Config Delivery 角色和权限

本页面列出了 Config Delivery 的 IAM 角色和权限。如需搜索所有角色和权限，请参阅角色和权限索引。

Config Delivery 角色

Role Permissions

Role	Permissions
ConfigDelivery Admin ^Beta (`roles/configdelivery.configDeliveryAdmin`) Grants full access to all Config Delivery resources. Lets users create, remove and manage fleet packages and resource bundles.	`configdelivery.*` `configdelivery.fleetPackages.create` `configdelivery.fleetPackages.delete` `configdelivery.fleetPackages.get` `configdelivery.fleetPackages.list` `configdelivery.fleetPackages.update` `configdelivery.locations.get` `configdelivery.locations.list` `configdelivery.operations.cancel` `configdelivery.operations.delete` `configdelivery.operations.get` `configdelivery.operations.list` `configdelivery.releases.create` `configdelivery.releases.delete` `configdelivery.releases.get` `configdelivery.releases.list` `configdelivery.releases.update` `configdelivery.resourceBundles.create` `configdelivery.resourceBundles.delete` `configdelivery.resourceBundles.get` `configdelivery.resourceBundles.list` `configdelivery.resourceBundles.update` `configdelivery.rollouts.abort` `configdelivery.rollouts.get` `configdelivery.rollouts.list` `configdelivery.rollouts.resume` `configdelivery.rollouts.suspend` `resourcemanager.projects.get` `resourcemanager.projects.list`
ConfigDelivery Viewer ^Beta (`roles/configdelivery.configDeliveryViewer`) Grants read access to all Config Delivery resources. Lets users view existing fleet packages and resource bundles, but they will not be able to make any changes.	`configdelivery.fleetPackages.get` `configdelivery.fleetPackages.list` `configdelivery.locations.*` `configdelivery.locations.get` `configdelivery.locations.list` `configdelivery.operations.get` `configdelivery.operations.list` `configdelivery.releases.get` `configdelivery.releases.list` `configdelivery.resourceBundles.get` `configdelivery.resourceBundles.list` `configdelivery.rollouts.get` `configdelivery.rollouts.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Config Delivery Resource Bundle Publisher ^Beta (`roles/configdelivery.resourceBundlePublisher`) Grants read and write permissions to Config Delivery ResourceBundles and Releases.	`configdelivery.locations.*` `configdelivery.locations.get` `configdelivery.locations.list` `configdelivery.operations.get` `configdelivery.operations.list` `configdelivery.releases.create` `configdelivery.releases.get` `configdelivery.releases.list` `configdelivery.releases.update` `configdelivery.resourceBundles.create` `configdelivery.resourceBundles.get` `configdelivery.resourceBundles.list` `configdelivery.resourceBundles.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Config Delivery Service Agent (`roles/configdelivery.serviceAgent`) Gives the Config Delivery service account permission to manage resources Warning: Do not grant service agent roles to any principals except service agents.	`artifactregistry.dockerimages.` `artifactregistry.dockerimages.get` `artifactregistry.dockerimages.list` `artifactregistry.projectsettings.get` `artifactregistry.repositories.create` `artifactregistry.repositories.downloadArtifacts` `artifactregistry.repositories.get` `artifactregistry.repositories.getIamPolicy` `artifactregistry.repositories.list` `artifactregistry.repositories.listEffectiveTags` `artifactregistry.repositories.listTagBindings` `artifactregistry.repositories.setIamPolicy` `artifactregistry.repositories.uploadArtifacts` `artifactregistry.tags.` `artifactregistry.tags.create` `artifactregistry.tags.delete` `artifactregistry.tags.get` `artifactregistry.tags.list` `artifactregistry.tags.update` `artifactregistry.versions.delete` `artifactregistry.versions.get` `artifactregistry.versions.list` `cloudbuild.builds.create` `cloudbuild.builds.get` `cloudbuild.builds.list` `cloudbuild.builds.update` `cloudbuild.repositories.get` `container.customResourceDefinitions.get` `container.customResourceDefinitions.list` `container.serviceAccounts.get` `container.serviceAccounts.list` `container.thirdPartyObjects.*` `container.thirdPartyObjects.create` `container.thirdPartyObjects.delete` `container.thirdPartyObjects.get` `container.thirdPartyObjects.list` `container.thirdPartyObjects.update` `gkehub.gateway.delete` `gkehub.gateway.generateCredentials` `gkehub.gateway.get` `gkehub.gateway.patch` `gkehub.gateway.post` `gkehub.gateway.put` `gkehub.memberships.get` `iam.serviceAccounts.actAs`

ConfigDelivery Admin ^Beta

(roles/configdelivery.configDeliveryAdmin)

Grants full access to all Config Delivery resources. Lets users create, remove and manage fleet packages and resource bundles.

configdelivery.*

configdelivery.fleetPackages.create
configdelivery.fleetPackages.delete
configdelivery.fleetPackages.get
configdelivery.fleetPackages.list
configdelivery.fleetPackages.update
configdelivery.locations.get
configdelivery.locations.list
configdelivery.operations.cancel
configdelivery.operations.delete
configdelivery.operations.get
configdelivery.operations.list
configdelivery.releases.create
configdelivery.releases.delete
configdelivery.releases.get
configdelivery.releases.list
configdelivery.releases.update
configdelivery.resourceBundles.create
configdelivery.resourceBundles.delete
configdelivery.resourceBundles.get
configdelivery.resourceBundles.list
configdelivery.resourceBundles.update
configdelivery.rollouts.abort
configdelivery.rollouts.get
configdelivery.rollouts.list
configdelivery.rollouts.resume
configdelivery.rollouts.suspend

resourcemanager.projects.get

resourcemanager.projects.list

ConfigDelivery Viewer ^Beta

(roles/configdelivery.configDeliveryViewer)

Grants read access to all Config Delivery resources. Lets users view existing fleet packages and resource bundles, but they will not be able to make any changes.

configdelivery.fleetPackages.get

configdelivery.fleetPackages.list

configdelivery.locations.*

configdelivery.locations.get
configdelivery.locations.list

configdelivery.operations.get

configdelivery.operations.list

configdelivery.releases.get

configdelivery.releases.list

configdelivery.resourceBundles.get

configdelivery.resourceBundles.list

configdelivery.rollouts.get

configdelivery.rollouts.list

resourcemanager.projects.get

resourcemanager.projects.list

Config Delivery Resource Bundle Publisher ^Beta

(roles/configdelivery.resourceBundlePublisher)

Grants read and write permissions to Config Delivery ResourceBundles and Releases.

configdelivery.locations.*

configdelivery.locations.get
configdelivery.locations.list

configdelivery.operations.get

configdelivery.operations.list

configdelivery.releases.create

configdelivery.releases.get

configdelivery.releases.list

configdelivery.releases.update

configdelivery.resourceBundles.create

configdelivery.resourceBundles.get

configdelivery.resourceBundles.list

configdelivery.resourceBundles.update

resourcemanager.projects.get

resourcemanager.projects.list

Config Delivery Service Agent

(roles/configdelivery.serviceAgent)

Gives the Config Delivery service account permission to manage resources

artifactregistry.dockerimages.*

artifactregistry.dockerimages.get
artifactregistry.dockerimages.list

artifactregistry.projectsettings.get

artifactregistry.repositories.create

artifactregistry.repositories.downloadArtifacts

artifactregistry.repositories.get

artifactregistry.repositories.getIamPolicy

artifactregistry.repositories.list

artifactregistry.repositories.listEffectiveTags

artifactregistry.repositories.listTagBindings

artifactregistry.repositories.setIamPolicy

artifactregistry.repositories.uploadArtifacts

artifactregistry.tags.*

artifactregistry.tags.create
artifactregistry.tags.delete
artifactregistry.tags.get
artifactregistry.tags.list
artifactregistry.tags.update

artifactregistry.versions.delete

artifactregistry.versions.get

artifactregistry.versions.list

cloudbuild.builds.create

cloudbuild.builds.get

cloudbuild.builds.list

cloudbuild.builds.update

cloudbuild.repositories.get

container.customResourceDefinitions.get

container.customResourceDefinitions.list

container.serviceAccounts.get

container.serviceAccounts.list

container.thirdPartyObjects.*

container.thirdPartyObjects.create
container.thirdPartyObjects.delete
container.thirdPartyObjects.get
container.thirdPartyObjects.list
container.thirdPartyObjects.update

gkehub.gateway.delete

gkehub.gateway.generateCredentials

gkehub.gateway.get

gkehub.gateway.patch

gkehub.gateway.post

gkehub.gateway.put

gkehub.memberships.get

iam.serviceAccounts.actAs

Config Delivery 权限

权限	以下角色拥有此权限
`configdelivery.fleetPackages.create`	Owner (`roles/owner`) Editor (`roles/editor`) ConfigDelivery Admin (`roles/configdelivery.configDeliveryAdmin`)
`configdelivery.fleetPackages.delete`	Owner (`roles/owner`) Editor (`roles/editor`) ConfigDelivery Admin (`roles/configdelivery.configDeliveryAdmin`)
`configdelivery.fleetPackages.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) ConfigDelivery Admin (`roles/configdelivery.configDeliveryAdmin`) ConfigDelivery Viewer (`roles/configdelivery.configDeliveryViewer`)
`configdelivery.fleetPackages.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) ConfigDelivery Admin (`roles/configdelivery.configDeliveryAdmin`) ConfigDelivery Viewer (`roles/configdelivery.configDeliveryViewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`)
`configdelivery.fleetPackages.update`	Owner (`roles/owner`) Editor (`roles/editor`) ConfigDelivery Admin (`roles/configdelivery.configDeliveryAdmin`)
`configdelivery.locations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) ConfigDelivery Admin (`roles/configdelivery.configDeliveryAdmin`) ConfigDelivery Viewer (`roles/configdelivery.configDeliveryViewer`) Config Delivery Resource Bundle Publisher (`roles/configdelivery.resourceBundlePublisher`)
`configdelivery.locations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) ConfigDelivery Admin (`roles/configdelivery.configDeliveryAdmin`) ConfigDelivery Viewer (`roles/configdelivery.configDeliveryViewer`) Config Delivery Resource Bundle Publisher (`roles/configdelivery.resourceBundlePublisher`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`)
`configdelivery.operations.cancel`	Owner (`roles/owner`) Editor (`roles/editor`) ConfigDelivery Admin (`roles/configdelivery.configDeliveryAdmin`)
`configdelivery.operations.delete`	Owner (`roles/owner`) Editor (`roles/editor`) ConfigDelivery Admin (`roles/configdelivery.configDeliveryAdmin`)
`configdelivery.operations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) ConfigDelivery Admin (`roles/configdelivery.configDeliveryAdmin`) ConfigDelivery Viewer (`roles/configdelivery.configDeliveryViewer`) Config Delivery Resource Bundle Publisher (`roles/configdelivery.resourceBundlePublisher`)
`configdelivery.operations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) ConfigDelivery Admin (`roles/configdelivery.configDeliveryAdmin`) ConfigDelivery Viewer (`roles/configdelivery.configDeliveryViewer`) Config Delivery Resource Bundle Publisher (`roles/configdelivery.resourceBundlePublisher`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`)
`configdelivery.releases.create`	Owner (`roles/owner`) Editor (`roles/editor`) ConfigDelivery Admin (`roles/configdelivery.configDeliveryAdmin`) Config Delivery Resource Bundle Publisher (`roles/configdelivery.resourceBundlePublisher`)
`configdelivery.releases.delete`	Owner (`roles/owner`) Editor (`roles/editor`) ConfigDelivery Admin (`roles/configdelivery.configDeliveryAdmin`)
`configdelivery.releases.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) ConfigDelivery Admin (`roles/configdelivery.configDeliveryAdmin`) ConfigDelivery Viewer (`roles/configdelivery.configDeliveryViewer`) Config Delivery Resource Bundle Publisher (`roles/configdelivery.resourceBundlePublisher`)
`configdelivery.releases.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) ConfigDelivery Admin (`roles/configdelivery.configDeliveryAdmin`) ConfigDelivery Viewer (`roles/configdelivery.configDeliveryViewer`) Config Delivery Resource Bundle Publisher (`roles/configdelivery.resourceBundlePublisher`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`)
`configdelivery.releases.update`	Owner (`roles/owner`) Editor (`roles/editor`) ConfigDelivery Admin (`roles/configdelivery.configDeliveryAdmin`) Config Delivery Resource Bundle Publisher (`roles/configdelivery.resourceBundlePublisher`)
`configdelivery.resourceBundles.create`	Owner (`roles/owner`) Editor (`roles/editor`) ConfigDelivery Admin (`roles/configdelivery.configDeliveryAdmin`) Config Delivery Resource Bundle Publisher (`roles/configdelivery.resourceBundlePublisher`)
`configdelivery.resourceBundles.delete`	Owner (`roles/owner`) Editor (`roles/editor`) ConfigDelivery Admin (`roles/configdelivery.configDeliveryAdmin`)
`configdelivery.resourceBundles.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) ConfigDelivery Admin (`roles/configdelivery.configDeliveryAdmin`) ConfigDelivery Viewer (`roles/configdelivery.configDeliveryViewer`) Config Delivery Resource Bundle Publisher (`roles/configdelivery.resourceBundlePublisher`)
`configdelivery.resourceBundles.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) ConfigDelivery Admin (`roles/configdelivery.configDeliveryAdmin`) ConfigDelivery Viewer (`roles/configdelivery.configDeliveryViewer`) Config Delivery Resource Bundle Publisher (`roles/configdelivery.resourceBundlePublisher`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`)
`configdelivery.resourceBundles.update`	Owner (`roles/owner`) Editor (`roles/editor`) ConfigDelivery Admin (`roles/configdelivery.configDeliveryAdmin`) Config Delivery Resource Bundle Publisher (`roles/configdelivery.resourceBundlePublisher`)
`configdelivery.rollouts.abort`	Owner (`roles/owner`) Editor (`roles/editor`) ConfigDelivery Admin (`roles/configdelivery.configDeliveryAdmin`)
`configdelivery.rollouts.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) ConfigDelivery Admin (`roles/configdelivery.configDeliveryAdmin`) ConfigDelivery Viewer (`roles/configdelivery.configDeliveryViewer`)
`configdelivery.rollouts.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) ConfigDelivery Admin (`roles/configdelivery.configDeliveryAdmin`) ConfigDelivery Viewer (`roles/configdelivery.configDeliveryViewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`)
`configdelivery.rollouts.resume`	Owner (`roles/owner`) Editor (`roles/editor`) ConfigDelivery Admin (`roles/configdelivery.configDeliveryAdmin`)
`configdelivery.rollouts.suspend`	Owner (`roles/owner`) Editor (`roles/editor`) ConfigDelivery Admin (`roles/configdelivery.configDeliveryAdmin`)

Config Delivery 角色和权限