我想这会满足你的要求。
该方法基本上是使用带有batchget方法的谷歌云资产库存API。https://cloud.google.com/asset-inventory/docs/reference/rest/v1/ effectiveIamPolicies/batchGet https://cloud.google.com/asset-inventory/docs/reference/rest/v1/effectiveIamPolicies/batchGet
如果您导航到以下网址,该页面还应该启动“尝试此方法弹出屏幕”,请参见下面的屏幕截图。
在范围部分中,按以下格式输入以下值:
scope = projects/ENTERYOURPROJECTNAME
names = //bigquery.googleapis.com/projects/YOURPROJECTNAME/datasets/YOURDATASET
然后“执行”,这将要求您使用控制台凭据登录,完成后,您应该看到图像示例 json 输出中的响应
最后,如果这个答案,请将我的帖子标记为已回答:-)
{
"policyResults": [
{
"fullResourceName": "//bigquery.googleapis.com/projects/YOURPROJCETNAME/datasets/mydataset",
"policies": [
{
"attachedResource": "//bigquery.googleapis.com/projects/YOURPROJECTNAME/datasets/YOURDATASET",
"policy": {
"bindings": [
{
"role": "roles/bigquery.dataEditor",
"members": [
"projectEditor:YOURPROJECTNAME"
]
},
{
"role": "roles/bigquery.dataOwner",
"members": [
"projectOwner:YOURPROJECTNAME",
"user:[email protected] /cdn-cgi/l/email-protection"
]
},
{
"role": "roles/bigquery.dataViewer",
"members": [
"projectViewer:YOURPROJECTNAME"
]
}
]
}
},
{
"attachedResource": "//cloudresourcemanager.googleapis.com/projects/YOURPROJECTNAME",
"policy": {
"bindings": [
{
"role": "roles/artifactregistry.serviceAgent",
"members": [
"serviceAccount:service-123456789101@gcp-sa-artifactregistry.iam.gserviceaccount.com"
]
},
{
"role": "roles/bigquery.admin",
"members": [
"serviceAccount:[email protected] /cdn-cgi/l/email-protection",
"user:[email protected] /cdn-cgi/l/email-protection",
"user:[email protected] /cdn-cgi/l/email-protection"
]
},
{
"role": "roles/bigquery.dataEditor",
"members": [
"user:[email protected] /cdn-cgi/l/email-protection"
]
},
{
"role": "roles/bigquery.jobUser",
"members": [
"serviceAccount:[email protected] /cdn-cgi/l/email-protection"
]
},
{
"role": "roles/bigquery.readSessionUser",
"members": [
"serviceAccount:[email protected] /cdn-cgi/l/email-protection"
]
},
{
"role": "roles/bigquerydatatransfer.serviceAgent",
"members": [
"serviceAccount:service-123456789101@gcp-sa-bigquerydatatransfer.iam.gserviceaccount.com"
]
},
{
"role": "roles/cloudbuild.builds.builder",
"members": [
"serviceAccount:[email protected] /cdn-cgi/l/email-protection"
]
},
{
"role": "roles/cloudbuild.serviceAgent",
"members": [
"serviceAccount:[email protected] /cdn-cgi/l/email-protection"
]
},
{
"role": "roles/cloudfunctions.serviceAgent",
"members": [
"serviceAccount:[email protected] /cdn-cgi/l/email-protection"
]
},
{
"role": "roles/cloudscheduler.serviceAgent",
"members": [
"serviceAccount:service-123456789101@gcp-sa-cloudscheduler.iam.gserviceaccount.com"
]
},
{
"role": "roles/cloudtasks.serviceAgent",
"members": [
"serviceAccount:[email protected] /cdn-cgi/l/email-protection"
]
},
{
"role": "roles/cloudtranslate.admin",
"members": [
"serviceAccount:[email protected] /cdn-cgi/l/email-protection"
]
},
{
"role": "roles/composer.serviceAgent",
"members": [
"serviceAccount:service-123456789101@cloudcomposer-accounts.iam.gserviceaccount.com"
]
},
{
"role": "roles/compute.serviceAgent",
"members": [
"serviceAccount:[email protected] /cdn-cgi/l/email-protection"
]
},
{
"role": "roles/connectors.serviceAgent",
"members": [
"serviceAccount:[email protected] /cdn-cgi/l/email-protection"
]
},
{
"role": "roles/container.serviceAgent",
"members": [
"serviceAccount:service-123456789101@container-engine-robot.iam.gserviceaccount.com"
]
},
{
"role": "roles/containerregistry.ServiceAgent",
"members": [
"serviceAccount:[email protected] /cdn-cgi/l/email-protection"
]
},
{
"role": "roles/datacatalog.admin",
"members": [
"user:[email protected] /cdn-cgi/l/email-protection"
]
},
{
"role": "roles/datacatalog.categoryAdmin",
"members": [
"user:[email protected] /cdn-cgi/l/email-protection"
]
},
{
"role": "roles/dataflow.serviceAgent",
"members": [
"serviceAccount:service-123456789101@dataflow-service-producer-prod.iam.gserviceaccount.com"
]
},
{
"role": "roles/dataform.serviceAgent",
"members": [
"serviceAccount:[email protected] /cdn-cgi/l/email-protection"
]
},
{
"role": "roles/datafusion.serviceAgent",
"members": [
"serviceAccount:[email protected] /cdn-cgi/l/email-protection"
]
},
{
"role": "roles/datalineage.admin",
"members": [
"user:[email protected] /cdn-cgi/l/email-protection"
]
},
{
"role": "roles/datapipelines.serviceAgent",
"members": [
"serviceAccount:service-123456789101@gcp-sa-datapipelines.iam.gserviceaccount.com"
]
},
{
"role": "roles/dataproc.serviceAgent",
"members": [
"serviceAccount:[email protected] /cdn-cgi/l/email-protection"
]
},
{
"role": "roles/editor",
"members": [
"serviceAccount:[email protected] /cdn-cgi/l/email-protection",
"serviceAccount:[email protected] /cdn-cgi/l/email-protection",
"serviceAccount:[email protected] /cdn-cgi/l/email-protection",
"serviceAccount:[email protected] /cdn-cgi/l/email-protection"
]
},
{
"role": "roles/eventarc.eventReceiver",
"members": [
"serviceAccount:[email protected] /cdn-cgi/l/email-protection"
]
},
{
"role": "roles/eventarc.serviceAgent",
"members": [
"serviceAccount:[email protected] /cdn-cgi/l/email-protection"
]
},
{
"role": "roles/iam.serviceAccountTokenCreator",
"members": [
"serviceAccount:[email protected] /cdn-cgi/l/email-protection"
]
},
{
"role": "roles/integrations.serviceAgent",
"members": [
"serviceAccount:[email protected] /cdn-cgi/l/email-protection"
]
},
{
"role": "roles/owner",
"members": [
"user:[email protected] /cdn-cgi/l/email-protection",
"user:[email protected] /cdn-cgi/l/email-protection",
"user:[email protected] /cdn-cgi/l/email-protection"
]
},
{
"role": "roles/pubsub.serviceAgent",
"members": [
"serviceAccount:[email protected] /cdn-cgi/l/email-protection"
]
},
{
"role": "roles/resourcemanager.organizationAdmin",
"members": [
"user:[email protected] /cdn-cgi/l/email-protection"
]
},
{
"role": "roles/resourcemanager.projectIamAdmin",
"members": [
"user:[email protected] /cdn-cgi/l/email-protection"
]
},
{
"role": "roles/resourcemanager.projectOwnerInvitee",
"members": [
"user:[email protected] /cdn-cgi/l/email-protection"
]
},
{
"role": "roles/run.serviceAgent",
"members": [
"serviceAccount:service-123456789101@serverless-robot-prod.iam.gserviceaccount.com"
]
},
{
"role": "roles/source.reader",
"members": [
"serviceAccount:service-bihag-trfm-yourprojectname@YOURPROJECTNAME.iam.gserviceaccount.com"
]
},
{
"role": "roles/storage.admin",
"members": [
"serviceAccount:[email protected] /cdn-cgi/l/email-protection"
]
},
{
"role": "roles/viewer",
"members": [
"user:[email protected] /cdn-cgi/l/email-protection",
"user:[email protected] /cdn-cgi/l/email-protection",
"user:[email protected] /cdn-cgi/l/email-protection",
"user:[email protected] /cdn-cgi/l/email-protection"
]
},
{
"role": "roles/workflows.serviceAgent",
"members": [
"serviceAccount:[email protected] /cdn-cgi/l/email-protection"
]
}
]
}
}
]
}
]
}