Questa pagina è stata tradotta dall'API Cloud Translation.

Controllo dell'accesso con IAM

In questa pagina vengono descritti i ruoli e le autorizzazioni di Identity and Access Management (IAM) di cui hai bisogno per acquistare e gestire i prodotti commerciali su Cloud Marketplace.

Con IAM puoi gestire il controllo dell'accesso definendo who (identità) ha un tipo di accesso (ruolo) per quale risorsa. Per le app commerciali su Cloud Marketplace, gli utenti della tua organizzazione Google Cloud richiedono ruoli IAM per registrarsi ai piani Cloud Marketplace e apportare modifiche ai piani di fatturazione.

Prima di iniziare

Per concedere ruoli e autorizzazioni di Cloud Marketplace utilizzando gcloud, installa con gcloud CLI. Altrimenti, puoi concedere ruoli utilizzando la console Google Cloud.

Ruoli IAM per l'acquisto e la gestione dei prodotti

Ti consigliamo di assegnare l'amministratore di fatturazione (roles/billing.admin) ruolo IAM per gli utenti che acquistano servizi da Google Cloud Marketplace.

Gli utenti che vogliono accedere ai servizi devono avere il visualizzatore progetto (roles/viewer) almeno un ruolo.

Se hai bisogno di un controllo più granulare sui autorizzazioni, puoi creare ruoli personalizzati autorizzazioni che vuoi concedere.

Elenco di ruoli e autorizzazioni IAM

Puoi concedere agli utenti uno o più dei seguenti ruoli IAM. A seconda del ruolo che concedi agli utenti, devi assegnare anche il ruolo a un account di fatturazione, un'organizzazione o un progetto Google Cloud. Per maggiori dettagli, consulta la sezione Concessione di ruoli IAM agli utenti.

Role Permissions

Role	Permissions
Commerce Business Enablement Configuration Admin ^Beta (`roles/commercebusinessenablement.admin`) Admin of Various Provider Configuration resources	`commercebusinessenablement.leadgenConfig.` `commercebusinessenablement.leadgenConfig.get` `commercebusinessenablement.leadgenConfig.update` `commercebusinessenablement.partnerAccounts.` `commercebusinessenablement.partnerAccounts.get` `commercebusinessenablement.partnerAccounts.list` `commercebusinessenablement.partnerInfo.get` `commercebusinessenablement.resellerConfig.` `commercebusinessenablement.resellerConfig.get` `commercebusinessenablement.resellerConfig.update` `commercebusinessenablement.resellerRestrictions.` `commercebusinessenablement.resellerRestrictions.list` `commercebusinessenablement.resellerRestrictions.update` `resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Commerce Business Enablement PaymentConfig Admin ^Beta (`roles/commercebusinessenablement.paymentConfigAdmin`) Administration of Payment Configuration resource	`commercebusinessenablement.partnerInfo.get` `commercebusinessenablement.paymentConfig.*` `commercebusinessenablement.paymentConfig.get` `commercebusinessenablement.paymentConfig.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Commerce Business Enablement PaymentConfig Viewer ^Beta (`roles/commercebusinessenablement.paymentConfigViewer`) Viewer of Payment Configuration resource	`commercebusinessenablement.partnerInfo.get` `commercebusinessenablement.paymentConfig.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Commerce Business Enablement Rebates Admin ^Beta (`roles/commercebusinessenablement.rebatesAdmin`) Provides admin access to rebates	`commercebusinessenablement.operations.` `commercebusinessenablement.operations.cancel` `commercebusinessenablement.operations.delete` `commercebusinessenablement.operations.get` `commercebusinessenablement.operations.list` `commercebusinessenablement.partnerInfo.get` `commercebusinessenablement.refunds.` `commercebusinessenablement.refunds.cancel` `commercebusinessenablement.refunds.create` `commercebusinessenablement.refunds.delete` `commercebusinessenablement.refunds.get` `commercebusinessenablement.refunds.list` `commercebusinessenablement.refunds.start` `commercebusinessenablement.refunds.update`
Commerce Business Enablement Rebates Viewer ^Beta (`roles/commercebusinessenablement.rebatesViewer`) Provides read-only access to rebates	`commercebusinessenablement.operations.get` `commercebusinessenablement.operations.list` `commercebusinessenablement.partnerInfo.get` `commercebusinessenablement.refunds.get` `commercebusinessenablement.refunds.list`
Commerce Business Enablement Reseller Discount Admin ^Beta (`roles/commercebusinessenablement.resellerDiscountAdmin`) Provides admin access to reseller discount offers	`commercebusinessenablement.partnerAccounts.` `commercebusinessenablement.partnerAccounts.get` `commercebusinessenablement.partnerAccounts.list` `commercebusinessenablement.partnerInfo.get` `commercebusinessenablement.resellerConfig.get` `commercebusinessenablement.resellerDiscountConfig.get` `commercebusinessenablement.resellerDiscountOffers.` `commercebusinessenablement.resellerDiscountOffers.cancel` `commercebusinessenablement.resellerDiscountOffers.create` `commercebusinessenablement.resellerDiscountOffers.list` `commercebusinessenablement.resellerPrivateOfferPlans.*` `commercebusinessenablement.resellerPrivateOfferPlans.cancel` `commercebusinessenablement.resellerPrivateOfferPlans.create` `commercebusinessenablement.resellerPrivateOfferPlans.delete` `commercebusinessenablement.resellerPrivateOfferPlans.get` `commercebusinessenablement.resellerPrivateOfferPlans.list` `commercebusinessenablement.resellerPrivateOfferPlans.publish` `commercebusinessenablement.resellerPrivateOfferPlans.update` `resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Commerce Business Enablement Reseller Discount Viewer ^Beta (`roles/commercebusinessenablement.resellerDiscountViewer`) Provides read-only access to reseller discount offers	`commercebusinessenablement.partnerAccounts.*` `commercebusinessenablement.partnerAccounts.get` `commercebusinessenablement.partnerAccounts.list` `commercebusinessenablement.partnerInfo.get` `commercebusinessenablement.resellerConfig.get` `commercebusinessenablement.resellerDiscountConfig.get` `commercebusinessenablement.resellerDiscountOffers.list` `commercebusinessenablement.resellerPrivateOfferPlans.get` `commercebusinessenablement.resellerPrivateOfferPlans.list` `resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Commerce Business Enablement Configuration Viewer ^Beta (`roles/commercebusinessenablement.viewer`) Viewer of Various Provider Configuration resource	`commercebusinessenablement.leadgenConfig.get` `commercebusinessenablement.partnerAccounts.*` `commercebusinessenablement.partnerAccounts.get` `commercebusinessenablement.partnerAccounts.list` `commercebusinessenablement.partnerInfo.get` `commercebusinessenablement.resellerConfig.get` `commercebusinessenablement.resellerRestrictions.list` `resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Commerce Offer Catalog Offers Viewer ^Beta (`roles/commerceoffercatalog.offersViewer`) Allows viewing offers	`commerceoffercatalog.*` `commerceoffercatalog.agreements.get` `commerceoffercatalog.agreements.list` `commerceoffercatalog.documents.get` `commerceoffercatalog.documents.list` `commerceoffercatalog.offers.get`
Commerce Organization Governance Admin ^Beta (`roles/commerceorggovernance.admin`) Full access to Organization Governance APIs	`commerceorggovernance.*` `commerceorggovernance.collectionRequestApprovals.list` `commerceorggovernance.collectionRequestApprovals.review` `commerceorggovernance.collections.create` `commerceorggovernance.collections.delete` `commerceorggovernance.collections.get` `commerceorggovernance.collections.list` `commerceorggovernance.collections.update` `commerceorggovernance.consumerSharingPolicies.get` `commerceorggovernance.consumerSharingPolicies.update` `commerceorggovernance.organizationSettings.get` `commerceorggovernance.organizationSettings.update` `commerceorggovernance.populateCollectionJobs.create` `commerceorggovernance.populateCollectionJobs.list` `commerceorggovernance.populateCollectionJobs.run` `commerceorggovernance.populateCollectionJobs.update` `commerceorggovernance.services.get` `commerceorggovernance.services.list` `commerceorggovernance.services.request` `resourcemanager.projects.get` `resourcemanager.projects.list`
Governed Marketplace User ^Beta (`roles/commerceorggovernance.user`) Full access to Governed Marketplace features.	`commerceorggovernance.services.*` `commerceorggovernance.services.get` `commerceorggovernance.services.list` `commerceorggovernance.services.request` `resourcemanager.projects.get` `resourcemanager.projects.list`
Commerce Organization Governance Viewer ^Beta (`roles/commerceorggovernance.viewer`) Full access to Organization Governance read-only APIs.	`commerceorggovernance.collections.get` `commerceorggovernance.collections.list` `commerceorggovernance.consumerSharingPolicies.get` `commerceorggovernance.organizationSettings.get` `commerceorggovernance.populateCollectionJobs.list` `commerceorggovernance.services.get` `commerceorggovernance.services.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Commerce Price Management Events Viewer ^Beta (`roles/commercepricemanagement.eventsViewer`) Allows viewing key events for an offer	`commerceprice.events.*` `commerceprice.events.get` `commerceprice.events.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Commerce Price Management Private Offers Admin ^Beta (`roles/commercepricemanagement.privateOffersAdmin`) Allows managing private offers	`commerceagreementpublishing.` `commerceagreementpublishing.agreements.create` `commerceagreementpublishing.agreements.delete` `commerceagreementpublishing.agreements.get` `commerceagreementpublishing.agreements.list` `commerceagreementpublishing.agreements.update` `commerceagreementpublishing.documents.create` `commerceagreementpublishing.documents.delete` `commerceagreementpublishing.documents.get` `commerceagreementpublishing.documents.list` `commerceagreementpublishing.documents.update` `commerceprice.` `commerceprice.events.get` `commerceprice.events.list` `commerceprice.privateoffers.cancel` `commerceprice.privateoffers.create` `commerceprice.privateoffers.delete` `commerceprice.privateoffers.get` `commerceprice.privateoffers.list` `commerceprice.privateoffers.publish` `commerceprice.privateoffers.sendEmail` `commerceprice.privateoffers.update` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.services.get` `serviceusage.services.list`
Commerce Price Management Viewer ^Beta (`roles/commercepricemanagement.viewer`) Allows viewing offers, free trials, skus	`commerceagreementpublishing.agreements.get` `commerceagreementpublishing.agreements.list` `commerceagreementpublishing.documents.get` `commerceagreementpublishing.documents.list` `commerceprice.privateoffers.get` `commerceprice.privateoffers.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.services.get` `serviceusage.services.list`
Commerce Producer Admin ^Beta (`roles/commerceproducer.admin`) Grants full access to all resources in Cloud Commerce Producer API.	`commercebusinessenablement.partnerInfo.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Commerce Producer Viewer ^Beta (`roles/commerceproducer.viewer`) Grants read access to all resources in Cloud Commerce Producer API.	`commercebusinessenablement.partnerInfo.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Consumer Procurement Entitlement Manager (`roles/consumerprocurement.entitlementManager`) Allows managing entitlements and enabling, disabling, and inspecting service states for a consumer project.	`commerceoffercatalog.offers.get` `consumerprocurement.consents.check` `consumerprocurement.consents.grant` `consumerprocurement.consents.list` `consumerprocurement.consents.revoke` `consumerprocurement.entitlements.` `consumerprocurement.entitlements.get` `consumerprocurement.entitlements.list` `consumerprocurement.freeTrials.` `consumerprocurement.freeTrials.create` `consumerprocurement.freeTrials.get` `consumerprocurement.freeTrials.list` `orgpolicy.policy.get` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.services.disable` `serviceusage.services.enable` `serviceusage.services.get` `serviceusage.services.list`
Consumer Procurement Entitlement Viewer (`roles/consumerprocurement.entitlementViewer`) Allows inspecting entitlements and service states for a consumer project.	`commerceoffercatalog.offers.get` `consumerprocurement.consents.check` `consumerprocurement.consents.list` `consumerprocurement.entitlements.*` `consumerprocurement.entitlements.get` `consumerprocurement.entitlements.list` `consumerprocurement.freeTrials.get` `consumerprocurement.freeTrials.list` `orgpolicy.policy.get` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.services.get` `serviceusage.services.list`
Consumer Procurement Events Viewer (`roles/consumerprocurement.eventsViewer`) Allows viewing key events for an offer	`consumerprocurement.events.*` `consumerprocurement.events.get` `consumerprocurement.events.list`
Consumer Procurement Order Administrator (`roles/consumerprocurement.orderAdmin`) Allows managing purchases.	`billing.accounts.get` `billing.accounts.getIamPolicy` `billing.accounts.list` `billing.accounts.redeemPromotion` `billing.credits.list` `billing.resourceAssociations.create` `commerceoffercatalog.` `commerceoffercatalog.agreements.get` `commerceoffercatalog.agreements.list` `commerceoffercatalog.documents.get` `commerceoffercatalog.documents.list` `commerceoffercatalog.offers.get` `consumerprocurement.accounts.` `consumerprocurement.accounts.create` `consumerprocurement.accounts.delete` `consumerprocurement.accounts.get` `consumerprocurement.accounts.list` `consumerprocurement.consents.check` `consumerprocurement.consents.grant` `consumerprocurement.consents.list` `consumerprocurement.consents.revoke` `consumerprocurement.events.` `consumerprocurement.events.get` `consumerprocurement.events.list` `consumerprocurement.orderAttributions.` `consumerprocurement.orderAttributions.get` `consumerprocurement.orderAttributions.list` `consumerprocurement.orderAttributions.update` `consumerprocurement.orders.*` `consumerprocurement.orders.cancel` `consumerprocurement.orders.get` `consumerprocurement.orders.list` `consumerprocurement.orders.modify` `consumerprocurement.orders.place`
Consumer Procurement Order Viewer (`roles/consumerprocurement.orderViewer`) Allows inspecting purchases.	`billing.accounts.get` `billing.accounts.getIamPolicy` `billing.accounts.list` `billing.credits.list` `commerceoffercatalog.*` `commerceoffercatalog.agreements.get` `commerceoffercatalog.agreements.list` `commerceoffercatalog.documents.get` `commerceoffercatalog.documents.list` `commerceoffercatalog.offers.get` `consumerprocurement.accounts.get` `consumerprocurement.accounts.list` `consumerprocurement.consents.check` `consumerprocurement.consents.list` `consumerprocurement.orderAttributions.get` `consumerprocurement.orderAttributions.list` `consumerprocurement.orders.get` `consumerprocurement.orders.list`
Consumer Procurement Administrator (`roles/consumerprocurement.procurementAdmin`) Allows managing purchases, consents at both billing account and project level.	`billing.accounts.get` `billing.accounts.getIamPolicy` `billing.accounts.list` `billing.accounts.redeemPromotion` `billing.credits.list` `billing.resourceAssociations.create` `commerceoffercatalog.` `commerceoffercatalog.agreements.get` `commerceoffercatalog.agreements.list` `commerceoffercatalog.documents.get` `commerceoffercatalog.documents.list` `commerceoffercatalog.offers.get` `consumerprocurement.` `consumerprocurement.accounts.create` `consumerprocurement.accounts.delete` `consumerprocurement.accounts.get` `consumerprocurement.accounts.list` `consumerprocurement.consents.allowProjectGrant` `consumerprocurement.consents.check` `consumerprocurement.consents.grant` `consumerprocurement.consents.list` `consumerprocurement.consents.revoke` `consumerprocurement.entitlements.get` `consumerprocurement.entitlements.list` `consumerprocurement.events.get` `consumerprocurement.events.list` `consumerprocurement.freeTrials.create` `consumerprocurement.freeTrials.get` `consumerprocurement.freeTrials.list` `consumerprocurement.orderAttributions.get` `consumerprocurement.orderAttributions.list` `consumerprocurement.orderAttributions.update` `consumerprocurement.orders.cancel` `consumerprocurement.orders.get` `consumerprocurement.orders.list` `consumerprocurement.orders.modify` `consumerprocurement.orders.place` `orgpolicy.policy.get` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.services.disable` `serviceusage.services.enable` `serviceusage.services.get` `serviceusage.services.list`
Consumer Procurement Viewer (`roles/consumerprocurement.procurementViewer`) Allows inspecting purchases, consents and entitlements and service states for a consumer project.	`billing.accounts.get` `billing.accounts.getIamPolicy` `billing.accounts.list` `billing.credits.list` `commerceoffercatalog.` `commerceoffercatalog.agreements.get` `commerceoffercatalog.agreements.list` `commerceoffercatalog.documents.get` `commerceoffercatalog.documents.list` `commerceoffercatalog.offers.get` `consumerprocurement.accounts.get` `consumerprocurement.accounts.list` `consumerprocurement.consents.check` `consumerprocurement.consents.list` `consumerprocurement.entitlements.` `consumerprocurement.entitlements.get` `consumerprocurement.entitlements.list` `consumerprocurement.freeTrials.get` `consumerprocurement.freeTrials.list` `consumerprocurement.orderAttributions.get` `consumerprocurement.orderAttributions.list` `consumerprocurement.orders.get` `consumerprocurement.orders.list` `orgpolicy.policy.get` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.services.get` `serviceusage.services.list`

Commerce Business Enablement Configuration Admin ^Beta

(roles/commercebusinessenablement.admin)

Admin of Various Provider Configuration resources

commercebusinessenablement.leadgenConfig.*

commercebusinessenablement.leadgenConfig.get
commercebusinessenablement.leadgenConfig.update

commercebusinessenablement.partnerAccounts.*

commercebusinessenablement.partnerAccounts.get
commercebusinessenablement.partnerAccounts.list

commercebusinessenablement.partnerInfo.get

commercebusinessenablement.resellerConfig.*

commercebusinessenablement.resellerConfig.get
commercebusinessenablement.resellerConfig.update

commercebusinessenablement.resellerRestrictions.*

commercebusinessenablement.resellerRestrictions.list
commercebusinessenablement.resellerRestrictions.update

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

Commerce Business Enablement PaymentConfig Admin ^Beta

(roles/commercebusinessenablement.paymentConfigAdmin)

Administration of Payment Configuration resource

commercebusinessenablement.partnerInfo.get

commercebusinessenablement.paymentConfig.*

commercebusinessenablement.paymentConfig.get
commercebusinessenablement.paymentConfig.update

resourcemanager.projects.get

resourcemanager.projects.list

Commerce Business Enablement PaymentConfig Viewer ^Beta

(roles/commercebusinessenablement.paymentConfigViewer)

Viewer of Payment Configuration resource

commercebusinessenablement.partnerInfo.get

commercebusinessenablement.paymentConfig.get

resourcemanager.projects.get

resourcemanager.projects.list

Commerce Business Enablement Rebates Admin ^Beta

(roles/commercebusinessenablement.rebatesAdmin)

Provides admin access to rebates

commercebusinessenablement.operations.*

commercebusinessenablement.operations.cancel
commercebusinessenablement.operations.delete
commercebusinessenablement.operations.get
commercebusinessenablement.operations.list

commercebusinessenablement.partnerInfo.get

commercebusinessenablement.refunds.*

commercebusinessenablement.refunds.cancel
commercebusinessenablement.refunds.create
commercebusinessenablement.refunds.delete
commercebusinessenablement.refunds.get
commercebusinessenablement.refunds.list
commercebusinessenablement.refunds.start
commercebusinessenablement.refunds.update

Commerce Business Enablement Rebates Viewer ^Beta

(roles/commercebusinessenablement.rebatesViewer)

Provides read-only access to rebates

commercebusinessenablement.operations.get

commercebusinessenablement.operations.list

commercebusinessenablement.partnerInfo.get

commercebusinessenablement.refunds.get

commercebusinessenablement.refunds.list

Commerce Business Enablement Reseller Discount Admin ^Beta

(roles/commercebusinessenablement.resellerDiscountAdmin)

Provides admin access to reseller discount offers

commercebusinessenablement.partnerAccounts.*

commercebusinessenablement.partnerAccounts.get
commercebusinessenablement.partnerAccounts.list

commercebusinessenablement.partnerInfo.get

commercebusinessenablement.resellerConfig.get

commercebusinessenablement.resellerDiscountConfig.get

commercebusinessenablement.resellerDiscountOffers.*

commercebusinessenablement.resellerDiscountOffers.cancel
commercebusinessenablement.resellerDiscountOffers.create
commercebusinessenablement.resellerDiscountOffers.list

commercebusinessenablement.resellerPrivateOfferPlans.*

commercebusinessenablement.resellerPrivateOfferPlans.cancel
commercebusinessenablement.resellerPrivateOfferPlans.create
commercebusinessenablement.resellerPrivateOfferPlans.delete
commercebusinessenablement.resellerPrivateOfferPlans.get
commercebusinessenablement.resellerPrivateOfferPlans.list
commercebusinessenablement.resellerPrivateOfferPlans.publish
commercebusinessenablement.resellerPrivateOfferPlans.update

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

Commerce Business Enablement Reseller Discount Viewer ^Beta

(roles/commercebusinessenablement.resellerDiscountViewer)

Provides read-only access to reseller discount offers

commercebusinessenablement.partnerAccounts.*

commercebusinessenablement.partnerAccounts.get
commercebusinessenablement.partnerAccounts.list

commercebusinessenablement.partnerInfo.get

commercebusinessenablement.resellerConfig.get

commercebusinessenablement.resellerDiscountConfig.get

commercebusinessenablement.resellerDiscountOffers.list

commercebusinessenablement.resellerPrivateOfferPlans.get

commercebusinessenablement.resellerPrivateOfferPlans.list

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

Commerce Business Enablement Configuration Viewer ^Beta

(roles/commercebusinessenablement.viewer)

Viewer of Various Provider Configuration resource

commercebusinessenablement.leadgenConfig.get

commercebusinessenablement.partnerAccounts.*

commercebusinessenablement.partnerAccounts.get
commercebusinessenablement.partnerAccounts.list

commercebusinessenablement.partnerInfo.get

commercebusinessenablement.resellerConfig.get

commercebusinessenablement.resellerRestrictions.list

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

Commerce Offer Catalog Offers Viewer ^Beta

(roles/commerceoffercatalog.offersViewer)

Allows viewing offers

commerceoffercatalog.*

commerceoffercatalog.agreements.get
commerceoffercatalog.agreements.list
commerceoffercatalog.documents.get
commerceoffercatalog.documents.list
commerceoffercatalog.offers.get

Commerce Organization Governance Admin ^Beta

(roles/commerceorggovernance.admin)

Full access to Organization Governance APIs

commerceorggovernance.*

commerceorggovernance.collectionRequestApprovals.list
commerceorggovernance.collectionRequestApprovals.review
commerceorggovernance.collections.create
commerceorggovernance.collections.delete
commerceorggovernance.collections.get
commerceorggovernance.collections.list
commerceorggovernance.collections.update
commerceorggovernance.consumerSharingPolicies.get
commerceorggovernance.consumerSharingPolicies.update
commerceorggovernance.organizationSettings.get
commerceorggovernance.organizationSettings.update
commerceorggovernance.populateCollectionJobs.create
commerceorggovernance.populateCollectionJobs.list
commerceorggovernance.populateCollectionJobs.run
commerceorggovernance.populateCollectionJobs.update
commerceorggovernance.services.get
commerceorggovernance.services.list
commerceorggovernance.services.request

resourcemanager.projects.get

resourcemanager.projects.list

Governed Marketplace User ^Beta

(roles/commerceorggovernance.user)

Full access to Governed Marketplace features.

commerceorggovernance.services.*

commerceorggovernance.services.get
commerceorggovernance.services.list
commerceorggovernance.services.request

resourcemanager.projects.get

resourcemanager.projects.list

Commerce Organization Governance Viewer ^Beta

(roles/commerceorggovernance.viewer)

Full access to Organization Governance read-only APIs.

commerceorggovernance.collections.get

commerceorggovernance.collections.list

commerceorggovernance.consumerSharingPolicies.get

commerceorggovernance.organizationSettings.get

commerceorggovernance.populateCollectionJobs.list

commerceorggovernance.services.get

commerceorggovernance.services.list

resourcemanager.projects.get

resourcemanager.projects.list

Commerce Price Management Events Viewer ^Beta

(roles/commercepricemanagement.eventsViewer)

Allows viewing key events for an offer

commerceprice.events.*

commerceprice.events.get
commerceprice.events.list

resourcemanager.projects.get

resourcemanager.projects.list

Commerce Price Management Private Offers Admin ^Beta

(roles/commercepricemanagement.privateOffersAdmin)

Allows managing private offers

commerceagreementpublishing.*

commerceagreementpublishing.agreements.create
commerceagreementpublishing.agreements.delete
commerceagreementpublishing.agreements.get
commerceagreementpublishing.agreements.list
commerceagreementpublishing.agreements.update
commerceagreementpublishing.documents.create
commerceagreementpublishing.documents.delete
commerceagreementpublishing.documents.get
commerceagreementpublishing.documents.list
commerceagreementpublishing.documents.update

commerceprice.*

commerceprice.events.get
commerceprice.events.list
commerceprice.privateoffers.cancel
commerceprice.privateoffers.create
commerceprice.privateoffers.delete
commerceprice.privateoffers.get
commerceprice.privateoffers.list
commerceprice.privateoffers.publish
commerceprice.privateoffers.sendEmail
commerceprice.privateoffers.update

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.services.get

serviceusage.services.list

Commerce Price Management Viewer ^Beta

(roles/commercepricemanagement.viewer)

Allows viewing offers, free trials, skus

commerceagreementpublishing.agreements.get

commerceagreementpublishing.agreements.list

commerceagreementpublishing.documents.get

commerceagreementpublishing.documents.list

commerceprice.privateoffers.get

commerceprice.privateoffers.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.services.get

serviceusage.services.list

Commerce Producer Admin ^Beta

(roles/commerceproducer.admin)

Grants full access to all resources in Cloud Commerce Producer API.

commercebusinessenablement.partnerInfo.get

resourcemanager.projects.get

resourcemanager.projects.list

Commerce Producer Viewer ^Beta

(roles/commerceproducer.viewer)

Grants read access to all resources in Cloud Commerce Producer API.

commercebusinessenablement.partnerInfo.get

resourcemanager.projects.get

resourcemanager.projects.list

Consumer Procurement Entitlement Manager

(roles/consumerprocurement.entitlementManager)

Allows managing entitlements and enabling, disabling, and inspecting service states for a consumer project.

commerceoffercatalog.offers.get

consumerprocurement.consents.check

consumerprocurement.consents.grant

consumerprocurement.consents.list

consumerprocurement.consents.revoke

consumerprocurement.entitlements.*

consumerprocurement.entitlements.get
consumerprocurement.entitlements.list

consumerprocurement.freeTrials.*

consumerprocurement.freeTrials.create
consumerprocurement.freeTrials.get
consumerprocurement.freeTrials.list

orgpolicy.policy.get

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.services.disable

serviceusage.services.enable

serviceusage.services.get

serviceusage.services.list

Consumer Procurement Entitlement Viewer

(roles/consumerprocurement.entitlementViewer)

Allows inspecting entitlements and service states for a consumer project.

commerceoffercatalog.offers.get

consumerprocurement.consents.check

consumerprocurement.consents.list

consumerprocurement.entitlements.*

consumerprocurement.entitlements.get
consumerprocurement.entitlements.list

consumerprocurement.freeTrials.get

consumerprocurement.freeTrials.list

orgpolicy.policy.get

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.services.get

serviceusage.services.list

Consumer Procurement Events Viewer

(roles/consumerprocurement.eventsViewer)

Allows viewing key events for an offer

consumerprocurement.events.*

consumerprocurement.events.get
consumerprocurement.events.list

Consumer Procurement Order Administrator

(roles/consumerprocurement.orderAdmin)

Allows managing purchases.

billing.accounts.get

billing.accounts.getIamPolicy

billing.accounts.list

billing.accounts.redeemPromotion

billing.credits.list

billing.resourceAssociations.create

commerceoffercatalog.*

commerceoffercatalog.agreements.get
commerceoffercatalog.agreements.list
commerceoffercatalog.documents.get
commerceoffercatalog.documents.list
commerceoffercatalog.offers.get

consumerprocurement.accounts.*

consumerprocurement.accounts.create
consumerprocurement.accounts.delete
consumerprocurement.accounts.get
consumerprocurement.accounts.list

consumerprocurement.consents.check

consumerprocurement.consents.grant

consumerprocurement.consents.list

consumerprocurement.consents.revoke

consumerprocurement.events.*

consumerprocurement.events.get
consumerprocurement.events.list

consumerprocurement.orderAttributions.*

consumerprocurement.orderAttributions.get
consumerprocurement.orderAttributions.list
consumerprocurement.orderAttributions.update

consumerprocurement.orders.*

consumerprocurement.orders.cancel
consumerprocurement.orders.get
consumerprocurement.orders.list
consumerprocurement.orders.modify
consumerprocurement.orders.place

Consumer Procurement Order Viewer

(roles/consumerprocurement.orderViewer)

Allows inspecting purchases.

billing.accounts.get

billing.accounts.getIamPolicy

billing.accounts.list

billing.credits.list

commerceoffercatalog.*

commerceoffercatalog.agreements.get
commerceoffercatalog.agreements.list
commerceoffercatalog.documents.get
commerceoffercatalog.documents.list
commerceoffercatalog.offers.get

consumerprocurement.accounts.get

consumerprocurement.accounts.list

consumerprocurement.consents.check

consumerprocurement.consents.list

consumerprocurement.orderAttributions.get

consumerprocurement.orderAttributions.list

consumerprocurement.orders.get

consumerprocurement.orders.list

Consumer Procurement Administrator

(roles/consumerprocurement.procurementAdmin)

Allows managing purchases, consents at both billing account and project level.

billing.accounts.get

billing.accounts.getIamPolicy

billing.accounts.list

billing.accounts.redeemPromotion

billing.credits.list

billing.resourceAssociations.create

commerceoffercatalog.*

commerceoffercatalog.agreements.get
commerceoffercatalog.agreements.list
commerceoffercatalog.documents.get
commerceoffercatalog.documents.list
commerceoffercatalog.offers.get

consumerprocurement.*

consumerprocurement.accounts.create
consumerprocurement.accounts.delete
consumerprocurement.accounts.get
consumerprocurement.accounts.list
consumerprocurement.consents.allowProjectGrant
consumerprocurement.consents.check
consumerprocurement.consents.grant
consumerprocurement.consents.list
consumerprocurement.consents.revoke
consumerprocurement.entitlements.get
consumerprocurement.entitlements.list
consumerprocurement.events.get
consumerprocurement.events.list
consumerprocurement.freeTrials.create
consumerprocurement.freeTrials.get
consumerprocurement.freeTrials.list
consumerprocurement.orderAttributions.get
consumerprocurement.orderAttributions.list
consumerprocurement.orderAttributions.update
consumerprocurement.orders.cancel
consumerprocurement.orders.get
consumerprocurement.orders.list
consumerprocurement.orders.modify
consumerprocurement.orders.place

orgpolicy.policy.get

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.services.disable

serviceusage.services.enable

serviceusage.services.get

serviceusage.services.list

Consumer Procurement Viewer

(roles/consumerprocurement.procurementViewer)

Allows inspecting purchases, consents and entitlements and service states for a consumer project.

billing.accounts.get

billing.accounts.getIamPolicy

billing.accounts.list

billing.credits.list

commerceoffercatalog.*

commerceoffercatalog.agreements.get
commerceoffercatalog.agreements.list
commerceoffercatalog.documents.get
commerceoffercatalog.documents.list
commerceoffercatalog.offers.get

consumerprocurement.accounts.get

consumerprocurement.accounts.list

consumerprocurement.consents.check

consumerprocurement.consents.list

consumerprocurement.entitlements.*

consumerprocurement.entitlements.get
consumerprocurement.entitlements.list

consumerprocurement.freeTrials.get

consumerprocurement.freeTrials.list

consumerprocurement.orderAttributions.get

consumerprocurement.orderAttributions.list

consumerprocurement.orders.get

consumerprocurement.orders.list

orgpolicy.policy.get

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.services.get

serviceusage.services.list

Concessione di ruoli IAM agli utenti

Dai ruoli indicati nella tabella in alto, Ruoli consumerprocurement.orderAdmin e consumerprocurement.orderViewer devono essere assegnati a livello di account di fatturazione o organizzazione e consumerprocurement.entitlementManager e consumerprocurement.entitlementViewer i ruoli devono essere assegnati a livello di progetto o organizzazione.

Per concedere ruoli agli utenti che utilizzano gcloud, esegui uno dei seguenti comandi:

Organizzazione

Devi avere il resourcemanager.organizationAdmin per assegnare ruoli a livello di organizzazione.

gcloud organizations add-iam-policy-binding organization-id \
--member=member --role=role-id

I valori segnaposto sono:

organization-id: l'ID numerico dell'organizzazione a cui concedi la .
member: l'utente a cui stai concedendo l'accesso.
role-id: l'ID ruolo della tabella precedente.

Account di fatturazione

Devi avere il billing.admin per assegnare ruoli a livello di account di fatturazione.

gcloud beta billing accounts set-iam-policy account-id \
policy-file

I valori segnaposto sono:

account-id: l'ID account di fatturazione, che alla pagina Gestisci account di fatturazione.
policy-file: un file dei criteri IAM. in formato JSON o YAML. Il file dei criteri deve contenere gli ID ruolo di la tabella precedente e gli utenti a cui stai assegnando i ruoli.

Progetto

Devi avere il resourcemanager.folderAdmin per assegnare ruoli a livello di progetto.

gcloud projects add-iam-policy-binding project-id \
--member=member --role=role-id

I valori segnaposto sono:

project-id: il progetto a cui stai concedendo la concessione .
member: l'utente a cui stai concedendo l'accesso.
role-id: l'ID ruolo della tabella precedente.

Per concedere i ruoli agli utenti utilizzando la console Google Cloud, consulta IAM documentazione su come concedere, modificare e revocare l'accesso per gli utenti.

Utilizzo di ruoli personalizzati con Cloud Marketplace

Per avere un controllo granulare sulle autorizzazioni concesse agli utenti, creare ruoli personalizzati con le autorizzazioni che vuoi concedere.

Se crei un ruolo personalizzato per gli utenti che acquistano servizi da Cloud Marketplace, il ruolo deve includere queste autorizzazioni per account di fatturazione utilizzato per acquistare servizi:

billing.accounts.get, che in genere viene concessa con il Ruolo roles/consumerprocurement.orderAdmin.
consumerprocurement.orders.get, che in genere viene concessa con il Ruolo roles/consumerprocurement.orderAdmin.
consumerprocurement.orders.list, che in genere viene concessa con il Ruolo roles/consumerprocurement.orderAdmin.
consumerprocurement.orders.place, che in genere viene concessa con il Ruolo roles/consumerprocurement.orderAdmin.
consumerprocurement.accounts.get, che in genere viene concessa con il Ruolo roles/consumerprocurement.orderAdmin.
consumerprocurement.accounts.list, che in genere viene concessa con il Ruolo roles/consumerprocurement.orderAdmin.
consumerprocurement.accounts.create, che in genere viene concessa con il Ruolo roles/consumerprocurement.orderAdmin.

Accesso ai siti web dei partner con Single Sign-On (SSO)

Alcuni prodotti Marketplace supportano il Single Sign-On (SSO) al servizio sito web esterno. Gli utenti autorizzati all'interno dell'organizzazione hanno accesso a a "GESTISCI SU PROVIDER" disponibile nella pagina dei dettagli del prodotto. Questo indirizza gli utenti al sito web del partner. In alcuni casi, gli utenti viene visualizzato il messaggio "Accedi con Google". In altri casi, gli utenti hanno eseguito l'accesso a contesto condiviso dell'account.

Per accedere alla funzionalità SSO, gli utenti devono passare al prodotto dei dettagli e seleziona un progetto appropriato. Il progetto deve essere collegato a l'account di fatturazione in cui è stato acquistato il piano. Per maggiori dettagli su Marketplace per la gestione dei piani, consulta Gestione dei piani di fatturazione.

Inoltre, l'utente deve disporre di autorizzazioni IAM sufficienti all'interno dell'area selezionata progetto. Per la maggior parte dei prodotti, roles/consumerprocurement.entitlementManager (o roles/editor ruolo di base) è attualmente obbligatorio.

Autorizzazioni minime per prodotti specifici

I seguenti prodotti possono operare su un insieme diverso di autorizzazioni di accesso Funzionalità SSO:

Apache Kafka su Confluent Cloud
DataStax Astra per Apache Cassandra
Elastic Cloud
Neo4j Aura Professional
Redis Enterprise Cloud

Per questi prodotti, puoi utilizzare le seguenti autorizzazioni minime:

consumerprocurement.entitlements.get
consumerprocurement.entitlements.list
serviceusage.services.get
serviceusage.services.list
resourcemanager.projects.get

Queste autorizzazioni vengono in genere concesse con roles/consumerprocurement.entitlementManager oppure roles/consumerprocurement.entitlementViewer ruoli.

Controllo dell'accesso con IAM

Prima di iniziare

Ruoli IAM per l'acquisto e la gestione dei prodotti

Elenco di ruoli e autorizzazioni IAM

Commerce Business Enablement Configuration Admin Beta

Commerce Business Enablement PaymentConfig Admin Beta

Commerce Business Enablement PaymentConfig Viewer Beta

Commerce Business Enablement Rebates Admin Beta

Commerce Business Enablement Rebates Viewer Beta

Commerce Business Enablement Reseller Discount Admin Beta

Commerce Business Enablement Reseller Discount Viewer Beta

Commerce Business Enablement Configuration Viewer Beta

Commerce Offer Catalog Offers Viewer Beta

Commerce Organization Governance Admin Beta

Governed Marketplace User Beta

Commerce Organization Governance Viewer Beta

Commerce Price Management Events Viewer Beta

Commerce Price Management Private Offers Admin Beta

Commerce Price Management Viewer Beta

Commerce Producer Admin Beta

Commerce Producer Viewer Beta

Consumer Procurement Entitlement Manager

Consumer Procurement Entitlement Viewer

Consumer Procurement Events Viewer

Consumer Procurement Order Administrator

Consumer Procurement Order Viewer

Consumer Procurement Administrator

Consumer Procurement Viewer

Concessione di ruoli IAM agli utenti

Organizzazione

Account di fatturazione

Progetto

Utilizzo di ruoli personalizzati con Cloud Marketplace

Accesso ai siti web dei partner con Single Sign-On (SSO)

Autorizzazioni minime per prodotti specifici

Commerce Business Enablement Configuration Admin ^Beta

Commerce Business Enablement PaymentConfig Admin ^Beta

Commerce Business Enablement PaymentConfig Viewer ^Beta

Commerce Business Enablement Rebates Admin ^Beta

Commerce Business Enablement Rebates Viewer ^Beta

Commerce Business Enablement Reseller Discount Admin ^Beta

Commerce Business Enablement Reseller Discount Viewer ^Beta

Commerce Business Enablement Configuration Viewer ^Beta

Commerce Offer Catalog Offers Viewer ^Beta

Commerce Organization Governance Admin ^Beta

Governed Marketplace User ^Beta

Commerce Organization Governance Viewer ^Beta

Commerce Price Management Events Viewer ^Beta

Commerce Price Management Private Offers Admin ^Beta

Commerce Price Management Viewer ^Beta

Commerce Producer Admin ^Beta

Commerce Producer Viewer ^Beta