一个角色对应一组权限。
您不是直接为成员分配特定的权限,而应该为他们分配角色。 为成员分配了某个角色,即为其授予该角色包含的所有权限。
Firebase IAM 支持以下类型的角色:
原初角色:Owner、Editor 和 Viewer 三种基础角色。
预定义角色:特定于 Firebase 的精选角色,可提供比原初角色更精细的访问权限控制。
自定义角色:您为了定制一组满足具体组织要求的权限而创建的完全自定义的角色。
Owner、Editor 和 Viewer 角色
原初角色是 IAM 的基础角色,包括对所有 Firebase 产品和服务的不同级别的访问权限。
下表总结了每个角色中包含的权限。如需详细了解原初角色,请参阅 Google Cloud Platform (GCP) 文档。
使用 Firebase 控制台将这些角色分配给您的成员。
| 角色 |
权限 |
Viewer
roles/viewer |
只读权限,例如查看(但无法修改)现有资源或数据。 |
Editor
roles/editor |
Viewer 角色的所有权限,另加修改状态(例如,更改现有资源)的权限。
|
Owner
roles/owner |
Editor 角色的所有权限,另加以下权限:
- 管理项目及项目中所有资源的角色和权限。
- 为项目设置结算功能。
- 删除或恢复项目。
|
Firebase 预定义角色
Firebase 预定义角色是特定于 Firebase 的精选角色,可提供比初始角色更精细的访问权限控制。您可以为每位成员分配多个角色。
请注意,需要时,预定义角色会自动包含以下权限:
Firebase Analytics 预定义角色
使用 Firebase 控制台将这些角色分配给您的成员。
| 角色 |
说明 |
权限 |
Firebase Analytics Admin
roles/firebase.analyticsAdmin
|
具有对以下各项的完整访问权限:
|
Firebase Analytics Admin 权限
cloudnotifications.activities.list
firebase.billingPlans.get
firebase.clients.get
firebase.clients.list
firebase.links.list
firebase.projects.get
firebase.projects.list
firebaseanalytics.resources.googleAnalyticsEdit
firebaseanalytics.resources.googleAnalyticsReadAndAnalyze
firebaseextensions.configs.get
firebaseextensions.configs.list
resourcemanager.projects.get
resourcemanager.projects.getIamPolicy
resourcemanager.projects.list
|
Firebase Analytics Viewer
roles/firebase.analyticsViewer
|
具有对以下各项的只读权限:
|
Firebase Analytics Viewer 权限
cloudnotifications.activities.list
firebase.billingPlans.get
firebase.clients.get
firebase.clients.list
firebase.links.list
firebase.projects.get
firebase.projects.list
firebaseanalytics.resources.googleAnalyticsReadAndAnalyze
firebaseextensions.configs.get
firebaseextensions.configs.list
resourcemanager.projects.get
resourcemanager.projects.getIamPolicy
resourcemanager.projects.list
|
Firebase 开发预定义角色
使用 Firebase 控制台将这些角色分配给您的成员。
| 角色 |
说明 |
权限 |
Firebase Develop Admin
roles/firebase.developAdmin
|
具有对以下各项的完整访问权限:
|
Firebase Develop Admin 权限
appengine.applications.get
automl.*
clientauthconfig.brands.get
clientauthconfig.brands.list
clientauthconfig.brands.update
clientauthconfig.clients.get
clientauthconfig.clients.list
cloudfunctions.*
cloudnotifications.activities.list
datastore.*
errorreporting.groups.list
firebase.billingPlans.get
firebase.clients.get
firebase.links.list
firebase.projects.get
firebaseanalytics.resources.googleAnalyticsEdit
firebaseanalytics.resources.googleAnalyticsReadAndAnalyze
firebaseauth.*
firebasedatabase.*
firebaseextensions.configs.list
firebasehosting.*
firebaseml.*
firebaserules.*
logging.logEntries.list
monitoring.timeSeries.list
resourcemanager.projects.get
resourcemanager.projects.getIamPolicy
resourcemanager.projects.list
runtimeconfig.*
servicemanagement.projectSettings.get
serviceusage.apiKeys.get
serviceusage.apiKeys.getProjectForKey
serviceusage.apiKeys.list
serviceusage.operations.get
serviceusage.operations.list
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
storage.*
|
Firebase Develop Viewer
roles/firebase.developViewer
|
具有对以下各项的只读权限:
|
Firebase Develop Viewer 权限
automl.*.get
automl.*.list
clientauthconfig.brands.get
clientauthconfig.brands.list
cloudfunctions.functions.get
cloudfunctions.functions.list
cloudfunctions.locations.list
cloudfunctions.operations.get
cloudfunctions.operations.list
cloudnotifications.activities.list
datastore.databases.get
datastore.databases.getIamPolicy
datastore.databases.list
datastore.entities.get
datastore.entities.list
datastore.indexes.get
datastore.indexes.list
datastore.namespaces.get
datastore.namespaces.getIamPolicy
datastore.namespaces.list
datastore.statistics.get
datastore.statistics.list
errorreporting.groups.list
firebase.billingPlans.get
firebase.clients.get
firebase.links.list
firebase.projects.get
firebaseanalytics.resources.googleAnalyticsReadAndAnalyze
firebaseauth.configs.get
firebaseauth.users.get
firebasedatabase.instances.get
firebasedatabase.instances.list
firebaseextensions.configs.list
firebasehosting.sites.get
firebasehosting.sites.list
firebaseml.compressionjobs.get
firebaseml.compressionjobs.list
firebaseml.models.get
firebaseml.models.list
firebaseml.modelversions.get
firebaseml.modelversions.list
firebaserules.releases.get
firebaserules.releases.list
firebaserules.rulesets.get
firebaserules.rulesets.list
logging.logEntries.list
monitoring.timeSeries.list
resourcemanager.projects.get
resourcemanager.projects.getIamPolicy
resourcemanager.projects.list
servicemanagement.projectSettings.get
serviceusage.operations.get
serviceusage.operations.list
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
storage.buckets.get
storage.buckets.getIamPolicy
storage.buckets.list
storage.objects.get
storage.objects.getIamPolicy
storage.objects.list
|
Firebase 质量预定义角色
使用 Firebase 控制台将这些角色分配给您的成员。
| 角色 |
说明 |
权限 |
Firebase Quality Admin
roles/firebase.qualityAdmin
|
具有对以下各项的完整访问权限:
|
Firebase Quality Admin 权限
cloudnotifications.activities.list
cloudtestservice.*
cloudtoolresults.*
firebase.billingPlans.get
firebase.clients.get
firebase.links.list
firebase.projects.get
firebaseanalytics.resources.googleAnalyticsEdit
firebaseanalytics.resources.googleAnalyticsReadAndAnalyze
firebasecrash.*
firebaseextensions.configs.list
firebaseperformance.*
monitoring.timeSeries.list
resourcemanager.projects.get
resourcemanager.projects.getIamPolicy
resourcemanager.projects.list
servicemanagement.projectSettings.get
serviceusage.operations.get
serviceusage.operations.list
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
|
Firebase Quality Viewer
roles/firebase.qualityViewer
|
具有对以下各项的只读权限:
|
Firebase Quality Viewer 权限
cloudnotifications.activities.list
cloudtestservice.environmentcatalog.get
cloudtestservice.matrices.get
cloudtoolresults.executions.get
cloudtoolresults.executions.list
cloudtoolresults.histories.get
cloudtoolresults.histories.list
cloudtoolresults.settings.get
cloudtoolresults.steps.get
cloudtoolresults.steps.list
firebase.billingPlans.get
firebase.clients.get
firebase.links.list
firebase.projects.get
firebaseanalytics.resources.googleAnalyticsReadAndAnalyze
firebasecrash.reports.get
firebaseextensions.configs.list
firebaseperformance.data.get
monitoring.timeSeries.list
resourcemanager.projects.get
resourcemanager.projects.getIamPolicy
resourcemanager.projects.list
servicemanagement.projectSettings.get
serviceusage.operations.get
serviceusage.operations.list
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
|
Firebase 发展预定义角色
使用 Firebase 控制台将这些角色分配给您的成员。
| 角色 |
说明 |
权限 |
Firebase Grow Admin
roles/firebase.growthAdmin
|
具有对以下各项的完整访问权限:
|
Firebase Grow Admin 权限
clientauthconfig.clients.get
clientauthconfig.clients.list
cloudconfig.*
cloudnotifications.activities.list
firebase.billingPlans.get
firebase.clients.get
firebase.links.list
firebase.projects.get
firebaseabt.*
firebaseanalytics.resources.googleAnalyticsEdit
firebaseanalytics.resources.googleAnalyticsReadAndAnalyze
firebasedynamiclinks.*
firebaseextensions.configs.list
firebaseinappmessaging.*
firebasenotifications.*
firebasepredictions.*
monitoring.timeSeries.list
resourcemanager.projects.get
resourcemanager.projects.getIamPolicy
resourcemanager.projects.list
servicemanagement.projectSettings.get
serviceusage.operations.get
serviceusage.operations.list
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
|
Firebase Grow Viewer
roles/firebase.growthViewer
|
具有对以下各项的只读权限:
|
Firebase Grow Viewer 权限
cloudconfig.configs.get
cloudnotifications.activities.list
firebase.billingPlans.get
firebase.clients.get
firebase.links.list
firebase.projects.get
firebaseabt.experimentresults.get
firebaseabt.experiments.get
firebaseabt.experiments.list
firebaseabt.projectmetadata.get
firebaseanalytics.resources.googleAnalyticsReadAndAnalyze
firebasedynamiclinks.domains.get
firebasedynamiclinks.domains.list
firebasedynamiclinks.destinations.list
firebasedynamiclinks.links.get
firebasedynamiclinks.links.list
firebasedynamiclinks.stats.get
firebaseextensions.configs.list
firebaseinappmessaging.campaigns.get
firebaseinappmessaging.campaigns.list
firebasenotifications.messages.get
firebasenotifications.messages.list
firebasepredictions.predictions.list
monitoring.timeSeries.list
resourcemanager.projects.get
resourcemanager.projects.getIamPolicy
resourcemanager.projects.list
servicemanagement.projectSettings.get
serviceusage.operations.get
serviceusage.operations.list
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
|
Firebase 预定义角色
使用 GCP Console 将这些角色分配给您的成员。
| 角色 |
说明 |
权限 |
Firebase Admin
roles/firebase.admin
|
对所有 Firebase 服务具有完整访问权限
|
Firebase Admin 权限
以下各项包含所有的权限:
其他权限
- clientauthconfig.clients.create
- clientauthconfig.clients.delete
- clientauthconfig.clients.update
|
Firebase Viewer
roles/firebase.viewer
|
对所有 Firebase 服务拥有只读权限
|
|
自定义角色
自定义角色是您为了定制一组满足具体组织要求的权限而创建的完全自定义的 IAM 角色。如需详细了解自定义角色,请参阅 Google Cloud Platform (GCP) 文档。
您可以使用特定于 Firebase 的权限及其他 GCP 产品中的许多其他权限创建自定义角色。
