Algumas ou todas as informações nesta página podem não se aplicar ao Cloud de Confiance by S3NS. Consulte o artigo Diferenças em relação ao Google Cloud para mais detalhes.

Esta página foi traduzida pela API Cloud Translation.

Controlo de acesso com a IAM

A utilização de serviços usa a gestão de identidade e de acesso (IAM) para controlar o acesso aos serviços. Esta página explica as funções e as autorizações da IAM relacionadas com a utilização de serviços e como as usar para controlar o acesso.

Modelo de recurso

Para a utilização de serviços, existem três recursos relevantes:

O serviço que está a usar.
O projeto a partir do qual está a usar o serviço.
A operação ou a operação de longa duração devolvida por determinados métodos.

Cada método de utilização do serviço requer uma autorização num ou mais destes recursos.

Autorizações de IAM

A tabela seguinte mostra as autorizações necessárias para cada método da API Service Usage. Também pode encontrar estas informações na referência da API.

Método	Autorizações necessárias
`services.batchEnable`	No projeto: `serviceusage.services.enable` Nos serviços: `servicemanagement.services.bind`
`services.enable`	No projeto: `serviceusage.services.enable` No serviço: `servicemanagement.services.bind`
`services.disable`	No projeto: `serviceusage.services.disable`
`services.get`	No projeto: `serviceusage.services.get`
`services.list`	No projeto: `serviceusage.services.list`
`services.consumerQuotaMetrics.list services.consumerQuotaMetrics.get services.consumerQuotaMetrics.limits.get services.consumerQuotaMetrics.limits.consumerOverrides.list services.consumerQuotaMetrics.limits.adminOverrides.list services.consumerQuotaMetrics.limits.producerOverrides.list`	No projeto: `serviceusage.quota.get` No serviço: `servicemanagement.services.bind`
`services.consumerQuotaMetrics.consumerOverrides.create services.consumerQuotaMetrics.consumerOverrides.patch services.consumerQuotaMetrics.consumerOverrides.delete services.adminQuotaMetrics.adminOverrides.create services.adminQuotaMetrics.adminOverrides.patch services.adminQuotaMetrics.adminOverrides.delete`	No projeto: `serviceusage.quota.update` No serviço: `servicemanagement.services.bind`
Para usar um projeto para fins de quota e faturação. Para mais informações, consulte Parâmetros do sistema.	No projeto: `serviceusage.services.use`

Funções de IAM

Com o IAM, concede autorização aos utilizadores atribuindo-lhes uma função. As tabelas seguintes apresentam as funções básicas e predefinidas do IAM, bem como as autorizações relacionadas com a utilização de serviços que essas funções incluem.

Para mais informações sobre as funções, consulte o artigo Compreender as funções.

Funções básicas

Nome Título Autorizações

roles/viewer Leitor serviceusage.services.get
serviceusage.services.list
serviceusage.quotas.get

Nome	Título	Autorizações
`roles/viewer`	Leitor	serviceusage.services.get serviceusage.services.list serviceusage.quotas.get
`roles/editor` `roles/owner`	Editor Proprietário	serviceusage.services.get serviceusage.services.list serviceusage.services.disable serviceusage.services.enable serviceusage.services.use serviceusage.quotas.get serviceusage.quotas.update

roles/editor

roles/owner

Editor

Proprietário

serviceusage.services.get
serviceusage.services.list
serviceusage.services.disable
serviceusage.services.enable
serviceusage.services.use
serviceusage.quotas.get
serviceusage.quotas.update

Funções predefinidas

Role Permissions

Role	Permissions
API Keys Admin (`roles/serviceusage.apiKeysAdmin`) Ability to create, delete, update, get and list API keys for a project.	`apikeys.` `apikeys.keys.create` `apikeys.keys.delete` `apikeys.keys.get` `apikeys.keys.getKeyString` `apikeys.keys.list` `apikeys.keys.lookup` `apikeys.keys.undelete` `apikeys.keys.update` `orgpolicy.policy.get` `serviceusage.apiKeys.` `serviceusage.apiKeys.regenerate` `serviceusage.apiKeys.revert` `serviceusage.operations.get`
API Keys Viewer (`roles/serviceusage.apiKeysViewer`) Ability to get and list API keys for a project.	`apikeys.keys.get` `apikeys.keys.getKeyString` `apikeys.keys.list` `apikeys.keys.lookup`
Service Usage Admin (`roles/serviceusage.serviceUsageAdmin`) Ability to enable, disable, and inspect service states, inspect operations, and consume quota and billing for a consumer project.	`monitoring.timeSeries.list` `serviceusage.consumerpolicy.` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.consumerpolicy.update` `serviceusage.contentsecuritypolicy.` `serviceusage.contentsecuritypolicy.get` `serviceusage.contentsecuritypolicy.update` `serviceusage.effectivemcppolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.mcppolicy.` `serviceusage.mcppolicy.get` `serviceusage.mcppolicy.update` `serviceusage.operations.get` `serviceusage.quotas.` `serviceusage.quotas.get` `serviceusage.quotas.update` `serviceusage.services.` `serviceusage.services.disable` `serviceusage.services.enable` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.services.use` `serviceusage.values.test`
Service Usage Consumer (`roles/serviceusage.serviceUsageConsumer`) Ability to inspect service states and operations, and consume quota and billing for a consumer project.	`monitoring.timeSeries.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.contentsecuritypolicy.get` `serviceusage.effectivemcppolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.*` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.mcppolicy.get` `serviceusage.operations.get` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.services.use` `serviceusage.values.test`
Service Usage Viewer (`roles/serviceusage.serviceUsageViewer`) Ability to inspect service states and operations for a consumer project.	`monitoring.timeSeries.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.contentsecuritypolicy.get` `serviceusage.effectivemcppolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.*` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.mcppolicy.get` `serviceusage.operations.get` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`

API Keys Admin

(roles/serviceusage.apiKeysAdmin)

Ability to create, delete, update, get and list API keys for a project.

apikeys.*

apikeys.keys.create
apikeys.keys.delete
apikeys.keys.get
apikeys.keys.getKeyString
apikeys.keys.list
apikeys.keys.lookup
apikeys.keys.undelete
apikeys.keys.update

orgpolicy.policy.get

serviceusage.apiKeys.*

serviceusage.apiKeys.regenerate
serviceusage.apiKeys.revert

serviceusage.operations.get

API Keys Viewer

(roles/serviceusage.apiKeysViewer)

Ability to get and list API keys for a project.

apikeys.keys.get

apikeys.keys.getKeyString

apikeys.keys.list

apikeys.keys.lookup

Service Usage Admin

(roles/serviceusage.serviceUsageAdmin)

Ability to enable, disable, and inspect service states, inspect operations, and consume quota and billing for a consumer project.

monitoring.timeSeries.list

serviceusage.consumerpolicy.*

serviceusage.consumerpolicy.analyze
serviceusage.consumerpolicy.get
serviceusage.consumerpolicy.update

serviceusage.contentsecuritypolicy.*

serviceusage.contentsecuritypolicy.get
serviceusage.contentsecuritypolicy.update

serviceusage.effectivemcppolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.mcppolicy.*

serviceusage.mcppolicy.get
serviceusage.mcppolicy.update

serviceusage.operations.get

serviceusage.quotas.*

serviceusage.quotas.get
serviceusage.quotas.update

serviceusage.services.*

serviceusage.services.disable
serviceusage.services.enable
serviceusage.services.get
serviceusage.services.list
serviceusage.services.use

serviceusage.values.test

Service Usage Consumer

(roles/serviceusage.serviceUsageConsumer)

Ability to inspect service states and operations, and consume quota and billing for a consumer project.

monitoring.timeSeries.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.contentsecuritypolicy.get

serviceusage.effectivemcppolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.mcppolicy.get

serviceusage.operations.get

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.services.use

serviceusage.values.test

Service Usage Viewer

(roles/serviceusage.serviceUsageViewer)

Ability to inspect service states and operations for a consumer project.

monitoring.timeSeries.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.contentsecuritypolicy.get

serviceusage.effectivemcppolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.mcppolicy.get

serviceusage.operations.get

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test