Google uses AI technology to translate content into your preferred language. AI translations can contain errors.

IAM 역할 및 권한

이 페이지에서는 Developer Connect 역할과 권한을 설명합니다.

Developer Connect의 액세스 제어는 Identity and Access Management (IAM)를 사용하여 제어됩니다. IAM을 사용하면 Google Cloud 리소스에 대한 권한을 만들고 관리할 수 있습니다. Developer Connect는 각 역할에 특정 유형의 액세스 또는 작업에 적합한 권한 집합이 포함된 특정 사전 정의된 IAM 역할 집합을 제공합니다. 최소 권한의 보안 원칙을 채택하여 리소스에 대해 필요한 액세스 권한만 부여하는 것이 좋습니다.

사전 정의된 Developer Connect 역할

역할을 사용하여 계정에 권한을 할당합니다. 다음 표에는 Developer Connect에 사용할 수 있는 IAM 역할과 여기에 포함된 권한이 나와 있습니다.

IAM 문서에는 사전 정의된 모든 역할의 검색 가능한 참조가 포함되어 있습니다.

Role Permissions

Role	Permissions
Developer Connect Admin ^Beta (`roles/developerconnect.admin`) Full access to Developer Connect resources.	`developerconnect.connections.constructGitHubAppManifest` `developerconnect.connections.create` `developerconnect.connections.delete` `developerconnect.connections.fetchGitHubInstallations` `developerconnect.connections.fetchLinkableGitRepositories` `developerconnect.connections.generateGitHubStateToken` `developerconnect.connections.get` `developerconnect.connections.list` `developerconnect.connections.processGitHubAppCreationCallback` `developerconnect.connections.processGitHubOAuthCallback` `developerconnect.connections.update` `developerconnect.gitRepositoryLinks.create` `developerconnect.gitRepositoryLinks.delete` `developerconnect.gitRepositoryLinks.fetchGitRefs` `developerconnect.gitRepositoryLinks.get` `developerconnect.gitRepositoryLinks.gitProxyRead` `developerconnect.gitRepositoryLinks.gitProxyWrite` `developerconnect.gitRepositoryLinks.list` `developerconnect.locations.` `developerconnect.locations.get` `developerconnect.locations.list` `developerconnect.operations.` `developerconnect.operations.cancel` `developerconnect.operations.delete` `developerconnect.operations.get` `developerconnect.operations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Developer Connect Viewer ^Beta (`roles/developerconnect.viewer`) Read-only access to Developer Connect resources.	`developerconnect.connections.get` `developerconnect.connections.list` `developerconnect.gitRepositoryLinks.get` `developerconnect.gitRepositoryLinks.list` `developerconnect.locations.*` `developerconnect.locations.get` `developerconnect.locations.list` `developerconnect.operations.get` `developerconnect.operations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Developer Connect HTTP Proxy Writer ^Beta (`roles/developerconnect.connectionHttpProxyWriter`) Grants read and write access to connections through the HTTP Proxy.	`developerconnect.connections.httpProxyRead` `developerconnect.connections.httpProxyWrite`
Developer Connect Git Proxy Reader ^Beta (`roles/developerconnect.gitProxyReader`) Grants read-only access to repositories through the Git Proxy.	`developerconnect.gitRepositoryLinks.gitProxyRead`
Developer Connect Git Proxy User ^Beta (`roles/developerconnect.gitProxyUser`) Grants read and write access to repositories through the Git Proxy.	`developerconnect.gitRepositoryLinks.gitProxyRead` `developerconnect.gitRepositoryLinks.gitProxyWrite`
Developer Connect Insights Admin ^Beta (`roles/developerconnect.insightsAdmin`) Admin access to Developer Connect Insights resources.	`developerconnect.deploymentEvents.` `developerconnect.deploymentEvents.get` `developerconnect.deploymentEvents.list` `developerconnect.insightsConfigs.` `developerconnect.insightsConfigs.create` `developerconnect.insightsConfigs.delete` `developerconnect.insightsConfigs.get` `developerconnect.insightsConfigs.list` `developerconnect.insightsConfigs.update` `developerconnect.locations.*` `developerconnect.locations.get` `developerconnect.locations.list` `developerconnect.operations.get` `developerconnect.operations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Developer Connect Insights Config Agent ^Beta (`roles/developerconnect.insightsAgent`) Allow Developer Connect to access SDLC information.	`cloudasset.assets.exportResource` `cloudasset.assets.listResource` `cloudasset.assets.searchAllResources` `cloudasset.feeds.create` `cloudasset.feeds.get` `cloudasset.feeds.update` `containeranalysis.occurrences.get` `containeranalysis.occurrences.list` `logging.logEntries.create`
Developer Connect Insights Viewer ^Beta (`roles/developerconnect.insightsViewer`) Read-only access to Developer Connect Insights resources.	`developerconnect.deploymentEvents.` `developerconnect.deploymentEvents.get` `developerconnect.deploymentEvents.list` `developerconnect.insightsConfigs.get` `developerconnect.insightsConfigs.list` `developerconnect.locations.` `developerconnect.locations.get` `developerconnect.locations.list` `developerconnect.operations.get` `developerconnect.operations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Developer Connect OAuth Admin ^Beta (`roles/developerconnect.oauthAdmin`) Grants read and write access to AccountConnector resources.	`developerconnect.accountConnectors.` `developerconnect.accountConnectors.create` `developerconnect.accountConnectors.delete` `developerconnect.accountConnectors.get` `developerconnect.accountConnectors.list` `developerconnect.accountConnectors.update` `developerconnect.locations.` `developerconnect.locations.get` `developerconnect.locations.list` `developerconnect.operations.get` `developerconnect.operations.list` `developerconnect.providers.list` `developerconnect.users.*` `developerconnect.users.delete` `developerconnect.users.deleteSelf` `developerconnect.users.fetchAccessToken` `developerconnect.users.finishOAuth` `developerconnect.users.getSelf` `developerconnect.users.list` `developerconnect.users.startOAuth` `resourcemanager.projects.get` `resourcemanager.projects.list`
Developer Connect OAuth User ^Beta (`roles/developerconnect.oauthUser`) Grants read and write access to User resources, and read access to AccountConnectors.	`developerconnect.accountConnectors.get` `developerconnect.accountConnectors.list` `developerconnect.locations.*` `developerconnect.locations.get` `developerconnect.locations.list` `developerconnect.operations.get` `developerconnect.operations.list` `developerconnect.users.deleteSelf` `developerconnect.users.fetchAccessToken` `developerconnect.users.finishOAuth` `developerconnect.users.getSelf` `developerconnect.users.startOAuth` `resourcemanager.projects.get` `resourcemanager.projects.list`
Developer Connect Read Token Accessor ^Beta (`roles/developerconnect.readTokenAccessor`) Grants access to Read-Only tokens (both PAT and short-lived). Also grants access to view the git repository link.	`developerconnect.connections.get` `developerconnect.gitRepositoryLinks.fetchReadToken` `developerconnect.gitRepositoryLinks.get`
Developer Connect Token Accessor ^Beta (`roles/developerconnect.tokenAccessor`) Grants access to Read/Write and Read-Only tokens (both PAT and short-lived). Also grants access to view the git repository link.	`developerconnect.connections.get` `developerconnect.gitRepositoryLinks.fetchReadToken` `developerconnect.gitRepositoryLinks.fetchReadWriteToken` `developerconnect.gitRepositoryLinks.get`
Developer Connect User ^Beta (`roles/developerconnect.user`) Grants access to view the connection and to the features that interact with the actual repository such as reading content from the repository	`developerconnect.connections.fetchGitHubInstallations` `developerconnect.connections.fetchLinkableGitRepositories` `developerconnect.connections.get` `developerconnect.connections.list` `developerconnect.gitRepositoryLinks.fetchGitRefs` `developerconnect.gitRepositoryLinks.get` `developerconnect.gitRepositoryLinks.list` `developerconnect.locations.*` `developerconnect.locations.get` `developerconnect.locations.list` `developerconnect.operations.get` `developerconnect.operations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

Developer Connect Admin ^Beta

(roles/developerconnect.admin)

Full access to Developer Connect resources.

developerconnect.connections.constructGitHubAppManifest

developerconnect.connections.create

developerconnect.connections.delete

developerconnect.connections.fetchGitHubInstallations

developerconnect.connections.fetchLinkableGitRepositories

developerconnect.connections.generateGitHubStateToken

developerconnect.connections.get

developerconnect.connections.list

developerconnect.connections.processGitHubAppCreationCallback

developerconnect.connections.processGitHubOAuthCallback

developerconnect.connections.update

developerconnect.gitRepositoryLinks.create

developerconnect.gitRepositoryLinks.delete

developerconnect.gitRepositoryLinks.fetchGitRefs

developerconnect.gitRepositoryLinks.get

developerconnect.gitRepositoryLinks.gitProxyRead

developerconnect.gitRepositoryLinks.gitProxyWrite

developerconnect.gitRepositoryLinks.list

developerconnect.locations.*

developerconnect.locations.get
developerconnect.locations.list

developerconnect.operations.*

developerconnect.operations.cancel
developerconnect.operations.delete
developerconnect.operations.get
developerconnect.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Developer Connect Viewer ^Beta

(roles/developerconnect.viewer)

Read-only access to Developer Connect resources.

developerconnect.connections.get

developerconnect.connections.list

developerconnect.gitRepositoryLinks.get

developerconnect.gitRepositoryLinks.list

developerconnect.locations.*

developerconnect.locations.get
developerconnect.locations.list

developerconnect.operations.get

developerconnect.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Developer Connect HTTP Proxy Writer ^Beta

(roles/developerconnect.connectionHttpProxyWriter)

Grants read and write access to connections through the HTTP Proxy.

developerconnect.connections.httpProxyRead

developerconnect.connections.httpProxyWrite

Developer Connect Git Proxy Reader ^Beta

(roles/developerconnect.gitProxyReader)

Grants read-only access to repositories through the Git Proxy.

developerconnect.gitRepositoryLinks.gitProxyRead

Developer Connect Git Proxy User ^Beta

(roles/developerconnect.gitProxyUser)

Grants read and write access to repositories through the Git Proxy.

developerconnect.gitRepositoryLinks.gitProxyRead

developerconnect.gitRepositoryLinks.gitProxyWrite

Developer Connect Insights Admin ^Beta

(roles/developerconnect.insightsAdmin)

Admin access to Developer Connect Insights resources.

developerconnect.deploymentEvents.*

developerconnect.deploymentEvents.get
developerconnect.deploymentEvents.list

developerconnect.insightsConfigs.*

developerconnect.insightsConfigs.create
developerconnect.insightsConfigs.delete
developerconnect.insightsConfigs.get
developerconnect.insightsConfigs.list
developerconnect.insightsConfigs.update

developerconnect.locations.*

developerconnect.locations.get
developerconnect.locations.list

developerconnect.operations.get

developerconnect.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Developer Connect Insights Config Agent ^Beta

(roles/developerconnect.insightsAgent)

Allow Developer Connect to access SDLC information.

cloudasset.assets.exportResource

cloudasset.assets.listResource

cloudasset.assets.searchAllResources

cloudasset.feeds.create

cloudasset.feeds.get

cloudasset.feeds.update

containeranalysis.occurrences.get

containeranalysis.occurrences.list

logging.logEntries.create

Developer Connect Insights Viewer ^Beta

(roles/developerconnect.insightsViewer)

Read-only access to Developer Connect Insights resources.

developerconnect.deploymentEvents.*

developerconnect.deploymentEvents.get
developerconnect.deploymentEvents.list

developerconnect.insightsConfigs.get

developerconnect.insightsConfigs.list

developerconnect.locations.*

developerconnect.locations.get
developerconnect.locations.list

developerconnect.operations.get

developerconnect.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Developer Connect OAuth Admin ^Beta

(roles/developerconnect.oauthAdmin)

Grants read and write access to AccountConnector resources.

developerconnect.accountConnectors.*

developerconnect.accountConnectors.create
developerconnect.accountConnectors.delete
developerconnect.accountConnectors.get
developerconnect.accountConnectors.list
developerconnect.accountConnectors.update

developerconnect.locations.*

developerconnect.locations.get
developerconnect.locations.list

developerconnect.operations.get

developerconnect.operations.list

developerconnect.providers.list

developerconnect.users.*

developerconnect.users.delete
developerconnect.users.deleteSelf
developerconnect.users.fetchAccessToken
developerconnect.users.finishOAuth
developerconnect.users.getSelf
developerconnect.users.list
developerconnect.users.startOAuth

resourcemanager.projects.get

resourcemanager.projects.list

Developer Connect OAuth User ^Beta

(roles/developerconnect.oauthUser)

Grants read and write access to User resources, and read access to AccountConnectors.

developerconnect.accountConnectors.get

developerconnect.accountConnectors.list

developerconnect.locations.*

developerconnect.locations.get
developerconnect.locations.list

developerconnect.operations.get

developerconnect.operations.list

developerconnect.users.deleteSelf

developerconnect.users.fetchAccessToken

developerconnect.users.finishOAuth

developerconnect.users.getSelf

developerconnect.users.startOAuth

resourcemanager.projects.get

resourcemanager.projects.list

Developer Connect Read Token Accessor ^Beta

(roles/developerconnect.readTokenAccessor)

Grants access to Read-Only tokens (both PAT and short-lived). Also grants access to view the git repository link.

developerconnect.connections.get

developerconnect.gitRepositoryLinks.fetchReadToken

developerconnect.gitRepositoryLinks.get

Developer Connect Token Accessor ^Beta

(roles/developerconnect.tokenAccessor)

Grants access to Read/Write and Read-Only tokens (both PAT and short-lived). Also grants access to view the git repository link.

developerconnect.connections.get

developerconnect.gitRepositoryLinks.fetchReadToken

developerconnect.gitRepositoryLinks.fetchReadWriteToken

developerconnect.gitRepositoryLinks.get

Developer Connect User ^Beta

(roles/developerconnect.user)

Grants access to view the connection and to the features that interact with the actual repository such as reading content from the repository

developerconnect.connections.fetchGitHubInstallations

developerconnect.connections.fetchLinkableGitRepositories

developerconnect.connections.get

developerconnect.connections.list

developerconnect.gitRepositoryLinks.fetchGitRefs

developerconnect.gitRepositoryLinks.get

developerconnect.gitRepositoryLinks.list

developerconnect.locations.*

developerconnect.locations.get
developerconnect.locations.list

developerconnect.operations.get

developerconnect.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Service agent roles

Service agent roles should only be granted to service agents.

Role Permissions

Role	Permissions
Developer Connect Service Agent (`roles/developerconnect.serviceAgent`) Gives the Developer Connect API Service Account access to necessary GCP resources. Warning: Do not grant service agent roles to any principals except service agents.	`apphub.applications.get` `apphub.services.get` `apphub.services.list` `apphub.workloads.get` `apphub.workloads.list` `developerconnect.operations.get`

Developer Connect Service Agent

(roles/developerconnect.serviceAgent)

Gives the Developer Connect API Service Account access to necessary GCP resources.

apphub.applications.get

apphub.services.get

apphub.services.list

apphub.workloads.get

apphub.workloads.list

developerconnect.operations.get

Developer Connect 서비스 계정

Developer Connect는 다른 서비스와 통신할 때 서비스 에이전트를 사용하여 사용자 대신 작업을 실행합니다. 이 서비스 에이전트는 Developer Connect와 처음 상호작용할 때 (저장소 연결 또는 계정 커넥터 생성) 자동으로 생성됩니다.

Developer Connect 서비스 에이전트의 식별자는 다음과 같습니다. 여기서 PROJECT_NUMBER는 Google Cloud 프로젝트 번호입니다.

service-PROJECT_NUMBER@gcp-sa-devconnect.iam.gserviceaccount.com

이 식별자를 사용하여 IAM 역할 및 권한을 부여하거나 수정합니다.

리소스에 대한 액세스 구성

역할 부여에 대한 구체적인 단계는 리소스에 대한 액세스 권한 부여, 변경, 취소를 참고하세요.

다음 단계

IAM에 대해 알아봅니다.
GitHub 저장소에 연결합니다.

IAM 역할 및 권한 컬렉션을 사용해 정리하기 내 환경설정을 기준으로 콘텐츠를 저장하고 분류하세요.

사전 정의된 Developer Connect 역할

Developer Connect Admin Beta

Developer Connect Viewer Beta

Developer Connect HTTP Proxy Writer Beta

Developer Connect Git Proxy Reader Beta

Developer Connect Git Proxy User Beta

Developer Connect Insights Admin Beta

Developer Connect Insights Config Agent Beta

Developer Connect Insights Viewer Beta

Developer Connect OAuth Admin Beta

Developer Connect OAuth User Beta

Developer Connect Read Token Accessor Beta

Developer Connect Token Accessor Beta

Developer Connect User Beta

Service agent roles

Developer Connect Service Agent

Developer Connect 서비스 계정

리소스에 대한 액세스 구성

다음 단계

IAM 역할 및 권한

Developer Connect Admin ^Beta

Developer Connect Viewer ^Beta

Developer Connect HTTP Proxy Writer ^Beta

Developer Connect Git Proxy Reader ^Beta

Developer Connect Git Proxy User ^Beta

Developer Connect Insights Admin ^Beta

Developer Connect Insights Config Agent ^Beta

Developer Connect Insights Viewer ^Beta

Developer Connect OAuth Admin ^Beta

Developer Connect OAuth User ^Beta

Developer Connect Read Token Accessor ^Beta

Developer Connect Token Accessor ^Beta

Developer Connect User ^Beta