[英]How to give access to "VM Instances" to the intern? with @gmail.com email address (GCP)
I got an developer intern.我有一个开发实习生。 I need him to access GCP paid VM Instance I created so he can start developing.我需要他访问我创建的 GCP 付费 VM 实例,以便他可以开始开发。 He should have root access through sudo, and preferably his own username linux account so we can see his files when he clones repo's,installs services,etc.他应该通过 sudo 获得 root 访问权限,最好是他自己的用户名 linux 帐户,这样我们就可以在他克隆 repo、安装服务等时看到他的文件。
He should not: have access to modify instance, no access to change discs or instance size, no access to any other resource.他不应该:有权修改实例,无权更改磁盘或实例大小,无权访问任何其他资源。 Just ssh and root inside a vm.只是 ssh 和虚拟机中的 root。 His account is under his personal email abc..@gmail.com他的账户在他的个人账户下 email abc..@gmail.com
What exact permissions do I need to give him?我需要给他什么确切的权限?
a) I used the default service account, but I could switch it to project specific service account that will soon also run cloud functions. a) 我使用了默认服务帐户,但我可以将其切换到项目特定服务帐户,该帐户很快也会运行云功能。
b) For google employees, there should really be a guide/tour for "grant access" that allows people who have less then 10 vm instances follow it to grant access properly without delay or compromising security. b) 对于 google 员工,确实应该有一个“授予访问权限”的指南/导览,允许拥有少于 10 个 vm 实例的人按照它正确授予访问权限,而不会延迟或损害安全性。 He is unable to do paid work:(.他无法从事有偿工作:(。
Related:有关的:
Add the Compute OS Login External User添加计算操作系统登录外部用户
Add Project - Viewer添加项目 - 查看器
Add Compute Engine - Service Account User添加计算引擎 - 服务帐户用户
[optional]Add Compute Engine -Compute View [可选]添加计算引擎-计算视图
**although the Compute View is optional to just ssh, but it does help the developer/programmer/intern to know what they are running and recommend configuration changes when program is ready for golive. **虽然计算视图对于 ssh 是可选的,但它确实可以帮助开发人员/程序员/实习生了解他们正在运行什么,并在程序准备好上线时建议配置更改。
If you need to manage user access to your Linux VM instances, you can use one of the following methods:如果您需要管理用户对您的 Linux VM 实例的访问权限,您可以使用以下方法之一:
To give a user the ability to connect to a VM instance using SSH without granting them the ability to manage Compute Engine resources, add the user's public key to the project, or add a user's public key to a specific instance.要使用户能够使用 SSH 连接到 VM 实例而不授予他们管理 Compute Engine 资源的能力,请将用户的公钥添加到项目,或将用户的公钥添加到特定实例。 Using this method, you can avoid adding a user as a project member, while still granting them access to specific instances.使用此方法,您可以避免将用户添加为项目成员,同时仍授予他们对特定实例的访问权限。
More information about granting users SSH to VM instances can be found here .有关将用户 SSH 授予 VM 实例的更多信息,请参见此处。
Regarding your question about the roles required and why, here is more information about granting access to an organization using Cloud IAM roles.关于您关于所需角色及其原因的问题, 此处提供了有关使用 Cloud IAM 角色向组织授予访问权限的更多信息。
More information about Access control for users in Cloud compute Enginehere .有关云计算引擎中用户访问控制的更多信息,请点击此处。
About roles and permissions关于角色和权限
If you need your employee to be able to see the project you need to grant the access to the project according to your needs.如果您需要您的员工能够看到您需要根据您的需要授予项目访问权限的项目。
The basic roles are owner, editor and viewer.基本角色是所有者、编辑者和查看者。 Here you will find a more detailed explanation about roles and permissions using Cloud IAM to control the access for your project. 在这里,您将找到有关使用 Cloud IAM 控制项目访问权限的角色和权限的更详细说明。
And in this page you will find a complete list of the roles and permissions included in Cloud compute engine.在此页面中,您将找到云计算引擎中包含的角色和权限的完整列表。
On the other hand in this guide about setup OS login , the roles and permission required to complete the process are included.另一方面,在本指南中关于设置操作系统登录,包括完成该过程所需的角色和权限。 OS login is an option suitable to resolve your issue.操作系统登录是适合解决您的问题的选项。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.