角色与权限
使用集合让一切井井有条
根据您的偏好保存内容并对其进行分类。
本页面介绍访问 Cloud Network Insights 所需的 Identity and Access Management (IAM) 角色和权限。如需详细了解 IAM,请参阅 Identity and Access Management 文档。
您可以授予用户或服务账号权限或预定义角色,也可以创建使用所指定权限的自定义角色。
您可能需要在 Google Cloud CLI 中运行 add-iam-policy 命令,以向用户授予 Cloud Network Insights 角色。
在 Google Cloud 中授予用户的角色会在 AppNeta 中复制。如果您可以在 Google Cloud 控制台中修改 Cloud Network Insights 资源,则可以在 AppNeta 中修改这些资源。
角色
本节介绍在授予 Cloud Network Insights 权限时如何使用预定义角色和自定义角色。
Cloud Network Insights 的预定义角色
Cloud Network Insights 具有以下预定义角色,可让您修改所有 Cloud Network Insights 资源或查看这些资源:
- Cloud Network Insights Editor (
roles/networkmanagement.cloudNetworkInsightsEditor)
- Cloud Network Insights Viewer (
roles/networkmanagement.cloudNetworkInsightsViewer)
如果您想授予用户在已启用 Cloud Network Insights 的项目中查看该功能的权限,可以向用户授予以下预定义角色之一:
- Cloud Network Management Viewer (
roles/networkmanagement.Viewer)
- Cloud Network Insights Viewer (
roles/networkmanagement.cloudNetworkInsightsViewer)
如需详细了解如何授予角色,请参阅管理对项目、文件夹和组织的访问权限。
Cloud Network Insights 角色
下表介绍了 Cloud Network Insights 的 IAM 预定义角色及其关联的权限。
如需了解详情,请参阅 IAM 权限参考文档。
| 角色 |
权限 |
Cloud Network Insights Editor
(
roles/networkmanagement.cloudNetworkInsightsEditor
)
拥有对 Cloud Network Insights 资源的完整访问权限。
您可以授予此角色的最低级层资源:
|
- networkmanagement.providers.get
- networkmanagement.providers.list
- networkmanagement.providers.generateProviderAccessToken
- networkmanagement.providers.create
- networkmanagement.providers.delete
- networkmanagement.providers.downloadConfig
- networkmanagement.monitoringPoints.get
- networkmanagement.monitoringPoints.list
- networkmanagement.networkPaths.get
- networkmanagement.networkPaths.list
- networkmanagement.webPaths.get
- networkmanagement.webPaths.list
- productrequirementsservice.requirements.record
- productrequirementsservice.requirements.check
|
Cloud Network Insights Viewer
(roles/networkmanagement.cloudNetworkInsightsViewer)
拥有对 Cloud Network Insights 资源的只读权限。
您可以授予此角色的最低级层资源:
|
- networkmanagement.providers.get
- networkmanagement.providers.list
- networkmanagement.providers.generateProviderAccessToken
- networkmanagement.monitoringPoints.get
- networkmanagement.monitoringPoints.list
- networkmanagement.networkPaths.get
- networkmanagement.networkPaths.list
- networkmanagement.webPaths.get
- networkmanagement.webPaths.list
- productrequirementsservice.requirements.check
|
提醒和日志角色
下表介绍了 IAM 预定义角色及其关联的权限,这些权限用于根据 Cloud Network Insights 数据查看或管理提醒和日志。用户还需要拥有 Cloud Network Insights Viewer 或 Editor 角色。
| 角色 |
权限
|
日志查看器
(roles/logging.viewer)
提供查看日志的权限。
您可以授予此角色的最低级层资源:
|
- logging.buckets.get
- logging.buckets.list
- logging.exclusions.get
- logging.exclusions.list
- logging.links.get
- logging.links.list
- logging.locations.*
- logging.logEntries.list
- logging.logMetrics.get
- logging.logMetrics.list
- logging.logScopes.get
- logging.logScopes.list
- logging.logServiceIndexes.list
- logging.logServices.list
- logging.logs.list
- logging.operations.get
- logging.operations.list
- logging.queries.getShared
- logging.queries.listShared
- logging.queries.usePrivate
- logging.sinks.get
- logging.sinks.list
- logging.usage.get
- logging.views.get
- logging.views.list
- observability.scopes.get
- resourcemanager.projects.get
|
Logs Configuration Writer
(roles/logging.configWriter)
创建提醒政策。
您可以授予此角色的最低级层资源:
|
- logging.buckets.create
- logging.buckets.createTagBinding
- logging.buckets.delete
- logging.buckets.deleteTagBinding
- logging.buckets.get
- logging.buckets.list
- logging.buckets.listEffectiveTags
- logging.buckets.listTagBindings
- logging.buckets.undelete
- logging.buckets.update
- logging.exclusions.*
- logging.links.*
- logging.locations.*
- logging.logMetrics.*
- logging.logScopes.*
- logging.logServiceIndexes.list
- logging.logServices.list
- logging.logs.list
- logging.notificationRules.*
- logging.operations.*
- logging.settings.*
- logging.sinks.*
- logging.sqlAlerts.*
- logging.views.create
- logging.views.delete
- logging.views.get
- logging.views.getIamPolicy
- logging.views.list
- logging.views.update
- observability.scopes.get
- resourcemanager.projects.get
- resourcemanager.projects.list
|
Monitoring NotificationChannel Editor Beta 版
(roles/monitoring.notificationChannelEditor)
创建与通知关联的提醒政策。 |
- monitoring.notificationChannelDescriptors.*
- monitoring.notificationChannels.create
- monitoring.notificationChannels.delete
- monitoring.notificationChannels.get
- monitoring.notificationChannels.list
- monitoring.notificationChannels.sendVerificationCode
- monitoring.notificationChannels.update
- monitoring.notificationChannels.verify
|
Monitoring AlertPolicy Viewer
(roles/monitoring.alertPolicyViewer)
查看提醒政策。 |
- monitoring.alertPolicies.get
- monitoring.alertPolicies.list
- monitoring.alertPolicies.listEffectiveTags
- monitoring.alertPolicies.listTagBindings
|
Monitoring AlertPolicy Editor
(roles/monitoring.alertPolicyEditor)
修改提醒政策。 |
- monitoring.alertPolicies.*
|
如未另行说明,那么本页面中的内容已根据知识共享署名 4.0 许可获得了许可,并且代码示例已根据 Apache 2.0 许可获得了许可。有关详情,请参阅 Google 开发者网站政策。Java 是 Oracle 和/或其关联公司的注册商标。
最后更新时间 (UTC):2026-03-04。
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2026-03-04。"],[],[]]
