Peran dan izin alur kerja

Halaman ini menjelaskan peran dan izin Identity and Access Management (IAM) yang tersedia untuk mengontrol akses ke resource Alur Kerja.

Ringkasan

Alur kerja menggunakan IAM untuk kontrol akses.

Untuk mempelajari lebih lanjut cara menggunakan IAM untuk kontrol akses, lihat Mengelola akses ke project, folder, dan organisasi.

Setiap metode Alur Kerja mengharuskan pemanggil memiliki izin yang diperlukan. Untuk mengetahui daftar peran yang didukung Workflows dan izinnya, lihat bagian Peran Workflows dalam dokumen ini.

Izin alur kerja

Tabel ini menjelaskan izin yang tersedia di Alur Kerja.

Izin Definisi
workflows.callbacks.list Mencantumkan callback untuk eksekusi alur kerja.
workflows.callbacks.send Memicu callback eksekusi alur kerja.
workflows.executions.cancel Membatalkan eksekusi alur kerja, tanpa menghapus rekaman aktivitas.
workflows.executions.create Memicu eksekusi alur kerja.
workflows.executions.get Mendapatkan status terbaru dari operasi eksekusi alur kerja.
workflows.executions.list Cantumkan operasi eksekusi alur kerja.
workflows.locations.get Mendapatkan lokasi alur kerja.
workflows.locations.list Cantumkan lokasi tempat layanan tersedia.
workflows.operations.cancel Membatalkan operasi yang berjalan lama.
workflows.operations.get Mendapatkan detail operasi yang berjalan lama.
workflows.operations.list Mendapatkan daftar operasi yang berjalan lama.
workflows.stepEntries.get Mendapatkan entri langkah untuk eksekusi alur kerja.
workflows.stepEntries.list Mencantumkan entri langkah untuk eksekusi alur kerja.
workflows.workflows.create Buat dan deploy alur kerja baru.
workflows.workflows.delete Menghapus alur kerja yang ada.
workflows.workflows.get Mendapatkan setelan alur kerja, termasuk kode sumber, label, dan deskripsi.
workflows.workflows.list Mencantumkan alur kerja dalam project.
workflows.workflows.listRevision Mencantumkan revisi alur kerja.
workflows.workflows.update Memperbarui setelan alur kerja, termasuk kode sumber, label, dan deskripsinya.

Peran alur kerja

Tabel berikut mencantumkan peran IAM bawaan Workflows dengan daftar terkait semua izin yang disertakan dalam setiap peran.

Peran yang tersedia mengatasi sebagian besar kasus penggunaan umum. Jika kasus penggunaan Anda tidak tercakup oleh peran yang tersedia, Anda dapat membuat peran khusus IAM.

Role Permissions

(roles/workflows.admin)

Full access to workflows and related resources.

Lowest-level resources where you can grant this role:

  • Project

resourcemanager.projects.get

resourcemanager.projects.list

workflows.*

  • workflows.callbacks.list
  • workflows.callbacks.send
  • workflows.executions.cancel
  • workflows.executions.create
  • workflows.executions.get
  • workflows.executions.list
  • workflows.locations.get
  • workflows.locations.list
  • workflows.operations.cancel
  • workflows.operations.get
  • workflows.operations.list
  • workflows.stepEntries.get
  • workflows.stepEntries.list
  • workflows.workflows.create
  • workflows.workflows.createTagBinding
  • workflows.workflows.delete
  • workflows.workflows.deleteTagBinding
  • workflows.workflows.get
  • workflows.workflows.list
  • workflows.workflows.listEffectiveTags
  • workflows.workflows.listRevision
  • workflows.workflows.listTagBindings
  • workflows.workflows.update

(roles/workflows.editor)

Read and write access to workflows and related resources, including development and debugging of workflows.

Lowest-level resources where you can grant this role:

  • Project

resourcemanager.projects.get

resourcemanager.projects.list

workflows.*

  • workflows.callbacks.list
  • workflows.callbacks.send
  • workflows.executions.cancel
  • workflows.executions.create
  • workflows.executions.get
  • workflows.executions.list
  • workflows.locations.get
  • workflows.locations.list
  • workflows.operations.cancel
  • workflows.operations.get
  • workflows.operations.list
  • workflows.stepEntries.get
  • workflows.stepEntries.list
  • workflows.workflows.create
  • workflows.workflows.createTagBinding
  • workflows.workflows.delete
  • workflows.workflows.deleteTagBinding
  • workflows.workflows.get
  • workflows.workflows.list
  • workflows.workflows.listEffectiveTags
  • workflows.workflows.listRevision
  • workflows.workflows.listTagBindings
  • workflows.workflows.update

(roles/workflows.invoker)

Access to execute workflows and manage the executions using the API. Does not provide access to develop and debug workflows.

Lowest-level resources where you can grant this role:

  • Project

resourcemanager.projects.get

resourcemanager.projects.list

workflows.callbacks.*

  • workflows.callbacks.list
  • workflows.callbacks.send

workflows.executions.*

  • workflows.executions.cancel
  • workflows.executions.create
  • workflows.executions.get
  • workflows.executions.list

workflows.stepEntries.*

  • workflows.stepEntries.get
  • workflows.stepEntries.list

(roles/workflows.viewer)

Read-only access to workflows and related resources.

Lowest-level resources where you can grant this role:

  • Project

resourcemanager.projects.get

resourcemanager.projects.list

workflows.callbacks.list

workflows.executions.get

workflows.executions.list

workflows.locations.*

  • workflows.locations.get
  • workflows.locations.list

workflows.operations.get

workflows.operations.list

workflows.stepEntries.*

  • workflows.stepEntries.get
  • workflows.stepEntries.list

workflows.workflows.get

workflows.workflows.list

workflows.workflows.listEffectiveTags

workflows.workflows.listRevision

workflows.workflows.listTagBindings

Langkah selanjutnya

Membuat dan mengelola peran khusus