Kontrol akses dengan IAM

Halaman ini menjelaskan peran dan izin Application Design Center. Untuk mengontrol akses ke Pusat Desain Aplikasi, gunakan Identity and Access Management (IAM) untuk menetapkan peran kepada pengguna, grup, dan akun layanan.

Peran Application Design Center yang telah ditetapkan

Untuk memberikan akses ke resource Google Cloud tertentu dan mencegah akses tidak sah ke resource lain, tetapkan peran standar App Design Center di folder yang mendukung aplikasi atau project pengelolaan:

Gunakan peran IAM berikut untuk mengelola ruang dan membuat template:

  • Admin Application Design Center (roles/designcenter.admin)
  • Pengguna Application Design Center (roles/designcenter.user)
  • Application Design Center Viewer (roles/designcenter.viewer)

Gunakan peran IAM berikut untuk membuat konfigurasi aplikasi dan mengelola siklus proses deployment:

  • Admin Aplikasi (roles/designcenter.applicationAdmin)
  • Editor Aplikasi (roles/designcenter.applicationEditor)
  • Penampil Aplikasi (roles/designcenter.applicationViewer)

Peran Admin Application Design Center mencakup semua izin dalam peran Application Design Center lainnya.

Deskripsi peran Application Design Center

Tabel berikut menjelaskan peran Pusat Desain Aplikasi dan tanggung jawab umumnya.

Peran

Deskripsi

Tujuan

Admin Application Design Center

Kemampuan untuk membuat dan mengelola semua artefak Pusat Desain Aplikasi, serta mendelegasikan kontrol aplikasi kepada pengguna lain.
  • Untuk mengelola siklus proses aplikasi secara penuh.
  • Biasanya Admin Platform, yang umumnya memiliki izin administratif dan visibilitas penuh terhadap arsitektur end-to-end.

Pengguna Application Design Center

Kemampuan untuk membuat dan mengupdate template aplikasi.
  • Untuk menskalakan kemampuan membuat, mengupdate, atau menghapus template aplikasi guna mempermudah upaya Admin Platform.
  • Biasanya, Engineer Platform yang perlu membuat dan mengelola template aplikasi.

Application Design Center Viewer

Kemampuan untuk melihat ruang, katalog, template, aplikasi, dan atributnya.
  • Untuk mengaktifkan visibilitas dasar di seluruh ruang, katalog, dan aplikasi, serta dependensinya.
  • Biasanya sebagian besar personel dalam organisasi. Untuk mendapatkan nilai maksimal, berikan peran ini kepada semua pengguna Pusat Desain Aplikasi.

Admin Aplikasi

Kemampuan untuk membuat, mengelola, dan men-deploy aplikasi, serta mendelegasikan kontrol aplikasi kepada developer aplikasi lain.
  • Untuk mengelola draf dan deployment aplikasi, serta kemampuan untuk melampirkan project layanan yang diperlukan untuk menyimpan setiap resource.
  • Biasanya administrator dan developer yang bertanggung jawab atas pembuatan aplikasi.

Editor Aplikasi

Kemampuan untuk membuat, mengelola, dan men-deploy aplikasi.
  • Untuk menskalakan kemampuan mengelola draf dan deployment guna mempermudah upaya administrator aplikasi.
  • Biasanya operator aplikasi yang memiliki pemahaman yang baik tentang deployment.

Application Viewer

Kemampuan untuk melihat aplikasi.
  • Untuk mengaktifkan visibilitas dasar di seluruh template dan aplikasi, serta dependensinya.
  • Biasanya sebagian besar personel dalam organisasi. Untuk mendapatkan nilai maksimal, berikan peran ini kepada semua pengguna Pusat Desain Aplikasi.

Izin Application Design Center

Tabel berikut mencantumkan peran IAM App Design Center dan izinnya.

(roles/designcenter.admin)

Akses penuh ke resource Application Design Center.

apphub.applications.create

apphub.applications.delete

apphub.applications.get

apphub.applications.list

apphub.applications.update

apphub.locations.*

  • apphub.locations.get
  • apphub.locations.list

apphub.serviceProjectAttachments.list

cloudbuild.builds.get

cloudbuild.builds.list

config.deployments.get

config.deployments.getIamPolicy

config.deployments.list

config.locations.*

  • config.locations.get
  • config.locations.list

config.operations.get

config.operations.list

config.previews.export

config.previews.get

config.previews.list

config.resources.*

  • config.resources.get
  • config.resources.list

config.revisions.get

config.revisions.list

config.terraformversions.*

  • config.terraformversions.get
  • config.terraformversions.list

designcenter.*

  • designcenter.applicationTemplateRevisions.delete
  • designcenter.applicationTemplateRevisions.get
  • designcenter.applicationTemplateRevisions.list
  • designcenter.applicationTemplates.create
  • designcenter.applicationTemplates.delete
  • designcenter.applicationTemplates.get
  • designcenter.applicationTemplates.list
  • designcenter.applicationTemplates.update
  • designcenter.applications.create
  • designcenter.applications.delete
  • designcenter.applications.get
  • designcenter.applications.list
  • designcenter.applications.update
  • designcenter.catalogTemplateRevisions.create
  • designcenter.catalogTemplateRevisions.delete
  • designcenter.catalogTemplateRevisions.get
  • designcenter.catalogTemplateRevisions.list
  • designcenter.catalogTemplates.create
  • designcenter.catalogTemplates.delete
  • designcenter.catalogTemplates.get
  • designcenter.catalogTemplates.list
  • designcenter.catalogTemplates.update
  • designcenter.catalogs.create
  • designcenter.catalogs.delete
  • designcenter.catalogs.get
  • designcenter.catalogs.list
  • designcenter.catalogs.update
  • designcenter.components.create
  • designcenter.components.delete
  • designcenter.components.get
  • designcenter.components.list
  • designcenter.components.update
  • designcenter.connections.create
  • designcenter.connections.delete
  • designcenter.connections.get
  • designcenter.connections.list
  • designcenter.connections.update
  • designcenter.locations.get
  • designcenter.locations.list
  • designcenter.operations.cancel
  • designcenter.operations.delete
  • designcenter.operations.get
  • designcenter.operations.list
  • designcenter.sharedTemplateRevisions.get
  • designcenter.sharedTemplateRevisions.list
  • designcenter.sharedTemplates.get
  • designcenter.sharedTemplates.list
  • designcenter.shares.create
  • designcenter.shares.delete
  • designcenter.shares.get
  • designcenter.shares.list
  • designcenter.spaces.create
  • designcenter.spaces.delete
  • designcenter.spaces.get
  • designcenter.spaces.getIamPolicy
  • designcenter.spaces.list
  • designcenter.spaces.setIamPolicy
  • designcenter.spaces.update

monitoring.timeSeries.create

orgpolicy.policy.get

resourcemanager.projects.get

resourcemanager.projects.list

storage.folders.*

  • storage.folders.create
  • storage.folders.delete
  • storage.folders.get
  • storage.folders.list
  • storage.folders.rename

storage.managedFolders.create

storage.managedFolders.delete

storage.managedFolders.get

storage.managedFolders.list

storage.multipartUploads.*

  • storage.multipartUploads.abort
  • storage.multipartUploads.create
  • storage.multipartUploads.list
  • storage.multipartUploads.listParts

storage.objects.create

storage.objects.createContext

storage.objects.delete

storage.objects.deleteContext

storage.objects.get

storage.objects.list

storage.objects.move

storage.objects.restore

storage.objects.update

storage.objects.updateContext

(roles/designcenter.user)

Akses hanya baca ke resource Application Design Center.

apphub.serviceProjectAttachments.list

designcenter.applicationTemplateRevisions.*

  • designcenter.applicationTemplateRevisions.delete
  • designcenter.applicationTemplateRevisions.get
  • designcenter.applicationTemplateRevisions.list

designcenter.applicationTemplates.*

  • designcenter.applicationTemplates.create
  • designcenter.applicationTemplates.delete
  • designcenter.applicationTemplates.get
  • designcenter.applicationTemplates.list
  • designcenter.applicationTemplates.update

designcenter.applications.get

designcenter.applications.list

designcenter.catalogTemplateRevisions.get

designcenter.catalogTemplateRevisions.list

designcenter.catalogTemplates.get

designcenter.catalogTemplates.list

designcenter.catalogs.get

designcenter.catalogs.list

designcenter.components.*

  • designcenter.components.create
  • designcenter.components.delete
  • designcenter.components.get
  • designcenter.components.list
  • designcenter.components.update

designcenter.connections.*

  • designcenter.connections.create
  • designcenter.connections.delete
  • designcenter.connections.get
  • designcenter.connections.list
  • designcenter.connections.update

designcenter.locations.*

  • designcenter.locations.get
  • designcenter.locations.list

designcenter.operations.get

designcenter.operations.list

designcenter.sharedTemplateRevisions.*

  • designcenter.sharedTemplateRevisions.get
  • designcenter.sharedTemplateRevisions.list

designcenter.sharedTemplates.*

  • designcenter.sharedTemplates.get
  • designcenter.sharedTemplates.list

designcenter.shares.get

designcenter.shares.list

designcenter.spaces.get

designcenter.spaces.getIamPolicy

designcenter.spaces.list

monitoring.timeSeries.create

orgpolicy.policy.get

resourcemanager.projects.get

resourcemanager.projects.list

storage.folders.*

  • storage.folders.create
  • storage.folders.delete
  • storage.folders.get
  • storage.folders.list
  • storage.folders.rename

storage.managedFolders.create

storage.managedFolders.delete

storage.managedFolders.get

storage.managedFolders.list

storage.multipartUploads.*

  • storage.multipartUploads.abort
  • storage.multipartUploads.create
  • storage.multipartUploads.list
  • storage.multipartUploads.listParts

storage.objects.create

storage.objects.createContext

storage.objects.delete

storage.objects.deleteContext

storage.objects.get

storage.objects.list

storage.objects.move

storage.objects.restore

storage.objects.update

storage.objects.updateContext

(roles/designcenter.viewer)

Akses hanya baca ke resource Application Design Center.

designcenter.applicationTemplateRevisions.get

designcenter.applicationTemplateRevisions.list

designcenter.applicationTemplates.get

designcenter.applicationTemplates.list

designcenter.applications.get

designcenter.applications.list

designcenter.catalogTemplateRevisions.get

designcenter.catalogTemplateRevisions.list

designcenter.catalogTemplates.get

designcenter.catalogTemplates.list

designcenter.catalogs.get

designcenter.catalogs.list

designcenter.components.get

designcenter.components.list

designcenter.connections.get

designcenter.connections.list

designcenter.locations.*

  • designcenter.locations.get
  • designcenter.locations.list

designcenter.operations.get

designcenter.operations.list

designcenter.sharedTemplateRevisions.*

  • designcenter.sharedTemplateRevisions.get
  • designcenter.sharedTemplateRevisions.list

designcenter.sharedTemplates.*

  • designcenter.sharedTemplates.get
  • designcenter.sharedTemplates.list

designcenter.shares.get

designcenter.shares.list

designcenter.spaces.get

designcenter.spaces.getIamPolicy

designcenter.spaces.list

resourcemanager.projects.get

resourcemanager.projects.list

storage.folders.get

storage.folders.list

storage.managedFolders.get

storage.managedFolders.list

storage.objects.get

storage.objects.list

(roles/designcenter.applicationAdmin)

Akses admin ke Aplikasi.

apphub.applications.create

apphub.applications.delete

apphub.applications.get

apphub.applications.list

apphub.applications.update

apphub.locations.*

  • apphub.locations.get
  • apphub.locations.list

apphub.serviceProjectAttachments.list

cloudbuild.builds.get

cloudbuild.builds.list

config.deployments.get

config.deployments.getIamPolicy

config.deployments.list

config.locations.*

  • config.locations.get
  • config.locations.list

config.operations.get

config.operations.list

config.previews.export

config.previews.get

config.previews.list

config.resources.*

  • config.resources.get
  • config.resources.list

config.revisions.get

config.revisions.list

config.terraformversions.*

  • config.terraformversions.get
  • config.terraformversions.list

designcenter.applicationTemplateRevisions.get

designcenter.applicationTemplateRevisions.list

designcenter.applicationTemplates.get

designcenter.applicationTemplates.list

designcenter.applications.*

  • designcenter.applications.create
  • designcenter.applications.delete
  • designcenter.applications.get
  • designcenter.applications.list
  • designcenter.applications.update

designcenter.sharedTemplateRevisions.*

  • designcenter.sharedTemplateRevisions.get
  • designcenter.sharedTemplateRevisions.list

designcenter.sharedTemplates.*

  • designcenter.sharedTemplates.get
  • designcenter.sharedTemplates.list

designcenter.shares.get

designcenter.shares.list

designcenter.spaces.get

designcenter.spaces.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/designcenter.applicationEditor)

Akses Baca dan Tulis ke Aplikasi.

apphub.applications.create

apphub.applications.delete

apphub.applications.get

apphub.applications.list

apphub.applications.update

apphub.locations.*

  • apphub.locations.get
  • apphub.locations.list

apphub.serviceProjectAttachments.list

cloudbuild.builds.get

cloudbuild.builds.list

config.deployments.get

config.deployments.getIamPolicy

config.deployments.list

config.locations.*

  • config.locations.get
  • config.locations.list

config.operations.get

config.operations.list

config.previews.export

config.previews.get

config.previews.list

config.resources.*

  • config.resources.get
  • config.resources.list

config.revisions.get

config.revisions.list

config.terraformversions.*

  • config.terraformversions.get
  • config.terraformversions.list

designcenter.applicationTemplateRevisions.get

designcenter.applicationTemplateRevisions.list

designcenter.applicationTemplates.get

designcenter.applicationTemplates.list

designcenter.applications.*

  • designcenter.applications.create
  • designcenter.applications.delete
  • designcenter.applications.get
  • designcenter.applications.list
  • designcenter.applications.update

designcenter.sharedTemplateRevisions.*

  • designcenter.sharedTemplateRevisions.get
  • designcenter.sharedTemplateRevisions.list

designcenter.sharedTemplates.*

  • designcenter.sharedTemplates.get
  • designcenter.sharedTemplates.list

designcenter.shares.get

designcenter.shares.list

designcenter.spaces.get

designcenter.spaces.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/designcenter.applicationViewer)

Akses hanya baca ke Aplikasi.

apphub.applications.get

apphub.applications.list

apphub.locations.*

  • apphub.locations.get
  • apphub.locations.list

config.deployments.get

config.deployments.getIamPolicy

config.deployments.list

config.locations.*

  • config.locations.get
  • config.locations.list

config.operations.get

config.operations.list

config.previews.get

config.previews.list

config.resources.*

  • config.resources.get
  • config.resources.list

config.revisions.get

config.revisions.list

config.terraformversions.*

  • config.terraformversions.get
  • config.terraformversions.list

designcenter.applicationTemplateRevisions.get

designcenter.applicationTemplateRevisions.list

designcenter.applicationTemplates.get

designcenter.applicationTemplates.list

designcenter.applications.get

designcenter.applications.list

designcenter.sharedTemplateRevisions.*

  • designcenter.sharedTemplateRevisions.get
  • designcenter.sharedTemplateRevisions.list

designcenter.sharedTemplates.*

  • designcenter.sharedTemplates.get
  • designcenter.sharedTemplates.list

designcenter.shares.get

designcenter.shares.list

designcenter.spaces.get

designcenter.spaces.list

resourcemanager.projects.get

resourcemanager.projects.list

Langkah berikutnya