アーティファクト保護は、Identity and Access Management(IAM)のロールと権限を使用して、リソースへのアクセスを管理します。IAM のロールは、ユーザー、グループ、サービスアカウントに付与できます。 ロールの付与については、プロジェクト、フォルダ、組織へのアクセスを管理するをご覧ください。
Artifact Guard のロール
アーティファクト保護では、次の IAM ロールを使用できます。
| ロール | 権限 |
|---|---|
| Artifact Scan Guard 管理者 ( roles/artifactscanguard.admin)アーティファクト保護リソースに対する完全アクセス権。ポリシーを作成し、 ポリシーのパフォーマンスを評価して可視化します。 |
artifactscanguard.artifactEvaluations.create artifactscanguard.artifactEvaluations.get artifactscanguard.artifactPoliciesEvaluations.create artifactscanguard.artifactPoliciesEvaluations.get artifactscanguard.connectors.create artifactscanguard.connectors.delete artifactscanguard.connectors.get artifactscanguard.connectors.list artifactscanguard.connectors.update artifactscanguard.locations.get artifactscanguard.locations.list artifactscanguard.operations.delete artifactscanguard.operations.get artifactscanguard.operations.list artifactscanguard.policies.create artifactscanguard.policies.delete artifactscanguard.policies.get artifactscanguard.policies.list artifactscanguard.policies.update artifactscanguard.reports.listConnectorEvaluations artifactscanguard.reports.listPolicyEvaluationSummaries monitoring.timeSeries.create orgpolicy.policy.get resourcemanager.organizations.get resourcemanager.projects.get resourcemanager.projects.list storage.folders.create storage.folders.delete storage.folders.get storage.folders.list storage.folders.rename storage.managedFolders.create storage.managedFolders.delete storage.managedFolders.get storage.managedFolders.list storage.multipartUploads.abort storage.multipartUploads.create storage.multipartUploads.list storage.multipartUploads.listParts storage.objects.create storage.objects.createContext storage.objects.delete storage.objects.deleteContext storage.objects.get storage.objects.list storage.objects.move storage.objects.restore storage.objects.update storage.objects.updateContext |
| Artifact Scan Guard Evaluation 管理者 ( roles/artifactscanguard.policyEvaluator)Artifact Evaluation リソースに対する完全アクセス権。 |
artifactscanguard.artifactEvaluations.create artifactscanguard.artifactEvaluations.get artifactscanguard.artifactPoliciesEvaluations.create artifactscanguard.artifactPoliciesEvaluations.get artifactscanguard.locations.get artifactscanguard.locations.list artifactscanguard.operations.get monitoring.timeSeries.create orgpolicy.policy.get resourcemanager.organizations.get resourcemanager.projects.get resourcemanager.projects.list storage.folders.create storage.folders.delete storage.folders.get storage.folders.list storage.folders.rename storage.managedFolders.create storage.managedFolders.delete storage.managedFolders.get storage.managedFolders.list storage.multipartUploads.abort storage.multipartUploads.create storage.multipartUploads.list storage.multipartUploads.listParts storage.objects.create storage.objects.createContext storage.objects.delete storage.objects.deleteContext storage.objects.get storage.objects.list storage.objects.move storage.objects.restore storage.objects.update storage.objects.updateContext |
| Artifact Scan Guard Connector 管理者 ( roles/artifactscanguard.connectorAdmin)Connector リソースに対する完全アクセス権。 |
artifactscanguard.connectors.create artifactscanguard.connectors.delete artifactscanguard.connectors.get artifactscanguard.connectors.list artifactscanguard.connectors.update artifactscanguard.locations.get artifactscanguard.locations.list artifactscanguard.operations.get resourcemanager.organizations.get resourcemanager.projects.get |
| Artifact Scan Guard Policy 管理者 ( roles/artifactscanguard.policyAdmin)Policy リソースに対する完全アクセス権。ポリシーを作成し、ポリシーのパフォーマンスを可視化します。 |
artifactscanguard.locations.get artifactscanguard.locations.list artifactscanguard.operations.get artifactscanguard.policies.create artifactscanguard.policies.delete artifactscanguard.policies.get artifactscanguard.policies.list artifactscanguard.policies.update resourcemanager.organizations.get resourcemanager.projects.get |
| Artifact Scan Guard Policy Evaluation 管理者 ( roles/artifactscanguard.policyEvaluationAdmin)Policy Evaluation リソースに対する完全アクセス権。 |
artifactscanguard.artifactPoliciesEvaluations.create artifactscanguard.artifactPoliciesEvaluations.get artifactscanguard.locations.get artifactscanguard.locations.list artifactscanguard.operations.get monitoring.timeSeries.create orgpolicy.policy.get resourcemanager.organizations.get resourcemanager.projects.get resourcemanager.projects.list storage.folders.create storage.folders.delete storage.folders.get storage.folders.list storage.folders.rename storage.managedFolders.create storage.managedFolders.delete {10ers.get storage.managedFolders.list storage.multipartUploads.abort storage.multipartUploads.create storage.multipartUploads.list storage.multipartUploads.listParts storage.objects.create storage.objects.createContext storage.objects.delete storage.objects.deleteContext storage.objects.get storage.objects.list storage.objects.move storage.objects.restore storage.objects.update storage.objects.updateContext |
| Artifact Scan Guard レポート管理者 ( roles/artifactscanguard.reportAdmin)Report リソースに対する完全アクセス権。 |
artifactscanguard.locations.get artifactscanguard.locations.list artifactscanguard.operations.get artifactscanguard.reports.listConnectorEvaluations artifactscanguard.reports.listPolicyEvaluationSummaries resourcemanager.organizations.get resourcemanager.projects.get |
| Artifact Scan Guard 閲覧者 ( roles/artifactscanguard.viewer)アーティファクト保護リソースに対する読み取り専用アクセス権。 |
artifactscanguard.artifactPoliciesEvaluations.get artifactscanguard.connectors.get artifactscanguard.connectors.list artifactscanguard.locations.get artifactscanguard.locations.list artifactscanguard.operations.get artifactscanguard.policies.get artifactscanguard.policies.list artifactscanguard.reports.listConnectorEvaluations artifactscanguard.reports.listPolicyEvaluationSummaries resourcemanager.organizations.get resourcemanager.projects.get |
| Artifact Scan Guard Connector 閲覧者 ( roles/artifactscanguard.connectorViewer)Connector リソースに対する読み取り専用アクセス権。 |
artifactscanguard.connectors.get artifactscanguard.connectors.list artifactscanguard.locations.get artifactscanguard.locations.list artifactscanguard.operations.get resourcemanager.organizations.get resourcemanager.projects.get |
| Artifact Scan Guard Policy 閲覧者 ( roles/artifactscanguard.policyViewer)Policy リソースに対する読み取り専用アクセス権。 |
artifactscanguard.locations.get artifactscanguard.locations.list artifactscanguard.operations.get artifactscanguard.policies.get artifactscanguard.policies.list resourcemanager.organizations.get resourcemanager.projects.get |
| Artifact Scan Guard Policy Evaluation 閲覧者 ( roles/artifactscanguard.policyEvaluationViewer)Policy Evaluation リソースに対する読み取り専用アクセス権。 |
artifactscanguard.artifactPoliciesEvaluations.get artifactscanguard.locations.get artifactscanguard.locations.list artifactscanguard.operations.get resourcemanager.organizations.get resourcemanager.projects.get |
| Artifact Scan Guard レポート閲覧者 ( roles/artifactscanguard.reportViewer)Report リソースに対する読み取り専用アクセス権。 |
artifactscanguard.locations.get artifactscanguard.locations.list artifactscanguard.operations.get artifactscanguard.reports.listConnectorEvaluations artifactscanguard.reports.listPolicyEvaluationSummaries resourcemanager.organizations.get resourcemanager.projects.get |