Google uses AI technology to translate content into your preferred language. AI translations can contain errors.
使用 IAM 进行访问权限控制
使用集合让一切井井有条
根据您的偏好保存内容并对其进行分类。
reCAPTCHA 提供使用 Identity and Access Management (IAM) 的基于角色的访问权限控制 (RBAC),并使用 VPC Service Controls 为 reCAPTCHA API 提供访问权限控制。
使用 IAM 的基于角色的访问权限控制
借助 IAM,您可以授予对特定Google Cloud 资源的精细访问权限,并阻止对其他资源(例如日志和分析)的不必要访问。
本部分介绍了 reCAPTCHA 的 IAM 角色。
如需了解如何向用户或服务账号分配 IAM 角色,请阅读 IAM 文档中的授予、更改和撤消对资源的访问权限。
角色与权限
下表列出了 reCAPTCHA 的必要 IAM 角色及其权限:
| Role |
Permissions |
reCAPTCHA Enterprise Admin
(roles/recaptchaenterprise.admin)
Access to view and modify reCAPTCHA Enterprise keys
|
monitoring.timeSeries.list
recaptchaenterprise.firewallpolicies.*
recaptchaenterprise.firewallpolicies.createrecaptchaenterprise.firewallpolicies.deleterecaptchaenterprise.firewallpolicies.getrecaptchaenterprise.firewallpolicies.listrecaptchaenterprise.firewallpolicies.update
recaptchaenterprise.keys.*
recaptchaenterprise.keys.createrecaptchaenterprise.keys.createTagBindingrecaptchaenterprise.keys.deleterecaptchaenterprise.keys.deleteTagBindingrecaptchaenterprise.keys.getrecaptchaenterprise.keys.listrecaptchaenterprise.keys.listEffectiveTagsrecaptchaenterprise.keys.listTagBindingsrecaptchaenterprise.keys.retrievelegacysecretkeyrecaptchaenterprise.keys.update
recaptchaenterprise.metrics.get
recaptchaenterprise.projectmetadata.*
recaptchaenterprise.projectmetadata.getrecaptchaenterprise.projectmetadata.update
resourcemanager.projects.get
resourcemanager.projects.list
|
Recaptchaenterprise Editor
(roles/recaptchaenterprise.editor)
Editor role for recaptchaenterprise
|
monitoring.timeSeries.list
recaptchaenterprise.assessments.*
recaptchaenterprise.assessments.annotaterecaptchaenterprise.assessments.create
recaptchaenterprise.firewallpolicies.*
recaptchaenterprise.firewallpolicies.createrecaptchaenterprise.firewallpolicies.deleterecaptchaenterprise.firewallpolicies.getrecaptchaenterprise.firewallpolicies.listrecaptchaenterprise.firewallpolicies.update
recaptchaenterprise.keys.create
recaptchaenterprise.keys.delete
recaptchaenterprise.keys.get
recaptchaenterprise.keys.list
recaptchaenterprise.keys.listEffectiveTags
recaptchaenterprise.keys.listTagBindings
recaptchaenterprise.keys.retrievelegacysecretkey
recaptchaenterprise.keys.update
recaptchaenterprise.metrics.get
recaptchaenterprise.projectmetadata.*
recaptchaenterprise.projectmetadata.getrecaptchaenterprise.projectmetadata.update
recaptchaenterprise.relatedaccountgroupmemberships.list
recaptchaenterprise.relatedaccountgroups.list
resourcemanager.projects.get
resourcemanager.projects.list
|
reCAPTCHA Enterprise Viewer
(roles/recaptchaenterprise.viewer)
Access to view reCAPTCHA Enterprise keys and metrics
|
monitoring.timeSeries.list
recaptchaenterprise.firewallpolicies.get
recaptchaenterprise.firewallpolicies.list
recaptchaenterprise.keys.get
recaptchaenterprise.keys.list
recaptchaenterprise.keys.listEffectiveTags
recaptchaenterprise.keys.listTagBindings
recaptchaenterprise.metrics.get
recaptchaenterprise.projectmetadata.get
resourcemanager.projects.get
resourcemanager.projects.list
|
reCAPTCHA Enterprise Agent
(roles/recaptchaenterprise.agent)
Access to create and annotate reCAPTCHA Enterprise assessments
|
recaptchaenterprise.assessments.*
recaptchaenterprise.assessments.annotaterecaptchaenterprise.assessments.create
recaptchaenterprise.firewallpolicies.list
recaptchaenterprise.relatedaccountgroupmemberships.list
recaptchaenterprise.relatedaccountgroups.list
resourcemanager.projects.get
resourcemanager.projects.list
|
自定义角色
对于监管要求等用例,您可能需要自定义角色。如需创建包含 reCAPTCHA 权限的自定义角色,请执行下表所示的相应操作:
| 角色说明 |
操作 |
| 仅可授予 reCAPTCHA Enterprise API 的权限的角色 |
从 API 权限部分的权限中进行选择。 |
| 可授予 reCAPTCHA Enterprise API 和控制台的权限的角色 |
选择角色和权限部分中的权限组。 |
| 可授予创建评估和给评估添加注释的功能的角色 |
在角色和权限部分的 roles/recaptchaenterprise.agent 角色中添加权限。 |
如需详细了解自定义角色,请转至创建和管理自定义角色。
API 权限
下表列出了调用方在调用 reCAPTCHA Enterprise API recaptchaenterprise.googleapis.com/v1中的每个方法时必须具有的权限:
| 方法 (REST/RPC) |
所需权限 |
适用的资源类型 |
[recaptchaenterprise.assessments.annotate] / [AnnotateAssessmentRequest] |
recaptchaenterprise.assessments.annotate |
项目 |
[recaptchaenterprise.assessments.create] / [CreateAssessmentRequest] |
recaptchaenterprise.assessments.create |
项目 |
[recaptchaenterprise.keys.create] / [CreateKeyRequest] |
recaptchaenterprise.keys.create |
项目 |
[recaptchaenterprise.keys.delete] / [DeleteKeyRequest] |
recaptchaenterprise.keys.delete |
项目 |
[recaptchaenterprise.keys.get] / [GetKeyRequest] |
recaptchaenterprise.keys.get |
项目 |
[recaptchaenterprise.keys.list] / [ListKeysRequest] |
recaptchaenterprise.keys.list |
项目 |
[recaptchaenterprise.keys.update] / [UpdateKeyRequest] |
recaptchaenterprise.keys.update |
项目 |
VPC Service Controls
VPC Service Controls 支持 reCAPTCHA 为 reCAPTCHA API 提供额外的访问权限控制。如需了解详情,请参阅支持的产品和限制 > reCAPTCHA Enterprise。
如未另行说明,那么本页面中的内容已根据知识共享署名 4.0 许可获得了许可,并且代码示例已根据 Apache 2.0 许可获得了许可。有关详情,请参阅 Google 开发者网站政策。Java 是 Oracle 和/或其关联公司的注册商标。
最后更新时间 (UTC):2026-05-20。
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2026-05-20。"],[],[]]
