Autorizzazioni bloccate dai criteri di Principal Access Boundary

Quando le entità tentano di accedere a una risorsa a cui non possono accedere, le policy di Principal Access Boundary impediscono loro di utilizzare alcune, ma non tutte, le autorizzazioni IAM (Identity and Access Management) per accedere alla risorsa.

Se una policy di Principal Access Boundary blocca un'autorizzazione, IAM applica le policy di Principal Access Boundary per questa autorizzazione. In altre parole, impedisce a qualsiasi entità non idonea ad accedere a una risorsa di utilizzare questa autorizzazione per accedere alla risorsa.

Se una policy di Principal Access Boundary non blocca un'autorizzazione, le policy di Principal Access Boundary non influiscono sulla possibilità delle entità di utilizzare l'autorizzazione.

Periodicamente, IAM aggiunge nuove versioni dell'applicazione dei limiti di accesso all'entità che possono bloccare autorizzazioni aggiuntive. Ogni nuova versione può anche bloccare tutte le autorizzazioni della versione precedente.

Questa pagina elenca le autorizzazioni che ogni versione di applicazione può bloccare.

Per scoprire di più sui numeri di versione delle policy di Principal Access Boundary, consulta la panoramica delle policy di Principal Access Boundary.

Versione di applicazione predefinita

La versione di applicazione predefinita viene utilizzata per le seguenti policy di Principal Access Boundary:

Nuove policy che non specificano un numero di versione
Policy che utilizzano il valore latest per la versione

La versione di applicazione predefinita attuale è la versione 3.

Versione di applicazione `4`

I criteri con la versione di applicazione 4 possono bloccare tutte le autorizzazioni elencate nelle seguenti versioni di applicazione:

Versione di applicazione 1
Versione di applicazione 2
Versione di applicazione 3

Inoltre, i criteri con la versione di applicazione 4 possono bloccare anche tutte le autorizzazioni elencate nella tabella seguente.

Ogni riga contiene le seguenti informazioni:

Il nome di un servizio con autorizzazioni che le policy di Principal Access Boundary possono bloccare.
Le autorizzazioni per il servizio che le policy di Principal Access Boundary possono bloccare.

In alcuni casi, una sezione del nome di un'autorizzazione viene sostituita con un carattere jolly (*). Questo formato indica che le policy di Principal Access Boundary possono bloccare tutte le autorizzazioni che corrispondono a questo pattern.

Servizio	Autorizzazioni	Eccezioni
BigQuery sharing	`analyticshub.googleapis.com/dataExchanges.*`	Nessuno
BigQuery	`bigquery.googleapis.com/capacityCommitments.` `bigquery.googleapis.com/datasources.` `bigquery.googleapis.com/readsessions.` `bigquery.googleapis.com/reservations.` `bigquery.googleapis.com/transfers.*`	Nessuno
Cloud Deploy	`clouddeploy.googleapis.com/.`	Nessuno
Filestore	`file.googleapis.com/.`	Nessuno
Network Connectivity Center	`networkconnectivity.googleapis.com/groups.` `networkconnectivity.googleapis.com/hubRouteTables.` `networkconnectivity.googleapis.com/hubRoutes.` `networkconnectivity.googleapis.com/hubs.` `networkconnectivity.googleapis.com/internalRanges.` `networkconnectivity.googleapis.com/policyBasedRoutes.` `networkconnectivity.googleapis.com/regionalEndpoints.` `networkconnectivity.googleapis.com/spokes.`	Nessuno
Certificate Authority Service	`privateca.googleapis.com/.`	Nessuno
Identity and Access Management	`iam.googleapis.com/oauthClientCredentials.` `iam.googleapis.com/oauthClients.` `iam.googleapis.com/workforcePoolProviderKeys.` `iam.googleapis.com/workforcePoolProviders.` `iam.googleapis.com/workforcePoolSubjects.` `iam.googleapis.com/workforcePools.` `iam.googleapis.com/workloadIdentityPoolNamespaces.` `iam.googleapis.com/workloadIdentityPoolProviderKeys.` `iam.googleapis.com/workloadIdentityPoolProviders.` `iam.googleapis.com/workloadIdentityPools.`	`iam.googleapis.com/.createPolicyBinding` `iam.googleapis.com/.deletePolicyBinding` `iam.googleapis.com/.searchPolicyBindings` `iam.googleapis.com/.updatePolicyBinding`
Live streaming	`livestream.googleapis.com/.`	Nessuno
Document AI	`documentai.googleapis.com/.`	Nessuno
API Security Center Management	`securitycentermanagement.googleapis.com/.`	Nessuno
Web Security Scanner	`cloudsecurityscanner.googleapis.com/.`	Nessuno
Security Command Center	`securitycenter.googleapis.com/.`	Nessuno
Quote di Cloud	`cloudquotas.googleapis.com/.`	Nessuno
Motore per suggerimenti	`recommender.googleapis.com/.`	Nessuno
AlloyDB per PostgreSQL	`alloydb.googleapis.com/.`	`alloydb.googleapis.com/databases.*`
App Hub	`apphub.googleapis.com/.`	Nessuno
Integrazioni cloud	`integrations.googleapis.com/.`	`integrations.googleapis.com/apigeeauthconfigs.` `integrations.googleapis.com/apigeecertificates.` `integrations.googleapis.com/apigeeintegrations.` `integrations.googleapis.com/apigeeintegrationvers.` `integrations.googleapis.com/apigeeproducts.` `integrations.googleapis.com/apigeesfdcchannels.` `integrations.googleapis.com/apigeesfdcinstances.` `integrations.googleapis.com/apigeesuspensions.` `integrations.googleapis.com/integrations.deploy` `integrations.googleapis.com/integrations.update` `integrations.googleapis.com/locations.` `integrations.googleapis.com/securityauthconfigs.` `integrations.googleapis.com/securityexecutions.` `integrations.googleapis.com/securityintegrations.` `integrations.googleapis.com/securityintegrationvers.delete` `integrations.googleapis.com/securityintegrationvers.deploy` `integrations.googleapis.com/securityintegrationvers.list` `integrations.googleapis.com/securityintegtemps.` `integrations.googleapis.com/securityproducts.` `integrations.googleapis.com/sfdcchannels.create` `integrations.googleapis.com/sfdcchannels.list` `integrations.googleapis.com/workflows.*`
Backup per GKE	`gkebackup.googleapis.com/.`	Nessuno
Cloud Composer	`composer.googleapis.com/.`	Nessuno
Cloud Data Fusion	`datafusion.googleapis.com/instances.` `datafusion.googleapis.com/locations.` `datafusion.googleapis.com/namespaces.getIamPolicy` `datafusion.googleapis.com/namespaces.list` `datafusion.googleapis.com/namespaces.setIamPolicy` `datafusion.googleapis.com/operations.*`	Nessuno
Cloud Key Management Service	`cloudkms.googleapis.com/.`	`cloudkms.googleapis.com/locations.get` `cloudkms.googleapis.com/locations.list`
Firebase Storage	`firebasestorage.googleapis.com/.`	Nessuno
Traduzione	`cloudtranslate.googleapis.com/.`	`cloudtranslate.googleapis.com/custommodels.` `cloudtranslate.googleapis.com/translationmemories.`
Cloud Workstations	`workstations.googleapis.com/.`	Nessuno
Confidential Computing	`confidentialcomputing.googleapis.com/.`	Nessuno
Google Cloud Contact Center as a Service	`contactcenteraiplatform.googleapis.com/.`	Nessuno
Database Migration Service	`datamigration.googleapis.com/.`	`datamigration.googleapis.com/mappingrules.*`
Dataform	`dataform.googleapis.com/.`	`dataform.googleapis.com/comments.` `dataform.googleapis.com/commentsnested.` `dataform.googleapis.com/commentthreads.` `dataform.googleapis.com/commentthreadsnested.`
Datastream	`datastream.googleapis.com/.`	Nessuno
API Cloud Config Manager	`config.googleapis.com/.`	Nessuno
Parallelstore	`parallelstore.googleapis.com/.`	Nessuno
Policy Simulator	`policysimulator.googleapis.com/.`	Nessuno
Secret Manager	`secretmanager.googleapis.com/.`	Nessuno
Accesso VPC serverless	`vpcaccess.googleapis.com/.`	Nessuno
Utilizzo dei servizi	`serviceusage.googleapis.com/.`	Nessuno
Cloud Asset Inventory	`cloudasset.googleapis.com/.`	Nessuno
API Metadata di Kubernetes	`kubernetesmetadata.googleapis.com/.`	Nessuno
Gestione del servizio	`servicemanagement.googleapis.com/consumers.getIamPolicy` `servicemanagement.googleapis.com/consumers.setIamPolicy` `servicemanagement.googleapis.com/services.create` `servicemanagement.googleapis.com/services.delete` `servicemanagement.googleapis.com/services.get` `servicemanagement.googleapis.com/services.getIamPolicy` `servicemanagement.googleapis.com/services.list` `servicemanagement.googleapis.com/services.setIamPolicy` `servicemanagement.googleapis.com/services.update`	Nessuno
Backup e ripristino di emergenza	`backupdr.googleapis.com/backupPlanAssociations.create` `backupdr.googleapis.com/backupPlanAssociations.createForAlloydbCluster` `backupdr.googleapis.com/backupPlanAssociations.createForCloudSqlInstance` `backupdr.googleapis.com/backupPlanAssociations.createForComputeDisk` `backupdr.googleapis.com/backupPlanAssociations.createForComputeInstance` `backupdr.googleapis.com/backupPlanAssociations.deleteForAlloydbCluster` `backupdr.googleapis.com/backupPlanAssociations.deleteForCloudSqlInstance` `backupdr.googleapis.com/backupPlanAssociations.deleteForComputeDisk` `backupdr.googleapis.com/backupPlanAssociations.deleteForComputeInstance` `backupdr.googleapis.com/backupPlanAssociations.fetchForAlloydbCluster` `backupdr.googleapis.com/backupPlanAssociations.fetchForCloudSqlInstance` `backupdr.googleapis.com/backupPlanAssociations.fetchForComputeDisk` `backupdr.googleapis.com/backupPlanAssociations.fetchForComputeInstance` `backupdr.googleapis.com/backupPlanAssociations.getForAlloydbCluster` `backupdr.googleapis.com/backupPlanAssociations.getForCloudSqlInstance` `backupdr.googleapis.com/backupPlanAssociations.getForComputeDisk` `backupdr.googleapis.com/backupPlanAssociations.getForComputeInstance` `backupdr.googleapis.com/backupPlanAssociations.list` `backupdr.googleapis.com/backupPlanRevisions.` `backupdr.googleapis.com/backupPlans.` `backupdr.googleapis.com/backupVaults.` `backupdr.googleapis.com/bvbackups.` `backupdr.googleapis.com/bvdataSources.abandonBackup` `backupdr.googleapis.com/bvdataSources.fetchAccessToken` `backupdr.googleapis.com/bvdataSources.finalizeBackup` `backupdr.googleapis.com/bvdataSources.get` `backupdr.googleapis.com/bvdataSources.initiateBackup` `backupdr.googleapis.com/bvdataSources.list` `backupdr.googleapis.com/bvdataSources.remove` `backupdr.googleapis.com/bvdataSources.setInternalStatus` `backupdr.googleapis.com/bvdataSources.update` `backupdr.googleapis.com/compute.` `backupdr.googleapis.com/dataSourceReferences.fetchForAlloydbCluster` `backupdr.googleapis.com/dataSourceReferences.fetchForCloudSqlInstance` `backupdr.googleapis.com/dataSourceReferences.fetchForFilestoreInstance` `backupdr.googleapis.com/dataSourceReferences.list` `backupdr.googleapis.com/locations.` `backupdr.googleapis.com/managementServers.create` `backupdr.googleapis.com/managementServers.createConnection` `backupdr.googleapis.com/managementServers.delete` `backupdr.googleapis.com/managementServers.get` `backupdr.googleapis.com/managementServers.getIamPolicy` `backupdr.googleapis.com/managementServers.list` `backupdr.googleapis.com/managementServers.setIamPolicy` `backupdr.googleapis.com/managementServers.update` `backupdr.googleapis.com/operations.` `backupdr.googleapis.com/serviceConfig.`	`backupdr.googleapis.com/bvbackups.useReadOnlyForAlloydbCluster` `backupdr.googleapis.com/bvbackups.useReadOnlyForCloudSqlInstance` `backupdr.googleapis.com/bvbackups.useReadOnlyForFilestoreInstance`
Sensitive Data Protection	`dlp.googleapis.com/charts.` `dlp.googleapis.com/columnDataProfiles.` `dlp.googleapis.com/connections.` `dlp.googleapis.com/deidentifyTemplates.` `dlp.googleapis.com/estimates.` `dlp.googleapis.com/fileStoreProfiles.` `dlp.googleapis.com/inspecttemplates.` `dlp.googleapis.com/jobTriggers.` `dlp.googleapis.com/jobs.` `dlp.googleapis.com/projectDataProfiles.` `dlp.googleapis.com/storedInfoTypes.` `dlp.googleapis.com/subscriptions.` `dlp.googleapis.com/tableDataProfiles.*`	Nessuno
Secure Source Manager	`securesourcemanager.googleapis.com/branchRules.` `securesourcemanager.googleapis.com/hooks.` `securesourcemanager.googleapis.com/instances.access` `securesourcemanager.googleapis.com/instances.create` `securesourcemanager.googleapis.com/instances.delete` `securesourcemanager.googleapis.com/instances.get` `securesourcemanager.googleapis.com/instances.getIamPolicy` `securesourcemanager.googleapis.com/instances.linkDeveloperConnect` `securesourcemanager.googleapis.com/instances.list` `securesourcemanager.googleapis.com/instances.setIamPolicy` `securesourcemanager.googleapis.com/issuecomments.` `securesourcemanager.googleapis.com/issues.` `securesourcemanager.googleapis.com/locations.` `securesourcemanager.googleapis.com/operations.` `securesourcemanager.googleapis.com/prcomments.` `securesourcemanager.googleapis.com/pullRequests.` `securesourcemanager.googleapis.com/repositories.create` `securesourcemanager.googleapis.com/repositories.delete` `securesourcemanager.googleapis.com/repositories.fetch` `securesourcemanager.googleapis.com/repositories.get` `securesourcemanager.googleapis.com/repositories.getIamPolicy` `securesourcemanager.googleapis.com/repositories.list` `securesourcemanager.googleapis.com/repositories.setIamPolicy` `securesourcemanager.googleapis.com/repositories.update`	Nessuno
Connettori	`connectors.googleapis.com/.`	`connectors.googleapis.com/connections.executeSqlQuery` `connectors.googleapis.com/connections.generateOpenAPISpec` `connectors.googleapis.com/connections.listenEvent`
Dataproc Metastore	`metastore.googleapis.com/backups.` `metastore.googleapis.com/databases.delete` `metastore.googleapis.com/databases.getIamPolicy` `metastore.googleapis.com/databases.setIamPolicy` `metastore.googleapis.com/databases.update` `metastore.googleapis.com/federations.` `metastore.googleapis.com/imports.` `metastore.googleapis.com/locations.` `metastore.googleapis.com/operations.` `metastore.googleapis.com/services.` `metastore.googleapis.com/tables.delete` `metastore.googleapis.com/tables.getIamPolicy` `metastore.googleapis.com/tables.setIamPolicy` `metastore.googleapis.com/tables.update`	`metastore.googleapis.com/federations.use` `metastore.googleapis.com/services.use`

Versione di applicazione `3`

I criteri con la versione di applicazione 3 possono bloccare tutte le autorizzazioni elencate nelle seguenti versioni di applicazione:

Versione di applicazione 1
Versione di applicazione 2

Inoltre, i criteri con la versione di applicazione 3 possono bloccare anche tutte le autorizzazioni elencate nella tabella seguente.

Ogni riga contiene le seguenti informazioni:

Il nome di un servizio con autorizzazioni che le policy di Principal Access Boundary possono bloccare.
Le autorizzazioni per il servizio che le policy di Principal Access Boundary possono bloccare.

In alcuni casi, una sezione del nome di un'autorizzazione viene sostituita con un carattere jolly (*). Questo formato indica che le policy di Principal Access Boundary possono bloccare tutte le autorizzazioni che corrispondono a questo pattern.

Servizio	Autorizzazioni	Eccezioni
Contatti fondamentali	`essentialcontacts.googleapis.com/contacts.*`	Nessuno
Identity and Access Management	`iam.googleapis.com/denypolicies.` `iam.googleapis.com/roles.` `iam.googleapis.com/serviceAccountKeys.` `iam.googleapis.com/serviceAccounts.`	`iam.googleapis.com/serviceAccounts.createTagBinding` `iam.googleapis.com/serviceAccounts.deleteTagBinding` `iam.googleapis.com/serviceAccounts.getCertificateAs` `iam.googleapis.com/serviceAccounts.listEffectiveTags` `iam.googleapis.com/serviceAccounts.listTagBindings`
Managed Service per Apache Spark	`dataproc.googleapis.com/autoscalingPolicies.` `dataproc.googleapis.com/batches.` `dataproc.googleapis.com/clusters.` `dataproc.googleapis.com/jobs.` `dataproc.googleapis.com/operations.` `dataproc.googleapis.com/sessionTemplates.` `dataproc.googleapis.com/sessions.` `dataproc.googleapis.com/workflowTemplates.`	Nessuno
Gestione del servizio	`servicemanagement.googleapis.com/services.check` `servicemanagement.googleapis.com/services.report`	Nessuno
Bigtable	`bigtable.googleapis.com/.`	Nessuno
API Cloud Bigtable Admin	`bigtableadmin.googleapis.com/.`	Nessuno
Cloud SQL	`cloudsql.googleapis.com/.`	Nessuno
Servizi di rete	`networkservices.googleapis.com/endpointPolicies.` `networkservices.googleapis.com/gateways.` `networkservices.googleapis.com/grpcRoutes.` `networkservices.googleapis.com/httpRoutes.` `networkservices.googleapis.com/httpfilters.` `networkservices.googleapis.com/meshes.` `networkservices.googleapis.com/route_views.` `networkservices.googleapis.com/serviceBindings.` `networkservices.googleapis.com/serviceLbPolicies.` `networkservices.googleapis.com/tcpRoutes.` `networkservices.googleapis.com/tlsRoutes.*`	Nessuno
Cloud Service Mesh	`trafficdirector.googleapis.com/.`	Nessuno
API Network Management	`networkmanagement.googleapis.com/.`	Nessuno
Compute Engine	`compute.googleapis.com/addresses.` `compute.googleapis.com/backendBuckets.` `compute.googleapis.com/backendServices.` `compute.googleapis.com/externalVpnGateways.` `compute.googleapis.com/firewallPolicies.` `compute.googleapis.com/firewalls.` `compute.googleapis.com/forwardingRules.` `compute.googleapis.com/globalAddresses.` `compute.googleapis.com/globalForwardingRules.` `compute.googleapis.com/healthChecks.` `compute.googleapis.com/httpHealthChecks.` `compute.googleapis.com/httpsHealthChecks.` `compute.googleapis.com/interconnectAttachments.` `compute.googleapis.com/interconnectLocations.` `compute.googleapis.com/interconnectRemoteLocations.` `compute.googleapis.com/interconnects.` `compute.googleapis.com/networks.` `compute.googleapis.com/packetMirrorings.` `compute.googleapis.com/publicAdvertisedPrefixes.` `compute.googleapis.com/publicDelegatedPrefixes.` `compute.googleapis.com/regionBackendServices.` `compute.googleapis.com/regionFirewallPolicies.` `compute.googleapis.com/regionHealthChecks.` `compute.googleapis.com/regionSslPolicies.` `compute.googleapis.com/regionTargetHttpProxies.` `compute.googleapis.com/regionTargetTcpProxies.` `compute.googleapis.com/regionUrlMaps.` `compute.googleapis.com/routes.` `compute.googleapis.com/sslPolicies.` `compute.googleapis.com/subnetworks.` `compute.googleapis.com/targetGrpcProxies.` `compute.googleapis.com/targetHttpProxies.` `compute.googleapis.com/targetHttpsProxies.` `compute.googleapis.com/targetInstances.` `compute.googleapis.com/targetPools.` `compute.googleapis.com/targetSslProxies.` `compute.googleapis.com/targetTcpProxies.` `compute.googleapis.com/targetVpnGateways.` `compute.googleapis.com/urlMaps.` `compute.googleapis.com/vpnGateways.`	Nessuno
Artifact Registry	`artifactregistry.googleapis.com/.`	Nessuno
Pub/Sub	`pubsub.googleapis.com/.`	Nessuno
Workflow	`workflows.googleapis.com/.`	Nessuno
Google Distributed Cloud	`gkeonprem.googleapis.com/.`	Nessuno
Chiavi API	`apikeys.googleapis.com/apikeys.` Nota:nell'API IAM v1, queste autorizzazioni sono denominate `serviceusage.apiKeys.`. `apikeys.googleapis.com/keys.*`	Nessuno
Cloud DNS	`dns.googleapis.com/.`	Nessuno
Firestore	`datastore.googleapis.com/backupSchedules.` `datastore.googleapis.com/backups.delete` `datastore.googleapis.com/backups.get` `datastore.googleapis.com/backups.list` `datastore.googleapis.com/databases.` `datastore.googleapis.com/entities.` `datastore.googleapis.com/indexes.` `datastore.googleapis.com/locations.` `datastore.googleapis.com/operations.` `datastore.googleapis.com/userCreds.*`	Nessuno
Cloud Key Management Service	`cloudkms.googleapis.com/autokeyConfigs.` `cloudkms.googleapis.com/cryptoKeyVersions.create` `cloudkms.googleapis.com/cryptoKeyVersions.destroy` `cloudkms.googleapis.com/cryptoKeyVersions.get` `cloudkms.googleapis.com/cryptoKeyVersions.list` `cloudkms.googleapis.com/cryptoKeyVersions.restore` `cloudkms.googleapis.com/cryptoKeyVersions.update` `cloudkms.googleapis.com/cryptoKeyVersions.useToDecrypt` `cloudkms.googleapis.com/cryptoKeyVersions.useToEncrypt` `cloudkms.googleapis.com/cryptoKeyVersions.useToSign` `cloudkms.googleapis.com/cryptoKeyVersions.useToVerify` `cloudkms.googleapis.com/cryptoKeyVersions.viewPublicKey` `cloudkms.googleapis.com/ekmConfigs.` `cloudkms.googleapis.com/importJobs.` `cloudkms.googleapis.com/keyHandles.` `cloudkms.googleapis.com/keyRings.*`	`cloudkms.googleapis.com/importJobs.useToImport`
Servizio Policy dell'organizzazione	`orgpolicy.googleapis.com/.`	Nessuno
Dataplex Universal Catalog	`dataplex.googleapis.com/aspectTypes.` `dataplex.googleapis.com/datascans.` `dataplex.googleapis.com/entries.` `dataplex.googleapis.com/entryGroups.create` `dataplex.googleapis.com/entryGroups.delete` `dataplex.googleapis.com/entryGroups.get` `dataplex.googleapis.com/entryGroups.getIamPolicy` `dataplex.googleapis.com/entryGroups.import` `dataplex.googleapis.com/entryGroups.list` `dataplex.googleapis.com/entryGroups.setIamPolicy` `dataplex.googleapis.com/entryGroups.update` `dataplex.googleapis.com/entryGroups.useContactsAspect` `dataplex.googleapis.com/entryGroups.useGenericAspect` `dataplex.googleapis.com/entryGroups.useGenericEntry` `dataplex.googleapis.com/entryGroups.useOverviewAspect` `dataplex.googleapis.com/entryGroups.useSchemaAspect` `dataplex.googleapis.com/entryTypes.` `dataplex.googleapis.com/metadataJobs.*`	Nessuno
API Data Lineage	`datalineage.googleapis.com/events.` `datalineage.googleapis.com/locations.` `datalineage.googleapis.com/operations.` `datalineage.googleapis.com/processes.` `datalineage.googleapis.com/runs.*`	Nessuno
GKE Hub	`gkehub.googleapis.com/fleets.*`	Nessuno
Cloud Run Functions	`cloudfunctions.googleapis.com/.`	Nessuno
Spanner	`spanner.googleapis.com/.`	Nessuno
Google Kubernetes Engine	`container.googleapis.com/.`	Nessuno

Versione di applicazione `2`

I criteri con la versione di applicazione 2 possono bloccare tutte le autorizzazioni elencate in Versione di applicazione 1. Inoltre, i criteri con la versione di applicazione 2 possono bloccare anche tutte le autorizzazioni elencate nella tabella seguente.

Ogni riga contiene le seguenti informazioni:

Il nome di un servizio con autorizzazioni che le policy di Principal Access Boundary possono bloccare.
Le autorizzazioni per il servizio che le policy di Principal Access Boundary possono bloccare.

In alcuni casi, una sezione del nome di un'autorizzazione viene sostituita con un carattere jolly (*). Questo formato indica che le policy di Principal Access Boundary possono bloccare tutte le autorizzazioni che corrispondono a questo pattern.

Servizio	Autorizzazioni	Eccezioni
Gestore contesto accesso	`accesscontextmanager.googleapis.com/*`	Nessuno
Artifact Analysis	`containeranalysis.googleapis.com/*`	Nessuno
BigQuery	`bigquery.googleapis.com/rowAccessPolicies.` `bigquery.googleapis.com/datasets.` `bigquery.googleapis.com/jobs.` `bigquery.googleapis.com/models.` `bigquery.googleapis.com/routines.` `bigquery.googleapis.com/tables.`	Nessuno
Policy dei dati BigQuery	`bigquerydatapolicy.googleapis.com/*`	Nessuno
BigQuery Data Transfer Service	`bigquerydatatransfer.googleapis.com/transfers.*`	Nessuno
Chrome Enterprise Premium	`beyondcorp.googleapis.com/*`	Nessuno
Cloud Asset Inventory	`cloudasset.googleapis.com/*`	Nessuno
Cloud Billing	`billing.googleapis.com/budgets.*`	Nessuno
Cloud Build	`cloudbuild.googleapis.com/*`	Nessuno
Cloud Monitoring	`monitoring.googleapis.com/*`	`monitoring.googleapis.com/metricsScopes.link` `monitoring.googleapis.com/timeSeries.list`
Cloud Service Mesh	`meshconfig.googleapis.com/*`	Nessuno
Cloud Storage	`storage.googleapis.com/bucketOperations.` `storage.googleapis.com/buckets.` `storage.googleapis.com/managedFolders.` `storage.googleapis.com/multipartUploads.` `storage.googleapis.com/folders.` `storage.googleapis.com/hmacKeys.` `storage.googleapis.com/objects.*`	Nessuno
Cloud Trace	`cloudtrace.googleapis.com/*`	Nessuno
Compute Engine	`compute.googleapis.com/networkAttachments.` `compute.googleapis.com/networkEdgeSecurityServices.` `compute.googleapis.com/regionSecurityPolicies.` `compute.googleapis.com/securityPolicies.` `compute.googleapis.com/serviceAttachments.` `compute.googleapis.com/routers.`	Nessuno
Regole di sicurezza Firebase	`firebaserules.googleapis.com/*`	Nessuno
GKE Multi-cloud	`gkemulticloud.googleapis.com/*`	Nessuno
Identity-Aware Proxy	`iap.googleapis.com/*`	Nessuno
Memorystore for Redis	`redis.googleapis.com/*`	Nessuno
API Network Management	`networkmanagement.googleapis.com/*`	Nessuno
Servizi di rete	`networkservices.googleapis.com/edgeCacheKeysets.` `networkservices.googleapis.com/edgeCacheOrigins.` `networkservices.googleapis.com/edgeCacheServices.*`	Nessuno
reCAPTCHA	`recaptchaenterprise.googleapis.com/*`	Nessuno
Resource Manager	`cloudresourcemanager.googleapis.com/*`	`cloudresourcemanager.googleapis.com/.createPolicyBinding` `cloudresourcemanager.googleapis.com/.deletePolicyBinding` `cloudresourcemanager.googleapis.com/.searchPolicyBindings` `cloudresourcemanager.googleapis.com/.updatePolicyBinding`
API Video Stitcher	`videostitcher.googleapis.com/*`	Nessuno

Versione di applicazione `1`

La tabella seguente elenca le autorizzazioni che le policy di Principal Access Boundary con la versione di applicazione 1 possono bloccare.

Ogni riga contiene le seguenti informazioni:

Il nome di un servizio con autorizzazioni che le policy di Principal Access Boundary possono bloccare.
Le autorizzazioni per il servizio che le policy di Principal Access Boundary possono bloccare.

In alcuni casi, una sezione del nome di un'autorizzazione viene sostituita con un carattere jolly (*). Questo formato indica che le policy di Principal Access Boundary possono bloccare tutte le autorizzazioni che corrispondono a questo pattern.
Le autorizzazioni per il servizio che il Principal Access Boundary non può bloccare, anche se corrispondono a uno dei pattern di autorizzazione supportati.

Servizio	Autorizzazioni	Eccezioni
Approvazione accesso	`accessapproval.googleapis.com/requests.list` `accessapproval.googleapis.com/serviceaccounts.get` `accessapproval.googleapis.com/settings.*`	Nessuno
Gestore contesto accesso	`accesscontextmanager.googleapis.com/*`	`accesscontextmanager.googleapis.com/gcpUserAccessBindings.*`
BigQuery	`bigquery.googleapis.com/datasets.create` `bigquery.googleapis.com/datasets.delete` `bigquery.googleapis.com/datasets.get` `bigquery.googleapis.com/datasets.setIamPolicy` `bigquery.googleapis.com/datasets.update` `bigquery.googleapis.com/jobs.create` `bigquery.googleapis.com/jobs.delete` `bigquery.googleapis.com/jobs.list` `bigquery.googleapis.com/jobs.get` `bigquery.googleapis.com/models.create` `bigquery.googleapis.com/models.delete` `bigquery.googleapis.com/models.list` `bigquery.googleapis.com/models.updateMetadata` `bigquery.googleapis.com/routines.create` `bigquery.googleapis.com/routines.delete` `bigquery.googleapis.com/routines.list` `bigquery.googleapis.com/routines.update`	Nessuno
Autorizzazione binaria	`binaryauthorization.googleapis.com/*`	Nessuno
Cloud Logging	`logging.googleapis.com/logEntries.create` `logging.googleapis.com/logMetrics.*`	Nessuno
Cloud Run	`run.googleapis.com/authorizeddomains.` `run.googleapis.com/configurations.get` `run.googleapis.com/configurations.list` `run.googleapis.com/domainmappings.` `run.googleapis.com/services.create` `run.googleapis.com/services.delete` `run.googleapis.com/services.get` `run.googleapis.com/services.list` `run.googleapis.com/services.update` `run.googleapis.com/executions.` `run.googleapis.com/jobs.create` `run.googleapis.com/jobs.delete` `run.googleapis.com/jobs.get` `run.googleapis.com/jobs.list` `run.googleapis.com/jobs.run` `run.googleapis.com/revisions.` `run.googleapis.com/routes.get` `run.googleapis.com/routes.list` `run.googleapis.com/tasks.*`	Nessuno
Cloud Storage	`storage.googleapis.com/buckets.get` `storage.googleapis.com/buckets.getIamPolicy` `storage.googleapis.com/buckets.list` `storage.googleapis.com/buckets.setIamPolicy` `storage.googleapis.com/buckets.update` `storage.googleapis.com/hmacKeys.update` `storage.googleapis.com/objects.delete` `storage.googleapis.com/objects.get` `storage.googleapis.com/objects.setRetention`	Nessuno
Dataflow	`dataflow.googleapis.com/messages.list` `dataflow.googleapis.com/metrics.get` `dataflow.googleapis.com/snapshots.list` `dataflow.googleapis.com/workItems.` `dataflow.googleapis.com/jobs.`	`dataflow.googleapis.com/jobs.snapshot`
Firestore	`datastore.googleapis.com/databases.create` `datastore.googleapis.com/databases.delete` `datastore.googleapis.com/databases.get` `datastore.googleapis.com/databases.getMetadata` `datastore.googleapis.com/databases.list`	Nessuno
Regole di sicurezza Firebase	`firebaserules.googleapis.com/*`	Nessuno
GKE Hub	`gkehub.googleapis.com/membershipbindings.` `gkehub.googleapis.com/rbacrolebindings.` `gkehub.googleapis.com/features.` `gkehub.googleapis.com/fleet.create` `gkehub.googleapis.com/fleet.get` `gkehub.googleapis.com/fleet.patch` `gkehub.googleapis.com/locations.` `gkehub.googleapis.com/memberships.` `gkehub.googleapis.com/scopes.`	`gkehub.googleapis.com/.createTagBinding` `gkehub.googleapis.com/.deleteTagBinding` `gkehub.googleapis.com/.listEffectiveTags` `gkehub.googleapis.com/.listTagBindings`
Pub/Sub	`pubsub.googleapis.com/*`	`pubsub.googleapis.com/.getIamPolicy` `pubsub.googleapis.com/.setIamPolicy` `pubsub.googleapis.com/schemas.delete` `pubsub.googleapis.com/schemas.validate` `pubsub.googleapis.com/subscriptions.consume`
Memorystore for Redis	`redis.googleapis.com/instances.create` `redis.googleapis.com/instances.delete` `redis.googleapis.com/instances.failover` `redis.googleapis.com/instances.get` `redis.googleapis.com/instances.getAuthString` `redis.googleapis.com/instances.list` `redis.googleapis.com/instances.update` `redis.googleapis.com/instances.upgrade`	Nessuno
Vertex AI	`aiplatform.googleapis.com/*`	`aiplatform.googleapis.com/operations.*`

Autorizzazioni bloccate dai criteri di Principal Access Boundary Mantieni tutto organizzato con le raccolte Salva e classifica i contenuti in base alle tue preferenze.

Versione di applicazione predefinita

Versione di applicazione 4

Versione di applicazione 3

Versione di applicazione 2

Versione di applicazione 1

Autorizzazioni bloccate dai criteri di Principal Access Boundary

Versione di applicazione `4`

Versione di applicazione `3`

Versione di applicazione `2`

Versione di applicazione `1`