Halaman ini menjelaskan peran dan izin Developer Connect.
Kontrol akses di Developer Connect dikontrol menggunakan
Identity and Access Management (IAM) . Dengan IAM, Anda dapat membuat dan
mengelola izin untuk resource Google Cloud . Developer Connect menyediakan serangkaian
peran IAM bawaan
tertentu, dengan setiap peran berisi serangkaian izin yang sesuai untuk jenis
akses atau tindakan tertentu. Sebaiknya Anda menerapkan
prinsip hak istimewa terendah untuk keamanan ,
dan hanya memberikan akses yang diperlukan ke resource Anda.
Peran Developer Connect standar
Anda menetapkan izin ke akun melalui penggunaan peran. Tabel berikut mencantumkan peran IAM yang tersedia untuk Developer Connect dan izin yang disertakan:
Dokumentasi IAM mencakup
referensi yang dapat ditelusuri
dari semua peran yang telah ditetapkan.
Role
Permissions
Developer Connect Admin
Beta
(roles/developerconnect.admin )
Full access to Developer Connect resources.
developerconnect.connections.constructGitHubAppManifest
developerconnect.connections.create
developerconnect.connections.delete
developerconnect.connections.fetchGitHubInstallations
developerconnect.connections.fetchLinkableGitRepositories
developerconnect.connections.generateGitHubStateToken
developerconnect.connections.get
developerconnect.connections.list
developerconnect.connections.processGitHubAppCreationCallback
developerconnect.connections.processGitHubOAuthCallback
developerconnect.connections.update
developerconnect.gitRepositoryLinks.create
developerconnect.gitRepositoryLinks.delete
developerconnect.gitRepositoryLinks.fetchGitRefs
developerconnect.gitRepositoryLinks.get
developerconnect.gitRepositoryLinks.gitProxyRead
developerconnect.gitRepositoryLinks.gitProxyWrite
developerconnect.gitRepositoryLinks.list
developerconnect.locations.*
developerconnect.locations.getdeveloperconnect.locations.list
developerconnect.operations.*
developerconnect.operations.cancel developerconnect.operations.delete developerconnect.operations.get developerconnect.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
Developer Connect Viewer
Beta
(roles/developerconnect.viewer )
Read-only access to Developer Connect resources.
developerconnect.connections.get
developerconnect.connections.list
developerconnect.gitRepositoryLinks.get
developerconnect.gitRepositoryLinks.list
developerconnect.locations.*
developerconnect.locations.getdeveloperconnect.locations.list
developerconnect.operations.get
developerconnect.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
Developer Connect HTTP Proxy Writer
Beta
(roles/developerconnect.connectionHttpProxyWriter )
Grants read and write access to connections through the HTTP Proxy.
developerconnect.connections.httpProxyRead
developerconnect.connections.httpProxyWrite
Developer Connect Git Proxy Reader
Beta
(roles/developerconnect.gitProxyReader )
Grants read-only access to repositories through the Git Proxy.
developerconnect.gitRepositoryLinks.gitProxyRead
Developer Connect Git Proxy User
Beta
(roles/developerconnect.gitProxyUser )
Grants read and write access to repositories through the Git Proxy.
developerconnect.gitRepositoryLinks.gitProxyRead
developerconnect.gitRepositoryLinks.gitProxyWrite
Developer Connect Insights Admin
Beta
(roles/developerconnect.insightsAdmin )
Admin access to Developer Connect Insights resources.
developerconnect.deploymentEvents.*
developerconnect.deploymentEvents.get developerconnect.deploymentEvents.list
developerconnect.insightsConfigs.*
developerconnect.insightsConfigs.create developerconnect.insightsConfigs.delete developerconnect.insightsConfigs.get developerconnect.insightsConfigs.list developerconnect.insightsConfigs.update
developerconnect.locations.*
developerconnect.locations.getdeveloperconnect.locations.list
developerconnect.operations.get
developerconnect.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
Developer Connect Insights Config Agent
Beta
(roles/developerconnect.insightsAgent )
Allow Developer Connect to access SDLC information.
cloudasset.assets.exportResource
cloudasset.assets.listResource
cloudasset.assets.searchAllResources
cloudasset.feeds.create
cloudasset.feeds.get
cloudasset.feeds.update
containeranalysis.occurrences.get
containeranalysis.occurrences.list
logging.logEntries.create
Developer Connect Insights Viewer
Beta
(roles/developerconnect.insightsViewer )
Read-only access to Developer Connect Insights resources.
developerconnect.deploymentEvents.*
developerconnect.deploymentEvents.get developerconnect.deploymentEvents.list
developerconnect.insightsConfigs.get
developerconnect.insightsConfigs.list
developerconnect.locations.*
developerconnect.locations.getdeveloperconnect.locations.list
developerconnect.operations.get
developerconnect.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
Developer Connect OAuth Admin
Beta
(roles/developerconnect.oauthAdmin )
Grants read and write access to AccountConnector resources.
developerconnect.accountConnectors.*
developerconnect.accountConnectors.create developerconnect.accountConnectors.delete developerconnect.accountConnectors.get developerconnect.accountConnectors.list developerconnect.accountConnectors.update
developerconnect.locations.*
developerconnect.locations.getdeveloperconnect.locations.list
developerconnect.operations.get
developerconnect.operations.list
developerconnect.providers.list
developerconnect.users.*
developerconnect.users.deletedeveloperconnect.users.deleteSelf developerconnect.users.fetchAccessToken developerconnect.users.finishOAuth developerconnect.users.getSelfdeveloperconnect.users.listdeveloperconnect.users.startOAuth
resourcemanager.projects.get
resourcemanager.projects.list
Developer Connect OAuth User
Beta
(roles/developerconnect.oauthUser )
Grants read and write access to User resources, and read access to AccountConnectors.
developerconnect.accountConnectors.get
developerconnect.accountConnectors.list
developerconnect.locations.*
developerconnect.locations.getdeveloperconnect.locations.list
developerconnect.operations.get
developerconnect.operations.list
developerconnect.users.deleteSelf
developerconnect.users.fetchAccessToken
developerconnect.users.finishOAuth
developerconnect.users.getSelf
developerconnect.users.startOAuth
resourcemanager.projects.get
resourcemanager.projects.list
Developer Connect Read Token Accessor
Beta
(roles/developerconnect.readTokenAccessor )
Grants access to Read-Only tokens (both PAT and short-lived). Also grants access to view the git repository link.
developerconnect.connections.get
developerconnect.gitRepositoryLinks.fetchReadToken
developerconnect.gitRepositoryLinks.get
Developer Connect Token Accessor
Beta
(roles/developerconnect.tokenAccessor )
Grants access to Read/Write and Read-Only tokens (both PAT and short-lived). Also grants access to view the git repository link.
developerconnect.connections.get
developerconnect.gitRepositoryLinks.fetchReadToken
developerconnect.gitRepositoryLinks.fetchReadWriteToken
developerconnect.gitRepositoryLinks.get
Developer Connect User
Beta
(roles/developerconnect.user )
Grants access to view the connection and to the features that interact with the actual repository such as reading content from the repository
developerconnect.connections.fetchGitHubInstallations
developerconnect.connections.fetchLinkableGitRepositories
developerconnect.connections.get
developerconnect.connections.list
developerconnect.gitRepositoryLinks.fetchGitRefs
developerconnect.gitRepositoryLinks.get
developerconnect.gitRepositoryLinks.list
developerconnect.locations.*
developerconnect.locations.getdeveloperconnect.locations.list
developerconnect.operations.get
developerconnect.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
Service agent roles
Service agent roles should only be granted to service agents .
Role
Permissions
Developer Connect Service Agent
(roles/developerconnect.serviceAgent )
Gives the Developer Connect API Service Account access to necessary GCP resources.
Warning: Do not grant service agent roles to any principals except
service agents .
apphub.applications.get
apphub.services.get
apphub.services.list
apphub.workloads.get
apphub.workloads.list
developerconnect.operations.get
Akun layanan Developer Connect
Developer Connect menggunakan agen layanan untuk menjalankan tugas atas nama Anda
saat berkomunikasi dengan layanan lain. Agen layanan ini dibuat secara otomatis saat Anda pertama kali berinteraksi dengan Developer Connect (membuat koneksi repositori atau konektor akun).
ID untuk agen layanan Developer Connect adalah sebagai berikut, dengan PROJECT_NUMBER adalah nomor project Anda. Google Cloud
service-PROJECT_NUMBER @gcp-sa-devconnect.iam.gserviceaccount.com
Anda menggunakan ID ini untuk memberikan atau mengubah peran dan
izin IAM.
Untuk mengetahui langkah-langkah spesifik dalam memberikan peran, lihat
Memberikan, mengubah, dan mencabut akses ke resource .
Langkah berikutnya
