이 페이지의 일부 또는 모든 정보는 Trusted Cloud by S3NS에 적용되지 않을 수 있습니다. 자세한 내용은 Google Cloud와의 차이점을 참조하세요.

서비스 네트워킹 역할 및 권한

이 페이지에는 서비스 네트워킹의 IAM 역할과 권한이 나와 있습니다. 모든 역할과 권한을 검색하려면 역할 및 권한 색인을 참조하세요.

서비스 네트워킹 역할

Role Permissions

Role	Permissions
Service Networking Admin ^Beta (`roles/servicenetworking.networksAdmin`) Full control of service networking with projects.	`servicenetworking.*` `servicenetworking.operations.cancel` `servicenetworking.operations.delete` `servicenetworking.operations.get` `servicenetworking.operations.list` `servicenetworking.services.addDnsRecordSet` `servicenetworking.services.addDnsZone` `servicenetworking.services.addPeering` `servicenetworking.services.addSubnetwork` `servicenetworking.services.createPeeredDnsDomain` `servicenetworking.services.deleteConnection` `servicenetworking.services.deletePeeredDnsDomain` `servicenetworking.services.disableVpcServiceControls` `servicenetworking.services.enableVpcServiceControls` `servicenetworking.services.get` `servicenetworking.services.getConsumerConfig` `servicenetworking.services.listPeeredDnsDomains` `servicenetworking.services.removeDnsRecordSet` `servicenetworking.services.removeDnsZone` `servicenetworking.services.updateConsumerConfig` `servicenetworking.services.updateDnsRecordSet` `servicenetworking.services.use`
Service Networking Service Agent (`roles/servicenetworking.serviceAgent`) Gives permission to manage network configuration, such as establishing network peering, necessary for service producers Warning: Do not grant service agent roles to any principals except service agents.	`compute.globalAddresses.get` `compute.globalAddresses.list` `compute.globalOperations.get` `compute.networks.addPeering` `compute.networks.create` `compute.networks.delete` `compute.networks.get` `compute.networks.list` `compute.networks.listPeeringRoutes` `compute.networks.removePeering` `compute.networks.update` `compute.networks.updatePeering` `compute.networks.updatePolicy` `compute.projects.get` `compute.regionOperations.get` `compute.routers.get` `compute.routers.list` `compute.routes.list` `compute.subnetworks.create` `compute.subnetworks.delete` `compute.subnetworks.get` `compute.subnetworks.list` `dns.changes.` `dns.changes.create` `dns.changes.get` `dns.changes.list` `dns.dnsKeys.` `dns.dnsKeys.get` `dns.dnsKeys.list` `dns.gkeClusters.` `dns.gkeClusters.bindDNSResponsePolicy` `dns.gkeClusters.bindPrivateDNSZone` `dns.managedZoneOperations.` `dns.managedZoneOperations.get` `dns.managedZoneOperations.list` `dns.managedZones.create` `dns.managedZones.delete` `dns.managedZones.get` `dns.managedZones.getIamPolicy` `dns.managedZones.list` `dns.managedZones.update` `dns.networks.` `dns.networks.bindDNSResponsePolicy` `dns.networks.bindPrivateDNSPolicy` `dns.networks.bindPrivateDNSZone` `dns.networks.targetWithPeeringZone` `dns.networks.useHealthSignals` `dns.policies.` `dns.policies.create` `dns.policies.delete` `dns.policies.get` `dns.policies.list` `dns.policies.update` `dns.projects.get` `dns.resourceRecordSets.` `dns.resourceRecordSets.create` `dns.resourceRecordSets.delete` `dns.resourceRecordSets.get` `dns.resourceRecordSets.list` `dns.resourceRecordSets.update` `dns.responsePolicies.` `dns.responsePolicies.create` `dns.responsePolicies.delete` `dns.responsePolicies.get` `dns.responsePolicies.list` `dns.responsePolicies.update` `dns.responsePolicyRules.*` `dns.responsePolicyRules.create` `dns.responsePolicyRules.delete` `dns.responsePolicyRules.get` `dns.responsePolicyRules.list` `dns.responsePolicyRules.update` `networkconnectivity.internalRanges.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

Service Networking Admin ^Beta

(roles/servicenetworking.networksAdmin)

Full control of service networking with projects.

servicenetworking.*

servicenetworking.operations.cancel
servicenetworking.operations.delete
servicenetworking.operations.get
servicenetworking.operations.list
servicenetworking.services.addDnsRecordSet
servicenetworking.services.addDnsZone
servicenetworking.services.addPeering
servicenetworking.services.addSubnetwork
servicenetworking.services.createPeeredDnsDomain
servicenetworking.services.deleteConnection
servicenetworking.services.deletePeeredDnsDomain
servicenetworking.services.disableVpcServiceControls
servicenetworking.services.enableVpcServiceControls
servicenetworking.services.get
servicenetworking.services.getConsumerConfig
servicenetworking.services.listPeeredDnsDomains
servicenetworking.services.removeDnsRecordSet
servicenetworking.services.removeDnsZone
servicenetworking.services.updateConsumerConfig
servicenetworking.services.updateDnsRecordSet
servicenetworking.services.use

Service Networking Service Agent

(roles/servicenetworking.serviceAgent)

Gives permission to manage network configuration, such as establishing network peering, necessary for service producers

compute.globalAddresses.get

compute.globalAddresses.list

compute.globalOperations.get

compute.networks.addPeering

compute.networks.create

compute.networks.delete

compute.networks.get

compute.networks.list

compute.networks.listPeeringRoutes

compute.networks.removePeering

compute.networks.update

compute.networks.updatePeering

compute.networks.updatePolicy

compute.projects.get

compute.regionOperations.get

compute.routers.get

compute.routers.list

compute.routes.list

compute.subnetworks.create

compute.subnetworks.delete

compute.subnetworks.get

compute.subnetworks.list

dns.changes.*

dns.changes.create
dns.changes.get
dns.changes.list

dns.dnsKeys.*

dns.dnsKeys.get
dns.dnsKeys.list

dns.gkeClusters.*

dns.gkeClusters.bindDNSResponsePolicy
dns.gkeClusters.bindPrivateDNSZone

dns.managedZoneOperations.*

dns.managedZoneOperations.get
dns.managedZoneOperations.list

dns.managedZones.create

dns.managedZones.delete

dns.managedZones.get

dns.managedZones.getIamPolicy

dns.managedZones.list

dns.managedZones.update

dns.networks.*

dns.networks.bindDNSResponsePolicy
dns.networks.bindPrivateDNSPolicy
dns.networks.bindPrivateDNSZone
dns.networks.targetWithPeeringZone
dns.networks.useHealthSignals

dns.policies.*

dns.policies.create
dns.policies.delete
dns.policies.get
dns.policies.list
dns.policies.update

dns.projects.get

dns.resourceRecordSets.*

dns.resourceRecordSets.create
dns.resourceRecordSets.delete
dns.resourceRecordSets.get
dns.resourceRecordSets.list
dns.resourceRecordSets.update

dns.responsePolicies.*

dns.responsePolicies.create
dns.responsePolicies.delete
dns.responsePolicies.get
dns.responsePolicies.list
dns.responsePolicies.update

dns.responsePolicyRules.*

dns.responsePolicyRules.create
dns.responsePolicyRules.delete
dns.responsePolicyRules.get
dns.responsePolicyRules.list
dns.responsePolicyRules.update

networkconnectivity.internalRanges.list

resourcemanager.projects.get

resourcemanager.projects.list

서비스 네트워킹 권한

권한	역할에 포함됨
`servicenetworking.operations.cancel`	소유자(`roles/owner`) 편집자(`roles/editor`) 서비스 네트워킹 관리자(`roles/servicenetworking.networksAdmin`)
`servicenetworking.operations.delete`	소유자(`roles/owner`) 편집자(`roles/editor`) 서비스 네트워킹 관리자(`roles/servicenetworking.networksAdmin`)
`servicenetworking.operations.get`	소유자(`roles/owner`) 편집자(`roles/editor`) 뷰어 (`roles/viewer`) Compute 네트워크 관리자(`roles/compute.networkAdmin`) 서비스 네트워킹 관리자(`roles/servicenetworking.networksAdmin`) 서비스 에이전트 역할 경고: 서비스 에이전트를 제외하고 주 구성원에 서비스 에이전트 역할을 부여하지 마세요. Cloud TPU V2 API 서비스 에이전트(`roles/cloudtpu.serviceAgent`) Cloud Composer API 서비스 에이전트(`roles/composer.serviceAgent`) Kubernetes Engine 서비스 에이전트(`roles/container.serviceAgent`) Cloud Dataflow 서비스 에이전트(`roles/dataflow.serviceAgent`) Cloud Deployment Manager 서비스 에이전트(`roles/clouddeploymentmanager.serviceAgent`)
`servicenetworking.operations.list`	소유자(`roles/owner`) 편집자(`roles/editor`) 뷰어 (`roles/viewer`) 보안 관리자(`roles/iam.securityAdmin`) 보안 검토자(`roles/iam.securityReviewer`) 서비스 네트워킹 관리자(`roles/servicenetworking.networksAdmin`)
`servicenetworking.services.addDnsRecordSet`	소유자(`roles/owner`) 편집자(`roles/editor`) 서비스 네트워킹 관리자(`roles/servicenetworking.networksAdmin`)
`servicenetworking.services.addDnsZone`	소유자(`roles/owner`) 편집자(`roles/editor`) 서비스 네트워킹 관리자(`roles/servicenetworking.networksAdmin`)
`servicenetworking.services.addPeering`	소유자(`roles/owner`) Compute 네트워크 관리자(`roles/compute.networkAdmin`) 서비스 네트워킹 관리자(`roles/servicenetworking.networksAdmin`) 서비스 에이전트 역할 경고: 서비스 에이전트를 제외하고 주 구성원에 서비스 에이전트 역할을 부여하지 마세요. Cloud TPU V2 API 서비스 에이전트(`roles/cloudtpu.serviceAgent`) Cloud Composer API 서비스 에이전트(`roles/composer.serviceAgent`) Kubernetes Engine 서비스 에이전트(`roles/container.serviceAgent`) Cloud Dataflow 서비스 에이전트(`roles/dataflow.serviceAgent`) Cloud Deployment Manager 서비스 에이전트(`roles/clouddeploymentmanager.serviceAgent`)
`servicenetworking.services.addSubnetwork`	소유자(`roles/owner`) 편집자(`roles/editor`) 서비스 네트워킹 관리자(`roles/servicenetworking.networksAdmin`)
`servicenetworking.services.createPeeredDnsDomain`	소유자(`roles/owner`) 편집자(`roles/editor`) Compute 네트워크 관리자(`roles/compute.networkAdmin`) 서비스 네트워킹 관리자(`roles/servicenetworking.networksAdmin`) 서비스 에이전트 역할 경고: 서비스 에이전트를 제외하고 주 구성원에 서비스 에이전트 역할을 부여하지 마세요. Cloud Composer API 서비스 에이전트(`roles/composer.serviceAgent`) Kubernetes Engine 서비스 에이전트(`roles/container.serviceAgent`) Cloud Dataflow 서비스 에이전트(`roles/dataflow.serviceAgent`) Cloud TPU V2 API 서비스 에이전트(`roles/cloudtpu.serviceAgent`)
`servicenetworking.services.deleteConnection`	소유자(`roles/owner`) 편집자(`roles/editor`) Compute 네트워크 관리자(`roles/compute.networkAdmin`) 서비스 네트워킹 관리자(`roles/servicenetworking.networksAdmin`) 서비스 에이전트 역할 경고: 서비스 에이전트를 제외하고 주 구성원에 서비스 에이전트 역할을 부여하지 마세요. Cloud Composer API 서비스 에이전트(`roles/composer.serviceAgent`) Kubernetes Engine 서비스 에이전트(`roles/container.serviceAgent`) Cloud Dataflow 서비스 에이전트(`roles/dataflow.serviceAgent`) Cloud TPU V2 API 서비스 에이전트(`roles/cloudtpu.serviceAgent`)
`servicenetworking.services.deletePeeredDnsDomain`	소유자(`roles/owner`) 편집자(`roles/editor`) Compute 네트워크 관리자(`roles/compute.networkAdmin`) 서비스 네트워킹 관리자(`roles/servicenetworking.networksAdmin`) 서비스 에이전트 역할 경고: 서비스 에이전트를 제외하고 주 구성원에 서비스 에이전트 역할을 부여하지 마세요. Cloud Composer API 서비스 에이전트(`roles/composer.serviceAgent`) Kubernetes Engine 서비스 에이전트(`roles/container.serviceAgent`) Cloud Dataflow 서비스 에이전트(`roles/dataflow.serviceAgent`) Cloud TPU V2 API 서비스 에이전트(`roles/cloudtpu.serviceAgent`)
`servicenetworking.services.disableVpcServiceControls`	소유자(`roles/owner`) 편집자(`roles/editor`) Compute 네트워크 관리자(`roles/compute.networkAdmin`) 서비스 네트워킹 관리자(`roles/servicenetworking.networksAdmin`) 서비스 에이전트 역할 경고: 서비스 에이전트를 제외하고 주 구성원에 서비스 에이전트 역할을 부여하지 마세요. Cloud Composer API 서비스 에이전트(`roles/composer.serviceAgent`) Kubernetes Engine 서비스 에이전트(`roles/container.serviceAgent`) Cloud Dataflow 서비스 에이전트(`roles/dataflow.serviceAgent`) Cloud TPU V2 API 서비스 에이전트(`roles/cloudtpu.serviceAgent`)
`servicenetworking.services.enableVpcServiceControls`	소유자(`roles/owner`) 편집자(`roles/editor`) Compute 네트워크 관리자(`roles/compute.networkAdmin`) 서비스 네트워킹 관리자(`roles/servicenetworking.networksAdmin`) 서비스 에이전트 역할 경고: 서비스 에이전트를 제외하고 주 구성원에 서비스 에이전트 역할을 부여하지 마세요. Cloud Composer API 서비스 에이전트(`roles/composer.serviceAgent`) Kubernetes Engine 서비스 에이전트(`roles/container.serviceAgent`) Cloud Dataflow 서비스 에이전트(`roles/dataflow.serviceAgent`) Cloud TPU V2 API 서비스 에이전트(`roles/cloudtpu.serviceAgent`)
`servicenetworking.services.get`	소유자(`roles/owner`) 편집자(`roles/editor`) 뷰어 (`roles/viewer`) Compute 네트워크 관리자(`roles/compute.networkAdmin`) Compute 네트워크 사용자(`roles/compute.networkUser`) Compute 네트워크 뷰어(`roles/compute.networkViewer`) 서비스 네트워킹 관리자(`roles/servicenetworking.networksAdmin`) 서비스 에이전트 역할 경고: 서비스 에이전트를 제외하고 주 구성원에 서비스 에이전트 역할을 부여하지 마세요. Cloud TPU V2 API 서비스 에이전트(`roles/cloudtpu.serviceAgent`) Cloud Composer API 서비스 에이전트(`roles/composer.serviceAgent`) Kubernetes Engine 서비스 에이전트(`roles/container.serviceAgent`) Cloud Dataflow 서비스 에이전트(`roles/dataflow.serviceAgent`) Cloud Data Fusion API 서비스 에이전트(`roles/datafusion.serviceAgent`) Cloud Deployment Manager 서비스 에이전트(`roles/clouddeploymentmanager.serviceAgent`)
`servicenetworking.services.getConsumerConfig`	소유자(`roles/owner`) 편집자(`roles/editor`) 뷰어 (`roles/viewer`) 서비스 네트워킹 관리자(`roles/servicenetworking.networksAdmin`)
`servicenetworking.services.listPeeredDnsDomains`	소유자(`roles/owner`) 편집자(`roles/editor`) Compute 네트워크 관리자(`roles/compute.networkAdmin`) 서비스 네트워킹 관리자(`roles/servicenetworking.networksAdmin`) 서비스 에이전트 역할 경고: 서비스 에이전트를 제외하고 주 구성원에 서비스 에이전트 역할을 부여하지 마세요. Cloud Composer API 서비스 에이전트(`roles/composer.serviceAgent`) Kubernetes Engine 서비스 에이전트(`roles/container.serviceAgent`) Cloud Dataflow 서비스 에이전트(`roles/dataflow.serviceAgent`) Cloud TPU V2 API 서비스 에이전트(`roles/cloudtpu.serviceAgent`)
`servicenetworking.services.removeDnsRecordSet`	소유자(`roles/owner`) 편집자(`roles/editor`) 서비스 네트워킹 관리자(`roles/servicenetworking.networksAdmin`)
`servicenetworking.services.removeDnsZone`	소유자(`roles/owner`) 편집자(`roles/editor`) 서비스 네트워킹 관리자(`roles/servicenetworking.networksAdmin`)
`servicenetworking.services.updateConsumerConfig`	소유자(`roles/owner`) 편집자(`roles/editor`) 서비스 네트워킹 관리자(`roles/servicenetworking.networksAdmin`)
`servicenetworking.services.updateDnsRecordSet`	소유자(`roles/owner`) 편집자(`roles/editor`) 서비스 네트워킹 관리자(`roles/servicenetworking.networksAdmin`)
`servicenetworking.services.use`	소유자(`roles/owner`) 편집자(`roles/editor`) 서비스 네트워킹 관리자(`roles/servicenetworking.networksAdmin`)

서비스 네트워킹 역할 및 권한

서비스 네트워킹 역할

Service Networking Admin ^Beta

Service Networking Service Agent

서비스 네트워킹 권한

`servicenetworking.operations.cancel`

`servicenetworking.operations.delete`

`servicenetworking.operations.get`

`servicenetworking.operations.list`

`servicenetworking.services.addDnsRecordSet`

`servicenetworking.services.addDnsZone`

`servicenetworking.services.addPeering`

`servicenetworking.services.addSubnetwork`

`servicenetworking.services.createPeeredDnsDomain`

`servicenetworking.services.deleteConnection`

`servicenetworking.services.deletePeeredDnsDomain`

`servicenetworking.services.disableVpcServiceControls`

`servicenetworking.services.enableVpcServiceControls`

`servicenetworking.services.get`

`servicenetworking.services.getConsumerConfig`

`servicenetworking.services.listPeeredDnsDomains`

`servicenetworking.services.removeDnsRecordSet`

`servicenetworking.services.removeDnsZone`

`servicenetworking.services.updateConsumerConfig`

`servicenetworking.services.updateDnsRecordSet`

`servicenetworking.services.use`

서비스 네트워킹 역할 및 권한

서비스 네트워킹 역할

Service Networking Admin Beta

Service Networking Service Agent

서비스 네트워킹 권한

servicenetworking.operations.cancel

servicenetworking.operations.delete

servicenetworking.operations.get

servicenetworking.operations.list

servicenetworking.services.addDnsRecordSet

servicenetworking.services.addDnsZone

servicenetworking.services.addPeering

servicenetworking.services.addSubnetwork

servicenetworking.services.createPeeredDnsDomain

servicenetworking.services.deleteConnection

servicenetworking.services.deletePeeredDnsDomain

servicenetworking.services.disableVpcServiceControls

servicenetworking.services.enableVpcServiceControls

servicenetworking.services.get

servicenetworking.services.getConsumerConfig

servicenetworking.services.listPeeredDnsDomains

servicenetworking.services.removeDnsRecordSet

servicenetworking.services.removeDnsZone

servicenetworking.services.updateConsumerConfig

servicenetworking.services.updateDnsRecordSet

servicenetworking.services.use

Service Networking Admin ^Beta

`servicenetworking.operations.cancel`

`servicenetworking.operations.delete`

`servicenetworking.operations.get`

`servicenetworking.operations.list`

`servicenetworking.services.addDnsRecordSet`

`servicenetworking.services.addDnsZone`

`servicenetworking.services.addPeering`

`servicenetworking.services.addSubnetwork`

`servicenetworking.services.createPeeredDnsDomain`

`servicenetworking.services.deleteConnection`

`servicenetworking.services.deletePeeredDnsDomain`

`servicenetworking.services.disableVpcServiceControls`

`servicenetworking.services.enableVpcServiceControls`

`servicenetworking.services.get`

`servicenetworking.services.getConsumerConfig`

`servicenetworking.services.listPeeredDnsDomains`

`servicenetworking.services.removeDnsRecordSet`

`servicenetworking.services.removeDnsZone`

`servicenetworking.services.updateConsumerConfig`

`servicenetworking.services.updateDnsRecordSet`

`servicenetworking.services.use`