下表列出 Cloud Scheduler 預先定義的 IAM 角色,以及各角色具備的所有權限對應清單。
預先定義的角色可因應大多數一般用途。如果預先定義的角色無法滿足您的用途,可以建立 IAM 自訂角色。
Cloud Scheduler 角色
Role
Permissions
Cloud Scheduler Admin
(roles/cloudscheduler.admin)
Full access to jobs and executions.
Note that a Cloud Scheduler Admin (or any custom role with the permission
cloudscheduler.jobs.create) can create jobs that publish to any Pub/Sub topics within the
project.
appengine.applications.get
cloudscheduler.*
cloudscheduler.jobs.create
cloudscheduler.jobs.delete
cloudscheduler.jobs.enable
cloudscheduler.jobs.fullView
cloudscheduler.jobs.get
cloudscheduler.jobs.list
cloudscheduler.jobs.pause
cloudscheduler.jobs.run
cloudscheduler.jobs.update
cloudscheduler.locations.get
cloudscheduler.locations.list
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.services.get
serviceusage.services.list
Cloud Scheduler Job Runner
(roles/cloudscheduler.jobRunner)
Access to run jobs.
appengine.applications.get
cloudscheduler.jobs.fullView
cloudscheduler.jobs.run
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.services.get
serviceusage.services.list
Cloud Scheduler Service Agent
(roles/cloudscheduler.serviceAgent)
Grants Cloud Scheduler Service Account access to manage resources.
iam.serviceAccounts.getAccessToken
iam.serviceAccounts.getOpenIdToken
logging.logEntries.create
logging.logEntries.route
pubsub.topics.publish
Cloud Scheduler Viewer
(roles/cloudscheduler.viewer)
Get and list access to jobs, executions, and locations.
appengine.applications.get
cloudscheduler.jobs.fullView
cloudscheduler.jobs.get
cloudscheduler.jobs.list
cloudscheduler.locations.*
cloudscheduler.locations.get
cloudscheduler.locations.list
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.services.get
serviceusage.services.list
專案層級的 IAM 管理
在專案層級中,您可以透過 Google Cloud 控制台、IAM API 或是 Google Cloud CLI 來授予、變更及撤銷 IAM 角色。如需相關操作說明,請參閱「管理專案、資料夾和機構的存取權」。
