역할 이해

컬렉션을 사용해 정리하기 내 환경설정을 기준으로 콘텐츠를 저장하고 분류하세요.

이 페이지에서는 IAM 역할을 설명하고 주 구성원에게 부여할 수 있는 사전 정의된 역할을 나열합니다.

역할에는 Google Cloud 리소스에서 특정 작업을 수행할 수 있는 일련의 권한이 포함되어 있습니다. 사용자, 그룹, 서비스 계정을 포함하여 주 구성원에게 권한을 제공하려면 주 구성원에게 역할을 부여합니다.

이 가이드의 기본 요건

역할 유형

IAM에는 다음과 같은 세 가지 유형의 역할이 있습니다.

  • 기본 역할: IAM 도입 전에 있었던 기존의 소유자, 편집자, 뷰어 역할이 포함됩니다.
  • 사전 정의된 역할: 특정 서비스에 대한 세분화된 액세스 권한을 제공하며, Google Cloud에서 관리합니다.
  • 커스텀 역할: 사용자 지정 권한 목록에 따라 세분화된 액세스 권한을 제공합니다.

기본, 사전 정의, 커스텀 역할에 권한이 포함되어 있는지 확인하려면 다음 방법 중 하나를 사용하면 됩니다.

  • gcloud iam roles describe 명령어를 실행하여 역할의 권한을 나열합니다.
  • roles.get() REST API 메서드를 호출하여 역할의 권한을 나열합니다.
  • 기본 및 사전 정의된 역할만 해당: 권한 참조를 검색하여 권한이 역할에서 부여되었는지 확인합니다.
  • 사전 정의된 역할만 해당: 이 페이지에서 사전 정의된 역할 설명을 검색하여 역할에 포함된 권한을 확인합니다.

다음 섹션에서는 각 역할 유형을 설명하고 이를 사용하는 방법의 예를 보여줍니다.

기본 역할

IAM 도입 전에도 존재했던 소유자, 편집자, 뷰어라는 몇 가지 기본 역할이 있습니다. 이 세 가지 역할의 권한은 동심원 형태로 겹칩니다. 즉, 소유자 역할에는 편집자 역할의 권한이 포함되며, 편집자 역할에는 뷰어 역할의 권한이 포함됩니다. 원래 이름은 '기본 역할'이었습니다.

다음 표에서는 모든 Google Cloud 서비스에서 기본 역할에 포함되는 권한을 간략히 확인할 수 있습니다.

기본 역할 정의

이름 직책 권한
roles/viewer 뷰어 상태에 영향을 주지 않는 읽기 전용 작업에 대한 권한이 있습니다. 예를 들면 기존 리소스 또는 데이터의 조회(수정 제외)가 여기에 해당합니다.
roles/editor 편집자 모든 뷰어 권한에 더해 기존 리소스 변경과 같이 상태를 변경하는 작업에 대한 권한까지 포함됩니다.
참고: 편집자 역할에는 대부분의 Google Cloud 서비스의 리소스를 만들고 삭제할 수 있는 권한이 포함됩니다. 하지만 모든 서비스에 대한 모든 작업을 수행할 수 있는 권한은 포함되어 있지 않습니다. 역할에 필요한 권한이 부여되었는지 확인하는 방법은 이 페이지의 역할 유형을 참조하세요.
roles/owner 소유자 모든 편집자 권한 다음 작업에 대한 권한까지 포함됩니다.
  • 프로젝트 및 프로젝트 내의 모든 리소스에 대한 역할 및 관리
  • 프로젝트에 대한 결제 설정
참고:
  • Pub/Sub 주제와 같은 리소스 수준의 소유자 역할을 부여한다고 해서 상위 프로젝트의 소유자 역할까지 부여하지는 않습니다.
  • 조직 수준에서 소유자 역할을 부여해도 조직의 메타데이터를 업데이트할 수 없습니다. 그러나 조직의 모든 프로젝트 및 기타 리소스를 수정할 수는 있습니다.
  • 참고: 조직 외부의 사용자에게 프로젝트의 소유자 역할을 부여하려면 gcloud CLI가 아닌 Google Cloud 콘솔을 사용해야 합니다. 조직에 속하지 않은 프로젝트의 경우 Google Cloud 콘솔을 사용하여 소유자 역할을 부여해야 합니다.

Google Cloud 콘솔, API, gcloud CLI를 사용하여 기본 역할을 부여할 수 있습니다. 프로젝트, 폴더 또는 조직에 기본 역할을 부여하려면 프로젝트, 폴더, 조직에 대한 액세스 관리를 참조하세요. 다른 리소스에 대한 기본 역할을 부여하려면 다른 리소스에 대한 액세스 관리를 참조하세요.

사전 정의된 역할

기본 역할 외에도 IAM은 특정 Google Cloud 리소스에 대해 세부적인 액세스 권한을 제공하고 다른 리소스에 대해 원치 않는 액세스를 방지하는 사전 정의된 추가 역할을 제공합니다. 이러한 역할은 Google에서 만들고 유지관리합니다. Google은 Google Cloud가 새 기능이나 서비스를 추가하는 경우와 같이 필요에 따라 권한을 자동으로 업데이트합니다.

다음 표에서는 이러한 역할, 역할에 관한 설명, 해당 역할을 설정할 수 있는 최하위 수준 리소스 유형의 목록을 확인할 수 있습니다. 이러한 리소스 유형에는 특정 역할을 부여하거나, 또는 대부분의 경우 Google Cloud 리소스 계층 구조에서 해당 역할의 상위에 해당하는 모든 유형을 부여할 수 있습니다.

리소스 계층 구조의 모든 수준에서 동일한 사용자에게 여러 역할을 부여할 수 있습니다. 예를 들어 한 사용자가 한 프로젝트의 Compute 네트워크 관리자 역할과 로그 뷰어 역할을 가지고 해당 프로젝트 내의 Pub/Sub 주제에 대한 Pub/Sub 게시자 역할도 부여받을 수 있습니다. 역할에 포함된 권한 목록은 역할 메타데이터 보기를 참조하세요.

가장 적절한 사전 정의된 역할을 선택하는 데 도움이 필요하면 사전 정의된 역할 선택을 참조하세요.

액세스 승인 역할

역할 권한

액세스 승인자 베타
(roles/accessapproval.approver)

액세스 승인 요청을 보거나 관련 조치를 취하고 구성을 볼 수 있습니다.

  • accessapproval.requests.*
  • accessapproval.serviceAccounts.get
  • accessapproval.settings.get
  • resourcemanager.projects.get
  • resourcemanager.projects.list

액세스 승인 구성 편집자 베타
(roles/accessapproval.configEditor)

액세스 승인 구성을 업데이트할 수 있습니다.

  • accessapproval.serviceAccounts.get
  • accessapproval.settings.*
  • resourcemanager.projects.get
  • resourcemanager.projects.list

액세스 승인 무효화 작업자 베타
(roles/accessapproval.invalidator)

기존에 승인된 승인 요청을 무효화할 수 있습니다.

  • accessapproval.requests.invalidate
  • accessapproval.serviceAccounts.get
  • accessapproval.settings.get
  • resourcemanager.projects.get
  • resourcemanager.projects.list

액세스 승인 뷰어 베타
(roles/accessapproval.viewer)

액세스 승인 요청 및 구성을 볼 수 있습니다.

  • accessapproval.requests.get
  • accessapproval.requests.list
  • accessapproval.serviceAccounts.get
  • accessapproval.settings.get
  • resourcemanager.projects.get
  • resourcemanager.projects.list

Access Context Manager 역할

역할 권한

(roles/accesscontextmanager.gcpAccessAdmin)

Cloud 액세스 바인딩을 생성, 수정, 변경합니다.

accesscontextmanager.gcpUserAccessBindings.*

  • accesscontextmanager.gcpUserAccessBindings.create
  • accesscontextmanager.gcpUserAccessBindings.delete
  • accesscontextmanager.gcpUserAccessBindings.get
  • accesscontextmanager.gcpUserAccessBindings.list
  • accesscontextmanager.gcpUserAccessBindings.update

(roles/accesscontextmanager.gcpAccessReader)

Cloud 액세스 바인딩에 대한 읽기 액세스 권한입니다.

accesscontextmanager.gcpUserAccessBindings.get

accesscontextmanager.gcpUserAccessBindings.list

(roles/accesscontextmanager.policyAdmin)

정책, 액세스 수준, 액세스 영역에 대한 전체 액세스 권한입니다.

2개 소유자 권한 포함

accesscontextmanager.accessLevels.*

  • accesscontextmanager.accessLevels.create
  • accesscontextmanager.accessLevels.delete
  • accesscontextmanager.accessLevels.get
  • accesscontextmanager.accessLevels.list
  • accesscontextmanager.accessLevels.replaceAll
  • accesscontextmanager.accessLevels.update

accesscontextmanager.accessPolicies.*

  • accesscontextmanager.accessPolicies.create
  • accesscontextmanager.accessPolicies.delete
  • accesscontextmanager.accessPolicies.get
  • accesscontextmanager.accessPolicies.getIamPolicy
  • accesscontextmanager.accessPolicies.list
  • accesscontextmanager.accessPolicies.setIamPolicy
  • accesscontextmanager.accessPolicies.update

accesscontextmanager.accessZones.*

  • accesscontextmanager.accessZones.create
  • accesscontextmanager.accessZones.delete
  • accesscontextmanager.accessZones.get
  • accesscontextmanager.accessZones.list
  • accesscontextmanager.accessZones.update

accesscontextmanager.policies.*

  • accesscontextmanager.policies.create
  • accesscontextmanager.policies.delete
  • accesscontextmanager.policies.get
  • accesscontextmanager.policies.getIamPolicy
  • accesscontextmanager.policies.list
  • accesscontextmanager.policies.setIamPolicy
  • accesscontextmanager.policies.update

accesscontextmanager.servicePerimeters.*

  • accesscontextmanager.servicePerimeters.commit
  • accesscontextmanager.servicePerimeters.create
  • accesscontextmanager.servicePerimeters.delete
  • accesscontextmanager.servicePerimeters.get
  • accesscontextmanager.servicePerimeters.list
  • accesscontextmanager.servicePerimeters.replaceAll
  • accesscontextmanager.servicePerimeters.update

cloudasset.assets.searchAllResources

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

(roles/accesscontextmanager.policyEditor)

정책에 대한 수정 액세스 권한입니다. 액세스 수준 및 액세스 영역을 생성, 수정, 변경합니다.

accesscontextmanager.accessLevels.*

  • accesscontextmanager.accessLevels.create
  • accesscontextmanager.accessLevels.delete
  • accesscontextmanager.accessLevels.get
  • accesscontextmanager.accessLevels.list
  • accesscontextmanager.accessLevels.replaceAll
  • accesscontextmanager.accessLevels.update

accesscontextmanager.accessPolicies.create

accesscontextmanager.accessPolicies.delete

accesscontextmanager.accessPolicies.get

accesscontextmanager.accessPolicies.getIamPolicy

accesscontextmanager.accessPolicies.list

accesscontextmanager.accessPolicies.update

accesscontextmanager.accessZones.*

  • accesscontextmanager.accessZones.create
  • accesscontextmanager.accessZones.delete
  • accesscontextmanager.accessZones.get
  • accesscontextmanager.accessZones.list
  • accesscontextmanager.accessZones.update

accesscontextmanager.policies.create

accesscontextmanager.policies.delete

accesscontextmanager.policies.get

accesscontextmanager.policies.getIamPolicy

accesscontextmanager.policies.list

accesscontextmanager.policies.update

accesscontextmanager.servicePerimeters.*

  • accesscontextmanager.servicePerimeters.commit
  • accesscontextmanager.servicePerimeters.create
  • accesscontextmanager.servicePerimeters.delete
  • accesscontextmanager.servicePerimeters.get
  • accesscontextmanager.servicePerimeters.list
  • accesscontextmanager.servicePerimeters.replaceAll
  • accesscontextmanager.servicePerimeters.update

cloudasset.assets.searchAllResources

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

(roles/accesscontextmanager.policyReader)

정책, 액세스 수준, 액세스 영역에 대한 읽기 액세스 권한입니다.

accesscontextmanager.accessLevels.get

accesscontextmanager.accessLevels.list

accesscontextmanager.accessPolicies.get

accesscontextmanager.accessPolicies.getIamPolicy

accesscontextmanager.accessPolicies.list

accesscontextmanager.accessZones.get

accesscontextmanager.accessZones.list

accesscontextmanager.policies.get

accesscontextmanager.policies.getIamPolicy

accesscontextmanager.policies.list

accesscontextmanager.servicePerimeters.get

accesscontextmanager.servicePerimeters.list

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

(roles/accesscontextmanager.vpcScTroubleshooterViewer)

accesscontextmanager.accessLevels.get

accesscontextmanager.accessLevels.list

accesscontextmanager.policies.get

accesscontextmanager.policies.getIamPolicy

accesscontextmanager.policies.list

accesscontextmanager.servicePerimeters.get

accesscontextmanager.servicePerimeters.list

logging.exclusions.get

logging.exclusions.list

logging.logEntries.list

logging.logMetrics.get

logging.logMetrics.list

logging.logServiceIndexes.list

logging.logServices.list

logging.logs.list

logging.sinks.get

logging.sinks.list

logging.usage.get

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

작업 역할

역할 권한

작업 관리자
(roles/actions.Admin)

작업을 수정하고 배포할 수 있는 액세스 권한입니다.

  • actions.*
  • firebase.projects.get
  • firebase.projects.update
  • resourcemanager.projects.get
  • resourcemanager.projects.list
  • serviceusage.services.use

작업 뷰어
(roles/actions.Viewer)

작업을 볼 수 있는 액세스 권한입니다.

  • actions.agent.get
  • actions.agentVersions.get
  • actions.agentVersions.list
  • firebase.projects.get
  • resourcemanager.projects.get
  • resourcemanager.projects.list
  • serviceusage.services.use

AI Notebooks 역할

역할 권한

Notebooks 관리자
(roles/notebooks.admin)

Notebooks의 모든 리소스에 대한 전체 액세스 권한입니다.

이 역할을 부여할 수 있는 최하위 수준 리소스:

  • 인스턴스
  • compute.acceleratorTypes.*
  • compute.addresses.get
  • compute.addresses.list
  • compute.autoscalers.get
  • compute.autoscalers.list
  • compute.backendBuckets.get
  • compute.backendBuckets.list
  • compute.backendServices.get
  • compute.backendServices.getIamPolicy
  • compute.backendServices.list
  • compute.commitments.get
  • compute.commitments.list
  • compute.diskTypes.*
  • compute.disks.get
  • compute.disks.getIamPolicy
  • compute.disks.list
  • compute.disks.listEffectiveTags
  • compute.disks.listTagBindings
  • compute.externalVpnGateways.get
  • compute.externalVpnGateways.list
  • compute.firewallPolicies.get
  • compute.firewallPolicies.getIamPolicy
  • compute.firewallPolicies.list
  • compute.firewalls.get
  • compute.firewalls.list
  • compute.forwardingRules.get
  • compute.forwardingRules.list
  • compute.globalAddresses.get
  • compute.globalAddresses.list
  • compute.globalForwardingRules.get
  • compute.globalForwardingRules.list
  • compute.globalForwardingRules.pscGet
  • compute.globalNetworkEndpointGroups.get
  • compute.globalNetworkEndpointGroups.list
  • compute.globalOperations.get
  • compute.globalOperations.getIamPolicy
  • compute.globalOperations.list
  • compute.globalPublicDelegatedPrefixes.get
  • compute.globalPublicDelegatedPrefixes.list
  • compute.healthChecks.get
  • compute.healthChecks.list
  • compute.httpHealthChecks.get
  • compute.httpHealthChecks.list
  • compute.httpsHealthChecks.get
  • compute.httpsHealthChecks.list
  • compute.images.get
  • compute.images.getFromFamily
  • compute.images.getIamPolicy
  • compute.images.list
  • compute.images.listEffectiveTags
  • compute.images.listTagBindings
  • compute.instanceGroupManagers.get
  • compute.instanceGroupManagers.list
  • compute.instanceGroups.get
  • compute.instanceGroups.list
  • compute.instanceTemplates.get
  • compute.instanceTemplates.getIamPolicy
  • compute.instanceTemplates.list
  • compute.instances.get
  • compute.instances.getEffectiveFirewalls
  • compute.instances.getGuestAttributes
  • compute.instances.getIamPolicy
  • compute.instances.getScreenshot
  • compute.instances.getSerialPortOutput
  • compute.instances.getShieldedInstanceIdentity
  • compute.instances.getShieldedVmIdentity
  • compute.instances.list
  • compute.instances.listEffectiveTags
  • compute.instances.listReferrers
  • compute.instances.listTagBindings
  • compute.interconnectAttachments.get
  • compute.interconnectAttachments.list
  • compute.interconnectLocations.*
  • compute.interconnects.get
  • compute.interconnects.list
  • compute.licenseCodes.get
  • compute.licenseCodes.getIamPolicy
  • compute.licenseCodes.list
  • compute.licenses.get
  • compute.licenses.getIamPolicy
  • compute.licenses.list
  • compute.machineImages.get
  • compute.machineImages.getIamPolicy
  • compute.machineImages.list
  • compute.machineTypes.*
  • compute.maintenancePolicies.get
  • compute.maintenancePolicies.getIamPolicy
  • compute.maintenancePolicies.list
  • compute.networkEndpointGroups.get
  • compute.networkEndpointGroups.getIamPolicy
  • compute.networkEndpointGroups.list
  • compute.networks.get
  • compute.networks.getEffectiveFirewalls
  • compute.networks.getRegionEffectiveFirewalls
  • compute.networks.list
  • compute.networks.listPeeringRoutes
  • compute.nodeGroups.get
  • compute.nodeGroups.getIamPolicy
  • compute.nodeGroups.list
  • compute.nodeTemplates.get
  • compute.nodeTemplates.getIamPolicy
  • compute.nodeTemplates.list
  • compute.nodeTypes.*
  • compute.organizations.listAssociations
  • compute.packetMirrorings.get
  • compute.packetMirrorings.list
  • compute.projects.get
  • compute.publicAdvertisedPrefixes.get
  • compute.publicAdvertisedPrefixes.list
  • compute.publicDelegatedPrefixes.get
  • compute.publicDelegatedPrefixes.list
  • compute.regionBackendServices.get
  • compute.regionBackendServices.getIamPolicy
  • compute.regionBackendServices.list
  • compute.regionFirewallPolicies.get
  • compute.regionFirewallPolicies.getIamPolicy
  • compute.regionFirewallPolicies.list
  • compute.regionHealthCheckServices.get
  • compute.regionHealthCheckServices.list
  • compute.regionHealthChecks.get
  • compute.regionHealthChecks.list
  • compute.regionNetworkEndpointGroups.get
  • compute.regionNetworkEndpointGroups.list
  • compute.regionNotificationEndpoints.get
  • compute.regionNotificationEndpoints.list
  • compute.regionOperations.get
  • compute.regionOperations.getIamPolicy
  • compute.regionOperations.list
  • compute.regionSslCertificates.get
  • compute.regionSslCertificates.list
  • compute.regionTargetHttpProxies.get
  • compute.regionTargetHttpProxies.list
  • compute.regionTargetHttpsProxies.get
  • compute.regionTargetHttpsProxies.list
  • compute.regionUrlMaps.get
  • compute.regionUrlMaps.list
  • compute.regionUrlMaps.validate
  • compute.regions.*
  • compute.reservations.get
  • compute.reservations.list
  • compute.resourcePolicies.get
  • compute.resourcePolicies.list
  • compute.routers.get
  • compute.routers.list
  • compute.routes.get
  • compute.routes.list
  • compute.securityPolicies.get
  • compute.securityPolicies.getIamPolicy
  • compute.securityPolicies.list
  • compute.serviceAttachments.get
  • compute.serviceAttachments.list
  • compute.snapshots.get
  • compute.snapshots.getIamPolicy
  • compute.snapshots.list
  • compute.snapshots.listEffectiveTags
  • compute.snapshots.listTagBindings
  • compute.sslCertificates.get
  • compute.sslCertificates.list
  • compute.sslPolicies.get
  • compute.sslPolicies.list
  • compute.sslPolicies.listAvailableFeatures
  • compute.subnetworks.get
  • compute.subnetworks.getIamPolicy
  • compute.subnetworks.list
  • compute.targetGrpcProxies.get
  • compute.targetGrpcProxies.list
  • compute.targetHttpProxies.get
  • compute.targetHttpProxies.list
  • compute.targetHttpsProxies.get
  • compute.targetHttpsProxies.list
  • compute.targetInstances.get
  • compute.targetInstances.list
  • compute.targetPools.get
  • compute.targetPools.list
  • compute.targetSslProxies.get
  • compute.targetSslProxies.list
  • compute.targetTcpProxies.get
  • compute.targetTcpProxies.list
  • compute.targetVpnGateways.get
  • compute.targetVpnGateways.list
  • compute.urlMaps.get
  • compute.urlMaps.list
  • compute.urlMaps.validate
  • compute.vpnGateways.get
  • compute.vpnGateways.list
  • compute.vpnTunnels.get
  • compute.vpnTunnels.list
  • compute.zoneOperations.get
  • compute.zoneOperations.getIamPolicy
  • compute.zoneOperations.list
  • compute.zones.*
  • notebooks.*
  • resourcemanager.projects.get
  • resourcemanager.projects.list
  • serviceusage.quotas.get
  • serviceusage.services.get
  • serviceusage.services.list

Notebooks 기존 관리자
(roles/notebooks.legacyAdmin)

Compute API를 통한 메모장의 모든 리소스에 대한 전체 액세스 권한입니다.

  • compute.*
  • notebooks.*
  • resourcemanager.projects.get
  • resourcemanager.projects.list
  • serviceusage.quotas.get
  • serviceusage.services.get
  • serviceusage.services.list

Notebooks 기존 뷰어
(roles/notebooks.legacyViewer)

Compute API를 통한 메모장의 모든 리소스에 대한 읽기 전용 액세스 권한입니다.

  • compute.acceleratorTypes.*
  • compute.addresses.get
  • compute.addresses.list
  • compute.autoscalers.get
  • compute.autoscalers.list
  • compute.backendBuckets.get
  • compute.backendBuckets.list
  • compute.backendServices.get
  • compute.backendServices.getIamPolicy
  • compute.backendServices.list
  • compute.commitments.get
  • compute.commitments.list
  • compute.diskTypes.*
  • compute.disks.get
  • compute.disks.getIamPolicy
  • compute.disks.list
  • compute.disks.listEffectiveTags
  • compute.disks.listTagBindings
  • compute.externalVpnGateways.get
  • compute.externalVpnGateways.list
  • compute.firewallPolicies.get
  • compute.firewallPolicies.getIamPolicy
  • compute.firewallPolicies.list
  • compute.firewalls.get
  • compute.firewalls.list
  • compute.forwardingRules.get
  • compute.forwardingRules.list
  • compute.globalAddresses.get
  • compute.globalAddresses.list
  • compute.globalForwardingRules.get
  • compute.globalForwardingRules.list
  • compute.globalForwardingRules.pscGet
  • compute.globalNetworkEndpointGroups.get
  • compute.globalNetworkEndpointGroups.list
  • compute.globalOperations.get
  • compute.globalOperations.getIamPolicy
  • compute.globalOperations.list
  • compute.globalPublicDelegatedPrefixes.get
  • compute.globalPublicDelegatedPrefixes.list
  • compute.healthChecks.get
  • compute.healthChecks.list
  • compute.httpHealthChecks.get
  • compute.httpHealthChecks.list
  • compute.httpsHealthChecks.get
  • compute.httpsHealthChecks.list
  • compute.images.get
  • compute.images.getFromFamily
  • compute.images.getIamPolicy
  • compute.images.list
  • compute.images.listEffectiveTags
  • compute.images.listTagBindings
  • compute.instanceGroupManagers.get
  • compute.instanceGroupManagers.list
  • compute.instanceGroups.get
  • compute.instanceGroups.list
  • compute.instanceTemplates.get
  • compute.instanceTemplates.getIamPolicy
  • compute.instanceTemplates.list
  • compute.instances.get
  • compute.instances.getEffectiveFirewalls
  • compute.instances.getGuestAttributes
  • compute.instances.getIamPolicy
  • compute.instances.getScreenshot
  • compute.instances.getSerialPortOutput
  • compute.instances.getShieldedInstanceIdentity
  • compute.instances.getShieldedVmIdentity
  • compute.instances.list
  • compute.instances.listEffectiveTags
  • compute.instances.listReferrers
  • compute.instances.listTagBindings
  • compute.interconnectAttachments.get
  • compute.interconnectAttachments.list
  • compute.interconnectLocations.*
  • compute.interconnects.get
  • compute.interconnects.list
  • compute.licenseCodes.get
  • compute.licenseCodes.getIamPolicy
  • compute.licenseCodes.list
  • compute.licenses.get
  • compute.licenses.getIamPolicy
  • compute.licenses.list
  • compute.machineImages.get
  • compute.machineImages.getIamPolicy
  • compute.machineImages.list
  • compute.machineTypes.*
  • compute.maintenancePolicies.get
  • compute.maintenancePolicies.getIamPolicy
  • compute.maintenancePolicies.list
  • compute.networkEndpointGroups.get
  • compute.networkEndpointGroups.getIamPolicy
  • compute.networkEndpointGroups.list
  • compute.networks.get
  • compute.networks.getEffectiveFirewalls
  • compute.networks.getRegionEffectiveFirewalls
  • compute.networks.list
  • compute.networks.listPeeringRoutes
  • compute.nodeGroups.get
  • compute.nodeGroups.getIamPolicy
  • compute.nodeGroups.list
  • compute.nodeTemplates.get
  • compute.nodeTemplates.getIamPolicy
  • compute.nodeTemplates.list
  • compute.nodeTypes.*
  • compute.organizations.listAssociations
  • compute.packetMirrorings.get
  • compute.packetMirrorings.list
  • compute.projects.get
  • compute.publicAdvertisedPrefixes.get
  • compute.publicAdvertisedPrefixes.list
  • compute.publicDelegatedPrefixes.get
  • compute.publicDelegatedPrefixes.list
  • compute.regionBackendServices.get
  • compute.regionBackendServices.getIamPolicy
  • compute.regionBackendServices.list
  • compute.regionFirewallPolicies.get
  • compute.regionFirewallPolicies.getIamPolicy
  • compute.regionFirewallPolicies.list
  • compute.regionHealthCheckServices.get
  • compute.regionHealthCheckServices.list
  • compute.regionHealthChecks.get
  • compute.regionHealthChecks.list
  • compute.regionNetworkEndpointGroups.get
  • compute.regionNetworkEndpointGroups.list
  • compute.regionNotificationEndpoints.get
  • compute.regionNotificationEndpoints.list
  • compute.regionOperations.get
  • compute.regionOperations.getIamPolicy
  • compute.regionOperations.list
  • compute.regionSslCertificates.get
  • compute.regionSslCertificates.list
  • compute.regionTargetHttpProxies.get
  • compute.regionTargetHttpProxies.list
  • compute.regionTargetHttpsProxies.get
  • compute.regionTargetHttpsProxies.list
  • compute.regionUrlMaps.get
  • compute.regionUrlMaps.list
  • compute.regionUrlMaps.validate
  • compute.regions.*
  • compute.reservations.get
  • compute.reservations.list
  • compute.resourcePolicies.get
  • compute.resourcePolicies.list
  • compute.routers.get
  • compute.routers.list
  • compute.routes.get
  • compute.routes.list
  • compute.securityPolicies.get
  • compute.securityPolicies.getIamPolicy
  • compute.securityPolicies.list
  • compute.serviceAttachments.get
  • compute.serviceAttachments.list
  • compute.snapshots.get
  • compute.snapshots.getIamPolicy
  • compute.snapshots.list
  • compute.snapshots.listEffectiveTags
  • compute.snapshots.listTagBindings
  • compute.sslCertificates.get
  • compute.sslCertificates.list
  • compute.sslPolicies.get
  • compute.sslPolicies.list
  • compute.sslPolicies.listAvailableFeatures
  • compute.subnetworks.get
  • compute.subnetworks.getIamPolicy
  • compute.subnetworks.list
  • compute.targetGrpcProxies.get
  • compute.targetGrpcProxies.list
  • compute.targetHttpProxies.get
  • compute.targetHttpProxies.list
  • compute.targetHttpsProxies.get
  • compute.targetHttpsProxies.list
  • compute.targetInstances.get
  • compute.targetInstances.list
  • compute.targetPools.get
  • compute.targetPools.list
  • compute.targetSslProxies.get
  • compute.targetSslProxies.list
  • compute.targetTcpProxies.get
  • compute.targetTcpProxies.list
  • compute.targetVpnGateways.get
  • compute.targetVpnGateways.list
  • compute.urlMaps.get
  • compute.urlMaps.list
  • compute.urlMaps.validate
  • compute.vpnGateways.get
  • compute.vpnGateways.list
  • compute.vpnTunnels.get
  • compute.vpnTunnels.list
  • compute.zoneOperations.get
  • compute.zoneOperations.getIamPolicy
  • compute.zoneOperations.list
  • compute.zones.*
  • notebooks.environments.get
  • notebooks.environments.getIamPolicy
  • notebooks.environments.list
  • notebooks.executions.get
  • notebooks.executions.getIamPolicy
  • notebooks.executions.list
  • notebooks.instances.checkUpgradability
  • notebooks.instances.get
  • notebooks.instances.getHealth
  • notebooks.instances.getIamPolicy
  • notebooks.instances.list
  • notebooks.locations.*
  • notebooks.operations.get
  • notebooks.operations.list
  • notebooks.runtimes.get
  • notebooks.runtimes.getIamPolicy
  • notebooks.runtimes.list
  • notebooks.schedules.get
  • notebooks.schedules.getIamPolicy
  • notebooks.schedules.list
  • resourcemanager.projects.get
  • resourcemanager.projects.list
  • serviceusage.quotas.get
  • serviceusage.services.get
  • serviceusage.services.list

Notebooks 실행자
(roles/notebooks.runner)

예약된 메모장 실행을 위한 제한된 액세스 권한입니다.

  • compute.acceleratorTypes.*
  • compute.addresses.get
  • compute.addresses.list
  • compute.autoscalers.get
  • compute.autoscalers.list
  • compute.backendBuckets.get
  • compute.backendBuckets.list
  • compute.backendServices.get
  • compute.backendServices.getIamPolicy
  • compute.backendServices.list
  • compute.commitments.get
  • compute.commitments.list
  • compute.diskTypes.*
  • compute.disks.get
  • compute.disks.getIamPolicy
  • compute.disks.list
  • compute.disks.listEffectiveTags
  • compute.disks.listTagBindings
  • compute.externalVpnGateways.get
  • compute.externalVpnGateways.list
  • compute.firewallPolicies.get
  • compute.firewallPolicies.getIamPolicy
  • compute.firewallPolicies.list
  • compute.firewalls.get
  • compute.firewalls.list
  • compute.forwardingRules.get
  • compute.forwardingRules.list
  • compute.globalAddresses.get
  • compute.globalAddresses.list
  • compute.globalForwardingRules.get
  • compute.globalForwardingRules.list
  • compute.globalForwardingRules.pscGet
  • compute.globalNetworkEndpointGroups.get
  • compute.globalNetworkEndpointGroups.list
  • compute.globalOperations.get
  • compute.globalOperations.getIamPolicy
  • compute.globalOperations.list
  • compute.globalPublicDelegatedPrefixes.get
  • compute.globalPublicDelegatedPrefixes.list
  • compute.healthChecks.get
  • compute.healthChecks.list
  • compute.httpHealthChecks.get
  • compute.httpHealthChecks.list
  • compute.httpsHealthChecks.get
  • compute.httpsHealthChecks.list
  • compute.images.get
  • compute.images.getFromFamily
  • compute.images.getIamPolicy
  • compute.images.list
  • compute.images.listEffectiveTags
  • compute.images.listTagBindings
  • compute.instanceGroupManagers.get
  • compute.instanceGroupManagers.list
  • compute.instanceGroups.get
  • compute.instanceGroups.list
  • compute.instanceTemplates.get
  • compute.instanceTemplates.getIamPolicy
  • compute.instanceTemplates.list
  • compute.instances.get
  • compute.instances.getEffectiveFirewalls
  • compute.instances.getGuestAttributes
  • compute.instances.getIamPolicy
  • compute.instances.getScreenshot
  • compute.instances.getSerialPortOutput
  • compute.instances.getShieldedInstanceIdentity
  • compute.instances.getShieldedVmIdentity
  • compute.instances.list
  • compute.instances.listEffectiveTags
  • compute.instances.listReferrers
  • compute.instances.listTagBindings
  • compute.interconnectAttachments.get
  • compute.interconnectAttachments.list
  • compute.interconnectLocations.*
  • compute.interconnects.get
  • compute.interconnects.list
  • compute.licenseCodes.get
  • compute.licenseCodes.getIamPolicy
  • compute.licenseCodes.list
  • compute.licenses.get
  • compute.licenses.getIamPolicy
  • compute.licenses.list
  • compute.machineImages.get
  • compute.machineImages.getIamPolicy
  • compute.machineImages.list
  • compute.machineTypes.*
  • compute.maintenancePolicies.get
  • compute.maintenancePolicies.getIamPolicy
  • compute.maintenancePolicies.list
  • compute.networkEndpointGroups.get
  • compute.networkEndpointGroups.getIamPolicy
  • compute.networkEndpointGroups.list
  • compute.networks.get
  • compute.networks.getEffectiveFirewalls
  • compute.networks.getRegionEffectiveFirewalls
  • compute.networks.list
  • compute.networks.listPeeringRoutes
  • compute.nodeGroups.get
  • compute.nodeGroups.getIamPolicy
  • compute.nodeGroups.list
  • compute.nodeTemplates.get
  • compute.nodeTemplates.getIamPolicy
  • compute.nodeTemplates.list
  • compute.nodeTypes.*
  • compute.organizations.listAssociations
  • compute.packetMirrorings.get
  • compute.packetMirrorings.list
  • compute.projects.get
  • compute.publicAdvertisedPrefixes.get
  • compute.publicAdvertisedPrefixes.list
  • compute.publicDelegatedPrefixes.get
  • compute.publicDelegatedPrefixes.list
  • compute.regionBackendServices.get
  • compute.regionBackendServices.getIamPolicy
  • compute.regionBackendServices.list
  • compute.regionFirewallPolicies.get
  • compute.regionFirewallPolicies.getIamPolicy
  • compute.regionFirewallPolicies.list
  • compute.regionHealthCheckServices.get
  • compute.regionHealthCheckServices.list
  • compute.regionHealthChecks.get
  • compute.regionHealthChecks.list
  • compute.regionNetworkEndpointGroups.get
  • compute.regionNetworkEndpointGroups.list
  • compute.regionNotificationEndpoints.get
  • compute.regionNotificationEndpoints.list
  • compute.regionOperations.get
  • compute.regionOperations.getIamPolicy
  • compute.regionOperations.list
  • compute.regionSslCertificates.get
  • compute.regionSslCertificates.list
  • compute.regionTargetHttpProxies.get
  • compute.regionTargetHttpProxies.list
  • compute.regionTargetHttpsProxies.get
  • compute.regionTargetHttpsProxies.list
  • compute.regionUrlMaps.get
  • compute.regionUrlMaps.list
  • compute.regionUrlMaps.validate
  • compute.regions.*
  • compute.reservations.get
  • compute.reservations.list
  • compute.resourcePolicies.get
  • compute.resourcePolicies.list
  • compute.routers.get
  • compute.routers.list
  • compute.routes.get
  • compute.routes.list
  • compute.securityPolicies.get
  • compute.securityPolicies.getIamPolicy
  • compute.securityPolicies.list
  • compute.serviceAttachments.get
  • compute.serviceAttachments.list
  • compute.snapshots.get
  • compute.snapshots.getIamPolicy
  • compute.snapshots.list
  • compute.snapshots.listEffectiveTags
  • compute.snapshots.listTagBindings
  • compute.sslCertificates.get
  • compute.sslCertificates.list
  • compute.sslPolicies.get
  • compute.sslPolicies.list
  • compute.sslPolicies.listAvailableFeatures
  • compute.subnetworks.get
  • compute.subnetworks.getIamPolicy
  • compute.subnetworks.list
  • compute.targetGrpcProxies.get
  • compute.targetGrpcProxies.list
  • compute.targetHttpProxies.get
  • compute.targetHttpProxies.list
  • compute.targetHttpsProxies.get
  • compute.targetHttpsProxies.list
  • compute.targetInstances.get
  • compute.targetInstances.list
  • compute.targetPools.get
  • compute.targetPools.list
  • compute.targetSslProxies.get
  • compute.targetSslProxies.list
  • compute.targetTcpProxies.get
  • compute.targetTcpProxies.list
  • compute.targetVpnGateways.get
  • compute.targetVpnGateways.list
  • compute.urlMaps.get
  • compute.urlMaps.list
  • compute.urlMaps.validate
  • compute.vpnGateways.get
  • compute.vpnGateways.list
  • compute.vpnTunnels.get
  • compute.vpnTunnels.list
  • compute.zoneOperations.get
  • compute.zoneOperations.getIamPolicy
  • compute.zoneOperations.list
  • compute.zones.*
  • notebooks.environments.get
  • notebooks.environments.getIamPolicy
  • notebooks.environments.list
  • notebooks.executions.create
  • notebooks.executions.get
  • notebooks.executions.getIamPolicy
  • notebooks.executions.list
  • notebooks.instances.checkUpgradability
  • notebooks.instances.create
  • notebooks.instances.get
  • notebooks.instances.getHealth
  • notebooks.instances.getIamPolicy
  • notebooks.instances.list
  • notebooks.locations.*
  • notebooks.operations.get
  • notebooks.operations.list
  • notebooks.runtimes.create
  • notebooks.runtimes.get
  • notebooks.runtimes.getIamPolicy
  • notebooks.runtimes.list
  • notebooks.schedules.create
  • notebooks.schedules.get
  • notebooks.schedules.getIamPolicy
  • notebooks.schedules.list
  • resourcemanager.projects.get
  • resourcemanager.projects.list
  • serviceusage.quotas.get
  • serviceusage.services.get
  • serviceusage.services.list

Notebooks 뷰어
(roles/notebooks.viewer)

Notebooks의 모든 리소스에 대한 읽기 전용 액세스 권한입니다.

이 역할을 부여할 수 있는 최하위 수준 리소스:

  • 인스턴스
  • compute.acceleratorTypes.*
  • compute.addresses.get
  • compute.addresses.list
  • compute.autoscalers.get
  • compute.autoscalers.list
  • compute.backendBuckets.get
  • compute.backendBuckets.list
  • compute.backendServices.get
  • compute.backendServices.getIamPolicy
  • compute.backendServices.list
  • compute.commitments.get
  • compute.commitments.list
  • compute.diskTypes.*
  • compute.disks.get
  • compute.disks.getIamPolicy
  • compute.disks.list
  • compute.disks.listEffectiveTags
  • compute.disks.listTagBindings
  • compute.externalVpnGateways.get
  • compute.externalVpnGateways.list
  • compute.firewallPolicies.get
  • compute.firewallPolicies.getIamPolicy
  • compute.firewallPolicies.list
  • compute.firewalls.get
  • compute.firewalls.list
  • compute.forwardingRules.get
  • compute.forwardingRules.list
  • compute.globalAddresses.get
  • compute.globalAddresses.list
  • compute.globalForwardingRules.get
  • compute.globalForwardingRules.list
  • compute.globalForwardingRules.pscGet
  • compute.globalNetworkEndpointGroups.get
  • compute.globalNetworkEndpointGroups.list
  • compute.globalOperations.get
  • compute.globalOperations.getIamPolicy
  • compute.globalOperations.list
  • compute.globalPublicDelegatedPrefixes.get
  • compute.globalPublicDelegatedPrefixes.list
  • compute.healthChecks.get
  • compute.healthChecks.list
  • compute.httpHealthChecks.get
  • compute.httpHealthChecks.list
  • compute.httpsHealthChecks.get
  • compute.httpsHealthChecks.list
  • compute.images.get
  • compute.images.getFromFamily
  • compute.images.getIamPolicy
  • compute.images.list
  • compute.images.listEffectiveTags
  • compute.images.listTagBindings
  • compute.instanceGroupManagers.get
  • compute.instanceGroupManagers.list
  • compute.instanceGroups.get
  • compute.instanceGroups.list
  • compute.instanceTemplates.get
  • compute.instanceTemplates.getIamPolicy
  • compute.instanceTemplates.list
  • compute.instances.get
  • compute.instances.getEffectiveFirewalls
  • compute.instances.getGuestAttributes
  • compute.instances.getIamPolicy
  • compute.instances.getScreenshot
  • compute.instances.getSerialPortOutput
  • compute.instances.getShieldedInstanceIdentity
  • compute.instances.getShieldedVmIdentity
  • compute.instances.list
  • compute.instances.listEffectiveTags
  • compute.instances.listReferrers
  • compute.instances.listTagBindings
  • compute.interconnectAttachments.get
  • compute.interconnectAttachments.list
  • compute.interconnectLocations.*
  • compute.interconnects.get
  • compute.interconnects.list
  • compute.licenseCodes.get
  • compute.licenseCodes.getIamPolicy
  • compute.licenseCodes.list
  • compute.licenses.get
  • compute.licenses.getIamPolicy
  • compute.licenses.list
  • compute.machineImages.get
  • compute.machineImages.getIamPolicy
  • compute.machineImages.list
  • compute.machineTypes.*
  • compute.maintenancePolicies.get
  • compute.maintenancePolicies.getIamPolicy
  • compute.maintenancePolicies.list
  • compute.networkEndpointGroups.get
  • compute.networkEndpointGroups.getIamPolicy
  • compute.networkEndpointGroups.list
  • compute.networks.get
  • compute.networks.getEffectiveFirewalls
  • compute.networks.getRegionEffectiveFirewalls
  • compute.networks.list
  • compute.networks.listPeeringRoutes
  • compute.nodeGroups.get
  • compute.nodeGroups.getIamPolicy
  • compute.nodeGroups.list
  • compute.nodeTemplates.get
  • compute.nodeTemplates.getIamPolicy
  • compute.nodeTemplates.list
  • compute.nodeTypes.*
  • compute.organizations.listAssociations
  • compute.packetMirrorings.get
  • compute.packetMirrorings.list
  • compute.projects.get
  • compute.publicAdvertisedPrefixes.get
  • compute.publicAdvertisedPrefixes.list
  • compute.publicDelegatedPrefixes.get
  • compute.publicDelegatedPrefixes.list
  • compute.regionBackendServices.get
  • compute.regionBackendServices.getIamPolicy
  • compute.regionBackendServices.list
  • compute.regionFirewallPolicies.get
  • compute.regionFirewallPolicies.getIamPolicy
  • compute.regionFirewallPolicies.list
  • compute.regionHealthCheckServices.get
  • compute.regionHealthCheckServices.list
  • compute.regionHealthChecks.get
  • compute.regionHealthChecks.list
  • compute.regionNetworkEndpointGroups.get
  • compute.regionNetworkEndpointGroups.list
  • compute.regionNotificationEndpoints.get
  • compute.regionNotificationEndpoints.list
  • compute.regionOperations.get
  • compute.regionOperations.getIamPolicy
  • compute.regionOperations.list
  • compute.regionSslCertificates.get
  • compute.regionSslCertificates.list
  • compute.regionTargetHttpProxies.get
  • compute.regionTargetHttpProxies.list
  • compute.regionTargetHttpsProxies.get
  • compute.regionTargetHttpsProxies.list
  • compute.regionUrlMaps.get
  • compute.regionUrlMaps.list
  • compute.regionUrlMaps.validate
  • compute.regions.*
  • compute.reservations.get
  • compute.reservations.list
  • compute.resourcePolicies.get
  • compute.resourcePolicies.list
  • compute.routers.get
  • compute.routers.list
  • compute.routes.get
  • compute.routes.list
  • compute.securityPolicies.get
  • compute.securityPolicies.getIamPolicy
  • compute.securityPolicies.list
  • compute.serviceAttachments.get
  • compute.serviceAttachments.list
  • compute.snapshots.get
  • compute.snapshots.getIamPolicy
  • compute.snapshots.list
  • compute.snapshots.listEffectiveTags
  • compute.snapshots.listTagBindings
  • compute.sslCertificates.get
  • compute.sslCertificates.list
  • compute.sslPolicies.get
  • compute.sslPolicies.list
  • compute.sslPolicies.listAvailableFeatures
  • compute.subnetworks.get
  • compute.subnetworks.getIamPolicy
  • compute.subnetworks.list
  • compute.targetGrpcProxies.get
  • compute.targetGrpcProxies.list
  • compute.targetHttpProxies.get
  • compute.targetHttpProxies.list
  • compute.targetHttpsProxies.get
  • compute.targetHttpsProxies.list
  • compute.targetInstances.get
  • compute.targetInstances.list
  • compute.targetPools.get
  • compute.targetPools.list
  • compute.targetSslProxies.get
  • compute.targetSslProxies.list
  • compute.targetTcpProxies.get
  • compute.targetTcpProxies.list
  • compute.targetVpnGateways.get
  • compute.targetVpnGateways.list
  • compute.urlMaps.get
  • compute.urlMaps.list
  • compute.urlMaps.validate
  • compute.vpnGateways.get
  • compute.vpnGateways.list
  • compute.vpnTunnels.get
  • compute.vpnTunnels.list
  • compute.zoneOperations.get
  • compute.zoneOperations.getIamPolicy
  • compute.zoneOperations.list
  • compute.zones.*
  • notebooks.environments.get
  • notebooks.environments.getIamPolicy
  • notebooks.environments.list
  • notebooks.executions.get
  • notebooks.executions.getIamPolicy
  • notebooks.executions.list
  • notebooks.instances.checkUpgradability
  • notebooks.instances.get
  • notebooks.instances.getHealth
  • notebooks.instances.getIamPolicy
  • notebooks.instances.list
  • notebooks.locations.*
  • notebooks.operations.get
  • notebooks.operations.list
  • notebooks.runtimes.get
  • notebooks.runtimes.getIamPolicy
  • notebooks.runtimes.list
  • notebooks.schedules.get
  • notebooks.schedules.getIamPolicy
  • notebooks.schedules.list
  • resourcemanager.projects.get
  • resourcemanager.projects.list
  • serviceusage.quotas.get
  • serviceusage.services.get
  • serviceusage.services.list

AI Platform 역할

역할 권한

(roles/ml.admin)

AI Platform 리소스와 작업, 모델, 버전에 대한 전체 액세스 권한을 제공합니다.

이 역할을 부여할 수 있는 최하위 수준 리소스:

  • 프로젝트

소유자 권한 3개가 포함됩니다.

ml.*

  • ml.jobs.cancel
  • ml.jobs.create
  • ml.jobs.get
  • ml.jobs.getIamPolicy
  • ml.jobs.list
  • ml.jobs.setIamPolicy
  • ml.jobs.update
  • ml.locations.get
  • ml.locations.list
  • ml.models.create
  • ml.models.delete
  • ml.models.get
  • ml.models.getIamPolicy
  • ml.models.list
  • ml.models.predict
  • ml.models.setIamPolicy
  • ml.models.update
  • ml.operations.cancel
  • ml.operations.get
  • ml.operations.list
  • ml.projects.getConfig
  • ml.studies.create
  • ml.studies.delete
  • ml.studies.get
  • ml.studies.getIamPolicy
  • ml.studies.list
  • ml.studies.setIamPolicy
  • ml.trials.create
  • ml.trials.delete
  • ml.trials.get
  • ml.trials.list
  • ml.trials.update
  • ml.versions.create
  • ml.versions.delete
  • ml.versions.get
  • ml.versions.list
  • ml.versions.predict
  • ml.versions.update

resourcemanager.projects.get

(roles/ml.developer)

AI Platform 리소스를 사용하여 교육 및 예측용 모델, 버전, 작업을 만들고 온라인 예측 요청을 전송할 수 있는 권한을 제공합니다.

이 역할을 부여할 수 있는 최하위 수준 리소스:

  • 프로젝트

소유자 권한 1개가 포함됩니다.

ml.jobs.create

ml.jobs.get

ml.jobs.getIamPolicy

ml.jobs.list

ml.locations.*

  • ml.locations.get
  • ml.locations.list

ml.models.create

ml.models.get

ml.models.getIamPolicy

ml.models.list

ml.models.predict

ml.operations.get

ml.operations.list

ml.projects.getConfig

ml.studies.*

  • ml.studies.create
  • ml.studies.delete
  • ml.studies.get
  • ml.studies.getIamPolicy
  • ml.studies.list
  • ml.studies.setIamPolicy

ml.trials.*

  • ml.trials.create
  • ml.trials.delete
  • ml.trials.get
  • ml.trials.list
  • ml.trials.update

ml.versions.get

ml.versions.list

ml.versions.predict

resourcemanager.projects.get

(roles/ml.jobOwner)

특정 작업 리소스에 대한 모든 권한에 대한 전체 액세스 권한을 제공합니다. 이 역할은 작업을 만드는 사용자에게 자동으로 부여됩니다.

이 역할을 부여할 수 있는 최하위 수준 리소스:

  • 작업

소유자 권한 1개가 포함됩니다.

ml.jobs.*

  • ml.jobs.cancel
  • ml.jobs.create
  • ml.jobs.get
  • ml.jobs.getIamPolicy
  • ml.jobs.list
  • ml.jobs.setIamPolicy
  • ml.jobs.update

(roles/ml.modelOwner)

모델 및 버전에 대한 전체 액세스 권한을 제공합니다. 이 역할은 모델을 만드는 사용자에게 자동으로 부여됩니다.

이 역할을 부여할 수 있는 최하위 수준 리소스:

  • 모델

소유자 권한 1개가 포함됩니다.

ml.models.*

  • ml.models.create
  • ml.models.delete
  • ml.models.get
  • ml.models.getIamPolicy
  • ml.models.list
  • ml.models.predict
  • ml.models.setIamPolicy
  • ml.models.update

ml.versions.*

  • ml.versions.create
  • ml.versions.delete
  • ml.versions.get
  • ml.versions.list
  • ml.versions.predict
  • ml.versions.update

(roles/ml.modelUser)

모델 및 버전을 읽고 예측에 사용할 수 있는 권한을 제공합니다.

이 역할을 부여할 수 있는 최하위 수준 리소스:

  • 모델

ml.models.get

ml.models.predict

ml.versions.get

ml.versions.list

ml.versions.predict

(roles/ml.operationOwner)

특정 작업 리소스에 대한 모든 권한을 사용할 수 있는 전체 액세스 권한을 제공합니다.

이 역할을 부여할 수 있는 최하위 수준 리소스:

  • 작업

ml.operations.*

  • ml.operations.cancel
  • ml.operations.get
  • ml.operations.list

(roles/ml.viewer)

AI Platform 리소스에 대한 읽기 전용 액세스 권한을 제공합니다.

이 역할을 부여할 수 있는 최하위 수준 리소스:

  • 프로젝트

ml.jobs.get

ml.jobs.list

ml.locations.*

  • ml.locations.get
  • ml.locations.list

ml.models.get

ml.models.list

ml.operations.get

ml.operations.list

ml.projects.getConfig

ml.studies.get

ml.studies.getIamPolicy

ml.studies.list

ml.trials.get

ml.trials.list

ml.versions.get

ml.versions.list

resourcemanager.projects.get

Analytics Hub 역할

역할 권한

Analytics Hub 관리자
(roles/analyticshub.admin)

데이터 교환 및 등록정보를 관리합니다.

  • analyticshub.dataExchanges.*
  • analyticshub.listings.create
  • analyticshub.listings.delete
  • analyticshub.listings.get
  • analyticshub.listings.getIamPolicy
  • analyticshub.listings.list
  • analyticshub.listings.setIamPolicy
  • analyticshub.listings.update
  • resourcemanager.projects.get
  • resourcemanager.projects.list

Analytics Hub 목록 관리자
(roles/analyticshub.listingAdmin)

ACL 업데이트, 삭제, 설정을 포함하여 목록을 관리할 수 있는 전체 권한을 부여합니다.

  • analyticshub.dataExchanges.get
  • analyticshub.dataExchanges.getIamPolicy
  • analyticshub.dataExchanges.list
  • analyticshub.listings.delete
  • analyticshub.listings.get
  • analyticshub.listings.getIamPolicy
  • analyticshub.listings.list
  • analyticshub.listings.setIamPolicy
  • analyticshub.listings.update
  • resourcemanager.projects.get
  • resourcemanager.projects.list

Analytics Hub 게시자
(roles/analyticshub.publisher)

데이터 교환에 게시하여 등록정보를 만들 수 있습니다.

  • analyticshub.dataExchanges.get
  • analyticshub.dataExchanges.getIamPolicy
  • analyticshub.dataExchanges.list
  • analyticshub.listings.create
  • analyticshub.listings.get
  • analyticshub.listings.getIamPolicy
  • analyticshub.listings.list
  • resourcemanager.projects.get
  • resourcemanager.projects.list

Analytics Hub 구독자
(roles/analyticshub.subscriber)

데이터 교환을 탐색하고 등록정보를 구독할 수 있습니다.

  • analyticshub.dataExchanges.get
  • analyticshub.dataExchanges.getIamPolicy
  • analyticshub.dataExchanges.list
  • analyticshub.listings.get
  • analyticshub.listings.getIamPolicy
  • analyticshub.listings.list
  • analyticshub.listings.subscribe
  • resourcemanager.projects.get
  • resourcemanager.projects.list

Analytics Hub 뷰어
(roles/analyticshub.viewer)

데이터 교환 및 등록정보를 탐색할 수 있습니다.

  • analyticshub.dataExchanges.get
  • analyticshub.dataExchanges.getIamPolicy
  • analyticshub.dataExchanges.list
  • analyticshub.listings.get
  • analyticshub.listings.getIamPolicy
  • analyticshub.listings.list
  • resourcemanager.projects.get
  • resourcemanager.projects.list

Android 관리 역할

역할 권한

(roles/androidmanagement.user)

기기를 관리할 수 있는 전체 액세스 권한입니다.

androidmanagement.enterprises.manage

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Anthos 멀티 클라우드 역할

역할 권한

Anthos 멀티 클라우드 관리자
(roles/gkemulticloud.admin)

Anthos 멀티 클라우드 리소스에 대한 관리 액세스 권한입니다.

  • gkemulticloud.*
  • resourcemanager.projects.get
  • resourcemanager.projects.list

Anthos 멀티 클라우드 원격 분석 작성자
(roles/gkemulticloud.telemetryWriter)

로그, 측정항목, 리소스 메타데이터와 같은 클러스터 원격 분석 데이터를 작성할 수 있는 액세스 권한을 부여합니다.

  • logging.logEntries.create
  • monitoring.metricDescriptors.create
  • monitoring.metricDescriptors.get
  • monitoring.metricDescriptors.list
  • monitoring.monitoredResourceDescriptors.*
  • monitoring.timeSeries.create
  • opsconfigmonitoring.resourceMetadata.write

Anthos 멀티 클라우드 뷰어
(roles/gkemulticloud.viewer)

Anthos 멀티 클라우드 리소스에 대한 뷰어 액세스 권한입니다.

  • gkemulticloud.awsClusters.generateAccessToken
  • gkemulticloud.awsClusters.get
  • gkemulticloud.awsClusters.list
  • gkemulticloud.awsNodePools.get
  • gkemulticloud.awsNodePools.list
  • gkemulticloud.awsServerConfigs.get
  • gkemulticloud.azureClients.get
  • gkemulticloud.azureClients.list
  • gkemulticloud.azureClusters.generateAccessToken
  • gkemulticloud.azureClusters.get
  • gkemulticloud.azureClusters.list
  • gkemulticloud.azureNodePools.get
  • gkemulticloud.azureNodePools.list
  • gkemulticloud.azureServerConfigs.get
  • gkemulticloud.operations.get
  • gkemulticloud.operations.list
  • gkemulticloud.operations.wait
  • resourcemanager.projects.get
  • resourcemanager.projects.list

API 게이트웨이 역할

역할 권한

ApiGateway 관리자
(roles/apigateway.admin)

ApiGateway 및 관련 리소스에 대한 전체 액세스 권한입니다.

  • apigateway.*
  • monitoring.metricDescriptors.list
  • monitoring.monitoredResourceDescriptors.get
  • monitoring.timeSeries.list
  • resourcemanager.projects.get
  • resourcemanager.projects.list
  • servicemanagement.services.get
  • serviceusage.services.list

ApiGateway 뷰어
(roles/apigateway.viewer)

ApiGateway 및 관련 리소스에 대한 읽기 전용 액세스 권한입니다.

  • apigateway.apiconfigs.get
  • apigateway.apiconfigs.getIamPolicy
  • apigateway.apiconfigs.list
  • apigateway.apis.get
  • apigateway.apis.getIamPolicy
  • apigateway.apis.list
  • apigateway.gateways.get
  • apigateway.gateways.getIamPolicy
  • apigateway.gateways.list
  • apigateway.locations.*
  • apigateway.operations.get
  • apigateway.operations.list
  • monitoring.metricDescriptors.list
  • monitoring.monitoredResourceDescriptors.get
  • monitoring.timeSeries.list
  • resourcemanager.projects.get
  • resourcemanager.projects.list
  • servicemanagement.services.get
  • serviceusage.services.list

Apigee 역할

역할 권한

(roles/apigee.admin)

모든 Apigee 리소스 기능에 대한 전체 액세스 권한입니다.

1개 소유자 권한 포함

apigee.*

  • apigee.apiproductattributes.createOrUpdateAll
  • apigee.apiproductattributes.delete
  • apigee.apiproductattributes.get
  • apigee.apiproductattributes.list
  • apigee.apiproductattributes.update
  • apigee.apiproducts.create
  • apigee.apiproducts.delete
  • apigee.apiproducts.get
  • apigee.apiproducts.list
  • apigee.apiproducts.update
  • apigee.appkeys.create
  • apigee.appkeys.delete
  • apigee.appkeys.get
  • apigee.appkeys.manage
  • apigee.apps.get
  • apigee.apps.list
  • apigee.archivedeployments.create
  • apigee.archivedeployments.delete
  • apigee.archivedeployments.download
  • apigee.archivedeployments.get
  • apigee.archivedeployments.list
  • apigee.archivedeployments.update
  • apigee.archivedeployments.upload
  • apigee.caches.delete
  • apigee.caches.list
  • apigee.canaryevaluations.create
  • apigee.canaryevaluations.get
  • apigee.datacollectors.create
  • apigee.datacollectors.delete
  • apigee.datacollectors.get
  • apigee.datacollectors.list
  • apigee.datacollectors.update
  • apigee.datalocation.get
  • apigee.datastores.create
  • apigee.datastores.delete
  • apigee.datastores.get
  • apigee.datastores.list
  • apigee.datastores.update
  • apigee.deployments.create
  • apigee.deployments.delete
  • apigee.deployments.get
  • apigee.deployments.list
  • apigee.deployments.update
  • apigee.developerappattributes.createOrUpdateAll
  • apigee.developerappattributes.delete
  • apigee.developerappattributes.get
  • apigee.developerappattributes.list
  • apigee.developerappattributes.update
  • apigee.developerapps.create
  • apigee.developerapps.delete
  • apigee.developerapps.get
  • apigee.developerapps.list
  • apigee.developerapps.manage
  • apigee.developerattributes.createOrUpdateAll
  • apigee.developerattributes.delete
  • apigee.developerattributes.get
  • apigee.developerattributes.list
  • apigee.developerattributes.update
  • apigee.developerbalances.adjust
  • apigee.developerbalances.get
  • apigee.developerbalances.update
  • apigee.developermonetizationconfigs.get
  • apigee.developermonetizationconfigs.update
  • apigee.developers.create
  • apigee.developers.delete
  • apigee.developers.get
  • apigee.developers.list
  • apigee.developers.update
  • apigee.developersubscriptions.create
  • apigee.developersubscriptions.get
  • apigee.developersubscriptions.list
  • apigee.developersubscriptions.update
  • apigee.endpointattachments.create
  • apigee.endpointattachments.delete
  • apigee.endpointattachments.get
  • apigee.endpointattachments.list
  • apigee.envgroupattachments.create
  • apigee.envgroupattachments.delete
  • apigee.envgroupattachments.get
  • apigee.envgroupattachments.list
  • apigee.envgroups.create
  • apigee.envgroups.delete
  • apigee.envgroups.get
  • apigee.envgroups.list
  • apigee.envgroups.update
  • apigee.environments.create
  • apigee.environments.delete
  • apigee.environments.get
  • apigee.environments.getDataLocation
  • apigee.environments.getIamPolicy
  • apigee.environments.getStats
  • apigee.environments.list
  • apigee.environments.manageRuntime
  • apigee.environments.setIamPolicy
  • apigee.environments.update
  • apigee.exports.create
  • apigee.exports.get
  • apigee.exports.list
  • apigee.flowhooks.attachSharedFlow
  • apigee.flowhooks.detachSharedFlow
  • apigee.flowhooks.getSharedFlow
  • apigee.flowhooks.list
  • apigee.hostqueries.create
  • apigee.hostqueries.get
  • apigee.hostqueries.list
  • apigee.hostsecurityreports.create
  • apigee.hostsecurityreports.get
  • apigee.hostsecurityreports.list
  • apigee.hoststats.get
  • apigee.ingressconfigs.get
  • apigee.instanceattachments.create
  • apigee.instanceattachments.delete
  • apigee.instanceattachments.get
  • apigee.instanceattachments.list
  • apigee.instances.create
  • apigee.instances.delete
  • apigee.instances.get
  • apigee.instances.list
  • apigee.instances.reportStatus
  • apigee.keystorealiases.create
  • apigee.keystorealiases.delete
  • apigee.keystorealiases.exportCertificate
  • apigee.keystorealiases.generateCSR
  • apigee.keystorealiases.get
  • apigee.keystorealiases.list
  • apigee.keystorealiases.update
  • apigee.keystores.create
  • apigee.keystores.delete
  • apigee.keystores.export
  • apigee.keystores.get
  • apigee.keystores.list
  • apigee.keyvaluemapentries.create
  • apigee.keyvaluemapentries.delete
  • apigee.keyvaluemapentries.get
  • apigee.keyvaluemapentries.list
  • apigee.keyvaluemaps.create
  • apigee.keyvaluemaps.delete
  • apigee.keyvaluemaps.list
  • apigee.maskconfigs.get
  • apigee.maskconfigs.update
  • apigee.operations.get
  • apigee.operations.list
  • apigee.organizations.create
  • apigee.organizations.delete
  • apigee.organizations.get
  • apigee.organizations.list
  • apigee.organizations.update
  • apigee.portals.create
  • apigee.portals.delete
  • apigee.portals.get
  • apigee.portals.list
  • apigee.portals.update
  • apigee.projects.update
  • apigee.proxies.create
  • apigee.proxies.delete
  • apigee.proxies.get
  • apigee.proxies.list
  • apigee.proxies.update
  • apigee.proxyrevisions.delete
  • apigee.proxyrevisions.deploy
  • apigee.proxyrevisions.get
  • apigee.proxyrevisions.list
  • apigee.proxyrevisions.undeploy
  • apigee.proxyrevisions.update
  • apigee.queries.create
  • apigee.queries.get
  • apigee.queries.list
  • apigee.rateplans.create
  • apigee.rateplans.delete
  • apigee.rateplans.get
  • apigee.rateplans.list
  • apigee.rateplans.update
  • apigee.references.create
  • apigee.references.delete
  • apigee.references.get
  • apigee.references.list
  • apigee.references.update
  • apigee.reports.create
  • apigee.reports.delete
  • apigee.reports.get
  • apigee.reports.list
  • apigee.reports.update
  • apigee.resourcefiles.create
  • apigee.resourcefiles.delete
  • apigee.resourcefiles.get
  • apigee.resourcefiles.list
  • apigee.resourcefiles.update
  • apigee.runtimeconfigs.get
  • apigee.securityProfileEnvironments.computeScore
  • apigee.securityProfileEnvironments.create
  • apigee.securityProfileEnvironments.delete
  • apigee.securityProfiles.get
  • apigee.securityProfiles.list
  • apigee.securityStats.queryTabularStats
  • apigee.securityStats.queryTimeSeriesStats
  • apigee.securityreports.create
  • apigee.securityreports.get
  • apigee.securityreports.list
  • apigee.sharedflowrevisions.delete
  • apigee.sharedflowrevisions.deploy
  • apigee.shareflowrevisions.get
  • apigee.sharedflowrevisions.list
  • apigee.sharedflowrevisions.undeploy
  • apigee.sharedflowrevisions.update
  • apigee.sharedflows.create
  • apigee.sharedflows.delete
  • apigee.shareflows.get
  • apigee.sharedflows.list
  • apigee.targetservers.create
  • apigee.targetservers.delete
  • apigee.targetservers.get
  • apigee.targetservers.list
  • apigee.targetservers.update
  • apigee.tracesessions.create
  • apigee.tracesessions.delete
  • apigee.tracesessions.get
  • apigee.tracesessions.list

monitoring.timeSeries.list

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

resourcemanager.projects.list

(roles/apigee.analyticsAgent)

Apigee 조직의 분석을 관리하는 Apigee 범용 데이터 수집 에이전트의 선별된 권한 집합입니다.

apigee.datalocation.get

apigee.environments.getDataLocation

apigee.runtimeconfigs.get

(roles/apigee.analyticsEditor)

Apigee 조직의 애널리틱스 편집자입니다.

apigee.datacollectors.*

  • apigee.datacollectors.create
  • apigee.datacollectors.delete
  • apigee.datacollectors.get
  • apigee.datacollectors.list
  • apigee.datacollectors.update

apigee.datastores.*

  • apigee.datastores.create
  • apigee.datastores.delete
  • apigee.datastores.get
  • apigee.datastores.list
  • apigee.datastores.update

apigee.envgroupattachments.get

apigee.envgroupattachments.list

apigee.envgroups.get

apigee.envgroups.list

apigee.environments.get

apigee.environments.getStats

apigee.environments.list

apigee.exports.*

  • apigee.exports.create
  • apigee.exports.get
  • apigee.exports.list

apigee.hostqueries.*

  • apigee.hostqueries.create
  • apigee.hostqueries.get
  • apigee.hostqueries.list

apigee.hoststats.get

apigee.organizations.get

apigee.organizations.list

apigee.queries.*

  • apigee.queries.create
  • apigee.queries.get
  • apigee.queries.list

apigee.reports.*

  • apigee.reports.create
  • apigee.reports.delete
  • apigee.reports.get
  • apigee.reports.list
  • apigee.reports.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/apigee.analyticsViewer)

Apigee 조직의 애널리틱스 뷰어입니다.

apigee.datacollectors.get

apigee.datacollectors.list

apigee.datastores.get

apigee.datastores.list

apigee.envgroupattachments.get

apigee.envgroupattachments.list

apigee.envgroups.get

apigee.envgroups.list

apigee.environments.get

apigee.environments.getStats

apigee.environments.list

apigee.exports.get

apigee.exports.list

apigee.hostqueries.get

apigee.hostqueries.list

apigee.hoststats.get

apigee.organizations.get

apigee.organizations.list

apigee.queries.get

apigee.queries.list

apigee.reports.get

apigee.reports.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/apigee.apiAdminV2)

모든 Apigee API 리소스에 대한 전체 읽기/쓰기 액세스 권한입니다.

apigee.apiproductattributes.*

  • apigee.apiproductattributes.createOrUpdateAll
  • apigee.apiproductattributes.delete
  • apigee.apiproductattributes.get
  • apigee.apiproductattributes.list
  • apigee.apiproductattributes.update

apigee.apiproducts.*

  • apigee.apiproducts.create
  • apigee.apiproducts.delete
  • apigee.apiproducts.get
  • apigee.apiproducts.list
  • apigee.apiproducts.update

apigee.envgroupattachments.get

apigee.envgroupattachments.list

apigee.envgroups.get

apigee.envgroups.list

apigee.environments.get

apigee.environments.getStats

apigee.environments.list

apigee.keyvaluemapentries.*

  • apigee.keyvaluemapentries.create
  • apigee.keyvaluemapentries.delete
  • apigee.keyvaluemapentries.get
  • apigee.keyvaluemapentries.list

apigee.keyvaluemaps.*

  • apigee.keyvaluemaps.create
  • apigee.keyvaluemaps.delete
  • apigee.keyvaluemaps.list

apigee.organizations.get

apigee.organizations.list

apigee.proxies.*

  • apigee.proxies.create
  • apigee.proxies.delete
  • apigee.proxies.get
  • apigee.proxies.list
  • apigee.proxies.update

apigee.proxyrevisions.*

  • apigee.proxyrevisions.delete
  • apigee.proxyrevisions.deploy
  • apigee.proxyrevisions.get
  • apigee.proxyrevisions.list
  • apigee.proxyrevisions.undeploy
  • apigee.proxyrevisions.update

apigee.sharedflowrevisions.*

  • apigee.sharedflowrevisions.delete
  • apigee.sharedflowrevisions.deploy
  • apigee.shareflowrevisions.get
  • apigee.sharedflowrevisions.list
  • apigee.sharedflowrevisions.undeploy
  • apigee.sharedflowrevisions.update

apigee.sharedflows.*

  • apigee.sharedflows.create
  • apigee.sharedflows.delete
  • apigee.shareflows.get
  • apigee.sharedflows.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/apigee.apiReaderV2)

Apigee 리소스의 리더입니다.

apigee.apiproductattributes.get

apigee.apiproductattributes.list

apigee.apiproducts.get

apigee.apiproducts.list

apigee.envgroupattachments.get

apigee.envgroupattachments.list

apigee.envgroups.get

apigee.envgroups.list

apigee.environments.get

apigee.environments.getStats

apigee.environments.list

apigee.keyvaluemapentries.get

apigee.keyvaluemapentries.list

apigee.keyvaluemaps.list

apigee.organizations.get

apigee.organizations.list

apigee.proxies.get

apigee.proxies.list

apigee.proxyrevisions.deploy

apigee.proxyrevisions.get

apigee.proxyrevisions.list

apigee.proxyrevisions.undeploy

apigee.sharedflowrevisions.deploy

apigee.shareflowrevisions.get

apigee.sharedflowrevisions.list

apigee.sharedflowrevisions.undeploy

apigee.shareflows.get

apigee.sharedflows.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/apigee.developerAdmin)

Apigee 리소스의 개발자 관리자입니다.

apigee.apiproductattributes.get

apigee.apiproductattributes.list

apigee.apiproducts.get

apigee.apiproducts.list

apigee.appkeys.*

  • apigee.appkeys.create
  • apigee.appkeys.delete
  • apigee.appkeys.get
  • apigee.appkeys.manage

apigee.apps.*

  • apigee.apps.get
  • apigee.apps.list

apigee.datacollectors.*

  • apigee.datacollectors.create
  • apigee.datacollectors.delete
  • apigee.datacollectors.get
  • apigee.datacollectors.list
  • apigee.datacollectors.update

apigee.developerappattributes.*

  • apigee.developerappattributes.createOrUpdateAll
  • apigee.developerappattributes.delete
  • apigee.developerappattributes.get
  • apigee.developerappattributes.list
  • apigee.developerappattributes.update

apigee.developerapps.*

  • apigee.developerapps.create
  • apigee.developerapps.delete
  • apigee.developerapps.get
  • apigee.developerapps.list
  • apigee.developerapps.manage

apigee.developerattributes.*

  • apigee.developerattributes.createOrUpdateAll
  • apigee.developerattributes.delete
  • apigee.developerattributes.get
  • apigee.developerattributes.list
  • apigee.developerattributes.update

apigee.developerbalances.*

  • apigee.developerbalances.adjust
  • apigee.developerbalances.get
  • apigee.developerbalances.update

apigee.developermonetizationconfigs.*

  • apigee.developermonetizationconfigs.get
  • apigee.developermonetizationconfigs.update

apigee.developers.*

  • apigee.developers.create
  • apigee.developers.delete
  • apigee.developers.get
  • apigee.developers.list
  • apigee.developers.update

apigee.developersubscriptions.*

  • apigee.developersubscriptions.create
  • apigee.developersubscriptions.get
  • apigee.developersubscriptions.list
  • apigee.developersubscriptions.update

apigee.environments.get

apigee.environments.getStats

apigee.hoststats.get

apigee.organizations.get

apigee.organizations.list

apigee.rateplans.get

apigee.rateplans.list

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

resourcemanager.projects.list

(roles/apigee.environmentAdmin)

배포를 포함한 Apigee 환경 리소스에 대한 전체 읽기/쓰기 액세스 권한입니다.

1개 소유자 권한 포함

apigee.archivedeployments.*

  • apigee.archivedeployments.create
  • apigee.archivedeployments.delete
  • apigee.archivedeployments.download
  • apigee.archivedeployments.get
  • apigee.archivedeployments.list
  • apigee.archivedeployments.update
  • apigee.archivedeployments.upload

apigee.datacollectors.get

apigee.datacollectors.list

apigee.deployments.*

  • apigee.deployments.create
  • apigee.deployments.delete
  • apigee.deployments.get
  • apigee.deployments.list
  • apigee.deployments.update

apigee.envgroupattachments.get

apigee.envgroupattachments.list

apigee.envgroups.get

apigee.envgroups.list

apigee.environments.get

apigee.environments.getIamPolicy

apigee.environments.getStats

apigee.environments.list

apigee.environments.setIamPolicy

apigee.environments.update

apigee.flowhooks.*

  • apigee.flowhooks.attachSharedFlow
  • apigee.flowhooks.detachSharedFlow
  • apigee.flowhooks.getSharedFlow
  • apigee.flowhooks.list

apigee.ingressconfigs.get

apigee.keystorealiases.*

  • apigee.keystorealiases.create
  • apigee.keystorealiases.delete
  • apigee.keystorealiases.exportCertificate
  • apigee.keystorealiases.generateCSR
  • apigee.keystorealiases.get
  • apigee.keystorealiases.list
  • apigee.keystorealiases.update

apigee.keystores.*

  • apigee.keystores.create
  • apigee.keystores.delete
  • apigee.keystores.export
  • apigee.keystores.get
  • apigee.keystores.list

apigee.keyvaluemaps.*

  • apigee.keyvaluemaps.create
  • apigee.keyvaluemaps.delete
  • apigee.keyvaluemaps.list

apigee.maskconfigs.*

  • apigee.maskconfigs.get
  • apigee.maskconfigs.update

apigee.organizations.get

apigee.organizations.list

apigee.proxies.get

apigee.proxies.list

apigee.proxyrevisions.deploy

apigee.proxyrevisions.get

apigee.proxyrevisions.list

apigee.proxyrevisions.undeploy

apigee.references.*

  • apigee.references.create
  • apigee.references.delete
  • apigee.references.get
  • apigee.references.list
  • apigee.references.update

apigee.resourcefiles.*

  • apigee.resourcefiles.create
  • apigee.resourcefiles.delete
  • apigee.resourcefiles.get
  • apigee.resourcefiles.list
  • apigee.resourcefiles.update

apigee.sharedflowrevisions.deploy

apigee.shareflowrevisions.get

apigee.sharedflowrevisions.list

apigee.sharedflowrevisions.undeploy

apigee.shareflows.get

apigee.sharedflows.list

apigee.targetservers.*

  • apigee.targetservers.create
  • apigee.targetservers.delete
  • apigee.targetservers.get
  • apigee.targetservers.list
  • apigee.targetservers.update

apigee.tracesessions.*

  • apigee.tracesessions.create
  • apigee.tracesessions.delete
  • apigee.tracesessions.get
  • apigee.tracesessions.list

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

resourcemanager.projects.list

(roles/apigee.monetizationAdmin)

수익 창출과 관련된 모든 권한입니다.

apigee.apiproducts.get

apigee.apiproducts.list

apigee.developerbalances.*

  • apigee.developerbalances.adjust
  • apigee.developerbalances.get
  • apigee.developerbalances.update

apigee.developermonetizationconfigs.*

  • apigee.developermonetizationconfigs.get
  • apigee.developermonetizationconfigs.update

apigee.developersubscriptions.*

  • apigee.developersubscriptions.create
  • apigee.developersubscriptions.get
  • apigee.developersubscriptions.list
  • apigee.developersubscriptions.update

apigee.organizations.get

apigee.organizations.list

apigee.rateplans.*

  • apigee.rateplans.create
  • apigee.rateplans.delete
  • apigee.rateplans.get
  • apigee.rateplans.list
  • apigee.rateplans.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/apigee.portalAdmin)

Apigee 조직의 포털 관리자입니다.

apigee.organizations.get

apigee.organizations.list

apigee.portals.*

  • apigee.portals.create
  • apigee.portals.delete
  • apigee.portals.get
  • apigee.portals.list
  • apigee.portals.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/apigee.readOnlyAdmin)

모든 Apigee 리소스의 뷰어입니다.

apigee.apiproductattributes.get

apigee.apiproductattributes.list

apigee.apiproducts.get

apigee.apiproducts.list

apigee.appkeys.get

apigee.apps.*

  • apigee.apps.get
  • apigee.apps.list

apigee.archivedeployments.download

apigee.archivedeployments.get

apigee.archivedeployments.list

apigee.caches.list

apigee.canaryevaluations.get

apigee.datacollectors.get

apigee.datacollectors.list

apigee.datalocation.get

apigee.datastores.get

apigee.datastores.list

apigee.deployments.get

apigee.deployments.list

apigee.developerappattributes.get

apigee.developerappattributes.list

apigee.developerapps.get

apigee.developerapps.list

apigee.developerattributes.get

apigee.developerattributes.list

apigee.developerbalances.get

apigee.developermonetizationconfigs.get

apigee.developers.get

apigee.developers.list

apigee.developersubscriptions.get

apigee.developersubscriptions.list

apigee.endpointattachments.get

apigee.endpointattachments.list

apigee.envgroupattachments.get

apigee.envgroupattachments.list

apigee.envgroups.get

apigee.envgroups.list

apigee.environments.get

apigee.environments.getDataLocation

apigee.environments.getIamPolicy

apigee.environments.getStats

apigee.environments.list

apigee.exports.get

apigee.exports.list

apigee.flowhooks.getSharedFlow

apigee.flowhooks.list

apigee.hostqueries.get

apigee.hostqueries.list

apigee.hostsecurityreports.get

apigee.hostsecurityreports.list

apigee.hoststats.get

apigee.ingressconfigs.get

apigee.instanceattachments.get

apigee.instanceattachments.list

apigee.instances.get

apigee.instances.list

apigee.keystorealiases.get

apigee.keystorealiases.list

apigee.keystores.get

apigee.keystores.list

apigee.keyvaluemapentries.get

apigee.keyvaluemapentries.list

apigee.keyvaluemaps.list

apigee.maskconfigs.get

apigee.operations.*

  • apigee.operations.get
  • apigee.operations.list

apigee.organizations.get

apigee.organizations.list

apigee.portals.get

apigee.portals.list

apigee.proxies.get

apigee.proxies.list

apigee.proxyrevisions.get

apigee.proxyrevisions.list

apigee.queries.get

apigee.queries.list

apigee.rateplans.get

apigee.rateplans.list

apigee.references.get

apigee.references.list

apigee.reports.get

apigee.reports.list

apigee.resourcefiles.get

apigee.resourcefiles.list

apigee.runtimeconfigs.get

apigee.securityProfileEnvironments.computeScore

apigee.securityProfiles.*

  • apigee.securityProfiles.get
  • apigee.securityProfiles.list

apigee.securityStats.*

  • apigee.securityStats.queryTabularStats
  • apigee.securityStats.queryTimeSeriesStats

apigee.securityreports.get

apigee.securityreports.list

apigee.shareflowrevisions.get

apigee.sharedflowrevisions.list

apigee.shareflows.get

apigee.sharedflows.list

apigee.targetservers.get

apigee.targetservers.list

apigee.tracesessions.get

apigee.tracesessions.list

monitoring.timeSeries.list

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

resourcemanager.projects.list

(roles/apigee.runtimeAgent)

Apigee 조직 리소스에 액세스할 수 있는 런타임 에이전트의 선별된 권한 집합입니다.

apigee.canaryevaluations.*

  • apigee.canaryevaluations.create
  • apigee.canaryevaluations.get

apigee.ingressconfigs.get

apigee.instances.reportStatus

apigee.operations.*

  • apigee.operations.get
  • apigee.operations.list

apigee.organizations.get

apigee.runtimeconfigs.get

(roles/apigee.securityAdmin)

Apigee 조직의 보안 관리자입니다.

apigee.envgroupattachments.get

apigee.envgroupattachments.list

apigee.envgroups.get

apigee.envgroups.list

apigee.environments.get

apigee.environments.list

apigee.hostsecurityreports.*

  • apigee.hostsecurityreports.create
  • apigee.hostsecurityreports.get
  • apigee.hostsecurityreports.list

apigee.organizations.get

apigee.organizations.list

apigee.securityProfileEnvironments.*

  • apigee.securityProfileEnvironments.computeScore
  • apigee.securityProfileEnvironments.create
  • apigee.securityProfileEnvironments.delete

apigee.securityProfiles.*

  • apigee.securityProfiles.get
  • apigee.securityProfiles.list

apigee.securityStats.*

  • apigee.securityStats.queryTabularStats
  • apigee.securityStats.queryTimeSeriesStats

apigee.securityreports.*

  • apigee.securityreports.create
  • apigee.securityreports.get
  • apigee.securityreports.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/apigee.securityViewer)

Apigee 조직의 보안 뷰어입니다.

apigee.envgroupattachments.get

apigee.envgroupattachments.list

apigee.envgroups.get

apigee.envgroups.list

apigee.environments.get

apigee.environments.list

apigee.hostsecurityreports.get

apigee.hostsecurityreports.list

apigee.organizations.get

apigee.organizations.list

apigee.securityProfileEnvironments.computeScore

apigee.securityProfiles.*

  • apigee.securityProfiles.get
  • apigee.securityProfiles.list

apigee.securityStats.*

  • apigee.securityStats.queryTabularStats
  • apigee.securityStats.queryTimeSeriesStats

apigee.securityreports.get

apigee.securityreports.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/apigee.synchronizerManager)

Apigee 조직의 환경을 관리하는 동기화 담당자의 선별된 권한 집합입니다.

apigee.environments.get

apigee.environments.manageRuntime

apigee.ingressconfigs.get

(roles/apigeeconnect.Admin)

Apigee Connect 관리자입니다.

apigeeconnect.connections.list

(roles/apigeeconnect.Agent)

외부 클러스터와 Google 간 Apigee Connect 에이전트를 설정할 수 있습니다.

apigeeconnect.endpoints.connect

Apigee 레지스트리 역할

역할 권한

(roles/apigeeregistry.admin)

Cloud Apigee Registry 레지스트리 및 런타임 리소스에 대한 전체 액세스 권한입니다.

4개 소유자 권한 포함

apigeeregistry.*

  • apigeeregistry.apis.create
  • apigeeregistry.apis.delete
  • apigeeregistry.apis.get
  • apigeeregistry.apis.getIamPolicy
  • apigeeregistry.apis.list
  • apigeeregistry.apis.setIamPolicy
  • apigeeregistry.apis.update
  • apigeeregistry.artifacts.create
  • apigeeregistry.artifacts.delete
  • apigeeregistry.artifacts.get
  • apigeeregistry.artifacts.getIamPolicy
  • apigeeregistry.artifacts.list
  • apigeeregistry.artifacts.setIamPolicy
  • apigeeregistry.artifacts.update
  • apigeeregistry.deployments.create
  • apigeeregistry.deployments.delete
  • apigeeregistry.deployments.get
  • apigeeregistry.deployments.list
  • apigeeregistry.deployments.update
  • apigeeregistry.instances.get
  • apigeeregistry.instances.update
  • apigeeregistry.locations.get
  • apigeeregistry.locations.list
  • apigeeregistry.operations.cancel
  • apigeeregistry.operations.delete
  • apigeeregistry.operations.get
  • apigeeregistry.operations.list
  • apigeeregistry.specs.create
  • apigeeregistry.specs.delete
  • apigeeregistry.specs.get
  • apigeeregistry.specs.getIamPolicy
  • apigeeregistry.specs.list
  • apigeeregistry.specs.setIamPolicy
  • apigeeregistry.specs.update
  • apigeeregistry.versions.create
  • apigeeregistry.versions.delete
  • apigeeregistry.versions.get
  • apigeeregistry.versions.getIamPolicy
  • apigeeregistry.versions.list
  • apigeeregistry.versions.setIamPolicy
  • apigeeregistry.versions.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/apigeeregistry.editor)

Cloud Apigee Registry 레지스트리 리소스에 대한 수정 액세스 권한입니다.

apigeeregistry.apis.create

apigeeregistry.apis.delete

apigeeregistry.apis.get

apigeeregistry.apis.getIamPolicy

apigeeregistry.apis.list

apigeeregistry.apis.update

apigeeregistry.artifacts.create

apigeeregistry.artifacts.delete

apigeeregistry.artifacts.get

apigeeregistry.artifacts.getIamPolicy

apigeeregistry.artifacts.list

apigeeregistry.artifacts.update

apigeeregistry.deployments.*

  • apigeeregistry.deployments.create
  • apigeeregistry.deployments.delete
  • apigeeregistry.deployments.get
  • apigeeregistry.deployments.list
  • apigeeregistry.deployments.update

apigeeregistry.specs.create

apigeeregistry.specs.delete

apigeeregistry.specs.get

apigeeregistry.specs.getIamPolicy

apigeeregistry.specs.list

apigeeregistry.specs.update

apigeeregistry.versions.create

apigeeregistry.versions.delete

apigeeregistry.versions.get

apigeeregistry.versions.getIamPolicy

apigeeregistry.versions.list

apigeeregistry.versions.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/apigeeregistry.viewer)

Cloud Apigee Registry 레지스트리 리소스에 대한 읽기 전용 액세스 권한입니다.

apigeeregistry.apis.get

apigeeregistry.apis.list

apigeeregistry.artifacts.get

apigeeregistry.artifacts.list

apigeeregistry.deployments.get

apigeeregistry.deployments.list

apigeeregistry.specs.get

apigeeregistry.specs.list

apigeeregistry.versions.get

apigeeregistry.versions.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/apigeeregistry.worker)

Apigee Registry 애플리케이션 작업자가 Apigee Registry 아티팩트를 읽고 업데이트하는 데 사용하는 역할입니다.

apigeeregistry.apis.get

apigeeregistry.apis.list

apigeeregistry.apis.update

apigeeregistry.artifacts.create

apigeeregistry.artifacts.delete

apigeeregistry.artifacts.get

apigeeregistry.artifacts.list

apigeeregistry.artifacts.update

apigeeregistry.deployments.get

apigeeregistry.deployments.list

apigeeregistry.deployments.update

apigeeregistry.specs.get

apigeeregistry.specs.list

apigeeregistry.specs.update

apigeeregistry.versions.get

apigeeregistry.versions.list

apigeeregistry.versions.update

resourcemanager.projects.get

resourcemanager.projects.list

App Engine 역할

역할 권한

(roles/appengine.appAdmin)

모든 애플리케이션 구성 및 설정에 대한 읽기/쓰기/수정 액세스

새 버전을 배포하려면 주 구성원은 App Engine 기본 서비스 계정에 대한 서비스 계정 사용자(roles/iam.serviceAccountUser) 역할이 있어야 하며 프로젝트에 대한 Cloud Build 편집자(roles/cloudbuild.builds.editor) 및 Cloud Storage 객체 관리자(roles/storage.objectAdmin) 역할이 있어야 합니다.

이 역할을 부여할 수 있는 최하위 수준 리소스:

  • 프로젝트

appengine.applications.get

appengine.applications.update

appengine.instances.*

  • appengine.instances.delete
  • appengine.instances.get
  • appengine.instances.list

appengine.memcache.addKey

appengine.memcache.flush

appengine.memcache.get

appengine.memcache.update

appengine.operations.*

  • appengine.operations.get
  • appengine.operations.list

appengine.runtimes.actAsAdmin

appengine.services.*

  • appengine.services.delete
  • appengine.services.get
  • appengine.services.list
  • appengine.services.update

appengine.versions.create

appengine.versions.delete

appengine.versions.get

appengine.versions.list

appengine.versions.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/appengine.appCreator)

프로젝트의 App Engine 리소스를 만들 수 있습니다.

이 역할을 부여할 수 있는 최하위 수준 리소스:

  • 프로젝트

소유자 권한 1개가 포함됩니다.

appengine.applications.create

resourcemanager.projects.get

resourcemanager.projects.list

(roles/appengine.appViewer)

모든 애플리케이션 구성과 설정에 대한 읽기 전용 액세스입니다.

이 역할을 부여할 수 있는 최하위 수준 리소스:

  • 프로젝트

appengine.applications.get

appengine.instances.get

appengine.instances.list

appengine.operations.*

  • appengine.operations.get
  • appengine.operations.list

appengine.services.get

appengine.services.list

appengine.versions.get

appengine.versions.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/appengine.codeViewer)

모든 애플리케이션 구성, 설정, 배포된 소스 코드에 대한 읽기 전용 액세스입니다.

이 역할을 부여할 수 있는 최하위 수준 리소스:

  • 프로젝트

소유자 권한 1개가 포함됩니다.

appengine.applications.get

appengine.instances.get

appengine.instances.list

appengine.operations.*

  • appengine.operations.get
  • appengine.operations.list

appengine.services.get

appengine.services.list

appengine.versions.get

appengine.versions.getFileContents

appengine.versions.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/appengine.deployer)

모든 애플리케이션 구성과 설정에 대한 읽기 전용 액세스입니다.

새 버전을 배포하려면 사용자는 App Engine 기본 서비스 계정에 대한 서비스 계정 사용자(roles/iam.serviceAccountUser) 역할이 있어야 하며 프로젝트에 대한 Cloud Build 편집자(roles/cloudbuild.builds.editor) 및 Cloud Storage 객체 관리자(roles/storage.objectAdmin) 역할이 있어야 합니다.

트래픽을 수신하지 않는 버전을 삭제하는 경우를 제외하고 기존 버전을 수정할 수 없습니다.

이 역할을 부여할 수 있는 최하위 수준 리소스:

  • 프로젝트

appengine.applications.get

appengine.instances.get

appengine.instances.list

appengine.operations.*

  • appengine.operations.get
  • appengine.operations.list

appengine.services.get

appengine.services.list

appengine.versions.create

appengine.versions.delete

appengine.versions.get

appengine.versions.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/appengine.memcacheDataAdmin)

App Engine Memcache 항목을 가져오고 설정, 삭제, 플러시할 수 있습니다.

appengine.applications.get

appengine.memcache.addKey

appengine.memcache.flush

appengine.memcache.get

appengine.memcache.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/appengine.serviceAdmin)

모든 애플리케이션 구성과 설정에 대한 읽기 전용 액세스입니다.

모듈 수준 및 버전 수준 설정에 대한 쓰기 액세스 권한이 있습니다. 새로운 버전을 배포할 수 없습니다.

이 역할을 부여할 수 있는 최하위 수준 리소스:

  • 프로젝트

appengine.applications.get

appengine.instances.*

  • appengine.instances.delete
  • appengine.instances.get
  • appengine.instances.list

appengine.operations.*

  • appengine.operations.get
  • appengine.operations.list

appengine.services.*

  • appengine.services.delete
  • appengine.services.get
  • appengine.services.list
  • appengine.services.update

appengine.versions.delete

appengine.versions.get

appengine.versions.list

appengine.versions.update

resourcemanager.projects.get

resourcemanager.projects.list

Artifact Registry 역할

역할 권한

Artifact Registry 관리자
(roles/artifactregistry.admin)

저장소를 만들고 관리할 수 있는 관리자 액세스 권한

  • artifactregistry.*

Artifact Registry 리더
(roles/artifactregistry.reader)

저장소 항목에 대한 읽기 액세스 권한

  • artifactregistry.dockerimages.*
  • artifactregistry.files.*
  • artifactregistry.locations.*
  • artifactregistry.mavenartifacts.*
  • artifactregistry.npmpackages.*
  • artifactregistry.packages.get
  • artifactregistry.packages.list
  • artifactregistry.pythonpackages.*
  • artifactregistry.repositories.downloadArtifacts
  • artifactregistry.repositories.get
  • artifactregistry.repositories.list
  • artifactregistry.repositories.listEffectiveTags
  • artifactregistry.repositories.listTagBindings
  • artifactregistry.tags.get
  • artifactregistry.tags.list
  • artifactregistry.versions.get
  • artifactregistry.versions.list

Artifact Registry 저장소 관리자
(roles/artifactregistry.repoAdmin)

저장소의 아티팩트를 관리할 수 있는 액세스 권한입니다.

  • artifactregistry.aptartifacts.create
  • artifactregistry.dockerimages.*
  • artifactregistry.files.*
  • artifactregistry.locations.*
  • artifactregistry.mavenartifacts.*
  • artifactregistry.npmpackages.*
  • artifactregistry.packages.*
  • artifactregistry.pythonpackages.*
  • artifactregistry.repositories.deleteArtifacts
  • artifactregistry.repositories.downloadArtifacts
  • artifactregistry.repositories.get
  • artifactregistry.repositories.list
  • artifactregistry.repositories.listEffectiveTags
  • artifactregistry.repositories.listTagBindings
  • artifactregistry.repositories.uploadArtifacts
  • artifactregistry.tags.*
  • artifactregistry.versions.*
  • artifactregistry.yumartifacts.create

Artifact Registry 작성자
(roles/artifactregistry.writer)

저장소 항목에 대한 읽기 및 쓰기 액세스 권한

  • artifactregistry.aptartifacts.create
  • artifactregistry.dockerimages.*
  • artifactregistry.files.*
  • artifactregistry.locations.*
  • artifactregistry.mavenartifacts.*
  • artifactregistry.npmpackages.*
  • artifactregistry.packages.get
  • artifactregistry.packages.list
  • artifactregistry.pythonpackages.*
  • artifactregistry.repositories.downloadArtifacts
  • artifactregistry.repositories.get
  • artifactregistry.repositories.list
  • artifactregistry.repositories.listEffectiveTags
  • artifactregistry.repositories.listTagBindings
  • artifactregistry.repositories.uploadArtifacts
  • artifactregistry.tags.create
  • artifactregistry.tags.get
  • artifactregistry.tags.list
  • artifactregistry.tags.update
  • artifactregistry.versions.get
  • artifactregistry.versions.list
  • artifactregistry.yumartifacts.create

Assured Workloads 역할

역할 권한

Assured Workloads 관리자
(roles/assuredworkloads.admin)

Assured Workloads 리소스, CRM 리소스(프로젝트/폴더), 조직 정책 관리에 대한 전체 액세스 권한을 부여합니다.

  • assuredworkloads.*
  • logging.cmekSettings.update
  • orgpolicy.policy.*
  • resourcemanager.folders.create
  • resourcemanager.folders.get
  • resourcemanager.folders.list
  • resourcemanager.organizations.get
  • resourcemanager.projects.create
  • resourcemanager.projects.get
  • resourcemanager.projects.list

Assured Workloads 편집자
(roles/assuredworkloads.editor)

Assured Workloads 리소스, CRM 리소스(프로젝트/폴더), 조직 정책 관리에 대한 읽기/쓰기 액세스 권한을 부여합니다.

  • assuredworkloads.*
  • orgpolicy.policy.*
  • resourcemanager.folders.create
  • resourcemanager.folders.get
  • resourcemanager.folders.list
  • resourcemanager.organizations.get
  • resourcemanager.projects.create
  • resourcemanager.projects.get
  • resourcemanager.projects.list

Assured Workloads 리더
(roles/assuredworkloads.reader)

모든 Assured Workloads 리소스, CRM 리소스(프로젝트/폴더)에 대한 읽기 액세스 권한을 부여합니다.

  • assuredworkloads.operations.*
  • assuredworkloads.violations.get
  • assuredworkloads.violations.list
  • assuredworkloads.workload.get
  • assuredworkloads.workload.list
  • resourcemanager.folders.get
  • resourcemanager.folders.list
  • resourcemanager.organizations.get
  • resourcemanager.projects.get
  • resourcemanager.projects.list

AutoML 역할

역할 권한

AutoML 관리자 베타
(roles/automl.admin)

모든 AutoML 리소스에 대한 전체 액세스 권한입니다.

이 역할을 부여할 수 있는 최하위 수준 리소스:

  • 데이터 세트
  • 모델
  • automl.*
  • resourcemanager.projects.get
  • resourcemanager.projects.list
  • serviceusage.services.list

AutoML 편집자 베타
(roles/automl.editor)

모든 AutoML 리소스의 편집자입니다.

이 역할을 부여할 수 있는 최하위 수준 리소스:

  • 데이터 세트
  • 모델
  • automl.annotationSpecs.*
  • automl.annotations.*
  • automl.columnSpecs.*
  • automl.datasets.create
  • automl.datasets.delete
  • automl.datasets.export
  • automl.datasets.get
  • automl.datasets.import
  • automl.datasets.list
  • automl.datasets.update
  • automl.examples.*
  • automl.files.*
  • automl.humanAnnotationTasks.*
  • automl.locations.get
  • automl.locations.list
  • automl.modelEvaluations.*
  • automl.models.create
  • automl.models.delete
  • automl.models.deploy
  • automl.models.export
  • automl.models.get
  • automl.models.list
  • automl.models.predict
  • automl.models.undeploy
  • automl.operations.*
  • automl.tableSpecs.*
  • resourcemanager.projects.get
  • resourcemanager.projects.list
  • serviceusage.services.list

AutoML 예측자 베타
(roles/automl.predictor)

모델을 사용하여 예측

이 역할을 부여할 수 있는 최하위 수준 리소스:

  • 모델
  • automl.models.predict
  • resourcemanager.projects.get
  • resourcemanager.projects.list

AutoML 뷰어 베타
(roles/automl.viewer)

모든 AutoML 리소스의 뷰어입니다.

이 역할을 부여할 수 있는 최하위 수준 리소스:

  • 데이터 세트
  • 모델
  • automl.annotationSpecs.get
  • automl.annotationSpecs.list
  • automl.annotations.list
  • automl.columnSpecs.get
  • automl.columnSpecs.list
  • automl.datasets.get
  • automl.datasets.list
  • automl.examples.get
  • automl.examples.list
  • automl.files.list
  • automl.humanAnnotationTasks.get
  • automl.humanAnnotationTasks.list
  • automl.locations.get
  • automl.locations.list
  • automl.modelEvaluations.get
  • automl.modelEvaluations.list
  • automl.models.get
  • automl.models.list
  • automl.operations.get
  • automl.operations.list
  • automl.tableSpecs.get
  • automl.tableSpecs.list
  • resourcemanager.projects.get
  • resourcemanager.projects.list
  • serviceusage.services.list

백업 및 DR 역할

Role Permissions

(roles/backupdr.admin)

Full control of Backup and DR resources including ACL configuration via the management console.

Contains 1 owner permission

backupdr.*

  • backupdr.locations.get
  • backupdr.locations.list
  • backupdr.managementServers.backupAccess
  • backupdr.managementServers.create
  • backupdr.managementServers.delete
  • backupdr.managementServers.get
  • backupdr.managementServers.getIamPolicy
  • backupdr.managementServers.list
  • backupdr.managementServers.manageInternalACL
  • backupdr.managementServers.setIamPolicy
  • backupdr.operations.cancel
  • backupdr.operations.delete
  • backupdr.operations.get
  • backupdr.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/backupdr.user)

Provides access to management console. Granular Backup and DR permissions depend on ACL configuration provided by Backup and DR admin within the management console.

backupdr.managementServers.backupAccess

backupdr.managementServers.get

backupdr.managementServers.getIamPolicy

backupdr.managementServers.list

backupdr.operations.get

backupdr.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/backupdr.viewer)

Read-only access to Backup and DR resources.

backupdr.locations.*

  • backupdr.locations.get
  • backupdr.locations.list

backupdr.managementServers.get

backupdr.managementServers.getIamPolicy

backupdr.managementServers.list

backupdr.operations.get

backupdr.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Backup for GKE 역할

역할 권한

Backup for GKE 관리자 베타
(roles/gkebackup.admin)

모든 Backup for GKE 리소스에 대한 전체 액세스 권한입니다.

  • gkebackup.*
  • resourcemanager.projects.get
  • resourcemanager.projects.list

Backup for GKE 관리자 베타
(roles/gkebackup.backupAdmin)

관리자가 모든 BackupPlan 및 Backup 리소스를 관리할 수 있습니다.

  • gkebackup.backupPlans.*
  • gkebackup.backups.*
  • gkebackup.locations.*
  • gkebackup.operations.get
  • gkebackup.operations.list
  • gkebackup.volumeBackups.*
  • resourcemanager.projects.get
  • resourcemanager.projects.list

Backup for GKE 위임 백업 관리자 베타
(roles/gkebackup.delegatedBackupAdmin)

관리자가 특정 BackupPlan의 Backup 리소스를 관리할 수 있습니다.

  • gkebackup.backupPlans.get
  • gkebackup.backups.*
  • gkebackup.volumeBackups.*

Backup for GKE 위임 복원 관리자 베타
(roles/gkebackup.delegatedRestoreAdmin)

관리자가 특정 RestorePlan의 Restore 리소스를 관리할 수 있습니다.

  • gkebackup.restorePlans.get
  • gkebackup.restores.*
  • gkebackup.volumeRestores.*

Backup for GKE 복원 관리자 베타
(roles/gkebackup.restoreAdmin)

관리자가 모든 RestorePlan 및 Restore 리소스를 관리할 수 있습니다.

  • gkebackup.backupPlans.get
  • gkebackup.backupPlans.list
  • gkebackup.backups.get
  • gkebackup.backups.list
  • gkebackup.locations.*
  • gkebackup.operations.get
  • gkebackup.operations.list
  • gkebackup.restorePlans.*
  • gkebackup.restores.*
  • gkebackup.volumeBackups.*
  • gkebackup.volumeRestores.*
  • resourcemanager.projects.get
  • resourcemanager.projects.list

Backup for GKE 뷰어 베타
(roles/gkebackup.viewer)

모든 Backup for GKE 리소스에 대한 읽기 전용 액세스 권한입니다.

  • gkebackup.backupPlans.get
  • gkebackup.backupPlans.getIamPolicy
  • gkebackup.backupPlans.list
  • gkebackup.backups.get
  • gkebackup.backups.list
  • gkebackup.locations.*
  • gkebackup.operations.get
  • gkebackup.operations.list
  • gkebackup.restorePlans.get
  • gkebackup.restorePlans.getIamPolicy
  • gkebackup.restorePlans.list
  • gkebackup.restores.get
  • gkebackup.restores.list
  • gkebackup.volumeBackups.*
  • gkebackup.volumeRestores.*
  • resourcemanager.projects.get
  • resourcemanager.projects.list

BeyondCorp 역할

역할 권한

(roles/beyondcorp.admin)

모든 Cloud BeyondCorp 리소스에 대한 전체 액세스 권한입니다.

5개 소유자 권한 포함

beyondcorp.appConnections.*

  • beyondcorp.appConnections.create
  • beyondcorp.appConnections.delete
  • beyondcorp.appConnections.get
  • beyondcorp.appConnections.getIamPolicy
  • beyondcorp.appConnections.list
  • beyondcorp.appConnections.setIamPolicy
  • beyondcorp.appConnections.update

beyondcorp.appConnectors.*

  • beyondcorp.appConnectors.create
  • beyondcorp.appConnectors.delete
  • beyondcorp.appConnectors.get
  • beyondcorp.appConnectors.getIamPolicy
  • beyondcorp.appConnectors.list
  • beyondcorp.appConnectors.reportStatus
  • beyondcorp.appConnectors.setIamPolicy
  • beyondcorp.appConnectors.update

beyondcorp.appGateways.*

  • beyondcorp.appGateways.create
  • beyondcorp.appGateways.delete
  • beyondcorp.appGateways.get
  • beyondcorp.appGateways.getIamPolicy
  • beyondcorp.appGateways.list
  • beyondcorp.appGateways.setIamPolicy
  • beyondcorp.appGateways.update

beyondcorp.clientConnectorServices.create

beyondcorp.clientConnectorServices.delete

beyondcorp.clientConnectorServices.get

beyondcorp.clientConnectorServices.getIamPolicy

beyondcorp.clientConnectorServices.list

beyondcorp.clientConnectorServices.setIamPolicy

beyondcorp.clientConnectorServices.update

beyondcorp.clientGateways.*

  • beyondcorp.clientGateways.create
  • beyondcorp.clientGateways.delete
  • beyondcorp.clientGateways.get
  • beyondcorp.clientGateways.getIamPolicy
  • beyondcorp.clientGateways.list
  • beyondcorp.clientGateways.setIamPolicy

beyondcorp.locations.*

  • beyondcorp.locations.get
  • beyondcorp.locations.list

beyondcorp.operations.*

  • beyondcorp.operations.cancel
  • beyondcorp.operations.delete
  • beyondcorp.operations.get
  • beyondcorp.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/beyondcorp.clientConnectorAdmin)

모든 BeyondCorp 클라이언트 커넥터 리소스에 대한 전체 액세스 권한입니다.

2개 소유자 권한 포함

beyondcorp.clientConnectorServices.create

beyondcorp.clientConnectorServices.delete

beyondcorp.clientConnectorServices.get

beyondcorp.clientConnectorServices.getIamPolicy

beyondcorp.clientConnectorServices.list

beyondcorp.clientConnectorServices.setIamPolicy

beyondcorp.clientConnectorServices.update

beyondcorp.clientGateways.*

  • beyondcorp.clientGateways.create
  • beyondcorp.clientGateways.delete
  • beyondcorp.clientGateways.get
  • beyondcorp.clientGateways.getIamPolicy
  • beyondcorp.clientGateways.list
  • beyondcorp.clientGateways.setIamPolicy

resourcemanager.projects.get

resourcemanager.projects.list

(roles/beyondcorp.clientConnectorServiceUser)

클라이언트 커넥터 서비스에 액세스합니다.

1개 소유자 권한 포함

beyondcorp.clientConnectorServices.access

(roles/beyondcorp.clientConnectorViewer)

모든 BeyondCorp 클라이언트 커넥터 리소스에 대한 읽기 전용 액세스 권한입니다.

beyondcorp.clientConnectorServices.get

beyondcorp.clientConnectorServices.getIamPolicy

beyondcorp.clientConnectorServices.list

beyondcorp.clientGateways.get

beyondcorp.clientGateways.getIamPolicy

beyondcorp.clientGateways.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/beyondcorp.viewer)

모든 Cloud BeyondCorp 리소스에 대한 읽기 전용 액세스 권한입니다.

beyondcorp.appConnections.get

beyondcorp.appConnections.getIamPolicy

beyondcorp.appConnections.list

beyondcorp.appConnectors.get

beyondcorp.appConnectors.getIamPolicy

beyondcorp.appConnectors.list

beyondcorp.appGateways.get

beyondcorp.appGateways.getIamPolicy

beyondcorp.appGateways.list

beyondcorp.clientConnectorServices.get

beyondcorp.clientConnectorServices.getIamPolicy

beyondcorp.clientConnectorServices.list

beyondcorp.clientGateways.get

beyondcorp.clientGateways.getIamPolicy

beyondcorp.clientGateways.list

beyondcorp.locations.*

  • beyondcorp.locations.get
  • beyondcorp.locations.list

beyondcorp.operations.get

beyondcorp.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

BigQuery 역할

역할 권한

(roles/bigquery.admin)

프로젝트 내에서 모든 리소스를 관리할 권한을 제공합니다. 프로젝트 내에서 모든 데이터를 관리하고 실행 중인 다른 사용자의 작업을 취소할 수 있습니다.

이 역할을 부여할 수 있는 최하위 수준 리소스:

  • 데이터 세트
  • 행 액세스 정책
  • 테이블

18개 소유자 권한 포함

bigquery.bireservations.*

  • bigquery.bireservations.get
  • bigquery.bireservations.update

bigquery.capacityCommitments.*

  • bigquery.capacityCommitments.create
  • bigquery.capacityCommitments.delete
  • bigquery.capacityCommitments.get
  • bigquery.capacityCommitments.list
  • bigquery.capacityCommitments.update

bigquery.config.*

  • bigquery.config.get
  • bigquery.config.update

bigquery.connections.*

  • bigquery.connections.create
  • bigquery.connections.delegate
  • bigquery.connections.delete
  • bigquery.connections.get
  • bigquery.connections.getIamPolicy
  • bigquery.connections.list
  • bigquery.connections.setIamPolicy
  • bigquery.connections.update
  • bigquery.connections.updateTag
  • bigquery.connections.use

bigquery.dataPolicies.create

bigquery.dataPolicies.delete

bigquery.dataPolicies.get

bigquery.dataPolicies.getIamPolicy

bigquery.dataPolicies.list

bigquery.dataPolicies.setIamPolicy

bigquery.dataPolicies.update

bigquery.datasets.*

  • bigquery.datasets.create
  • bigquery.datasets.createTagBinding
  • bigquery.datasets.delete
  • bigquery.datasets.deleteTagBinding
  • bigquery.datasets.get
  • bigquery.datasets.getIamPolicy
  • bigquery.datasets.link
  • bigquery.datasets.listTagBindings
  • bigquery.datasets.setIamPolicy
  • bigquery.datasets.update
  • bigquery.datasets.updateTag

bigquery.jobs.*

  • bigquery.jobs.create
  • bigquery.jobs.delete
  • bigquery.jobs.get
  • bigquery.jobs.list
  • bigquery.jobs.listAll
  • bigquery.jobs.listExecutionMetadata
  • bigquery.jobs.update

bigquery.models.*

  • bigquery.models.create
  • bigquery.models.delete
  • bigquery.models.export
  • bigquery.models.getData
  • bigquery.models.getMetadata
  • bigquery.models.list
  • bigquery.models.updateData
  • bigquery.models.updateMetadata
  • bigquery.models.updateTag

bigquery.readsessions.*

  • bigquery.readsessions.create
  • bigquery.readsessions.getData
  • bigquery.readsessions.update

bigquery.reservationAssignments.*

  • bigquery.reservationAssignments.create
  • bigquery.reservationAssignments.delete
  • bigquery.reservationAssignments.list
  • bigquery.reservationAssignments.search

bigquery.reservations.*

  • bigquery.reservations.create
  • bigquery.reservations.delete
  • bigquery.reservations.get
  • bigquery.reservations.list
  • bigquery.reservations.update

bigquery.routines.*

  • bigquery.routines.create
  • bigquery.routines.delete
  • bigquery.routines.get
  • bigquery.routines.list
  • bigquery.routines.update
  • bigquery.routines.updateTag

bigquery.rowAccessPolicies.create

bigquery.rowAccessPolicies.delete

bigquery.rowAccessPolicies.getIamPolicy

bigquery.rowAccessPolicies.list

bigquery.rowAccessPolicies.overrideTimeTravelRestrictions

bigquery.rowAccessPolicies.setIamPolicy

bigquery.rowAccessPolicies.update

bigquery.savedqueries.*

  • bigquery.savedqueries.create
  • bigquery.savedqueries.delete
  • bigquery.savedqueries.get
  • bigquery.savedqueries.list
  • bigquery.savedqueries.update

bigquery.tables.*

  • bigquery.tables.create
  • bigquery.tables.createIndex
  • bigquery.tables.createSnapshot
  • bigquery.tables.delete
  • bigquery.tables.deleteIndex
  • bigquery.tables.deleteSnapshot
  • bigquery.tables.export
  • bigquery.tables.get
  • bigquery.tables.getData
  • bigquery.tables.getIamPolicy
  • bigquery.tables.list
  • bigquery.tables.restoreSnapshot
  • bigquery.tables.setCategory
  • bigquery.tables.setIamPolicy
  • bigquery.tables.update
  • bigquery.tables.updateData
  • bigquery.tables.updateTag

bigquery.transfers.*

  • bigquery.transfers.get
  • bigquery.transfers.update

bigquerymigration.translation.translate

resourcemanager.projects.get

resourcemanager.projects.list

(roles/bigquery.connectionAdmin)

2개 소유자 권한 포함

bigquery.connections.*

  • bigquery.connections.create
  • bigquery.connections.delegate
  • bigquery.connections.delete
  • bigquery.connections.get
  • bigquery.connections.getIamPolicy
  • bigquery.connections.list
  • bigquery.connections.setIamPolicy
  • bigquery.connections.update
  • bigquery.connections.updateTag
  • bigquery.connections.use

(roles/bigquery.connectionUser)

bigquery.connections.get

bigquery.connections.getIamPolicy

bigquery.connections.list

bigquery.connections.use

(roles/bigquery.dataEditor)

테이블 또는 뷰에 적용하면 이 역할은 다음과 같은 권한을 제공합니다.

  • 테이블 또는 뷰의 데이터와 메타데이터를 읽고 업데이트하는 권한
  • 테이블 또는 뷰를 삭제하는 권한

이 역할은 개별 모델 또는 루틴에 적용할 수 없습니다.

데이터 세트에 적용하면 이 역할은 다음과 같은 권한을 제공합니다.

  • 데이터 세트의 메타데이터를 읽고 데이터 세트의 테이블을 열거하는 권한
  • 데이터 세트의 테이블을 만들기, 업데이트, 가져오기, 삭제하는 권한

프로젝트 또는 조직 수준에서 적용하면 이 역할은 새로운 데이터 세트를 만들 수도 있습니다.

이 역할을 부여할 수 있는 최하위 수준 리소스:

  • 테이블

bigquery.config.get

bigquery.datasets.create

bigquery.datasets.get

bigquery.datasets.getIamPolicy

bigquery.datasets.updateTag

bigquery.models.*

  • bigquery.models.create
  • bigquery.models.delete
  • bigquery.models.export
  • bigquery.models.getData
  • bigquery.models.getMetadata
  • bigquery.models.list
  • bigquery.models.updateData
  • bigquery.models.updateMetadata
  • bigquery.models.updateTag

bigquery.routines.*

  • bigquery.routines.create
  • bigquery.routines.delete
  • bigquery.routines.get
  • bigquery.routines.list
  • bigquery.routines.update
  • bigquery.routines.updateTag

bigquery.tables.create

bigquery.tables.createIndex

bigquery.tables.createSnapshot

bigquery.tables.delete

bigquery.tables.deleteIndex

bigquery.tables.export

bigquery.tables.get

bigquery.tables.getData

bigquery.tables.getIamPolicy

bigquery.tables.list