根據預設,任何具備 Google Cloud 專案 Google Cloud Identity and Access Management (IAM) 權限的使用者,都可以存取 Google Cloud Marketplace 來探索新產品。resourcemanager.projects.get如果您想在 Google Cloud 機構中強制執行更嚴格的治理和採購政策,可以使用 Marketplace 使用者存取限制,要求使用者具備額外的 IAM 權限才能執行某些工作。
必要的 IAM 權限
開啟 Marketplace 使用者存取限制後,貴機構的使用者必須具備下列 IAM 權限,才能完成下列工作:
[[["容易理解","easyToUnderstand","thumb-up"],["確實解決了我的問題","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["難以理解","hardToUnderstand","thumb-down"],["資訊或程式碼範例有誤","incorrectInformationOrSampleCode","thumb-down"],["缺少我需要的資訊/範例","missingTheInformationSamplesINeed","thumb-down"],["翻譯問題","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["上次更新時間:2025-09-04 (世界標準時間)。"],[],[],null,["# Manage user access with Marketplace User Access Restrictions\n\nBy default, any user with the Identity and Access Management (IAM) permission\n`resourcemanager.projects.get` for a Google Cloud project can access\nGoogle Cloud Marketplace to discover new products. If you want to enforce stricter\ngovernance and procurement policies in your Google Cloud organization,\nyou can use Marketplace User Access Restrictions to require that users have\nadditional IAM permissions to accomplish some tasks.\n\nRequired IAM permissions\n------------------------\n\nAfter you turn on Marketplace User Access Restrictions, your organization's users\nmust have the following IAM permissions to complete the following\ntasks:\n\nThe\n[Governed Marketplace User](/marketplace/docs/access-control#commerceorggovernance.user)\nIAM role contains the following IAM permissions:\n\n- `commerceorggovernance.services.get`\n- `commerceorggovernance.services.list`\n- `commerceorggovernance.services.request`\n- `resourcemanager.projects.get`\n- `consumerprocurement.entitlements.list`\n\nWhen Cloud Marketplace User Access Restrictions is turned on for your\norganization, you must have these IAM permissions to do the\nfollowing:\n\n- `commerceorggovernance.services.list` lets you view and interact with the Google Cloud Private Marketplace homepage.\n- `commerceorggovernance.services.get` lets you interact with product listing pages.\n- If [Request Product](/marketplace/docs/governance/product-requests) is turned on, `commerceorggovernance.services.request` and `consumerprocurement.entitlements.list` let you request unapproved products or products that haven't been procured.\n\n| **Caution:** Ensure that key billing, organization, and project administrators have these roles assigned to them to not disrupt their associated Cloud Marketplace experience.\n\nBefore you begin\n----------------\n\n1. Ensure you have sufficient roles to enable Marketplace User Access Restrictions. You can find the required details listed [above](#required-permissions).\n\n2. Ensure users and administrators in your organization that require access to the Marketplace are given sufficient roles. You can find the required roles listed [above](#required-permissions).\n\n3. Verify that Google Cloud Private Marketplace supports the products that you plan to use. For a\n list of supported products, see\n [Supported products](/marketplace/docs/governance/private-marketplace#supported-products).\n\nTurn on Marketplace User Access Restrictions\n--------------------------------------------\n\nBy default, Marketplace User Access Restrictions is turned off for your organization.\n\nAfter you've assigned the [above IAM roles](#required-permissions) to relevant users and administrators in your organization, to turn this feature on, complete the following steps:\n\n1. In Cloud Marketplace, click **Marketplace Governance**.\n\n [Go to Marketplace](https://console.cloud.google.com/marketplace)\n2. In Governance settings, click the toggle to enable Marketplace User Access Restrictions.\n\n3. Click Confirm in the dialog.\n\n| **Note:** to disable this feature, click the toggle to turn-off enforcement. The experience for all users in your organization will revert to the default Google Cloud Marketplace experience"]]