问题描述
我是项目的所有者,想授予其他用户权限,以查看Google Cloud Build的日志,但是我无法弄清楚该用户需要哪个角色/权限.
I am the owner of a project and want to give Permissions to another user to view Logs of Google Cloud Build, but I can not figure out which Role / Permission this user needs.
我未成功尝试的角色是:云构建编辑器,Cloud Build Viewer,Stackdriver Debugger Agent,Stackdriver Debugger用户,Cloud Trace Admin,记录管理员私人日志查看器,日志查看器监视管理员
Roles I've unsuccessfully tried are:Cloud Build Editor,Cloud Build Viewer,Stackdriver Debugger Agent,Stackdriver Debugger User,Cloud Trace Admin,Logging Admin,Private Logs Viewer,Logs Viewer,Monitoring Admin
推荐答案
Google Cloud企业支持向我确认,当前授予此权限的唯一角色是项目级查看者权限(或编辑者/所有者).
Google Cloud enterprise support confirmed to me that the only role that currently grants this is the project-level Viewer permission (or Editor/Owner).
一种解决方法是在将构建文件提交到您控制的存储桶(而不是默认的Google管理的gs://[PROJECT_NUMBER].cloudbuild-logs.googleusercontent.com/
存储桶)时设置--gcs-log-dir
标志.
One workaround is to set the --gcs-log-dir
flag when submitting a build to a bucket you control (rather than the default Google-managed gs://[PROJECT_NUMBER].cloudbuild-logs.googleusercontent.com/
bucket).
他们正在跟踪对此功能请求的更细化权限: https://issuetracker.google. com/issues/134928412 ,您可以订阅更新.
They're tracking making a more granular permission in this feature request: https://issuetracker.google.com/issues/134928412, which you can subscribe to updates on.
这篇关于Google Cloud Build-查看日志权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!