測試身分與存取權管理權限
透過集合功能整理內容
你可以依據偏好儲存及分類內容。
示範如何驗證建立發現項目的 IAM 權限
程式碼範例
Go
如要向 Security Command Center 進行驗證,請設定應用程式預設憑證。
詳情請參閱「為本機開發環境設定驗證」。
Java
如要向 Security Command Center 進行驗證,請設定應用程式預設憑證。
詳情請參閱「為本機開發環境設定驗證」。
Node.js
如要向 Security Command Center 進行驗證,請設定應用程式預設憑證。
詳情請參閱「為本機開發環境設定驗證」。
Python
如要向 Security Command Center 進行驗證,請設定應用程式預設憑證。
詳情請參閱「為本機開發環境設定驗證」。
除非另有註明,否則本頁面中的內容是採用創用 CC 姓名標示 4.0 授權,程式碼範例則為阿帕契 2.0 授權。詳情請參閱《Google Developers 網站政策》。Java 是 Oracle 和/或其關聯企業的註冊商標。
[[["容易理解","easyToUnderstand","thumb-up"],["確實解決了我的問題","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["難以理解","hardToUnderstand","thumb-down"],["資訊或程式碼範例有誤","incorrectInformationOrSampleCode","thumb-down"],["缺少我需要的資訊/範例","missingTheInformationSamplesINeed","thumb-down"],["翻譯問題","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],[],[],[],null,["Demonstrates how to verify IAM permissions to create findings\n\nCode sample \n\nGo\n\n\nTo authenticate to Security Command Center, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n import (\n \t\"context\"\n \t\"fmt\"\n \t\"io\"\n\n \tiam \"cloud.google.com/go/iam/apiv1/iampb\"\n \tsecuritycenter \"cloud.google.com/go/securitycenter/apiv1\"\n )\n\n // testIam demonstrates how to determine if your service user has appropriate\n // access to create and update findings, it writes permissions to w.\n // sourceName is the full resource name of the source to test for permissions.\n func testIam(w io.Writer, sourceName string) error {\n \t// sourceName := \"organizations/111122222444/sources/1234\"\n \t// Instantiate a context and a security service client to make API calls.\n \tctx := context.Background()\n \tclient, err := securitycenter.https://cloud.google.com/go/docs/reference/cloud.google.com/go/securitycenter/latest/apiv1.html#cloud_google_com_go_securitycenter_apiv1_Client_NewClient(ctx)\n \tif err != nil {\n \t\treturn fmt.Errorf(\"securitycenter.NewClient: %w\", err)\n \t}\n \tdefer client.https://cloud.google.com/go/docs/reference/cloud.google.com/go/securitycenter/latest/apiv1.html#cloud_google_com_go_securitycenter_apiv1_Client_Close() // Closing the client safely cleans up background resources.\n \t// Check for create/update Permissions.\n \treq := &iam.https://cloud.google.com/go/docs/reference/cloud.google.com/go/iam/latest/apiv1/iampb.html#cloud_google_com_go_iam_apiv1_iampb_TestIamPermissionsRequest{\n \t\tResource: sourceName,\n \t\tPermissions: []string{\"securitycenter.findings.update\"},\n \t}\n\n \tpolicy, err := client.TestIamPermissions(ctx, req)\n \tif err != nil {\n \t\treturn fmt.Errorf(\"Error getting IAM policy: %w\", err)\n \t}\n \tfmt.Fprintf(w, \"Permision to create/update findings? %t\",\n \t\tlen(policy.Permissions) \u003e 0)\n\n \t// Check for updating state Permissions\n \treq = &iam.https://cloud.google.com/go/docs/reference/cloud.google.com/go/iam/latest/apiv1/iampb.html#cloud_google_com_go_iam_apiv1_iampb_TestIamPermissionsRequest{\n \t\tResource: sourceName,\n \t\tPermissions: []string{\"securitycenter.findings.setState\"},\n \t}\n\n \tpolicy, err = client.TestIamPermissions(ctx, req)\n \tif err != nil {\n \t\treturn fmt.Errorf(\"Error getting IAM policy: %w\", err)\n \t}\n \tfmt.Fprintf(w, \"Permision to update state? %t\",\n \t\tlen(policy.Permissions) \u003e 0)\n\n \treturn nil\n }\n\nJava\n\n\nTo authenticate to Security Command Center, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n static TestIamPermissionsResponse testIamPermissions(SourceName sourceName) {\n try (SecurityCenterClient client = SecurityCenterClient.create()) {\n // SourceName sourceName = SourceName.of(/*organizationId=*/\"123234324\",\n // /*sourceId=*/\"423432321\");\n\n // Iam permission to test.\n List\u003cString\u003e permissionsToTest = new ArrayList\u003c\u003e();\n permissionsToTest.add(\"securitycenter.findings.update\");\n\n // Call the API.\n TestIamPermissionsResponse response =\n client.testIamPermissions(sourceName.toString(), permissionsToTest);\n System.out.println(\"IAM Permission:\");\n System.out.println(response);\n\n return response;\n } catch (IOException e) {\n throw new RuntimeException(\"Couldn't create client.\", e);\n }\n }\n\nNode.js\n\n\nTo authenticate to Security Command Center, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n // Imports the Google Cloud client library.\n const {SecurityCenterClient} = require('https://cloud.google.com/nodejs/docs/reference/security-center/latest/overview.html');\n\n // Creates a new client.\n const client = new https://cloud.google.com/nodejs/docs/reference/security-center/latest/overview.html();\n\n // sourceName is the full resource name of the source to test for permissions.\n /*\n * TODO(developer): Uncomment the following lines\n */\n // const sourceName = \"organizations/111122222444/sources/1234\";\n async function testIam() {\n {\n const [policy] = await client.testIamPermissions({\n resource: sourceName,\n permissions: ['securitycenter.findings.update'],\n });\n console.log(\n `Permissions to create/update findings? ${\n policy.permissions.length \u003e 0\n }`\n );\n }\n {\n const [policy] = await client.testIamPermissions({\n resource: sourceName,\n permissions: ['securitycenter.findings.setState'],\n });\n console.log(\n `Permissions to update state? ${policy.permissions.length \u003e 0}`\n );\n }\n }\n testIam();\n\nPython\n\n\nTo authenticate to Security Command Center, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n from google.cloud import securitycenter_v1\n\n # Create a client.\n client = securitycenter_v1.SecurityCenterClient()\n # 'source_name' is the resource path for a source that has been\n # created previously (you can use list_sources to find a specific one).\n # Its format is:\n # source_name = \"organizations/{organization_id}/sources/{source_id}\"\n # e.g.:\n # source_name = \"organizations/111122222444/sources/1234\"\n\n # Check for permssions to call create_finding or update_finding.\n permission_response = client.https://cloud.google.com/python/docs/reference/securitycenter/latest/google.cloud.securitycenter_v1.services.security_center.SecurityCenterClient.html#google_cloud_securitycenter_v1_services_security_center_SecurityCenterClient_test_iam_permissions(\n request={\n \"resource\": source_name,\n \"permissions\": [\"securitycenter.findings.update\"],\n }\n )\n\n print(\n \"Permision to create or update findings? {}\".format(\n len(permission_response.permissions) \u003e 0\n )\n )\n # Check for permissions necessary to call set_finding_state.\n permission_response = client.https://cloud.google.com/python/docs/reference/securitycenter/latest/google.cloud.securitycenter_v1.services.security_center.SecurityCenterClient.html#google_cloud_securitycenter_v1_services_security_center_SecurityCenterClient_test_iam_permissions(\n request={\n \"resource\": source_name,\n \"permissions\": [\"securitycenter.findings.setState\"],\n }\n )\n print(f\"Permision to update state? {len(permission_response.permissions) \u003e 0}\")\n\nWhat's next\n\n\nTo search and filter code samples for other Google Cloud products, see the\n[Google Cloud sample browser](/docs/samples?product=securitycenter)."]]
