这些角色可授予对特定 Firebase 产品的完整读写或只读权限。
使用 Google Cloud 控制台将这些角色分配给项目成员。
Firebase AI Logic 个角色
| 角色 | 说明 | 权限 |
Firebase AI Logic Admin
roles/firebasevertexai.admin
| 对 Firebase AI Logic 资源的
完整读写权限 | Firebase AI Logic Admin 权限 firebasevertexai.configs.update
firebasevertexai.configs.get
|
Firebase AI Logic Viewer
roles/firebasevertexai.viewer
| 对 Firebase AI Logic 资源的
只读权限 | Firebase AI Logic Viewer 权限 firebasevertexai.configs.get
|
Firebase App Check 个角色
| 角色 | 说明 | 权限 |
Firebase App Check Admin
roles/firebaseappcheck.admin | 对 App Check 资源的
完整读写权限 | App Check Admin 权限 firebaseappcheck.appAttestConfig.get
firebaseappcheck.appAttestConfig.update
firebaseappcheck.appCheckTokens.verify
firebaseappcheck.debugTokens.get
firebaseappcheck.debugTokens.update
firebaseappcheck.deviceCheckConfig.get
firebaseappcheck.deviceCheckConfig.update
firebaseappcheck.playIntegrityConfig.get
firebaseappcheck.playIntegrityConfig.update
firebaseappcheck.recaptchaEnterpriseConfig.get
firebaseappcheck.recaptchaEnterpriseConfig.update
firebaseappcheck.recaptchaV3Config.get
firebaseappcheck.recaptchaV3Config.update
firebaseappcheck.safetyNetConfig.get
firebaseappcheck.safetyNetConfig.update
firebaseappcheck.services.get
firebaseappcheck.services.update |
Firebase App Check Viewer
roles/firebaseappcheck.viewer | 对 App Check 资源的
只读权限 | App Check Viewer 权限 firebaseappcheck.appAttestConfig.get
firebaseappcheck.debugTokens.get
firebaseappcheck.deviceCheckConfig.get
firebaseappcheck.playIntegrityConfig.get
firebaseappcheck.recaptchaEnterpriseConfig.get
firebaseappcheck.recaptchaV3Config.get
firebaseappcheck.safetyNetConfig.get
firebaseappcheck.services.get |
Firebase App Check Token Verifier
roles/firebaseappcheck.tokenVerifier | 可以使用 App Check 的令牌验证功能 | App Check Token Verifier 权限 firebaseappcheck.appCheckTokens.verify |
Firebase App Distribution 个角色
| 角色 | 说明 | 权限 |
Firebase App Distribution Admin
roles/firebaseappdistro.admin
| 对 App Distribution 资源的
完整读写权限 | App Distribution Admin 权限 firebaseappdistro.releases.list
firebaseappdistro.releases.update
firebaseappdistro.testers.list
firebaseappdistro.testers.update
firebaseappdistro.groups.list
firebaseappdistro.groups.update |
Firebase App Distribution Viewer
roles/firebaseappdistro.viewer
| 对 App Distribution 资源的
只读权限 | App Distribution Viewer 权限 firebaseappdistro.releases.list
firebaseappdistro.testers.list
firebaseappdistro.groups.list |
Firebase App Hosting 个角色
| 角色 | 说明 | 权限 |
Firebase App Hosting Compute Runner
roles/firebaseapphosting.computeRunner
| 构建和运行 App Hosting 后端所需的最低访问权限。通常授予服务账号。 | App Hosting Compute Runner 权限 |
Firebase App Hosting Admin
roles/firebaseapphosting.admin
| 对 App Hosting 资源的
完整读写权限 | App Hosting Admin 权限 firebaseapphosting.backends.create
firebaseapphosting.backends.delete
firebaseapphosting.backends.get
firebaseapphosting.backends.list
firebaseapphosting.backends.update
firebaseapphosting.builds.create
firebaseapphosting.builds.delete
firebaseapphosting.builds.get
firebaseapphosting.builds.list
firebaseapphosting.builds.update
firebaseapphosting.domains.create
firebaseapphosting.domains.delete
firebaseapphosting.domains.get
firebaseapphosting.domains.list
firebaseapphosting.domains.update
firebaseapphosting.locations.get
firebaseapphosting.locations.list
firebaseapphosting.operations.cancel
firebaseapphosting.operations.delete
firebaseapphosting.operations.get
firebaseapphosting.operations.list
firebaseapphosting.rollouts.create
firebaseapphosting.rollouts.delete
firebaseapphosting.rollouts.get
firebaseapphosting.rollouts.list
firebaseapphosting.rollouts.update
firebaseapphosting.traffic.get
firebaseapphosting.traffic.list
firebaseapphosting.traffic.update |
Firebase App Hosting Viewer
roles/firebaseapphosting.viewer
| 对 App Hosting 资源的
只读权限 | App Hosting Viewer 权限 firebaseapphosting.backends.get
firebaseapphosting.backends.list
firebaseapphosting.builds.get
firebaseapphosting.builds.list
firebaseapphosting.domains.get
firebaseapphosting.domains.list
firebaseapphosting.locations.get
firebaseapphosting.locations.list
firebaseapphosting.operations.list
firebaseapphosting.operations.get
firebaseapphosting.rollouts.get
firebaseapphosting.rollouts.list
firebaseapphosting.traffic.get
firebaseapphosting.traffic.list |
Firebase App Hosting Developer
roles/firebaseapphosting.developer
| 拥有对 App Hosting 后端、build 和发布资源的
完整读写权限。 | App Hosting Developer 权限 firebaseapphosting.backends.update
firebaseapphosting.builds.create
firebaseapphosting.builds.delete
firebaseapphosting.builds.update
firebaseapphosting.operations.delete
firebaseapphosting.operations.cancel
firebaseapphosting.rollouts.create
firebaseapphosting.rollouts.delete
firebaseapphosting.rollouts.update
firebaseapphosting.traffic.update |
Firebase Authentication 个角色
| 角色 | 说明 | 权限 |
Firebase Authentication Admin
roles/firebaseauth.admin | 对 Authentication 资源的
完整读写权限 | Authentication Admin 权限 firebaseauth.configs.create
firebaseauth.configs.get
firebaseauth.configs.getHashConfig
firebaseauth.configs.getSecret
firebaseauth.configs.update
firebaseauth.users.create
firebaseauth.users.createSession
firebaseauth.users.delete
firebaseauth.users.get
firebaseauth.users.sendEmail
firebaseauth.users.update |
Firebase Authentication Viewer
roles/firebaseauth.viewer | 对 Authentication 资源的
只读权限 | Authentication Viewer 权限 firebaseauth.configs.get
firebaseauth.users.get |
Firebase A/B Testing 角色(Beta 版)
| 角色 | 说明 | 权限 |
Firebase A/B Testing Admin
roles/firebaseabt.admin
(Beta 版) | 对 A/B Testing 资源的
完整读写权限 | A/B Testing Admin 权限 firebaseabt.experimentresults.get
firebaseabt.experiments.create
firebaseabt.experiments.delete
firebaseabt.experiments.get
firebaseabt.experiments.list
firebaseabt.experiments.update
firebaseabt.projectmetadata.get |
Firebase A/B Testing Viewer
roles/firebaseabt.viewer
(Beta 版) | 对 A/B Testing 资源的
只读权限 | A/B Testing Viewer 权限 firebaseabt.experimentresults.get
firebaseabt.experiments.get
firebaseabt.experiments.list
firebaseabt.projectmetadata.get |
Cloud Firestore 个角色
在 Google Cloud 文档中查找可用的 Cloud Firestore 角色。
如需允许项目成员在 Firebase 控制台中修改和发布安全规则,或通过 Firebase CLI 部署安全规则,可以为其创建并分配一个自定义角色,其中包含 firebaserules.* 权限。
Cloud Storage 个角色
在 Google Cloud 文档中查找可用的 Cloud Storage 角色。
如需允许项目成员在 Firebase 控制台中修改和发布安全规则,或通过 Firebase CLI 部署安全规则,可以为其创建并分配一个自定义角色,其中包含 firebaserules.* 权限。
Cloud Functions for Firebase 个角色
在 Google Cloud 文档中查找可用的 Cloud Functions for Firebase 角色。
Firebase Messaging 宣传活动角色
这些角色适用于 Firebase Cloud Messaging 和 Firebase In-App Messaging 的宣传活动。
| 角色 | 说明 | 权限 |
Firebase Messaging Campaigns Admin
roles/firebasemessagingcampaigns.admin | 对 Cloud Messaging 和 In-App Messaging 的
宣传活动资源的完整读写权限 | Firebase Messaging Campaigns Admin 权限 firebasemessagingcampaigns.campaigns.create
firebasemessagingcampaigns.campaigns.delete
firebasemessagingcampaigns.campaigns.get
firebasemessagingcampaigns.campaigns.list
firebasemessagingcampaigns.campaigns.update
firebasemessagingcampaigns.campaigns.start
firebasemessagingcampaigns.campaigns.stop |
Firebase Messaging Campaigns Viewer
roles/firebasemessagingcampaigns.viewer | 对 Cloud Messaging 和 In-App Messaging 的宣传活动资源的
只读权限 | Firebase Messaging Campaigns Viewer 权限 firebasemessagingcampaigns.campaigns.get
firebasemessagingcampaigns.campaigns.list |
Firebase Cloud Messaging 个角色
除了 Firebase Cloud Messaging API 角色之外,您可能还需要分配相应的 Firebase Messaging 宣传活动角色。
| 角色 | 说明 | 权限 |
Firebase Cloud Messaging API Admin
roles/firebasecloudmessaging.admin | 对 Firebase Cloud Messaging API 资源的完整读写权限。 | Firebase Cloud Messaging API Admin 权限 cloudmessaging.messages.create
fcmdata.deliverydata.list
resourcemanager.projects.get
resourcemanager.projects.list |
| 角色 | 说明 | 权限 |
Firebase Cloud Messaging Admin
roles/firebasenotifications.admin | 对 Cloud Messaging 资源的
完整读写权限 | Cloud Messaging Admin 权限 firebasenotifications.messages.create
firebasenotifications.messages.delete
firebasenotifications.messages.get
firebasenotifications.messages.list
firebasenotifications.messages.update |
Firebase Cloud Messaging Viewer
roles/firebasenotifications.viewer | 对 Cloud Messaging 资源的
只读权限 | Cloud Messaging Viewer 权限 firebasenotifications.messages.get
firebasenotifications.messages.list |
Firebase Crashlytics 个角色
| 角色 | 说明 | 权限 |
Firebase Crashlytics Admin
roles/firebasecrashlytics.admin | 对 Crashlytics 资源的
完整读写权限 | Crashlytics Admin 权限 firebasecrashlytics.config.get
firebasecrashlytics.config.update
firebasecrashlytics.data.get
firebasecrashlytics.issues.get
firebasecrashlytics.issues.list
firebasecrashlytics.issues.update
firebasecrashlytics.sessions.get |
Firebase Crashlytics Viewer
roles/firebasecrashlytics.viewer | 对 Crashlytics 资源的
只读权限 | Crashlytics Viewer 权限 firebasecrashlytics.config.get
firebasecrashlytics.data.get
firebasecrashlytics.issues.get
firebasecrashlytics.issues.list
firebasecrashlytics.sessions.get |
Firebase Dynamic Links 个角色
| 角色 | 说明 | 权限 |
Firebase Dynamic Links Admin
roles/firebasedynamiclinks.admin | 对 Dynamic Links 资源的
完整读写权限 | Dynamic Links Admin 权限 firebasedynamiclinks.destinations.list
firebasedynamiclinks.destinations.update
firebasedynamiclinks.domains.create
firebasedynamiclinks.domains.delete
firebasedynamiclinks.domains.get
firebasedynamiclinks.domains.list
firebasedynamiclinks.domains.update
firebasedynamiclinks.links.create
firebasedynamiclinks.links.get
firebasedynamiclinks.links.list
firebasedynamiclinks.links.update
firebasedynamiclinks.stats.get |
Firebase Dynamic Links Viewer
roles/firebasedynamiclinks.viewer | 对 Dynamic Links 资源的
只读权限 | Dynamic Links Viewer 权限 firebasedynamiclinks.destinations.list
firebasedynamiclinks.domains.get
firebasedynamiclinks.domains.list
firebasedynamiclinks.links.get
firebasedynamiclinks.links.list
firebasedynamiclinks.stats.get |
Firebase Extensions Publisher 角色
| 角色 | 说明 | 权限 |
Firebase Extensions Publisher - Extensions Admin
roles/firebaseextensionspublisher.extensionsAdmin
(Beta 版) | 上传、发布和查看
Firebase Extensions 的详细信息和指标 | Firebase Extensions Publisher - Extensions Admin 权限 firebaseextensionspublisher.extensions.create
firebaseextensionspublisher.extensions.delete
firebaseextensionspublisher.extensions.get
firebaseextensionspublisher.extensions.list
|
Firebase Extensions Publisher - Extensions Viewer
roles/firebaseextensionspublisher.extensionsViewer
(Beta 版) | 查看此发布者上传的
Firebase Extensions 的详细信息和指标 | Firebase Extensions Publisher - Extensions Viewer 权限 firebaseextensionspublisher.extensions.get
firebaseextensionspublisher.extensions.list
|
Firebase Hosting 个角色
| 角色 | 说明 | 权限 |
Firebase Hosting Admin
roles/firebasehosting.admin | 对 Hosting 资源的
完整读写权限 | Hosting Admin 权限 firebasehosting.sites.create
firebasehosting.sites.delete
firebasehosting.sites.get
firebasehosting.sites.list
firebasehosting.sites.update |
Firebase Hosting Viewer
roles/firebasehosting.viewer | 对 Hosting 资源的
只读权限 | Hosting Viewer 权限 firebasehosting.sites.get
firebasehosting.sites.list |
Firebase In-App Messaging 角色(Beta 版)
| 角色 | 说明 | 权限 |
Firebase In-App Messaging Admin
roles/firebaseinappmessaging.admin
(Beta 版) | 对 In-App Messaging 资源的
完整读写权限 | In-App Messaging Admin 权限 firebaseinappmessaging.campaigns.create
firebaseinappmessaging.campaigns.delete
firebaseinappmessaging.campaigns.get
firebaseinappmessaging.campaigns.list
firebaseinappmessaging.campaigns.update |
Firebase In-App Messaging Viewer
roles/firebaseinappmessaging.viewer
(Beta 版) | 对 In-App Messaging 资源的
只读权限 | In-App Messaging Viewer 权限 firebaseinappmessaging.campaigns.get
firebaseinappmessaging.campaigns.list |
Firebase ML 角色(Beta 版)
| 角色 | 说明 | 权限 |
Firebase ML Admin
roles/firebaseml.admin
(Beta 版) | 对 Firebase ML 资源的
完整读写权限 | Firebase ML Admin 权限 firebaseml.models.create
firebaseml.models.get
firebaseml.models.list
firebaseml.models.update
firebaseml.models.delete
firebaseml.modelversions.create
firebaseml.modelversions.get
firebaseml.modelversions.list
firebaseml.modelversions.update
firebaseml.modelversions.delete
firebaseml.compressionjobs.create
firebaseml.compressionjobs.get
firebaseml.compressionjobs.list
firebaseml.compressionjobs.update
firebaseml.compressionjobs.delete
firebaseml.compressionjobs.start |
Firebase ML Viewer
roles/firebaseml.viewer
(Beta 版) | 对 Firebase ML 资源的
只读权限 | Firebase ML Viewer 权限 firebaseml.models.get
firebaseml.models.list
firebaseml.modelversions.get
firebaseml.modelversions.list
firebaseml.compressionjobs.get
firebaseml.compressionjobs.list |
| 角色 | 说明 | 权限 |
Firebase Performance Monitoring Admin
roles/firebaseperformance.admin | 对 Performance Monitoring 资源的
完整读写权限
配置和接收 Performance Monitoring 提醒 | Performance Monitoring Admin 权限 firebaseperformance.config.create
firebaseperformance.config.delete
firebaseperformance.config.update
firebaseperformance.data.get |
Firebase Performance Monitoring Viewer
roles/firebaseperformance.viewer | 对 Performance Monitoring 资源的
只读权限 | Performance Monitoring Viewer 权限 firebaseperformance.data.get |
Firebase Realtime Database 个角色
| 角色 | 说明 | 权限 |
Firebase Realtime Database Admin
roles/firebasedatabase.admin | 对 Realtime Database 资源的
完整读写权限 | Realtime Database Admin 权限 firebasedatabase.instances.create
firebasedatabase.instances.get
firebasedatabase.instances.list
firebasedatabase.instances.update |
Firebase Realtime Database Viewer
roles/firebasedatabase.viewer | 对 Realtime Database 资源的
只读权限 | Realtime Database Viewer 权限 firebasedatabase.instances.get
firebasedatabase.instances.list |
Firebase Remote Config 个角色
| 角色 | 说明 | 权限 |
Firebase Remote Config Admin
roles/cloudconfig.admin | 对 Remote Config 资源的
完整读写权限 | Remote Config Admin 权限 cloudconfig.configs.get cloudconfig.configs.update |
Firebase Remote Config Viewer
roles/cloudconfig.viewer | 对 Remote Config 资源的
只读权限 | Remote Config Viewer 权限 cloudconfig.configs.get |
Firebase Test Lab 个角色
Firebase Test Lab 需要访问 Cloud Storage 存储桶,因此需要一组特定的权限,而标准 Firebase 预定义角色并未完全拥有这些权限。如需授予对 Test Lab 的访问权限,请使用 Firebase Test Lab 权限部分介绍的任一解决方案。
