Alcune o tutte le informazioni in questa pagina potrebbero non essere applicabili a Trusted Cloud di S3NS. Per ulteriori dettagli, consulta la sezione Differenze rispetto a Google Cloud.

Questa pagina è stata tradotta dall'API Cloud Translation.

Controlla l'accesso con IAM

Per utilizzare Monitoring, devi disporre delle autorizzazioni Identity and Access Management (IAM) appropriate. In generale, ogni metodo REST in un'API ha un'autorizzazione associata. Per utilizzare il metodo o una funzionalità della console che si basa su di esso, devi disporre dell'autorizzazione per utilizzare il metodo corrispondente. Le autorizzazioni non vengono concesse direttamente agli utenti, ma indirettamente tramite i ruoli, che raggruppano più autorizzazioni per semplificarne la gestione:

Per informazioni sul controllo dell'accesso, vedi Concetti relativi alla gestione dell'accesso.

Per informazioni su come concedere ruoli alle entità, consulta Gestire l'accesso a progetti, cartelle e organizzazioni.

I ruoli per le combinazioni comuni di autorizzazioni sono predefiniti. Tuttavia, puoi anche creare le tue combinazioni di autorizzazioni creando ruoli personalizzati IAM.

Ruoli predefiniti

Questa sezione elenca un sottoinsieme di ruoli IAM predefiniti da Cloud Monitoring.

Nome Titolo	Include autorizzazioni
`roles/monitoring.viewer` Visualizzatore Monitoring	Concede l'accesso di sola lettura all'API Cloud Monitoring.
`roles/monitoring.editor` Editor Monitoring	Concede l'accesso in lettura/scrittura all'API Cloud Monitoring.
`roles/monitoring.admin` Amministratore Monitoring	Concede l'accesso completo all'API Cloud Monitoring.

Il seguente ruolo viene utilizzato dai service account per l'accesso in sola scrittura:

Nome Titolo	Descrizione
`roles/monitoring.metricWriter` Monitoring Metric Writer	Questo ruolo è destinato agli agenti e ai service account. Non consente l'accesso a Monitoring nella console Trusted Cloud .

Autorizzazioni per i ruoli predefiniti

Questa sezione elenca le autorizzazioni assegnate ai ruoli predefiniti associati a Monitoring.

Per saperne di più sui ruoli predefiniti, consulta IAM: Ruoli e autorizzazioni. Per assistenza nella scelta dei ruoli predefiniti più appropriati, consulta Scegliere i ruoli predefiniti.

Autorizzazioni per i ruoli di monitoraggio

Role Permissions

Role	Permissions
Monitoring Admin (`roles/monitoring.admin`) Provides full access to Cloud Monitoring. Lowest-level resources where you can grant this role: Project	`cloudnotifications.activities.list` `monitoring.` `monitoring.alertPolicies.create` `monitoring.alertPolicies.createTagBinding` `monitoring.alertPolicies.delete` `monitoring.alertPolicies.deleteTagBinding` `monitoring.alertPolicies.get` `monitoring.alertPolicies.list` `monitoring.alertPolicies.listEffectiveTags` `monitoring.alertPolicies.listTagBindings` `monitoring.alertPolicies.update` `monitoring.dashboards.create` `monitoring.dashboards.createTagBinding` `monitoring.dashboards.delete` `monitoring.dashboards.deleteTagBinding` `monitoring.dashboards.get` `monitoring.dashboards.list` `monitoring.dashboards.listEffectiveTags` `monitoring.dashboards.listTagBindings` `monitoring.dashboards.update` `monitoring.groups.create` `monitoring.groups.delete` `monitoring.groups.get` `monitoring.groups.list` `monitoring.groups.update` `monitoring.metricDescriptors.create` `monitoring.metricDescriptors.delete` `monitoring.metricDescriptors.get` `monitoring.metricDescriptors.list` `monitoring.metricsScopes.link` `monitoring.monitoredResourceDescriptors.get` `monitoring.monitoredResourceDescriptors.list` `monitoring.notificationChannelDescriptors.get` `monitoring.notificationChannelDescriptors.list` `monitoring.notificationChannels.create` `monitoring.notificationChannels.delete` `monitoring.notificationChannels.get` `monitoring.notificationChannels.getVerificationCode` `monitoring.notificationChannels.list` `monitoring.notificationChannels.sendVerificationCode` `monitoring.notificationChannels.update` `monitoring.notificationChannels.verify` `monitoring.services.create` `monitoring.services.delete` `monitoring.services.get` `monitoring.services.list` `monitoring.services.update` `monitoring.slos.create` `monitoring.slos.delete` `monitoring.slos.get` `monitoring.slos.list` `monitoring.slos.update` `monitoring.snoozes.create` `monitoring.snoozes.get` `monitoring.snoozes.list` `monitoring.snoozes.update` `monitoring.timeSeries.create` `monitoring.timeSeries.list` `monitoring.uptimeCheckConfigs.create` `monitoring.uptimeCheckConfigs.delete` `monitoring.uptimeCheckConfigs.get` `monitoring.uptimeCheckConfigs.list` `monitoring.uptimeCheckConfigs.update` `opsconfigmonitoring.` `opsconfigmonitoring.resourceMetadata.list` `opsconfigmonitoring.resourceMetadata.write` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.services.enable` `serviceusage.services.get` `stackdriver.*` `stackdriver.projects.edit` `stackdriver.projects.get` `stackdriver.resourceMetadata.list` `stackdriver.resourceMetadata.write`
Monitoring AlertPolicy Editor (`roles/monitoring.alertPolicyEditor`) Read/write access to alerting policies.	`monitoring.alertPolicies.*` `monitoring.alertPolicies.create` `monitoring.alertPolicies.createTagBinding` `monitoring.alertPolicies.delete` `monitoring.alertPolicies.deleteTagBinding` `monitoring.alertPolicies.get` `monitoring.alertPolicies.list` `monitoring.alertPolicies.listEffectiveTags` `monitoring.alertPolicies.listTagBindings` `monitoring.alertPolicies.update`
Monitoring AlertPolicy Viewer (`roles/monitoring.alertPolicyViewer`) Read-only access to alerting policies.	`monitoring.alertPolicies.get` `monitoring.alertPolicies.list` `monitoring.alertPolicies.listEffectiveTags` `monitoring.alertPolicies.listTagBindings`
Monitoring Cloud Console Incident Editor ^Beta (`roles/monitoring.cloudConsoleIncidentEditor`) Read/write access to incidents from Cloud Console.
Monitoring Cloud Console Incident Viewer ^Beta (`roles/monitoring.cloudConsoleIncidentViewer`) Read access to incidents from Cloud Console.
Monitoring Dashboard Configuration Editor (`roles/monitoring.dashboardEditor`) Read/write access to dashboard configurations.	`monitoring.dashboards.*` `monitoring.dashboards.create` `monitoring.dashboards.createTagBinding` `monitoring.dashboards.delete` `monitoring.dashboards.deleteTagBinding` `monitoring.dashboards.get` `monitoring.dashboards.list` `monitoring.dashboards.listEffectiveTags` `monitoring.dashboards.listTagBindings` `monitoring.dashboards.update`
Monitoring Dashboard Configuration Viewer (`roles/monitoring.dashboardViewer`) Read-only access to dashboard configurations.	`monitoring.dashboards.get` `monitoring.dashboards.list` `monitoring.dashboards.listEffectiveTags` `monitoring.dashboards.listTagBindings`
Monitoring Editor (`roles/monitoring.editor`) Provides full access to information about all monitoring data and configurations. Lowest-level resources where you can grant this role: Project	`cloudnotifications.activities.list` `monitoring.alertPolicies.` `monitoring.alertPolicies.create` `monitoring.alertPolicies.createTagBinding` `monitoring.alertPolicies.delete` `monitoring.alertPolicies.deleteTagBinding` `monitoring.alertPolicies.get` `monitoring.alertPolicies.list` `monitoring.alertPolicies.listEffectiveTags` `monitoring.alertPolicies.listTagBindings` `monitoring.alertPolicies.update` `monitoring.dashboards.` `monitoring.dashboards.create` `monitoring.dashboards.createTagBinding` `monitoring.dashboards.delete` `monitoring.dashboards.deleteTagBinding` `monitoring.dashboards.get` `monitoring.dashboards.list` `monitoring.dashboards.listEffectiveTags` `monitoring.dashboards.listTagBindings` `monitoring.dashboards.update` `monitoring.groups.` `monitoring.groups.create` `monitoring.groups.delete` `monitoring.groups.get` `monitoring.groups.list` `monitoring.groups.update` `monitoring.metricDescriptors.` `monitoring.metricDescriptors.create` `monitoring.metricDescriptors.delete` `monitoring.metricDescriptors.get` `monitoring.metricDescriptors.list` `monitoring.monitoredResourceDescriptors.` `monitoring.monitoredResourceDescriptors.get` `monitoring.monitoredResourceDescriptors.list` `monitoring.notificationChannelDescriptors.` `monitoring.notificationChannelDescriptors.get` `monitoring.notificationChannelDescriptors.list` `monitoring.notificationChannels.create` `monitoring.notificationChannels.delete` `monitoring.notificationChannels.get` `monitoring.notificationChannels.list` `monitoring.notificationChannels.sendVerificationCode` `monitoring.notificationChannels.update` `monitoring.notificationChannels.verify` `monitoring.services.` `monitoring.services.create` `monitoring.services.delete` `monitoring.services.get` `monitoring.services.list` `monitoring.services.update` `monitoring.slos.` `monitoring.slos.create` `monitoring.slos.delete` `monitoring.slos.get` `monitoring.slos.list` `monitoring.slos.update` `monitoring.snoozes.` `monitoring.snoozes.create` `monitoring.snoozes.get` `monitoring.snoozes.list` `monitoring.snoozes.update` `monitoring.timeSeries.` `monitoring.timeSeries.create` `monitoring.timeSeries.list` `monitoring.uptimeCheckConfigs.` `monitoring.uptimeCheckConfigs.create` `monitoring.uptimeCheckConfigs.delete` `monitoring.uptimeCheckConfigs.get` `monitoring.uptimeCheckConfigs.list` `monitoring.uptimeCheckConfigs.update` `opsconfigmonitoring.` `opsconfigmonitoring.resourceMetadata.list` `opsconfigmonitoring.resourceMetadata.write` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.services.enable` `serviceusage.services.get` `stackdriver.*` `stackdriver.projects.edit` `stackdriver.projects.get` `stackdriver.resourceMetadata.list` `stackdriver.resourceMetadata.write`
Monitoring Metric Writer (`roles/monitoring.metricWriter`) Provides write-only access to metrics. This provides exactly the permissions needed by the Cloud Monitoring agent and other systems that send metrics. Lowest-level resources where you can grant this role: Project	`monitoring.metricDescriptors.create` `monitoring.metricDescriptors.get` `monitoring.metricDescriptors.list` `monitoring.monitoredResourceDescriptors.*` `monitoring.monitoredResourceDescriptors.get` `monitoring.monitoredResourceDescriptors.list` `monitoring.timeSeries.create`
Monitoring Metrics Scopes Admin ^Beta (`roles/monitoring.metricsScopesAdmin`) Access to add and remove monitored projects from metrics scopes.	`monitoring.metricsScopes.link` `resourcemanager.projects.get` `resourcemanager.projects.list`
Monitoring Metrics Scopes Viewer ^Beta (`roles/monitoring.metricsScopesViewer`) Read-only access to metrics scopes and their monitored projects.	`resourcemanager.projects.get` `resourcemanager.projects.list`
Monitoring NotificationChannel Editor ^Beta (`roles/monitoring.notificationChannelEditor`) Read/write access to notification channels.	`monitoring.notificationChannelDescriptors.*` `monitoring.notificationChannelDescriptors.get` `monitoring.notificationChannelDescriptors.list` `monitoring.notificationChannels.create` `monitoring.notificationChannels.delete` `monitoring.notificationChannels.get` `monitoring.notificationChannels.list` `monitoring.notificationChannels.sendVerificationCode` `monitoring.notificationChannels.update` `monitoring.notificationChannels.verify`
Monitoring NotificationChannel Viewer ^Beta (`roles/monitoring.notificationChannelViewer`) Read-only access to notification channels.	`monitoring.notificationChannelDescriptors.*` `monitoring.notificationChannelDescriptors.get` `monitoring.notificationChannelDescriptors.list` `monitoring.notificationChannels.get` `monitoring.notificationChannels.list`
Monitoring Service Agent (`roles/monitoring.notificationServiceAgent`) Grants permissions to deliver notifications directly to resources within the target project, such as delivering to Pub/Sub topics within the project. Warning: Do not grant service agent roles to any principals except service agents.	`bigquery.jobs.create` `cloudfunctions.functions.get` `cloudtrace.traces.patch` `logging.links.list` `monitoring.metricDescriptors.get` `monitoring.metricDescriptors.list` `monitoring.monitoredResourceDescriptors.*` `monitoring.monitoredResourceDescriptors.get` `monitoring.monitoredResourceDescriptors.list` `monitoring.timeSeries.list` `run.routes.invoke` `servicedirectory.networks.access` `servicedirectory.services.resolve` `serviceusage.services.use`
Monitoring Services Editor (`roles/monitoring.servicesEditor`) Read/write access to services.	`monitoring.services.` `monitoring.services.create` `monitoring.services.delete` `monitoring.services.get` `monitoring.services.list` `monitoring.services.update` `monitoring.slos.` `monitoring.slos.create` `monitoring.slos.delete` `monitoring.slos.get` `monitoring.slos.list` `monitoring.slos.update`
Monitoring Services Viewer (`roles/monitoring.servicesViewer`) Read-only access to services.	`monitoring.services.get` `monitoring.services.list` `monitoring.slos.get` `monitoring.slos.list`
Monitoring Snooze Editor (`roles/monitoring.snoozeEditor`)	`monitoring.snoozes.*` `monitoring.snoozes.create` `monitoring.snoozes.get` `monitoring.snoozes.list` `monitoring.snoozes.update`
Monitoring Snooze Viewer (`roles/monitoring.snoozeViewer`)	`monitoring.snoozes.get` `monitoring.snoozes.list`
Monitoring Uptime Check Configuration Editor ^Beta (`roles/monitoring.uptimeCheckConfigEditor`) Read/write access to uptime check configurations.	`monitoring.uptimeCheckConfigs.*` `monitoring.uptimeCheckConfigs.create` `monitoring.uptimeCheckConfigs.delete` `monitoring.uptimeCheckConfigs.get` `monitoring.uptimeCheckConfigs.list` `monitoring.uptimeCheckConfigs.update`
Monitoring Uptime Check Configuration Viewer ^Beta (`roles/monitoring.uptimeCheckConfigViewer`) Read-only access to uptime check configurations.	`monitoring.uptimeCheckConfigs.get` `monitoring.uptimeCheckConfigs.list`
Monitoring Viewer (`roles/monitoring.viewer`) Provides read-only access to get and list information about all monitoring data and configurations. Lowest-level resources where you can grant this role: Project	`cloudnotifications.activities.list` `monitoring.alertPolicies.get` `monitoring.alertPolicies.list` `monitoring.alertPolicies.listEffectiveTags` `monitoring.alertPolicies.listTagBindings` `monitoring.dashboards.get` `monitoring.dashboards.list` `monitoring.dashboards.listEffectiveTags` `monitoring.dashboards.listTagBindings` `monitoring.groups.get` `monitoring.groups.list` `monitoring.metricDescriptors.get` `monitoring.metricDescriptors.list` `monitoring.monitoredResourceDescriptors.` `monitoring.monitoredResourceDescriptors.get` `monitoring.monitoredResourceDescriptors.list` `monitoring.notificationChannelDescriptors.` `monitoring.notificationChannelDescriptors.get` `monitoring.notificationChannelDescriptors.list` `monitoring.notificationChannels.get` `monitoring.notificationChannels.list` `monitoring.services.get` `monitoring.services.list` `monitoring.slos.get` `monitoring.slos.list` `monitoring.snoozes.get` `monitoring.snoozes.list` `monitoring.timeSeries.list` `monitoring.uptimeCheckConfigs.get` `monitoring.uptimeCheckConfigs.list` `opsconfigmonitoring.resourceMetadata.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `stackdriver.projects.get` `stackdriver.resourceMetadata.list`
Ops Config Monitoring Resource Metadata Viewer ^Beta (`roles/opsconfigmonitoring.resourceMetadata.viewer`) Read-only access to resource metadata.	`opsconfigmonitoring.resourceMetadata.list`
Ops Config Monitoring Resource Metadata Writer ^Beta (`roles/opsconfigmonitoring.resourceMetadata.writer`) Write-only access to resource metadata. This provides exactly the permissions needed by the Ops Config Monitoring metadata agent and other systems that send metadata.	`opsconfigmonitoring.resourceMetadata.write`
Stackdriver Accounts Editor (`roles/stackdriver.accounts.editor`) Read/write access to manage Stackdriver account structure.	`resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.services.enable` `serviceusage.services.get` `stackdriver.projects.*` `stackdriver.projects.edit` `stackdriver.projects.get`
Stackdriver Accounts Viewer (`roles/stackdriver.accounts.viewer`) Read-only access to get and list information about Stackdriver account structure.	`resourcemanager.projects.get` `resourcemanager.projects.list` `stackdriver.projects.get`
Stackdriver Resource Metadata Writer ^Beta (`roles/stackdriver.resourceMetadata.writer`) Write-only access to resource metadata. This provides exactly the permissions needed by the Stackdriver metadata agent and other systems that send metadata.	`stackdriver.resourceMetadata.write`

Monitoring Admin

(roles/monitoring.admin)

Provides full access to Cloud Monitoring.

Lowest-level resources where you can grant this role:

Project

cloudnotifications.activities.list

monitoring.*

monitoring.alertPolicies.create
monitoring.alertPolicies.createTagBinding
monitoring.alertPolicies.delete
monitoring.alertPolicies.deleteTagBinding
monitoring.alertPolicies.get
monitoring.alertPolicies.list
monitoring.alertPolicies.listEffectiveTags
monitoring.alertPolicies.listTagBindings
monitoring.alertPolicies.update
monitoring.dashboards.create
monitoring.dashboards.createTagBinding
monitoring.dashboards.delete
monitoring.dashboards.deleteTagBinding
monitoring.dashboards.get
monitoring.dashboards.list
monitoring.dashboards.listEffectiveTags
monitoring.dashboards.listTagBindings
monitoring.dashboards.update
monitoring.groups.create
monitoring.groups.delete
monitoring.groups.get
monitoring.groups.list
monitoring.groups.update
monitoring.metricDescriptors.create
monitoring.metricDescriptors.delete
monitoring.metricDescriptors.get
monitoring.metricDescriptors.list
monitoring.metricsScopes.link
monitoring.monitoredResourceDescriptors.get
monitoring.monitoredResourceDescriptors.list
monitoring.notificationChannelDescriptors.get
monitoring.notificationChannelDescriptors.list
monitoring.notificationChannels.create
monitoring.notificationChannels.delete
monitoring.notificationChannels.get
monitoring.notificationChannels.getVerificationCode
monitoring.notificationChannels.list
monitoring.notificationChannels.sendVerificationCode
monitoring.notificationChannels.update
monitoring.notificationChannels.verify
monitoring.services.create
monitoring.services.delete
monitoring.services.get
monitoring.services.list
monitoring.services.update
monitoring.slos.create
monitoring.slos.delete
monitoring.slos.get
monitoring.slos.list
monitoring.slos.update
monitoring.snoozes.create
monitoring.snoozes.get
monitoring.snoozes.list
monitoring.snoozes.update
monitoring.timeSeries.create
monitoring.timeSeries.list
monitoring.uptimeCheckConfigs.create
monitoring.uptimeCheckConfigs.delete
monitoring.uptimeCheckConfigs.get
monitoring.uptimeCheckConfigs.list
monitoring.uptimeCheckConfigs.update

opsconfigmonitoring.*

opsconfigmonitoring.resourceMetadata.list
opsconfigmonitoring.resourceMetadata.write

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.services.enable

serviceusage.services.get

stackdriver.*

stackdriver.projects.edit
stackdriver.projects.get
stackdriver.resourceMetadata.list
stackdriver.resourceMetadata.write

Monitoring AlertPolicy Editor

(roles/monitoring.alertPolicyEditor)

Read/write access to alerting policies.

monitoring.alertPolicies.*

monitoring.alertPolicies.create
monitoring.alertPolicies.createTagBinding
monitoring.alertPolicies.delete
monitoring.alertPolicies.deleteTagBinding
monitoring.alertPolicies.get
monitoring.alertPolicies.list
monitoring.alertPolicies.listEffectiveTags
monitoring.alertPolicies.listTagBindings
monitoring.alertPolicies.update

Monitoring AlertPolicy Viewer

(roles/monitoring.alertPolicyViewer)

Read-only access to alerting policies.

monitoring.alertPolicies.get

monitoring.alertPolicies.list

monitoring.alertPolicies.listEffectiveTags

monitoring.alertPolicies.listTagBindings

Monitoring Cloud Console Incident Editor ^Beta

(roles/monitoring.cloudConsoleIncidentEditor)

Read/write access to incidents from Cloud Console.

Monitoring Cloud Console Incident Viewer ^Beta

(roles/monitoring.cloudConsoleIncidentViewer)

Read access to incidents from Cloud Console.

Monitoring Dashboard Configuration Editor

(roles/monitoring.dashboardEditor)

Read/write access to dashboard configurations.

monitoring.dashboards.*

monitoring.dashboards.create
monitoring.dashboards.createTagBinding
monitoring.dashboards.delete
monitoring.dashboards.deleteTagBinding
monitoring.dashboards.get
monitoring.dashboards.list
monitoring.dashboards.listEffectiveTags
monitoring.dashboards.listTagBindings
monitoring.dashboards.update

Monitoring Dashboard Configuration Viewer

(roles/monitoring.dashboardViewer)

Read-only access to dashboard configurations.

monitoring.dashboards.get

monitoring.dashboards.list

monitoring.dashboards.listEffectiveTags

monitoring.dashboards.listTagBindings

Monitoring Editor

(roles/monitoring.editor)

Provides full access to information about all monitoring data and configurations.

Lowest-level resources where you can grant this role:

Project

cloudnotifications.activities.list

monitoring.alertPolicies.*

monitoring.alertPolicies.create
monitoring.alertPolicies.createTagBinding
monitoring.alertPolicies.delete
monitoring.alertPolicies.deleteTagBinding
monitoring.alertPolicies.get
monitoring.alertPolicies.list
monitoring.alertPolicies.listEffectiveTags
monitoring.alertPolicies.listTagBindings
monitoring.alertPolicies.update

monitoring.dashboards.*

monitoring.dashboards.create
monitoring.dashboards.createTagBinding
monitoring.dashboards.delete
monitoring.dashboards.deleteTagBinding
monitoring.dashboards.get
monitoring.dashboards.list
monitoring.dashboards.listEffectiveTags
monitoring.dashboards.listTagBindings
monitoring.dashboards.update

monitoring.groups.*

monitoring.groups.create
monitoring.groups.delete
monitoring.groups.get
monitoring.groups.list
monitoring.groups.update

monitoring.metricDescriptors.*

monitoring.metricDescriptors.create
monitoring.metricDescriptors.delete
monitoring.metricDescriptors.get
monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

monitoring.monitoredResourceDescriptors.get
monitoring.monitoredResourceDescriptors.list

monitoring.notificationChannelDescriptors.*

monitoring.notificationChannelDescriptors.get
monitoring.notificationChannelDescriptors.list

monitoring.notificationChannels.create

monitoring.notificationChannels.delete

monitoring.notificationChannels.get

monitoring.notificationChannels.list

monitoring.notificationChannels.sendVerificationCode

monitoring.notificationChannels.update

monitoring.notificationChannels.verify

monitoring.services.*

monitoring.services.create
monitoring.services.delete
monitoring.services.get
monitoring.services.list
monitoring.services.update

monitoring.slos.*

monitoring.slos.create
monitoring.slos.delete
monitoring.slos.get
monitoring.slos.list
monitoring.slos.update

monitoring.snoozes.*

monitoring.snoozes.create
monitoring.snoozes.get
monitoring.snoozes.list
monitoring.snoozes.update

monitoring.timeSeries.*

monitoring.timeSeries.create
monitoring.timeSeries.list

monitoring.uptimeCheckConfigs.*

monitoring.uptimeCheckConfigs.create
monitoring.uptimeCheckConfigs.delete
monitoring.uptimeCheckConfigs.get
monitoring.uptimeCheckConfigs.list
monitoring.uptimeCheckConfigs.update

opsconfigmonitoring.*

opsconfigmonitoring.resourceMetadata.list
opsconfigmonitoring.resourceMetadata.write

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.services.enable

serviceusage.services.get

stackdriver.*

stackdriver.projects.edit
stackdriver.projects.get
stackdriver.resourceMetadata.list
stackdriver.resourceMetadata.write

Monitoring Metric Writer

(roles/monitoring.metricWriter)

Provides write-only access to metrics. This provides exactly the permissions needed by the Cloud Monitoring agent and other systems that send metrics.

Lowest-level resources where you can grant this role:

Project

monitoring.metricDescriptors.create

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

monitoring.monitoredResourceDescriptors.get
monitoring.monitoredResourceDescriptors.list

monitoring.timeSeries.create

Monitoring Metrics Scopes Admin ^Beta

(roles/monitoring.metricsScopesAdmin)

Access to add and remove monitored projects from metrics scopes.

monitoring.metricsScopes.link

resourcemanager.projects.get

resourcemanager.projects.list

Monitoring Metrics Scopes Viewer ^Beta

(roles/monitoring.metricsScopesViewer)

Read-only access to metrics scopes and their monitored projects.

resourcemanager.projects.get

resourcemanager.projects.list

Monitoring NotificationChannel Editor ^Beta

(roles/monitoring.notificationChannelEditor)

Read/write access to notification channels.

monitoring.notificationChannelDescriptors.*

monitoring.notificationChannelDescriptors.get
monitoring.notificationChannelDescriptors.list

monitoring.notificationChannels.create

monitoring.notificationChannels.delete

monitoring.notificationChannels.get

monitoring.notificationChannels.list

monitoring.notificationChannels.sendVerificationCode

monitoring.notificationChannels.update

monitoring.notificationChannels.verify

Monitoring NotificationChannel Viewer ^Beta

(roles/monitoring.notificationChannelViewer)

Read-only access to notification channels.

monitoring.notificationChannelDescriptors.*

monitoring.notificationChannelDescriptors.get
monitoring.notificationChannelDescriptors.list

monitoring.notificationChannels.get

monitoring.notificationChannels.list

Monitoring Service Agent

(roles/monitoring.notificationServiceAgent)

Grants permissions to deliver notifications directly to resources within the target project, such as delivering to Pub/Sub topics within the project.

bigquery.jobs.create

cloudfunctions.functions.get

cloudtrace.traces.patch

logging.links.list

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

monitoring.monitoredResourceDescriptors.get
monitoring.monitoredResourceDescriptors.list

monitoring.timeSeries.list

run.routes.invoke

servicedirectory.networks.access

servicedirectory.services.resolve

serviceusage.services.use

Monitoring Services Editor

(roles/monitoring.servicesEditor)

Read/write access to services.

monitoring.services.*

monitoring.services.create
monitoring.services.delete
monitoring.services.get
monitoring.services.list
monitoring.services.update

monitoring.slos.*

monitoring.slos.create
monitoring.slos.delete
monitoring.slos.get
monitoring.slos.list
monitoring.slos.update

Monitoring Services Viewer

(roles/monitoring.servicesViewer)

Read-only access to services.

monitoring.services.get

monitoring.services.list

monitoring.slos.get

monitoring.slos.list

Monitoring Snooze Editor

(roles/monitoring.snoozeEditor)

monitoring.snoozes.*

monitoring.snoozes.create
monitoring.snoozes.get
monitoring.snoozes.list
monitoring.snoozes.update

Monitoring Snooze Viewer

(roles/monitoring.snoozeViewer)

monitoring.snoozes.get

monitoring.snoozes.list

Monitoring Uptime Check Configuration Editor ^Beta

(roles/monitoring.uptimeCheckConfigEditor)

Read/write access to uptime check configurations.

monitoring.uptimeCheckConfigs.*

monitoring.uptimeCheckConfigs.create
monitoring.uptimeCheckConfigs.delete
monitoring.uptimeCheckConfigs.get
monitoring.uptimeCheckConfigs.list
monitoring.uptimeCheckConfigs.update

Monitoring Uptime Check Configuration Viewer ^Beta

(roles/monitoring.uptimeCheckConfigViewer)

Read-only access to uptime check configurations.

monitoring.uptimeCheckConfigs.get

monitoring.uptimeCheckConfigs.list

Monitoring Viewer

(roles/monitoring.viewer)

Provides read-only access to get and list information about all monitoring data and configurations.

Lowest-level resources where you can grant this role:

Project

cloudnotifications.activities.list

monitoring.alertPolicies.get

monitoring.alertPolicies.list

monitoring.alertPolicies.listEffectiveTags

monitoring.alertPolicies.listTagBindings

monitoring.dashboards.get

monitoring.dashboards.list

monitoring.dashboards.listEffectiveTags

monitoring.dashboards.listTagBindings

monitoring.groups.get

monitoring.groups.list

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

monitoring.monitoredResourceDescriptors.get
monitoring.monitoredResourceDescriptors.list

monitoring.notificationChannelDescriptors.*

monitoring.notificationChannelDescriptors.get
monitoring.notificationChannelDescriptors.list

monitoring.notificationChannels.get

monitoring.notificationChannels.list

monitoring.services.get

monitoring.services.list

monitoring.slos.get

monitoring.slos.list

monitoring.snoozes.get

monitoring.snoozes.list

monitoring.timeSeries.list

monitoring.uptimeCheckConfigs.get

monitoring.uptimeCheckConfigs.list

opsconfigmonitoring.resourceMetadata.list

resourcemanager.projects.get

resourcemanager.projects.list

stackdriver.projects.get

stackdriver.resourceMetadata.list

Ops Config Monitoring Resource Metadata Viewer ^Beta

(roles/opsconfigmonitoring.resourceMetadata.viewer)

Read-only access to resource metadata.

opsconfigmonitoring.resourceMetadata.list

Ops Config Monitoring Resource Metadata Writer ^Beta

(roles/opsconfigmonitoring.resourceMetadata.writer)

Write-only access to resource metadata. This provides exactly the permissions needed by the Ops Config Monitoring metadata agent and other systems that send metadata.

opsconfigmonitoring.resourceMetadata.write

Stackdriver Accounts Editor

(roles/stackdriver.accounts.editor)

Read/write access to manage Stackdriver account structure.

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.services.enable

serviceusage.services.get

stackdriver.projects.*

stackdriver.projects.edit
stackdriver.projects.get

Stackdriver Accounts Viewer

(roles/stackdriver.accounts.viewer)

Read-only access to get and list information about Stackdriver account structure.

resourcemanager.projects.get

resourcemanager.projects.list

stackdriver.projects.get

Stackdriver Resource Metadata Writer ^Beta

(roles/stackdriver.resourceMetadata.writer)

Write-only access to resource metadata. This provides exactly the permissions needed by the Stackdriver metadata agent and other systems that send metadata.

stackdriver.resourceMetadata.write

Autorizzazioni di monitoraggio incluse nei ruoli di base Trusted Cloud by S3NS

I Trusted Cloud ruoli di base includono le seguenti autorizzazioni:

Nome Titolo	Include autorizzazioni
`roles/viewer` Visualizzatore	Le autorizzazioni di monitoraggio sono le stesse di `roles/monitoring.viewer`.
`roles/editor` Editor	Le autorizzazioni di monitoraggio sono le stesse di `roles/monitoring.editor`, con l'eccezione dell'autorizzazione `stackdriver.projects.edit`. Il ruolo `roles/editor` non include l'autorizzazione `stackdriver.projects.edit`.
`roles/owner` Proprietario	Le autorizzazioni di monitoraggio sono le stesse di `roles/monitoring.admin`.

Ambiti di accesso di Compute Engine

Gli ambiti di accesso sono il metodo legacy per specificare le autorizzazioni per le tue istanze VM di Compute Engine. I seguenti ambiti di accesso si applicano a Monitoring:

Ambito di accesso	Autorizzazioni concesse
https://www.googleapis.com/auth/monitoring.read	Le stesse autorizzazioni di `roles/monitoring.viewer`.
https://www.googleapis.com/auth/monitoring.write	Le stesse autorizzazioni di `roles/monitoring.metricWriter`.
https://www.googleapis.com/auth/monitoring	Accesso completo a Monitoring.
https://www.googleapis.com/auth/cloud-platform	Accesso completo a tutte le API Cloud abilitate.

Per maggiori dettagli, vedi Ambiti di accesso.

Best practice. Una buona pratica consiste nell'assegnare alle istanze VM l'ambito di accesso più potente (cloud-platform) e poi utilizzare i ruoli IAM per limitare l'accesso a operazioni e API specifiche. Per maggiori dettagli, vai a Autorizzazioni del service account.

Controlla l'accesso con IAM

Ruoli predefiniti

Autorizzazioni per i ruoli predefiniti

Autorizzazioni per i ruoli di monitoraggio

Monitoring Admin

Monitoring AlertPolicy Editor

Monitoring AlertPolicy Viewer

Monitoring Cloud Console Incident Editor Beta

Monitoring Cloud Console Incident Viewer Beta

Monitoring Dashboard Configuration Editor

Monitoring Dashboard Configuration Viewer

Monitoring Editor

Monitoring Metric Writer

Monitoring Metrics Scopes Admin Beta

Monitoring Metrics Scopes Viewer Beta

Monitoring NotificationChannel Editor Beta

Monitoring NotificationChannel Viewer Beta

Monitoring Service Agent

Monitoring Services Editor

Monitoring Services Viewer

Monitoring Snooze Editor

Monitoring Snooze Viewer

Monitoring Uptime Check Configuration Editor Beta

Monitoring Uptime Check Configuration Viewer Beta

Monitoring Viewer

Ops Config Monitoring Resource Metadata Viewer Beta

Ops Config Monitoring Resource Metadata Writer Beta

Stackdriver Accounts Editor

Stackdriver Accounts Viewer

Stackdriver Resource Metadata Writer Beta

Autorizzazioni di monitoraggio incluse nei ruoli di base Trusted Cloud by S3NS

Ambiti di accesso di Compute Engine

Monitoring Cloud Console Incident Editor ^Beta

Monitoring Cloud Console Incident Viewer ^Beta

Monitoring Metrics Scopes Admin ^Beta

Monitoring Metrics Scopes Viewer ^Beta

Monitoring NotificationChannel Editor ^Beta

Monitoring NotificationChannel Viewer ^Beta

Monitoring Uptime Check Configuration Editor ^Beta

Monitoring Uptime Check Configuration Viewer ^Beta

Ops Config Monitoring Resource Metadata Viewer ^Beta

Ops Config Monitoring Resource Metadata Writer ^Beta

Stackdriver Resource Metadata Writer ^Beta