Tetap teratur dengan koleksi
Simpan dan kategorikan konten berdasarkan preferensi Anda.
Anda dapat menetapkan atau mendapatkan kebijakan Identity and Access Management (IAM), atau kontrol akses, untuk
satu atau beberapa Pengujian Konektivitas. Selain itu, Anda dapat melihat izin yang dimiliki pengguna atau akun layanan untuk Pengujian Konektivitas tertentu.
Dokumen ini menunjukkan contoh kontrol akses yang menggunakan Network Management API.
Untuk mengikuti langkah-langkah ini di Google Cloud konsol atau dengan menggunakan perintah gcloud,
lihat panduan cara kerja IAM.
TEST_ID: ID objek Uji Konektivitas (pengujian) yang Anda jalankan
VERSION: menentukan format kebijakan;
nilai yang valid adalah 0, 1, dan 3—setiap operasi yang memengaruhi
binding peran bersyarat harus menentukan versi 3
ETAG: digunakan untuk kontrol konkurensi optimis sebagai
cara untuk membantu mencegah pembaruan kebijakan secara bersamaan agar tidak menimpa
satu sama lain (contoh etag adalah BwWbrqiZFRs=)
ROLE: peran yang ditetapkan ke akun utama
(misalnya, roles/networkmanagement.admin)
PRINCIPAL: menentukan identitas yang meminta
akses untuk resource Google Cloud (misalnya,
user:username@yourcompany.com); untuk daftar jenis akun utama atau anggota, lihat
referensi API untuk kebijakan IAM
Mendapatkan kebijakan kontrol akses
Prosedur ini mendapatkan kebijakan kontrol akses untuk resource Uji Konektivitas yang ditentukan.
TEST_ID: ID objek Uji Konektivitas (pengujian) yang Anda jalankan
VERSION: menentukan format kebijakan;
nilai yang valid adalah 0, 1, dan 3—setiap operasi yang memengaruhi
binding peran bersyarat harus menentukan versi 3
ETAG: digunakan untuk kontrol konkurensi optimis
sebagai cara untuk membantu mencegah pembaruan kebijakan secara bersamaan agar tidak menimpa
satu sama lain (contoh etag adalah BwWbrqiZFRs=)
ROLE: peran yang ditetapkan ke akun utama (misalnya, roles/networkmanagement.admin)
PRINCIPAL: menentukan identitas yang meminta akses untuk resource Google Cloud (misalnya, user:username@yourcompany.com); untuk daftar jenis akun utama, lihat referensi API untuk kebijakan IAM
Menguji Izin IAM
Prosedur ini menampilkan izin yang dimiliki pengguna atau akun layanan untuk resource Uji Konektivitas.
[[["Mudah dipahami","easyToUnderstand","thumb-up"],["Memecahkan masalah saya","solvedMyProblem","thumb-up"],["Lainnya","otherUp","thumb-up"]],[["Sulit dipahami","hardToUnderstand","thumb-down"],["Informasi atau kode contoh salah","incorrectInformationOrSampleCode","thumb-down"],["Informasi/contoh yang saya butuhkan tidak ada","missingTheInformationSamplesINeed","thumb-down"],["Masalah terjemahan","translationIssue","thumb-down"],["Lainnya","otherDown","thumb-down"]],["Terakhir diperbarui pada 2025-08-18 UTC."],[],[],null,["# Manage access policies\n\nYou can set or get the Identity and Access Management (IAM), or access control, policy for\none or more Connectivity Tests. In addition, you can view the\npermissions that a user or service account has for a specific\nConnectivity Test.\n\nThis document shows access control examples that use the Network Management API.\nTo follow these steps in the Google Cloud console or by using `gcloud` commands,\nsee the [IAM how-to guides](/iam/docs/how-to).\n\nFor information about policy bindings and etags listed in the following commands,\nsee the [API reference for IAM policies](/iam/docs/reference/rest/v1/Policy).\n\nFor information about the IAM roles and permissions needed to run\nConnectivity Tests, see\n[Roles and permissions](/network-intelligence-center/docs/connectivity-tests/concepts/access-control).\n\nSet an access control policy\n----------------------------\n\nThis procedure sets the access control policy on the specified\nConnectivity Tests resource. \n\n### API\n\nUse the [`networkmanagement.connectivitytests.setIamPolicy`](/network-intelligence-center/docs/connectivity-tests/reference/networkmanagement/rest/v1/projects.locations.global.connectivityTests/setIamPolicy)\nmethod to set the access control policy for a \u003cvar translate=\"no\"\u003eUSER\u003c/var\u003e,\n\u003cvar translate=\"no\"\u003eROLE\u003c/var\u003e, and \u003cvar translate=\"no\"\u003eTEST_ID\u003c/var\u003e.\n\nThe following example sets a policy that binds the role of\n`networkmanagement.admin` to `username@yourcompany.com` for `mytest-1`. \n\n```\n POST https: //networkmanagement.googleapis.com/v1/{resource=projects/*/locations/global/connectivityTests/TEST_ID}:setIamPolicy\n {\n \"version\": \"VERSION\",\n \"etag\": \"ETAG\",\n \"bindings\": [{\n \"role\": \"ROLE\",\n \"members\": [\n \"PRINCIPAL\"\n ]\n }]\n }\n```\n\nReplace the following values:\n\n- \u003cvar translate=\"no\"\u003eTEST_ID\u003c/var\u003e: the ID of the Connectivity Tests object (test) that you are running\n- \u003cvar translate=\"no\"\u003eVERSION\u003c/var\u003e: specifies the format of the policy; valid values are `0`, `1`, and `3`---any operation that affects conditional role bindings must specify version `3`\n- \u003cvar translate=\"no\"\u003eETAG\u003c/var\u003e: used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other (an example etag is `BwWbrqiZFRs=`)\n- \u003cvar translate=\"no\"\u003eROLE\u003c/var\u003e: a role that is assigned to principals (for example, `roles/networkmanagement.admin`)\n- \u003cvar translate=\"no\"\u003ePRINCIPAL\u003c/var\u003e: specifies the identities requesting access for a Google Cloud resource (for example, `user:username@yourcompany.com`); for a list of principal, or member, types, see the [API reference for IAM policies](/iam/docs/reference/rest/v1/Policy)\n\nGet an access control policy\n----------------------------\n\nThis procedure gets the access control policy for the specified\nConnectivity Tests resource. \n\n### API\n\nUse the [`networkmanagement.connectivitytests.getIamPolicy`](/network-intelligence-center/docs/connectivity-tests/reference/networkmanagement/rest/v1/projects.locations.global.connectivityTests/getIamPolicy)\nmethod to set the access control policy for a \u003cvar translate=\"no\"\u003ePRINCIPAL\u003c/var\u003e,\n\u003cvar translate=\"no\"\u003eROLE\u003c/var\u003e, and \u003cvar translate=\"no\"\u003eTEST_ID\u003c/var\u003e.\n\nThe following example gets a policy that binds the role of\n`networkmanagement.admin` to `username@yourcompany.com` for `mytest-1`. \n\n```\n GET https: //networkmanagement.googleapis.com/v1/{resource=projects/*/locations/global/connectivityTests/TEST_ID}:getIamPolicy\n {\n \"version\": \"VERSION\",\n \"etag\": \"ETAG\",\n \"bindings\": [{\n \"role\": \"ROLE\",\n \"members\": [\n \"PRINCIPAL\"\n ]\n }]\n }\n```\n\nReplace the following values:\n\n- \u003cvar translate=\"no\"\u003eTEST_ID\u003c/var\u003e: the ID of the Connectivity Tests object (test) that you are running\n- \u003cvar translate=\"no\"\u003eVERSION\u003c/var\u003e: specifies the format of the policy; valid values are `0`, `1`, and `3`---any operation that affects conditional role bindings must specify version `3`\n- \u003cvar translate=\"no\"\u003eETAG\u003c/var\u003e: used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other (an example etag is `BwWbrqiZFRs=`)\n- \u003cvar translate=\"no\"\u003eROLE\u003c/var\u003e: a role that is assigned to principals (for example, `roles/networkmanagement.admin`)\n- \u003cvar translate=\"no\"\u003ePRINCIPAL\u003c/var\u003e: specifies the identities requesting access for a Google Cloud resource (for example, `user:username@yourcompany.com`); for a list of principal types, see the [API reference for IAM policies](/iam/docs/reference/rest/v1/Policy)\n\nTest IAM permissions\n--------------------\n\nThis procedure returns permissions that a user or service account has for a\nConnectivity Tests resource. \n\n### API\n\nUse the [`networkmanagement.connectivitytests.testIamPermissions`](/network-intelligence-center/docs/connectivity-tests/reference/networkmanagement/rest/v1/projects.locations.global.connectivityTests/testIamPermissions)\nmethod to return the permissions assigned to a \u003cvar translate=\"no\"\u003eTEST_ID\u003c/var\u003e.\n\nThe following example verifies that `username@yourcompany.com` has the\n`networkmanagement.connectivitytests.get` permission for `mytest-1`. \n\n```\n POST https://networkmanagement.googleapis.com/v1/{resource=projects/*/locations/global/connectivityTests/TEST_ID}:testIamPermissions\n {\n \"permissions\": [\n \"networkmanagement.connectivitytests.get\"\n ]\n }\n```\n\nReplace \u003cvar translate=\"no\"\u003eTEST_ID\u003c/var\u003e with the ID of the\nConnectivity Tests object (test) that you are running.\n\nWhat's next\n-----------\n\n- [Learn about Connectivity Tests](/network-intelligence-center/docs/connectivity-tests/concepts/overview)\n- [Troubleshoot Connectivity Tests](/network-intelligence-center/docs/connectivity-tests/support/troubleshooting)"]]