Google Cloud Natural Language API的IAM角色 [英] IAM roles for Google Cloud Natural Language API
问题描述
我想将Google Cloud Natural Language API与它的Node.js库一起使用.对于身份验证,我使用了 docs 建议的服务帐户 文档建议使用角色所有者",但要使用生产更细化"的权限.不幸的是,他们没有提到可用的角色.在 IAM文档中也找不到角色,我通常在其中查找角色/权限
I want to use Google Cloud Natural Language API with its Node.js lib. For authentication, I use a service-account as suggested by the docs Docs suggest to use role "Owner" but for production "more granular" permissions. Unfortunately they dont mention available roles. Nor do I find roles at IAM docs, where I usually lookup roles/permissions.
哪些角色可用于NLP API?有AutoML角色,并且由于AutoML与NLP相关,所以也许合适吗?
Which roles are available for NLP API ? There are AutoML roles and as AutoML is related to NLP, maybe they fit?
我的测试表明,实际上我使用哪个角色都没有关系.甚至"BigQuery MetadataViewer"之类的东西都可以授予对NLP API的访问权限?! 但是,我想使用正确的角色,而不是随机的角色,以防以后出现问题.
My tests have shown that it actually doesnt matter which role I use. Even sth like "BigQuery MetadataViewer" will grant access to NLP API ?! However I would like to use the correct role instead of a random one and somewhen later stuff will break.
并补充说明, API密钥文档表示NLP仅可以通过API密钥访问API,但是NLP文档本身会告诉您使用服务帐户.我猜API密钥是旧信息.
And to add to the confusion, API keys doc says that NLP API is only accessible via API-key, but the NLP doc itself tells you to use a service-account. I guess API key is legacy information..
推荐答案
Cloud Natural Language使用AutoML角色,因为它是自动ML角色具有:AutoML Admin,AutoML编辑器,AutoML Predictor和AutoML Viewer.
Cloud Natural Language uses AutoML roles since is part of the AutoML products. At this moment Auto ML roles has: AutoML Admin, AutoML Editor, AutoML Predictor and AutoML Viewer.
您必须分析将在应用程序中使用的角色,一旦确定,您就可以决定哪个角色类型适合您的应用,请记住,使用
You have to analyze which roles you will use in your application and once you determine it you could decide which type of roles fits to your app, remember that with custom roles you can define the level access you need to your users.
请记住,服务帐户是Google帐户的特殊类型,并且未附加到用户;因此,使用该服务帐户的资源不需要最终用户身份验证,这就是为什么建议使用
Keep in mind that service account is as special type of Google account and is not attached to a user; thus, the resources which used that service account don't need end-user authentication, that's why is recommended to use a service account where you are working with a client library (Node.JS).
这篇关于Google Cloud Natural Language API的IAM角色的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
