Identity and Access Management (IAM) 角色介绍了如何使用 Managed Service for Microsoft Active Directory (Managed Microsoft AD) API。下面列出了一系列可用于代管式 Microsoft AD 的 IAM 角色及其可用的方法。
此外,服务帐号必须具有 servicemanagement.services.bind 权限才能查看和启用托管式 Microsoft AD。详细了解服务管理角色和权限。
角色
权限
Google Cloud Managed Identities Admin
(roles/managedidentities.admin)
拥有对 Google Cloud Managed Identities 网域及相关资源的完全访问权限。应在项目级层授予此角色。
managedidentities.*
resourcemanager.projects.get
resourcemanager.projects.list
Google Cloud Managed Identities Domain Admin
(roles/managedidentities.domainAdmin)
拥有 Google Cloud Managed Identities 网域及相关资源的读取/更新/删除权限。应在资源(网域)级层授予此角色。
managedidentities.domains.attachTrust
managedidentities.domains.delete
managedidentities.domains.detachTrust
managedidentities.domains.get
managedidentities.domains.getIamPolicy
managedidentities.domains.reconfigureTrust
managedidentities.domains.resetpassword
managedidentities.domains.update
managedidentities.domains.updateLDAPSSettings
managedidentities.domains.validateTrust
managedidentities.locations.*
managedidentities.operations.get
managedidentities.operations.list
managedidentities.sqlintegrations.*
resourcemanager.projects.get
resourcemanager.projects.list
Google Cloud Managed Identities Peering AdminBeta 版
(roles/managedidentities.peeringAdmin)
拥有对 Google Cloud Managed Identities 网域及相关资源的完全访问权限。应在项目级层授予此角色
managedidentities.locations.*
managedidentities.operations.*
managedidentities.peerings.*
resourcemanager.projects.get
resourcemanager.projects.list
Google Cloud Managed Identities Peering ViewerBeta 版
(roles/managedidentities.peeringViewer)
拥有对 Google Cloud Managed Identities 对等互连及相关资源的只读权限。
managedidentities.locations.*
managedidentities.operations.get
managedidentities.operations.list
managedidentities.peerings.get
managedidentities.peerings.getIamPolicy
managedidentities.peerings.list
resourcemanager.projects.get
resourcemanager.projects.list
Google Cloud Managed Identities Viewer
(roles/managedidentities.viewer)
