权限

本节详细介绍了 NSX Advanced Load Balancer 的各种角色的定义。

网络项目

此处列出了网络项目角色、服务引擎项目角色和存储项目角色的角色定义（角色包含的权限列表）：


权限	角色定义文件
compute.networks.get compute.networks.list compute.networks.updatePolicy compute.regions.get compute.routes.create compute.routes.delete compute.routes.get compute.routes.list compute.subnetworks.get compute.subnetworks.list compute.subnetworks.use	network_project_role.yaml

服务引擎项目


权限	角色定义文件
compute.addresses.create compute.addresses.delete compute.addresses.get compute.addresses.list compute.addresses.use compute.disks.create compute.forwardingRules.get compute.forwardingRules.create compute.forwardingRules.delete compute.forwardingRules.list compute.globalOperations.get compute.images.create compute.images.delete compute.images.get compute.images.list compute.images.setLabels compute.images.useReadOnly compute.instances.create compute.instances.delete compute.instances.get compute.instances.list compute.instances.setLabels compute.instances.setMetadata compute.instances.setTags compute.instances.use compute.machineTypes.get compute.machineTypes.list compute.regionOperations.get compute.regions.get compute.regions.list compute.targetPools.addInstance compute.targetPools.create compute.targetPools.delete compute.targetPools.get compute.targetPools.list compute.targetPools.removeInstance compute.targetPools.use compute.zoneOperations.get compute.zones.list	service_engine_project_role.yaml

GCP 实例组自动缩放服务引擎项目


权限	角色定义文件
pubsub.subscriptions.consume pubsub.subscriptions.create pubsub.subscriptions.delete pubsub.subscriptions.get pubsub.subscriptions.list pubsub.topics.attachSubscription pubsub.topics.create pubsub.topics.delete pubsub.topics.get pubsub.topics.getIamPolicy pubsub.topics.list pubsub.topics.setIamPolicy	autoscaling_service_engine_project_role.yaml

ILB、BYOIP 服务引擎项目


权限	角色定义文件
compute.addresses.create compute.addresses.createInternal compute.addresses.delete compute.addresses.deleteInternal compute.addresses.get compute.addresses.list compute.addresses.setLabels compute.addresses.use compute.addresses.useInternal compute.healthChecks.create compute.healthChecks.delete compute.healthChecks.get compute.healthChecks.list compute.healthChecks.update compute.healthChecks.use compute.healthChecks.useReadOnly compute.instanceGroups.create compute.instanceGroups.delete compute.instanceGroups.get compute.instanceGroups.list compute.instanceGroups.update compute.instanceGroups.use compute.regionBackendServices.create compute.regionBackendServices.delete compute.regionBackendServices.get compute.regionBackendServices.list compute.regionBackendServices.setSecurityPolicy compute.regionBackendServices.update compute.regionBackendServices.use	ilb_service_engine_project_role.yaml

存储项目


权限	角色定义文件
storage.buckets.create storage.buckets.delete storage.objects.create storage.objects.delete storage.objects.list	storage_project_role.yaml

GCP 实例组自动缩放服务器项目


权限	角色定义文件
compute.instanceGroupManagers.list compute.instanceGroups.get compute.instanceGroups.list compute.instances.get compute.instances.list compute.projects.get logging.sinks.create logging.sinks.delete logging.sinks.get logging.sinks.list logging.sinks.update	server_project_role.yaml

集群 IP


权限	角色定义文件
compute.instances.get compute.instances.list compute.instances.updateNetworkInterface	cluster_vip_role.yaml

服务帐户项目


权限	角色定义文件
compute.instances.setServiceAccount iam.serviceAccountUser	在 GCP 中预先创建

在 GCP 中创建角色

您可以使用 gcloud 命令行工具或 GCP 控制台创建自定义角色。