IAM으로 액세스 제어

기본적으로 모든 Google Cloud 콘솔 프로젝트에는 원래 프로젝트 생성자인 단일 사용자가 존재합니다. 그 외 다른 사용자에게는 프로젝트에 대한 액세스 권한이 없으므로 사용자를 프로젝트팀 구성원으로 추가할 때까지는 Google Cloud 리소스에도 액세스할 수 없습니다. 이 페이지에서는 새 사용자를 프로젝트에 추가할 수 있는 다양한 방법을 설명합니다.

또한 Deployment Manager가 리소스를 생성하기 위해 사용자를 대신해 다른 Google Cloud API에 인증하는 방법도 설명합니다.

시작하기 전에

사용자 액세스 제어

구성 및 배포를 만들 수 있도록 사용자에게 프로젝트에 대한 액세스 권한을 제공하려면 사용자를 프로젝트팀 구성원으로 추가하고 적절한 Identity and Access Management(IAM) 역할을 부여하세요.

팀 구성원을 추가하는 방법에 대해서는 팀 구성원 추가 관련 문서를 읽어 보세요.

Deployment Manager 역할

Role Permissions

(roles/clouddeploymentmanager.serviceAgent)

Allows Deployment Manager service to actuate resources across DM projects and folders

accesscontextmanager.accessLevels.create

accesscontextmanager.accessLevels.delete

accesscontextmanager.accessLevels.get

accesscontextmanager.accessLevels.update

accesscontextmanager.policies.list

accesscontextmanager.servicePerimeters.create

accesscontextmanager.servicePerimeters.delete

accesscontextmanager.servicePerimeters.get

accesscontextmanager.servicePerimeters.update

appengine.applications.get

appengine.operations.get

appengine.services.update

appengine.versions.create

appengine.versions.delete

appengine.versions.get

appengine.versions.list

artifactregistry.repositories.create

artifactregistry.repositories.delete

artifactregistry.repositories.get

artifactregistry.repositories.update

bigquery.connections.get

bigquery.datasets.create

bigquery.datasets.delete

bigquery.datasets.get

bigquery.datasets.getIamPolicy

bigquery.datasets.update

bigquery.jobs.create

bigquery.routines.create

bigquery.routines.get

bigquery.routines.update

bigquery.tables.create

bigquery.tables.delete

bigquery.tables.get

bigquery.tables.getData

bigquery.tables.setCategory

bigquery.tables.update

bigquery.tables.updateData

bigtable.instances.create

bigtable.instances.delete

bigtable.instances.get

bigtable.instances.update

bigtable.tables.create

bigtable.tables.delete

bigtable.tables.get

bigtable.tables.update

billing.resourceAssociations.create

billing.resourcebudgets.write

cloudbuild.builds.create

cloudbuild.builds.get

cloudfunctions.functions.call

cloudfunctions.functions.create

cloudfunctions.functions.delete

cloudfunctions.functions.get

cloudfunctions.functions.getIamPolicy

cloudfunctions.functions.list

cloudfunctions.functions.update

cloudfunctions.operations.get

cloudprivatecatalog.targets.get

cloudscheduler.jobs.create

cloudscheduler.jobs.delete

cloudscheduler.jobs.get

cloudscheduler.jobs.update

cloudsql.backupRuns.create

cloudsql.databases.*

  • cloudsql.databases.create
  • cloudsql.databases.delete
  • cloudsql.databases.get
  • cloudsql.databases.list
  • cloudsql.databases.update

cloudsql.instances.create

cloudsql.instances.delete

cloudsql.instances.get

cloudsql.instances.import

cloudsql.instances.restart

cloudsql.instances.update

cloudsql.sslCerts.create

cloudsql.sslCerts.delete

cloudsql.sslCerts.get

cloudsql.users.create

cloudsql.users.delete

cloudtasks.queues.create

cloudtasks.queues.delete

cloudtasks.queues.get

compute.addresses.create

compute.addresses.createInternal

compute.addresses.delete

compute.addresses.deleteInternal

compute.addresses.get

compute.addresses.list

compute.addresses.setLabels

compute.addresses.use

compute.addresses.useInternal

compute.autoscalers.create

compute.autoscalers.delete

compute.autoscalers.get

compute.autoscalers.update

compute.backendBuckets.create

compute.backendBuckets.delete

compute.backendBuckets.get

compute.backendBuckets.update

compute.backendBuckets.use

compute.backendServices.create

compute.backendServices.delete

compute.backendServices.get

compute.backendServices.setSecurityPolicy

compute.backendServices.update

compute.backendServices.use

compute.disks.addResourcePolicies

compute.disks.create

compute.disks.delete

compute.disks.get

compute.disks.removeResourcePolicies

compute.disks.resize

compute.disks.setLabels

compute.disks.update

compute.disks.use

compute.disks.useReadOnly

compute.externalVpnGateways.create

compute.externalVpnGateways.delete

compute.externalVpnGateways.get

compute.externalVpnGateways.setLabels

compute.externalVpnGateways.use

compute.firewallPolicies.create

compute.firewallPolicies.delete

compute.firewallPolicies.get

compute.firewalls.create

compute.firewalls.delete

compute.firewalls.get

compute.firewalls.list

compute.firewalls.update

compute.forwardingRules.create

compute.forwardingRules.delete

compute.forwardingRules.get

compute.forwardingRules.pscCreate

compute.forwardingRules.pscSetLabels

compute.forwardingRules.setLabels

compute.forwardingRules.setTarget

compute.forwardingRules.update

compute.forwardingRules.use

compute.globalAddresses.create

compute.globalAddresses.createInternal

compute.globalAddresses.delete

compute.globalAddresses.deleteInternal

compute.globalAddresses.get

compute.globalAddresses.setLabels

compute.globalAddresses.use

compute.globalForwardingRules.create

compute.globalForwardingRules.delete

compute.globalForwardingRules.get

compute.globalForwardingRules.pscCreate

compute.globalForwardingRules.pscDelete

compute.globalForwardingRules.pscSetLabels

compute.globalForwardingRules.setLabels

compute.globalNetworkEndpointGroups.attachNetworkEndpoints

compute.globalNetworkEndpointGroups.create

compute.globalNetworkEndpointGroups.delete

compute.globalNetworkEndpointGroups.get

compute.globalNetworkEndpointGroups.use

compute.globalOperations.get

compute.healthChecks.create

compute.healthChecks.delete

compute.healthChecks.get

compute.healthChecks.update

compute.healthChecks.use

compute.healthChecks.useReadOnly

compute.httpHealthChecks.create

compute.httpHealthChecks.delete

compute.httpHealthChecks.get

compute.httpHealthChecks.update

compute.httpHealthChecks.use

compute.httpHealthChecks.useReadOnly

compute.httpsHealthChecks.create

compute.httpsHealthChecks.delete

compute.httpsHealthChecks.get

compute.httpsHealthChecks.update

compute.httpsHealthChecks.use

compute.httpsHealthChecks.useReadOnly

compute.images.create

compute.images.delete

compute.images.deprecate

compute.images.get

compute.images.setLabels

compute.images.useReadOnly

compute.instanceGroupManagers.create

compute.instanceGroupManagers.delete

compute.instanceGroupManagers.get

compute.instanceGroupManagers.update

compute.instanceGroupManagers.use

compute.instanceGroups.create

compute.instanceGroups.delete

compute.instanceGroups.get

compute.instanceGroups.update

compute.instanceGroups.use

compute.instanceTemplates.create

compute.instanceTemplates.delete

compute.instanceTemplates.get

compute.instanceTemplates.useReadOnly

compute.instances.addAccessConfig

compute.instances.create

compute.instances.delete

compute.instances.deleteAccessConfig

compute.instances.get

compute.instances.listTagBindings

compute.instances.resume

compute.instances.setDeletionProtection

compute.instances.setDiskAutoDelete

compute.instances.setLabels

compute.instances.setMetadata

compute.instances.setServiceAccount

compute.instances.setTags

compute.instances.start

compute.instances.stop

compute.instances.suspend

compute.instances.update

compute.instances.updateDisplayDevice

compute.instances.use

compute.interconnectAttachments.create

compute.interconnectAttachments.delete

compute.interconnectAttachments.get

compute.interconnectAttachments.setLabels

compute.interconnectAttachments.update

compute.interconnects.create

compute.interconnects.delete

compute.interconnects.get

compute.interconnects.setLabels

compute.interconnects.use

compute.machineImages.useReadOnly

compute.machineTypes.get

compute.networkEndpointGroups.attachNetworkEndpoints

compute.networkEndpointGroups.create

compute.networkEndpointGroups.delete

compute.networkEndpointGroups.get

compute.networkEndpointGroups.use

compute.networks.addPeering

compute.networks.create

compute.networks.delete

compute.networks.get

compute.networks.listPeeringRoutes

compute.networks.removePeering

compute.networks.switchToCustomMode

compute.networks.update

compute.networks.updatePolicy

compute.networks.use

compute.networks.useExternalIp

compute.organizations.disableXpnResource

compute.organizations.enableXpnHost

compute.organizations.enableXpnResource

compute.packetMirrorings.create

compute.packetMirrorings.delete

compute.packetMirrorings.get

compute.projects.get

compute.projects.setUsageExportBucket

compute.regionBackendServices.create

compute.regionBackendServices.delete

compute.regionBackendServices.get

compute.regionBackendServices.update

compute.regionBackendServices.use

compute.regionHealthChecks.create

compute.regionHealthChecks.delete

compute.regionHealthChecks.get

compute.regionHealthChecks.update

compute.regionHealthChecks.use

compute.regionHealthChecks.useReadOnly

compute.regionNetworkEndpointGroups.create

compute.regionNetworkEndpointGroups.delete

compute.regionNetworkEndpointGroups.get

compute.regionNetworkEndpointGroups.use

compute.regionOperations.get

compute.regionSslCertificates.create

compute.regionSslCertificates.delete

compute.regionSslCertificates.get

compute.regionTargetHttpProxies.create

compute.regionTargetHttpProxies.delete

compute.regionTargetHttpProxies.get

compute.regionTargetHttpProxies.use

compute.regionTargetHttpsProxies.create

compute.regionTargetHttpsProxies.delete

compute.regionTargetHttpsProxies.get

compute.regionTargetHttpsProxies.use

compute.regionUrlMaps.create

compute.regionUrlMaps.delete

compute.regionUrlMaps.get

compute.regionUrlMaps.use

compute.regions.get

compute.reservations.list

compute.resourcePolicies.create

compute.resourcePolicies.delete

compute.resourcePolicies.get

compute.resourcePolicies.use

compute.routers.create

compute.routers.delete

compute.routers.get

compute.routers.update

compute.routers.use

compute.routes.create

compute.routes.delete

compute.routes.get

compute.securityPolicies.create

compute.securityPolicies.delete

compute.securityPolicies.get

compute.securityPolicies.setLabels

compute.securityPolicies.update

compute.securityPolicies.use

compute.serviceAttachments.create

compute.serviceAttachments.get

compute.snapshots.useReadOnly

compute.sslCertificates.create

compute.sslCertificates.delete

compute.sslCertificates.get

compute.sslPolicies.create

compute.sslPolicies.delete

compute.sslPolicies.get

compute.sslPolicies.use

compute.subnetworks.create

compute.subnetworks.delete

compute.subnetworks.expandIpCidrRange

compute.subnetworks.get

compute.subnetworks.list

compute.subnetworks.mirror

compute.subnetworks.update

compute.subnetworks.use

compute.subnetworks.useExternalIp

compute.targetHttpProxies.create

compute.targetHttpProxies.delete

compute.targetHttpProxies.get

compute.targetHttpProxies.use

compute.targetHttpsProxies.create

compute.targetHttpsProxies.delete

compute.targetHttpsProxies.get

compute.targetHttpsProxies.setSslCertificates

compute.targetHttpsProxies.setSslPolicy

compute.targetHttpsProxies.use

compute.targetInstances.create

compute.targetInstances.delete

compute.targetInstances.get

compute.targetInstances.use

compute.targetPools.addHealthCheck

compute.targetPools.addInstance

compute.targetPools.create

compute.targetPools.delete

compute.targetPools.get

compute.targetPools.removeHealthCheck

compute.targetPools.removeInstance

compute.targetPools.use

compute.targetSslProxies.create

compute.targetSslProxies.delete

compute.targetSslProxies.get

compute.targetSslProxies.setSslCertificates

compute.targetSslProxies.use

compute.targetTcpProxies.create

compute.targetTcpProxies.delete

compute.targetTcpProxies.get

compute.targetTcpProxies.use

compute.targetVpnGateways.create

compute.targetVpnGateways.delete

compute.targetVpnGateways.get

compute.targetVpnGateways.setLabels

compute.targetVpnGateways.use

compute.urlMaps.create

compute.urlMaps.delete

compute.urlMaps.get

compute.urlMaps.update

compute.urlMaps.use

compute.vpnGateways.create

compute.vpnGateways.delete

compute.vpnGateways.get

compute.vpnGateways.setLabels

compute.vpnGateways.use

compute.vpnTunnels.create

compute.vpnTunnels.delete

compute.vpnTunnels.get

compute.vpnTunnels.setLabels

compute.zoneOperations.get

compute.zoneOperations.list

compute.zones.get

container.backendConfigs.create

container.backendConfigs.delete

container.backendConfigs.get

container.clusterRoleBindings.create

container.clusterRoleBindings.delete

container.clusterRoleBindings.get

container.clusterRoles.bind

container.clusterRoles.create

container.clusterRoles.delete

container.clusterRoles.escalate

container.clusterRoles.get

container.clusters.create

container.clusters.delete

container.clusters.get

container.clusters.getCredentials

container.clusters.update

container.configMaps.create

container.configMaps.delete

container.configMaps.get

container.configMaps.update

container.cronJobs.create

container.cronJobs.delete

container.cronJobs.get

container.cronJobs.update

container.daemonSets.create

container.daemonSets.delete

container.daemonSets.get

container.daemonSets.update

container.deployments.create

container.deployments.delete

container.deployments.get

container.deployments.update

container.frontendConfigs.create

container.frontendConfigs.delete

container.frontendConfigs.get

container.horizontalPodAutoscalers.create

container.horizontalPodAutoscalers.delete

container.horizontalPodAutoscalers.get

container.ingresses.create

container.ingresses.delete

container.ingresses.get

container.jobs.create

container.jobs.delete

container.jobs.get

container.managedCertificates.create

container.managedCertificates.delete

container.managedCertificates.get

container.mutatingWebhookConfigurations.delete

container.mutatingWebhookConfigurations.get

container.namespaces.create

container.namespaces.delete

container.namespaces.get

container.networkPolicies.create

container.networkPolicies.delete

container.networkPolicies.get

container.operations.get

container.podDisruptionBudgets.create

container.podDisruptionBudgets.delete

container.podDisruptionBudgets.get

container.podSecurityPolicies.delete

container.podSecurityPolicies.get

container.priorityClasses.create

container.priorityClasses.delete

container.priorityClasses.get

container.replicationControllers.create

container.replicationControllers.delete

container.replicationControllers.get

container.roleBindings.create

container.roleBindings.delete

container.roleBindings.get

container.roles.bind

container.roles.create

container.roles.delete

container.roles.escalate

container.roles.get

container.roles.update

container.secrets.create

container.secrets.delete

container.secrets.get

container.secrets.update

container.serviceAccounts.create

container.serviceAccounts.delete

container.serviceAccounts.get

container.serviceAccounts.update

container.services.create

container.services.delete

container.services.get

container.statefulSets.create

container.statefulSets.delete

container.statefulSets.get

container.statefulSets.update

container.storageClasses.create

container.storageClasses.delete

container.storageClasses.get

container.thirdPartyObjects.create

container.thirdPartyObjects.delete

container.thirdPartyObjects.get

container.thirdPartyObjects.update

container.validatingWebhookConfigurations.delete

container.validatingWebhookConfigurations.get

datacatalog.taxonomies.get

dataproc.autoscalingPolicies.create

dataproc.autoscalingPolicies.delete

dataproc.autoscalingPolicies.get

dataproc.autoscalingPolicies.use

dataproc.clusters.create

dataproc.clusters.delete

dataproc.clusters.get

dataproc.nodeGroups.create

dataproc.operations.get

dataproc.workflowTemplates.create

dataproc.workflowTemplates.delete

dataproc.workflowTemplates.get

deploymentmanager.compositeTypes.get

deploymentmanager.deployments.create

deploymentmanager.deployments.delete

deploymentmanager.deployments.get

deploymentmanager.deployments.update

deploymentmanager.operations.get

deploymentmanager.typeProviders.create

deploymentmanager.typeProviders.delete

deploymentmanager.typeProviders.get

deploymentmanager.typeProviders.update

dns.changes.*

  • dns.changes.create
  • dns.changes.get
  • dns.changes.list

dns.managedZones.create

dns.managedZones.delete

dns.managedZones.get

dns.managedZones.list

dns.managedZones.update

dns.networks.bindPrivateDNSZone

dns.networks.targetWithPeeringZone

dns.policies.delete

dns.policies.get

dns.resourceRecordSets.create

dns.resourceRecordSets.delete

dns.resourceRecordSets.list

dns.resourceRecordSets.update

file.instances.create

file.instances.delete

file.instances.get

file.instances.update

file.operations.get

firebase.projects.get

firebase.projects.update

firebaseanalytics.resources.googleAnalyticsEdit

iam.roles.create

iam.roles.delete

iam.roles.get

iam.roles.list

iam.roles.update

iam.serviceAccountKeys.delete

iam.serviceAccountKeys.get

iam.serviceAccounts.actAs

iam.serviceAccounts.create

iam.serviceAccounts.delete

iam.serviceAccounts.get

iam.serviceAccounts.list

iam.serviceAccounts.update

logging.buckets.update

logging.exclusions.create

logging.exclusions.delete

logging.exclusions.get

logging.exclusions.update

logging.logEntries.create

logging.logMetrics.create

logging.logMetrics.delete

logging.logMetrics.get

logging.logMetrics.update

logging.notificationRules.create

logging.sinks.create

logging.sinks.delete

logging.sinks.get

logging.sinks.update

monitoring.alertPolicies.create

monitoring.alertPolicies.delete

monitoring.alertPolicies.get

monitoring.alertPolicies.list

monitoring.alertPolicies.update

monitoring.dashboards.create

monitoring.dashboards.delete

monitoring.dashboards.get

monitoring.dashboards.update

monitoring.groups.create

monitoring.groups.delete

monitoring.groups.get

monitoring.groups.update

monitoring.metricDescriptors.create

monitoring.metricDescriptors.delete

monitoring.metricDescriptors.get

monitoring.notificationChannels.create

monitoring.notificationChannels.delete

monitoring.notificationChannels.get

monitoring.notificationChannels.update

monitoring.uptimeCheckConfigs.create

monitoring.uptimeCheckConfigs.delete

monitoring.uptimeCheckConfigs.get

monitoring.uptimeCheckConfigs.update

networksecurity.serverTlsPolicies.use

pubsub.schemas.attach

pubsub.subscriptions.create

pubsub.subscriptions.delete

pubsub.subscriptions.get

pubsub.subscriptions.update

pubsub.topics.attachSubscription

pubsub.topics.create

pubsub.topics.delete

pubsub.topics.get

pubsub.topics.getIamPolicy

pubsub.topics.publish

pubsub.topics.update

redis.instances.create

redis.instances.delete

redis.instances.get

redis.instances.update

redis.instances.updateAuth

redis.operations.get

resourcemanager.folders.create

resourcemanager.folders.delete

resourcemanager.folders.get

resourcemanager.folders.getIamPolicy

resourcemanager.folders.list

resourcemanager.folders.update

resourcemanager.organizations.getIamPolicy

resourcemanager.projects.create

resourcemanager.projects.createBillingAssignment

resourcemanager.projects.delete

resourcemanager.projects.deleteBillingAssignment

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

resourcemanager.projects.list

resourcemanager.projects.move

resourcemanager.projects.update

resourcemanager.projects.updateLiens

resourcemanager.tagHolds.create

resourcemanager.tagHolds.delete

resourcemanager.tagValueBindings.*

  • resourcemanager.tagValueBindings.create
  • resourcemanager.tagValueBindings.delete

resourcemanager.tagValues.get

runtimeconfig.configs.create

runtimeconfig.configs.delete

runtimeconfig.configs.get

runtimeconfig.configs.list

runtimeconfig.configs.update

runtimeconfig.variables.create

runtimeconfig.variables.delete

runtimeconfig.variables.get

runtimeconfig.variables.list

runtimeconfig.variables.update

runtimeconfig.waiters.create

runtimeconfig.waiters.delete

runtimeconfig.waiters.get

runtimeconfig.waiters.list

servicedirectory.namespaces.associatePrivateZone

servicedirectory.namespaces.create

servicedirectory.namespaces.delete

servicedirectory.services.create

servicemanagement.services.bind

servicenetworking.operations.get

servicenetworking.services.addPeering

servicenetworking.services.get

serviceusage.services.disable

serviceusage.services.enable

serviceusage.services.get

serviceusage.services.use

source.repos.create

spanner.databaseOperations.get

spanner.databases.create

spanner.databases.drop

spanner.databases.get

spanner.databases.updateDdl

spanner.instanceOperations.get

spanner.instances.create

spanner.instances.delete

spanner.instances.get

spanner.instances.update

storage.buckets.create

storage.buckets.delete

storage.buckets.get

storage.buckets.getIamPolicy

storage.buckets.update

storage.hmacKeys.create

storage.objects.create

storage.objects.delete

storage.objects.get

storage.objects.getIamPolicy

storage.objects.list

vpcaccess.connectors.create

vpcaccess.connectors.delete

vpcaccess.operations.get

workflows.operations.get

workflows.workflows.create

workflows.workflows.delete

workflows.workflows.get

(roles/deploymentmanager.editor)

Provides the permissions necessary to create and manage deployments.

Lowest-level resources where you can grant this role:

  • Project

deploymentmanager.compositeTypes.*

  • deploymentmanager.compositeTypes.create
  • deploymentmanager.compositeTypes.delete
  • deploymentmanager.compositeTypes.get
  • deploymentmanager.compositeTypes.list
  • deploymentmanager.compositeTypes.update

deploymentmanager.deployments.cancelPreview

deploymentmanager.deployments.create

deploymentmanager.deployments.delete

deploymentmanager.deployments.get

deploymentmanager.deployments.list

deploymentmanager.deployments.stop

deploymentmanager.deployments.update

deploymentmanager.manifests.*

  • deploymentmanager.manifests.get
  • deploymentmanager.manifests.list

deploymentmanager.operations.*

  • deploymentmanager.operations.get
  • deploymentmanager.operations.list

deploymentmanager.resources.*

  • deploymentmanager.resources.get
  • deploymentmanager.resources.list

deploymentmanager.typeProviders.*

  • deploymentmanager.typeProviders.create
  • deploymentmanager.typeProviders.delete
  • deploymentmanager.typeProviders.get
  • deploymentmanager.typeProviders.getType
  • deploymentmanager.typeProviders.list
  • deploymentmanager.typeProviders.listTypes
  • deploymentmanager.typeProviders.update

deploymentmanager.types.*

  • deploymentmanager.types.create
  • deploymentmanager.types.delete
  • deploymentmanager.types.get
  • deploymentmanager.types.list
  • deploymentmanager.types.update

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

(roles/deploymentmanager.typeEditor)

Provides read and write access to all Type Registry resources.

Lowest-level resources where you can grant this role:

  • Project

deploymentmanager.compositeTypes.*

  • deploymentmanager.compositeTypes.create
  • deploymentmanager.compositeTypes.delete
  • deploymentmanager.compositeTypes.get
  • deploymentmanager.compositeTypes.list
  • deploymentmanager.compositeTypes.update

deploymentmanager.operations.get

deploymentmanager.typeProviders.*

  • deploymentmanager.typeProviders.create
  • deploymentmanager.typeProviders.delete
  • deploymentmanager.typeProviders.get
  • deploymentmanager.typeProviders.getType
  • deploymentmanager.typeProviders.list
  • deploymentmanager.typeProviders.listTypes
  • deploymentmanager.typeProviders.update

deploymentmanager.types.*

  • deploymentmanager.types.create
  • deploymentmanager.types.delete
  • deploymentmanager.types.get
  • deploymentmanager.types.list
  • deploymentmanager.types.update

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

(roles/deploymentmanager.typeViewer)

Provides read-only access to all Type Registry resources.

Lowest-level resources where you can grant this role:

  • Project

deploymentmanager.compositeTypes.get

deploymentmanager.compositeTypes.list

deploymentmanager.typeProviders.get

deploymentmanager.typeProviders.getType

deploymentmanager.typeProviders.list

deploymentmanager.typeProviders.listTypes

deploymentmanager.types.get

deploymentmanager.types.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

(roles/deploymentmanager.viewer)

Provides read-only access to all Deployment Manager-related resources.

Lowest-level resources where you can grant this role:

  • Project

deploymentmanager.compositeTypes.get

deploymentmanager.compositeTypes.list

deploymentmanager.deployments.get

deploymentmanager.deployments.list

deploymentmanager.manifests.*

  • deploymentmanager.manifests.get
  • deploymentmanager.manifests.list

deploymentmanager.operations.*

  • deploymentmanager.operations.get
  • deploymentmanager.operations.list

deploymentmanager.resources.*

  • deploymentmanager.resources.get
  • deploymentmanager.resources.list

deploymentmanager.typeProviders.get

deploymentmanager.typeProviders.getType

deploymentmanager.typeProviders.list

deploymentmanager.typeProviders.listTypes

deploymentmanager.types.get

deploymentmanager.types.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Deployment Manager 액세스 제어

다른 Google Cloud 리소스를 만들기 위해 Deployment Manager는 Google API 서비스 에이전트의 사용자 인증 정보를 사용하여 다른 API를 인증합니다. Google API 서비스 에이전트는 특히 내부 Google 프로세스를 자동으로 실행하도록 설계되었습니다. 이 서비스 계정은 이메일을 사용하여 식별할 수 있습니다.

[PROJECT_NUMBER]@cloudservices.gserviceaccount.com

Google API 서비스 에이전트에는 프로젝트 수준에서 편집자 역할이 자동으로 부여되며, Google Cloud 콘솔의 IAM 섹션에 나열됩니다. 이 서비스 계정은 프로젝트와 함께 무기한 존재하며, 프로젝트가 삭제될 때만 삭제됩니다. Deployment Manager 및 관리형 인스턴스 그룹과 같은 기타 서비스는 이 서비스 계정을 사용하여 리소스를 생성, 삭제, 관리하므로 이 계정의 권한을 수정하지 않는 것이 좋습니다.

다음 단계