Configurare un progetto e le autorizzazioni

Questa pagina mostra come creare un progetto Google Cloud , attivare AML AI, creare credenziali di autenticazione e concedere al tuo account uno o più ruoli IAM.

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.

  2. Install the Google Cloud CLI.

  3. Se utilizzi un provider di identità (IdP) esterno, devi prima accedere a gcloud CLI con la tua identità federata.

  4. Per inizializzare gcloud CLI, esegui questo comando: 

    gcloud init

  5. Create or select a Google Cloud project.

    Roles required to select or create a project

    • Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
    • Create a project: To create a project, you need the Project Creator (roles/resourcemanager.projectCreator), which contains the resourcemanager.projects.create permission. Learn how to grant roles.

    • Create a Google Cloud project:

      gcloud projects create PROJECT_ID

      Replace PROJECT_ID with a name for the Google Cloud project you are creating.

    • Select the Google Cloud project that you created:

      gcloud config set project PROJECT_ID

      Replace PROJECT_ID with your Google Cloud project name.

  6. Verify that billing is enabled for your Google Cloud project.

  7. Enable the required APIs:

    Roles required to enable APIs

    To enable APIs, you need the Service Usage Admin IAM role (roles/serviceusage.serviceUsageAdmin), which contains the serviceusage.services.enable permission. Learn how to grant roles. 

    gcloud services enable financialservices.googleapis.com bigquery.googleapis.com cloudkms.googleapis.com

  8. If you're using a local shell, then create local authentication credentials for your user account: 

    gcloud auth application-default login

    You don't need to do this if you're using Cloud Shell.

    If an authentication error is returned, and you are using an external identity provider (IdP), confirm that you have signed in to the gcloud CLI with your federated identity.

  9. Grant roles to your user account. Run the following command once for each of the following IAM roles: roles/financialservices.admin, roles/cloudkms.admin, roles/bigquery.admin 

    gcloud projects add-iam-policy-binding PROJECT_ID --member="user:USER_IDENTIFIER" --role=ROLE

    Replace the following:

    • PROJECT_ID: your project ID.
    • USER_IDENTIFIER: the identifier for your user account—for example, myemail@example.com.
    • ROLE: the IAM role that you grant to your user account.

  10. Install the Google Cloud CLI.

  11. Se utilizzi un provider di identità (IdP) esterno, devi prima accedere a gcloud CLI con la tua identità federata.

  12. Per inizializzare gcloud CLI, esegui questo comando: 

    gcloud init

  13. Create or select a Google Cloud project.

    Roles required to select or create a project

    • Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
    • Create a project: To create a project, you need the Project Creator (roles/resourcemanager.projectCreator), which contains the resourcemanager.projects.create permission. Learn how to grant roles.

    • Create a Google Cloud project:

      gcloud projects create PROJECT_ID

      Replace PROJECT_ID with a name for the Google Cloud project you are creating.

    • Select the Google Cloud project that you created:

      gcloud config set project PROJECT_ID

      Replace PROJECT_ID with your Google Cloud project name.

  14. Verify that billing is enabled for your Google Cloud project.

  15. Enable the required APIs:

    Roles required to enable APIs

    To enable APIs, you need the Service Usage Admin IAM role (roles/serviceusage.serviceUsageAdmin), which contains the serviceusage.services.enable permission. Learn how to grant roles. 

    gcloud services enable financialservices.googleapis.com bigquery.googleapis.com cloudkms.googleapis.com

  16. If you're using a local shell, then create local authentication credentials for your user account: 

    gcloud auth application-default login

    You don't need to do this if you're using Cloud Shell.

    If an authentication error is returned, and you are using an external identity provider (IdP), confirm that you have signed in to the gcloud CLI with your federated identity.

  17. Grant roles to your user account. Run the following command once for each of the following IAM roles: roles/financialservices.admin, roles/cloudkms.admin, roles/bigquery.admin 

    gcloud projects add-iam-policy-binding PROJECT_ID --member="user:USER_IDENTIFIER" --role=ROLE

    Replace the following:

    • PROJECT_ID: your project ID.
    • USER_IDENTIFIER: the identifier for your user account—for example, myemail@example.com.
    • ROLE: the IAM role that you grant to your user account.
    18.  Questi ruoli soddisfano le seguenti autorizzazioni richieste:

    Autorizzazioni obbligatorie

    Per completare la guida rapida sono necessarie le seguenti autorizzazioni, che sono necessarie per eseguire molte operazioni vitali in AML AI.

    Autorizzazione Descrizione
    resourcemanager.projects.getOttenere un progetto Google Cloud
    resourcemanager.projects.listList Google Cloud projects
    cloudkms.keyRings.createCrea un keyring Cloud KMS
    cloudkms.cryptoKeys.createCrea una chiave Cloud KMS
    financialservices.v1instances.createCrea un'istanza AML AI
    financialservices.operations.getRecupera un'operazione AML AI
    cloudkms.cryptoKeys.getIamPolicyRecupera il criterio IAM su una chiave Cloud KMS
    cloudkms.cryptoKeys.setIamPolicyImposta il criterio IAM su una chiave Cloud KMS
    bigquery.datasets.createCrea un set di dati BigQuery
    bigquery.datasets.getRecuperare un set di dati BigQuery
    bigquery.transfers.getRecupera un trasferimento BigQuery Data Transfer Service
    bigquery.transfers.updateCreare o eliminare un trasferimento BigQuery Data Transfer Service
    bigquery.datasets.setIamPolicyImpostare il criterio IAM su un set di dati BigQuery
    bigquery.datasets.updateAggiorna un set di dati BigQuery
    financialservices.v1datasets.createCrea un set di dati AML AI
    financialservices.v1engineconfigs.createCrea una configurazione del motore AML AI
    financialservices.v1models.createCrea un modello AML AI
    financialservices.v1backtests.createCrea un risultato di backtest AML AI
    financialservices.v1backtests.exportMetadataEsportare i metadati da un risultato di backtest AML AI
    financialservices.v1instances.importRegisteredPartiesImportare le parti registrate in un'istanza AML AI
    financialservices.v1predictions.createCrea un risultato della previsione AML AI
    bigquery.jobs.createCrea un job BigQuery
    bigquery.tables.getDataRecuperare i dati da una tabella BigQuery
    financialservices.v1predictions.deleteEliminare il risultato di una previsione AML AI
    financialservices.v1backtests.deleteEliminare il risultato di un backtest AML AI
    financialservices.v1models.deleteEliminare un modello AML AI
    financialservices.v1engineconfigs.deleteElimina una configurazione del motore AML AI
    financialservices.v1datasets.deleteEliminare un set di dati AML AI
    financialservices.v1instances.deleteElimina un'istanza AML AI
    bigquery.datasets.deleteElimina un set di dati BigQuery