Integration Connectors の IAM ロールと権限 (original) (raw)
事前定義ロールを使用すると、特定の Google Cloud リソースに対してきめ細かいアクセス権を付与できます。 これらのロールは Google によって作成され、管理されます。Google は、Google Cloud によって新しい機能やサービスが追加された場合など、必要に応じて権限を自動的に更新します。
次の表に、Integration Connectors のすべての事前定義 IAM ロールを示します。
| Role | Permissions |
|---|---|
| Connector Admin (roles/connectors.admin) Full access to all resources of Connectors Service. | connectors.actions.* connectors.actions.execute connectors.actions.list connectors.connections.create connectors.connections.delete connectors.connections.executeSqlQuery connectors.connections.generateOpenAPISpec connectors.connections.get connectors.connections.getConnectionSchemaMetadata connectors.connections.getIamPolicy connectors.connections.getRuntimeActionSchema connectors.connections.getRuntimeEntitySchema connectors.connections.list connectors.connections.setIamPolicy connectors.connections.update connectors.connectors.* connectors.connectors.get connectors.connectors.list connectors.customConnectorVersions.* connectors.customConnectorVersions.create connectors.customConnectorVersions.delete connectors.customConnectorVersions.get connectors.customConnectorVersions.getIamPolicy connectors.customConnectorVersions.list connectors.customConnectorVersions.setIamPolicy connectors.customConnectorVersions.update connectors.customConnectors.* connectors.customConnectors.create connectors.customConnectors.delete connectors.customConnectors.get connectors.customConnectors.getIamPolicy connectors.customConnectors.list connectors.customConnectors.setIamPolicy connectors.customConnectors.update connectors.endpointAttachments.* connectors.endpointAttachments.create connectors.endpointAttachments.delete connectors.endpointAttachments.get connectors.endpointAttachments.getIamPolicy connectors.endpointAttachments.list connectors.endpointAttachments.setIamPolicy connectors.endpointAttachments.update connectors.entities.* connectors.entities.create connectors.entities.delete connectors.entities.deleteEntitiesWithConditions connectors.entities.get connectors.entities.list connectors.entities.update connectors.entities.updateEntitiesWithConditions connectors.entityTypes.list connectors.eventSubscriptions.* connectors.eventSubscriptions.create connectors.eventSubscriptions.delete connectors.eventSubscriptions.get connectors.eventSubscriptions.list connectors.eventSubscriptions.update connectors.eventtypes.* connectors.eventtypes.get connectors.eventtypes.list connectors.locations.* connectors.locations.get connectors.locations.list connectors.managedZones.* connectors.managedZones.create connectors.managedZones.delete connectors.managedZones.get connectors.managedZones.getIamPolicy connectors.managedZones.list connectors.managedZones.setIamPolicy connectors.managedZones.update connectors.operations.* connectors.operations.cancel connectors.operations.delete connectors.operations.get connectors.operations.list connectors.providers.* connectors.providers.get connectors.providers.list connectors.regionalSettings.* connectors.regionalSettings.get connectors.regionalSettings.update connectors.runtimeconfig.get connectors.schemaMetadata.refresh connectors.settings.* connectors.settings.get connectors.settings.update connectors.versions.* connectors.versions.get connectors.versions.list resourcemanager.projects.get resourcemanager.projects.list secretmanager.secrets.getIamPolicy |
| Connectors Editor (roles/connectors.editor) Editor role for connectors | connectors.actions.* connectors.actions.execute connectors.actions.list connectors.connections.create connectors.connections.delete connectors.connections.executeSqlQuery connectors.connections.generateOpenAPISpec connectors.connections.get connectors.connections.getConnectionSchemaMetadata connectors.connections.getIamPolicy connectors.connections.getRuntimeActionSchema connectors.connections.getRuntimeEntitySchema connectors.connections.list connectors.connections.listenEvent connectors.connections.update connectors.connectors.* connectors.connectors.get connectors.connectors.list connectors.customConnectorVersions.create connectors.customConnectorVersions.delete connectors.customConnectorVersions.get connectors.customConnectorVersions.getIamPolicy connectors.customConnectorVersions.list connectors.customConnectorVersions.update connectors.customConnectors.create connectors.customConnectors.delete connectors.customConnectors.get connectors.customConnectors.getIamPolicy connectors.customConnectors.list connectors.customConnectors.update connectors.endpointAttachments.create connectors.endpointAttachments.delete connectors.endpointAttachments.get connectors.endpointAttachments.getIamPolicy connectors.endpointAttachments.list connectors.endpointAttachments.update connectors.entities.* connectors.entities.create connectors.entities.delete connectors.entities.deleteEntitiesWithConditions connectors.entities.get connectors.entities.list connectors.entities.update connectors.entities.updateEntitiesWithConditions connectors.entityTypes.list connectors.eventSubscriptions.* connectors.eventSubscriptions.create connectors.eventSubscriptions.delete connectors.eventSubscriptions.get connectors.eventSubscriptions.list connectors.eventSubscriptions.update connectors.eventtypes.* connectors.eventtypes.get connectors.eventtypes.list connectors.locations.* connectors.locations.get connectors.locations.list connectors.managedZones.create connectors.managedZones.delete connectors.managedZones.get connectors.managedZones.getIamPolicy connectors.managedZones.list connectors.managedZones.update connectors.operations.* connectors.operations.cancel connectors.operations.delete connectors.operations.get connectors.operations.list connectors.providers.* connectors.providers.get connectors.providers.list connectors.regionalSettings.* connectors.regionalSettings.get connectors.regionalSettings.update connectors.runtimeconfig.get connectors.schemaMetadata.refresh connectors.settings.* connectors.settings.get connectors.settings.update connectors.versions.* connectors.versions.get connectors.versions.list resourcemanager.projects.get resourcemanager.projects.list |
| Connectors Viewer (roles/connectors.viewer) Read-only access to Connectors all resources. | connectors.connections.generateOpenAPISpec connectors.connections.get connectors.connections.getConnectionSchemaMetadata connectors.connections.getIamPolicy connectors.connections.getRuntimeActionSchema connectors.connections.getRuntimeEntitySchema connectors.connections.list connectors.connectors.* connectors.connectors.get connectors.connectors.list connectors.customConnectorVersions.get connectors.customConnectorVersions.getIamPolicy connectors.customConnectorVersions.list connectors.customConnectors.get connectors.customConnectors.getIamPolicy connectors.customConnectors.list connectors.endpointAttachments.get connectors.endpointAttachments.getIamPolicy connectors.endpointAttachments.list connectors.eventSubscriptions.get connectors.eventSubscriptions.list connectors.eventtypes.* connectors.eventtypes.get connectors.eventtypes.list connectors.locations.* connectors.locations.get connectors.locations.list connectors.managedZones.get connectors.managedZones.getIamPolicy connectors.managedZones.list connectors.operations.get connectors.operations.list connectors.providers.* connectors.providers.get connectors.providers.list connectors.regionalSettings.get connectors.runtimeconfig.get connectors.settings.get connectors.versions.* connectors.versions.get connectors.versions.list resourcemanager.projects.get resourcemanager.projects.list |
| Custom Connectors Admin (roles/connectors.customConnectorAdmin) Custom Connector is a global resource which creates custom connector within the given target project. This role grants Admin access to Custom Connector resources | connectors.customConnectorVersions.* connectors.customConnectorVersions.create connectors.customConnectorVersions.delete connectors.customConnectorVersions.get connectors.customConnectorVersions.getIamPolicy connectors.customConnectorVersions.list connectors.customConnectorVersions.setIamPolicy connectors.customConnectorVersions.update connectors.customConnectors.* connectors.customConnectors.create connectors.customConnectors.delete connectors.customConnectors.get connectors.customConnectors.getIamPolicy connectors.customConnectors.list connectors.customConnectors.setIamPolicy connectors.customConnectors.update connectors.locations.* connectors.locations.get connectors.locations.list |
| Custom Connector Viewer (roles/connectors.customConnectorViewer) Custom Connector is a global resource which creates custom connector within the given target project. This role grants Read-only access to Custom Connector & Custom Connector Version resources. | connectors.customConnectorVersions.get connectors.customConnectorVersions.getIamPolicy connectors.customConnectorVersions.list connectors.customConnectors.get connectors.customConnectors.getIamPolicy connectors.customConnectors.list connectors.locations.* connectors.locations.get connectors.locations.list |
| Connectors Endpoint Attachment Admin (roles/connectors.endpointAttachmentAdmin) Endpoint Attachment is a regional resource which creates PSC connection endpoint for the given PSC Service Attachment. This role grants Admin access to Connectors Endpoint Attachment resources. | connectors.endpointAttachments.* connectors.endpointAttachments.create connectors.endpointAttachments.delete connectors.endpointAttachments.get connectors.endpointAttachments.getIamPolicy connectors.endpointAttachments.list connectors.endpointAttachments.setIamPolicy connectors.endpointAttachments.update connectors.locations.* connectors.locations.get connectors.locations.list |
| Connectors Endpoint Attachment Viewer (roles/connectors.endpointAttachmentViewer) Endpoint Attachment is a regional resource which creates PSC connection endpoint for the given PSC Service Attachment. This role grants Read-only access to Connectors Endpoint Attachment resources | connectors.endpointAttachments.get connectors.endpointAttachments.getIamPolicy connectors.endpointAttachments.list connectors.locations.* connectors.locations.get connectors.locations.list |
| Connectors Event Subscriptions Admin (roles/connectors.eventSubscriptionAdmin) Event Subscription is a regional resource which creates subscriptions on events for a given connection within the given target project. This role grants Admin access to Connectors Subscription resources | connectors.eventSubscriptions.* connectors.eventSubscriptions.create connectors.eventSubscriptions.delete connectors.eventSubscriptions.get connectors.eventSubscriptions.list connectors.eventSubscriptions.update |
| Connectors Event Subscriptions Viewer (roles/connectors.eventSubscriptionViewer) Event Subscription is a regional resource which creates subscriptions on events for a given connection within the given target project. This role grants Read-only access to Event Subscription resources. | connectors.eventSubscriptions.get connectors.eventSubscriptions.list |
| Connector Invoker (roles/connectors.invoker) Full Access to invoke all operations on Connections. | connectors.actions.* connectors.actions.execute connectors.actions.list connectors.connections.executeSqlQuery connectors.entities.* connectors.entities.create connectors.entities.delete connectors.entities.deleteEntitiesWithConditions connectors.entities.get connectors.entities.list connectors.entities.update connectors.entities.updateEntitiesWithConditions connectors.entityTypes.list |
| Connector Event Listener (roles/connectors.listener) Full Access to listen events by connections. | connectors.connections.listenEvent |
| Connectors Managed Zone Admin (roles/connectors.managedZoneAdmin) Managed Zone is a global resource which creates Cloud DNS Peering Zone with the given target project. This role grants Admin access to Connectors Managed Zone resources | connectors.locations.* connectors.locations.get connectors.locations.list connectors.managedZones.* connectors.managedZones.create connectors.managedZones.delete connectors.managedZones.get connectors.managedZones.getIamPolicy connectors.managedZones.list connectors.managedZones.setIamPolicy connectors.managedZones.update |
| Connectors Managed Zone Viewer (roles/connectors.managedZoneViewer) Managed Zone is a global resource which creates Cloud DNS Peering Zone with the given target project. This role grants Read-only access to Connectors Managed Zone resources. | connectors.locations.* connectors.locations.get connectors.locations.list connectors.managedZones.get connectors.managedZones.getIamPolicy connectors.managedZones.list |
Service agent roles
Service agent roles should only be granted to service agents.
| Role | Permissions |
|---|---|
| Connectors Platform Service Agent (roles/connectors.serviceAgent) Grants Connectors Platform service account to manage customer resources | connectors.actions.* connectors.actions.execute connectors.actions.list connectors.connections.get connectors.connections.getConnectionSchemaMetadata connectors.connections.list connectors.connectors.* connectors.connectors.get connectors.connectors.list connectors.customConnectorVersions.get connectors.customConnectorVersions.list connectors.customConnectors.get connectors.customConnectors.list connectors.endpointAttachments.get connectors.endpointAttachments.list connectors.entities.get connectors.entityTypes.list connectors.eventSubscriptions.get connectors.eventSubscriptions.list connectors.eventtypes.* connectors.eventtypes.get connectors.eventtypes.list connectors.locations.* connectors.locations.get connectors.locations.list connectors.managedZones.get connectors.managedZones.list connectors.providers.* connectors.providers.get connectors.providers.list connectors.runtimeconfig.get iam.serviceAccounts.getAccessToken iam.serviceAccounts.getOpenIdToken iam.serviceAccounts.implicitDelegation monitoring.metricDescriptors.create monitoring.metricDescriptors.get monitoring.metricDescriptors.list monitoring.monitoredResourceDescriptors.* monitoring.monitoredResourceDescriptors.get monitoring.monitoredResourceDescriptors.list monitoring.timeSeries.create |
事前定義ロールの詳細については、ロールと権限をご覧ください。 最適な事前定義ロールを選択する方法については、事前定義ロールの選択をご覧ください。