Mengontrol akses dengan IAM
Tetap teratur dengan koleksi
Simpan dan kategorikan konten berdasarkan preferensi Anda.
Saat membuat project Google Cloud , Anda adalah satu-satunya pengguna di project tersebut. Secara default, tidak ada pengguna lain yang memiliki akses ke project Anda atau resource-nya.
Identity and Access Management (IAM) mengelola akses ke resource Google Cloud , seperti cluster. Izin ditetapkan ke akun utama IAM.
IAM memungkinkan Anda memberikan peran ke
akun utama. Peran adalah kumpulan izin, dan jika diberikan kepada akun utama, akan mengontrol akses ke satu atau beberapa Google Cloud resource. Anda
dapat menggunakan jenis peran berikut:
Peran dasar memberikan izin umum
yang dibatasi untuk Pemilik, Editor, dan Viewer.
Peran yang telah ditetapkan, memberikan akses yang lebih terperinci daripada peran dasar dan menangani banyak kasus penggunaan umum.
Peran khusus memungkinkan Anda membuat kombinasi izin yang unik.
Akun utama dapat berupa salah satu dari berikut:
Akun pengguna
Akun layanan
Google Grup Google Workspace
Domain Google Workspace
Domain Cloud Identity
Jenis kebijakan IAM
IAM mendukung jenis kebijakan berikut:
Kebijakan izin: memberikan peran kepada akun utama. Untuk mengetahui detailnya, lihat
Kebijakan izinkan.
Kebijakan tolak: mencegah akun utama menggunakan izin IAM
tertentu, terlepas dari peran yang diberikan kepada akun utama tersebut. Untuk
mengetahui detailnya, lihat Kebijakan penolakan.
Gunakan kebijakan tolak untuk membatasi akun utama tertentu agar tidak melakukan tindakan
tertentu di project, folder, atau organisasi Anda meskipun kebijakan izin
IAM memberikan peran yang berisi izin
yang relevan kepada akun utama tersebut.
Peran yang telah ditetapkan
IAM menyediakan peran yang telah ditetapkan untuk memberikan akses terperinci ke resource Google Cloud tertentu dan mencegah akses yang tidak diinginkan ke resource lain. Google Cloud membuat dan mengelola peran ini serta otomatis memperbarui izinnya sesuai kebutuhan, seperti saat Google Cloud Observability menambahkan fitur baru.
Peran bawaan untuk Google Cloud Observability berisi izin untuk fitur yang mencakup beberapa area produk. Karena alasan ini, Anda mungkin melihat beberapa izin,
seperti observability.scopes.get, disertakan dalam peran bawaan untuk area produk
tersebut. Misalnya, peran Logs Viewer (roles/logging.viewer)
menyertakan izin observability.scopes.get selain banyak
izin khusus logging.
Tabel berikut mencantumkan peran bawaan untuk Google Cloud Observability. Untuk
setiap peran, tabel menampilkan judul peran, deskripsi, izin
yang dimuat, dan jenis resource tingkat terendah tempat peran dapat diberikan.
Anda dapat memberikan peran bawaan di Google Cloud tingkat project atau, dalam
sebagian besar kasus, jenis apa pun yang lebih tinggi dalam
hierarki resource.
Untuk mendapatkan daftar semua
izin individual yang terdapat dalam peran, lihat
Mendapatkan metadata peran.
Peran kemampuan observasi
Role
Permissions
Observability Admin
Beta
(roles/observability.admin)
Full access to Observability resources.
observability.*
observability.analyticsViews.create
observability.analyticsViews.delete
observability.analyticsViews.get
observability.analyticsViews.list
observability.analyticsViews.update
observability.buckets.create
observability.buckets.delete
observability.buckets.get
observability.buckets.list
observability.buckets.undelete
observability.buckets.update
observability.datasets.create
observability.datasets.delete
observability.datasets.get
observability.datasets.list
observability.datasets.undelete
observability.datasets.update
observability.links.create
observability.links.delete
observability.links.get
observability.links.list
observability.links.update
observability.locations.get
observability.locations.list
observability.operations.cancel
observability.operations.delete
observability.operations.get
observability.operations.list
observability.scopes.get
observability.scopes.update
observability.settings.get
observability.settings.update
observability.traceScopes.create
observability.traceScopes.delete
observability.traceScopes.get
observability.traceScopes.list
observability.traceScopes.update
observability.views.access
observability.views.create
observability.views.delete
observability.views.get
observability.views.list
observability.views.update
Observability Analytics User
Beta
(roles/observability.analyticsUser)
Grants permissions to use Cloud Observability Analytics.
logging.queries.getShared
logging.queries.listShared
logging.queries.usePrivate
observability.analyticsViews.*
observability.analyticsViews.create
observability.analyticsViews.delete
observability.analyticsViews.get
observability.analyticsViews.list
observability.analyticsViews.update
observability.buckets.get
observability.buckets.list
observability.datasets.get
observability.datasets.list
observability.links.get
observability.links.list
observability.locations.*
observability.locations.get
observability.locations.list
observability.operations.get
observability.operations.list
observability.scopes.get
observability.settings.get
observability.traceScopes.get
observability.traceScopes.list
observability.views.get
observability.views.list
Observability Editor
Beta
(roles/observability.editor)
Edit access to Observability resources.
observability.analyticsViews.*
observability.analyticsViews.create
observability.analyticsViews.delete
observability.analyticsViews.get
observability.analyticsViews.list
observability.analyticsViews.update
observability.buckets.create
observability.buckets.get
observability.buckets.list
observability.buckets.update
observability.datasets.create
observability.datasets.get
observability.datasets.list
observability.datasets.update
observability.links.*
observability.links.create
observability.links.delete
observability.links.get
observability.links.list
observability.links.update
observability.locations.*
observability.locations.get
observability.locations.list
observability.operations.*
observability.operations.cancel
observability.operations.delete
observability.operations.get
observability.operations.list
observability.scopes.*
observability.scopes.get
observability.scopes.update
observability.settings.*
observability.settings.get
observability.settings.update
observability.traceScopes.*
observability.traceScopes.create
observability.traceScopes.delete
observability.traceScopes.get
observability.traceScopes.list
observability.traceScopes.update
observability.views.create
observability.views.delete
observability.views.get
observability.views.list
observability.views.update
Observability Scopes Editor
Beta
(roles/observability.scopesEditor)
Grants permission to view and edit Observability, Logging, Trace, and Monitoring scopes
logging.logScopes.*
logging.logScopes.create
logging.logScopes.delete
logging.logScopes.get
logging.logScopes.list
logging.logScopes.update
monitoring.metricsScopes.link
observability.scopes.*
observability.scopes.get
observability.scopes.update
observability.traceScopes.*
observability.traceScopes.create
observability.traceScopes.delete
observability.traceScopes.get
observability.traceScopes.list
observability.traceScopes.update
Observability Service Agent
(roles/observability.serviceAgent)
Grants Observability service account the ability to list, create and link datasets in the consumer project.
bigquery.datasets.create
bigquery.datasets.get
bigquery.datasets.link
Observability View Accessor
Beta
(roles/observability.viewAccessor)
Read only access to data defined by an Observability View.
observability.views.access
Observability Viewer
Beta
(roles/observability.viewer)
Read only access to Observability resources.
observability.analyticsViews.get
observability.analyticsViews.list
observability.buckets.get
observability.buckets.list
observability.datasets.get
observability.datasets.list
observability.links.get
observability.links.list
observability.locations.*
observability.locations.get
observability.locations.list
observability.operations.get
observability.operations.list
observability.scopes.get
observability.settings.get
observability.traceScopes.get
observability.traceScopes.list
observability.views.get
observability.views.list
Peran Telemetry API
Role
Permissions
Consumer Admin
Beta
(roles/telemetry.consumerAdmin)
Grants permission management access to consumer resources.
telemetry.consumers.getIamPolicy
telemetry.consumers.setIamPolicy
Cloud Telemetry Logs Writer
Beta
(roles/telemetry.logsWriter)
Access to write logs.
telemetry.logs.write
Cloud Telemetry Metrics Writer
(roles/telemetry.metricsWriter)
Access to write metrics.
telemetry.metrics.write
Integrated Service Telemetry Logs Writer
Beta
(roles/telemetry.serviceLogsWriter)
Allows an onboarded service to write log data to a destination.
telemetry.consumers.writeLogs
Integrated Service Telemetry Metrics Writer
Beta
(roles/telemetry.serviceMetricsWriter)
Allows an onboarded service to write metrics data to a destination.
telemetry.consumers.writeMetrics
Integrated Service Telemetry Writer
Beta
(roles/telemetry.serviceTelemetryWriter)
Allows an onboarded service to write all telemetry data to a destination.
telemetry.consumers.writeLogs
telemetry.consumers.writeMetrics
telemetry.consumers.writeTraces
Integrated Service Telemetry Traces Writer
Beta
(roles/telemetry.serviceTracesWriter)
Allows an onboarded service to write trace data to a destination.
[[["Mudah dipahami","easyToUnderstand","thumb-up"],["Memecahkan masalah saya","solvedMyProblem","thumb-up"],["Lainnya","otherUp","thumb-up"]],[["Sulit dipahami","hardToUnderstand","thumb-down"],["Informasi atau kode contoh salah","incorrectInformationOrSampleCode","thumb-down"],["Informasi/contoh yang saya butuhkan tidak ada","missingTheInformationSamplesINeed","thumb-down"],["Masalah terjemahan","translationIssue","thumb-down"],["Lainnya","otherDown","thumb-down"]],["Terakhir diperbarui pada 2026-03-16 UTC."],[],[]]
