Kontrol akses dengan IAM

Identity and Access Management (IAM) memungkinkan Anda memberikan akses ke resource tertentu. Untuk memberikan akses ke resource, Anda memberikan peran tertentu kepada pengguna, yang memberikan izin tertentu kepada pengguna.

Peran yang diperlukan

Setiap metode Workload Manager API memerlukan izin IAM yang diperlukan. Izin ditetapkan dengan memberikan peran ke pengguna, grup, atau akun layanan. Untuk mengetahui informasi tentang cara memberikan akses ke resource, lihat Mengelola akses.

Tabel berikut menunjukkan peran IAM Workload Manager dan izin yang diberikan oleh peran tersebut.

Izin

(roles/workloadmanager.admin)

Akses penuh ke semua resource Workload Manager.

compute.acceleratorTypes.list

compute.diskTypes.list

compute.machineTypes.list

compute.networks.list

compute.projects.get

compute.regions.list

compute.subnetworks.list

compute.zones.list

dns.managedZones.list

iam.serviceAccounts.list

monitoring.timeSeries.list

orgpolicy.policy.get

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

storage.buckets.list

storage.objects.list

workloadmanager.*

(roles/workloadmanager.deploymentAdmin)

Akses penuh ke resource deployment Workload Manager.

compute.acceleratorTypes.list

compute.diskTypes.list

compute.machineTypes.list

compute.networks.list

compute.projects.get

compute.regions.list

compute.subnetworks.list

compute.zones.list

dns.managedZones.list

iam.serviceAccounts.list

monitoring.timeSeries.list

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

storage.buckets.list

storage.objects.list

workloadmanager.actuations.*

workloadmanager.deployments.*

workloadmanager.locations.*

workloadmanager.operations.*

(roles/workloadmanager.deploymentViewer)

Akses baca saja ke resource deployment Workload Manager.

resourcemanager.projects.get

resourcemanager.projects.list

workloadmanager.actuations.get

workloadmanager.actuations.list

workloadmanager.deployments.get

workloadmanager.deployments.list

(roles/workloadmanager.evaluationAdmin)

Akses penuh ke resource evaluasi Workload Manager.

orgpolicy.policy.get

resourcemanager.projects.get

resourcemanager.projects.list

workloadmanager.evaluations.*

workloadmanager.executions.*

workloadmanager.locations.*

workloadmanager.operations.*

workloadmanager.results.list

workloadmanager.rules.list

(roles/workloadmanager.evaluationViewer)

Akses baca saja ke resource evaluasi Workload Manager.

orgpolicy.policy.get

resourcemanager.projects.get

resourcemanager.projects.list

workloadmanager.evaluations.get

workloadmanager.evaluations.list

workloadmanager.executions.get

workloadmanager.executions.list

workloadmanager.results.list

workloadmanager.rules.list

(roles/workloadmanager.insightWriter)

Peran yang digunakan untuk menulis data ke data warehouse WLM.

workloadmanager.insights.write

(roles/workloadmanager.viewer)

Akses baca saja ke semua resource Workload Manager.

orgpolicy.policy.get

resourcemanager.projects.get

resourcemanager.projects.list

workloadmanager.actuations.get

workloadmanager.actuations.list

workloadmanager.deployments.get

workloadmanager.deployments.list

workloadmanager.discoveredprofiles.*

workloadmanager.evaluations.get

workloadmanager.evaluations.list

workloadmanager.executions.get

workloadmanager.executions.list

workloadmanager.results.list

workloadmanager.rules.list

(roles/workloadmanager.worker)

Peran yang digunakan oleh runner aplikasi Workload Manager untuk membaca dan memperbarui beban kerja.

orgpolicy.policy.get

resourcemanager.projects.get

resourcemanager.projects.list

workloadmanager.actuations.*

workloadmanager.deployments.*

workloadmanager.discoveredprofiles.*

workloadmanager.evaluations.*

workloadmanager.executions.*

workloadmanager.insights.write

workloadmanager.results.list

workloadmanager.rules.list

(roles/workloadmanager.workloadViewer)

Peran yang digunakan untuk melihat data terkait beban kerja.

resourcemanager.projects.get

resourcemanager.projects.list

workloadmanager.discoveredprofiles.*

(roles/workloadmanager.serviceAgent)

Memberi Agen Layanan Pengelola Beban Kerja akses ke fungsi ekspor CAI dan Cloud Monitoring.

cloudasset.assets.exportAccessPolicy

cloudasset.assets.exportIamPolicy

cloudasset.assets.exportOSInventories

cloudasset.assets.exportOrgPolicy

cloudasset.assets.exportResource

cloudasset.assets.listAccessPolicy

cloudasset.assets.listIamPolicy

cloudasset.assets.listOSInventories

cloudasset.assets.listOrgPolicy

cloudasset.assets.listResource

cloudasset.assets.searchAllResources

config.deployments.create

config.deployments.delete

config.deployments.get

config.deployments.list

config.deployments.update

config.locations.*

  • config.locations.get
  • config.locations.list

config.operations.*

  • config.operations.cancel
  • config.operations.delete
  • config.operations.get
  • config.operations.list

config.resources.list

config.revisions.get

config.revisions.list

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

  • monitoring.monitoredResourceDescriptors.get
  • monitoring.monitoredResourceDescriptors.list

monitoring.timeSeries.list

serviceusage.services.use

workloadmanager.insights.export

workloadmanager.insights.listSapSystems

Untuk informasi selengkapnya tentang Workload Manager API, lihat referensi Workload Manager API.

Langkah selanjutnya