Cloud Controls Partner API 角色和权限

本页面列出了 Cloud Controls Partner API 的 IAM 角色和权限。如需搜索所有角色和权限，请参阅角色和权限索引。

Cloud Controls Partner API 角色

Role Permissions

Role	Permissions
Cloud Controls Partner Access Approval Service Agent (`roles/cloudcontrolspartner.accessApprovalServiceAgent`) Gives the Partner Console service account access to read Access Approval Requests for workloads associated with a partner. Warning: Do not grant service agent roles to any principals except service agents.	`accessapproval.requests.get` `accessapproval.requests.list`
Cloud Controls Partner Admin (`roles/cloudcontrolspartner.admin`) Full access to Cloud Controls Partner resources.	`cloudcontrolspartner.accessapprovalrequests.list` `cloudcontrolspartner.customers.*` `cloudcontrolspartner.customers.create` `cloudcontrolspartner.customers.delete` `cloudcontrolspartner.customers.get` `cloudcontrolspartner.customers.list` `cloudcontrolspartner.ekmconnections.get` `cloudcontrolspartner.inspectabilityevents.get` `cloudcontrolspartner.partnerpermissions.get` `cloudcontrolspartner.partners.get` `cloudcontrolspartner.platformcontrols.get` `cloudcontrolspartner.violations.list` `cloudcontrolspartner.workloads.list`
Cloud Controls Partner Editor (`roles/cloudcontrolspartner.editor`) Editor access to Cloud Controls Partner resources.	`cloudcontrolspartner.*` `cloudcontrolspartner.accessapprovalrequests.list` `cloudcontrolspartner.customers.create` `cloudcontrolspartner.customers.delete` `cloudcontrolspartner.customers.get` `cloudcontrolspartner.customers.list` `cloudcontrolspartner.ekmconnections.get` `cloudcontrolspartner.inspectabilityevents.get` `cloudcontrolspartner.partnerpermissions.get` `cloudcontrolspartner.partners.get` `cloudcontrolspartner.platformcontrols.get` `cloudcontrolspartner.violations.get` `cloudcontrolspartner.violations.list` `cloudcontrolspartner.workloads.get` `cloudcontrolspartner.workloads.list`
Cloud Controls Partner EKM Service Agent (`roles/cloudcontrolspartner.ekmServiceAgent`) Gives Cloud Controls Partner service agent permission to list EKM connections, get EKM connection status, and provide EKM diagnostic information. Warning: Do not grant service agent roles to any principals except service agents.	`cloudkms.ekmConnections.get` `cloudkms.ekmConnections.getIamPolicy` `cloudkms.ekmConnections.list` `cloudkms.ekmConnections.verifyConnectivity`
Cloud Controls Partner Inspectability Reader (`roles/cloudcontrolspartner.inspectabilityReader`) Readonly access to Cloud Controls Partner inspectability resources.	`cloudcontrolspartner.customers.get` `cloudcontrolspartner.customers.list` `cloudcontrolspartner.inspectabilityevents.get` `cloudcontrolspartner.platformcontrols.get`
Cloud Controls Partner Monitoring Reader (`roles/cloudcontrolspartner.monitoringReader`) Read-only access to Cloud Controls Partner monitoring resources.	`cloudcontrolspartner.customers.get` `cloudcontrolspartner.customers.list` `cloudcontrolspartner.violations.` `cloudcontrolspartner.violations.get` `cloudcontrolspartner.violations.list` `cloudcontrolspartner.workloads.` `cloudcontrolspartner.workloads.get` `cloudcontrolspartner.workloads.list`
Cloud Controls Partner Monitoring Service Agent (`roles/cloudcontrolspartner.monitoringServiceAgent`) Gives Cloud Controls Partner monitoring service agent permission to view and list Assured Workload violations. The role is assigned to enable partner monitoring capability. Warning: Do not grant service agent roles to any principals except service agents.	`assuredworkloads.violations.get` `assuredworkloads.violations.list`
Cloud Controls Partner Reader (`roles/cloudcontrolspartner.reader`) Read-only access to Cloud Controls Partner resources.	`cloudcontrolspartner.accessapprovalrequests.list` `cloudcontrolspartner.customers.get` `cloudcontrolspartner.customers.list` `cloudcontrolspartner.ekmconnections.get` `cloudcontrolspartner.inspectabilityevents.get` `cloudcontrolspartner.partnerpermissions.get` `cloudcontrolspartner.partners.get` `cloudcontrolspartner.platformcontrols.get` `cloudcontrolspartner.violations.` `cloudcontrolspartner.violations.get` `cloudcontrolspartner.violations.list` `cloudcontrolspartner.workloads.` `cloudcontrolspartner.workloads.get` `cloudcontrolspartner.workloads.list`
Cloud Controls Partner Support Case Service Agent (`roles/cloudcontrolspartner.supportCaseServiceAgent`) Gives the Partner Console service account access to support cases for workloads associated with a partner. Warning: Do not grant service agent roles to any principals except service agents.	`cloudsupport.techCases.get`

Cloud Controls Partner Access Approval Service Agent

(roles/cloudcontrolspartner.accessApprovalServiceAgent)

Gives the Partner Console service account access to read Access Approval Requests for workloads associated with a partner.

accessapproval.requests.get

accessapproval.requests.list

Cloud Controls Partner Admin

(roles/cloudcontrolspartner.admin)

Full access to Cloud Controls Partner resources.

cloudcontrolspartner.accessapprovalrequests.list

cloudcontrolspartner.customers.*

cloudcontrolspartner.customers.create
cloudcontrolspartner.customers.delete
cloudcontrolspartner.customers.get
cloudcontrolspartner.customers.list

cloudcontrolspartner.ekmconnections.get

cloudcontrolspartner.inspectabilityevents.get

cloudcontrolspartner.partnerpermissions.get

cloudcontrolspartner.partners.get

cloudcontrolspartner.platformcontrols.get

cloudcontrolspartner.violations.list

cloudcontrolspartner.workloads.list

Cloud Controls Partner Editor

(roles/cloudcontrolspartner.editor)

Editor access to Cloud Controls Partner resources.

cloudcontrolspartner.*

cloudcontrolspartner.accessapprovalrequests.list
cloudcontrolspartner.customers.create
cloudcontrolspartner.customers.delete
cloudcontrolspartner.customers.get
cloudcontrolspartner.customers.list
cloudcontrolspartner.ekmconnections.get
cloudcontrolspartner.inspectabilityevents.get
cloudcontrolspartner.partnerpermissions.get
cloudcontrolspartner.partners.get
cloudcontrolspartner.platformcontrols.get
cloudcontrolspartner.violations.get
cloudcontrolspartner.violations.list
cloudcontrolspartner.workloads.get
cloudcontrolspartner.workloads.list

Cloud Controls Partner EKM Service Agent

(roles/cloudcontrolspartner.ekmServiceAgent)

Gives Cloud Controls Partner service agent permission to list EKM connections, get EKM connection status, and provide EKM diagnostic information.

cloudkms.ekmConnections.get

cloudkms.ekmConnections.getIamPolicy

cloudkms.ekmConnections.list

cloudkms.ekmConnections.verifyConnectivity

Cloud Controls Partner Inspectability Reader

(roles/cloudcontrolspartner.inspectabilityReader)

Readonly access to Cloud Controls Partner inspectability resources.

cloudcontrolspartner.customers.get

cloudcontrolspartner.customers.list

cloudcontrolspartner.inspectabilityevents.get

cloudcontrolspartner.platformcontrols.get

Cloud Controls Partner Monitoring Reader

(roles/cloudcontrolspartner.monitoringReader)

Read-only access to Cloud Controls Partner monitoring resources.

cloudcontrolspartner.customers.get

cloudcontrolspartner.customers.list

cloudcontrolspartner.violations.*

cloudcontrolspartner.violations.get
cloudcontrolspartner.violations.list

cloudcontrolspartner.workloads.*

cloudcontrolspartner.workloads.get
cloudcontrolspartner.workloads.list

Cloud Controls Partner Monitoring Service Agent

(roles/cloudcontrolspartner.monitoringServiceAgent)

Gives Cloud Controls Partner monitoring service agent permission to view and list Assured Workload violations. The role is assigned to enable partner monitoring capability.

assuredworkloads.violations.get

assuredworkloads.violations.list

Cloud Controls Partner Reader

(roles/cloudcontrolspartner.reader)

Read-only access to Cloud Controls Partner resources.

cloudcontrolspartner.accessapprovalrequests.list

cloudcontrolspartner.customers.get

cloudcontrolspartner.customers.list

cloudcontrolspartner.ekmconnections.get

cloudcontrolspartner.inspectabilityevents.get

cloudcontrolspartner.partnerpermissions.get

cloudcontrolspartner.partners.get

cloudcontrolspartner.platformcontrols.get

cloudcontrolspartner.violations.*

cloudcontrolspartner.violations.get
cloudcontrolspartner.violations.list

cloudcontrolspartner.workloads.*

cloudcontrolspartner.workloads.get
cloudcontrolspartner.workloads.list

Cloud Controls Partner Support Case Service Agent

(roles/cloudcontrolspartner.supportCaseServiceAgent)

Gives the Partner Console service account access to support cases for workloads associated with a partner.

cloudsupport.techCases.get

Cloud Controls Partner API 权限

权限	以下角色拥有此权限
`cloudcontrolspartner.accessapprovalrequests.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Controls Partner Admin (`roles/cloudcontrolspartner.admin`) Cloud Controls Partner Editor (`roles/cloudcontrolspartner.editor`) Cloud Controls Partner Reader (`roles/cloudcontrolspartner.reader`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`)
`cloudcontrolspartner.customers.create`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Controls Partner Admin (`roles/cloudcontrolspartner.admin`) Cloud Controls Partner Editor (`roles/cloudcontrolspartner.editor`)
`cloudcontrolspartner.customers.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Controls Partner Admin (`roles/cloudcontrolspartner.admin`) Cloud Controls Partner Editor (`roles/cloudcontrolspartner.editor`)
`cloudcontrolspartner.customers.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Controls Partner Admin (`roles/cloudcontrolspartner.admin`) Cloud Controls Partner Editor (`roles/cloudcontrolspartner.editor`) Cloud Controls Partner Inspectability Reader (`roles/cloudcontrolspartner.inspectabilityReader`) Cloud Controls Partner Monitoring Reader (`roles/cloudcontrolspartner.monitoringReader`) Cloud Controls Partner Reader (`roles/cloudcontrolspartner.reader`)
`cloudcontrolspartner.customers.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Controls Partner Admin (`roles/cloudcontrolspartner.admin`) Cloud Controls Partner Editor (`roles/cloudcontrolspartner.editor`) Cloud Controls Partner Inspectability Reader (`roles/cloudcontrolspartner.inspectabilityReader`) Cloud Controls Partner Monitoring Reader (`roles/cloudcontrolspartner.monitoringReader`) Cloud Controls Partner Reader (`roles/cloudcontrolspartner.reader`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`)
`cloudcontrolspartner.ekmconnections.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Controls Partner Admin (`roles/cloudcontrolspartner.admin`) Cloud Controls Partner Editor (`roles/cloudcontrolspartner.editor`) Cloud Controls Partner Reader (`roles/cloudcontrolspartner.reader`)
`cloudcontrolspartner.inspectabilityevents.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Controls Partner Admin (`roles/cloudcontrolspartner.admin`) Cloud Controls Partner Editor (`roles/cloudcontrolspartner.editor`) Cloud Controls Partner Inspectability Reader (`roles/cloudcontrolspartner.inspectabilityReader`) Cloud Controls Partner Reader (`roles/cloudcontrolspartner.reader`)
`cloudcontrolspartner.partnerpermissions.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Controls Partner Admin (`roles/cloudcontrolspartner.admin`) Cloud Controls Partner Editor (`roles/cloudcontrolspartner.editor`) Cloud Controls Partner Reader (`roles/cloudcontrolspartner.reader`)
`cloudcontrolspartner.partners.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Controls Partner Admin (`roles/cloudcontrolspartner.admin`) Cloud Controls Partner Editor (`roles/cloudcontrolspartner.editor`) Cloud Controls Partner Reader (`roles/cloudcontrolspartner.reader`)
`cloudcontrolspartner.platformcontrols.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Controls Partner Admin (`roles/cloudcontrolspartner.admin`) Cloud Controls Partner Editor (`roles/cloudcontrolspartner.editor`) Cloud Controls Partner Inspectability Reader (`roles/cloudcontrolspartner.inspectabilityReader`) Cloud Controls Partner Reader (`roles/cloudcontrolspartner.reader`)
`cloudcontrolspartner.violations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Controls Partner Editor (`roles/cloudcontrolspartner.editor`) Cloud Controls Partner Monitoring Reader (`roles/cloudcontrolspartner.monitoringReader`) Cloud Controls Partner Reader (`roles/cloudcontrolspartner.reader`)
`cloudcontrolspartner.violations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Controls Partner Admin (`roles/cloudcontrolspartner.admin`) Cloud Controls Partner Editor (`roles/cloudcontrolspartner.editor`) Cloud Controls Partner Monitoring Reader (`roles/cloudcontrolspartner.monitoringReader`) Cloud Controls Partner Reader (`roles/cloudcontrolspartner.reader`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`)
`cloudcontrolspartner.workloads.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Controls Partner Editor (`roles/cloudcontrolspartner.editor`) Cloud Controls Partner Monitoring Reader (`roles/cloudcontrolspartner.monitoringReader`) Cloud Controls Partner Reader (`roles/cloudcontrolspartner.reader`)
`cloudcontrolspartner.workloads.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Controls Partner Admin (`roles/cloudcontrolspartner.admin`) Cloud Controls Partner Editor (`roles/cloudcontrolspartner.editor`) Cloud Controls Partner Monitoring Reader (`roles/cloudcontrolspartner.monitoringReader`) Cloud Controls Partner Reader (`roles/cloudcontrolspartner.reader`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`)

Cloud Controls Partner API 角色和权限