Identity and Access Management (IAM) 角色介绍了如何使用 Managed Service for Microsoft Active Directory (Managed Microsoft AD) API。下面列出了一系列可用于代管式 Microsoft AD 的 IAM 角色及其可用的方法。
此外,服务帐号必须具有 servicemanagement.services.bind
权限才能查看和启用托管式 Microsoft AD。详细了解服务管理角色和权限。
Role | Permissions |
---|---|
Google Cloud Managed Identities Admin( Full access to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a project-level. |
managedidentities.*
resourcemanager.projects.get resourcemanager.projects.list |
Google Cloud Managed Identities Backup Admin( Full access to Google Cloud Managed Identities Backup and related resources. Intended to be granted on a project-level |
managedidentities.backups.*
managedidentities.domains.get managedidentities.locations.*
managedidentities.operations.*
resourcemanager.projects.get resourcemanager.projects.list |
Google Cloud Managed Identities Backup Viewer( Read-only access to Google Cloud Managed Identities Backup and related resources. |
managedidentities.backups.get managedidentities. managedidentities.backups.list managedidentities.domains.get managedidentities.locations.*
managedidentities. managedidentities. resourcemanager.projects.get resourcemanager.projects.list |
Google Cloud Managed Identities Domain Admin( Read-Update-Delete to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a resource (domain) level. |
managedidentities.backups.*
managedidentities. managedidentities. managedidentities. managedidentities. managedidentities. managedidentities. managedidentities. managedidentities. managedidentities. managedidentities. managedidentities.domains.get managedidentities. managedidentities. managedidentities. managedidentities. managedidentities. managedidentities. managedidentities. managedidentities. managedidentities. managedidentities.locations.*
managedidentities. managedidentities.
managedidentities.
resourcemanager.projects.get resourcemanager.projects.list |
Google Cloud Managed Identities Domain Join Beta( Access to domain join VMs with Cloud AD |
managedidentities. managedidentities.domains.get |
Google Cloud Managed Identities Peering Admin( Full access to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a project-level |
managedidentities.locations.*
managedidentities.operations.*
managedidentities.peerings.*
resourcemanager.projects.get resourcemanager.projects.list |
Google Cloud Managed Identities Peering Viewer( Read-only access to Google Cloud Managed Identities Peering and related resources. |
managedidentities.locations.*
managedidentities. managedidentities. managedidentities.peerings.get managedidentities. managedidentities. resourcemanager.projects.get resourcemanager.projects.list |
Google Cloud Managed Identities Viewer( Read-only access to Google Cloud Managed Identities Domains and related resources. |
managedidentities.backups.get managedidentities. managedidentities.backups.list managedidentities.domains.get managedidentities. managedidentities.domains.list managedidentities. managedidentities. managedidentities.locations.*
managedidentities. managedidentities. managedidentities.peerings.get managedidentities. managedidentities.
managedidentities.
resourcemanager.projects.get resourcemanager.projects.list |
如需详细了解 IAM 角色,请参阅 了解角色。