Peran dan izin

Halaman ini menjelaskan peran dan izin Identity and Access Management (IAM) yang diperlukan untuk mengakses Cloud Network Insights. Untuk mengetahui deskripsi mendetail tentang IAM, lihat dokumentasi Identity and Access Management.

Anda dapat memberikan izin atau peran bawaan kepada pengguna atau akun layanan, atau Anda dapat membuat peran khusus yang menggunakan izin yang Anda tentukan.

Anda mungkin perlu menjalankan perintah add-iam-policy di Google Cloud CLI untuk memberikan peran Cloud Network Insights kepada pengguna.

Peran yang diberikan kepada pengguna di Google Cloud direplikasi di AppNeta. Jika Anda dapat mengedit resource Cloud Network Insights di konsol Google Cloud , Anda dapat mengeditnya di AppNeta.

Peran

Bagian ini menjelaskan cara menggunakan peran standar dan kustom saat memberikan izin untuk Cloud Network Insights.

Peran bawaan untuk Cloud Network Insights

Cloud Network Insights memiliki peran yang telah ditetapkan berikut yang memungkinkan Anda mengubah semua resource Cloud Network Insights atau melihat resource:

Cloud Network Insights Editor (roles/networkmanagement.CloudNetworkInsightsEditor)
Cloud Network Insights Viewer (roles/networkmanagement.CloudNetworkInsightsViewer)

Jika ingin memberi pengguna kemampuan untuk melihat Cloud Network Insights di project yang sudah diaktifkan, Anda dapat memberi pengguna salah satu peran standar berikut:

Cloud Network Management Viewer (roles/networkmanagement.viewer)
Cloud Network Insights Viewer (roles/networkmanagement.CloudNetworkInsightsViewer)

Untuk mengetahui informasi selengkapnya tentang cara memberikan peran, lihat Mengelola akses ke project, folder, dan organisasi.

Peran Cloud Network Insights

Tabel berikut menjelaskan peran bawaan IAM dan izin terkaitnya untuk Cloud Network Insights.

Untuk mengetahui informasi selengkapnya, lihat referensi izin IAM.

Peran Izin

Peran	Izin
Cloud Network Insights Editor (`roles/networkmanagement.CloudNetworkInsightsEditor`) Akses penuh ke resource Cloud Network Insights. Resource tingkat terendah tempat Anda dapat memberikan peran ini: Project	networkmanagement.providers.get networkmanagement.providers.list networkmanagement.providers.generateProviderAccessToken networkmanagement.providers.create networkmanagement.providers.delete networkmanagement.providers.downloadConfig networkmanagement.monitoringPoints.get networkmanagement.monitoringPoints.list networkmanagement.networkPaths.get networkmanagement.networkPaths.list networkmanagement.webPaths.get networkmanagement.webPaths.list productrequirementsservice.requirements.record productrequirementsservice.requirements.check
Cloud Network Insights Viewer (`roles/networkmanagement.CloudNetworkInsightsViewer`) Akses hanya baca ke resource Cloud Network Insights. Resource tingkat terendah tempat Anda dapat memberikan peran ini: Project	networkmanagement.providers.get networkmanagement.providers.list networkmanagement.providers.generateProviderAccessToken networkmanagement.monitoringPoints.get networkmanagement.monitoringPoints.list networkmanagement.networkPaths.get networkmanagement.networkPaths.list networkmanagement.webPaths.get networkmanagement.webPaths.list productrequirementsservice.requirements.check

Cloud Network Insights Editor

(


roles/networkmanagement.CloudNetworkInsightsEditor

)

Akses penuh ke resource Cloud Network Insights.
Resource tingkat terendah tempat Anda dapat memberikan peran ini:

Project

networkmanagement.providers.get
networkmanagement.providers.list
networkmanagement.providers.generateProviderAccessToken
networkmanagement.providers.create
networkmanagement.providers.delete
networkmanagement.providers.downloadConfig
networkmanagement.monitoringPoints.get
networkmanagement.monitoringPoints.list
networkmanagement.networkPaths.get
networkmanagement.networkPaths.list
networkmanagement.webPaths.get
networkmanagement.webPaths.list
productrequirementsservice.requirements.record
productrequirementsservice.requirements.check

Cloud Network Insights Viewer

(roles/networkmanagement.CloudNetworkInsightsViewer)

Akses hanya baca ke resource Cloud Network Insights.
Resource tingkat terendah tempat Anda dapat memberikan peran ini:

Project

networkmanagement.providers.get
networkmanagement.providers.list
networkmanagement.providers.generateProviderAccessToken
networkmanagement.monitoringPoints.get
networkmanagement.monitoringPoints.list
networkmanagement.networkPaths.get
networkmanagement.networkPaths.list
networkmanagement.webPaths.get
networkmanagement.webPaths.list
productrequirementsservice.requirements.check

Peran pemberitahuan dan log

Tabel berikut menjelaskan peran bawaan IAM dan izin terkaitnya untuk melihat atau mengelola pemberitahuan dan log berdasarkan data Cloud Network Insights. Pengguna juga memerlukan peran Cloud Network Insights Viewer atau Editor.

Peran	Izin
Logs Viewer (`roles/logging.viewer`) Memberikan akses untuk melihat log. Resource tingkat terendah tempat Anda dapat memberikan peran ini: Lihat	logging.buckets.get logging.buckets.list logging.exclusions.get logging.exclusions.list logging.links.get logging.links.list logging.locations.* logging.logEntries.list logging.logMetrics.get logging.logMetrics.list logging.logScopes.get logging.logScopes.list logging.logServiceIndexes.list logging.logServices.list logging.logs.list logging.operations.get logging.operations.list logging.queries.getShared logging.queries.listShared logging.queries.usePrivate logging.sinks.get logging.sinks.list logging.usage.get logging.views.get logging.views.list observability.scopes.get resourcemanager.projects.get
Penulis Konfigurasi Log (`roles/logging.configWriter`) Buat kebijakan pemberitahuan. Resource tingkat terendah tempat Anda dapat memberikan peran ini: Lihat	logging.buckets.create logging.buckets.createTagBinding logging.buckets.delete logging.buckets.deleteTagBinding logging.buckets.get logging.buckets.list logging.buckets.listEffectiveTags logging.buckets.listTagBindings logging.buckets.undelete logging.buckets.update logging.exclusions.* logging.links.* logging.locations.* logging.logMetrics.* logging.logScopes.* logging.logServiceIndexes.list logging.logServices.list logging.logs.list logging.notificationRules.* logging.operations.* logging.settings.* logging.sinks.* logging.sqlAlerts.* logging.views.create logging.views.delete logging.views.get logging.views.getIamPolicy logging.views.list logging.views.update observability.scopes.get resourcemanager.projects.get resourcemanager.projects.list
Monitoring NotificationChannel Editor Beta (`roles/monitoring.notificationChannelEditor`) Buat kebijakan pemberitahuan yang terkait dengan notifikasi.	monitoring.notificationChannelDescriptors.* monitoring.notificationChannels.create monitoring.notificationChannels.delete monitoring.notificationChannels.get monitoring.notificationChannels.list monitoring.notificationChannels.sendVerificationCode monitoring.notificationChannels.update monitoring.notificationChannels.verify
Monitoring AlertPolicy Viewer (`roles/monitoring.alertPolicyViewer`) Melihat kebijakan pemberitahuan.	monitoring.alertPolicies.get monitoring.alertPolicies.list monitoring.alertPolicies.listEffectiveTags monitoring.alertPolicies.listTagBindings
Monitoring AlertPolicy Editor (`roles/monitoring.alertPolicyEditor`) Mengedit kebijakan pemberitahuan.	monitoring.alertPolicies.*

Peran dan izin Tetap teratur dengan koleksi Simpan dan kategorikan konten berdasarkan preferensi Anda.

Peran

Peran bawaan untuk Cloud Network Insights

Peran Cloud Network Insights

Cloud Network Insights Editor

Cloud Network Insights Viewer

Peran pemberitahuan dan log

Logs Viewer

Penulis Konfigurasi Log

Monitoring NotificationChannel Editor Beta

Monitoring AlertPolicy Viewer

Monitoring AlertPolicy Editor

Peran dan izin