访问权限控制

Identity and Access Management (IAM) 角色介绍了如何使用 Managed Service for Microsoft Active Directory (Managed Microsoft AD) API。下面列出了一系列可用于代管式 Microsoft AD 的 IAM 角色及其可用的方法。

此外,服务帐号必须具有 servicemanagement.services.bind 权限才能查看和启用托管式 Microsoft AD。详细了解服务管理角色和权限

角色 权限

Google Cloud Managed Identities Admin
(roles/managedidentities.admin)

拥有对 Google Cloud Managed Identities 网域及相关资源的完全访问权限。应在项目级层授予此角色。

  • managedidentities.*
  • resourcemanager.projects.get
  • resourcemanager.projects.list

Google Cloud Managed Identities Domain Admin
(roles/managedidentities.domainAdmin)

拥有 Google Cloud Managed Identities 网域及相关资源的读取/更新/删除权限。应在资源(网域)级层授予此角色。

  • managedidentities.domains.attachTrust
  • managedidentities.domains.delete
  • managedidentities.domains.detachTrust
  • managedidentities.domains.get
  • managedidentities.domains.getIamPolicy
  • managedidentities.domains.reconfigureTrust
  • managedidentities.domains.resetpassword
  • managedidentities.domains.update
  • managedidentities.domains.updateLDAPSSettings
  • managedidentities.domains.validateTrust
  • managedidentities.locations.*
  • managedidentities.operations.get
  • managedidentities.operations.list
  • managedidentities.sqlintegrations.*
  • resourcemanager.projects.get
  • resourcemanager.projects.list

Google Cloud Managed Identities Peering Admin Beta 版
(roles/managedidentities.peeringAdmin)

拥有对 Google Cloud Managed Identities 网域及相关资源的完全访问权限。应在项目级层授予此角色

  • managedidentities.locations.*
  • managedidentities.operations.*
  • managedidentities.peerings.*
  • resourcemanager.projects.get
  • resourcemanager.projects.list

Google Cloud Managed Identities Peering Viewer Beta 版
(roles/managedidentities.peeringViewer)

拥有对 Google Cloud Managed Identities 对等互连及相关资源的只读权限。

  • managedidentities.locations.*
  • managedidentities.operations.get
  • managedidentities.operations.list
  • managedidentities.peerings.get
  • managedidentities.peerings.getIamPolicy
  • managedidentities.peerings.list
  • resourcemanager.projects.get
  • resourcemanager.projects.list

Google Cloud Managed Identities Viewer
(roles/managedidentities.viewer)

拥有对 Google Cloud Managed Identities 网域及相关资源的只读权限。

  • managedidentities.domains.get
  • managedidentities.domains.getIamPolicy
  • managedidentities.domains .list
  • managedidentities.locations.*
  • managedidentities.operations.get
  • managedidentities.operations.list
  • managedidentities.peerings.get
  • managedidentities.peerings.getIamPolicy
  • managedidentities.peerings.list
  • managedidentities.sqlintegrations.*
  • resourcemanager.projects.get
  • resourcemanager.projects.list

如需详细了解 IAM 角色,请参阅 了解角色