역할 및 권한

이 페이지에는 Google Distributed Cloud connected에 필요한 권한과 권한을 캡슐화하는 Identity and Access Management (IAM) 역할이 나와 있습니다.

Distributed Cloud Edge 컨테이너 API 역할 및 권한

다음 표에는 Distributed Cloud Edge 컨테이너 API의 Google Cloud 프로젝트 역할 과 캡슐화하는 Distributed Cloud connected 권한이 나와 있습니다.

Role Permissions

(roles/edgecontainer.admin)

Full access to Edge Container all resources.

edgecontainer.*

  • edgecontainer.apikeys.create
  • edgecontainer.apikeys.delete
  • edgecontainer.apikeys.get
  • edgecontainer.apikeys.list
  • edgecontainer.clusters.create
  • edgecontainer.clusters.delete
  • edgecontainer.clusters.generateAccessToken
  • edgecontainer.clusters.generateOfflineCredential
  • edgecontainer.clusters.get
  • edgecontainer.clusters.getIamPolicy
  • edgecontainer.clusters.list
  • edgecontainer.clusters.setIamPolicy
  • edgecontainer.clusters.update
  • edgecontainer.clusters.upgrade
  • edgecontainer.identityproviders.create
  • edgecontainer.identityproviders.delete
  • edgecontainer.identityproviders.get
  • edgecontainer.identityproviders.list
  • edgecontainer.locations.get
  • edgecontainer.locations.list
  • edgecontainer.machines.create
  • edgecontainer.machines.delete
  • edgecontainer.machines.get
  • edgecontainer.machines.getIamPolicy
  • edgecontainer.machines.list
  • edgecontainer.machines.setIamPolicy
  • edgecontainer.machines.update
  • edgecontainer.machines.use
  • edgecontainer.nodePools.create
  • edgecontainer.nodePools.delete
  • edgecontainer.nodePools.get
  • edgecontainer.nodePools.getIamPolicy
  • edgecontainer.nodePools.list
  • edgecontainer.nodePools.setIamPolicy
  • edgecontainer.nodePools.update
  • edgecontainer.operations.cancel
  • edgecontainer.operations.delete
  • edgecontainer.operations.get
  • edgecontainer.operations.list
  • edgecontainer.serverconfig.get
  • edgecontainer.serviceaccounts.create
  • edgecontainer.serviceaccounts.delete
  • edgecontainer.serviceaccounts.describekey
  • edgecontainer.serviceaccounts.disablekey
  • edgecontainer.serviceaccounts.generatekey
  • edgecontainer.serviceaccounts.get
  • edgecontainer.serviceaccounts.list
  • edgecontainer.serviceaccounts.listkeys
  • edgecontainer.vpnConnections.create
  • edgecontainer.vpnConnections.delete
  • edgecontainer.vpnConnections.get
  • edgecontainer.vpnConnections.getIamPolicy
  • edgecontainer.vpnConnections.list
  • edgecontainer.vpnConnections.setIamPolicy
  • edgecontainer.vpnConnections.update
  • edgecontainer.zonalProjects.disable
  • edgecontainer.zonalProjects.enable
  • edgecontainer.zonalProjects.get
  • edgecontainer.zonalProjects.list
  • edgecontainer.zonalservices.disable
  • edgecontainer.zonalservices.enable
  • edgecontainer.zonalservices.get
  • edgecontainer.zonalservices.list
  • edgecontainer.zones.get
  • edgecontainer.zones.getZoneIamPolicy
  • edgecontainer.zones.list
  • edgecontainer.zones.listRoles
  • edgecontainer.zones.setZoneIamPolicy

resourcemanager.projects.get

resourcemanager.projects.list

(roles/edgecontainer.editor)

Editor role for edgecontainer

edgecontainer.apikeys.*

  • edgecontainer.apikeys.create
  • edgecontainer.apikeys.delete
  • edgecontainer.apikeys.get
  • edgecontainer.apikeys.list

edgecontainer.clusters.create

edgecontainer.clusters.delete

edgecontainer.clusters.generateAccessToken

edgecontainer.clusters.get

edgecontainer.clusters.getIamPolicy

edgecontainer.clusters.list

edgecontainer.clusters.update

edgecontainer.clusters.upgrade

edgecontainer.identityproviders.*

  • edgecontainer.identityproviders.create
  • edgecontainer.identityproviders.delete
  • edgecontainer.identityproviders.get
  • edgecontainer.identityproviders.list

edgecontainer.locations.*

  • edgecontainer.locations.get
  • edgecontainer.locations.list

edgecontainer.machines.create

edgecontainer.machines.delete

edgecontainer.machines.get

edgecontainer.machines.getIamPolicy

edgecontainer.machines.list

edgecontainer.machines.update

edgecontainer.machines.use

edgecontainer.nodePools.create

edgecontainer.nodePools.delete

edgecontainer.nodePools.get

edgecontainer.nodePools.getIamPolicy

edgecontainer.nodePools.list

edgecontainer.nodePools.update

edgecontainer.operations.*

  • edgecontainer.operations.cancel
  • edgecontainer.operations.delete
  • edgecontainer.operations.get
  • edgecontainer.operations.list

edgecontainer.serverconfig.get

edgecontainer.serviceaccounts.*

  • edgecontainer.serviceaccounts.create
  • edgecontainer.serviceaccounts.delete
  • edgecontainer.serviceaccounts.describekey
  • edgecontainer.serviceaccounts.disablekey
  • edgecontainer.serviceaccounts.generatekey
  • edgecontainer.serviceaccounts.get
  • edgecontainer.serviceaccounts.list
  • edgecontainer.serviceaccounts.listkeys

edgecontainer.vpnConnections.create

edgecontainer.vpnConnections.delete

edgecontainer.vpnConnections.get

edgecontainer.vpnConnections.getIamPolicy

edgecontainer.vpnConnections.list

edgecontainer.vpnConnections.update

edgecontainer.zonalProjects.*

  • edgecontainer.zonalProjects.disable
  • edgecontainer.zonalProjects.enable
  • edgecontainer.zonalProjects.get
  • edgecontainer.zonalProjects.list

edgecontainer.zonalservices.*

  • edgecontainer.zonalservices.disable
  • edgecontainer.zonalservices.enable
  • edgecontainer.zonalservices.get
  • edgecontainer.zonalservices.list

edgecontainer.zones.get

edgecontainer.zones.getZoneIamPolicy

edgecontainer.zones.list

edgecontainer.zones.listRoles

resourcemanager.projects.get

resourcemanager.projects.list

(roles/edgecontainer.viewer)

Read-only access to Edge Container all resources.

edgecontainer.apikeys.get

edgecontainer.apikeys.list

edgecontainer.clusters.generateAccessToken

edgecontainer.clusters.get

edgecontainer.clusters.getIamPolicy

edgecontainer.clusters.list

edgecontainer.identityproviders.get

edgecontainer.identityproviders.list

edgecontainer.locations.*

  • edgecontainer.locations.get
  • edgecontainer.locations.list

edgecontainer.machines.get

edgecontainer.machines.getIamPolicy

edgecontainer.machines.list

edgecontainer.nodePools.get

edgecontainer.nodePools.getIamPolicy

edgecontainer.nodePools.list

edgecontainer.operations.get

edgecontainer.operations.list

edgecontainer.serverconfig.get

edgecontainer.serviceaccounts.describekey

edgecontainer.serviceaccounts.generatekey

edgecontainer.serviceaccounts.get

edgecontainer.serviceaccounts.list

edgecontainer.serviceaccounts.listkeys

edgecontainer.vpnConnections.get

edgecontainer.vpnConnections.getIamPolicy

edgecontainer.vpnConnections.list

edgecontainer.zonalProjects.get

edgecontainer.zonalProjects.list

edgecontainer.zonalservices.get

edgecontainer.zonalservices.list

edgecontainer.zones.get

edgecontainer.zones.getZoneIamPolicy

edgecontainer.zones.list

edgecontainer.zones.listRoles

resourcemanager.projects.get

resourcemanager.projects.list

(roles/edgecontainer.apiKeyAdmin)

Access to manage API Keys.

edgecontainer.apikeys.*

  • edgecontainer.apikeys.create
  • edgecontainer.apikeys.delete
  • edgecontainer.apikeys.get
  • edgecontainer.apikeys.list

edgecontainer.locations.*

  • edgecontainer.locations.get
  • edgecontainer.locations.list

edgecontainer.operations.*

  • edgecontainer.operations.cancel
  • edgecontainer.operations.delete
  • edgecontainer.operations.get
  • edgecontainer.operations.list

(roles/edgecontainer.apiKeyViewer)

Read-only access to API Keys.

edgecontainer.apikeys.get

edgecontainer.apikeys.list

edgecontainer.locations.*

  • edgecontainer.locations.get
  • edgecontainer.locations.list

edgecontainer.operations.get

edgecontainer.operations.list

(roles/edgecontainer.identityProviderAdmin)

Access to manage Identity Providers.

edgecontainer.identityproviders.*

  • edgecontainer.identityproviders.create
  • edgecontainer.identityproviders.delete
  • edgecontainer.identityproviders.get
  • edgecontainer.identityproviders.list

edgecontainer.locations.*

  • edgecontainer.locations.get
  • edgecontainer.locations.list

(roles/edgecontainer.identityProviderViewer)

Read-only access to Identity Providers.

edgecontainer.identityproviders.get

edgecontainer.identityproviders.list

edgecontainer.locations.*

  • edgecontainer.locations.get
  • edgecontainer.locations.list

(roles/edgecontainer.machineUser)

Access to use Edge Container Machine resources.

edgecontainer.machines.get

edgecontainer.machines.getIamPolicy

edgecontainer.machines.list

edgecontainer.machines.use

resourcemanager.projects.get

resourcemanager.projects.list

(roles/edgecontainer.offlineCredentialUser)

Access to get Edge Container cluster offline credentials

edgecontainer.clusters.generateOfflineCredential

resourcemanager.projects.get

resourcemanager.projects.list

(roles/edgecontainer.serviceAccountAdmin)

Access to manage Service Accounts.

edgecontainer.locations.*

  • edgecontainer.locations.get
  • edgecontainer.locations.list

edgecontainer.serviceaccounts.create

edgecontainer.serviceaccounts.delete

edgecontainer.serviceaccounts.get

edgecontainer.serviceaccounts.list

(roles/edgecontainer.serviceAccountKeyAdmin)

Access to manage Service Account Keys.

edgecontainer.serviceaccounts.describekey

edgecontainer.serviceaccounts.disablekey

edgecontainer.serviceaccounts.generatekey

edgecontainer.serviceaccounts.get

edgecontainer.serviceaccounts.list

edgecontainer.serviceaccounts.listkeys

(roles/edgecontainer.serviceAccountKeyViewer)

Access to view Service Account Keys.

edgecontainer.serviceaccounts.describekey

edgecontainer.serviceaccounts.get

edgecontainer.serviceaccounts.list

edgecontainer.serviceaccounts.listkeys

(roles/edgecontainer.serviceAccountViewer)

Read-only access to Service Accounts.

edgecontainer.locations.*

  • edgecontainer.locations.get
  • edgecontainer.locations.list

edgecontainer.serviceaccounts.get

edgecontainer.serviceaccounts.list

(roles/edgecontainer.zonalProjectAdmin)

Access to manage zonal projects.

edgecontainer.locations.*

  • edgecontainer.locations.get
  • edgecontainer.locations.list

edgecontainer.operations.*

  • edgecontainer.operations.cancel
  • edgecontainer.operations.delete
  • edgecontainer.operations.get
  • edgecontainer.operations.list

edgecontainer.zonalProjects.*

  • edgecontainer.zonalProjects.disable
  • edgecontainer.zonalProjects.enable
  • edgecontainer.zonalProjects.get
  • edgecontainer.zonalProjects.list

edgecontainer.zones.get

edgecontainer.zones.list

(roles/edgecontainer.zonalProjectViewer)

Read-only access to zonal projects.

edgecontainer.locations.*

  • edgecontainer.locations.get
  • edgecontainer.locations.list

edgecontainer.operations.get

edgecontainer.operations.list

edgecontainer.zonalProjects.get

edgecontainer.zonalProjects.list

edgecontainer.zones.get

edgecontainer.zones.list

(roles/edgecontainer.zonalServiceAdmin)

Access to mutate zonal service.

edgecontainer.locations.*

  • edgecontainer.locations.get
  • edgecontainer.locations.list

edgecontainer.operations.*

  • edgecontainer.operations.cancel
  • edgecontainer.operations.delete
  • edgecontainer.operations.get
  • edgecontainer.operations.list

edgecontainer.zonalservices.*

  • edgecontainer.zonalservices.disable
  • edgecontainer.zonalservices.enable
  • edgecontainer.zonalservices.get
  • edgecontainer.zonalservices.list

(roles/edgecontainer.zonalServiceViewer)

Read-only access to zonal services.

edgecontainer.locations.*

  • edgecontainer.locations.get
  • edgecontainer.locations.list

edgecontainer.operations.get

edgecontainer.operations.list

edgecontainer.zonalservices.get

edgecontainer.zonalservices.list

(roles/edgecontainer.zoneIamAdmin)

Access to manage Iam Policy in the zone.

edgecontainer.locations.*

  • edgecontainer.locations.get
  • edgecontainer.locations.list

edgecontainer.zones.getZoneIamPolicy

edgecontainer.zones.listRoles

edgecontainer.zones.setZoneIamPolicy

(roles/edgecontainer.zoneIamViewer)

Read-only access to Iam Policy in the zone.

edgecontainer.locations.*

  • edgecontainer.locations.get
  • edgecontainer.locations.list

edgecontainer.zones.getZoneIamPolicy

(roles/edgecontainer.zoneRolesViewer)

Read-only access to Roles in the zone.

edgecontainer.locations.*

  • edgecontainer.locations.get
  • edgecontainer.locations.list

edgecontainer.zones.listRoles

(roles/edgecontainer.zoneViewer)

Read-only access to zones.

edgecontainer.locations.*

  • edgecontainer.locations.get
  • edgecontainer.locations.list

edgecontainer.operations.get

edgecontainer.operations.list

edgecontainer.zones.get

edgecontainer.zones.list

Service agent roles

Service agent roles should only be granted to service agents.

Role Permissions

(roles/edgecontainer.clusterServiceAgent)

Grants the Edge Container Cluster Service Account access to manage resources.

cloudnotifications.activities.list

gkehub.endpoints.connect

gkehub.features.create

gkehub.features.get

gkehub.features.list

gkehub.features.update

gkehub.fleet.create

gkehub.fleet.delete

gkehub.fleet.get

gkehub.locations.*

  • gkehub.locations.get
  • gkehub.locations.list

gkehub.memberships.create

gkehub.memberships.delete

gkehub.memberships.generateConnectManifest

gkehub.memberships.get

gkehub.memberships.list

gkehub.memberships.update

gkehub.operations.*

  • gkehub.operations.cancel
  • gkehub.operations.delete
  • gkehub.operations.get
  • gkehub.operations.list

kubernetesmetadata.*

  • kubernetesmetadata.metadata.config
  • kubernetesmetadata.metadata.publish
  • kubernetesmetadata.metadata.snapshot

logging.logEntries.create

monitoring.alertPolicies.get

monitoring.alertPolicies.list

monitoring.alertPolicies.listEffectiveTags

monitoring.alertPolicies.listTagBindings

monitoring.alerts.*

  • monitoring.alerts.get
  • monitoring.alerts.list

monitoring.dashboards.create

monitoring.dashboards.delete

monitoring.dashboards.get

monitoring.dashboards.list

monitoring.dashboards.listEffectiveTags

monitoring.dashboards.listTagBindings

monitoring.dashboards.update

monitoring.groups.get

monitoring.groups.list

monitoring.metricDescriptors.create

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

  • monitoring.monitoredResourceDescriptors.get
  • monitoring.monitoredResourceDescriptors.list

monitoring.notificationChannelDescriptors.*

  • monitoring.notificationChannelDescriptors.get
  • monitoring.notificationChannelDescriptors.list

monitoring.notificationChannels.get

monitoring.notificationChannels.list

monitoring.services.get

monitoring.services.list

monitoring.slos.get

monitoring.slos.list

monitoring.snoozes.get

monitoring.snoozes.list

monitoring.timeSeries.*

  • monitoring.timeSeries.create
  • monitoring.timeSeries.list

monitoring.uptimeCheckConfigs.get

monitoring.uptimeCheckConfigs.list

opsconfigmonitoring.*

  • opsconfigmonitoring.resourceMetadata.list
  • opsconfigmonitoring.resourceMetadata.write

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.contentsecuritypolicy.get

serviceusage.effectivemcppolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

  • serviceusage.groups.list
  • serviceusage.groups.listExpandedMembers
  • serviceusage.groups.listMembers

serviceusage.mcppolicy.get

serviceusage.operations.get

serviceusage.quotas.get

serviceusage.services.enable

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

stackdriver.projects.get

stackdriver.resourceMetadata.*

  • stackdriver.resourceMetadata.list
  • stackdriver.resourceMetadata.write

storage.buckets.create

storage.buckets.get

storage.buckets.list

storage.buckets.update

storage.objects.create

storage.objects.delete

storage.objects.get

storage.objects.list

storage.objects.update

(roles/edgecontainer.serviceAgent)

Grants the Edge Container Service Account access to manage resources.

compute.externalVpnGateways.create

compute.externalVpnGateways.delete

compute.externalVpnGateways.get

compute.externalVpnGateways.use

compute.globalOperations.get

compute.networks.get

compute.networks.updatePolicy

compute.regionOperations.get

compute.routers.create

compute.routers.delete

compute.routers.get

compute.routers.list

compute.routers.update

compute.routers.use

compute.vpnGateways.create

compute.vpnGateways.delete

compute.vpnGateways.get

compute.vpnGateways.use

compute.vpnTunnels.create

compute.vpnTunnels.delete

compute.vpnTunnels.get

gkehub.features.create

gkehub.features.get

gkehub.features.update

gkehub.memberships.create

gkehub.memberships.delete

gkehub.memberships.generateConnectManifest

gkehub.memberships.get

gkehub.memberships.list

gkehub.memberships.update

gkehub.operations.cancel

gkehub.operations.get

serviceusage.services.get

serviceusage.services.list

Distributed Cloud Edge 네트워크 API 역할 및 권한

다음 표에는 Distributed Cloud Edge 네트워크 API의 Google Cloud 프로젝트 역할 과 캡슐화하는 Distributed Cloud connected 권한이 나와 있습니다.

Role Permissions

(roles/edgenetwork.admin)

Full access to Edge Network all resources.

edgenetwork.*

  • edgenetwork.interconnectAttachments.create
  • edgenetwork.interconnectAttachments.delete
  • edgenetwork.interconnectAttachments.get
  • edgenetwork.interconnectAttachments.getIamPolicy
  • edgenetwork.interconnectAttachments.list
  • edgenetwork.interconnectAttachments.setIamPolicy
  • edgenetwork.interconnectAttachments.update
  • edgenetwork.interconnects.get
  • edgenetwork.interconnects.getDiagnostics
  • edgenetwork.interconnects.getIamPolicy
  • edgenetwork.interconnects.list
  • edgenetwork.interconnects.setIamPolicy
  • edgenetwork.locations.get
  • edgenetwork.locations.list
  • edgenetwork.networks.create
  • edgenetwork.networks.delete
  • edgenetwork.networks.get
  • edgenetwork.networks.getIamPolicy
  • edgenetwork.networks.getStatus
  • edgenetwork.networks.list
  • edgenetwork.networks.setIamPolicy
  • edgenetwork.networks.update
  • edgenetwork.operations.cancel
  • edgenetwork.operations.delete
  • edgenetwork.operations.get
  • edgenetwork.operations.list
  • edgenetwork.routers.create
  • edgenetwork.routers.delete
  • edgenetwork.routers.get
  • edgenetwork.routers.getIamPolicy
  • edgenetwork.routers.getRouterStatus
  • edgenetwork.routers.list
  • edgenetwork.routers.patch
  • edgenetwork.routers.setIamPolicy
  • edgenetwork.routers.update
  • edgenetwork.routes.create
  • edgenetwork.routes.delete
  • edgenetwork.routes.get
  • edgenetwork.routes.list
  • edgenetwork.subnetworks.create
  • edgenetwork.subnetworks.delete
  • edgenetwork.subnetworks.get
  • edgenetwork.subnetworks.getIamPolicy
  • edgenetwork.subnetworks.getStatus
  • edgenetwork.subnetworks.list
  • edgenetwork.subnetworks.setIamPolicy
  • edgenetwork.subnetworks.update
  • edgenetwork.zones.get
  • edgenetwork.zones.initialize
  • edgenetwork.zones.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/edgenetwork.editor)

Editor role for Edge Network

edgenetwork.interconnectAttachments.create

edgenetwork.interconnectAttachments.delete

edgenetwork.interconnectAttachments.get

edgenetwork.interconnectAttachments.getIamPolicy

edgenetwork.interconnectAttachments.list

edgenetwork.interconnectAttachments.update

edgenetwork.interconnects.get

edgenetwork.interconnects.getDiagnostics

edgenetwork.interconnects.getIamPolicy

edgenetwork.interconnects.list

edgenetwork.locations.*

  • edgenetwork.locations.get
  • edgenetwork.locations.list

edgenetwork.networks.create

edgenetwork.networks.delete

edgenetwork.networks.get

edgenetwork.networks.getIamPolicy

edgenetwork.networks.getStatus

edgenetwork.networks.list

edgenetwork.networks.update

edgenetwork.operations.*

  • edgenetwork.operations.cancel
  • edgenetwork.operations.delete
  • edgenetwork.operations.get
  • edgenetwork.operations.list

edgenetwork.routers.create

edgenetwork.routers.delete

edgenetwork.routers.get

edgenetwork.routers.getIamPolicy

edgenetwork.routers.getRouterStatus

edgenetwork.routers.list

edgenetwork.routers.patch

edgenetwork.routers.update

edgenetwork.routes.*

  • edgenetwork.routes.create
  • edgenetwork.routes.delete
  • edgenetwork.routes.get
  • edgenetwork.routes.list

edgenetwork.subnetworks.create

edgenetwork.subnetworks.delete

edgenetwork.subnetworks.get

edgenetwork.subnetworks.getIamPolicy

edgenetwork.subnetworks.getStatus

edgenetwork.subnetworks.list

edgenetwork.subnetworks.update

edgenetwork.zones.*

  • edgenetwork.zones.get
  • edgenetwork.zones.initialize
  • edgenetwork.zones.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/edgenetwork.viewer)

Read-only access to Edge Network all resources.

edgenetwork.interconnectAttachments.get

edgenetwork.interconnectAttachments.getIamPolicy

edgenetwork.interconnectAttachments.list

edgenetwork.interconnects.get

edgenetwork.interconnects.getDiagnostics

edgenetwork.interconnects.getIamPolicy

edgenetwork.interconnects.list

edgenetwork.locations.*

  • edgenetwork.locations.get
  • edgenetwork.locations.list

edgenetwork.networks.get

edgenetwork.networks.getIamPolicy

edgenetwork.networks.getStatus

edgenetwork.networks.list

edgenetwork.operations.get

edgenetwork.operations.list

edgenetwork.routers.get

edgenetwork.routers.getIamPolicy

edgenetwork.routers.getRouterStatus

edgenetwork.routers.list

edgenetwork.routes.get

edgenetwork.routes.list

edgenetwork.subnetworks.get

edgenetwork.subnetworks.getIamPolicy

edgenetwork.subnetworks.getStatus

edgenetwork.subnetworks.list

edgenetwork.zones.get

edgenetwork.zones.list

resourcemanager.projects.get

resourcemanager.projects.list

GDC Hardware Management API 역할 및 권한

다음 표에는 GDC Hardware Management API의 Google Cloud 프로젝트 역할 과 캡슐화하는 Distributed Cloud connected 권한이 나와 있습니다.

Role Permissions

(roles/gdchardwaremanagement.admin)

Full access to GDC Hardware Management resources.

gdchardwaremanagement.*

  • gdchardwaremanagement.changeLogEntries.get
  • gdchardwaremanagement.changeLogEntries.list
  • gdchardwaremanagement.comments.create
  • gdchardwaremanagement.comments.get
  • gdchardwaremanagement.comments.list
  • gdchardwaremanagement.hardware.create
  • gdchardwaremanagement.hardware.delete
  • gdchardwaremanagement.hardware.get
  • gdchardwaremanagement.hardware.list
  • gdchardwaremanagement.hardware.update
  • gdchardwaremanagement.hardwareGroups.create
  • gdchardwaremanagement.hardwareGroups.delete
  • gdchardwaremanagement.hardwareGroups.get
  • gdchardwaremanagement.hardwareGroups.list
  • gdchardwaremanagement.hardwareGroups.update
  • gdchardwaremanagement.locations.get
  • gdchardwaremanagement.locations.list
  • gdchardwaremanagement.operations.cancel
  • gdchardwaremanagement.operations.delete
  • gdchardwaremanagement.operations.get
  • gdchardwaremanagement.operations.list
  • gdchardwaremanagement.orders.create
  • gdchardwaremanagement.orders.delete
  • gdchardwaremanagement.orders.get
  • gdchardwaremanagement.orders.list
  • gdchardwaremanagement.orders.submit
  • gdchardwaremanagement.orders.update
  • gdchardwaremanagement.sites.create
  • gdchardwaremanagement.sites.delete
  • gdchardwaremanagement.sites.get
  • gdchardwaremanagement.sites.list
  • gdchardwaremanagement.sites.update
  • gdchardwaremanagement.skus.get
  • gdchardwaremanagement.skus.list
  • gdchardwaremanagement.zones.create
  • gdchardwaremanagement.zones.delete
  • gdchardwaremanagement.zones.get
  • gdchardwaremanagement.zones.list
  • gdchardwaremanagement.zones.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/gdchardwaremanagement.viewer)

Viewer role for gdchardwaremanagement

gdchardwaremanagement.changeLogEntries.*

  • gdchardwaremanagement.changeLogEntries.get
  • gdchardwaremanagement.changeLogEntries.list

gdchardwaremanagement.comments.get

gdchardwaremanagement.comments.list

gdchardwaremanagement.hardware.get

gdchardwaremanagement.hardware.list

gdchardwaremanagement.hardwareGroups.get

gdchardwaremanagement.hardwareGroups.list

gdchardwaremanagement.locations.*

  • gdchardwaremanagement.locations.get
  • gdchardwaremanagement.locations.list

gdchardwaremanagement.operations.get

gdchardwaremanagement.operations.list

gdchardwaremanagement.orders.get

gdchardwaremanagement.orders.list

gdchardwaremanagement.sites.get

gdchardwaremanagement.sites.list

gdchardwaremanagement.skus.*

  • gdchardwaremanagement.skus.get
  • gdchardwaremanagement.skus.list

gdchardwaremanagement.zones.get

gdchardwaremanagement.zones.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/gdchardwaremanagement.operator)

Create, read, and update access to GDC Hardware Management resources that support those operations. Also grants delete access to HardwareGroup resource.

gdchardwaremanagement.changeLogEntries.*

  • gdchardwaremanagement.changeLogEntries.get
  • gdchardwaremanagement.changeLogEntries.list

gdchardwaremanagement.comments.*

  • gdchardwaremanagement.comments.create
  • gdchardwaremanagement.comments.get
  • gdchardwaremanagement.comments.list

gdchardwaremanagement.hardware.*

  • gdchardwaremanagement.hardware.create
  • gdchardwaremanagement.hardware.delete
  • gdchardwaremanagement.hardware.get
  • gdchardwaremanagement.hardware.list
  • gdchardwaremanagement.hardware.update

gdchardwaremanagement.hardwareGroups.*

  • gdchardwaremanagement.hardwareGroups.create
  • gdchardwaremanagement.hardwareGroups.delete
  • gdchardwaremanagement.hardwareGroups.get
  • gdchardwaremanagement.hardwareGroups.list
  • gdchardwaremanagement.hardwareGroups.update

gdchardwaremanagement.locations.*

  • gdchardwaremanagement.locations.get
  • gdchardwaremanagement.locations.list

gdchardwaremanagement.operations.get

gdchardwaremanagement.operations.list

gdchardwaremanagement.orders.create

gdchardwaremanagement.orders.get

gdchardwaremanagement.orders.list

gdchardwaremanagement.orders.update

gdchardwaremanagement.sites.create

gdchardwaremanagement.sites.get

gdchardwaremanagement.sites.list

gdchardwaremanagement.sites.update

gdchardwaremanagement.skus.*

  • gdchardwaremanagement.skus.get
  • gdchardwaremanagement.skus.list

gdchardwaremanagement.zones.*

  • gdchardwaremanagement.zones.create
  • gdchardwaremanagement.zones.delete
  • gdchardwaremanagement.zones.get
  • gdchardwaremanagement.zones.list
  • gdchardwaremanagement.zones.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/gdchardwaremanagement.reader)

Readonly access to GDC Hardware Management resources.

gdchardwaremanagement.changeLogEntries.*

  • gdchardwaremanagement.changeLogEntries.get
  • gdchardwaremanagement.changeLogEntries.list

gdchardwaremanagement.comments.get

gdchardwaremanagement.comments.list

gdchardwaremanagement.hardware.get

gdchardwaremanagement.hardware.list

gdchardwaremanagement.hardwareGroups.get

gdchardwaremanagement.hardwareGroups.list

gdchardwaremanagement.locations.*

  • gdchardwaremanagement.locations.get
  • gdchardwaremanagement.locations.list

gdchardwaremanagement.operations.get

gdchardwaremanagement.operations.list

gdchardwaremanagement.orders.get

gdchardwaremanagement.orders.list

gdchardwaremanagement.sites.get

gdchardwaremanagement.sites.list

gdchardwaremanagement.skus.*

  • gdchardwaremanagement.skus.get
  • gdchardwaremanagement.skus.list

gdchardwaremanagement.zones.get

gdchardwaremanagement.zones.list

resourcemanager.projects.get

resourcemanager.projects.list

Connect Gateway 역할 및 권한

다음 목록에서는 클러스터에 액세스하기 위해 Connect Gateway에 필요한 Google Cloud 프로젝트 역할을 설명합니다.

  • Connect Gateway 관리자 (roles/gkehub.gatewayAdmin): Connect Gateway API에 대한 액세스 권한을 부여합니다. 이 역할을 사용하면 클러스터를 관리하는 데 kubectl 명령줄 도구를 사용할 수 있습니다.
  • Connect Gateway 편집자 (roles/gkehub.gatewayEditor): 클러스터에 대한 읽기 및 쓰기 액세스 권한을 부여합니다.
  • Connect Gateway 리더 (roles/gkehub.gatewayReader): 클러스터에 대한 읽기 전용 액세스 권한을 부여합니다.
  • GKE Hub 뷰어 (roles/gkehub.viewer): 클러스터에서 kubeconfig 파일을 가져올 수 있는 기능을 부여합니다.

구성 동기화 Fleet 패키지 역할 및 권한

다음 목록에서는 Fleet 패키지를 만들고 관리하는 데 필요한 Google Cloud 프로젝트 역할을 설명합니다.

  • Config Delivery 관리자 (roles/configdelivery.admin): Fleet 패키지 및 출시를 만들고 관리하는 데 필요합니다.
  • Developer Connect 관리자 (roles/developerconnect.admin): 저장소 연결을 만들고 관리하는 데 필요합니다.
  • 프로젝트 IAM 관리자 (roles/resourcemanager.projectIamAdmin): 서비스 계정에 필요한 역할을 부여하는 데 필요합니다.

Fleet 패키지 서비스 계정 역할

  • Config Delivery 리소스 번들 게시자 (roles/configdelivery.resourceBundlePublisher): 서비스 계정에서 리소스 번들 및 출시를 만들고 관리할 수 있습니다.
  • Cloud Build 연결 사용자 (roles/cloudbuild.connectionUser): 서비스 계정에서 Cloud Build 저장소 연결을 사용할 수 있습니다.
  • Logging 로그 작성자 (roles/logging.logWriter): 서비스 계정에서 빌드 로그를 작성할 수 있습니다.
  • Artifact Registry 작성자 (roles/artifactregistry.writer): 서비스 계정에서 버전 관리된 패키지 번들을 Artifact Registry로 푸시할 수 있습니다.
  • Developer Connect 연결 사용자 (roles/developerconnect.connectionUser): 서비스 계정에서 Developer Connect 연결을 사용할 수 있습니다.