Envie comentários
Controle de acesso com o IAM
Os papéis de gerenciamento de identidade e acesso (IAM, na sigla em inglês) definem quanto você pode usar o Serviço gerenciado para a API Microsoft Active Directory (Microsoft AD). Abaixo está uma lista de cada papel do IAM disponível para o Managed Microsoft AD e os métodos disponíveis.
Além disso, as contas de serviços precisam ter a permissão servicemanagement.services.bind para ver e ativar o Managed Microsoft AD. Saiba mais sobre papéis e permissões de gerenciamento de serviço .
Role
Permissions
Google Cloud Managed Identities Admin
(roles/managedidentities.admin )
Full access to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a project-level.
managedidentities.*
managedidentities.backups.create managedidentities.backups.delete managedidentities.backups.getmanagedidentities.backups.getIamPolicy managedidentities.backups.listmanagedidentities.backups.setIamPolicy managedidentities.backups.update managedidentities.domains.attachTrust managedidentities.domains.checkMigrationPermission managedidentities.domains.create managedidentities.domains.createTagBinding managedidentities.domains.delete managedidentities.domains.deleteTagBinding managedidentities.domains.detachTrust managedidentities.domains.disableMigration managedidentities.domains.domainJoinMachine managedidentities.domains.enableMigration managedidentities.domains.extendSchema managedidentities.domains.getmanagedidentities.domains.getIamPolicy managedidentities.domains.listmanagedidentities.domains.listEffectiveTags managedidentities.domains.listTagBindings managedidentities.domains.reconfigureTrust managedidentities.domains.resetpassword managedidentities.domains.restore managedidentities.domains.setIamPolicy managedidentities.domains.update managedidentities.domains.updateLDAPSSettings managedidentities.domains.validateTrust managedidentities.locations.get managedidentities.locations.list managedidentities.operations.cancel managedidentities.operations.delete managedidentities.operations.get managedidentities.operations.list managedidentities.peerings.create managedidentities.peerings.delete managedidentities.peerings.getmanagedidentities.peerings.getIamPolicy managedidentities.peerings.list managedidentities.peerings.setIamPolicy managedidentities.peerings.update managedidentities.sqlintegrations.get managedidentities.sqlintegrations.list
resourcemanager.projects.get
resourcemanager.projects.list
Google Cloud Managed Identities Backup Admin
(roles/managedidentities.backupAdmin )
Full access to Google Cloud Managed Identities Backup and related resources. Intended to be granted on a project-level
managedidentities.backups.*
managedidentities.backups.create managedidentities.backups.delete managedidentities.backups.getmanagedidentities.backups.getIamPolicy managedidentities.backups.listmanagedidentities.backups.setIamPolicy managedidentities.backups.update
managedidentities.domains.get
managedidentities.locations.*
managedidentities.locations.get managedidentities.locations.list
managedidentities.operations.*
managedidentities.operations.cancel managedidentities.operations.delete managedidentities.operations.get managedidentities.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
Google Cloud Managed Identities Backup Viewer
(roles/managedidentities.backupViewer )
Read-only access to Google Cloud Managed Identities Backup and related resources.
managedidentities.backups.get
managedidentities.backups.getIamPolicy
managedidentities.backups.list
managedidentities.domains.get
managedidentities.locations.*
managedidentities.locations.get managedidentities.locations.list
managedidentities.operations.get
managedidentities.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
Google Cloud Managed Identities Domain Admin
(roles/managedidentities.domainAdmin )
Read-Update-Delete to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a resource (domain) level.
managedidentities.backups.*
managedidentities.backups.create managedidentities.backups.delete managedidentities.backups.getmanagedidentities.backups.getIamPolicy managedidentities.backups.listmanagedidentities.backups.setIamPolicy managedidentities.backups.update
managedidentities.domains.attachTrust
managedidentities.domains.checkMigrationPermission
managedidentities.domains.createTagBinding
managedidentities.domains.delete
managedidentities.domains.deleteTagBinding
managedidentities.domains.detachTrust
managedidentities.domains.disableMigration
managedidentities.domains.domainJoinMachine
managedidentities.domains.enableMigration
managedidentities.domains.extendSchema
managedidentities.domains.get
managedidentities.domains.getIamPolicy
managedidentities.domains.listEffectiveTags
managedidentities.domains.listTagBindings
managedidentities.domains.reconfigureTrust
managedidentities.domains.resetpassword
managedidentities.domains.restore
managedidentities.domains.update
managedidentities.domains.updateLDAPSSettings
managedidentities.domains.validateTrust
managedidentities.locations.*
managedidentities.locations.get managedidentities.locations.list
managedidentities.operations.get
managedidentities.operations.list
managedidentities.sqlintegrations.*
managedidentities.sqlintegrations.get managedidentities.sqlintegrations.list
resourcemanager.projects.get
resourcemanager.projects.list
Google Cloud Managed Identities Domain Join
Beta
(roles/managedidentities.domainJoin )
Access to domain join VMs with Cloud AD
managedidentities.domains.domainJoinMachine
managedidentities.domains.get
Google Cloud Managed Identities Peering Admin
(roles/managedidentities.peeringAdmin )
Full access to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a project-level
managedidentities.locations.*
managedidentities.locations.get managedidentities.locations.list
managedidentities.operations.*
managedidentities.operations.cancel managedidentities.operations.delete managedidentities.operations.get managedidentities.operations.list
managedidentities.peerings.*
managedidentities.peerings.create managedidentities.peerings.delete managedidentities.peerings.getmanagedidentities.peerings.getIamPolicy managedidentities.peerings.list managedidentities.peerings.setIamPolicy managedidentities.peerings.update
resourcemanager.projects.get
resourcemanager.projects.list
Google Cloud Managed Identities Peering Viewer
(roles/managedidentities.peeringViewer )
Read-only access to Google Cloud Managed Identities Peering and related resources.
managedidentities.locations.*
managedidentities.locations.get managedidentities.locations.list
managedidentities.operations.get
managedidentities.operations.list
managedidentities.peerings.get
managedidentities.peerings.getIamPolicy
managedidentities.peerings.list
resourcemanager.projects.get
resourcemanager.projects.list
Cloud Managed Identities Service Agent
(roles/managedidentities.serviceAgent )
Gives Managed Identities service account access to managed resources.
Warning: Do not grant service agent roles to any principals except
service agents .
compute.globalOperations.get
compute.networks.addPeering
compute.networks.get
compute.networks.removePeering
compute.networks.update
compute.routes.list
dns.changes.*
dns.changes.createdns.changes.getdns.changes.list
dns.dnsKeys.*
dns.dnsKeys.getdns.dnsKeys.list
dns.managedZoneOperations.*
dns.managedZoneOperations.getdns.managedZoneOperations.list
dns.managedZones.create
dns.managedZones.delete
dns.managedZones.get
dns.managedZones.list
dns.managedZones.update
dns.networks.bindPrivateDNSPolicy
dns.networks.bindPrivateDNSZone
dns.policies.create
dns.policies.delete
dns.policies.get
dns.policies.list
dns.policies.update
dns.projects.get
dns.resourceRecordSets.*
dns.resourceRecordSets.createdns.resourceRecordSets.deletedns.resourceRecordSets.getdns.resourceRecordSets.listdns.resourceRecordSets.update
dns.responsePolicies.*
dns.responsePolicies.createdns.responsePolicies.deletedns.responsePolicies.getdns.responsePolicies.listdns.responsePolicies.update
dns.responsePolicyRules.*
dns.responsePolicyRules.createdns.responsePolicyRules.deletedns.responsePolicyRules.getdns.responsePolicyRules.listdns.responsePolicyRules.update
monitoring.metricDescriptors.create
monitoring.metricDescriptors.get
monitoring.metricDescriptors.list
monitoring.monitoredResourceDescriptors.*
monitoring.monitoredResourceDescriptors.get monitoring.monitoredResourceDescriptors.list
monitoring.timeSeries.create
resourcemanager.projects.get
resourcemanager.projects.list
telemetry.metrics.write
Google Cloud Managed Identities Viewer
(roles/managedidentities.viewer )
Read-only access to Google Cloud Managed Identities Domains and related resources.
managedidentities.backups.get
managedidentities.backups.getIamPolicy
managedidentities.backups.list
managedidentities.domains.get
managedidentities.domains.getIamPolicy
managedidentities.domains.list
managedidentities.domains.listEffectiveTags
managedidentities.domains.listTagBindings
managedidentities.locations.*
managedidentities.locations.get managedidentities.locations.list
managedidentities.operations.get
managedidentities.operations.list
managedidentities.peerings.get
managedidentities.peerings.getIamPolicy
managedidentities.peerings.list
managedidentities.sqlintegrations.*
managedidentities.sqlintegrations.get managedidentities.sqlintegrations.list
resourcemanager.projects.get
resourcemanager.projects.list
Para mais informações sobre papéis do IAM, consulte
Noções básicas sobre papéis .
Envie comentários
Exceto em caso de indicação contrária, o conteúdo desta página é licenciado de acordo com a Licença de atribuição 4.0 do Creative Commons , e as amostras de código são licenciadas de acordo com a Licença Apache 2.0 . Para mais detalhes, consulte as políticas do site do Google Developers . Java é uma marca registrada da Oracle e/ou afiliadas.
Última atualização 2025-10-31 UTC.
Quer enviar seu feedback?
[[["Fácil de entender","easyToUnderstand","thumb-up"],["Meu problema foi resolvido","solvedMyProblem","thumb-up"],["Outro","otherUp","thumb-up"]],[["Difícil de entender","hardToUnderstand","thumb-down"],["Informações incorretas ou exemplo de código","incorrectInformationOrSampleCode","thumb-down"],["Não contém as informações/amostras de que eu preciso","missingTheInformationSamplesINeed","thumb-down"],["Problema na tradução","translationIssue","thumb-down"],["Outro","otherDown","thumb-down"]],["Última atualização 2025-10-31 UTC."],[],[]]
