自 2026 年 4 月 20 日起,BigLake 將改名為 Lakehouse for Apache Iceberg。BigLake metastore 現在稱為 Lakehouse 執行階段目錄。湖倉 API、用戶端程式庫、CLI 指令和 IAM 名稱維持不變,仍會參照 BigLake。
Google uses AI technology to translate content into your preferred language. AI translations can contain errors.
Lakehouse IAM 角色
透過集合功能整理內容
你可以依據偏好儲存及分類內容。
Lakehouse for Apache Iceberg 定義了多個 Identity and Access Management (IAM) 角色,可管理資源。每個預先定義的角色都包含一組 IAM 權限,可讓主體執行特定動作。您可以使用 IAM 政策,為主體提供一或多個 IAM 角色。
IAM 也能建立自訂 IAM 角色。您可以建立自訂身分與存取權管理角色,並為角色指派一或多個權限。接著,您可以授予主體新角色。您可以使用自訂角色,直接根據自己的需求建立存取控管模型;此外,Google 也提供預先定義的角色。
本頁面著重說明與 Lakehouse 執行階段目錄相關的 IAM 角色。
事前準備
Lakehouse 角色
IAM Lakehouse 角色是由一或多個權限集合而成。您可以將角色授予主體,讓他們能夠對專案中的 Lakehouse 資源執行動作。舉例來說,BigLake 檢視者角色包含 biglake.*.get 和 biglake.*.list 權限,可讓使用者取得及列出專案中的 Lakehouse 資源。
下表列出所有 Lakehouse 角色,以及與各角色有關的權限:
| Role |
Permissions |
BigLake Admin
(roles/biglake.admin)
Provides full access to all BigLake resources.
|
biglake.*
biglake.catalogs.createbiglake.catalogs.deletebiglake.catalogs.getbiglake.catalogs.getIamPolicybiglake.catalogs.listbiglake.catalogs.setIamPolicybiglake.catalogs.updatebiglake.databases.createbiglake.databases.deletebiglake.databases.getbiglake.databases.listbiglake.databases.updatebiglake.locks.checkbiglake.locks.createbiglake.locks.deletebiglake.locks.listbiglake.namespaces.createbiglake.namespaces.deletebiglake.namespaces.getbiglake.namespaces.getIamPolicybiglake.namespaces.listbiglake.namespaces.setIamPolicybiglake.namespaces.updatebiglake.tables.createbiglake.tables.createPartitionsbiglake.tables.deletebiglake.tables.deletePartitionsbiglake.tables.getbiglake.tables.getDatabiglake.tables.getIamPolicybiglake.tables.listbiglake.tables.listPartitionsbiglake.tables.lockbiglake.tables.setIamPolicybiglake.tables.updatebiglake.tables.updateDatabiglake.tables.updatePartitions
resourcemanager.projects.get
resourcemanager.projects.list
|
BigLake Editor
Beta
(roles/biglake.editor)
Provides read and write access to all BigLake resources.
|
biglake.catalogs.create
biglake.catalogs.delete
biglake.catalogs.get
biglake.catalogs.getIamPolicy
biglake.catalogs.list
biglake.catalogs.update
biglake.namespaces.create
biglake.namespaces.delete
biglake.namespaces.get
biglake.namespaces.getIamPolicy
biglake.namespaces.list
biglake.namespaces.update
biglake.tables.create
biglake.tables.createPartitions
biglake.tables.delete
biglake.tables.deletePartitions
biglake.tables.get
biglake.tables.getData
biglake.tables.getIamPolicy
biglake.tables.list
biglake.tables.listPartitions
biglake.tables.update
biglake.tables.updateData
biglake.tables.updatePartitions
resourcemanager.projects.get
resourcemanager.projects.list
|
BigLake Viewer
(roles/biglake.viewer)
Provides read-only access to all BigLake resources.
|
biglake.catalogs.get
biglake.catalogs.getIamPolicy
biglake.catalogs.list
biglake.databases.get
biglake.databases.list
biglake.locks.list
biglake.namespaces.get
biglake.namespaces.getIamPolicy
biglake.namespaces.list
biglake.tables.get
biglake.tables.getData
biglake.tables.getIamPolicy
biglake.tables.list
biglake.tables.listPartitions
resourcemanager.projects.get
resourcemanager.projects.list
|
|
(roles/biglake.metadataViewer)
Provides read-only metadata access to all BigLake resources.
|
biglake.catalogs.get
biglake.catalogs.getIamPolicy
biglake.catalogs.list
biglake.namespaces.get
biglake.namespaces.getIamPolicy
biglake.namespaces.list
biglake.tables.get
biglake.tables.getIamPolicy
biglake.tables.list
biglake.tables.listPartitions
resourcemanager.projects.get
resourcemanager.projects.list
|
後續步驟
除非另有註明,否則本頁面中的內容是採用創用 CC 姓名標示 4.0 授權,程式碼範例則為阿帕契 2.0 授權。詳情請參閱《Google Developers 網站政策》。Java 是 Oracle 和/或其關聯企業的註冊商標。
上次更新時間:2026-06-14 (世界標準時間)。
[[["容易理解","easyToUnderstand","thumb-up"],["確實解決了我的問題","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["難以理解","hardToUnderstand","thumb-down"],["資訊或程式碼範例有誤","incorrectInformationOrSampleCode","thumb-down"],["缺少我需要的資訊/範例","missingTheInformationSamplesINeed","thumb-down"],["翻譯問題","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["上次更新時間:2026-06-14 (世界標準時間)。"],[],[]]
