Control de acceso con IAM

Las funciones de Identity and Access Management (IAM) prescriben cómo puede usar el servicio administrado para la API de Microsoft Active Directory (Microsoft AD administrado). A continuación, se incluye una lista de cada función de IAM disponible para Microsoft AD administrado y los métodos disponibles para ellos.

Además, las cuentas de servicio deben tener el permiso servicemanagement.services.bind para ver y habilitar Microsoft AD administrado. Obtén más información sobre las funciones y permisos de la administración de servicios.

Role Permissions

(roles/managedidentities.admin)

Full access to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a project-level.

managedidentities.*

  • managedidentities.backups.create
  • managedidentities.backups.delete
  • managedidentities.backups.get
  • managedidentities.backups.getIamPolicy
  • managedidentities.backups.list
  • managedidentities.backups.setIamPolicy
  • managedidentities.backups.update
  • managedidentities.domains.attachTrust
  • managedidentities.domains.checkMigrationPermission
  • managedidentities.domains.create
  • managedidentities.domains.createTagBinding
  • managedidentities.domains.delete
  • managedidentities.domains.deleteTagBinding
  • managedidentities.domains.detachTrust
  • managedidentities.domains.disableMigration
  • managedidentities.domains.domainJoinMachine
  • managedidentities.domains.enableMigration
  • managedidentities.domains.extendSchema
  • managedidentities.domains.get
  • managedidentities.domains.getIamPolicy
  • managedidentities.domains.list
  • managedidentities.domains.listEffectiveTags
  • managedidentities.domains.listTagBindings
  • managedidentities.domains.reconfigureTrust
  • managedidentities.domains.resetpassword
  • managedidentities.domains.restore
  • managedidentities.domains.setIamPolicy
  • managedidentities.domains.update
  • managedidentities.domains.updateLDAPSSettings
  • managedidentities.domains.validateTrust
  • managedidentities.locations.get
  • managedidentities.locations.list
  • managedidentities.operations.cancel
  • managedidentities.operations.delete
  • managedidentities.operations.get
  • managedidentities.operations.list
  • managedidentities.peerings.create
  • managedidentities.peerings.delete
  • managedidentities.peerings.get
  • managedidentities.peerings.getIamPolicy
  • managedidentities.peerings.list
  • managedidentities.peerings.setIamPolicy
  • managedidentities.peerings.update
  • managedidentities.sqlintegrations.get
  • managedidentities.sqlintegrations.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/managedidentities.backupAdmin)

Full access to Google Cloud Managed Identities Backup and related resources. Intended to be granted on a project-level

managedidentities.backups.*

  • managedidentities.backups.create
  • managedidentities.backups.delete
  • managedidentities.backups.get
  • managedidentities.backups.getIamPolicy
  • managedidentities.backups.list
  • managedidentities.backups.setIamPolicy
  • managedidentities.backups.update

managedidentities.domains.get

managedidentities.locations.*

  • managedidentities.locations.get
  • managedidentities.locations.list

managedidentities.operations.*

  • managedidentities.operations.cancel
  • managedidentities.operations.delete
  • managedidentities.operations.get
  • managedidentities.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/managedidentities.backupViewer)

Read-only access to Google Cloud Managed Identities Backup and related resources.

managedidentities.backups.get

managedidentities.backups.getIamPolicy

managedidentities.backups.list

managedidentities.domains.get

managedidentities.locations.*

  • managedidentities.locations.get
  • managedidentities.locations.list

managedidentities.operations.get

managedidentities.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/managedidentities.domainAdmin)

Read-Update-Delete to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a resource (domain) level.

managedidentities.backups.*

  • managedidentities.backups.create
  • managedidentities.backups.delete
  • managedidentities.backups.get
  • managedidentities.backups.getIamPolicy
  • managedidentities.backups.list
  • managedidentities.backups.setIamPolicy
  • managedidentities.backups.update

managedidentities.domains.attachTrust

managedidentities.domains.checkMigrationPermission

managedidentities.domains.createTagBinding

managedidentities.domains.delete

managedidentities.domains.deleteTagBinding

managedidentities.domains.detachTrust

managedidentities.domains.disableMigration

managedidentities.domains.domainJoinMachine

managedidentities.domains.enableMigration

managedidentities.domains.extendSchema

managedidentities.domains.get

managedidentities.domains.getIamPolicy

managedidentities.domains.listEffectiveTags

managedidentities.domains.listTagBindings

managedidentities.domains.reconfigureTrust

managedidentities.domains.resetpassword

managedidentities.domains.restore

managedidentities.domains.update

managedidentities.domains.updateLDAPSSettings

managedidentities.domains.validateTrust

managedidentities.locations.*

  • managedidentities.locations.get
  • managedidentities.locations.list

managedidentities.operations.get

managedidentities.operations.list

managedidentities.sqlintegrations.*

  • managedidentities.sqlintegrations.get
  • managedidentities.sqlintegrations.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/managedidentities.domainJoin)

Access to domain join VMs with Cloud AD

managedidentities.domains.domainJoinMachine

managedidentities.domains.get

(roles/managedidentities.peeringAdmin)

Full access to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a project-level

managedidentities.locations.*

  • managedidentities.locations.get
  • managedidentities.locations.list

managedidentities.operations.*

  • managedidentities.operations.cancel
  • managedidentities.operations.delete
  • managedidentities.operations.get
  • managedidentities.operations.list

managedidentities.peerings.*

  • managedidentities.peerings.create
  • managedidentities.peerings.delete
  • managedidentities.peerings.get
  • managedidentities.peerings.getIamPolicy
  • managedidentities.peerings.list
  • managedidentities.peerings.setIamPolicy
  • managedidentities.peerings.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/managedidentities.peeringViewer)

Read-only access to Google Cloud Managed Identities Peering and related resources.

managedidentities.locations.*

  • managedidentities.locations.get
  • managedidentities.locations.list

managedidentities.operations.get

managedidentities.operations.list

managedidentities.peerings.get

managedidentities.peerings.getIamPolicy

managedidentities.peerings.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/managedidentities.viewer)

Read-only access to Google Cloud Managed Identities Domains and related resources.

managedidentities.backups.get

managedidentities.backups.getIamPolicy

managedidentities.backups.list

managedidentities.domains.get

managedidentities.domains.getIamPolicy

managedidentities.domains.list

managedidentities.domains.listEffectiveTags

managedidentities.domains.listTagBindings

managedidentities.locations.*

  • managedidentities.locations.get
  • managedidentities.locations.list

managedidentities.operations.get

managedidentities.operations.list

managedidentities.peerings.get

managedidentities.peerings.getIamPolicy

managedidentities.peerings.list

managedidentities.sqlintegrations.*

  • managedidentities.sqlintegrations.get
  • managedidentities.sqlintegrations.list

resourcemanager.projects.get

resourcemanager.projects.list

Para obtener más información sobre las funciones de IAM, consulta Comprende las funciones.