部署到Firebase托管需要哪些IAM角色? [英] What IAM roles are needed for deploying to Firebase Hosting?

问题描述

我正在尝试向第三方授予权限，以在我已建立的项目上进行Firebase Hosting的部署.我探索了GCP控制台中可用的IAM权限，并且仅有一半相关的角色似乎是 Firebase Rules System ，但是这不允许用户部署到托管.尽管 Project Editor 可能会起作用，但我不想赋予他们太多的权限，因为他们可以自己付费启动其他Firebase产品.

I am trying to give permissions to a third party to make deployments to Firebase Hosting on a project I have set up. I explored the IAM permissions available in the GCP console, and the only half-related role seems to be the Firebase Rules System, however that didn't allow the user to deploy to hosting. While Project Editor would probably work, I don't want to give them that much authority, as they could launch other Firebase products at my expense.

我应该添加哪些IAM角色以允许用户部署到Firebase Hosting?

What IAM roles should I add to allow a user to deploy to Firebase Hosting?

推荐答案

更新(2018-11-12):Firebase似乎已在其2018年10月28日发行版中添加了更详尽的权限设置:

Update (2018-11-12): Firebase seems to have added more granular permission settings with their October 28, 2018 release:

Firebase控制台现在提供了预定义的Firebase角色.与原始的Owner/Editor/Viewer角色相比，这些新角色提供了更精细的访问.要编辑您的项目的成员访问权限，请访问 Firebase控制台用户和权限页面.有关角色的更多信息，请参见使用Firebase IAM管理项目访问权限.

The Firebase console now offers predefined Firebase roles. These new roles enable more granular access than the primitive Owner/Editor/Viewer roles. To edit member access for your project, visit the Firebase console Users and permissions page. For more information on roles, see Manage project access with Firebase IAM.

深入研究，我发现这些与托管有关的IAM条目: https://firebase.google.com/docs/projects/iam/permissions#hosting

Digging deeper, I found these IAM entries related to hosting: https://firebase.google.com/docs/projects/iam/permissions#hosting

原始答案:

我请求Firebase支持，以下是他们的答复:

I asked Firebase support and the following was their reply:

要能够部署托管应用，您的开发人员必须是所有者或编辑.因此，在您的情况下，您可以赋予的最低特权是编辑器，因为当前基于静态的基于角色的访问限制托管不可用.我们知道许多开发人员，例如您自己想要更广泛，更细致的控制权限.我们正在探索潜在的解决方案，但我无法分享目前没有任何详细信息或时间表.

To be able to deploy hosting app your developer must be either an Owner or Editor. So in your case, lowest privilege that you can give is Editor because currently role-based access restriction for Static Hosting is unavailable. We're aware that many developers, such as yourself, would like more extensive and granular control for permissions. We're exploring potential solutions, but I can't share any details or timelines at this time.

请留意我们的发行说明，以获取进一步的更新.

Keep an eye out on our release notes for any further updates.

这篇关于部署到Firebase托管需要哪些IAM角色?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！