在Google Cloud中创建OAuth凭据的权限 [英] Permissions for creating OAuth credentials in Google Cloud

问题描述

使用IAM，我试图允许某些用户访问API，并允许他们创建OAuth客户端凭据.是否存在允许该操作的预定义角色?我不想使用项目编辑器的角色，因为我试图只允许访问必要的服务.

Using IAM, I am trying to allow certain users to access API's and allow them to create OAuth client credentials. Is there a predefined role for allowing this? I don't want to use the role of project editor, because I'm trying to allow access to only the necessary services.

这是用户进入其项目的时间，然后他们转到"API和服务">凭据，该用户收到以下错误: 您无权查看API密钥，OAuth客户端和服务帐户密钥.

It's when the user is in their project, and they go to "APIs and Services" > Credentials, the user receives this error: You don't have permission to view API keys, OAuth clients, and service account keys.

角色/权限: -App Engine管理员 -Cloud Functions开发人员 -Cloud数据存储所有者 -服务帐户管理员 源存储库管理员 -存储管理员

Roles/Permissions: -App Engine Admin -Cloud Functions Developer -Cloud Datastore Owner -Service Account Admin -Source Repository Administrator -Storage Admin

推荐答案

所以我相信我遇到了解决方案.在找不到预定义角色或在线上没有任何答案后，我开始研究创建自定义角色.如果将来有人对此有疑问，这就是我所做的.

So I believe I've come across the solution. After failing to find a predefined role or any answers online, I started to delve into creating custom roles. If anyone has issues with this in the future, here is what I have done.

我去了项目设置>角色>创建角色.然后，我创建了2个自定义角色，这是我分配给它们的所有权限:

I went to Project Settings > Roles > Create Role. I then created 2 custom Roles, here are all the permissions I assigned to them:

自定义API"

• container.apiServices.create
• container.apiServices.delete
• container.apiServices.get
• container.apiServices.list
• container.apiServices.update
• container.apiServices.updateStatus
• serviceusage.apiKeys.create
• serviceusage.apiKeys.delete
• serviceusage.apiKeys.get
• serviceusage.apiKeys.getProjectForKey
• serviceusage.apiKeys.list
• serviceusage.apiKeys.regenerate
• serviceusage.apiKeys.revert
• serviceusage.apiKeys.update

• container.apiServices.create
• container.apiServices.delete
• container.apiServices.get
• container.apiServices.list
• container.apiServices.update
• container.apiServices.updateStatus
• serviceusage.apiKeys.create
• serviceusage.apiKeys.delete
• serviceusage.apiKeys.get
• serviceusage.apiKeys.getProjectForKey
• serviceusage.apiKeys.list
• serviceusage.apiKeys.regenerate
• serviceusage.apiKeys.revert
• serviceusage.apiKeys.update

自定义客户端身份验证"

"Custom Client Auth"

• clientauthconfig.brands.create
• clientauthconfig.brands.delete
• clientauthconfig.brands.get
• clientauthconfig.brands.list
• clientauthconfig.brands.update
• clientauthconfig.clients.create
• clientauthconfig.clients.createSecret
• clientauthconfig.clients.delete
• clientauthconfig.clients.get
• clientauthconfig.clients.getWithSecret
• clientauthconfig.clients.list
• clientauthconfig.clients.listWithSecrets
• clientauthconfig.clients.undelete
• clientauthconfig.clients.update

• clientauthconfig.brands.create
• clientauthconfig.brands.delete
• clientauthconfig.brands.get
• clientauthconfig.brands.list
• clientauthconfig.brands.update
• clientauthconfig.clients.create
• clientauthconfig.clients.createSecret
• clientauthconfig.clients.delete
• clientauthconfig.clients.get
• clientauthconfig.clients.getWithSecret
• clientauthconfig.clients.list
• clientauthconfig.clients.listWithSecrets
• clientauthconfig.clients.undelete
• clientauthconfig.clients.update

*请注意，在撰写本文时，这些单独的权限处于测试"状态，可能无法按预期工作.

*Note that at the time of writing, these individual permissions are in a "testing" state, and may not work as intended.

这篇关于在Google Cloud中创建OAuth凭据的权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！