自 2026 年 4 月 20 日起,BigLake 现在称为 Lakehouse for Apache Iceberg。BigLake metastore 现已更名为 Lakehouse 运行时目录。Lakehouse API、客户端库、CLI 命令和 IAM 名称保持不变,仍引用 BigLake。
Google uses AI technology to translate content into your preferred language. AI translations can contain errors.
Lakehouse IAM 角色
使用集合让一切井井有条
根据您的偏好保存内容并对其进行分类。
Lakehouse for Apache Iceberg 定义了多个 Identity and Access Management (IAM) 角色,用于管理资源。每个预定义角色都包含一组允许主账号执行特定操作的 IAM 权限。
您可以使用 IAM 政策为主账号指定一个或多个 IAM 角色。
IAM 还提供创建自定义 IAM 角色的功能。您可以创建自定义 IAM 角色,并为该角色分配一项或多项权限。然后,您可以将新创建的角色授予正文。使用自定义角色可创建访问权限控制模型,该模型将直接映射到您的需求以及可用的预定义角色。
本页面重点介绍与 Lakehouse 运行时目录相关的 IAM 角色。
准备工作
Lakehouse 角色
IAM Lakehouse 角色是一项或多项权限的集合。您为主账号授予角色,以允许他们对项目中的 Lakehouse 资源执行操作。例如,BigLake Viewer 角色具有 biglake.*.get 和 biglake.*.list 权限,这些权限允许用户获取和列出项目中的 Lakehouse 资源。
下表列出了所有 Lakehouse 角色以及与每个角色关联的权限:
| Role |
Permissions |
BigLake Admin
(roles/biglake.admin)
Provides full access to all BigLake resources.
|
biglake.*
biglake.catalogs.createbiglake.catalogs.deletebiglake.catalogs.getbiglake.catalogs.getIamPolicybiglake.catalogs.listbiglake.catalogs.setIamPolicybiglake.catalogs.updatebiglake.databases.createbiglake.databases.deletebiglake.databases.getbiglake.databases.listbiglake.databases.updatebiglake.locks.checkbiglake.locks.createbiglake.locks.deletebiglake.locks.listbiglake.namespaces.createbiglake.namespaces.deletebiglake.namespaces.getbiglake.namespaces.getIamPolicybiglake.namespaces.listbiglake.namespaces.setIamPolicybiglake.namespaces.updatebiglake.tables.createbiglake.tables.createPartitionsbiglake.tables.deletebiglake.tables.deletePartitionsbiglake.tables.getbiglake.tables.getDatabiglake.tables.getIamPolicybiglake.tables.listbiglake.tables.listPartitionsbiglake.tables.lockbiglake.tables.setIamPolicybiglake.tables.updatebiglake.tables.updateDatabiglake.tables.updatePartitions
resourcemanager.projects.get
resourcemanager.projects.list
|
BigLake Editor
Beta
(roles/biglake.editor)
Provides read and write access to all BigLake resources.
|
biglake.catalogs.create
biglake.catalogs.delete
biglake.catalogs.get
biglake.catalogs.getIamPolicy
biglake.catalogs.list
biglake.catalogs.update
biglake.namespaces.create
biglake.namespaces.delete
biglake.namespaces.get
biglake.namespaces.getIamPolicy
biglake.namespaces.list
biglake.namespaces.update
biglake.tables.create
biglake.tables.createPartitions
biglake.tables.delete
biglake.tables.deletePartitions
biglake.tables.get
biglake.tables.getData
biglake.tables.getIamPolicy
biglake.tables.list
biglake.tables.listPartitions
biglake.tables.update
biglake.tables.updateData
biglake.tables.updatePartitions
resourcemanager.projects.get
resourcemanager.projects.list
|
BigLake Viewer
(roles/biglake.viewer)
Provides read-only access to all BigLake resources.
|
biglake.catalogs.get
biglake.catalogs.getIamPolicy
biglake.catalogs.list
biglake.databases.get
biglake.databases.list
biglake.locks.list
biglake.namespaces.get
biglake.namespaces.getIamPolicy
biglake.namespaces.list
biglake.tables.get
biglake.tables.getData
biglake.tables.getIamPolicy
biglake.tables.list
biglake.tables.listPartitions
resourcemanager.projects.get
resourcemanager.projects.list
|
|
(roles/biglake.metadataViewer)
Provides read-only metadata access to all BigLake resources.
|
biglake.catalogs.get
biglake.catalogs.getIamPolicy
biglake.catalogs.list
biglake.namespaces.get
biglake.namespaces.getIamPolicy
biglake.namespaces.list
biglake.tables.get
biglake.tables.getIamPolicy
biglake.tables.list
biglake.tables.listPartitions
resourcemanager.projects.get
resourcemanager.projects.list
|
后续步骤
如未另行说明,那么本页面中的内容已根据知识共享署名 4.0 许可获得了许可,并且代码示例已根据 Apache 2.0 许可获得了许可。有关详情,请参阅 Google 开发者网站政策。Java 是 Oracle 和/或其关联公司的注册商标。
最后更新时间 (UTC):2026-06-14。
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2026-06-14。"],[],[]]
