Google uses AI technology to translate content into your preferred language. AI translations can contain errors.
IAM 角色和权限
使用集合让一切井井有条
根据您的偏好保存内容并对其进行分类。
本页面介绍了 Developer Connect 角色和权限。
Developer Connect 中的访问权限控制使用
Identity and Access Management (IAM)进行控制。通过 IAM,您可以为资源创建和
管理权限。 Google Cloud Developer Connect 提供了一组特定的预定义 IAM 角色,其中每个角色都包含一组适合特定类型的访问权限或操作的权限。我们建议您采用
最小权限安全原则,
并且仅授予对资源的必要访问权限。
预定义的 Developer Connect 角色
您可以通过角色为账号分配权限。下表列出了 Developer Connect 可用的 IAM 角色及其具备的权限:
IAM 文档包含所有预定义角色的
可搜索参考
。
| Role |
Permissions |
Developer Connect Admin
Beta
(roles/developerconnect.admin)
Full access to Developer Connect resources.
|
developerconnect.connections.constructGitHubAppManifest
developerconnect.connections.create
developerconnect.connections.delete
developerconnect.connections.fetchGitHubInstallations
developerconnect.connections.fetchLinkableGitRepositories
developerconnect.connections.generateGitHubStateToken
developerconnect.connections.get
developerconnect.connections.list
developerconnect.connections.processGitHubAppCreationCallback
developerconnect.connections.processGitHubOAuthCallback
developerconnect.connections.update
developerconnect.gitRepositoryLinks.create
developerconnect.gitRepositoryLinks.delete
developerconnect.gitRepositoryLinks.fetchGitRefs
developerconnect.gitRepositoryLinks.get
developerconnect.gitRepositoryLinks.gitProxyRead
developerconnect.gitRepositoryLinks.gitProxyWrite
developerconnect.gitRepositoryLinks.list
developerconnect.locations.*
developerconnect.locations.getdeveloperconnect.locations.list
developerconnect.operations.*
developerconnect.operations.canceldeveloperconnect.operations.deletedeveloperconnect.operations.getdeveloperconnect.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Developer Connect Viewer
Beta
(roles/developerconnect.viewer)
Read-only access to Developer Connect resources.
|
developerconnect.connections.get
developerconnect.connections.list
developerconnect.gitRepositoryLinks.get
developerconnect.gitRepositoryLinks.list
developerconnect.locations.*
developerconnect.locations.getdeveloperconnect.locations.list
developerconnect.operations.get
developerconnect.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Developer Connect HTTP Proxy Writer
Beta
(roles/developerconnect.connectionHttpProxyWriter)
Grants read and write access to connections through the HTTP Proxy.
|
developerconnect.connections.httpProxyRead
developerconnect.connections.httpProxyWrite
|
Developer Connect Git Proxy Reader
Beta
(roles/developerconnect.gitProxyReader)
Grants read-only access to repositories through the Git Proxy.
|
developerconnect.gitRepositoryLinks.gitProxyRead
|
Developer Connect Git Proxy User
Beta
(roles/developerconnect.gitProxyUser)
Grants read and write access to repositories through the Git Proxy.
|
developerconnect.gitRepositoryLinks.gitProxyRead
developerconnect.gitRepositoryLinks.gitProxyWrite
|
Developer Connect Insights Admin
Beta
(roles/developerconnect.insightsAdmin)
Admin access to Developer Connect Insights resources.
|
developerconnect.deploymentEvents.*
developerconnect.deploymentEvents.getdeveloperconnect.deploymentEvents.list
developerconnect.insightsConfigs.*
developerconnect.insightsConfigs.createdeveloperconnect.insightsConfigs.deletedeveloperconnect.insightsConfigs.getdeveloperconnect.insightsConfigs.listdeveloperconnect.insightsConfigs.update
developerconnect.locations.*
developerconnect.locations.getdeveloperconnect.locations.list
developerconnect.operations.get
developerconnect.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Developer Connect Insights Config Agent
Beta
(roles/developerconnect.insightsAgent)
Allow Developer Connect to access SDLC information.
|
cloudasset.assets.exportResource
cloudasset.assets.listResource
cloudasset.assets.searchAllResources
cloudasset.feeds.create
cloudasset.feeds.get
cloudasset.feeds.update
containeranalysis.occurrences.get
containeranalysis.occurrences.list
logging.logEntries.create
|
Developer Connect Insights Viewer
Beta
(roles/developerconnect.insightsViewer)
Read-only access to Developer Connect Insights resources.
|
developerconnect.deploymentEvents.*
developerconnect.deploymentEvents.getdeveloperconnect.deploymentEvents.list
developerconnect.insightsConfigs.get
developerconnect.insightsConfigs.list
developerconnect.locations.*
developerconnect.locations.getdeveloperconnect.locations.list
developerconnect.operations.get
developerconnect.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Developer Connect OAuth Admin
Beta
(roles/developerconnect.oauthAdmin)
Grants read and write access to AccountConnector resources.
|
developerconnect.accountConnectors.*
developerconnect.accountConnectors.createdeveloperconnect.accountConnectors.deletedeveloperconnect.accountConnectors.getdeveloperconnect.accountConnectors.listdeveloperconnect.accountConnectors.update
developerconnect.locations.*
developerconnect.locations.getdeveloperconnect.locations.list
developerconnect.operations.get
developerconnect.operations.list
developerconnect.providers.list
developerconnect.users.*
developerconnect.users.deletedeveloperconnect.users.deleteSelfdeveloperconnect.users.fetchAccessTokendeveloperconnect.users.finishOAuthdeveloperconnect.users.getSelfdeveloperconnect.users.listdeveloperconnect.users.startOAuth
resourcemanager.projects.get
resourcemanager.projects.list
|
Developer Connect OAuth User
Beta
(roles/developerconnect.oauthUser)
Grants read and write access to User resources, and read access to AccountConnectors.
|
developerconnect.accountConnectors.get
developerconnect.accountConnectors.list
developerconnect.locations.*
developerconnect.locations.getdeveloperconnect.locations.list
developerconnect.operations.get
developerconnect.operations.list
developerconnect.users.deleteSelf
developerconnect.users.fetchAccessToken
developerconnect.users.finishOAuth
developerconnect.users.getSelf
developerconnect.users.startOAuth
resourcemanager.projects.get
resourcemanager.projects.list
|
Developer Connect Read Token Accessor
Beta
(roles/developerconnect.readTokenAccessor)
Grants access to Read-Only tokens (both PAT and short-lived). Also grants access to view the git repository link.
|
developerconnect.connections.get
developerconnect.gitRepositoryLinks.fetchReadToken
developerconnect.gitRepositoryLinks.get
|
Developer Connect Token Accessor
Beta
(roles/developerconnect.tokenAccessor)
Grants access to Read/Write and Read-Only tokens (both PAT and short-lived). Also grants access to view the git repository link.
|
developerconnect.connections.get
developerconnect.gitRepositoryLinks.fetchReadToken
developerconnect.gitRepositoryLinks.fetchReadWriteToken
developerconnect.gitRepositoryLinks.get
|
Developer Connect User
Beta
(roles/developerconnect.user)
Grants access to view the connection and to the features that interact with the actual repository such as reading content from the repository
|
developerconnect.connections.fetchGitHubInstallations
developerconnect.connections.fetchLinkableGitRepositories
developerconnect.connections.get
developerconnect.connections.list
developerconnect.gitRepositoryLinks.fetchGitRefs
developerconnect.gitRepositoryLinks.get
developerconnect.gitRepositoryLinks.list
developerconnect.locations.*
developerconnect.locations.getdeveloperconnect.locations.list
developerconnect.operations.get
developerconnect.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Service agent roles
Service agent roles should only be granted to service agents.
| Role |
Permissions |
Developer Connect Service Agent
(roles/developerconnect.serviceAgent)
Gives the Developer Connect API Service Account access to necessary GCP resources.
|
apphub.applications.get
apphub.services.get
apphub.services.list
apphub.workloads.get
apphub.workloads.list
developerconnect.operations.get
|
Developer Connect 服务帐号
Developer Connect 在与其他服务通信时,会使用 服务代理代表您执行任务。当您首次与 Developer
Connect 互动(创建代码库连接或账号连接器)时,系统会自动创建此服务代理。
Developer Connect
服务代理的标识符如下所示,其中 PROJECT_NUMBER 是您的 Google Cloud
项目编号。
service-PROJECT_NUMBER@gcp-sa-devconnect.iam.gserviceaccount.com
您可以使用此标识符来授予或修改 IAM 角色和权限。
如需了解授予角色的具体步骤,请参阅
授予、更改和撤消对资源的访问权限。
后续步骤
如未另行说明,那么本页面中的内容已根据知识共享署名 4.0 许可获得了许可,并且代码示例已根据 Apache 2.0 许可获得了许可。有关详情,请参阅 Google 开发者网站政策。Java 是 Oracle 和/或其关联公司的注册商标。
最后更新时间 (UTC):2026-06-09。
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2026-06-09。"],[],[]]
