Identity and Access Management (IAM) 角色介绍了如何使用 Managed Service for Microsoft Active Directory (Managed Microsoft AD) API。下面列出了一系列可用于代管式 Microsoft AD 的 IAM 角色及其可用的方法。
此外,服务帐号必须具有 servicemanagement.services.bind
权限才能查看和启用托管式 Microsoft AD。详细了解服务管理角色和权限。
角色 | 权限 |
---|---|
Google Cloud Managed Identities Admin( 拥有对 Google Cloud Managed Identities 网域及相关资源的完全访问权限。应在项目级层授予此角色。 包含 5 项所有者权限 |
managedidentities.*
resourcemanager.projects.get resourcemanager.projects.list |
Google Cloud Managed Identities Backup Admin( 拥有对 Google Cloud Managed Identities 备份及相关资源的完全访问权限。应在项目级层授予此角色 包含 1 项所有者权限 |
managedidentities.backups.*
managedidentities.domains.get managedidentities.locations.*
managedidentities.operations.*
resourcemanager.projects.get resourcemanager.projects.list |
Google Cloud Managed Identities Backup Viewer( 拥有对 Google Cloud Managed Identities 备份及相关资源的只读权限。 |
managedidentities.backups.get managedidentities. managedidentities.backups.list managedidentities.domains.get managedidentities.locations.*
managedidentities. managedidentities. resourcemanager.projects.get resourcemanager.projects.list |
Google Cloud Managed Identities Domain Admin( 拥有 Google Cloud Managed Identities 网域及相关资源的读取/更新/删除权限。应在资源(网域)级层授予此角色。 包含 3 项所有者权限 |
managedidentities.backups.*
managedidentities. managedidentities.
manage_accounts
managedidentities. managedidentities.
manage_accounts
managedidentities. managedidentities. managedidentities. managedidentities. managedidentities. managedidentities. managedidentities.domains.get managedidentities. managedidentities. managedidentities. managedidentities. managedidentities. managedidentities. managedidentities. managedidentities. managedidentities. managedidentities.locations.*
managedidentities. managedidentities.
managedidentities.
resourcemanager.projects.get resourcemanager.projects.list |
Google Cloud Managed Identities Domain Join Beta 版( 通过 Cloud AD 访问加入了网域的虚拟机 |
managedidentities. managedidentities.domains.get |
Google Cloud Managed Identities Peering Admin( 拥有对 Google Cloud Managed Identities 网域及相关资源的完全访问权限。应在项目级层授予此角色 包含 1 项所有者权限 |
managedidentities.locations.*
managedidentities.operations.*
managedidentities.peerings.*
resourcemanager.projects.get resourcemanager.projects.list |
Google Cloud Managed Identities Peering Viewer( 拥有对 Google Cloud Managed Identities 对等互连及相关资源的只读权限。 |
managedidentities.locations.*
managedidentities. managedidentities. managedidentities.peerings.get managedidentities. managedidentities. resourcemanager.projects.get resourcemanager.projects.list |
Google Cloud Managed Identities Viewer( 拥有对 Google Cloud Managed Identities 网域及相关资源的只读权限。 |
managedidentities.backups.get managedidentities. managedidentities.backups.list managedidentities.domains.get managedidentities. managedidentities.domains .list managedidentities. managedidentities. managedidentities.locations.*
managedidentities. managedidentities. managedidentities.peerings.get managedidentities. managedidentities.
managedidentities.
resourcemanager.projects.get resourcemanager.projects.list |
如需详细了解 IAM 角色,请参阅 了解角色。