堆栈内存溢出
  简体   繁体   English

Google Cloud 项目服务帐号

[英]Google Cloud Project Service Accounts

 原文  2022-06-28 20:09:09       google-cloud-platform

问题描述

I am using a Google Cloud Project to automate the creation of some users inside of our organization.我正在使用谷歌云项目来自动创建我们组织内的一些用户。 I have been using some API's that are hosted using the Google Cloud and have had no problem authenticating and using the API's, however I am not sure if I should be using a service account for this.我一直在使用一些使用 Google Cloud 托管的 API,并且在验证和使用 API 时没有问题,但是我不确定我是否应该为此使用服务帐户。 I am currently using the Google Drive API, the Google Admin SDK(Directory API), the Sheets API, and the Docs API to create some accounts and manage an error log.我目前正在使用 Google Drive API、Google Admin SDK(Directory API)、Sheets API 和 Docs API 来创建一些帐户并管理错误日志。

What I am asking is, should I be creating a service account to use the API's or is my own personal Google Workspace account okay for creating these?我要问的是,我应该创建一个服务帐户来使用 API,还是我自己的个人 Google Workspace 帐户可以创建这些帐户? Is there a site/video/something that can guide me in the right direction if I do need to create a service account.如果我确实需要创建服务帐户,是否有网站/视频/东西可以引导我朝着正确的方向前进。 I personally would rather have all of the automation using a service account for authentication, but the only videos and tutorials I found on using the service accounts are trying to use resources pertaining to Cloud Computing and service accounts that are impersonating other service accounts.我个人更愿意使用服务帐户进行身份验证来实现所有自动化,但我发现的有关使用服务帐户的唯一视频和教程是尝试使用与云计算和模拟其他服务帐户的服务帐户有关的资源。

1 个解决方案

解决方案1
 2 已采纳  2022-06-29 01:40:10

Using a Service Account is the best course of action for security reasons when you are the one giving authorization and authentication to your organization.出于安全原因,当您为组织提供授权和身份验证时,使用服务帐户是最好的做法。

It is identical to granting access to any other identity to allow a service account access to a resource.这与授予对任何其他身份的访问权限以允许服务帐户访问资源相同。 For instance, suppose you only want an application that runs on Compute Engine to be able to generate items in Cloud Storage.例如,假设您只希望在 Compute Engine 上运行的应用程序能够在 Cloud Storage 中生成项目。

As a result, instead of managing each and every one of your users, you may limit and manage service accounts, assign certain roles to specific users or groups, and keep track of them because several service accounts can be created in a project.因此,您可以限制和管理服务帐户,将某些角色分配给特定用户或组,并跟踪它们,而不是管理每个用户,因为可以在一个项目中创建多个服务帐户。

Since you use Google Workspaces, I also advise you to read the shared documentation posted in the comments by @John Hanley.由于您使用 Google Workspaces,我还建议您阅读 @John Hanley 评论中发布的共享文档。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用服务帐号在 Google Cloud 项目上启用 Dialogflow API - Enable Dialogflow API on Google Cloud Project using Service Accounts 一个项目在谷歌云平台中可以拥有的服务账户数量有上限吗? - Is there a maximum number of service accounts that a project can have in the google cloud platform? 获取 Google Cloud 服务帐户的开发者密钥 - Get developer keys for Google Cloud Service Accounts Google Cloud 如何对默认服务帐号进行身份验证? - How Google Cloud authenticates default service accounts? 有没有办法在 Google Cloud Platform 中对服务帐户进行分组? - Is there a way to group service accounts in Google Cloud Platform? 如何将 Google Play Console 和 Google Cloud 项目与不同的帐户关联 - How to link Google Play Console & Google Cloud project with different accounts 使用 REST API 向 Google Cloud Platform 上的服务帐户添加角色 - Adding roles to service accounts on Google Cloud Platform using REST API 将多个Google Cloud Service帐户用于单个计算引擎实例 - Use multiple Google Cloud Service accounts for single compute engine instance 如何更新现有服务帐号的角色 - Google Cloud Console - How to Update Roles of Existing Service Accounts - Google Cloud Console Google Cloud Datastore 和服务帐户:限制访问权限 - Google Cloud Datastore and service accounts: limit access permissions
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM