IAM으로 액세스 제어

컬렉션을 사용해 정리하기 내 환경설정을 기준으로 콘텐츠를 저장하고 분류하세요.

ID 및 액세스 관리(IAM) 역할은 Microsoft Active Directory(관리형 Microsoft AD) API의 관리형 서비스 사용 방법을 규정합니다. 다음은 관리형 Microsoft AD에서 사용할 수 있는 각 IAM 역할과 이러한 역할에 사용할 수 있는 메서드 목록입니다.

또한 서비스 계정에는 관리형 Microsoft AD를 보고 사용 설정할 수 있는 servicemanagement.services.bind 권한이 있어야 합니다. 서비스 관리 역할 및 권한에 대해 자세히 알아보세요.

역할 권한

(roles/managedidentities.admin)

Google Cloud 관리형 ID 도메인 및 관련 리소스에 대한 전체 액세스 권한입니다. 프로젝트 수준에서 부여되어야 합니다.

소유자 권한 5개 포함

managedidentities.*

  • managedidentities.backups.create
  • managedidentities.backups.delete
  • managedidentities.backups.get
  • managedidentities.backups.getIamPolicy
  • managedidentities.backups.list
  • managedidentities.backups.setIamPolicy
  • managedidentities.backups.update
  • managedidentities.domains.attachTrust
  • managedidentities.domains.checkMigrationPermission
  • managedidentities.domains.create
  • managedidentities.domains.createTagBinding
  • managedidentities.domains.delete
  • managedidentities.domains.deleteTagBinding
  • managedidentities.domains.detachTrust
  • managedidentities.domains.disableMigration
  • managedidentities.domains.domainJoinMachine
  • managedidentities.domains.enableMigration
  • managedidentities.domains.extendSchema
  • managedidentities.domains.get
  • managedidentities.domains.getIamPolicy
  • managedidentities.domains.list
  • managedidentities.domains.listEffectiveTags
  • managedidentities.domains.listTagBindings
  • managedidentities.domains.reconfigureTrust
  • managedidentities.domains.resetpassword
  • managedidentities.domains.restore
  • managedidentities.domains.setIamPolicy
  • managedidentities.domains.update
  • managedidentities.domains.updateLDAPSSettings
  • managedidentities.domains.validateTrust
  • managedidentities.locations.get
  • managedidentities.locations.list
  • managedidentities.operations.cancel
  • managedidentities.operations.delete
  • managedidentities.operations.get
  • managedidentities.operations.list
  • managedidentities.peerings.create
  • managedidentities.peerings.delete
  • managedidentities.peerings.get
  • managedidentities.peerings.getIamPolicy
  • managedidentities.peerings.list
  • managedidentities.peerings.setIamPolicy
  • managedidentities.peerings.update
  • managedidentities.sqlintegrations.get
  • managedidentities.sqlintegrations.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/managedidentities.backupAdmin)

Google Cloud 관리형 ID 백업 및 관련 리소스에 대한 전체 액세스 권한입니다. 프로젝트 수준에서 부여되어야 합니다.

소유자 권한 1개가 포함됩니다.

managedidentities.backups.*

  • managedidentities.backups.create
  • managedidentities.backups.delete
  • managedidentities.backups.get
  • managedidentities.backups.getIamPolicy
  • managedidentities.backups.list
  • managedidentities.backups.setIamPolicy
  • managedidentities.backups.update

managedidentities.domains.get

managedidentities.locations.*

  • managedidentities.locations.get
  • managedidentities.locations.list

managedidentities.operations.*

  • managedidentities.operations.cancel
  • managedidentities.operations.delete
  • managedidentities.operations.get
  • managedidentities.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/managedidentities.backupViewer)

Google Cloud 관리형 ID 백업 및 관련 리소스에 대한 읽기 전용 액세스 권한입니다.

managedidentities.backups.get

managedidentities.backups.getIamPolicy

managedidentities.backups.list

managedidentities.domains.get

managedidentities.locations.*

  • managedidentities.locations.get
  • managedidentities.locations.list

managedidentities.operations.get

managedidentities.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/managedidentities.domainAdmin)

Google Cloud 관리형 ID 도메인 및 관련 리소스에 대한 읽기, 업데이트, 삭제 권한입니다. 리소스(도메인) 수준에서 부여되어야 합니다.

소유자 권한 3개가 포함됩니다.

managedidentities.backups.*

  • managedidentities.backups.create
  • managedidentities.backups.delete
  • managedidentities.backups.get
  • managedidentities.backups.getIamPolicy
  • managedidentities.backups.list
  • managedidentities.backups.setIamPolicy
  • managedidentities.backups.update

managedidentities.domains.attachTrust

managedidentities.domains.checkMigrationPermission

managedidentities.domains.createTagBinding

managedidentities.domains.delete

managedidentities.domains.deleteTagBinding

managedidentities.domains.detachTrust

managedidentities.domains.disableMigration

managedidentities.domains.domainJoinMachine

managedidentities.domains.enableMigration

managedidentities.domains.extendSchema

managedidentities.domains.get

managedidentities.domains.getIamPolicy

managedidentities.domains.listEffectiveTags

managedidentities.domains.listTagBindings

managedidentities.domains.reconfigureTrust

managedidentities.domains.resetpassword

managedidentities.domains.restore

managedidentities.domains.update

managedidentities.domains.updateLDAPSSettings

managedidentities.domains.validateTrust

managedidentities.locations.*

  • managedidentities.locations.get
  • managedidentities.locations.list

managedidentities.operations.get

managedidentities.operations.list

managedidentities.sqlintegrations.*

  • managedidentities.sqlintegrations.get
  • managedidentities.sqlintegrations.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/managedidentities.domainJoin)

Cloud AD가 포함된 도메인 조인 VM에 대한 액세스 권한입니다.

managedidentities.domains.domainJoinMachine

managedidentities.domains.get

(roles/managedidentities.peeringAdmin)

Google Cloud 관리형 ID 도메인 및 관련 리소스에 대한 전체 액세스 권한입니다. 프로젝트 수준에서 부여되어야 합니다.

소유자 권한 1개가 포함됩니다.

managedidentities.locations.*

  • managedidentities.locations.get
  • managedidentities.locations.list

managedidentities.operations.*

  • managedidentities.operations.cancel
  • managedidentities.operations.delete
  • managedidentities.operations.get
  • managedidentities.operations.list

managedidentities.peerings.*

  • managedidentities.peerings.create
  • managedidentities.peerings.delete
  • managedidentities.peerings.get
  • managedidentities.peerings.getIamPolicy
  • managedidentities.peerings.list
  • managedidentities.peerings.setIamPolicy
  • managedidentities.peerings.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/managedidentities.peeringViewer)

Google Cloud 관리형 ID 피어링 및 관련 리소스에 대한 읽기 전용 액세스 권한입니다.

managedidentities.locations.*

  • managedidentities.locations.get
  • managedidentities.locations.list

managedidentities.operations.get

managedidentities.operations.list

managedidentities.peerings.get

managedidentities.peerings.getIamPolicy

managedidentities.peerings.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/managedidentities.viewer)

Google Cloud 관리형 ID 도메인 및 관련 리소스에 대한 읽기 전용 액세스 권한입니다.

managedidentities.backups.get

managedidentities.backups.getIamPolicy

managedidentities.backups.list

managedidentities.domains.get

managedidentities.domains.getIamPolicy

managedidentities.domains.list

managedidentities.domains.listEffectiveTags

managedidentities.domains.listTagBindings

managedidentities.locations.*

  • managedidentities.locations.get
  • managedidentities.locations.list

managedidentities.operations.get

managedidentities.operations.list

managedidentities.peerings.get

managedidentities.peerings.getIamPolicy

managedidentities.peerings.list

managedidentities.sqlintegrations.*

  • managedidentities.sqlintegrations.get
  • managedidentities.sqlintegrations.list

resourcemanager.projects.get

resourcemanager.projects.list

IAM 역할에 대한 자세한 내용은 역할 이해를 참조하세요.