getIamPolicy compute.regionOperations.list compute.regionSecurityPolicies.get compute.regionSecurityPolicies.list compute.regionSslCertificates.get compute.regionSslCertificates.list compute.regionSslPolicies.get compute.regionSslPolicies.list compute.regionSslPolicies.listAvailableFeatures compute.regionTargetHttpProxies.get compute.regionTargetHttpProxies.list compute.regionTargetHttpsProxies.get compute.regionTargetHttpsProxies.list compute.regionTargetTcpProxies.get compute.regionTargetTcpProxies.list compute.regionUrlMaps.get compute.regionUrlMaps.list compute.regionUrlMaps.validate compute.regions.* compute.regions.get compute.regions.list compute.reservations.get compute.reservations.list compute.resourcePolicies.get compute.resourcePolicies.getIamPolicy compute.resourcePolicies.list compute.routers.get compute.routers.list compute.routes.get compute.routes.list compute.securityPolicies.get compute.securityPolicies.getIamPolicy compute.securityPolicies.list compute.serviceAttachments.get compute.serviceAttachments.getIamPolicy compute.serviceAttachments.list compute.snapshots.get compute.snapshots.getIamPolicy compute.snapshots.list compute.snapshots.listEffectiveTags compute.snapshots.listTagBindings compute.sslCertificates.get compute.sslCertificates.list compute.sslPolicies.get compute.sslPolicies.list compute.sslPolicies.listAvailableFeatures compute.subnetworks.get compute.subnetworks.getIamPolicy compute.subnetworks.list compute.targetGrpcProxies.get compute.targetGrpcProxies.list compute.targetHttpProxies.get compute.targetHttpProxies.list compute.targetHttpsProxies.get compute.targetHttpsProxies.list compute.targetInstances.get compute.targetInstances.list compute.targetPools.get compute.targetPools.list compute.targetSslProxies.get compute.targetSslProxies.list compute.targetTcpProxies.get compute.targetTcpProxies.list compute.targetVpnGateways.get compute.targetVpnGateways.list compute.urlMaps.get compute.urlMaps.list compute.urlMaps.validate compute.vpnGateways.get compute.vpnGateways.list compute.vpnTunnels.get compute.vpnTunnels.list compute.zoneOperations.get compute.zoneOperations.getIamPolicy compute.zoneOperations.list compute.zones.* compute.zones.get compute.zones.list notebooks.environments.get notebooks.environments.getIamPolicy notebooks.nvironments.list notebooks.executions.get notebooks.executions.getIamPolicy notebooks.executions.list notebooks.instances.checkUpgradability notebooks.instances.get notebooks.instances.getHealth notebooks.instances.getIamPolicy notebooks.instances.list notebooks.locations.* notebooks.locations.get notebooks.locations.list notebooks.operations.get notebooks.operations.list notebooks.runtimes.get notebooks.runtimes.getIamPolicy notebooks.runtimes.list notebooks.schedules.get notebooks.schedules.getIamPolicy notebooks.schedules.list resourcemanager.projects.get resourcemanager.projects.list serviceusage.quotas.get serviceusage.services.get serviceusage.services.list

Notebooks Admin

（roles/notebooks.admin）

拥有对笔记本中所有资源的完整访问权限。

您可以授予此角色的最低级层资源：

实例

compute.acceleratorTypes.*

compute.acceleratorTypes.get
compute.acceleratorTypes.list

compute.addresses.get

compute.addresses.list

compute.autoscalers.get

compute.autoscalers.list

compute.backendBuckets.get

compute.backendBuckets.getIamPolicy

compute.backendBuckets.list

compute.backendServices.get

compute.backendServices.getIamPolicy

compute.backendServices.list

compute.commitments.get

compute.commitments.list

compute.diskTypes.*

compute.diskTypes.get
compute.diskTypes.list

compute.disks.get

compute.disks.getIamPolicy

compute.disks.list

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.externalVpnGateways.get

compute.externalVpnGateways.list

compute.firewallPolicies.get

compute.firewallPolicies.getIamPolicy

compute.firewallPolicies.list

compute.firewalls.get

compute.firewalls.list

compute.forwardingRules.get

compute.forwardingRules.list

compute.globalAddresses.get

compute.globalAddresses.list

compute.globalForwardingRules.get

compute.globalForwardingRules.list

compute.globalForwardingRules.pscGet

compute.globalNetworkEndpointGroups.get

compute.globalNetworkEndpointGroups.list

compute.globalOperations.get

compute.globalOperations.getIamPolicy

compute.globalOperations.list

compute.globalPublicDelegatedPrefixes.get

compute.globalPublicDelegatedPrefixes.list

compute.healthChecks.get

compute.healthChecks.list

compute.httpHealthChecks.get

compute.httpHealthChecks.list

compute.httpsHealthChecks.get

compute.httpsHealthChecks.list

compute.images.get

compute.images.getFromFamily

compute.images.getIamPolicy

compute.images.list

compute.images.listEffectiveTags

compute.images.listTagBindings

compute.instanceGroupManagers.get

compute.instanceGroupManagers.list

compute.instanceGroups.get

compute.instanceGroups.list

compute.instanceTemplates.get

compute.instanceTemplates.getIamPolicy

compute.instanceTemplates.list

compute.instances.get

compute.instances.getEffectiveFirewalls

compute.instances.getGuestAttributes

compute.instances.getIamPolicy

compute.instances.getScreenshot

compute.instances.getSerialPortOutput

compute.instances.getShieldedInstanceIdentity

compute.instances.getShieldedVmIdentity

compute.instances.list

compute.instances.listEffectiveTags

compute.instances.listReferrers

compute.instances.listTagBindings

compute.interconnectAttachments.get

compute.interconnectAttachments.list

compute.interconnectLocations.*

compute.interconnectLocations.get
compute.interconnectLocations.list

compute.interconnectRemoteLocations.*

compute.interconnectRemoteLocations.get
compute.interconnectRemoteLocations.list

compute.interconnects.get

compute.interconnects.list

compute.licenseCodes.get

compute.licenseCodes.getIamPolicy

compute.licenseCodes.list

compute.licenses.get

compute.licenses.getIamPolicy

compute.licenses.list

compute.machineImages.get

compute.machineImages.getIamPolicy

compute.machineImages.list

compute.machineTypes.*

compute.machineTypes.get
compute.machineTypes.list

compute.maintenancePolicies.get

compute.maintenancePolicies.getIamPolicy

compute.maintenancePolicies.list

compute.networkAttachments.get

compute.networkAttachments.list

compute.networkEdgeSecurityServices.get

compute.networkEdgeSecurityServices.list

compute.networkEndpointGroups.get

compute.networkEndpointGroups.getIamPolicy

compute.networkEndpointGroups.list

compute.networks.get

compute.networks.getEffectiveFirewalls

compute.networks.getRegionEffectiveFirewalls

compute.networks.list

compute.networks.listPeeringRoutes

compute.nodeGroups.get

compute.nodeGroups.getIamPolicy

compute.nodeGroups.list

compute.nodeTemplates.get

compute.nodeTemplates.getIamPolicy

compute.nodeTemplates.list

compute.nodeTypes.*

compute.nodeTypes.get
compute.nodeTypes.list

compute.organizations.listAssociations

compute.packetMirrorings.get

compute.packetMirrorings.list

compute.projects.get

compute.publicAdvertisedPrefixes.get

compute.publicAdvertisedPrefixes.list

compute.publicDelegatedPrefixes.get

compute.publicDelegatedPrefixes.list

compute.regionBackendServices.get

compute.regionBackendServices.getIamPolicy

compute.regionBackendServices.list

compute.regionFirewallPolicies.get

compute.regionFirewallPolicies.getIamPolicy

compute.regionFirewallPolicies.list

compute.regionHealthCheckServices.get

compute.regionHealthCheckServices.list

compute.regionHealthChecks.get

compute.regionHealthChecks.list

compute.regionNetworkEndpointGroups.get

compute.regionNetworkEndpointGroups.list

compute.regionNotificationEndpoints.get

compute.regionNotificationEndpoints.list

compute.regionOperations.get

compute.regionOperations.getIamPolicy

compute.regionOperations.list

compute.regionSecurityPolicies.get

compute.regionSecurityPolicies.list

compute.regionSslCertificates.get

compute.regionSslCertificates.list

compute.regionSslPolicies.get

compute.regionSslPolicies.list

compute.regionSslPolicies.listAvailableFeatures

compute.regionTargetHttpProxies.get

compute.regionTargetHttpProxies.list

compute.regionTargetHttpsProxies.get

compute.regionTargetHttpsProxies.list

compute.regionTargetTcpProxies.get

compute.regionTargetTcpProxies.list

compute.regionUrlMaps.get

compute.regionUrlMaps.list

compute.regionUrlMaps.validate

compute.regions.*

compute.regions.get
compute.regions.list

compute.reservations.get

compute.reservations.list

compute.resourcePolicies.get

compute.resourcePolicies.getIamPolicy

compute.resourcePolicies.list

compute.routers.get

compute.routers.list

compute.routes.get

compute.routes.list

compute.securityPolicies.get

compute.securityPolicies.getIamPolicy

compute.securityPolicies.list

compute.serviceAttachments.get

compute.serviceAttachments.getIamPolicy

compute.serviceAttachments.list

compute.snapshots.get

compute.snapshots.getIamPolicy

compute.snapshots.list

compute.snapshots.listEffectiveTags

compute.snapshots.listTagBindings

compute.sslCertificates.get

compute.sslCertificates.list

compute.sslPolicies.get

compute.sslPolicies.list

compute.sslPolicies.listAvailableFeatures

compute.subnetworks.get

compute.subnetworks.getIamPolicy

compute.subnetworks.list

compute.targetGrpcProxies.get

compute.targetGrpcProxies.list

compute.targetHttpProxies.get

compute.targetHttpProxies.list

compute.targetHttpsProxies.get

compute.targetHttpsProxies.list

compute.targetInstances.get

compute.targetInstances.list

compute.targetPools.get

compute.targetPools.list

compute.targetSslProxies.get

compute.targetSslProxies.list

compute.targetTcpProxies.get

compute.targetTcpProxies.list

compute.targetVpnGateways.get

compute.targetVpnGateways.list

compute.urlMaps.get

compute.urlMaps.list

compute.urlMaps.validate

compute.vpnGateways.get

compute.vpnGateways.list

compute.vpnTunnels.get

compute.vpnTunnels.list

compute.zoneOperations.get

compute.zoneOperations.getIamPolicy

compute.zoneOperations.list

compute.zones.*

compute.zones.get
compute.zones.list

notebooks.*

notebooks.environments.create
notebooks.environments.delete
notebooks.environments.get
notebooks.environments.getIamPolicy
notebooks.nvironments.list
notebooks.environments.setIamPolicy
notebooks.executions.create
notebooks.executions.delete
notebooks.executions.get
notebooks.executions.getIamPolicy
notebooks.executions.list
notebooks.executions.setIamPolicy
notebooks.instances.checkUpgradability
notebooks.instances.create
notebooks.instances.delete
notebooks.instances.diagnose
notebooks.instances.get
notebooks.instances.getHealth
notebooks.instances.getIamPolicy
notebooks.instances.list
notebooks.instances.reset
notebooks.instances.setAccelerator
notebooks.instances.setIamPolicy
notebooks.instances.setLabels
notebooks.instances.setMachineType
notebooks.instances.start
notebooks.instances.stop
notebooks.instances.update
notebooks.instances.updateConfig
notebooks.instances.updateShieldInstanceConfig
notebooks.instances.upgrade
notebooks.instances.use
notebooks.locations.get
notebooks.locations.list
notebooks.operations.cancel
notebooks.operations.delete
notebooks.operations.get
notebooks.operations.list
notebooks.runtimes.create
notebooks.runtimes.delete
notebooks.runtimes.diagnose
notebooks.runtimes.get
notebooks.runtimes.getIamPolicy
notebooks.runtimes.list
notebooks.runtimes.reset
notebooks.runtimes.setIamPolicy
notebooks.runtimes.start
notebooks.runtimes.stop
notebooks.runtimes.switch
notebooks.runtimes.update
notebooks.runtimes.upgrade
notebooks.schedules.create
notebooks.schedules.delete
notebooks.schedules.get
notebooks.schedules.getIamPolicy
notebooks.schedules.list
notebooks.schedules.setIamPolicy

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Notebooks Legacy Admin

（roles/notebooks.legacyAdmin）

具有通过 Compute API 访问笔记本中的所有资源的完整权限。

compute.*

compute.acceleratorTypes.get
compute.acceleratorTypes.list
compute.addresses.create
compute.addresses.createInternal
compute.addresses.delete
compute.addresses.deleteInternal
compute.addresses.get
compute.addresses.list
compute.addresses.setLabels
compute.addresses.use
compute.addresses.useInternal
compute.autoscalers.create
compute.autoscalers.delete
compute.autoscalers.get
compute.autoscalers.list
compute.autoscalers.update
compute.backendBuckets.addSignedUrlKey
compute.backendBuckets.create
compute.backendBuckets.delete
compute.backendBuckets.deleteSignedUrlKey
compute.backendBuckets.get
compute.backendBuckets.getIamPolicy
compute.backendBuckets.list
compute.backendBuckets.setIamPolicy
compute.backendBuckets.setSecurityPolicy
compute.backendBuckets.update
compute.backendBuckets.use
compute.backendServices.addSignedUrlKey
compute.backendServices.create
compute.backendServices.delete
compute.backendServices.deleteSignedUrlKey
compute.backendServices.get
compute.backendServices.getIamPolicy
compute.backendServices.list
compute.backendServices.setIamPolicy
compute.backendServices.setSecurityPolicy
compute.backendServices.update
compute.backendServices.use
compute.commitments.create
compute.commitments.get
compute.commitments.list
compute.commitments.update
compute.commitments.updateReservations
compute.diskTypes.get
compute.diskTypes.list
compute.disks.addResourcePolicies
compute.disks.create
compute.disks.createSnapshot
compute.disks.createTagBinding
compute.disks.delete
compute.disks.deleteTagBinding
compute.disks.get
compute.disks.getIamPolicy
compute.disks.list
compute.disks.listEffectiveTags
compute.disks.listTagBindings
compute.disks.removeResourcePolicies
compute.disks.resize
compute.disks.setIamPolicy
compute.disks.setLabels
compute.disks.startAsyncReplication
compute.disks.stopAsyncReplication
compute.disks.stopGroupAsyncReplication
compute.disks.update
compute.disks.use
compute.disks.useReadOnly
compute.externalVpnGateways.create
compute.externalVpnGateways.delete
compute.externalVpnGateways.get
compute.externalVpnGateways.list
compute.externalVpnGateways.setLabels
compute.externalVpnGateways.use
compute.firewallPolicies.addAssociation
compute.firewallPolicies.cloneRules
compute.firewallPolicies.copyRules
compute.firewallPolicies.create
compute.firewallPolicies.delete
compute.firewallPolicies.get
compute.firewallPolicies.getIamPolicy
compute.firewallPolicies.list
compute.firewallPolicies.move
compute.firewallPolicies.removeAssociation
compute.firewallPolicies.setIamPolicy
compute.firewallPolicies.update
compute.firewallPolicies.use
compute.firewalls.create
compute.firewalls.delete
compute.firewalls.get
compute.firewalls.list
compute.firewalls.update
compute.forwardingRules.create
compute.forwardingRules.delete
compute.forwardingRules.get
compute.forwardingRules.list
compute.forwardingRules.pscCreate
compute.forwardingRules.pscDelete
compute.forwardingRules.pscSetLabels
compute.forwardingRules.pscSetTarget
compute.forwardingRules.pscUpdate
compute.forwardingRules.setLabels
compute.forwardingRules.setTarget
compute.forwardingRules.update
compute.forwardingRules.use
compute.globalAddresses.create
compute.globalAddresses.createInternal
compute.globalAddresses.delete
compute.globalAddresses.deleteInternal
compute.globalAddresses.get
compute.globalAddresses.list
compute.globalAddresses.setLabels
compute.globalAddresses.use
compute.globalForwardingRules.create
compute.globalForwardingRules.delete
compute.globalForwardingRules.get
compute.globalForwardingRules.list
compute.globalForwardingRules.pscCreate
compute.globalForwardingRules.pscDelete
compute.globalForwardingRules.pscGet
compute.globalForwardingRules.pscSetLabels
compute.globalForwardingRules.pscSetTarget
compute.globalForwardingRules.pscUpdate
compute.globalForwardingRules.setLabels
compute.globalForwardingRules.setTarget
compute.globalForwardingRules.update
compute.globalNetworkEndpointGroups.attachNetworkEndpoints
compute.globalNetworkEndpointGroups.create
compute.globalNetworkEndpointGroups.delete
compute.globalNetworkEndpointGroups.detachNetworkEndpoints
compute.globalNetworkEndpointGroups.get
compute.globalNetworkEndpointGroups.list
compute.globalNetworkEndpointGroups.use
compute.globalOperations.delete
compute.globalOperations.get
compute.globalOperations.getIamPolicy
compute.globalOperations.list
compute.globalOperations.setIamPolicy
compute.globalPublicDelegatedPrefixes.create
compute.globalPublicDelegatedPrefixes.delete
compute.globalPublicDelegatedPrefixes.get
compute.globalPublicDelegatedPrefixes.list
compute.globalPublicDelegatedPrefixes.update
compute.globalPublicDelegatedPrefixes.updatePolicy
compute.globalPublicDelegatedPrefixes.use
compute.healthChecks.create
compute.healthChecks.delete
compute.healthChecks.get
compute.healthChecks.list
compute.healthChecks.update
compute.healthChecks.use
compute.healthChecks.useReadOnly
compute.httpHealthChecks.create
compute.httpHealthChecks.delete
compute.httpHealthChecks.get
compute.httpHealthChecks.list
compute.httpHealthChecks.update
compute.httpHealthChecks.use
compute.httpHealthChecks.useReadOnly
compute.httpsHealthChecks.create
compute.httpsHealthChecks.delete
compute.httpsHealthChecks.get
compute.httpsHealthChecks.list
compute.httpsHealthChecks.update
compute.httpsHealthChecks.use
compute.httpsHealthChecks.useReadOnly
compute.images.create
compute.images.createTagBinding
compute.images.delete
compute.images.deleteTagBinding
compute.images.deprecate
compute.images.get
compute.images.getFromFamily
compute.images.getIamPolicy
compute.images.list
compute.images.listEffectiveTags
compute.images.listTagBindings
compute.images.setIamPolicy
compute.images.setLabels
compute.images.update
compute.images.useReadOnly
compute.instanceGroupManagers.create
compute.instanceGroupManagers.delete
compute.instanceGroupManagers.get
compute.instanceGroupManagers.list
compute.instanceGroupManagers.update
compute.instanceGroupManagers.use
compute.instanceGroups.create
compute.instanceGroups.delete
compute.instanceGroups.get
compute.instanceGroups.list
compute.instanceGroups.update
compute.instanceGroups.use
compute.instanceTemplates.create
compute.instanceTemplates.delete
compute.instanceTemplates.get
compute.instanceTemplates.getIamPolicy
compute.instanceTemplates.list
compute.instanceTemplates.setIamPolicy
compute.instanceTemplates.useReadOnly
compute.instances.addAccessConfig
compute.instances.addMaintenancePolicies
compute.instances.addResourcePolicies
compute.instances.attachDisk
compute.instances.create
compute.instances.createTagBinding
compute.instances.delete
compute.instances.deleteAccessConfig
compute.instances.deleteTagBinding
compute.instances.detachDisk
compute.instances.get
compute.instances.getEffectiveFirewalls
compute.instances.getGuestAttributes
compute.instances.getIamPolicy
compute.instances.getScreenshot
compute.instances.getSerialPortOutput
compute.instances.getShieldedInstanceIdentity
compute.instances.getShieldedVmIdentity
compute.instances.list
compute.instances.listEffectiveTags
compute.instances.listReferrers
compute.instances.listTagBindings
compute.instances.osAdminLogin
compute.instances.osLogin
compute.instances.removeMaintenancePolicies
compute.instances.removeResourcePolicies
compute.instances.reset
compute.instances.resume
compute.instances.sendDiagnosticInterrupt
compute.instances.setDeletionProtection
compute.instances.setDiskAutoDelete
compute.instances.setIamPolicy
compute.instances.setLabels
compute.instances.setMachineResources
compute.instances.setMachineType
compute.instances.setMetadata
compute.instances.setMinCpuPlatform
compute.instances.setName
compute.instances.setScheduling
compute.instances.setServiceAccount
compute.instances.setShieldedInstanceIntegrityPolicy
compute.instances.setShieldedVmIntegrityPolicy
compute.instances.setTags
compute.instances.simulateMaintenanceEvent
compute.instances.start
compute.instances.startWithEncryptionKey
compute.instances.stop
compute.instances.suspend
compute.instances.update
compute.instances.updateAccessConfig
compute.instances.updateDisplayDevice
compute.instances.updateNetworkInterface
compute.instances.updateSecurity
compute.instances.updateShieldedInstanceConfig
compute.instances.updateShieldedVmConfig
compute.instances.use
compute.instances.useReadOnly
compute.interconnectAttachments.create
compute.interconnectAttachments.delete
compute.interconnectAttachments.get
compute.interconnectAttachments.list
compute.interconnectAttachments.setLabels
compute.interconnectAttachments.update
compute.interconnectAttachments.use
compute.interconnectLocations.get
compute.interconnectLocations.list
compute.interconnectRemoteLocations.get
compute.interconnectRemoteLocations.list
compute.interconnects.create
compute.interconnects.delete
compute.interconnects.get
compute.interconnects.list
compute.interconnects.setLabels
compute.interconnects.update
compute.interconnects.use
compute.licenseCodes.get
compute.licenseCodes.getIamPolicy
compute.licenseCodes.list
compute.licenseCodes.setIamPolicy
compute.licenseCodes.update
compute.licenseCodes.use
compute.licenses.create
compute.licenses.delete
compute.licenses.get
compute.licenses.getIamPolicy
compute.licenses.list
compute.licenses.setIamPolicy
compute.machineImages.create
compute.machineImages.delete
compute.machineImages.get
compute.machineImages.getIamPolicy
compute.machineImages.list
compute.machineImages.setIamPolicy
compute.machineImages.useReadOnly
compute.machineTypes.get
compute.machineTypes.list
compute.maintenancePolicies.create
compute.maintenancePolicies.delete
compute.maintenancePolicies.get
compute.maintenancePolicies.getIamPolicy
compute.maintenancePolicies.list
compute.maintenancePolicies.setIamPolicy
compute.maintenancePolicies.use
compute.networkAttachments.create
compute.networkAttachments.delete
compute.networkAttachments.get
compute.networkAttachments.list
compute.networkEdgeSecurityServices.create
compute.networkEdgeSecurityServices.delete
compute.networkEdgeSecurityServices.get
compute.networkEdgeSecurityServices.list
compute.networkEdgeSecurityServices.update
compute.networkEndpointGroups.attachNetworkEndpoints
compute.networkEndpointGroups.create
compute.networkEndpointGroups.delete
compute.networkEndpointGroups.detachNetworkEndpoints
compute.networkEndpointGroups.get
compute.networkEndpointGroups.getIamPolicy
compute.networkEndpointGroups.list
compute.networkEndpointGroups.setIamPolicy
compute.networkEndpointGroups.use
compute.networks.access
compute.networks.addPeering
compute.networks.create
compute.networks.delete
compute.networks.get
compute.networks.getEffectiveFirewalls
compute.networks.getRegionEffectiveFirewalls
compute.networks.list
compute.networks.listPeeringRoutes
compute.networks.mirror
compute.networks.removePeering
compute.networks.setFirewallPolicy
compute.networks.switchToCustomMode
compute.networks.update
compute.networks.updatePeering
compute.networks.updatePolicy
compute.networks.use
compute.networks.useExternalIp
compute.nodeGroups.addNodes
compute.nodeGroups.create
compute.nodeGroups.delete
compute.nodeGroups.deleteNodes
compute.nodeGroups.get
compute.nodeGroups.getIamPolicy
compute.nodeGroups.list
compute.nodeGroups.setIamPolicy
compute.nodeGroups.setNodeTemplate
compute.nodeGroups.simulateMaintenanceEvent
compute.nodeGroups.update
compute.nodeTemplates.create
compute.nodeTemplates.delete
compute.nodeTemplates.get
compute.nodeTemplates.getIamPolicy
compute.nodeTemplates.list
compute.nodeTemplates.setIamPolicy
compute.nodeTypes.get
compute.nodeTypes.list
compute.organizations.administerXpn
compute.organizations.disableXpnHost
compute.organizations.disableXpnResource
compute.organizations.enableXpnHost
compute.organizations.enableXpnResource
compute.organizations.listAssociations
compute.organizations.setFirewallPolicy
compute.organizations.setSecurityPolicy
compute.oslogin.updateExternalUser
compute.packetMirrorings.create
compute.packetMirrorings.delete
compute.packetMirrorings.get
compute.packetMirrorings.list
compute.packetMirrorings.update
compute.projects.get
compute.projects.setCommonInstanceMetadata
compute.projects.setDefaultNetworkTier
compute.projects.setDefaultServiceAccount
compute.projects.setUsageExportBucket
compute.publicAdvertisedPrefixes.create
compute.publicAdvertisedPrefixes.delete
compute.publicAdvertisedPrefixes.get
compute.publicAdvertisedPrefixes.list
compute.publicAdvertisedPrefixes.update
compute.publicAdvertisedPrefixes.updatePolicy
compute.publicAdvertisedPrefixes.use
compute.publicDelegatedPrefixes.create
compute.publicDelegatedPrefixes.delete
compute.publicDelegatedPrefixes.get
compute.publicDelegatedPrefixes.list
compute.publicDelegatedPrefixes.update
compute.publicDelegatedPrefixes.updatePolicy
compute.publicDelegatedPrefixes.use
compute.regionBackendServices.create
compute.regionBackendServices.delete
compute.regionBackendServices.get
compute.regionBackendServices.getIamPolicy
compute.regionBackendServices.list
compute.regionBackendServices.setIamPolicy
compute.regionBackendServices.setSecurityPolicy
compute.regionBackendServices.update
compute.regionBackendServices.use
compute.regionFirewallPolicies.cloneRules
compute.regionFirewallPolicies.create
compute.regionFirewallPolicies.delete
compute.regionFirewallPolicies.get
compute.regionFirewallPolicies.getIamPolicy
compute.regionFirewallPolicies.list
compute.regionFirewallPolicies.setIamPolicy
compute.regionFirewallPolicies.update
compute.regionFirewallPolicies.use
compute.regionHealthCheckServices.create
compute.regionHealthCheckServices.delete
compute.regionHealthCheckServices.get
compute.regionHealthCheckServices.list
compute.regionHealthCheckServices.update
compute.regionHealthCheckServices.use
compute.regionHealthChecks.create
compute.regionHealthChecks.delete
compute.regionHealthChecks.get
compute.regionHealthChecks.list
compute.regionHealthChecks.update
compute.regionHealthChecks.use
compute.regionHealthChecks.useReadOnly
compute.regionNetworkEndpointGroups.create
compute.regionNetworkEndpointGroups.delete
compute.regionNetworkEndpointGroups.get
compute.regionNetworkEndpointGroups.list
compute.regionNetworkEndpointGroups.use
compute.regionNotificationEndpoints.create
compute.regionNotificationEndpoints.delete
compute.regionNotificationEndpoints.get
compute.regionNotificationEndpoints.list
compute.regionNotificationEndpoints.update
compute.regionNotificationEndpoints.use
compute.regionOperations.delete
compute.regionOperations.get
compute.regionOperations.getIamPolicy
compute.regionOperations.list
compute.regionOperations.setIamPolicy
compute.regionSecurityPolicies.create
compute.regionSecurityPolicies.delete
compute.regionSecurityPolicies.get
compute.regionSecurityPolicies.list
compute.regionSecurityPolicies.update
compute.regionSecurityPolicies.use
compute.regionSslCertificates.create
compute.regionSslCertificates.delete
compute.regionSslCertificates.get
compute.regionSslCertificates.list
compute.regionSslPolicies.create
compute.regionSslPolicies.delete
compute.regionSslPolicies.get
compute.regionSslPolicies.list
compute.regionSslPolicies.listAvailableFeatures
compute.regionSslPolicies.update
compute.regionSslPolicies.use
compute.regionTargetHttpProxies.create
compute.regionTargetHttpProxies.delete
compute.regionTargetHttpProxies.get
compute.regionTargetHttpProxies.list
compute.regionTargetHttpProxies.setUrlMap
compute.regionTargetHttpProxies.update
compute.regionTargetHttpProxies.use
compute.regionTargetHttpsProxies.create
compute.regionTargetHttpsProxies.delete
compute.regionTargetHttpsProxies.get
compute.regionTargetHttpsProxies.list
compute.regionTargetHttpsProxies.setSslCertificates
compute.regionTargetHttpsProxies.setUrlMap
compute.regionTargetHttpsProxies.update
compute.regionTargetHttpsProxies.use
compute.regionTargetTcpProxies.create
compute.regionTargetTcpProxies.delete
compute.regionTargetTcpProxies.get
compute.regionTargetTcpProxies.list
compute.regionTargetTcpProxies.use
compute.regionUrlMaps.create
compute.regionUrlMaps.delete
compute.regionUrlMaps.get
compute.regionUrlMaps.invalidateCache
compute.regionUrlMaps.list
compute.regionUrlMaps.update
compute.regionUrlMaps.use
compute.regionUrlMaps.validate
compute.regions.get
compute.regions.list
compute.reservations.create
compute.reservations.delete
compute.reservations.get
compute.reservations.list
compute.reservations.resize
compute.reservations.update
compute.resourcePolicies.create
compute.resourcePolicies.delete
compute.resourcePolicies.get
compute.resourcePolicies.getIamPolicy
compute.resourcePolicies.list
compute.resourcePolicies.setIamPolicy
compute.resourcePolicies.update
compute.resourcePolicies.use
compute.resourcePolicies.useReadOnly
compute.routers.create
compute.routers.delete
compute.routers.get
compute.routers.list
compute.routers.update
compute.routers.use
compute.routes.create
compute.routes.delete
compute.routes.get
compute.routes.list
compute.securityPolicies.addAssociation
compute.securityPolicies.copyRules
compute.securityPolicies.create
compute.securityPolicies.delete
compute.securityPolicies.get
compute.securityPolicies.getIamPolicy
compute.securityPolicies.list
compute.securityPolicies.move
compute.securityPolicies.removeAssociation
compute.securityPolicies.setIamPolicy
compute.securityPolicies.setLabels
compute.securityPolicies.update
compute.securityPolicies.use
compute.serviceAttachments.create
compute.serviceAttachments.delete
compute.serviceAttachments.get
compute.serviceAttachments.getIamPolicy
compute.serviceAttachments.list
compute.serviceAttachments.setIamPolicy
compute.serviceAttachments.update
compute.serviceAttachments.use
compute.snapshots.create
compute.snapshots.createTagBinding
compute.snapshots.delete
compute.snapshots.deleteTagBinding
compute.snapshots.get
compute.snapshots.getIamPolicy
compute.snapshots.list
compute.snapshots.listEffectiveTags
compute.snapshots.listTagBindings
compute.snapshots.setIamPolicy
compute.snapshots.setLabels
compute.snapshots.useReadOnly
compute.sslCertificates.create
compute.sslCertificates.delete
compute.sslCertificates.get
compute.sslCertificates.list
compute.sslPolicies.create
compute.sslPolicies.delete
compute.sslPolicies.get
compute.sslPolicies.list
compute.sslPolicies.listAvailableFeatures
compute.sslPolicies.update
compute.sslPolicies.use
compute.subnetworks.create
compute.subnetworks.delete
compute.subnetworks.expandIpCidrRange
compute.subnetworks.get
compute.subnetworks.getIamPolicy
compute.subnetworks.list
compute.subnetworks.mirror
compute.subnetworks.setIamPolicy
compute.subnetworks.setPrivateIpGoogleAccess
compute.subnetworks.update
compute.subnetworks.use
compute.subnetworks.useExternalIp
compute.targetGrpcProxies.create
compute.targetGrpcProxies.delete
compute.targetGrpcProxies.get
compute.targetGrpcProxies.list
compute.targetGrpcProxies.update
compute.targetGrpcProxies.use
compute.targetHttpProxies.create
compute.targetHttpProxies.delete
compute.targetHttpProxies.get
compute.targetHttpProxies.list
compute.targetHttpProxies.setUrlMap
compute.targetHttpProxies.update
compute.targetHttpProxies.use
compute.targetHttpsProxies.create
compute.targetHttpsProxies.delete
compute.targetHttpsProxies.get
compute.targetHttpsProxies.list
compute.targetHttpsProxies.setCertificateMap
compute.targetHttpsProxies.setQuicOverride
compute.targetHttpsProxies.setSslCertificates
compute.targetHttpsProxies.setSslPolicy
compute.targetHttpsProxies.setUrlMap
compute.targetHttpsProxies.update
compute.targetHttpsProxies.use
compute.targetInstances.create
compute.targetInstances.delete
compute.targetInstances.get
compute.targetInstances.list
compute.targetInstances.use
compute.targetPools.addHealthCheck
compute.targetPools.addInstance
compute.targetPools.create
compute.targetPools.delete
compute.targetPools.get
compute.targetPools.list
compute.targetPools.removeHealthCheck
compute.targetPools.removeInstance
compute.targetPools.update
compute.targetPools.use
compute.targetSslProxies.create
compute.targetSslProxies.delete
compute.targetSslProxies.get
compute.targetSslProxies.list
compute.targetSslProxies.setBackendService
compute.targetSslProxies.setCertificateMap
compute.targetSslProxies.setProxyHeader
compute.targetSslProxies.setSslCertificates
compute.targetSslProxies.setSslPolicy
compute.targetSslProxies.update
compute.targetSslProxies.use
compute.targetTcpProxies.create
compute.targetTcpProxies.delete
compute.targetTcpProxies.get
compute.targetTcpProxies.list
compute.targetTcpProxies.update
compute.targetTcpProxies.use
compute.targetVpnGateways.create
compute.targetVpnGateways.delete
compute.targetVpnGateways.get
compute.targetVpnGateways.list
compute.targetVpnGateways.setLabels
compute.targetVpnGateways.use
compute.urlMaps.create
compute.urlMaps.delete
compute.urlMaps.get
compute.urlMaps.invalidateCache
compute.urlMaps.list
compute.urlMaps.update
compute.urlMaps.use
compute.urlMaps.validate
compute.vpnGateways.create
compute.vpnGateways.delete
compute.vpnGateways.get
compute.vpnGateways.list
compute.vpnGateways.setLabels
compute.vpnGateways.use
compute.vpnTunnels.create
compute.vpnTunnels.delete
compute.vpnTunnels.get
compute.vpnTunnels.list
compute.vpnTunnels.setLabels
compute.zoneOperations.delete
compute.zoneOperations.get
compute.zoneOperations.getIamPolicy
compute.zoneOperations.list
compute.zoneOperations.setIamPolicy
compute.zones.get
compute.zones.list

notebooks.*

notebooks.environments.create
notebooks.environments.delete
notebooks.environments.get
notebooks.environments.getIamPolicy
notebooks.nvironments.list
notebooks.environments.setIamPolicy
notebooks.executions.create
notebooks.executions.delete
notebooks.executions.get
notebooks.executions.getIamPolicy
notebooks.executions.list
notebooks.executions.setIamPolicy
notebooks.instances.checkUpgradability
notebooks.instances.create
notebooks.instances.delete
notebooks.instances.diagnose
notebooks.instances.get
notebooks.instances.getHealth
notebooks.instances.getIamPolicy
notebooks.instances.list
notebooks.instances.reset
notebooks.instances.setAccelerator
notebooks.instances.setIamPolicy
notebooks.instances.setLabels
notebooks.instances.setMachineType
notebooks.instances.start
notebooks.instances.stop
notebooks.instances.update
notebooks.instances.updateConfig
notebooks.instances.updateShieldInstanceConfig
notebooks.instances.upgrade
notebooks.instances.use
notebooks.locations.get
notebooks.locations.list
notebooks.operations.cancel
notebooks.operations.delete
notebooks.operations.get
notebooks.operations.list
notebooks.runtimes.create
notebooks.runtimes.delete
notebooks.runtimes.diagnose
notebooks.runtimes.get
notebooks.runtimes.getIamPolicy
notebooks.runtimes.list
notebooks.runtimes.reset
notebooks.runtimes.setIamPolicy
notebooks.runtimes.start
notebooks.runtimes.stop
notebooks.runtimes.switch
notebooks.runtimes.update
notebooks.runtimes.upgrade
notebooks.schedules.create
notebooks.schedules.delete
notebooks.schedules.get
notebooks.schedules.getIamPolicy
notebooks.schedules.list
notebooks.schedules.setIamPolicy

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Notebooks Legacy Viewer

（roles/notebooks.legacyViewer）

拥有通过 Compute API 对笔记本中所有资源进行只读访问的权限。

compute.acceleratorTypes.*

compute.acceleratorTypes.get
compute.acceleratorTypes.list

compute.addresses.get

compute.addresses.list

compute.autoscalers.get

compute.autoscalers.list

compute.backendBuckets.get

compute.backendBuckets.getIamPolicy

compute.backendBuckets.list

compute.backendServices.get

compute.backendServices.getIamPolicy

compute.backendServices.list

compute.commitments.get

compute.commitments.list

compute.diskTypes.*

compute.diskTypes.get
compute.diskTypes.list

compute.disks.get

compute.disks.getIamPolicy

compute.disks.list

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.externalVpnGateways.get

compute.externalVpnGateways.list

compute.firewallPolicies.get

compute.firewallPolicies.getIamPolicy

compute.firewallPolicies.list

compute.firewalls.get

compute.firewalls.list

compute.forwardingRules.get

compute.forwardingRules.list

compute.globalAddresses.get

compute.globalAddresses.list

compute.globalForwardingRules.get

compute.globalForwardingRules.list

compute.globalForwardingRules.pscGet

compute.globalNetworkEndpointGroups.get

compute.globalNetworkEndpointGroups.list

compute.globalOperations.get

compute.globalOperations.getIamPolicy

compute.globalOperations.list

compute.globalPublicDelegatedPrefixes.get

compute.globalPublicDelegatedPrefixes.list

compute.healthChecks.get

compute.healthChecks.list

compute.httpHealthChecks.get

compute.httpHealthChecks.list

compute.httpsHealthChecks.get

compute.httpsHealthChecks.list

compute.images.get

compute.images.getFromFamily

compute.images.getIamPolicy

compute.images.list

compute.images.listEffectiveTags

compute.images.listTagBindings

compute.instanceGroupManagers.get

compute.instanceGroupManagers.list

compute.instanceGroups.get

compute.instanceGroups.list

compute.instanceTemplates.get

compute.instanceTemplates.getIamPolicy

compute.instanceTemplates.list

compute.instances.get

compute.instances.getEffectiveFirewalls

compute.instances.getGuestAttributes

compute.instances.getIamPolicy

compute.instances.getScreenshot

compute.instances.getSerialPortOutput

compute.instances.getShieldedInstanceIdentity

compute.instances.getShieldedVmIdentity

compute.instances.list

compute.instances.listEffectiveTags

compute.instances.listReferrers

compute.instances.listTagBindings

compute.interconnectAttachments.get

compute.interconnectAttachments.list

compute.interconnectLocations.*

compute.interconnectLocations.get
compute.interconnectLocations.list

compute.interconnectRemoteLocations.*

compute.interconnectRemoteLocations.get
compute.interconnectRemoteLocations.list

compute.interconnects.get

compute.interconnects.list

compute.licenseCodes.get

compute.licenseCodes.getIamPolicy

compute.licenseCodes.list

compute.licenses.get

compute.licenses.getIamPolicy

compute.licenses.list

compute.machineImages.get

compute.machineImages.getIamPolicy

compute.machineImages.list

compute.machineTypes.*

compute.machineTypes.get
compute.machineTypes.list

compute.maintenancePolicies.get

compute.maintenancePolicies.getIamPolicy

compute.maintenancePolicies.list

compute.networkAttachments.get

compute.networkAttachments.list

compute.networkEdgeSecurityServices.get

compute.networkEdgeSecurityServices.list

compute.networkEndpointGroups.get

compute.networkEndpointGroups.getIamPolicy

compute.networkEndpointGroups.list

compute.networks.get

compute.networks.getEffectiveFirewalls

compute.networks.getRegionEffectiveFirewalls

compute.networks.list

compute.networks.listPeeringRoutes

compute.nodeGroups.get

compute.nodeGroups.getIamPolicy

compute.nodeGroups.list

compute.nodeTemplates.get

compute.nodeTemplates.getIamPolicy

compute.nodeTemplates.list

compute.nodeTypes.*

compute.nodeTypes.get
compute.nodeTypes.list

compute.organizations.listAssociations

compute.packetMirrorings.get

compute.packetMirrorings.list

compute.projects.get

compute.publicAdvertisedPrefixes.get

compute.publicAdvertisedPrefixes.list

compute.publicDelegatedPrefixes.get

compute.publicDelegatedPrefixes.list

compute.regionBackendServices.get

compute.regionBackendServices.getIamPolicy

compute.regionBackendServices.list

compute.regionFirewallPolicies.get

compute.regionFirewallPolicies.getIamPolicy

compute.regionFirewallPolicies.list

compute.regionHealthCheckServices.get

compute.regionHealthCheckServices.list

compute.regionHealthChecks.get

compute.regionHealthChecks.list

compute.regionNetworkEndpointGroups.get

compute.regionNetworkEndpointGroups.list

compute.regionNotificationEndpoints.get

compute.regionNotificationEndpoints.list

compute.regionOperations.get

compute.regionOperations.getIamPolicy

compute.regionOperations.list

compute.regionSecurityPolicies.get

compute.regionSecurityPolicies.list

compute.regionSslCertificates.get

compute.regionSslCertificates.list

compute.regionSslPolicies.get

compute.regionSslPolicies.list

compute.regionSslPolicies.listAvailableFeatures

compute.regionTargetHttpProxies.get

compute.regionTargetHttpProxies.list

compute.regionTargetHttpsProxies.get

compute.regionTargetHttpsProxies.list

compute.regionTargetTcpProxies.get

compute.regionTargetTcpProxies.list

compute.regionUrlMaps.get

compute.regionUrlMaps.list

compute.regionUrlMaps.validate

compute.regions.*

compute.regions.get
compute.regions.list

compute.reservations.get

compute.reservations.list

compute.resourcePolicies.get

compute.resourcePolicies.getIamPolicy

compute.resourcePolicies.list

compute.routers.get

compute.routers.list

compute.routes.get

compute.routes.list

compute.securityPolicies.get

compute.securityPolicies.getIamPolicy

compute.securityPolicies.list

compute.serviceAttachments.get

compute.serviceAttachments.getIamPolicy

compute.serviceAttachments.list

compute.snapshots.get

compute.snapshots.getIamPolicy

compute.snapshots.list

compute.snapshots.listEffectiveTags

compute.snapshots.listTagBindings

compute.sslCertificates.get

compute.sslCertificates.list

compute.sslPolicies.get

compute.sslPolicies.list

compute.sslPolicies.listAvailableFeatures

compute.subnetworks.get

compute.subnetworks.getIamPolicy

compute.subnetworks.list

compute.targetGrpcProxies.get

compute.targetGrpcProxies.list

compute.targetHttpProxies.get

compute.targetHttpProxies.list

compute.targetHttpsProxies.get

compute.targetHttpsProxies.list

compute.targetInstances.get

compute.targetInstances.list

compute.targetPools.get

compute.targetPools.list

compute.targetSslProxies.get

compute.targetSslProxies.list

compute.targetTcpProxies.get

compute.targetTcpProxies.list

compute.targetVpnGateways.get

compute.targetVpnGateways.list

compute.urlMaps.get

compute.urlMaps.list

compute.urlMaps.validate

compute.vpnGateways.get

compute.vpnGateways.list

compute.vpnTunnels.get

compute.vpnTunnels.list

compute.zoneOperations.get

compute.zoneOperations.getIamPolicy

compute.zoneOperations.list

compute.zones.*

compute.zones.get
compute.zones.list

notebooks.environments.get

notebooks.environments.getIamPolicy

notebooks.nvironments.list

notebooks.executions.get

notebooks.executions.getIamPolicy

notebooks.executions.list

notebooks.instances.checkUpgradability

notebooks.instances.get

notebooks.instances.getHealth

notebooks.instances.getIamPolicy

notebooks.instances.list

notebooks.locations.*

notebooks.locations.get
notebooks.locations.list

notebooks.operations.get

notebooks.operations.list

notebooks.runtimes.get

notebooks.runtimes.getIamPolicy

notebooks.runtimes.list

notebooks.schedules.get

notebooks.schedules.getIamPolicy

notebooks.schedules.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Notebooks Runner

（roles/notebooks.runner）

拥有受限的权限，能够运行已安排的笔记本。

compute.acceleratorTypes.*

compute.acceleratorTypes.get
compute.acceleratorTypes.list

compute.addresses.get

compute.addresses.list

compute.autoscalers.get

compute.autoscalers.list

compute.backendBuckets.get

compute.backendBuckets.getIamPolicy

compute.backendBuckets.list

compute.backendServices.get

compute.backendServices.getIamPolicy

compute.backendServices.list

compute.commitments.get

compute.commitments.list

compute.diskTypes.*

compute.diskTypes.get
compute.diskTypes.list

compute.disks.get

compute.disks.getIamPolicy

compute.disks.list

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.externalVpnGateways.get

compute.externalVpnGateways.list

compute.firewallPolicies.get

compute.firewallPolicies.getIamPolicy

compute.firewallPolicies.list

compute.firewalls.get

compute.firewalls.list

compute.forwardingRules.get

compute.forwardingRules.list

compute.globalAddresses.get

compute.globalAddresses.list

compute.globalForwardingRules.get

compute.globalForwardingRules.list

compute.globalForwardingRules.pscGet

compute.globalNetworkEndpointGroups.get

compute.globalNetworkEndpointGroups.list

compute.globalOperations.get

compute.globalOperations.getIamPolicy

compute.globalOperations.list

compute.globalPublicDelegatedPrefixes.get

compute.globalPublicDelegatedPrefixes.list

compute.healthChecks.get

compute.healthChecks.list

compute.httpHealthChecks.get

compute.httpHealthChecks.list

compute.httpsHealthChecks.get

compute.httpsHealthChecks.list

compute.images.get

compute.images.getFromFamily

compute.images.getIamPolicy

compute.images.list

compute.images.listEffectiveTags

compute.images.listTagBindings

compute.instanceGroupManagers.get

compute.instanceGroupManagers.list

compute.instanceGroups.get

compute.instanceGroups.list

compute.instanceTemplates.get

compute.instanceTemplates.getIamPolicy

compute.instanceTemplates.list

compute.instances.get

compute.instances.getEffectiveFirewalls

compute.instances.getGuestAttributes

compute.instances.getIamPolicy

compute.instances.getScreenshot

compute.instances.getSerialPortOutput

compute.instances.getShieldedInstanceIdentity

compute.instances.getShieldedVmIdentity

compute.instances.list

compute.instances.listEffectiveTags

compute.instances.listReferrers

compute.instances.listTagBindings

compute.interconnectAttachments.get

compute.interconnectAttachments.list

compute.interconnectLocations.*

compute.interconnectLocations.get
compute.interconnectLocations.list

compute.interconnectRemoteLocations.*

compute.interconnectRemoteLocations.get
compute.interconnectRemoteLocations.list

compute.interconnects.get

compute.interconnects.list

compute.licenseCodes.get

compute.licenseCodes.getIamPolicy

compute.licenseCodes.list

compute.licenses.get

compute.licenses.getIamPolicy

compute.licenses.list

compute.machineImages.get

compute.machineImages.getIamPolicy

compute.machineImages.list

compute.machineTypes.*

compute.machineTypes.get
compute.machineTypes.list

compute.maintenancePolicies.get

compute.maintenancePolicies.getIamPolicy

compute.maintenancePolicies.list

compute.networkAttachments.get

compute.networkAttachments.list

compute.networkEdgeSecurityServices.get

compute.networkEdgeSecurityServices.list

compute.networkEndpointGroups.get

compute.networkEndpointGroups.getIamPolicy

compute.networkEndpointGroups.list

compute.networks.get

compute.networks.getEffectiveFirewalls

compute.networks.getRegionEffectiveFirewalls

compute.networks.list

compute.networks.listPeeringRoutes

compute.nodeGroups.get

compute.nodeGroups.getIamPolicy

compute.nodeGroups.list

compute.nodeTemplates.get

compute.nodeTemplates.getIamPolicy

compute.nodeTemplates.list

compute.nodeTypes.*

compute.nodeTypes.get
compute.nodeTypes.list

compute.organizations.listAssociations

compute.packetMirrorings.get

compute.packetMirrorings.list

compute.projects.get

compute.publicAdvertisedPrefixes.get

compute.publicAdvertisedPrefixes.list

compute.publicDelegatedPrefixes.get

compute.publicDelegatedPrefixes.list

compute.regionBackendServices.get

compute.regionBackendServices.getIamPolicy

compute.regionBackendServices.list

compute.regionFirewallPolicies.get

compute.regionFirewallPolicies.getIamPolicy

compute.regionFirewallPolicies.list

compute.regionHealthCheckServices.get

compute.regionHealthCheckServices.list

compute.regionHealthChecks.get

compute.regionHealthChecks.list

compute.regionNetworkEndpointGroups.get

compute.regionNetworkEndpointGroups.list

compute.regionNotificationEndpoints.get

compute.regionNotificationEndpoints.list

compute.regionOperations.get

compute.regionOperations.getIamPolicy

compute.regionOperations.list

compute.regionSecurityPolicies.get

compute.regionSecurityPolicies.list

compute.regionSslCertificates.get

compute.regionSslCertificates.list

compute.regionSslPolicies.get

compute.regionSslPolicies.list

compute.regionSslPolicies.listAvailableFeatures

compute.regionTargetHttpProxies.get

compute.regionTargetHttpProxies.list

compute.regionTargetHttpsProxies.get

compute.regionTargetHttpsProxies.list

compute.regionTargetTcpProxies.get

compute.regionTargetTcpProxies.list

compute.regionUrlMaps.get

compute.regionUrlMaps.list

compute.regionUrlMaps.validate

compute.regions.*

compute.regions.get
compute.regions.list

compute.reservations.get

compute.reservations.list

compute.resourcePolicies.get

compute.resourcePolicies.getIamPolicy

compute.resourcePolicies.list

compute.routers.get

compute.routers.list

compute.routes.get

compute.routes.list

compute.securityPolicies.get

compute.securityPolicies.getIamPolicy

compute.securityPolicies.list

compute.serviceAttachments.get

compute.serviceAttachments.getIamPolicy

compute.serviceAttachments.list

compute.snapshots.get

compute.snapshots.getIamPolicy

compute.snapshots.list

compute.snapshots.listEffectiveTags

compute.snapshots.listTagBindings

compute.sslCertificates.get

compute.sslCertificates.list

compute.sslPolicies.get

compute.sslPolicies.list

compute.sslPolicies.listAvailableFeatures

compute.subnetworks.get

compute.subnetworks.getIamPolicy

compute.subnetworks.list

compute.targetGrpcProxies.get

compute.targetGrpcProxies.list

compute.targetHttpProxies.get

compute.targetHttpProxies.list

compute.targetHttpsProxies.get

compute.targetHttpsProxies.list

compute.targetInstances.get

compute.targetInstances.list

compute.targetPools.get

compute.targetPools.list

compute.targetSslProxies.get

compute.targetSslProxies.list

compute.targetTcpProxies.get

compute.targetTcpProxies.list

compute.targetVpnGateways.get

compute.targetVpnGateways.list

compute.urlMaps.get

compute.urlMaps.list

compute.urlMaps.validate

compute.vpnGateways.get

compute.vpnGateways.list

compute.vpnTunnels.get

compute.vpnTunnels.list

compute.zoneOperations.get

compute.zoneOperations.getIamPolicy

compute.zoneOperations.list

compute.zones.*

compute.zones.get
compute.zones.list

notebooks.environments.get

notebooks.environments.getIamPolicy

notebooks.nvironments.list

notebooks.executions.create

notebooks.executions.get

notebooks.executions.getIamPolicy

notebooks.executions.list

notebooks.instances.checkUpgradability

notebooks.instances.create

notebooks.instances.get

notebooks.instances.getHealth

notebooks.instances.getIamPolicy

notebooks.instances.list

notebooks.locations.*

notebooks.locations.get
notebooks.locations.list

notebooks.operations.get

notebooks.operations.list

notebooks.runtimes.create

notebooks.runtimes.get

notebooks.runtimes.getIamPolicy

notebooks.runtimes.list

notebooks.schedules.create

notebooks.schedules.get

notebooks.schedules.getIamPolicy

notebooks.schedules.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Notebooks Viewer

（roles/notebooks.viewer）

拥有对笔记本中所有资源的只读权限。

您可以授予此角色的最低级层资源：

实例

compute.acceleratorTypes.*

compute.acceleratorTypes.get
compute.acceleratorTypes.list

compute.addresses.get

compute.addresses.list

compute.autoscalers.get

compute.autoscalers.list

compute.backendBuckets.get

compute.backendBuckets.getIamPolicy

compute.backendBuckets.list

compute.backendServices.get

compute.backendServices.getIamPolicy

compute.backendServices.list

compute.commitments.get

compute.commitments.list

compute.diskTypes.*

compute.diskTypes.get
compute.diskTypes.list

compute.disks.get

compute.disks.getIamPolicy

compute.disks.list

compute.disks.listEffectiveTags

compute.disks.listTagBindings

compute.externalVpnGateways.get

compute.externalVpnGateways.list

compute.firewallPolicies.get

compute.firewallPolicies.getIamPolicy

compute.firewallPolicies.list

compute.firewalls.get

compute.firewalls.list

compute.forwardingRules.get

compute.forwardingRules.list

compute.globalAddresses.get

compute.globalAddresses.list

compute.globalForwardingRules.get

compute.globalForwardingRules.list

compute.globalForwardingRules.pscGet

compute.globalNetworkEndpointGroups.get

compute.globalNetworkEndpointGroups.list

compute.globalOperations.get

compute.globalOperations.getIamPolicy

compute.globalOperations.list

compute.globalPublicDelegatedPrefixes.get

compute.globalPublicDelegatedPrefixes.list

compute.healthChecks.get

compute.healthChecks.list

compute.httpHealthChecks.get

compute.httpHealthChecks.list

compute.httpsHealthChecks.get

compute.httpsHealthChecks.list

compute.images.get

compute.images.getFromFamily

compute.images.getIamPolicy

compute.images.list

compute.images.listEffectiveTags

compute.images.listTagBindings

compute.instanceGroupManagers.get

compute.instanceGroupManagers.list

compute.instanceGroups.get

compute.instanceGroups.list

compute.instanceTemplates.get

compute.instanceTemplates.getIamPolicy

compute.instanceTemplates.list

compute.instances.get

compute.instances.getEffectiveFirewalls

compute.instances.getGuestAttributes

compute.instances.getIamPolicy

compute.instances.getScreenshot

compute.instances.getSerialPortOutput

compute.instances.getShieldedInstanceIdentity

compute.instances.getShieldedVmIdentity

compute.instances.list

compute.instances.listEffectiveTags

compute.instances.listReferrers

compute.instances.listTagBindings

compute.interconnectAttachments.get

compute.interconnectAttachments.list

compute.interconnectLocations.*

compute.interconnectLocations.get
compute.interconnectLocations.list

compute.interconnectRemoteLocations.*

compute.interconnectRemoteLocations.get
compute.interconnectRemoteLocations.list

compute.interconnects.get

compute.interconnects.list

compute.licenseCodes.get

compute.licenseCodes.getIamPolicy

compute.licenseCodes.list

compute.licenses.get

compute.licenses.getIamPolicy

compute.licenses.list

compute.machineImages.get

compute.machineImages.getIamPolicy

compute.machineImages.list

compute.machineTypes.*

compute.machineTypes.get
compute.machineTypes.list

compute.maintenancePolicies.get

compute.maintenancePolicies.getIamPolicy

compute.maintenancePolicies.list

compute.networkAttachments.get

compute.networkAttachments.list

compute.networkEdgeSecurityServices.get

compute.networkEdgeSecurityServices.list

compute.networkEndpointGroups.get

compute.networkEndpointGroups.getIamPolicy

compute.networkEndpointGroups.list

compute.networks.get

compute.networks.getEffectiveFirewalls

compute.networks.getRegionEffectiveFirewalls

compute.networks.list

compute.networks.listPeeringRoutes

compute.nodeGroups.get

compute.nodeGroups.getIamPolicy

compute.nodeGroups.list

compute.nodeTemplates.get

compute.nodeTemplates.getIamPolicy

compute.nodeTemplates.list

compute.nodeTypes.*

compute.nodeTypes.get
compute.nodeTypes.list

compute.organizations.listAssociations

compute.packetMirrorings.get

compute.packetMirrorings.list

compute.projects.get

compute.publicAdvertisedPrefixes.get

compute.publicAdvertisedPrefixes.list

compute.publicDelegatedPrefixes.get

compute.publicDelegatedPrefixes.list

compute.regionBackendServices.get

compute.regionBackendServices.getIamPolicy

compute.regionBackendServices.list

compute.regionFirewallPolicies.get

compute.regionFirewallPolicies.getIamPolicy

compute.regionFirewallPolicies.list

compute.regionHealthCheckServices.get

compute.regionHealthCheckServices.list

compute.regionHealthChecks.get

compute.regionHealthChecks.list

compute.regionNetworkEndpointGroups.get

compute.regionNetworkEndpointGroups.list

compute.regionNotificationEndpoints.get

compute.regionNotificationEndpoints.list

compute.regionOperations.get

compute.regionOperations.getIamPolicy

compute.regionOperations.list

compute.regionSecurityPolicies.get

compute.regionSecurityPolicies.list

compute.regionSslCertificates.get

compute.regionSslCertificates.list

compute.regionSslPolicies.get

compute.regionSslPolicies.list

compute.regionSslPolicies.listAvailableFeatures

compute.regionTargetHttpProxies.get

compute.regionTargetHttpProxies.list

compute.regionTargetHttpsProxies.get

compute.regionTargetHttpsProxies.list

compute.regionTargetTcpProxies.get

compute.regionTargetTcpProxies.list

compute.regionUrlMaps.get

compute.regionUrlMaps.list

compute.regionUrlMaps.validate

compute.regions.*

compute.regions.get
compute.regions.list

compute.reservations.get

compute.reservations.list

compute.resourcePolicies.get

compute.resourcePolicies.getIamPolicy

compute.resourcePolicies.list

compute.routers.get

compute.routers.list

compute.routes.get

compute.routes.list

compute.securityPolicies.get

compute.securityPolicies.getIamPolicy

compute.securityPolicies.list

compute.serviceAttachments.get

compute.serviceAttachments.getIamPolicy

compute.serviceAttachments.list

compute.snapshots.get

compute.snapshots.getIamPolicy

compute.snapshots.list

compute.snapshots.listEffectiveTags

compute.snapshots.listTagBindings

compute.sslCertificates.get

compute.sslCertificates.list

compute.sslPolicies.get

compute.sslPolicies.list

compute.sslPolicies.listAvailableFeatures

compute.subnetworks.get

compute.subnetworks.getIamPolicy

compute.subnetworks.list

compute.targetGrpcProxies.get

compute.targetGrpcProxies.list

compute.targetHttpProxies.get

compute.targetHttpProxies.list

compute.targetHttpsProxies.get

compute.targetHttpsProxies.list

compute.targetInstances.get

compute.targetInstances.list

compute.targetPools.get

compute.targetPools.list

compute.targetSslProxies.get

compute.targetSslProxies.list

compute.targetTcpProxies.get

compute.targetTcpProxies.list

compute.targetVpnGateways.get

compute.targetVpnGateways.list

compute.urlMaps.get

compute.urlMaps.list

compute.urlMaps.validate

compute.vpnGateways.get

compute.vpnGateways.list

compute.vpnTunnels.get

compute.vpnTunnels.list

compute.zoneOperations.get

compute.zoneOperations.getIamPolicy

compute.zoneOperations.list

compute.zones.*

compute.zones.get
compute.zones.list

notebooks.environments.get

notebooks.environments.getIamPolicy

notebooks.nvironments.list

notebooks.executions.get

notebooks.executions.getIamPolicy

notebooks.executions.list

notebooks.instances.checkUpgradability

notebooks.instances.get

notebooks.instances.getHealth

notebooks.instances.getIamPolicy

notebooks.instances.list

notebooks.locations.*

notebooks.locations.get
notebooks.locations.list

notebooks.operations.get

notebooks.operations.list

notebooks.runtimes.get

notebooks.runtimes.getIamPolicy

notebooks.runtimes.list

notebooks.schedules.get

notebooks.schedules.getIamPolicy

notebooks.schedules.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

AI Platform 角色

角色权限

角色	权限
AI Platform Admin (`roles/ml.admin`) 提供 AI Platform 资源及其作业、操作、模型和版本的完整访问权限。您可以授予此角色的最低级层资源：项目	ml.* ml.jobs.cancel ml.jobs.create ml.jobs.get ml.jobs.getIamPolicy ml.jobs.list ml.jobs.setIamPolicy ml.jobs.update ml.locations.get ml.locations.list ml.models.create ml.models.delete ml.models.get ml.models.getIamPolicy ml.models.list ml.models.predict ml.models.setIamPolicy ml.models.update ml.operations.cancel ml.operations.get ml.operations.list ml.projects.getConfig ml.studies.create ml.studies.delete ml.studies.get ml.studies.getIamPolicy ml.studies.list ml.studies.setIamPolicy ml.trials.create ml.trials.delete ml.trials.get ml.trials.list ml.trials.update ml.versions.create ml.versions.delete ml.versions.get ml.versions.list ml.versions.predict ml.versions.update resourcemanager.projects.get
AI Platform Developer (`roles/ml.developer`) 能够使用 AI Platform 资源创建模型、版本、作业，以用于训练和预测以及发送在线预测请求。您可以授予此角色的最低级层资源：项目	ml.jobs.create ml.jobs.get ml.jobs.getIamPolicy ml.jobs.list ml.locations.* ml.locations.get ml.locations.list ml.models.create ml.models.get ml.models.getIamPolicy ml.models.list ml.models.predict ml.operations.get ml.operations.list ml.projects.getConfig ml.studies.* ml.studies.create ml.studies.delete ml.studies.get ml.studies.getIamPolicy ml.studies.list ml.studies.setIamPolicy ml.trials.* ml.trials.create ml.trials.delete ml.trials.get ml.trials.list ml.trials.update ml.versions.get ml.versions.list ml.versions.predict resourcemanager.projects.get
AI Platform Job Owner (`roles/ml.jobOwner`) 提供特定作业资源的所有权限的完整访问权限。系统会自动向创建该作业的用户授予此角色。您可以授予此角色的最低级层资源：作业	ml.jobs.* ml.jobs.cancel ml.jobs.create ml.jobs.get ml.jobs.getIamPolicy ml.jobs.list ml.jobs.setIamPolicy ml.jobs.update
AI Platform Model Owner (`roles/ml.modelOwner`) 提供模型及其版本的完整访问权限。系统会将此角色自动授予创建模型的用户。您可以授予此角色的最低级层资源：模型	ml.models.* ml.models.create ml.models.delete ml.models.get ml.models.getIamPolicy ml.models.list ml.models.predict ml.models.setIamPolicy ml.models.update ml.versions.* ml.versions.create ml.versions.delete ml.versions.get ml.versions.list ml.versions.predict ml.versions.update
AI Platform Model User (`roles/ml.modelUser`) 提供读取模型及其版本并使用其进行预测的权限。您可以授予此角色的最低级层资源：模型	ml.models.get ml.models.predict ml.versions.get ml.versions.list ml.versions.predict
AI Platform Operation Owner (`roles/ml.operationOwner`) 提供对特定操作资源的所有权限的完整访问权限。您可以授予此角色的最低级层资源：操作	ml.operations.* ml.operations.cancel ml.operations.get ml.operations.list
AI Platform Viewer (`roles/ml.viewer`) 提供 AI Platform 资源的只读权限。您可以授予此角色的最低级层资源：项目	ml.jobs.get ml.jobs.list ml.locations.* ml.locations.get ml.locations.list ml.models.get ml.models.list ml.operations.get ml.operations.list ml.projects.getConfig ml.studies.get ml.studies.getIamPolicy ml.studies.list ml.trials.get ml.trials.list ml.versions.get ml.versions.list resourcemanager.projects.get

AI Platform Admin

(roles/ml.admin)

提供 AI Platform 资源及其作业、操作、模型和版本的完整访问权限。

您可以授予此角色的最低级层资源：

项目

ml.*

ml.jobs.cancel
ml.jobs.create
ml.jobs.get
ml.jobs.getIamPolicy
ml.jobs.list
ml.jobs.setIamPolicy
ml.jobs.update
ml.locations.get
ml.locations.list
ml.models.create
ml.models.delete
ml.models.get
ml.models.getIamPolicy
ml.models.list
ml.models.predict
ml.models.setIamPolicy
ml.models.update
ml.operations.cancel
ml.operations.get
ml.operations.list
ml.projects.getConfig
ml.studies.create
ml.studies.delete
ml.studies.get
ml.studies.getIamPolicy
ml.studies.list
ml.studies.setIamPolicy
ml.trials.create
ml.trials.delete
ml.trials.get
ml.trials.list
ml.trials.update
ml.versions.create
ml.versions.delete
ml.versions.get
ml.versions.list
ml.versions.predict
ml.versions.update

resourcemanager.projects.get

AI Platform Developer

(roles/ml.developer)

能够使用 AI Platform 资源创建模型、版本、作业，以用于训练和预测以及发送在线预测请求。

您可以授予此角色的最低级层资源：

项目

ml.jobs.create

ml.jobs.get

ml.jobs.getIamPolicy

ml.jobs.list

ml.locations.*

ml.locations.get
ml.locations.list

ml.models.create

ml.models.get

ml.models.getIamPolicy

ml.models.list

ml.models.predict

ml.operations.get

ml.operations.list

ml.projects.getConfig

ml.studies.*

ml.studies.create
ml.studies.delete
ml.studies.get
ml.studies.getIamPolicy
ml.studies.list
ml.studies.setIamPolicy

ml.trials.*

ml.trials.create
ml.trials.delete
ml.trials.get
ml.trials.list
ml.trials.update

ml.versions.get

ml.versions.list

ml.versions.predict

resourcemanager.projects.get

AI Platform Job Owner

(roles/ml.jobOwner)

提供特定作业资源的所有权限的完整访问权限。系统会自动向创建该作业的用户授予此角色。

您可以授予此角色的最低级层资源：

作业

ml.jobs.*

ml.jobs.cancel
ml.jobs.create
ml.jobs.get
ml.jobs.getIamPolicy
ml.jobs.list
ml.jobs.setIamPolicy
ml.jobs.update

AI Platform Model Owner

(roles/ml.modelOwner)

提供模型及其版本的完整访问权限。系统会将此角色自动授予创建模型的用户。

您可以授予此角色的最低级层资源：

模型

ml.models.*

ml.models.create
ml.models.delete
ml.models.get
ml.models.getIamPolicy
ml.models.list
ml.models.predict
ml.models.setIamPolicy
ml.models.update

ml.versions.*

ml.versions.create
ml.versions.delete
ml.versions.get
ml.versions.list
ml.versions.predict
ml.versions.update

AI Platform Model User

(roles/ml.modelUser)

提供读取模型及其版本并使用其进行预测的权限。

您可以授予此角色的最低级层资源：

模型

ml.models.get

ml.models.predict

ml.versions.get

ml.versions.list

ml.versions.predict

AI Platform Operation Owner

(roles/ml.operationOwner)

提供对特定操作资源的所有权限的完整访问权限。

您可以授予此角色的最低级层资源：

操作

ml.operations.*

ml.operations.cancel
ml.operations.get
ml.operations.list

AI Platform Viewer

(roles/ml.viewer)

提供 AI Platform 资源的只读权限。

您可以授予此角色的最低级层资源：

项目

ml.jobs.get

ml.jobs.list

ml.locations.*

ml.locations.get
ml.locations.list

ml.models.get

ml.models.list

ml.operations.get

ml.operations.list

ml.projects.getConfig

ml.studies.get

ml.studies.getIamPolicy

ml.studies.list

ml.trials.get

ml.trials.list

ml.versions.get

ml.versions.list

resourcemanager.projects.get

Analytics Hub 角色

角色权限

角色	权限
Analytics Hub Admin (`roles/analyticshub.admin`) 可以管理数据交换和清单	analyticshub.dataExchanges.* analyticshub.dataExchanges.create analyticshub.dataExchanges.delete analyticshub.dataExchanges.get analyticshub.dataExchanges.getIamPolicy analyticshub.dataExchanges.list analyticshub.dataExchanges.setIamPolicy analyticshub.dataExchanges.update analyticshub.listings.create analyticshub.listings.delete analyticshub.listings.get analyticshub.listings.getIamPolicy analyticshub.listings.list analyticshub.listings.setIamPolicy analyticshub.listings.update resourcemanager.projects.get resourcemanager.projects.list
Analytics Hub Listing Admin (`roles/analyticshub.listingAdmin`) 授予对商家信息的完全控制权，包括更新、删除和设置 ACL	analyticshub.dataExchanges.get analyticshub.dataExchanges.getIamPolicy analyticshub.dataExchanges.list analyticshub.listings.delete analyticshub.listings.get analyticshub.listings.getIamPolicy analyticshub.listings.list analyticshub.listings.setIamPolicy analyticshub.listings.update resourcemanager.projects.get resourcemanager.projects.list
Analytics Hub Publisher (`roles/analyticshub.publisher`) 可以发布到数据交换，从而创建清单	analyticshub.dataExchanges.get analyticshub.dataExchanges.getIamPolicy analyticshub.dataExchanges.list analyticshub.listings.create analyticshub.listings.get analyticshub.listings.getIamPolicy analyticshub.listings.list resourcemanager.projects.get resourcemanager.projects.list
Analytics Hub Subscriber (`roles/analyticshub.subscriber`) 可以浏览数据交换并订阅清单	analyticshub.dataExchanges.get analyticshub.dataExchanges.getIamPolicy analyticshub.dataExchanges.list analyticshub.listings.get analyticshub.listings.getIamPolicy analyticshub.listings.list analyticshub.listings.subscribe resourcemanager.projects.get resourcemanager.projects.list
Analytics Hub Viewer (`roles/analyticshub.viewer`) 可以浏览数据交换和清单	analyticshub.dataExchanges.get analyticshub.dataExchanges.getIamPolicy analyticshub.dataExchanges.list analyticshub.listings.get analyticshub.listings.getIamPolicy analyticshub.listings.list resourcemanager.projects.get resourcemanager.projects.list

Analytics Hub Admin

(roles/analyticshub.admin)

可以管理数据交换和清单

analyticshub.dataExchanges.*

analyticshub.dataExchanges.create
analyticshub.dataExchanges.delete
analyticshub.dataExchanges.get
analyticshub.dataExchanges.getIamPolicy
analyticshub.dataExchanges.list
analyticshub.dataExchanges.setIamPolicy
analyticshub.dataExchanges.update

analyticshub.listings.create

analyticshub.listings.delete

analyticshub.listings.get

analyticshub.listings.getIamPolicy

analyticshub.listings.list

analyticshub.listings.setIamPolicy

analyticshub.listings.update

resourcemanager.projects.get

resourcemanager.projects.list

Analytics Hub Listing Admin

(roles/analyticshub.listingAdmin)

授予对商家信息的完全控制权，包括更新、删除和设置 ACL

analyticshub.dataExchanges.get

analyticshub.dataExchanges.getIamPolicy

analyticshub.dataExchanges.list

analyticshub.listings.delete

analyticshub.listings.get

analyticshub.listings.getIamPolicy

analyticshub.listings.list

analyticshub.listings.setIamPolicy

analyticshub.listings.update

resourcemanager.projects.get

resourcemanager.projects.list

Analytics Hub Publisher

(roles/analyticshub.publisher)

可以发布到数据交换，从而创建清单

analyticshub.dataExchanges.get

analyticshub.dataExchanges.getIamPolicy

analyticshub.dataExchanges.list

analyticshub.listings.create

analyticshub.listings.get

analyticshub.listings.getIamPolicy

analyticshub.listings.list

resourcemanager.projects.get

resourcemanager.projects.list

Analytics Hub Subscriber

(roles/analyticshub.subscriber)

可以浏览数据交换并订阅清单

analyticshub.dataExchanges.get

analyticshub.dataExchanges.getIamPolicy

analyticshub.dataExchanges.list

analyticshub.listings.get

analyticshub.listings.getIamPolicy

analyticshub.listings.list

analyticshub.listings.subscribe

resourcemanager.projects.get

resourcemanager.projects.list

Analytics Hub Viewer

(roles/analyticshub.viewer)

可以浏览数据交换和清单

analyticshub.dataExchanges.get

analyticshub.dataExchanges.getIamPolicy

analyticshub.dataExchanges.list

analyticshub.listings.get

analyticshub.listings.getIamPolicy

analyticshub.listings.list

resourcemanager.projects.get

resourcemanager.projects.list

Android 管理角色

角色权限

角色	权限
Android Management User (`roles/androidmanagement.user`) 拥有管理设备的完整权限。	androidmanagement.enterprises.manage serviceusage.quotas.get serviceusage.services.get serviceusage.services.list

Android Management User

(roles/androidmanagement.user)

拥有管理设备的完整权限。

androidmanagement.enterprises.manage

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Anthos 多云端角色

Role Permissions

Role	Permissions
Anthos Multi-cloud Admin (`roles/gkemulticloud.admin`) Admin access to Anthos Multi-cloud resources.	gkemulticloud.* gkemulticloud.attachedClusters.create gkemulticloud.attachedClusters.delete gkemulticloud.attachedClusters.generateInstallManifest gkemulticloud.attachedClusters.get gkemulticloud.attachedClusters.import gkemulticloud.attachedClusters.list gkemulticloud.attachedClusters.update gkemulticloud.attachedServerConfigs.get gkemulticloud.awsClusters.create gkemulticloud.awsClusters.delete gkemulticloud.awsClusters.generateAccessToken gkemulticloud.awsClusters.get gkemulticloud.awsClusters.getAdminKubeconfig gkemulticloud.awsClusters.list gkemulticloud.awsClusters.update gkemulticloud.awsNodePools.create gkemulticloud.awsNodePools.delete gkemulticloud.awsNodePools.get gkemulticloud.awsNodePools.list gkemulticloud.awsNodePools.update gkemulticloud.awsServerConfigs.get gkemulticloud.azureClients.create gkemulticloud.azureClients.delete gkemulticloud.azureClients.get gkemulticloud.azureClients.list gkemulticloud.azureClusters.create gkemulticloud.azureClusters.delete gkemulticloud.azureClusters.generateAccessToken gkemulticloud.azureClusters.get gkemulticloud.azureClusters.getAdminKubeconfig gkemulticloud.azureClusters.list gkemulticloud.azureClusters.update gkemulticloud.azureNodePools.create gkemulticloud.azureNodePools.delete gkemulticloud.azureNodePools.get gkemulticloud.azureNodePools.list gkemulticloud.azureNodePools.update gkemulticloud.azureServerConfigs.get gkemulticloud.operations.cancel gkemulticloud.operations.delete gkemulticloud.operations.get gkemulticloud.operations.list gkemulticloud.operations.wait resourcemanager.projects.get resourcemanager.projects.list
Anthos Multi-cloud Telemetry Writer (`roles/gkemulticloud.telemetryWriter`) Grant access to write cluster telemetry data such as logs, metrics, and resource metadata.	logging.logEntries.create logging.logEntries.route monitoring.metricDescriptors.create monitoring.metricDescriptors.get monitoring.metricDescriptors.list monitoring.monitoredResourceDescriptors.* monitoring.monitoredResourceDescriptors.get monitoring.monitoredResourceDescriptors.list monitoring.timeSeries.create opsconfigmonitoring.resourceMetadata.write
Anthos Multi-cloud Viewer (`roles/gkemulticloud.viewer`) Viewer access to Anthos Multi-cloud resources.	gkemulticloud.attachedClusters.generateInstallManifest gkemulticloud.attachedClusters.get gkemulticloud.attachedClusters.list gkemulticloud.attachedServerConfigs.get gkemulticloud.awsClusters.generateAccessToken gkemulticloud.awsClusters.get gkemulticloud.awsClusters.list gkemulticloud.awsNodePools.get gkemulticloud.awsNodePools.list gkemulticloud.awsServerConfigs.get gkemulticloud.azureClients.get gkemulticloud.azureClients.list gkemulticloud.azureClusters.generateAccessToken gkemulticloud.azureClusters.get gkemulticloud.azureClusters.list gkemulticloud.azureNodePools.get gkemulticloud.azureNodePools.list gkemulticloud.azureServerConfigs.get gkemulticloud.operations.get gkemulticloud.operations.list gkemulticloud.operations.wait resourcemanager.projects.get resourcemanager.projects.list

Anthos Multi-cloud Admin

(roles/gkemulticloud.admin)

Admin access to Anthos Multi-cloud resources.

gkemulticloud.*

gkemulticloud.attachedClusters.create
gkemulticloud.attachedClusters.delete
gkemulticloud.attachedClusters.generateInstallManifest
gkemulticloud.attachedClusters.get
gkemulticloud.attachedClusters.import
gkemulticloud.attachedClusters.list
gkemulticloud.attachedClusters.update
gkemulticloud.attachedServerConfigs.get
gkemulticloud.awsClusters.create
gkemulticloud.awsClusters.delete
gkemulticloud.awsClusters.generateAccessToken
gkemulticloud.awsClusters.get
gkemulticloud.awsClusters.getAdminKubeconfig
gkemulticloud.awsClusters.list
gkemulticloud.awsClusters.update
gkemulticloud.awsNodePools.create
gkemulticloud.awsNodePools.delete
gkemulticloud.awsNodePools.get
gkemulticloud.awsNodePools.list
gkemulticloud.awsNodePools.update
gkemulticloud.awsServerConfigs.get
gkemulticloud.azureClients.create
gkemulticloud.azureClients.delete
gkemulticloud.azureClients.get
gkemulticloud.azureClients.list
gkemulticloud.azureClusters.create
gkemulticloud.azureClusters.delete
gkemulticloud.azureClusters.generateAccessToken
gkemulticloud.azureClusters.get
gkemulticloud.azureClusters.getAdminKubeconfig
gkemulticloud.azureClusters.list
gkemulticloud.azureClusters.update
gkemulticloud.azureNodePools.create
gkemulticloud.azureNodePools.delete
gkemulticloud.azureNodePools.get
gkemulticloud.azureNodePools.list
gkemulticloud.azureNodePools.update
gkemulticloud.azureServerConfigs.get
gkemulticloud.operations.cancel
gkemulticloud.operations.delete
gkemulticloud.operations.get
gkemulticloud.operations.list
gkemulticloud.operations.wait

resourcemanager.projects.get

resourcemanager.projects.list

Anthos Multi-cloud Telemetry Writer

(roles/gkemulticloud.telemetryWriter)

Grant access to write cluster telemetry data such as logs, metrics, and resource metadata.

logging.logEntries.create

logging.logEntries.route

monitoring.metricDescriptors.create

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

monitoring.monitoredResourceDescriptors.get
monitoring.monitoredResourceDescriptors.list

monitoring.timeSeries.create

opsconfigmonitoring.resourceMetadata.write

Anthos Multi-cloud Viewer

(roles/gkemulticloud.viewer)

Viewer access to Anthos Multi-cloud resources.

gkemulticloud.attachedClusters.generateInstallManifest

gkemulticloud.attachedClusters.get

gkemulticloud.attachedClusters.list

gkemulticloud.attachedServerConfigs.get

gkemulticloud.awsClusters.generateAccessToken

gkemulticloud.awsClusters.get

gkemulticloud.awsClusters.list

gkemulticloud.awsNodePools.get

gkemulticloud.awsNodePools.list

gkemulticloud.awsServerConfigs.get

gkemulticloud.azureClients.get

gkemulticloud.azureClients.list

gkemulticloud.azureClusters.generateAccessToken

gkemulticloud.azureClusters.get

gkemulticloud.azureClusters.list

gkemulticloud.azureNodePools.get

gkemulticloud.azureNodePools.list

gkemulticloud.azureServerConfigs.get

gkemulticloud.operations.get

gkemulticloud.operations.list

gkemulticloud.operations.wait

resourcemanager.projects.get

resourcemanager.projects.list

API Gateway 角色

Role Permissions

Role	Permissions
ApiGateway Admin (`roles/apigateway.admin`) Full access to ApiGateway and related resources.	apigateway.* apigateway.apiconfigs.create apigateway.apiconfigs.delete apigateway.apiconfigs.get apigateway.apiconfigs.getIamPolicy apigateway.apiconfigs.list apigateway.apiconfigs.setIamPolicy apigateway.apiconfigs.update apigateway.apis.create apigateway.apis.delete apigateway.apis.get apigateway.apis.getIamPolicy apigateway.apis.list apigateway.apis.setIamPolicy apigateway.apis.update apigateway.gateways.create apigateway.gateways.delete apigateway.gateways.get apigateway.gateways.getIamPolicy apigateway.gateways.list apigateway.gateways.setIamPolicy apigateway.gateways.update apigateway.locations.get apigateway.locations.list apigateway.operations.cancel apigateway.operations.delete apigateway.operations.get apigateway.operations.list monitoring.metricDescriptors.list monitoring.monitoredResourceDescriptors.get monitoring.timeSeries.list resourcemanager.projects.get resourcemanager.projects.list servicemanagement.services.get serviceusage.services.list
ApiGateway Viewer (`roles/apigateway.viewer`) Read-only access to ApiGateway and related resources.	apigateway.apiconfigs.get apigateway.apiconfigs.getIamPolicy apigateway.apiconfigs.list apigateway.apis.get apigateway.apis.getIamPolicy apigateway.apis.list apigateway.gateways.get apigateway.gateways.getIamPolicy apigateway.gateways.list apigateway.locations.* apigateway.locations.get apigateway.locations.list apigateway.operations.get apigateway.operations.list monitoring.metricDescriptors.list monitoring.monitoredResourceDescriptors.get monitoring.timeSeries.list resourcemanager.projects.get resourcemanager.projects.list servicemanagement.services.get serviceusage.services.list

ApiGateway Admin

(roles/apigateway.admin)

Full access to ApiGateway and related resources.

apigateway.*

apigateway.apiconfigs.create
apigateway.apiconfigs.delete
apigateway.apiconfigs.get
apigateway.apiconfigs.getIamPolicy
apigateway.apiconfigs.list
apigateway.apiconfigs.setIamPolicy
apigateway.apiconfigs.update
apigateway.apis.create
apigateway.apis.delete
apigateway.apis.get
apigateway.apis.getIamPolicy
apigateway.apis.list
apigateway.apis.setIamPolicy
apigateway.apis.update
apigateway.gateways.create
apigateway.gateways.delete
apigateway.gateways.get
apigateway.gateways.getIamPolicy
apigateway.gateways.list
apigateway.gateways.setIamPolicy
apigateway.gateways.update
apigateway.locations.get
apigateway.locations.list
apigateway.operations.cancel
apigateway.operations.delete
apigateway.operations.get
apigateway.operations.list

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.get

monitoring.timeSeries.list

resourcemanager.projects.get

resourcemanager.projects.list

servicemanagement.services.get

serviceusage.services.list

ApiGateway Viewer

(roles/apigateway.viewer)

Read-only access to ApiGateway and related resources.

apigateway.apiconfigs.get

apigateway.apiconfigs.getIamPolicy

apigateway.apiconfigs.list

apigateway.apis.get

apigateway.apis.getIamPolicy

apigateway.apis.list

apigateway.gateways.get

apigateway.gateways.getIamPolicy

apigateway.gateways.list

apigateway.locations.*

apigateway.locations.get
apigateway.locations.list

apigateway.operations.get

apigateway.operations.list

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.get

monitoring.timeSeries.list

resourcemanager.projects.get

resourcemanager.projects.list

servicemanagement.services.get

serviceusage.services.list

Apigee 角色

角色权限

角色	权限
Apigee Organization Admin (`roles/apigee.admin`) 拥有对所有 Apigee 资源功能的完全访问权限	apigee.* apigee.apiproductattributes.createOrUpdateAll apigee.apiproductattributes.delete apigee.apiproductattributes.get apigee.apiproductattributes.list apigee.apiproductattributes.update apigee.apiproducts.create apigee.apiproducts.delete apigee.apiproducts.get apigee.apiproducts.list apigee.apiproducts.update apigee.appkeys.create apigee.appkeys.delete apigee.appkeys.get apigee.appkeys.manage apigee.apps.get apigee.apps.list apigee.archivedeployments.create apigee.archivedeployments.delete apigee.archivedeployments.download apigee.archivedeployments.get apigee.archivedeployments.list apigee.archivedeployments.update apigee.archivedeployments.upload apigee.caches.delete apigee.caches.list apigee.canaryevaluations.create apigee.canaryevaluations.get apigee.datacollectors.create apigee.datacollectors.delete apigee.datacollectors.get apigee.datacollectors.list apigee.datacollectors.update apigee.datalocation.get apigee.datastores.create apigee.datastores.delete apigee.datastores.get apigee.datastores.list apigee.datastores.update apigee.deployments.create apigee.deployments.delete apigee.deployments.get apigee.deployments.list apigee.deployments.update apigee.developerappattributes.createOrUpdateAll apigee.developerappattributes.delete apigee.developerappattributes.get apigee.developerappattributes.list apigee.developerappattributes.update apigee.developerapps.create apigee.developelapps.delete apigee.developerapps.get apigee.developerapps.list apigee.developerapps.manage apigee.developerattributes.createOrUpdateAll apigee.developerattributes.delete apigee.developerattributes.get apigee.developerattributes.list apigee.developerattributes.update apigee.developerbalances.adjust apigee.developerbalances.get apigee.developerbalances.update apigee.developermonetizationconfigs.get apigee.developermonetizationconfigs.update apigee.developers.create apigee.developers.delete apigee.developers.get apigee.developers.list apigee.developers.update apigee.developersubscriptions.create apigee.developersubscriptions.get apigee.developersubscriptions.list apigee.developersubscriptions.update apigee.endpointattachments.create apigee.endpointattachments.delete apigee.endpointattachments.get apigee.endpointattachments.list apigee.entitlements.get apigee.envgroupattachments.create apigee.envgroupattachments.delete apigee.envgroupattachments.get apigee.envgroupattachments.list apigee.envgroups.create apigee.envgroups.delete apigee.envgroups.get apigee.envgroups.list apigee.envgroups.update apigee.environments.create apigee.environments.delete apigee.environments.get apigee.environments.getDataLocation apigee.environments.getIamPolicy apigee.environments.getStats apigee.environments.list apigee.environments.manageRuntime apigee.environments.setIamPolicy apigee.environments.update apigee.exports.create apigee.exports.get apigee.exports.list apigee.flowhooks.attachSharedFlow apigee.flowhooks.detachSharedFlow apigee.flowhooks.getSharedFlow apigee.flowhooks.list apigee.hostqueries.create apigee.hostqueries.get apigee.hostqueries.list apigee.hostsecurityreports.create apigee.hostsecurityreports.get apigee.hostsecurityreports.list apigee.hoststats.get apigee.ingressconfigs.get apigee.instanceattachments.create apigee.instanceattachments.delete apigee.instanceattachments.get apigee.instanceattachments.list apigee.instances.create apigee.instances.delete apigee.instances.get apigee.instances.list apigee.instances.reportStatus apigee.instances.update apigee.keystorealiases.create apigee.keystorealiases.delete apigee.keystorealiases.exportCertificate apigee.keystorealiases.generateCSR apigee.keystorealiases.get apigee.keystorealiases.list apigee.keystorealiases.update apigee.keystores.create apigee.keystores.delete apigee.keystores.export apigee.keystores.get apigee.keystores.list apigee.keyvaluemapentries.create apigee.keyvaluemapentries.delete apigee.keyvaluemapentries.get apigee.keyvaluemapentries.list apigee.keyvaluemaps.create apigee.keyvaluemaps.delete apigee.keyvaluemaps.list apigee.maskconfigs.get apigee.maskconfigs.update apigee.nataddresses.activate apigee.nataddresses.create apigee.nataddresses.delete apigee.nataddresses.get apigee.nataddresses.list apigee.operations.get apigee.operations.list apigee.organizations.create apigee.organizations.delete apigee.organizations.get apigee.organizations.list apigee.organizations.update apigee.portals.create apigee.portals.delete apigee.portals.get apigee.portals.list apigee.portals.update apigee.projectorganizations.get apigee.projects.migrate apigee.projects.previewMigration apigee.projects.update apigee.proxies.create apigee.proxies.delete apigee.proxies.get apigee.proxies.list apigee.proxies.update apigee.proxyrevisions.delete apigee.proxyrevisions.deploy apigee.proxyrevisions.get apigee.proxyrevisions.list apigee.proxyrevisions.undeploy apigee.proxyrevisions.update apigee.queries.create apigee.queries.get apigee.queries.list apigee.rateplans.create apigee.rateplans.delete apigee.rateplans.get apigee.rateplans.list apigee.rateplans.update apigee.references.create apigee.references.delete apigee.references.get apigee.references.list apigee.references.update apigee.reports.create apigee.reports.delete apigee.reports.get apigee.reports.list apigee.reports.update apigee.resourcefiles.create apigee.resourcefiles.delete apigee.resourcefiles.get apigee.resourcefiles.list apigee.resourcefiles.update apigee.runtimeconfigs.get apigee.securityIncidents.get apigee.securityIncidents.list apigee.securityProfileEnvironments.computeScore apigee.securityProfileEnvironments.create apigee.securityProfileEnvironments.delete apigee.securityProfiles.get apigee.securityProfiles.list apigee.securityStats.queryTabularStats apigee.securityStats.queryTimeSeriesStats apigee.securityreports.create apigee.securityreports.get apigee.securityreports.list apigee.setupcontexts.get apigee.setupcontexts.update apigee.sharedflowrevisions.delete apigee.sharedflowrevisions.deploy apigee.sharedflowrevisions.get apigee.sharedflowrevisions.list apigee.sharedflowrevisions.undeploy apigee.sharedflowrevisions.update apigee.sharedflows.create apigee.sharedflows.delete apigee.sharedflows.get apigee.sharedflows.list apigee.targetservers.create apigee.targetservers.delete apigee.targetservers.get apigee.targetservers.list apigee.targetservers.update apigee.traceconfig.get apigee.traceconfig.update apigee.traceconfigoverrides.create apigee.traceconfigoverrides.delete apigee.traceconfigoverrides.get apigee.traceconfigoverrides.list apigee.traceconfigoverrides.update apigee.tracesessions.create apigee.tracesessions.delete apigee.tracesessions.get apigee.tracesessions.list monitoring.timeSeries.list resourcemanager.projects.get resourcemanager.projects.getIamPolicy resourcemanager.projects.list
Apigee Analytics Agent (`roles/apigee.analyticsAgent`) 提供一组特选权限，可让 Apigee Universal Data Collection Agent 管理 Apigee 组织的分析数据	apigee.datalocation.get apigee.environments.getDataLocation apigee.runtimeconfigs.get
Apigee Analytics Editor (`roles/apigee.analyticsEditor`) 可修改 Apigee 组织的分析数据	apigee.datacollectors.* apigee.datacollectors.create apigee.datacollectors.delete apigee.datacollectors.get apigee.datacollectors.list apigee.datacollectors.update apigee.datastores.* apigee.datastores.create apigee.datastores.delete apigee.datastores.get apigee.datastores.list apigee.datastores.update apigee.entitlements.get apigee.envgroupattachments.get apigee.envgroupattachments.list apigee.envgroups.get apigee.envgroups.list apigee.environments.get apigee.environments.getStats apigee.environments.list apigee.exports.* apigee.exports.create apigee.exports.get apigee.exports.list apigee.hostqueries.* apigee.hostqueries.create apigee.hostqueries.get apigee.hostqueries.list apigee.hoststats.get apigee.organizations.get apigee.organizations.list apigee.projectorganizations.get apigee.queries.* apigee.queries.create apigee.queries.get apigee.queries.list apigee.reports.* apigee.reports.create apigee.reports.delete apigee.reports.get apigee.reports.list apigee.reports.update resourcemanager.projects.get resourcemanager.projects.list
Apigee Analytics Viewer (`roles/apigee.analyticsViewer`) 可查看 Apigee 组织的分析数据	apigee.datacollectors.get apigee.datacollectors.list apigee.datastores.get apigee.datastores.list apigee.entitlements.get apigee.envgroupattachments.get apigee.envgroupattachments.list apigee.envgroups.get apigee.envgroups.list apigee.environments.get apigee.environments.getStats apigee.environments.list apigee.exports.get apigee.exports.list apigee.hostqueries.get apigee.hostqueries.list apigee.hoststats.get apigee.organizations.get apigee.organizations.list apigee.projectorganizations.get apigee.queries.get apigee.queries.list apigee.reports.get apigee.reports.list resourcemanager.projects.get resourcemanager.projects.list
Apigee API Admin (`roles/apigee.apiAdminV2`) 拥有对所有 Apigee API 资源的完整读写权限	apigee.apiproductattributes.* apigee.apiproductattributes.createOrUpdateAll apigee.apiproductattributes.delete apigee.apiproductattributes.get apigee.apiproductattributes.list apigee.apiproductattributes.update apigee.apiproducts.* apigee.apiproducts.create apigee.apiproducts.delete apigee.apiproducts.get apigee.apiproducts.list apigee.apiproducts.update apigee.entitlements.get apigee.envgroupattachments.get apigee.envgroupattachments.list apigee.envgroups.get apigee.envgroups.list apigee.environments.get apigee.environments.getStats apigee.environments.list apigee.keyvaluemapentries.* apigee.keyvaluemapentries.create apigee.keyvaluemapentries.delete apigee.keyvaluemapentries.get apigee.keyvaluemapentries.list apigee.keyvaluemaps.* apigee.keyvaluemaps.create apigee.keyvaluemaps.delete apigee.keyvaluemaps.list apigee.organizations.get apigee.organizations.list apigee.projectorganizations.get apigee.proxies.* apigee.proxies.create apigee.proxies.delete apigee.proxies.get apigee.proxies.list apigee.proxies.update apigee.proxyrevisions.* apigee.proxyrevisions.delete apigee.proxyrevisions.deploy apigee.proxyrevisions.get apigee.proxyrevisions.list apigee.proxyrevisions.undeploy apigee.proxyrevisions.update apigee.sharedflowrevisions.* apigee.sharedflowrevisions.delete apigee.sharedflowrevisions.deploy apigee.sharedflowrevisions.get apigee.sharedflowrevisions.list apigee.sharedflowrevisions.undeploy apigee.sharedflowrevisions.update apigee.sharedflows.* apigee.sharedflows.create apigee.sharedflows.delete apigee.sharedflows.get apigee.sharedflows.list resourcemanager.projects.get resourcemanager.projects.list
Apigee API Reader (`roles/apigee.apiReaderV2`) 可以读取 apigee 资源	apigee.apiproductattributes.get apigee.apiproductattributes.list apigee.apiproducts.get apigee.apiproducts.list apigee.entitlements.get apigee.envgroupattachments.get apigee.envgroupattachments.list apigee.envgroups.get apigee.envgroups.list apigee.environments.get apigee.environments.getStats apigee.environments.list apigee.keyvaluemapentries.get apigee.keyvaluemapentries.list apigee.keyvaluemaps.list apigee.organizations.get apigee.organizations.list apigee.projectorganizations.get apigee.proxies.get apigee.proxies.list apigee.proxyrevisions.deploy apigee.proxyrevisions.get apigee.proxyrevisions.list apigee.proxyrevisions.undeploy apigee.sharedflowrevisions.deploy apigee.sharedflowrevisions.get apigee.sharedflowrevisions.list apigee.sharedflowrevisions.undeploy apigee.sharedflows.get apigee.sharedflows.list resourcemanager.projects.get resourcemanager.projects.list
Apigee Developer Admin (`roles/apigee.developerAdmin`) 可管理 Apigee 资源开发者	apigee.apiproductattributes.get apigee.apiproductattributes.list apigee.apiproducts.get apigee.apiproducts.list apigee.appkeys.* apigee.appkeys.create apigee.appkeys.delete apigee.appkeys.get apigee.appkeys.manage apigee.apps.* apigee.apps.get apigee.apps.list apigee.datacollectors.* apigee.datacollectors.create apigee.datacollectors.delete apigee.datacollectors.get apigee.datacollectors.list apigee.datacollectors.update apigee.developerappattributes.* apigee.developerappattributes.createOrUpdateAll apigee.developerappattributes.delete apigee.developerappattributes.get apigee.developerappattributes.list apigee.developerappattributes.update apigee.developerapps.* apigee.developerapps.create apigee.developelapps.delete apigee.developerapps.get apigee.developerapps.list apigee.developerapps.manage apigee.developerattributes.* apigee.developerattributes.createOrUpdateAll apigee.developerattributes.delete apigee.developerattributes.get apigee.developerattributes.list apigee.developerattributes.update apigee.developerbalances.* apigee.developerbalances.adjust apigee.developerbalances.get apigee.developerbalances.update apigee.developermonetizationconfigs.* apigee.developermonetizationconfigs.get apigee.developermonetizationconfigs.update apigee.developers.* apigee.developers.create apigee.developers.delete apigee.developers.get apigee.developers.list apigee.developers.update apigee.developersubscriptions.* apigee.developersubscriptions.create apigee.developersubscriptions.get apigee.developersubscriptions.list apigee.developersubscriptions.update apigee.entitlements.get apigee.environments.get apigee.environments.getStats apigee.environments.list apigee.hoststats.get apigee.organizations.get apigee.organizations.list apigee.projectorganizations.get apigee.rateplans.get apigee.rateplans.list resourcemanager.projects.get resourcemanager.projects.getIamPolicy resourcemanager.projects.list
Apigee Environment Admin (`roles/apigee.environmentAdmin`) 拥有对 Apigee 环境资源（包括部署）的完整读写权限。	apigee.archivedeployments.* apigee.archivedeployments.create apigee.archivedeployments.delete apigee.archivedeployments.download apigee.archivedeployments.get apigee.archivedeployments.list apigee.archivedeployments.update apigee.archivedeployments.upload apigee.datacollectors.get apigee.datacollectors.list apigee.deployments.* apigee.deployments.create apigee.deployments.delete apigee.deployments.get apigee.deployments.list apigee.deployments.update apigee.entitlements.get apigee.envgroupattachments.get apigee.envgroupattachments.list apigee.envgroups.get apigee.envgroups.list apigee.environments.get apigee.environments.getIamPolicy apigee.environments.getStats apigee.environments.list apigee.environments.setIamPolicy apigee.environments.update apigee.flowhooks.* apigee.flowhooks.attachSharedFlow apigee.flowhooks.detachSharedFlow apigee.flowhooks.getSharedFlow apigee.flowhooks.list apigee.ingressconfigs.get apigee.keystorealiases.* apigee.keystorealiases.create apigee.keystorealiases.delete apigee.keystorealiases.exportCertificate apigee.keystorealiases.generateCSR apigee.keystorealiases.get apigee.keystorealiases.list apigee.keystorealiases.update apigee.keystores.* apigee.keystores.create apigee.keystores.delete apigee.keystores.export apigee.keystores.get apigee.keystores.list apigee.keyvaluemapentries.* apigee.keyvaluemapentries.create apigee.keyvaluemapentries.delete apigee.keyvaluemapentries.get apigee.keyvaluemapentries.list apigee.keyvaluemaps.* apigee.keyvaluemaps.create apigee.keyvaluemaps.delete apigee.keyvaluemaps.list apigee.maskconfigs.* apigee.maskconfigs.get apigee.maskconfigs.update apigee.organizations.get apigee.organizations.list apigee.projectorganizations.get apigee.proxies.get apigee.proxies.list apigee.proxyrevisions.deploy apigee.proxyrevisions.get apigee.proxyrevisions.list apigee.proxyrevisions.undeploy apigee.references.* apigee.references.create apigee.references.delete apigee.references.get apigee.references.list apigee.references.update apigee.resourcefiles.* apigee.resourcefiles.create apigee.resourcefiles.delete apigee.resourcefiles.get apigee.resourcefiles.list apigee.resourcefiles.update apigee.sharedflowrevisions.deploy apigee.sharedflowrevisions.get apigee.sharedflowrevisions.list apigee.sharedflowrevisions.undeploy apigee.sharedflows.get apigee.sharedflows.list apigee.targetservers.* apigee.targetservers.create apigee.targetservers.delete apigee.targetservers.get apigee.targetservers.list apigee.targetservers.update apigee.traceconfig.* apigee.traceconfig.get apigee.traceconfig.update apigee.traceconfigoverrides.* apigee.traceconfigoverrides.create apigee.traceconfigoverrides.delete apigee.traceconfigoverrides.get apigee.traceconfigoverrides.list apigee.traceconfigoverrides.update apigee.tracesessions.* apigee.tracesessions.create apigee.tracesessions.delete apigee.tracesessions.get apigee.tracesessions.list resourcemanager.projects.get resourcemanager.projects.getIamPolicy resourcemanager.projects.list
Apigee Monetization Admin (`roles/apigee.monetizationAdmin`) 与创收相关的所有权限	apigee.apiproducts.get apigee.apiproducts.list apigee.developerbalances.* apigee.developerbalances.adjust apigee.developerbalances.get apigee.developerbalances.update apigee.developermonetizationconfigs.* apigee.developermonetizationconfigs.get apigee.developermonetizationconfigs.update apigee.developersubscriptions.* apigee.developersubscriptions.create apigee.developersubscriptions.get apigee.developersubscriptions.list apigee.developersubscriptions.update apigee.entitlements.get apigee.organizations.get apigee.organizations.list apigee.projectorganizations.get apigee.rateplans.* apigee.rateplans.create apigee.rateplans.delete apigee.rateplans.get apigee.rateplans.list apigee.rateplans.update resourcemanager.projects.get resourcemanager.projects.list
Apigee Portal Admin (`roles/apigee.portalAdmin`) 可以管理 Apigee 组织的门户	apigee.entitlements.get apigee.organizations.get apigee.organizations.list apigee.portals.* apigee.portals.create apigee.portals.delete apigee.portals.get apigee.portals.list apigee.portals.update apigee.projectorganizations.get resourcemanager.projects.get resourcemanager.projects.list
Apigee Read-only Admin (`roles/apigee.readOnlyAdmin`) 可查看所有 Apigee 资源	apigee.apiproductattributes.get apigee.apiproductattributes.list apigee.apiproducts.get apigee.apiproducts.list apigee.appkeys.get apigee.apps.* apigee.apps.get apigee.apps.list apigee.archivedeployments.download apigee.archivedeployments.get apigee.archivedeployments.list apigee.caches.list apigee.canaryevaluations.get apigee.datacollectors.get apigee.datacollectors.list apigee.datalocation.get apigee.datastores.get apigee.datastores.list apigee.deployments.get apigee.deployments.list apigee.developerappattributes.get apigee.developerappattributes.list apigee.developerapps.get apigee.developerapps.list apigee.developerattributes.get apigee.developerattributes.list apigee.developerbalances.get apigee.developermonetizationconfigs.get apigee.developers.get apigee.developers.list apigee.developersubscriptions.get apigee.developersubscriptions.list apigee.endpointattachments.get apigee.endpointattachments.list apigee.entitlements.get apigee.envgroupattachments.get apigee.envgroupattachments.list apigee.envgroups.get apigee.envgroups.list apigee.environments.get apigee.environments.getDataLocation apigee.environments.getIamPolicy apigee.environments.getStats apigee.environments.list apigee.exports.get apigee.exports.list apigee.flowhooks.getSharedFlow apigee.flowhooks.list apigee.hostqueries.get apigee.hostqueries.list apigee.hostsecurityreports.get apigee.hostsecurityreports.list apigee.hoststats.get apigee.ingressconfigs.get apigee.instanceattachments.get apigee.instanceattachments.list apigee.instances.get apigee.instances.list apigee.keystorealiases.get apigee.keystorealiases.list apigee.keystores.get apigee.keystores.list apigee.keyvaluemapentries.get apigee.keyvaluemapentries.list apigee.keyvaluemaps.list apigee.maskconfigs.get apigee.nataddresses.get apigee.nataddresses.list apigee.operations.* apigee.operations.get apigee.operations.list apigee.organizations.get apigee.organizations.list apigee.portals.get apigee.portals.list apigee.projectorganizations.get apigee.proxies.get apigee.proxies.list apigee.proxyrevisions.get apigee.proxyrevisions.list apigee.queries.get apigee.queries.list apigee.rateplans.get apigee.rateplans.list apigee.references.get apigee.references.list apigee.reports.get apigee.reports.list apigee.resourcefiles.get apigee.resourcefiles.list apigee.runtimeconfigs.get apigee.securityIncidents.* apigee.securityIncidents.get apigee.securityIncidents.list apigee.securityProfileEnvironments.computeScore apigee.securityProfiles.* apigee.securityProfiles.get apigee.securityProfiles.list apigee.securityStats.* apigee.securityStats.queryTabularStats apigee.securityStats.queryTimeSeriesStats apigee.securityreports.get apigee.securityreports.list apigee.setupcontexts.get apigee.sharedflowrevisions.get apigee.sharedflowrevisions.list apigee.sharedflows.get apigee.sharedflows.list apigee.targetservers.get apigee.targetservers.list apigee.traceconfig.get apigee.traceconfigoverrides.get apigee.traceconfigoverrides.list apigee.tracesessions.get apigee.tracesessions.list monitoring.timeSeries.list resourcemanager.projects.get resourcemanager.projects.getIamPolicy resourcemanager.projects.list
Apigee Runtime Agent (`roles/apigee.runtimeAgent`) 提供一组特选权限，可让运行时代理访问 Apigee 组织资源	apigee.canaryevaluations.* apigee.canaryevaluations.create apigee.canaryevaluations.get apigee.entitlements.get apigee.ingressconfigs.get apigee.instances.reportStatus apigee.operations.* apigee.operations.get apigee.operations.list apigee.organizations.get apigee.projectorganizations.get apigee.runtimeconfigs.get
Apigee Security Admin (`roles/apigee.securityAdmin`) 可以管理 Apigee 组织的安全设置	apigee.entitlements.get apigee.envgroupattachments.get apigee.envgroupattachments.list apigee.envgroups.get apigee.envgroups.list apigee.environments.get apigee.environments.list apigee.hostsecurityreports.* apigee.hostsecurityreports.create apigee.hostsecurityreports.get apigee.hostsecurityreports.list apigee.organizations.get apigee.organizations.list apigee.projectorganizations.get apigee.securityIncidents.* apigee.securityIncidents.get apigee.securityIncidents.list apigee.securityProfileEnvironments.* apigee.securityProfileEnvironments.computeScore apigee.securityProfileEnvironments.create apigee.securityProfileEnvironments.delete apigee.securityProfiles.* apigee.securityProfiles.get apigee.securityProfiles.list apigee.securityStats.* apigee.securityStats.queryTabularStats apigee.securityStats.queryTimeSeriesStats apigee.securityreports.* apigee.securityreports.create apigee.securityreports.get apigee.securityreports.list resourcemanager.projects.get resourcemanager.projects.list
Apigee Security Viewer (`roles/apigee.securityViewer`) 可查看 Apigee 组织的安全设置	apigee.entitlements.get apigee.envgroupattachments.get apigee.envgroupattachments.list apigee.envgroups.get apigee.envgroups.list apigee.environments.get apigee.environments.list apigee.hostsecurityreports.get apigee.hostsecurityreports.list apigee.organizations.get apigee.organizations.list apigee.projectorganizations.get apigee.securityIncidents.* apigee.securityIncidents.get apigee.securityIncidents.list apigee.securityProfileEnvironments.computeScore apigee.securityProfiles.* apigee.securityProfiles.get apigee.securityProfiles.list apigee.securityStats.* apigee.securityStats.queryTabularStats apigee.securityStats.queryTimeSeriesStats apigee.securityreports.get apigee.securityreports.list resourcemanager.projects.get resourcemanager.projects.list
Apigee Synchronizer Manager (`roles/apigee.synchronizerManager`) 提供一组特选权限，可让 Synchronizer 管理 Apigee 组织中的环境	apigee.environments.get apigee.environments.manageRuntime apigee.ingressconfigs.get
Apigee Connect Admin (`roles/apigeeconnect.Admin`) 可以管理 Apigee Connect	apigeeconnect.connections.list
Apigee Connect Agent (`roles/apigeeconnect.Agent`) 能够在外部集群和 Google 之间设置 Apigee Connect 代理。	apigeeconnect.endpoints.connect

Apigee Organization Admin

(roles/apigee.admin)

拥有对所有 Apigee 资源功能的完全访问权限

apigee.*

apigee.apiproductattributes.createOrUpdateAll
apigee.apiproductattributes.delete
apigee.apiproductattributes.get
apigee.apiproductattributes.list
apigee.apiproductattributes.update
apigee.apiproducts.create
apigee.apiproducts.delete
apigee.apiproducts.get
apigee.apiproducts.list
apigee.apiproducts.update
apigee.appkeys.create
apigee.appkeys.delete
apigee.appkeys.get
apigee.appkeys.manage
apigee.apps.get
apigee.apps.list
apigee.archivedeployments.create
apigee.archivedeployments.delete
apigee.archivedeployments.download
apigee.archivedeployments.get
apigee.archivedeployments.list
apigee.archivedeployments.update
apigee.archivedeployments.upload
apigee.caches.delete
apigee.caches.list
apigee.canaryevaluations.create
apigee.canaryevaluations.get
apigee.datacollectors.create
apigee.datacollectors.delete
apigee.datacollectors.get
apigee.datacollectors.list
apigee.datacollectors.update
apigee.datalocation.get
apigee.datastores.create
apigee.datastores.delete
apigee.datastores.get
apigee.datastores.list
apigee.datastores.update
apigee.deployments.create
apigee.deployments.delete
apigee.deployments.get
apigee.deployments.list
apigee.deployments.update
apigee.developerappattributes.createOrUpdateAll
apigee.developerappattributes.delete
apigee.developerappattributes.get
apigee.developerappattributes.list
apigee.developerappattributes.update
apigee.developerapps.create
apigee.developelapps.delete
apigee.developerapps.get
apigee.developerapps.list
apigee.developerapps.manage
apigee.developerattributes.createOrUpdateAll
apigee.developerattributes.delete
apigee.developerattributes.get
apigee.developerattributes.list
apigee.developerattributes.update
apigee.developerbalances.adjust
apigee.developerbalances.get
apigee.developerbalances.update
apigee.developermonetizationconfigs.get
apigee.developermonetizationconfigs.update
apigee.developers.create
apigee.developers.delete
apigee.developers.get
apigee.developers.list
apigee.developers.update
apigee.developersubscriptions.create
apigee.developersubscriptions.get
apigee.developersubscriptions.list
apigee.developersubscriptions.update
apigee.endpointattachments.create
apigee.endpointattachments.delete
apigee.endpointattachments.get
apigee.endpointattachments.list
apigee.entitlements.get
apigee.envgroupattachments.create
apigee.envgroupattachments.delete
apigee.envgroupattachments.get
apigee.envgroupattachments.list
apigee.envgroups.create
apigee.envgroups.delete
apigee.envgroups.get
apigee.envgroups.list
apigee.envgroups.update
apigee.environments.create
apigee.environments.delete
apigee.environments.get
apigee.environments.getDataLocation
apigee.environments.getIamPolicy
apigee.environments.getStats
apigee.environments.list
apigee.environments.manageRuntime
apigee.environments.setIamPolicy
apigee.environments.update
apigee.exports.create
apigee.exports.get
apigee.exports.list
apigee.flowhooks.attachSharedFlow
apigee.flowhooks.detachSharedFlow
apigee.flowhooks.getSharedFlow
apigee.flowhooks.list
apigee.hostqueries.create
apigee.hostqueries.get
apigee.hostqueries.list
apigee.hostsecurityreports.create
apigee.hostsecurityreports.get
apigee.hostsecurityreports.list
apigee.hoststats.get
apigee.ingressconfigs.get
apigee.instanceattachments.create
apigee.instanceattachments.delete
apigee.instanceattachments.get
apigee.instanceattachments.list
apigee.instances.create
apigee.instances.delete
apigee.instances.get
apigee.instances.list
apigee.instances.reportStatus
apigee.instances.update
apigee.keystorealiases.create
apigee.keystorealiases.delete
apigee.keystorealiases.exportCertificate
apigee.keystorealiases.generateCSR
apigee.keystorealiases.get
apigee.keystorealiases.list
apigee.keystorealiases.update
apigee.keystores.create
apigee.keystores.delete
apigee.keystores.export
apigee.keystores.get
apigee.keystores.list
apigee.keyvaluemapentries.create
apigee.keyvaluemapentries.delete
apigee.keyvaluemapentries.get
apigee.keyvaluemapentries.list
apigee.keyvaluemaps.create
apigee.keyvaluemaps.delete
apigee.keyvaluemaps.list
apigee.maskconfigs.get
apigee.maskconfigs.update
apigee.nataddresses.activate
apigee.nataddresses.create
apigee.nataddresses.delete
apigee.nataddresses.get
apigee.nataddresses.list
apigee.operations.get
apigee.operations.list
apigee.organizations.create
apigee.organizations.delete
apigee.organizations.get
apigee.organizations.list
apigee.organizations.update
apigee.portals.create
apigee.portals.delete
apigee.portals.get
apigee.portals.list
apigee.portals.update
apigee.projectorganizations.get
apigee.projects.migrate
apigee.projects.previewMigration
apigee.projects.update
apigee.proxies.create
apigee.proxies.delete
apigee.proxies.get
apigee.proxies.list
apigee.proxies.update
apigee.proxyrevisions.delete
apigee.proxyrevisions.deploy
apigee.proxyrevisions.get
apigee.proxyrevisions.list
apigee.proxyrevisions.undeploy
apigee.proxyrevisions.update
apigee.queries.create
apigee.queries.get
apigee.queries.list
apigee.rateplans.create
apigee.rateplans.delete
apigee.rateplans.get
apigee.rateplans.list
apigee.rateplans.update
apigee.references.create
apigee.references.delete
apigee.references.get
apigee.references.list
apigee.references.update
apigee.reports.create
apigee.reports.delete
apigee.reports.get
apigee.reports.list
apigee.reports.update
apigee.resourcefiles.create
apigee.resourcefiles.delete
apigee.resourcefiles.get
apigee.resourcefiles.list
apigee.resourcefiles.update
apigee.runtimeconfigs.get
apigee.securityIncidents.get
apigee.securityIncidents.list
apigee.securityProfileEnvironments.computeScore
apigee.securityProfileEnvironments.create
apigee.securityProfileEnvironments.delete
apigee.securityProfiles.get
apigee.securityProfiles.list
apigee.securityStats.queryTabularStats
apigee.securityStats.queryTimeSeriesStats
apigee.securityreports.create
apigee.securityreports.get
apigee.securityreports.list
apigee.setupcontexts.get
apigee.setupcontexts.update
apigee.sharedflowrevisions.delete
apigee.sharedflowrevisions.deploy
apigee.sharedflowrevisions.get
apigee.sharedflowrevisions.list
apigee.sharedflowrevisions.undeploy
apigee.sharedflowrevisions.update
apigee.sharedflows.create
apigee.sharedflows.delete
apigee.sharedflows.get
apigee.sharedflows.list
apigee.targetservers.create
apigee.targetservers.delete
apigee.targetservers.get
apigee.targetservers.list
apigee.targetservers.update
apigee.traceconfig.get
apigee.traceconfig.update
apigee.traceconfigoverrides.create
apigee.traceconfigoverrides.delete
apigee.traceconfigoverrides.get
apigee.traceconfigoverrides.list
apigee.traceconfigoverrides.update
apigee.tracesessions.create
apigee.tracesessions.delete
apigee.tracesessions.get
apigee.tracesessions.list

monitoring.timeSeries.list

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

resourcemanager.projects.list

Apigee Analytics Agent

(roles/apigee.analyticsAgent)

提供一组特选权限，可让 Apigee Universal Data Collection Agent 管理 Apigee 组织的分析数据

apigee.datalocation.get

apigee.environments.getDataLocation

apigee.runtimeconfigs.get

Apigee Analytics Editor

(roles/apigee.analyticsEditor)

可修改 Apigee 组织的分析数据

apigee.datacollectors.*

apigee.datacollectors.create
apigee.datacollectors.delete
apigee.datacollectors.get
apigee.datacollectors.list
apigee.datacollectors.update

apigee.datastores.*

apigee.datastores.create
apigee.datastores.delete
apigee.datastores.get
apigee.datastores.list
apigee.datastores.update

apigee.entitlements.get

apigee.envgroupattachments.get

apigee.envgroupattachments.list

apigee.envgroups.get

apigee.envgroups.list

apigee.environments.get

apigee.environments.getStats

apigee.environments.list

apigee.exports.*

apigee.exports.create
apigee.exports.get
apigee.exports.list

apigee.hostqueries.*

apigee.hostqueries.create
apigee.hostqueries.get
apigee.hostqueries.list

apigee.hoststats.get

apigee.organizations.get

apigee.organizations.list

apigee.projectorganizations.get

apigee.queries.*

apigee.queries.create
apigee.queries.get
apigee.queries.list

apigee.reports.*

apigee.reports.create
apigee.reports.delete
apigee.reports.get
apigee.reports.list
apigee.reports.update

resourcemanager.projects.get

resourcemanager.projects.list

Apigee Analytics Viewer

(roles/apigee.analyticsViewer)

可查看 Apigee 组织的分析数据

apigee.datacollectors.get

apigee.datacollectors.list

apigee.datastores.get

apigee.datastores.list

apigee.entitlements.get

apigee.envgroupattachments.get

apigee.envgroupattachments.list

apigee.envgroups.get

apigee.envgroups.list

apigee.environments.get

apigee.environments.getStats

apigee.environments.list

apigee.exports.get

apigee.exports.list

apigee.hostqueries.get

apigee.hostqueries.list

apigee.hoststats.get

apigee.organizations.get

apigee.organizations.list

apigee.projectorganizations.get

apigee.queries.get

apigee.queries.list

apigee.reports.get

apigee.reports.list

resourcemanager.projects.get

resourcemanager.projects.list

Apigee API Admin

(roles/apigee.apiAdminV2)

拥有对所有 Apigee API 资源的完整读写权限

apigee.apiproductattributes.*

apigee.apiproductattributes.createOrUpdateAll
apigee.apiproductattributes.delete
apigee.apiproductattributes.get
apigee.apiproductattributes.list
apigee.apiproductattributes.update

apigee.apiproducts.*

apigee.apiproducts.create
apigee.apiproducts.delete
apigee.apiproducts.get
apigee.apiproducts.list
apigee.apiproducts.update

apigee.entitlements.get

apigee.envgroupattachments.get

apigee.envgroupattachments.list

apigee.envgroups.get

apigee.envgroups.list

apigee.environments.get

apigee.environments.getStats

apigee.environments.list

apigee.keyvaluemapentries.*

apigee.keyvaluemapentries.create
apigee.keyvaluemapentries.delete
apigee.keyvaluemapentries.get
apigee.keyvaluemapentries.list

apigee.keyvaluemaps.*

apigee.keyvaluemaps.create
apigee.keyvaluemaps.delete
apigee.keyvaluemaps.list

apigee.organizations.get

apigee.organizations.list

apigee.projectorganizations.get

apigee.proxies.*

apigee.proxies.create
apigee.proxies.delete
apigee.proxies.get
apigee.proxies.list
apigee.proxies.update

apigee.proxyrevisions.*

apigee.proxyrevisions.delete
apigee.proxyrevisions.deploy
apigee.proxyrevisions.get
apigee.proxyrevisions.list
apigee.proxyrevisions.undeploy
apigee.proxyrevisions.update

apigee.sharedflowrevisions.*

apigee.sharedflowrevisions.delete
apigee.sharedflowrevisions.deploy
apigee.sharedflowrevisions.get
apigee.sharedflowrevisions.list
apigee.sharedflowrevisions.undeploy
apigee.sharedflowrevisions.update

apigee.sharedflows.*

apigee.sharedflows.create
apigee.sharedflows.delete
apigee.sharedflows.get
apigee.sharedflows.list

resourcemanager.projects.get

resourcemanager.projects.list

Apigee API Reader

(roles/apigee.apiReaderV2)

可以读取 apigee 资源

apigee.apiproductattributes.get

apigee.apiproductattributes.list

apigee.apiproducts.get

apigee.apiproducts.list

apigee.entitlements.get

apigee.envgroupattachments.get

apigee.envgroupattachments.list

apigee.envgroups.get

apigee.envgroups.list

apigee.environments.get

apigee.environments.getStats

apigee.environments.list

apigee.keyvaluemapentries.get

apigee.keyvaluemapentries.list

apigee.keyvaluemaps.list

apigee.organizations.get

apigee.organizations.list

apigee.projectorganizations.get

apigee.proxies.get

apigee.proxies.list

apigee.proxyrevisions.deploy

apigee.proxyrevisions.get

apigee.proxyrevisions.list

apigee.proxyrevisions.undeploy

apigee.sharedflowrevisions.deploy

apigee.sharedflowrevisions.get

apigee.sharedflowrevisions.list

apigee.sharedflowrevisions.undeploy

apigee.sharedflows.get

apigee.sharedflows.list

resourcemanager.projects.get

resourcemanager.projects.list

Apigee Developer Admin

(roles/apigee.developerAdmin)

可管理 Apigee 资源开发者

apigee.apiproductattributes.get

apigee.apiproductattributes.list

apigee.apiproducts.get

apigee.apiproducts.list

apigee.appkeys.*

apigee.appkeys.create
apigee.appkeys.delete
apigee.appkeys.get
apigee.appkeys.manage

apigee.apps.*

apigee.apps.get
apigee.apps.list

apigee.datacollectors.*

apigee.datacollectors.create
apigee.datacollectors.delete
apigee.datacollectors.get
apigee.datacollectors.list
apigee.datacollectors.update

apigee.developerappattributes.*

apigee.developerappattributes.createOrUpdateAll
apigee.developerappattributes.delete
apigee.developerappattributes.get
apigee.developerappattributes.list
apigee.developerappattributes.update

apigee.developerapps.*

apigee.developerapps.create
apigee.developelapps.delete
apigee.developerapps.get
apigee.developerapps.list
apigee.developerapps.manage

apigee.developerattributes.*

apigee.developerattributes.createOrUpdateAll
apigee.developerattributes.delete
apigee.developerattributes.get
apigee.developerattributes.list
apigee.developerattributes.update

apigee.developerbalances.*

apigee.developerbalances.adjust
apigee.developerbalances.get
apigee.developerbalances.update

apigee.developermonetizationconfigs.*

apigee.developermonetizationconfigs.get
apigee.developermonetizationconfigs.update

apigee.developers.*

apigee.developers.create
apigee.developers.delete
apigee.developers.get
apigee.developers.list
apigee.developers.update

apigee.developersubscriptions.*

apigee.developersubscriptions.create
apigee.developersubscriptions.get
apigee.developersubscriptions.list
apigee.developersubscriptions.update

apigee.entitlements.get

apigee.environments.get

apigee.environments.getStats

apigee.environments.list

apigee.hoststats.get

apigee.organizations.get

apigee.organizations.list

apigee.projectorganizations.get

apigee.rateplans.get

apigee.rateplans.list

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

resourcemanager.projects.list

Apigee Environment Admin

(roles/apigee.environmentAdmin)

拥有对 Apigee 环境资源（包括部署）的完整读写权限。

apigee.archivedeployments.*

apigee.archivedeployments.create
apigee.archivedeployments.delete
apigee.archivedeployments.download
apigee.archivedeployments.get
apigee.archivedeployments.list
apigee.archivedeployments.update
apigee.archivedeployments.upload

apigee.datacollectors.get

apigee.datacollectors.list

apigee.deployments.*

apigee.deployments.create
apigee.deployments.delete
apigee.deployments.get
apigee.deployments.list
apigee.deployments.update

apigee.entitlements.get

apigee.envgroupattachments.get

apigee.envgroupattachments.list

apigee.envgroups.get

apigee.envgroups.list

apigee.environments.get

apigee.environments.getIamPolicy

apigee.environments.getStats

apigee.environments.list

apigee.environments.setIamPolicy

apigee.environments.update

apigee.flowhooks.*

apigee.flowhooks.attachSharedFlow
apigee.flowhooks.detachSharedFlow
apigee.flowhooks.getSharedFlow
apigee.flowhooks.list

apigee.ingressconfigs.get

apigee.keystorealiases.*

apigee.keystorealiases.create
apigee.keystorealiases.delete
apigee.keystorealiases.exportCertificate
apigee.keystorealiases.generateCSR
apigee.keystorealiases.get
apigee.keystorealiases.list
apigee.keystorealiases.update

apigee.keystores.*

apigee.keystores.create
apigee.keystores.delete
apigee.keystores.export
apigee.keystores.get
apigee.keystores.list

apigee.keyvaluemapentries.*

apigee.keyvaluemapentries.create
apigee.keyvaluemapentries.delete
apigee.keyvaluemapentries.get
apigee.keyvaluemapentries.list

apigee.keyvaluemaps.*

apigee.keyvaluemaps.create
apigee.keyvaluemaps.delete
apigee.keyvaluemaps.list

apigee.maskconfigs.*

apigee.maskconfigs.get
apigee.maskconfigs.update

apigee.organizations.get

apigee.organizations.list

apigee.projectorganizations.get

apigee.proxies.get

apigee.proxies.list

apigee.proxyrevisions.deploy

apigee.proxyrevisions.get

apigee.proxyrevisions.list

apigee.proxyrevisions.undeploy

apigee.references.*

apigee.references.create
apigee.references.delete
apigee.references.get
apigee.references.list
apigee.references.update

apigee.resourcefiles.*

apigee.resourcefiles.create
apigee.resourcefiles.delete
apigee.resourcefiles.get
apigee.resourcefiles.list
apigee.resourcefiles.update

apigee.sharedflowrevisions.deploy

apigee.sharedflowrevisions.get

apigee.sharedflowrevisions.list

apigee.sharedflowrevisions.undeploy

apigee.sharedflows.get

apigee.sharedflows.list

apigee.targetservers.*

apigee.targetservers.create
apigee.targetservers.delete
apigee.targetservers.get
apigee.targetservers.list
apigee.targetservers.update

apigee.traceconfig.*

apigee.traceconfig.get
apigee.traceconfig.update

apigee.traceconfigoverrides.*

apigee.traceconfigoverrides.create
apigee.traceconfigoverrides.delete
apigee.traceconfigoverrides.get
apigee.traceconfigoverrides.list
apigee.traceconfigoverrides.update

apigee.tracesessions.*

apigee.tracesessions.create
apigee.tracesessions.delete
apigee.tracesessions.get
apigee.tracesessions.list

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

resourcemanager.projects.list

Apigee Monetization Admin

(roles/apigee.monetizationAdmin)

与创收相关的所有权限

apigee.apiproducts.get

apigee.apiproducts.list

apigee.developerbalances.*

apigee.developerbalances.adjust
apigee.developerbalances.get
apigee.developerbalances.update

apigee.developermonetizationconfigs.*

apigee.developermonetizationconfigs.get
apigee.developermonetizationconfigs.update

apigee.developersubscriptions.*

apigee.developersubscriptions.create
apigee.developersubscriptions.get
apigee.developersubscriptions.list
apigee.developersubscriptions.update

apigee.entitlements.get

apigee.organizations.get

apigee.organizations.list

apigee.projectorganizations.get

apigee.rateplans.*

apigee.rateplans.create
apigee.rateplans.delete
apigee.rateplans.get
apigee.rateplans.list
apigee.rateplans.update

resourcemanager.projects.get

resourcemanager.projects.list

Apigee Portal Admin

(roles/apigee.portalAdmin)

可以管理 Apigee 组织的门户

apigee.entitlements.get

apigee.organizations.get

apigee.organizations.list

apigee.portals.*

apigee.portals.create
apigee.portals.delete
apigee.portals.get
apigee.portals.list
apigee.portals.update

apigee.projectorganizations.get

resourcemanager.projects.get

resourcemanager.projects.list

Apigee Read-only Admin

(roles/apigee.readOnlyAdmin)

可查看所有 Apigee 资源

apigee.apiproductattributes.get

apigee.apiproductattributes.list

apigee.apiproducts.get

apigee.apiproducts.list

apigee.appkeys.get

apigee.apps.*

apigee.apps.get
apigee.apps.list

apigee.archivedeployments.download

apigee.archivedeployments.get

apigee.archivedeployments.list

apigee.caches.list

apigee.canaryevaluations.get

apigee.datacollectors.get

apigee.datacollectors.list

apigee.datalocation.get

apigee.datastores.get

apigee.datastores.list

apigee.deployments.get

apigee.deployments.list

apigee.developerappattributes.get

apigee.developerappattributes.list

apigee.developerapps.get

apigee.developerapps.list

apigee.developerattributes.get

apigee.developerattributes.list

apigee.developerbalances.get

apigee.developermonetizationconfigs.get

apigee.developers.get

apigee.developers.list

apigee.developersubscriptions.get

apigee.developersubscriptions.list

apigee.endpointattachments.get

apigee.endpointattachments.list

apigee.entitlements.get

apigee.envgroupattachments.get

apigee.envgroupattachments.list

apigee.envgroups.get

apigee.envgroups.list

apigee.environments.get

apigee.environments.getDataLocation

apigee.environments.getIamPolicy

apigee.environments.getStats

apigee.environments.list

apigee.exports.get

apigee.exports.list

apigee.flowhooks.getSharedFlow

apigee.flowhooks.list

apigee.hostqueries.get

apigee.hostqueries.list

apigee.hostsecurityreports.get

apigee.hostsecurityreports.list

apigee.hoststats.get

apigee.ingressconfigs.get

apigee.instanceattachments.get

apigee.instanceattachments.list

apigee.instances.get

apigee.instances.list

apigee.keystorealiases.get

apigee.keystorealiases.list

apigee.keystores.get

apigee.keystores.list

apigee.keyvaluemapentries.get

apigee.keyvaluemapentries.list

apigee.keyvaluemaps.list

apigee.maskconfigs.get

apigee.nataddresses.get

apigee.nataddresses.list

apigee.operations.*

apigee.operations.get
apigee.operations.list

apigee.organizations.get

apigee.organizations.list

apigee.portals.get

apigee.portals.list

apigee.projectorganizations.get

apigee.proxies.get

apigee.proxies.list

apigee.proxyrevisions.get

apigee.proxyrevisions.list

apigee.queries.get

apigee.queries.list

apigee.rateplans.get

apigee.rateplans.list

apigee.references.get

apigee.references.list

apigee.reports.get

apigee.reports.list

apigee.resourcefiles.get

apigee.resourcefiles.list

apigee.runtimeconfigs.get

apigee.securityIncidents.*

apigee.securityIncidents.get
apigee.securityIncidents.list

apigee.securityProfileEnvironments.computeScore

apigee.securityProfiles.*

apigee.securityProfiles.get
apigee.securityProfiles.list

apigee.securityStats.*

apigee.securityStats.queryTabularStats
apigee.securityStats.queryTimeSeriesStats

apigee.securityreports.get

apigee.securityreports.list

apigee.setupcontexts.get

apigee.sharedflowrevisions.get

apigee.sharedflowrevisions.list

apigee.sharedflows.get

apigee.sharedflows.list

apigee.targetservers.get

apigee.targetservers.list

apigee.traceconfig.get

apigee.traceconfigoverrides.get

apigee.traceconfigoverrides.list

apigee.tracesessions.get

apigee.tracesessions.list

monitoring.timeSeries.list

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

resourcemanager.projects.list

Apigee Runtime Agent

(roles/apigee.runtimeAgent)

提供一组特选权限，可让运行时代理访问 Apigee 组织资源

apigee.canaryevaluations.*

apigee.canaryevaluations.create
apigee.canaryevaluations.get

apigee.entitlements.get

apigee.ingressconfigs.get

apigee.instances.reportStatus

apigee.operations.*

apigee.operations.get
apigee.operations.list

apigee.organizations.get

apigee.projectorganizations.get

apigee.runtimeconfigs.get

Apigee Security Admin

(roles/apigee.securityAdmin)

可以管理 Apigee 组织的安全设置

apigee.entitlements.get

apigee.envgroupattachments.get

apigee.envgroupattachments.list

apigee.envgroups.get

apigee.envgroups.list

apigee.environments.get

apigee.environments.list

apigee.hostsecurityreports.*

apigee.hostsecurityreports.create
apigee.hostsecurityreports.get
apigee.hostsecurityreports.list

apigee.organizations.get

apigee.organizations.list

apigee.projectorganizations.get

apigee.securityIncidents.*

apigee.securityIncidents.get
apigee.securityIncidents.list

apigee.securityProfileEnvironments.*

apigee.securityProfileEnvironments.computeScore
apigee.securityProfileEnvironments.create
apigee.securityProfileEnvironments.delete

apigee.securityProfiles.*

apigee.securityProfiles.get
apigee.securityProfiles.list

apigee.securityStats.*

apigee.securityStats.queryTabularStats
apigee.securityStats.queryTimeSeriesStats

apigee.securityreports.*

apigee.securityreports.create
apigee.securityreports.get
apigee.securityreports.list

resourcemanager.projects.get

resourcemanager.projects.list

Apigee Security Viewer

(roles/apigee.securityViewer)

可查看 Apigee 组织的安全设置

apigee.entitlements.get

apigee.envgroupattachments.get

apigee.envgroupattachments.list

apigee.envgroups.get

apigee.envgroups.list

apigee.environments.get

apigee.environments.list

apigee.hostsecurityreports.get

apigee.hostsecurityreports.list

apigee.organizations.get

apigee.organizations.list

apigee.projectorganizations.get

apigee.securityIncidents.*

apigee.securityIncidents.get
apigee.securityIncidents.list

apigee.securityProfileEnvironments.computeScore

apigee.securityProfiles.*

apigee.securityProfiles.get
apigee.securityProfiles.list

apigee.securityStats.*

apigee.securityStats.queryTabularStats
apigee.securityStats.queryTimeSeriesStats

apigee.securityreports.get

apigee.securityreports.list

resourcemanager.projects.get

resourcemanager.projects.list

Apigee Synchronizer Manager

(roles/apigee.synchronizerManager)

提供一组特选权限，可让 Synchronizer 管理 Apigee 组织中的环境

apigee.environments.get

apigee.environments.manageRuntime

apigee.ingressconfigs.get

Apigee Connect Admin

(roles/apigeeconnect.Admin)

可以管理 Apigee Connect

apigeeconnect.connections.list

Apigee Connect Agent

(roles/apigeeconnect.Agent)

能够在外部集群和 Google 之间设置 Apigee Connect 代理。

apigeeconnect.endpoints.connect

Apigee Registry 角色

角色权限

角色	权限
Cloud Apigee Registry Admin ^{Beta 版} （`roles/apigeeregistry.admin`）拥有对 Cloud Apigee Registry 和运行时资源的完整访问权限。	apigeeregistry.* apigeeregistry.apis.create apigeeregistry.apis.delete apigeeregistry.apis.get apigeeregistry.apis.getIamPolicy apigeeregistry.apis.list apigeeregistry.apis.setIamPolicy apigeeregistry.apis.update apigeeregistry.artifacts.create apigeeregistry.artifacts.delete apigeeregistry.artifacts.get apigeeregistry.artifacts.getIamPolicy apigeeregistry.artifacts.list apigeeregistry.artifacts.setIamPolicy apigeeregistry.artifacts.update apigeeregistry.deployments.create apigeeregistry.deployments.delete apigeeregistry.deployments.get apigeeregistry.deployments.list apigeeregistry.deployments.update apigeeregistry.instances.get apigeeregistry.instances.update apigeeregistry.locations.get apigeeregistry.locations.list apigeeregistry.operations.cancel apigeeregistry.operations.delete apigeeregistry.operations.get apigeeregistry.operations.list apigeeregistry.specs.create apigeeregistry.specs.delete apigeeregistry.specs.get apigeeregistry.specs.getIamPolicy apigeeregistry.specs.list apigeeregistry.specs.setIamPolicy apigeeregistry.specs.update apigeeregistry.versions.create apigeeregistry.versions.delete apigeeregistry.versions.get apigeeregistry.versions.getIamPolicy apigeeregistry.versions.list apigeeregistry.versions.setIamPolicy apigeeregistry.versions.update resourcemanager.projects.get resourcemanager.projects.list
Cloud Apigee Registry Editor ^{Beta 版} （`roles/apigeeregistry.editor`）拥有对 Cloud Apigee Registry 资源的修改权限。	apigeeregistry.apis.create apigeeregistry.apis.delete apigeeregistry.apis.get apigeeregistry.apis.getIamPolicy apigeeregistry.apis.list apigeeregistry.apis.update apigeeregistry.artifacts.create apigeeregistry.artifacts.delete apigeeregistry.artifacts.get apigeeregistry.artifacts.getIamPolicy apigeeregistry.artifacts.list apigeeregistry.artifacts.update apigeeregistry.deployments.* apigeeregistry.deployments.create apigeeregistry.deployments.delete apigeeregistry.deployments.get apigeeregistry.deployments.list apigeeregistry.deployments.update apigeeregistry.specs.create apigeeregistry.specs.delete apigeeregistry.specs.get apigeeregistry.specs.getIamPolicy apigeeregistry.specs.list apigeeregistry.specs.update apigeeregistry.versions.create apigeeregistry.versions.delete apigeeregistry.versions.get apigeeregistry.versions.getIamPolicy apigeeregistry.versions.list apigeeregistry.versions.update resourcemanager.projects.get resourcemanager.projects.list
Cloud Apigee Registry Viewer ^{Beta 版} （`roles/apigeeregistry.viewer`）拥有对 Cloud Apigee Registry 资源的只读权限。	apigeeregistry.apis.get apigeeregistry.apis.list apigeeregistry.artifacts.get apigeeregistry.artifacts.list apigeeregistry.deployments.get apigeeregistry.deployments.list apigeeregistry.specs.get apigeeregistry.specs.list apigeeregistry.versions.get apigeeregistry.versions.list resourcemanager.projects.get resourcemanager.projects.list
Cloud Apigee Registry Worker ^{Beta 版} （`roles/apigeeregistry.worker`） Apigee Registry 应用工作器用于读取和更新 Apigee Registry 工件的角色。	apigeeregistry.apis.get apigeeregistry.apis.list apigeeregistry.apis.update apigeeregistry.artifacts.create apigeeregistry.artifacts.delete apigeeregistry.artifacts.get apigeeregistry.artifacts.list apigeeregistry.artifacts.update apigeeregistry.deployments.get apigeeregistry.deployments.list apigeeregistry.deployments.update apigeeregistry.specs.get apigeeregistry.specs.list apigeeregistry.specs.update apigeeregistry.versions.get apigeeregistry.versions.list apigeeregistry.versions.update resourcemanager.projects.get resourcemanager.projects.list

Cloud Apigee Registry Admin ^{Beta 版}

（roles/apigeeregistry.admin）

拥有对 Cloud Apigee Registry 和运行时资源的完整访问权限。

apigeeregistry.*

apigeeregistry.apis.create
apigeeregistry.apis.delete
apigeeregistry.apis.get
apigeeregistry.apis.getIamPolicy
apigeeregistry.apis.list
apigeeregistry.apis.setIamPolicy
apigeeregistry.apis.update
apigeeregistry.artifacts.create
apigeeregistry.artifacts.delete
apigeeregistry.artifacts.get
apigeeregistry.artifacts.getIamPolicy
apigeeregistry.artifacts.list
apigeeregistry.artifacts.setIamPolicy
apigeeregistry.artifacts.update
apigeeregistry.deployments.create
apigeeregistry.deployments.delete
apigeeregistry.deployments.get
apigeeregistry.deployments.list
apigeeregistry.deployments.update
apigeeregistry.instances.get
apigeeregistry.instances.update
apigeeregistry.locations.get
apigeeregistry.locations.list
apigeeregistry.operations.cancel
apigeeregistry.operations.delete
apigeeregistry.operations.get
apigeeregistry.operations.list
apigeeregistry.specs.create
apigeeregistry.specs.delete
apigeeregistry.specs.get
apigeeregistry.specs.getIamPolicy
apigeeregistry.specs.list
apigeeregistry.specs.setIamPolicy
apigeeregistry.specs.update
apigeeregistry.versions.create
apigeeregistry.versions.delete
apigeeregistry.versions.get
apigeeregistry.versions.getIamPolicy
apigeeregistry.versions.list
apigeeregistry.versions.setIamPolicy
apigeeregistry.versions.update

resourcemanager.projects.get

resourcemanager.projects.list

Cloud Apigee Registry Editor ^{Beta 版}

（roles/apigeeregistry.editor）

拥有对 Cloud Apigee Registry 资源的修改权限。

apigeeregistry.apis.create

apigeeregistry.apis.delete

apigeeregistry.apis.get

apigeeregistry.apis.getIamPolicy

apigeeregistry.apis.list

apigeeregistry.apis.update

apigeeregistry.artifacts.create

apigeeregistry.artifacts.delete

apigeeregistry.artifacts.get

apigeeregistry.artifacts.getIamPolicy

apigeeregistry.artifacts.list

apigeeregistry.artifacts.update

apigeeregistry.deployments.*

apigeeregistry.deployments.create
apigeeregistry.deployments.delete
apigeeregistry.deployments.get
apigeeregistry.deployments.list
apigeeregistry.deployments.update

apigeeregistry.specs.create

apigeeregistry.specs.delete

apigeeregistry.specs.get

apigeeregistry.specs.getIamPolicy

apigeeregistry.specs.list

apigeeregistry.specs.update

apigeeregistry.versions.create

apigeeregistry.versions.delete

apigeeregistry.versions.get

apigeeregistry.versions.getIamPolicy

apigeeregistry.versions.list

apigeeregistry.versions.update

resourcemanager.projects.get

resourcemanager.projects.list

Cloud Apigee Registry Viewer ^{Beta 版}

（roles/apigeeregistry.viewer）

拥有对 Cloud Apigee Registry 资源的只读权限。

apigeeregistry.apis.get

apigeeregistry.apis.list

apigeeregistry.artifacts.get

apigeeregistry.artifacts.list

apigeeregistry.deployments.get

apigeeregistry.deployments.list

apigeeregistry.specs.get

apigeeregistry.specs.list

apigeeregistry.versions.get

apigeeregistry.versions.list

resourcemanager.projects.get

resourcemanager.projects.list

Cloud Apigee Registry Worker ^{Beta 版}

（roles/apigeeregistry.worker）

Apigee Registry 应用工作器用于读取和更新 Apigee Registry 工件的角色。

apigeeregistry.apis.get

apigeeregistry.apis.list

apigeeregistry.apis.update

apigeeregistry.artifacts.create

apigeeregistry.artifacts.delete

apigeeregistry.artifacts.get

apigeeregistry.artifacts.list

apigeeregistry.artifacts.update

apigeeregistry.deployments.get

apigeeregistry.deployments.list

apigeeregistry.deployments.update

apigeeregistry.specs.get

apigeeregistry.specs.list

apigeeregistry.specs.update

apigeeregistry.versions.get

apigeeregistry.versions.list

apigeeregistry.versions.update

resourcemanager.projects.get

resourcemanager.projects.list

了解角色

本指南的先决条件

角色类型

基本角色

基本角色定义

预定义角色

Access Approval 角色

Access Approval Approver Beta

Access Approval Config Editor Beta

Access Approval Invalidator Beta

Access Approval Viewer Beta

Access Context Manager 角色

Cloud Access Binding Admin

Cloud Access Binding Reader

Access Context Manager Admin

Access Context Manager Editor

Access Context Manager Reader

VPC Service Controls Troubleshooter Viewer

操作角色

Actions Admin

Actions Viewer

AI Notebooks 角色

Notebooks Admin

Notebooks Legacy Admin

Notebooks Legacy Viewer

Notebooks Runner

Notebooks Viewer

AI Platform 角色

AI Platform Admin

AI Platform Developer

AI Platform Job Owner

AI Platform Model Owner

AI Platform Model User

AI Platform Operation Owner

AI Platform Viewer

Analytics Hub 角色

Analytics Hub Admin

Analytics Hub Listing Admin

Analytics Hub Publisher

Analytics Hub Subscriber

Analytics Hub Viewer

Android 管理角色

Android Management User

Anthos 多云端角色

Anthos Multi-cloud Admin

Anthos Multi-cloud Telemetry Writer

Anthos Multi-cloud Viewer

API Gateway 角色

ApiGateway Admin

ApiGateway Viewer

Apigee 角色

Apigee Organization Admin

Apigee Analytics Agent

Apigee Analytics Editor

Apigee Analytics Viewer

Apigee API Admin

Apigee API Reader

Apigee Developer Admin

Apigee Environment Admin

Apigee Monetization Admin

Apigee Portal Admin

Apigee Read-only Admin

Apigee Runtime Agent

Apigee Security Admin

Apigee Security Viewer

Apigee Synchronizer Manager

Apigee Connect Admin

Apigee Connect Agent

Apigee Registry 角色

Cloud Apigee Registry Admin Beta 版

Cloud Apigee Registry Editor Beta 版

Cloud Apigee Registry Viewer Beta 版

Cloud Apigee Registry Worker Beta 版

App Engine 角色

Access Approval Approver ^Beta

Access Approval Config Editor ^Beta

Access Approval Invalidator ^Beta

Access Approval Viewer ^Beta

Cloud Apigee Registry Admin ^{Beta 版}

Cloud Apigee Registry Editor ^{Beta 版}

Cloud Apigee Registry Viewer ^{Beta 版}

Cloud Apigee Registry Worker ^{Beta 版}