Enviar comentarios
Control de acceso con la gestión de identidades y accesos
Organízate con las colecciones
Guarda y clasifica el contenido según tus preferencias.
Los roles de Gestión de Identidades y Accesos (IAM) determinan cómo puedes usar la API del servicio gestionado de Microsoft Active Directory (Managed Microsoft AD). A continuación, se muestra una lista de los roles de IAM disponibles para Managed Microsoft AD y los métodos disponibles para cada uno de ellos.
Además, las cuentas de servicio deben tener el permiso servicemanagement.services.bind
para ver y habilitar Managed Microsoft AD. Más información sobre los roles y permisos de gestión de servicios
Role
Permissions
Google Cloud Managed Identities Admin
(roles/managedidentities.admin )
Full access to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a project-level.
managedidentities.*
managedidentities.backups.create managedidentities.backups.delete managedidentities.backups.getmanagedidentities.backups.getIamPolicy managedidentities.backups.listmanagedidentities.backups.setIamPolicy managedidentities.backups.update managedidentities.domains.attachTrust managedidentities.domains.checkMigrationPermission managedidentities.domains.create managedidentities.domains.createTagBinding managedidentities.domains.delete managedidentities.domains.deleteTagBinding managedidentities.domains.detachTrust managedidentities.domains.disableMigration managedidentities.domains.domainJoinMachine managedidentities.domains.enableMigration managedidentities.domains.extendSchema managedidentities.domains.getmanagedidentities.domains.getIamPolicy managedidentities.domains.listmanagedidentities.domains.listEffectiveTags managedidentities.domains.listTagBindings managedidentities.domains.reconfigureTrust managedidentities.domains.resetpassword managedidentities.domains.restore managedidentities.domains.setIamPolicy managedidentities.domains.update managedidentities.domains.updateLDAPSSettings managedidentities.domains.validateTrust managedidentities.locations.get managedidentities.locations.list managedidentities.operations.cancel managedidentities.operations.delete managedidentities.operations.get managedidentities.operations.list managedidentities.peerings.create managedidentities.peerings.delete managedidentities.peerings.getmanagedidentities.peerings.getIamPolicy managedidentities.peerings.list managedidentities.peerings.setIamPolicy managedidentities.peerings.update managedidentities.sqlintegrations.get managedidentities.sqlintegrations.list
resourcemanager.projects.get
resourcemanager.projects.list
Google Cloud Managed Identities Backup Admin
(roles/managedidentities.backupAdmin )
Full access to Google Cloud Managed Identities Backup and related resources. Intended to be granted on a project-level
managedidentities.backups.*
managedidentities.backups.create managedidentities.backups.delete managedidentities.backups.getmanagedidentities.backups.getIamPolicy managedidentities.backups.listmanagedidentities.backups.setIamPolicy managedidentities.backups.update
managedidentities.domains.get
managedidentities.locations.*
managedidentities.locations.get managedidentities.locations.list
managedidentities.operations.*
managedidentities.operations.cancel managedidentities.operations.delete managedidentities.operations.get managedidentities.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
Google Cloud Managed Identities Backup Viewer
(roles/managedidentities.backupViewer )
Read-only access to Google Cloud Managed Identities Backup and related resources.
managedidentities.backups.get
managedidentities.backups.getIamPolicy
managedidentities.backups.list
managedidentities.domains.get
managedidentities.locations.*
managedidentities.locations.get managedidentities.locations.list
managedidentities.operations.get
managedidentities.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
Google Cloud Managed Identities Domain Admin
(roles/managedidentities.domainAdmin )
Read-Update-Delete to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a resource (domain) level.
managedidentities.backups.*
managedidentities.backups.create managedidentities.backups.delete managedidentities.backups.getmanagedidentities.backups.getIamPolicy managedidentities.backups.listmanagedidentities.backups.setIamPolicy managedidentities.backups.update
managedidentities.domains.attachTrust
managedidentities.domains.checkMigrationPermission
managedidentities.domains.createTagBinding
managedidentities.domains.delete
managedidentities.domains.deleteTagBinding
managedidentities.domains.detachTrust
managedidentities.domains.disableMigration
managedidentities.domains.domainJoinMachine
managedidentities.domains.enableMigration
managedidentities.domains.extendSchema
managedidentities.domains.get
managedidentities.domains.getIamPolicy
managedidentities.domains.listEffectiveTags
managedidentities.domains.listTagBindings
managedidentities.domains.reconfigureTrust
managedidentities.domains.resetpassword
managedidentities.domains.restore
managedidentities.domains.update
managedidentities.domains.updateLDAPSSettings
managedidentities.domains.validateTrust
managedidentities.locations.*
managedidentities.locations.get managedidentities.locations.list
managedidentities.operations.get
managedidentities.operations.list
managedidentities.sqlintegrations.*
managedidentities.sqlintegrations.get managedidentities.sqlintegrations.list
resourcemanager.projects.get
resourcemanager.projects.list
Google Cloud Managed Identities Domain Join
Beta
(roles/managedidentities.domainJoin )
Access to domain join VMs with Cloud AD
managedidentities.domains.domainJoinMachine
managedidentities.domains.get
Google Cloud Managed Identities Peering Admin
(roles/managedidentities.peeringAdmin )
Full access to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a project-level
managedidentities.locations.*
managedidentities.locations.get managedidentities.locations.list
managedidentities.operations.*
managedidentities.operations.cancel managedidentities.operations.delete managedidentities.operations.get managedidentities.operations.list
managedidentities.peerings.*
managedidentities.peerings.create managedidentities.peerings.delete managedidentities.peerings.getmanagedidentities.peerings.getIamPolicy managedidentities.peerings.list managedidentities.peerings.setIamPolicy managedidentities.peerings.update
resourcemanager.projects.get
resourcemanager.projects.list
Google Cloud Managed Identities Peering Viewer
(roles/managedidentities.peeringViewer )
Read-only access to Google Cloud Managed Identities Peering and related resources.
managedidentities.locations.*
managedidentities.locations.get managedidentities.locations.list
managedidentities.operations.get
managedidentities.operations.list
managedidentities.peerings.get
managedidentities.peerings.getIamPolicy
managedidentities.peerings.list
resourcemanager.projects.get
resourcemanager.projects.list
Cloud Managed Identities Service Agent
(roles/managedidentities.serviceAgent )
Gives Managed Identities service account access to managed resources.
Warning: Do not grant service agent roles to any principals except
service agents .
compute.globalOperations.get
compute.networks.addPeering
compute.networks.get
compute.networks.removePeering
compute.networks.update
compute.routes.list
dns.changes.*
dns.changes.createdns.changes.getdns.changes.list
dns.dnsKeys.*
dns.dnsKeys.getdns.dnsKeys.list
dns.managedZoneOperations.*
dns.managedZoneOperations.getdns.managedZoneOperations.list
dns.managedZones.create
dns.managedZones.delete
dns.managedZones.get
dns.managedZones.list
dns.managedZones.update
dns.networks.bindPrivateDNSPolicy
dns.networks.bindPrivateDNSZone
dns.policies.*
dns.policies.createdns.policies.deletedns.policies.getdns.policies.listdns.policies.update
dns.projects.get
dns.resourceRecordSets.*
dns.resourceRecordSets.createdns.resourceRecordSets.deletedns.resourceRecordSets.getdns.resourceRecordSets.listdns.resourceRecordSets.update
dns.responsePolicies.*
dns.responsePolicies.createdns.responsePolicies.deletedns.responsePolicies.getdns.responsePolicies.listdns.responsePolicies.update
dns.responsePolicyRules.*
dns.responsePolicyRules.createdns.responsePolicyRules.deletedns.responsePolicyRules.getdns.responsePolicyRules.listdns.responsePolicyRules.update
monitoring.metricDescriptors.create
monitoring.metricDescriptors.get
monitoring.metricDescriptors.list
monitoring.monitoredResourceDescriptors.*
monitoring.monitoredResourceDescriptors.get monitoring.monitoredResourceDescriptors.list
monitoring.timeSeries.create
resourcemanager.projects.get
resourcemanager.projects.list
Google Cloud Managed Identities Viewer
(roles/managedidentities.viewer )
Read-only access to Google Cloud Managed Identities Domains and related resources.
managedidentities.backups.get
managedidentities.backups.getIamPolicy
managedidentities.backups.list
managedidentities.domains.get
managedidentities.domains.getIamPolicy
managedidentities.domains.list
managedidentities.domains.listEffectiveTags
managedidentities.domains.listTagBindings
managedidentities.locations.*
managedidentities.locations.get managedidentities.locations.list
managedidentities.operations.get
managedidentities.operations.list
managedidentities.peerings.get
managedidentities.peerings.getIamPolicy
managedidentities.peerings.list
managedidentities.sqlintegrations.*
managedidentities.sqlintegrations.get managedidentities.sqlintegrations.list
resourcemanager.projects.get
resourcemanager.projects.list
Para obtener más información sobre los roles de gestión de identidades y accesos, consulta el artículo sobre la descripción de roles .
Enviar comentarios
A menos que se indique lo contrario, el contenido de esta página está sujeto a la licencia Reconocimiento 4.0 de Creative Commons y las muestras de código están sujetas a la licencia Apache 2.0 . Para obtener más información, consulta las políticas del sitio web de Google Developers . Java es una marca registrada de Oracle o sus afiliados.
Última actualización: 2025-09-11 (UTC).
¿Necesitas contarnos más?
[[["Es fácil de entender","easyToUnderstand","thumb-up"],["Me ofreció una solución al problema","solvedMyProblem","thumb-up"],["Otro","otherUp","thumb-up"]],[["Es difícil de entender","hardToUnderstand","thumb-down"],["La información o el código de muestra no son correctos","incorrectInformationOrSampleCode","thumb-down"],["Me faltan las muestras o la información que necesito","missingTheInformationSamplesINeed","thumb-down"],["Problema de traducción","translationIssue","thumb-down"],["Otro","otherDown","thumb-down"]],["Última actualización: 2025-09-11 (UTC)."],[],[],null,[]]
