Esta página foi traduzida pela API Cloud Translation.

Controle de acesso com o IAM

O Service Usage usa o gerenciamento de identidade e acesso (IAM) para controlar o acesso a serviços. Nesta página, explicamos os papéis e permissões de IAM relacionados ao Service Usage e como usá-los para controlar o acesso.

Modelo de recurso

Para o Service Usage, existem três recursos relevantes:

o serviço que você está usando
o projeto em que você está usando o serviço
a operação ou operação de longa duração retornada por determinados métodos

Cada método do Service Usage exige uma permissão de um ou mais desses recursos.

Permissões IAM

A tabela a seguir mostra as permissões necessárias para cada método da Service Usage API. Você também pode encontrar esta informação na Referência da API.

Método	Permissões necessárias
`services.batchEnable`	No projeto: `serviceusage.services.enable` Nos serviços: `servicemanagement.services.bind`
`services.enable`	No projeto: `serviceusage.services.enable` No serviço: `servicemanagement.services.bind`
`services.disable`	No projeto: `serviceusage.services.disable`
`services.get`	No projeto: `serviceusage.services.get`
`services.list`	No projeto: `serviceusage.services.list`
`services.consumerQuotaMetrics.list services.consumerQuotaMetrics.get services.consumerQuotaMetrics.limits.get services.consumerQuotaMetrics.limits.consumerOverrides.list services.consumerQuotaMetrics.limits.adminOverrides.list services.consumerQuotaMetrics.limits.producerOverrides.list`	No projeto: `serviceusage.quota.get` No serviço: `servicemanagement.services.bind`
`services.consumerQuotaMetrics.consumerOverrides.create services.consumerQuotaMetrics.consumerOverrides.patch services.consumerQuotaMetrics.consumerOverrides.delete services.adminQuotaMetrics.adminOverrides.create services.adminQuotaMetrics.adminOverrides.patch services.adminQuotaMetrics.adminOverrides.delete`	No projeto: `serviceusage.quota.update` No serviço: `servicemanagement.services.bind`
Para usar um projeto para fins de cota e faturamento. Para mais informações, consulte Parâmetros do sistema.	No projeto: `serviceusage.services.use`

Papéis IAM

Com o IAM, você concede aos usuários permissão ao conceder um papel. As tabelas a seguir listam os papéis básicos e predefinidos do IAM e as permissões relacionadas ao Service Usage que esses papéis incluem.

Para mais informações sobre papéis, consulte Noções básicas sobre papéis.

Papéis básicos

Nome Título Permissões

roles/viewer Leitor serviceusage.services.get
serviceusage.services.list
serviceusage.quotas.get

Nome	Título	Permissões
`roles/viewer`	Leitor	serviceusage.services.get serviceusage.services.list serviceusage.quotas.get
`roles/editor` `roles/owner`	Editor Proprietário	serviceusage.services.get serviceusage.services.list serviceusage.services.disable serviceusage.services.enable serviceusage.services.use serviceusage.quotas.get serviceusage.quotas.update

roles/editor

roles/owner

Editor

Proprietário

serviceusage.services.get
serviceusage.services.list
serviceusage.services.disable
serviceusage.services.enable
serviceusage.services.use
serviceusage.quotas.get
serviceusage.quotas.update

Papéis predefinidos

Role Permissions

Role	Permissions
API Keys Admin (`roles/serviceusage.apiKeysAdmin`) Ability to create, delete, update, get and list API keys for a project.	`apikeys.` `apikeys.keys.create` `apikeys.keys.delete` `apikeys.keys.get` `apikeys.keys.getKeyString` `apikeys.keys.list` `apikeys.keys.lookup` `apikeys.keys.undelete` `apikeys.keys.update` `orgpolicy.policy.get` `serviceusage.apiKeys.` `serviceusage.apiKeys.regenerate` `serviceusage.apiKeys.revert`
API Keys Viewer (`roles/serviceusage.apiKeysViewer`) Ability to get and list API keys for a project.	`apikeys.keys.get` `apikeys.keys.getKeyString` `apikeys.keys.list` `apikeys.keys.lookup`
Service Usage Admin (`roles/serviceusage.serviceUsageAdmin`) Ability to enable, disable, and inspect service states, inspect operations, and consume quota and billing for a consumer project.	`monitoring.timeSeries.list` `serviceusage.quotas.` `serviceusage.quotas.get` `serviceusage.quotas.update` `serviceusage.services.` `serviceusage.services.disable` `serviceusage.services.enable` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.services.use`
Service Usage Consumer (`roles/serviceusage.serviceUsageConsumer`) Ability to inspect service states and operations, and consume quota and billing for a consumer project.	`monitoring.timeSeries.list` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.services.use`
Service Usage Viewer (`roles/serviceusage.serviceUsageViewer`) Ability to inspect service states and operations for a consumer project.	`monitoring.timeSeries.list` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list`

API Keys Admin

(roles/serviceusage.apiKeysAdmin)

Ability to create, delete, update, get and list API keys for a project.

apikeys.*

apikeys.keys.create
apikeys.keys.delete
apikeys.keys.get
apikeys.keys.getKeyString
apikeys.keys.list
apikeys.keys.lookup
apikeys.keys.undelete
apikeys.keys.update

orgpolicy.policy.get

serviceusage.apiKeys.*

serviceusage.apiKeys.regenerate
serviceusage.apiKeys.revert

API Keys Viewer

(roles/serviceusage.apiKeysViewer)

Ability to get and list API keys for a project.

apikeys.keys.get

apikeys.keys.getKeyString

apikeys.keys.list

apikeys.keys.lookup

Service Usage Admin

(roles/serviceusage.serviceUsageAdmin)

Ability to enable, disable, and inspect service states, inspect operations, and consume quota and billing for a consumer project.

monitoring.timeSeries.list

serviceusage.quotas.*

serviceusage.quotas.get
serviceusage.quotas.update

serviceusage.services.*

serviceusage.services.disable
serviceusage.services.enable
serviceusage.services.get
serviceusage.services.list
serviceusage.services.use

Service Usage Consumer

(roles/serviceusage.serviceUsageConsumer)

Ability to inspect service states and operations, and consume quota and billing for a consumer project.

monitoring.timeSeries.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.services.use

Service Usage Viewer

(roles/serviceusage.serviceUsageViewer)

Ability to inspect service states and operations for a consumer project.

monitoring.timeSeries.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list