アーティファクト保護は、Identity and Access Management(IAM)のロールと権限を使用して、リソースへのアクセスを管理します。IAM ロールは、ユーザー、グループ、サービス アカウントに付与できます。ロールの付与については、プロジェクト、フォルダ、組織に対するアクセス権の管理をご覧ください。
Artifact Guard のロール
アーティファクト保護では、次の IAM ロールを使用できます。
| ロール | 権限 |
|---|---|
| Artifact Scan Guard 管理者 ( roles/artifactscanguard.admin)アーティファクト保護リソースに対する完全アクセス権。ポリシーを作成し、ポリシーのパフォーマンスを評価して可視化します。 |
artifactscanguard.artifactEvaluations.create artifactscanguard.artifactEvaluations.get artifactscanguard.artifactPoliciesEvaluations.create artifactscanguard.artifactPoliciesEvaluations.get artifactscanguard.connectors.create artifactscanguard.connectors.delete artifactscanguard.connectors.get artifactscanguard.connectors.list artifactscanguard.connectors.update artifactscanguard.locations.get artifactscanguard.locations.list artifactscanguard.operations.delete artifactscanguard.operations.get artifactscanguard.operations.list artifactscanguard.policies.create artifactscanguard.policies.delete artifactscanguard.policies.get artifactscanguard.policies.list artifactscanguard.policies.update artifactscanguard.reports.listConnectorEvaluations artifactscanguard.reports.listPolicyEvaluationSummaries monitoring.timeSeries.create orgpolicy.policy.get resourcemanager.organizations.get resourcemanager.projects.get resourcemanager.projects.list storage.folders.create storage.folders.delete storage.folders.get storage.folders.list storage.folders.rename storage.managedFolders.create storage.managedFolders.delete storage.managedFolders.get storage.managedFolders.list storage.multipartUploads.abort storage.multipartUploads.create storage.multipartUploads.list storage.multipartUploads.listParts storage.objects.create storage.objects.createContext storage.objects.delete storage.objects.deleteContext storage.objects.get storage.objects.list storage.objects.move storage.objects.restore storage.objects.update storage.objects.updateContext |
| Artifact Scan Guard Evaluation 管理者 ( roles/artifactscanguard.policyEvaluator)Artifact Evaluation リソースに対する完全アクセス権。 |
artifactscanguard.artifactEvaluations.create artifactscanguard.artifactEvaluations.get artifactscanguard.artifactPoliciesEvaluations.create artifactscanguard.artifactPoliciesEvaluations.get artifactscanguard.locations.get artifactscanguard.locations.list artifactscanguard.operations.get monitoring.timeSeries.create orgpolicy.policy.get resourcemanager.organizations.get resourcemanager.projects.get resourcemanager.projects.list storage.folders.create storage.folders.delete storage.folders.get storage.folders.list storage.folders.rename storage.managedFolders.create storage.managedFolders.delete storage.managedFolders.get storage.managedFolders.list storage.multipartUploads.abort storage.multipartUploads.create storage.multipartUploads.list storage.multipartUploads.listParts storage.objects.create storage.objects.createContext storage.objects.delete storage.objects.deleteContext storage.objects.get storage.objects.list storage.objects.move storage.objects.restore storage.objects.update storage.objects.updateContext |
| Artifact Scan Guard Connector 管理者 ( roles/artifactscanguard.connectorAdmin)Connector リソースに対する完全アクセス権。 |
artifactscanguard.connectors.create artifactscanguard.connectors.delete artifactscanguard.connectors.get artifactscanguard.connectors.list artifactscanguard.connectors.update artifactscanguard.locations.get artifactscanguard.locations.list artifactscanguard.operations.get resourcemanager.organizations.get resourcemanager.projects.get |
| Artifact Scan Guard Policy 管理者 ( roles/artifactscanguard.policyAdmin)ポリシー リソースに対する完全アクセス権。ポリシーを作成し、ポリシーのパフォーマンスを可視化します。 |
artifactscanguard.locations.get artifactscanguard.locations.list artifactscanguard.operations.get artifactscanguard.policies.create artifactscanguard.policies.delete artifactscanguard.policies.get artifactscanguard.policies.list artifactscanguard.policies.update resourcemanager.organizations.get resourcemanager.projects.get |
| Artifact Scan Guard Policy Evaluation 管理者 ( roles/artifactscanguard.policyEvaluationAdmin)ポリシー評価リソースに対する完全アクセス権。 |
artifactscanguard.artifactPoliciesEvaluations.create artifactscanguard.artifactPoliciesEvaluations.get artifactscanguard.locations.get artifactscanguard.locations.list artifactscanguard.operations.get monitoring.timeSeries.create orgpolicy.policy.get resourcemanager.organizations.get resourcemanager.projects.get resourcemanager.projects.list storage.folders.create storage.folders.delete storage.folders.get storage.folders.list storage.folders.rename storage.managedFolders.create storage.managedFolders.delete storage.managedFolders.get storage.managedFolders.list storage.multipartUploads.abort storage.multipartUploads.create storage.multipartUploads.list storage.multipartUploads.listParts storage.objects.create storage.objects.createContext storage.objects.delete storage.objects.deleteContext storage.objects.get storage.objects.list storage.objects.move storage.objects.restore storage.objects.update storage.objects.updateContext |
| Artifact Scan Guard レポート管理者 ( roles/artifactscanguard.reportAdmin)レポート リソースに対する完全アクセス権。 |
artifactscanguard.locations.get artifactscanguard.locations.list artifactscanguard.operations.get artifactscanguard.reports.listConnectorEvaluations artifactscanguard.reports.listPolicyEvaluationSummaries resourcemanager.organizations.get resourcemanager.projects.get |
| Artifact Scan Guard 閲覧者 ( roles/artifactscanguard.viewer)アーティファクト保護リソースに対する読み取り専用アクセス権。 |
artifactscanguard.artifactPoliciesEvaluations.get artifactscanguard.connectors.get artifactscanguard.connectors.list artifactscanguard.locations.get artifactscanguard.locations.list artifactscanguard.operations.get artifactscanguard.policies.get artifactscanguard.policies.list artifactscanguard.reports.listConnectorEvaluations artifactscanguard.reports.listPolicyEvaluationSummaries resourcemanager.organizations.get resourcemanager.projects.get |
| Artifact Scan Guard Connector 閲覧者 ( roles/artifactscanguard.connectorViewer)Connector リソースに対する読み取り専用アクセス権。 |
artifactscanguard.connectors.get artifactscanguard.connectors.list artifactscanguard.locations.get artifactscanguard.locations.list artifactscanguard.operations.get resourcemanager.organizations.get resourcemanager.projects.get |
| Artifact Scan Guard Policy 閲覧者 ( roles/artifactscanguard.policyViewer)ポリシー リソースへの読み取り専用アクセス権。 |
artifactscanguard.locations.get artifactscanguard.locations.list artifactscanguard.operations.get artifactscanguard.policies.get artifactscanguard.policies.list resourcemanager.organizations.get resourcemanager.projects.get |
| Artifact Scan Guard Policy Evaluation 閲覧者 ( roles/artifactscanguard.policyEvaluationViewer)Policy Evaluation リソースへの読み取り専用アクセス権。 |
artifactscanguard.artifactPoliciesEvaluations.get artifactscanguard.locations.get artifactscanguard.locations.list artifactscanguard.operations.get resourcemanager.organizations.get resourcemanager.projects.get |
| Artifact Scan Guard レポート閲覧者 ( roles/artifactscanguard.reportViewer)レポート リソースに対する読み取り専用アクセス権。 |
artifactscanguard.locations.get artifactscanguard.locations.list artifactscanguard.operations.get artifactscanguard.reports.listConnectorEvaluations artifactscanguard.reports.listPolicyEvaluationSummaries resourcemanager.organizations.get resourcemanager.projects.get |