API 金鑰會使用 Identity and Access Management 管理金鑰存取權。本頁面說明與 API 金鑰相關的 IAM 角色和權限,以及如何使用這些角色和權限來控管存取權。
IAM 權限
下表顯示每個 API 金鑰 API 方法所需的權限。API 參考資料中也記錄了這項資訊。
| 方法 | 所需權限 |
|---|---|
projects.locations.keys.create |
apikeys.keys.create
|
projects.locations.keys.delete |
apikeys.keys.delete |
projects.locations.keys.get |
apikeys.keys.get |
projects.locations.keys.getKeyString |
apikeys.keys.getKeyString |
projects.locations.keys.list |
apikeys.keys.list |
projects.locations.keys.patch |
apikeys.keys.update |
projects.locations.keys.undelete |
apikeys.keys.undelete |
operations.get |
serviceusage.operations.get |
keys.lookupKey |
apikeys.keys.undelete |
IAM 角色
使用身分與存取權管理,為使用者指派角色,以授予權限。如要進一步瞭解角色和權限,請參閱「瞭解角色」。
下表列出適用於 API 金鑰的預先定義角色。
| 角色 | 權限 |
|---|---|
roles/viewer |
apikeys.keys.get apikeys.keys.lookup apikeys.keys.list apikeys.keys.getKeyString |
roles/editor和roles/owner |
apikeys.keys.get apikeys.keys.lookup apikeys.keys.list apikeys.keys.getKeyString apikeys.keys.create apikeys.keys.delete apikeys.keys.undelete apikeys.keys.update serviceusage.operations.get |
roles/serviceusage.apiKeysViewer |
apikeys.keys.get apikeys.keys.lookup apikeys.keys.list apikeys.keys.getKeyString |
roles/serviceusage.apiKeysAdmin |
apikeys.keys.get apikeys.keys.lookup apikeys.keys.list apikeys.keys.getKeyString apikeys.keys.create apikeys.keys.delete apikeys.keys.undelete apikeys.keys.update serviceusage.operations.get |