Alcune o tutte le informazioni in questa pagina potrebbero non essere applicabili a Cloud de Confiance di S3NS. Per maggiori dettagli, consulta Differenze rispetto a Google Cloud.

Google uses AI technology to translate content into your preferred language. AI translations can contain errors.

Controllo dell'accesso con IAM

Service Usage utilizza Identity and Access Management (IAM) per controllare l'accesso ai servizi. Questa pagina spiega i ruoli e le autorizzazioni IAM relativi a Service Usage e come utilizzarli per controllare l'accesso.

Modello di risorsa

Per Service Usage, esistono tre risorse pertinenti:

Il servizio che stai utilizzando.
Il progetto da cui utilizzi il servizio.
L'operazione o l'operazione a lunga esecuzione restituita da determinati metodi.

Ogni metodo di utilizzo del servizio richiede un'autorizzazione per una o più di queste risorse.

Autorizzazioni IAM

La tabella seguente mostra le autorizzazioni richieste per ogni metodo dell'API Service Usage. Puoi trovare queste informazioni anche nel riferimento API.

Metodo	Autorizzazioni obbligatorie
`services.batchEnable`	Sul progetto: `serviceusage.services.enable` Sui servizi: `servicemanagement.services.bind`
`services.enable`	Sul progetto: `serviceusage.services.enable` Sul servizio: `servicemanagement.services.bind`
`services.disable`	Sul progetto: `serviceusage.services.disable`
`services.get`	Sul progetto: `serviceusage.services.get`
`services.list`	Sul progetto: `serviceusage.services.list`
`services.consumerQuotaMetrics.list services.consumerQuotaMetrics.get services.consumerQuotaMetrics.limits.get services.consumerQuotaMetrics.limits.consumerOverrides.list services.consumerQuotaMetrics.limits.adminOverrides.list`	Sul progetto: `serviceusage.quota.get` Sul servizio: `servicemanagement.services.bind`
`services.consumerQuotaMetrics.limits.consumerOverrides.create services.consumerQuotaMetrics.limits.consumerOverrides.patch services.consumerQuotaMetrics.limits.consumerOverrides.delete services.consumerQuotaMetrics.limits.adminOverrides.create services.consumerQuotaMetrics.limits.adminOverrides.patch services.consumerQuotaMetrics.limits.adminOverrides.delete`	Sul progetto: `serviceusage.quota.update` Sul servizio: `servicemanagement.services.bind`
Per utilizzare un progetto a fini di quota e fatturazione. Per ulteriori informazioni, vedi Parametri di sistema.	Sul progetto: `serviceusage.services.use`

Ruoli IAM

Con IAM, concedi l'autorizzazione agli utenti assegnando loro un ruolo. Le tabelle seguenti elencano i ruoli IAM di base e predefiniti e le autorizzazioni relative a Service Usage incluse in questi ruoli.

Per saperne di più sui ruoli, consulta Ruoli e autorizzazioni.

Ruoli di base

Nome Titolo Autorizzazioni

roles/viewer Visualizzatore serviceusage.services.get
serviceusage.services.list
serviceusage.quotas.get

Nome	Titolo	Autorizzazioni
`roles/viewer`	Visualizzatore	serviceusage.services.get serviceusage.services.list serviceusage.quotas.get
`roles/editor` `roles/owner`	Editor Proprietario	serviceusage.services.get serviceusage.services.list serviceusage.services.disable serviceusage.services.enable serviceusage.services.use serviceusage.quotas.get serviceusage.quotas.update

roles/editor

roles/owner

Editor

Proprietario

serviceusage.services.get
serviceusage.services.list
serviceusage.services.disable
serviceusage.services.enable
serviceusage.services.use
serviceusage.quotas.get
serviceusage.quotas.update

Ruoli predefiniti

Role Permissions

Role	Permissions
API Keys Admin (`roles/serviceusage.apiKeysAdmin`) Ability to create, delete, update, get and list API keys for a project.	`apikeys.` `apikeys.keys.create` `apikeys.keys.delete` `apikeys.keys.get` `apikeys.keys.getKeyString` `apikeys.keys.list` `apikeys.keys.lookup` `apikeys.keys.undelete` `apikeys.keys.update` `orgpolicy.policy.get` `serviceusage.apiKeys.` `serviceusage.apiKeys.regenerate` `serviceusage.apiKeys.revert` `serviceusage.operations.get`
Service Usage Admin (`roles/serviceusage.serviceUsageAdmin`) Ability to enable, disable, and inspect service states, inspect operations, and consume quota and billing for a consumer project.	`cloudquotas.` `cloudquotas.quotas.get` `cloudquotas.quotas.update` `monitoring.timeSeries.list` `serviceusage.consumerpolicy.` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.consumerpolicy.update` `serviceusage.contentsecuritypolicy.` `serviceusage.contentsecuritypolicy.get` `serviceusage.contentsecuritypolicy.update` `serviceusage.effectivemcppolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.mcppolicy.` `serviceusage.mcppolicy.get` `serviceusage.mcppolicy.update` `serviceusage.operations.get` `serviceusage.quotas.` `serviceusage.quotas.get` `serviceusage.quotas.update` `serviceusage.services.*` `serviceusage.services.disable` `serviceusage.services.enable` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.services.use` `serviceusage.values.test`
Service Usage Consumer (`roles/serviceusage.serviceUsageConsumer`) Ability to inspect service states and operations, and consume quota and billing for a consumer project.	`monitoring.timeSeries.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.contentsecuritypolicy.get` `serviceusage.effectivemcppolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.*` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.mcppolicy.get` `serviceusage.operations.get` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.services.use` `serviceusage.values.test`
Service Usage Viewer (`roles/serviceusage.serviceUsageViewer`) Ability to inspect service states and operations for a consumer project.	`monitoring.timeSeries.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.contentsecuritypolicy.get` `serviceusage.effectivemcppolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.*` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.mcppolicy.get` `serviceusage.operations.get` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`
API Keys Viewer (`roles/serviceusage.apiKeysViewer`) Ability to get and list API keys for a project.	`apikeys.keys.get` `apikeys.keys.getKeyString` `apikeys.keys.list` `apikeys.keys.lookup`

API Keys Admin

(roles/serviceusage.apiKeysAdmin)

Ability to create, delete, update, get and list API keys for a project.

apikeys.*

apikeys.keys.create
apikeys.keys.delete
apikeys.keys.get
apikeys.keys.getKeyString
apikeys.keys.list
apikeys.keys.lookup
apikeys.keys.undelete
apikeys.keys.update

orgpolicy.policy.get

serviceusage.apiKeys.*

serviceusage.apiKeys.regenerate
serviceusage.apiKeys.revert

serviceusage.operations.get

Service Usage Admin

(roles/serviceusage.serviceUsageAdmin)

Ability to enable, disable, and inspect service states, inspect operations, and consume quota and billing for a consumer project.

cloudquotas.*

cloudquotas.quotas.get
cloudquotas.quotas.update

monitoring.timeSeries.list

serviceusage.consumerpolicy.*

serviceusage.consumerpolicy.analyze
serviceusage.consumerpolicy.get
serviceusage.consumerpolicy.update

serviceusage.contentsecuritypolicy.*

serviceusage.contentsecuritypolicy.get
serviceusage.contentsecuritypolicy.update

serviceusage.effectivemcppolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.mcppolicy.*

serviceusage.mcppolicy.get
serviceusage.mcppolicy.update

serviceusage.operations.get

serviceusage.quotas.*

serviceusage.quotas.get
serviceusage.quotas.update

serviceusage.services.*

serviceusage.services.disable
serviceusage.services.enable
serviceusage.services.get
serviceusage.services.list
serviceusage.services.use

serviceusage.values.test

Service Usage Consumer

(roles/serviceusage.serviceUsageConsumer)

Ability to inspect service states and operations, and consume quota and billing for a consumer project.

monitoring.timeSeries.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.contentsecuritypolicy.get

serviceusage.effectivemcppolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.mcppolicy.get

serviceusage.operations.get

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.services.use

serviceusage.values.test

Service Usage Viewer

(roles/serviceusage.serviceUsageViewer)

Ability to inspect service states and operations for a consumer project.

monitoring.timeSeries.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.contentsecuritypolicy.get

serviceusage.effectivemcppolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.mcppolicy.get

serviceusage.operations.get

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

API Keys Viewer

(roles/serviceusage.apiKeysViewer)

Ability to get and list API keys for a project.

apikeys.keys.get

apikeys.keys.getKeyString

apikeys.keys.list

apikeys.keys.lookup