Google uses AI technology to translate content into your preferred language. AI translations can contain errors.

IAM-Rollen und -Berechtigungen

Auf dieser Seite werden die Rollen und Berechtigungen von Developer Connect beschrieben.

Die Zugriffssteuerung in Developer Connect erfolgt mithilfe von Identity and Access Management (IAM). Mit IAM können Sie Berechtigungen für Google Cloud Ressourcen erstellen und verwalten. Developer Connect bietet einen bestimmten Satz vordefinierter IAM-Rollen , bei denen jede Rolle eine Reihe von Berechtigungen enthält, die für eine bestimmte Art von Zugriff oder Aktion geeignet sind. Wir empfehlen, das Prinzip der geringsten Berechtigung, anzuwenden und nur den erforderlichen Zugriff auf Ihre Ressourcen zu gewähren.

Vordefinierte Developer Connect-Rollen

Durch die Verwendung von Rollen weisen Sie Konten Berechtigungen zu. In der folgenden Tabelle sind die für Developer Connect verfügbaren IAM-Rollen und deren Berechtigungen aufgeführt:

Die IAM-Dokumentation enthält eine durchsuchbare Referenz aller vordefinierten Rollen.

Role Permissions

Role	Permissions
Developer Connect Admin ^Beta (`roles/developerconnect.admin`) Full access to Developer Connect resources.	`developerconnect.connections.constructGitHubAppManifest` `developerconnect.connections.create` `developerconnect.connections.delete` `developerconnect.connections.fetchGitHubInstallations` `developerconnect.connections.fetchLinkableGitRepositories` `developerconnect.connections.generateGitHubStateToken` `developerconnect.connections.get` `developerconnect.connections.list` `developerconnect.connections.processGitHubAppCreationCallback` `developerconnect.connections.processGitHubOAuthCallback` `developerconnect.connections.update` `developerconnect.gitRepositoryLinks.create` `developerconnect.gitRepositoryLinks.delete` `developerconnect.gitRepositoryLinks.fetchGitRefs` `developerconnect.gitRepositoryLinks.get` `developerconnect.gitRepositoryLinks.gitProxyRead` `developerconnect.gitRepositoryLinks.gitProxyWrite` `developerconnect.gitRepositoryLinks.list` `developerconnect.locations.` `developerconnect.locations.get` `developerconnect.locations.list` `developerconnect.operations.` `developerconnect.operations.cancel` `developerconnect.operations.delete` `developerconnect.operations.get` `developerconnect.operations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Developer Connect Viewer ^Beta (`roles/developerconnect.viewer`) Read-only access to Developer Connect resources.	`developerconnect.connections.get` `developerconnect.connections.list` `developerconnect.gitRepositoryLinks.get` `developerconnect.gitRepositoryLinks.list` `developerconnect.locations.*` `developerconnect.locations.get` `developerconnect.locations.list` `developerconnect.operations.get` `developerconnect.operations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Developer Connect HTTP Proxy Writer ^Beta (`roles/developerconnect.connectionHttpProxyWriter`) Grants read and write access to connections through the HTTP Proxy.	`developerconnect.connections.httpProxyRead` `developerconnect.connections.httpProxyWrite`
Developer Connect Git Proxy Reader ^Beta (`roles/developerconnect.gitProxyReader`) Grants read-only access to repositories through the Git Proxy.	`developerconnect.gitRepositoryLinks.gitProxyRead`
Developer Connect Git Proxy User ^Beta (`roles/developerconnect.gitProxyUser`) Grants read and write access to repositories through the Git Proxy.	`developerconnect.gitRepositoryLinks.gitProxyRead` `developerconnect.gitRepositoryLinks.gitProxyWrite`
Developer Connect Insights Admin ^Beta (`roles/developerconnect.insightsAdmin`) Admin access to Developer Connect Insights resources.	`developerconnect.deploymentEvents.` `developerconnect.deploymentEvents.get` `developerconnect.deploymentEvents.list` `developerconnect.insightsConfigs.` `developerconnect.insightsConfigs.create` `developerconnect.insightsConfigs.delete` `developerconnect.insightsConfigs.get` `developerconnect.insightsConfigs.list` `developerconnect.insightsConfigs.update` `developerconnect.locations.*` `developerconnect.locations.get` `developerconnect.locations.list` `developerconnect.operations.get` `developerconnect.operations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Developer Connect Insights Config Agent ^Beta (`roles/developerconnect.insightsAgent`) Allow Developer Connect to access SDLC information.	`cloudasset.assets.exportResource` `cloudasset.assets.listResource` `cloudasset.assets.searchAllResources` `cloudasset.feeds.create` `cloudasset.feeds.get` `cloudasset.feeds.update` `containeranalysis.occurrences.get` `containeranalysis.occurrences.list` `logging.logEntries.create`
Developer Connect Insights Viewer ^Beta (`roles/developerconnect.insightsViewer`) Read-only access to Developer Connect Insights resources.	`developerconnect.deploymentEvents.` `developerconnect.deploymentEvents.get` `developerconnect.deploymentEvents.list` `developerconnect.insightsConfigs.get` `developerconnect.insightsConfigs.list` `developerconnect.locations.` `developerconnect.locations.get` `developerconnect.locations.list` `developerconnect.operations.get` `developerconnect.operations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Developer Connect OAuth Admin ^Beta (`roles/developerconnect.oauthAdmin`) Grants read and write access to AccountConnector resources.	`developerconnect.accountConnectors.` `developerconnect.accountConnectors.create` `developerconnect.accountConnectors.delete` `developerconnect.accountConnectors.get` `developerconnect.accountConnectors.list` `developerconnect.accountConnectors.update` `developerconnect.locations.` `developerconnect.locations.get` `developerconnect.locations.list` `developerconnect.operations.get` `developerconnect.operations.list` `developerconnect.providers.list` `developerconnect.users.*` `developerconnect.users.delete` `developerconnect.users.deleteSelf` `developerconnect.users.fetchAccessToken` `developerconnect.users.finishOAuth` `developerconnect.users.getSelf` `developerconnect.users.list` `developerconnect.users.startOAuth` `resourcemanager.projects.get` `resourcemanager.projects.list`
Developer Connect OAuth User ^Beta (`roles/developerconnect.oauthUser`) Grants read and write access to User resources, and read access to AccountConnectors.	`developerconnect.accountConnectors.get` `developerconnect.accountConnectors.list` `developerconnect.locations.*` `developerconnect.locations.get` `developerconnect.locations.list` `developerconnect.operations.get` `developerconnect.operations.list` `developerconnect.users.deleteSelf` `developerconnect.users.fetchAccessToken` `developerconnect.users.finishOAuth` `developerconnect.users.getSelf` `developerconnect.users.startOAuth` `resourcemanager.projects.get` `resourcemanager.projects.list`
Developer Connect Read Token Accessor ^Beta (`roles/developerconnect.readTokenAccessor`) Grants access to Read-Only tokens (both PAT and short-lived). Also grants access to view the git repository link.	`developerconnect.connections.get` `developerconnect.gitRepositoryLinks.fetchReadToken` `developerconnect.gitRepositoryLinks.get`
Developer Connect Token Accessor ^Beta (`roles/developerconnect.tokenAccessor`) Grants access to Read/Write and Read-Only tokens (both PAT and short-lived). Also grants access to view the git repository link.	`developerconnect.connections.get` `developerconnect.gitRepositoryLinks.fetchReadToken` `developerconnect.gitRepositoryLinks.fetchReadWriteToken` `developerconnect.gitRepositoryLinks.get`
Developer Connect User ^Beta (`roles/developerconnect.user`) Grants access to view the connection and to the features that interact with the actual repository such as reading content from the repository	`developerconnect.connections.fetchGitHubInstallations` `developerconnect.connections.fetchLinkableGitRepositories` `developerconnect.connections.get` `developerconnect.connections.list` `developerconnect.gitRepositoryLinks.fetchGitRefs` `developerconnect.gitRepositoryLinks.get` `developerconnect.gitRepositoryLinks.list` `developerconnect.locations.*` `developerconnect.locations.get` `developerconnect.locations.list` `developerconnect.operations.get` `developerconnect.operations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

Developer Connect Admin ^Beta

(roles/developerconnect.admin)

Full access to Developer Connect resources.

developerconnect.connections.constructGitHubAppManifest

developerconnect.connections.create

developerconnect.connections.delete

developerconnect.connections.fetchGitHubInstallations

developerconnect.connections.fetchLinkableGitRepositories

developerconnect.connections.generateGitHubStateToken

developerconnect.connections.get

developerconnect.connections.list

developerconnect.connections.processGitHubAppCreationCallback

developerconnect.connections.processGitHubOAuthCallback

developerconnect.connections.update

developerconnect.gitRepositoryLinks.create

developerconnect.gitRepositoryLinks.delete

developerconnect.gitRepositoryLinks.fetchGitRefs

developerconnect.gitRepositoryLinks.get

developerconnect.gitRepositoryLinks.gitProxyRead

developerconnect.gitRepositoryLinks.gitProxyWrite

developerconnect.gitRepositoryLinks.list

developerconnect.locations.*

developerconnect.locations.get
developerconnect.locations.list

developerconnect.operations.*

developerconnect.operations.cancel
developerconnect.operations.delete
developerconnect.operations.get
developerconnect.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Developer Connect Viewer ^Beta

(roles/developerconnect.viewer)

Read-only access to Developer Connect resources.

developerconnect.connections.get

developerconnect.connections.list

developerconnect.gitRepositoryLinks.get

developerconnect.gitRepositoryLinks.list

developerconnect.locations.*

developerconnect.locations.get
developerconnect.locations.list

developerconnect.operations.get

developerconnect.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Developer Connect HTTP Proxy Writer ^Beta

(roles/developerconnect.connectionHttpProxyWriter)

Grants read and write access to connections through the HTTP Proxy.

developerconnect.connections.httpProxyRead

developerconnect.connections.httpProxyWrite

Developer Connect Git Proxy Reader ^Beta

(roles/developerconnect.gitProxyReader)

Grants read-only access to repositories through the Git Proxy.

developerconnect.gitRepositoryLinks.gitProxyRead

Developer Connect Git Proxy User ^Beta

(roles/developerconnect.gitProxyUser)

Grants read and write access to repositories through the Git Proxy.

developerconnect.gitRepositoryLinks.gitProxyRead

developerconnect.gitRepositoryLinks.gitProxyWrite

Developer Connect Insights Admin ^Beta

(roles/developerconnect.insightsAdmin)

Admin access to Developer Connect Insights resources.

developerconnect.deploymentEvents.*

developerconnect.deploymentEvents.get
developerconnect.deploymentEvents.list

developerconnect.insightsConfigs.*

developerconnect.insightsConfigs.create
developerconnect.insightsConfigs.delete
developerconnect.insightsConfigs.get
developerconnect.insightsConfigs.list
developerconnect.insightsConfigs.update

developerconnect.locations.*

developerconnect.locations.get
developerconnect.locations.list

developerconnect.operations.get

developerconnect.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Developer Connect Insights Config Agent ^Beta

(roles/developerconnect.insightsAgent)

Allow Developer Connect to access SDLC information.

cloudasset.assets.exportResource

cloudasset.assets.listResource

cloudasset.assets.searchAllResources

cloudasset.feeds.create

cloudasset.feeds.get

cloudasset.feeds.update

containeranalysis.occurrences.get

containeranalysis.occurrences.list

logging.logEntries.create

Developer Connect Insights Viewer ^Beta

(roles/developerconnect.insightsViewer)

Read-only access to Developer Connect Insights resources.

developerconnect.deploymentEvents.*

developerconnect.deploymentEvents.get
developerconnect.deploymentEvents.list

developerconnect.insightsConfigs.get

developerconnect.insightsConfigs.list

developerconnect.locations.*

developerconnect.locations.get
developerconnect.locations.list

developerconnect.operations.get

developerconnect.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Developer Connect OAuth Admin ^Beta

(roles/developerconnect.oauthAdmin)

Grants read and write access to AccountConnector resources.

developerconnect.accountConnectors.*

developerconnect.accountConnectors.create
developerconnect.accountConnectors.delete
developerconnect.accountConnectors.get
developerconnect.accountConnectors.list
developerconnect.accountConnectors.update

developerconnect.locations.*

developerconnect.locations.get
developerconnect.locations.list

developerconnect.operations.get

developerconnect.operations.list

developerconnect.providers.list

developerconnect.users.*

developerconnect.users.delete
developerconnect.users.deleteSelf
developerconnect.users.fetchAccessToken
developerconnect.users.finishOAuth
developerconnect.users.getSelf
developerconnect.users.list
developerconnect.users.startOAuth

resourcemanager.projects.get

resourcemanager.projects.list

Developer Connect OAuth User ^Beta

(roles/developerconnect.oauthUser)

Grants read and write access to User resources, and read access to AccountConnectors.

developerconnect.accountConnectors.get

developerconnect.accountConnectors.list

developerconnect.locations.*

developerconnect.locations.get
developerconnect.locations.list

developerconnect.operations.get

developerconnect.operations.list

developerconnect.users.deleteSelf

developerconnect.users.fetchAccessToken

developerconnect.users.finishOAuth

developerconnect.users.getSelf

developerconnect.users.startOAuth

resourcemanager.projects.get

resourcemanager.projects.list

Developer Connect Read Token Accessor ^Beta

(roles/developerconnect.readTokenAccessor)

Grants access to Read-Only tokens (both PAT and short-lived). Also grants access to view the git repository link.

developerconnect.connections.get

developerconnect.gitRepositoryLinks.fetchReadToken

developerconnect.gitRepositoryLinks.get

Developer Connect Token Accessor ^Beta

(roles/developerconnect.tokenAccessor)

Grants access to Read/Write and Read-Only tokens (both PAT and short-lived). Also grants access to view the git repository link.

developerconnect.connections.get

developerconnect.gitRepositoryLinks.fetchReadToken

developerconnect.gitRepositoryLinks.fetchReadWriteToken

developerconnect.gitRepositoryLinks.get

Developer Connect User ^Beta

(roles/developerconnect.user)

Grants access to view the connection and to the features that interact with the actual repository such as reading content from the repository

developerconnect.connections.fetchGitHubInstallations

developerconnect.connections.fetchLinkableGitRepositories

developerconnect.connections.get

developerconnect.connections.list

developerconnect.gitRepositoryLinks.fetchGitRefs

developerconnect.gitRepositoryLinks.get

developerconnect.gitRepositoryLinks.list

developerconnect.locations.*

developerconnect.locations.get
developerconnect.locations.list

developerconnect.operations.get

developerconnect.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Service agent roles

Service agent roles should only be granted to service agents.

Role Permissions

Role	Permissions
Developer Connect Service Agent (`roles/developerconnect.serviceAgent`) Gives the Developer Connect API Service Account access to necessary GCP resources. Warning: Do not grant service agent roles to any principals except service agents.	`apphub.applications.get` `apphub.services.get` `apphub.services.list` `apphub.workloads.get` `apphub.workloads.list` `developerconnect.operations.get`

Developer Connect Service Agent

(roles/developerconnect.serviceAgent)

Gives the Developer Connect API Service Account access to necessary GCP resources.

apphub.applications.get

apphub.services.get

apphub.services.list

apphub.workloads.get

apphub.workloads.list

developerconnect.operations.get

Developer Connect-Dienstkonto

Developer Connect verwendet einen Dienst-Agenten , um Aufgaben in Ihrem Namen auszuführen, wenn mit anderen Diensten kommuniziert wird. Dieser Dienst-Agent wird automatisch erstellt, wenn Sie zum ersten Mal mit Developer Connect interagieren (z. B. eine Repository-Verbindung oder einen Account Connector erstellen).

Die ID für den Developer Connect Dienst-Agenten hat folgendes Format, wobei PROJECT_NUMBER Ihre Google Cloud Projektnummer ist.

service-PROJECT_NUMBER@gcp-sa-devconnect.iam.gserviceaccount.com

Mit dieser ID können Sie IAM-Rollen und ‑Berechtigungen zuweisen oder ändern.

Zugriff auf Ressourcen konfigurieren

Bestimmte Schritte zum Zuweisen von Rollen finden Sie unter Zugriff auf Ressourcen erteilen, ändern und entziehen.

Nächste Schritte

Learn about IAM
Mit einem GitHub-Repository verbinden.

IAM-Rollen und -Berechtigungen Mit Sammlungen den Überblick behalten Sie können Inhalte basierend auf Ihren Einstellungen speichern und kategorisieren.

Vordefinierte Developer Connect-Rollen

Developer Connect Admin Beta

Developer Connect Viewer Beta

Developer Connect HTTP Proxy Writer Beta

Developer Connect Git Proxy Reader Beta

Developer Connect Git Proxy User Beta

Developer Connect Insights Admin Beta

Developer Connect Insights Config Agent Beta

Developer Connect Insights Viewer Beta

Developer Connect OAuth Admin Beta

Developer Connect OAuth User Beta

Developer Connect Read Token Accessor Beta

Developer Connect Token Accessor Beta

Developer Connect User Beta

Service agent roles

Developer Connect Service Agent

Developer Connect-Dienstkonto

Zugriff auf Ressourcen konfigurieren

Nächste Schritte

IAM-Rollen und -Berechtigungen

Developer Connect Admin ^Beta

Developer Connect Viewer ^Beta

Developer Connect HTTP Proxy Writer ^Beta

Developer Connect Git Proxy Reader ^Beta

Developer Connect Git Proxy User ^Beta

Developer Connect Insights Admin ^Beta

Developer Connect Insights Config Agent ^Beta

Developer Connect Insights Viewer ^Beta

Developer Connect OAuth Admin ^Beta

Developer Connect OAuth User ^Beta

Developer Connect Read Token Accessor ^Beta

Developer Connect Token Accessor ^Beta

Developer Connect User ^Beta