Cloud Workstations 역할 및 권한

이 페이지에는 Cloud Workstations의 IAM 역할과 권한이 나와 있습니다. 모든 역할과 권한을 검색하려면 역할 및 권한 색인을 참조하세요.

Cloud Workstations 역할

Role Permissions

Role	Permissions
Cloud Workstations Admin (`roles/workstations.admin`) Grants CRUD access to all Workstation resources.	`compute.acceleratorTypes.` `compute.acceleratorTypes.get` `compute.acceleratorTypes.list` `compute.machineTypes.` `compute.machineTypes.get` `compute.machineTypes.list` `compute.networks.get` `compute.networks.list` `compute.subnetworks.get` `compute.subnetworks.list` `compute.zones.` `compute.zones.get` `compute.zones.list` `iam.serviceAccounts.get` `iam.serviceAccounts.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `workstations.operations.get` `workstations.workstationClusters.` `workstations.workstationClusters.create` `workstations.workstationClusters.createTagBinding` `workstations.workstationClusters.delete` `workstations.workstationClusters.deleteTagBinding` `workstations.workstationClusters.get` `workstations.workstationClusters.list` `workstations.workstationClusters.listEffectiveTags` `workstations.workstationClusters.listTagBindings` `workstations.workstationClusters.update` `workstations.workstationConfigs.*` `workstations.workstationConfigs.create` `workstations.workstationConfigs.delete` `workstations.workstationConfigs.get` `workstations.workstationConfigs.getIamPolicy` `workstations.workstationConfigs.list` `workstations.workstationConfigs.setIamPolicy` `workstations.workstationConfigs.update` `workstations.workstations.create` `workstations.workstations.delete` `workstations.workstations.get` `workstations.workstations.getIamPolicy` `workstations.workstations.list` `workstations.workstations.setIamPolicy` `workstations.workstations.start` `workstations.workstations.stop` `workstations.workstations.update`
Cloud Workstations Network Admin (`roles/workstations.networkAdmin`) Grants ability to connect a Workstation Cluster to a shared VPC network.	`compute.addresses.create` `compute.addresses.createInternal` `compute.addresses.delete` `compute.addresses.deleteInternal` `compute.addresses.get` `compute.addresses.use` `compute.forwardingRules.create` `compute.forwardingRules.delete` `compute.forwardingRules.get` `compute.forwardingRules.pscCreate` `compute.forwardingRules.pscDelete` `compute.globalOperations.get` `compute.networks.get` `compute.networks.updatePolicy` `compute.networks.use` `compute.networks.useExternalIp` `compute.regionOperations.get` `compute.subnetworks.get` `compute.subnetworks.use` `compute.subnetworks.useExternalIp` `compute.zoneOperations.get` `servicedirectory.namespaces.create` `servicedirectory.namespaces.delete` `servicedirectory.services.create` `servicedirectory.services.delete`
Cloud Workstations Operation Viewer (`roles/workstations.operationViewer`) Grants ability to view Cloud Workstations API operations.	`workstations.operations.get`
Cloud Workstations Policy Admin (`roles/workstations.policyAdmin`) Grants permission to set IAM policy on workstation.	`workstations.workstations.getIamPolicy` `workstations.workstations.setIamPolicy`
Workstations Service Agent (`roles/workstations.serviceAgent`) Grants the Workstations Service Account access to manage resources in consumer project. Warning: Do not grant service agent roles to any principals except service agents.	`compute.addresses.create` `compute.addresses.createInternal` `compute.addresses.delete` `compute.addresses.deleteInternal` `compute.addresses.get` `compute.addresses.use` `compute.disks.create` `compute.disks.createSnapshot` `compute.disks.createTagBinding` `compute.disks.delete` `compute.disks.deleteTagBinding` `compute.disks.get` `compute.disks.list` `compute.disks.setLabels` `compute.disks.use` `compute.disks.useReadOnly` `compute.firewalls.create` `compute.firewalls.delete` `compute.firewalls.get` `compute.firewalls.update` `compute.forwardingRules.create` `compute.forwardingRules.delete` `compute.forwardingRules.get` `compute.forwardingRules.pscCreate` `compute.forwardingRules.pscDelete` `compute.globalOperations.get` `compute.instances.attachDisk` `compute.instances.create` `compute.instances.createTagBinding` `compute.instances.delete` `compute.instances.deleteTagBinding` `compute.instances.detachDisk` `compute.instances.get` `compute.instances.getGuestAttributes` `compute.instances.getSerialPortOutput` `compute.instances.setLabels` `compute.instances.setMetadata` `compute.instances.setServiceAccount` `compute.instances.setTags` `compute.networks.addPeering` `compute.networks.get` `compute.networks.removePeering` `compute.networks.updatePolicy` `compute.networks.use` `compute.networks.useExternalIp` `compute.regionOperations.get` `compute.regions.get` `compute.snapshots.create` `compute.snapshots.createTagBinding` `compute.snapshots.delete` `compute.snapshots.deleteTagBinding` `compute.snapshots.get` `compute.snapshots.listTagBindings` `compute.snapshots.setLabels` `compute.snapshots.useReadOnly` `compute.subnetworks.get` `compute.subnetworks.use` `compute.subnetworks.useExternalIp` `compute.zoneOperations.get` `dns.networks.bindPrivateDNSZone` `dns.networks.targetWithPeeringZone` `iam.serviceAccounts.actAs` `iam.serviceAccounts.get` `iam.serviceAccounts.list` `resourcemanager.tagValueBindings.*` `resourcemanager.tagValueBindings.create` `resourcemanager.tagValueBindings.delete` `servicedirectory.namespaces.create` `servicedirectory.namespaces.delete` `servicedirectory.services.create` `servicedirectory.services.delete` `serviceusage.services.get`
Cloud Workstations User (`roles/workstations.user`) Grants runtime access to Workstation resources.	`workstations.operations.get` `workstations.workstations.delete` `workstations.workstations.get` `workstations.workstations.start` `workstations.workstations.stop` `workstations.workstations.update` `workstations.workstations.use`
Cloud Workstations Creator (`roles/workstations.workstationCreator`) Grants ability to create Workstation resources.	`resourcemanager.projects.get` `resourcemanager.projects.list` `workstations.operations.get` `workstations.workstationClusters.get` `workstations.workstationClusters.list` `workstations.workstationConfigs.get` `workstations.workstations.create`
Cloud Workstations Limit Exempted Creator (`roles/workstations.workstationLimitExemptedCreator`) Grants ability to create workstations with exemption from max_usable_workstations Limit.	`resourcemanager.projects.get` `resourcemanager.projects.list` `workstations.operations.get` `workstations.workstationConfigs.get` `workstations.workstations.create`

Cloud Workstations Admin

(roles/workstations.admin)

Grants CRUD access to all Workstation resources.

compute.acceleratorTypes.*

compute.acceleratorTypes.get
compute.acceleratorTypes.list

compute.machineTypes.*

compute.machineTypes.get
compute.machineTypes.list

compute.networks.get

compute.networks.list

compute.subnetworks.get

compute.subnetworks.list

compute.zones.*

compute.zones.get
compute.zones.list

iam.serviceAccounts.get

iam.serviceAccounts.list

resourcemanager.projects.get

resourcemanager.projects.list

workstations.operations.get

workstations.workstationClusters.*

workstations.workstationClusters.create
workstations.workstationClusters.createTagBinding
workstations.workstationClusters.delete
workstations.workstationClusters.deleteTagBinding
workstations.workstationClusters.get
workstations.workstationClusters.list
workstations.workstationClusters.listEffectiveTags
workstations.workstationClusters.listTagBindings
workstations.workstationClusters.update

workstations.workstationConfigs.*

workstations.workstationConfigs.create
workstations.workstationConfigs.delete
workstations.workstationConfigs.get
workstations.workstationConfigs.getIamPolicy
workstations.workstationConfigs.list
workstations.workstationConfigs.setIamPolicy
workstations.workstationConfigs.update

workstations.workstations.create

workstations.workstations.delete

workstations.workstations.get

workstations.workstations.getIamPolicy

workstations.workstations.list

workstations.workstations.setIamPolicy

workstations.workstations.start

workstations.workstations.stop

workstations.workstations.update

Cloud Workstations Network Admin

(roles/workstations.networkAdmin)

Grants ability to connect a Workstation Cluster to a shared VPC network.

compute.addresses.create

compute.addresses.createInternal

compute.addresses.delete

compute.addresses.deleteInternal

compute.addresses.get

compute.addresses.use

compute.forwardingRules.create

compute.forwardingRules.delete

compute.forwardingRules.get

compute.forwardingRules.pscCreate

compute.forwardingRules.pscDelete

compute.globalOperations.get

compute.networks.get

compute.networks.updatePolicy

compute.networks.use

compute.networks.useExternalIp

compute.regionOperations.get

compute.subnetworks.get

compute.subnetworks.use

compute.subnetworks.useExternalIp

compute.zoneOperations.get

servicedirectory.namespaces.create

servicedirectory.namespaces.delete

servicedirectory.services.create

servicedirectory.services.delete

Cloud Workstations Operation Viewer

(roles/workstations.operationViewer)

Grants ability to view Cloud Workstations API operations.

workstations.operations.get

Cloud Workstations Policy Admin

(roles/workstations.policyAdmin)

Grants permission to set IAM policy on workstation.

workstations.workstations.getIamPolicy

workstations.workstations.setIamPolicy

Workstations Service Agent

(roles/workstations.serviceAgent)

Grants the Workstations Service Account access to manage resources in consumer project.

compute.addresses.create

compute.addresses.createInternal

compute.addresses.delete

compute.addresses.deleteInternal

compute.addresses.get

compute.addresses.use

compute.disks.create

compute.disks.createSnapshot

compute.disks.createTagBinding

compute.disks.delete

compute.disks.deleteTagBinding

compute.disks.get

compute.disks.list

compute.disks.setLabels

compute.disks.use

compute.disks.useReadOnly

compute.firewalls.create

compute.firewalls.delete

compute.firewalls.get

compute.firewalls.update

compute.forwardingRules.create

compute.forwardingRules.delete

compute.forwardingRules.get

compute.forwardingRules.pscCreate

compute.forwardingRules.pscDelete

compute.globalOperations.get

compute.instances.attachDisk

compute.instances.create

compute.instances.createTagBinding

compute.instances.delete

compute.instances.deleteTagBinding

compute.instances.detachDisk

compute.instances.get

compute.instances.getGuestAttributes

compute.instances.getSerialPortOutput

compute.instances.setLabels

compute.instances.setMetadata

compute.instances.setServiceAccount

compute.instances.setTags

compute.networks.addPeering

compute.networks.get

compute.networks.removePeering

compute.networks.updatePolicy

compute.networks.use

compute.networks.useExternalIp

compute.regionOperations.get

compute.regions.get

compute.snapshots.create

compute.snapshots.createTagBinding

compute.snapshots.delete

compute.snapshots.deleteTagBinding

compute.snapshots.get

compute.snapshots.listTagBindings

compute.snapshots.setLabels

compute.snapshots.useReadOnly

compute.subnetworks.get

compute.subnetworks.use

compute.subnetworks.useExternalIp

compute.zoneOperations.get

dns.networks.bindPrivateDNSZone

dns.networks.targetWithPeeringZone

iam.serviceAccounts.actAs

iam.serviceAccounts.get

iam.serviceAccounts.list

resourcemanager.tagValueBindings.*

resourcemanager.tagValueBindings.create
resourcemanager.tagValueBindings.delete

servicedirectory.namespaces.create

servicedirectory.namespaces.delete

servicedirectory.services.create

servicedirectory.services.delete

serviceusage.services.get

Cloud Workstations User

(roles/workstations.user)

Grants runtime access to Workstation resources.

workstations.operations.get

workstations.workstations.delete

workstations.workstations.get

workstations.workstations.start

workstations.workstations.stop

workstations.workstations.update

workstations.workstations.use

Cloud Workstations Creator

(roles/workstations.workstationCreator)

Grants ability to create Workstation resources.

resourcemanager.projects.get

resourcemanager.projects.list

workstations.operations.get

workstations.workstationClusters.get

workstations.workstationClusters.list

workstations.workstationConfigs.get

workstations.workstations.create

Cloud Workstations Limit Exempted Creator

(roles/workstations.workstationLimitExemptedCreator)

Grants ability to create workstations with exemption from max_usable_workstations Limit.

resourcemanager.projects.get

resourcemanager.projects.list

workstations.operations.get

workstations.workstationConfigs.get

workstations.workstations.create

Cloud Workstations 권한

권한	역할에 포함됨
`workstations.operations.get`	소유자(`roles/owner`) 편집자(`roles/editor`) 뷰어 (`roles/viewer`) Cloud Workstations 관리자(`roles/workstations.admin`) Cloud Workstations 작업 뷰어(`roles/workstations.operationViewer`) Cloud Workstations 사용자(`roles/workstations.user`) Cloud Workstations 생성자(`roles/workstations.workstationCreator`) Cloud Workstations 한도 제외 생성자(`roles/workstations.workstationLimitExemptedCreator`)
`workstations.workstationClusters.create`	소유자(`roles/owner`) 편집자(`roles/editor`) Cloud Workstations 관리자(`roles/workstations.admin`)
`workstations.workstationClusters.createTagBinding`	소유자(`roles/owner`) DLP 조직 데이터 프로필 드라이버(`roles/dlp.orgdriver`) DLP 프로젝트 데이터 프로필 드라이버(`roles/dlp.projectdriver`) 태그 사용자(`roles/resourcemanager.tagUser`) Cloud Workstations 관리자(`roles/workstations.admin`)
`workstations.workstationClusters.delete`	소유자(`roles/owner`) 편집자(`roles/editor`) Cloud Workstations 관리자(`roles/workstations.admin`)
`workstations.workstationClusters.deleteTagBinding`	소유자(`roles/owner`) DLP 조직 데이터 프로필 드라이버(`roles/dlp.orgdriver`) DLP 프로젝트 데이터 프로필 드라이버(`roles/dlp.projectdriver`) 태그 사용자(`roles/resourcemanager.tagUser`) Cloud Workstations 관리자(`roles/workstations.admin`)
`workstations.workstationClusters.get`	소유자(`roles/owner`) 편집자(`roles/editor`) 뷰어 (`roles/viewer`) Cloud Workstations 관리자(`roles/workstations.admin`) Cloud Workstations 생성자(`roles/workstations.workstationCreator`)
`workstations.workstationClusters.list`	소유자(`roles/owner`) 편집자(`roles/editor`) 뷰어 (`roles/viewer`) 보안 관리자(`roles/iam.securityAdmin`) 보안 검토자(`roles/iam.securityReviewer`) Cloud Workstations 관리자(`roles/workstations.admin`) Cloud Workstations 생성자(`roles/workstations.workstationCreator`)
`workstations.workstationClusters.listEffectiveTags`	소유자(`roles/owner`) 편집자(`roles/editor`) 뷰어 (`roles/viewer`) DLP 조직 데이터 프로필 드라이버(`roles/dlp.orgdriver`) DLP 프로젝트 데이터 프로필 드라이버(`roles/dlp.projectdriver`) 태그 사용자(`roles/resourcemanager.tagUser`) 태그 뷰어(`roles/resourcemanager.tagViewer`) Cloud Workstations 관리자(`roles/workstations.admin`)
`workstations.workstationClusters.listTagBindings`	소유자(`roles/owner`) 편집자(`roles/editor`) 뷰어 (`roles/viewer`) DLP 조직 데이터 프로필 드라이버(`roles/dlp.orgdriver`) DLP 프로젝트 데이터 프로필 드라이버(`roles/dlp.projectdriver`) 태그 사용자(`roles/resourcemanager.tagUser`) 태그 뷰어(`roles/resourcemanager.tagViewer`) Cloud Workstations 관리자(`roles/workstations.admin`)
`workstations.workstationClusters.update`	소유자(`roles/owner`) 편집자(`roles/editor`) Cloud Workstations 관리자(`roles/workstations.admin`)
`workstations.workstationConfigs.create`	소유자(`roles/owner`) 편집자(`roles/editor`) Cloud Workstations 관리자(`roles/workstations.admin`)
`workstations.workstationConfigs.delete`	소유자(`roles/owner`) 편집자(`roles/editor`) Cloud Workstations 관리자(`roles/workstations.admin`)
`workstations.workstationConfigs.get`	소유자(`roles/owner`) 편집자(`roles/editor`) 뷰어 (`roles/viewer`) Cloud Workstations 관리자(`roles/workstations.admin`) Cloud Workstations 생성자(`roles/workstations.workstationCreator`) Cloud Workstations 한도 제외 생성자(`roles/workstations.workstationLimitExemptedCreator`)
`workstations.workstationConfigs.getIamPolicy`	소유자(`roles/owner`) 편집자(`roles/editor`) 뷰어 (`roles/viewer`) 보안 관리자(`roles/iam.securityAdmin`) 보안 검토자(`roles/iam.securityReviewer`) Cloud Workstations 관리자(`roles/workstations.admin`)
`workstations.workstationConfigs.list`	소유자(`roles/owner`) 편집자(`roles/editor`) 뷰어 (`roles/viewer`) 보안 관리자(`roles/iam.securityAdmin`) 보안 검토자(`roles/iam.securityReviewer`) Cloud Workstations 관리자(`roles/workstations.admin`)
`workstations.workstationConfigs.setIamPolicy`	소유자(`roles/owner`) 보안 관리자(`roles/iam.securityAdmin`) Cloud Workstations 관리자(`roles/workstations.admin`)
`workstations.workstationConfigs.update`	소유자(`roles/owner`) 편집자(`roles/editor`) Cloud Workstations 관리자(`roles/workstations.admin`)
`workstations.workstations.create`	소유자(`roles/owner`) 편집자(`roles/editor`) Cloud Workstations 관리자(`roles/workstations.admin`) Cloud Workstations 생성자(`roles/workstations.workstationCreator`) Cloud Workstations 한도 제외 생성자(`roles/workstations.workstationLimitExemptedCreator`)
`workstations.workstations.delete`	소유자(`roles/owner`) 편집자(`roles/editor`) Cloud Workstations 관리자(`roles/workstations.admin`) Cloud Workstations 사용자(`roles/workstations.user`)
`workstations.workstations.get`	소유자(`roles/owner`) 편집자(`roles/editor`) 뷰어 (`roles/viewer`) Cloud Workstations 관리자(`roles/workstations.admin`) Cloud Workstations 사용자(`roles/workstations.user`)
`workstations.workstations.getIamPolicy`	소유자(`roles/owner`) 편집자(`roles/editor`) 뷰어 (`roles/viewer`) 보안 관리자(`roles/iam.securityAdmin`) 보안 검토자(`roles/iam.securityReviewer`) Cloud Workstations 관리자(`roles/workstations.admin`) Cloud Workstations 정책 관리자(`roles/workstations.policyAdmin`)
`workstations.workstations.list`	소유자(`roles/owner`) 편집자(`roles/editor`) 뷰어 (`roles/viewer`) 보안 관리자(`roles/iam.securityAdmin`) 보안 검토자(`roles/iam.securityReviewer`) Cloud Workstations 관리자(`roles/workstations.admin`)
`workstations.workstations.setIamPolicy`	소유자(`roles/owner`) 보안 관리자(`roles/iam.securityAdmin`) Cloud Workstations 관리자(`roles/workstations.admin`) Cloud Workstations 정책 관리자(`roles/workstations.policyAdmin`)
`workstations.workstations.start`	소유자(`roles/owner`) 편집자(`roles/editor`) Cloud Workstations 관리자(`roles/workstations.admin`) Cloud Workstations 사용자(`roles/workstations.user`)
`workstations.workstations.stop`	소유자(`roles/owner`) 편집자(`roles/editor`) Cloud Workstations 관리자(`roles/workstations.admin`) Cloud Workstations 사용자(`roles/workstations.user`)
`workstations.workstations.update`	소유자(`roles/owner`) 편집자(`roles/editor`) Cloud Workstations 관리자(`roles/workstations.admin`) Cloud Workstations 사용자(`roles/workstations.user`)
`workstations.workstations.use`	Cloud Workstations 사용자(`roles/workstations.user`)

Cloud Workstations 역할 및 권한