Service Management 角色和权限

本页面列出了 Service Management 的 IAM 角色和权限。如需搜索所有角色和权限,请参阅角色和权限索引

Service Management 角色

Role Permissions

(roles/servicemanagement.admin)

Full control of Google Service Management resources.

monitoring.timeSeries.list

resourcemanager.folders.get

resourcemanager.folders.list

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

serviceconsumermanagement.*

  • serviceconsumermanagement.consumers.get
  • serviceconsumermanagement.quota.get
  • serviceconsumermanagement.quota.update
  • serviceconsumermanagement.tenancyu.addResource
  • serviceconsumermanagement.tenancyu.create
  • serviceconsumermanagement.tenancyu.delete
  • serviceconsumermanagement.tenancyu.list
  • serviceconsumermanagement.tenancyu.removeResource

servicemanagement.*

  • servicemanagement.services.bind
  • servicemanagement.services.check
  • servicemanagement.services.create
  • servicemanagement.services.delete
  • servicemanagement.services.get
  • servicemanagement.services.getIamPolicy
  • servicemanagement.services.list
  • servicemanagement.services.quota
  • servicemanagement.services.report
  • servicemanagement.services.setIamPolicy
  • servicemanagement.services.update

serviceusage.quotas.get

serviceusage.services.get

(roles/servicemanagement.checker)

Can check admission of a service during runtime.

servicemanagement.services.check

(roles/servicemanagement.configEditor)

Access to update the service config and create rollouts.

servicemanagement.services.get

servicemanagement.services.update

(roles/servicemanagement.quotaAdmin)

Provides access to administer service quotas.

Lowest-level resources where you can grant this role:

  • Project

cloudquotas.*

  • cloudquotas.quotas.get
  • cloudquotas.quotas.update

monitoring.alertPolicies.*

  • monitoring.alertPolicies.create
  • monitoring.alertPolicies.createTagBinding
  • monitoring.alertPolicies.delete
  • monitoring.alertPolicies.deleteTagBinding
  • monitoring.alertPolicies.get
  • monitoring.alertPolicies.list
  • monitoring.alertPolicies.listEffectiveTags
  • monitoring.alertPolicies.listTagBindings
  • monitoring.alertPolicies.update

monitoring.timeSeries.list

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.*

  • serviceusage.quotas.get
  • serviceusage.quotas.update

serviceusage.services.disable

serviceusage.services.enable

serviceusage.services.get

serviceusage.services.list

(roles/servicemanagement.quotaViewer)

Provides access to view service quotas.

Lowest-level resources where you can grant this role:

  • Project

cloudquotas.quotas.get

monitoring.timeSeries.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

(roles/servicemanagement.reporter)

Can report usage of a service during runtime.

servicemanagement.services.report

(roles/servicemanagement.serviceConsumer)

Can enable the service.

servicemanagement.services.bind

(roles/servicemanagement.serviceController)

Can check preconditions and report usage of a service during runtime.

Lowest-level resources where you can grant this role:

  • Project

servicemanagement.services.check

servicemanagement.services.get

servicemanagement.services.quota

servicemanagement.services.report

Service Management 权限

权限 以下角色拥有此权限

Owner (roles/owner)

Editor (roles/editor)

Firebase SDK Provisioning Service Agent (roles/firebase.sdkProvisioningServiceAgent)

Service Management Administrator (roles/servicemanagement.admin)

Service Consumer (roles/servicemanagement.serviceConsumer)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Service Management Administrator (roles/servicemanagement.admin)

Service Checker (roles/servicemanagement.checker)

Service Controller (roles/servicemanagement.serviceController)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Service Management Administrator (roles/servicemanagement.admin)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Service Management Administrator (roles/servicemanagement.admin)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

ApiGateway Admin (roles/apigateway.admin)

ApiGateway Viewer (roles/apigateway.viewer)

Service Management Administrator (roles/servicemanagement.admin)

Service Config Editor (roles/servicemanagement.configEditor)

Service Controller (roles/servicemanagement.serviceController)

服务代理角色

Owner (roles/owner)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Service Management Administrator (roles/servicemanagement.admin)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Service Management Administrator (roles/servicemanagement.admin)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Service Management Administrator (roles/servicemanagement.admin)

Service Controller (roles/servicemanagement.serviceController)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Service Management Administrator (roles/servicemanagement.admin)

Service Reporter (roles/servicemanagement.reporter)

Service Controller (roles/servicemanagement.serviceController)

服务代理角色

Owner (roles/owner)

Security Admin (roles/iam.securityAdmin)

Service Management Administrator (roles/servicemanagement.admin)

Owner (roles/owner)

Editor (roles/editor)

Service Management Administrator (roles/servicemanagement.admin)

Service Config Editor (roles/servicemanagement.configEditor)

服务代理角色