תפקידים והרשאות

בדף הזה מוסבר על התפקידים וההרשאות בניהול הזהויות והרשאות הגישה (IAM) שנדרשים לשימוש ב-Network Connectivity Center ‏ (NCC).

באופן כללי, צריך את הדברים הבאים:

חשוב לדעת שאם אתם צריכים לעבוד עם NCC ברשת VPC משותפת, אתם צריכים את כל ההרשאות הנדרשות בפרויקט המארח. המרכז, הרשתות ההסתעפות וכל המשאבים שקשורים אליהם צריכים להיות בפרויקט המארח.

במאמר סקירה כללית על IAM מוסבר איך להעניק הרשאות.

תפקידים מוגדרים מראש

בטבלה הבאה מתוארים התפקידים המוגדרים מראש ב-NCC.

Role Permissions

(roles/networkconnectivity.editor)

Editor role for Network Connectivity

networkconnectivity.gatewayAdvertisedRoutes.*

  • networkconnectivity.gatewayAdvertisedRoutes.create
  • networkconnectivity.gatewayAdvertisedRoutes.delete
  • networkconnectivity.gatewayAdvertisedRoutes.get
  • networkconnectivity.gatewayAdvertisedRoutes.list
  • networkconnectivity.gatewayAdvertisedRoutes.update

networkconnectivity.groups.acceptSpoke

networkconnectivity.groups.acceptSpokeUpdate

networkconnectivity.groups.get

networkconnectivity.groups.getIamPolicy

networkconnectivity.groups.list

networkconnectivity.groups.rejectSpoke

networkconnectivity.groups.rejectSpokeUpdate

networkconnectivity.groups.use

networkconnectivity.hubRouteTables.get

networkconnectivity.hubRouteTables.getIamPolicy

networkconnectivity.hubRouteTables.list

networkconnectivity.hubRoutes.get

networkconnectivity.hubRoutes.getIamPolicy

networkconnectivity.hubRoutes.list

networkconnectivity.hubs.create

networkconnectivity.hubs.delete

networkconnectivity.hubs.get

networkconnectivity.hubs.getIamPolicy

networkconnectivity.hubs.list

networkconnectivity.hubs.listEffectiveTags

networkconnectivity.hubs.listSpokes

networkconnectivity.hubs.listTagBindings

networkconnectivity.hubs.queryStatus

networkconnectivity.hubs.update

networkconnectivity.internalRanges.create

networkconnectivity.internalRanges.delete

networkconnectivity.internalRanges.get

networkconnectivity.internalRanges.getIamPolicy

networkconnectivity.internalRanges.list

networkconnectivity.internalRanges.update

networkconnectivity.locations.*

  • networkconnectivity.locations.get
  • networkconnectivity.locations.list

networkconnectivity.multicloudDataTransferConfigs.*

  • networkconnectivity.multicloudDataTransferConfigs.create
  • networkconnectivity.multicloudDataTransferConfigs.delete
  • networkconnectivity.multicloudDataTransferConfigs.get
  • networkconnectivity.multicloudDataTransferConfigs.list
  • networkconnectivity.multicloudDataTransferConfigs.update

networkconnectivity.multicloudDataTransferDestinations.*

  • networkconnectivity.multicloudDataTransferDestinations.create
  • networkconnectivity.multicloudDataTransferDestinations.delete
  • networkconnectivity.multicloudDataTransferDestinations.get
  • networkconnectivity.multicloudDataTransferDestinations.list
  • networkconnectivity.multicloudDataTransferDestinations.update

networkconnectivity.multicloudDataTransferSupportedServices.*

  • networkconnectivity.multicloudDataTransferSupportedServices.get
  • networkconnectivity.multicloudDataTransferSupportedServices.list

networkconnectivity.operations.*

  • networkconnectivity.operations.cancel
  • networkconnectivity.operations.delete
  • networkconnectivity.operations.get
  • networkconnectivity.operations.list

networkconnectivity.policyBasedRoutes.create

networkconnectivity.policyBasedRoutes.delete

networkconnectivity.policyBasedRoutes.get

networkconnectivity.policyBasedRoutes.getIamPolicy

networkconnectivity.policyBasedRoutes.list

networkconnectivity.regionalEndpoints.*

  • networkconnectivity.regionalEndpoints.create
  • networkconnectivity.regionalEndpoints.delete
  • networkconnectivity.regionalEndpoints.get
  • networkconnectivity.regionalEndpoints.list

networkconnectivity.remoteTransportProfiles.*

  • networkconnectivity.remoteTransportProfiles.get
  • networkconnectivity.remoteTransportProfiles.list

networkconnectivity.serviceClasses.*

  • networkconnectivity.serviceClasses.create
  • networkconnectivity.serviceClasses.delete
  • networkconnectivity.serviceClasses.get
  • networkconnectivity.serviceClasses.list
  • networkconnectivity.serviceClasses.update
  • networkconnectivity.serviceClasses.use

networkconnectivity.serviceConnectionMaps.*

  • networkconnectivity.serviceConnectionMaps.create
  • networkconnectivity.serviceConnectionMaps.delete
  • networkconnectivity.serviceConnectionMaps.get
  • networkconnectivity.serviceConnectionMaps.list
  • networkconnectivity.serviceConnectionMaps.update

networkconnectivity.serviceConnectionPolicies.*

  • networkconnectivity.serviceConnectionPolicies.create
  • networkconnectivity.serviceConnectionPolicies.delete
  • networkconnectivity.serviceConnectionPolicies.get
  • networkconnectivity.serviceConnectionPolicies.list
  • networkconnectivity.serviceConnectionPolicies.update

networkconnectivity.spokes.create

networkconnectivity.spokes.delete

networkconnectivity.spokes.get

networkconnectivity.spokes.getIamPolicy

networkconnectivity.spokes.list

networkconnectivity.spokes.listEffectiveTags

networkconnectivity.spokes.listTagBindings

networkconnectivity.spokes.update

networkconnectivity.transports.*

  • networkconnectivity.transports.create
  • networkconnectivity.transports.delete
  • networkconnectivity.transports.get
  • networkconnectivity.transports.list
  • networkconnectivity.transports.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/networkconnectivity.consumerNetworkAdmin)

Service Automation Consumer Network Admin is responsible for setting up ServiceConnectionPolicies.

networkconnectivity.serviceConnectionPolicies.*

  • networkconnectivity.serviceConnectionPolicies.create
  • networkconnectivity.serviceConnectionPolicies.delete
  • networkconnectivity.serviceConnectionPolicies.get
  • networkconnectivity.serviceConnectionPolicies.list
  • networkconnectivity.serviceConnectionPolicies.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/networkconnectivity.groupAdmin)

Enables full access to group resources and read-only access to hub and spoke resources

networkconnectivity.gatewayAdvertisedRoutes.get

networkconnectivity.gatewayAdvertisedRoutes.list

networkconnectivity.groups.*

  • networkconnectivity.groups.acceptSpoke
  • networkconnectivity.groups.acceptSpokeUpdate
  • networkconnectivity.groups.get
  • networkconnectivity.groups.getIamPolicy
  • networkconnectivity.groups.list
  • networkconnectivity.groups.rejectSpoke
  • networkconnectivity.groups.rejectSpokeUpdate
  • networkconnectivity.groups.setIamPolicy
  • networkconnectivity.groups.use

networkconnectivity.hubRouteTables.get

networkconnectivity.hubRouteTables.getIamPolicy

networkconnectivity.hubRouteTables.list

networkconnectivity.hubRoutes.get

networkconnectivity.hubRoutes.getIamPolicy

networkconnectivity.hubRoutes.list

networkconnectivity.hubs.get

networkconnectivity.hubs.getIamPolicy

networkconnectivity.hubs.list

networkconnectivity.locations.*

  • networkconnectivity.locations.get
  • networkconnectivity.locations.list

networkconnectivity.operations.get

networkconnectivity.operations.list

networkconnectivity.spokes.get

networkconnectivity.spokes.getIamPolicy

networkconnectivity.spokes.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/networkconnectivity.groupUser)

Enables use access on group resources

networkconnectivity.groups.use

(roles/networkconnectivity.hubAdmin)

Enables full access to hub and spoke resources.

Lowest-level resources where you can grant this role:

  • Project

networkconnectivity.gatewayAdvertisedRoutes.*

  • networkconnectivity.gatewayAdvertisedRoutes.create
  • networkconnectivity.gatewayAdvertisedRoutes.delete
  • networkconnectivity.gatewayAdvertisedRoutes.get
  • networkconnectivity.gatewayAdvertisedRoutes.list
  • networkconnectivity.gatewayAdvertisedRoutes.update

networkconnectivity.groups.*

  • networkconnectivity.groups.acceptSpoke
  • networkconnectivity.groups.acceptSpokeUpdate
  • networkconnectivity.groups.get
  • networkconnectivity.groups.getIamPolicy
  • networkconnectivity.groups.list
  • networkconnectivity.groups.rejectSpoke
  • networkconnectivity.groups.rejectSpokeUpdate
  • networkconnectivity.groups.setIamPolicy
  • networkconnectivity.groups.use

networkconnectivity.hubRouteTables.*

  • networkconnectivity.hubRouteTables.get
  • networkconnectivity.hubRouteTables.getIamPolicy
  • networkconnectivity.hubRouteTables.list
  • networkconnectivity.hubRouteTables.setIamPolicy

networkconnectivity.hubRoutes.*

  • networkconnectivity.hubRoutes.get
  • networkconnectivity.hubRoutes.getIamPolicy
  • networkconnectivity.hubRoutes.list
  • networkconnectivity.hubRoutes.setIamPolicy

networkconnectivity.hubs.*

  • networkconnectivity.hubs.create
  • networkconnectivity.hubs.createTagBinding
  • networkconnectivity.hubs.delete
  • networkconnectivity.hubs.deleteTagBinding
  • networkconnectivity.hubs.get
  • networkconnectivity.hubs.getIamPolicy
  • networkconnectivity.hubs.list
  • networkconnectivity.hubs.listEffectiveTags
  • networkconnectivity.hubs.listSpokes
  • networkconnectivity.hubs.listTagBindings
  • networkconnectivity.hubs.queryStatus
  • networkconnectivity.hubs.setIamPolicy
  • networkconnectivity.hubs.update

networkconnectivity.locations.*

  • networkconnectivity.locations.get
  • networkconnectivity.locations.list

networkconnectivity.operations.*

  • networkconnectivity.operations.cancel
  • networkconnectivity.operations.delete
  • networkconnectivity.operations.get
  • networkconnectivity.operations.list

networkconnectivity.spokes.*

  • networkconnectivity.spokes.create
  • networkconnectivity.spokes.createTagBinding
  • networkconnectivity.spokes.delete
  • networkconnectivity.spokes.deleteTagBinding
  • networkconnectivity.spokes.get
  • networkconnectivity.spokes.getIamPolicy
  • networkconnectivity.spokes.list
  • networkconnectivity.spokes.listEffectiveTags
  • networkconnectivity.spokes.listTagBindings
  • networkconnectivity.spokes.setIamPolicy
  • networkconnectivity.spokes.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/networkconnectivity.hubViewer)

Enables read-only access to hub and spoke resources.

Lowest-level resources where you can grant this role:

  • Project

networkconnectivity.gatewayAdvertisedRoutes.get

networkconnectivity.gatewayAdvertisedRoutes.list

networkconnectivity.groups.get

networkconnectivity.groups.getIamPolicy

networkconnectivity.groups.list

networkconnectivity.hubRouteTables.get

networkconnectivity.hubRouteTables.getIamPolicy

networkconnectivity.hubRouteTables.list

networkconnectivity.hubRoutes.get

networkconnectivity.hubRoutes.getIamPolicy

networkconnectivity.hubRoutes.list

networkconnectivity.hubs.get

networkconnectivity.hubs.getIamPolicy

networkconnectivity.hubs.list

networkconnectivity.hubs.listSpokes

networkconnectivity.hubs.queryStatus

networkconnectivity.locations.*

  • networkconnectivity.locations.get
  • networkconnectivity.locations.list

networkconnectivity.spokes.get

networkconnectivity.spokes.getIamPolicy

networkconnectivity.spokes.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/networkconnectivity.multicloudDataTransferConfigAdmin)

Full access to all Multicloud Data Transfer Config resources.

networkconnectivity.multicloudDataTransferConfigs.*

  • networkconnectivity.multicloudDataTransferConfigs.create
  • networkconnectivity.multicloudDataTransferConfigs.delete
  • networkconnectivity.multicloudDataTransferConfigs.get
  • networkconnectivity.multicloudDataTransferConfigs.list
  • networkconnectivity.multicloudDataTransferConfigs.update

networkconnectivity.multicloudDataTransferDestinations.*

  • networkconnectivity.multicloudDataTransferDestinations.create
  • networkconnectivity.multicloudDataTransferDestinations.delete
  • networkconnectivity.multicloudDataTransferDestinations.get
  • networkconnectivity.multicloudDataTransferDestinations.list
  • networkconnectivity.multicloudDataTransferDestinations.update

networkconnectivity.multicloudDataTransferSupportedServices.*

  • networkconnectivity.multicloudDataTransferSupportedServices.get
  • networkconnectivity.multicloudDataTransferSupportedServices.list

networkconnectivity.operations.get

networkconnectivity.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/networkconnectivity.multicloudDataTransferConfigViewer)

Read-only access to all Multicloud Data Transfer Config resources.

networkconnectivity.multicloudDataTransferConfigs.get

networkconnectivity.multicloudDataTransferConfigs.list

networkconnectivity.multicloudDataTransferDestinations.get

networkconnectivity.multicloudDataTransferDestinations.list

networkconnectivity.multicloudDataTransferSupportedServices.*

  • networkconnectivity.multicloudDataTransferSupportedServices.get
  • networkconnectivity.multicloudDataTransferSupportedServices.list

networkconnectivity.operations.get

networkconnectivity.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/networkconnectivity.multicloudDataTransferDestinationAdmin)

Access to all Destination resources.

networkconnectivity.multicloudDataTransferDestinations.*

  • networkconnectivity.multicloudDataTransferDestinations.create
  • networkconnectivity.multicloudDataTransferDestinations.delete
  • networkconnectivity.multicloudDataTransferDestinations.get
  • networkconnectivity.multicloudDataTransferDestinations.list
  • networkconnectivity.multicloudDataTransferDestinations.update

networkconnectivity.multicloudDataTransferSupportedServices.*

  • networkconnectivity.multicloudDataTransferSupportedServices.get
  • networkconnectivity.multicloudDataTransferSupportedServices.list

networkconnectivity.operations.get

networkconnectivity.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/networkconnectivity.multicloudDataTransferDestinationViewer)

Read-only access to all Destination resources.

networkconnectivity.multicloudDataTransferDestinations.get

networkconnectivity.multicloudDataTransferDestinations.list

networkconnectivity.multicloudDataTransferSupportedServices.*

  • networkconnectivity.multicloudDataTransferSupportedServices.get
  • networkconnectivity.multicloudDataTransferSupportedServices.list

networkconnectivity.operations.get

networkconnectivity.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/networkconnectivity.regionalEndpointAdmin)

Full access to all Regional Endpoint resources.

networkconnectivity.regionalEndpoints.*

  • networkconnectivity.regionalEndpoints.create
  • networkconnectivity.regionalEndpoints.delete
  • networkconnectivity.regionalEndpoints.get
  • networkconnectivity.regionalEndpoints.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/networkconnectivity.regionalEndpointViewer)

Read-only access to all Regional Endpoint resources.

networkconnectivity.regionalEndpoints.get

networkconnectivity.regionalEndpoints.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/networkconnectivity.serviceClassUser)

Service Class User uses a ServiceClass

networkconnectivity.serviceClasses.get

networkconnectivity.serviceClasses.list

networkconnectivity.serviceClasses.use

resourcemanager.projects.get

resourcemanager.projects.list

(roles/networkconnectivity.serviceProducerAdmin)

Service Automation Producer Admin uses information from a consumer request to manage ServiceClasses and ServiceConnectionMaps

networkconnectivity.operations.get

networkconnectivity.operations.list

networkconnectivity.serviceClasses.*

  • networkconnectivity.serviceClasses.create
  • networkconnectivity.serviceClasses.delete
  • networkconnectivity.serviceClasses.get
  • networkconnectivity.serviceClasses.list
  • networkconnectivity.serviceClasses.update
  • networkconnectivity.serviceClasses.use

networkconnectivity.serviceConnectionMaps.*

  • networkconnectivity.serviceConnectionMaps.create
  • networkconnectivity.serviceConnectionMaps.delete
  • networkconnectivity.serviceConnectionMaps.get
  • networkconnectivity.serviceConnectionMaps.list
  • networkconnectivity.serviceConnectionMaps.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/networkconnectivity.spokeAdmin)

Enables full access to spoke resources and read-only access to hub resources.

Lowest-level resources where you can grant this role:

  • Project

networkconnectivity.gatewayAdvertisedRoutes.*

  • networkconnectivity.gatewayAdvertisedRoutes.create
  • networkconnectivity.gatewayAdvertisedRoutes.delete
  • networkconnectivity.gatewayAdvertisedRoutes.get
  • networkconnectivity.gatewayAdvertisedRoutes.list
  • networkconnectivity.gatewayAdvertisedRoutes.update

networkconnectivity.hubRouteTables.get

networkconnectivity.hubRouteTables.getIamPolicy

networkconnectivity.hubRouteTables.list

networkconnectivity.hubRoutes.get

networkconnectivity.hubRoutes.getIamPolicy

networkconnectivity.hubRoutes.list

networkconnectivity.hubs.get

networkconnectivity.hubs.getIamPolicy

networkconnectivity.hubs.list

networkconnectivity.locations.*

  • networkconnectivity.locations.get
  • networkconnectivity.locations.list

networkconnectivity.operations.get

networkconnectivity.operations.list

networkconnectivity.spokes.*

  • networkconnectivity.spokes.create
  • networkconnectivity.spokes.createTagBinding
  • networkconnectivity.spokes.delete
  • networkconnectivity.spokes.deleteTagBinding
  • networkconnectivity.spokes.get
  • networkconnectivity.spokes.getIamPolicy
  • networkconnectivity.spokes.list
  • networkconnectivity.spokes.listEffectiveTags
  • networkconnectivity.spokes.listTagBindings
  • networkconnectivity.spokes.setIamPolicy
  • networkconnectivity.spokes.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/networkconnectivity.transportAdmin)

Enables full access to Transport resources

networkconnectivity.locations.*

  • networkconnectivity.locations.get
  • networkconnectivity.locations.list

networkconnectivity.operations.*

  • networkconnectivity.operations.cancel
  • networkconnectivity.operations.delete
  • networkconnectivity.operations.get
  • networkconnectivity.operations.list

networkconnectivity.remoteTransportProfiles.*

  • networkconnectivity.remoteTransportProfiles.get
  • networkconnectivity.remoteTransportProfiles.list

networkconnectivity.transports.*

  • networkconnectivity.transports.create
  • networkconnectivity.transports.delete
  • networkconnectivity.transports.get
  • networkconnectivity.transports.list
  • networkconnectivity.transports.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/networkconnectivity.transportViewer)

Enables view access to Transport resources

networkconnectivity.locations.*

  • networkconnectivity.locations.get
  • networkconnectivity.locations.list

networkconnectivity.operations.get

networkconnectivity.operations.list

networkconnectivity.remoteTransportProfiles.*

  • networkconnectivity.remoteTransportProfiles.get
  • networkconnectivity.remoteTransportProfiles.list

networkconnectivity.transports.get

networkconnectivity.transports.list

resourcemanager.projects.get

resourcemanager.projects.list

Service agent roles

Service agent roles should only be granted to service agents.

Role Permissions

(roles/networkconnectivity.serviceAgent)

Grants the Network Connectivity API authority to read some networking resources. It does not mutate these resources.

compute.addresses.create

compute.addresses.createInternal

compute.addresses.delete

compute.addresses.deleteInternal

compute.addresses.get

compute.addresses.setLabels

compute.addresses.use

compute.forwardingRules.create

compute.forwardingRules.delete

compute.forwardingRules.get

compute.forwardingRules.pscCreate

compute.forwardingRules.pscDelete

compute.forwardingRules.pscSetLabels

compute.forwardingRules.pscUpdate

compute.forwardingRules.setLabels

compute.instances.get

compute.interconnectAttachments.get

compute.networks.get

compute.networks.updatePolicy

compute.networks.use

compute.projects.get

compute.regionOperations.get

compute.routers.get

compute.subnetworks.create

compute.subnetworks.delete

compute.subnetworks.get

compute.subnetworks.getIamPolicy

compute.subnetworks.list

compute.subnetworks.setIamPolicy

compute.subnetworks.use

compute.vpnTunnels.get

dns.changes.create

dns.managedZoneOperations.*

  • dns.managedZoneOperations.get
  • dns.managedZoneOperations.list

dns.managedZones.create

dns.managedZones.delete

dns.managedZones.get

dns.managedZones.list

dns.managedZones.update

dns.networks.bindPrivateDNSZone

dns.resourceRecordSets.*

  • dns.resourceRecordSets.create
  • dns.resourceRecordSets.delete
  • dns.resourceRecordSets.get
  • dns.resourceRecordSets.list
  • dns.resourceRecordSets.update

networkconnectivity.groups.use

networkconnectivity.hubRouteTables.get

networkconnectivity.hubRouteTables.list

networkconnectivity.hubRoutes.get

networkconnectivity.hubRoutes.list

networkconnectivity.internalRanges.create

networkconnectivity.internalRanges.delete

networkconnectivity.internalRanges.get

networkconnectivity.internalRanges.list

networkconnectivity.operations.get

servicedirectory.namespaces.associatePrivateZone

servicedirectory.namespaces.create

servicedirectory.namespaces.delete

servicedirectory.services.create

servicedirectory.services.delete

הרשאות נוספות שנדרשות

בהתאם לפעולות שאתם צריכים לבצע ב-NCC, יכול להיות שתצטרכו את ההרשאות שמתוארות בקטעים הבאים.

הרשאה ליצירת רשת משנית

כדי ליצור spoke, צריכה להיות לכם הרשאה לקרוא את סוג המשאב של ה-spoke. לדוגמה:

  • בשביל רכזות של מנהרות VPN, רכזות של צירופים ל-VLAN ורכזות של נתבים וירטואליים, צריך compute.routers.get.
  • כדי ליצור רכיבי spoke של נתב וירטואלי, צריך compute.instances.get. בנוסף, כדי להשתמש ב-spoke של נתב וירטואלי, צריך להגדיר קישור בין רשתות שכנות (peering) בין Cloud Router לבין מופע של נתב וירטואלי. כדי ליצור שירותי Peering, אתם צריכים את ההרשאות הבאות:
    • compute.instances.use
    • compute.routers.update
  • כדי ליצור צירופים ל-VLAN, צריך compute.interconnectAttachments.get.
  • כדי ליצור רכזות של מנהרות VPN, צריך compute.vpnTunnels.get.

  • כדי ליצור רשתות VPC מסוג Hub and Spoke, צריך את ההרשאות הבאות:

    • compute.networks.use
    • compute.networks.get

  • כדי ליצור רשתות VPC מסוג Hub and Spoke בפרויקט שונה מהפרויקט שאליו הן משויכות, צריך networkconnectivity.groups.use.

הרשאה להשתמש ב-NCC במסוף Google Cloud

כדי להשתמש ב-NCC במסוף Google Cloud , צריך תפקיד – כמו Compute Network Viewer (roles/compute.networkViewer) – שכולל את ההרשאות שמתוארות בטבלה הבאה. כדי להשתמש בהרשאות האלה, קודם צריך ליצור תפקיד בהתאמה אישית.

משימה

ההרשאות הנדרשות
גישה לדף NCC
  • compute.projects.get
  • compute.networks.get
גישה לדף הוספת מרכזים ושימוש בו
  • compute.networks.list
  • compute.regions.list
  • compute.routers.list
  • compute.zones.list
  • compute.networks.get
הוספת צירוף VLAN מסוג spoke
  • compute.interconnectAttachments.list
  • compute.interconnectAttachments.get
  • compute.networks.get
  • compute.routers.list
  • compute.routers.get
הוספת רשת VPN מסוג Spoke
  • compute.forwardingRules.list
  • compute.networks.get
  • compute.routers.get
  • compute.routers.list
  • compute.targetVpnGateways.list
  • compute.vpnGateways.list
  • compute.vpnTunnels.get
  • compute.vpnTunnels.list
הוספת spoke של נתב וירטואלי
  • compute.instances.list
  • compute.instances.get
  • compute.networks.get
הוספת רשת מסוג Spoke ב-VPC
  • compute.networks.use
  • compute.networks.get
  • compute.subnetworks.list

הגנה על משאבים באמצעות VPC Service Controls

כדי לאבטח עוד יותר את המשאבים של NCC, אפשר להשתמש ב-VPC Service Controls.

‫VPC Service Controls מספק למשאבים שלכם אבטחה נוספת כדי לעזור בצמצום הסיכון לזליגת נתונים. בעזרת VPC Service Controls, אתם יכולים למקם משאבי NCC בתוך גבולות גזרה לשירות. לאחר מכן, VPC Service Controls מגן על המשאבים האלה מפני בקשות שמקורן מחוץ לגבולות הגזרה.

מידע נוסף על גבולות גזרה לשירות זמין בדף הגדרה של גבולות גזרה לשירות במסמכי העזרה של VPC Service Controls.

המאמרים הבאים

מידע נוסף על תפקידים ומשאבים בפרויקטים זמין במאמרים הבאים: Google Cloud