Kontrol akses dengan IAM

Peran Identity and Access Management (IAM) menentukan cara Anda dapat menggunakan Layanan Terkelola untuk Microsoft Active Directory (Managed Microsoft AD) API. Berikut adalah daftar setiap peran IAM yang tersedia untuk Microsoft AD Terkelola dan metode yang tersedia bagi peran tersebut.

Selain itu, akun layanan harus memiliki izin servicemanagement.services.bind untuk melihat dan mengaktifkan Microsoft AD Terkelola. Pelajari peran dan izin pengelolaan layanan lebih lanjut.

Role Permissions

Role	Permissions
Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Full access to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a project-level.	`managedidentities.*` `managedidentities.backups.create` `managedidentities.backups.delete` `managedidentities.backups.get` `managedidentities.backups.getIamPolicy` `managedidentities.backups.list` `managedidentities.backups.setIamPolicy` `managedidentities.backups.update` `managedidentities.domains.attachTrust` `managedidentities.domains.checkMigrationPermission` `managedidentities.domains.create` `managedidentities.domains.createTagBinding` `managedidentities.domains.delete` `managedidentities.domains.deleteTagBinding` `managedidentities.domains.detachTrust` `managedidentities.domains.disableMigration` `managedidentities.domains.domainJoinMachine` `managedidentities.domains.enableMigration` `managedidentities.domains.extendSchema` `managedidentities.domains.get` `managedidentities.domains.getIamPolicy` `managedidentities.domains.list` `managedidentities.domains.listEffectiveTags` `managedidentities.domains.listTagBindings` `managedidentities.domains.reconfigureTrust` `managedidentities.domains.resetpassword` `managedidentities.domains.restore` `managedidentities.domains.setIamPolicy` `managedidentities.domains.update` `managedidentities.domains.updateLDAPSSettings` `managedidentities.domains.validateTrust` `managedidentities.locations.get` `managedidentities.locations.list` `managedidentities.operations.cancel` `managedidentities.operations.delete` `managedidentities.operations.get` `managedidentities.operations.list` `managedidentities.peerings.create` `managedidentities.peerings.delete` `managedidentities.peerings.get` `managedidentities.peerings.getIamPolicy` `managedidentities.peerings.list` `managedidentities.peerings.setIamPolicy` `managedidentities.peerings.update` `managedidentities.sqlintegrations.get` `managedidentities.sqlintegrations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Google Cloud Managed Identities Backup Admin (`roles/managedidentities.backupAdmin`) Full access to Google Cloud Managed Identities Backup and related resources. Intended to be granted on a project-level	`managedidentities.backups.` `managedidentities.backups.create` `managedidentities.backups.delete` `managedidentities.backups.get` `managedidentities.backups.getIamPolicy` `managedidentities.backups.list` `managedidentities.backups.setIamPolicy` `managedidentities.backups.update` `managedidentities.domains.get` `managedidentities.locations.` `managedidentities.locations.get` `managedidentities.locations.list` `managedidentities.operations.*` `managedidentities.operations.cancel` `managedidentities.operations.delete` `managedidentities.operations.get` `managedidentities.operations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Google Cloud Managed Identities Backup Viewer (`roles/managedidentities.backupViewer`) Read-only access to Google Cloud Managed Identities Backup and related resources.	`managedidentities.backups.get` `managedidentities.backups.getIamPolicy` `managedidentities.backups.list` `managedidentities.domains.get` `managedidentities.locations.*` `managedidentities.locations.get` `managedidentities.locations.list` `managedidentities.operations.get` `managedidentities.operations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Google Cloud Managed Identities Domain Admin (`roles/managedidentities.domainAdmin`) Read-Update-Delete to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a resource (domain) level.	`managedidentities.backups.` `managedidentities.backups.create` `managedidentities.backups.delete` `managedidentities.backups.get` `managedidentities.backups.getIamPolicy` `managedidentities.backups.list` `managedidentities.backups.setIamPolicy` `managedidentities.backups.update` `managedidentities.domains.attachTrust` `managedidentities.domains.checkMigrationPermission` `managedidentities.domains.createTagBinding` `managedidentities.domains.delete` `managedidentities.domains.deleteTagBinding` `managedidentities.domains.detachTrust` `managedidentities.domains.disableMigration` `managedidentities.domains.domainJoinMachine` `managedidentities.domains.enableMigration` `managedidentities.domains.extendSchema` `managedidentities.domains.get` `managedidentities.domains.getIamPolicy` `managedidentities.domains.listEffectiveTags` `managedidentities.domains.listTagBindings` `managedidentities.domains.reconfigureTrust` `managedidentities.domains.resetpassword` `managedidentities.domains.restore` `managedidentities.domains.update` `managedidentities.domains.updateLDAPSSettings` `managedidentities.domains.validateTrust` `managedidentities.locations.` `managedidentities.locations.get` `managedidentities.locations.list` `managedidentities.operations.get` `managedidentities.operations.list` `managedidentities.sqlintegrations.*` `managedidentities.sqlintegrations.get` `managedidentities.sqlintegrations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Google Cloud Managed Identities Domain Join ^Beta (`roles/managedidentities.domainJoin`) Access to domain join VMs with Cloud AD	`managedidentities.domains.domainJoinMachine` `managedidentities.domains.get`
Google Cloud Managed Identities Peering Admin (`roles/managedidentities.peeringAdmin`) Full access to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a project-level	`managedidentities.locations.` `managedidentities.locations.get` `managedidentities.locations.list` `managedidentities.operations.` `managedidentities.operations.cancel` `managedidentities.operations.delete` `managedidentities.operations.get` `managedidentities.operations.list` `managedidentities.peerings.*` `managedidentities.peerings.create` `managedidentities.peerings.delete` `managedidentities.peerings.get` `managedidentities.peerings.getIamPolicy` `managedidentities.peerings.list` `managedidentities.peerings.setIamPolicy` `managedidentities.peerings.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Google Cloud Managed Identities Peering Viewer (`roles/managedidentities.peeringViewer`) Read-only access to Google Cloud Managed Identities Peering and related resources.	`managedidentities.locations.*` `managedidentities.locations.get` `managedidentities.locations.list` `managedidentities.operations.get` `managedidentities.operations.list` `managedidentities.peerings.get` `managedidentities.peerings.getIamPolicy` `managedidentities.peerings.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Google Cloud Managed Identities Viewer (`roles/managedidentities.viewer`) Read-only access to Google Cloud Managed Identities Domains and related resources.	`managedidentities.backups.get` `managedidentities.backups.getIamPolicy` `managedidentities.backups.list` `managedidentities.domains.get` `managedidentities.domains.getIamPolicy` `managedidentities.domains.list` `managedidentities.domains.listEffectiveTags` `managedidentities.domains.listTagBindings` `managedidentities.locations.` `managedidentities.locations.get` `managedidentities.locations.list` `managedidentities.operations.get` `managedidentities.operations.list` `managedidentities.peerings.get` `managedidentities.peerings.getIamPolicy` `managedidentities.peerings.list` `managedidentities.sqlintegrations.` `managedidentities.sqlintegrations.get` `managedidentities.sqlintegrations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

Google Cloud Managed Identities Admin

(roles/managedidentities.admin)

Full access to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a project-level.

managedidentities.*

managedidentities.backups.create
managedidentities.backups.delete
managedidentities.backups.get
managedidentities.backups.getIamPolicy
managedidentities.backups.list
managedidentities.backups.setIamPolicy
managedidentities.backups.update
managedidentities.domains.attachTrust
managedidentities.domains.checkMigrationPermission
managedidentities.domains.create
managedidentities.domains.createTagBinding
managedidentities.domains.delete
managedidentities.domains.deleteTagBinding
managedidentities.domains.detachTrust
managedidentities.domains.disableMigration
managedidentities.domains.domainJoinMachine
managedidentities.domains.enableMigration
managedidentities.domains.extendSchema
managedidentities.domains.get
managedidentities.domains.getIamPolicy
managedidentities.domains.list
managedidentities.domains.listEffectiveTags
managedidentities.domains.listTagBindings
managedidentities.domains.reconfigureTrust
managedidentities.domains.resetpassword
managedidentities.domains.restore
managedidentities.domains.setIamPolicy
managedidentities.domains.update
managedidentities.domains.updateLDAPSSettings
managedidentities.domains.validateTrust
managedidentities.locations.get
managedidentities.locations.list
managedidentities.operations.cancel
managedidentities.operations.delete
managedidentities.operations.get
managedidentities.operations.list
managedidentities.peerings.create
managedidentities.peerings.delete
managedidentities.peerings.get
managedidentities.peerings.getIamPolicy
managedidentities.peerings.list
managedidentities.peerings.setIamPolicy
managedidentities.peerings.update
managedidentities.sqlintegrations.get
managedidentities.sqlintegrations.list

resourcemanager.projects.get

resourcemanager.projects.list

Google Cloud Managed Identities Backup Admin

(roles/managedidentities.backupAdmin)

Full access to Google Cloud Managed Identities Backup and related resources. Intended to be granted on a project-level

managedidentities.backups.*

managedidentities.backups.create
managedidentities.backups.delete
managedidentities.backups.get
managedidentities.backups.getIamPolicy
managedidentities.backups.list
managedidentities.backups.setIamPolicy
managedidentities.backups.update

managedidentities.domains.get

managedidentities.locations.*

managedidentities.locations.get
managedidentities.locations.list

managedidentities.operations.*

managedidentities.operations.cancel
managedidentities.operations.delete
managedidentities.operations.get
managedidentities.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Google Cloud Managed Identities Backup Viewer

(roles/managedidentities.backupViewer)

Read-only access to Google Cloud Managed Identities Backup and related resources.

managedidentities.backups.get

managedidentities.backups.getIamPolicy

managedidentities.backups.list

managedidentities.domains.get

managedidentities.locations.*

managedidentities.locations.get
managedidentities.locations.list

managedidentities.operations.get

managedidentities.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Google Cloud Managed Identities Domain Admin

(roles/managedidentities.domainAdmin)

Read-Update-Delete to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a resource (domain) level.

managedidentities.backups.*

managedidentities.backups.create
managedidentities.backups.delete
managedidentities.backups.get
managedidentities.backups.getIamPolicy
managedidentities.backups.list
managedidentities.backups.setIamPolicy
managedidentities.backups.update

managedidentities.domains.attachTrust

managedidentities.domains.checkMigrationPermission

managedidentities.domains.createTagBinding

managedidentities.domains.delete

managedidentities.domains.deleteTagBinding

managedidentities.domains.detachTrust

managedidentities.domains.disableMigration

managedidentities.domains.domainJoinMachine

managedidentities.domains.enableMigration

managedidentities.domains.extendSchema

managedidentities.domains.get

managedidentities.domains.getIamPolicy

managedidentities.domains.listEffectiveTags

managedidentities.domains.listTagBindings

managedidentities.domains.reconfigureTrust

managedidentities.domains.resetpassword

managedidentities.domains.restore

managedidentities.domains.update

managedidentities.domains.updateLDAPSSettings

managedidentities.domains.validateTrust

managedidentities.locations.*

managedidentities.locations.get
managedidentities.locations.list

managedidentities.operations.get

managedidentities.operations.list

managedidentities.sqlintegrations.*

managedidentities.sqlintegrations.get
managedidentities.sqlintegrations.list

resourcemanager.projects.get

resourcemanager.projects.list

Google Cloud Managed Identities Domain Join ^Beta

(roles/managedidentities.domainJoin)

Access to domain join VMs with Cloud AD

managedidentities.domains.domainJoinMachine

managedidentities.domains.get

Google Cloud Managed Identities Peering Admin

(roles/managedidentities.peeringAdmin)

Full access to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a project-level

managedidentities.locations.*

managedidentities.locations.get
managedidentities.locations.list

managedidentities.operations.*

managedidentities.operations.cancel
managedidentities.operations.delete
managedidentities.operations.get
managedidentities.operations.list

managedidentities.peerings.*

managedidentities.peerings.create
managedidentities.peerings.delete
managedidentities.peerings.get
managedidentities.peerings.getIamPolicy
managedidentities.peerings.list
managedidentities.peerings.setIamPolicy
managedidentities.peerings.update

resourcemanager.projects.get

resourcemanager.projects.list

Google Cloud Managed Identities Peering Viewer

(roles/managedidentities.peeringViewer)

Read-only access to Google Cloud Managed Identities Peering and related resources.

managedidentities.locations.*

managedidentities.locations.get
managedidentities.locations.list

managedidentities.operations.get

managedidentities.operations.list

managedidentities.peerings.get

managedidentities.peerings.getIamPolicy

managedidentities.peerings.list

resourcemanager.projects.get

resourcemanager.projects.list

Google Cloud Managed Identities Viewer

(roles/managedidentities.viewer)

Read-only access to Google Cloud Managed Identities Domains and related resources.

managedidentities.backups.get

managedidentities.backups.getIamPolicy

managedidentities.backups.list

managedidentities.domains.get

managedidentities.domains.getIamPolicy

managedidentities.domains.list

managedidentities.domains.listEffectiveTags

managedidentities.domains.listTagBindings

managedidentities.locations.*

managedidentities.locations.get
managedidentities.locations.list

managedidentities.operations.get

managedidentities.operations.list

managedidentities.peerings.get

managedidentities.peerings.getIamPolicy

managedidentities.peerings.list

managedidentities.sqlintegrations.*

managedidentities.sqlintegrations.get
managedidentities.sqlintegrations.list

resourcemanager.projects.get

resourcemanager.projects.list

Untuk mengetahui informasi selengkapnya tentang peran IAM, baca memahami peran.

Kontrol akses dengan IAM

Google Cloud Managed Identities Admin

Google Cloud Managed Identities Backup Admin

Google Cloud Managed Identities Backup Viewer

Google Cloud Managed Identities Domain Admin

Google Cloud Managed Identities Domain Join Beta

Google Cloud Managed Identities Peering Admin

Google Cloud Managed Identities Peering Viewer

Google Cloud Managed Identities Viewer

Google Cloud Managed Identities Domain Join ^Beta