IAM으로 액세스 제어

ID 및 액세스 관리(IAM) 역할은 Microsoft Active Directory(관리형 Microsoft AD) API의 관리형 서비스 사용 방법을 규정합니다. 다음은 관리형 Microsoft AD에서 사용할 수 있는 각 IAM 역할과 이러한 역할에 사용할 수 있는 메서드 목록입니다.

또한 서비스 계정에는 관리형 Microsoft AD를 보고 사용 설정할 수 있는 servicemanagement.services.bind 권한이 있어야 합니다. 서비스 관리 역할 및 권한에 대해 자세히 알아보세요.

Role Permissions

Google Cloud Managed Identities Admin
(roles/managedidentities.admin)

Full access to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a project-level.

  • managedidentities.*
  • resourcemanager.projects.get
  • resourcemanager.projects.list

Google Cloud Managed Identities Backup Admin
(roles/managedidentities.backupAdmin)

Full access to Google Cloud Managed Identities Backup and related resources. Intended to be granted on a project-level

  • managedidentities.backups.*
  • managedidentities.domains.get
  • managedidentities.locations.*
  • managedidentities.operations.*
  • resourcemanager.projects.get
  • resourcemanager.projects.list

Google Cloud Managed Identities Backup Viewer
(roles/managedidentities.backupViewer)

Read-only access to Google Cloud Managed Identities Backup and related resources.

  • managedidentities.backups.get
  • managedidentities.backups.getIamPolicy
  • managedidentities.backups.list
  • managedidentities.domains.get
  • managedidentities.locations.*
  • managedidentities.operations.get
  • managedidentities.operations.list
  • resourcemanager.projects.get
  • resourcemanager.projects.list

Google Cloud Managed Identities Domain Admin
(roles/managedidentities.domainAdmin)

Read-Update-Delete to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a resource (domain) level.

  • managedidentities.backups.*
  • managedidentities.domains.attachTrust
  • managedidentities.domains.createTagBinding
  • managedidentities.domains.delete
  • managedidentities.domains.deleteTagBinding
  • managedidentities.domains.detachTrust
  • managedidentities.domains.extendSchema
  • managedidentities.domains.get
  • managedidentities.domains.getIamPolicy
  • managedidentities.domains.listEffectiveTags
  • managedidentities.domains.listTagBindings
  • managedidentities.domains.reconfigureTrust
  • managedidentities.domains.resetpassword
  • managedidentities.domains.restore
  • managedidentities.domains.update
  • managedidentities.domains.updateLDAPSSettings
  • managedidentities.domains.validateTrust
  • managedidentities.locations.*
  • managedidentities.operations.get
  • managedidentities.operations.list
  • managedidentities.sqlintegrations.*
  • resourcemanager.projects.get
  • resourcemanager.projects.list

Google Cloud Managed Identities Domain Controller Operator
(roles/managedidentities.domaincontrollerOperator)

Operator access for Managed AD Domain Controllers

  • pubsub.schemas.attach
  • pubsub.schemas.create
  • pubsub.schemas.delete
  • pubsub.schemas.get
  • pubsub.schemas.list
  • pubsub.schemas.validate
  • pubsub.snapshots.create
  • pubsub.snapshots.delete
  • pubsub.snapshots.get
  • pubsub.snapshots.list
  • pubsub.snapshots.seek
  • pubsub.snapshots.update
  • pubsub.subscriptions.consume
  • pubsub.subscriptions.create
  • pubsub.subscriptions.delete
  • pubsub.subscriptions.get
  • pubsub.subscriptions.list
  • pubsub.subscriptions.update
  • pubsub.topics.attachSubscription
  • pubsub.topics.create
  • pubsub.topics.delete
  • pubsub.topics.detachSubscription
  • pubsub.topics.get
  • pubsub.topics.list
  • pubsub.topics.publish
  • pubsub.topics.update
  • pubsub.topics.updateTag
  • resourcemanager.projects.get
  • resourcemanager.projects.list
  • serviceusage.quotas.get
  • serviceusage.services.get
  • serviceusage.services.list
  • storage.objects.get
  • storage.objects.list

Google Cloud Managed Identities Peering Admin
(roles/managedidentities.peeringAdmin)

Full access to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a project-level

  • managedidentities.locations.*
  • managedidentities.operations.*
  • managedidentities.peerings.*
  • resourcemanager.projects.get
  • resourcemanager.projects.list

Google Cloud Managed Identities Peering Viewer
(roles/managedidentities.peeringViewer)

Read-only access to Google Cloud Managed Identities Peering and related resources.

  • managedidentities.locations.*
  • managedidentities.operations.get
  • managedidentities.operations.list
  • managedidentities.peerings.get
  • managedidentities.peerings.getIamPolicy
  • managedidentities.peerings.list
  • resourcemanager.projects.get
  • resourcemanager.projects.list

Google Cloud Managed Identities Viewer
(roles/managedidentities.viewer)

Read-only access to Google Cloud Managed Identities Domains and related resources.

  • managedidentities.backups.get
  • managedidentities.backups.getIamPolicy
  • managedidentities.backups.list
  • managedidentities.domains.get
  • managedidentities.domains.getIamPolicy
  • managedidentities.domains.list
  • managedidentities.domains.listEffectiveTags
  • managedidentities.domains.listTagBindings
  • managedidentities.locations.*
  • managedidentities.operations.get
  • managedidentities.operations.list
  • managedidentities.peerings.get
  • managedidentities.peerings.getIamPolicy
  • managedidentities.peerings.list
  • managedidentities.sqlintegrations.*
  • resourcemanager.projects.get
  • resourcemanager.projects.list

IAM 역할에 대한 자세한 내용은 역할 이해를 참조하세요.