Identity and Access Management (IAM) 角色介绍了如何使用 Managed Service for Microsoft Active Directory (Managed Microsoft AD) API。下面列出了一系列可用于代管式 Microsoft AD 的 IAM 角色及其可用的方法。
此外,服务帐号必须具有 servicemanagement.services.bind 权限才能查看和启用托管式 Microsoft AD。详细了解服务管理角色和权限。
角色
权限
Google Cloud Managed Identities Admin
(roles/managedidentities.admin)
拥有对 Google Cloud Managed Identities 网域及相关资源的完全访问权限。应在项目级层授予此角色。
managedidentities.*
resourcemanager.projects.get
resourcemanager.projects.list
Google Cloud Managed Identities Backup Admin
(roles/managedidentities.backupAdmin)
拥有对 Google Cloud Managed Identities 备份及相关资源的完全访问权限。应在项目级层授予此角色
managedidentities.backups.*
managedidentities.domains.get
managedidentities.locations.*
managedidentities.operations.*
resourcemanager.projects.get
resourcemanager.projects.list
Google Cloud Managed Identities Backup Viewer
(roles/managedidentities.backupViewer)
拥有对 Google Cloud Managed Identities 备份及相关资源的只读权限。
managedidentities.backups.get
managedidentities.backups.getIamPolicy
managedidentities.backups.list
managedidentities.domains.get
managedidentities.locations.*
managedidentities.operations.get
managedidentities.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
Google Cloud Managed Identities Domain Admin
(roles/managedidentities.domainAdmin)
拥有 Google Cloud Managed Identities 网域及相关资源的读取/更新/删除权限。应在资源(网域)级层授予此角色。
managedidentities.backups.*
managedidentities.domains.attachTrust
managedidentities.domains.createTagBinding
managedidentities.domains.delete
managedidentities.domains.deleteTagBinding
managedidentities.domains.detachTrust
managedidentities.domains.extendSchema
managedidentities.domains.get
managedidentities.domains.getIamPolicy
managedidentities.domains.listEffectiveTags
managedidentities.domains.listTagBindings
managedidentities.domains.reconfigureTrust
managedidentities.domains.resetpassword
managedidentities.domains.restore
managedidentities.domains.update
managedidentities.domains.updateLDAPSSettings
managedidentities.domains.validateTrust
managedidentities.locations.*
managedidentities.operations.get
managedidentities.operations.list
managedidentities.sqlintegrations.*
resourcemanager.projects.get
resourcemanager.projects.list
Google Cloud Managed Identities Domain Controller Operator
(roles/managedidentities.domaincontrollerOperator)
拥有代管式 AD 网域控制器的操作者访问权限
pubsub.schemas.attach
pubsub.schemas.create
pubsub.schemas.delete
pubsub.schemas.get
pubsub.schemas.list
pubsub.schemas.validate
pubsub.snapshots.create
pubsub.snapshots.delete
pubsub.snapshots.get
pubsub.snapshots.list
pubsub.snapshots.seek
pubsub.snapshots.update
pubsub.subscriptions.consume
pubsub.subscriptions.create
pubsub.subscriptions.delete
pubsub.subscriptions.get
pubsub.subscriptions.list
pubsub.subscriptions.update
pubsub.topics.attachSubscription
pubsub.topics.create
pubsub.topics.delete
pubsub.topics.detachSubscription
pubsub.topics.get
pubsub.topics.list
pubsub.topics.publish
pubsub.topics.update
pubsub.topics.updateTag
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
storage.objects.get
storage.objects.list
Google Cloud Managed Identities Peering Admin
(roles/managedidentities.peeringAdmin)
拥有对 Google Cloud Managed Identities 网域及相关资源的完全访问权限。应在项目级层授予此角色
managedidentities.locations.*
managedidentities.operations.*
managedidentities.peerings.*
resourcemanager.projects.get
resourcemanager.projects.list
Google Cloud Managed Identities Peering Viewer
(roles/managedidentities.peeringViewer)
拥有对 Google Cloud Managed Identities 对等互连及相关资源的只读权限。
managedidentities.locations.*
managedidentities.operations.get
managedidentities.operations.list
managedidentities.peerings.get
managedidentities.peerings.getIamPolicy
managedidentities.peerings.list
resourcemanager.projects.get
resourcemanager.projects.list
Google Cloud Managed Identities Viewer
(roles/managedidentities.viewer)