Envoyer des commentaires
Contrôle des accès avec IAM
Les rôles IAM (Identity and Access Management indiquent comment utiliser l'API Managed Service pour Microsoft Active Directory (Microsoft AD géré). Vous trouverez ci-dessous une liste de chaque rôle Cloud IAM disponible pour Microsoft AD géré et les méthodes disponibles.
En outre, les comptes de services doivent disposer de l'autorisation servicemanagement.services.bind pour afficher et activer Microsoft AD géré. En savoir plus sur les rôles et autorisations de gestion des services .
Role
Permissions
Google Cloud Managed Identities Admin
(roles/managedidentities.admin )
Full access to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a project-level.
managedidentities.*
managedidentities.backups.create managedidentities.backups.delete managedidentities.backups.getmanagedidentities.backups.getIamPolicy managedidentities.backups.listmanagedidentities.backups.setIamPolicy managedidentities.backups.update managedidentities.domains.attachTrust managedidentities.domains.checkMigrationPermission managedidentities.domains.create managedidentities.domains.createTagBinding managedidentities.domains.delete managedidentities.domains.deleteTagBinding managedidentities.domains.detachTrust managedidentities.domains.disableMigration managedidentities.domains.domainJoinMachine managedidentities.domains.enableMigration managedidentities.domains.extendSchema managedidentities.domains.getmanagedidentities.domains.getIamPolicy managedidentities.domains.listmanagedidentities.domains.listEffectiveTags managedidentities.domains.listTagBindings managedidentities.domains.reconfigureTrust managedidentities.domains.resetpassword managedidentities.domains.restore managedidentities.domains.setIamPolicy managedidentities.domains.update managedidentities.domains.updateLDAPSSettings managedidentities.domains.validateTrust managedidentities.locations.get managedidentities.locations.list managedidentities.operations.cancel managedidentities.operations.delete managedidentities.operations.get managedidentities.operations.list managedidentities.peerings.create managedidentities.peerings.delete managedidentities.peerings.getmanagedidentities.peerings.getIamPolicy managedidentities.peerings.list managedidentities.peerings.setIamPolicy managedidentities.peerings.update managedidentities.sqlintegrations.get managedidentities.sqlintegrations.list
resourcemanager.projects.get
resourcemanager.projects.list
Google Cloud Managed Identities Backup Admin
(roles/managedidentities.backupAdmin )
Full access to Google Cloud Managed Identities Backup and related resources. Intended to be granted on a project-level
managedidentities.backups.*
managedidentities.backups.create managedidentities.backups.delete managedidentities.backups.getmanagedidentities.backups.getIamPolicy managedidentities.backups.listmanagedidentities.backups.setIamPolicy managedidentities.backups.update
managedidentities.domains.get
managedidentities.locations.*
managedidentities.locations.get managedidentities.locations.list
managedidentities.operations.*
managedidentities.operations.cancel managedidentities.operations.delete managedidentities.operations.get managedidentities.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
Google Cloud Managed Identities Backup Viewer
(roles/managedidentities.backupViewer )
Read-only access to Google Cloud Managed Identities Backup and related resources.
managedidentities.backups.get
managedidentities.backups.getIamPolicy
managedidentities.backups.list
managedidentities.domains.get
managedidentities.locations.*
managedidentities.locations.get managedidentities.locations.list
managedidentities.operations.get
managedidentities.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
Google Cloud Managed Identities Domain Admin
(roles/managedidentities.domainAdmin )
Read-Update-Delete to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a resource (domain) level.
managedidentities.backups.*
managedidentities.backups.create managedidentities.backups.delete managedidentities.backups.getmanagedidentities.backups.getIamPolicy managedidentities.backups.listmanagedidentities.backups.setIamPolicy managedidentities.backups.update
managedidentities.domains.attachTrust
managedidentities.domains.checkMigrationPermission
managedidentities.domains.createTagBinding
managedidentities.domains.delete
managedidentities.domains.deleteTagBinding
managedidentities.domains.detachTrust
managedidentities.domains.disableMigration
managedidentities.domains.domainJoinMachine
managedidentities.domains.enableMigration
managedidentities.domains.extendSchema
managedidentities.domains.get
managedidentities.domains.getIamPolicy
managedidentities.domains.listEffectiveTags
managedidentities.domains.listTagBindings
managedidentities.domains.reconfigureTrust
managedidentities.domains.resetpassword
managedidentities.domains.restore
managedidentities.domains.update
managedidentities.domains.updateLDAPSSettings
managedidentities.domains.validateTrust
managedidentities.locations.*
managedidentities.locations.get managedidentities.locations.list
managedidentities.operations.get
managedidentities.operations.list
managedidentities.sqlintegrations.*
managedidentities.sqlintegrations.get managedidentities.sqlintegrations.list
resourcemanager.projects.get
resourcemanager.projects.list
Google Cloud Managed Identities Domain Join
Beta
(roles/managedidentities.domainJoin )
Access to domain join VMs with Cloud AD
managedidentities.domains.domainJoinMachine
managedidentities.domains.get
Google Cloud Managed Identities Peering Admin
(roles/managedidentities.peeringAdmin )
Full access to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a project-level
managedidentities.locations.*
managedidentities.locations.get managedidentities.locations.list
managedidentities.operations.*
managedidentities.operations.cancel managedidentities.operations.delete managedidentities.operations.get managedidentities.operations.list
managedidentities.peerings.*
managedidentities.peerings.create managedidentities.peerings.delete managedidentities.peerings.getmanagedidentities.peerings.getIamPolicy managedidentities.peerings.list managedidentities.peerings.setIamPolicy managedidentities.peerings.update
resourcemanager.projects.get
resourcemanager.projects.list
Google Cloud Managed Identities Peering Viewer
(roles/managedidentities.peeringViewer )
Read-only access to Google Cloud Managed Identities Peering and related resources.
managedidentities.locations.*
managedidentities.locations.get managedidentities.locations.list
managedidentities.operations.get
managedidentities.operations.list
managedidentities.peerings.get
managedidentities.peerings.getIamPolicy
managedidentities.peerings.list
resourcemanager.projects.get
resourcemanager.projects.list
Cloud Managed Identities Service Agent
(roles/managedidentities.serviceAgent )
Gives Managed Identities service account access to managed resources.
Warning: Do not grant service agent roles to any principals except
service agents .
compute.globalOperations.get
compute.networks.addPeering
compute.networks.get
compute.networks.removePeering
compute.networks.update
compute.routes.list
dns.changes.*
dns.changes.createdns.changes.getdns.changes.list
dns.dnsKeys.*
dns.dnsKeys.getdns.dnsKeys.list
dns.managedZoneOperations.*
dns.managedZoneOperations.getdns.managedZoneOperations.list
dns.managedZones.create
dns.managedZones.delete
dns.managedZones.get
dns.managedZones.list
dns.managedZones.update
dns.networks.bindPrivateDNSPolicy
dns.networks.bindPrivateDNSZone
dns.policies.create
dns.policies.delete
dns.policies.get
dns.policies.list
dns.policies.update
dns.projects.get
dns.resourceRecordSets.*
dns.resourceRecordSets.createdns.resourceRecordSets.deletedns.resourceRecordSets.getdns.resourceRecordSets.listdns.resourceRecordSets.update
dns.responsePolicies.*
dns.responsePolicies.createdns.responsePolicies.deletedns.responsePolicies.getdns.responsePolicies.listdns.responsePolicies.update
dns.responsePolicyRules.*
dns.responsePolicyRules.createdns.responsePolicyRules.deletedns.responsePolicyRules.getdns.responsePolicyRules.listdns.responsePolicyRules.update
monitoring.metricDescriptors.create
monitoring.metricDescriptors.get
monitoring.metricDescriptors.list
monitoring.monitoredResourceDescriptors.*
monitoring.monitoredResourceDescriptors.get monitoring.monitoredResourceDescriptors.list
monitoring.timeSeries.create
resourcemanager.projects.get
resourcemanager.projects.list
telemetry.metrics.write
Google Cloud Managed Identities Viewer
(roles/managedidentities.viewer )
Read-only access to Google Cloud Managed Identities Domains and related resources.
managedidentities.backups.get
managedidentities.backups.getIamPolicy
managedidentities.backups.list
managedidentities.domains.get
managedidentities.domains.getIamPolicy
managedidentities.domains.list
managedidentities.domains.listEffectiveTags
managedidentities.domains.listTagBindings
managedidentities.locations.*
managedidentities.locations.get managedidentities.locations.list
managedidentities.operations.get
managedidentities.operations.list
managedidentities.peerings.get
managedidentities.peerings.getIamPolicy
managedidentities.peerings.list
managedidentities.sqlintegrations.*
managedidentities.sqlintegrations.get managedidentities.sqlintegrations.list
resourcemanager.projects.get
resourcemanager.projects.list
Pour en savoir plus sur les rôles IAM, consultez la page Comprendre les rôles .
Envoyer des commentaires
Sauf indication contraire, le contenu de cette page est régi par une licence Creative Commons Attribution 4.0 , et les échantillons de code sont régis par une licence Apache 2.0 . Pour en savoir plus, consultez les Règles du site Google Developers . Java est une marque déposée d'Oracle et/ou de ses sociétés affiliées.
Dernière mise à jour le 2025/10/31 (UTC).
Voulez-vous nous donner plus d'informations ?
[[["Facile à comprendre","easyToUnderstand","thumb-up"],["J'ai pu résoudre mon problème","solvedMyProblem","thumb-up"],["Autre","otherUp","thumb-up"]],[["Difficile à comprendre","hardToUnderstand","thumb-down"],["Informations ou exemple de code incorrects","incorrectInformationOrSampleCode","thumb-down"],["Il n'y a pas l'information/les exemples dont j'ai besoin","missingTheInformationSamplesINeed","thumb-down"],["Problème de traduction","translationIssue","thumb-down"],["Autre","otherDown","thumb-down"]],["Dernière mise à jour le 2025/10/31 (UTC)."],[],[]]
