Filestore 权限还与所有者、编辑者和查看者的 IAM 基本角色相关联。如需向用户授予 Filestore 权限,除了 Filestore 角色之外,您还可以使用这些角色。
请使用下表查看与基本角色关联的 Filestore 权限。
权限
操作
Project Owner
Project Editor
Project Viewer
file.locations.get
获取该服务支持的位置的相关信息。
✓
✓
✓
file.locations.list
列出该服务的支持位置的相关信息。
✓
✓
✓
file.instances.create
创建 Filestore 实例。
✓
✓
file.instances.update
更新 Filestore 实例。
✓
✓
file.instances.delete
删除 Filestore 实例。
✓
✓
file.instances.get
获取有关特定 Filestore 实例的详细信息。
✓
✓
✓
file.instances.list
列出项目中的 Filestore 实例。
✓
✓
✓
file.operations.get
获取 Filestore 实例操作的状态。
✓
✓
✓
file.operations.list
列出 Filestore 实例操作。
✓
✓
✓
file.operations.cancel
取消 Filestore 实例操作。
✓
✓
file.operations.delete
删除 Filestore 实例操作。
✓
✓
file.backups.create
创建 Filestore 备份。
✓
✓
file.backups.update
更新 Filestore 备份。
✓
✓
file.backups.delete
删除 Filestore 备份。
✓
✓
file.backups.get
获取有关特定 Filestore 备份的详细信息。
✓
✓
✓
file.backups.list
列出项目中的 Filestore 备份。
✓
✓
✓
file.snapshots.create
创建 Filestore 快照。
✓
✓
file.snapshots.update
更新 Filestore 快照。
✓
✓
file.snapshots.delete
删除 Filestore 快照。
✓
✓
file.snapshots.get
获取有关特定 Filestore 快照的详细信息。
✓
✓
✓
file.snapshots.list
列出项目中的 Filestore 快照。
✓
✓
✓
自定义角色
如果预定义的 IAM 角色不符合您的需求,您可以使用通过 IAM 的自定义角色指定的权限来定义一个自定义角色。为 Filestore 创建自定义角色时,请确保同时包含 resourcemanager.projects.get 和 resourcemanager.projects.list,以便该角色具有查询项目资源的权限。
相关角色
如需访问其他 Google Cloud 服务,可能需要其他角色。例如,如果您想查看或监控与 Filestore 实例性能相关的指标,则需要有权访问以下角色:
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-09-04。"],[[["\u003cp\u003eIAM roles are used to grant access to Filestore operations, such as creating or updating instances.\u003c/p\u003e\n"],["\u003cp\u003eFilestore Editor and Filestore Viewer are specific roles that can be used to manage Filestore permissions.\u003c/p\u003e\n"],["\u003cp\u003eBasic roles like Owner, Editor, and Viewer can also be used to grant Filestore permissions, in addition to the dedicated Filestore roles.\u003c/p\u003e\n"],["\u003cp\u003eCustom roles can be created if the predefined IAM roles do not adequately address your specific access requirements for Filestore.\u003c/p\u003e\n"],["\u003cp\u003ePOSIX file permissions are used to control operations on the file share itself, such as reading or executing files.\u003c/p\u003e\n"]]],[],null,["# IAM roles and permissions\n\nYou grant access to Filestore operations by [granting\nIdentity and Access Management (IAM) roles to users](/iam/docs/granting-changing-revoking-access).\n\nIAM permissions only control access to Filestore operations, like\ncreating a Filestore instance. To control access to operations on\nthe file share, like read or execute, use POSIX file permissions.\n\nUse Filestore roles\n-------------------\n\nTo grant Filestore permissions to users, use the\nFilestore Editor (`roles/file.editor`) and Filestore\nViewer (`roles/file.viewer`) roles. If you prefer, you can also use\n[basic roles](/filestore/docs/access-control#basic-roles) for this purpose.\n\nUse the following table to see the Filestore permissions associated\nwith Filestore roles.\n\nUsing basic roles\n-----------------\n\nFilestore permissions are also associated with the IAM\n[basic roles](/iam/docs/understanding-roles#basic) of owner, editor, and viewer.\nTo grant Filestore permissions to users, you can use these roles in\naddition to the Filestore roles.\n\nUse the following table to see the Filestore permissions associated\nwith basic roles.\n\nCustom roles\n------------\n\nIf the predefined IAM roles don't meet your needs, you can define a custom role\nwith permissions that you specify using IAM's\n[custom roles](/iam/docs/understanding-custom-roles).\nWhen you create custom roles for Filestore, make sure that you\ninclude both `resourcemanager.projects.get` and `resourcemanager.projects.list`\nso that the role has permission to query project resources.\n\nRelated roles\n-------------\n\nOther roles may be required for access to other Google Cloud services. For\nexample, if you want to view or monitor metrics related to Filestore\ninstance performance, you'll need access to the following roles:\n\n- Monitoring Viewer\n- Monitoring Editor\n\nTo see how to grant access to these roles and others, see\n[Grant access to Cloud Monitoring](/monitoring/access-control#grant-monitoring-access).\n\nNext steps\n----------\n\n- Try one of the Filestore quickstarts:\n\n - Using the [Google Cloud console](/filestore/docs/quickstart-console)\n - Using the [Google Cloud CLI](/filestore/docs/quickstart-gcloud)"]]
