此页面由 Cloud Translation API 翻译。

Workflows 角色和权限

本页介绍了可用于控制对 Workflows 资源的访问权限的 Identity and Access Management (IAM) 角色和权限。

概览

Workflows 使用 IAM 进行访问权限控制。

如需详细了解如何使用 IAM 访问权限控制权限，请参阅管理项目、文件夹和组织的访问权限。

每种 Workflows 方法都要求调用者拥有必要的权限。如需查看 Workflows 支持的角色及其对应的权限列表，请参阅本文档中的 Workflows 角色部分。

Workflows 权限

下表介绍了 Workflows 中可用的权限。

权限	定义
`workflows.callbacks.list`	列出工作流执行的回调。
`workflows.callbacks.send`	触发工作流执行回调。
`workflows.executions.cancel`	取消工作流执行操作，但不删除跟踪记录。
`workflows.executions.create`	触发工作流执行操作。
`workflows.executions.get`	获取工作流执行操作的最新状态。
`workflows.executions.list`	列出工作流的执行操作。
`workflows.locations.get`	获取工作流的位置。
`workflows.locations.list`	列出可提供相应服务的位置。
`workflows.operations.cancel`	取消长时间运行的操作。
`workflows.operations.get`	获取长时间运行的操作的详细信息。
`workflows.operations.list`	获取长时间运行的操作的列表。
`workflows.stepEntries.get`	获取工作流执行的步骤条目。
`workflows.stepEntries.list`	列出工作流执行的步骤条目。
`workflows.workflows.create`	创建和部署新的工作流。
`workflows.workflows.delete`	删除现有工作流。
`workflows.workflows.get`	获取工作流的设置，包括源代码、标签和说明。
`workflows.workflows.list`	列出项目中的工作流。
`workflows.workflows.listRevision`	列出工作流的修订版本。
`workflows.workflows.update`	更新工作流的设置，包括其源代码、标签和说明。

Workflows 角色

下表列出了工作流预定义的 IAM 角色以及每个角色包含的所有权限的列表。

可用角色可满足大多数典型的使用场景。如果预定义角色无法满足您的用例，您可以创建 IAM 自定义角色。

Role Permissions

Role	Permissions
Workflows Admin (`roles/workflows.admin`) Full access to workflows and related resources. Lowest-level resources where you can grant this role: Project	`resourcemanager.projects.get` `resourcemanager.projects.list` `workflows.*` `workflows.callbacks.list` `workflows.callbacks.send` `workflows.executions.cancel` `workflows.executions.create` `workflows.executions.get` `workflows.executions.list` `workflows.locations.get` `workflows.locations.list` `workflows.operations.cancel` `workflows.operations.get` `workflows.operations.list` `workflows.stepEntries.get` `workflows.stepEntries.list` `workflows.workflows.create` `workflows.workflows.createTagBinding` `workflows.workflows.delete` `workflows.workflows.deleteTagBinding` `workflows.workflows.get` `workflows.workflows.list` `workflows.workflows.listEffectiveTags` `workflows.workflows.listRevision` `workflows.workflows.listTagBindings` `workflows.workflows.update`
Workflows Editor (`roles/workflows.editor`) Read and write access to workflows and related resources, including development and debugging of workflows. Lowest-level resources where you can grant this role: Project	`resourcemanager.projects.get` `resourcemanager.projects.list` `workflows.*` `workflows.callbacks.list` `workflows.callbacks.send` `workflows.executions.cancel` `workflows.executions.create` `workflows.executions.get` `workflows.executions.list` `workflows.locations.get` `workflows.locations.list` `workflows.operations.cancel` `workflows.operations.get` `workflows.operations.list` `workflows.stepEntries.get` `workflows.stepEntries.list` `workflows.workflows.create` `workflows.workflows.createTagBinding` `workflows.workflows.delete` `workflows.workflows.deleteTagBinding` `workflows.workflows.get` `workflows.workflows.list` `workflows.workflows.listEffectiveTags` `workflows.workflows.listRevision` `workflows.workflows.listTagBindings` `workflows.workflows.update`
Workflows Invoker (`roles/workflows.invoker`) Access to execute workflows and manage the executions using the API. Does not provide access to develop and debug workflows. Lowest-level resources where you can grant this role: Project	`resourcemanager.projects.get` `resourcemanager.projects.list` `workflows.callbacks.` `workflows.callbacks.list` `workflows.callbacks.send` `workflows.executions.` `workflows.executions.cancel` `workflows.executions.create` `workflows.executions.get` `workflows.executions.list` `workflows.stepEntries.*` `workflows.stepEntries.get` `workflows.stepEntries.list`
Workflows Viewer (`roles/workflows.viewer`) Read-only access to workflows and related resources. Lowest-level resources where you can grant this role: Project	`resourcemanager.projects.get` `resourcemanager.projects.list` `workflows.callbacks.list` `workflows.executions.get` `workflows.executions.list` `workflows.locations.` `workflows.locations.get` `workflows.locations.list` `workflows.operations.get` `workflows.operations.list` `workflows.stepEntries.` `workflows.stepEntries.get` `workflows.stepEntries.list` `workflows.workflows.get` `workflows.workflows.list` `workflows.workflows.listEffectiveTags` `workflows.workflows.listRevision` `workflows.workflows.listTagBindings`

Workflows Admin

(roles/workflows.admin)

Full access to workflows and related resources.

Lowest-level resources where you can grant this role:

Project

resourcemanager.projects.get

resourcemanager.projects.list

workflows.*

workflows.callbacks.list
workflows.callbacks.send
workflows.executions.cancel
workflows.executions.create
workflows.executions.get
workflows.executions.list
workflows.locations.get
workflows.locations.list
workflows.operations.cancel
workflows.operations.get
workflows.operations.list
workflows.stepEntries.get
workflows.stepEntries.list
workflows.workflows.create
workflows.workflows.createTagBinding
workflows.workflows.delete
workflows.workflows.deleteTagBinding
workflows.workflows.get
workflows.workflows.list
workflows.workflows.listEffectiveTags
workflows.workflows.listRevision
workflows.workflows.listTagBindings
workflows.workflows.update

Workflows Editor

(roles/workflows.editor)

Read and write access to workflows and related resources, including development and debugging of workflows.

Lowest-level resources where you can grant this role:

Project

resourcemanager.projects.get

resourcemanager.projects.list

workflows.*

workflows.callbacks.list
workflows.callbacks.send
workflows.executions.cancel
workflows.executions.create
workflows.executions.get
workflows.executions.list
workflows.locations.get
workflows.locations.list
workflows.operations.cancel
workflows.operations.get
workflows.operations.list
workflows.stepEntries.get
workflows.stepEntries.list
workflows.workflows.create
workflows.workflows.createTagBinding
workflows.workflows.delete
workflows.workflows.deleteTagBinding
workflows.workflows.get
workflows.workflows.list
workflows.workflows.listEffectiveTags
workflows.workflows.listRevision
workflows.workflows.listTagBindings
workflows.workflows.update

Workflows Invoker

(roles/workflows.invoker)

Access to execute workflows and manage the executions using the API. Does not provide access to develop and debug workflows.

Lowest-level resources where you can grant this role:

Project

resourcemanager.projects.get

resourcemanager.projects.list

workflows.callbacks.*

workflows.callbacks.list
workflows.callbacks.send

workflows.executions.*

workflows.executions.cancel
workflows.executions.create
workflows.executions.get
workflows.executions.list

workflows.stepEntries.*

workflows.stepEntries.get
workflows.stepEntries.list

Workflows Viewer

(roles/workflows.viewer)

Read-only access to workflows and related resources.

Lowest-level resources where you can grant this role:

Project

resourcemanager.projects.get

resourcemanager.projects.list

workflows.callbacks.list

workflows.executions.get

workflows.executions.list

workflows.locations.*

workflows.locations.get
workflows.locations.list

workflows.operations.get

workflows.operations.list

workflows.stepEntries.*

workflows.stepEntries.get
workflows.stepEntries.list

workflows.workflows.get

workflows.workflows.list

workflows.workflows.listEffectiveTags

workflows.workflows.listRevision

workflows.workflows.listTagBindings

后续步骤

创建和管理自定义角色