访问控制

Service Usage 使用 Identity and Access Management 来控制对服务的访问权限。本页面说明了与 Service Usage 相关的 IAM 角色和权限,以及如何使用这些角色和权限来控制访问。

资源模型

对 Service Usage 而言,相关资源有三个:

  1. 您所使用的服务。

  2. 您从中使用该服务的项目。

  3. 某些方法返回的操作或长时间运行操作。

每种 Service Usage 方法都需要拥有访问其中一个或多个资源的权限。

IAM 权限

下表显示了每个 Service Usage API 方法所需的权限。您还可以在 API 参考中找到此信息。

方法 所需权限
services.batchEnable 针对项目:serviceusage.services.enable
针对服务:servicemanagement.services.bind
services.enable 针对项目:serviceusage.services.enable
针对服务:servicemanagement.services.bind
services.disable 针对项目:serviceusage.services.disable
services.get 针对项目:serviceusage.services.get
services.list 针对项目:serviceusage.services.list
services.consumerQuotaMetrics.list
services.consumerQuotaMetrics.get
services.consumerQuotaMetrics.limits.get
services.consumerQuotaMetrics.limits.consumerOverrides.list
services.consumerQuotaMetrics.limits.adminOverrides.list
services.consumerQuotaMetrics.limits.producerOverrides.list
针对项目:serviceusage.quota.get
针对服务:servicemanagement.services.bind
services.consumerQuotaMetrics.consumerOverrides.create
services.consumerQuotaMetrics.consumerOverrides.patch
services.consumerQuotaMetrics.consumerOverrides.delete
services.adminQuotaMetrics.adminOverrides.create
services.adminQuotaMetrics.adminOverrides.patch
services.adminQuotaMetrics.adminOverrides.delete
针对项目:serviceusage.quota.update
针对服务:servicemanagement.services.bind
使用项目进行配额计算和结算。如需了解详情,请参阅系统参数 针对项目:serviceusage.services.use

IAM 角色

IAM 是通过将用户绑定到角色来授予权限。如需了解详情,请参阅了解角色

下表列出了适用于 Service Usage 的预定义角色。

角色 权限
roles/viewer serviceusage.services.get
serviceusage.services.list
serviceusage.quotas.get
roles/editor
roles/owner
serviceusage.services.get
serviceusage.services.list
serviceusage.services.disable
serviceusage.services.enable
serviceusage.services.use
serviceusage.quotas.get
serviceusage.quotas.update
roles/serviceusage.serviceUsageViewer serviceusage.services.get
serviceusage.services.list
serviceusage.quotas.get
roles/serviceusage.serviceUsageConsumer serviceusage.services.get
serviceusage.services.list
serviceusage.services.use
serviceusage.quotas.get
roles/serviceusage.serviceUsageAdmin serviceusage.services.get
serviceusage.services.list
serviceusage.services.use
serviceusage.services.enable
serviceusage.services.disable
serviceusage.quotas.get
serviceusage.quotas.update
roles/servicemanagement.serviceConsumer servicemanagement.services.bind