At the bottom of the Google Cloud console, a
Cloud Shell
session starts and displays a command-line prompt. Cloud Shell is a shell environment
with the Google Cloud CLI
already installed and with values already set for
your current project. It can take a few seconds for the session to initialize.
确保已安装最新版本的 Google Cloud CLI。在 Cloud Shell 中运行以下命令:
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-08-11。"],[],[],null,["# Manage Personalized Service Health access\n\nThis document discusses how to set permissions and enable access so you can:\n\n- View service health events using the Service Health dashboard.\n- Pull service health information using the Service Health API.\n- Configure alerts relevant to your projects.\n\nBefore you begin\n----------------\n\n\n[Verify that billing is enabled for your Google Cloud project](/billing/docs/how-to/verify-billing-enabled#confirm_billing_is_enabled_on_a_project).\n\nAccess the Service Health API and dashboard\n-------------------------------------------\n\nPersonalized Service Health provides a predefined `servicehealth.viewer` role that you can\nuse to provide access to project members. Use this role to access the\nService Health API and dashboard.\n\n| **Tip:** To gain the permissions to access Personalized Service Health while following the principle of least privilege, ask your administrator to grant you the `roles/servicehealth.viewer` (Personalized Service Health Viewer) role. If you are already granted one of the Basic Roles (Viewer, Editor or Owner roles), you already have the permissions needed to access Personalized Service Health.\n\nYou can use the roles and permissions directly through the gcloud CLI\nto set up proper access controls. For example, you can grant the role directly\nwith the following command: \n\n gcloud projects add-iam-policy-binding \u003cvar scope=\"PROJECT_ID\" translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e \\\n --member {USER|GROUP|SERVICE_ACCOUNT} \\\n --role roles/servicehealth.viewer\n\nYou can view the Identity and Access Management (IAM) policy for the given project with the\nfollowing command: \n\n gcloud projects get-iam-policy \u003cvar scope=\"PROJECT_ID\" translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e\n\nAlternatively, you can add the permissions directly to an existing role: \n\n gcloud iam roles update \u003cvar scope=\"ROLE_ID\" translate=\"no\"\u003eROLE_ID\u003c/var\u003e --project=\u003cvar scope=\"PROJECT_ID\" translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e \\\n --add-permissions=servicehealth.events.list\n gcloud iam roles update \u003cvar scope=\"ROLE_ID\" translate=\"no\"\u003eROLE_ID\u003c/var\u003e --project=\u003cvar scope=\"PROJECT_ID\" translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e \\\n --add-permissions=servicehealth.events.get\n gcloud iam roles update \u003cvar scope=\"ROLE_ID\" translate=\"no\"\u003eROLE_ID\u003c/var\u003e --project=\u003cvar scope=\"PROJECT_ID\" translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e \\\n --add-permissions=servicehealth.locations.list\n gcloud iam roles update \u003cvar scope=\"ROLE_ID\" translate=\"no\"\u003eROLE_ID\u003c/var\u003e --project=\u003cvar scope=\"PROJECT_ID\" translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e \\\n --add-permissions=servicehealth.locations.get\n\nUse APIs and services in your projects\n--------------------------------------\n\n1. [Enable the Service Health API](/service-health/docs/manage-access#enable-service-health-api-single-project) for the project.\n2. Grant the [Service Usage Consumer](/service-usage/docs/access-control#predefined_roles) role (`roles/serviceusage.serviceUsageConsumer`).\n\nAccess logs and configure log alerts\n------------------------------------\n\nDo the following:\n\n1. [Enable the Service Health API](/service-health/docs/manage-access#enable-service-health-api-single-project) for the project.\n2. Get [permissions for log-based alerts](/logging/docs/access-control#lba-permissions).\n\nIf you don't want to grant the [Monitoring NotificationChannel Editor](/monitoring/access-control#notification_channels_2) role\n(`roles/monitoring.notificationChannelEditor`), you can grant the [Monitoring NotificationChannel Viewer](/monitoring/access-control#notif_roles_desc) role (`roles/monitoring.notificationChannelViewer`) instead to allow you to link to a notification channel to an alerting policy.\n\nFor more information about granting roles, see [Manage access](/iam/docs/granting-changing-revoking-access).\n\nYou might also be able to get the required permissions through [custom roles](/iam/docs/creating-custom-roles) or other [predefined roles](/iam/docs/understanding-roles).\n\nEnable Service Health API for a single project\n----------------------------------------------\n\nSetting up alerts and pulling service health information require\nenabling the Service Health API. You can enable the API through the\nGoogle Cloud console or Google Cloud CLI. \n\n### Console\n\n1. In the APIs and Services library, go to the Service Health API.\n\n\n [Go to the Service Health API](https://console.cloud.google.com/apis/library/servicehealth.googleapis.com)\n\n \u003cbr /\u003e\n\n Alternatively, you can go to the\n [API Library](https://console.cloud.google.com/apis/library) and search\n \"Service Health API\".\n2. Select the project.\n\n3. Select the **Enable** button.\n\n### gcloud\n\n\n1. In the Google Cloud console, activate Cloud Shell.\n\n [Activate Cloud Shell](https://console.cloud.google.com/?cloudshell=true)\n\n\n At the bottom of the Google Cloud console, a\n [Cloud Shell](/shell/docs/how-cloud-shell-works)\n session starts and displays a command-line prompt. Cloud Shell is a shell environment\n with the Google Cloud CLI\n already installed and with values already set for\n your current project. It can take a few seconds for the session to initialize.\n2. Make sure that the most recent version of Google Cloud CLI is installed. Run\n the following command from the Cloud Shell:\n\n \u003cbr /\u003e\n\n ```\n gcloud components update\n ```\n\n \u003cbr /\u003e\n\n3. Create or select a new project,\n \u003cvar class=\"edit\" scope=\"PROJECT_ID\" translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e.\n\n - Create a Google Cloud project:\n\n ```\n gcloud projects create PROJECT_ID\n ```\n - Select the Google Cloud project that you created:\n\n ```\n gcloud projects config set project PROJECT_ID\n ```\n4. Enable the Service Health API in the project that you just created.\n\n ```\n gcloud services enable servicehealth.googleapis.com \\\n --project PROJECT_ID\n ```\n\n### Script\n\nYou can use a [script](/service-health/docs/script-enable-api) to enable the\nService Health API for projects in your organization or folder.\n\nFor background information, see\n[Enabling an API in your Google Cloud project](https://cloud.google.com/endpoints/docs/openapi/enable-api).\n\nThe Service Health API and alerts will recognize new events a few hours after\nAPI enablement."]]
