Model Armor 角色和权限

本页面列出了 Model Armor 的 IAM 角色和权限。如需搜索所有角色和权限，请参阅角色和权限索引。

Model Armor 角色

Role Permissions

Role	Permissions
Model Armor Admin (`roles/modelarmor.admin`) Grants full access to all modelarmor resources. Intended for administrators & owners.	`modelarmor.locations.` `modelarmor.locations.get` `modelarmor.locations.list` `modelarmor.templates.` `modelarmor.templates.create` `modelarmor.templates.delete` `modelarmor.templates.get` `modelarmor.templates.list` `modelarmor.templates.update` `modelarmor.templates.useToSanitizeModelResponse` `modelarmor.templates.useToSanitizeUserPrompt` `resourcemanager.projects.get` `resourcemanager.projects.list`
Model Armor Callout User ^Beta (`roles/modelarmor.calloutUser`) Grants access to use Model Armor Callout service. Intended for users & applications which plan to use Model Armor Callout service.	`modelarmor.callouts.invoke` `modelarmor.locations.*` `modelarmor.locations.get` `modelarmor.locations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Model Armor Floor Setting Admin (`roles/modelarmor.floorSettingsAdmin`) Grants full access to all Model Armor Floor Setting resources. Intended for administrators & owners.	`modelarmor.floorSettings.` `modelarmor.floorSettings.get` `modelarmor.floorSettings.update` `modelarmor.locations.` `modelarmor.locations.get` `modelarmor.locations.list` `resourcemanager.folders.get` `resourcemanager.folders.list` `resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Model Armor Floor Setting Viewer (`roles/modelarmor.floorSettingsViewer`) Grants read access to all Model Armor Floor Setting resources. Intended for viewers.	`modelarmor.floorSettings.get` `modelarmor.locations.*` `modelarmor.locations.get` `modelarmor.locations.list` `resourcemanager.folders.get` `resourcemanager.folders.list` `resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Model Armor Service Agent (`roles/modelarmor.serviceAgent`) Gives Model Armor Service Account permission to make DLP calls. Warning: Do not grant service agent roles to any principals except service agents.	`dlp.analyzeRiskTemplates.get` `dlp.analyzeRiskTemplates.list` `dlp.deidentifyTemplates.get` `dlp.deidentifyTemplates.list` `dlp.inspectFindings.list` `dlp.inspectTemplates.get` `dlp.inspectTemplates.list` `dlp.jobTriggers.get` `dlp.jobTriggers.list` `dlp.jobs.get` `dlp.jobs.list` `dlp.kms.encrypt` `dlp.locations.*` `dlp.locations.get` `dlp.locations.list` `dlp.storedInfoTypes.get` `dlp.storedInfoTypes.list` `serviceusage.services.use`
Model Armor User (`roles/modelarmor.user`) Grants access to sanitize APIs for templates. Intended for users & applications which plan to use a template.	`modelarmor.locations.*` `modelarmor.locations.get` `modelarmor.locations.list` `modelarmor.templates.useToSanitizeModelResponse` `modelarmor.templates.useToSanitizeUserPrompt` `resourcemanager.projects.get` `resourcemanager.projects.list`
Model Armor Viewer (`roles/modelarmor.viewer`) Grants read access to all model armor resources. Intended for viewers.	`modelarmor.locations.*` `modelarmor.locations.get` `modelarmor.locations.list` `modelarmor.templates.get` `modelarmor.templates.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

Model Armor Admin

(roles/modelarmor.admin)

Grants full access to all modelarmor resources. Intended for administrators & owners.

modelarmor.locations.*

modelarmor.locations.get
modelarmor.locations.list

modelarmor.templates.*

modelarmor.templates.create
modelarmor.templates.delete
modelarmor.templates.get
modelarmor.templates.list
modelarmor.templates.update
modelarmor.templates.useToSanitizeModelResponse
modelarmor.templates.useToSanitizeUserPrompt

resourcemanager.projects.get

resourcemanager.projects.list

Model Armor Callout User ^Beta

(roles/modelarmor.calloutUser)

Grants access to use Model Armor Callout service. Intended for users & applications which plan to use Model Armor Callout service.

modelarmor.callouts.invoke

modelarmor.locations.*

modelarmor.locations.get
modelarmor.locations.list

resourcemanager.projects.get

resourcemanager.projects.list

Model Armor Floor Setting Admin

(roles/modelarmor.floorSettingsAdmin)

Grants full access to all Model Armor Floor Setting resources. Intended for administrators & owners.

modelarmor.floorSettings.*

modelarmor.floorSettings.get
modelarmor.floorSettings.update

modelarmor.locations.*

modelarmor.locations.get
modelarmor.locations.list

resourcemanager.folders.get

resourcemanager.folders.list

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

Model Armor Floor Setting Viewer

(roles/modelarmor.floorSettingsViewer)

Grants read access to all Model Armor Floor Setting resources. Intended for viewers.

modelarmor.floorSettings.get

modelarmor.locations.*

modelarmor.locations.get
modelarmor.locations.list

resourcemanager.folders.get

resourcemanager.folders.list

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

Model Armor Service Agent

(roles/modelarmor.serviceAgent)

Gives Model Armor Service Account permission to make DLP calls.

dlp.analyzeRiskTemplates.get

dlp.analyzeRiskTemplates.list

dlp.deidentifyTemplates.get

dlp.deidentifyTemplates.list

dlp.inspectFindings.list

dlp.inspectTemplates.get

dlp.inspectTemplates.list

dlp.jobTriggers.get

dlp.jobTriggers.list

dlp.jobs.get

dlp.jobs.list

dlp.kms.encrypt

dlp.locations.*

dlp.locations.get
dlp.locations.list

dlp.storedInfoTypes.get

dlp.storedInfoTypes.list

serviceusage.services.use

Model Armor User

(roles/modelarmor.user)

Grants access to sanitize APIs for templates. Intended for users & applications which plan to use a template.

modelarmor.locations.*

modelarmor.locations.get
modelarmor.locations.list

modelarmor.templates.useToSanitizeModelResponse

modelarmor.templates.useToSanitizeUserPrompt

resourcemanager.projects.get

resourcemanager.projects.list

Model Armor Viewer

(roles/modelarmor.viewer)

Grants read access to all model armor resources. Intended for viewers.

modelarmor.locations.*

modelarmor.locations.get
modelarmor.locations.list

modelarmor.templates.get

modelarmor.templates.list

resourcemanager.projects.get

resourcemanager.projects.list

Model Armor 权限

权限	以下角色拥有此权限
`modelarmor.callouts.invoke`	Owner (`roles/owner`) Editor (`roles/editor`) Model Armor Callout User (`roles/modelarmor.calloutUser`)
`modelarmor.floorSettings.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Model Armor Floor Setting Admin (`roles/modelarmor.floorSettingsAdmin`) Model Armor Floor Setting Viewer (`roles/modelarmor.floorSettingsViewer`)
`modelarmor.floorSettings.update`	Owner (`roles/owner`) Model Armor Floor Setting Admin (`roles/modelarmor.floorSettingsAdmin`)
`modelarmor.locations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Model Armor Admin (`roles/modelarmor.admin`) Model Armor Callout User (`roles/modelarmor.calloutUser`) Model Armor Floor Setting Admin (`roles/modelarmor.floorSettingsAdmin`) Model Armor Floor Setting Viewer (`roles/modelarmor.floorSettingsViewer`) Model Armor User (`roles/modelarmor.user`) Model Armor Viewer (`roles/modelarmor.viewer`)
`modelarmor.locations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Model Armor Admin (`roles/modelarmor.admin`) Model Armor Callout User (`roles/modelarmor.calloutUser`) Model Armor Floor Setting Admin (`roles/modelarmor.floorSettingsAdmin`) Model Armor Floor Setting Viewer (`roles/modelarmor.floorSettingsViewer`) Model Armor User (`roles/modelarmor.user`) Model Armor Viewer (`roles/modelarmor.viewer`)
`modelarmor.templates.create`	Owner (`roles/owner`) Editor (`roles/editor`) Model Armor Admin (`roles/modelarmor.admin`)
`modelarmor.templates.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Model Armor Admin (`roles/modelarmor.admin`)
`modelarmor.templates.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Model Armor Admin (`roles/modelarmor.admin`) Model Armor Viewer (`roles/modelarmor.viewer`)
`modelarmor.templates.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Model Armor Admin (`roles/modelarmor.admin`) Model Armor Viewer (`roles/modelarmor.viewer`)
`modelarmor.templates.update`	Owner (`roles/owner`) Editor (`roles/editor`) Model Armor Admin (`roles/modelarmor.admin`)
`modelarmor.templates.useToSanitizeModelResponse`	Owner (`roles/owner`) Editor (`roles/editor`) Model Armor Admin (`roles/modelarmor.admin`) Model Armor User (`roles/modelarmor.user`)
`modelarmor.templates.useToSanitizeUserPrompt`	Owner (`roles/owner`) Editor (`roles/editor`) Model Armor Admin (`roles/modelarmor.admin`) Model Armor User (`roles/modelarmor.user`)

Model Armor 角色和权限