이 페이지에서는 Cloud Domains API 역할과 Cloud Domains에서 사용할 수 있는 액세스 제어 옵션을 설명합니다.
Google Cloud에서는 Identity and Access Management(IAM)를 제공하므로 구체적인 Google Cloud 리소스에 더욱 세분화된 액세스 권한을 부여하고 다른 리소스에 대한 무단 액세스를 방지할 수 있습니다. IAM은 최소 권한의 보안 원칙을 채택하여 리소스에 대해 필요한 액세스 권한만 부여할 수 있게 해줍니다.
IAM을 사용하면 IAM 정책을 설정하여 누가어떤 리소스에 무슨 권한을 갖는지를 제어할 수 있습니다.
IAM 정책은 사용자에게 특정 역할을 부여하며 사용자는 특정 권한을 부여받습니다.
예를 들어 특정 사용자가 도메인의 연락처 설정을 만들고 수정해야 할 수 있으므로 해당 사용자에게 Cloud Domains 관리자 역할(roles/domains.admin)을 부여합니다. 반면에 기존 리소스 도메인을 보기만 하면 되는 사용자에게는 Cloud Domains 뷰어 역할(roles/domains.viewer)을 부여합니다. Cloud Domains의 경우 프로젝트 수준 및 리소스 수준 액세스 모두 구성할 수 있습니다.
[[["이해하기 쉬움","easyToUnderstand","thumb-up"],["문제가 해결됨","solvedMyProblem","thumb-up"],["기타","otherUp","thumb-up"]],[["이해하기 어려움","hardToUnderstand","thumb-down"],["잘못된 정보 또는 샘플 코드","incorrectInformationOrSampleCode","thumb-down"],["필요한 정보/샘플이 없음","missingTheInformationSamplesINeed","thumb-down"],["번역 문제","translationIssue","thumb-down"],["기타","otherDown","thumb-down"]],["최종 업데이트: 2025-09-04(UTC)"],[[["\u003cp\u003eCloud Domains uses Identity and Access Management (IAM) to control who has what permissions to which resources, ensuring the security principle of least privilege is enforced.\u003c/p\u003e\n"],["\u003cp\u003eThere are two primary roles within Cloud Domains: Admin, which provides full access to domain registrations and related resources, and Viewer, which allows read-only access.\u003c/p\u003e\n"],["\u003cp\u003eTo manage Cloud Domains IAM roles, you must enable the Cloud Domains API for your project, after which you will be able to see these roles within the Google Cloud console.\u003c/p\u003e\n"],["\u003cp\u003eThe Admin role can register new domains, update domain registration settings, while the Viewer role can view existing domains and their registration details, including DNS and expiry information.\u003c/p\u003e\n"],["\u003cp\u003eThe page provides detailed tables listing the permissions included with each role and the specific permissions required to perform different methods related to domain registrations.\u003c/p\u003e\n"]]],[],null,["# Roles and permissions\n\n| **Note:** On September 7, 2023 Squarespace acquired all domain registrations and related customer accounts from Google Domains. For more information about how this change affects Cloud Domains, see [Cloud Domains feature deprecations](/domains/docs/deprecations/feature-deprecations), [Renew an expired domain registration](https://support.google.com/a/answer/6152355), and [Squarespace purchase of Google Domains FAQ](/domains/docs/faq).\n\n\u003cbr /\u003e\n\nThis page describes the Cloud Domains API roles and the access control options that\nare available to you in Cloud Domains.\n\nGoogle Cloud offers Identity and Access Management (IAM), which lets you give\nmore granular access to specific Google Cloud resources and prevents\nunwanted access to other resources. IAM lets you adopt the\n[security principle of least privilege](https://wikipedia.org/wiki/Principle_of_least_privilege)\nso that you grant only the necessary access to your resources.\nIAM lets you control *who* has *what* permissions to\n*which* resources by setting IAM policies.\nIAM policies grant specific roles to a user, which gives the user\ncertain permissions.\n\nFor example, a particular user might need to create and modify the contact\nsettings for a domain, so you would give that user the\nCloud Domains Admin role (`roles/domains.admin`). On the other hand,\na user might need to only view existing resource domains, so they would get a\nCloud Domains Viewer role (`roles/domains.viewer`). For\nCloud Domains, you can configure both project-level and\nresource-level access.\n\nFollowing are some examples of permissions for the Viewer role:\n\n- View all domains registered in a project.\n- View registration details such as DNS or expiry time.\n- Search domain availability and get registration parameters.\n\nFollowing are some examples of permissions for the Admin role:\n\n- Register a new domain.\n- Update registration settings, including DNS settings and contact settings.\n\nTo understand role types, see the\n[IAM basic and predefined roles reference](/iam/docs/understanding-roles).\n\nEnable the Cloud Domains API\n----------------------------\n\nTo view and assign Cloud Domains IAM roles,\nyou must enable the Cloud Domains API for your project. You cannot see the\nCloud Domains roles in the Google Cloud console until you\nenable the API.\n\n[Enable the API](https://console.cloud.google.com/apis/library/domains.googleapis.com)\n\nFor lists of the roles and permissions that Cloud Domains\nsupports, see the following sections.\n\nRoles\n-----\n\nThe following table lists the Cloud Domains API\nIAM roles with a corresponding list of all the permissions that\neach role includes. Each permission is applicable to a particular resource\ntype. For more details about each permission, see the\n[Permissions](#permissions) section.\n\nPermissions\n-----------\n\nThe following table lists the permissions that the caller must have to call\neach method.\n\nAccess control using the Google Cloud console\n---------------------------------------------\n\nYou can use the Google Cloud console to manage access control for your\nprojects.\n\nFor detailed instructions, see\n[Manage access to projects, folders, and organizations](/iam/docs/granting-changing-revoking-access).\n\nWhat's next\n-----------\n\n- To get started using Cloud Domains, see the [Quickstart](/domains/docs/buy-register-domain).\n- To improve the security of your Cloud Domains configuration, see [VPC Service Controls support](/domains/docs/vpc-sc-support).\n- To find solutions for common issues that you might encounter when using Cloud Domains, see [Troubleshooting](/domains/docs/troubleshooting)."]]