IAM を使用したアクセス制御

Identity and Access Management(IAM)のロールは、Managed Service for Microsoft Active Directory(マネージド Microsoft AD)API の使用方法について規定しています。以下は、マネージド Microsoft AD で使用できる各 IAM のロールと使用可能なメソッドの一覧です。

さらに、Managed Microsoft AD を表示して有効化するには、サービス アカウントに servicemanagement.services.bind の権限が必要です。詳細については、サービス管理のロールと権限をご覧ください。

Role Permissions

(roles/managedidentities.admin)

Full access to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a project-level.

managedidentities.*

  • managedidentities.backups.create
  • managedidentities.backups.delete
  • managedidentities.backups.get
  • managedidentities.backups.getIamPolicy
  • managedidentities.backups.list
  • managedidentities.backups.setIamPolicy
  • managedidentities.backups.update
  • managedidentities.domains.attachTrust
  • managedidentities.domains.checkMigrationPermission
  • managedidentities.domains.create
  • managedidentities.domains.createTagBinding
  • managedidentities.domains.delete
  • managedidentities.domains.deleteTagBinding
  • managedidentities.domains.detachTrust
  • managedidentities.domains.disableMigration
  • managedidentities.domains.domainJoinMachine
  • managedidentities.domains.enableMigration
  • managedidentities.domains.extendSchema
  • managedidentities.domains.get
  • managedidentities.domains.getIamPolicy
  • managedidentities.domains.list
  • managedidentities.domains.listEffectiveTags
  • managedidentities.domains.listTagBindings
  • managedidentities.domains.reconfigureTrust
  • managedidentities.domains.resetpassword
  • managedidentities.domains.restore
  • managedidentities.domains.setIamPolicy
  • managedidentities.domains.update
  • managedidentities.domains.updateLDAPSSettings
  • managedidentities.domains.validateTrust
  • managedidentities.locations.get
  • managedidentities.locations.list
  • managedidentities.operations.cancel
  • managedidentities.operations.delete
  • managedidentities.operations.get
  • managedidentities.operations.list
  • managedidentities.peerings.create
  • managedidentities.peerings.delete
  • managedidentities.peerings.get
  • managedidentities.peerings.getIamPolicy
  • managedidentities.peerings.list
  • managedidentities.peerings.setIamPolicy
  • managedidentities.peerings.update
  • managedidentities.sqlintegrations.get
  • managedidentities.sqlintegrations.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/managedidentities.backupAdmin)

Full access to Google Cloud Managed Identities Backup and related resources. Intended to be granted on a project-level

managedidentities.backups.*

  • managedidentities.backups.create
  • managedidentities.backups.delete
  • managedidentities.backups.get
  • managedidentities.backups.getIamPolicy
  • managedidentities.backups.list
  • managedidentities.backups.setIamPolicy
  • managedidentities.backups.update

managedidentities.domains.get

managedidentities.locations.*

  • managedidentities.locations.get
  • managedidentities.locations.list

managedidentities.operations.*

  • managedidentities.operations.cancel
  • managedidentities.operations.delete
  • managedidentities.operations.get
  • managedidentities.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/managedidentities.backupViewer)

Read-only access to Google Cloud Managed Identities Backup and related resources.

managedidentities.backups.get

managedidentities.backups.getIamPolicy

managedidentities.backups.list

managedidentities.domains.get

managedidentities.locations.*

  • managedidentities.locations.get
  • managedidentities.locations.list

managedidentities.operations.get

managedidentities.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/managedidentities.domainAdmin)

Read-Update-Delete to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a resource (domain) level.

managedidentities.backups.*

  • managedidentities.backups.create
  • managedidentities.backups.delete
  • managedidentities.backups.get
  • managedidentities.backups.getIamPolicy
  • managedidentities.backups.list
  • managedidentities.backups.setIamPolicy
  • managedidentities.backups.update

managedidentities.domains.attachTrust

managedidentities.domains.checkMigrationPermission

managedidentities.domains.createTagBinding

managedidentities.domains.delete

managedidentities.domains.deleteTagBinding

managedidentities.domains.detachTrust

managedidentities.domains.disableMigration

managedidentities.domains.domainJoinMachine

managedidentities.domains.enableMigration

managedidentities.domains.extendSchema

managedidentities.domains.get

managedidentities.domains.getIamPolicy

managedidentities.domains.listEffectiveTags

managedidentities.domains.listTagBindings

managedidentities.domains.reconfigureTrust

managedidentities.domains.resetpassword

managedidentities.domains.restore

managedidentities.domains.update

managedidentities.domains.updateLDAPSSettings

managedidentities.domains.validateTrust

managedidentities.locations.*

  • managedidentities.locations.get
  • managedidentities.locations.list

managedidentities.operations.get

managedidentities.operations.list

managedidentities.sqlintegrations.*

  • managedidentities.sqlintegrations.get
  • managedidentities.sqlintegrations.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/managedidentities.domainJoin)

Access to domain join VMs with Cloud AD

managedidentities.domains.domainJoinMachine

managedidentities.domains.get

(roles/managedidentities.peeringAdmin)

Full access to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a project-level

managedidentities.locations.*

  • managedidentities.locations.get
  • managedidentities.locations.list

managedidentities.operations.*

  • managedidentities.operations.cancel
  • managedidentities.operations.delete
  • managedidentities.operations.get
  • managedidentities.operations.list

managedidentities.peerings.*

  • managedidentities.peerings.create
  • managedidentities.peerings.delete
  • managedidentities.peerings.get
  • managedidentities.peerings.getIamPolicy
  • managedidentities.peerings.list
  • managedidentities.peerings.setIamPolicy
  • managedidentities.peerings.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/managedidentities.peeringViewer)

Read-only access to Google Cloud Managed Identities Peering and related resources.

managedidentities.locations.*

  • managedidentities.locations.get
  • managedidentities.locations.list

managedidentities.operations.get

managedidentities.operations.list

managedidentities.peerings.get

managedidentities.peerings.getIamPolicy

managedidentities.peerings.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/managedidentities.viewer)

Read-only access to Google Cloud Managed Identities Domains and related resources.

managedidentities.backups.get

managedidentities.backups.getIamPolicy

managedidentities.backups.list

managedidentities.domains.get

managedidentities.domains.getIamPolicy

managedidentities.domains.list

managedidentities.domains.listEffectiveTags

managedidentities.domains.listTagBindings

managedidentities.locations.*

  • managedidentities.locations.get
  • managedidentities.locations.list

managedidentities.operations.get

managedidentities.operations.list

managedidentities.peerings.get

managedidentities.peerings.getIamPolicy

managedidentities.peerings.list

managedidentities.sqlintegrations.*

  • managedidentities.sqlintegrations.get
  • managedidentities.sqlintegrations.list

resourcemanager.projects.get

resourcemanager.projects.list

IAM ロールの詳細については、ロールについてをご覧ください。