Cloud Billing API 액세스 제어

Google Cloud 는 특정 Google Cloud 리소스에는 액세스 권한을 부여하고, 다른 리소스에는 부여하지 않도록 설정할 수 있는 Identity and Access Management(IAM)를 제공합니다. IAM은 최소 권한의 보안 원칙을 채택하여 리소스에 대해 필요한 액세스 권한만 부여할 수 있게 해줍니다.

IAM을 사용하면 IAM 허용 정책을 설정하여 어떠한 리소스에 대해 누구(사용자)에게 어떠한 액세스 권한(역할)이 있는지 제어할 수 있습니다. 허용 정책은 사용자에게 특정 역할을 부여하며 사용자는 해당 역할에서 권한을 부여받습니다.

이 페이지에서는 Cloud Billing API에서 사용할 수 있는 IAM 역할을 설명합니다. 예를 들어 IAM을 사용하여 Cloud Billing 계정에 대한 결제 계정 비용 관리자 또는 결제 계정 뷰어와 같은 역할을 부여할 수 있습니다. IAM과 그 기능에 대한 자세한 설명은 IAM 문서를 참조하세요. 특히 프로젝트, 폴더, 조직에 대한 액세스 관리 및 다른 리소스에 대한 액세스 관리를 참조하세요.

권한 및 역할

사용자가 Google Cloud 콘솔에서 Cloud Billing 계정 세부정보를 보거나 Cloud Billing API 메서드가 Cloud Billing 계정 정보를 반환하려면 사용자나 호출자에게 필요한 권한이 있어야 합니다.

Cloud Billing Catalog API에 필요한 권한

Cloud Billing Catalog API(서비스 목록 및 SKU 목록)를 사용하는 데 권한이 필요하지 않습니다. 이 API에서 반환하는 모든 데이터는 공개 데이터입니다.

Cloud Billing Budget API에 필요한 권한

다음 표에서는 각 Cloud Billing Budget API 메서드를 호출하는 데 필요한 권한을 설명합니다. 이러한 권한을 자동으로 부여하는 표준 IAM 결제 역할도 포함됩니다.

API 메서드	필요한 권한	권한을 부여하는 IAM 역할
`GetBudget`	예산 세부정보를 가져오려면 호출자에게 예산의 Cloud Billing 계정에 대한 `billing.budgets.get` 권한이 있어야 합니다. 단일 프로젝트 예산의 경우 호출자는 결제 계정 권한 대신 프로젝트에 대한 `resourcemanager.projects.get`, `billing.resourcebudgets.read` 권한을 가질 수 있습니다.	예산의 Cloud Billing 계정에 대한 결제 계정 관리자, 결제 계정 비용 관리자 또는 결제 계정 뷰어 단일 프로젝트 예산의 경우 프로젝트에 대한 프로젝트 소유자, 프로젝트 편집자 또는 프로젝트 뷰어
`ListBudgets`	Cloud Billing 계정에 적용된 예산 목록을 반환하려면 호출자에게 Cloud Billing 계정에 대한 `billing.budgets.list` 권한이 있어야 합니다. 단일 프로젝트 예산의 경우 호출자는 결제 계정 권한 대신 프로젝트에 대한 `resourcemanager.projects.get`, `billing.resourcebudgets.read` 권한을 가질 수 있습니다.	예산의 Cloud Billing 계정에 대한 결제 계정 관리자, 결제 계정 비용 관리자 또는 결제 계정 뷰어 단일 프로젝트 예산의 경우 프로젝트에 대한 프로젝트 소유자, 프로젝트 편집자 또는 프로젝트 뷰어
`CreateBudget`	새 예산을 생성하려면 호출자에게 예산의 Cloud Billing 계정에 대한 `billing.budgets.create` 권한이 있어야 합니다. 단일 프로젝트 예산의 경우 호출자는 결제 계정 권한 대신 프로젝트에 대한 `resourcemanager.projects.get`, `billing.resourcebudgets.read`, `billing.resourcebudgets.write` 권한을 가질 수 있습니다.	예산의 Cloud Billing 계정에 대한 결제 계정 관리자 또는 결제 계정 비용 관리자 단일 프로젝트 예산의 경우 프로젝트에 대한 프로젝트 소유자 또는 프로젝트 편집자
`UpdateBudget`	기존 예산을 업데이트하려면 호출자에게 예산의 Cloud Billing 계정에 대한 `billing.budgets.update` 권한이 있어야 합니다. 단일 프로젝트 예산의 경우 호출자는 결제 계정 권한 대신 프로젝트에 대한 `resourcemanager.projects.get`, `billing.resourcebudgets.read`, `billing.resourcebudgets.write` 권한을 가질 수 있습니다.	예산의 Cloud Billing 계정에 대한 결제 계정 관리자 또는 결제 계정 비용 관리자 단일 프로젝트 예산의 경우 프로젝트에 대한 프로젝트 소유자 또는 프로젝트 편집자
`DeleteBudget`	기존 예산을 삭제하려면 호출자에게 예산의 Cloud Billing 계정에 대한 `billing.budgets.delete` 권한이 있어야 합니다. 단일 프로젝트 예산의 경우 호출자는 결제 계정 권한 대신 프로젝트에 대한 `resourcemanager.projects.get`, `billing.resourcebudgets.read`, `billing.resourcebudgets.write` 권한을 가질 수 있습니다.	예산의 Cloud Billing 계정에 대한 결제 계정 관리자 또는 결제 계정 비용 관리자 단일 프로젝트 예산의 경우 프로젝트에 대한 프로젝트 소유자 또는 프로젝트 편집자

Cloud Billing Account API에 필요한 권한

다음 표에는 각 Cloud Billing 계정 API 메서드를 호출하는 데 필요한 권한과 이러한 권한이 포함된 Cloud Billing의 IAM 역할이 나와 있습니다.

API 메서드	필수 권한	권한이 포함된 IAM 역할
`billingAccounts.create`	메서드는 새 Cloud Billing 하위 계정을 만드는 데 사용됩니다. 호출자는 하위 계정의 상위 Cloud Billing 계정에 `billing.accounts.update`가 있어야 합니다.	결제 계정 관리자
`billingAccounts.get`	Cloud Billing 계정에서 `billing.accounts.get`	결제 계정 관리자, 결제 계정 비용 관리자, 결제 계정 뷰어 또는 결제 계정 사용자
`billingAccounts.list`	없음 이 메서드는 호출자가 액세스할 권한이 있는 모든 계정을 반환합니다.	Cloud Billing 계정에 대한 결제 계정 관리자, 결제 계정 비용 관리자, 결제 계정 뷰어 또는 결제 계정 사용자 또는 프로젝트에 대한 프로젝트 결제 관리자
`billingAccounts.getIamPolicy`	Cloud Billing 계정에서 `billing.accounts.getIamPolicy`	결제 계정 관리자, 결제 계정 비용 관리자, 결제 계정 뷰어 또는 결제 계정 사용자
`billingAccounts.setIamPolicy`	Cloud Billing 계정에서 `billing.accounts.setIamPolicy`	결제 계정 관리자
`billingAccounts.testIamPermissions`	없음 이 메서드는 호출자가 보유한 Cloud Billing 계정의 권한을 확인하는 데 사용됩니다.	해당 사항 없음
`billingAccounts.patch`	Cloud Billing 계정에서 `billing.accounts.update`	결제 계정 관리자
`billingAccounts.projects.list`	Cloud Billing 계정에서 `billing.resourceAssociations.list`	결제 계정 관리자, 결제 계정 비용 관리자 또는 결제 계정 뷰어
`projects.getBillingInfo`	프로젝트의 `resourcemanager.projects.get` 자세한 내용은 프로젝트 액세스 제어를 참조하세요.	프로젝트 소유자, 프로젝트 편집자 또는 프로젝트 뷰어
`projects.updateBillingInfo`	Cloud Billing 계정의 `billing.resourceAssociations.create` 및 프로젝트의 `resourcemanager.projects.createBillingAssignment`	결제 계정 관리자 또는 결제 계정 사용자 및 프로젝트 결제 관리자

역할

사용자에게 권한을 직접 부여하는 대신 하나 이상의 권한이 번들로 포함된 역할을 부여합니다.

동일한 리소스에 하나 이상의 역할을 부여할 수 있습니다.

다음 표에는 Cloud Billing API에 액세스하기 위해 부여할 수 있는 IAM 역할, 각 역할에 대한 설명, 각 역할에 포함된 권한을 보여줍니다. 이러한 역할 중 일부에는 다른 Google Cloud 서비스에 대한 권한도 포함되어 있습니다.

Role Permissions

Role	Permissions
Billing Account Administrator (`roles/billing.admin`) Provides access to see and manage all aspects of billing accounts. Lowest-level resources where you can grant this role: Billing Account	`billing.accounts.close` `billing.accounts.get` `billing.accounts.getCarbonInformation` `billing.accounts.getIamPolicy` `billing.accounts.getPaymentInfo` `billing.accounts.getPricing` `billing.accounts.getSpendingInformation` `billing.accounts.getUsageExportSpec` `billing.accounts.list` `billing.accounts.move` `billing.accounts.redeemPromotion` `billing.accounts.removeFromOrganization` `billing.accounts.reopen` `billing.accounts.setIamPolicy` `billing.accounts.update` `billing.accounts.updatePaymentInfo` `billing.accounts.updateUsageExportSpec` `billing.anomalies.` `billing.anomalies.get` `billing.anomalies.list` `billing.anomalies.submitFeedback` `billing.anomaliesConfigs.` `billing.anomaliesConfigs.get` `billing.anomaliesConfigs.update` `billing.billingAccountPrice.get` `billing.billingAccountPrices.list` `billing.billingAccountServices.` `billing.billingAccountServices.get` `billing.billingAccountServices.list` `billing.billingAccountSkuGroupSkus.` `billing.billingAccountSkuGroupSkus.get` `billing.billingAccountSkuGroupSkus.list` `billing.billingAccountSkuGroups.` `billing.billingAccountSkuGroups.get` `billing.billingAccountSkuGroups.list` `billing.billingAccountSkus.` `billing.billingAccountSkus.get` `billing.billingAccountSkus.list` `billing.budgets.` `billing.budgets.create` `billing.budgets.delete` `billing.budgets.get` `billing.budgets.list` `billing.budgets.update` `billing.credits.list` `billing.finOpsBenchmarkInformation.get` `billing.finOpsHealthInformation.get` `billing.resourceAssociations.` `billing.resourceAssociations.create` `billing.resourceAssociations.delete` `billing.resourceAssociations.list` `billing.subscriptions.` `billing.subscriptions.create` `billing.subscriptions.get` `billing.subscriptions.list` `billing.subscriptions.update` `cloudasset.assets.searchAllResources` `cloudnotifications.activities.list` `cloudsupport.properties.get` `cloudsupport.techCases.` `cloudsupport.techCases.create` `cloudsupport.techCases.escalate` `cloudsupport.techCases.get` `cloudsupport.techCases.list` `cloudsupport.techCases.update` `commerceoffercatalog.` `commerceoffercatalog.agreements.get` `commerceoffercatalog.agreements.list` `commerceoffercatalog.documents.get` `commerceoffercatalog.documents.list` `commerceoffercatalog.offers.get` `compute.commitments.` `compute.commitments.create` `compute.commitments.get` `compute.commitments.list` `compute.commitments.update` `compute.commitments.updateReservations` `consumerprocurement.accounts.` `consumerprocurement.accounts.create` `consumerprocurement.accounts.delete` `consumerprocurement.accounts.get` `consumerprocurement.accounts.list` `consumerprocurement.consents.check` `consumerprocurement.consents.grant` `consumerprocurement.consents.list` `consumerprocurement.consents.revoke` `consumerprocurement.events.` `consumerprocurement.events.get` `consumerprocurement.events.list` `consumerprocurement.licensePools.` `consumerprocurement.licensePools.assign` `consumerprocurement.licensePools.enumerateLicensedUsers` `consumerprocurement.licensePools.get` `consumerprocurement.licensePools.unassign` `consumerprocurement.licensePools.update` `consumerprocurement.orderAttributions.` `consumerprocurement.orderAttributions.get` `consumerprocurement.orderAttributions.list` `consumerprocurement.orderAttributions.update` `consumerprocurement.orders.` `consumerprocurement.orders.cancel` `consumerprocurement.orders.get` `consumerprocurement.orders.list` `consumerprocurement.orders.modify` `consumerprocurement.orders.place` `dataprocessing.datasources.get` `dataprocessing.datasources.list` `dataprocessing.groupcontrols.get` `dataprocessing.groupcontrols.list` `logging.logEntries.list` `logging.logServiceIndexes.list` `logging.logServices.list` `logging.logs.list` `logging.privateLogEntries.list` `recommender.cloudsqlIdleInstanceRecommendations.get` `recommender.cloudsqlIdleInstanceRecommendations.list` `recommender.cloudsqlOverprovisionedInstanceRecommendations.get` `recommender.cloudsqlOverprovisionedInstanceRecommendations.list` `recommender.commitmentUtilizationInsights.` `recommender.commitmentUtilizationInsights.get` `recommender.commitmentUtilizationInsights.list` `recommender.commitmentUtilizationInsights.update` `recommender.computeAddressIdleResourceRecommendations.get` `recommender.computeAddressIdleResourceRecommendations.list` `recommender.computeDiskIdleResourceRecommendations.get` `recommender.computeDiskIdleResourceRecommendations.list` `recommender.computeImageIdleResourceRecommendations.get` `recommender.computeImageIdleResourceRecommendations.list` `recommender.computeInstanceGroupManagerMachineTypeRecommendations.get` `recommender.computeInstanceGroupManagerMachineTypeRecommendations.list` `recommender.computeInstanceIdleResourceRecommendations.get` `recommender.computeInstanceIdleResourceRecommendations.list` `recommender.computeInstanceMachineTypeRecommendations.get` `recommender.computeInstanceMachineTypeRecommendations.list` `recommender.costInsights.` `recommender.costInsights.get` `recommender.costInsights.list` `recommender.costInsights.update` `recommender.costRecommendations.` `recommender.costRecommendations.listAll` `recommender.costRecommendations.summarizeAll` `recommender.resourcemanagerProjectUtilizationRecommendations.get` `recommender.resourcemanagerProjectUtilizationRecommendations.list` `recommender.spendBasedCommitmentInsights.` `recommender.spendBasedCommitmentInsights.get` `recommender.spendBasedCommitmentInsights.list` `recommender.spendBasedCommitmentInsights.update` `recommender.spendBasedCommitmentRecommendations.` `recommender.spendBasedCommitmentRecommendations.get` `recommender.spendBasedCommitmentRecommendations.list` `recommender.spendBasedCommitmentRecommendations.update` `recommender.spendBasedCommitmentRecommenderConfig.` `recommender.spendBasedCommitmentRecommenderConfig.get` `recommender.spendBasedCommitmentRecommenderConfig.update` `recommender.usageCommitmentRecommendations.` `recommender.usageCommitmentRecommendations.get` `recommender.usageCommitmentRecommendations.list` `recommender.usageCommitmentRecommendations.update` `resourcemanager.projects.createBillingAssignment` `resourcemanager.projects.deleteBillingAssignment` `resourcemanager.projects.get` `resourcemanager.projects.list`
Carbon Footprint Viewer (`roles/billing.carbonViewer`)	`billing.accounts.get` `billing.accounts.getCarbonInformation` `billing.accounts.list`
Billing Account Costs Manager (`roles/billing.costsManager`) Manage budgets for a billing account, and view, analyze, and export cost information of a billing account. Lowest-level resources where you can grant this role: Billing Account	`billing.accounts.get` `billing.accounts.getIamPolicy` `billing.accounts.getSpendingInformation` `billing.accounts.getUsageExportSpec` `billing.accounts.list` `billing.accounts.updateUsageExportSpec` `billing.anomalies.get` `billing.anomalies.list` `billing.anomaliesConfigs.` `billing.anomaliesConfigs.get` `billing.anomaliesConfigs.update` `billing.budgets.` `billing.budgets.create` `billing.budgets.delete` `billing.budgets.get` `billing.budgets.list` `billing.budgets.update` `billing.resourceAssociations.list` `recommender.costInsights.*` `recommender.costInsights.get` `recommender.costInsights.list` `recommender.costInsights.update`
Billing Account Creator (`roles/billing.creator`) Provides access to create billing accounts. Lowest-level resources where you can grant this role: Organization	`billing.accounts.create` `resourcemanager.organizations.get`
Project Billing Costs Manager (`roles/billing.projectCostsManager`) When granted in conjunction with cost view permissions on projects, provides access to billing information scoped to the projects to which the user has cost access. Lowest-level resources where you can grant this role: Billing Account	`billing.accounts.getIamPolicy` `billing.accounts.getSpendingInformationScoped` `billing.costRecommendations.listScoped`
Project Billing Manager (`roles/billing.projectManager`) When granted in conjunction with the Billing Account User role, provides access to assign a project's billing account or disable its billing. Lowest-level resources where you can grant this role: Project	`resourcemanager.projects.createBillingAssignment` `resourcemanager.projects.deleteBillingAssignment`
Billing Account User (`roles/billing.user`) When granted in conjunction with the Project Owner role or Project Billing Manager role, provides access to associate projects with billing accounts. Lowest-level resources where you can grant this role: Billing Account	`billing.accounts.get` `billing.accounts.getIamPolicy` `billing.accounts.list` `billing.accounts.redeemPromotion` `billing.credits.list` `billing.resourceAssociations.create`
Billing Account Viewer (`roles/billing.viewer`) View billing account cost and pricing information, transactions, and billing and commitment recommendations. Lowest-level resources where you can grant this role: Billing Account	`billing.accounts.get` `billing.accounts.getCarbonInformation` `billing.accounts.getIamPolicy` `billing.accounts.getPaymentInfo` `billing.accounts.getPricing` `billing.accounts.getSpendingInformation` `billing.accounts.getUsageExportSpec` `billing.accounts.list` `billing.anomalies.get` `billing.anomalies.list` `billing.anomaliesConfigs.get` `billing.billingAccountPrice.get` `billing.billingAccountPrices.list` `billing.billingAccountServices.` `billing.billingAccountServices.get` `billing.billingAccountServices.list` `billing.billingAccountSkuGroupSkus.` `billing.billingAccountSkuGroupSkus.get` `billing.billingAccountSkuGroupSkus.list` `billing.billingAccountSkuGroups.` `billing.billingAccountSkuGroups.get` `billing.billingAccountSkuGroups.list` `billing.billingAccountSkus.` `billing.billingAccountSkus.get` `billing.billingAccountSkus.list` `billing.budgets.get` `billing.budgets.list` `billing.credits.list` `billing.finOpsBenchmarkInformation.get` `billing.finOpsHealthInformation.get` `billing.resourceAssociations.list` `billing.subscriptions.get` `billing.subscriptions.list` `commerceoffercatalog.` `commerceoffercatalog.agreements.get` `commerceoffercatalog.agreements.list` `commerceoffercatalog.documents.get` `commerceoffercatalog.documents.list` `commerceoffercatalog.offers.get` `consumerprocurement.accounts.get` `consumerprocurement.accounts.list` `consumerprocurement.consents.check` `consumerprocurement.consents.list` `consumerprocurement.orderAttributions.get` `consumerprocurement.orderAttributions.list` `consumerprocurement.orders.get` `consumerprocurement.orders.list` `dataprocessing.datasources.get` `dataprocessing.datasources.list` `dataprocessing.groupcontrols.get` `dataprocessing.groupcontrols.list` `recommender.commitmentUtilizationInsights.get` `recommender.commitmentUtilizationInsights.list` `recommender.costInsights.get` `recommender.costInsights.list` `recommender.costRecommendations.` `recommender.costRecommendations.listAll` `recommender.costRecommendations.summarizeAll` `recommender.spendBasedCommitmentInsights.get` `recommender.spendBasedCommitmentInsights.list` `recommender.spendBasedCommitmentRecommendations.get` `recommender.spendBasedCommitmentRecommendations.list` `recommender.spendBasedCommitmentRecommenderConfig.get` `recommender.usageCommitmentRecommendations.get` `recommender.usageCommitmentRecommendations.list`

Billing Account Administrator

(roles/billing.admin)

Provides access to see and manage all aspects of billing accounts.

Lowest-level resources where you can grant this role:

Billing Account

billing.accounts.close

billing.accounts.get

billing.accounts.getCarbonInformation

billing.accounts.getIamPolicy

billing.accounts.getPaymentInfo

billing.accounts.getPricing

billing.accounts.getSpendingInformation

billing.accounts.getUsageExportSpec

billing.accounts.list

billing.accounts.move

billing.accounts.redeemPromotion

billing.accounts.removeFromOrganization

billing.accounts.reopen

billing.accounts.setIamPolicy

billing.accounts.update

billing.accounts.updatePaymentInfo

billing.accounts.updateUsageExportSpec

billing.anomalies.*

billing.anomalies.get
billing.anomalies.list
billing.anomalies.submitFeedback

billing.anomaliesConfigs.*

billing.anomaliesConfigs.get
billing.anomaliesConfigs.update

billing.billingAccountPrice.get

billing.billingAccountPrices.list

billing.billingAccountServices.*

billing.billingAccountServices.get
billing.billingAccountServices.list

billing.billingAccountSkuGroupSkus.*

billing.billingAccountSkuGroupSkus.get
billing.billingAccountSkuGroupSkus.list

billing.billingAccountSkuGroups.*

billing.billingAccountSkuGroups.get
billing.billingAccountSkuGroups.list

billing.billingAccountSkus.*

billing.billingAccountSkus.get
billing.billingAccountSkus.list

billing.budgets.*

billing.budgets.create
billing.budgets.delete
billing.budgets.get
billing.budgets.list
billing.budgets.update

billing.credits.list

billing.finOpsBenchmarkInformation.get

billing.finOpsHealthInformation.get

billing.resourceAssociations.*

billing.resourceAssociations.create
billing.resourceAssociations.delete
billing.resourceAssociations.list

billing.subscriptions.*

billing.subscriptions.create
billing.subscriptions.get
billing.subscriptions.list
billing.subscriptions.update

cloudasset.assets.searchAllResources

cloudnotifications.activities.list

cloudsupport.properties.get

cloudsupport.techCases.*

cloudsupport.techCases.create
cloudsupport.techCases.escalate
cloudsupport.techCases.get
cloudsupport.techCases.list
cloudsupport.techCases.update

commerceoffercatalog.*

commerceoffercatalog.agreements.get
commerceoffercatalog.agreements.list
commerceoffercatalog.documents.get
commerceoffercatalog.documents.list
commerceoffercatalog.offers.get

compute.commitments.*

compute.commitments.create
compute.commitments.get
compute.commitments.list
compute.commitments.update
compute.commitments.updateReservations

consumerprocurement.accounts.*

consumerprocurement.accounts.create
consumerprocurement.accounts.delete
consumerprocurement.accounts.get
consumerprocurement.accounts.list

consumerprocurement.consents.check

consumerprocurement.consents.grant

consumerprocurement.consents.list

consumerprocurement.consents.revoke

consumerprocurement.events.*

consumerprocurement.events.get
consumerprocurement.events.list

consumerprocurement.licensePools.*

consumerprocurement.licensePools.assign
consumerprocurement.licensePools.enumerateLicensedUsers
consumerprocurement.licensePools.get
consumerprocurement.licensePools.unassign
consumerprocurement.licensePools.update

consumerprocurement.orderAttributions.*

consumerprocurement.orderAttributions.get
consumerprocurement.orderAttributions.list
consumerprocurement.orderAttributions.update

consumerprocurement.orders.*

consumerprocurement.orders.cancel
consumerprocurement.orders.get
consumerprocurement.orders.list
consumerprocurement.orders.modify
consumerprocurement.orders.place

dataprocessing.datasources.get

dataprocessing.datasources.list

dataprocessing.groupcontrols.get

dataprocessing.groupcontrols.list

logging.logEntries.list

logging.logServiceIndexes.list

logging.logServices.list

logging.logs.list

logging.privateLogEntries.list

recommender.cloudsqlIdleInstanceRecommendations.get

recommender.cloudsqlIdleInstanceRecommendations.list

recommender.cloudsqlOverprovisionedInstanceRecommendations.get

recommender.cloudsqlOverprovisionedInstanceRecommendations.list

recommender.commitmentUtilizationInsights.*

recommender.commitmentUtilizationInsights.get
recommender.commitmentUtilizationInsights.list
recommender.commitmentUtilizationInsights.update

recommender.computeAddressIdleResourceRecommendations.get

recommender.computeAddressIdleResourceRecommendations.list

recommender.computeDiskIdleResourceRecommendations.get

recommender.computeDiskIdleResourceRecommendations.list

recommender.computeImageIdleResourceRecommendations.get

recommender.computeImageIdleResourceRecommendations.list

recommender.computeInstanceGroupManagerMachineTypeRecommendations.get

recommender.computeInstanceGroupManagerMachineTypeRecommendations.list

recommender.computeInstanceIdleResourceRecommendations.get

recommender.computeInstanceIdleResourceRecommendations.list

recommender.computeInstanceMachineTypeRecommendations.get

recommender.computeInstanceMachineTypeRecommendations.list

recommender.costInsights.*

recommender.costInsights.get
recommender.costInsights.list
recommender.costInsights.update

recommender.costRecommendations.*

recommender.costRecommendations.listAll
recommender.costRecommendations.summarizeAll

recommender.resourcemanagerProjectUtilizationRecommendations.get

recommender.resourcemanagerProjectUtilizationRecommendations.list

recommender.spendBasedCommitmentInsights.*

recommender.spendBasedCommitmentInsights.get
recommender.spendBasedCommitmentInsights.list
recommender.spendBasedCommitmentInsights.update

recommender.spendBasedCommitmentRecommendations.*

recommender.spendBasedCommitmentRecommendations.get
recommender.spendBasedCommitmentRecommendations.list
recommender.spendBasedCommitmentRecommendations.update

recommender.spendBasedCommitmentRecommenderConfig.*

recommender.spendBasedCommitmentRecommenderConfig.get
recommender.spendBasedCommitmentRecommenderConfig.update

recommender.usageCommitmentRecommendations.*

recommender.usageCommitmentRecommendations.get
recommender.usageCommitmentRecommendations.list
recommender.usageCommitmentRecommendations.update

resourcemanager.projects.createBillingAssignment

resourcemanager.projects.deleteBillingAssignment

resourcemanager.projects.get

resourcemanager.projects.list

Carbon Footprint Viewer

(roles/billing.carbonViewer)

billing.accounts.get

billing.accounts.getCarbonInformation

billing.accounts.list

Billing Account Costs Manager

(roles/billing.costsManager)

Manage budgets for a billing account, and view, analyze, and export cost information of a billing account.

Lowest-level resources where you can grant this role:

Billing Account

billing.accounts.get

billing.accounts.getIamPolicy

billing.accounts.getSpendingInformation

billing.accounts.getUsageExportSpec

billing.accounts.list

billing.accounts.updateUsageExportSpec

billing.anomalies.get

billing.anomalies.list

billing.anomaliesConfigs.*

billing.anomaliesConfigs.get
billing.anomaliesConfigs.update

billing.budgets.*

billing.budgets.create
billing.budgets.delete
billing.budgets.get
billing.budgets.list
billing.budgets.update

billing.resourceAssociations.list

recommender.costInsights.*

recommender.costInsights.get
recommender.costInsights.list
recommender.costInsights.update

Billing Account Creator

(roles/billing.creator)

Provides access to create billing accounts.

Lowest-level resources where you can grant this role:

Organization

billing.accounts.create

resourcemanager.organizations.get

Project Billing Costs Manager

(roles/billing.projectCostsManager)

When granted in conjunction with cost view permissions on projects, provides access to billing information scoped to the projects to which the user has cost access.

Lowest-level resources where you can grant this role:

Billing Account

billing.accounts.getIamPolicy

billing.accounts.getSpendingInformationScoped

billing.costRecommendations.listScoped

Project Billing Manager

(roles/billing.projectManager)

When granted in conjunction with the Billing Account User role, provides access to assign a project's billing account or disable its billing.

Lowest-level resources where you can grant this role:

Project

resourcemanager.projects.createBillingAssignment

resourcemanager.projects.deleteBillingAssignment

Billing Account User

(roles/billing.user)

When granted in conjunction with the Project Owner role or Project Billing Manager role, provides access to associate projects with billing accounts.

Lowest-level resources where you can grant this role:

Billing Account

billing.accounts.get

billing.accounts.getIamPolicy

billing.accounts.list

billing.accounts.redeemPromotion

billing.credits.list

billing.resourceAssociations.create

Billing Account Viewer

(roles/billing.viewer)

View billing account cost and pricing information, transactions, and billing and commitment recommendations.

Lowest-level resources where you can grant this role:

Billing Account

billing.accounts.get

billing.accounts.getCarbonInformation

billing.accounts.getIamPolicy

billing.accounts.getPaymentInfo

billing.accounts.getPricing

billing.accounts.getSpendingInformation

billing.accounts.getUsageExportSpec

billing.accounts.list

billing.anomalies.get

billing.anomalies.list

billing.anomaliesConfigs.get

billing.billingAccountPrice.get

billing.billingAccountPrices.list

billing.billingAccountServices.*

billing.billingAccountServices.get
billing.billingAccountServices.list

billing.billingAccountSkuGroupSkus.*

billing.billingAccountSkuGroupSkus.get
billing.billingAccountSkuGroupSkus.list

billing.billingAccountSkuGroups.*

billing.billingAccountSkuGroups.get
billing.billingAccountSkuGroups.list

billing.billingAccountSkus.*

billing.billingAccountSkus.get
billing.billingAccountSkus.list

billing.budgets.get

billing.budgets.list

billing.credits.list

billing.finOpsBenchmarkInformation.get

billing.finOpsHealthInformation.get

billing.resourceAssociations.list

billing.subscriptions.get

billing.subscriptions.list

commerceoffercatalog.*

commerceoffercatalog.agreements.get
commerceoffercatalog.agreements.list
commerceoffercatalog.documents.get
commerceoffercatalog.documents.list
commerceoffercatalog.offers.get

consumerprocurement.accounts.get

consumerprocurement.accounts.list

consumerprocurement.consents.check

consumerprocurement.consents.list

consumerprocurement.orderAttributions.get

consumerprocurement.orderAttributions.list

consumerprocurement.orders.get

consumerprocurement.orders.list

dataprocessing.datasources.get

dataprocessing.datasources.list

dataprocessing.groupcontrols.get

dataprocessing.groupcontrols.list

recommender.commitmentUtilizationInsights.get

recommender.commitmentUtilizationInsights.list

recommender.costInsights.get

recommender.costInsights.list

recommender.costRecommendations.*

recommender.costRecommendations.listAll
recommender.costRecommendations.summarizeAll

recommender.spendBasedCommitmentInsights.get

recommender.spendBasedCommitmentInsights.list

recommender.spendBasedCommitmentRecommendations.get

recommender.spendBasedCommitmentRecommendations.list

recommender.spendBasedCommitmentRecommenderConfig.get

recommender.usageCommitmentRecommendations.get

recommender.usageCommitmentRecommendations.list

roles/billing.admin, roles/billing.costsManager, roles/billing.viewer, roles/billing.projectManager 역할에는 다른 Google Cloud 서비스에 대한 권한도 포함됩니다.

Cloud Billing API 액세스 제어 컬렉션을 사용해 정리하기 내 환경설정을 기준으로 콘텐츠를 저장하고 분류하세요.

권한 및 역할

Cloud Billing Catalog API에 필요한 권한

Cloud Billing Budget API에 필요한 권한

Cloud Billing Account API에 필요한 권한

역할

Billing Account Administrator

Carbon Footprint Viewer

Billing Account Costs Manager

Billing Account Creator

Project Billing Costs Manager

Project Billing Manager

Billing Account User

Billing Account Viewer

관련 주제

Cloud Billing API 액세스 제어