Secret Manager 角色和权限

本页面列出了 Secret Manager 的 IAM 角色和权限。如需搜索所有角色和权限，请参阅角色和权限索引。

Secret Manager 角色

Role Permissions

Role	Permissions
Secret Manager Admin (`roles/secretmanager.admin`) Full access to administer Secret Manager resources. Lowest-level resources where you can grant this role: Secret	`cloudkms.keyHandles.` `cloudkms.keyHandles.create` `cloudkms.keyHandles.get` `cloudkms.keyHandles.list` `cloudkms.operations.get` `cloudkms.projects.showEffectiveAutokeyConfig` `resourcemanager.projects.get` `resourcemanager.projects.list` `secretmanager.` `secretmanager.locations.get` `secretmanager.locations.list` `secretmanager.secrets.create` `secretmanager.secrets.createTagBinding` `secretmanager.secrets.delete` `secretmanager.secrets.deleteTagBinding` `secretmanager.secrets.get` `secretmanager.secrets.getIamPolicy` `secretmanager.secrets.list` `secretmanager.secrets.listEffectiveTags` `secretmanager.secrets.listTagBindings` `secretmanager.secrets.setIamPolicy` `secretmanager.secrets.update` `secretmanager.versions.access` `secretmanager.versions.add` `secretmanager.versions.destroy` `secretmanager.versions.disable` `secretmanager.versions.enable` `secretmanager.versions.get` `secretmanager.versions.list`
Secret Manager Secret Accessor (`roles/secretmanager.secretAccessor`) Allows accessing the payload of secrets. Lowest-level resources where you can grant this role: Secret	`resourcemanager.projects.get` `resourcemanager.projects.list` `secretmanager.versions.access`
Secret Manager Secret Version Adder (`roles/secretmanager.secretVersionAdder`) Allows adding versions to existing secrets. Lowest-level resources where you can grant this role: Secret	`resourcemanager.projects.get` `resourcemanager.projects.list` `secretmanager.versions.add`
Secret Manager Secret Version Manager (`roles/secretmanager.secretVersionManager`) Allows creating and managing versions of existing secrets. Lowest-level resources where you can grant this role: Secret	`resourcemanager.projects.get` `resourcemanager.projects.list` `secretmanager.versions.add` `secretmanager.versions.destroy` `secretmanager.versions.disable` `secretmanager.versions.enable` `secretmanager.versions.get` `secretmanager.versions.list`
Secret Manager Viewer (`roles/secretmanager.viewer`) Allows viewing metadata of all Secret Manager resources Lowest-level resources where you can grant this role: Secret	`resourcemanager.projects.get` `resourcemanager.projects.list` `secretmanager.locations.*` `secretmanager.locations.get` `secretmanager.locations.list` `secretmanager.secrets.get` `secretmanager.secrets.getIamPolicy` `secretmanager.secrets.list` `secretmanager.secrets.listEffectiveTags` `secretmanager.secrets.listTagBindings` `secretmanager.versions.get` `secretmanager.versions.list`

Secret Manager Admin

(roles/secretmanager.admin)

Full access to administer Secret Manager resources.

Lowest-level resources where you can grant this role:

Secret

cloudkms.keyHandles.*

cloudkms.keyHandles.create
cloudkms.keyHandles.get
cloudkms.keyHandles.list

cloudkms.operations.get

cloudkms.projects.showEffectiveAutokeyConfig

resourcemanager.projects.get

resourcemanager.projects.list

secretmanager.*

secretmanager.locations.get
secretmanager.locations.list
secretmanager.secrets.create
secretmanager.secrets.createTagBinding
secretmanager.secrets.delete
secretmanager.secrets.deleteTagBinding
secretmanager.secrets.get
secretmanager.secrets.getIamPolicy
secretmanager.secrets.list
secretmanager.secrets.listEffectiveTags
secretmanager.secrets.listTagBindings
secretmanager.secrets.setIamPolicy
secretmanager.secrets.update
secretmanager.versions.access
secretmanager.versions.add
secretmanager.versions.destroy
secretmanager.versions.disable
secretmanager.versions.enable
secretmanager.versions.get
secretmanager.versions.list

Secret Manager Secret Accessor

(roles/secretmanager.secretAccessor)

Allows accessing the payload of secrets.

Lowest-level resources where you can grant this role:

Secret

resourcemanager.projects.get

resourcemanager.projects.list

secretmanager.versions.access

Secret Manager Secret Version Adder

(roles/secretmanager.secretVersionAdder)

Allows adding versions to existing secrets.

Lowest-level resources where you can grant this role:

Secret

resourcemanager.projects.get

resourcemanager.projects.list

secretmanager.versions.add

Secret Manager Secret Version Manager

(roles/secretmanager.secretVersionManager)

Allows creating and managing versions of existing secrets.

Lowest-level resources where you can grant this role:

Secret

resourcemanager.projects.get

resourcemanager.projects.list

secretmanager.versions.add

secretmanager.versions.destroy

secretmanager.versions.disable

secretmanager.versions.enable

secretmanager.versions.get

secretmanager.versions.list

Secret Manager Viewer

(roles/secretmanager.viewer)

Allows viewing metadata of all Secret Manager resources

Lowest-level resources where you can grant this role:

Secret

resourcemanager.projects.get

resourcemanager.projects.list

secretmanager.locations.*

secretmanager.locations.get
secretmanager.locations.list

secretmanager.secrets.get

secretmanager.secrets.getIamPolicy

secretmanager.secrets.list

secretmanager.secrets.listEffectiveTags

secretmanager.secrets.listTagBindings

secretmanager.versions.get

secretmanager.versions.list

Secret Manager 权限

权限	以下角色拥有此权限
`secretmanager.locations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Secret Manager Admin (`roles/secretmanager.admin`) Secret Manager Viewer (`roles/secretmanager.viewer`)
`secretmanager.locations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Secret Manager Admin (`roles/secretmanager.admin`) Secret Manager Viewer (`roles/secretmanager.viewer`)
`secretmanager.secrets.create`	Owner (`roles/owner`) Editor (`roles/editor`) Secret Manager Admin (`roles/secretmanager.admin`)
`secretmanager.secrets.createTagBinding`	Owner (`roles/owner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Tag User (`roles/resourcemanager.tagUser`) Secret Manager Admin (`roles/secretmanager.admin`)
`secretmanager.secrets.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Secret Manager Admin (`roles/secretmanager.admin`)
`secretmanager.secrets.deleteTagBinding`	Owner (`roles/owner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Tag User (`roles/resourcemanager.tagUser`) Secret Manager Admin (`roles/secretmanager.admin`)
`secretmanager.secrets.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Secret Manager Admin (`roles/secretmanager.admin`) Secret Manager Viewer (`roles/secretmanager.viewer`)
`secretmanager.secrets.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Connector Admin (`roles/connectors.admin`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Secret Manager Admin (`roles/secretmanager.admin`) Secret Manager Viewer (`roles/secretmanager.viewer`)
`secretmanager.secrets.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Secret Manager Admin (`roles/secretmanager.admin`) Secret Manager Viewer (`roles/secretmanager.viewer`) 服务代理角色警告：请勿向服务代理以外的任何主账号授予服务代理角色。 Audit Manager Auditing Service Agent (`roles/auditmanager.serviceAgent`)
`secretmanager.secrets.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Secret Manager Admin (`roles/secretmanager.admin`) Secret Manager Viewer (`roles/secretmanager.viewer`)
`secretmanager.secrets.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Secret Manager Admin (`roles/secretmanager.admin`) Secret Manager Viewer (`roles/secretmanager.viewer`)
`secretmanager.secrets.setIamPolicy`	Owner (`roles/owner`) Security Admin (`roles/iam.securityAdmin`) Secret Manager Admin (`roles/secretmanager.admin`)
`secretmanager.secrets.update`	Owner (`roles/owner`) Editor (`roles/editor`) Secret Manager Admin (`roles/secretmanager.admin`)
`secretmanager.versions.access`	Owner (`roles/owner`) Secret Manager Admin (`roles/secretmanager.admin`) Secret Manager Secret Accessor (`roles/secretmanager.secretAccessor`)
`secretmanager.versions.add`	Owner (`roles/owner`) Editor (`roles/editor`) Secret Manager Admin (`roles/secretmanager.admin`) Secret Manager Secret Version Adder (`roles/secretmanager.secretVersionAdder`) Secret Manager Secret Version Manager (`roles/secretmanager.secretVersionManager`)
`secretmanager.versions.destroy`	Owner (`roles/owner`) Editor (`roles/editor`) Secret Manager Admin (`roles/secretmanager.admin`) Secret Manager Secret Version Manager (`roles/secretmanager.secretVersionManager`)
`secretmanager.versions.disable`	Owner (`roles/owner`) Editor (`roles/editor`) Secret Manager Admin (`roles/secretmanager.admin`) Secret Manager Secret Version Manager (`roles/secretmanager.secretVersionManager`)
`secretmanager.versions.enable`	Owner (`roles/owner`) Editor (`roles/editor`) Secret Manager Admin (`roles/secretmanager.admin`) Secret Manager Secret Version Manager (`roles/secretmanager.secretVersionManager`)
`secretmanager.versions.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Secret Manager Admin (`roles/secretmanager.admin`) Secret Manager Secret Version Manager (`roles/secretmanager.secretVersionManager`) Secret Manager Viewer (`roles/secretmanager.viewer`)
`secretmanager.versions.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Secret Manager Admin (`roles/secretmanager.admin`) Secret Manager Secret Version Manager (`roles/secretmanager.secretVersionManager`) Secret Manager Viewer (`roles/secretmanager.viewer`)

Secret Manager 角色和权限