Peran dan izin Workflows

Halaman ini menjelaskan peran dan izin Identity and Access Management (IAM) yang tersedia untuk mengontrol akses ke resource Workflows.

Ringkasan

Workflows menggunakan IAM untuk kontrol akses.

Guna mempelajari lebih lanjut cara menggunakan IAM untuk kontrol akses, lihat Mengelola akses ke project, folder, dan organisasi.

Setiap metode Workflows mengharuskan pemanggil memiliki izin yang diperlukan. Untuk mengetahui daftar peran yang didukung Workflows dan izin yang sesuai, dalam dokumen ini, lihat bagian Peran alur kerja.

Izin Workflows

Tabel ini menjelaskan izin yang tersedia di Workflows.

Izin Definisi
workflows.callbacks.list Mencantumkan callback untuk eksekusi alur kerja.
workflows.callbacks.send Memicu callback eksekusi alur kerja.
workflows.executions.cancel Membatalkan eksekusi alur kerja, tanpa menghapus rekaman aktivitas.
workflows.executions.create Memicu eksekusi alur kerja.
workflows.executions.get Dapatkan status terbaru dari operasi eksekusi alur kerja.
workflows.executions.list Mencantumkan operasi eksekusi alur kerja.
workflows.locations.get Mendapatkan lokasi alur kerja.
workflows.locations.list Menampilkan daftar lokasi tempat layanan tersedia.
workflows.operations.cancel Membatalkan operasi yang berjalan lama.
workflows.operations.get Mendapatkan detail operasi yang berjalan lama.
workflows.operations.list Mendapatkan daftar operasi yang berjalan lama.
workflows.stepEntries.get Dapatkan entri langkah untuk eksekusi alur kerja.
workflows.stepEntries.list Mencantumkan entri langkah untuk eksekusi alur kerja.
workflows.workflows.create Buat dan deploy alur kerja baru.
workflows.workflows.delete Menghapus alur kerja yang ada.
workflows.workflows.get Mendapatkan setelan alur kerja, termasuk kode sumber, label, dan deskripsi.
workflows.workflows.list Membuat daftar alur kerja dalam sebuah project.
workflows.workflows.listRevision Mencantumkan revisi alur kerja.
workflows.workflows.update Memperbarui setelan alur kerja, termasuk kode sumber, label, dan deskripsinya.

Peran Workflows

Tabel berikut mencantumkan peran IAM bawaan Workflows dengan daftar yang sesuai dari semua izin yang disertakan oleh setiap peran.

Peran yang tersedia menangani sebagian besar kasus penggunaan umum. Jika kasus penggunaan Anda tidak tercakup oleh peran yang tersedia, Anda dapat membuat peran khusus IAM.

Role Permissions

(roles/workflows.admin)

Full access to workflows and related resources.

Lowest-level resources where you can grant this role:

  • Project

resourcemanager.projects.get

resourcemanager.projects.list

workflows.*

  • workflows.callbacks.list
  • workflows.callbacks.send
  • workflows.executions.cancel
  • workflows.executions.create
  • workflows.executions.get
  • workflows.executions.list
  • workflows.locations.get
  • workflows.locations.list
  • workflows.operations.cancel
  • workflows.operations.get
  • workflows.operations.list
  • workflows.stepEntries.get
  • workflows.stepEntries.list
  • workflows.workflows.create
  • workflows.workflows.delete
  • workflows.workflows.get
  • workflows.workflows.list
  • workflows.workflows.listRevision
  • workflows.workflows.update

(roles/workflows.editor)

Read and write access to workflows and related resources, including development and debugging of workflows.

Lowest-level resources where you can grant this role:

  • Project

resourcemanager.projects.get

resourcemanager.projects.list

workflows.*

  • workflows.callbacks.list
  • workflows.callbacks.send
  • workflows.executions.cancel
  • workflows.executions.create
  • workflows.executions.get
  • workflows.executions.list
  • workflows.locations.get
  • workflows.locations.list
  • workflows.operations.cancel
  • workflows.operations.get
  • workflows.operations.list
  • workflows.stepEntries.get
  • workflows.stepEntries.list
  • workflows.workflows.create
  • workflows.workflows.delete
  • workflows.workflows.get
  • workflows.workflows.list
  • workflows.workflows.listRevision
  • workflows.workflows.update

(roles/workflows.invoker)

Access to execute workflows and manage the executions using the API. Does not provide access to develop and debug workflows.

Lowest-level resources where you can grant this role:

  • Project

resourcemanager.projects.get

resourcemanager.projects.list

workflows.callbacks.*

  • workflows.callbacks.list
  • workflows.callbacks.send

workflows.executions.*

  • workflows.executions.cancel
  • workflows.executions.create
  • workflows.executions.get
  • workflows.executions.list

workflows.stepEntries.*

  • workflows.stepEntries.get
  • workflows.stepEntries.list

(roles/workflows.viewer)

Read-only access to workflows and related resources.

Lowest-level resources where you can grant this role:

  • Project

resourcemanager.projects.get

resourcemanager.projects.list

workflows.callbacks.list

workflows.executions.get

workflows.executions.list

workflows.locations.*

  • workflows.locations.get
  • workflows.locations.list

workflows.operations.get

workflows.operations.list

workflows.stepEntries.*

  • workflows.stepEntries.get
  • workflows.stepEntries.list

workflows.workflows.get

workflows.workflows.list

workflows.workflows.listRevision

Langkah selanjutnya

Membuat dan mengelola peran khusus