Control de acceso con IAM

Las funciones de Identity and Access Management (IAM) prescriben cómo puede usar el servicio administrado para la API de Microsoft Active Directory (Microsoft AD administrado). A continuación, se incluye una lista de cada función de IAM disponible para Microsoft AD administrado y los métodos disponibles para ellos.

Además, las cuentas de servicio deben tener el permiso servicemanagement.services.bind para ver y habilitar Microsoft AD administrado. Obtén más información sobre las funciones y permisos de la administración de servicios.

Role Permissions

Role	Permissions
Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Full access to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a project-level.	`managedidentities.*` `managedidentities.backups.create` `managedidentities.backups.delete` `managedidentities.backups.get` `managedidentities.backups.getIamPolicy` `managedidentities.backups.list` `managedidentities.backups.setIamPolicy` `managedidentities.backups.update` `managedidentities.domains.attachTrust` `managedidentities.domains.checkMigrationPermission` `managedidentities.domains.create` `managedidentities.domains.createTagBinding` `managedidentities.domains.delete` `managedidentities.domains.deleteTagBinding` `managedidentities.domains.detachTrust` `managedidentities.domains.disableMigration` `managedidentities.domains.domainJoinMachine` `managedidentities.domains.enableMigration` `managedidentities.domains.extendSchema` `managedidentities.domains.get` `managedidentities.domains.getIamPolicy` `managedidentities.domains.list` `managedidentities.domains.listEffectiveTags` `managedidentities.domains.listTagBindings` `managedidentities.domains.reconfigureTrust` `managedidentities.domains.resetpassword` `managedidentities.domains.restore` `managedidentities.domains.setIamPolicy` `managedidentities.domains.update` `managedidentities.domains.updateLDAPSSettings` `managedidentities.domains.validateTrust` `managedidentities.locations.get` `managedidentities.locations.list` `managedidentities.operations.cancel` `managedidentities.operations.delete` `managedidentities.operations.get` `managedidentities.operations.list` `managedidentities.peerings.create` `managedidentities.peerings.delete` `managedidentities.peerings.get` `managedidentities.peerings.getIamPolicy` `managedidentities.peerings.list` `managedidentities.peerings.setIamPolicy` `managedidentities.peerings.update` `managedidentities.sqlintegrations.get` `managedidentities.sqlintegrations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Google Cloud Managed Identities Backup Admin (`roles/managedidentities.backupAdmin`) Full access to Google Cloud Managed Identities Backup and related resources. Intended to be granted on a project-level	`managedidentities.backups.` `managedidentities.backups.create` `managedidentities.backups.delete` `managedidentities.backups.get` `managedidentities.backups.getIamPolicy` `managedidentities.backups.list` `managedidentities.backups.setIamPolicy` `managedidentities.backups.update` `managedidentities.domains.get` `managedidentities.locations.` `managedidentities.locations.get` `managedidentities.locations.list` `managedidentities.operations.*` `managedidentities.operations.cancel` `managedidentities.operations.delete` `managedidentities.operations.get` `managedidentities.operations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Google Cloud Managed Identities Backup Viewer (`roles/managedidentities.backupViewer`) Read-only access to Google Cloud Managed Identities Backup and related resources.	`managedidentities.backups.get` `managedidentities.backups.getIamPolicy` `managedidentities.backups.list` `managedidentities.domains.get` `managedidentities.locations.*` `managedidentities.locations.get` `managedidentities.locations.list` `managedidentities.operations.get` `managedidentities.operations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Google Cloud Managed Identities Domain Admin (`roles/managedidentities.domainAdmin`) Read-Update-Delete to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a resource (domain) level.	`managedidentities.backups.` `managedidentities.backups.create` `managedidentities.backups.delete` `managedidentities.backups.get` `managedidentities.backups.getIamPolicy` `managedidentities.backups.list` `managedidentities.backups.setIamPolicy` `managedidentities.backups.update` `managedidentities.domains.attachTrust` `managedidentities.domains.checkMigrationPermission` `managedidentities.domains.createTagBinding` `managedidentities.domains.delete` `managedidentities.domains.deleteTagBinding` `managedidentities.domains.detachTrust` `managedidentities.domains.disableMigration` `managedidentities.domains.domainJoinMachine` `managedidentities.domains.enableMigration` `managedidentities.domains.extendSchema` `managedidentities.domains.get` `managedidentities.domains.getIamPolicy` `managedidentities.domains.listEffectiveTags` `managedidentities.domains.listTagBindings` `managedidentities.domains.reconfigureTrust` `managedidentities.domains.resetpassword` `managedidentities.domains.restore` `managedidentities.domains.update` `managedidentities.domains.updateLDAPSSettings` `managedidentities.domains.validateTrust` `managedidentities.locations.` `managedidentities.locations.get` `managedidentities.locations.list` `managedidentities.operations.get` `managedidentities.operations.list` `managedidentities.sqlintegrations.*` `managedidentities.sqlintegrations.get` `managedidentities.sqlintegrations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Google Cloud Managed Identities Domain Join ^Beta (`roles/managedidentities.domainJoin`) Access to domain join VMs with Cloud AD	`managedidentities.domains.domainJoinMachine` `managedidentities.domains.get`
Google Cloud Managed Identities Peering Admin (`roles/managedidentities.peeringAdmin`) Full access to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a project-level	`managedidentities.locations.` `managedidentities.locations.get` `managedidentities.locations.list` `managedidentities.operations.` `managedidentities.operations.cancel` `managedidentities.operations.delete` `managedidentities.operations.get` `managedidentities.operations.list` `managedidentities.peerings.*` `managedidentities.peerings.create` `managedidentities.peerings.delete` `managedidentities.peerings.get` `managedidentities.peerings.getIamPolicy` `managedidentities.peerings.list` `managedidentities.peerings.setIamPolicy` `managedidentities.peerings.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Google Cloud Managed Identities Peering Viewer (`roles/managedidentities.peeringViewer`) Read-only access to Google Cloud Managed Identities Peering and related resources.	`managedidentities.locations.*` `managedidentities.locations.get` `managedidentities.locations.list` `managedidentities.operations.get` `managedidentities.operations.list` `managedidentities.peerings.get` `managedidentities.peerings.getIamPolicy` `managedidentities.peerings.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Google Cloud Managed Identities Viewer (`roles/managedidentities.viewer`) Read-only access to Google Cloud Managed Identities Domains and related resources.	`managedidentities.backups.get` `managedidentities.backups.getIamPolicy` `managedidentities.backups.list` `managedidentities.domains.get` `managedidentities.domains.getIamPolicy` `managedidentities.domains.list` `managedidentities.domains.listEffectiveTags` `managedidentities.domains.listTagBindings` `managedidentities.locations.` `managedidentities.locations.get` `managedidentities.locations.list` `managedidentities.operations.get` `managedidentities.operations.list` `managedidentities.peerings.get` `managedidentities.peerings.getIamPolicy` `managedidentities.peerings.list` `managedidentities.sqlintegrations.` `managedidentities.sqlintegrations.get` `managedidentities.sqlintegrations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

Google Cloud Managed Identities Admin

(roles/managedidentities.admin)

Full access to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a project-level.

managedidentities.*

managedidentities.backups.create
managedidentities.backups.delete
managedidentities.backups.get
managedidentities.backups.getIamPolicy
managedidentities.backups.list
managedidentities.backups.setIamPolicy
managedidentities.backups.update
managedidentities.domains.attachTrust
managedidentities.domains.checkMigrationPermission
managedidentities.domains.create
managedidentities.domains.createTagBinding
managedidentities.domains.delete
managedidentities.domains.deleteTagBinding
managedidentities.domains.detachTrust
managedidentities.domains.disableMigration
managedidentities.domains.domainJoinMachine
managedidentities.domains.enableMigration
managedidentities.domains.extendSchema
managedidentities.domains.get
managedidentities.domains.getIamPolicy
managedidentities.domains.list
managedidentities.domains.listEffectiveTags
managedidentities.domains.listTagBindings
managedidentities.domains.reconfigureTrust
managedidentities.domains.resetpassword
managedidentities.domains.restore
managedidentities.domains.setIamPolicy
managedidentities.domains.update
managedidentities.domains.updateLDAPSSettings
managedidentities.domains.validateTrust
managedidentities.locations.get
managedidentities.locations.list
managedidentities.operations.cancel
managedidentities.operations.delete
managedidentities.operations.get
managedidentities.operations.list
managedidentities.peerings.create
managedidentities.peerings.delete
managedidentities.peerings.get
managedidentities.peerings.getIamPolicy
managedidentities.peerings.list
managedidentities.peerings.setIamPolicy
managedidentities.peerings.update
managedidentities.sqlintegrations.get
managedidentities.sqlintegrations.list

resourcemanager.projects.get

resourcemanager.projects.list

Google Cloud Managed Identities Backup Admin

(roles/managedidentities.backupAdmin)

Full access to Google Cloud Managed Identities Backup and related resources. Intended to be granted on a project-level

managedidentities.backups.*

managedidentities.backups.create
managedidentities.backups.delete
managedidentities.backups.get
managedidentities.backups.getIamPolicy
managedidentities.backups.list
managedidentities.backups.setIamPolicy
managedidentities.backups.update

managedidentities.domains.get

managedidentities.locations.*

managedidentities.locations.get
managedidentities.locations.list

managedidentities.operations.*

managedidentities.operations.cancel
managedidentities.operations.delete
managedidentities.operations.get
managedidentities.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Google Cloud Managed Identities Backup Viewer

(roles/managedidentities.backupViewer)

Read-only access to Google Cloud Managed Identities Backup and related resources.

managedidentities.backups.get

managedidentities.backups.getIamPolicy

managedidentities.backups.list

managedidentities.domains.get

managedidentities.locations.*

managedidentities.locations.get
managedidentities.locations.list

managedidentities.operations.get

managedidentities.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Google Cloud Managed Identities Domain Admin

(roles/managedidentities.domainAdmin)

Read-Update-Delete to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a resource (domain) level.

managedidentities.backups.*

managedidentities.backups.create
managedidentities.backups.delete
managedidentities.backups.get
managedidentities.backups.getIamPolicy
managedidentities.backups.list
managedidentities.backups.setIamPolicy
managedidentities.backups.update

managedidentities.domains.attachTrust

managedidentities.domains.checkMigrationPermission

managedidentities.domains.createTagBinding

managedidentities.domains.delete

managedidentities.domains.deleteTagBinding

managedidentities.domains.detachTrust

managedidentities.domains.disableMigration

managedidentities.domains.domainJoinMachine

managedidentities.domains.enableMigration

managedidentities.domains.extendSchema

managedidentities.domains.get

managedidentities.domains.getIamPolicy

managedidentities.domains.listEffectiveTags

managedidentities.domains.listTagBindings

managedidentities.domains.reconfigureTrust

managedidentities.domains.resetpassword

managedidentities.domains.restore

managedidentities.domains.update

managedidentities.domains.updateLDAPSSettings

managedidentities.domains.validateTrust

managedidentities.locations.*

managedidentities.locations.get
managedidentities.locations.list

managedidentities.operations.get

managedidentities.operations.list

managedidentities.sqlintegrations.*

managedidentities.sqlintegrations.get
managedidentities.sqlintegrations.list

resourcemanager.projects.get

resourcemanager.projects.list

Google Cloud Managed Identities Domain Join ^Beta

(roles/managedidentities.domainJoin)

Access to domain join VMs with Cloud AD

managedidentities.domains.domainJoinMachine

managedidentities.domains.get

Google Cloud Managed Identities Peering Admin

(roles/managedidentities.peeringAdmin)

Full access to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a project-level

managedidentities.locations.*

managedidentities.locations.get
managedidentities.locations.list

managedidentities.operations.*

managedidentities.operations.cancel
managedidentities.operations.delete
managedidentities.operations.get
managedidentities.operations.list

managedidentities.peerings.*

managedidentities.peerings.create
managedidentities.peerings.delete
managedidentities.peerings.get
managedidentities.peerings.getIamPolicy
managedidentities.peerings.list
managedidentities.peerings.setIamPolicy
managedidentities.peerings.update

resourcemanager.projects.get

resourcemanager.projects.list

Google Cloud Managed Identities Peering Viewer

(roles/managedidentities.peeringViewer)

Read-only access to Google Cloud Managed Identities Peering and related resources.

managedidentities.locations.*

managedidentities.locations.get
managedidentities.locations.list

managedidentities.operations.get

managedidentities.operations.list

managedidentities.peerings.get

managedidentities.peerings.getIamPolicy

managedidentities.peerings.list

resourcemanager.projects.get

resourcemanager.projects.list

Google Cloud Managed Identities Viewer

(roles/managedidentities.viewer)

Read-only access to Google Cloud Managed Identities Domains and related resources.

managedidentities.backups.get

managedidentities.backups.getIamPolicy

managedidentities.backups.list

managedidentities.domains.get

managedidentities.domains.getIamPolicy

managedidentities.domains.list

managedidentities.domains.listEffectiveTags

managedidentities.domains.listTagBindings

managedidentities.locations.*

managedidentities.locations.get
managedidentities.locations.list

managedidentities.operations.get

managedidentities.operations.list

managedidentities.peerings.get

managedidentities.peerings.getIamPolicy

managedidentities.peerings.list

managedidentities.sqlintegrations.*

managedidentities.sqlintegrations.get
managedidentities.sqlintegrations.list

resourcemanager.projects.get

resourcemanager.projects.list

Para obtener más información sobre las funciones de IAM, consulta Comprende las funciones.

Control de acceso con IAM

Google Cloud Managed Identities Admin

Google Cloud Managed Identities Backup Admin

Google Cloud Managed Identities Backup Viewer

Google Cloud Managed Identities Domain Admin

Google Cloud Managed Identities Domain Join Beta

Google Cloud Managed Identities Peering Admin

Google Cloud Managed Identities Peering Viewer

Google Cloud Managed Identities Viewer

Google Cloud Managed Identities Domain Join ^Beta