问题描述
我是一个项目的所有者,想将权限授予另一个用户以查看 Google Cloud Build 的日志,但我不知道该用户需要哪个角色/权限.
I am the owner of a project and want to give Permissions to another user to view Logs of Google Cloud Build, but I can not figure out which Role / Permission this user needs.
我尝试失败的角色是:云构建编辑器,云构建查看器,Stackdriver 调试器代理,Stackdriver 调试器用户,云跟踪管理员,日志管理员,私人日志查看器,日志查看器,监控管理员
推荐答案
Google Cloud 企业支持人员向我确认,目前授予此权限的唯一角色是项目级查看者权限(或编辑者/所有者).
Google Cloud enterprise support confirmed to me that the only role that currently grants this is the project-level Viewer permission (or Editor/Owner).
一种解决方法是在将构建提交到您控制的存储桶时设置 --gcs-log-dir
标志(而不是默认的 Google 管理的 gs://[PROJECT_NUMBER].cloudbuild-logs.googleusercontent.com/
存储桶).
One workaround is to set the --gcs-log-dir
flag when submitting a build to a bucket you control (rather than the default Google-managed gs://[PROJECT_NUMBER].cloudbuild-logs.googleusercontent.com/
bucket).
他们正在跟踪此功能请求中的更细化权限:https://issuetracker.google.com/issues/134928412,您可以订阅更新.
They're tracking making a more granular permission in this feature request: https://issuetracker.google.com/issues/134928412, which you can subscribe to updates on.
这篇关于Google Cloud Build - 查看日志权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!