Firestore 角色和权限

本页面列出了 Firestore 的 IAM 角色和权限。如需搜索所有角色和权限，请参阅角色和权限索引。

Firestore 角色

Role Permissions

Role	Permissions
Cloud Datastore Backup Schedules Admin (`roles/datastore.backupSchedulesAdmin`) Manage backup schedules in Cloud Datastore.	`datastore.backupSchedules.*` `datastore.backupSchedules.create` `datastore.backupSchedules.delete` `datastore.backupSchedules.get` `datastore.backupSchedules.list` `datastore.backupSchedules.update` `datastore.databases.getMetadata` `datastore.databases.list`
Cloud Datastore Backup Schedules Viewer (`roles/datastore.backupSchedulesViewer`) Read access to backup schedules in Cloud Datastore.	`datastore.backupSchedules.get` `datastore.backupSchedules.list`
Cloud Datastore Backups Admin (`roles/datastore.backupsAdmin`) Read/Write access to metadata about backups in Cloud Datastore but restore is not allowed.	`datastore.backups.delete` `datastore.backups.get` `datastore.backups.list`
Cloud Datastore Backups Viewer (`roles/datastore.backupsViewer`) Read access to metadata about backups in Cloud Datastore.	`datastore.backups.get` `datastore.backups.list`
Cloud Datastore Bulk Admin (`roles/datastore.bulkAdmin`) Full access to manage bulk operations.	`datastore.databases.bulkDelete` `datastore.databases.getMetadata` `datastore.operations.cancel` `datastore.operations.get` `datastore.operations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Cloud Datastore Clone Admin (`roles/datastore.cloneAdmin`) Clone Cloud Datastore Databases.	`datastore.databases.clone` `datastore.databases.create` `datastore.databases.getMetadata` `datastore.databases.list` `datastore.operations.get` `datastore.operations.list`
Cloud Datastore Import Export Admin (`roles/datastore.importExportAdmin`) Provides full access to manage imports and exports. Lowest-level resources where you can grant this role: Project	`appengine.applications.get` `datastore.databases.export` `datastore.databases.getMetadata` `datastore.databases.import` `datastore.operations.cancel` `datastore.operations.get` `datastore.operations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Cloud Datastore Index Admin (`roles/datastore.indexAdmin`) Provides full access to manage index definitions. Lowest-level resources where you can grant this role: Project	`appengine.applications.get` `datastore.databases.getMetadata` `datastore.indexes.*` `datastore.indexes.create` `datastore.indexes.delete` `datastore.indexes.get` `datastore.indexes.list` `datastore.indexes.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Cloud Datastore Key Visualizer Viewer (`roles/datastore.keyVisualizerViewer`) Full access to Key Visualizer scans.	`datastore.databases.getMetadata` `datastore.keyVisualizerScans.*` `datastore.keyVisualizerScans.get` `datastore.keyVisualizerScans.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Cloud Datastore Owner (`roles/datastore.owner`) Provides full access to Datastore resources. Lowest-level resources where you can grant this role: Project	`appengine.applications.get` `datastore.*` `datastore.backupSchedules.create` `datastore.backupSchedules.delete` `datastore.backupSchedules.get` `datastore.backupSchedules.list` `datastore.backupSchedules.update` `datastore.backups.delete` `datastore.backups.get` `datastore.backups.list` `datastore.backups.restoreDatabase` `datastore.databases.bulkDelete` `datastore.databases.clone` `datastore.databases.create` `datastore.databases.createTagBinding` `datastore.databases.delete` `datastore.databases.deleteTagBinding` `datastore.databases.export` `datastore.databases.get` `datastore.databases.getMetadata` `datastore.databases.import` `datastore.databases.list` `datastore.databases.listEffectiveTags` `datastore.databases.listTagBindings` `datastore.databases.update` `datastore.entities.allocateIds` `datastore.entities.create` `datastore.entities.delete` `datastore.entities.get` `datastore.entities.list` `datastore.entities.update` `datastore.indexes.create` `datastore.indexes.delete` `datastore.indexes.get` `datastore.indexes.list` `datastore.indexes.update` `datastore.insights.get` `datastore.keyVisualizerScans.get` `datastore.keyVisualizerScans.list` `datastore.locations.get` `datastore.locations.list` `datastore.namespaces.get` `datastore.namespaces.list` `datastore.operations.cancel` `datastore.operations.delete` `datastore.operations.get` `datastore.operations.list` `datastore.statistics.get` `datastore.statistics.list` `datastore.userCreds.create` `datastore.userCreds.delete` `datastore.userCreds.get` `datastore.userCreds.list` `datastore.userCreds.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Cloud Datastore Restore Admin (`roles/datastore.restoreAdmin`) Restore into Cloud Datastore Databases from Cloud Datastore Backups.	`datastore.backups.get` `datastore.backups.list` `datastore.backups.restoreDatabase` `datastore.databases.create` `datastore.databases.getMetadata` `datastore.databases.list` `datastore.operations.get` `datastore.operations.list`
Cloud Datastore User (`roles/datastore.user`) Provides read/write access to data in a Datastore database. Lowest-level resources where you can grant this role: Project	`appengine.applications.get` `datastore.databases.get` `datastore.databases.getMetadata` `datastore.databases.list` `datastore.entities.` `datastore.entities.allocateIds` `datastore.entities.create` `datastore.entities.delete` `datastore.entities.get` `datastore.entities.list` `datastore.entities.update` `datastore.indexes.list` `datastore.namespaces.` `datastore.namespaces.get` `datastore.namespaces.list` `datastore.statistics.*` `datastore.statistics.get` `datastore.statistics.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Cloud Datastore User Creds Admin (`roles/datastore.userCredsAdmin`) Manage user creds in Cloud Datastore.	`datastore.databases.getMetadata` `datastore.databases.list` `datastore.userCreds.*` `datastore.userCreds.create` `datastore.userCreds.delete` `datastore.userCreds.get` `datastore.userCreds.list` `datastore.userCreds.update`
Cloud Datastore User Creds Viewer (`roles/datastore.userCredsViewer`) Read access to user creds in Cloud Datastore.	`datastore.userCreds.get` `datastore.userCreds.list`
Cloud Datastore Viewer (`roles/datastore.viewer`) Provides read access to Datastore resources. Lowest-level resources where you can grant this role: Project	`appengine.applications.get` `datastore.databases.get` `datastore.databases.getMetadata` `datastore.databases.list` `datastore.entities.get` `datastore.entities.list` `datastore.indexes.get` `datastore.indexes.list` `datastore.insights.get` `datastore.namespaces.` `datastore.namespaces.get` `datastore.namespaces.list` `datastore.statistics.` `datastore.statistics.get` `datastore.statistics.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Firestore Service Agent (`roles/firestore.serviceAgent`) Gives Firestore service account access to managed resources. Warning: Do not grant service agent roles to any principals except service agents.	`storage.buckets.get` `storage.objects.create` `storage.objects.delete` `storage.objects.get` `storage.objects.list`

Cloud Datastore Backup Schedules Admin

(roles/datastore.backupSchedulesAdmin)

Manage backup schedules in Cloud Datastore.

datastore.backupSchedules.*

datastore.backupSchedules.create
datastore.backupSchedules.delete
datastore.backupSchedules.get
datastore.backupSchedules.list
datastore.backupSchedules.update

datastore.databases.getMetadata

datastore.databases.list

Cloud Datastore Backup Schedules Viewer

(roles/datastore.backupSchedulesViewer)

Read access to backup schedules in Cloud Datastore.

datastore.backupSchedules.get

datastore.backupSchedules.list

Cloud Datastore Backups Admin

(roles/datastore.backupsAdmin)

Read/Write access to metadata about backups in Cloud Datastore but restore is not allowed.

datastore.backups.delete

datastore.backups.get

datastore.backups.list

Cloud Datastore Backups Viewer

(roles/datastore.backupsViewer)

Read access to metadata about backups in Cloud Datastore.

datastore.backups.get

datastore.backups.list

Cloud Datastore Bulk Admin

(roles/datastore.bulkAdmin)

Full access to manage bulk operations.

datastore.databases.bulkDelete

datastore.databases.getMetadata

datastore.operations.cancel

datastore.operations.get

datastore.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Cloud Datastore Clone Admin

(roles/datastore.cloneAdmin)

Clone Cloud Datastore Databases.

datastore.databases.clone

datastore.databases.create

datastore.databases.getMetadata

datastore.databases.list

datastore.operations.get

datastore.operations.list

Cloud Datastore Import Export Admin

(roles/datastore.importExportAdmin)

Provides full access to manage imports and exports.

Lowest-level resources where you can grant this role:

Project

appengine.applications.get

datastore.databases.export

datastore.databases.getMetadata

datastore.databases.import

datastore.operations.cancel

datastore.operations.get

datastore.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Cloud Datastore Index Admin

(roles/datastore.indexAdmin)

Provides full access to manage index definitions.

Lowest-level resources where you can grant this role:

Project

appengine.applications.get

datastore.databases.getMetadata

datastore.indexes.*

datastore.indexes.create
datastore.indexes.delete
datastore.indexes.get
datastore.indexes.list
datastore.indexes.update

resourcemanager.projects.get

resourcemanager.projects.list

Cloud Datastore Key Visualizer Viewer

(roles/datastore.keyVisualizerViewer)

Full access to Key Visualizer scans.

datastore.databases.getMetadata

datastore.keyVisualizerScans.*

datastore.keyVisualizerScans.get
datastore.keyVisualizerScans.list

resourcemanager.projects.get

resourcemanager.projects.list

Cloud Datastore Owner

(roles/datastore.owner)

Provides full access to Datastore resources.

Lowest-level resources where you can grant this role:

Project

appengine.applications.get

datastore.*

datastore.backupSchedules.create
datastore.backupSchedules.delete
datastore.backupSchedules.get
datastore.backupSchedules.list
datastore.backupSchedules.update
datastore.backups.delete
datastore.backups.get
datastore.backups.list
datastore.backups.restoreDatabase
datastore.databases.bulkDelete
datastore.databases.clone
datastore.databases.create
datastore.databases.createTagBinding
datastore.databases.delete
datastore.databases.deleteTagBinding
datastore.databases.export
datastore.databases.get
datastore.databases.getMetadata
datastore.databases.import
datastore.databases.list
datastore.databases.listEffectiveTags
datastore.databases.listTagBindings
datastore.databases.update
datastore.entities.allocateIds
datastore.entities.create
datastore.entities.delete
datastore.entities.get
datastore.entities.list
datastore.entities.update
datastore.indexes.create
datastore.indexes.delete
datastore.indexes.get
datastore.indexes.list
datastore.indexes.update
datastore.insights.get
datastore.keyVisualizerScans.get
datastore.keyVisualizerScans.list
datastore.locations.get
datastore.locations.list
datastore.namespaces.get
datastore.namespaces.list
datastore.operations.cancel
datastore.operations.delete
datastore.operations.get
datastore.operations.list
datastore.statistics.get
datastore.statistics.list
datastore.userCreds.create
datastore.userCreds.delete
datastore.userCreds.get
datastore.userCreds.list
datastore.userCreds.update

resourcemanager.projects.get

resourcemanager.projects.list

Cloud Datastore Restore Admin

(roles/datastore.restoreAdmin)

Restore into Cloud Datastore Databases from Cloud Datastore Backups.

datastore.backups.get

datastore.backups.list

datastore.backups.restoreDatabase

datastore.databases.create

datastore.databases.getMetadata

datastore.databases.list

datastore.operations.get

datastore.operations.list

Cloud Datastore User

(roles/datastore.user)

Provides read/write access to data in a Datastore database.

Lowest-level resources where you can grant this role:

Project

appengine.applications.get

datastore.databases.get

datastore.databases.getMetadata

datastore.databases.list

datastore.entities.*

datastore.entities.allocateIds
datastore.entities.create
datastore.entities.delete
datastore.entities.get
datastore.entities.list
datastore.entities.update

datastore.indexes.list

datastore.namespaces.*

datastore.namespaces.get
datastore.namespaces.list

datastore.statistics.*

datastore.statistics.get
datastore.statistics.list

resourcemanager.projects.get

resourcemanager.projects.list

Cloud Datastore User Creds Admin

(roles/datastore.userCredsAdmin)

Manage user creds in Cloud Datastore.

datastore.databases.getMetadata

datastore.databases.list

datastore.userCreds.*

datastore.userCreds.create
datastore.userCreds.delete
datastore.userCreds.get
datastore.userCreds.list
datastore.userCreds.update

Cloud Datastore User Creds Viewer

(roles/datastore.userCredsViewer)

Read access to user creds in Cloud Datastore.

datastore.userCreds.get

datastore.userCreds.list

Cloud Datastore Viewer

(roles/datastore.viewer)

Provides read access to Datastore resources.

Lowest-level resources where you can grant this role:

Project

appengine.applications.get

datastore.databases.get

datastore.databases.getMetadata

datastore.databases.list

datastore.entities.get

datastore.entities.list

datastore.indexes.get

datastore.indexes.list

datastore.insights.get

datastore.namespaces.*

datastore.namespaces.get
datastore.namespaces.list

datastore.statistics.*

datastore.statistics.get
datastore.statistics.list

resourcemanager.projects.get

resourcemanager.projects.list

Firestore Service Agent

(roles/firestore.serviceAgent)

Gives Firestore service account access to managed resources.

storage.buckets.get

storage.objects.create

storage.objects.delete

storage.objects.get

storage.objects.list

Firestore 权限

此服务没有 IAM 权限。

Firestore 角色和权限 使用集合让一切井井有条 根据您的偏好保存内容并对其进行分类。