使用 IAM 进行访问权限控制
使用集合让一切井井有条
根据您的偏好保存内容并对其进行分类。
借助 Identity and Access Management (IAM),您可以授予对特定资源的访问权限。如需授予对资源的访问权限,您可以向用户授予特定角色,从而为用户授予特定权限。
所需的角色
每种 Workload Manager API 方法都需要必要的 IAM 权限。您可以通过为用户、群组或服务账号授予角色来分配权限。如需了解如何授予对资源的访问权限,请参阅管理访问权限。
下表显示了 Workload Manager IAM 角色以及这些角色授予的权限。
Workload Manager 角色 |
权限 |
Workload Manager Admin
Beta 版
(roles/workloadmanager.admin)
拥有对 Workload Manager 中所有资源的完整访问权限。
|
compute.acceleratorTypes.list
compute.diskTypes.list
compute.machineTypes.list
compute.networks.list
compute.projects.get
compute.regions.list
compute.subnetworks.list
compute.zones.list
dns.managedZones.list
iam.serviceAccounts.list
monitoring.timeSeries.list
orgpolicy.policy.get
resourcemanager.projects.get
resourcemanager.projects.getIamPolicy
resourcemanager.projects.list
serviceusage.quotas.get
serviceusage.services.get
storage.buckets.list
storage.objects.list
workloadmanager.*
|
Workload Manager Deployment Admin
Beta 版
(roles/workloadmanager.deploymentAdmin)
拥有对 Workload Manager 部署资源的完整访问权限。
|
compute.acceleratorTypes.list
compute.diskTypes.list
compute.machineTypes.list
compute.networks.list
compute.projects.get
compute.regions.list
compute.subnetworks.list
compute.zones.list
dns.managedZones.list
iam.serviceAccounts.list
monitoring.timeSeries.list
resourcemanager.projects.get
resourcemanager.projects.getIamPolicy
resourcemanager.projects.list
serviceusage.quotas.get
serviceusage.services.get
storage.buckets.list
storage.objects.list
workloadmanager.actuations.*
workloadmanager.deployments.*
workloadmanager.locations.*
workloadmanager.operations.*
|
Workload Manager Deployment Viewer
Beta 版
(roles/workloadmanager.deploymentViewer)
拥有对 Workload Manager 部署资源的只读权限。
|
resourcemanager.projects.get
resourcemanager.projects.list
workloadmanager.actuations.get
workloadmanager.actuations.list
workloadmanager.deployments.get
workloadmanager.deployments.list
|
Workload Manager Evaluation Admin
Beta 版
(roles/workloadmanager.evaluationAdmin)
拥有对 Workload Manager 评估资源的完整访问权限。
|
orgpolicy.policy.get
resourcemanager.projects.get
resourcemanager.projects.list
workloadmanager.evaluations.*
workloadmanager.executions.*
workloadmanager.locations.*
workloadmanager.operations.*
workloadmanager.results.list
workloadmanager.rules.list
|
Workload Manager Evaluation Viewer
Beta 版
(roles/workloadmanager.evaluationViewer)
拥有对 Workload Manager 评估资源的只读权限。
|
orgpolicy.policy.get
resourcemanager.projects.get
resourcemanager.projects.list
workloadmanager.evaluations.get
workloadmanager.evaluations.list
workloadmanager.executions.get
workloadmanager.executions.list
workloadmanager.results.list
workloadmanager.rules.list
|
Workload Manager Insights Writer
Beta 版
(roles/workloadmanager.insightWriter)
用于将数据写入 WLM 数据仓库的角色。
|
workloadmanager.insights.write
|
Workload Manager Viewer
Beta 版
(roles/workloadmanager.viewer)
拥有对 Workload Manager 中所有资源的只读权限。
|
orgpolicy.policy.get
resourcemanager.projects.get
resourcemanager.projects.list
workloadmanager.actuations.get
workloadmanager.actuations.list
workloadmanager.deployments.get
workloadmanager.deployments.list
workloadmanager.discoveredprofiles.*
workloadmanager.evaluations.get
workloadmanager.evaluations.list
workloadmanager.executions.get
workloadmanager.executions.list
workloadmanager.results.list
workloadmanager.rules.list
|
Workload Manager Worker
Beta 版
(roles/workloadmanager.worker)
Workload Manager 应用运行者在读取和更新工作负载时使用的角色。
|
orgpolicy.policy.get
resourcemanager.projects.get
resourcemanager.projects.list
workloadmanager.actuations.*
workloadmanager.deployments.*
workloadmanager.discoveredprofiles.*
workloadmanager.evaluations.*
workloadmanager.executions.*
workloadmanager.insights.write
workloadmanager.results.list
workloadmanager.rules.list
|
Workload Manager Workload Viewer
Beta 版
(roles/workloadmanager.workloadViewer)
用于查看工作负载相关数据的角色。
|
resourcemanager.projects.get
resourcemanager.projects.list
workloadmanager.discoveredprofiles.*
|
Workload Manager Service Agent
(roles/workloadmanager.serviceAgent)
向 Workload Manager Service Agent 授予对 CAI 导出函数和 Cloud Monitoring 的访问权限。
|
cloudasset.assets.exportAccessPolicy
cloudasset.assets.exportIamPolicy
cloudasset.assets.exportOSInventories
cloudasset.assets.exportOrgPolicy
cloudasset.assets.exportResource
cloudasset.assets.listAccessPolicy
cloudasset.assets.listIamPolicy
cloudasset.assets.listOSInventories
cloudasset.assets.listOrgPolicy
cloudasset.assets.listResource
cloudasset.assets.searchAllResources
config.deployments.create
config.deployments.delete
config.deployments.get
config.deployments.list
config.deployments.update
config.locations.*
config.locations.getconfig.locations.list
config.operations.*
config.operations.cancelconfig.operations.deleteconfig.operations.getconfig.operations.list
config.resources.list
config.revisions.get
config.revisions.list
monitoring.metricDescriptors.get
monitoring.metricDescriptors.list
monitoring.monitoredResourceDescriptors.*
monitoring.monitoredResourceDescriptors.getmonitoring.monitoredResourceDescriptors.list
monitoring.timeSeries.list
serviceusage.services.use
workloadmanager.insights.export
workloadmanager.insights.listSapSystems
|
如需详细了解 Workload Manager API,请参阅 Workload Manager API 参考文档。
后续步骤
如未另行说明,那么本页面中的内容已根据知识共享署名 4.0 许可获得了许可,并且代码示例已根据 Apache 2.0 许可获得了许可。有关详情,请参阅 Google 开发者网站政策。Java 是 Oracle 和/或其关联公司的注册商标。
最后更新时间 (UTC):2025-01-31。
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-01-31。"],[],[]]
