部署到Firebase托管需要哪些IAM角色? [英] What IAM roles are needed for deploying to Firebase Hosting?
问题描述
我正在尝试向第三方授予权限,以在我已建立的项目上进行Firebase Hosting的部署.我探索了GCP控制台中可用的IAM权限,并且仅有一半相关的角色似乎是 Firebase Rules System
,但是这不允许用户部署到托管.尽管 Project Editor
可能会起作用,但我不想赋予他们太多的权限,因为他们可以自己付费启动其他Firebase产品.
I am trying to give permissions to a third party to make deployments to Firebase Hosting on a project I have set up. I explored the IAM permissions available in the GCP console, and the only half-related role seems to be the Firebase Rules System
, however that didn't allow the user to deploy to hosting. While Project Editor
would probably work, I don't want to give them that much authority, as they could launch other Firebase products at my expense.
我应该添加哪些IAM角色以允许用户部署到Firebase Hosting?
What IAM roles should I add to allow a user to deploy to Firebase Hosting?
推荐答案
更新(2018-11-12):Firebase似乎已在其2018年10月28日发行版中添加了更详尽的权限设置:
Update (2018-11-12): Firebase seems to have added more granular permission settings with their October 28, 2018 release:
Firebase控制台现在提供了预定义的Firebase角色.与原始的Owner/Editor/Viewer角色相比,这些新角色提供了更精细的访问.要编辑您的项目的成员访问权限,请访问 Firebase控制台用户和权限页面一个>.有关角色的更多信息,请参见使用Firebase IAM管理项目访问权限.>
The Firebase console now offers predefined Firebase roles. These new roles enable more granular access than the primitive Owner/Editor/Viewer roles. To edit member access for your project, visit the Firebase console Users and permissions page. For more information on roles, see Manage project access with Firebase IAM.
深入研究,我发现这些与托管有关的IAM条目: https://firebase.google.com/docs/projects/iam/permissions#hosting
Digging deeper, I found these IAM entries related to hosting: https://firebase.google.com/docs/projects/iam/permissions#hosting
原始答案:
我请求Firebase支持,以下是他们的答复:
I asked Firebase support and the following was their reply:
要能够部署托管应用,您的开发人员必须是所有者或编辑.因此,在您的情况下,您可以赋予的最低特权是编辑器,因为当前基于静态的基于角色的访问限制托管不可用.我们知道许多开发人员,例如您自己想要更广泛,更细致的控制权限.我们正在探索潜在的解决方案,但我无法分享目前没有任何详细信息或时间表.
To be able to deploy hosting app your developer must be either an Owner or Editor. So in your case, lowest privilege that you can give is Editor because currently role-based access restriction for Static Hosting is unavailable. We're aware that many developers, such as yourself, would like more extensive and granular control for permissions. We're exploring potential solutions, but I can't share any details or timelines at this time.
请留意我们的发行说明,以获取进一步的更新.
Keep an eye out on our release notes for any further updates.
这篇关于部署到Firebase托管需要哪些IAM角色?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!