Esta página foi traduzida pela API Cloud Translation.

Controlo de acesso com a IAM

O Cloud Tasks usa a gestão de identidade e de acesso (IAM) para o controlo de acesso. Para uma introdução ao IAM e às respetivas funcionalidades, consulte a vista geral do IAM. Para saber como conceder e revogar o acesso, consulte o artigo Gerir o acesso a projetos, pastas e organizações.

Pode configurar o controlo de acesso ao nível do projeto e ao nível da fila. Por exemplo, pode conceder a um utilizador autorização para criar e adicionar tarefas a uma fila, mas não para eliminar a fila. Em alternativa, pode conceder acesso a todos os recursos do Cloud Tasks num projeto a um grupo de utilizadores. Para mais informações, consulte o artigo Configuração segura da fila.

Todos os métodos da Cloud Tasks requerem que o autor da chamada tenha as autorizações necessárias. Esta página descreve as autorizações e as funções suportadas pelo Cloud Tasks. As autorizações também são verificadas quando o queue.yaml ou o queue.xml são atualizados, ou quando a Google Cloud console é usada.

Ative a API Cloud Tasks

Para ver e atribuir funções do IAM para o Cloud Tasks, tem de ativar a API Cloud Tasks para o seu projeto. Não vai poder ver as funções do Cloud Tasks na Google Cloud consola até ativar a API.

Consola

Enable the Cloud Tasks API.

Roles required to enable APIs

To enable APIs, you need the Service Usage Admin IAM role (roles/serviceusage.serviceUsageAdmin), which contains the serviceusage.services.enable permission. Learn how to grant roles.

Enable the API

gcloud

Enable the Cloud Tasks API:

Roles required to enable APIs

To enable APIs, you need the Service Usage Admin IAM role (roles/serviceusage.serviceUsageAdmin), which contains the serviceusage.services.enable permission. Learn how to grant roles.

gcloud services enable cloudtasks.googleapis.com

Funções predefinidas

A tabela seguinte apresenta as funções do IAM predefinidas do Cloud Tasks e as respetivas autorizações.

As funções predefinidas abordam os exemplos de utilização mais típicos. Se o seu exemplo de utilização não estiver coberto pelas funções predefinidas, pode criar uma função personalizada do IAM.

Role Permissions

Role	Permissions
Cloud Tasks Admin ^Beta (`roles/cloudtasks.admin`) Full access to queues and tasks.	`cloudtasks.*` `cloudtasks.cmekConfig.get` `cloudtasks.cmekConfig.update` `cloudtasks.locations.get` `cloudtasks.locations.list` `cloudtasks.queues.create` `cloudtasks.queues.delete` `cloudtasks.queues.get` `cloudtasks.queues.getIamPolicy` `cloudtasks.queues.list` `cloudtasks.queues.pause` `cloudtasks.queues.purge` `cloudtasks.queues.resume` `cloudtasks.queues.setIamPolicy` `cloudtasks.queues.update` `cloudtasks.tasks.create` `cloudtasks.tasks.delete` `cloudtasks.tasks.fullView` `cloudtasks.tasks.get` `cloudtasks.tasks.list` `cloudtasks.tasks.run` `monitoring.timeSeries.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Cloud Tasks Enqueuer ^Beta (`roles/cloudtasks.enqueuer`) Access to create tasks.	`cloudtasks.tasks.create` `cloudtasks.tasks.fullView` `resourcemanager.projects.get` `resourcemanager.projects.list`
Cloud Tasks Queue Admin ^Beta (`roles/cloudtasks.queueAdmin`) Admin access to queues.	`cloudtasks.locations.` `cloudtasks.locations.get` `cloudtasks.locations.list` `cloudtasks.queues.` `cloudtasks.queues.create` `cloudtasks.queues.delete` `cloudtasks.queues.get` `cloudtasks.queues.getIamPolicy` `cloudtasks.queues.list` `cloudtasks.queues.pause` `cloudtasks.queues.purge` `cloudtasks.queues.resume` `cloudtasks.queues.setIamPolicy` `cloudtasks.queues.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Cloud Tasks Service Agent (`roles/cloudtasks.serviceAgent`) Grants Cloud Tasks Service Account access to manage resources. Warning: Do not grant service agent roles to any principals except service agents.	`iam.serviceAccounts.getAccessToken` `iam.serviceAccounts.getOpenIdToken` `logging.logEntries.create`
Cloud Tasks Task Deleter ^Beta (`roles/cloudtasks.taskDeleter`) Access to delete tasks.	`cloudtasks.tasks.delete` `resourcemanager.projects.get` `resourcemanager.projects.list`
Cloud Tasks Task Runner ^Beta (`roles/cloudtasks.taskRunner`) Access to run tasks.	`cloudtasks.tasks.fullView` `cloudtasks.tasks.run` `resourcemanager.projects.get` `resourcemanager.projects.list`
Cloud Tasks Viewer ^Beta (`roles/cloudtasks.viewer`) Get and list access to tasks, queues, and locations.	`cloudtasks.cmekConfig.get` `cloudtasks.locations.*` `cloudtasks.locations.get` `cloudtasks.locations.list` `cloudtasks.queues.get` `cloudtasks.queues.list` `cloudtasks.tasks.fullView` `cloudtasks.tasks.get` `cloudtasks.tasks.list` `monitoring.timeSeries.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

Cloud Tasks Admin ^Beta

(roles/cloudtasks.admin)

Full access to queues and tasks.

cloudtasks.*

cloudtasks.cmekConfig.get
cloudtasks.cmekConfig.update
cloudtasks.locations.get
cloudtasks.locations.list
cloudtasks.queues.create
cloudtasks.queues.delete
cloudtasks.queues.get
cloudtasks.queues.getIamPolicy
cloudtasks.queues.list
cloudtasks.queues.pause
cloudtasks.queues.purge
cloudtasks.queues.resume
cloudtasks.queues.setIamPolicy
cloudtasks.queues.update
cloudtasks.tasks.create
cloudtasks.tasks.delete
cloudtasks.tasks.fullView
cloudtasks.tasks.get
cloudtasks.tasks.list
cloudtasks.tasks.run

monitoring.timeSeries.list

resourcemanager.projects.get

resourcemanager.projects.list

Cloud Tasks Enqueuer ^Beta

(roles/cloudtasks.enqueuer)

Access to create tasks.

cloudtasks.tasks.create

cloudtasks.tasks.fullView

resourcemanager.projects.get

resourcemanager.projects.list

Cloud Tasks Queue Admin ^Beta

(roles/cloudtasks.queueAdmin)

Admin access to queues.

cloudtasks.locations.*

cloudtasks.locations.get
cloudtasks.locations.list

cloudtasks.queues.*

cloudtasks.queues.create
cloudtasks.queues.delete
cloudtasks.queues.get
cloudtasks.queues.getIamPolicy
cloudtasks.queues.list
cloudtasks.queues.pause
cloudtasks.queues.purge
cloudtasks.queues.resume
cloudtasks.queues.setIamPolicy
cloudtasks.queues.update

resourcemanager.projects.get

resourcemanager.projects.list

Cloud Tasks Service Agent

(roles/cloudtasks.serviceAgent)

Grants Cloud Tasks Service Account access to manage resources.

iam.serviceAccounts.getAccessToken

iam.serviceAccounts.getOpenIdToken

logging.logEntries.create

Cloud Tasks Task Deleter ^Beta

(roles/cloudtasks.taskDeleter)

Access to delete tasks.

cloudtasks.tasks.delete

resourcemanager.projects.get

resourcemanager.projects.list

Cloud Tasks Task Runner ^Beta

(roles/cloudtasks.taskRunner)

Access to run tasks.

cloudtasks.tasks.fullView

cloudtasks.tasks.run

resourcemanager.projects.get

resourcemanager.projects.list

Cloud Tasks Viewer ^Beta

(roles/cloudtasks.viewer)

Get and list access to tasks, queues, and locations.

cloudtasks.cmekConfig.get

cloudtasks.locations.*

cloudtasks.locations.get
cloudtasks.locations.list

cloudtasks.queues.get

cloudtasks.queues.list

cloudtasks.tasks.fullView

cloudtasks.tasks.get

cloudtasks.tasks.list

monitoring.timeSeries.list

resourcemanager.projects.get

resourcemanager.projects.list

O que se segue?

Autentique-se no Cloud Tasks

Controlo de acesso com a IAM Mantenha tudo organizado com as coleções Salve e categorize o conteúdo com base nas suas preferências.

Ative a API Cloud Tasks

Consola

gcloud

Funções predefinidas

Cloud Tasks Admin Beta

Cloud Tasks Enqueuer Beta

Cloud Tasks Queue Admin Beta

Cloud Tasks Service Agent

Cloud Tasks Task Deleter Beta

Cloud Tasks Task Runner Beta

Cloud Tasks Viewer Beta

O que se segue?

Controlo de acesso com a IAM

Cloud Tasks Admin ^Beta

Cloud Tasks Enqueuer ^Beta

Cloud Tasks Queue Admin ^Beta

Cloud Tasks Task Deleter ^Beta

Cloud Tasks Task Runner ^Beta

Cloud Tasks Viewer ^Beta