Esta página se ha traducido con Cloud Translation API.

Roles y permisos de Workflows

En esta página se describen los roles y permisos de Gestión de Identidades y Accesos (IAM) disponibles para controlar el acceso a los recursos de Workflows.

Información general

Workflows usa IAM para el control de acceso.

Para obtener más información sobre cómo usar la gestión de identidades y accesos para controlar el acceso, consulta Gestionar el acceso a proyectos, carpetas y organizaciones.

Todos los métodos de Workflows requieren que el llamador cuente con los permisos necesarios. Para ver una lista de los roles que admite Workflows y sus permisos correspondientes, consulta la sección Roles de Workflows de este documento.

Permisos de Workflows

En esta tabla se describen los permisos disponibles en Workflows.

Permiso	Definición
`workflows.callbacks.list`	Lista las retrollamadas de una ejecución de flujo de trabajo.
`workflows.callbacks.send`	Activa una retrollamada de ejecución de flujo de trabajo.
`workflows.executions.cancel`	Cancelar una ejecución de flujo de trabajo sin eliminar los rastros.
`workflows.executions.create`	Activa la ejecución de un flujo de trabajo.
`workflows.executions.get`	Obtiene el estado más reciente de las operaciones de ejecución del flujo de trabajo.
`workflows.executions.list`	Lista las operaciones de ejecución del flujo de trabajo.
`workflows.locations.get`	Obtiene la ubicación de un flujo de trabajo.
`workflows.locations.list`	Indique las ubicaciones en las que está disponible el servicio.
`workflows.operations.cancel`	Cancelar operaciones de larga duración.
`workflows.operations.get`	Obtener detalles de las operaciones de larga duración.
`workflows.operations.list`	Obtener una lista de operaciones de larga duración.
`workflows.stepEntries.get`	Obtiene una entrada de paso de una ejecución de flujo de trabajo.
`workflows.stepEntries.list`	Lista las entradas de pasos de una ejecución de flujo de trabajo.
`workflows.workflows.create`	Crea e implementa un flujo de trabajo.
`workflows.workflows.delete`	Elimina un flujo de trabajo.
`workflows.workflows.get`	Obtiene los ajustes de un flujo de trabajo, incluido el código fuente, las etiquetas y la descripción.
`workflows.workflows.list`	Permiso para mostrar los flujos de trabajo de un proyecto.
`workflows.workflows.listRevision`	Lista las revisiones de un flujo de trabajo.
`workflows.workflows.update`	Actualizar la configuración de un flujo de trabajo, incluido su código fuente, sus etiquetas y su descripción.

Roles de Workflows

En la siguiente tabla se indican los roles de gestión de identidades y accesos predefinidos de Workflows, así como una lista de todos los permisos que incluye cada rol.

Los roles disponibles se adaptan a la mayoría de los casos prácticos habituales. Si tu caso de uso no está cubierto por los roles disponibles, puedes crear un rol personalizado de IAM.

Role Permissions

Role	Permissions
Workflows Admin (`roles/workflows.admin`) Full access to workflows and related resources. Lowest-level resources where you can grant this role: Project	`resourcemanager.projects.get` `resourcemanager.projects.list` `workflows.*` `workflows.callbacks.list` `workflows.callbacks.send` `workflows.executions.cancel` `workflows.executions.create` `workflows.executions.get` `workflows.executions.list` `workflows.locations.get` `workflows.locations.list` `workflows.operations.cancel` `workflows.operations.get` `workflows.operations.list` `workflows.stepEntries.get` `workflows.stepEntries.list` `workflows.workflows.create` `workflows.workflows.createTagBinding` `workflows.workflows.delete` `workflows.workflows.deleteTagBinding` `workflows.workflows.get` `workflows.workflows.list` `workflows.workflows.listEffectiveTags` `workflows.workflows.listRevision` `workflows.workflows.listTagBindings` `workflows.workflows.update`
Workflows Editor (`roles/workflows.editor`) Read and write access to workflows and related resources, including development and debugging of workflows. Lowest-level resources where you can grant this role: Project	`resourcemanager.projects.get` `resourcemanager.projects.list` `workflows.*` `workflows.callbacks.list` `workflows.callbacks.send` `workflows.executions.cancel` `workflows.executions.create` `workflows.executions.get` `workflows.executions.list` `workflows.locations.get` `workflows.locations.list` `workflows.operations.cancel` `workflows.operations.get` `workflows.operations.list` `workflows.stepEntries.get` `workflows.stepEntries.list` `workflows.workflows.create` `workflows.workflows.createTagBinding` `workflows.workflows.delete` `workflows.workflows.deleteTagBinding` `workflows.workflows.get` `workflows.workflows.list` `workflows.workflows.listEffectiveTags` `workflows.workflows.listRevision` `workflows.workflows.listTagBindings` `workflows.workflows.update`
Workflows Invoker (`roles/workflows.invoker`) Access to execute workflows and manage the executions using the API. Does not provide access to develop and debug workflows. Lowest-level resources where you can grant this role: Project	`resourcemanager.projects.get` `resourcemanager.projects.list` `workflows.callbacks.` `workflows.callbacks.list` `workflows.callbacks.send` `workflows.executions.` `workflows.executions.cancel` `workflows.executions.create` `workflows.executions.get` `workflows.executions.list` `workflows.stepEntries.*` `workflows.stepEntries.get` `workflows.stepEntries.list`
Cloud Workflows Service Agent (`roles/workflows.serviceAgent`) Gives Cloud Workflows service account access to managed resources. Warning: Do not grant service agent roles to any principals except service agents.	`container.clusters.connect` `iam.serviceAccounts.get` `iam.serviceAccounts.getAccessToken` `iam.serviceAccounts.getOpenIdToken` `serviceusage.services.use`
Workflows Viewer (`roles/workflows.viewer`) Read-only access to workflows and related resources. Lowest-level resources where you can grant this role: Project	`resourcemanager.projects.get` `resourcemanager.projects.list` `workflows.callbacks.list` `workflows.executions.get` `workflows.executions.list` `workflows.locations.` `workflows.locations.get` `workflows.locations.list` `workflows.operations.get` `workflows.operations.list` `workflows.stepEntries.` `workflows.stepEntries.get` `workflows.stepEntries.list` `workflows.workflows.get` `workflows.workflows.list` `workflows.workflows.listEffectiveTags` `workflows.workflows.listRevision` `workflows.workflows.listTagBindings`

Workflows Admin

(roles/workflows.admin)

Full access to workflows and related resources.

Lowest-level resources where you can grant this role:

Project

resourcemanager.projects.get

resourcemanager.projects.list

workflows.*

workflows.callbacks.list
workflows.callbacks.send
workflows.executions.cancel
workflows.executions.create
workflows.executions.get
workflows.executions.list
workflows.locations.get
workflows.locations.list
workflows.operations.cancel
workflows.operations.get
workflows.operations.list
workflows.stepEntries.get
workflows.stepEntries.list
workflows.workflows.create
workflows.workflows.createTagBinding
workflows.workflows.delete
workflows.workflows.deleteTagBinding
workflows.workflows.get
workflows.workflows.list
workflows.workflows.listEffectiveTags
workflows.workflows.listRevision
workflows.workflows.listTagBindings
workflows.workflows.update

Workflows Editor

(roles/workflows.editor)

Read and write access to workflows and related resources, including development and debugging of workflows.

Lowest-level resources where you can grant this role:

Project

resourcemanager.projects.get

resourcemanager.projects.list

workflows.*

workflows.callbacks.list
workflows.callbacks.send
workflows.executions.cancel
workflows.executions.create
workflows.executions.get
workflows.executions.list
workflows.locations.get
workflows.locations.list
workflows.operations.cancel
workflows.operations.get
workflows.operations.list
workflows.stepEntries.get
workflows.stepEntries.list
workflows.workflows.create
workflows.workflows.createTagBinding
workflows.workflows.delete
workflows.workflows.deleteTagBinding
workflows.workflows.get
workflows.workflows.list
workflows.workflows.listEffectiveTags
workflows.workflows.listRevision
workflows.workflows.listTagBindings
workflows.workflows.update

Workflows Invoker

(roles/workflows.invoker)

Access to execute workflows and manage the executions using the API. Does not provide access to develop and debug workflows.

Lowest-level resources where you can grant this role:

Project

resourcemanager.projects.get

resourcemanager.projects.list

workflows.callbacks.*

workflows.callbacks.list
workflows.callbacks.send

workflows.executions.*

workflows.executions.cancel
workflows.executions.create
workflows.executions.get
workflows.executions.list

workflows.stepEntries.*

workflows.stepEntries.get
workflows.stepEntries.list

Cloud Workflows Service Agent

(roles/workflows.serviceAgent)

Gives Cloud Workflows service account access to managed resources.

container.clusters.connect

iam.serviceAccounts.get

iam.serviceAccounts.getAccessToken

iam.serviceAccounts.getOpenIdToken

serviceusage.services.use

Workflows Viewer

(roles/workflows.viewer)

Read-only access to workflows and related resources.

Lowest-level resources where you can grant this role:

Project

resourcemanager.projects.get

resourcemanager.projects.list

workflows.callbacks.list

workflows.executions.get

workflows.executions.list

workflows.locations.*

workflows.locations.get
workflows.locations.list

workflows.operations.get

workflows.operations.list

workflows.stepEntries.*

workflows.stepEntries.get
workflows.stepEntries.list

workflows.workflows.get

workflows.workflows.list

workflows.workflows.listEffectiveTags

workflows.workflows.listRevision

workflows.workflows.listTagBindings

Siguientes pasos

Crear y gestionar roles personalizados