Certificate Authority Service 角色和权限

本页面列出了 Certificate Authority Service 的 IAM 角色和权限。如需搜索所有角色和权限，请参阅角色和权限索引。

Certificate Authority Service 角色

Role Permissions

Role	Permissions
CA Service Admin (`roles/privateca.admin`) Full access to all CA Service resources.	`privateca.*` `privateca.caPools.create` `privateca.caPools.createTagBinding` `privateca.caPools.delete` `privateca.caPools.deleteTagBinding` `privateca.caPools.get` `privateca.caPools.getIamPolicy` `privateca.caPools.list` `privateca.caPools.listEffectiveTags` `privateca.caPools.listTagBindings` `privateca.caPools.setIamPolicy` `privateca.caPools.update` `privateca.caPools.use` `privateca.certificateAuthorities.create` `privateca.certificateAuthorities.delete` `privateca.certificateAuthorities.get` `privateca.certificateAuthorities.getIamPolicy` `privateca.certificateAuthorities.list` `privateca.certificateAuthorities.setIamPolicy` `privateca.certificateAuthorities.update` `privateca.certificateRevocationLists.create` `privateca.certificateRevocationLists.get` `privateca.certificateRevocationLists.getIamPolicy` `privateca.certificateRevocationLists.list` `privateca.certificateRevocationLists.setIamPolicy` `privateca.certificateRevocationLists.update` `privateca.certificateTemplates.create` `privateca.certificateTemplates.createTagBinding` `privateca.certificateTemplates.delete` `privateca.certificateTemplates.deleteTagBinding` `privateca.certificateTemplates.get` `privateca.certificateTemplates.getIamPolicy` `privateca.certificateTemplates.list` `privateca.certificateTemplates.listEffectiveTags` `privateca.certificateTemplates.listTagBindings` `privateca.certificateTemplates.setIamPolicy` `privateca.certificateTemplates.update` `privateca.certificateTemplates.use` `privateca.certificates.create` `privateca.certificates.createForSelf` `privateca.certificates.get` `privateca.certificates.getIamPolicy` `privateca.certificates.list` `privateca.certificates.setIamPolicy` `privateca.certificates.update` `privateca.locations.get` `privateca.locations.list` `privateca.operations.cancel` `privateca.operations.delete` `privateca.operations.get` `privateca.operations.list` `privateca.reusableConfigs.create` `privateca.reusableConfigs.delete` `privateca.reusableConfigs.get` `privateca.reusableConfigs.getIamPolicy` `privateca.reusableConfigs.list` `privateca.reusableConfigs.setIamPolicy` `privateca.reusableConfigs.update` `resourcemanager.projects.get` `resourcemanager.projects.list` `storage.buckets.create`
CA Service Auditor (`roles/privateca.auditor`) Read-only access to all CA Service resources.	`privateca.caPools.get` `privateca.caPools.getIamPolicy` `privateca.caPools.list` `privateca.certificateAuthorities.get` `privateca.certificateAuthorities.getIamPolicy` `privateca.certificateAuthorities.list` `privateca.certificateRevocationLists.get` `privateca.certificateRevocationLists.getIamPolicy` `privateca.certificateRevocationLists.list` `privateca.certificateTemplates.get` `privateca.certificateTemplates.getIamPolicy` `privateca.certificateTemplates.list` `privateca.certificates.get` `privateca.certificates.getIamPolicy` `privateca.certificates.list` `privateca.locations.*` `privateca.locations.get` `privateca.locations.list` `privateca.operations.get` `privateca.operations.list` `privateca.reusableConfigs.get` `privateca.reusableConfigs.getIamPolicy` `privateca.reusableConfigs.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
CA Service Operation Manager (`roles/privateca.caManager`) Create and manage CAs, revoke certificates, create certificates templates, and read-only access for CA Service resources.	`privateca.caPools.create` `privateca.caPools.createTagBinding` `privateca.caPools.delete` `privateca.caPools.deleteTagBinding` `privateca.caPools.get` `privateca.caPools.getIamPolicy` `privateca.caPools.list` `privateca.caPools.listEffectiveTags` `privateca.caPools.listTagBindings` `privateca.caPools.update` `privateca.certificateAuthorities.create` `privateca.certificateAuthorities.delete` `privateca.certificateAuthorities.get` `privateca.certificateAuthorities.getIamPolicy` `privateca.certificateAuthorities.list` `privateca.certificateAuthorities.update` `privateca.certificateRevocationLists.get` `privateca.certificateRevocationLists.getIamPolicy` `privateca.certificateRevocationLists.list` `privateca.certificateRevocationLists.update` `privateca.certificateTemplates.create` `privateca.certificateTemplates.createTagBinding` `privateca.certificateTemplates.delete` `privateca.certificateTemplates.deleteTagBinding` `privateca.certificateTemplates.get` `privateca.certificateTemplates.getIamPolicy` `privateca.certificateTemplates.list` `privateca.certificateTemplates.listEffectiveTags` `privateca.certificateTemplates.listTagBindings` `privateca.certificateTemplates.update` `privateca.certificates.get` `privateca.certificates.getIamPolicy` `privateca.certificates.list` `privateca.certificates.update` `privateca.locations.*` `privateca.locations.get` `privateca.locations.list` `privateca.operations.get` `privateca.operations.list` `privateca.reusableConfigs.create` `privateca.reusableConfigs.delete` `privateca.reusableConfigs.get` `privateca.reusableConfigs.getIamPolicy` `privateca.reusableConfigs.list` `privateca.reusableConfigs.update` `resourcemanager.projects.get` `resourcemanager.projects.list` `storage.buckets.create`
CA Service Certificate Manager (`roles/privateca.certificateManager`) Create certificates and read-only access for CA Service resources.	`privateca.caPools.get` `privateca.caPools.getIamPolicy` `privateca.caPools.list` `privateca.caPools.listEffectiveTags` `privateca.caPools.listTagBindings` `privateca.certificateAuthorities.get` `privateca.certificateAuthorities.getIamPolicy` `privateca.certificateAuthorities.list` `privateca.certificateRevocationLists.get` `privateca.certificateRevocationLists.getIamPolicy` `privateca.certificateRevocationLists.list` `privateca.certificateTemplates.get` `privateca.certificateTemplates.getIamPolicy` `privateca.certificateTemplates.list` `privateca.certificateTemplates.listEffectiveTags` `privateca.certificateTemplates.listTagBindings` `privateca.certificates.create` `privateca.certificates.get` `privateca.certificates.getIamPolicy` `privateca.certificates.list` `privateca.locations.*` `privateca.locations.get` `privateca.locations.list` `privateca.operations.get` `privateca.operations.list` `privateca.reusableConfigs.get` `privateca.reusableConfigs.getIamPolicy` `privateca.reusableConfigs.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
CA Service Certificate Requester (`roles/privateca.certificateRequester`) Request certificates from CA Service.	`privateca.certificates.create`
CA Service Pool Reader (`roles/privateca.poolReader`) Read CA Pools in CA Service.	`privateca.caPools.get`
CA Service Certificate Template User (`roles/privateca.templateUser`) Read, list and use certificate templates.	`privateca.certificateTemplates.get` `privateca.certificateTemplates.list` `privateca.certificateTemplates.use`
CA Service Workload Certificate Requester (`roles/privateca.workloadCertificateRequester`) Request certificates from CA Service with caller's identity.	`privateca.certificates.createForSelf`

CA Service Admin

(roles/privateca.admin)

Full access to all CA Service resources.

privateca.*

privateca.caPools.create
privateca.caPools.createTagBinding
privateca.caPools.delete
privateca.caPools.deleteTagBinding
privateca.caPools.get
privateca.caPools.getIamPolicy
privateca.caPools.list
privateca.caPools.listEffectiveTags
privateca.caPools.listTagBindings
privateca.caPools.setIamPolicy
privateca.caPools.update
privateca.caPools.use
privateca.certificateAuthorities.create
privateca.certificateAuthorities.delete
privateca.certificateAuthorities.get
privateca.certificateAuthorities.getIamPolicy
privateca.certificateAuthorities.list
privateca.certificateAuthorities.setIamPolicy
privateca.certificateAuthorities.update
privateca.certificateRevocationLists.create
privateca.certificateRevocationLists.get
privateca.certificateRevocationLists.getIamPolicy
privateca.certificateRevocationLists.list
privateca.certificateRevocationLists.setIamPolicy
privateca.certificateRevocationLists.update
privateca.certificateTemplates.create
privateca.certificateTemplates.createTagBinding
privateca.certificateTemplates.delete
privateca.certificateTemplates.deleteTagBinding
privateca.certificateTemplates.get
privateca.certificateTemplates.getIamPolicy
privateca.certificateTemplates.list
privateca.certificateTemplates.listEffectiveTags
privateca.certificateTemplates.listTagBindings
privateca.certificateTemplates.setIamPolicy
privateca.certificateTemplates.update
privateca.certificateTemplates.use
privateca.certificates.create
privateca.certificates.createForSelf
privateca.certificates.get
privateca.certificates.getIamPolicy
privateca.certificates.list
privateca.certificates.setIamPolicy
privateca.certificates.update
privateca.locations.get
privateca.locations.list
privateca.operations.cancel
privateca.operations.delete
privateca.operations.get
privateca.operations.list
privateca.reusableConfigs.create
privateca.reusableConfigs.delete
privateca.reusableConfigs.get
privateca.reusableConfigs.getIamPolicy
privateca.reusableConfigs.list
privateca.reusableConfigs.setIamPolicy
privateca.reusableConfigs.update

resourcemanager.projects.get

resourcemanager.projects.list

storage.buckets.create

CA Service Auditor

(roles/privateca.auditor)

Read-only access to all CA Service resources.

privateca.caPools.get

privateca.caPools.getIamPolicy

privateca.caPools.list

privateca.certificateAuthorities.get

privateca.certificateAuthorities.getIamPolicy

privateca.certificateAuthorities.list

privateca.certificateRevocationLists.get

privateca.certificateRevocationLists.getIamPolicy

privateca.certificateRevocationLists.list

privateca.certificateTemplates.get

privateca.certificateTemplates.getIamPolicy

privateca.certificateTemplates.list

privateca.certificates.get

privateca.certificates.getIamPolicy

privateca.certificates.list

privateca.locations.*

privateca.locations.get
privateca.locations.list

privateca.operations.get

privateca.operations.list

privateca.reusableConfigs.get

privateca.reusableConfigs.getIamPolicy

privateca.reusableConfigs.list

resourcemanager.projects.get

resourcemanager.projects.list

CA Service Operation Manager

(roles/privateca.caManager)

Create and manage CAs, revoke certificates, create certificates templates, and read-only access for CA Service resources.

privateca.caPools.create

privateca.caPools.createTagBinding

privateca.caPools.delete

privateca.caPools.deleteTagBinding

privateca.caPools.get

privateca.caPools.getIamPolicy

privateca.caPools.list

privateca.caPools.listEffectiveTags

privateca.caPools.listTagBindings

privateca.caPools.update

privateca.certificateAuthorities.create

privateca.certificateAuthorities.delete

privateca.certificateAuthorities.get

privateca.certificateAuthorities.getIamPolicy

privateca.certificateAuthorities.list

privateca.certificateAuthorities.update

privateca.certificateRevocationLists.get

privateca.certificateRevocationLists.getIamPolicy

privateca.certificateRevocationLists.list

privateca.certificateRevocationLists.update

privateca.certificateTemplates.create

privateca.certificateTemplates.createTagBinding

privateca.certificateTemplates.delete

privateca.certificateTemplates.deleteTagBinding

privateca.certificateTemplates.get

privateca.certificateTemplates.getIamPolicy

privateca.certificateTemplates.list

privateca.certificateTemplates.listEffectiveTags

privateca.certificateTemplates.listTagBindings

privateca.certificateTemplates.update

privateca.certificates.get

privateca.certificates.getIamPolicy

privateca.certificates.list

privateca.certificates.update

privateca.locations.*

privateca.locations.get
privateca.locations.list

privateca.operations.get

privateca.operations.list

privateca.reusableConfigs.create

privateca.reusableConfigs.delete

privateca.reusableConfigs.get

privateca.reusableConfigs.getIamPolicy

privateca.reusableConfigs.list

privateca.reusableConfigs.update

resourcemanager.projects.get

resourcemanager.projects.list

storage.buckets.create

CA Service Certificate Manager

(roles/privateca.certificateManager)

Create certificates and read-only access for CA Service resources.

privateca.caPools.get

privateca.caPools.getIamPolicy

privateca.caPools.list

privateca.caPools.listEffectiveTags

privateca.caPools.listTagBindings

privateca.certificateAuthorities.get

privateca.certificateAuthorities.getIamPolicy

privateca.certificateAuthorities.list

privateca.certificateRevocationLists.get

privateca.certificateRevocationLists.getIamPolicy

privateca.certificateRevocationLists.list

privateca.certificateTemplates.get

privateca.certificateTemplates.getIamPolicy

privateca.certificateTemplates.list

privateca.certificateTemplates.listEffectiveTags

privateca.certificateTemplates.listTagBindings

privateca.certificates.create

privateca.certificates.get

privateca.certificates.getIamPolicy

privateca.certificates.list

privateca.locations.*

privateca.locations.get
privateca.locations.list

privateca.operations.get

privateca.operations.list

privateca.reusableConfigs.get

privateca.reusableConfigs.getIamPolicy

privateca.reusableConfigs.list

resourcemanager.projects.get

resourcemanager.projects.list

CA Service Certificate Requester

(roles/privateca.certificateRequester)

Request certificates from CA Service.

privateca.certificates.create

CA Service Pool Reader

(roles/privateca.poolReader)

Read CA Pools in CA Service.

privateca.caPools.get

CA Service Certificate Template User

(roles/privateca.templateUser)

Read, list and use certificate templates.

privateca.certificateTemplates.get

privateca.certificateTemplates.list

privateca.certificateTemplates.use

CA Service Workload Certificate Requester

(roles/privateca.workloadCertificateRequester)

Request certificates from CA Service with caller's identity.

privateca.certificates.createForSelf

Certificate Authority Service 权限

权限	以下角色拥有此权限
`privateca.caPools.create`	Owner (`roles/owner`) Editor (`roles/editor`) CA Service Admin (`roles/privateca.admin`) CA Service Operation Manager (`roles/privateca.caManager`)
`privateca.caPools.createTagBinding`	Owner (`roles/owner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) CA Service Admin (`roles/privateca.admin`) CA Service Operation Manager (`roles/privateca.caManager`) Tag User (`roles/resourcemanager.tagUser`)
`privateca.caPools.delete`	Owner (`roles/owner`) Editor (`roles/editor`) CA Service Admin (`roles/privateca.admin`) CA Service Operation Manager (`roles/privateca.caManager`)
`privateca.caPools.deleteTagBinding`	Owner (`roles/owner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) CA Service Admin (`roles/privateca.admin`) CA Service Operation Manager (`roles/privateca.caManager`) Tag User (`roles/resourcemanager.tagUser`)
`privateca.caPools.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) CA Service Admin (`roles/privateca.admin`) CA Service Auditor (`roles/privateca.auditor`) CA Service Operation Manager (`roles/privateca.caManager`) CA Service Certificate Manager (`roles/privateca.certificateManager`) CA Service Pool Reader (`roles/privateca.poolReader`) 服务代理角色警告：请勿向服务代理以外的任何主账号授予服务代理角色。 Managed Kafka Service Agent (`roles/managedkafka.serviceAgent`)
`privateca.caPools.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) CA Service Admin (`roles/privateca.admin`) CA Service Auditor (`roles/privateca.auditor`) CA Service Operation Manager (`roles/privateca.caManager`) CA Service Certificate Manager (`roles/privateca.certificateManager`)
`privateca.caPools.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) CA Service Admin (`roles/privateca.admin`) CA Service Auditor (`roles/privateca.auditor`) CA Service Operation Manager (`roles/privateca.caManager`) CA Service Certificate Manager (`roles/privateca.certificateManager`)
`privateca.caPools.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) CA Service Admin (`roles/privateca.admin`) CA Service Operation Manager (`roles/privateca.caManager`) CA Service Certificate Manager (`roles/privateca.certificateManager`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`)
`privateca.caPools.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) CA Service Admin (`roles/privateca.admin`) CA Service Operation Manager (`roles/privateca.caManager`) CA Service Certificate Manager (`roles/privateca.certificateManager`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`)
`privateca.caPools.setIamPolicy`	Owner (`roles/owner`) Security Admin (`roles/iam.securityAdmin`) CA Service Admin (`roles/privateca.admin`)
`privateca.caPools.update`	Owner (`roles/owner`) Editor (`roles/editor`) CA Service Admin (`roles/privateca.admin`) CA Service Operation Manager (`roles/privateca.caManager`)
`privateca.caPools.use`	Owner (`roles/owner`) Editor (`roles/editor`) CA Service Admin (`roles/privateca.admin`)
`privateca.certificateAuthorities.create`	Owner (`roles/owner`) Editor (`roles/editor`) CA Service Admin (`roles/privateca.admin`) CA Service Operation Manager (`roles/privateca.caManager`)
`privateca.certificateAuthorities.delete`	Owner (`roles/owner`) Editor (`roles/editor`) CA Service Admin (`roles/privateca.admin`) CA Service Operation Manager (`roles/privateca.caManager`)
`privateca.certificateAuthorities.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) CA Service Admin (`roles/privateca.admin`) CA Service Auditor (`roles/privateca.auditor`) CA Service Operation Manager (`roles/privateca.caManager`) CA Service Certificate Manager (`roles/privateca.certificateManager`)
`privateca.certificateAuthorities.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) CA Service Admin (`roles/privateca.admin`) CA Service Auditor (`roles/privateca.auditor`) CA Service Operation Manager (`roles/privateca.caManager`) CA Service Certificate Manager (`roles/privateca.certificateManager`)
`privateca.certificateAuthorities.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) CA Service Admin (`roles/privateca.admin`) CA Service Auditor (`roles/privateca.auditor`) CA Service Operation Manager (`roles/privateca.caManager`) CA Service Certificate Manager (`roles/privateca.certificateManager`)
`privateca.certificateAuthorities.setIamPolicy`	Owner (`roles/owner`) Security Admin (`roles/iam.securityAdmin`) CA Service Admin (`roles/privateca.admin`)
`privateca.certificateAuthorities.update`	Owner (`roles/owner`) Editor (`roles/editor`) CA Service Admin (`roles/privateca.admin`) CA Service Operation Manager (`roles/privateca.caManager`)
`privateca.certificateRevocationLists.create`	Owner (`roles/owner`) Editor (`roles/editor`) CA Service Admin (`roles/privateca.admin`)
`privateca.certificateRevocationLists.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) CA Service Admin (`roles/privateca.admin`) CA Service Auditor (`roles/privateca.auditor`) CA Service Operation Manager (`roles/privateca.caManager`) CA Service Certificate Manager (`roles/privateca.certificateManager`)
`privateca.certificateRevocationLists.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) CA Service Admin (`roles/privateca.admin`) CA Service Auditor (`roles/privateca.auditor`) CA Service Operation Manager (`roles/privateca.caManager`) CA Service Certificate Manager (`roles/privateca.certificateManager`)
`privateca.certificateRevocationLists.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) CA Service Admin (`roles/privateca.admin`) CA Service Auditor (`roles/privateca.auditor`) CA Service Operation Manager (`roles/privateca.caManager`) CA Service Certificate Manager (`roles/privateca.certificateManager`)
`privateca.certificateRevocationLists.setIamPolicy`	Owner (`roles/owner`) Security Admin (`roles/iam.securityAdmin`) CA Service Admin (`roles/privateca.admin`)
`privateca.certificateRevocationLists.update`	Owner (`roles/owner`) Editor (`roles/editor`) CA Service Admin (`roles/privateca.admin`) CA Service Operation Manager (`roles/privateca.caManager`)
`privateca.certificateTemplates.create`	Owner (`roles/owner`) Editor (`roles/editor`) CA Service Admin (`roles/privateca.admin`) CA Service Operation Manager (`roles/privateca.caManager`)
`privateca.certificateTemplates.createTagBinding`	Owner (`roles/owner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) CA Service Admin (`roles/privateca.admin`) CA Service Operation Manager (`roles/privateca.caManager`) Tag User (`roles/resourcemanager.tagUser`)
`privateca.certificateTemplates.delete`	Owner (`roles/owner`) Editor (`roles/editor`) CA Service Admin (`roles/privateca.admin`) CA Service Operation Manager (`roles/privateca.caManager`)
`privateca.certificateTemplates.deleteTagBinding`	Owner (`roles/owner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) CA Service Admin (`roles/privateca.admin`) CA Service Operation Manager (`roles/privateca.caManager`) Tag User (`roles/resourcemanager.tagUser`)
`privateca.certificateTemplates.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) CA Service Admin (`roles/privateca.admin`) CA Service Auditor (`roles/privateca.auditor`) CA Service Operation Manager (`roles/privateca.caManager`) CA Service Certificate Manager (`roles/privateca.certificateManager`) CA Service Certificate Template User (`roles/privateca.templateUser`)
`privateca.certificateTemplates.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) CA Service Admin (`roles/privateca.admin`) CA Service Auditor (`roles/privateca.auditor`) CA Service Operation Manager (`roles/privateca.caManager`) CA Service Certificate Manager (`roles/privateca.certificateManager`)
`privateca.certificateTemplates.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) CA Service Admin (`roles/privateca.admin`) CA Service Auditor (`roles/privateca.auditor`) CA Service Operation Manager (`roles/privateca.caManager`) CA Service Certificate Manager (`roles/privateca.certificateManager`) CA Service Certificate Template User (`roles/privateca.templateUser`)
`privateca.certificateTemplates.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) CA Service Admin (`roles/privateca.admin`) CA Service Operation Manager (`roles/privateca.caManager`) CA Service Certificate Manager (`roles/privateca.certificateManager`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`)
`privateca.certificateTemplates.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) CA Service Admin (`roles/privateca.admin`) CA Service Operation Manager (`roles/privateca.caManager`) CA Service Certificate Manager (`roles/privateca.certificateManager`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`)
`privateca.certificateTemplates.setIamPolicy`	Owner (`roles/owner`) Security Admin (`roles/iam.securityAdmin`) CA Service Admin (`roles/privateca.admin`)
`privateca.certificateTemplates.update`	Owner (`roles/owner`) Editor (`roles/editor`) CA Service Admin (`roles/privateca.admin`) CA Service Operation Manager (`roles/privateca.caManager`)
`privateca.certificateTemplates.use`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) CA Service Admin (`roles/privateca.admin`) CA Service Certificate Template User (`roles/privateca.templateUser`)
`privateca.certificates.create`	Owner (`roles/owner`) Editor (`roles/editor`) CA Service Admin (`roles/privateca.admin`) CA Service Certificate Manager (`roles/privateca.certificateManager`) CA Service Certificate Requester (`roles/privateca.certificateRequester`)
`privateca.certificates.createForSelf`	Owner (`roles/owner`) Editor (`roles/editor`) CA Service Admin (`roles/privateca.admin`) CA Service Workload Certificate Requester (`roles/privateca.workloadCertificateRequester`)
`privateca.certificates.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) CA Service Admin (`roles/privateca.admin`) CA Service Auditor (`roles/privateca.auditor`) CA Service Operation Manager (`roles/privateca.caManager`) CA Service Certificate Manager (`roles/privateca.certificateManager`)
`privateca.certificates.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) CA Service Admin (`roles/privateca.admin`) CA Service Auditor (`roles/privateca.auditor`) CA Service Operation Manager (`roles/privateca.caManager`) CA Service Certificate Manager (`roles/privateca.certificateManager`)
`privateca.certificates.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) CA Service Admin (`roles/privateca.admin`) CA Service Auditor (`roles/privateca.auditor`) CA Service Operation Manager (`roles/privateca.caManager`) CA Service Certificate Manager (`roles/privateca.certificateManager`) 服务代理角色警告：请勿向服务代理以外的任何主账号授予服务代理角色。 Cloud Security Compliance Service Agent (`roles/cloudsecuritycompliance.serviceAgent`) Audit Manager Auditing Service Agent (`roles/auditmanager.serviceAgent`)
`privateca.certificates.setIamPolicy`	Owner (`roles/owner`) Security Admin (`roles/iam.securityAdmin`) CA Service Admin (`roles/privateca.admin`)
`privateca.certificates.update`	Owner (`roles/owner`) Editor (`roles/editor`) CA Service Admin (`roles/privateca.admin`) CA Service Operation Manager (`roles/privateca.caManager`)
`privateca.locations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) CA Service Admin (`roles/privateca.admin`) CA Service Auditor (`roles/privateca.auditor`) CA Service Operation Manager (`roles/privateca.caManager`) CA Service Certificate Manager (`roles/privateca.certificateManager`)
`privateca.locations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) CA Service Admin (`roles/privateca.admin`) CA Service Auditor (`roles/privateca.auditor`) CA Service Operation Manager (`roles/privateca.caManager`) CA Service Certificate Manager (`roles/privateca.certificateManager`)
`privateca.operations.cancel`	Owner (`roles/owner`) Editor (`roles/editor`) CA Service Admin (`roles/privateca.admin`)
`privateca.operations.delete`	Owner (`roles/owner`) Editor (`roles/editor`) CA Service Admin (`roles/privateca.admin`)
`privateca.operations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) CA Service Admin (`roles/privateca.admin`) CA Service Auditor (`roles/privateca.auditor`) CA Service Operation Manager (`roles/privateca.caManager`) CA Service Certificate Manager (`roles/privateca.certificateManager`)
`privateca.operations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) CA Service Admin (`roles/privateca.admin`) CA Service Auditor (`roles/privateca.auditor`) CA Service Operation Manager (`roles/privateca.caManager`) CA Service Certificate Manager (`roles/privateca.certificateManager`)
`privateca.reusableConfigs.create`	Owner (`roles/owner`) Editor (`roles/editor`) CA Service Admin (`roles/privateca.admin`) CA Service Operation Manager (`roles/privateca.caManager`)
`privateca.reusableConfigs.delete`	Owner (`roles/owner`) Editor (`roles/editor`) CA Service Admin (`roles/privateca.admin`) CA Service Operation Manager (`roles/privateca.caManager`)
`privateca.reusableConfigs.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) CA Service Admin (`roles/privateca.admin`) CA Service Auditor (`roles/privateca.auditor`) CA Service Operation Manager (`roles/privateca.caManager`) CA Service Certificate Manager (`roles/privateca.certificateManager`)
`privateca.reusableConfigs.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) CA Service Admin (`roles/privateca.admin`) CA Service Auditor (`roles/privateca.auditor`) CA Service Operation Manager (`roles/privateca.caManager`) CA Service Certificate Manager (`roles/privateca.certificateManager`)
`privateca.reusableConfigs.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) CA Service Admin (`roles/privateca.admin`) CA Service Auditor (`roles/privateca.auditor`) CA Service Operation Manager (`roles/privateca.caManager`) CA Service Certificate Manager (`roles/privateca.certificateManager`)
`privateca.reusableConfigs.setIamPolicy`	Owner (`roles/owner`) Security Admin (`roles/iam.securityAdmin`) CA Service Admin (`roles/privateca.admin`)
`privateca.reusableConfigs.update`	Owner (`roles/owner`) Editor (`roles/editor`) CA Service Admin (`roles/privateca.admin`) CA Service Operation Manager (`roles/privateca.caManager`)

Certificate Authority Service 角色和权限 使用集合让一切井井有条 根据您的偏好保存内容并对其进行分类。