Workflows 角色和權限
本頁說明 Identity and Access Management (IAM) 角色和權限,可用於控管工作流程資源的存取權。
總覽
Workflows 使用 IAM 進行存取權控管。
如要進一步瞭解如何使用 IAM 控管存取權,請參閱「管理專案、資料夾和機構的存取權」。
每個 Workflows 方法都要求呼叫者具備必要權限。如需 Workflows 支援的角色清單及其對應權限,請參閱本文件的「Workflows 角色」一節。
Workflows 權限
下表說明 Workflows 中的可用權限。
| 權限 |
定義 |
workflows.callbacks.list |
列出工作流程執行作業的回呼。 |
workflows.callbacks.send |
觸發工作流程執行回呼。 |
workflows.executions.cancel |
取消工作流程執行作業,但不刪除追蹤記錄。 |
workflows.executions.create |
觸發工作流程執行作業。 |
workflows.executions.get |
取得工作流程執行作業的最新狀態。 |
workflows.executions.list |
列出工作流程的執行作業。 |
workflows.locations.get |
取得工作流程的位置。 |
workflows.locations.list |
列出可使用該服務的位置。 |
workflows.operations.cancel |
取消長時間執行的作業。 |
workflows.operations.get |
取得長時間執行作業的詳細資料。 |
workflows.operations.list |
取得長時間執行作業的清單。 |
workflows.stepEntries.get |
取得工作流程執行作業的步驟項目。 |
workflows.stepEntries.list |
列出工作流程執行作業的步驟項目。 |
workflows.workflows.create |
建立及部署新的工作流程。 |
workflows.workflows.delete |
刪除現有的工作流程。 |
workflows.workflows.get |
取得工作流程的設定,包括原始碼、標籤和說明。 |
workflows.workflows.list |
列出專案中的工作流程。 |
workflows.workflows.listRevision |
列出工作流程的修訂版本。 |
workflows.workflows.update |
更新工作流程的設定,包括原始碼、標籤和說明。 |
工作流程角色
下表列出 Workflows 預先定義的 IAM 角色,以及各角色具備的所有權限對應清單。
可用的角色可因應多數一般用途。如果您的用途不屬於現有角色的範疇,您可以建立 IAM 自訂角色。
| Role |
Permissions |
Workflows Admin
(roles/workflows.admin)
Full access to workflows and related resources.
Lowest-level resources where you can grant this role:
|
resourcemanager.projects.get
resourcemanager.projects.list
workflows.*
workflows.callbacks.listworkflows.callbacks.sendworkflows.executions.cancelworkflows.executions.createworkflows.executions.getworkflows.executions.listworkflows.locations.getworkflows.locations.listworkflows.operations.cancelworkflows.operations.getworkflows.operations.listworkflows.stepEntries.getworkflows.stepEntries.listworkflows.workflows.createworkflows.workflows.createTagBindingworkflows.workflows.deleteworkflows.workflows.deleteTagBindingworkflows.workflows.getworkflows.workflows.listworkflows.workflows.listEffectiveTagsworkflows.workflows.listRevisionworkflows.workflows.listTagBindingsworkflows.workflows.update
|
Workflows Editor
(roles/workflows.editor)
Read and write access to workflows and related resources, including development and debugging of workflows.
Lowest-level resources where you can grant this role:
|
resourcemanager.projects.get
resourcemanager.projects.list
workflows.*
workflows.callbacks.listworkflows.callbacks.sendworkflows.executions.cancelworkflows.executions.createworkflows.executions.getworkflows.executions.listworkflows.locations.getworkflows.locations.listworkflows.operations.cancelworkflows.operations.getworkflows.operations.listworkflows.stepEntries.getworkflows.stepEntries.listworkflows.workflows.createworkflows.workflows.createTagBindingworkflows.workflows.deleteworkflows.workflows.deleteTagBindingworkflows.workflows.getworkflows.workflows.listworkflows.workflows.listEffectiveTagsworkflows.workflows.listRevisionworkflows.workflows.listTagBindingsworkflows.workflows.update
|
Workflows Invoker
(roles/workflows.invoker)
Access to execute workflows and manage the executions using the API. Does not provide access to develop and debug workflows.
Lowest-level resources where you can grant this role:
|
resourcemanager.projects.get
resourcemanager.projects.list
workflows.callbacks.*
workflows.callbacks.listworkflows.callbacks.send
workflows.executions.*
workflows.executions.cancelworkflows.executions.createworkflows.executions.getworkflows.executions.list
workflows.stepEntries.*
workflows.stepEntries.getworkflows.stepEntries.list
|
Cloud Workflows Service Agent
(roles/workflows.serviceAgent)
Gives Cloud Workflows service account access to managed resources.
|
container.clusters.connect
iam.serviceAccounts.get
iam.serviceAccounts.getAccessToken
iam.serviceAccounts.getOpenIdToken
serviceusage.services.use
|
Workflows Viewer
(roles/workflows.viewer)
Read-only access to workflows and related resources.
Lowest-level resources where you can grant this role:
|
resourcemanager.projects.get
resourcemanager.projects.list
workflows.callbacks.list
workflows.executions.get
workflows.executions.list
workflows.locations.*
workflows.locations.getworkflows.locations.list
workflows.operations.get
workflows.operations.list
workflows.stepEntries.*
workflows.stepEntries.getworkflows.stepEntries.list
workflows.workflows.get
workflows.workflows.list
workflows.workflows.listEffectiveTags
workflows.workflows.listRevision
workflows.workflows.listTagBindings
|
後續步驟
建立及管理自訂角色
除非另有註明,否則本頁面中的內容是採用創用 CC 姓名標示 4.0 授權,程式碼範例則為阿帕契 2.0 授權。詳情請參閱《Google Developers 網站政策》。Java 是 Oracle 和/或其關聯企業的註冊商標。
上次更新時間:2025-10-24 (世界標準時間)。
[[["容易理解","easyToUnderstand","thumb-up"],["確實解決了我的問題","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["難以理解","hardToUnderstand","thumb-down"],["資訊或程式碼範例有誤","incorrectInformationOrSampleCode","thumb-down"],["缺少我需要的資訊/範例","missingTheInformationSamplesINeed","thumb-down"],["翻譯問題","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["上次更新時間:2025-10-24 (世界標準時間)。"],[],[]]