IAM 角色和权限
使用集合让一切井井有条
根据您的偏好保存内容并对其进行分类。
本页面介绍了 Developer Connect 角色和权限。
Developer Connect 中的访问控制使用 Identity and Access Management (IAM) 进行控制。通过 IAM,您可以为 Google Cloud 资源创建和管理权限。Developer Connect 提供了一组特定的预定义 IAM 角色,其中每个角色都包含一组适合特定类型访问权限或操作的权限。我们建议您采用最小权限安全原则,只需授予对您资源的必要访问权限即可。
预定义的 Developer Connect 角色
您可以通过角色为账号分配权限。下表列出了适用于 Developer Connect 的角色及其包含的权限:
| 角色 |
权限 |
|
名称:developerconnect.admin
职位:Developer Connect Admin
授予对 Developer Connect 资源的完整访问权限。
|
developerconnect.operations.delete
developerconnect.operations.cancel
developerconnect.connections.create
developerconnect.connections.update
developerconnect.connections.delete
developerconnect.connections.constructGitHubAppManifest
developerconnect.connections.processGitHubOAuthCallback
developerconnect.connections.processGitHubAppCreationCallback
developerconnect.connections.generateGitHubStateToken
developerconnect.accountConnectors.create
developerconnect.accountConnectors.update
developerconnect.accountConnectors.delete
developerconnect.accountConnectors.get
developerconnect.accountConnectors.list
developerconnect.gitRepositoryLinks.create
developerconnect.gitRepositoryLinks.delete
|
|
名称:developerconnect.readTokenAccessor
标题:Developer Connect Read Token Accessor
授予对只读令牌的访问权限。此外,还可以授予查看 Git 代码库链接的权限。
|
developerconnect.connections.get
developerconnect.gitRepositoryLinks.get
developerconnect.gitRepositoryLinks.fetchReadToken
|
|
名称:developerconnect.tokenAccessor
标题:Developer Connect Token Accessor
授予对读写和只读令牌的访问权限。此外,还可以授予查看 Git 代码库链接的权限。
|
developerconnect.connections.get
developerconnect.gitRepositoryLinks.get
developerconnect.gitRepositoryLinks.fetchReadToken
developerconnect.gitRepositoryLinks.fetchReadWriteToken
|
|
名称:developerconnect.user
Title: Developer Connect User
授予查看连接和使用与 Git 代码库进行交互的功能的权限,例如从 Git 代码库中读取内容或链接到 Git 代码库。
|
developerconnect.connections.fetchGitHubInstallations
developerconnect.connections.fetchLinkableGitRepositories
developerconnect.gitRepositoryLinks.fetchGitRefs
|
|
名称:developerconnect.viewer
称谓:Developer Connect Viewer
授予对 Developer Connect 资源的只读权限。
|
resourcemanager.projects.get
resourcemanager.projects.list
developerconnect.operations.list
developerconnect.operations.get
developerconnect.locations.list
developerconnect.locations.get
developerconnect.connections.list
developerconnect.connections.get
developerconnect.accountConnectors.get
developerconnect.accountConnectors.list
developerconnect.gitRepositoryLinks.list
developerconnect.gitRepositoryLinks.get
|
|
名称:developerconnect.gitProxyReader
Title: Developer Connect Git Proxy Reader
授予通过 Git 代理对代码库进行只读访问的权限。
|
developerconnect.gitRepositoryLinks.gitProxyRead
|
|
名称:developerconnect.gitProxyUser
Title: Developer Connect Git Proxy User
授予通过 Git 代理对代码库进行读写访问的权限。
|
developerconnect.gitRepositoryLinks.gitProxyRead
developerconnect.gitRepositoryLinks.gitProxyWrite
|
|
名称:developerconnect.accountConnectorProxyUser
Title: Developer Connect Account Connector Proxy User
授予通过 Git 和 HTTP 代理访问账号连接器的权限。
|
developerconnect.accountConnectors.gitProxyUse
developerconnect.accountConnectors.fetchUserRepositories
|
|
名称:developerconnect.oauthAdmin
Title: Developer Connect OAuth Admin
授予对 Account Connector 资源的读写权限。
|
developerconnect.accountConnectors.create
developerconnect.accountConnectors.update
developerconnect.accountConnectors.delete
developerconnect.accountConnectors.fetchUserRepositories
developerconnect.users.delete
developerconnect.users.list
developerconnect.providers.list
cloudresourcemanager.projects.get
cloudresourcemanager.projects.list
developerconnect.operations.list
developerconnect.operations.get
developerconnect.locations.list
developerconnect.locations.get
developerconnect.users.startOAuth
developerconnect.users.finishOAuth
developerconnect.users.fetchAccessToken
developerconnect.users.getSelf
developerconnect.users.deleteSelf
developerconnect.accountConnectors.get
developerconnect.accountConnectors.list
|
|
名称:developerconnect.oauthUser
Title: Developer Connect OAuth User
授予对 User 资源的读写权限,以及对 Account Connector 的读取权限。
|
cloudresourcemanager.projects.get
cloudresourcemanager.projects.list
developerconnect.operations.list
developerconnect.operations.get
developerconnect.locations.list
developerconnect.locations.get
developerconnect.users.startOAuth
developerconnect.users.finishOAuth
developerconnect.users.fetchAccessToken
developerconnect.users.getSelf
developerconnect.users.deleteSelf
developerconnect.accountConnectors.get
developerconnect.accountConnectors.list
|
|
名称:developerconnect.insightsAdmin
Title: Developer Connect Insights Admin
授予对 Developer Connect 数据的完整访问权限,以及对 Resource Manager 资源的只读访问权限。
|
cloudresourcemanager.projects.get
cloudresourcemanager.projects.list
developerconnect.operations.list
developerconnect.operations.get
developerconnect.locations.list
developerconnect.locations.get
developerconnect.insightsConfigs.list
developerconnect.insightsConfigs.get
developerconnect.insightsConfigs.create
developerconnect.insightsConfigs.update
developerconnect.insightsConfigs.delete
|
|
名称:developerconnect.insightsAgent
Title: Developer Connect Insights Agent
授予对 Cloud Asset Inventory 资产的只读权限、对 Cloud Asset Inventory Feed 的读取和创建权限、对 Artifact Analysis 发现的只读权限,以及创建 Cloud Logging 日志条目的权限。
|
cloudasset.assets.searchAllResources
cloudasset.assets.listResource
cloudasset.assets.exportResource
cloudasset.feeds.create
cloudasset.feeds.update
cloudasset.feeds.get
containeranalysis.occurrences.get
containeranalysis.occurrences.list
logging.logEntries.create
|
|
名称:developerconnect.insightsViewer
Title: Developer Connect Insights Viewer
授予对 Resource Manager 项目以及 Developer Connect 操作、位置和数据洞见的只读权限。
|
cloudresourcemanager.projects.get
cloudresourcemanager.projects.list
developerconnect.operations.list
developerconnect.operations.get
developerconnect.locations.list
developerconnect.locations.get
developerconnect.insightsConfigs.list
developerconnect.insightsConfigs.get
|
Developer Connect 服务账号
Developer Connect 在与其他服务通信时,会使用服务代理代表您执行任务。当您首次与 Developer Connect 互动(创建代码库连接或账号连接器)时,系统会自动创建此服务代理。
Developer Connect 服务代理的标识符如下所示,其中 PROJECT_NUMBER 是您的 Google Cloud
项目编号。
service-PROJECT_NUMBER@gcp-sa-devconnect.iam.gserviceaccount.com
您可以使用此标识符授予或修改 IAM 角色和权限。
如需了解授予角色的具体步骤,请参阅授予、更改和撤消对资源的访问权限。
后续步骤
如未另行说明,那么本页面中的内容已根据知识共享署名 4.0 许可获得了许可,并且代码示例已根据 Apache 2.0 许可获得了许可。有关详情,请参阅 Google 开发者网站政策。Java 是 Oracle 和/或其关联公司的注册商标。
最后更新时间 (UTC):2026-02-26。
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2026-02-26。"],[],[]]
