使用 IAM 进行访问权限控制

如需限制项目或组织内用户的访问权限,您可以为 Dataflow 使用 Identity and Access Management (IAM) 角色。您可以控制对 Dataflow 相关资源的访问权限,而不是向用户授予整个 Google Cloud 项目的 Viewer、Editor 或 Owner 角色。

本页重点介绍了如何使用 Dataflow 的 IAM 角色。如需详细了解 IAM 及其功能,请参阅 IAM 文档

每种 Dataflow 方法都要求调用者拥有必要的权限。有关 Dataflow 支持的权限和角色的列表,请参阅以下部分。

权限和角色

本部分汇总了 Dataflow IAM 支持的权限和角色。

所需权限

下表列出了调用者调用每种方法必须具备的权限:

方法 所需权限
dataflow.jobs.create dataflow.jobs.create
dataflow.jobs.cancel dataflow.jobs.cancel
dataflow.jobs.updateContents dataflow.jobs.updateContents
dataflow.jobs.list dataflow.jobs.list
dataflow.jobs.get dataflow.jobs.get
dataflow.messages.list dataflow.messages.list
dataflow.metrics.get dataflow.metrics.get
dataflow.jobs.snapshot dataflow.jobs.snapshot

角色

下表列出了 Dataflow IAM 角色,还有一个列表列出每个角色包含的 Dataflow 相关权限。每个权限适用于特定的资源类型。如需查看权限列表,请参阅 Google Cloud Console 中的角色页面。

Role Permissions

(roles/dataflow.admin)

Minimal role for creating and managing dataflow jobs.

cloudbuild.builds.create

cloudbuild.builds.get

cloudbuild.builds.list

cloudbuild.builds.update

cloudbuild.locations.*

  • cloudbuild.locations.get
  • cloudbuild.locations.list

cloudbuild.operations.*

  • cloudbuild.operations.get
  • cloudbuild.operations.list

cloudkms.keyHandles.*

  • cloudkms.keyHandles.create
  • cloudkms.keyHandles.get
  • cloudkms.keyHandles.list

cloudkms.operations.get

cloudkms.projects.showEffectiveAutokeyConfig

compute.machineTypes.get

compute.projects.get

compute.regions.list

compute.zones.list

dataflow.jobs.*

  • dataflow.jobs.cancel
  • dataflow.jobs.create
  • dataflow.jobs.get
  • dataflow.jobs.list
  • dataflow.jobs.snapshot
  • dataflow.jobs.updateContents

dataflow.messages.list

dataflow.metrics.get

dataflow.snapshots.*

  • dataflow.snapshots.delete
  • dataflow.snapshots.get
  • dataflow.snapshots.list

recommender.dataflowDiagnosticsInsights.*

  • recommender.dataflowDiagnosticsInsights.get
  • recommender.dataflowDiagnosticsInsights.list
  • recommender.dataflowDiagnosticsInsights.update

remotebuildexecution.blobs.get

resourcemanager.projects.get

resourcemanager.projects.list

storage.buckets.get

storage.objects.create

storage.objects.get

storage.objects.list

(roles/dataflow.developer)

Provides the permissions necessary to execute and manipulate Dataflow jobs.

Lowest-level resources where you can grant this role:

  • Project

cloudbuild.builds.create

cloudbuild.builds.get

cloudbuild.builds.list

cloudbuild.builds.update

cloudbuild.locations.*

  • cloudbuild.locations.get
  • cloudbuild.locations.list

cloudbuild.operations.*

  • cloudbuild.operations.get
  • cloudbuild.operations.list

cloudkms.keyHandles.*

  • cloudkms.keyHandles.create
  • cloudkms.keyHandles.get
  • cloudkms.keyHandles.list

cloudkms.operations.get

cloudkms.projects.showEffectiveAutokeyConfig

compute.projects.get

compute.regions.list

compute.zones.list

dataflow.jobs.*

  • dataflow.jobs.cancel
  • dataflow.jobs.create
  • dataflow.jobs.get
  • dataflow.jobs.list
  • dataflow.jobs.snapshot
  • dataflow.jobs.updateContents

dataflow.messages.list

dataflow.metrics.get

dataflow.snapshots.*

  • dataflow.snapshots.delete
  • dataflow.snapshots.get
  • dataflow.snapshots.list

recommender.dataflowDiagnosticsInsights.*

  • recommender.dataflowDiagnosticsInsights.get
  • recommender.dataflowDiagnosticsInsights.list
  • recommender.dataflowDiagnosticsInsights.update

remotebuildexecution.blobs.get

resourcemanager.projects.get

resourcemanager.projects.list

(roles/dataflow.serviceAgent)

Gives Cloud Dataflow service account access to managed resources. Includes access to service accounts.

backupdr.backupPlanAssociations.createForComputeDisk

backupdr.backupPlanAssociations.createForComputeInstance

backupdr.backupPlanAssociations.deleteForComputeDisk

backupdr.backupPlanAssociations.deleteForComputeInstance

backupdr.backupPlanAssociations.list

backupdr.backupPlanAssociations.triggerBackupForComputeDisk

backupdr.backupPlanAssociations.triggerBackupForComputeInstance

backupdr.backupPlanAssociations.updateForComputeDisk

backupdr.backupPlanAssociations.updateForComputeInstance

backupdr.backupPlans.get

backupdr.backupPlans.list

backupdr.backupPlans.useForComputeDisk

backupdr.backupPlans.useForComputeInstance

backupdr.backupVaults.get

backupdr.backupVaults.list

backupdr.locations.list

backupdr.operations.get

backupdr.operations.list

backupdr.serviceConfig.initialize

bigquery.bireservations.*

  • bigquery.bireservations.get
  • bigquery.bireservations.update

bigquery.capacityCommitments.*

  • bigquery.capacityCommitments.create
  • bigquery.capacityCommitments.delete
  • bigquery.capacityCommitments.get
  • bigquery.capacityCommitments.list
  • bigquery.capacityCommitments.update

bigquery.config.*

  • bigquery.config.get
  • bigquery.config.update

bigquery.connections.*

  • bigquery.connections.create
  • bigquery.connections.delegate
  • bigquery.connections.delete
  • bigquery.connections.get
  • bigquery.connections.getIamPolicy
  • bigquery.connections.list
  • bigquery.connections.setIamPolicy
  • bigquery.connections.update
  • bigquery.connections.updateTag
  • bigquery.connections.use

bigquery.dataPolicies.create

bigquery.dataPolicies.delete

bigquery.dataPolicies.get

bigquery.dataPolicies.getIamPolicy

bigquery.dataPolicies.list

bigquery.dataPolicies.setIamPolicy

bigquery.dataPolicies.update

bigquery.datasets.*

  • bigquery.datasets.create
  • bigquery.datasets.createTagBinding
  • bigquery.datasets.delete
  • bigquery.datasets.deleteTagBinding
  • bigquery.datasets.get
  • bigquery.datasets.getIamPolicy
  • bigquery.datasets.link
  • bigquery.datasets.listEffectiveTags
  • bigquery.datasets.listSharedDatasetUsage
  • bigquery.datasets.listTagBindings
  • bigquery.datasets.setIamPolicy
  • bigquery.datasets.update
  • bigquery.datasets.updateTag

bigquery.jobs.*

  • bigquery.jobs.create
  • bigquery.jobs.delete
  • bigquery.jobs.get
  • bigquery.jobs.list
  • bigquery.jobs.listAll
  • bigquery.jobs.listExecutionMetadata
  • bigquery.jobs.update

bigquery.models.*

  • bigquery.models.create
  • bigquery.models.delete
  • bigquery.models.export
  • bigquery.models.getData
  • bigquery.models.getMetadata
  • bigquery.models.list
  • bigquery.models.updateData
  • bigquery.models.updateMetadata
  • bigquery.models.updateTag

bigquery.objectRefs.*

  • bigquery.objectRefs.read
  • bigquery.objectRefs.write

bigquery.readsessions.*

  • bigquery.readsessions.create
  • bigquery.readsessions.getData
  • bigquery.readsessions.update

bigquery.reservationAssignments.*

  • bigquery.reservationAssignments.create
  • bigquery.reservationAssignments.delete
  • bigquery.reservationAssignments.list
  • bigquery.reservationAssignments.search

bigquery.reservations.*

  • bigquery.reservations.create
  • bigquery.reservations.delete
  • bigquery.reservations.get
  • bigquery.reservations.list
  • bigquery.reservations.listFailoverDatasets
  • bigquery.reservations.update
  • bigquery.reservations.use

bigquery.routines.*

  • bigquery.routines.create
  • bigquery.routines.delete
  • bigquery.routines.get
  • bigquery.routines.list
  • bigquery.routines.update
  • bigquery.routines.updateTag

bigquery.rowAccessPolicies.create

bigquery.rowAccessPolicies.delete

bigquery.rowAccessPolicies.get

bigquery.rowAccessPolicies.getIamPolicy

bigquery.rowAccessPolicies.list

bigquery.rowAccessPolicies.overrideTimeTravelRestrictions

bigquery.rowAccessPolicies.setIamPolicy

bigquery.rowAccessPolicies.update

bigquery.savedqueries.*

  • bigquery.savedqueries.create
  • bigquery.savedqueries.delete
  • bigquery.savedqueries.get
  • bigquery.savedqueries.list
  • bigquery.savedqueries.update

bigquery.tables.*

  • bigquery.tables.create
  • bigquery.tables.createIndex
  • bigquery.tables.createSnapshot
  • bigquery.tables.createTagBinding
  • bigquery.tables.delete
  • bigquery.tables.deleteIndex
  • bigquery.tables.deleteSnapshot
  • bigquery.tables.deleteTagBinding
  • bigquery.tables.export
  • bigquery.tables.get
  • bigquery.tables.getData
  • bigquery.tables.getIamPolicy
  • bigquery.tables.list
  • bigquery.tables.listEffectiveTags
  • bigquery.tables.listTagBindings
  • bigquery.tables.replicateData
  • bigquery.tables.restoreSnapshot
  • bigquery.tables.setCategory
  • bigquery.tables.setColumnDataPolicy
  • bigquery.tables.setIamPolicy
  • bigquery.tables.update
  • bigquery.tables.updateData
  • bigquery.tables.updateIndex
  • bigquery.tables.updateTag

bigquery.transfers.*

  • bigquery.transfers.get
  • bigquery.transfers.update

bigquerymigration.translation.translate

clouddebugger.breakpoints.list

clouddebugger.breakpoints.listActive

clouddebugger.breakpoints.update

clouddebugger.debuggees.create

cloudnotifications.activities.list

compute.acceleratorTypes.*

  • compute.acceleratorTypes.get
  • compute.acceleratorTypes.list

compute.addresses.*

  • compute.addresses.create
  • compute.addresses.createInternal
  • compute.addresses.createTagBinding
  • compute.addresses.delete
  • compute.addresses.deleteInternal
  • compute.addresses.deleteTagBinding
  • compute.addresses.get
  • compute.addresses.list
  • compute.addresses.listEffectiveTags
  • compute.addresses.listTagBindings
  • compute.addresses.setLabels
  • compute.addresses.use
  • compute.addresses.useInternal

compute.autoscalers.*

  • compute.autoscalers.create
  • compute.autoscalers.delete
  • compute.autoscalers.get
  • compute.autoscalers.list
  • compute.autoscalers.update

compute.backendBuckets.*

  • compute.backendBuckets.addSignedUrlKey
  • compute.backendBuckets.create
  • compute.backendBuckets.createTagBinding
  • compute.backendBuckets.delete
  • compute.backendBuckets.deleteSignedUrlKey
  • compute.backendBuckets.deleteTagBinding
  • compute.backendBuckets.get
  • compute.backendBuckets.getIamPolicy
  • compute.backendBuckets.list
  • compute.backendBuckets.listEffectiveTags
  • compute.backendBuckets.listTagBindings
  • compute.backendBuckets.setIamPolicy
  • compute.backendBuckets.setSecurityPolicy
  • compute.backendBuckets.update
  • compute.backendBuckets.use

compute.backendServices.*

  • compute.backendServices.addSignedUrlKey
  • compute.backendServices.create
  • compute.backendServices.createTagBinding
  • compute.backendServices.delete
  • compute.backendServices.deleteSignedUrlKey
  • compute.backendServices.deleteTagBinding
  • compute.backendServices.get
  • compute.backendServices.getIamPolicy
  • compute.backendServices.list
  • compute.backendServices.listEffectiveTags
  • compute.backendServices.listTagBindings
  • compute.backendServices.setIamPolicy
  • compute.backendServices.setSecurityPolicy
  • compute.backendServices.update
  • compute.backendServices.use

compute.crossSiteNetworks.*

  • compute.crossSiteNetworks.create
  • compute.crossSiteNetworks.delete
  • compute.crossSiteNetworks.get
  • compute.crossSiteNetworks.list
  • compute.crossSiteNetworks.update

compute.diskSettings.*

  • compute.diskSettings.get
  • compute.diskSettings.update

compute.diskTypes.*

  • compute.diskTypes.get
  • compute.diskTypes.list

compute.disks.*

  • compute.disks.addResourcePolicies
  • compute.disks.create
  • compute.disks.createSnapshot
  • compute.disks.createTagBinding
  • compute.disks.delete
  • compute.disks.deleteTagBinding
  • compute.disks.get
  • compute.disks.getIamPolicy
  • compute.disks.list
  • compute.disks.listEffectiveTags
  • compute.disks.listTagBindings
  • compute.disks.removeResourcePolicies
  • compute.disks.resize
  • compute.disks.setIamPolicy
  • compute.disks.setLabels
  • compute.disks.startAsyncReplication
  • compute.disks.stopAsyncReplication
  • compute.disks.stopGroupAsyncReplication
  • compute.disks.update
  • compute.disks.use
  • compute.disks.useReadOnly

compute.externalVpnGateways.*

  • compute.externalVpnGateways.create
  • compute.externalVpnGateways.createTagBinding
  • compute.externalVpnGateways.delete
  • compute.externalVpnGateways.deleteTagBinding
  • compute.externalVpnGateways.get
  • compute.externalVpnGateways.list
  • compute.externalVpnGateways.listEffectiveTags
  • compute.externalVpnGateways.listTagBindings
  • compute.externalVpnGateways.setLabels
  • compute.externalVpnGateways.use

compute.firewallPolicies.get

compute.firewallPolicies.list

compute.firewallPolicies.listEffectiveTags

compute.firewallPolicies.listTagBindings

compute.firewallPolicies.use

compute.firewalls.get

compute.firewalls.list

compute.firewalls.listEffectiveTags

compute.firewalls.listTagBindings

compute.forwardingRules.*

  • compute.forwardingRules.create
  • compute.forwardingRules.createTagBinding
  • compute.forwardingRules.delete
  • compute.forwardingRules.deleteTagBinding
  • compute.forwardingRules.get
  • compute.forwardingRules.list
  • compute.forwardingRules.listEffectiveTags
  • compute.forwardingRules.listTagBindings
  • compute.forwardingRules.pscCreate
  • compute.forwardingRules.pscDelete
  • compute.forwardingRules.pscSetLabels
  • compute.forwardingRules.pscSetTarget
  • compute.forwardingRules.pscUpdate
  • compute.forwardingRules.setLabels
  • compute.forwardingRules.setTarget
  • compute.forwardingRules.update
  • compute.forwardingRules.use

compute.globalAddresses.*

  • compute.globalAddresses.create
  • compute.globalAddresses.createInternal
  • compute.globalAddresses.createTagBinding
  • compute.globalAddresses.delete
  • compute.globalAddresses.deleteInternal
  • compute.globalAddresses.deleteTagBinding
  • compute.globalAddresses.get
  • compute.globalAddresses.list
  • compute.globalAddresses.listEffectiveTags
  • compute.globalAddresses.listTagBindings
  • compute.globalAddresses.setLabels
  • compute.globalAddresses.use

compute.globalForwardingRules.*

  • compute.globalForwardingRules.create
  • compute.globalForwardingRules.createTagBinding
  • compute.globalForwardingRules.delete
  • compute.globalForwardingRules.deleteTagBinding
  • compute.globalForwardingRules.get
  • compute.globalForwardingRules.list
  • compute.globalForwardingRules.listEffectiveTags
  • compute.globalForwardingRules.listTagBindings
  • compute.globalForwardingRules.pscCreate
  • compute.globalForwardingRules.pscDelete
  • compute.globalForwardingRules.pscSetLabels
  • compute.globalForwardingRules.pscSetTarget
  • compute.globalForwardingRules.pscUpdate
  • compute.globalForwardingRules.setLabels
  • compute.globalForwardingRules.setTarget
  • compute.globalForwardingRules.update

compute.globalNetworkEndpointGroups.*

  • compute.globalNetworkEndpointGroups.attachNetworkEndpoints
  • compute.globalNetworkEndpointGroups.create
  • compute.globalNetworkEndpointGroups.createTagBinding
  • compute.globalNetworkEndpointGroups.delete
  • compute.globalNetworkEndpointGroups.deleteTagBinding
  • compute.globalNetworkEndpointGroups.detachNetworkEndpoints
  • compute.globalNetworkEndpointGroups.get
  • compute.globalNetworkEndpointGroups.list
  • compute.globalNetworkEndpointGroups.listEffectiveTags
  • compute.globalNetworkEndpointGroups.listTagBindings
  • compute.globalNetworkEndpointGroups.use

compute.globalOperations.get

compute.globalOperations.list

compute.globalPublicDelegatedPrefixes.delete

compute.globalPublicDelegatedPrefixes.get

compute.globalPublicDelegatedPrefixes.list

compute.globalPublicDelegatedPrefixes.updatePolicy

compute.healthChecks.*

  • compute.healthChecks.create
  • compute.healthChecks.createTagBinding
  • compute.healthChecks.delete
  • compute.healthChecks.deleteTagBinding
  • compute.healthChecks.get
  • compute.healthChecks.list
  • compute.healthChecks.listEffectiveTags
  • compute.healthChecks.listTagBindings
  • compute.healthChecks.update
  • compute.healthChecks.use
  • compute.healthChecks.useReadOnly

compute.httpHealthChecks.*

  • compute.httpHealthChecks.create
  • compute.httpHealthChecks.createTagBinding
  • compute.httpHealthChecks.delete
  • compute.httpHealthChecks.deleteTagBinding
  • compute.httpHealthChecks.get
  • compute.httpHealthChecks.list
  • compute.httpHealthChecks.listEffectiveTags
  • compute.httpHealthChecks.listTagBindings
  • compute.httpHealthChecks.update
  • compute.httpHealthChecks.use
  • compute.httpHealthChecks.useReadOnly

compute.httpsHealthChecks.*

  • compute.httpsHealthChecks.create
  • compute.httpsHealthChecks.createTagBinding
  • compute.httpsHealthChecks.delete
  • compute.httpsHealthChecks.deleteTagBinding
  • compute.httpsHealthChecks.get
  • compute.httpsHealthChecks.list
  • compute.httpsHealthChecks.listEffectiveTags
  • compute.httpsHealthChecks.listTagBindings
  • compute.httpsHealthChecks.update
  • compute.httpsHealthChecks.use
  • compute.httpsHealthChecks.useReadOnly

compute.images.*

  • compute.images.create
  • compute.images.createTagBinding
  • compute.images.delete
  • compute.images.deleteTagBinding
  • compute.images.deprecate
  • compute.images.get
  • compute.images.getFromFamily
  • compute.images.getIamPolicy
  • compute.images.list
  • compute.images.listEffectiveTags
  • compute.images.listTagBindings
  • compute.images.setIamPolicy
  • compute.images.setLabels
  • compute.images.update
  • compute.images.useReadOnly

compute.instanceGroupManagers.*

  • compute.instanceGroupManagers.create
  • compute.instanceGroupManagers.createTagBinding
  • compute.instanceGroupManagers.delete
  • compute.instanceGroupManagers.deleteTagBinding
  • compute.instanceGroupManagers.get
  • compute.instanceGroupManagers.list
  • compute.instanceGroupManagers.listEffectiveTags
  • compute.instanceGroupManagers.listTagBindings
  • compute.instanceGroupManagers.update
  • compute.instanceGroupManagers.use

compute.instanceGroups.*

  • compute.instanceGroups.create
  • compute.instanceGroups.createTagBinding
  • compute.instanceGroups.delete
  • compute.instanceGroups.deleteTagBinding
  • compute.instanceGroups.get
  • compute.instanceGroups.list
  • compute.instanceGroups.listEffectiveTags
  • compute.instanceGroups.listTagBindings
  • compute.instanceGroups.update
  • compute.instanceGroups.use

compute.instanceSettings.get

compute.instanceTemplates.*

  • compute.instanceTemplates.create
  • compute.instanceTemplates.delete
  • compute.instanceTemplates.get
  • compute.instanceTemplates.getIamPolicy
  • compute.instanceTemplates.list
  • compute.instanceTemplates.setIamPolicy
  • compute.instanceTemplates.useReadOnly

compute.instances.*

  • compute.instances.addAccessConfig
  • compute.instances.addNetworkInterface
  • compute.instances.addResourcePolicies
  • compute.instances.attachDisk
  • compute.instances.create
  • compute.instances.createTagBinding
  • compute.instances.delete
  • compute.instances.deleteAccessConfig
  • compute.instances.deleteNetworkInterface
  • compute.instances.deleteTagBinding
  • compute.instances.detachDisk
  • compute.instances.get
  • compute.instances.getEffectiveFirewalls
  • compute.instances.getGuestAttributes
  • compute.instances.getIamPolicy
  • compute.instances.getScreenshot
  • compute.instances.getSerialPortOutput
  • compute.instances.getShieldedInstanceIdentity
  • compute.instances.getShieldedVmIdentity
  • compute.instances.list
  • compute.instances.listEffectiveTags
  • compute.instances.listReferrers
  • compute.instances.listTagBindings
  • compute.instances.osAdminLogin
  • compute.instances.osLogin
  • compute.instances.pscInterfaceCreate
  • compute.instances.removeResourcePolicies
  • compute.instances.reset
  • compute.instances.resume
  • compute.instances.sendDiagnosticInterrupt
  • compute.instances.setDeletionProtection
  • compute.instances.setDiskAutoDelete
  • compute.instances.setIamPolicy
  • compute.instances.setLabels
  • compute.instances.setMachineResources
  • compute.instances.setMachineType
  • compute.instances.setMetadata
  • compute.instances.setMinCpuPlatform
  • compute.instances.setName
  • compute.instances.setScheduling
  • compute.instances.setSecurityPolicy
  • compute.instances.setServiceAccount
  • compute.instances.setShieldedInstanceIntegrityPolicy
  • compute.instances.setShieldedVmIntegrityPolicy
  • compute.instances.setTags
  • compute.instances.simulateMaintenanceEvent
  • compute.instances.start
  • compute.instances.startWithEncryptionKey
  • compute.instances.stop
  • compute.instances.suspend
  • compute.instances.update
  • compute.instances.updateAccessConfig
  • compute.instances.updateDisplayDevice
  • compute.instances.updateNetworkInterface
  • compute.instances.updateSecurity
  • compute.instances.updateShieldedInstanceConfig
  • compute.instances.updateShieldedVmConfig
  • compute.instances.use
  • compute.instances.useReadOnly

compute.instantSnapshots.*

  • compute.instantSnapshots.create
  • compute.instantSnapshots.delete
  • compute.instantSnapshots.export
  • compute.instantSnapshots.get
  • compute.instantSnapshots.getIamPolicy
  • compute.instantSnapshots.list
  • compute.instantSnapshots.setIamPolicy
  • compute.instantSnapshots.setLabels
  • compute.instantSnapshots.useReadOnly

compute.interconnectAttachmentGroups.*

  • compute.interconnectAttachmentGroups.create
  • compute.interconnectAttachmentGroups.delete
  • compute.interconnectAttachmentGroups.get
  • compute.interconnectAttachmentGroups.list
  • compute.interconnectAttachmentGroups.patch

compute.interconnectAttachments.*

  • compute.interconnectAttachments.create
  • compute.interconnectAttachments.createTagBinding
  • compute.interconnectAttachments.delete
  • compute.interconnectAttachments.deleteTagBinding
  • compute.interconnectAttachments.get
  • compute.interconnectAttachments.list
  • compute.interconnectAttachments.listEffectiveTags
  • compute.interconnectAttachments.listTagBindings
  • compute.interconnectAttachments.setLabels
  • compute.interconnectAttachments.update
  • compute.interconnectAttachments.use

compute.interconnectGroups.*

  • compute.interconnectGroups.create
  • compute.interconnectGroups.delete
  • compute.interconnectGroups.get
  • compute.interconnectGroups.list
  • compute.interconnectGroups.patch

compute.interconnectLocations.*

  • compute.interconnectLocations.get
  • compute.interconnectLocations.list

compute.interconnectRemoteLocations.*

  • compute.interconnectRemoteLocations.get
  • compute.interconnectRemoteLocations.list

compute.interconnects.*

  • compute.interconnects.create
  • compute.interconnects.createTagBinding
  • compute.interconnects.delete
  • compute.interconnects.deleteTagBinding
  • compute.interconnects.get
  • compute.interconnects.getMacsecConfig
  • compute.interconnects.list
  • compute.interconnects.listEffectiveTags
  • compute.interconnects.listTagBindings
  • compute.interconnects.setLabels
  • compute.interconnects.update
  • compute.interconnects.use

compute.licenseCodes.*

  • compute.licenseCodes.get
  • compute.licenseCodes.getIamPolicy
  • compute.licenseCodes.list
  • compute.licenseCodes.setIamPolicy
  • compute.licenseCodes.update

compute.licenses.*

  • compute.licenses.create
  • compute.licenses.delete
  • compute.licenses.get
  • compute.licenses.getIamPolicy
  • compute.licenses.list
  • compute.licenses.setIamPolicy
  • compute.licenses.update

compute.machineImages.*

  • compute.machineImages.create
  • compute.machineImages.delete
  • compute.machineImages.get
  • compute.machineImages.getIamPolicy
  • compute.machineImages.list
  • compute.machineImages.setIamPolicy
  • compute.machineImages.setLabels
  • compute.machineImages.useReadOnly

compute.machineTypes.*

  • compute.machineTypes.get
  • compute.machineTypes.list

compute.multiMig.*

  • compute.multiMig.create
  • compute.multiMig.delete
  • compute.multiMig.get
  • compute.multiMig.list

compute.networkAttachments.*

  • compute.networkAttachments.create
  • compute.networkAttachments.createTagBinding
  • compute.networkAttachments.delete
  • compute.networkAttachments.deleteTagBinding
  • compute.networkAttachments.get
  • compute.networkAttachments.getIamPolicy
  • compute.networkAttachments.list
  • compute.networkAttachments.listEffectiveTags
  • compute.networkAttachments.listTagBindings
  • compute.networkAttachments.setIamPolicy
  • compute.networkAttachments.update
  • compute.networkAttachments.use

compute.networkEndpointGroups.*

  • compute.networkEndpointGroups.attachNetworkEndpoints
  • compute.networkEndpointGroups.create
  • compute.networkEndpointGroups.createTagBinding
  • compute.networkEndpointGroups.delete
  • compute.networkEndpointGroups.deleteTagBinding
  • compute.networkEndpointGroups.detachNetworkEndpoints
  • compute.networkEndpointGroups.get
  • compute.networkEndpointGroups.list
  • compute.networkEndpointGroups.listEffectiveTags
  • compute.networkEndpointGroups.listTagBindings
  • compute.networkEndpointGroups.use

compute.networkProfiles.*

  • compute.networkProfiles.get
  • compute.networkProfiles.list

compute.networks.*

  • compute.networks.access
  • compute.networks.addPeering
  • compute.networks.create
  • compute.networks.createTagBinding
  • compute.networks.delete
  • compute.networks.deleteTagBinding
  • compute.networks.get
  • compute.networks.getEffectiveFirewalls
  • compute.networks.getRegionEffectiveFirewalls
  • compute.networks.list
  • compute.networks.listEffectiveTags
  • compute.networks.listPeeringRoutes
  • compute.networks.listTagBindings
  • compute.networks.mirror
  • compute.networks.removePeering
  • compute.networks.setFirewallPolicy
  • compute.networks.switchToCustomMode
  • compute.networks.update
  • compute.networks.updatePeering
  • compute.networks.updatePolicy
  • compute.networks.use
  • compute.networks.useExternalIp

compute.packetMirrorings.get

compute.packetMirrorings.list

compute.packetMirrorings.listEffectiveTags

compute.packetMirrorings.listTagBindings

compute.projects.get

compute.publicDelegatedPrefixes.delete

compute.publicDelegatedPrefixes.get

compute.publicDelegatedPrefixes.list

compute.publicDelegatedPrefixes.listEffectiveTags

compute.publicDelegatedPrefixes.listTagBindings

compute.publicDelegatedPrefixes.update

compute.publicDelegatedPrefixes.updatePolicy

compute.regionBackendServices.*

  • compute.regionBackendServices.create
  • compute.regionBackendServices.createTagBinding
  • compute.regionBackendServices.delete
  • compute.regionBackendServices.deleteTagBinding
  • compute.regionBackendServices.get
  • compute.regionBackendServices.getIamPolicy
  • compute.regionBackendServices.list
  • compute.regionBackendServices.listEffectiveTags
  • compute.regionBackendServices.listTagBindings
  • compute.regionBackendServices.setIamPolicy
  • compute.regionBackendServices.setSecurityPolicy
  • compute.regionBackendServices.update
  • compute.regionBackendServices.use

compute.regionFirewallPolicies.get

compute.regionFirewallPolicies.list

compute.regionFirewallPolicies.listEffectiveTags

compute.regionFirewallPolicies.listTagBindings

compute.regionFirewallPolicies.use

compute.regionHealthCheckServices.*

  • compute.regionHealthCheckServices.create
  • compute.regionHealthCheckServices.delete
  • compute.regionHealthCheckServices.get
  • compute.regionHealthCheckServices.list
  • compute.regionHealthCheckServices.update
  • compute.regionHealthCheckServices.use

compute.regionHealthChecks.*

  • compute.regionHealthChecks.create
  • compute.regionHealthChecks.createTagBinding
  • compute.regionHealthChecks.delete
  • compute.regionHealthChecks.deleteTagBinding
  • compute.regionHealthChecks.get
  • compute.regionHealthChecks.list
  • compute.regionHealthChecks.listEffectiveTags
  • compute.regionHealthChecks.listTagBindings
  • compute.regionHealthChecks.update
  • compute.regionHealthChecks.use
  • compute.regionHealthChecks.useReadOnly

compute.regionNetworkEndpointGroups.*

  • compute.regionNetworkEndpointGroups.attachNetworkEndpoints
  • compute.regionNetworkEndpointGroups.create
  • compute.regionNetworkEndpointGroups.createTagBinding
  • compute.regionNetworkEndpointGroups.delete
  • compute.regionNetworkEndpointGroups.deleteTagBinding
  • compute.regionNetworkEndpointGroups.detachNetworkEndpoints
  • compute.regionNetworkEndpointGroups.get
  • compute.regionNetworkEndpointGroups.list
  • compute.regionNetworkEndpointGroups.listEffectiveTags
  • compute.regionNetworkEndpointGroups.listTagBindings
  • compute.regionNetworkEndpointGroups.use

compute.regionNotificationEndpoints.*

  • compute.regionNotificationEndpoints.create
  • compute.regionNotificationEndpoints.delete
  • compute.regionNotificationEndpoints.get
  • compute.regionNotificationEndpoints.list
  • compute.regionNotificationEndpoints.update
  • compute.regionNotificationEndpoints.use

compute.regionOperations.get

compute.regionOperations.list

compute.regionSecurityPolicies.get

compute.regionSecurityPolicies.list

compute.regionSecurityPolicies.listEffectiveTags

compute.regionSecurityPolicies.listTagBindings

compute.regionSecurityPolicies.use

compute.regionSslCertificates.get

compute.regionSslCertificates.list

compute.regionSslCertificates.listEffectiveTags

compute.regionSslCertificates.listTagBindings

compute.regionSslPolicies.*

  • compute.regionSslPolicies.create
  • compute.regionSslPolicies.createTagBinding
  • compute.regionSslPolicies.delete
  • compute.regionSslPolicies.deleteTagBinding
  • compute.regionSslPolicies.get
  • compute.regionSslPolicies.list
  • compute.regionSslPolicies.listAvailableFeatures
  • compute.regionSslPolicies.listEffectiveTags
  • compute.regionSslPolicies.listTagBindings
  • compute.regionSslPolicies.update
  • compute.regionSslPolicies.use

compute.regionTargetHttpProxies.*

  • compute.regionTargetHttpProxies.create
  • compute.regionTargetHttpProxies.createTagBinding
  • compute.regionTargetHttpProxies.delete
  • compute.regionTargetHttpProxies.deleteTagBinding
  • compute.regionTargetHttpProxies.get
  • compute.regionTargetHttpProxies.list
  • compute.regionTargetHttpProxies.listEffectiveTags
  • compute.regionTargetHttpProxies.listTagBindings
  • compute.regionTargetHttpProxies.setUrlMap
  • compute.regionTargetHttpProxies.use

compute.regionTargetHttpsProxies.*

  • compute.regionTargetHttpsProxies.create
  • compute.regionTargetHttpsProxies.createTagBinding
  • compute.regionTargetHttpsProxies.delete
  • compute.regionTargetHttpsProxies.deleteTagBinding
  • compute.regionTargetHttpsProxies.get
  • compute.regionTargetHttpsProxies.list
  • compute.regionTargetHttpsProxies.listEffectiveTags
  • compute.regionTargetHttpsProxies.listTagBindings
  • compute.regionTargetHttpsProxies.setSslCertificates
  • compute.regionTargetHttpsProxies.setUrlMap
  • compute.regionTargetHttpsProxies.update
  • compute.regionTargetHttpsProxies.use

compute.regionTargetTcpProxies.*

  • compute.regionTargetTcpProxies.create
  • compute.regionTargetTcpProxies.createTagBinding
  • compute.regionTargetTcpProxies.delete
  • compute.regionTargetTcpProxies.deleteTagBinding
  • compute.regionTargetTcpProxies.get
  • compute.regionTargetTcpProxies.list
  • compute.regionTargetTcpProxies.listEffectiveTags
  • compute.regionTargetTcpProxies.listTagBindings
  • compute.regionTargetTcpProxies.use

compute.regionUrlMaps.*

  • compute.regionUrlMaps.create
  • compute.regionUrlMaps.createTagBinding
  • compute.regionUrlMaps.delete
  • compute.regionUrlMaps.deleteTagBinding
  • compute.regionUrlMaps.get
  • compute.regionUrlMaps.invalidateCache
  • compute.regionUrlMaps.list
  • compute.regionUrlMaps.listEffectiveTags
  • compute.regionUrlMaps.listTagBindings
  • compute.regionUrlMaps.update
  • compute.regionUrlMaps.use
  • compute.regionUrlMaps.validate

compute.regions.*

  • compute.regions.get
  • compute.regions.list

compute.reservationBlocks.get

compute.reservationBlocks.list

compute.reservations.get

compute.reservations.list

compute.resourcePolicies.*

  • compute.resourcePolicies.create
  • compute.resourcePolicies.delete
  • compute.resourcePolicies.get
  • compute.resourcePolicies.getIamPolicy
  • compute.resourcePolicies.list
  • compute.resourcePolicies.setIamPolicy
  • compute.resourcePolicies.update
  • compute.resourcePolicies.use
  • compute.resourcePolicies.useReadOnly

compute.routers.*

  • compute.routers.create
  • compute.routers.createTagBinding
  • compute.routers.delete
  • compute.routers.deleteRoutePolicy
  • compute.routers.deleteTagBinding
  • compute.routers.get
  • compute.routers.getRoutePolicy
  • compute.routers.list
  • compute.routers.listBgpRoutes
  • compute.routers.listEffectiveTags
  • compute.routers.listRoutePolicies
  • compute.routers.listTagBindings
  • compute.routers.update
  • compute.routers.updateRoutePolicy
  • compute.routers.use

compute.routes.*

  • compute.routes.create
  • compute.routes.createTagBinding
  • compute.routes.delete
  • compute.routes.deleteTagBinding
  • compute.routes.get
  • compute.routes.list
  • compute.routes.listEffectiveTags
  • compute.routes.listTagBindings

compute.securityPolicies.get

compute.securityPolicies.list

compute.securityPolicies.listEffectiveTags

compute.securityPolicies.listTagBindings

compute.securityPolicies.use

compute.serviceAttachments.*

  • compute.serviceAttachments.create
  • compute.serviceAttachments.createTagBinding
  • compute.serviceAttachments.delete
  • compute.serviceAttachments.deleteTagBinding
  • compute.serviceAttachments.get
  • compute.serviceAttachments.getIamPolicy
  • compute.serviceAttachments.list
  • compute.serviceAttachments.listEffectiveTags
  • compute.serviceAttachments.listTagBindings
  • compute.serviceAttachments.setIamPolicy
  • compute.serviceAttachments.update
  • compute.serviceAttachments.use

compute.snapshots.*

  • compute.snapshots.create
  • compute.snapshots.createTagBinding
  • compute.snapshots.delete
  • compute.snapshots.deleteTagBinding
  • compute.snapshots.get
  • compute.snapshots.getIamPolicy
  • compute.snapshots.list
  • compute.snapshots.listEffectiveTags
  • compute.snapshots.listTagBindings
  • compute.snapshots.setIamPolicy
  • compute.snapshots.setLabels
  • compute.snapshots.useReadOnly

compute.sslCertificates.get

compute.sslCertificates.list

compute.sslCertificates.listEffectiveTags

compute.sslCertificates.listTagBindings

compute.sslPolicies.*

  • compute.sslPolicies.create
  • compute.sslPolicies.createTagBinding
  • compute.sslPolicies.delete
  • compute.sslPolicies.deleteTagBinding
  • compute.sslPolicies.get
  • compute.sslPolicies.list
  • compute.sslPolicies.listAvailableFeatures
  • compute.sslPolicies.listEffectiveTags
  • compute.sslPolicies.listTagBindings
  • compute.sslPolicies.update
  • compute.sslPolicies.use

compute.storagePools.*

  • compute.storagePools.create
  • compute.storagePools.delete
  • compute.storagePools.get
  • compute.storagePools.getIamPolicy
  • compute.storagePools.list
  • compute.storagePools.setIamPolicy
  • compute.storagePools.update
  • compute.storagePools.use

compute.subnetworks.*

  • compute.subnetworks.create
  • compute.subnetworks.createTagBinding
  • compute.subnetworks.delete
  • compute.subnetworks.deleteTagBinding
  • compute.subnetworks.expandIpCidrRange
  • compute.subnetworks.get
  • compute.subnetworks.getIamPolicy
  • compute.subnetworks.list
  • compute.subnetworks.listEffectiveTags
  • compute.subnetworks.listTagBindings
  • compute.subnetworks.mirror
  • compute.subnetworks.setIamPolicy
  • compute.subnetworks.setPrivateIpGoogleAccess
  • compute.subnetworks.update
  • compute.subnetworks.use
  • compute.subnetworks.useExternalIp
  • compute.subnetworks.usePeerMigration

compute.targetGrpcProxies.*

  • compute.targetGrpcProxies.create
  • compute.targetGrpcProxies.createTagBinding
  • compute.targetGrpcProxies.delete
  • compute.targetGrpcProxies.deleteTagBinding
  • compute.targetGrpcProxies.get
  • compute.targetGrpcProxies.list
  • compute.targetGrpcProxies.listEffectiveTags
  • compute.targetGrpcProxies.listTagBindings
  • compute.targetGrpcProxies.update
  • compute.targetGrpcProxies.use

compute.targetHttpProxies.*

  • compute.targetHttpProxies.create
  • compute.targetHttpProxies.createTagBinding
  • compute.targetHttpProxies.delete
  • compute.targetHttpProxies.deleteTagBinding
  • compute.targetHttpProxies.get
  • compute.targetHttpProxies.list
  • compute.targetHttpProxies.listEffectiveTags
  • compute.targetHttpProxies.listTagBindings
  • compute.targetHttpProxies.setUrlMap
  • compute.targetHttpProxies.update
  • compute.targetHttpProxies.use

compute.targetHttpsProxies.*

  • compute.targetHttpsProxies.create
  • compute.targetHttpsProxies.createTagBinding
  • compute.targetHttpsProxies.delete
  • compute.targetHttpsProxies.deleteTagBinding
  • compute.targetHttpsProxies.get
  • compute.targetHttpsProxies.list
  • compute.targetHttpsProxies.listEffectiveTags
  • compute.targetHttpsProxies.listTagBindings
  • compute.targetHttpsProxies.setCertificateMap
  • compute.targetHttpsProxies.setQuicOverride
  • compute.targetHttpsProxies.setSslCertificates
  • compute.targetHttpsProxies.setSslPolicy
  • compute.targetHttpsProxies.setUrlMap
  • compute.targetHttpsProxies.update
  • compute.targetHttpsProxies.use

compute.targetInstances.*

  • compute.targetInstances.create
  • compute.targetInstances.createTagBinding
  • compute.targetInstances.delete
  • compute.targetInstances.deleteTagBinding
  • compute.targetInstances.get
  • compute.targetInstances.list
  • compute.targetInstances.listEffectiveTags
  • compute.targetInstances.listTagBindings
  • compute.targetInstances.setSecurityPolicy
  • compute.targetInstances.use

compute.targetPools.*

  • compute.targetPools.addHealthCheck
  • compute.targetPools.addInstance
  • compute.targetPools.create
  • compute.targetPools.createTagBinding
  • compute.targetPools.delete
  • compute.targetPools.deleteTagBinding
  • compute.targetPools.get
  • compute.targetPools.list
  • compute.targetPools.listEffectiveTags
  • compute.targetPools.listTagBindings
  • compute.targetPools.removeHealthCheck
  • compute.targetPools.removeInstance
  • compute.targetPools.setSecurityPolicy
  • compute.targetPools.update
  • compute.targetPools.use

compute.targetSslProxies.*

  • compute.targetSslProxies.create
  • compute.targetSslProxies.createTagBinding
  • compute.targetSslProxies.delete
  • compute.targetSslProxies.deleteTagBinding
  • compute.targetSslProxies.get
  • compute.targetSslProxies.list
  • compute.targetSslProxies.listEffectiveTags
  • compute.targetSslProxies.listTagBindings
  • compute.targetSslProxies.setBackendService
  • compute.targetSslProxies.setCertificateMap
  • compute.targetSslProxies.setProxyHeader
  • compute.targetSslProxies.setSslCertificates
  • compute.targetSslProxies.setSslPolicy
  • compute.targetSslProxies.update
  • compute.targetSslProxies.use

compute.targetTcpProxies.*

  • compute.targetTcpProxies.create
  • compute.targetTcpProxies.createTagBinding
  • compute.targetTcpProxies.delete
  • compute.targetTcpProxies.deleteTagBinding
  • compute.targetTcpProxies.get
  • compute.targetTcpProxies.list
  • compute.targetTcpProxies.listEffectiveTags
  • compute.targetTcpProxies.listTagBindings
  • compute.targetTcpProxies.update
  • compute.targetTcpProxies.use

compute.targetVpnGateways.*

  • compute.targetVpnGateways.create
  • compute.targetVpnGateways.createTagBinding
  • compute.targetVpnGateways.delete
  • compute.targetVpnGateways.deleteTagBinding
  • compute.targetVpnGateways.get
  • compute.targetVpnGateways.list
  • compute.targetVpnGateways.listEffectiveTags
  • compute.targetVpnGateways.listTagBindings
  • compute.targetVpnGateways.setLabels
  • compute.targetVpnGateways.use

compute.urlMaps.*

  • compute.urlMaps.create
  • compute.urlMaps.createTagBinding
  • compute.urlMaps.delete
  • compute.urlMaps.deleteTagBinding
  • compute.urlMaps.get
  • compute.urlMaps.invalidateCache
  • compute.urlMaps.list
  • compute.urlMaps.listEffectiveTags
  • compute.urlMaps.listTagBindings
  • compute.urlMaps.update
  • compute.urlMaps.use
  • compute.urlMaps.validate

compute.vpnGateways.*

  • compute.vpnGateways.create
  • compute.vpnGateways.createTagBinding
  • compute.vpnGateways.delete
  • compute.vpnGateways.deleteTagBinding
  • compute.vpnGateways.get
  • compute.vpnGateways.list
  • compute.vpnGateways.listEffectiveTags
  • compute.vpnGateways.listTagBindings
  • compute.vpnGateways.setLabels
  • compute.vpnGateways.use

compute.vpnTunnels.*

  • compute.vpnTunnels.create
  • compute.vpnTunnels.createTagBinding
  • compute.vpnTunnels.delete
  • compute.vpnTunnels.deleteTagBinding
  • compute.vpnTunnels.get
  • compute.vpnTunnels.list
  • compute.vpnTunnels.listEffectiveTags
  • compute.vpnTunnels.listTagBindings
  • compute.vpnTunnels.setLabels

compute.wireGroups.*

  • compute.wireGroups.create
  • compute.wireGroups.delete
  • compute.wireGroups.get
  • compute.wireGroups.list
  • compute.wireGroups.update

compute.zoneOperations.get

compute.zoneOperations.list

compute.zones.*

  • compute.zones.get
  • compute.zones.list

dataflow.jobs.*

  • dataflow.jobs.cancel
  • dataflow.jobs.create
  • dataflow.jobs.get
  • dataflow.jobs.list
  • dataflow.jobs.snapshot
  • dataflow.jobs.updateContents

dataflow.messages.list

dataflow.metrics.get

dataflow.snapshots.*

  • dataflow.snapshots.delete
  • dataflow.snapshots.get
  • dataflow.snapshots.list

dataform.*

  • dataform.commentThreads.create
  • dataform.commentThreads.delete
  • dataform.commentThreads.get
  • dataform.commentThreads.list
  • dataform.commentThreads.update
  • dataform.comments.create
  • dataform.comments.delete
  • dataform.comments.get
  • dataform.comments.list
  • dataform.comments.update
  • dataform.compilationResults.create
  • dataform.compilationResults.get
  • dataform.compilationResults.list
  • dataform.compilationResults.query
  • dataform.config.get
  • dataform.config.update
  • dataform.locations.get
  • dataform.locations.list
  • dataform.releaseConfigs.create
  • dataform.releaseConfigs.delete
  • dataform.releaseConfigs.get
  • dataform.releaseConfigs.list
  • dataform.releaseConfigs.update
  • dataform.repositories.commit
  • dataform.repositories.computeAccessTokenStatus
  • dataform.repositories.create
  • dataform.repositories.delete
  • dataform.repositories.fetchHistory
  • dataform.repositories.fetchRemoteBranches
  • dataform.repositories.get
  • dataform.repositories.getIamPolicy
  • dataform.repositories.list
  • dataform.repositories.queryDirectoryContents
  • dataform.repositories.readFile
  • dataform.repositories.setIamPolicy
  • dataform.repositories.update
  • dataform.workflowConfigs.create
  • dataform.workflowConfigs.delete
  • dataform.workflowConfigs.get
  • dataform.workflowConfigs.list
  • dataform.workflowConfigs.update
  • dataform.workflowInvocations.cancel
  • dataform.workflowInvocations.create
  • dataform.workflowInvocations.delete
  • dataform.workflowInvocations.get
  • dataform.workflowInvocations.list
  • dataform.workflowInvocations.query
  • dataform.workspaces.commit
  • dataform.workspaces.create
  • dataform.workspaces.delete
  • dataform.workspaces.fetchFileDiff
  • dataform.workspaces.fetchFileGitStatuses
  • dataform.workspaces.fetchGitAheadBehind
  • dataform.workspaces.get
  • dataform.workspaces.getIamPolicy
  • dataform.workspaces.installNpmPackages
  • dataform.workspaces.list
  • dataform.workspaces.makeDirectory
  • dataform.workspaces.moveDirectory
  • dataform.workspaces.moveFile
  • dataform.workspaces.pull
  • dataform.workspaces.push
  • dataform.workspaces.queryDirectoryContents
  • dataform.workspaces.readFile
  • dataform.workspaces.removeDirectory
  • dataform.workspaces.removeFile
  • dataform.workspaces.reset
  • dataform.workspaces.searchFiles
  • dataform.workspaces.setIamPolicy
  • dataform.workspaces.writeFile

dataplex.projects.search

dns.networks.targetWithPeeringZone

firebase.projects.get

iam.serviceAccounts.actAs

iam.serviceAccounts.get

iam.serviceAccounts.getAccessToken

iam.serviceAccounts.implicitDelegation

iam.serviceAccounts.list

iam.serviceAccounts.signBlob

iam.serviceAccounts.signJwt

logging.buckets.create

logging.buckets.createTagBinding

logging.buckets.delete

logging.buckets.deleteTagBinding

logging.buckets.get

logging.buckets.list

logging.buckets.listEffectiveTags

logging.buckets.listTagBindings

logging.buckets.undelete

logging.buckets.update

logging.exclusions.*

  • logging.exclusions.create
  • logging.exclusions.delete
  • logging.exclusions.get
  • logging.exclusions.list
  • logging.exclusions.update

logging.links.*

  • logging.links.create
  • logging.links.delete
  • logging.links.get
  • logging.links.list

logging.locations.*

  • logging.locations.get
  • logging.locations.list

logging.logEntries.create

logging.logEntries.route

logging.logMetrics.*

  • logging.logMetrics.create
  • logging.logMetrics.delete
  • logging.logMetrics.get
  • logging.logMetrics.list
  • logging.logMetrics.update

logging.logScopes.*

  • logging.logScopes.create
  • logging.logScopes.delete
  • logging.logScopes.get
  • logging.logScopes.list
  • logging.logScopes.update

logging.logServiceIndexes.list

logging.logServices.list

logging.logs.list

logging.notificationRules.*

  • logging.notificationRules.create
  • logging.notificationRules.delete
  • logging.notificationRules.get
  • logging.notificationRules.list
  • logging.notificationRules.update

logging.operations.*

  • logging.operations.cancel
  • logging.operations.get
  • logging.operations.list

logging.settings.*

  • logging.settings.get
  • logging.settings.update

logging.sinks.*

  • logging.sinks.create
  • logging.sinks.delete
  • logging.sinks.get
  • logging.sinks.list
  • logging.sinks.update

logging.sqlAlerts.*

  • logging.sqlAlerts.create
  • logging.sqlAlerts.update

logging.views.create

logging.views.delete

logging.views.get

logging.views.getIamPolicy

logging.views.list

logging.views.update

monitoring.alertPolicies.get

monitoring.alertPolicies.list

monitoring.alertPolicies.listEffectiveTags

monitoring.alertPolicies.listTagBindings

monitoring.dashboards.get

monitoring.dashboards.list

monitoring.groups.get

monitoring.groups.list

monitoring.metricDescriptors.create

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

  • monitoring.monitoredResourceDescriptors.get
  • monitoring.monitoredResourceDescriptors.list

monitoring.notificationChannelDescriptors.*

  • monitoring.notificationChannelDescriptors.get
  • monitoring.notificationChannelDescriptors.list

monitoring.notificationChannels.get

monitoring.notificationChannels.list

monitoring.services.get

monitoring.services.list

monitoring.slos.get

monitoring.slos.list

monitoring.snoozes.get

monitoring.snoozes.list

monitoring.timeSeries.*

  • monitoring.timeSeries.create
  • monitoring.timeSeries.list

monitoring.uptimeCheckConfigs.get

monitoring.uptimeCheckConfigs.list

networkconnectivity.internalRanges.*

  • networkconnectivity.internalRanges.create
  • networkconnectivity.internalRanges.delete
  • networkconnectivity.internalRanges.get
  • networkconnectivity.internalRanges.getIamPolicy
  • networkconnectivity.internalRanges.list
  • networkconnectivity.internalRanges.setIamPolicy
  • networkconnectivity.internalRanges.update

networkconnectivity.locations.*

  • networkconnectivity.locations.get
  • networkconnectivity.locations.list

networkconnectivity.operations.*

  • networkconnectivity.operations.cancel
  • networkconnectivity.operations.delete
  • networkconnectivity.operations.get
  • networkconnectivity.operations.list

networkconnectivity.policyBasedRoutes.*

  • networkconnectivity.policyBasedRoutes.create
  • networkconnectivity.policyBasedRoutes.delete
  • networkconnectivity.policyBasedRoutes.get
  • networkconnectivity.policyBasedRoutes.getIamPolicy
  • networkconnectivity.policyBasedRoutes.list
  • networkconnectivity.policyBasedRoutes.setIamPolicy

networkconnectivity.regionalEndpoints.*

  • networkconnectivity.regionalEndpoints.create
  • networkconnectivity.regionalEndpoints.delete
  • networkconnectivity.regionalEndpoints.get
  • networkconnectivity.regionalEndpoints.list

networkconnectivity.serviceClasses.*

  • networkconnectivity.serviceClasses.create
  • networkconnectivity.serviceClasses.delete
  • networkconnectivity.serviceClasses.get
  • networkconnectivity.serviceClasses.list
  • networkconnectivity.serviceClasses.update
  • networkconnectivity.serviceClasses.use

networkconnectivity.serviceConnectionMaps.*

  • networkconnectivity.serviceConnectionMaps.create
  • networkconnectivity.serviceConnectionMaps.delete
  • networkconnectivity.serviceConnectionMaps.get
  • networkconnectivity.serviceConnectionMaps.list
  • networkconnectivity.serviceConnectionMaps.update

networkconnectivity.serviceConnectionPolicies.*

  • networkconnectivity.serviceConnectionPolicies.create
  • networkconnectivity.serviceConnectionPolicies.delete
  • networkconnectivity.serviceConnectionPolicies.get
  • networkconnectivity.serviceConnectionPolicies.list
  • networkconnectivity.serviceConnectionPolicies.update

networkmanagement.connectivitytests.get

networkmanagement.connectivitytests.list

networksecurity.addressGroups.*

  • networksecurity.addressGroups.create
  • networksecurity.addressGroups.delete
  • networksecurity.addressGroups.get
  • networksecurity.addressGroups.getIamPolicy
  • networksecurity.addressGroups.list
  • networksecurity.addressGroups.setIamPolicy
  • networksecurity.addressGroups.update
  • networksecurity.addressGroups.use

networksecurity.authorizationPolicies.*

  • networksecurity.authorizationPolicies.create
  • networksecurity.authorizationPolicies.delete
  • networksecurity.authorizationPolicies.get
  • networksecurity.authorizationPolicies.getIamPolicy
  • networksecurity.authorizationPolicies.list
  • networksecurity.authorizationPolicies.setIamPolicy
  • networksecurity.authorizationPolicies.update
  • networksecurity.authorizationPolicies.use

networksecurity.authzPolicies.*

  • networksecurity.authzPolicies.create
  • networksecurity.authzPolicies.delete
  • networksecurity.authzPolicies.get
  • networksecurity.authzPolicies.getIamPolicy
  • networksecurity.authzPolicies.list
  • networksecurity.authzPolicies.setIamPolicy
  • networksecurity.authzPolicies.update

networksecurity.clientTlsPolicies.*

  • networksecurity.clientTlsPolicies.create
  • networksecurity.clientTlsPolicies.delete
  • networksecurity.clientTlsPolicies.get
  • networksecurity.clientTlsPolicies.getIamPolicy
  • networksecurity.clientTlsPolicies.list
  • networksecurity.clientTlsPolicies.setIamPolicy
  • networksecurity.clientTlsPolicies.update
  • networksecurity.clientTlsPolicies.use

networksecurity.firewallEndpointAssociations.*

  • networksecurity.firewallEndpointAssociations.create
  • networksecurity.firewallEndpointAssociations.delete
  • networksecurity.firewallEndpointAssociations.get
  • networksecurity.firewallEndpointAssociations.list
  • networksecurity.firewallEndpointAssociations.update

networksecurity.firewallEndpoints.*

  • networksecurity.firewallEndpoints.create
  • networksecurity.firewallEndpoints.delete
  • networksecurity.firewallEndpoints.get
  • networksecurity.firewallEndpoints.list
  • networksecurity.firewallEndpoints.update
  • networksecurity.firewallEndpoints.use

networksecurity.gatewaySecurityPolicies.*

  • networksecurity.gatewaySecurityPolicies.create
  • networksecurity.gatewaySecurityPolicies.delete
  • networksecurity.gatewaySecurityPolicies.get
  • networksecurity.gatewaySecurityPolicies.list
  • networksecurity.gatewaySecurityPolicies.update
  • networksecurity.gatewaySecurityPolicies.use

networksecurity.gatewaySecurityPolicyRules.*

  • networksecurity.gatewaySecurityPolicyRules.create
  • networksecurity.gatewaySecurityPolicyRules.delete
  • networksecurity.gatewaySecurityPolicyRules.get
  • networksecurity.gatewaySecurityPolicyRules.list
  • networksecurity.gatewaySecurityPolicyRules.update
  • networksecurity.gatewaySecurityPolicyRules.use

networksecurity.locations.*

  • networksecurity.locations.get
  • networksecurity.locations.list

networksecurity.operations.*

  • networksecurity.operations.cancel
  • networksecurity.operations.delete
  • networksecurity.operations.get
  • networksecurity.operations.list

networksecurity.sacAttachments.*

  • networksecurity.sacAttachments.create
  • networksecurity.sacAttachments.delete
  • networksecurity.sacAttachments.get
  • networksecurity.sacAttachments.list

networksecurity.sacRealms.*

  • networksecurity.sacRealms.create
  • networksecurity.sacRealms.delete
  • networksecurity.sacRealms.get
  • networksecurity.sacRealms.list

networksecurity.securityProfileGroups.*

  • networksecurity.securityProfileGroups.create
  • networksecurity.securityProfileGroups.delete
  • networksecurity.securityProfileGroups.get
  • networksecurity.securityProfileGroups.list
  • networksecurity.securityProfileGroups.update
  • networksecurity.securityProfileGroups.use

networksecurity.securityProfiles.*

  • networksecurity.securityProfiles.create
  • networksecurity.securityProfiles.delete
  • networksecurity.securityProfiles.get
  • networksecurity.securityProfiles.list
  • networksecurity.securityProfiles.update
  • networksecurity.securityProfiles.use

networksecurity.serverTlsPolicies.*

  • networksecurity.serverTlsPolicies.create
  • networksecurity.serverTlsPolicies.delete
  • networksecurity.serverTlsPolicies.get
  • networksecurity.serverTlsPolicies.getIamPolicy
  • networksecurity.serverTlsPolicies.list
  • networksecurity.serverTlsPolicies.setIamPolicy
  • networksecurity.serverTlsPolicies.update
  • networksecurity.serverTlsPolicies.use

networksecurity.tlsInspectionPolicies.*

  • networksecurity.tlsInspectionPolicies.create
  • networksecurity.tlsInspectionPolicies.delete
  • networksecurity.tlsInspectionPolicies.get
  • networksecurity.tlsInspectionPolicies.list
  • networksecurity.tlsInspectionPolicies.update
  • networksecurity.tlsInspectionPolicies.use

networksecurity.urlLists.*

  • networksecurity.urlLists.create
  • networksecurity.urlLists.delete
  • networksecurity.urlLists.get
  • networksecurity.urlLists.list
  • networksecurity.urlLists.update
  • networksecurity.urlLists.use

networkservices.*

  • networkservices.authzExtensions.create
  • networkservices.authzExtensions.delete
  • networkservices.authzExtensions.get
  • networkservices.authzExtensions.list
  • networkservices.authzExtensions.update
  • networkservices.authzExtensions.use
  • networkservices.endpointPolicies.create
  • networkservices.endpointPolicies.delete
  • networkservices.endpointPolicies.get
  • networkservices.endpointPolicies.list
  • networkservices.endpointPolicies.update
  • networkservices.gateways.create
  • networkservices.gateways.delete
  • networkservices.gateways.get
  • networkservices.gateways.list
  • networkservices.gateways.update
  • networkservices.gateways.use
  • networkservices.grpcRoutes.create
  • networkservices.grpcRoutes.delete
  • networkservices.grpcRoutes.get
  • networkservices.grpcRoutes.list
  • networkservices.grpcRoutes.update
  • networkservices.httpFilters.create
  • networkservices.httpFilters.delete
  • networkservices.httpFilters.get
  • networkservices.httpFilters.list
  • networkservices.httpFilters.update
  • networkservices.httpRoutes.create
  • networkservices.httpRoutes.delete
  • networkservices.httpRoutes.get
  • networkservices.httpRoutes.list
  • networkservices.httpRoutes.update
  • networkservices.httpfilters.create
  • networkservices.httpfilters.delete
  • networkservices.httpfilters.get
  • networkservices.httpfilters.getIamPolicy
  • networkservices.httpfilters.list
  • networkservices.httpfilters.setIamPolicy
  • networkservices.httpfilters.update
  • networkservices.httpfilters.use
  • networkservices.lbRouteExtensions.create
  • networkservices.lbRouteExtensions.delete
  • networkservices.lbRouteExtensions.get
  • networkservices.lbRouteExtensions.list
  • networkservices.lbRouteExtensions.update
  • networkservices.lbTrafficExtensions.create
  • networkservices.lbTrafficExtensions.delete
  • networkservices.lbTrafficExtensions.get
  • networkservices.lbTrafficExtensions.list
  • networkservices.lbTrafficExtensions.update
  • networkservices.locations.get
  • networkservices.locations.list
  • networkservices.meshes.create
  • networkservices.meshes.delete
  • networkservices.meshes.get
  • networkservices.meshes.list
  • networkservices.meshes.update
  • networkservices.meshes.use
  • networkservices.operations.cancel
  • networkservices.operations.delete
  • networkservices.operations.get
  • networkservices.operations.list
  • networkservices.route_views.get
  • networkservices.route_views.list
  • networkservices.serviceBindings.create
  • networkservices.serviceBindings.delete
  • networkservices.serviceBindings.get
  • networkservices.serviceBindings.list
  • networkservices.serviceBindings.update
  • networkservices.serviceLbPolicies.create
  • networkservices.serviceLbPolicies.delete
  • networkservices.serviceLbPolicies.get
  • networkservices.serviceLbPolicies.list
  • networkservices.serviceLbPolicies.update
  • networkservices.tcpRoutes.create
  • networkservices.tcpRoutes.delete
  • networkservices.tcpRoutes.get
  • networkservices.tcpRoutes.list
  • networkservices.tcpRoutes.update
  • networkservices.tlsRoutes.create
  • networkservices.tlsRoutes.delete
  • networkservices.tlsRoutes.get
  • networkservices.tlsRoutes.list
  • networkservices.tlsRoutes.update
  • networkservices.wasmPlugins.create
  • networkservices.wasmPlugins.delete
  • networkservices.wasmPlugins.get
  • networkservices.wasmPlugins.list
  • networkservices.wasmPlugins.update
  • networkservices.wasmPlugins.use

observability.scopes.get

opsconfigmonitoring.resourceMetadata.list

orgpolicy.policy.get

pubsub.*

  • pubsub.messageTransforms.validate
  • pubsub.schemas.attach
  • pubsub.schemas.commit
  • pubsub.schemas.create
  • pubsub.schemas.delete
  • pubsub.schemas.get
  • pubsub.schemas.getIamPolicy
  • pubsub.schemas.list
  • pubsub.schemas.listRevisions
  • pubsub.schemas.rollback
  • pubsub.schemas.setIamPolicy
  • pubsub.schemas.validate
  • pubsub.snapshots.create
  • pubsub.snapshots.delete
  • pubsub.snapshots.get
  • pubsub.snapshots.getIamPolicy
  • pubsub.snapshots.list
  • pubsub.snapshots.seek
  • pubsub.snapshots.setIamPolicy
  • pubsub.snapshots.update
  • pubsub.subscriptions.consume
  • pubsub.subscriptions.create
  • pubsub.subscriptions.delete
  • pubsub.subscriptions.get
  • pubsub.subscriptions.getIamPolicy
  • pubsub.subscriptions.list
  • pubsub.subscriptions.setIamPolicy
  • pubsub.subscriptions.update
  • pubsub.topics.attachSubscription
  • pubsub.topics.create
  • pubsub.topics.delete
  • pubsub.topics.detachSubscription
  • pubsub.topics.get
  • pubsub.topics.getIamPolicy
  • pubsub.topics.list
  • pubsub.topics.publish
  • pubsub.topics.setIamPolicy
  • pubsub.topics.update
  • pubsub.topics.updateTag

recommender.dataflowDiagnosticsInsights.*

  • recommender.dataflowDiagnosticsInsights.get
  • recommender.dataflowDiagnosticsInsights.list
  • recommender.dataflowDiagnosticsInsights.update

recommender.iamPolicyInsights.*

  • recommender.iamPolicyInsights.get
  • recommender.iamPolicyInsights.list
  • recommender.iamPolicyInsights.update

recommender.iamPolicyRecommendations.*

  • recommender.iamPolicyRecommendations.get
  • recommender.iamPolicyRecommendations.list
  • recommender.iamPolicyRecommendations.update

recommender.storageBucketSoftDeleteInsights.*

  • recommender.storageBucketSoftDeleteInsights.get
  • recommender.storageBucketSoftDeleteInsights.list
  • recommender.storageBucketSoftDeleteInsights.update

recommender.storageBucketSoftDeleteRecommendations.*

  • recommender.storageBucketSoftDeleteRecommendations.get
  • recommender.storageBucketSoftDeleteRecommendations.list
  • recommender.storageBucketSoftDeleteRecommendations.update

resourcemanager.hierarchyNodes.listEffectiveTags

resourcemanager.projects.get

resourcemanager.projects.list

servicedirectory.namespaces.create

servicedirectory.namespaces.delete

servicedirectory.services.create

servicedirectory.services.delete

servicenetworking.operations.get

servicenetworking.services.addPeering

servicenetworking.services.createPeeredDnsDomain

servicenetworking.services.deleteConnection

servicenetworking.services.deletePeeredDnsDomain

servicenetworking.services.disableVpcServiceControls

servicenetworking.services.enableVpcServiceControls

servicenetworking.services.get

servicenetworking.services.listPeeredDnsDomains

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.services.use

stackdriver.projects.get

stackdriver.resourceMetadata.list

storage.anywhereCaches.*

  • storage.anywhereCaches.create
  • storage.anywhereCaches.disable
  • storage.anywhereCaches.get
  • storage.anywhereCaches.list
  • storage.anywhereCaches.pause
  • storage.anywhereCaches.resume
  • storage.anywhereCaches.update

storage.bucketOperations.*

  • storage.bucketOperations.cancel
  • storage.bucketOperations.get
  • storage.bucketOperations.list

storage.buckets.*

  • storage.buckets.create
  • storage.buckets.createTagBinding
  • storage.buckets.delete
  • storage.buckets.deleteTagBinding
  • storage.buckets.enableObjectRetention
  • storage.buckets.get
  • storage.buckets.getIamPolicy
  • storage.buckets.getIpFilter
  • storage.buckets.getObjectInsights
  • storage.buckets.list
  • storage.buckets.listEffectiveTags
  • storage.buckets.listTagBindings
  • storage.buckets.relocate
  • storage.buckets.restore
  • storage.buckets.setIamPolicy
  • storage.buckets.setIpFilter
  • storage.buckets.update

storage.folders.*

  • storage.folders.create
  • storage.folders.delete
  • storage.folders.get
  • storage.folders.list
  • storage.folders.rename

storage.intelligenceConfigs.*

  • storage.intelligenceConfigs.get
  • storage.intelligenceConfigs.update

storage.managedFolders.*

  • storage.managedFolders.create
  • storage.managedFolders.delete
  • storage.managedFolders.get
  • storage.managedFolders.getIamPolicy
  • storage.managedFolders.list
  • storage.managedFolders.setIamPolicy

storage.multipartUploads.*

  • storage.multipartUploads.abort
  • storage.multipartUploads.create
  • storage.multipartUploads.list
  • storage.multipartUploads.listParts

storage.objects.*

  • storage.objects.create
  • storage.objects.delete
  • storage.objects.get
  • storage.objects.getIamPolicy
  • storage.objects.list
  • storage.objects.move
  • storage.objects.overrideUnlockedRetention
  • storage.objects.restore
  • storage.objects.setIamPolicy
  • storage.objects.setRetention
  • storage.objects.update

trafficdirector.*

  • trafficdirector.networks.getConfigs
  • trafficdirector.networks.reportMetrics

(roles/dataflow.viewer)

Provides read-only access to all Dataflow-related resources.

Lowest-level resources where you can grant this role:

  • Project

dataflow.jobs.get

dataflow.jobs.list

dataflow.messages.list

dataflow.metrics.get

dataflow.snapshots.get

dataflow.snapshots.list

recommender.dataflowDiagnosticsInsights.get

recommender.dataflowDiagnosticsInsights.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/dataflow.worker)

Provides the permissions necessary for a Compute Engine service account to execute work units for a Dataflow pipeline.

Lowest-level resources where you can grant this role:

  • Project

autoscaling.sites.readRecommendations

autoscaling.sites.writeMetrics

autoscaling.sites.writeState

compute.instanceGroupManagers.update

compute.instances.delete

compute.instances.setDiskAutoDelete

dataflow.jobs.get

dataflow.shuffle.*

  • dataflow.shuffle.read
  • dataflow.shuffle.write

dataflow.streamingWorkItems.*

  • dataflow.streamingWorkItems.ImportState
  • dataflow.streamingWorkItems.commitWork
  • dataflow.streamingWorkItems.getData
  • dataflow.streamingWorkItems.getWork
  • dataflow.streamingWorkItems.getWorkerMetadata

dataflow.workItems.*

  • dataflow.workItems.lease
  • dataflow.workItems.sendMessage
  • dataflow.workItems.update

logging.logEntries.create

logging.logEntries.route

monitoring.timeSeries.create

storage.buckets.get

storage.objects.create

storage.objects.get

Dataflow Worker 角色 (roles/dataflow.worker) 可为 Compute Engine 服务账号提供运行 Apache Beam 流水线工作单元所需的权限。Dataflow 工作器角色必须分配给能够从 Dataflow 服务请求和更新工作的服务账号。

Dataflow 服务代理角色 (roles/dataflow.serviceAgent) 仅供 Dataflow 服务账号使用。它为服务账号授予对 Google Cloud 项目中托管资源的访问权限,以运行 Dataflow 作业。当您从 Google Cloud Console 中的 API 页面为项目启用 Dataflow API 时,系统会自动将其分配给服务账号。

创建作业

要创建作业,roles/dataflow.admin 角色需具备运行和检查作业所需的一组最低权限。

或者,需要具备以下权限:

角色分配示例

为了说明不同 Dataflow 角色的效用,请考虑以下细分讲解:

分配 Dataflow 角色

目前,Dataflow 角色只能在组织和项目级层设置。

要管理组织级层角色,请参阅使用 IAM 对组织进行访问权限控制

要设置项目级层角色,请参阅授予、更改和撤消对资源的访问权限