Google uses AI technology to translate content into your preferred language. AI translations can contain errors.
身分與存取權管理角色和權限
透過集合功能整理內容
你可以依據偏好儲存及分類內容。
本頁面說明 Developer Connect 角色和權限。
Developer Connect 的存取控管使用 Identity and Access Management (IAM)。您可以使用 IAM 建立及管理 Google Cloud 資源的權限。Developer Connect 提供一組特定的預先定義 IAM 角色,每個角色都包含一組權限,適用於特定類型的存取或動作。建議您採用最低權限安全性原則,僅授予必要的資源存取權限。
預先定義的 Developer Connect 角色
您可利用角色將權限指派給帳戶。下表列出 Developer Connect 的可用 IAM 角色,以及這些角色所具備的權限:
IAM 說明文件提供可搜尋的參考資料,列出所有預先定義的角色。
| Role |
Permissions |
Developer Connect Admin
Beta
(roles/developerconnect.admin)
Full access to Developer Connect resources.
|
developerconnect.connections.constructGitHubAppManifest
developerconnect.connections.create
developerconnect.connections.delete
developerconnect.connections.fetchGitHubInstallations
developerconnect.connections.fetchLinkableGitRepositories
developerconnect.connections.generateGitHubStateToken
developerconnect.connections.get
developerconnect.connections.list
developerconnect.connections.processGitHubAppCreationCallback
developerconnect.connections.processGitHubOAuthCallback
developerconnect.connections.update
developerconnect.gitRepositoryLinks.create
developerconnect.gitRepositoryLinks.delete
developerconnect.gitRepositoryLinks.fetchGitRefs
developerconnect.gitRepositoryLinks.get
developerconnect.gitRepositoryLinks.gitProxyRead
developerconnect.gitRepositoryLinks.gitProxyWrite
developerconnect.gitRepositoryLinks.list
developerconnect.locations.*
developerconnect.locations.getdeveloperconnect.locations.list
developerconnect.operations.*
developerconnect.operations.canceldeveloperconnect.operations.deletedeveloperconnect.operations.getdeveloperconnect.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Developer Connect Viewer
Beta
(roles/developerconnect.viewer)
Read-only access to Developer Connect resources.
|
developerconnect.connections.get
developerconnect.connections.list
developerconnect.gitRepositoryLinks.get
developerconnect.gitRepositoryLinks.list
developerconnect.locations.*
developerconnect.locations.getdeveloperconnect.locations.list
developerconnect.operations.get
developerconnect.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Developer Connect HTTP Proxy Writer
Beta
(roles/developerconnect.connectionHttpProxyWriter)
Grants read and write access to connections through the HTTP Proxy.
|
developerconnect.connections.httpProxyRead
developerconnect.connections.httpProxyWrite
|
Developer Connect Git Proxy Reader
Beta
(roles/developerconnect.gitProxyReader)
Grants read-only access to repositories through the Git Proxy.
|
developerconnect.gitRepositoryLinks.gitProxyRead
|
Developer Connect Git Proxy User
Beta
(roles/developerconnect.gitProxyUser)
Grants read and write access to repositories through the Git Proxy.
|
developerconnect.gitRepositoryLinks.gitProxyRead
developerconnect.gitRepositoryLinks.gitProxyWrite
|
Developer Connect Insights Admin
Beta
(roles/developerconnect.insightsAdmin)
Admin access to Developer Connect Insights resources.
|
developerconnect.deploymentEvents.*
developerconnect.deploymentEvents.getdeveloperconnect.deploymentEvents.list
developerconnect.insightsConfigs.*
developerconnect.insightsConfigs.createdeveloperconnect.insightsConfigs.deletedeveloperconnect.insightsConfigs.getdeveloperconnect.insightsConfigs.listdeveloperconnect.insightsConfigs.update
developerconnect.locations.*
developerconnect.locations.getdeveloperconnect.locations.list
developerconnect.operations.get
developerconnect.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Developer Connect Insights Config Agent
Beta
(roles/developerconnect.insightsAgent)
Allow Developer Connect to access SDLC information.
|
cloudasset.assets.exportResource
cloudasset.assets.listResource
cloudasset.assets.searchAllResources
cloudasset.feeds.create
cloudasset.feeds.get
cloudasset.feeds.update
containeranalysis.occurrences.get
containeranalysis.occurrences.list
logging.logEntries.create
|
Developer Connect Insights Viewer
Beta
(roles/developerconnect.insightsViewer)
Read-only access to Developer Connect Insights resources.
|
developerconnect.deploymentEvents.*
developerconnect.deploymentEvents.getdeveloperconnect.deploymentEvents.list
developerconnect.insightsConfigs.get
developerconnect.insightsConfigs.list
developerconnect.locations.*
developerconnect.locations.getdeveloperconnect.locations.list
developerconnect.operations.get
developerconnect.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Developer Connect OAuth Admin
Beta
(roles/developerconnect.oauthAdmin)
Grants read and write access to AccountConnector resources.
|
developerconnect.accountConnectors.*
developerconnect.accountConnectors.createdeveloperconnect.accountConnectors.deletedeveloperconnect.accountConnectors.getdeveloperconnect.accountConnectors.listdeveloperconnect.accountConnectors.update
developerconnect.locations.*
developerconnect.locations.getdeveloperconnect.locations.list
developerconnect.operations.get
developerconnect.operations.list
developerconnect.providers.list
developerconnect.users.*
developerconnect.users.deletedeveloperconnect.users.deleteSelfdeveloperconnect.users.fetchAccessTokendeveloperconnect.users.finishOAuthdeveloperconnect.users.getSelfdeveloperconnect.users.listdeveloperconnect.users.startOAuth
resourcemanager.projects.get
resourcemanager.projects.list
|
Developer Connect OAuth User
Beta
(roles/developerconnect.oauthUser)
Grants read and write access to User resources, and read access to AccountConnectors.
|
developerconnect.accountConnectors.get
developerconnect.accountConnectors.list
developerconnect.locations.*
developerconnect.locations.getdeveloperconnect.locations.list
developerconnect.operations.get
developerconnect.operations.list
developerconnect.users.deleteSelf
developerconnect.users.fetchAccessToken
developerconnect.users.finishOAuth
developerconnect.users.getSelf
developerconnect.users.startOAuth
resourcemanager.projects.get
resourcemanager.projects.list
|
Developer Connect Read Token Accessor
Beta
(roles/developerconnect.readTokenAccessor)
Grants access to Read-Only tokens (both PAT and short-lived). Also grants access to view the git repository link.
|
developerconnect.connections.get
developerconnect.gitRepositoryLinks.fetchReadToken
developerconnect.gitRepositoryLinks.get
|
Developer Connect Token Accessor
Beta
(roles/developerconnect.tokenAccessor)
Grants access to Read/Write and Read-Only tokens (both PAT and short-lived). Also grants access to view the git repository link.
|
developerconnect.connections.get
developerconnect.gitRepositoryLinks.fetchReadToken
developerconnect.gitRepositoryLinks.fetchReadWriteToken
developerconnect.gitRepositoryLinks.get
|
Developer Connect User
Beta
(roles/developerconnect.user)
Grants access to view the connection and to the features that interact with the actual repository such as reading content from the repository
|
developerconnect.connections.fetchGitHubInstallations
developerconnect.connections.fetchLinkableGitRepositories
developerconnect.connections.get
developerconnect.connections.list
developerconnect.gitRepositoryLinks.fetchGitRefs
developerconnect.gitRepositoryLinks.get
developerconnect.gitRepositoryLinks.list
developerconnect.locations.*
developerconnect.locations.getdeveloperconnect.locations.list
developerconnect.operations.get
developerconnect.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Service agent roles
Service agent roles should only be granted to service agents.
| Role |
Permissions |
Developer Connect Service Agent
(roles/developerconnect.serviceAgent)
Gives the Developer Connect API Service Account access to necessary GCP resources.
|
apphub.applications.get
apphub.services.get
apphub.services.list
apphub.workloads.get
apphub.workloads.list
developerconnect.operations.get
|
Developer Connect 服務帳戶
與其他服務通訊時,Developer Connect 會使用服務代理程式代表您執行工作。首次與 Developer Connect 互動時 (建立存放區連線或帳戶連接器),系統會自動建立這個服務代理程式。
Developer Connect 服務代理的 ID 如下,其中 PROJECT_NUMBER 是您的 Google Cloud
專案編號。
service-PROJECT_NUMBER@gcp-sa-devconnect.iam.gserviceaccount.com
您可以使用這個 ID 授予或修改 IAM 角色和權限。
如需授予角色的詳細步驟,請參閱「授予、變更及撤銷資源存取權」。
後續步驟
除非另有註明,否則本頁面中的內容是採用創用 CC 姓名標示 4.0 授權,程式碼範例則為阿帕契 2.0 授權。詳情請參閱《Google Developers 網站政策》。Java 是 Oracle 和/或其關聯企業的註冊商標。
上次更新時間:2026-06-04 (世界標準時間)。
[[["容易理解","easyToUnderstand","thumb-up"],["確實解決了我的問題","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["難以理解","hardToUnderstand","thumb-down"],["資訊或程式碼範例有誤","incorrectInformationOrSampleCode","thumb-down"],["缺少我需要的資訊/範例","missingTheInformationSamplesINeed","thumb-down"],["翻譯問題","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["上次更新時間:2026-06-04 (世界標準時間)。"],[],[]]
