透過集合功能整理內容
你可以依據偏好儲存及分類內容。
使用 IAM 控管存取權
Identity Platform 提供 Admin API,可管理使用者和驗證權杖。為防止透過這些 API 未經授權存取使用者和權杖,Identity Platform 會運用 IAM 管理特定 Identity Platform API 的權限。
如要瞭解如何指派身分與存取權管理角色給使用者或服務帳戶,請參閱身分與存取權管理說明文件中的「管理政策」一節。
API 權限
下表列出呼叫者呼叫 Identity Platform API 中的各個方法時所需的權限:
| 服務 |
方法 |
所需權限 |
| google.cloud.identitytoolkit.v1.AccountManagementService |
GetOobCode |
firebaseauth.users.sendEmail |
| SetAccountInfo |
firebaseauth.users.update |
| UploadAccount |
firebaseauth.users.create |
| DeleteAccount |
firebaseauth.users.delete |
| DownloadAccount |
firebaseauth.users.get |
| GetAccountInfo |
firebaseauth.users.get |
| QueryUserInfo |
firebaseauth.users.get |
| google.cloud.identitytoolkit.v1.AuthenticationService |
SignUp |
firebaseauth.users.create |
| google.cloud.identitytoolkit.v1.ProjectConfigService |
GetProjectConfig |
firebaseauth.configs.get |
| SetProjectConfig |
firebaseauth.configs.update |
| google.cloud.identitytoolkit.v1.SessionManagementService |
CreateSessionCookie |
firebaseauth.users.createSession |
| google.cloud.identitytoolkit.v2.ProjectConfigService |
CreateConfig |
firebaseauth.configs.create |
| CreateDefaultSupportedIdpConfig |
firebaseauth.configs.update |
| firebaseauth.configs.getSecret |
| CreateInboundSamlConfig |
firebaseauth.configs.update |
| CreateOAuthIdpConfig |
firebaseauth.configs.update |
| firebaseauth.configs.getSecret |
| CreateOutboundSamlConfig |
firebaseauth.configs.update |
| DeleteDefaultSupportedIdpConfig |
firebaseauth.configs.update |
| DeleteInboundSamlConfig |
firebaseauth.configs.update |
| DeleteOAuthIdpConfig |
firebaseauth.configs.update |
| DeleteOutboundSamlConfig |
firebaseauth.configs.update |
| EnableCicp |
firebaseauth.configs.create |
| GetConfig |
firebaseauth.configs.get |
| GetDefaultSupportedIdpConfig |
firebaseauth.configs.get |
| firebaseauth.configs.getSecret |
| GetInboundSamlConfig |
firebaseauth.configs.get |
| GetOAuthIdpConfig |
firebaseauth.configs.get |
| firebaseauth.configs.getSecret |
| GetOutboundSamlConfig |
firebaseauth.configs.get |
| HashConfig |
firebaseauth.configs.getHashConfig |
| ListDefaultSupportedIdpConfigs |
firebaseauth.configs.get |
| firebaseauth.configs.getSecret |
| ListInboundSamlConfigs |
firebaseauth.configs.get |
| ListOAuthIdpConfigs |
firebaseauth.configs.get |
| firebaseauth.configs.getSecret |
| ListOutboundSamlConfigs |
firebaseauth.configs.get |
| UpdateConfig |
firebaseauth.configs.update |
| UpdateDefaultSupportedIdpConfig |
firebaseauth.configs.update |
| firebaseauth.configs.getSecret |
| UpdateInboundSamlConfig |
firebaseauth.configs.update |
| UpdateOAuthIdpConfig |
firebaseauth.configs.update |
| firebaseauth.configs.getSecret |
| UpdateOutboundSamlConfig |
firebaseauth.configs.update |
| VerifyDomain |
firebaseauth.configs.update |
| SetIamPolicy |
identitytoolkit.tenants.setIamPolicy |
| GetIamPolicy |
identitytoolkit.tenants.getIamPolicy |
| google.cloud.identitytoolkit.v2.TenantManagementService |
CreateTenant |
identitytoolkit.tenants.create |
| DeleteTenant |
identitytoolkit.tenants.delete |
| GetTenant |
identitytoolkit.tenants.get |
| ListTenants |
identitytoolkit.tenants.list |
| UpdateTenant |
identitytoolkit.tenants.update |
除非另有註明,否則本頁面中的內容是採用創用 CC 姓名標示 4.0 授權,程式碼範例則為阿帕契 2.0 授權。詳情請參閱《Google Developers 網站政策》。Java 是 Oracle 和/或其關聯企業的註冊商標。
上次更新時間:2025-09-09 (世界標準時間)。
[[["容易理解","easyToUnderstand","thumb-up"],["確實解決了我的問題","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["難以理解","hardToUnderstand","thumb-down"],["資訊或程式碼範例有誤","incorrectInformationOrSampleCode","thumb-down"],["缺少我需要的資訊/範例","missingTheInformationSamplesINeed","thumb-down"],["翻譯問題","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["上次更新時間:2025-09-09 (世界標準時間)。"],[[["\u003cp\u003eIdentity Platform uses IAM to manage permissions for its Admin APIs, ensuring secure access to user data and authentication tokens.\u003c/p\u003e\n"],["\u003cp\u003eSpecific IAM permissions are required to execute different methods within the Identity Platform API, such as creating, updating, deleting, or retrieving user accounts and configurations.\u003c/p\u003e\n"],["\u003cp\u003eDifferent methods require different permissions, such as \u003ccode\u003efirebaseauth.users.create\u003c/code\u003e for creating a user or \u003ccode\u003efirebaseauth.configs.get\u003c/code\u003e for retrieving project configurations.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003efirebaseauth.configs.getSecret\u003c/code\u003e permission is only necessary when dealing with client secret based information and that API calls may succeed without it.\u003c/p\u003e\n"],["\u003cp\u003eThere are various methods for tenant management, requiring permissions like \u003ccode\u003eidentitytoolkit.tenants.create\u003c/code\u003e to create tenants or \u003ccode\u003eidentitytoolkit.tenants.getIamPolicy\u003c/code\u003e to get tenant IAM policy.\u003c/p\u003e\n"]]],[],null,["Access control with IAM\n\nIdentity Platform provides Admin APIs to manage your users and authentication\ntokens.\nTo prevent unwanted access to your users and tokens through these APIs,\nIdentity Platform leverages IAM\nto manage permission to specific Identity Platform APIs.\n\nTo learn how to assign IAM roles to a user or service account,\nsee [Managing Policies](/iam/docs/managing-policies) in the IAM\ndocumentation.\n\nAPI permissions\n\nThe following table lists the permissions that the caller must have to call each\nmethod in the Identity Platform API:\n| **Note:** firebaseauth.configs.getSecret is only required when dealing with client secret based information. API calls can succeed without this permission.\n\n\u003cbr /\u003e\n\n| Service | Method | Required Permission(s) |\n|----------------------------------------------------------|---------------------------------|--------------------------------------|\n| google.cloud.identitytoolkit.v1.AccountManagementService | GetOobCode | firebaseauth.users.sendEmail |\n| google.cloud.identitytoolkit.v1.AccountManagementService | SetAccountInfo | firebaseauth.users.update |\n| google.cloud.identitytoolkit.v1.AccountManagementService | UploadAccount | firebaseauth.users.create |\n| google.cloud.identitytoolkit.v1.AccountManagementService | DeleteAccount | firebaseauth.users.delete |\n| google.cloud.identitytoolkit.v1.AccountManagementService | DownloadAccount | firebaseauth.users.get |\n| google.cloud.identitytoolkit.v1.AccountManagementService | GetAccountInfo | firebaseauth.users.get |\n| google.cloud.identitytoolkit.v1.AccountManagementService | QueryUserInfo | firebaseauth.users.get |\n| google.cloud.identitytoolkit.v1.AuthenticationService | SignUp | firebaseauth.users.create |\n| google.cloud.identitytoolkit.v1.ProjectConfigService | GetProjectConfig | firebaseauth.configs.get |\n| google.cloud.identitytoolkit.v1.ProjectConfigService | SetProjectConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v1.SessionManagementService | CreateSessionCookie | firebaseauth.users.createSession |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | CreateConfig | firebaseauth.configs.create |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | CreateDefaultSupportedIdpConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | CreateDefaultSupportedIdpConfig | firebaseauth.configs.getSecret |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | CreateInboundSamlConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | CreateOAuthIdpConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | CreateOAuthIdpConfig | firebaseauth.configs.getSecret |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | CreateOutboundSamlConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | DeleteDefaultSupportedIdpConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | DeleteInboundSamlConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | DeleteOAuthIdpConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | DeleteOutboundSamlConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | EnableCicp | firebaseauth.configs.create |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | GetConfig | firebaseauth.configs.get |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | GetDefaultSupportedIdpConfig | firebaseauth.configs.get |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | GetDefaultSupportedIdpConfig | firebaseauth.configs.getSecret |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | GetInboundSamlConfig | firebaseauth.configs.get |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | GetOAuthIdpConfig | firebaseauth.configs.get |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | GetOAuthIdpConfig | firebaseauth.configs.getSecret |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | GetOutboundSamlConfig | firebaseauth.configs.get |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | HashConfig | firebaseauth.configs.getHashConfig |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | ListDefaultSupportedIdpConfigs | firebaseauth.configs.get |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | ListDefaultSupportedIdpConfigs | firebaseauth.configs.getSecret |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | ListInboundSamlConfigs | firebaseauth.configs.get |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | ListOAuthIdpConfigs | firebaseauth.configs.get |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | ListOAuthIdpConfigs | firebaseauth.configs.getSecret |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | ListOutboundSamlConfigs | firebaseauth.configs.get |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | UpdateConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | UpdateDefaultSupportedIdpConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | UpdateDefaultSupportedIdpConfig | firebaseauth.configs.getSecret |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | UpdateInboundSamlConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | UpdateOAuthIdpConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | UpdateOAuthIdpConfig | firebaseauth.configs.getSecret |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | UpdateOutboundSamlConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | VerifyDomain | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | SetIamPolicy | identitytoolkit.tenants.setIamPolicy |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | GetIamPolicy | identitytoolkit.tenants.getIamPolicy |\n| google.cloud.identitytoolkit.v2.TenantManagementService | CreateTenant | identitytoolkit.tenants.create |\n| google.cloud.identitytoolkit.v2.TenantManagementService | DeleteTenant | identitytoolkit.tenants.delete |\n| google.cloud.identitytoolkit.v2.TenantManagementService | GetTenant | identitytoolkit.tenants.get |\n| google.cloud.identitytoolkit.v2.TenantManagementService | ListTenants | identitytoolkit.tenants.list |\n| google.cloud.identitytoolkit.v2.TenantManagementService | UpdateTenant | identitytoolkit.tenants.update |"]]
