访问权限控制

Identity and Access Management (IAM) 角色介绍了如何使用 Managed Service for Microsoft Active Directory (Managed Microsoft AD) API。下面列出了一系列可用于代管式 Microsoft AD 的 IAM 角色及其可用的方法。

此外,服务帐号必须具有 servicemanagement.services.bind 权限才能查看和启用托管式 Microsoft AD。详细了解服务管理角色和权限

角色 名称 说明 权限 最低资源要求
roles/managedidentities.admin Google Cloud Managed Identities Admin 拥有对 Google Cloud Managed Identities 网域及相关资源的完整访问权限。应在项目级层授予此角色。
  • managedidentities.*
  • resourcemanager.projects.get
  • resourcemanager.projects.list
roles/managedidentities.domainAdmin Google Cloud Managed Identities Domain Admin 拥有 Google Cloud Managed Identities 网域及相关资源的读取/更新/删除权限。应在资源(网域)级层授予此角色。
  • managedidentities.domains.attachTrust
  • managedidentities.domains.delete
  • managedidentities.domains.detachTrust
  • managedidentities.domains.get
  • managedidentities.domains.getIamPolicy
  • managedidentities.domains.reconfigureTrust
  • managedidentities.domains.resetpassword
  • managedidentities.domains.update
  • managedidentities.domains.updateLDAPSSettings
  • managedidentities.domains.validateTrust
  • managedidentities.locations.*
  • managedidentities.operations.get
  • managedidentities.operations.list
  • resourcemanager.projects.get
  • resourcemanager.projects.list
roles/managedidentities.viewer Google Cloud Managed Identities Viewer 拥有对 Google Cloud Managed Identities 网域及相关资源的只读权限。
  • managedidentities.domains.get
  • managedidentities.domains.getIamPolicy
  • managedidentities.domains .list
  • managedidentities.locations.*
  • managedidentities.operations.get
  • managedidentities.operations.list
  • resourcemanager.projects.get
  • resourcemanager.projects.list

如需详细了解 IAM 角色,请参阅 了解角色