Google uses AI technology to translate content into your preferred language. AI translations can contain errors.

Permissões bloqueadas pelas políticas de limite de acesso principal

Quando os principais tentam acessar um recurso a que não têm direito, as políticas de limite de acesso de principal impedem que eles usem algumas, mas não todas, as permissões do Identity and Access Management (IAM) para acessar o recurso.

Se uma política de limite de acesso de principal bloquear uma permissão, o IAM aplicará as políticas de limite de acesso de principal para essa permissão. Em outras palavras, ela impede que principais não qualificados para acessar um recurso usem essa permissão para acessar o recurso.

Se uma política de limite de acesso principal não bloquear uma permissão, ela não terá efeito sobre a possibilidade de os principais usarem a permissão.

Periodicamente, o IAM adiciona novas versões de aplicação de limite de acesso de principal que podem bloquear outras permissões. Cada nova versão também pode bloquear todas as permissões da versão anterior.

Nesta página, você encontra uma lista das permissões que cada versão de aplicação pode bloquear.

Para saber mais sobre os números de versão das políticas de limite de acesso principal, consulte a visão geral das políticas de limite de acesso principal.

Versão de aplicação padrão

A versão de aplicação padrão é usada para as seguintes políticas de limite de acesso de principal:

Novas políticas que não especificam um número de versão
Políticas que usam o valor latest para a versão

A versão padrão atual da aplicação é a 3.

Versão de aplicação `4`

As políticas com a versão de aplicação 4 podem bloquear todas as permissões listadas nas seguintes versões de aplicação:

Versão de aplicação 1
Versão de aplicação 2
Versão de aplicação 3

Além disso, as políticas com a versão de aplicação 4 também podem bloquear todas as permissões listadas na tabela a seguir.

Cada linha contém as seguintes informações:

O nome de um serviço com permissões que as políticas de limite de acesso de principal podem bloquear.
As permissões desse serviço que as políticas de limite de acesso de principal podem bloquear.

Em alguns casos, uma seção de um nome de permissão é substituída por um caractere curinga (*). Esse formato indica que as políticas de limite de acesso de principal podem bloquear todas as permissões que correspondem a esse padrão.

Serviço	Permissões	Exceções
BigQuery Sharing	`analyticshub.googleapis.com/dataExchanges.*`	Nenhum
BigQuery	`bigquery.googleapis.com/capacityCommitments.` `bigquery.googleapis.com/datasources.` `bigquery.googleapis.com/readsessions.` `bigquery.googleapis.com/reservations.` `bigquery.googleapis.com/transfers.*`	Nenhum
Cloud Deploy	`clouddeploy.googleapis.com/.`	Nenhum
Filestore	`file.googleapis.com/.`	Nenhum
Network Connectivity Center	`networkconnectivity.googleapis.com/groups.` `networkconnectivity.googleapis.com/hubRouteTables.` `networkconnectivity.googleapis.com/hubRoutes.` `networkconnectivity.googleapis.com/hubs.` `networkconnectivity.googleapis.com/internalRanges.` `networkconnectivity.googleapis.com/policyBasedRoutes.` `networkconnectivity.googleapis.com/regionalEndpoints.` `networkconnectivity.googleapis.com/spokes.`	Nenhum
Certificate Authority Service	`privateca.googleapis.com/.`	Nenhum
Identity and Access Management	`iam.googleapis.com/oauthClientCredentials.` `iam.googleapis.com/oauthClients.` `iam.googleapis.com/workforcePoolProviderKeys.` `iam.googleapis.com/workforcePoolProviders.` `iam.googleapis.com/workforcePoolSubjects.` `iam.googleapis.com/workforcePools.` `iam.googleapis.com/workloadIdentityPoolNamespaces.` `iam.googleapis.com/workloadIdentityPoolProviderKeys.` `iam.googleapis.com/workloadIdentityPoolProviders.` `iam.googleapis.com/workloadIdentityPools.`	`iam.googleapis.com/.createPolicyBinding` `iam.googleapis.com/.deletePolicyBinding` `iam.googleapis.com/.searchPolicyBindings` `iam.googleapis.com/.updatePolicyBinding`
Transmissão ao vivo	`livestream.googleapis.com/.`	Nenhum
Document AI	`documentai.googleapis.com/.`	Nenhum
API Security Center Management	`securitycentermanagement.googleapis.com/.`	Nenhum
Web Security Scanner	`cloudsecurityscanner.googleapis.com/.`	Nenhum
Security Command Center	`securitycenter.googleapis.com/.`	Nenhum
Cotas do Cloud	`cloudquotas.googleapis.com/.`	Nenhum
Recomendador	`recommender.googleapis.com/.`	Nenhum
AlloyDB para PostgreSQL	`alloydb.googleapis.com/.`	`alloydb.googleapis.com/databases.*`
App Hub	`apphub.googleapis.com/.`	Nenhum
Integrações com a nuvem	`integrations.googleapis.com/.`	`integrations.googleapis.com/apigeeauthconfigs.` `integrations.googleapis.com/apigeecertificates.` `integrations.googleapis.com/apigeeintegrations.` `integrations.googleapis.com/apigeeintegrationvers.` `integrations.googleapis.com/apigeeproducts.` `integrations.googleapis.com/apigeesfdcchannels.` `integrations.googleapis.com/apigeesfdcinstances.` `integrations.googleapis.com/apigeesuspensions.` `integrations.googleapis.com/integrations.deploy` `integrations.googleapis.com/integrations.update` `integrations.googleapis.com/locations.` `integrations.googleapis.com/securityauthconfigs.` `integrations.googleapis.com/securityexecutions.` `integrations.googleapis.com/securityintegrations.` `integrations.googleapis.com/securityintegrationvers.delete` `integrations.googleapis.com/securityintegrationvers.deploy` `integrations.googleapis.com/securityintegrationvers.list` `integrations.googleapis.com/securityintegtemps.` `integrations.googleapis.com/securityproducts.` `integrations.googleapis.com/sfdcchannels.create` `integrations.googleapis.com/sfdcchannels.list` `integrations.googleapis.com/workflows.*`
Backup para GKE	`gkebackup.googleapis.com/.`	Nenhum
Serviço gerenciado para Apache Airflow	`composer.googleapis.com/.`	Nenhum
Cloud Data Fusion	`datafusion.googleapis.com/instances.` `datafusion.googleapis.com/locations.` `datafusion.googleapis.com/namespaces.getIamPolicy` `datafusion.googleapis.com/namespaces.list` `datafusion.googleapis.com/namespaces.setIamPolicy` `datafusion.googleapis.com/operations.*`	Nenhum
Cloud Key Management Service	`cloudkms.googleapis.com/.`	`cloudkms.googleapis.com/locations.get` `cloudkms.googleapis.com/locations.list`
Firebase Storage	`firebasestorage.googleapis.com/.`	Nenhum
Tradução	`cloudtranslate.googleapis.com/.`	`cloudtranslate.googleapis.com/custommodels.` `cloudtranslate.googleapis.com/translationmemories.`
Cloud Workstations	`workstations.googleapis.com/.`	Nenhum
Computação confidencial	`confidentialcomputing.googleapis.com/.`	Nenhum
Central de atendimento como serviço do Google Cloud	`contactcenteraiplatform.googleapis.com/.`	Nenhum
Database Migration Service	`datamigration.googleapis.com/.`	`datamigration.googleapis.com/mappingrules.*`
Dataform	`dataform.googleapis.com/.`	`dataform.googleapis.com/comments.` `dataform.googleapis.com/commentsnested.` `dataform.googleapis.com/commentthreads.` `dataform.googleapis.com/commentthreadsnested.`
Datastream	`datastream.googleapis.com/.`	Nenhum
Infrastructure Manager	`config.googleapis.com/.`	Nenhum
Parallelstore	`parallelstore.googleapis.com/.`	Nenhum
Simulador de política	`policysimulator.googleapis.com/.`	Nenhum
Secret Manager	`secretmanager.googleapis.com/.`	Nenhum
Acesso VPC sem servidor	`vpcaccess.googleapis.com/.`	Nenhum
Service Usage	`serviceusage.googleapis.com/.`	Nenhum
Inventário de recursos do Cloud	`cloudasset.googleapis.com/.`	Nenhum
API Metadata do Kubernetes	`kubernetesmetadata.googleapis.com/.`	Nenhum
Gerenciamento de serviços	`servicemanagement.googleapis.com/consumers.getIamPolicy` `servicemanagement.googleapis.com/consumers.setIamPolicy` `servicemanagement.googleapis.com/services.create` `servicemanagement.googleapis.com/services.delete` `servicemanagement.googleapis.com/services.get` `servicemanagement.googleapis.com/services.getIamPolicy` `servicemanagement.googleapis.com/services.list` `servicemanagement.googleapis.com/services.setIamPolicy` `servicemanagement.googleapis.com/services.update`	Nenhum
Backup e recuperação de desastres	`backupdr.googleapis.com/backupPlanAssociations.create` `backupdr.googleapis.com/backupPlanAssociations.createForAlloydbCluster` `backupdr.googleapis.com/backupPlanAssociations.createForCloudSqlInstance` `backupdr.googleapis.com/backupPlanAssociations.createForComputeDisk` `backupdr.googleapis.com/backupPlanAssociations.createForComputeInstance` `backupdr.googleapis.com/backupPlanAssociations.deleteForAlloydbCluster` `backupdr.googleapis.com/backupPlanAssociations.deleteForCloudSqlInstance` `backupdr.googleapis.com/backupPlanAssociations.deleteForComputeDisk` `backupdr.googleapis.com/backupPlanAssociations.deleteForComputeInstance` `backupdr.googleapis.com/backupPlanAssociations.fetchForAlloydbCluster` `backupdr.googleapis.com/backupPlanAssociations.fetchForCloudSqlInstance` `backupdr.googleapis.com/backupPlanAssociations.fetchForComputeDisk` `backupdr.googleapis.com/backupPlanAssociations.fetchForComputeInstance` `backupdr.googleapis.com/backupPlanAssociations.getForAlloydbCluster` `backupdr.googleapis.com/backupPlanAssociations.getForCloudSqlInstance` `backupdr.googleapis.com/backupPlanAssociations.getForComputeDisk` `backupdr.googleapis.com/backupPlanAssociations.getForComputeInstance` `backupdr.googleapis.com/backupPlanAssociations.list` `backupdr.googleapis.com/backupPlanRevisions.` `backupdr.googleapis.com/backupPlans.` `backupdr.googleapis.com/backupVaults.` `backupdr.googleapis.com/bvbackups.` `backupdr.googleapis.com/bvdataSources.abandonBackup` `backupdr.googleapis.com/bvdataSources.fetchAccessToken` `backupdr.googleapis.com/bvdataSources.finalizeBackup` `backupdr.googleapis.com/bvdataSources.get` `backupdr.googleapis.com/bvdataSources.initiateBackup` `backupdr.googleapis.com/bvdataSources.list` `backupdr.googleapis.com/bvdataSources.remove` `backupdr.googleapis.com/bvdataSources.setInternalStatus` `backupdr.googleapis.com/bvdataSources.update` `backupdr.googleapis.com/compute.` `backupdr.googleapis.com/dataSourceReferences.fetchForAlloydbCluster` `backupdr.googleapis.com/dataSourceReferences.fetchForCloudSqlInstance` `backupdr.googleapis.com/dataSourceReferences.fetchForFilestoreInstance` `backupdr.googleapis.com/dataSourceReferences.list` `backupdr.googleapis.com/locations.` `backupdr.googleapis.com/managementServers.create` `backupdr.googleapis.com/managementServers.createConnection` `backupdr.googleapis.com/managementServers.delete` `backupdr.googleapis.com/managementServers.get` `backupdr.googleapis.com/managementServers.getIamPolicy` `backupdr.googleapis.com/managementServers.list` `backupdr.googleapis.com/managementServers.setIamPolicy` `backupdr.googleapis.com/managementServers.update` `backupdr.googleapis.com/operations.` `backupdr.googleapis.com/serviceConfig.`	`backupdr.googleapis.com/bvbackups.useReadOnlyForAlloydbCluster` `backupdr.googleapis.com/bvbackups.useReadOnlyForCloudSqlInstance` `backupdr.googleapis.com/bvbackups.useReadOnlyForFilestoreInstance`
Proteção de Dados Sensíveis	`dlp.googleapis.com/charts.` `dlp.googleapis.com/columnDataProfiles.` `dlp.googleapis.com/connections.` `dlp.googleapis.com/deidentifyTemplates.` `dlp.googleapis.com/estimates.` `dlp.googleapis.com/fileStoreProfiles.` `dlp.googleapis.com/inspecttemplates.` `dlp.googleapis.com/jobTriggers.` `dlp.googleapis.com/jobs.` `dlp.googleapis.com/projectDataProfiles.` `dlp.googleapis.com/storedInfoTypes.` `dlp.googleapis.com/subscriptions.` `dlp.googleapis.com/tableDataProfiles.*`	Nenhum
Secure Source Manager	`securesourcemanager.googleapis.com/branchRules.` `securesourcemanager.googleapis.com/hooks.` `securesourcemanager.googleapis.com/instances.access` `securesourcemanager.googleapis.com/instances.create` `securesourcemanager.googleapis.com/instances.delete` `securesourcemanager.googleapis.com/instances.get` `securesourcemanager.googleapis.com/instances.getIamPolicy` `securesourcemanager.googleapis.com/instances.linkDeveloperConnect` `securesourcemanager.googleapis.com/instances.list` `securesourcemanager.googleapis.com/instances.setIamPolicy` `securesourcemanager.googleapis.com/issuecomments.` `securesourcemanager.googleapis.com/issues.` `securesourcemanager.googleapis.com/locations.` `securesourcemanager.googleapis.com/operations.` `securesourcemanager.googleapis.com/prcomments.` `securesourcemanager.googleapis.com/pullRequests.` `securesourcemanager.googleapis.com/repositories.create` `securesourcemanager.googleapis.com/repositories.delete` `securesourcemanager.googleapis.com/repositories.fetch` `securesourcemanager.googleapis.com/repositories.get` `securesourcemanager.googleapis.com/repositories.getIamPolicy` `securesourcemanager.googleapis.com/repositories.list` `securesourcemanager.googleapis.com/repositories.setIamPolicy` `securesourcemanager.googleapis.com/repositories.update`	Nenhum
Conectores	`connectors.googleapis.com/.`	`connectors.googleapis.com/connections.executeSqlQuery` `connectors.googleapis.com/connections.generateOpenAPISpec` `connectors.googleapis.com/connections.listenEvent`
Dataproc Metastore	`metastore.googleapis.com/backups.` `metastore.googleapis.com/databases.delete` `metastore.googleapis.com/databases.getIamPolicy` `metastore.googleapis.com/databases.setIamPolicy` `metastore.googleapis.com/databases.update` `metastore.googleapis.com/federations.` `metastore.googleapis.com/imports.` `metastore.googleapis.com/locations.` `metastore.googleapis.com/operations.` `metastore.googleapis.com/services.` `metastore.googleapis.com/tables.delete` `metastore.googleapis.com/tables.getIamPolicy` `metastore.googleapis.com/tables.setIamPolicy` `metastore.googleapis.com/tables.update`	`metastore.googleapis.com/federations.use` `metastore.googleapis.com/services.use`

Versão de aplicação `3`

As políticas com a versão de aplicação 3 podem bloquear todas as permissões listadas nas seguintes versões de aplicação:

Versão de aplicação 1
Versão de aplicação 2

Além disso, as políticas com a versão de aplicação 3 também podem bloquear todas as permissões listadas na tabela a seguir.

Cada linha contém as seguintes informações:

O nome de um serviço com permissões que as políticas de limite de acesso de principal podem bloquear.
As permissões desse serviço que as políticas de limite de acesso de principal podem bloquear.

Em alguns casos, uma seção de um nome de permissão é substituída por um caractere curinga (*). Esse formato indica que as políticas de limite de acesso de principal podem bloquear todas as permissões que correspondem a esse padrão.

Serviço	Permissões	Exceções
Contatos essenciais	`essentialcontacts.googleapis.com/contacts.*`	Nenhum
Identity and Access Management	`iam.googleapis.com/denypolicies.` `iam.googleapis.com/roles.` `iam.googleapis.com/serviceAccountKeys.` `iam.googleapis.com/serviceAccounts.`	`iam.googleapis.com/serviceAccounts.createTagBinding` `iam.googleapis.com/serviceAccounts.deleteTagBinding` `iam.googleapis.com/serviceAccounts.getCertificateAs` `iam.googleapis.com/serviceAccounts.listEffectiveTags` `iam.googleapis.com/serviceAccounts.listTagBindings`
Serviço Gerenciado para Apache Spark	`dataproc.googleapis.com/autoscalingPolicies.` `dataproc.googleapis.com/batches.` `dataproc.googleapis.com/clusters.` `dataproc.googleapis.com/jobs.` `dataproc.googleapis.com/operations.` `dataproc.googleapis.com/sessionTemplates.` `dataproc.googleapis.com/sessions.` `dataproc.googleapis.com/workflowTemplates.`	Nenhum
Gerenciamento de serviços	`servicemanagement.googleapis.com/services.check` `servicemanagement.googleapis.com/services.report`	Nenhum
Bigtable	`bigtable.googleapis.com/.`	Nenhum
API Cloud Bigtable Admin	`bigtableadmin.googleapis.com/.`	Nenhum
Cloud SQL	`cloudsql.googleapis.com/.`	Nenhum
Serviços de rede	`networkservices.googleapis.com/endpointPolicies.` `networkservices.googleapis.com/gateways.` `networkservices.googleapis.com/grpcRoutes.` `networkservices.googleapis.com/httpRoutes.` `networkservices.googleapis.com/httpfilters.` `networkservices.googleapis.com/meshes.` `networkservices.googleapis.com/route_views.` `networkservices.googleapis.com/serviceBindings.` `networkservices.googleapis.com/serviceLbPolicies.` `networkservices.googleapis.com/tcpRoutes.` `networkservices.googleapis.com/tlsRoutes.*`	Nenhum
Cloud Service Mesh	`trafficdirector.googleapis.com/.`	Nenhum
API Network Management	`networkmanagement.googleapis.com/.`	Nenhum
Compute Engine	`compute.googleapis.com/addresses.` `compute.googleapis.com/backendBuckets.` `compute.googleapis.com/backendServices.` `compute.googleapis.com/externalVpnGateways.` `compute.googleapis.com/firewallPolicies.` `compute.googleapis.com/firewalls.` `compute.googleapis.com/forwardingRules.` `compute.googleapis.com/globalAddresses.` `compute.googleapis.com/globalForwardingRules.` `compute.googleapis.com/healthChecks.` `compute.googleapis.com/httpHealthChecks.` `compute.googleapis.com/httpsHealthChecks.` `compute.googleapis.com/interconnectAttachments.` `compute.googleapis.com/interconnectLocations.` `compute.googleapis.com/interconnectRemoteLocations.` `compute.googleapis.com/interconnects.` `compute.googleapis.com/networks.` `compute.googleapis.com/packetMirrorings.` `compute.googleapis.com/publicAdvertisedPrefixes.` `compute.googleapis.com/publicDelegatedPrefixes.` `compute.googleapis.com/regionBackendServices.` `compute.googleapis.com/regionFirewallPolicies.` `compute.googleapis.com/regionHealthChecks.` `compute.googleapis.com/regionSslPolicies.` `compute.googleapis.com/regionTargetHttpProxies.` `compute.googleapis.com/regionTargetTcpProxies.` `compute.googleapis.com/regionUrlMaps.` `compute.googleapis.com/routes.` `compute.googleapis.com/sslPolicies.` `compute.googleapis.com/subnetworks.` `compute.googleapis.com/targetGrpcProxies.` `compute.googleapis.com/targetHttpProxies.` `compute.googleapis.com/targetHttpsProxies.` `compute.googleapis.com/targetInstances.` `compute.googleapis.com/targetPools.` `compute.googleapis.com/targetSslProxies.` `compute.googleapis.com/targetTcpProxies.` `compute.googleapis.com/targetVpnGateways.` `compute.googleapis.com/urlMaps.` `compute.googleapis.com/vpnGateways.`	Nenhum
Artifact Registry	`artifactregistry.googleapis.com/.`	Nenhum
Pub/Sub	`pubsub.googleapis.com/.`	Nenhum
Workflows	`workflows.googleapis.com/.`	Nenhum
Google Distributed Cloud	`gkeonprem.googleapis.com/.`	Nenhum
Chaves de API	`apikeys.googleapis.com/apikeys.` Observação:na API IAM v1, essas permissões são denominadas `serviceusage.apiKeys.`. `apikeys.googleapis.com/keys.*`	Nenhum
Cloud DNS	`dns.googleapis.com/.`	Nenhum
Firestore	`datastore.googleapis.com/backupSchedules.` `datastore.googleapis.com/backups.delete` `datastore.googleapis.com/backups.get` `datastore.googleapis.com/backups.list` `datastore.googleapis.com/databases.` `datastore.googleapis.com/entities.` `datastore.googleapis.com/indexes.` `datastore.googleapis.com/locations.` `datastore.googleapis.com/operations.` `datastore.googleapis.com/userCreds.*`	Nenhum
Cloud Key Management Service	`cloudkms.googleapis.com/autokeyConfigs.` `cloudkms.googleapis.com/cryptoKeyVersions.create` `cloudkms.googleapis.com/cryptoKeyVersions.destroy` `cloudkms.googleapis.com/cryptoKeyVersions.get` `cloudkms.googleapis.com/cryptoKeyVersions.list` `cloudkms.googleapis.com/cryptoKeyVersions.restore` `cloudkms.googleapis.com/cryptoKeyVersions.update` `cloudkms.googleapis.com/cryptoKeyVersions.useToDecrypt` `cloudkms.googleapis.com/cryptoKeyVersions.useToEncrypt` `cloudkms.googleapis.com/cryptoKeyVersions.useToSign` `cloudkms.googleapis.com/cryptoKeyVersions.useToVerify` `cloudkms.googleapis.com/cryptoKeyVersions.viewPublicKey` `cloudkms.googleapis.com/ekmConfigs.` `cloudkms.googleapis.com/importJobs.` `cloudkms.googleapis.com/keyHandles.` `cloudkms.googleapis.com/keyRings.*`	`cloudkms.googleapis.com/importJobs.useToImport`
Serviço de política da organização	`orgpolicy.googleapis.com/.`	Nenhum
Knowledge Catalog	`dataplex.googleapis.com/aspectTypes.` `dataplex.googleapis.com/datascans.` `dataplex.googleapis.com/entries.` `dataplex.googleapis.com/entryGroups.create` `dataplex.googleapis.com/entryGroups.delete` `dataplex.googleapis.com/entryGroups.get` `dataplex.googleapis.com/entryGroups.getIamPolicy` `dataplex.googleapis.com/entryGroups.import` `dataplex.googleapis.com/entryGroups.list` `dataplex.googleapis.com/entryGroups.setIamPolicy` `dataplex.googleapis.com/entryGroups.update` `dataplex.googleapis.com/entryGroups.useContactsAspect` `dataplex.googleapis.com/entryGroups.useGenericAspect` `dataplex.googleapis.com/entryGroups.useGenericEntry` `dataplex.googleapis.com/entryGroups.useOverviewAspect` `dataplex.googleapis.com/entryGroups.useSchemaAspect` `dataplex.googleapis.com/entryTypes.` `dataplex.googleapis.com/metadataJobs.*`	Nenhum
API Data Lineage	`datalineage.googleapis.com/events.` `datalineage.googleapis.com/locations.` `datalineage.googleapis.com/operations.` `datalineage.googleapis.com/processes.` `datalineage.googleapis.com/runs.*`	Nenhum
Hub do GKE	`gkehub.googleapis.com/fleets.*`	Nenhum
Cloud Run functions	`cloudfunctions.googleapis.com/.`	Nenhum
Spanner	`spanner.googleapis.com/.`	Nenhum
Google Kubernetes Engine	`container.googleapis.com/.`	Nenhum

Versão de aplicação `2`

As políticas com a versão de aplicação 2 podem bloquear todas as permissões listadas em Versão de aplicação 1. Além disso, as políticas com a versão de aplicação 2 também podem bloquear todas as permissões listadas na tabela a seguir.

Cada linha contém as seguintes informações:

O nome de um serviço com permissões que as políticas de limite de acesso de principal podem bloquear.
As permissões desse serviço que as políticas de limite de acesso de principal podem bloquear.

Em alguns casos, uma seção de um nome de permissão é substituída por um caractere curinga (*). Esse formato indica que as políticas de limite de acesso de principal podem bloquear todas as permissões que correspondem a esse padrão.

Serviço	Permissões	Exceções
Access Context Manager	`accesscontextmanager.googleapis.com/*`	Nenhum
Artifact Analysis	`containeranalysis.googleapis.com/*`	Nenhum
BigQuery	`bigquery.googleapis.com/rowAccessPolicies.` `bigquery.googleapis.com/datasets.` `bigquery.googleapis.com/jobs.` `bigquery.googleapis.com/models.` `bigquery.googleapis.com/routines.` `bigquery.googleapis.com/tables.`	Nenhum
Política de dados do BigQuery	`bigquerydatapolicy.googleapis.com/*`	Nenhum
Serviço de transferência de dados do BigQuery	`bigquerydatatransfer.googleapis.com/transfers.*`	Nenhum
Chrome Enterprise Premium	`beyondcorp.googleapis.com/*`	Nenhum
Inventário de recursos do Cloud	`cloudasset.googleapis.com/*`	Nenhum
Cloud Billing	`billing.googleapis.com/budgets.*`	Nenhum
Cloud Build	`cloudbuild.googleapis.com/*`	Nenhum
Cloud Monitoring	`monitoring.googleapis.com/*`	`monitoring.googleapis.com/metricsScopes.link` `monitoring.googleapis.com/timeSeries.list`
Cloud Service Mesh	`meshconfig.googleapis.com/*`	Nenhum
Cloud Storage	`storage.googleapis.com/bucketOperations.` `storage.googleapis.com/buckets.` `storage.googleapis.com/managedFolders.` `storage.googleapis.com/multipartUploads.` `storage.googleapis.com/folders.` `storage.googleapis.com/hmacKeys.` `storage.googleapis.com/objects.*`	Nenhum
Cloud Trace	`cloudtrace.googleapis.com/*`	Nenhum
Compute Engine	`compute.googleapis.com/networkAttachments.` `compute.googleapis.com/networkEdgeSecurityServices.` `compute.googleapis.com/regionSecurityPolicies.` `compute.googleapis.com/securityPolicies.` `compute.googleapis.com/serviceAttachments.` `compute.googleapis.com/routers.`	Nenhum
Regras de segurança do Firebase	`firebaserules.googleapis.com/*`	Nenhum
GKE Multi-cloud	`gkemulticloud.googleapis.com/*`	Nenhum
Identity-Aware Proxy	`iap.googleapis.com/*`	Nenhum
Memorystore for Redis	`redis.googleapis.com/*`	Nenhum
API Network Management	`networkmanagement.googleapis.com/*`	Nenhum
Serviços de rede	`networkservices.googleapis.com/edgeCacheKeysets.` `networkservices.googleapis.com/edgeCacheOrigins.` `networkservices.googleapis.com/edgeCacheServices.*`	Nenhum
reCAPTCHA	`recaptchaenterprise.googleapis.com/*`	Nenhum
Resource Manager	`cloudresourcemanager.googleapis.com/*`	`cloudresourcemanager.googleapis.com/.createPolicyBinding` `cloudresourcemanager.googleapis.com/.deletePolicyBinding` `cloudresourcemanager.googleapis.com/.searchPolicyBindings` `cloudresourcemanager.googleapis.com/.updatePolicyBinding`
API Video Stitcher	`videostitcher.googleapis.com/*`	Nenhum

Versão de aplicação `1`

A tabela a seguir lista as permissões que as políticas de limite de acesso de principal com a versão de aplicação 1 podem bloquear.

Cada linha contém as seguintes informações:

O nome de um serviço com permissões que as políticas de limite de acesso de principal podem bloquear.
As permissões desse serviço que as políticas de limite de acesso de principal podem bloquear.

Em alguns casos, uma seção de um nome de permissão é substituída por um caractere curinga (*). Esse formato indica que as políticas de limite de acesso de principal podem bloquear todas as permissões que correspondem a esse padrão.
As permissões do serviço que o limite de acesso de principal não pode bloquear, mesmo que essas permissões correspondam a um dos padrões de permissão compatíveis.

Serviço	Permissões	Exceções
Aprovação de acesso	`accessapproval.googleapis.com/requests.list` `accessapproval.googleapis.com/serviceaccounts.get` `accessapproval.googleapis.com/settings.*`	Nenhum
Access Context Manager	`accesscontextmanager.googleapis.com/*`	`accesscontextmanager.googleapis.com/gcpUserAccessBindings.*`
BigQuery	`bigquery.googleapis.com/datasets.create` `bigquery.googleapis.com/datasets.delete` `bigquery.googleapis.com/datasets.get` `bigquery.googleapis.com/datasets.setIamPolicy` `bigquery.googleapis.com/datasets.update` `bigquery.googleapis.com/jobs.create` `bigquery.googleapis.com/jobs.delete` `bigquery.googleapis.com/jobs.list` `bigquery.googleapis.com/jobs.get` `bigquery.googleapis.com/models.create` `bigquery.googleapis.com/models.delete` `bigquery.googleapis.com/models.list` `bigquery.googleapis.com/models.updateMetadata` `bigquery.googleapis.com/routines.create` `bigquery.googleapis.com/routines.delete` `bigquery.googleapis.com/routines.list` `bigquery.googleapis.com/routines.update`	Nenhum
Autorização binária	`binaryauthorization.googleapis.com/*`	Nenhum
Cloud Logging	`logging.googleapis.com/logEntries.create` `logging.googleapis.com/logMetrics.*`	Nenhum
Cloud Run	`run.googleapis.com/authorizeddomains.` `run.googleapis.com/configurations.get` `run.googleapis.com/configurations.list` `run.googleapis.com/domainmappings.` `run.googleapis.com/services.create` `run.googleapis.com/services.delete` `run.googleapis.com/services.get` `run.googleapis.com/services.list` `run.googleapis.com/services.update` `run.googleapis.com/executions.` `run.googleapis.com/jobs.create` `run.googleapis.com/jobs.delete` `run.googleapis.com/jobs.get` `run.googleapis.com/jobs.list` `run.googleapis.com/jobs.run` `run.googleapis.com/revisions.` `run.googleapis.com/routes.get` `run.googleapis.com/routes.list` `run.googleapis.com/tasks.*`	Nenhum
Cloud Storage	`storage.googleapis.com/buckets.get` `storage.googleapis.com/buckets.getIamPolicy` `storage.googleapis.com/buckets.list` `storage.googleapis.com/buckets.setIamPolicy` `storage.googleapis.com/buckets.update` `storage.googleapis.com/hmacKeys.update` `storage.googleapis.com/objects.delete` `storage.googleapis.com/objects.get` `storage.googleapis.com/objects.setRetention`	Nenhum
Dataflow	`dataflow.googleapis.com/messages.list` `dataflow.googleapis.com/metrics.get` `dataflow.googleapis.com/snapshots.list` `dataflow.googleapis.com/workItems.` `dataflow.googleapis.com/jobs.`	`dataflow.googleapis.com/jobs.snapshot`
Firestore	`datastore.googleapis.com/databases.create` `datastore.googleapis.com/databases.delete` `datastore.googleapis.com/databases.get` `datastore.googleapis.com/databases.getMetadata` `datastore.googleapis.com/databases.list`	Nenhum
Regras de segurança do Firebase	`firebaserules.googleapis.com/*`	Nenhum
Hub do GKE	`gkehub.googleapis.com/membershipbindings.` `gkehub.googleapis.com/rbacrolebindings.` `gkehub.googleapis.com/features.` `gkehub.googleapis.com/fleet.create` `gkehub.googleapis.com/fleet.get` `gkehub.googleapis.com/fleet.patch` `gkehub.googleapis.com/locations.` `gkehub.googleapis.com/memberships.` `gkehub.googleapis.com/scopes.`	`gkehub.googleapis.com/.createTagBinding` `gkehub.googleapis.com/.deleteTagBinding` `gkehub.googleapis.com/.listEffectiveTags` `gkehub.googleapis.com/.listTagBindings`
Pub/Sub	`pubsub.googleapis.com/*`	`pubsub.googleapis.com/.getIamPolicy` `pubsub.googleapis.com/.setIamPolicy` `pubsub.googleapis.com/schemas.delete` `pubsub.googleapis.com/schemas.validate` `pubsub.googleapis.com/subscriptions.consume`
Memorystore for Redis	`redis.googleapis.com/instances.create` `redis.googleapis.com/instances.delete` `redis.googleapis.com/instances.failover` `redis.googleapis.com/instances.get` `redis.googleapis.com/instances.getAuthString` `redis.googleapis.com/instances.list` `redis.googleapis.com/instances.update` `redis.googleapis.com/instances.upgrade`	Nenhum
Gemini Enterprise Agent Platform	`aiplatform.googleapis.com/*`	`aiplatform.googleapis.com/operations.*`

Permissões bloqueadas pelas políticas de limite de acesso principal Mantenha tudo organizado com as coleções Salve e categorize o conteúdo com base nas suas preferências.

Versão de aplicação padrão

Versão de aplicação 4

Versão de aplicação 3

Versão de aplicação 2

Versão de aplicação 1

Permissões bloqueadas pelas políticas de limite de acesso principal

Versão de aplicação `4`

Versão de aplicação `3`

Versão de aplicação `2`

Versão de aplicação `1`