Diese Seite wurde von der Cloud Translation API übersetzt.

IAM für Bare-Metal-Lösung konfigurieren

Wenn Sie möchten, dass ein Hauptkonto, z. B. ein Google Cloud -Nutzer oder ein Dienstkonto, Zugriff auf die Ressourcen in Ihrer Bare-Metal-Lösungsumgebung erhält, müssen Sie ihm die entsprechenden Rollen und Berechtigungen erteilen. Wenn Sie Zugriff gewähren möchten, können Sie eine IAM-Richtlinie (Identity and Access Management) erstellen und vordefinierte Rollen speziell für die Bare-Metal-Lösung zuweisen.

Gewähren Sie Rollen mit ausreichenden Berechtigungen, damit Ihre Hauptkonten ihre Aufgabe erfüllen können, aber nicht mehr, damit Sie das Google CloudSicherheitsprinzip der geringsten Berechtigung befolgen können.

Vordefinierte Rollen für die Bare-Metal-Lösung

Jede IAM-Rolle für die Bare-Metal-Lösung enthält Berechtigungen, die dem Hauptkonto Zugriff auf bestimmte Ressourcen gewähren, wie in der folgenden Tabelle dargestellt.

Role Permissions

Role	Permissions
Bare Metal Solution Admin (`roles/baremetalsolution.admin`) Administrator of Bare Metal Solution resources	`baremetalsolution.instancequotas.list` `baremetalsolution.instances.` `baremetalsolution.instances.attachNetwork` `baremetalsolution.instances.attachVolume` `baremetalsolution.instances.create` `baremetalsolution.instances.detachLun` `baremetalsolution.instances.detachNetwork` `baremetalsolution.instances.detachVolume` `baremetalsolution.instances.disableInteractiveSerialConsole` `baremetalsolution.instances.enableInteractiveSerialConsole` `baremetalsolution.instances.get` `baremetalsolution.instances.list` `baremetalsolution.instances.rename` `baremetalsolution.instances.reset` `baremetalsolution.instances.start` `baremetalsolution.instances.stop` `baremetalsolution.instances.update` `baremetalsolution.luns.` `baremetalsolution.luns.create` `baremetalsolution.luns.delete` `baremetalsolution.luns.evict` `baremetalsolution.luns.get` `baremetalsolution.luns.list` `baremetalsolution.luns.update` `baremetalsolution.maintenanceevents.` `baremetalsolution.maintenanceevents.addProposal` `baremetalsolution.maintenanceevents.approve` `baremetalsolution.maintenanceevents.get` `baremetalsolution.maintenanceevents.list` `baremetalsolution.networkquotas.list` `baremetalsolution.networks.` `baremetalsolution.networks.create` `baremetalsolution.networks.delete` `baremetalsolution.networks.get` `baremetalsolution.networks.list` `baremetalsolution.networks.rename` `baremetalsolution.networks.update` `baremetalsolution.nfsshares.` `baremetalsolution.nfsshares.create` `baremetalsolution.nfsshares.delete` `baremetalsolution.nfsshares.get` `baremetalsolution.nfsshares.list` `baremetalsolution.nfsshares.rename` `baremetalsolution.nfsshares.update` `baremetalsolution.operations.get` `baremetalsolution.osimages.list` `baremetalsolution.pods.list` `baremetalsolution.procurements.get` `baremetalsolution.procurements.list` `baremetalsolution.skus.list` `baremetalsolution.snapshotschedulepolicies.` `baremetalsolution.snapshotschedulepolicies.create` `baremetalsolution.snapshotschedulepolicies.delete` `baremetalsolution.snapshotschedulepolicies.get` `baremetalsolution.snapshotschedulepolicies.list` `baremetalsolution.snapshotschedulepolicies.update` `baremetalsolution.sshKeys.` `baremetalsolution.sshKeys.create` `baremetalsolution.sshKeys.delete` `baremetalsolution.sshKeys.list` `baremetalsolution.storageaggregatepools.list` `baremetalsolution.volumequotas.list` `baremetalsolution.volumes.` `baremetalsolution.volumes.create` `baremetalsolution.volumes.delete` `baremetalsolution.volumes.evict` `baremetalsolution.volumes.get` `baremetalsolution.volumes.list` `baremetalsolution.volumes.rename` `baremetalsolution.volumes.resize` `baremetalsolution.volumes.update` `baremetalsolution.volumesnapshots.*` `baremetalsolution.volumesnapshots.create` `baremetalsolution.volumesnapshots.delete` `baremetalsolution.volumesnapshots.get` `baremetalsolution.volumesnapshots.list` `baremetalsolution.volumesnapshots.restore` `resourcemanager.projects.get` `resourcemanager.projects.list`
Bare Metal Solution Editor (`roles/baremetalsolution.editor`) Editor of Bare Metal Solution resources	`baremetalsolution.instancequotas.list` `baremetalsolution.instances.` `baremetalsolution.instances.attachNetwork` `baremetalsolution.instances.attachVolume` `baremetalsolution.instances.create` `baremetalsolution.instances.detachLun` `baremetalsolution.instances.detachNetwork` `baremetalsolution.instances.detachVolume` `baremetalsolution.instances.disableInteractiveSerialConsole` `baremetalsolution.instances.enableInteractiveSerialConsole` `baremetalsolution.instances.get` `baremetalsolution.instances.list` `baremetalsolution.instances.rename` `baremetalsolution.instances.reset` `baremetalsolution.instances.start` `baremetalsolution.instances.stop` `baremetalsolution.instances.update` `baremetalsolution.luns.` `baremetalsolution.luns.create` `baremetalsolution.luns.delete` `baremetalsolution.luns.evict` `baremetalsolution.luns.get` `baremetalsolution.luns.list` `baremetalsolution.luns.update` `baremetalsolution.maintenanceevents.` `baremetalsolution.maintenanceevents.addProposal` `baremetalsolution.maintenanceevents.approve` `baremetalsolution.maintenanceevents.get` `baremetalsolution.maintenanceevents.list` `baremetalsolution.networkquotas.list` `baremetalsolution.networks.` `baremetalsolution.networks.create` `baremetalsolution.networks.delete` `baremetalsolution.networks.get` `baremetalsolution.networks.list` `baremetalsolution.networks.rename` `baremetalsolution.networks.update` `baremetalsolution.nfsshares.` `baremetalsolution.nfsshares.create` `baremetalsolution.nfsshares.delete` `baremetalsolution.nfsshares.get` `baremetalsolution.nfsshares.list` `baremetalsolution.nfsshares.rename` `baremetalsolution.nfsshares.update` `baremetalsolution.operations.get` `baremetalsolution.osimages.list` `baremetalsolution.pods.list` `baremetalsolution.procurements.get` `baremetalsolution.procurements.list` `baremetalsolution.skus.list` `baremetalsolution.snapshotschedulepolicies.` `baremetalsolution.snapshotschedulepolicies.create` `baremetalsolution.snapshotschedulepolicies.delete` `baremetalsolution.snapshotschedulepolicies.get` `baremetalsolution.snapshotschedulepolicies.list` `baremetalsolution.snapshotschedulepolicies.update` `baremetalsolution.sshKeys.` `baremetalsolution.sshKeys.create` `baremetalsolution.sshKeys.delete` `baremetalsolution.sshKeys.list` `baremetalsolution.storageaggregatepools.list` `baremetalsolution.volumequotas.list` `baremetalsolution.volumes.` `baremetalsolution.volumes.create` `baremetalsolution.volumes.delete` `baremetalsolution.volumes.evict` `baremetalsolution.volumes.get` `baremetalsolution.volumes.list` `baremetalsolution.volumes.rename` `baremetalsolution.volumes.resize` `baremetalsolution.volumes.update` `baremetalsolution.volumesnapshots.*` `baremetalsolution.volumesnapshots.create` `baremetalsolution.volumesnapshots.delete` `baremetalsolution.volumesnapshots.get` `baremetalsolution.volumesnapshots.list` `baremetalsolution.volumesnapshots.restore` `resourcemanager.projects.get` `resourcemanager.projects.list`
Bare Metal Solution Instances Admin (`roles/baremetalsolution.instancesadmin`) Admin of Bare Metal Solution Instance resources	`baremetalsolution.instances.*` `baremetalsolution.instances.attachNetwork` `baremetalsolution.instances.attachVolume` `baremetalsolution.instances.create` `baremetalsolution.instances.detachLun` `baremetalsolution.instances.detachNetwork` `baremetalsolution.instances.detachVolume` `baremetalsolution.instances.disableInteractiveSerialConsole` `baremetalsolution.instances.enableInteractiveSerialConsole` `baremetalsolution.instances.get` `baremetalsolution.instances.list` `baremetalsolution.instances.rename` `baremetalsolution.instances.reset` `baremetalsolution.instances.start` `baremetalsolution.instances.stop` `baremetalsolution.instances.update` `baremetalsolution.operations.get` `baremetalsolution.osimages.list` `baremetalsolution.pods.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Bare Metal Solution Instances Viewer (`roles/baremetalsolution.instancesviewer`) Viewer of Bare Metal Solution Instance resources	`baremetalsolution.instancequotas.list` `baremetalsolution.instances.get` `baremetalsolution.instances.list` `baremetalsolution.operations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Luns Admin (`roles/baremetalsolution.lunsadmin`) Administrator of Bare Metal Solution Lun resources	`baremetalsolution.luns.get` `baremetalsolution.luns.list` `baremetalsolution.operations.get`
Luns Viewer (`roles/baremetalsolution.lunsviewer`) Viewer of Bare Metal Solution Lun resources	`baremetalsolution.luns.get` `baremetalsolution.luns.list` `baremetalsolution.operations.get`
Maintenance Events Admin (`roles/baremetalsolution.maintenanceeventsadmin`) Administrator of Bare Metal Solution maintenance events resources	`baremetalsolution.maintenanceevents.*` `baremetalsolution.maintenanceevents.addProposal` `baremetalsolution.maintenanceevents.approve` `baremetalsolution.maintenanceevents.get` `baremetalsolution.maintenanceevents.list`
Maintenance Events Editor (`roles/baremetalsolution.maintenanceeventseditor`) Editor of Bare Metal Solution maintenance events resources	`baremetalsolution.maintenanceevents.*` `baremetalsolution.maintenanceevents.addProposal` `baremetalsolution.maintenanceevents.approve` `baremetalsolution.maintenanceevents.get` `baremetalsolution.maintenanceevents.list`
Maintenance Events Viewer (`roles/baremetalsolution.maintenanceeventsviewer`) Viewer of Bare Metal Solution maintenance events resources	`baremetalsolution.maintenanceevents.get` `baremetalsolution.maintenanceevents.list`
Networks Admin (`roles/baremetalsolution.networksadmin`) Admin of Bare Metal Solution networks resources	`baremetalsolution.networkquotas.list` `baremetalsolution.networks.*` `baremetalsolution.networks.create` `baremetalsolution.networks.delete` `baremetalsolution.networks.get` `baremetalsolution.networks.list` `baremetalsolution.networks.rename` `baremetalsolution.networks.update` `baremetalsolution.operations.get` `baremetalsolution.pods.list`
NFS Shares Admin (`roles/baremetalsolution.nfssharesadmin`) Administrator of Bare Metal Solution NFS Share resources	`baremetalsolution.nfsshares.*` `baremetalsolution.nfsshares.create` `baremetalsolution.nfsshares.delete` `baremetalsolution.nfsshares.get` `baremetalsolution.nfsshares.list` `baremetalsolution.nfsshares.rename` `baremetalsolution.nfsshares.update` `baremetalsolution.operations.get` `baremetalsolution.pods.list`
NFS Shares Editor (`roles/baremetalsolution.nfsshareseditor`) Editor of Bare Metal Solution NFS Share resources	`baremetalsolution.nfsshares.*` `baremetalsolution.nfsshares.create` `baremetalsolution.nfsshares.delete` `baremetalsolution.nfsshares.get` `baremetalsolution.nfsshares.list` `baremetalsolution.nfsshares.rename` `baremetalsolution.nfsshares.update` `baremetalsolution.operations.get` `baremetalsolution.pods.list`
NFS Shares Viewer (`roles/baremetalsolution.nfssharesviewer`) Viewer of Bare Metal Solution NFS Share resources	`baremetalsolution.nfsshares.get` `baremetalsolution.nfsshares.list` `baremetalsolution.operations.get`
OS Images Viewer (`roles/baremetalsolution.osimagesviewer`) Viewer of Bare Metal Solution OS images resources	`baremetalsolution.osimages.list`
Bare Metal Solution Procurements Admin (`roles/baremetalsolution.procurementsadmin`) Administrator of Bare Metal Solution Procurements	`baremetalsolution.pods.list` `baremetalsolution.procurements.*` `baremetalsolution.procurements.create` `baremetalsolution.procurements.get` `baremetalsolution.procurements.list` `baremetalsolution.skus.list`
Bare Metal Solution Procurements Editor (`roles/baremetalsolution.procurementseditor`) Editor of Bare Metal Solution Procurements	`baremetalsolution.pods.list` `baremetalsolution.procurements.*` `baremetalsolution.procurements.create` `baremetalsolution.procurements.get` `baremetalsolution.procurements.list` `baremetalsolution.skus.list`
Bare Metal Solution Procurements Viewer (`roles/baremetalsolution.procurementsviewer`) Viewer of Bare Metal Solution Procurements	`baremetalsolution.procurements.get` `baremetalsolution.procurements.list` `baremetalsolution.skus.list`
Bare Metal Solution Service Agent (`roles/baremetalsolution.serviceAgent`) Gives permission to manage network resources such as interconnect pairing keys, required for Bare Metal Solution. Warning: Do not grant service agent roles to any principals except service agents.	`compute.interconnectAttachments.get` `compute.interconnectAttachments.list` `compute.interconnects.get` `compute.interconnects.list` `compute.networks.get` `compute.networks.list` `compute.projects.get` `resourcemanager.projects.get`
Bare Metal Solution Storage Admin (`roles/baremetalsolution.storageadmin`) Administrator of Bare Metal Solution storage resources	`baremetalsolution.luns.` `baremetalsolution.luns.create` `baremetalsolution.luns.delete` `baremetalsolution.luns.evict` `baremetalsolution.luns.get` `baremetalsolution.luns.list` `baremetalsolution.luns.update` `baremetalsolution.nfsshares.` `baremetalsolution.nfsshares.create` `baremetalsolution.nfsshares.delete` `baremetalsolution.nfsshares.get` `baremetalsolution.nfsshares.list` `baremetalsolution.nfsshares.rename` `baremetalsolution.nfsshares.update` `baremetalsolution.operations.get` `baremetalsolution.pods.list` `baremetalsolution.snapshotschedulepolicies.` `baremetalsolution.snapshotschedulepolicies.create` `baremetalsolution.snapshotschedulepolicies.delete` `baremetalsolution.snapshotschedulepolicies.get` `baremetalsolution.snapshotschedulepolicies.list` `baremetalsolution.snapshotschedulepolicies.update` `baremetalsolution.storageaggregatepools.list` `baremetalsolution.volumequotas.list` `baremetalsolution.volumes.` `baremetalsolution.volumes.create` `baremetalsolution.volumes.delete` `baremetalsolution.volumes.evict` `baremetalsolution.volumes.get` `baremetalsolution.volumes.list` `baremetalsolution.volumes.rename` `baremetalsolution.volumes.resize` `baremetalsolution.volumes.update` `baremetalsolution.volumesnapshots.*` `baremetalsolution.volumesnapshots.create` `baremetalsolution.volumesnapshots.delete` `baremetalsolution.volumesnapshots.get` `baremetalsolution.volumesnapshots.list` `baremetalsolution.volumesnapshots.restore` `resourcemanager.projects.get` `resourcemanager.projects.list`
Bare Metal Solution Viewer (`roles/baremetalsolution.viewer`) Viewer of Bare Metal Solution resources	`baremetalsolution.instancequotas.list` `baremetalsolution.instances.get` `baremetalsolution.instances.list` `baremetalsolution.luns.get` `baremetalsolution.luns.list` `baremetalsolution.maintenanceevents.get` `baremetalsolution.maintenanceevents.list` `baremetalsolution.networkquotas.list` `baremetalsolution.networks.get` `baremetalsolution.networks.list` `baremetalsolution.nfsshares.get` `baremetalsolution.nfsshares.list` `baremetalsolution.operations.get` `baremetalsolution.osimages.list` `baremetalsolution.pods.list` `baremetalsolution.procurements.get` `baremetalsolution.procurements.list` `baremetalsolution.skus.list` `baremetalsolution.snapshotschedulepolicies.get` `baremetalsolution.snapshotschedulepolicies.list` `baremetalsolution.sshKeys.list` `baremetalsolution.storageaggregatepools.list` `baremetalsolution.volumequotas.list` `baremetalsolution.volumes.get` `baremetalsolution.volumes.list` `baremetalsolution.volumesnapshots.get` `baremetalsolution.volumesnapshots.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Volume Admin (`roles/baremetalsolution.volumesadmin`) Administrator of Bare Metal Solution volume resources	`baremetalsolution.operations.get` `baremetalsolution.pods.list` `baremetalsolution.volumes.*` `baremetalsolution.volumes.create` `baremetalsolution.volumes.delete` `baremetalsolution.volumes.evict` `baremetalsolution.volumes.get` `baremetalsolution.volumes.list` `baremetalsolution.volumes.rename` `baremetalsolution.volumes.resize` `baremetalsolution.volumes.update`
Volumes Editor (`roles/baremetalsolution.volumeseditor`) Editor of Bare Metal Solution volumes resources	`baremetalsolution.operations.get` `baremetalsolution.pods.list` `baremetalsolution.volumequotas.list` `baremetalsolution.volumes.create` `baremetalsolution.volumes.delete` `baremetalsolution.volumes.get` `baremetalsolution.volumes.list` `baremetalsolution.volumes.rename` `baremetalsolution.volumes.resize` `baremetalsolution.volumes.update`
Snapshots Admin (`roles/baremetalsolution.volumesnapshotsadmin`) Administrator of Bare Metal Solution snapshots resources	`baremetalsolution.operations.get` `baremetalsolution.volumesnapshots.*` `baremetalsolution.volumesnapshots.create` `baremetalsolution.volumesnapshots.delete` `baremetalsolution.volumesnapshots.get` `baremetalsolution.volumesnapshots.list` `baremetalsolution.volumesnapshots.restore`
Snapshots Editor (`roles/baremetalsolution.volumesnapshotseditor`) Editor of Bare Metal Solution snapshots resources	`baremetalsolution.operations.get` `baremetalsolution.volumesnapshots.create` `baremetalsolution.volumesnapshots.delete` `baremetalsolution.volumesnapshots.get` `baremetalsolution.volumesnapshots.list`
Snapshots Viewer (`roles/baremetalsolution.volumesnapshotsviewer`) Viewer of Bare Metal Solution snapshots resources	`baremetalsolution.operations.get` `baremetalsolution.volumesnapshots.get` `baremetalsolution.volumesnapshots.list`
Volumes Viewer (`roles/baremetalsolution.volumessviewer`) Viewer of Bare Metal Solution volumes resources	`baremetalsolution.operations.get` `baremetalsolution.volumes.get` `baremetalsolution.volumes.list`

Bare Metal Solution Admin

(roles/baremetalsolution.admin)

Administrator of Bare Metal Solution resources

baremetalsolution.instancequotas.list

baremetalsolution.instances.*

baremetalsolution.instances.attachNetwork
baremetalsolution.instances.attachVolume
baremetalsolution.instances.create
baremetalsolution.instances.detachLun
baremetalsolution.instances.detachNetwork
baremetalsolution.instances.detachVolume
baremetalsolution.instances.disableInteractiveSerialConsole
baremetalsolution.instances.enableInteractiveSerialConsole
baremetalsolution.instances.get
baremetalsolution.instances.list
baremetalsolution.instances.rename
baremetalsolution.instances.reset
baremetalsolution.instances.start
baremetalsolution.instances.stop
baremetalsolution.instances.update

baremetalsolution.luns.*

baremetalsolution.luns.create
baremetalsolution.luns.delete
baremetalsolution.luns.evict
baremetalsolution.luns.get
baremetalsolution.luns.list
baremetalsolution.luns.update

baremetalsolution.maintenanceevents.*

baremetalsolution.maintenanceevents.addProposal
baremetalsolution.maintenanceevents.approve
baremetalsolution.maintenanceevents.get
baremetalsolution.maintenanceevents.list

baremetalsolution.networkquotas.list

baremetalsolution.networks.*

baremetalsolution.networks.create
baremetalsolution.networks.delete
baremetalsolution.networks.get
baremetalsolution.networks.list
baremetalsolution.networks.rename
baremetalsolution.networks.update

baremetalsolution.nfsshares.*

baremetalsolution.nfsshares.create
baremetalsolution.nfsshares.delete
baremetalsolution.nfsshares.get
baremetalsolution.nfsshares.list
baremetalsolution.nfsshares.rename
baremetalsolution.nfsshares.update

baremetalsolution.operations.get

baremetalsolution.osimages.list

baremetalsolution.pods.list

baremetalsolution.procurements.get

baremetalsolution.procurements.list

baremetalsolution.skus.list

baremetalsolution.snapshotschedulepolicies.*

baremetalsolution.snapshotschedulepolicies.create
baremetalsolution.snapshotschedulepolicies.delete
baremetalsolution.snapshotschedulepolicies.get
baremetalsolution.snapshotschedulepolicies.list
baremetalsolution.snapshotschedulepolicies.update

baremetalsolution.sshKeys.*

baremetalsolution.sshKeys.create
baremetalsolution.sshKeys.delete
baremetalsolution.sshKeys.list

baremetalsolution.storageaggregatepools.list

baremetalsolution.volumequotas.list

baremetalsolution.volumes.*

baremetalsolution.volumes.create
baremetalsolution.volumes.delete
baremetalsolution.volumes.evict
baremetalsolution.volumes.get
baremetalsolution.volumes.list
baremetalsolution.volumes.rename
baremetalsolution.volumes.resize
baremetalsolution.volumes.update

baremetalsolution.volumesnapshots.*

baremetalsolution.volumesnapshots.create
baremetalsolution.volumesnapshots.delete
baremetalsolution.volumesnapshots.get
baremetalsolution.volumesnapshots.list
baremetalsolution.volumesnapshots.restore

resourcemanager.projects.get

resourcemanager.projects.list

Bare Metal Solution Editor

(roles/baremetalsolution.editor)

Editor of Bare Metal Solution resources

baremetalsolution.instancequotas.list

baremetalsolution.instances.*

baremetalsolution.instances.attachNetwork
baremetalsolution.instances.attachVolume
baremetalsolution.instances.create
baremetalsolution.instances.detachLun
baremetalsolution.instances.detachNetwork
baremetalsolution.instances.detachVolume
baremetalsolution.instances.disableInteractiveSerialConsole
baremetalsolution.instances.enableInteractiveSerialConsole
baremetalsolution.instances.get
baremetalsolution.instances.list
baremetalsolution.instances.rename
baremetalsolution.instances.reset
baremetalsolution.instances.start
baremetalsolution.instances.stop
baremetalsolution.instances.update

baremetalsolution.luns.*

baremetalsolution.luns.create
baremetalsolution.luns.delete
baremetalsolution.luns.evict
baremetalsolution.luns.get
baremetalsolution.luns.list
baremetalsolution.luns.update

baremetalsolution.maintenanceevents.*

baremetalsolution.maintenanceevents.addProposal
baremetalsolution.maintenanceevents.approve
baremetalsolution.maintenanceevents.get
baremetalsolution.maintenanceevents.list

baremetalsolution.networkquotas.list

baremetalsolution.networks.*

baremetalsolution.networks.create
baremetalsolution.networks.delete
baremetalsolution.networks.get
baremetalsolution.networks.list
baremetalsolution.networks.rename
baremetalsolution.networks.update

baremetalsolution.nfsshares.*

baremetalsolution.nfsshares.create
baremetalsolution.nfsshares.delete
baremetalsolution.nfsshares.get
baremetalsolution.nfsshares.list
baremetalsolution.nfsshares.rename
baremetalsolution.nfsshares.update

baremetalsolution.operations.get

baremetalsolution.osimages.list

baremetalsolution.pods.list

baremetalsolution.procurements.get

baremetalsolution.procurements.list

baremetalsolution.skus.list

baremetalsolution.snapshotschedulepolicies.*

baremetalsolution.snapshotschedulepolicies.create
baremetalsolution.snapshotschedulepolicies.delete
baremetalsolution.snapshotschedulepolicies.get
baremetalsolution.snapshotschedulepolicies.list
baremetalsolution.snapshotschedulepolicies.update

baremetalsolution.sshKeys.*

baremetalsolution.sshKeys.create
baremetalsolution.sshKeys.delete
baremetalsolution.sshKeys.list

baremetalsolution.storageaggregatepools.list

baremetalsolution.volumequotas.list

baremetalsolution.volumes.*

baremetalsolution.volumes.create
baremetalsolution.volumes.delete
baremetalsolution.volumes.evict
baremetalsolution.volumes.get
baremetalsolution.volumes.list
baremetalsolution.volumes.rename
baremetalsolution.volumes.resize
baremetalsolution.volumes.update

baremetalsolution.volumesnapshots.*

baremetalsolution.volumesnapshots.create
baremetalsolution.volumesnapshots.delete
baremetalsolution.volumesnapshots.get
baremetalsolution.volumesnapshots.list
baremetalsolution.volumesnapshots.restore

resourcemanager.projects.get

resourcemanager.projects.list

Bare Metal Solution Instances Admin

(roles/baremetalsolution.instancesadmin)

Admin of Bare Metal Solution Instance resources

baremetalsolution.instances.*

baremetalsolution.instances.attachNetwork
baremetalsolution.instances.attachVolume
baremetalsolution.instances.create
baremetalsolution.instances.detachLun
baremetalsolution.instances.detachNetwork
baremetalsolution.instances.detachVolume
baremetalsolution.instances.disableInteractiveSerialConsole
baremetalsolution.instances.enableInteractiveSerialConsole
baremetalsolution.instances.get
baremetalsolution.instances.list
baremetalsolution.instances.rename
baremetalsolution.instances.reset
baremetalsolution.instances.start
baremetalsolution.instances.stop
baremetalsolution.instances.update

baremetalsolution.operations.get

baremetalsolution.osimages.list

baremetalsolution.pods.list

resourcemanager.projects.get

resourcemanager.projects.list

Bare Metal Solution Instances Viewer

(roles/baremetalsolution.instancesviewer)

Viewer of Bare Metal Solution Instance resources

baremetalsolution.instancequotas.list

baremetalsolution.instances.get

baremetalsolution.instances.list

baremetalsolution.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Luns Admin

(roles/baremetalsolution.lunsadmin)

Administrator of Bare Metal Solution Lun resources

baremetalsolution.luns.get

baremetalsolution.luns.list

baremetalsolution.operations.get

Luns Viewer

(roles/baremetalsolution.lunsviewer)

Viewer of Bare Metal Solution Lun resources

baremetalsolution.luns.get

baremetalsolution.luns.list

baremetalsolution.operations.get

Maintenance Events Admin

(roles/baremetalsolution.maintenanceeventsadmin)

Administrator of Bare Metal Solution maintenance events resources

baremetalsolution.maintenanceevents.*

baremetalsolution.maintenanceevents.addProposal
baremetalsolution.maintenanceevents.approve
baremetalsolution.maintenanceevents.get
baremetalsolution.maintenanceevents.list

Maintenance Events Editor

(roles/baremetalsolution.maintenanceeventseditor)

Editor of Bare Metal Solution maintenance events resources

baremetalsolution.maintenanceevents.*

baremetalsolution.maintenanceevents.addProposal
baremetalsolution.maintenanceevents.approve
baremetalsolution.maintenanceevents.get
baremetalsolution.maintenanceevents.list

Maintenance Events Viewer

(roles/baremetalsolution.maintenanceeventsviewer)

Viewer of Bare Metal Solution maintenance events resources

baremetalsolution.maintenanceevents.get

baremetalsolution.maintenanceevents.list

Networks Admin

(roles/baremetalsolution.networksadmin)

Admin of Bare Metal Solution networks resources

baremetalsolution.networkquotas.list

baremetalsolution.networks.*

baremetalsolution.networks.create
baremetalsolution.networks.delete
baremetalsolution.networks.get
baremetalsolution.networks.list
baremetalsolution.networks.rename
baremetalsolution.networks.update

baremetalsolution.operations.get

baremetalsolution.pods.list

NFS Shares Admin

(roles/baremetalsolution.nfssharesadmin)

Administrator of Bare Metal Solution NFS Share resources

baremetalsolution.nfsshares.*

baremetalsolution.nfsshares.create
baremetalsolution.nfsshares.delete
baremetalsolution.nfsshares.get
baremetalsolution.nfsshares.list
baremetalsolution.nfsshares.rename
baremetalsolution.nfsshares.update

baremetalsolution.operations.get

baremetalsolution.pods.list

NFS Shares Editor

(roles/baremetalsolution.nfsshareseditor)

Editor of Bare Metal Solution NFS Share resources

baremetalsolution.nfsshares.*

baremetalsolution.nfsshares.create
baremetalsolution.nfsshares.delete
baremetalsolution.nfsshares.get
baremetalsolution.nfsshares.list
baremetalsolution.nfsshares.rename
baremetalsolution.nfsshares.update

baremetalsolution.operations.get

baremetalsolution.pods.list

NFS Shares Viewer

(roles/baremetalsolution.nfssharesviewer)

Viewer of Bare Metal Solution NFS Share resources

baremetalsolution.nfsshares.get

baremetalsolution.nfsshares.list

baremetalsolution.operations.get

OS Images Viewer

(roles/baremetalsolution.osimagesviewer)

Viewer of Bare Metal Solution OS images resources

baremetalsolution.osimages.list

Bare Metal Solution Procurements Admin

(roles/baremetalsolution.procurementsadmin)

Administrator of Bare Metal Solution Procurements

baremetalsolution.pods.list

baremetalsolution.procurements.*

baremetalsolution.procurements.create
baremetalsolution.procurements.get
baremetalsolution.procurements.list

baremetalsolution.skus.list

Bare Metal Solution Procurements Editor

(roles/baremetalsolution.procurementseditor)

Editor of Bare Metal Solution Procurements

baremetalsolution.pods.list

baremetalsolution.procurements.*

baremetalsolution.procurements.create
baremetalsolution.procurements.get
baremetalsolution.procurements.list

baremetalsolution.skus.list

Bare Metal Solution Procurements Viewer

(roles/baremetalsolution.procurementsviewer)

Viewer of Bare Metal Solution Procurements

baremetalsolution.procurements.get

baremetalsolution.procurements.list

baremetalsolution.skus.list

Bare Metal Solution Service Agent

(roles/baremetalsolution.serviceAgent)

Gives permission to manage network resources such as interconnect pairing keys, required for Bare Metal Solution.

compute.interconnectAttachments.get

compute.interconnectAttachments.list

compute.interconnects.get

compute.interconnects.list

compute.networks.get

compute.networks.list

compute.projects.get

resourcemanager.projects.get

Bare Metal Solution Storage Admin

(roles/baremetalsolution.storageadmin)

Administrator of Bare Metal Solution storage resources

baremetalsolution.luns.*

baremetalsolution.luns.create
baremetalsolution.luns.delete
baremetalsolution.luns.evict
baremetalsolution.luns.get
baremetalsolution.luns.list
baremetalsolution.luns.update

baremetalsolution.nfsshares.*

baremetalsolution.nfsshares.create
baremetalsolution.nfsshares.delete
baremetalsolution.nfsshares.get
baremetalsolution.nfsshares.list
baremetalsolution.nfsshares.rename
baremetalsolution.nfsshares.update

baremetalsolution.operations.get

baremetalsolution.pods.list

baremetalsolution.snapshotschedulepolicies.*

baremetalsolution.snapshotschedulepolicies.create
baremetalsolution.snapshotschedulepolicies.delete
baremetalsolution.snapshotschedulepolicies.get
baremetalsolution.snapshotschedulepolicies.list
baremetalsolution.snapshotschedulepolicies.update

baremetalsolution.storageaggregatepools.list

baremetalsolution.volumequotas.list

baremetalsolution.volumes.*

baremetalsolution.volumes.create
baremetalsolution.volumes.delete
baremetalsolution.volumes.evict
baremetalsolution.volumes.get
baremetalsolution.volumes.list
baremetalsolution.volumes.rename
baremetalsolution.volumes.resize
baremetalsolution.volumes.update

baremetalsolution.volumesnapshots.*

baremetalsolution.volumesnapshots.create
baremetalsolution.volumesnapshots.delete
baremetalsolution.volumesnapshots.get
baremetalsolution.volumesnapshots.list
baremetalsolution.volumesnapshots.restore

resourcemanager.projects.get

resourcemanager.projects.list

Bare Metal Solution Viewer

(roles/baremetalsolution.viewer)

Viewer of Bare Metal Solution resources

baremetalsolution.instancequotas.list

baremetalsolution.instances.get

baremetalsolution.instances.list

baremetalsolution.luns.get

baremetalsolution.luns.list

baremetalsolution.maintenanceevents.get

baremetalsolution.maintenanceevents.list

baremetalsolution.networkquotas.list

baremetalsolution.networks.get

baremetalsolution.networks.list

baremetalsolution.nfsshares.get

baremetalsolution.nfsshares.list

baremetalsolution.operations.get

baremetalsolution.osimages.list

baremetalsolution.pods.list

baremetalsolution.procurements.get

baremetalsolution.procurements.list

baremetalsolution.skus.list

baremetalsolution.snapshotschedulepolicies.get

baremetalsolution.snapshotschedulepolicies.list

baremetalsolution.sshKeys.list

baremetalsolution.storageaggregatepools.list

baremetalsolution.volumequotas.list

baremetalsolution.volumes.get

baremetalsolution.volumes.list

baremetalsolution.volumesnapshots.get

baremetalsolution.volumesnapshots.list

resourcemanager.projects.get

resourcemanager.projects.list

Volume Admin

(roles/baremetalsolution.volumesadmin)

Administrator of Bare Metal Solution volume resources

baremetalsolution.operations.get

baremetalsolution.pods.list

baremetalsolution.volumes.*

baremetalsolution.volumes.create
baremetalsolution.volumes.delete
baremetalsolution.volumes.evict
baremetalsolution.volumes.get
baremetalsolution.volumes.list
baremetalsolution.volumes.rename
baremetalsolution.volumes.resize
baremetalsolution.volumes.update

Volumes Editor

(roles/baremetalsolution.volumeseditor)

Editor of Bare Metal Solution volumes resources

baremetalsolution.operations.get

baremetalsolution.pods.list

baremetalsolution.volumequotas.list

baremetalsolution.volumes.create

baremetalsolution.volumes.delete

baremetalsolution.volumes.get

baremetalsolution.volumes.list

baremetalsolution.volumes.rename

baremetalsolution.volumes.resize

baremetalsolution.volumes.update

Snapshots Admin

(roles/baremetalsolution.volumesnapshotsadmin)

Administrator of Bare Metal Solution snapshots resources

baremetalsolution.operations.get

baremetalsolution.volumesnapshots.*

baremetalsolution.volumesnapshots.create
baremetalsolution.volumesnapshots.delete
baremetalsolution.volumesnapshots.get
baremetalsolution.volumesnapshots.list
baremetalsolution.volumesnapshots.restore

Snapshots Editor

(roles/baremetalsolution.volumesnapshotseditor)

Editor of Bare Metal Solution snapshots resources

baremetalsolution.operations.get

baremetalsolution.volumesnapshots.create

baremetalsolution.volumesnapshots.delete

baremetalsolution.volumesnapshots.get

baremetalsolution.volumesnapshots.list

Snapshots Viewer

(roles/baremetalsolution.volumesnapshotsviewer)

Viewer of Bare Metal Solution snapshots resources

baremetalsolution.operations.get

baremetalsolution.volumesnapshots.get

baremetalsolution.volumesnapshots.list

Volumes Viewer

(roles/baremetalsolution.volumessviewer)

Viewer of Bare Metal Solution volumes resources

baremetalsolution.operations.get

baremetalsolution.volumes.get

baremetalsolution.volumes.list

Wir empfehlen, die Rollen so anzuwenden:

Aufnahmeformular ausfüllen
- Bare Metal Solution-Rollen: Administrator, Bearbeiter oder Instanzadministrator UND Compute-Netzwerkbetrachter
- Einfache Rollen: Inhaber oder Bearbeiter
Server der Bare-Metal-Lösung neu starten
- Bare-Metal-Lösungsrollen: Administrator oder Bearbeiter
- Einfache Rollen: Inhaber oder Bearbeiter
Server auflisten oder Status anfragen
- Bare-Metal-Lösungsrollen: Betrachter oder Instanzbetrachter
- Einfache Rolle: Betrachter
Speicherkomponenten verwalten
- Bare-Metal-Lösung-Rollen: Administrator, Bearbeiter oder Speicheradministrator
- Einfache Rollen: Inhaber oder Bearbeiter
Netzwerkkomponenten verwalten
- Bare-Metal-Lösung-Rollen: Administrator, Bearbeiter oder Netzwerkadministrator
- Einfache Rollen: Inhaber oder Bearbeiter

Eine vollständige Liste der Rollen für Bare-Metal-Lösungen finden Sie unter Vordefinierte Rollen. Geben Sie dazu baremetalsolution. in das Suchfeld ein.

Eine vollständige Liste der Berechtigungen für Bare Metal Solution finden Sie unter Nach einer Berechtigung suchen. Geben Sie dazu baremetalsolution. in das Suchfeld ein.

IAM-Rolle erteilen

Fügen Sie eine IAM-Richtlinie hinzu, um einem Hauptkonto eine Rolle für Bare-Metal-Lösungen zuzuweisen. Die Rolle enthält Berechtigungen, die es dem Hauptkonto ermöglichen, bestimmte Aktionen auszuführen. So weisen Sie eine Rolle zu:

Console

Prüfen Sie, ob Sie eine Rolle mit den richtigen IAM-Berechtigungen haben, um anderen Rollen zuzuweisen, z. B. Inhaber, Projekt-IAM-Administrator oder Sicherheitsadministrator: Weitere Informationen zu dieser Anforderung finden Sie unter Erforderliche Rollen.
Rufen Sie in der Google Cloud Console die Seite „IAM-Berechtigungen“ auf.

IAM aufrufen
Klicken Sie auf Zugriff erlauben.
Geben Sie die folgenden Informationen ein:
- Geben Sie unter Hauptkonten hinzufügen Ihre Nutzer ein. Sie können einzelne Nutzer, Google-Gruppen, Dienstkonten oder Google Workspace-Domains hinzufügen.
- Wählen Sie unter Rollen zuweisen im Menü Rolle auswählen eine Rolle aus, die Sie den Hauptkonten zuweisen möchten.
- Klicken Sie auf Weitere Rolle hinzufügen, wenn Sie den Hauptkonten mehrere Rollen zuweisen möchten.
- Klicken Sie auf Speichern.
Ihre Hauptkonten und die zugewiesenen Rollen werden auf der Statusseite IAM-Berechtigungen angezeigt.

gcloud

Prüfen Sie, ob Sie eine Rolle mit den richtigen IAM-Berechtigungen haben, um anderen Rollen zuzuweisen, z. B. Inhaber, Projekt-IAM-Administrator oder Sicherheitsadministrator: Weitere Informationen zu dieser Anforderung finden Sie unter Erforderliche Rollen.
Öffnen Sie ein Cloud Shell-Fenster in Ihrem Google Cloud -Projekt.
Fügen Sie im folgenden Befehl Ihre Google Cloud Projekt-ID, die E-Mail-Adresse des Google Cloud Kontos Ihres Hauptkontos und den gewünschten Bare-Metal-Lösung-Rollen-Pfad hinzu:
```
gcloud projects add-iam-policy-binding PROJECT_ID \
 --member=user:username@example.com \
 --role=roles/baremetalsolution.admin
 
```
Kopieren Sie den Befehl und fügen Sie ihn in Ihr Cloud Shell-Fenster ein.
Drücken Sie die Eingabe- bzw. Returntaste.
In einigen Fällen wird das Fenster Cloud Shell autorisieren geöffnet, in dem Sie den API-Aufruf zulassen. Wenn Sie diese Option sehen, klicken Sie auf Autorisieren.

Wenn Sie die Befehle eingegeben haben, sieht die Ausgabe so aus:

Updated IAM policy for project [PROJECT_ID].
  bindings:
  - members:
   - user:username@example.com
   role: roles/baremetalsolution.admin
  - members:
   - serviceAccount:service-PROJECT_NUMBER@compute-system.iam.gserviceaccount.com
   role: roles/compute.serviceAgent
  - members:
   - serviceAccount:PROJECT_NUMBER-compute@developer.gserviceaccount.com
   - serviceAccount:PROJECT_NUMBER@cloudservices.gserviceaccount.com
   role: roles/editor
  - members:
   - user:username@example.com
   role: roles/owner
  etag: ETAG_NUMBER
  version: 1

Weitere Informationen zu IAM finden Sie unter Identity and Access Management.