Questa pagina è stata tradotta dall'API Cloud Translation.

Controllo dell'accesso con IAM

Cloud Tasks utilizza Identity and Access Management (IAM) per controllo dell'accesso. Per un'introduzione a IAM e alle sue funzionalità, consulta la panoramica di IAM. Per scoprire come concedere e revocare l'accesso, consulta Gestire l'accesso a progetti, cartelle e organizzazioni.

Puoi configurare il controllo dell'accesso a livello di progetto e di coda. Ad esempio, potresti concedere a un utente l'autorizzazione per creare e aggiungere attività a una coda, ma non per eliminare la coda. In alternativa, puoi concedere a un gruppo di utenti l'accesso a tutte le risorse Cloud Tasks all'interno di un progetto. Per maggiori informazioni, consulta Configurazione della coda sicura.

Ogni metodo Cloud Tasks richiede che il chiamante disponga delle autorizzazioni necessarie. Questa pagina descrive le autorizzazioni e i ruoli supportati da Cloud Tasks. Le autorizzazioni vengono verificate anche quando queue.yaml o queue.xml viene aggiornato o quando viene utilizzata la console Google Cloud .

Abilita l'API Cloud Tasks

Per visualizzare e assegnare ruoli IAM per Cloud Tasks, devi abilitare l'API Cloud Tasks per il tuo progetto. Non potrai visualizzare i ruoli Cloud Tasks nella console Google Cloud finché non avrai abilitato l'API.

Console

Enable the Cloud Tasks API.

Roles required to enable APIs

To enable APIs, you need the Service Usage Admin IAM role (roles/serviceusage.serviceUsageAdmin), which contains the serviceusage.services.enable permission. Learn how to grant roles.

Enable the API

gcloud

Enable the Cloud Tasks API:

Roles required to enable APIs

To enable APIs, you need the Service Usage Admin IAM role (roles/serviceusage.serviceUsageAdmin), which contains the serviceusage.services.enable permission. Learn how to grant roles.

gcloud services enable cloudtasks.googleapis.com

Ruoli predefiniti

La tabella seguente elenca i ruoli IAM predefiniti di Cloud Tasks e le relative autorizzazioni.

I ruoli predefiniti coprono la maggior parte dei casi d'uso tipici. Se il tuo caso d'uso non è coperto dai ruoli predefiniti, puoi creare un ruolo personalizzato IAM.

Role Permissions

Role	Permissions
Cloud Tasks Admin ^Beta (`roles/cloudtasks.admin`) Full access to queues and tasks.	`cloudtasks.*` `cloudtasks.cmekConfig.get` `cloudtasks.cmekConfig.update` `cloudtasks.locations.get` `cloudtasks.locations.list` `cloudtasks.queues.create` `cloudtasks.queues.delete` `cloudtasks.queues.get` `cloudtasks.queues.getIamPolicy` `cloudtasks.queues.list` `cloudtasks.queues.pause` `cloudtasks.queues.purge` `cloudtasks.queues.resume` `cloudtasks.queues.setIamPolicy` `cloudtasks.queues.update` `cloudtasks.tasks.create` `cloudtasks.tasks.delete` `cloudtasks.tasks.fullView` `cloudtasks.tasks.get` `cloudtasks.tasks.list` `cloudtasks.tasks.run` `monitoring.timeSeries.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Cloud Tasks Enqueuer ^Beta (`roles/cloudtasks.enqueuer`) Access to create tasks.	`cloudtasks.tasks.create` `cloudtasks.tasks.fullView` `resourcemanager.projects.get` `resourcemanager.projects.list`
Cloud Tasks Queue Admin ^Beta (`roles/cloudtasks.queueAdmin`) Admin access to queues.	`cloudtasks.locations.` `cloudtasks.locations.get` `cloudtasks.locations.list` `cloudtasks.queues.` `cloudtasks.queues.create` `cloudtasks.queues.delete` `cloudtasks.queues.get` `cloudtasks.queues.getIamPolicy` `cloudtasks.queues.list` `cloudtasks.queues.pause` `cloudtasks.queues.purge` `cloudtasks.queues.resume` `cloudtasks.queues.setIamPolicy` `cloudtasks.queues.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Cloud Tasks Service Agent (`roles/cloudtasks.serviceAgent`) Grants Cloud Tasks Service Account access to manage resources. Warning: Do not grant service agent roles to any principals except service agents.	`iam.serviceAccounts.getAccessToken` `iam.serviceAccounts.getOpenIdToken` `logging.logEntries.create`
Cloud Tasks Task Deleter ^Beta (`roles/cloudtasks.taskDeleter`) Access to delete tasks.	`cloudtasks.tasks.delete` `resourcemanager.projects.get` `resourcemanager.projects.list`
Cloud Tasks Task Runner ^Beta (`roles/cloudtasks.taskRunner`) Access to run tasks.	`cloudtasks.tasks.fullView` `cloudtasks.tasks.run` `resourcemanager.projects.get` `resourcemanager.projects.list`
Cloud Tasks Viewer ^Beta (`roles/cloudtasks.viewer`) Get and list access to tasks, queues, and locations.	`cloudtasks.cmekConfig.get` `cloudtasks.locations.*` `cloudtasks.locations.get` `cloudtasks.locations.list` `cloudtasks.queues.get` `cloudtasks.queues.list` `cloudtasks.tasks.fullView` `cloudtasks.tasks.get` `cloudtasks.tasks.list` `monitoring.timeSeries.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

Cloud Tasks Admin ^Beta

(roles/cloudtasks.admin)

Full access to queues and tasks.

cloudtasks.*

cloudtasks.cmekConfig.get
cloudtasks.cmekConfig.update
cloudtasks.locations.get
cloudtasks.locations.list
cloudtasks.queues.create
cloudtasks.queues.delete
cloudtasks.queues.get
cloudtasks.queues.getIamPolicy
cloudtasks.queues.list
cloudtasks.queues.pause
cloudtasks.queues.purge
cloudtasks.queues.resume
cloudtasks.queues.setIamPolicy
cloudtasks.queues.update
cloudtasks.tasks.create
cloudtasks.tasks.delete
cloudtasks.tasks.fullView
cloudtasks.tasks.get
cloudtasks.tasks.list
cloudtasks.tasks.run

monitoring.timeSeries.list

resourcemanager.projects.get

resourcemanager.projects.list

Cloud Tasks Enqueuer ^Beta

(roles/cloudtasks.enqueuer)

Access to create tasks.

cloudtasks.tasks.create

cloudtasks.tasks.fullView

resourcemanager.projects.get

resourcemanager.projects.list

Cloud Tasks Queue Admin ^Beta

(roles/cloudtasks.queueAdmin)

Admin access to queues.

cloudtasks.locations.*

cloudtasks.locations.get
cloudtasks.locations.list

cloudtasks.queues.*

cloudtasks.queues.create
cloudtasks.queues.delete
cloudtasks.queues.get
cloudtasks.queues.getIamPolicy
cloudtasks.queues.list
cloudtasks.queues.pause
cloudtasks.queues.purge
cloudtasks.queues.resume
cloudtasks.queues.setIamPolicy
cloudtasks.queues.update

resourcemanager.projects.get

resourcemanager.projects.list

Cloud Tasks Service Agent

(roles/cloudtasks.serviceAgent)

Grants Cloud Tasks Service Account access to manage resources.

iam.serviceAccounts.getAccessToken

iam.serviceAccounts.getOpenIdToken

logging.logEntries.create

Cloud Tasks Task Deleter ^Beta

(roles/cloudtasks.taskDeleter)

Access to delete tasks.

cloudtasks.tasks.delete

resourcemanager.projects.get

resourcemanager.projects.list

Cloud Tasks Task Runner ^Beta

(roles/cloudtasks.taskRunner)

Access to run tasks.

cloudtasks.tasks.fullView

cloudtasks.tasks.run

resourcemanager.projects.get

resourcemanager.projects.list

Cloud Tasks Viewer ^Beta

(roles/cloudtasks.viewer)

Get and list access to tasks, queues, and locations.

cloudtasks.cmekConfig.get

cloudtasks.locations.*

cloudtasks.locations.get
cloudtasks.locations.list

cloudtasks.queues.get

cloudtasks.queues.list

cloudtasks.tasks.fullView

cloudtasks.tasks.get

cloudtasks.tasks.list

monitoring.timeSeries.list

resourcemanager.projects.get

resourcemanager.projects.list

Passaggi successivi

Autenticarsi in Cloud Tasks

Controllo dell'accesso con IAM Mantieni tutto organizzato con le raccolte Salva e classifica i contenuti in base alle tue preferenze.

Abilita l'API Cloud Tasks

Console

gcloud

Ruoli predefiniti

Cloud Tasks Admin Beta

Cloud Tasks Enqueuer Beta

Cloud Tasks Queue Admin Beta

Cloud Tasks Service Agent

Cloud Tasks Task Deleter Beta

Cloud Tasks Task Runner Beta

Cloud Tasks Viewer Beta

Passaggi successivi

Controllo dell'accesso con IAM

Cloud Tasks Admin ^Beta

Cloud Tasks Enqueuer ^Beta

Cloud Tasks Queue Admin ^Beta

Cloud Tasks Task Deleter ^Beta

Cloud Tasks Task Runner ^Beta

Cloud Tasks Viewer ^Beta