Artifact Analysis 角色和权限

本页面列出了 Artifact Analysis 的 IAM 角色和权限。如需搜索所有角色和权限，请参阅角色和权限索引。

Artifact Analysis 角色

Role Permissions

Role	Permissions
Container Analysis Service Agent (`roles/containeranalysis.ServiceAgent`) Gives Container Analysis API the access it needs to function Warning: Do not grant service agent roles to any principals except service agents.	`artifactregistry.attachments.get` `artifactregistry.attachments.list` `artifactregistry.dockerimages.` `artifactregistry.dockerimages.get` `artifactregistry.dockerimages.list` `artifactregistry.files.download` `artifactregistry.files.get` `artifactregistry.files.list` `artifactregistry.locations.` `artifactregistry.locations.get` `artifactregistry.locations.list` `artifactregistry.mavenartifacts.` `artifactregistry.mavenartifacts.get` `artifactregistry.mavenartifacts.list` `artifactregistry.npmpackages.` `artifactregistry.npmpackages.get` `artifactregistry.npmpackages.list` `artifactregistry.packages.get` `artifactregistry.packages.list` `artifactregistry.projectsettings.get` `artifactregistry.pythonpackages.*` `artifactregistry.pythonpackages.get` `artifactregistry.pythonpackages.list` `artifactregistry.repositories.downloadArtifacts` `artifactregistry.repositories.get` `artifactregistry.repositories.list` `artifactregistry.repositories.listEffectiveTags` `artifactregistry.repositories.listTagBindings` `artifactregistry.repositories.readViaVirtualRepository` `artifactregistry.rules.get` `artifactregistry.rules.list` `artifactregistry.tags.get` `artifactregistry.tags.list` `artifactregistry.versions.get` `artifactregistry.versions.list` `containeranalysis.notes.list` `containeranalysis.occurrences.create` `containeranalysis.occurrences.delete` `containeranalysis.occurrences.get` `containeranalysis.occurrences.list` `containeranalysis.occurrences.update` `pubsub.messageTransforms.validate` `pubsub.schemas.attach` `pubsub.schemas.commit` `pubsub.schemas.create` `pubsub.schemas.delete` `pubsub.schemas.get` `pubsub.schemas.list` `pubsub.schemas.listRevisions` `pubsub.schemas.rollback` `pubsub.schemas.validate` `pubsub.snapshots.create` `pubsub.snapshots.delete` `pubsub.snapshots.get` `pubsub.snapshots.list` `pubsub.snapshots.seek` `pubsub.snapshots.update` `pubsub.subscriptions.consume` `pubsub.subscriptions.create` `pubsub.subscriptions.delete` `pubsub.subscriptions.get` `pubsub.subscriptions.list` `pubsub.subscriptions.update` `pubsub.topics.attachSubscription` `pubsub.topics.create` `pubsub.topics.delete` `pubsub.topics.detachSubscription` `pubsub.topics.get` `pubsub.topics.list` `pubsub.topics.publish` `pubsub.topics.update` `pubsub.topics.updateTag` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `storage.objects.get` `storage.objects.list`
Container Analysis Admin (`roles/containeranalysis.admin`) Access to all Container Analysis resources.	`containeranalysis.notes.attachOccurrence` `containeranalysis.notes.create` `containeranalysis.notes.delete` `containeranalysis.notes.get` `containeranalysis.notes.getIamPolicy` `containeranalysis.notes.list` `containeranalysis.notes.setIamPolicy` `containeranalysis.notes.update` `containeranalysis.occurrences.*` `containeranalysis.occurrences.create` `containeranalysis.occurrences.delete` `containeranalysis.occurrences.get` `containeranalysis.occurrences.getIamPolicy` `containeranalysis.occurrences.list` `containeranalysis.occurrences.setIamPolicy` `containeranalysis.occurrences.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Container Analysis Notes Attacher (`roles/containeranalysis.notes.attacher`) Can attach Container Analysis Occurrences to Notes.	`containeranalysis.notes.attachOccurrence` `containeranalysis.notes.get`
Container Analysis Notes Editor (`roles/containeranalysis.notes.editor`) Can edit Container Analysis Notes.	`containeranalysis.notes.attachOccurrence` `containeranalysis.notes.create` `containeranalysis.notes.delete` `containeranalysis.notes.get` `containeranalysis.notes.list` `containeranalysis.notes.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Container Analysis Occurrences for Notes Viewer (`roles/containeranalysis.notes.occurrences.viewer`) Can view all Container Analysis Occurrences attached to a Note.	`containeranalysis.notes.get` `containeranalysis.notes.listOccurrences`
Container Analysis Notes Viewer (`roles/containeranalysis.notes.viewer`) Can view Container Analysis Notes.	`containeranalysis.notes.get` `containeranalysis.notes.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Container Analysis Occurrences Editor (`roles/containeranalysis.occurrences.editor`) Can edit Container Analysis Occurrences.	`containeranalysis.occurrences.create` `containeranalysis.occurrences.delete` `containeranalysis.occurrences.get` `containeranalysis.occurrences.list` `containeranalysis.occurrences.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Container Analysis Occurrences Viewer (`roles/containeranalysis.occurrences.viewer`) Can view Container Analysis Occurrences.	`containeranalysis.occurrences.get` `containeranalysis.occurrences.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

Container Analysis Service Agent

(roles/containeranalysis.ServiceAgent)

Gives Container Analysis API the access it needs to function

artifactregistry.attachments.get

artifactregistry.attachments.list

artifactregistry.dockerimages.*

artifactregistry.dockerimages.get
artifactregistry.dockerimages.list

artifactregistry.files.download

artifactregistry.files.get

artifactregistry.files.list

artifactregistry.locations.*

artifactregistry.locations.get
artifactregistry.locations.list

artifactregistry.mavenartifacts.*

artifactregistry.mavenartifacts.get
artifactregistry.mavenartifacts.list

artifactregistry.npmpackages.*

artifactregistry.npmpackages.get
artifactregistry.npmpackages.list

artifactregistry.packages.get

artifactregistry.packages.list

artifactregistry.projectsettings.get

artifactregistry.pythonpackages.*

artifactregistry.pythonpackages.get
artifactregistry.pythonpackages.list

artifactregistry.repositories.downloadArtifacts

artifactregistry.repositories.get

artifactregistry.repositories.list

artifactregistry.repositories.listEffectiveTags

artifactregistry.repositories.listTagBindings

artifactregistry.repositories.readViaVirtualRepository

artifactregistry.rules.get

artifactregistry.rules.list

artifactregistry.tags.get

artifactregistry.tags.list

artifactregistry.versions.get

artifactregistry.versions.list

containeranalysis.notes.list

containeranalysis.occurrences.create

containeranalysis.occurrences.delete

containeranalysis.occurrences.get

containeranalysis.occurrences.list

containeranalysis.occurrences.update

pubsub.messageTransforms.validate

pubsub.schemas.attach

pubsub.schemas.commit

pubsub.schemas.create

pubsub.schemas.delete

pubsub.schemas.get

pubsub.schemas.list

pubsub.schemas.listRevisions

pubsub.schemas.rollback

pubsub.schemas.validate

pubsub.snapshots.create

pubsub.snapshots.delete

pubsub.snapshots.get

pubsub.snapshots.list

pubsub.snapshots.seek

pubsub.snapshots.update

pubsub.subscriptions.consume

pubsub.subscriptions.create

pubsub.subscriptions.delete

pubsub.subscriptions.get

pubsub.subscriptions.list

pubsub.subscriptions.update

pubsub.topics.attachSubscription

pubsub.topics.create

pubsub.topics.delete

pubsub.topics.detachSubscription

pubsub.topics.get

pubsub.topics.list

pubsub.topics.publish

pubsub.topics.update

pubsub.topics.updateTag

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

storage.objects.get

storage.objects.list

Container Analysis Admin

(roles/containeranalysis.admin)

Access to all Container Analysis resources.

containeranalysis.notes.attachOccurrence

containeranalysis.notes.create

containeranalysis.notes.delete

containeranalysis.notes.get

containeranalysis.notes.getIamPolicy

containeranalysis.notes.list

containeranalysis.notes.setIamPolicy

containeranalysis.notes.update

containeranalysis.occurrences.*

containeranalysis.occurrences.create
containeranalysis.occurrences.delete
containeranalysis.occurrences.get
containeranalysis.occurrences.getIamPolicy
containeranalysis.occurrences.list
containeranalysis.occurrences.setIamPolicy
containeranalysis.occurrences.update

resourcemanager.projects.get

resourcemanager.projects.list

Container Analysis Notes Attacher

(roles/containeranalysis.notes.attacher)

Can attach Container Analysis Occurrences to Notes.

containeranalysis.notes.attachOccurrence

containeranalysis.notes.get

Container Analysis Notes Editor

(roles/containeranalysis.notes.editor)

Can edit Container Analysis Notes.

containeranalysis.notes.attachOccurrence

containeranalysis.notes.create

containeranalysis.notes.delete

containeranalysis.notes.get

containeranalysis.notes.list

containeranalysis.notes.update

resourcemanager.projects.get

resourcemanager.projects.list

Container Analysis Occurrences for Notes Viewer

(roles/containeranalysis.notes.occurrences.viewer)

Can view all Container Analysis Occurrences attached to a Note.

containeranalysis.notes.get

containeranalysis.notes.listOccurrences

Container Analysis Notes Viewer

(roles/containeranalysis.notes.viewer)

Can view Container Analysis Notes.

containeranalysis.notes.get

containeranalysis.notes.list

resourcemanager.projects.get

resourcemanager.projects.list

Container Analysis Occurrences Editor

(roles/containeranalysis.occurrences.editor)

Can edit Container Analysis Occurrences.

containeranalysis.occurrences.create

containeranalysis.occurrences.delete

containeranalysis.occurrences.get

containeranalysis.occurrences.list

containeranalysis.occurrences.update

resourcemanager.projects.get

resourcemanager.projects.list

Container Analysis Occurrences Viewer

(roles/containeranalysis.occurrences.viewer)

Can view Container Analysis Occurrences.

containeranalysis.occurrences.get

containeranalysis.occurrences.list

resourcemanager.projects.get

resourcemanager.projects.list

Artifact Analysis 权限

权限	以下角色拥有此权限
`containeranalysis.notes.attachOccurrence`	Owner (`roles/owner`) Editor (`roles/editor`) Container Analysis Admin (`roles/containeranalysis.admin`) Container Analysis Notes Attacher (`roles/containeranalysis.notes.attacher`) Container Analysis Notes Editor (`roles/containeranalysis.notes.editor`) 服务代理角色警告：请勿向服务代理以外的任何主账号授予服务代理角色。 Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Cloud OS Config Service Agent (`roles/osconfig.serviceAgent`) Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`)
`containeranalysis.notes.create`	Owner (`roles/owner`) Editor (`roles/editor`) Container Analysis Admin (`roles/containeranalysis.admin`) Container Analysis Notes Editor (`roles/containeranalysis.notes.editor`) 服务代理角色警告：请勿向服务代理以外的任何主账号授予服务代理角色。 Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Cloud OS Config Service Agent (`roles/osconfig.serviceAgent`) Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`)
`containeranalysis.notes.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Container Analysis Admin (`roles/containeranalysis.admin`) Container Analysis Notes Editor (`roles/containeranalysis.notes.editor`) 服务代理角色警告：请勿向服务代理以外的任何主账号授予服务代理角色。 Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Cloud OS Config Service Agent (`roles/osconfig.serviceAgent`) Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`)
`containeranalysis.notes.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Container Analysis Admin (`roles/containeranalysis.admin`) Container Analysis Notes Attacher (`roles/containeranalysis.notes.attacher`) Container Analysis Notes Editor (`roles/containeranalysis.notes.editor`) Container Analysis Occurrences for Notes Viewer (`roles/containeranalysis.notes.occurrences.viewer`) Container Analysis Notes Viewer (`roles/containeranalysis.notes.viewer`) 服务代理角色警告：请勿向服务代理以外的任何主账号授予服务代理角色。 Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Cloud OS Config Service Agent (`roles/osconfig.serviceAgent`) Binary Authorization Service Agent (`roles/binaryauthorization.serviceAgent`)
`containeranalysis.notes.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Container Analysis Admin (`roles/containeranalysis.admin`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`)
`containeranalysis.notes.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Container Analysis Admin (`roles/containeranalysis.admin`) Container Analysis Notes Editor (`roles/containeranalysis.notes.editor`) Container Analysis Notes Viewer (`roles/containeranalysis.notes.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) 服务代理角色警告：请勿向服务代理以外的任何主账号授予服务代理角色。 Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Container Analysis Service Agent (`roles/containeranalysis.ServiceAgent`) Container Scanner Service Agent (`roles/containerscanning.ServiceAgent`) Cloud OS Config Service Agent (`roles/osconfig.serviceAgent`) Binary Authorization Service Agent (`roles/binaryauthorization.serviceAgent`)
`containeranalysis.notes.listOccurrences`	Owner (`roles/owner`) Editor (`roles/editor`) Container Analysis Occurrences for Notes Viewer (`roles/containeranalysis.notes.occurrences.viewer`) 服务代理角色警告：请勿向服务代理以外的任何主账号授予服务代理角色。 Binary Authorization Service Agent (`roles/binaryauthorization.serviceAgent`)
`containeranalysis.notes.setIamPolicy`	Owner (`roles/owner`) Container Analysis Admin (`roles/containeranalysis.admin`) Security Admin (`roles/iam.securityAdmin`)
`containeranalysis.notes.update`	Owner (`roles/owner`) Editor (`roles/editor`) Container Analysis Admin (`roles/containeranalysis.admin`) Container Analysis Notes Editor (`roles/containeranalysis.notes.editor`) 服务代理角色警告：请勿向服务代理以外的任何主账号授予服务代理角色。 Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Cloud OS Config Service Agent (`roles/osconfig.serviceAgent`) Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`)
`containeranalysis.occurrences.create`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Build 服务账号 (`roles/cloudbuild.builds.builder`) Composer Worker (`roles/composer.worker`) Container Analysis Admin (`roles/containeranalysis.admin`) Container Analysis Occurrences Editor (`roles/containeranalysis.occurrences.editor`) 服务代理角色警告：请勿向服务代理以外的任何主账号授予服务代理角色。 Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Container Analysis Service Agent (`roles/containeranalysis.ServiceAgent`) Container Scanner Service Agent (`roles/containerscanning.ServiceAgent`) Cloud OS Config Service Agent (`roles/osconfig.serviceAgent`) Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`)
`containeranalysis.occurrences.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Build 服务账号 (`roles/cloudbuild.builds.builder`) Composer Worker (`roles/composer.worker`) Container Analysis Admin (`roles/containeranalysis.admin`) Container Analysis Occurrences Editor (`roles/containeranalysis.occurrences.editor`) 服务代理角色警告：请勿向服务代理以外的任何主账号授予服务代理角色。 Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Container Analysis Service Agent (`roles/containeranalysis.ServiceAgent`) Container Scanner Service Agent (`roles/containerscanning.ServiceAgent`) Cloud OS Config Service Agent (`roles/osconfig.serviceAgent`) Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`)
`containeranalysis.occurrences.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Build 服务账号 (`roles/cloudbuild.builds.builder`) Composer Worker (`roles/composer.worker`) Container Analysis Admin (`roles/containeranalysis.admin`) Container Analysis Occurrences Editor (`roles/containeranalysis.occurrences.editor`) Container Analysis Occurrences Viewer (`roles/containeranalysis.occurrences.viewer`) 服务代理角色警告：请勿向服务代理以外的任何主账号授予服务代理角色。 Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Container Analysis Service Agent (`roles/containeranalysis.ServiceAgent`) Container Scanner Service Agent (`roles/containerscanning.ServiceAgent`) Cloud OS Config Service Agent (`roles/osconfig.serviceAgent`) Binary Authorization Service Agent (`roles/binaryauthorization.serviceAgent`)
`containeranalysis.occurrences.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Container Analysis Admin (`roles/containeranalysis.admin`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`)
`containeranalysis.occurrences.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Build 服务账号 (`roles/cloudbuild.builds.builder`) Composer Worker (`roles/composer.worker`) Container Analysis Admin (`roles/containeranalysis.admin`) Container Analysis Occurrences Editor (`roles/containeranalysis.occurrences.editor`) Container Analysis Occurrences Viewer (`roles/containeranalysis.occurrences.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) 服务代理角色警告：请勿向服务代理以外的任何主账号授予服务代理角色。 Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Container Analysis Service Agent (`roles/containeranalysis.ServiceAgent`) Container Scanner Service Agent (`roles/containerscanning.ServiceAgent`) Cloud OS Config Service Agent (`roles/osconfig.serviceAgent`) Binary Authorization Service Agent (`roles/binaryauthorization.serviceAgent`)
`containeranalysis.occurrences.setIamPolicy`	Owner (`roles/owner`) Container Analysis Admin (`roles/containeranalysis.admin`) Security Admin (`roles/iam.securityAdmin`)
`containeranalysis.occurrences.update`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Build 服务账号 (`roles/cloudbuild.builds.builder`) Composer Worker (`roles/composer.worker`) Container Analysis Admin (`roles/containeranalysis.admin`) Container Analysis Occurrences Editor (`roles/containeranalysis.occurrences.editor`) 服务代理角色警告：请勿向服务代理以外的任何主账号授予服务代理角色。 Compliance Scanning Service Agent (`roles/compliancescanning.serviceAgent`) Container Analysis Service Agent (`roles/containeranalysis.ServiceAgent`) Container Scanner Service Agent (`roles/containerscanning.ServiceAgent`) Cloud OS Config Service Agent (`roles/osconfig.serviceAgent`) Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`)

Artifact Analysis 角色和权限