Artifact Guard verwendet Rollen und Berechtigungen der Identitäts- und Zugriffsverwaltung (Identity and Access Management, IAM) , um den Zugriff auf Ressourcen zu verwalten. Sie können Nutzern, Gruppen oder Dienstkonten IAM-Rollen zuweisen. Informationen zum Zuweisen von Rollen finden Sie unter Zugriff auf Projekte, Ordner und Organisationen verwalten.
Artifact Guard-Rollen
Die folgenden IAM-Rollen sind für Artifact Guard verfügbar.
| Rolle | Berechtigungen |
|---|---|
| Artifact Scan Guard Admin ( roles/artifactscanguard.admin)Vollständiger Zugriff auf Artifact Guard-Ressourcen. Richtlinien erstellen, auswerten und die Richtlinienleistung visualisieren. |
artifactscanguard.artifactEvaluations.create artifactscanguard.artifactEvaluations.get artifactscanguard.artifactPoliciesEvaluations.create artifactscanguard.artifactPoliciesEvaluations.get artifactscanguard.connectors.create artifactscanguard.connectors.delete artifactscanguard.connectors.get artifactscanguard.connectors.list artifactscanguard.connectors.update artifactscanguard.locations.get artifactscanguard.locations.list artifactscanguard.operations.delete artifactscanguard.operations.get artifactscanguard.operations.list artifactscanguard.policies.create artifactscanguard.policies.delete artifactscanguard.policies.get artifactscanguard.policies.list artifactscanguard.policies.update artifactscanguard.reports.listConnectorEvaluations artifactscanguard.reports.listPolicyEvaluationSummaries monitoring.timeSeries.create orgpolicy.policy.get resourcemanager.organizations.get resourcemanager.projects.get resourcemanager.projects.list storage.folders.create storage.folders.delete storage.folders.get storage.folders.list {10ancers.rename storage.managedFolders.create storage.managedFolders.delete storage.managedFolders.get storage.managedFolders.list storage.multipartUploads.abort storage.multipartUploads.create storage.multipartUploads.list storage.multipartUploads.listParts storage.objects.create storage.objects.createContext storage.objects.delete storage.objects.deleteContext storage.objects.get storage.objects.list storage.objects.move storage.objects.restore storage.objects.update storage.objects.updateContext |
| Artifact Scan Guard Evaluation Admin ( roles/artifactscanguard.policyEvaluator)Vollständiger Zugriff auf Ressourcen für die Artefaktauswertung. |
artifactscanguard.artifactEvaluations.create artifactscanguard.artifactEvaluations.get artifactscanguard.artifactPoliciesEvaluations.create artifactscanguard.artifactPoliciesEvaluations.get artifactscanguard.locations.get artifactscanguard.locations.list artifactscanguard.operations.get monitoring.timeSeries.create orgpolicy.policy.get resourcemanager.organizations.get resourcemanager.projects.get resourcemanager.projects.list storage.folders.create storage.folders.delete storage.folders.get storage.folders.list storage.folders.rename storage.managedFolders.create storage.managedFolders.delete storage.managedFolders.get storage.managedFolders.list storage.multipartUploads.abort storage.multipartUploads.create storage.multipartUploads.list storage.multipartUploads.listParts storage.objects.create storage.objects.createContext storage.objects.delete storage.objects.deleteContext storage.objects.get storage.objects.list storage.objects.move storage.objects.restore storage.objects.update storage.objects.updateContext |
| Artifact Scan Guard Connector Admin ( roles/artifactscanguard.connectorAdmin)Vollständiger Zugriff auf Connector-Ressourcen. |
artifactscanguard.connectors.create artifactscanguard.connectors.delete artifactscanguard.connectors.get artifactscanguard.connectors.list artifactscanguard.connectors.update artifactscanguard.locations.get artifactscanguard.locations.list artifactscanguard.operations.get resourcemanager.organizations.get resourcemanager.projects.get |
| Artifact Scan Guard Policy Admin ( roles/artifactscanguard.policyAdmin)Vollständiger Zugriff auf Richtlinienressourcen. Richtlinien erstellen und die Richtlinienleistung visualisieren. |
artifactscanguard.locations.get artifactscanguard.locations.list artifactscanguard.operations.get artifactscanguard.policies.create artifactscanguard.policies.delete artifactscanguard.policies.get artifactscanguard.policies.list artifactscanguard.policies.update resourcemanager.organizations.get resourcemanager.projects.get |
| Artifact Scan Guard Policy Evaluation Admin ( roles/artifactscanguard.policyEvaluationAdmin)Vollständiger Zugriff auf Ressourcen für die Richtlinienauswertung. |
artifactscanguard.artifactPoliciesEvaluations.create artifactscanguard.artifactPoliciesEvaluations.get artifactscanguard.locations.get artifactscanguard.locations.list artifactscanguard.operations.get monitoring.timeSeries.create orgpolicy.policy.get resourcemanager.organizations.get resourcemanager.projects.get resourcemanager.projects.list storage.folders.create storage.folders.delete storage.folders.get storage.folders.list storage.folders.rename storage.managedFolders.create storage.managedFolders.delete storage.managedFolders.get storage.managedFolders.list storage.multipartUploads.abort storage.multipartUploads.create storage.multipartUploads.list storage.multipartUploads.listParts storage.objects.create storage.objects.createContext storage.objects.delete storage.objects.deleteContext storage.objects.get storage.objects.list storage.objects.move storage.objects.restore storage.objects.update storage.objects.updateContext |
| Artifact Scan Guard Report Admin ( roles/artifactscanguard.reportAdmin)Vollständiger Zugriff auf Berichtsressourcen. |
artifactscanguard.locations.get artifactscanguard.locations.list artifactscanguard.operations.get artifactscanguard.reports.listConnectorEvaluations artifactscanguard.reports.listPolicyEvaluationSummaries resourcemanager.organizations.get resourcemanager.projects.get |
| Artifact Scan Guard Viewer ( roles/artifactscanguard.viewer)Lesezugriff auf Artifact Guard-Ressourcen. |
artifactscanguard.artifactPoliciesEvaluations.get artifactscanguard.connectors.get artifactscanguard.connectors.list artifactscanguard.locations.get artifactscanguard.locations.list artifactscanguard.operations.get artifactscanguard.policies.get artifactscanguard.policies.list artifactscanguard.reports.listConnectorEvaluations artifactscanguard.reports.listPolicyEvaluationSummaries resourcemanager.organizations.get resourcemanager.projects.get |
| Artifact Scan Guard Connector Viewer ( roles/artifactscanguard.connectorViewer)Lesezugriff auf Connector-Ressourcen. |
artifactscanguard.connectors.get artifactscanguard.connectors.list artifactscanguard.locations.get artifactscanguard.locations.list artifactscanguard.operations.get resourcemanager.organizations.get resourcemanager.projects.get |
| Artifact Scan Guard Policy Viewer ( roles/artifactscanguard.policyViewer)Lesezugriff auf Richtlinienressourcen. |
artifactscanguard.locations.get artifactscanguard.locations.list artifactscanguard.operations.get artifactscanguard.policies.get artifactscanguard.policies.list resourcemanager.organizations.get resourcemanager.projects.get |
| Artifact Scan Guard Policy Evaluation Viewer ( roles/artifactscanguard.policyEvaluationViewer)Lesezugriff auf Ressourcen für die Richtlinienauswertung. |
artifactscanguard.artifactPoliciesEvaluations.get artifactscanguard.locations.get artifactscanguard.locations.list artifactscanguard.operations.get resourcemanager.organizations.get resourcemanager.projects.get |
| Artifact Scan Guard Report Viewer ( roles/artifactscanguard.reportViewer)Lesezugriff auf Berichtsressourcen. |
artifactscanguard.locations.get artifactscanguard.locations.list artifactscanguard.operations.get artifactscanguard.reports.listConnectorEvaluations artifactscanguard.reports.listPolicyEvaluationSummaries resourcemanager.organizations.get resourcemanager.projects.get |