[英]Google Cloud Project Service Accounts
I am using a Google Cloud Project to automate the creation of some users inside of our organization.我正在使用谷歌云项目来自动创建我们组织内的一些用户。 I have been using some API's that are hosted using the Google Cloud and have had no problem authenticating and using the API's, however I am not sure if I should be using a service account for this.
我一直在使用一些使用 Google Cloud 托管的 API,并且在验证和使用 API 时没有问题,但是我不确定我是否应该为此使用服务帐户。 I am currently using the Google Drive API, the Google Admin SDK(Directory API), the Sheets API, and the Docs API to create some accounts and manage an error log.
我目前正在使用 Google Drive API、Google Admin SDK(Directory API)、Sheets API 和 Docs API 来创建一些帐户并管理错误日志。
What I am asking is, should I be creating a service account to use the API's or is my own personal Google Workspace account okay for creating these?我要问的是,我应该创建一个服务帐户来使用 API,还是我自己的个人 Google Workspace 帐户可以创建这些帐户? Is there a site/video/something that can guide me in the right direction if I do need to create a service account.
如果我确实需要创建服务帐户,是否有网站/视频/东西可以引导我朝着正确的方向前进。 I personally would rather have all of the automation using a service account for authentication, but the only videos and tutorials I found on using the service accounts are trying to use resources pertaining to Cloud Computing and service accounts that are impersonating other service accounts.
我个人更愿意使用服务帐户进行身份验证来实现所有自动化,但我发现的有关使用服务帐户的唯一视频和教程是尝试使用与云计算和模拟其他服务帐户的服务帐户有关的资源。
Using a Service Account is the best course of action for security reasons when you are the one giving authorization and authentication to your organization.出于安全原因,当您为组织提供授权和身份验证时,使用服务帐户是最好的做法。
It is identical to granting access to any other identity to allow a service account access to a resource.这与授予对任何其他身份的访问权限以允许服务帐户访问资源相同。 For instance, suppose you only want an application that runs on Compute Engine to be able to generate items in Cloud Storage.
例如,假设您只希望在 Compute Engine 上运行的应用程序能够在 Cloud Storage 中生成项目。
As a result, instead of managing each and every one of your users, you may limit and manage service accounts, assign certain roles to specific users or groups, and keep track of them because several service accounts can be created in a project.因此,您可以限制和管理服务帐户,将某些角色分配给特定用户或组,并跟踪它们,而不是管理每个用户,因为可以在一个项目中创建多个服务帐户。
Since you use Google Workspaces, I also advise you to read the shared documentation posted in the comments by @John Hanley.由于您使用 Google Workspaces,我还建议您阅读 @John Hanley 评论中发布的共享文档。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.