Service Networking 角色和权限

本页面列出了 Service Networking 的 IAM 角色和权限。如需搜索所有角色和权限，请参阅角色和权限索引。

Service Networking 角色

Role Permissions

Role	Permissions
Service Networking Admin ^Beta (`roles/servicenetworking.networksAdmin`) Full control of service networking with projects.	`servicenetworking.*` `servicenetworking.operations.cancel` `servicenetworking.operations.delete` `servicenetworking.operations.get` `servicenetworking.operations.list` `servicenetworking.services.addDnsRecordSet` `servicenetworking.services.addDnsZone` `servicenetworking.services.addPeering` `servicenetworking.services.addSubnetwork` `servicenetworking.services.createPeeredDnsDomain` `servicenetworking.services.deleteConnection` `servicenetworking.services.deletePeeredDnsDomain` `servicenetworking.services.disableVpcServiceControls` `servicenetworking.services.enableVpcServiceControls` `servicenetworking.services.get` `servicenetworking.services.getConsumerConfig` `servicenetworking.services.listPeeredDnsDomains` `servicenetworking.services.removeDnsRecordSet` `servicenetworking.services.removeDnsZone` `servicenetworking.services.updateConsumerConfig` `servicenetworking.services.updateDnsRecordSet` `servicenetworking.services.use`
Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) Gives permission to manage network configuration, such as establishing network peering, necessary for service producers Warning: Do not grant service agent roles to any principals except service agents.	`compute.globalAddresses.get` `compute.globalAddresses.list` `compute.globalOperations.get` `compute.networks.addPeering` `compute.networks.create` `compute.networks.delete` `compute.networks.get` `compute.networks.list` `compute.networks.listPeeringRoutes` `compute.networks.removePeering` `compute.networks.update` `compute.networks.updatePeering` `compute.networks.updatePolicy` `compute.projects.get` `compute.regionOperations.get` `compute.routers.get` `compute.routers.list` `compute.routes.list` `compute.subnetworks.create` `compute.subnetworks.delete` `compute.subnetworks.get` `compute.subnetworks.list` `dns.changes.` `dns.changes.create` `dns.changes.get` `dns.changes.list` `dns.dnsKeys.` `dns.dnsKeys.get` `dns.dnsKeys.list` `dns.gkeClusters.` `dns.gkeClusters.bindDNSResponsePolicy` `dns.gkeClusters.bindPrivateDNSZone` `dns.managedZoneOperations.` `dns.managedZoneOperations.get` `dns.managedZoneOperations.list` `dns.managedZones.create` `dns.managedZones.delete` `dns.managedZones.get` `dns.managedZones.getIamPolicy` `dns.managedZones.list` `dns.managedZones.update` `dns.networks.` `dns.networks.bindDNSResponsePolicy` `dns.networks.bindPrivateDNSPolicy` `dns.networks.bindPrivateDNSZone` `dns.networks.targetWithPeeringZone` `dns.networks.useHealthSignals` `dns.policies.` `dns.policies.create` `dns.policies.delete` `dns.policies.get` `dns.policies.list` `dns.policies.update` `dns.projects.get` `dns.resourceRecordSets.` `dns.resourceRecordSets.create` `dns.resourceRecordSets.delete` `dns.resourceRecordSets.get` `dns.resourceRecordSets.list` `dns.resourceRecordSets.update` `dns.responsePolicies.` `dns.responsePolicies.create` `dns.responsePolicies.delete` `dns.responsePolicies.get` `dns.responsePolicies.list` `dns.responsePolicies.update` `dns.responsePolicyRules.*` `dns.responsePolicyRules.create` `dns.responsePolicyRules.delete` `dns.responsePolicyRules.get` `dns.responsePolicyRules.list` `dns.responsePolicyRules.update` `networkconnectivity.internalRanges.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

Service Networking Admin ^Beta

(roles/servicenetworking.networksAdmin)

Full control of service networking with projects.

servicenetworking.*

servicenetworking.operations.cancel
servicenetworking.operations.delete
servicenetworking.operations.get
servicenetworking.operations.list
servicenetworking.services.addDnsRecordSet
servicenetworking.services.addDnsZone
servicenetworking.services.addPeering
servicenetworking.services.addSubnetwork
servicenetworking.services.createPeeredDnsDomain
servicenetworking.services.deleteConnection
servicenetworking.services.deletePeeredDnsDomain
servicenetworking.services.disableVpcServiceControls
servicenetworking.services.enableVpcServiceControls
servicenetworking.services.get
servicenetworking.services.getConsumerConfig
servicenetworking.services.listPeeredDnsDomains
servicenetworking.services.removeDnsRecordSet
servicenetworking.services.removeDnsZone
servicenetworking.services.updateConsumerConfig
servicenetworking.services.updateDnsRecordSet
servicenetworking.services.use

Service Networking Service Agent

(roles/servicenetworking.serviceAgent)

Gives permission to manage network configuration, such as establishing network peering, necessary for service producers

compute.globalAddresses.get

compute.globalAddresses.list

compute.globalOperations.get

compute.networks.addPeering

compute.networks.create

compute.networks.delete

compute.networks.get

compute.networks.list

compute.networks.listPeeringRoutes

compute.networks.removePeering

compute.networks.update

compute.networks.updatePeering

compute.networks.updatePolicy

compute.projects.get

compute.regionOperations.get

compute.routers.get

compute.routers.list

compute.routes.list

compute.subnetworks.create

compute.subnetworks.delete

compute.subnetworks.get

compute.subnetworks.list

dns.changes.*

dns.changes.create
dns.changes.get
dns.changes.list

dns.dnsKeys.*

dns.dnsKeys.get
dns.dnsKeys.list

dns.gkeClusters.*

dns.gkeClusters.bindDNSResponsePolicy
dns.gkeClusters.bindPrivateDNSZone

dns.managedZoneOperations.*

dns.managedZoneOperations.get
dns.managedZoneOperations.list

dns.managedZones.create

dns.managedZones.delete

dns.managedZones.get

dns.managedZones.getIamPolicy

dns.managedZones.list

dns.managedZones.update

dns.networks.*

dns.networks.bindDNSResponsePolicy
dns.networks.bindPrivateDNSPolicy
dns.networks.bindPrivateDNSZone
dns.networks.targetWithPeeringZone
dns.networks.useHealthSignals

dns.policies.*

dns.policies.create
dns.policies.delete
dns.policies.get
dns.policies.list
dns.policies.update

dns.projects.get

dns.resourceRecordSets.*

dns.resourceRecordSets.create
dns.resourceRecordSets.delete
dns.resourceRecordSets.get
dns.resourceRecordSets.list
dns.resourceRecordSets.update

dns.responsePolicies.*

dns.responsePolicies.create
dns.responsePolicies.delete
dns.responsePolicies.get
dns.responsePolicies.list
dns.responsePolicies.update

dns.responsePolicyRules.*

dns.responsePolicyRules.create
dns.responsePolicyRules.delete
dns.responsePolicyRules.get
dns.responsePolicyRules.list
dns.responsePolicyRules.update

networkconnectivity.internalRanges.list

resourcemanager.projects.get

resourcemanager.projects.list

Service Networking 权限

权限	以下角色拥有此权限
`servicenetworking.operations.cancel`	Owner (`roles/owner`) Editor (`roles/editor`) Service Networking Admin (`roles/servicenetworking.networksAdmin`)
`servicenetworking.operations.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Service Networking Admin (`roles/servicenetworking.networksAdmin`)
`servicenetworking.operations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Network Admin (`roles/compute.networkAdmin`) Service Networking Admin (`roles/servicenetworking.networksAdmin`) 服务代理角色警告：请勿向服务代理以外的任何主账号授予服务代理角色。 Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`servicenetworking.operations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Service Networking Admin (`roles/servicenetworking.networksAdmin`)
`servicenetworking.services.addDnsRecordSet`	Owner (`roles/owner`) Editor (`roles/editor`) Service Networking Admin (`roles/servicenetworking.networksAdmin`)
`servicenetworking.services.addDnsZone`	Owner (`roles/owner`) Editor (`roles/editor`) Service Networking Admin (`roles/servicenetworking.networksAdmin`)
`servicenetworking.services.addPeering`	Owner (`roles/owner`) Compute Network Admin (`roles/compute.networkAdmin`) Service Networking Admin (`roles/servicenetworking.networksAdmin`) 服务代理角色警告：请勿向服务代理以外的任何主账号授予服务代理角色。 Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`servicenetworking.services.addSubnetwork`	Owner (`roles/owner`) Editor (`roles/editor`) Service Networking Admin (`roles/servicenetworking.networksAdmin`)
`servicenetworking.services.createPeeredDnsDomain`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Network Admin (`roles/compute.networkAdmin`) Service Networking Admin (`roles/servicenetworking.networksAdmin`) 服务代理角色警告：请勿向服务代理以外的任何主账号授予服务代理角色。 Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`servicenetworking.services.deleteConnection`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Network Admin (`roles/compute.networkAdmin`) Service Networking Admin (`roles/servicenetworking.networksAdmin`) 服务代理角色警告：请勿向服务代理以外的任何主账号授予服务代理角色。 Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`servicenetworking.services.deletePeeredDnsDomain`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Network Admin (`roles/compute.networkAdmin`) Service Networking Admin (`roles/servicenetworking.networksAdmin`) 服务代理角色警告：请勿向服务代理以外的任何主账号授予服务代理角色。 Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`servicenetworking.services.disableVpcServiceControls`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Network Admin (`roles/compute.networkAdmin`) Service Networking Admin (`roles/servicenetworking.networksAdmin`) 服务代理角色警告：请勿向服务代理以外的任何主账号授予服务代理角色。 Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`servicenetworking.services.enableVpcServiceControls`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Network Admin (`roles/compute.networkAdmin`) Service Networking Admin (`roles/servicenetworking.networksAdmin`) 服务代理角色警告：请勿向服务代理以外的任何主账号授予服务代理角色。 Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`servicenetworking.services.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Compute Network Admin (`roles/compute.networkAdmin`) Compute Network User (`roles/compute.networkUser`) Compute Network Viewer (`roles/compute.networkViewer`) Service Networking Admin (`roles/servicenetworking.networksAdmin`) 服务代理角色警告：请勿向服务代理以外的任何主账号授予服务代理角色。 Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`) Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud Data Fusion API Service Agent (`roles/datafusion.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`servicenetworking.services.getConsumerConfig`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Service Networking Admin (`roles/servicenetworking.networksAdmin`)
`servicenetworking.services.listPeeredDnsDomains`	Owner (`roles/owner`) Editor (`roles/editor`) Compute Network Admin (`roles/compute.networkAdmin`) Service Networking Admin (`roles/servicenetworking.networksAdmin`) 服务代理角色警告：请勿向服务代理以外的任何主账号授予服务代理角色。 Cloud Composer API Service Agent (`roles/composer.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Cloud Dataflow Service Agent (`roles/dataflow.serviceAgent`) Cloud TPU V2 API Service Agent (`roles/cloudtpu.serviceAgent`)
`servicenetworking.services.removeDnsRecordSet`	Owner (`roles/owner`) Editor (`roles/editor`) Service Networking Admin (`roles/servicenetworking.networksAdmin`)
`servicenetworking.services.removeDnsZone`	Owner (`roles/owner`) Editor (`roles/editor`) Service Networking Admin (`roles/servicenetworking.networksAdmin`)
`servicenetworking.services.updateConsumerConfig`	Owner (`roles/owner`) Editor (`roles/editor`) Service Networking Admin (`roles/servicenetworking.networksAdmin`)
`servicenetworking.services.updateDnsRecordSet`	Owner (`roles/owner`) Editor (`roles/editor`) Service Networking Admin (`roles/servicenetworking.networksAdmin`)
`servicenetworking.services.use`	Owner (`roles/owner`) Editor (`roles/editor`) Service Networking Admin (`roles/servicenetworking.networksAdmin`)

Service Networking 角色和权限