在Google Cloud中创建OAuth凭据的权限 [英] Permissions for creating OAuth credentials in Google Cloud
问题描述
使用IAM,我试图允许某些用户访问API,并允许他们创建OAuth客户端凭据.是否存在允许该操作的预定义角色?我不想使用项目编辑器的角色,因为我试图只允许访问必要的服务.
Using IAM, I am trying to allow certain users to access API's and allow them to create OAuth client credentials. Is there a predefined role for allowing this? I don't want to use the role of project editor, because I'm trying to allow access to only the necessary services.
这是用户进入其项目的时间,然后他们转到"API和服务">凭据,该用户收到以下错误: 您无权查看API密钥,OAuth客户端和服务帐户密钥.
It's when the user is in their project, and they go to "APIs and Services" > Credentials, the user receives this error: You don't have permission to view API keys, OAuth clients, and service account keys.
角色/权限: -App Engine管理员 -Cloud Functions开发人员 -Cloud数据存储所有者 -服务帐户管理员 源存储库管理员 -存储管理员
Roles/Permissions: -App Engine Admin -Cloud Functions Developer -Cloud Datastore Owner -Service Account Admin -Source Repository Administrator -Storage Admin
推荐答案
所以我相信我遇到了解决方案.在找不到预定义角色或在线上没有任何答案后,我开始研究创建自定义角色.如果将来有人对此有疑问,这就是我所做的.
So I believe I've come across the solution. After failing to find a predefined role or any answers online, I started to delve into creating custom roles. If anyone has issues with this in the future, here is what I have done.
我去了项目设置>角色>创建角色.然后,我创建了2个自定义角色,这是我分配给它们的所有权限:
I went to Project Settings > Roles > Create Role. I then created 2 custom Roles, here are all the permissions I assigned to them:
自定义API"
- container.apiServices.create
- container.apiServices.delete
- container.apiServices.get
- container.apiServices.list
- container.apiServices.update
- container.apiServices.updateStatus
- serviceusage.apiKeys.create
- serviceusage.apiKeys.delete
- serviceusage.apiKeys.get
- serviceusage.apiKeys.getProjectForKey
- serviceusage.apiKeys.list
- serviceusage.apiKeys.regenerate
- serviceusage.apiKeys.revert
- serviceusage.apiKeys.update
- container.apiServices.create
- container.apiServices.delete
- container.apiServices.get
- container.apiServices.list
- container.apiServices.update
- container.apiServices.updateStatus
- serviceusage.apiKeys.create
- serviceusage.apiKeys.delete
- serviceusage.apiKeys.get
- serviceusage.apiKeys.getProjectForKey
- serviceusage.apiKeys.list
- serviceusage.apiKeys.regenerate
- serviceusage.apiKeys.revert
- serviceusage.apiKeys.update
自定义客户端身份验证"
"Custom Client Auth"
- clientauthconfig.brands.create
- clientauthconfig.brands.delete
- clientauthconfig.brands.get
- clientauthconfig.brands.list
- clientauthconfig.brands.update
- clientauthconfig.clients.create
- clientauthconfig.clients.createSecret
- clientauthconfig.clients.delete
- clientauthconfig.clients.get
- clientauthconfig.clients.getWithSecret
- clientauthconfig.clients.list
- clientauthconfig.clients.listWithSecrets
- clientauthconfig.clients.undelete
- clientauthconfig.clients.update
- clientauthconfig.brands.create
- clientauthconfig.brands.delete
- clientauthconfig.brands.get
- clientauthconfig.brands.list
- clientauthconfig.brands.update
- clientauthconfig.clients.create
- clientauthconfig.clients.createSecret
- clientauthconfig.clients.delete
- clientauthconfig.clients.get
- clientauthconfig.clients.getWithSecret
- clientauthconfig.clients.list
- clientauthconfig.clients.listWithSecrets
- clientauthconfig.clients.undelete
- clientauthconfig.clients.update
*请注意,在撰写本文时,这些单独的权限处于测试"状态,可能无法按预期工作.
*Note that at the time of writing, these individual permissions are in a "testing" state, and may not work as intended.
这篇关于在Google Cloud中创建OAuth凭据的权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!