이 페이지에서는 IAM 역할을 설명하고 주 구성원에게 부여할 수 있는 사전 정의된 역할을 나열합니다.
역할에는 Google Cloud 리소스에서 특정 작업을 수행할 수 있는 일련의 권한이 포함되어 있습니다. 사용자, 그룹, 서비스 계정을 포함하여 주 구성원에게 권한을 제공하려면 주 구성원에게 역할을 부여합니다.
이 가이드의 기본 요건
- IAM의 기본 개념 이해
역할 유형
IAM에는 다음과 같은 세 가지 유형의 역할이 있습니다.
- 기본 역할: IAM 도입 전에 있었던 기존의 소유자, 편집자, 뷰어 역할이 포함됩니다.
- 사전 정의된 역할: 특정 서비스에 대한 세분화된 액세스 권한을 제공하며, Google Cloud에서 관리합니다.
- 커스텀 역할: 사용자 지정 권한 목록에 따라 세분화된 액세스 권한을 제공합니다.
기본, 사전 정의, 커스텀 역할에 권한이 포함되어 있는지 확인하려면 다음 방법 중 하나를 사용하면 됩니다.
gcloud iam roles describe
명령어를 실행하여 역할의 권한을 나열합니다.roles.get()
REST API 메서드를 호출하여 역할의 권한을 나열합니다.- 기본 및 사전 정의된 역할만 해당: 권한 참조를 검색하여 권한이 역할에서 부여되었는지 확인합니다.
- 사전 정의된 역할만 해당: 이 페이지에서 사전 정의된 역할 설명을 검색하여 역할에 포함된 권한을 확인합니다.
다음 섹션에서는 각 역할 유형을 설명하고 이를 사용하는 방법의 예를 보여줍니다.
기본 역할
IAM 도입 전에도 존재했던 소유자, 편집자, 뷰어라는 몇 가지 기본 역할이 있습니다. 이 세 가지 역할의 권한은 동심원 형태로 겹칩니다. 즉, 소유자 역할에는 편집자 역할의 권한이 포함되며, 편집자 역할에는 뷰어 역할의 권한이 포함됩니다. 원래 이름은 '기본 역할'이었습니다.
다음 표에서는 모든 Google Cloud 서비스에서 기본 역할에 포함되는 권한을 간략히 확인할 수 있습니다.
기본 역할 정의
이름 | 직책 | 권한 |
---|---|---|
roles/viewer |
뷰어 | 상태에 영향을 주지 않는 읽기 전용 작업에 대한 권한이 있습니다. 예를 들면 기존 리소스 또는 데이터의 조회(수정 제외)가 여기에 해당합니다. |
roles/editor |
편집자 | 모든 뷰어 권한에 더해 기존 리소스 변경과 같이 상태를 변경하는 작업에 대한 권한까지 포함됩니다. 참고: 편집자 역할에는 대부분의 Google Cloud 서비스의 리소스를 만들고 삭제할 수 있는 권한이 포함됩니다. 하지만 모든 서비스에 대한 모든 작업을 수행할 수 있는 권한은 포함되어 있지 않습니다. 역할에 필요한 권한이 부여되었는지 확인하는 방법은 이 페이지의 역할 유형을 참조하세요.
|
roles/owner |
소유자 | 모든 편집자 권한 및 다음 작업에 대한 권한까지 포함됩니다.
참고:
|
Google Cloud 콘솔, API, gcloud CLI를 사용하여 기본 역할을 부여할 수 있습니다. 프로젝트, 폴더 또는 조직에 기본 역할을 부여하려면 프로젝트, 폴더, 조직에 대한 액세스 관리를 참조하세요. 다른 리소스에 대한 기본 역할을 부여하려면 다른 리소스에 대한 액세스 관리를 참조하세요.
사전 정의된 역할
기본 역할 외에도 IAM은 특정 Google Cloud 리소스에 대해 세부적인 액세스 권한을 제공하고 다른 리소스에 대해 원치 않는 액세스를 방지하는 사전 정의된 추가 역할을 제공합니다. 이러한 역할은 Google에서 만들고 유지관리합니다. Google은 Google Cloud가 새 기능이나 서비스를 추가하는 경우와 같이 필요에 따라 권한을 자동으로 업데이트합니다.
다음 표에서는 이러한 역할, 역할에 관한 설명, 해당 역할을 설정할 수 있는 최하위 수준 리소스 유형의 목록을 확인할 수 있습니다. 이러한 리소스 유형에는 특정 역할을 부여하거나, 또는 대부분의 경우 Google Cloud 리소스 계층 구조에서 해당 역할의 상위에 해당하는 모든 유형을 부여할 수 있습니다.
리소스 계층 구조의 모든 수준에서 동일한 사용자에게 여러 역할을 부여할 수 있습니다. 예를 들어 한 사용자가 한 프로젝트의 Compute 네트워크 관리자 역할과 로그 뷰어 역할을 가지고 해당 프로젝트 내의 Pub/Sub 주제에 대한 Pub/Sub 게시자 역할도 부여받을 수 있습니다. 역할에 포함된 권한 목록은 역할 메타데이터 보기를 참조하세요.
가장 적절한 사전 정의된 역할을 선택하는 데 도움이 필요하면 사전 정의된 역할 선택을 참조하세요.
액세스 승인 역할
Role | Permissions |
---|---|
Access Approval Approver Beta( Ability to view or act on access approval requests and view configuration Contains 3 owner permissions |
accessapproval.requests.*
accessapproval. accessapproval.settings.get resourcemanager.projects.get resourcemanager.projects.list |
Access Approval Config Editor Beta( Ability to update the Access Approval configuration Contains 2 owner permissions |
accessapproval. accessapproval.settings.*
resourcemanager.projects.get resourcemanager.projects.list |
Access Approval Invalidator Beta( Ability to invalidate existing approved approval requests Contains 1 owner permission |
manage_accounts
accessapproval. accessapproval. accessapproval.settings.get resourcemanager.projects.get resourcemanager.projects.list |
Access Approval Viewer Beta( Ability to view access approval requests and configuration |
accessapproval.requests.get accessapproval.requests.list accessapproval. accessapproval.settings.get resourcemanager.projects.get resourcemanager.projects.list |
Access Context Manager 역할
Role | Permissions |
---|---|
Cloud Access Binding Admin( Create, edit, and change Cloud access bindings. |
accesscontextmanager.
|
Cloud Access Binding Reader( Read access to Cloud access bindings. |
accesscontextmanager. accesscontextmanager. |
Access Context Manager Admin( Full access to policies, access levels, access zones and authorized orgs descs. Contains 2 owner permissions |
accesscontextmanager.
accesscontextmanager.
accesscontextmanager.
accesscontextmanager.
accesscontextmanager.
accesscontextmanager.
cloudasset. resourcemanager. resourcemanager.projects.get resourcemanager.projects.list |
Access Context Manager Editor( Edit access to policies. Create, edit, and change access levels, access zones and authorized orgs descs. |
accesscontextmanager.
accesscontextmanager. accesscontextmanager. accesscontextmanager. accesscontextmanager. accesscontextmanager. accesscontextmanager.
accesscontextmanager.
accesscontextmanager.
accesscontextmanager. accesscontextmanager. accesscontextmanager. accesscontextmanager. accesscontextmanager. accesscontextmanager.
accesscontextmanager.
cloudasset. resourcemanager. resourcemanager.projects.get resourcemanager.projects.list |
Access Context Manager Reader( Read access to policies, access levels, access zones and authorized orgs descs. |
accesscontextmanager. accesscontextmanager. accesscontextmanager. accesscontextmanager. accesscontextmanager. accesscontextmanager. accesscontextmanager. accesscontextmanager. accesscontextmanager. accesscontextmanager. accesscontextmanager. accesscontextmanager. accesscontextmanager. accesscontextmanager. resourcemanager. resourcemanager.projects.get resourcemanager.projects.list |
VPC Service Controls Troubleshooter Viewer(
|
accesscontextmanager. accesscontextmanager. accesscontextmanager. accesscontextmanager. accesscontextmanager. accesscontextmanager. accesscontextmanager. accesscontextmanager. accesscontextmanager. logging.exclusions.get logging.exclusions.list logging.logEntries.list logging.logMetrics.get logging.logMetrics.list logging.logServiceIndexes.list logging.logServices.list logging.logs.list logging.sinks.get logging.sinks.list logging.usage.get resourcemanager. resourcemanager.projects.get resourcemanager.projects.list |
작업 역할
Role | Permissions |
---|---|
Actions Admin( Access to edit and deploy an action |
actions.*
firebase.projects.get firebase.projects.update resourcemanager.projects.get resourcemanager.projects.list serviceusage.services.use |
Actions Viewer( Access to view an action |
actions.agent.get actions.agentVersions.get actions.agentVersions.list firebase.projects.get resourcemanager.projects.get resourcemanager.projects.list serviceusage.services.use |
AI Notebooks 역할
역할 | 권한 |
---|---|
Notebooks 관리자( Notebooks의 모든 리소스에 대한 전체 액세스 권한입니다. 이 역할을 부여할 수 있는 최하위 수준 리소스:
소유자 권한 5개 포함 |
compute.acceleratorTypes.*
compute.addresses.get compute.addresses.list compute.autoscalers.get compute.autoscalers.list compute.backendBuckets.get compute. compute.backendBuckets.list compute.backendServices.get compute. compute.backendServices.list compute.commitments.get compute.commitments.list compute.diskTypes.*
compute.disks.get compute.disks.getIamPolicy compute.disks.list compute. compute.disks.listTagBindings compute. compute. compute.firewallPolicies.get compute. compute.firewallPolicies.list compute.firewalls.get compute.firewalls.list compute.forwardingRules.get compute.forwardingRules.list compute.globalAddresses.get compute.globalAddresses.list compute. compute. compute. compute. compute. compute.globalOperations.get compute. compute.globalOperations.list compute. compute. compute.healthChecks.get compute.healthChecks.list compute.httpHealthChecks.get compute.httpHealthChecks.list compute.httpsHealthChecks.get compute.httpsHealthChecks.list compute.images.get compute.images.getFromFamily compute.images.getIamPolicy compute.images.list compute. compute.images.listTagBindings compute. compute. compute.instanceGroups.get compute.instanceGroups.list compute.instanceTemplates.get compute. compute.instanceTemplates.list compute.instances.get compute. compute. compute.instances.getIamPolicy compute. compute. compute. compute. compute.instances.list compute. compute. compute. compute. compute.
compute.
compute.interconnects.get compute.interconnects.list compute.licenseCodes.get compute. compute.licenseCodes.list compute.licenses.get compute.licenses.getIamPolicy compute.licenses.list compute.machineImages.get compute. compute.machineImages.list compute.machineTypes.*
compute. compute. compute. compute.networkAttachments.get compute. compute. compute. compute. compute. compute. compute.networks.get compute. compute. compute.networks.list compute. compute.nodeGroups.get compute. compute.nodeGroups.list compute.nodeTemplates.get compute. compute.nodeTemplates.list compute.nodeTypes.*
compute. compute.packetMirrorings.get compute.packetMirrorings.list compute.projects.get compute. compute. compute. compute. compute. compute. compute. compute. compute. compute. compute. compute. compute.regionHealthChecks.get compute. compute. compute. compute. compute. compute.regionOperations.get compute. compute.regionOperations.list compute. compute. compute. compute. compute.regionSslPolicies.get compute.regionSslPolicies.list compute. compute. compute. compute. compute. compute. compute. compute.regionUrlMaps.get compute.regionUrlMaps.list compute.regionUrlMaps.validate compute.regions.*
compute.reservations.get compute.reservations.list compute.resourcePolicies.get compute. compute.resourcePolicies.list compute.routers.get compute.routers.list compute.routes.get compute.routes.list compute.securityPolicies.get compute. compute.securityPolicies.list compute.serviceAttachments.get compute. compute. compute.snapshots.get compute.snapshots.getIamPolicy compute.snapshots.list compute. compute. compute.sslCertificates.get compute.sslCertificates.list compute.sslPolicies.get compute.sslPolicies.list compute. compute.subnetworks.get compute. compute.subnetworks.list compute.targetGrpcProxies.get compute.targetGrpcProxies.list compute.targetHttpProxies.get compute.targetHttpProxies.list compute.targetHttpsProxies.get compute. compute.targetInstances.get compute.targetInstances.list compute.targetPools.get compute.targetPools.list compute.targetSslProxies.get compute.targetSslProxies.list compute.targetTcpProxies.get compute.targetTcpProxies.list compute.targetVpnGateways.get compute.targetVpnGateways.list compute.urlMaps.get compute.urlMaps.list compute.urlMaps.validate compute.vpnGateways.get compute.vpnGateways.list compute.vpnTunnels.get compute.vpnTunnels.list compute.zoneOperations.get compute. compute.zoneOperations.list compute.zones.*
notebooks.*
resourcemanager.projects.get resourcemanager.projects.list serviceusage.quotas.get serviceusage.services.get serviceusage.services.list |
메모장 기존 관리자( Compute API를 통한 메모장의 모든 리소스에 대한 전체 액세스 권한입니다. 소유자 권한 38개 포함 |
compute.*
notebooks.*
resourcemanager.projects.get resourcemanager.projects.list serviceusage.quotas.get serviceusage.services.get serviceusage.services.list |
메모장 기존 뷰어( Compute API를 통한 메모장의 모든 리소스에 대한 읽기 전용 액세스 권한입니다. |
compute.acceleratorTypes.*
compute.addresses.get compute.addresses.list compute.autoscalers.get compute.autoscalers.list compute.backendBuckets.get compute. compute.backendBuckets.list compute.backendServices.get compute. compute.backendServices.list compute.commitments.get compute.commitments.list compute.diskTypes.*
compute.disks.get compute.disks.getIamPolicy compute.disks.list compute. compute.disks.listTagBindings compute. compute. compute.firewallPolicies.get compute. compute.firewallPolicies.list compute.firewalls.get compute.firewalls.list compute.forwardingRules.get compute.forwardingRules.list compute.globalAddresses.get compute.globalAddresses.list compute. compute. compute. compute. compute. compute.globalOperations.get compute. compute.globalOperations.list compute. compute. compute.healthChecks.get compute.healthChecks.list compute.httpHealthChecks.get compute.httpHealthChecks.list compute.httpsHealthChecks.get compute.httpsHealthChecks.list compute.images.get compute.images.getFromFamily compute.images.getIamPolicy compute.images.list compute. compute.images.listTagBindings compute. compute. compute.instanceGroups.get compute.instanceGroups.list compute.instanceTemplates.get compute. compute.instanceTemplates.list compute.instances.get compute. compute. compute.instances.getIamPolicy compute. compute. compute. compute. compute.instances.list compute. compute. compute. compute. compute.
compute.
compute.interconnects.get compute.interconnects.list compute.licenseCodes.get compute. compute.licenseCodes.list compute.licenses.get compute.licenses.getIamPolicy compute.licenses.list compute.machineImages.get compute. compute.machineImages.list compute.machineTypes.*
compute. compute. compute. compute.networkAttachments.get compute. compute. compute. compute. compute. compute. compute.networks.get compute. compute. compute.networks.list compute. compute.nodeGroups.get compute. compute.nodeGroups.list compute.nodeTemplates.get compute. compute.nodeTemplates.list compute.nodeTypes.*
compute. compute.packetMirrorings.get compute.packetMirrorings.list compute.projects.get compute. compute. compute. compute. compute. compute. compute. compute. compute. compute. compute. compute. compute.regionHealthChecks.get compute. compute. compute. compute. compute. compute.regionOperations.get compute. compute.regionOperations.list compute. compute. compute. compute. compute.regionSslPolicies.get compute.regionSslPolicies.list compute. compute. compute. compute. compute. compute. compute. compute.regionUrlMaps.get compute.regionUrlMaps.list compute.regionUrlMaps.validate compute.regions.*
compute.reservations.get compute.reservations.list compute.resourcePolicies.get compute. compute.resourcePolicies.list compute.routers.get compute.routers.list compute.routes.get compute.routes.list compute.securityPolicies.get compute. compute.securityPolicies.list compute.serviceAttachments.get compute. compute. compute.snapshots.get compute.snapshots.getIamPolicy compute.snapshots.list compute. compute. compute.sslCertificates.get compute.sslCertificates.list compute.sslPolicies.get compute.sslPolicies.list compute. compute.subnetworks.get compute. compute.subnetworks.list compute.targetGrpcProxies.get compute.targetGrpcProxies.list compute.targetHttpProxies.get compute.targetHttpProxies.list compute.targetHttpsProxies.get compute. compute.targetInstances.get compute.targetInstances.list compute.targetPools.get compute.targetPools.list compute.targetSslProxies.get compute.targetSslProxies.list compute.targetTcpProxies.get compute.targetTcpProxies.list compute.targetVpnGateways.get compute.targetVpnGateways.list compute.urlMaps.get compute.urlMaps.list compute.urlMaps.validate compute.vpnGateways.get compute.vpnGateways.list compute.vpnTunnels.get compute.vpnTunnels.list compute.zoneOperations.get compute. compute.zoneOperations.list compute.zones.*
notebooks.environments.get notebooks. notebooks.environments.list notebooks.executions.get notebooks. notebooks.executions.list notebooks. notebooks.instances.get notebooks.instances.getHealth notebooks. notebooks.instances.list notebooks.locations.*
notebooks.operations.get notebooks.operations.list notebooks.runtimes.get notebooks. notebooks.runtimes.list notebooks.schedules.get notebooks. notebooks.schedules.list resourcemanager.projects.get resourcemanager.projects.list serviceusage.quotas.get serviceusage.services.get serviceusage.services.list |
메모장 실행자( 예약된 메모장 실행을 위한 제한된 액세스 권한입니다. |
compute.acceleratorTypes.*
compute.addresses.get compute.addresses.list compute.autoscalers.get compute.autoscalers.list compute.backendBuckets.get compute. compute.backendBuckets.list compute.backendServices.get compute. compute.backendServices.list compute.commitments.get compute.commitments.list compute.diskTypes.*
compute.disks.get compute.disks.getIamPolicy compute.disks.list compute. compute.disks.listTagBindings compute. compute. compute.firewallPolicies.get compute. compute.firewallPolicies.list compute.firewalls.get compute.firewalls.list compute.forwardingRules.get compute.forwardingRules.list compute.globalAddresses.get compute.globalAddresses.list compute. compute. compute. compute. compute. compute.globalOperations.get compute. compute.globalOperations.list compute. compute. compute.healthChecks.get compute.healthChecks.list compute.httpHealthChecks.get compute.httpHealthChecks.list compute.httpsHealthChecks.get compute.httpsHealthChecks.list compute.images.get compute.images.getFromFamily compute.images.getIamPolicy compute.images.list compute. compute.images.listTagBindings compute. compute. compute.instanceGroups.get compute.instanceGroups.list compute.instanceTemplates.get compute. compute.instanceTemplates.list compute.instances.get compute. compute. compute.instances.getIamPolicy compute. compute. compute. compute. compute.instances.list compute. compute. compute. compute. compute.
compute.
compute.interconnects.get compute.interconnects.list compute.licenseCodes.get compute. compute.licenseCodes.list compute.licenses.get compute.licenses.getIamPolicy compute.licenses.list compute.machineImages.get compute. compute.machineImages.list compute.machineTypes.*
compute. compute. compute. compute.networkAttachments.get compute. compute. compute. compute. compute. compute. compute.networks.get compute. compute. compute.networks.list compute. compute.nodeGroups.get compute. compute.nodeGroups.list compute.nodeTemplates.get compute. compute.nodeTemplates.list compute.nodeTypes.*
compute. compute.packetMirrorings.get compute.packetMirrorings.list compute.projects.get compute. compute. compute. compute. compute. compute. compute. compute. compute. compute. compute. compute. compute.regionHealthChecks.get compute. compute. compute. compute. compute. compute.regionOperations.get compute. compute.regionOperations.list compute. compute. compute. compute. compute.regionSslPolicies.get compute.regionSslPolicies.list compute. compute. compute. compute. compute. compute. compute. compute.regionUrlMaps.get compute.regionUrlMaps.list compute.regionUrlMaps.validate compute.regions.*
compute.reservations.get compute.reservations.list compute.resourcePolicies.get compute. compute.resourcePolicies.list compute.routers.get compute.routers.list compute.routes.get compute.routes.list compute.securityPolicies.get compute. compute.securityPolicies.list compute.serviceAttachments.get compute. compute. compute.snapshots.get compute.snapshots.getIamPolicy compute.snapshots.list compute. compute. compute.sslCertificates.get compute.sslCertificates.list compute.sslPolicies.get compute.sslPolicies.list compute. compute.subnetworks.get compute. compute.subnetworks.list compute.targetGrpcProxies.get compute.targetGrpcProxies.list compute.targetHttpProxies.get compute.targetHttpProxies.list compute.targetHttpsProxies.get compute. compute.targetInstances.get compute.targetInstances.list compute.targetPools.get compute.targetPools.list compute.targetSslProxies.get compute.targetSslProxies.list compute.targetTcpProxies.get compute.targetTcpProxies.list compute.targetVpnGateways.get compute.targetVpnGateways.list compute.urlMaps.get compute.urlMaps.list compute.urlMaps.validate compute.vpnGateways.get compute.vpnGateways.list compute.vpnTunnels.get compute.vpnTunnels.list compute.zoneOperations.get compute. compute.zoneOperations.list compute.zones.*
notebooks.environments.get notebooks. notebooks.environments.list notebooks.executions.create notebooks.executions.get notebooks. notebooks.executions.list notebooks. notebooks.instances.create notebooks.instances.get notebooks.instances.getHealth notebooks. notebooks.instances.list notebooks.locations.*
notebooks.operations.get notebooks.operations.list notebooks.runtimes.create notebooks.runtimes.get notebooks. notebooks.runtimes.list notebooks.schedules.create notebooks.schedules.get notebooks. notebooks.schedules.list resourcemanager.projects.get resourcemanager.projects.list serviceusage.quotas.get serviceusage.services.get serviceusage.services.list |
메모장 뷰어( Notebooks의 모든 리소스에 대한 읽기 전용 액세스 권한입니다. 이 역할을 부여할 수 있는 최하위 수준 리소스:
|
compute.acceleratorTypes.*
compute.addresses.get compute.addresses.list compute.autoscalers.get compute.autoscalers.list compute.backendBuckets.get compute. compute.backendBuckets.list compute.backendServices.get compute. compute.backendServices.list compute.commitments.get compute.commitments.list compute.diskTypes.*
compute.disks.get compute.disks.getIamPolicy compute.disks.list compute. compute.disks.listTagBindings compute. compute. compute.firewallPolicies.get compute. compute.firewallPolicies.list compute.firewalls.get compute.firewalls.list compute.forwardingRules.get compute.forwardingRules.list compute.globalAddresses.get compute.globalAddresses.list compute. compute. compute. compute. compute. compute.globalOperations.get compute. compute.globalOperations.list compute. compute. compute.healthChecks.get compute.healthChecks.list compute.httpHealthChecks.get compute.httpHealthChecks.list compute.httpsHealthChecks.get compute.httpsHealthChecks.list compute.images.get compute.images.getFromFamily compute.images.getIamPolicy compute.images.list compute. compute.images.listTagBindings compute. compute. compute.instanceGroups.get compute.instanceGroups.list compute.instanceTemplates.get compute. compute.instanceTemplates.list compute.instances.get compute. compute. compute.instances.getIamPolicy compute. compute. compute. compute. compute.instances.list compute. compute. compute. compute. compute.
compute.
compute.interconnects.get compute.interconnects.list compute.licenseCodes.get compute. compute.licenseCodes.list compute.licenses.get compute.licenses.getIamPolicy compute.licenses.list compute.machineImages.get compute. compute.machineImages.list compute.machineTypes.*
compute. compute. compute. compute.networkAttachments.get compute. compute. compute. compute. compute. compute. compute.networks.get compute. compute. compute.networks.list compute. compute.nodeGroups.get compute. compute.nodeGroups.list compute.nodeTemplates.get compute. compute.nodeTemplates.list compute.nodeTypes.*
compute. compute.packetMirrorings.get compute.packetMirrorings.list compute.projects.get compute. compute. compute. compute. compute. compute. compute. compute. compute. compute. compute. compute. compute.regionHealthChecks.get compute. compute. compute. compute. compute. compute.regionOperations.get compute. compute.regionOperations.list compute. compute. compute. compute. compute.regionSslPolicies.get compute.regionSslPolicies.list compute. compute. compute. compute. compute. compute. compute. compute.regionUrlMaps.get compute.regionUrlMaps.list compute.regionUrlMaps.validate compute.regions.*
compute.reservations.get compute.reservations.list compute.resourcePolicies.get compute. compute.resourcePolicies.list compute.routers.get compute.routers.list compute.routes.get compute.routes.list compute.securityPolicies.get compute. compute.securityPolicies.list compute.serviceAttachments.get compute. compute. compute.snapshots.get compute.snapshots.getIamPolicy compute.snapshots.list compute. compute. compute.sslCertificates.get compute.sslCertificates.list compute.sslPolicies.get compute.sslPolicies.list compute. compute.subnetworks.get compute. compute.subnetworks.list compute.targetGrpcProxies.get compute.targetGrpcProxies.list compute.targetHttpProxies.get compute.targetHttpProxies.list compute.targetHttpsProxies.get compute. compute.targetInstances.get compute.targetInstances.list compute.targetPools.get compute.targetPools.list compute.targetSslProxies.get compute.targetSslProxies.list compute.targetTcpProxies.get compute.targetTcpProxies.list compute.targetVpnGateways.get compute.targetVpnGateways.list compute.urlMaps.get compute.urlMaps.list compute.urlMaps.validate compute.vpnGateways.get compute.vpnGateways.list compute.vpnTunnels.get compute.vpnTunnels.list compute.zoneOperations.get compute. compute.zoneOperations.list compute.zones.*
notebooks.environments.get notebooks. notebooks.environments.list notebooks.executions.get notebooks. notebooks.executions.list notebooks. notebooks.instances.get notebooks.instances.getHealth notebooks. notebooks.instances.list notebooks.locations.*
notebooks.operations.get notebooks.operations.list notebooks.runtimes.get notebooks. notebooks.runtimes.list notebooks.schedules.get notebooks. notebooks.schedules.list resourcemanager.projects.get resourcemanager.projects.list serviceusage.quotas.get serviceusage.services.get serviceusage.services.list |
AI Platform 역할
역할 | 권한 |
---|---|
AI Platform 관리자( AI Platform 리소스와 작업, 모델, 버전에 대한 전체 액세스 권한을 제공합니다. 이 역할을 부여할 수 있는 최하위 수준 리소스:
소유자 권한 3개가 포함됩니다. |
ml.*
resourcemanager.projects.get |
AI Platform 개발자( AI Platform 리소스를 사용하여 교육 및 예측용 모델, 버전, 작업을 만들고 온라인 예측 요청을 전송할 수 있는 권한을 제공합니다. 이 역할을 부여할 수 있는 최하위 수준 리소스:
소유자 권한 1개가 포함됩니다. |
ml.jobs.create ml.jobs.get ml.jobs.getIamPolicy ml.jobs.list ml.locations.*
ml.models.create ml.models.get ml.models.getIamPolicy ml.models.list ml.models.predict ml.operations.get ml.operations.list ml.projects.getConfig ml.studies.*
ml.trials.*
ml.versions.get ml.versions.list ml.versions.predict resourcemanager.projects.get |
AI Platform 작업 소유자( 특정 작업 리소스에 대한 모든 권한에 대한 전체 액세스 권한을 제공합니다. 이 역할은 작업을 만드는 사용자에게 자동으로 부여됩니다. 이 역할을 부여할 수 있는 최하위 수준 리소스:
소유자 권한 1개가 포함됩니다. |
ml.jobs.*
|
AI Platform 모델 소유자( 모델 및 버전에 대한 전체 액세스 권한을 제공합니다. 이 역할은 모델을 만드는 사용자에게 자동으로 부여됩니다. 이 역할을 부여할 수 있는 최하위 수준 리소스:
소유자 권한 1개가 포함됩니다. |
ml.models.*
ml.versions.*
|
AI Platform 모델 사용자( 모델 및 버전을 읽고 예측에 사용할 수 있는 권한을 제공합니다. 이 역할을 부여할 수 있는 최하위 수준 리소스:
|
ml.models.get ml.models.predict ml.versions.get ml.versions.list ml.versions.predict |
AI Platform 작업 소유자( 특정 작업 리소스에 대한 모든 권한을 사용할 수 있는 전체 액세스 권한을 제공합니다. 이 역할을 부여할 수 있는 최하위 수준 리소스:
|
ml.operations.*
|
AI Platform 뷰어( AI Platform 리소스에 대한 읽기 전용 액세스 권한을 제공합니다. 이 역할을 부여할 수 있는 최하위 수준 리소스:
|
ml.jobs.get ml.jobs.list ml.locations.*
ml.models.get ml.models.list ml.operations.get ml.operations.list ml.projects.getConfig ml.studies.get ml.studies.getIamPolicy ml.studies.list ml.trials.get ml.trials.list ml.versions.get ml.versions.list resourcemanager.projects.get |
Analytics Hub 역할
역할 | 권한 |
---|---|
Analytics Hub 관리자( 데이터 교환 및 등록정보를 관리합니다. 소유자 권한 2개가 포함됩니다. |
analyticshub.dataExchanges.*
analyticshub.listings.create analyticshub.listings.delete analyticshub.listings.get analyticshub. analyticshub.listings.list
manage_accounts
analyticshub. analyticshub.listings.update resourcemanager.projects.get resourcemanager.projects.list |
Analytics Hub 목록 관리자( ACL 업데이트, 삭제, 설정을 포함하여 목록을 관리할 수 있는 전체 권한을 부여합니다. 소유자 권한 1개가 포함됩니다. |
analyticshub.dataExchanges.get analyticshub. analyticshub. analyticshub.listings.delete analyticshub.listings.get analyticshub. analyticshub.listings.list
manage_accounts
analyticshub. analyticshub.listings.update resourcemanager.projects.get resourcemanager.projects.list |
Analytics Hub 게시자( 데이터 교환에 게시하여 등록정보를 만들 수 있습니다. |
analyticshub.dataExchanges.get analyticshub. analyticshub. analyticshub.listings.create analyticshub.listings.get analyticshub. analyticshub.listings.list resourcemanager.projects.get resourcemanager.projects.list |
Analytics Hub 구독자( 데이터 교환을 탐색하고 등록정보를 구독할 수 있습니다. 소유자 권한 1개가 포함됩니다. |
analyticshub.dataExchanges.get analyticshub. analyticshub. analyticshub.listings.get analyticshub. analyticshub.listings.list
manage_accounts
analyticshub. resourcemanager.projects.get resourcemanager.projects.list |
Analytics Hub 뷰어( 데이터 교환 및 등록정보를 탐색할 수 있습니다. |
analyticshub.dataExchanges.get analyticshub. analyticshub. analyticshub.listings.get analyticshub. analyticshub.listings.list resourcemanager.projects.get resourcemanager.projects.list |
Android 관리 역할
Role | Permissions |
---|---|
Android Management User( Full access to manage devices. |
androidmanagement. serviceusage.quotas.get serviceusage.services.get serviceusage.services.list |
Anthos 멀티 클라우드 역할
Role | Permissions |
---|---|
Anthos Multi-cloud Admin( Admin access to Anthos Multi-cloud resources. Contains 2 owner permissions |
gkemulticloud.*
resourcemanager.projects.get resourcemanager.projects.list |
Anthos Multi-cloud Telemetry Writer( Grant access to write cluster telemetry data such as logs, metrics, and resource metadata. |
logging.logEntries.create logging.logEntries.route monitoring. monitoring. monitoring.
monitoring.
monitoring.timeSeries.create opsconfigmonitoring. |
Anthos Multi-cloud Viewer( Viewer access to Anthos Multi-cloud resources. |
gkemulticloud. gkemulticloud. gkemulticloud. gkemulticloud. gkemulticloud. gkemulticloud.awsClusters.get gkemulticloud.awsClusters.list gkemulticloud.awsNodePools.get gkemulticloud. gkemulticloud. gkemulticloud.azureClients.get gkemulticloud. gkemulticloud. gkemulticloud. gkemulticloud. gkemulticloud. gkemulticloud. gkemulticloud. gkemulticloud.operations.get gkemulticloud.operations.list gkemulticloud.operations.wait resourcemanager.projects.get resourcemanager.projects.list |
API 게이트웨이 역할
역할 | 권한 |
---|---|
ApiGateway 관리자( ApiGateway 및 관련 리소스에 대한 전체 액세스 권한입니다. 소유자 권한 3개가 포함됩니다. |
apigateway.*
monitoring. monitoring. monitoring.timeSeries.list resourcemanager.projects.get resourcemanager.projects.list servicemanagement.services.get serviceusage.services.list |
ApiGateway 뷰어( ApiGateway 및 관련 리소스에 대한 읽기 전용 액세스 권한입니다. |
apigateway.apiconfigs.get apigateway. apigateway.apiconfigs.list apigateway.apis.get apigateway.apis.getIamPolicy apigateway.apis.list apigateway.gateways.get apigateway. apigateway.gateways.list apigateway.locations.*
apigateway.operations.get apigateway.operations.list monitoring. monitoring. monitoring.timeSeries.list resourcemanager.projects.get resourcemanager.projects.list servicemanagement.services.get serviceusage.services.list |
Apigee 역할
Role | Permissions |
---|---|
Apigee Organization Admin( Full access to all apigee resource features Contains 1 owner permission |
apigee.*
monitoring.timeSeries.list resourcemanager.projects.get resourcemanager. resourcemanager.projects.list |
Apigee Analytics Agent( Curated set of permissions for Apigee Universal Data Collection Agent to manage analytics for an Apigee Organization |
apigee.datalocation.get apigee. apigee.runtimeconfigs.get |
Apigee Analytics Editor( Analytics editor for an Apigee Organization |
apigee.datacollectors.*
apigee.datastores.*
apigee.envgroupattachments.get apigee. apigee.envgroups.get apigee.envgroups.list apigee.environments.get apigee.environments.getStats apigee.environments.list apigee.exports.*
apigee.hostqueries.*
apigee.hoststats.get apigee.organizations.get apigee.organizations.list apigee.queries.*
apigee.reports.*
resourcemanager.projects.get resourcemanager.projects.list |
Apigee Analytics Viewer( Analytics viewer for an Apigee Organization |
apigee.datacollectors.get apigee.datacollectors.list apigee.datastores.get apigee.datastores.list apigee.envgroupattachments.get apigee. apigee.envgroups.get apigee.envgroups.list apigee.environments.get apigee.environments.getStats apigee.environments.list apigee.exports.get apigee.exports.list apigee.hostqueries.get apigee.hostqueries.list apigee.hoststats.get apigee.organizations.get apigee.organizations.list apigee.queries.get apigee.queries.list apigee.reports.get apigee.reports.list resourcemanager.projects.get resourcemanager.projects.list |
Apigee API Admin( Full read/write access to all apigee API resources |
apigee.apiproductattributes.*
apigee.apiproducts.*
apigee.envgroupattachments.get apigee. apigee.envgroups.get apigee.envgroups.list apigee.environments.get apigee.environments.getStats apigee.environments.list apigee.keyvaluemapentries.*
apigee.keyvaluemaps.*
apigee.organizations.get apigee.organizations.list apigee.proxies.*
apigee.proxyrevisions.*
apigee.sharedflowrevisions.*
apigee.sharedflows.*
resourcemanager.projects.get resourcemanager.projects.list |
Apigee API Reader( Reader of apigee resources |
apigee. apigee. apigee.apiproducts.get apigee.apiproducts.list apigee.envgroupattachments.get apigee. apigee.envgroups.get apigee.envgroups.list apigee.environments.get apigee.environments.getStats apigee.environments.list apigee.keyvaluemapentries.get apigee.keyvaluemapentries.list apigee.keyvaluemaps.list apigee.organizations.get apigee.organizations.list apigee.proxies.get apigee.proxies.list apigee.proxyrevisions.deploy apigee.proxyrevisions.get apigee.proxyrevisions.list apigee.proxyrevisions.undeploy apigee. apigee.sharedflowrevisions.get apigee. apigee. apigee.sharedflows.get apigee.sharedflows.list resourcemanager.projects.get resourcemanager.projects.list |
Apigee Developer Admin( Developer admin of apigee resources |
apigee. apigee. apigee.apiproducts.get apigee.apiproducts.list apigee.appkeys.*
apigee.apps.*
apigee.datacollectors.*
apigee.
apigee.developerapps.*
apigee.developerattributes.*
apigee.developerbalances.*
apigee.
apigee.developers.*
apigee.
apigee.environments.get apigee.environments.getStats apigee.environments.list apigee.hoststats.get apigee.organizations.get apigee.organizations.list apigee.rateplans.get apigee.rateplans.list resourcemanager.projects.get resourcemanager. resourcemanager.projects.list |
Apigee Environment Admin( Full read/write access to apigee environment resources, including deployments. Contains 1 owner permission |
apigee.archivedeployments.*
apigee.datacollectors.get apigee.datacollectors.list apigee.deployments.*
apigee.envgroupattachments.get apigee. apigee.envgroups.get apigee.envgroups.list apigee.environments.get apigee. apigee.environments.getStats apigee.environments.list
manage_accounts
apigee. apigee.environments.update apigee.flowhooks.*
apigee.ingressconfigs.get apigee.keystorealiases.*
apigee.keystores.*
apigee.keyvaluemapentries.*
apigee.keyvaluemaps.*
apigee.maskconfigs.*
apigee.organizations.get apigee.organizations.list apigee.proxies.get apigee.proxies.list apigee.proxyrevisions.deploy apigee.proxyrevisions.get apigee.proxyrevisions.list apigee.proxyrevisions.undeploy apigee.references.*
apigee.resourcefiles.*
apigee. apigee.sharedflowrevisions.get apigee. apigee. apigee.sharedflows.get apigee.sharedflows.list apigee.targetservers.*
apigee.traceconfig.*
apigee.traceconfigoverrides.*
apigee.tracesessions.*
resourcemanager.projects.get resourcemanager. resourcemanager.projects.list |
Apigee Monetization Admin( All permissions related to monetization |
apigee.apiproducts.get apigee.apiproducts.list apigee.developerbalances.*
apigee.
apigee.
apigee.organizations.get apigee.organizations.list apigee.rateplans.*
resourcemanager.projects.get resourcemanager.projects.list |
Apigee Portal Admin( Portal admin for an Apigee Organization |
apigee.organizations.get apigee.organizations.list apigee.portals.*
resourcemanager.projects.get resourcemanager.projects.list |
Apigee Read-only Admin( Viewer of all apigee resources |
apigee. apigee. apigee.apiproducts.get apigee.apiproducts.list apigee.appkeys.get apigee.apps.*
apigee. apigee.archivedeployments.get apigee.archivedeployments.list apigee.caches.list apigee.canaryevaluations.get apigee.datacollectors.get apigee.datacollectors.list apigee.datalocation.get apigee.datastores.get apigee.datastores.list apigee.deployments.get apigee.deployments.list apigee. apigee. apigee.developerapps.get apigee.developerapps.list apigee.developerattributes.get apigee. apigee.developerbalances.get apigee. apigee.developers.get apigee.developers.list apigee. apigee. apigee.endpointattachments.get apigee. apigee.entitlements.get apigee.envgroupattachments.get apigee. apigee.envgroups.get apigee.envgroups.list apigee.environments.get apigee. apigee. apigee.environments.getStats apigee.environments.list apigee.exports.get apigee.exports.list apigee.flowhooks.getSharedFlow apigee.flowhooks.list apigee.hostqueries.get apigee.hostqueries.list apigee.hostsecurityreports.get apigee. apigee.hoststats.get apigee.ingressconfigs.get apigee.instanceattachments.get apigee. apigee.instances.get apigee.instances.list apigee.keystorealiases.get apigee.keystorealiases.list apigee.keystores.get apigee.keystores.list apigee.keyvaluemapentries.get apigee.keyvaluemapentries.list apigee.keyvaluemaps.list apigee.maskconfigs.get apigee.nataddresses.get apigee.nataddresses.list apigee.operations.*
apigee.organizations.get apigee.organizations.list apigee.portals.get |