使用 IAM 进行访问权限控制
使用集合让一切井井有条
根据您的偏好保存内容并对其进行分类。
借助 Identity and Access Management (IAM),您可以授予对特定资源的访问权限。如需授予对资源的访问权限,您可以向用户授予特定角色,从而给予用户某些权限。
所需的角色
每种 Workload Manager API 方法都需要必要的 IAM 权限。您可以通过为用户、群组或服务账号授予角色来分配权限。如需了解如何授予对资源的访问权限,请参阅管理访问权限。
下表列出了 Workload Manager IAM 角色以及这些角色授予的权限。
| Role |
Permissions |
Workload Manager Admin
Beta
(roles/workloadmanager.admin)
Full access to Workload Manager all resources.
|
compute.acceleratorTypes.list
compute.diskTypes.list
compute.machineTypes.list
compute.networks.list
compute.projects.get
compute.regions.list
compute.subnetworks.list
compute.zones.list
dns.managedZones.list
iam.serviceAccounts.list
monitoring.timeSeries.list
orgpolicy.policy.get
resourcemanager.projects.get
resourcemanager.projects.getIamPolicy
resourcemanager.projects.list
serviceusage.quotas.get
serviceusage.services.get
storage.buckets.list
storage.objects.list
workloadmanager.*
workloadmanager.actuations.createworkloadmanager.actuations.deleteworkloadmanager.actuations.getworkloadmanager.actuations.listworkloadmanager.deployments.createworkloadmanager.deployments.deleteworkloadmanager.deployments.getworkloadmanager.deployments.listworkloadmanager.discoveredprofiles.getworkloadmanager.discoveredprofiles.getHealthworkloadmanager.discoveredprofiles.listworkloadmanager.evaluations.createworkloadmanager.evaluations.deleteworkloadmanager.evaluations.getworkloadmanager.evaluations.listworkloadmanager.evaluations.runworkloadmanager.evaluations.updateworkloadmanager.executions.deleteworkloadmanager.executions.getworkloadmanager.executions.listworkloadmanager.insights.exportworkloadmanager.insights.listSapSystemsworkloadmanager.insights.writeworkloadmanager.locations.getworkloadmanager.locations.listworkloadmanager.operations.cancelworkloadmanager.operations.deleteworkloadmanager.operations.getworkloadmanager.operations.listworkloadmanager.results.listworkloadmanager.rules.list
|
Workload Manager Deployment Admin
Beta
(roles/workloadmanager.deploymentAdmin)
Full access to Workload Manager deployment resources.
|
compute.acceleratorTypes.list
compute.diskTypes.list
compute.machineTypes.list
compute.networks.list
compute.projects.get
compute.regions.list
compute.subnetworks.list
compute.zones.list
dns.managedZones.list
iam.serviceAccounts.list
monitoring.timeSeries.list
resourcemanager.projects.get
resourcemanager.projects.getIamPolicy
resourcemanager.projects.list
serviceusage.quotas.get
serviceusage.services.get
storage.buckets.list
storage.objects.list
workloadmanager.actuations.*
workloadmanager.actuations.createworkloadmanager.actuations.deleteworkloadmanager.actuations.getworkloadmanager.actuations.list
workloadmanager.deployments.*
workloadmanager.deployments.createworkloadmanager.deployments.deleteworkloadmanager.deployments.getworkloadmanager.deployments.list
workloadmanager.locations.*
workloadmanager.locations.getworkloadmanager.locations.list
workloadmanager.operations.*
workloadmanager.operations.cancelworkloadmanager.operations.deleteworkloadmanager.operations.getworkloadmanager.operations.list
|
Workload Manager Deployment Viewer
Beta
(roles/workloadmanager.deploymentViewer)
Read-only access to Workload Manager deployment resources.
|
resourcemanager.projects.get
resourcemanager.projects.list
workloadmanager.actuations.get
workloadmanager.actuations.list
workloadmanager.deployments.get
workloadmanager.deployments.list
|
Workload Manager Evaluation Admin
Beta
(roles/workloadmanager.evaluationAdmin)
Full access to Workload Manager evaluation resources.
|
orgpolicy.policy.get
resourcemanager.projects.get
resourcemanager.projects.list
workloadmanager.evaluations.*
workloadmanager.evaluations.createworkloadmanager.evaluations.deleteworkloadmanager.evaluations.getworkloadmanager.evaluations.listworkloadmanager.evaluations.runworkloadmanager.evaluations.update
workloadmanager.executions.*
workloadmanager.executions.deleteworkloadmanager.executions.getworkloadmanager.executions.list
workloadmanager.locations.*
workloadmanager.locations.getworkloadmanager.locations.list
workloadmanager.operations.*
workloadmanager.operations.cancelworkloadmanager.operations.deleteworkloadmanager.operations.getworkloadmanager.operations.list
workloadmanager.results.list
workloadmanager.rules.list
|
Workload Manager Evaluation Viewer
Beta
(roles/workloadmanager.evaluationViewer)
Read-only access to Workload Manager evaluation resources.
|
orgpolicy.policy.get
resourcemanager.projects.get
resourcemanager.projects.list
workloadmanager.evaluations.get
workloadmanager.evaluations.list
workloadmanager.executions.get
workloadmanager.executions.list
workloadmanager.results.list
workloadmanager.rules.list
|
Workload Manager Insights Writer
Beta
(roles/workloadmanager.insightWriter)
The role used to write data to WLM data warehouse.
|
workloadmanager.insights.write
|
Workload Manager Service Agent
(roles/workloadmanager.serviceAgent)
Gives Workload Manager Service Agent access to CAI export functions and Cloud Monitoring.
|
cloudasset.assets.exportAccessPolicy
cloudasset.assets.exportIamPolicy
cloudasset.assets.exportOSInventories
cloudasset.assets.exportOrgPolicy
cloudasset.assets.exportResource
cloudasset.assets.listAccessPolicy
cloudasset.assets.listIamPolicy
cloudasset.assets.listOSInventories
cloudasset.assets.listOrgPolicy
cloudasset.assets.listResource
cloudasset.assets.searchAllResources
config.deployments.create
config.deployments.delete
config.deployments.get
config.deployments.list
config.deployments.update
config.locations.*
config.locations.getconfig.locations.list
config.operations.*
config.operations.cancelconfig.operations.deleteconfig.operations.getconfig.operations.list
config.resources.list
config.revisions.get
config.revisions.list
monitoring.metricDescriptors.get
monitoring.metricDescriptors.list
monitoring.monitoredResourceDescriptors.*
monitoring.monitoredResourceDescriptors.getmonitoring.monitoredResourceDescriptors.list
monitoring.timeSeries.list
serviceusage.services.use
workloadmanager.insights.export
workloadmanager.insights.listSapSystems
|
Workload Manager Viewer
Beta
(roles/workloadmanager.viewer)
Read-only access to Workload Manager all resources.
|
orgpolicy.policy.get
resourcemanager.projects.get
resourcemanager.projects.list
workloadmanager.actuations.get
workloadmanager.actuations.list
workloadmanager.deployments.get
workloadmanager.deployments.list
workloadmanager.discoveredprofiles.*
workloadmanager.discoveredprofiles.getworkloadmanager.discoveredprofiles.getHealthworkloadmanager.discoveredprofiles.list
workloadmanager.evaluations.get
workloadmanager.evaluations.list
workloadmanager.executions.get
workloadmanager.executions.list
workloadmanager.results.list
workloadmanager.rules.list
|
Workload Manager Worker
Beta
(roles/workloadmanager.worker)
The role used by Workload Manager application runners to read and update workloads.
|
orgpolicy.policy.get
resourcemanager.projects.get
resourcemanager.projects.list
workloadmanager.actuations.*
workloadmanager.actuations.createworkloadmanager.actuations.deleteworkloadmanager.actuations.getworkloadmanager.actuations.list
workloadmanager.deployments.*
workloadmanager.deployments.createworkloadmanager.deployments.deleteworkloadmanager.deployments.getworkloadmanager.deployments.list
workloadmanager.discoveredprofiles.*
workloadmanager.discoveredprofiles.getworkloadmanager.discoveredprofiles.getHealthworkloadmanager.discoveredprofiles.list
workloadmanager.evaluations.*
workloadmanager.evaluations.createworkloadmanager.evaluations.deleteworkloadmanager.evaluations.getworkloadmanager.evaluations.listworkloadmanager.evaluations.runworkloadmanager.evaluations.update
workloadmanager.executions.*
workloadmanager.executions.deleteworkloadmanager.executions.getworkloadmanager.executions.list
workloadmanager.insights.write
workloadmanager.results.list
workloadmanager.rules.list
|
Workload Manager Workload Viewer
Beta
(roles/workloadmanager.workloadViewer)
The role used to view the workload related data.
|
resourcemanager.projects.get
resourcemanager.projects.list
workloadmanager.discoveredprofiles.*
workloadmanager.discoveredprofiles.getworkloadmanager.discoveredprofiles.getHealthworkloadmanager.discoveredprofiles.list
|
Workload Manager Service Agent
(roles/workloadmanager.serviceAgent)
向 Workload Manager Service Agent 授予对 CAI 导出函数和 Cloud Monitoring 的访问权限。
|
cloudasset.assets.exportAccessPolicy
cloudasset.assets.exportIamPolicy
cloudasset.assets.exportOSInventories
cloudasset.assets.exportOrgPolicy
cloudasset.assets.exportResource
cloudasset.assets.listAccessPolicy
cloudasset.assets.listIamPolicy
cloudasset.assets.listOSInventories
cloudasset.assets.listOrgPolicy
cloudasset.assets.listResource
cloudasset.assets.searchAllResources
config.deployments.create
config.deployments.delete
config.deployments.get
config.deployments.list
config.deployments.update
config.locations.*
config.locations.getconfig.locations.list
config.operations.*
config.operations.cancelconfig.operations.deleteconfig.operations.getconfig.operations.list
config.resources.list
config.revisions.get
config.revisions.list
monitoring.metricDescriptors.get
monitoring.metricDescriptors.list
monitoring.monitoredResourceDescriptors.*
monitoring.monitoredResourceDescriptors.getmonitoring.monitoredResourceDescriptors.list
monitoring.timeSeries.list
serviceusage.services.use
workloadmanager.insights.export
workloadmanager.insights.listSapSystems
|
如需详细了解 Workload Manager API,请参阅 Workload Manager API 参考文档。
后续步骤
如未另行说明,那么本页面中的内容已根据知识共享署名 4.0 许可获得了许可,并且代码示例已根据 Apache 2.0 许可获得了许可。有关详情,请参阅 Google 开发者网站政策。Java 是 Oracle 和/或其关联公司的注册商标。
最后更新时间 (UTC):2025-08-25。
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-08-25。"],[],[],null,[]]
