이 페이지의 일부 또는 모든 정보는 Trusted Cloud by S3NS에 적용되지 않을 수 있습니다.

Binary Authorization 역할 및 권한

이 페이지에는 Binary Authorization의 IAM 역할과 권한이 나와 있습니다. 모든 역할과 권한을 검색하려면 역할 및 권한 색인을 참조하세요.

Binary Authorization 역할

Role Permissions

Role	Permissions
Binary Authorization Attestor Admin (`roles/binaryauthorization.attestorsAdmin`) Administrator of Binary Authorization Attestors	`binaryauthorization.attestors.*` `binaryauthorization.attestors.create` `binaryauthorization.attestors.delete` `binaryauthorization.attestors.get` `binaryauthorization.attestors.getIamPolicy` `binaryauthorization.attestors.list` `binaryauthorization.attestors.setIamPolicy` `binaryauthorization.attestors.update` `binaryauthorization.attestors.verifyImageAttested` `resourcemanager.projects.get` `resourcemanager.projects.list`
Binary Authorization Attestor Editor (`roles/binaryauthorization.attestorsEditor`) Editor of Binary Authorization Attestors	`binaryauthorization.attestors.create` `binaryauthorization.attestors.delete` `binaryauthorization.attestors.get` `binaryauthorization.attestors.list` `binaryauthorization.attestors.update` `binaryauthorization.attestors.verifyImageAttested` `resourcemanager.projects.get` `resourcemanager.projects.list`
Binary Authorization Attestor Image Verifier (`roles/binaryauthorization.attestorsVerifier`) Caller of Binary Authorization Attestors VerifyImageAttested	`binaryauthorization.attestors.get` `binaryauthorization.attestors.list` `binaryauthorization.attestors.verifyImageAttested` `resourcemanager.projects.get` `resourcemanager.projects.list`
Binary Authorization Attestor Viewer (`roles/binaryauthorization.attestorsViewer`) Viewer of Binary Authorization Attestors	`binaryauthorization.attestors.get` `binaryauthorization.attestors.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Binary Authorization Policy Administrator (`roles/binaryauthorization.policyAdmin`) Administrator of Binary Authorization Policy	`binaryauthorization.continuousValidationConfig.` `binaryauthorization.continuousValidationConfig.get` `binaryauthorization.continuousValidationConfig.getIamPolicy` `binaryauthorization.continuousValidationConfig.setIamPolicy` `binaryauthorization.continuousValidationConfig.update` `binaryauthorization.platformPolicies.` `binaryauthorization.platformPolicies.create` `binaryauthorization.platformPolicies.delete` `binaryauthorization.platformPolicies.evaluatePolicy` `binaryauthorization.platformPolicies.get` `binaryauthorization.platformPolicies.list` `binaryauthorization.platformPolicies.replace` `binaryauthorization.policy.*` `binaryauthorization.policy.evaluatePolicy` `binaryauthorization.policy.get` `binaryauthorization.policy.getIamPolicy` `binaryauthorization.policy.setIamPolicy` `binaryauthorization.policy.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Binary Authorization Policy Editor (`roles/binaryauthorization.policyEditor`) Editor of Binary Authorization Policy	`binaryauthorization.continuousValidationConfig.get` `binaryauthorization.continuousValidationConfig.update` `binaryauthorization.platformPolicies.*` `binaryauthorization.platformPolicies.create` `binaryauthorization.platformPolicies.delete` `binaryauthorization.platformPolicies.evaluatePolicy` `binaryauthorization.platformPolicies.get` `binaryauthorization.platformPolicies.list` `binaryauthorization.platformPolicies.replace` `binaryauthorization.policy.evaluatePolicy` `binaryauthorization.policy.get` `binaryauthorization.policy.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Binary Authorization Policy Evaluator (`roles/binaryauthorization.policyEvaluator`) Evaluator of Binary Authorization Policy	`binaryauthorization.platformPolicies.evaluatePolicy` `binaryauthorization.platformPolicies.get` `binaryauthorization.platformPolicies.list` `binaryauthorization.policy.evaluatePolicy` `binaryauthorization.policy.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Binary Authorization Policy Viewer (`roles/binaryauthorization.policyViewer`) Viewer of Binary Authorization Policy	`binaryauthorization.continuousValidationConfig.get` `binaryauthorization.platformPolicies.get` `binaryauthorization.platformPolicies.list` `binaryauthorization.policy.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Binary Authorization Service Agent (`roles/binaryauthorization.serviceAgent`) Can read Notes and Occurrences from the Container Analysis Service to find and verify signatures. Warning: Do not grant service agent roles to any principals except service agents.	`artifactregistry.dockerimages.get` `artifactregistry.repositories.downloadArtifacts` `binaryauthorization.attestors.get` `binaryauthorization.attestors.list` `binaryauthorization.attestors.verifyImageAttested` `binaryauthorization.platformPolicies.evaluatePolicy` `binaryauthorization.policy.evaluatePolicy` `cloudasset.assets.exportResource` `cloudasset.feeds.create` `cloudasset.feeds.delete` `cloudasset.feeds.get` `cloudasset.feeds.update` `containeranalysis.notes.get` `containeranalysis.notes.list` `containeranalysis.notes.listOccurrences` `containeranalysis.occurrences.get` `containeranalysis.occurrences.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `storage.objects.list`

Binary Authorization Attestor Admin

(roles/binaryauthorization.attestorsAdmin)

Administrator of Binary Authorization Attestors

binaryauthorization.attestors.*

binaryauthorization.attestors.create
binaryauthorization.attestors.delete
binaryauthorization.attestors.get
binaryauthorization.attestors.getIamPolicy
binaryauthorization.attestors.list
binaryauthorization.attestors.setIamPolicy
binaryauthorization.attestors.update
binaryauthorization.attestors.verifyImageAttested

resourcemanager.projects.get

resourcemanager.projects.list

Binary Authorization Attestor Editor

(roles/binaryauthorization.attestorsEditor)

Editor of Binary Authorization Attestors

binaryauthorization.attestors.create

binaryauthorization.attestors.delete

binaryauthorization.attestors.get

binaryauthorization.attestors.list

binaryauthorization.attestors.update

binaryauthorization.attestors.verifyImageAttested

resourcemanager.projects.get

resourcemanager.projects.list

Binary Authorization Attestor Image Verifier

(roles/binaryauthorization.attestorsVerifier)

Caller of Binary Authorization Attestors VerifyImageAttested

binaryauthorization.attestors.get

binaryauthorization.attestors.list

binaryauthorization.attestors.verifyImageAttested

resourcemanager.projects.get

resourcemanager.projects.list

Binary Authorization Attestor Viewer

(roles/binaryauthorization.attestorsViewer)

Viewer of Binary Authorization Attestors

binaryauthorization.attestors.get

binaryauthorization.attestors.list

resourcemanager.projects.get

resourcemanager.projects.list

Binary Authorization Policy Administrator

(roles/binaryauthorization.policyAdmin)

Administrator of Binary Authorization Policy

binaryauthorization.continuousValidationConfig.*

binaryauthorization.continuousValidationConfig.get
binaryauthorization.continuousValidationConfig.getIamPolicy
binaryauthorization.continuousValidationConfig.setIamPolicy
binaryauthorization.continuousValidationConfig.update

binaryauthorization.platformPolicies.*

binaryauthorization.platformPolicies.create
binaryauthorization.platformPolicies.delete
binaryauthorization.platformPolicies.evaluatePolicy
binaryauthorization.platformPolicies.get
binaryauthorization.platformPolicies.list
binaryauthorization.platformPolicies.replace

binaryauthorization.policy.*

binaryauthorization.policy.evaluatePolicy
binaryauthorization.policy.get
binaryauthorization.policy.getIamPolicy
binaryauthorization.policy.setIamPolicy
binaryauthorization.policy.update

resourcemanager.projects.get

resourcemanager.projects.list

Binary Authorization Policy Editor

(roles/binaryauthorization.policyEditor)

Editor of Binary Authorization Policy

binaryauthorization.continuousValidationConfig.get

binaryauthorization.continuousValidationConfig.update

binaryauthorization.platformPolicies.*

binaryauthorization.platformPolicies.create
binaryauthorization.platformPolicies.delete
binaryauthorization.platformPolicies.evaluatePolicy
binaryauthorization.platformPolicies.get
binaryauthorization.platformPolicies.list
binaryauthorization.platformPolicies.replace

binaryauthorization.policy.evaluatePolicy

binaryauthorization.policy.get

binaryauthorization.policy.update

resourcemanager.projects.get

resourcemanager.projects.list

Binary Authorization Policy Evaluator

(roles/binaryauthorization.policyEvaluator)

Evaluator of Binary Authorization Policy

binaryauthorization.platformPolicies.evaluatePolicy

binaryauthorization.platformPolicies.get

binaryauthorization.platformPolicies.list

binaryauthorization.policy.evaluatePolicy

binaryauthorization.policy.get

resourcemanager.projects.get

resourcemanager.projects.list

Binary Authorization Policy Viewer

(roles/binaryauthorization.policyViewer)

Viewer of Binary Authorization Policy

binaryauthorization.continuousValidationConfig.get

binaryauthorization.platformPolicies.get

binaryauthorization.platformPolicies.list

binaryauthorization.policy.get

resourcemanager.projects.get

resourcemanager.projects.list

Binary Authorization Service Agent

(roles/binaryauthorization.serviceAgent)

Can read Notes and Occurrences from the Container Analysis Service to find and verify signatures.

artifactregistry.dockerimages.get

artifactregistry.repositories.downloadArtifacts

binaryauthorization.attestors.get

binaryauthorization.attestors.list

binaryauthorization.attestors.verifyImageAttested

binaryauthorization.platformPolicies.evaluatePolicy

binaryauthorization.policy.evaluatePolicy

cloudasset.assets.exportResource

cloudasset.feeds.create

cloudasset.feeds.delete

cloudasset.feeds.get

cloudasset.feeds.update

containeranalysis.notes.get

containeranalysis.notes.list

containeranalysis.notes.listOccurrences

containeranalysis.occurrences.get

containeranalysis.occurrences.list

resourcemanager.projects.get

resourcemanager.projects.list

storage.objects.list

Binary Authorization 권한

권한	역할에 포함됨
`binaryauthorization.attestors.create`	소유자(`roles/owner`) 편집자(`roles/editor`) Binary Authorization 증명자 관리자(`roles/binaryauthorization.attestorsAdmin`) Binary Authorization 증명자 편집자(`roles/binaryauthorization.attestorsEditor`) 서비스 에이전트 역할 경고: 서비스 에이전트를 제외하고 주 구성원에 서비스 에이전트 역할을 부여하지 마세요. Cloud Build 서비스 에이전트(`roles/cloudbuild.serviceAgent`)
`binaryauthorization.attestors.delete`	소유자(`roles/owner`) 편집자(`roles/editor`) Binary Authorization 증명자 관리자(`roles/binaryauthorization.attestorsAdmin`) Binary Authorization 증명자 편집자(`roles/binaryauthorization.attestorsEditor`) 서비스 에이전트 역할 경고: 서비스 에이전트를 제외하고 주 구성원에 서비스 에이전트 역할을 부여하지 마세요. Cloud Build 서비스 에이전트(`roles/cloudbuild.serviceAgent`)
`binaryauthorization.attestors.get`	소유자(`roles/owner`) 편집자(`roles/editor`) 뷰어 (`roles/viewer`) Binary Authorization 증명자 관리자(`roles/binaryauthorization.attestorsAdmin`) Binary Authorization 증명자 편집자(`roles/binaryauthorization.attestorsEditor`) Binary Authorization 증명자 이미지 검증자(`roles/binaryauthorization.attestorsVerifier`) Binary Authorization 증명자 뷰어(`roles/binaryauthorization.attestorsViewer`) 서비스 에이전트 역할 경고: 서비스 에이전트를 제외하고 주 구성원에 서비스 에이전트 역할을 부여하지 마세요. Cloud Build 서비스 에이전트(`roles/cloudbuild.serviceAgent`) Binary Authorization 서비스 에이전트(`roles/binaryauthorization.serviceAgent`)
`binaryauthorization.attestors.getIamPolicy`	소유자(`roles/owner`) 편집자(`roles/editor`) 뷰어 (`roles/viewer`) Binary Authorization 증명자 관리자(`roles/binaryauthorization.attestorsAdmin`) 보안 관리자(`roles/iam.securityAdmin`) 보안 검토자(`roles/iam.securityReviewer`)
`binaryauthorization.attestors.list`	소유자(`roles/owner`) 편집자(`roles/editor`) 뷰어 (`roles/viewer`) Binary Authorization 증명자 관리자(`roles/binaryauthorization.attestorsAdmin`) Binary Authorization 증명자 편집자(`roles/binaryauthorization.attestorsEditor`) Binary Authorization 증명자 이미지 검증자(`roles/binaryauthorization.attestorsVerifier`) Binary Authorization 증명자 뷰어(`roles/binaryauthorization.attestorsViewer`) 보안 관리자(`roles/iam.securityAdmin`) 보안 검토자(`roles/iam.securityReviewer`) 서비스 에이전트 역할 경고: 서비스 에이전트를 제외하고 주 구성원에 서비스 에이전트 역할을 부여하지 마세요. Cloud Build 서비스 에이전트(`roles/cloudbuild.serviceAgent`) Binary Authorization 서비스 에이전트(`roles/binaryauthorization.serviceAgent`)
`binaryauthorization.attestors.setIamPolicy`	소유자(`roles/owner`) Binary Authorization 증명자 관리자(`roles/binaryauthorization.attestorsAdmin`) 보안 관리자(`roles/iam.securityAdmin`)
`binaryauthorization.attestors.update`	소유자(`roles/owner`) 편집자(`roles/editor`) Binary Authorization 증명자 관리자(`roles/binaryauthorization.attestorsAdmin`) Binary Authorization 증명자 편집자(`roles/binaryauthorization.attestorsEditor`) 서비스 에이전트 역할 경고: 서비스 에이전트를 제외하고 주 구성원에 서비스 에이전트 역할을 부여하지 마세요. Cloud Build 서비스 에이전트(`roles/cloudbuild.serviceAgent`)
`binaryauthorization.attestors.verifyImageAttested`	소유자(`roles/owner`) 편집자(`roles/editor`) 뷰어 (`roles/viewer`) Binary Authorization 증명자 관리자(`roles/binaryauthorization.attestorsAdmin`) Binary Authorization 증명자 편집자(`roles/binaryauthorization.attestorsEditor`) Binary Authorization 증명자 이미지 검증자(`roles/binaryauthorization.attestorsVerifier`) 서비스 에이전트 역할 경고: 서비스 에이전트를 제외하고 주 구성원에 서비스 에이전트 역할을 부여하지 마세요. Cloud Build 서비스 에이전트(`roles/cloudbuild.serviceAgent`) Binary Authorization 서비스 에이전트(`roles/binaryauthorization.serviceAgent`)
`binaryauthorization.continuousValidationConfig.get`	소유자(`roles/owner`) 편집자(`roles/editor`) 뷰어 (`roles/viewer`) Binary Authorization 정책 관리자(`roles/binaryauthorization.policyAdmin`) Binary Authorization 정책 편집자(`roles/binaryauthorization.policyEditor`) Binary Authorization 정책 뷰어(`roles/binaryauthorization.policyViewer`)
`binaryauthorization.continuousValidationConfig.getIamPolicy`	소유자(`roles/owner`) 편집자(`roles/editor`) 뷰어 (`roles/viewer`) Binary Authorization 정책 관리자(`roles/binaryauthorization.policyAdmin`) 보안 관리자(`roles/iam.securityAdmin`) 보안 검토자(`roles/iam.securityReviewer`)
`binaryauthorization.continuousValidationConfig.setIamPolicy`	소유자(`roles/owner`) Binary Authorization 정책 관리자(`roles/binaryauthorization.policyAdmin`) 보안 관리자(`roles/iam.securityAdmin`)
`binaryauthorization.continuousValidationConfig.update`	소유자(`roles/owner`) 편집자(`roles/editor`) Binary Authorization 정책 관리자(`roles/binaryauthorization.policyAdmin`) Binary Authorization 정책 편집자(`roles/binaryauthorization.policyEditor`)
`binaryauthorization.platformPolicies.create`	소유자(`roles/owner`) 편집자(`roles/editor`) Binary Authorization 정책 관리자(`roles/binaryauthorization.policyAdmin`) Binary Authorization 정책 편집자(`roles/binaryauthorization.policyEditor`)
`binaryauthorization.platformPolicies.delete`	소유자(`roles/owner`) 편집자(`roles/editor`) Binary Authorization 정책 관리자(`roles/binaryauthorization.policyAdmin`) Binary Authorization 정책 편집자(`roles/binaryauthorization.policyEditor`)
`binaryauthorization.platformPolicies.evaluatePolicy`	소유자(`roles/owner`) 편집자(`roles/editor`) 뷰어 (`roles/viewer`) Binary Authorization 정책 관리자(`roles/binaryauthorization.policyAdmin`) Binary Authorization 정책 편집자(`roles/binaryauthorization.policyEditor`) Binary Authorization 정책 평가자(`roles/binaryauthorization.policyEvaluator`) Cloud Run 서비스 에이전트(`roles/serverless.serviceAgent`) 서비스 에이전트 역할 경고: 서비스 에이전트를 제외하고 주 구성원에 서비스 에이전트 역할을 부여하지 마세요. Anthos 멀티 클라우드 컨테이너 서비스 에이전트(`roles/gkemulticloud.containerServiceAgent`) Cloud Run 서비스 에이전트(`roles/run.serviceAgent`) Binary Authorization 서비스 에이전트(`roles/binaryauthorization.serviceAgent`)
`binaryauthorization.platformPolicies.get`	소유자(`roles/owner`) 편집자(`roles/editor`) 뷰어 (`roles/viewer`) Binary Authorization 정책 관리자(`roles/binaryauthorization.policyAdmin`) Binary Authorization 정책 편집자(`roles/binaryauthorization.policyEditor`) Binary Authorization 정책 평가자(`roles/binaryauthorization.policyEvaluator`) Binary Authorization 정책 뷰어(`roles/binaryauthorization.policyViewer`) 서비스 에이전트 역할 경고: 서비스 에이전트를 제외하고 주 구성원에 서비스 에이전트 역할을 부여하지 마세요. Anthos 멀티 클라우드 컨테이너 서비스 에이전트(`roles/gkemulticloud.containerServiceAgent`)
`binaryauthorization.platformPolicies.list`	소유자(`roles/owner`) 편집자(`roles/editor`) 뷰어 (`roles/viewer`) Binary Authorization 정책 관리자(`roles/binaryauthorization.policyAdmin`) Binary Authorization 정책 편집자(`roles/binaryauthorization.policyEditor`) Binary Authorization 정책 평가자(`roles/binaryauthorization.policyEvaluator`) Binary Authorization 정책 뷰어(`roles/binaryauthorization.policyViewer`) 보안 관리자(`roles/iam.securityAdmin`) 보안 검토자(`roles/iam.securityReviewer`) 서비스 에이전트 역할 경고: 서비스 에이전트를 제외하고 주 구성원에 서비스 에이전트 역할을 부여하지 마세요. Anthos 멀티 클라우드 컨테이너 서비스 에이전트(`roles/gkemulticloud.containerServiceAgent`)
`binaryauthorization.platformPolicies.replace`	소유자(`roles/owner`) 편집자(`roles/editor`) Binary Authorization 정책 관리자(`roles/binaryauthorization.policyAdmin`) Binary Authorization 정책 편집자(`roles/binaryauthorization.policyEditor`)
`binaryauthorization.policy.evaluatePolicy`	소유자(`roles/owner`) 편집자(`roles/editor`) 뷰어 (`roles/viewer`) Binary Authorization 정책 관리자(`roles/binaryauthorization.policyAdmin`) Binary Authorization 정책 편집자(`roles/binaryauthorization.policyEditor`) Binary Authorization 정책 평가자(`roles/binaryauthorization.policyEvaluator`) Cloud Run 서비스 에이전트(`roles/serverless.serviceAgent`) 서비스 에이전트 역할 경고: 서비스 에이전트를 제외하고 주 구성원에 서비스 에이전트 역할을 부여하지 마세요. Kubernetes Engine 서비스 에이전트(`roles/container.serviceAgent`) Anthos 멀티 클라우드 컨테이너 서비스 에이전트(`roles/gkemulticloud.containerServiceAgent`) Cloud Run 서비스 에이전트(`roles/run.serviceAgent`) Binary Authorization 서비스 에이전트(`roles/binaryauthorization.serviceAgent`)
`binaryauthorization.policy.get`	소유자(`roles/owner`) 편집자(`roles/editor`) 뷰어 (`roles/viewer`) Binary Authorization 정책 관리자(`roles/binaryauthorization.policyAdmin`) Binary Authorization 정책 편집자(`roles/binaryauthorization.policyEditor`) Binary Authorization 정책 평가자(`roles/binaryauthorization.policyEvaluator`) Binary Authorization 정책 뷰어(`roles/binaryauthorization.policyViewer`) 서비스 에이전트 역할 경고: 서비스 에이전트를 제외하고 주 구성원에 서비스 에이전트 역할을 부여하지 마세요. 보안 센터 제어 서비스 에이전트(`roles/securitycenter.controlServiceAgent`) Security Health Analytics 서비스 에이전트(`roles/securitycenter.securityHealthAnalyticsServiceAgent`) 보안 센터 서비스 에이전트(`roles/securitycenter.serviceAgent`) Anthos 멀티 클라우드 컨테이너 서비스 에이전트(`roles/gkemulticloud.containerServiceAgent`)
`binaryauthorization.policy.getIamPolicy`	소유자(`roles/owner`) 편집자(`roles/editor`) 뷰어 (`roles/viewer`) Binary Authorization 정책 관리자(`roles/binaryauthorization.policyAdmin`) 보안 관리자(`roles/iam.securityAdmin`) 보안 검토자(`roles/iam.securityReviewer`)
`binaryauthorization.policy.setIamPolicy`	소유자(`roles/owner`) Binary Authorization 정책 관리자(`roles/binaryauthorization.policyAdmin`) 보안 관리자(`roles/iam.securityAdmin`)
`binaryauthorization.policy.update`	소유자(`roles/owner`) 편집자(`roles/editor`) Binary Authorization 정책 관리자(`roles/binaryauthorization.policyAdmin`) Binary Authorization 정책 편집자(`roles/binaryauthorization.policyEditor`)

Binary Authorization 역할 및 권한

Binary Authorization 역할

Binary Authorization Attestor Admin

Binary Authorization Attestor Editor

Binary Authorization Attestor Image Verifier

Binary Authorization Attestor Viewer

Binary Authorization Policy Administrator

Binary Authorization Policy Editor

Binary Authorization Policy Evaluator

Binary Authorization Policy Viewer

Binary Authorization Service Agent

Binary Authorization 권한

`binaryauthorization.attestors.create`

`binaryauthorization.attestors.delete`

`binaryauthorization.attestors.get`

`binaryauthorization.attestors.getIamPolicy`

`binaryauthorization.attestors.list`

`binaryauthorization.attestors.setIamPolicy`

`binaryauthorization.attestors.update`

`binaryauthorization.attestors.verifyImageAttested`

`binaryauthorization.continuousValidationConfig.get`

`binaryauthorization.continuousValidationConfig.getIamPolicy`

`binaryauthorization.continuousValidationConfig.setIamPolicy`

`binaryauthorization.continuousValidationConfig.update`

`binaryauthorization.platformPolicies.create`

`binaryauthorization.platformPolicies.delete`

`binaryauthorization.platformPolicies.evaluatePolicy`

`binaryauthorization.platformPolicies.get`

`binaryauthorization.platformPolicies.list`

`binaryauthorization.platformPolicies.replace`

`binaryauthorization.policy.evaluatePolicy`

`binaryauthorization.policy.get`

`binaryauthorization.policy.getIamPolicy`

`binaryauthorization.policy.setIamPolicy`

`binaryauthorization.policy.update`