Esta página foi traduzida pela API Cloud Translation.

Controle de acesso com o IAM

Os papéis de gerenciamento de identidade e acesso (IAM, na sigla em inglês) definem quanto você pode usar o Serviço gerenciado para a API Microsoft Active Directory (Microsoft AD). Abaixo está uma lista de cada papel do IAM disponível para o Managed Microsoft AD e os métodos disponíveis.

Além disso, as contas de serviços precisam ter a permissão servicemanagement.services.bind para ver e ativar o Managed Microsoft AD. Saiba mais sobre papéis e permissões de gerenciamento de serviço.

Papel Permissões

Papel	Permissões
Administrador de identidades gerenciadas do Google Cloud (`roles/managedidentities.admin`) Acesso total aos domínios de identidades gerenciadas do Google Cloud e recursos relacionados. Para ser concedido no nível do projeto. Contém cinco permissões de proprietário	managedidentities.* managedidentities.backups.create managedidentities.backups.delete managedidentities.backups.get managedidentities.backups.getIamPolicy managedidentities.backups.list managedidentities.backups.setIamPolicy managedidentities.backups.update managedidentities.domains.attachTrust managedidentities.domains.checkMigrationPermission managedidentities.domains.create managedidentities.domains.createTagBinding managedidentities.domains.delete managedidentities.domains.deleteTagBinding managedidentities.domains.detachTrust managedidentities.domains.disableMigration managedidentity.domains.domainJoinMachine managedidentities.domains.enableMigration managedidentities.domains.extendSchema managedidentities.domains.get managedidentities.domains.getIamPolicy managedidentities.domains.list managedidentities.domains.listEffectiveTags managedidentities.domains.listTagBindings managedidentities.domains.reconfigureTrust managedidentities.domains.resetpassword managedidentities.domains.restore managedidentities.domains.setIamPolicy managedidentities.domains.update managedidentities.domains.updateLDAPSSettings managedidentities.domains.validateTrust managedidentities.locations.get managedidentities.locations.list managedidentities.operations.cancel managedidentities.operations.delete managedidentities.operations.get managedidentities.operations.list managedidentities.peerings.create managedidentities.peerings.delete managedidentities.peerings.get managedidentities.peerings.getIamPolicy managedidentities.peerings.list managedidentities.peerings.setIamPolicy managedidentities.peerings.update managedidentities.sqlintegrations.get managedidentities.sqlintegrations.list resourcemanager.projects.get resourcemanager.projects.list
Administrador de backup de identidades gerenciadas do Google Cloud (`roles/managedidentities.backupAdmin`) Acesso total ao backup de identidades gerenciadas do Google Cloud e recursos relacionados. Para ser concedido para envolvidos no projeto Contém uma permissão de proprietário	managedidentities.backups* managedidentities.backups.create managedidentities.backups.delete managedidentities.backups.get managedidentities.backups.getIamPolicy managedidentities.backups.list managedidentities.backups.setIamPolicy managedidentities.backups.update managedidentities.domains.get managedidentities.locations.* managedidentities.locations.get managedidentities.locations.list managedidentities.operations.* managedidentities.operations.cancel managedidentities.operations.delete managedidentities.operations.get managedidentities.operations.list resourcemanager.projects.get resourcemanager.projects.list
Leitor de backup de identidades gerenciadas do Google Cloud (`roles/managedidentities.backupViewer`) Acesso somente leitura ao backup de identidades gerenciadas do Google Cloud e recursos relacionados.	managedidentities.backups.get managedidentities.backups.getIamPolicy managedidentities.backups.list managedidentities.domains.get managedidentities.locations.* managedidentities.locations.get managedidentities.locations.list managedidentities.operations.get managedidentities.operations.list resourcemanager.projects.get resourcemanager.projects.list
Administrador de domínio das identidades gerenciadas do Google Cloud (`roles/managedidentities.domainAdmin`) Acesso leitura, atualização e exclusão aos domínios de identidades gerenciadas do Google Cloud e recursos relacionados. Para ser concedido no nível do recurso (domínio). Contém três permissões de proprietário	managedidentities.backups* managedidentities.backups.create managedidentities.backups.delete managedidentities.backups.get managedidentities.backups.getIamPolicy managedidentities.backups.list managedidentities.backups.setIamPolicy managedidentities.backups.update managedidentities.domains.attachTrust managedidentities.domains.checkMigrationPermission managedidentities.domains.createTagBinding managedidentities.domains.delete managedidentities.domains.deleteTagBinding managedidentities.domains.detachTrust managedidentities.domains.disableMigration managedidentity.domains.domainJoinMachine managedidentities.domains.enableMigration managedidentities.domains.extendSchema managedidentities.domains.get managedidentities.domains.getIamPolicy managedidentities.domains.listEffectiveTags managedidentities.domains.listTagBindings managedidentities.domains.reconfigureTrust managedidentities.domains.resetpassword managedidentities.domains.restore managedidentities.domains.update managedidentities.domains.updateLDAPSSettings managedidentities.domains.validateTrust managedidentities.locations.* managedidentities.locations.get managedidentities.locations.list managedidentities.operations.get managedidentities.operations.list managedidentities.sqlintegrations.* managedidentities.sqlintegrations.get managedidentities.sqlintegrations.list resourcemanager.projects.get resourcemanager.projects.list
Junção de domínios de identidades gerenciadas do Google Cloud ^Beta (`roles/managedidentities.domainJoin`) Acesso a VMs de ingresso de domínio com o Cloud AD	managedidentity.domains.domainJoinMachine managedidentities.domains.get
Administrador de peering das identidades gerenciadas do Google Cloud (`roles/managedidentities.peeringAdmin`) Acesso total aos domínios de identidades gerenciadas do Google Cloud e recursos relacionados. Para ser concedido para envolvidos no projeto Contém uma permissão de proprietário	managedidentities.locations.* managedidentities.locations.get managedidentities.locations.list managedidentities.operations.* managedidentities.operations.cancel managedidentities.operations.delete managedidentities.operations.get managedidentities.operations.list managedidentities.peerings.* managedidentities.peerings.create managedidentities.peerings.delete managedidentities.peerings.get managedidentities.peerings.getIamPolicy managedidentities.peerings.list managedidentities.peerings.setIamPolicy managedidentities.peerings.update resourcemanager.projects.get resourcemanager.projects.list
Leitor de peering de identidades gerenciadas do Google Cloud (`roles/managedidentities.peeringViewer`) Acesso somente leitura ao peering de identidades gerenciadas do Google Cloud e aos recursos relacionados.	managedidentities.locations.* managedidentities.locations.get managedidentities.locations.list managedidentities.operations.get managedidentities.operations.list managedidentities.peerings.get managedidentities.peerings.getIamPolicy managedidentities.peerings.list resourcemanager.projects.get resourcemanager.projects.list
Leitor de identidades gerenciadas do Google Cloud (`roles/managedidentities.viewer`) Acesso somente leitura aos domínios de identidades gerenciadas do Google Cloud e recursos relacionados.	managedidentities.backups.get managedidentities.backups.getIamPolicy managedidentities.backups.list managedidentities.domains.get managedidentities.domains.getIamPolicy managedidentities.domains.list managedidentities.domains.listEffectiveTags managedidentities.domains.listTagBindings managedidentities.locations.* managedidentities.locations.get managedidentities.locations.list managedidentities.operations.get managedidentities.operations.list managedidentities.peerings.get managedidentities.peerings.getIamPolicy managedidentities.peerings.list managedidentities.sqlintegrations.* managedidentities.sqlintegrations.get managedidentities.sqlintegrations.list resourcemanager.projects.get resourcemanager.projects.list

Administrador de identidades gerenciadas do Google Cloud

(roles/managedidentities.admin)

Acesso total aos domínios de identidades gerenciadas do Google Cloud e recursos relacionados. Para ser concedido no nível do projeto.

Contém cinco permissões de proprietário

managedidentities.*

managedidentities.backups.create
managedidentities.backups.delete
managedidentities.backups.get
managedidentities.backups.getIamPolicy
managedidentities.backups.list
managedidentities.backups.setIamPolicy
managedidentities.backups.update
managedidentities.domains.attachTrust
managedidentities.domains.checkMigrationPermission
managedidentities.domains.create
managedidentities.domains.createTagBinding
managedidentities.domains.delete
managedidentities.domains.deleteTagBinding
managedidentities.domains.detachTrust
managedidentities.domains.disableMigration
managedidentity.domains.domainJoinMachine
managedidentities.domains.enableMigration
managedidentities.domains.extendSchema
managedidentities.domains.get
managedidentities.domains.getIamPolicy
managedidentities.domains.list
managedidentities.domains.listEffectiveTags
managedidentities.domains.listTagBindings
managedidentities.domains.reconfigureTrust
managedidentities.domains.resetpassword
managedidentities.domains.restore
managedidentities.domains.setIamPolicy
managedidentities.domains.update
managedidentities.domains.updateLDAPSSettings
managedidentities.domains.validateTrust
managedidentities.locations.get
managedidentities.locations.list
managedidentities.operations.cancel
managedidentities.operations.delete
managedidentities.operations.get
managedidentities.operations.list
managedidentities.peerings.create
managedidentities.peerings.delete
managedidentities.peerings.get
managedidentities.peerings.getIamPolicy
managedidentities.peerings.list
managedidentities.peerings.setIamPolicy
managedidentities.peerings.update
managedidentities.sqlintegrations.get
managedidentities.sqlintegrations.list

resourcemanager.projects.get

resourcemanager.projects.list

Administrador de backup de identidades gerenciadas do Google Cloud

(roles/managedidentities.backupAdmin)

Acesso total ao backup de identidades gerenciadas do Google Cloud e recursos relacionados. Para ser concedido para envolvidos no projeto

Contém uma permissão de proprietário

managedidentities.backups*

managedidentities.backups.create
managedidentities.backups.delete
managedidentities.backups.get
managedidentities.backups.getIamPolicy
managedidentities.backups.list
managedidentities.backups.setIamPolicy
managedidentities.backups.update

managedidentities.domains.get

managedidentities.locations.*

managedidentities.locations.get
managedidentities.locations.list

managedidentities.operations.*

managedidentities.operations.cancel
managedidentities.operations.delete
managedidentities.operations.get
managedidentities.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Leitor de backup de identidades gerenciadas do Google Cloud

(roles/managedidentities.backupViewer)

Acesso somente leitura ao backup de identidades gerenciadas do Google Cloud e recursos relacionados.

managedidentities.backups.get

managedidentities.backups.getIamPolicy

managedidentities.backups.list

managedidentities.domains.get

managedidentities.locations.*

managedidentities.locations.get
managedidentities.locations.list

managedidentities.operations.get

managedidentities.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Administrador de domínio das identidades gerenciadas do Google Cloud

(roles/managedidentities.domainAdmin)

Acesso leitura, atualização e exclusão aos domínios de identidades gerenciadas do Google Cloud e recursos relacionados. Para ser concedido no nível do recurso (domínio).

Contém três permissões de proprietário

managedidentities.backups*

managedidentities.backups.create
managedidentities.backups.delete
managedidentities.backups.get
managedidentities.backups.getIamPolicy
managedidentities.backups.list
managedidentities.backups.setIamPolicy
managedidentities.backups.update

managedidentities.domains.attachTrust

managedidentities.domains.checkMigrationPermission

managedidentities.domains.createTagBinding

managedidentities.domains.delete

managedidentities.domains.deleteTagBinding

managedidentities.domains.detachTrust

managedidentities.domains.disableMigration

managedidentity.domains.domainJoinMachine

managedidentities.domains.enableMigration

managedidentities.domains.extendSchema

managedidentities.domains.get

managedidentities.domains.getIamPolicy

managedidentities.domains.listEffectiveTags

managedidentities.domains.listTagBindings

managedidentities.domains.reconfigureTrust

managedidentities.domains.resetpassword

managedidentities.domains.restore

managedidentities.domains.update

managedidentities.domains.updateLDAPSSettings

managedidentities.domains.validateTrust

managedidentities.locations.*

managedidentities.locations.get
managedidentities.locations.list

managedidentities.operations.get

managedidentities.operations.list

managedidentities.sqlintegrations.*

managedidentities.sqlintegrations.get
managedidentities.sqlintegrations.list

resourcemanager.projects.get

resourcemanager.projects.list

Junção de domínios de identidades gerenciadas do Google Cloud ^Beta

(roles/managedidentities.domainJoin)

Acesso a VMs de ingresso de domínio com o Cloud AD

managedidentity.domains.domainJoinMachine

managedidentities.domains.get

Administrador de peering das identidades gerenciadas do Google Cloud

(roles/managedidentities.peeringAdmin)

Acesso total aos domínios de identidades gerenciadas do Google Cloud e recursos relacionados. Para ser concedido para envolvidos no projeto

Contém uma permissão de proprietário

managedidentities.locations.*

managedidentities.locations.get
managedidentities.locations.list

managedidentities.operations.*

managedidentities.operations.cancel
managedidentities.operations.delete
managedidentities.operations.get
managedidentities.operations.list

managedidentities.peerings.*

managedidentities.peerings.create
managedidentities.peerings.delete
managedidentities.peerings.get
managedidentities.peerings.getIamPolicy
managedidentities.peerings.list
managedidentities.peerings.setIamPolicy
managedidentities.peerings.update

resourcemanager.projects.get

resourcemanager.projects.list

Leitor de peering de identidades gerenciadas do Google Cloud

(roles/managedidentities.peeringViewer)

Acesso somente leitura ao peering de identidades gerenciadas do Google Cloud e aos recursos relacionados.

managedidentities.locations.*

managedidentities.locations.get
managedidentities.locations.list

managedidentities.operations.get

managedidentities.operations.list

managedidentities.peerings.get

managedidentities.peerings.getIamPolicy

managedidentities.peerings.list

resourcemanager.projects.get

resourcemanager.projects.list

Leitor de identidades gerenciadas do Google Cloud

(roles/managedidentities.viewer)

Acesso somente leitura aos domínios de identidades gerenciadas do Google Cloud e recursos relacionados.

managedidentities.backups.get

managedidentities.backups.getIamPolicy

managedidentities.backups.list

managedidentities.domains.get

managedidentities.domains.getIamPolicy

managedidentities.domains.list

managedidentities.domains.listEffectiveTags

managedidentities.domains.listTagBindings

managedidentities.locations.*

managedidentities.locations.get
managedidentities.locations.list

managedidentities.operations.get

managedidentities.operations.list

managedidentities.peerings.get

managedidentities.peerings.getIamPolicy

managedidentities.peerings.list

managedidentities.sqlintegrations.*

managedidentities.sqlintegrations.get
managedidentities.sqlintegrations.list

resourcemanager.projects.get

resourcemanager.projects.list

Para mais informações sobre papéis do IAM, consulte Noções básicas sobre papéis.

Controle de acesso com o IAM

Administrador de identidades gerenciadas do Google Cloud

Administrador de backup de identidades gerenciadas do Google Cloud

Leitor de backup de identidades gerenciadas do Google Cloud

Administrador de domínio das identidades gerenciadas do Google Cloud

Junção de domínios de identidades gerenciadas do Google Cloud Beta

Administrador de peering das identidades gerenciadas do Google Cloud

Leitor de peering de identidades gerenciadas do Google Cloud

Leitor de identidades gerenciadas do Google Cloud

Junção de domínios de identidades gerenciadas do Google Cloud ^Beta