Menyiapkan project dan izin

Halaman ini menunjukkan cara membuat Google Cloud project, mengaktifkan AML AI, membuat kredensial autentikasi, dan memberikan satu atau beberapa peran IAM kepada akun Anda.

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.

  2. Install the Google Cloud CLI.

  3. Jika Anda menggunakan penyedia identitas (IdP) eksternal, Anda harus login ke gcloud CLI dengan identitas gabungan Anda terlebih dahulu.

  4. Untuk melakukan inisialisasi gcloud CLI, jalankan perintah berikut: 

    gcloud init

  5. Create or select a Google Cloud project.

    Roles required to select or create a project

    • Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
    • Create a project: To create a project, you need the Project Creator (roles/resourcemanager.projectCreator), which contains the resourcemanager.projects.create permission. Learn how to grant roles.

    • Create a Google Cloud project:

      gcloud projects create PROJECT_ID

      Replace PROJECT_ID with a name for the Google Cloud project you are creating.

    • Select the Google Cloud project that you created:

      gcloud config set project PROJECT_ID

      Replace PROJECT_ID with your Google Cloud project name.

  6. Verify that billing is enabled for your Google Cloud project.

  7. Enable the required APIs:

    Roles required to enable APIs

    To enable APIs, you need the Service Usage Admin IAM role (roles/serviceusage.serviceUsageAdmin), which contains the serviceusage.services.enable permission. Learn how to grant roles. 

    gcloud services enable financialservices.googleapis.com bigquery.googleapis.com cloudkms.googleapis.com

  8. If you're using a local shell, then create local authentication credentials for your user account: 

    gcloud auth application-default login

    You don't need to do this if you're using Cloud Shell.

    If an authentication error is returned, and you are using an external identity provider (IdP), confirm that you have signed in to the gcloud CLI with your federated identity.

  9. Grant roles to your user account. Run the following command once for each of the following IAM roles: roles/financialservices.admin, roles/cloudkms.admin, roles/bigquery.admin 

    gcloud projects add-iam-policy-binding PROJECT_ID --member="user:USER_IDENTIFIER" --role=ROLE

    Replace the following:

    • PROJECT_ID: your project ID.
    • USER_IDENTIFIER: the identifier for your user account—for example, myemail@example.com.
    • ROLE: the IAM role that you grant to your user account.

  10. Install the Google Cloud CLI.

  11. Jika Anda menggunakan penyedia identitas (IdP) eksternal, Anda harus login ke gcloud CLI dengan identitas gabungan Anda terlebih dahulu.

  12. Untuk melakukan inisialisasi gcloud CLI, jalankan perintah berikut: 

    gcloud init

  13. Create or select a Google Cloud project.

    Roles required to select or create a project

    • Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
    • Create a project: To create a project, you need the Project Creator (roles/resourcemanager.projectCreator), which contains the resourcemanager.projects.create permission. Learn how to grant roles.

    • Create a Google Cloud project:

      gcloud projects create PROJECT_ID

      Replace PROJECT_ID with a name for the Google Cloud project you are creating.

    • Select the Google Cloud project that you created:

      gcloud config set project PROJECT_ID

      Replace PROJECT_ID with your Google Cloud project name.

  14. Verify that billing is enabled for your Google Cloud project.

  15. Enable the required APIs:

    Roles required to enable APIs

    To enable APIs, you need the Service Usage Admin IAM role (roles/serviceusage.serviceUsageAdmin), which contains the serviceusage.services.enable permission. Learn how to grant roles. 

    gcloud services enable financialservices.googleapis.com bigquery.googleapis.com cloudkms.googleapis.com

  16. If you're using a local shell, then create local authentication credentials for your user account: 

    gcloud auth application-default login

    You don't need to do this if you're using Cloud Shell.

    If an authentication error is returned, and you are using an external identity provider (IdP), confirm that you have signed in to the gcloud CLI with your federated identity.

  17. Grant roles to your user account. Run the following command once for each of the following IAM roles: roles/financialservices.admin, roles/cloudkms.admin, roles/bigquery.admin 

    gcloud projects add-iam-policy-binding PROJECT_ID --member="user:USER_IDENTIFIER" --role=ROLE

    Replace the following:

    • PROJECT_ID: your project ID.
    • USER_IDENTIFIER: the identifier for your user account—for example, myemail@example.com.
    • ROLE: the IAM role that you grant to your user account.
    18.  Peran ini memenuhi izin wajib berikut:

    Izin yang diperlukan

    Izin berikut diperlukan untuk menyelesaikan mulai cepat dan diperlukan untuk melakukan banyak operasi penting di AML AI.

    Izin Deskripsi
    resourcemanager.projects.getMendapatkan project Google Cloud
    resourcemanager.projects.listList Google Cloud projects
    cloudkms.keyRings.createBuat key ring Cloud KMS
    cloudkms.cryptoKeys.createMembuat kunci Cloud KMS
    financialservices.v1instances.createMembuat instance AML AI
    financialservices.operations.getMendapatkan operasi AML AI
    cloudkms.cryptoKeys.getIamPolicyMendapatkan kebijakan IAM pada kunci Cloud KMS
    cloudkms.cryptoKeys.setIamPolicyMenetapkan kebijakan IAM pada kunci Cloud KMS
    bigquery.datasets.createMembuat set data BigQuery
    bigquery.datasets.getMendapatkan set data BigQuery
    bigquery.transfers.getMendapatkan transfer BigQuery Data Transfer Service
    bigquery.transfers.updateMembuat atau menghapus transfer BigQuery Data Transfer Service
    bigquery.datasets.setIamPolicyMenetapkan kebijakan IAM pada set data BigQuery
    bigquery.datasets.updateMemperbarui set data BigQuery
    financialservices.v1datasets.createMembuat set data AML AI
    financialservices.v1engineconfigs.createMembuat konfigurasi mesin AML AI
    financialservices.v1models.createMembuat model AML AI
    financialservices.v1backtests.createMembuat hasil backtest AML AI
    financialservices.v1backtests.exportMetadataMengekspor metadata dari hasil uji coba AI AML
    financialservices.v1instances.importRegisteredPartiesMengimpor pihak terdaftar ke instance AML AI
    financialservices.v1predictions.createMembuat hasil prediksi AML AI
    bigquery.jobs.createMembuat tugas BigQuery
    bigquery.tables.getDataMendapatkan data dari tabel BigQuery
    financialservices.v1predictions.deleteMenghapus hasil prediksi AI AML
    financialservices.v1backtests.deleteMenghapus hasil uji ulang AML AI
    financialservices.v1models.deleteMenghapus model AML AI
    financialservices.v1engineconfigs.deleteMenghapus konfigurasi mesin AML AI
    financialservices.v1datasets.deleteMenghapus set data AML AI
    financialservices.v1instances.deleteMenghapus instance AML AI
    bigquery.datasets.deleteMenghapus set data BigQuery