本主題列出可用於條件中資源屬性的值,包括資源服務和資源類型的字串值,以及資源名稱字串的格式。
您可以使用資源屬性,變更角色繫結提供的授權範圍。當角色包含適用於不同種類資源的權限時,條件可根據資源服務、資源類型和資源名稱,授予角色權限的子集。
資源屬性適用於這個頁面列出的 Google Cloud 服務和資源類型。其他服務和資源類型無法辨識資源屬性。
如要進一步瞭解 Identity and Access Management (IAM) 條件,請參閱下列文章:
資源服務值
下表列出資源服務屬性可包含的值。
| 資源服務值 | REST 參考資料 |
|---|---|
apigee.googleapis.com |
API 參考資料 |
apihub.googleapis.com |
API 參考資料 |
backupdr.googleapis.com |
API 參考資料 |
bigquery.googleapis.com |
API 參考資料 |
bigqueryreservation.googleapis.com |
API 參考資料 |
bigtableadmin.googleapis.com |
API 參考資料 |
binaryauthorization.googleapis.com |
API 參考資料 |
clouddeploy.googleapis.com |
API 參考資料 |
cloudkms.googleapis.com |
API 參考資料 |
cloudresourcemanager.googleapis.com |
API 參考資料 |
compute.googleapis.com |
API 參考資料 |
container.googleapis.com |
API 參考資料 |
connectors.googleapis.com |
API 參考資料 |
dataform.googleapis.com |
API 參考資料 |
firestore.googleapis.com |
API 參考資料 |
iap.googleapis.com |
API 參考資料 |
integrations.googleapis.com |
API 參考資料 |
logging.googleapis.com |
API 參考資料 |
managedkafka.googleapis.com |
API 參考資料 |
parametermanager.googleapis.com |
API 參考資料 |
pubsublite.googleapis.com |
API 參考資料 |
secretmanager.googleapis.com |
API 參考資料 |
spanner.googleapis.com |
API 參考資料 |
sqladmin.googleapis.com |
API 參考資料 |
storage.googleapis.com |
API 參考資料 |
資源類型值
下表列出資源類型屬性可包含的值。
| 資源類型值 | 參考資料 |
|---|---|
apigee.googleapis.com/ApiProduct |
閱讀完整內容 |
apigee.googleapis.com/ApiProductAttribute |
閱讀完整內容 |
apigee.googleapis.com/Cache |
閱讀完整內容 |
apigee.googleapis.com/Developer |
閱讀完整內容 |
apigee.googleapis.com/DeveloperApp |
閱讀完整內容 |
apigee.googleapis.com/DeveloperAppAttribute |
閱讀完整內容 |
apigee.googleapis.com/DeveloperAttribute |
閱讀完整內容 |
apigee.googleapis.com/Export |
閱讀完整內容 |
apigee.googleapis.com/FlowHook |
閱讀完整內容 |
apigee.googleapis.com/KeyStore |
閱讀完整內容 |
apigee.googleapis.com/KeyStoreAlias |
閱讀完整內容 |
apigee.googleapis.com/KeyValueEntry |
閱讀完整內容 |
apigee.googleapis.com/KeyValueMap |
閱讀完整內容 |
apigee.googleapis.com/Proxy |
閱讀完整內容 |
apigee.googleapis.com/ProxyRevision |
閱讀完整內容 |
apigee.googleapis.com/Query |
閱讀完整內容 |
apigee.googleapis.com/RatePlan |
閱讀完整內容 |
apigee.googleapis.com/Reference |
閱讀完整內容 |
apigee.googleapis.com/SharedFlow |
閱讀完整內容 |
apigee.googleapis.com/SharedFlowRevision |
閱讀完整內容 |
apigee.googleapis.com/TargetServer |
閱讀完整內容 |
apigee.googleapis.com/TraceSession |
閱讀完整內容 |
apihub.googleapis.com/Api |
閱讀完整內容 |
apihub.googleapis.com/Deployment |
閱讀完整內容 |
apihub.googleapis.com/Version |
閱讀完整內容 |
apihub.googleapis.com/Spec |
閱讀完整內容 |
apihub.googleapis.com/ApiOperation |
閱讀完整內容 |
apihub.googleapis.com/Definition |
閱讀完整內容 |
backupdr.googleapis.com/BackupVaults |
閱讀完整內容 |
bigquery.googleapis.com/Dataset |
閱讀完整內容 |
bigquery.googleapis.com/Model |
閱讀完整內容 |
bigquery.googleapis.com/Routine |
閱讀完整內容 |
bigquery.googleapis.com/Table |
閱讀完整內容 |
bigqueryreservation.googleapis.com/Assignment |
閱讀完整內容 |
bigqueryreservation.googleapis.com/BiReservation |
閱讀完整內容 |
bigqueryreservation.googleapis.com/CapacityCommitment |
閱讀完整內容 |
bigqueryreservation.googleapis.com/Location |
閱讀完整內容 |
bigqueryreservation.googleapis.com/Reservation |
閱讀完整內容 |
bigtableadmin.googleapis.com/AppProfile |
閱讀完整內容 |
bigtableadmin.googleapis.com/Backup |
閱讀完整內容 |
bigtableadmin.googleapis.com/Cluster |
閱讀完整內容 |
bigtableadmin.googleapis.com/Instance |
閱讀完整內容 |
bigtableadmin.googleapis.com/Table |
閱讀完整內容 |
binaryauthorization.googleapis.com/Attestor |
閱讀完整內容 |
binaryauthorization.googleapis.com/ContinuousValidationConfig |
閱讀完整內容 |
binaryauthorization.googleapis.com/Policy |
閱讀完整內容 |
cloud.googleapis.com/Location1 |
閱讀完整內容 |
cloudkms.googleapis.com/CryptoKey |
閱讀完整內容 |
cloudkms.googleapis.com/CryptoKeyVersion |
閱讀完整內容 |
cloudkms.googleapis.com/KeyRing |
閱讀完整內容 |
cloudresourcemanager.googleapis.com/Project2 |
閱讀完整內容 |
compute.googleapis.com/BackendService |
閱讀完整內容 |
compute.googleapis.com/Disk |
閱讀完整內容 |
compute.googleapis.com/Firewall |
閱讀完整內容 |
compute.googleapis.com/ForwardingRule |
閱讀完整內容 |
compute.googleapis.com/GlobalForwardingRule |
閱讀完整內容 |
compute.googleapis.com/Image |
閱讀完整內容 |
compute.googleapis.com/Instance |
閱讀完整內容 |
compute.googleapis.com/InstanceTemplate |
閱讀完整內容 |
compute.googleapis.com/Snapshot |
閱讀完整內容 |
compute.googleapis.com/TargetHttpProxy |
閱讀完整內容 |
compute.googleapis.com/TargetHttpsProxy |
閱讀完整內容 |
compute.googleapis.com/TargetSslProxy |
閱讀完整內容 |
compute.googleapis.com/TargetTcpProxy |
閱讀完整內容 |
connectors.googleapis.com/Connection |
閱讀完整內容 |
connectors.googleapis.com/ConnectionSchemaMetadata |
閱讀完整內容 |
connectors.googleapis.com/EndpointAttachment |
閱讀完整內容 |
connectors.googleapis.com/EventSubscription |
閱讀完整內容 |
connectors.googleapis.com/ManagedZone |
閱讀完整內容 |
container.googleapis.com/Clusters |
閱讀完整內容 |
dataform.googleapis.com/CompilationResult |
閱讀完整內容 |
dataform.googleapis.com/Location |
閱讀完整內容 |
dataform.googleapis.com/ReleaseConfig |
閱讀完整內容 |
dataform.googleapis.com/Repository |
閱讀完整內容 |
dataform.googleapis.com/WorkflowConfig |
閱讀完整內容 |
dataform.googleapis.com/WorkflowInvocation |
閱讀完整內容 |
dataform.googleapis.com/Workspace |
閱讀完整內容 |
firestore.googleapis.com/Database |
閱讀完整內容 |
iap.googleapis.com/Tunnel |
閱讀完整內容 |
iap.googleapis.com/TunnelInstance |
閱讀完整內容 |
iap.googleapis.com/TunnelZone |
閱讀完整內容 |
iap.googleapis.com/Web |
閱讀完整內容 |
iap.googleapis.com/WebService |
閱讀完整內容 |
iap.googleapis.com/WebServiceVersion |
閱讀完整內容 |
iap.googleapis.com/WebType |
閱讀完整內容 |
integrations.googleapis.com/AuthConfig |
閱讀完整內容 |
integrations.googleapis.com/Execution |
閱讀完整內容 |
integrations.googleapis.com/Integration |
閱讀完整內容 |
integrations.googleapis.com/IntegrationVersion |
閱讀完整內容 |
integrations.googleapis.com/Location |
不適用 |
integrations.googleapis.com/Suspension |
閱讀完整內容 |
logging.googleapis.com/LogBucket |
閱讀完整內容 |
logging.googleapis.com/LogView |
閱讀完整內容 |
managedkafka.googleapis.com/Cluster |
閱讀完整內容 |
managedkafka.googleapis.com/ConsumerGroup |
閱讀完整內容 |
managedkafka.googleapis.com/Operation |
閱讀完整內容 |
managedkafka.googleapis.com/Topic |
閱讀完整內容 |
parametermanager.googleapis.com/Parameter |
閱讀完整內容 |
parametermanager.googleapis.com/ParameterVersion |
閱讀完整內容 |
pubsublite.googleapis.com/Location |
閱讀完整內容 |
pubsublite.googleapis.com/Subscription |
閱讀完整內容 |
pubsublite.googleapis.com/Topic |
閱讀完整內容 |
secretmanager.googleapis.com/Secret |
閱讀完整內容 |
secretmanager.googleapis.com/SecretVersion |
閱讀完整內容 |
spanner.googleapis.com/Backup |
閱讀完整內容 |
spanner.googleapis.com/Database |
閱讀完整內容 |
spanner.googleapis.com/Instance |
閱讀完整內容 |
sqladmin.googleapis.com/BackupRun |
閱讀完整內容 |
sqladmin.googleapis.com/Instance |
閱讀完整內容 |
storage.googleapis.com/Bucket |
閱讀完整內容 |
storage.googleapis.com/ManagedFolder |
閱讀完整內容 |
storage.googleapis.com/Object |
閱讀完整內容 |
1 Cloud Key Management Service 會將這個資源類型做為金鑰環資源的父項。
2 Apigee 會將這個資源類型做為屬於 Apigee 機構的任何資源的父項。資源名稱格式
下表列出各類型資源名稱屬性的格式。
| 資源參照 | 資源名稱格式範本 |
|---|---|
| Apigee API 產品屬性 | organizations/organization-name/apiproducts/product-id/attributes/attribute-id |
| Apigee API 產品 | organizations/organization-name/apiproducts/product-id |
| Apigee API Proxy | organizations/organization-name/apis/proxy-id |
| Apigee API Proxy 鍵值對應項目 | organizations/organization-name/api/proxy-id/keyvaluemaps/keyvaluemap-id/entries/entry-id |
| Apigee API Proxy 鍵值對應 | organizations/organization-name/apis/proxy-id/keyvaluemaps/key-value-map-id |
| Apigee API Proxy 修訂版本 | organizations/organization-name/apis/proxy-id/revisions/revision-id |
| Apigee 快取 | organizations/organization-name/environments/environment-id/caches/cache-id |
| Apigee 開發人員應用程式屬性 | organizations/organization-name/developers/developer-id/apps/app-id/attributes/attribute-id |
| Apigee 開發人員應用程式 | organizations/organization-name/developers/developer-id/apps/app-id |
| Apigee 開發人員屬性 | organizations/organization-name/developers/developer-id/attributes/attribute-id |
| Apigee 開發人員 | organizations/organization-name/developers/developer-id |
| Apigee 環境鍵/值對應項目 | organizations/organization-name/environments/environment-id/keyvaluemaps/keyvaluemap-id/entries/entry-id |
| Apigee 環境鍵/值對應 | organizations/organization-name/environments/environment/keyvaluemaps/key-value-map-id |
| Apigee 匯出項目 | organizations/organization-name/environments/environment-id/analytics/exports/export-id |
| Apigee 流程掛鉤 | organizations/organization-name/environments/environment-id/flowhooks/flowhook-id |
| Apigee 金鑰儲存區別名 | organizations/organization-name/environments/environment-id/keystores/keystore-id/aliases/alias-id |
| Apigee 金鑰儲存區 | organizations/organization-name/environments/environment-id/keystores/keystore-id |
| Apigee 查詢 | organizations/organization-name/environments/environment-id/queries/query-id |
| Apigee 費率方案 | organizations/organization-name/apiproducts/product-id/rateplans/rate-plan-id |
| Apigee 參考資料 | organizations/organization-name/environments/environment-id/references/reference-id |
| Apigee 共用流程修訂版本 | organizations/organization-name/sharedflows/shared-flow-id/revisions/revision-id |
| Apigee 共用流程 | organizations/organization-name/sharedflows/shared-flow-id |
| Apigee 目標伺服器 | organizations/organization-name/environments/environment-id/targetservers/targetserver-id |
| Apigee 追蹤 (偵錯) 工作階段 | organizations/organization-name/environments/environment-id/apis/proxy-id/revisions/revision-id/debugsessions/session-id |
| Apigee API Hub API | projects/project-id/locations/location-id/apis/api-id |
| Apigee API Hub 部署作業 | projects/project-id/locations/location-id/deployments/deployment-id |
| Apigee API Hub 版本 | projects/project-id/locations/location-id/apis/api-id/versions/version-id |
| Apigee API Hub 規格 | projects/project-id/locations/location-id/apis/api-id/versions/version-id/specs/spec-id |
| Apigee API Hub 作業 | projects/project-id/locations/location-id/apis/api-id/versions/version-id/operations/operation-id |
| Apigee API Hub 定義 | projects/project-id/locations/location-id/apis/api-id/versions/version-id/definitions/definition-id |
| 備份與 DR 服務 backupVaults | projects/project-id/locations/location-id/backupVaults/backup-vault-id |
| BigQuery 資料集 | projects/project-id/datasets/dataset-id |
| BigQuery 模型 | projects/project-id/datasets/dataset-id/models/model-id |
| BigQuery 常式 | projects/project-id/datasets/dataset-id/routines/routine-id |
| BigQuery 資料表 | projects/project-id/datasets/dataset-id/tables/table-id |
| BigQuery Reservation API 指派 | projects/project-id/locations/location-id/reservations/reservation-id/assignments/assignment-id |
| BigQuery Reservation API BI 保留項目 | projects/project-id/locations/location-id/biReservation |
| BigQuery Reservation API 容量承諾 | projects/project-id/locations/location-id/capacityCommitments/capacity-commitment-id |
| BigQuery Reservation API locations | projects/project-id/locations/location-id |
| BigQuery Reservation API reservations | projects/project-id/locations/location-id/reservations/reservation-id |
| 二進位授權驗證者 | projects/project-number/attestors/attestor-id |
| 二進位授權持續驗證設定 | projects/project-number/continuousValidationConfig |
| 二進位授權政策 | projects/project-number/policy |
| Bigtable appProfiles | projects/project-id/instances/instance-id/appProfiles/appProfile-id |
| Bigtable 備份 | projects/project-id/instances/instance-id/clusters/cluster-id/backups/backup-id |
| Bigtable 叢集 | projects/project-id/instances/instance-id/clusters/cluster-id |
| Bigtable 執行個體 | projects/project-id/instances/instance-id |
| Bigtable 資料表 | projects/project-id/instances/instance-id/tables/table-id |
| Cloud Deploy 自動化執行作業 | projects/project-id/locations/location-id/deliveryPipelines/delivery-pipeline-id/automationRuns/automation-run-id |
| Cloud Deploy 自動化 | projects/project-id/locations/location-id/deliveryPipelines/delivery-pipeline-id/automations/automation-id |
| Cloud Deploy 自訂目標類型 | projects/project-id/locations/location-id/customTargetTypes/custom-target-type-id |
| Cloud Deploy 推送管道 | projects/project-id/locations/location-id/deliveryPipelines/delivery-pipeline-id |
| Cloud Deploy 工作執行 | projects/project-id/locations/location-id/deliveryPipelines/delivery-pipeline-id/releases/release-id/rollouts/rollout-id/jobRuns/job-run-id |
| Cloud Deploy 發布 | projects/project-id/locations/location-id/deliveryPipelines/delivery-pipeline-id/releases/release-id |
| Cloud Deploy 推出 | projects/project-id/locations/location-id/deliveryPipelines/delivery-pipeline-id/releases/release-id/rollouts/rollout-id |
| Cloud Deploy 目標 | projects/project-id/locations/location-id/targets/target-id |
| Firestore 資料庫 | projects/project-id/databases/database-id |
| Cloud Key Management Service 加密金鑰 | projects/project-id/locations/location-id/keyRings/keyring-id/cryptoKeys/cryptokey-id |
| Cloud Key Management Service 加密編譯金鑰版本 | projects/project-id/locations/location-id/keyRings/keyring-id/cryptoKeys/cryptokey-id/cryptoKeyVersions/cryptokeyversion-id |
| Cloud Key Management Service 金鑰環 | projects/project-id/locations/location-id/keyRings/keyring-id |
| Cloud Logging 記錄值區 | projects/project-id/locations/location-id/buckets/bucket-id |
| Cloud Logging 記錄檢視畫面 | projects/project-id/locations/location-id/buckets/bucket-id/views/view-id |
| Spanner 備份 | projects/project-id/instances/instance-id/backups/backup-id |
| Spanner 資料庫 | projects/project-id/instances/instance-id/databases/database-id |
| Spanner 執行個體 | projects/project-id/instances/instance-id |
| Cloud SQL 備份作業 | projects/project-id/instances/instance-id/backupRuns/backup-id |
| Cloud SQL 執行個體 | projects/project-id/instances/instance-id |
| Cloud Storage buckets1 | projects/_/buckets/bucket-name |
| Cloud Storage 受管理資料夾1、2 | projects/_/buckets/bucket-name/managedFolders/managed-folder-name |
| Cloud Storage 物件1, 3 | projects/_/buckets/bucket-name/objects/object-name |
| Compute Engine 全域後端服務 | projects/project-id/global/backendServices/backend-service-id |
| Compute Engine 區域後端服務 | projects/project-id/regions/region-id/backendServices/backend-service-id |
| Compute Engine 防火牆 | projects/project-id/global/firewalls/firewall-id |
| Compute Engine 全域轉送規則 | projects/project-id/global/forwardingRules/forwarding-rule-id |
| Compute Engine 區域轉送規則 | projects/project-id/regions/region-id/forwardingRules/forwarding-rule-id |
| Compute Engine 映像檔 | projects/project-id/global/images/image-id |
| Compute Engine 執行個體範本 | projects/project-id/global/instanceTemplates/instance-template-id |
| Compute Engine 執行個體 | projects/project-id/zones/zone-id/instances/instance-id |
| Compute Engine 區域永久磁碟 | projects/project-id/regions/region-id/disks/disk-id |
| Compute Engine 可用區永久磁碟 | projects/project-id/zones/zone-id/disks/disk-id |
| Compute Engine 快照 | projects/project-id/global/snapshots/snapshot-id |
| Compute Engine 全域目標 HTTP Proxy | projects/project-id/global/targetHttpProxies/target-http-proxy-id |
| Compute Engine 區域目標 HTTP Proxy | projects/project-id/regions/region-id/targetHttpProxies/target-http-proxy-id |
| Compute Engine 全域目標 HTTPS Proxy | projects/project-id/global/targetHttpsProxies/target-https-proxy-id |
| Compute Engine 區域目標 HTTPS Proxy | projects/project-id/regions/region-id/targetHttpsProxies/target-https-proxy-id |
| Compute Engine 目標 SSL Proxy | projects/project-id/global/targetSslProxies/target-ssl-proxy-id |
| Compute Engine 目標 TCP Proxy | projects/project-id/global/targetTcpProxies/target-tcp-proxy-id |
| Google Kubernetes Engine 區域叢集 | projects/project-id/zones/zone/clusters/cluster-id |
| Google Kubernetes Engine 區域叢集 | projects/project-id/locations/location/clusters/cluster-id |
| Dataform 編譯結果 | projects/project-id/locations/location/repositories/repository/compilationResults/compilation-result |
| Dataform 位置 | projects/project-id/locations/location |
| Dataform 發布設定 | projects/project-id/locations/location/repositories/repository/releaseConfigs/release-config |
| Dataform 存放區 | projects/project-id/locations/location/repositories/repository |
| Dataform 工作流程設定 | projects/project-id/locations/location/repositories/repository/workflowConfigs/workflow-config |
| Dataform 工作流程呼叫 | projects/project-id/locations/location/repositories/repository/workflowInvocations/workflow-invocation |
| Dataform 工作區 | projects/project-id/locations/location/repositories/repository/workspaces/workspace |
| Integration Connectors 連線 | projects/project-id/locations/location/connections/connection-name |
| Integration Connectors 連線結構定義中繼資料 | projects/project-id/locations/location/connections/connection-name/connectionSchemaMetadata |
| Integration Connectors 端點連結 | projects/project-id/locations/location/endpointAttachments/endpoint-attachment-name |
| Integration Connectors 事件訂閱 | projects/project-id/locations/location/eventSubscriptions/event-subscription-name |
| Integration Connectors 代管區域 | projects/project-id/locations/global/managedZones/managed-zone-name |
| Google Cloud Managed Service for Apache Kafka 叢集 | projects/project-number/locations/location/clusters/cluster-name |
| Google Cloud Managed Service for Apache Kafka 消費者群組 | projects/project-number/locations/location/clusters/cluster-name/consumerGroups/consumer-group |
| Google Cloud Managed Service for Apache Kafka 作業 | projects/project-number/locations/location/operations/operation |
| Google Cloud Managed Service for Apache Kafka 主題 | projects/project-number/locations/location/clusters/cluster-name/topics/topic-name |
| Parameter Manager 參數 | projects/project-number/locations/location/parameters/parameter-id |
| Parameter Manager 參數版本 | projects/project-number/locations/location/parameters/parameter-id/versions/version-id |
| Pub/Sub Lite 位置 | projects/project-number/locations/location |
| Pub/Sub Lite 訂閱項目 | projects/project-number/locations/location/subscriptions/subscription-id |
| Pub/Sub Lite 主題 | projects/project-number/locations/location/topics/topic-id |
| Resource Manager organizations4 | organizations/organization-name |
| Secret Manager secrets | projects/project-number/secrets/secret-id |
| Secret Manager 密碼版本5 | projects/project-number/secrets/secret-id/versions/secret-version |
1 對於 Cloud Storage,資源名稱包含底線 (_),而非專案 ID。您無法將底線替換為專案 ID、專案名稱或專案編號。
2 使用完整的受管理資料夾名稱,包括正斜線。在 Cloud Storage 中,這些字元是受管理資料夾名稱的一部分,而非路徑分隔符。
3 使用完整物件名稱,包括正斜線。在 Cloud Storage 中,這些字元是物件名稱的一部分,而非路徑分隔符。
4 列出屬於 Apigee 機構的任何類型資源時,Apigee 會使用這個格式。 5 如果條件評估的是密鑰版本的資源名稱,要求中的密鑰版本必須與條件中的密鑰版本完全一致,條件才會成立。舉例來說,如果條件中的版本是latest,只有版本為 latest 的要求才會符合條件;版本為 3 的要求則不符合條件,即使 3 是最新版本也一樣。
資源標記
您可以將標記附加至機構、專案和資料夾。任何 Google Cloud 資源都可以從這些較高層級的資源繼承標記。
您可以使用幾種不同類型的 ID 參照標記鍵和值:
-
永久 ID:全域不重複,且不得重複使用。舉例來說,標記鍵可能具有永久 ID
tagKeys/123456789012,標記值可能具有永久 IDtagValues/567890123456。 -
簡稱。每個鍵的簡稱在定義鍵的專案或機構中不得重複,且每個值的簡稱在相關聯的鍵中不得重複。舉例來說,標記鍵的簡稱可以是
env,標記值的簡稱可以是prod。 -
命名空間名稱:將機構的數字 ID 或專案 ID 新增至標記鍵的簡稱。舉例來說,為機構建立的標記鍵可能具有
123456789012/env這個命名空間名稱。如要瞭解如何取得機構 ID,請參閱「取得機構資源 ID」。為專案建立的標記鍵可能具有命名空間名稱myproject/env。如要瞭解如何取得專案 ID,請參閱「識別專案」。
具體 ID 取決於您為貴機構建立的代碼鍵和值。如要瞭解如何列出可用的標記鍵和值,請參閱「列出標記鍵」和「列出標記值」。