API 管理角色和权限

本页面列出了 API 管理的 IAM 角色和权限。如需搜索所有角色和权限，请参阅角色和权限索引。

API 管理角色

Role Permissions

Role	Permissions
API Management Admin ^Beta (`roles/apim.admin`) Full access to API Management resources.	`apim.*` `apim.apiObservations.batchEditTags` `apim.apiObservations.get` `apim.apiObservations.list` `apim.apiOperations.get` `apim.apiOperations.list` `apim.locations.get` `apim.locations.list` `apim.locations.listApiObservationTags` `apim.observationJobs.create` `apim.observationJobs.delete` `apim.observationJobs.disable` `apim.observationJobs.enable` `apim.observationJobs.get` `apim.observationJobs.list` `apim.observationSources.create` `apim.observationSources.delete` `apim.observationSources.get` `apim.observationSources.list` `apim.operations.cancel` `apim.operations.delete` `apim.operations.get` `apim.operations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
APIM API Discovery Service Agent (`roles/apim.apiDiscoveryServiceAgent`) Gives APIM the ability to manage resources in consumer project Warning: Do not grant service agent roles to any principals except service agents.	`compute.backendServices.create` `compute.backendServices.delete` `compute.backendServices.get` `compute.backendServices.list` `compute.backendServices.update` `compute.backendServices.use` `compute.globalOperations.get` `compute.networks.use` `compute.regionBackendServices.create` `compute.regionBackendServices.delete` `compute.regionBackendServices.get` `compute.regionBackendServices.list` `compute.regionBackendServices.update` `compute.regionBackendServices.use` `compute.regionNetworkEndpointGroups.attachNetworkEndpoints` `compute.regionNetworkEndpointGroups.create` `compute.regionNetworkEndpointGroups.delete` `compute.regionNetworkEndpointGroups.detachNetworkEndpoints` `compute.regionNetworkEndpointGroups.get` `compute.regionNetworkEndpointGroups.list` `compute.regionNetworkEndpointGroups.use` `compute.regionOperations.get` `compute.subnetworks.use` `networkservices.operations.*` `networkservices.operations.cancel` `networkservices.operations.delete` `networkservices.operations.get` `networkservices.operations.list`
API Management Viewer ^Beta (`roles/apim.viewer`) Readonly access to API Management resources.	`apim.apiObservations.get` `apim.apiObservations.list` `apim.apiOperations.` `apim.apiOperations.get` `apim.apiOperations.list` `apim.locations.` `apim.locations.get` `apim.locations.list` `apim.locations.listApiObservationTags` `apim.observationJobs.get` `apim.observationJobs.list` `apim.observationSources.get` `apim.observationSources.list` `apim.operations.get` `apim.operations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

API Management Admin ^Beta

(roles/apim.admin)

Full access to API Management resources.

apim.*

apim.apiObservations.batchEditTags
apim.apiObservations.get
apim.apiObservations.list
apim.apiOperations.get
apim.apiOperations.list
apim.locations.get
apim.locations.list
apim.locations.listApiObservationTags
apim.observationJobs.create
apim.observationJobs.delete
apim.observationJobs.disable
apim.observationJobs.enable
apim.observationJobs.get
apim.observationJobs.list
apim.observationSources.create
apim.observationSources.delete
apim.observationSources.get
apim.observationSources.list
apim.operations.cancel
apim.operations.delete
apim.operations.get
apim.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

APIM API Discovery Service Agent

(roles/apim.apiDiscoveryServiceAgent)

Gives APIM the ability to manage resources in consumer project

compute.backendServices.create

compute.backendServices.delete

compute.backendServices.get

compute.backendServices.list

compute.backendServices.update

compute.backendServices.use

compute.globalOperations.get

compute.networks.use

compute.regionBackendServices.create

compute.regionBackendServices.delete

compute.regionBackendServices.get

compute.regionBackendServices.list

compute.regionBackendServices.update

compute.regionBackendServices.use

compute.regionNetworkEndpointGroups.attachNetworkEndpoints

compute.regionNetworkEndpointGroups.create

compute.regionNetworkEndpointGroups.delete

compute.regionNetworkEndpointGroups.detachNetworkEndpoints

compute.regionNetworkEndpointGroups.get

compute.regionNetworkEndpointGroups.list

compute.regionNetworkEndpointGroups.use

compute.regionOperations.get

compute.subnetworks.use

networkservices.operations.*

networkservices.operations.cancel
networkservices.operations.delete
networkservices.operations.get
networkservices.operations.list

API Management Viewer ^Beta

(roles/apim.viewer)

Readonly access to API Management resources.

apim.apiObservations.get

apim.apiObservations.list

apim.apiOperations.*

apim.apiOperations.get
apim.apiOperations.list

apim.locations.*

apim.locations.get
apim.locations.list
apim.locations.listApiObservationTags

apim.observationJobs.get

apim.observationJobs.list

apim.observationSources.get

apim.observationSources.list

apim.operations.get

apim.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

API 管理权限

权限	以下角色拥有此权限
`apim.apiObservations.batchEditTags`	Owner (`roles/owner`) Editor (`roles/editor`) API Management Admin (`roles/apim.admin`)
`apim.apiObservations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) API Management Admin (`roles/apim.admin`) API Management Viewer (`roles/apim.viewer`)
`apim.apiObservations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) API Management Admin (`roles/apim.admin`) API Management Viewer (`roles/apim.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`)
`apim.apiOperations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) API Management Admin (`roles/apim.admin`) API Management Viewer (`roles/apim.viewer`)
`apim.apiOperations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) API Management Admin (`roles/apim.admin`) API Management Viewer (`roles/apim.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`)
`apim.locations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) API Management Admin (`roles/apim.admin`) API Management Viewer (`roles/apim.viewer`)
`apim.locations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) API Management Admin (`roles/apim.admin`) API Management Viewer (`roles/apim.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`)
`apim.locations.listApiObservationTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) API Management Admin (`roles/apim.admin`) API Management Viewer (`roles/apim.viewer`)
`apim.observationJobs.create`	Owner (`roles/owner`) Editor (`roles/editor`) API Management Admin (`roles/apim.admin`)
`apim.observationJobs.delete`	Owner (`roles/owner`) Editor (`roles/editor`) API Management Admin (`roles/apim.admin`)
`apim.observationJobs.disable`	Owner (`roles/owner`) Editor (`roles/editor`) API Management Admin (`roles/apim.admin`)
`apim.observationJobs.enable`	Owner (`roles/owner`) Editor (`roles/editor`) API Management Admin (`roles/apim.admin`)
`apim.observationJobs.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) API Management Admin (`roles/apim.admin`) API Management Viewer (`roles/apim.viewer`)
`apim.observationJobs.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) API Management Admin (`roles/apim.admin`) API Management Viewer (`roles/apim.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`)
`apim.observationSources.create`	Owner (`roles/owner`) Editor (`roles/editor`) API Management Admin (`roles/apim.admin`)
`apim.observationSources.delete`	Owner (`roles/owner`) Editor (`roles/editor`) API Management Admin (`roles/apim.admin`)
`apim.observationSources.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) API Management Admin (`roles/apim.admin`) API Management Viewer (`roles/apim.viewer`)
`apim.observationSources.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) API Management Admin (`roles/apim.admin`) API Management Viewer (`roles/apim.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`)
`apim.operations.cancel`	Owner (`roles/owner`) Editor (`roles/editor`) API Management Admin (`roles/apim.admin`)
`apim.operations.delete`	Owner (`roles/owner`) Editor (`roles/editor`) API Management Admin (`roles/apim.admin`)
`apim.operations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) API Management Admin (`roles/apim.admin`) API Management Viewer (`roles/apim.viewer`)
`apim.operations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) API Management Admin (`roles/apim.admin`) API Management Viewer (`roles/apim.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`)

API 管理角色和权限