Halaman ini diterjemahkan oleh Cloud Translation API.

Kontrol Akses dengan IAM

Penggunaan Layanan menggunakan Identity and Access Management (IAM) untuk mengontrol akses ke layanan. Halaman ini menjelaskan peran dan izin IAM yang terkait dengan Penggunaan Layanan dan cara menggunakannya untuk mengontrol akses.

Model resource

Untuk Penggunaan Layanan, ada tiga referensi yang relevan:

Layanan yang Anda gunakan.
Project tempat Anda menggunakan layanan.
Operasi atau operasi yang berjalan lama yang ditampilkan oleh metode tertentu.

Setiap metode Penggunaan Layanan memerlukan izin pada satu atau beberapa resource ini.

Izin IAM

Tabel berikut menunjukkan izin yang diperlukan untuk setiap metode Service Usage API. Anda juga dapat menemukan informasi ini di referensi API.

Metode	Izin yang diperlukan
`services.batchEnable`	Pada project: `serviceusage.services.enable` Pada layanan: `servicemanagement.services.bind`
`services.enable`	Pada project: `serviceusage.services.enable` Pada layanan: `servicemanagement.services.bind`
`services.disable`	Pada project: `serviceusage.services.disable`
`services.get`	Pada project: `serviceusage.services.get`
`services.list`	Pada project: `serviceusage.services.list`
`services.consumerQuotaMetrics.list services.consumerQuotaMetrics.get services.consumerQuotaMetrics.limits.get services.consumerQuotaMetrics.limits.consumerOverrides.list services.consumerQuotaMetrics.limits.adminOverrides.list services.consumerQuotaMetrics.limits.producerOverrides.list`	Pada project: `serviceusage.quota.get` Pada layanan: `servicemanagement.services.bind`
`services.consumerQuotaMetrics.consumerOverrides.create services.consumerQuotaMetrics.consumerOverrides.patch services.consumerQuotaMetrics.consumerOverrides.delete services.adminQuotaMetrics.adminOverrides.create services.adminQuotaMetrics.adminOverrides.patch services.adminQuotaMetrics.adminOverrides.delete`	Pada project: `serviceusage.quota.update` Pada layanan: `servicemanagement.services.bind`
Untuk menggunakan project untuk tujuan kuota dan penagihan. Untuk mengetahui informasi selengkapnya, lihat Parameter sistem.	Pada project: `serviceusage.services.use`

Peran IAM

Dengan IAM, Anda memberikan izin kepada pengguna dengan memberikan peran kepada mereka. Tabel berikut mencantumkan peran dasar dan bawaan IAM, serta izin yang terkait dengan Penggunaan Layanan yang disertakan dalam peran tersebut.

Untuk mengetahui informasi selengkapnya tentang peran, lihat Memahami peran.

Peran dasar

Nama Judul Izin

roles/viewer Viewer serviceusage.services.get
serviceusage.services.list
serviceusage.quotas.get

Nama	Judul	Izin
`roles/viewer`	Viewer	serviceusage.services.get serviceusage.services.list serviceusage.quotas.get
`roles/editor` `roles/owner`	Editor Pemilik	serviceusage.services.get serviceusage.services.list serviceusage.services.disable serviceusage.services.enable serviceusage.services.use serviceusage.quotas.get serviceusage.quotas.update

roles/editor

roles/owner

Editor

Pemilik

serviceusage.services.get
serviceusage.services.list
serviceusage.services.disable
serviceusage.services.enable
serviceusage.services.use
serviceusage.quotas.get
serviceusage.quotas.update

Peran yang telah ditetapkan

Role Permissions

Role	Permissions
API Keys Admin (`roles/serviceusage.apiKeysAdmin`) Ability to create, delete, update, get and list API keys for a project.	`apikeys.` `apikeys.keys.create` `apikeys.keys.delete` `apikeys.keys.get` `apikeys.keys.getKeyString` `apikeys.keys.list` `apikeys.keys.lookup` `apikeys.keys.undelete` `apikeys.keys.update` `orgpolicy.policy.get` `serviceusage.apiKeys.` `serviceusage.apiKeys.regenerate` `serviceusage.apiKeys.revert`
API Keys Viewer (`roles/serviceusage.apiKeysViewer`) Ability to get and list API keys for a project.	`apikeys.keys.get` `apikeys.keys.getKeyString` `apikeys.keys.list` `apikeys.keys.lookup`
Service Usage Admin (`roles/serviceusage.serviceUsageAdmin`) Ability to enable, disable, and inspect service states, inspect operations, and consume quota and billing for a consumer project.	`monitoring.timeSeries.list` `serviceusage.quotas.` `serviceusage.quotas.get` `serviceusage.quotas.update` `serviceusage.services.` `serviceusage.services.disable` `serviceusage.services.enable` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.services.use`
Service Usage Consumer (`roles/serviceusage.serviceUsageConsumer`) Ability to inspect service states and operations, and consume quota and billing for a consumer project.	`monitoring.timeSeries.list` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.services.use`
Service Usage Viewer (`roles/serviceusage.serviceUsageViewer`) Ability to inspect service states and operations for a consumer project.	`monitoring.timeSeries.list` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list`

API Keys Admin

(roles/serviceusage.apiKeysAdmin)

Ability to create, delete, update, get and list API keys for a project.

apikeys.*

apikeys.keys.create
apikeys.keys.delete
apikeys.keys.get
apikeys.keys.getKeyString
apikeys.keys.list
apikeys.keys.lookup
apikeys.keys.undelete
apikeys.keys.update

orgpolicy.policy.get

serviceusage.apiKeys.*

serviceusage.apiKeys.regenerate
serviceusage.apiKeys.revert

API Keys Viewer

(roles/serviceusage.apiKeysViewer)

Ability to get and list API keys for a project.

apikeys.keys.get

apikeys.keys.getKeyString

apikeys.keys.list

apikeys.keys.lookup

Service Usage Admin

(roles/serviceusage.serviceUsageAdmin)

Ability to enable, disable, and inspect service states, inspect operations, and consume quota and billing for a consumer project.

monitoring.timeSeries.list

serviceusage.quotas.*

serviceusage.quotas.get
serviceusage.quotas.update

serviceusage.services.*

serviceusage.services.disable
serviceusage.services.enable
serviceusage.services.get
serviceusage.services.list
serviceusage.services.use

Service Usage Consumer

(roles/serviceusage.serviceUsageConsumer)

Ability to inspect service states and operations, and consume quota and billing for a consumer project.

monitoring.timeSeries.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.services.use

Service Usage Viewer

(roles/serviceusage.serviceUsageViewer)

Ability to inspect service states and operations for a consumer project.

monitoring.timeSeries.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list