Questa pagina è stata tradotta dall'API Cloud Translation.

Configurazione di IAM per Bare Metal Solution

Quando vuoi che un principale, come un Google Cloud utente o un account di servizio del progetto, acceda alle risorse nel tuo ambiente Bare Metal Solution, devi concedergli i ruoli e le autorizzazioni appropriati. Per concedere l'accesso, puoi creare un criterio IAM (Identity and Access Management) e assegnare ruoli predefiniti specifici per la soluzione Bare Metal.

Concedi ruoli con autorizzazioni sufficienti per consentire ai tuoi principali di svolgere il proprio lavoro, ma non di più, in modo da poter seguire il Google Cloud principio di sicurezza del privilegio minimo.

Ruoli predefiniti per Bare Metal Solution

Ogni ruolo IAM per Bare Metal Solution contiene autorizzazioni che consentono all'entità principale di accedere a risorse specifiche, come mostrato nella tabella seguente.

Role Permissions

Role	Permissions
Bare Metal Solution Admin (`roles/baremetalsolution.admin`) Administrator of Bare Metal Solution resources	`baremetalsolution.instancequotas.list` `baremetalsolution.instances.` `baremetalsolution.instances.attachNetwork` `baremetalsolution.instances.attachVolume` `baremetalsolution.instances.create` `baremetalsolution.instances.detachLun` `baremetalsolution.instances.detachNetwork` `baremetalsolution.instances.detachVolume` `baremetalsolution.instances.disableInteractiveSerialConsole` `baremetalsolution.instances.enableInteractiveSerialConsole` `baremetalsolution.instances.get` `baremetalsolution.instances.list` `baremetalsolution.instances.rename` `baremetalsolution.instances.reset` `baremetalsolution.instances.start` `baremetalsolution.instances.stop` `baremetalsolution.instances.update` `baremetalsolution.luns.` `baremetalsolution.luns.create` `baremetalsolution.luns.delete` `baremetalsolution.luns.evict` `baremetalsolution.luns.get` `baremetalsolution.luns.list` `baremetalsolution.luns.update` `baremetalsolution.maintenanceevents.` `baremetalsolution.maintenanceevents.addProposal` `baremetalsolution.maintenanceevents.approve` `baremetalsolution.maintenanceevents.get` `baremetalsolution.maintenanceevents.list` `baremetalsolution.networkquotas.list` `baremetalsolution.networks.` `baremetalsolution.networks.create` `baremetalsolution.networks.delete` `baremetalsolution.networks.get` `baremetalsolution.networks.list` `baremetalsolution.networks.rename` `baremetalsolution.networks.update` `baremetalsolution.nfsshares.` `baremetalsolution.nfsshares.create` `baremetalsolution.nfsshares.delete` `baremetalsolution.nfsshares.get` `baremetalsolution.nfsshares.list` `baremetalsolution.nfsshares.rename` `baremetalsolution.nfsshares.update` `baremetalsolution.operations.get` `baremetalsolution.osimages.list` `baremetalsolution.pods.list` `baremetalsolution.procurements.get` `baremetalsolution.procurements.list` `baremetalsolution.skus.list` `baremetalsolution.snapshotschedulepolicies.` `baremetalsolution.snapshotschedulepolicies.create` `baremetalsolution.snapshotschedulepolicies.delete` `baremetalsolution.snapshotschedulepolicies.get` `baremetalsolution.snapshotschedulepolicies.list` `baremetalsolution.snapshotschedulepolicies.update` `baremetalsolution.sshKeys.` `baremetalsolution.sshKeys.create` `baremetalsolution.sshKeys.delete` `baremetalsolution.sshKeys.list` `baremetalsolution.storageaggregatepools.list` `baremetalsolution.volumequotas.list` `baremetalsolution.volumes.` `baremetalsolution.volumes.create` `baremetalsolution.volumes.delete` `baremetalsolution.volumes.evict` `baremetalsolution.volumes.get` `baremetalsolution.volumes.list` `baremetalsolution.volumes.rename` `baremetalsolution.volumes.resize` `baremetalsolution.volumes.update` `baremetalsolution.volumesnapshots.*` `baremetalsolution.volumesnapshots.create` `baremetalsolution.volumesnapshots.delete` `baremetalsolution.volumesnapshots.get` `baremetalsolution.volumesnapshots.list` `baremetalsolution.volumesnapshots.restore` `resourcemanager.projects.get` `resourcemanager.projects.list`
Bare Metal Solution Editor (`roles/baremetalsolution.editor`) Editor of Bare Metal Solution resources	`baremetalsolution.instancequotas.list` `baremetalsolution.instances.` `baremetalsolution.instances.attachNetwork` `baremetalsolution.instances.attachVolume` `baremetalsolution.instances.create` `baremetalsolution.instances.detachLun` `baremetalsolution.instances.detachNetwork` `baremetalsolution.instances.detachVolume` `baremetalsolution.instances.disableInteractiveSerialConsole` `baremetalsolution.instances.enableInteractiveSerialConsole` `baremetalsolution.instances.get` `baremetalsolution.instances.list` `baremetalsolution.instances.rename` `baremetalsolution.instances.reset` `baremetalsolution.instances.start` `baremetalsolution.instances.stop` `baremetalsolution.instances.update` `baremetalsolution.luns.` `baremetalsolution.luns.create` `baremetalsolution.luns.delete` `baremetalsolution.luns.evict` `baremetalsolution.luns.get` `baremetalsolution.luns.list` `baremetalsolution.luns.update` `baremetalsolution.maintenanceevents.` `baremetalsolution.maintenanceevents.addProposal` `baremetalsolution.maintenanceevents.approve` `baremetalsolution.maintenanceevents.get` `baremetalsolution.maintenanceevents.list` `baremetalsolution.networkquotas.list` `baremetalsolution.networks.` `baremetalsolution.networks.create` `baremetalsolution.networks.delete` `baremetalsolution.networks.get` `baremetalsolution.networks.list` `baremetalsolution.networks.rename` `baremetalsolution.networks.update` `baremetalsolution.nfsshares.` `baremetalsolution.nfsshares.create` `baremetalsolution.nfsshares.delete` `baremetalsolution.nfsshares.get` `baremetalsolution.nfsshares.list` `baremetalsolution.nfsshares.rename` `baremetalsolution.nfsshares.update` `baremetalsolution.operations.get` `baremetalsolution.osimages.list` `baremetalsolution.pods.list` `baremetalsolution.procurements.get` `baremetalsolution.procurements.list` `baremetalsolution.skus.list` `baremetalsolution.snapshotschedulepolicies.` `baremetalsolution.snapshotschedulepolicies.create` `baremetalsolution.snapshotschedulepolicies.delete` `baremetalsolution.snapshotschedulepolicies.get` `baremetalsolution.snapshotschedulepolicies.list` `baremetalsolution.snapshotschedulepolicies.update` `baremetalsolution.sshKeys.` `baremetalsolution.sshKeys.create` `baremetalsolution.sshKeys.delete` `baremetalsolution.sshKeys.list` `baremetalsolution.storageaggregatepools.list` `baremetalsolution.volumequotas.list` `baremetalsolution.volumes.` `baremetalsolution.volumes.create` `baremetalsolution.volumes.delete` `baremetalsolution.volumes.evict` `baremetalsolution.volumes.get` `baremetalsolution.volumes.list` `baremetalsolution.volumes.rename` `baremetalsolution.volumes.resize` `baremetalsolution.volumes.update` `baremetalsolution.volumesnapshots.*` `baremetalsolution.volumesnapshots.create` `baremetalsolution.volumesnapshots.delete` `baremetalsolution.volumesnapshots.get` `baremetalsolution.volumesnapshots.list` `baremetalsolution.volumesnapshots.restore` `resourcemanager.projects.get` `resourcemanager.projects.list`
Bare Metal Solution Instances Admin (`roles/baremetalsolution.instancesadmin`) Admin of Bare Metal Solution Instance resources	`baremetalsolution.instances.*` `baremetalsolution.instances.attachNetwork` `baremetalsolution.instances.attachVolume` `baremetalsolution.instances.create` `baremetalsolution.instances.detachLun` `baremetalsolution.instances.detachNetwork` `baremetalsolution.instances.detachVolume` `baremetalsolution.instances.disableInteractiveSerialConsole` `baremetalsolution.instances.enableInteractiveSerialConsole` `baremetalsolution.instances.get` `baremetalsolution.instances.list` `baremetalsolution.instances.rename` `baremetalsolution.instances.reset` `baremetalsolution.instances.start` `baremetalsolution.instances.stop` `baremetalsolution.instances.update` `baremetalsolution.operations.get` `baremetalsolution.osimages.list` `baremetalsolution.pods.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Bare Metal Solution Instances Viewer (`roles/baremetalsolution.instancesviewer`) Viewer of Bare Metal Solution Instance resources	`baremetalsolution.instancequotas.list` `baremetalsolution.instances.get` `baremetalsolution.instances.list` `baremetalsolution.operations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Luns Admin (`roles/baremetalsolution.lunsadmin`) Administrator of Bare Metal Solution Lun resources	`baremetalsolution.luns.get` `baremetalsolution.luns.list` `baremetalsolution.operations.get`
Luns Viewer (`roles/baremetalsolution.lunsviewer`) Viewer of Bare Metal Solution Lun resources	`baremetalsolution.luns.get` `baremetalsolution.luns.list` `baremetalsolution.operations.get`
Maintenance Events Admin (`roles/baremetalsolution.maintenanceeventsadmin`) Administrator of Bare Metal Solution maintenance events resources	`baremetalsolution.maintenanceevents.*` `baremetalsolution.maintenanceevents.addProposal` `baremetalsolution.maintenanceevents.approve` `baremetalsolution.maintenanceevents.get` `baremetalsolution.maintenanceevents.list`
Maintenance Events Editor (`roles/baremetalsolution.maintenanceeventseditor`) Editor of Bare Metal Solution maintenance events resources	`baremetalsolution.maintenanceevents.*` `baremetalsolution.maintenanceevents.addProposal` `baremetalsolution.maintenanceevents.approve` `baremetalsolution.maintenanceevents.get` `baremetalsolution.maintenanceevents.list`
Maintenance Events Viewer (`roles/baremetalsolution.maintenanceeventsviewer`) Viewer of Bare Metal Solution maintenance events resources	`baremetalsolution.maintenanceevents.get` `baremetalsolution.maintenanceevents.list`
Networks Admin (`roles/baremetalsolution.networksadmin`) Admin of Bare Metal Solution networks resources	`baremetalsolution.networkquotas.list` `baremetalsolution.networks.*` `baremetalsolution.networks.create` `baremetalsolution.networks.delete` `baremetalsolution.networks.get` `baremetalsolution.networks.list` `baremetalsolution.networks.rename` `baremetalsolution.networks.update` `baremetalsolution.operations.get` `baremetalsolution.pods.list`
NFS Shares Admin (`roles/baremetalsolution.nfssharesadmin`) Administrator of Bare Metal Solution NFS Share resources	`baremetalsolution.nfsshares.*` `baremetalsolution.nfsshares.create` `baremetalsolution.nfsshares.delete` `baremetalsolution.nfsshares.get` `baremetalsolution.nfsshares.list` `baremetalsolution.nfsshares.rename` `baremetalsolution.nfsshares.update` `baremetalsolution.operations.get` `baremetalsolution.pods.list`
NFS Shares Editor (`roles/baremetalsolution.nfsshareseditor`) Editor of Bare Metal Solution NFS Share resources	`baremetalsolution.nfsshares.*` `baremetalsolution.nfsshares.create` `baremetalsolution.nfsshares.delete` `baremetalsolution.nfsshares.get` `baremetalsolution.nfsshares.list` `baremetalsolution.nfsshares.rename` `baremetalsolution.nfsshares.update` `baremetalsolution.operations.get` `baremetalsolution.pods.list`
NFS Shares Viewer (`roles/baremetalsolution.nfssharesviewer`) Viewer of Bare Metal Solution NFS Share resources	`baremetalsolution.nfsshares.get` `baremetalsolution.nfsshares.list` `baremetalsolution.operations.get`
OS Images Viewer (`roles/baremetalsolution.osimagesviewer`) Viewer of Bare Metal Solution OS images resources	`baremetalsolution.osimages.list`
Bare Metal Solution Procurements Admin (`roles/baremetalsolution.procurementsadmin`) Administrator of Bare Metal Solution Procurements	`baremetalsolution.pods.list` `baremetalsolution.procurements.*` `baremetalsolution.procurements.create` `baremetalsolution.procurements.get` `baremetalsolution.procurements.list` `baremetalsolution.skus.list`
Bare Metal Solution Procurements Editor (`roles/baremetalsolution.procurementseditor`) Editor of Bare Metal Solution Procurements	`baremetalsolution.pods.list` `baremetalsolution.procurements.*` `baremetalsolution.procurements.create` `baremetalsolution.procurements.get` `baremetalsolution.procurements.list` `baremetalsolution.skus.list`
Bare Metal Solution Procurements Viewer (`roles/baremetalsolution.procurementsviewer`) Viewer of Bare Metal Solution Procurements	`baremetalsolution.procurements.get` `baremetalsolution.procurements.list` `baremetalsolution.skus.list`
Bare Metal Solution Service Agent (`roles/baremetalsolution.serviceAgent`) Gives permission to manage network resources such as interconnect pairing keys, required for Bare Metal Solution. Warning: Do not grant service agent roles to any principals except service agents.	`compute.interconnectAttachments.get` `compute.interconnectAttachments.list` `compute.interconnects.get` `compute.interconnects.list` `compute.networks.get` `compute.networks.list` `compute.projects.get` `resourcemanager.projects.get`
Bare Metal Solution Storage Admin (`roles/baremetalsolution.storageadmin`) Administrator of Bare Metal Solution storage resources	`baremetalsolution.luns.` `baremetalsolution.luns.create` `baremetalsolution.luns.delete` `baremetalsolution.luns.evict` `baremetalsolution.luns.get` `baremetalsolution.luns.list` `baremetalsolution.luns.update` `baremetalsolution.nfsshares.` `baremetalsolution.nfsshares.create` `baremetalsolution.nfsshares.delete` `baremetalsolution.nfsshares.get` `baremetalsolution.nfsshares.list` `baremetalsolution.nfsshares.rename` `baremetalsolution.nfsshares.update` `baremetalsolution.operations.get` `baremetalsolution.pods.list` `baremetalsolution.snapshotschedulepolicies.` `baremetalsolution.snapshotschedulepolicies.create` `baremetalsolution.snapshotschedulepolicies.delete` `baremetalsolution.snapshotschedulepolicies.get` `baremetalsolution.snapshotschedulepolicies.list` `baremetalsolution.snapshotschedulepolicies.update` `baremetalsolution.storageaggregatepools.list` `baremetalsolution.volumequotas.list` `baremetalsolution.volumes.` `baremetalsolution.volumes.create` `baremetalsolution.volumes.delete` `baremetalsolution.volumes.evict` `baremetalsolution.volumes.get` `baremetalsolution.volumes.list` `baremetalsolution.volumes.rename` `baremetalsolution.volumes.resize` `baremetalsolution.volumes.update` `baremetalsolution.volumesnapshots.*` `baremetalsolution.volumesnapshots.create` `baremetalsolution.volumesnapshots.delete` `baremetalsolution.volumesnapshots.get` `baremetalsolution.volumesnapshots.list` `baremetalsolution.volumesnapshots.restore` `resourcemanager.projects.get` `resourcemanager.projects.list`
Bare Metal Solution Viewer (`roles/baremetalsolution.viewer`) Viewer of Bare Metal Solution resources	`baremetalsolution.instancequotas.list` `baremetalsolution.instances.get` `baremetalsolution.instances.list` `baremetalsolution.luns.get` `baremetalsolution.luns.list` `baremetalsolution.maintenanceevents.get` `baremetalsolution.maintenanceevents.list` `baremetalsolution.networkquotas.list` `baremetalsolution.networks.get` `baremetalsolution.networks.list` `baremetalsolution.nfsshares.get` `baremetalsolution.nfsshares.list` `baremetalsolution.operations.get` `baremetalsolution.osimages.list` `baremetalsolution.pods.list` `baremetalsolution.procurements.get` `baremetalsolution.procurements.list` `baremetalsolution.skus.list` `baremetalsolution.snapshotschedulepolicies.get` `baremetalsolution.snapshotschedulepolicies.list` `baremetalsolution.sshKeys.list` `baremetalsolution.storageaggregatepools.list` `baremetalsolution.volumequotas.list` `baremetalsolution.volumes.get` `baremetalsolution.volumes.list` `baremetalsolution.volumesnapshots.get` `baremetalsolution.volumesnapshots.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Volume Admin (`roles/baremetalsolution.volumesadmin`) Administrator of Bare Metal Solution volume resources	`baremetalsolution.operations.get` `baremetalsolution.pods.list` `baremetalsolution.volumes.*` `baremetalsolution.volumes.create` `baremetalsolution.volumes.delete` `baremetalsolution.volumes.evict` `baremetalsolution.volumes.get` `baremetalsolution.volumes.list` `baremetalsolution.volumes.rename` `baremetalsolution.volumes.resize` `baremetalsolution.volumes.update`
Volumes Editor (`roles/baremetalsolution.volumeseditor`) Editor of Bare Metal Solution volumes resources	`baremetalsolution.operations.get` `baremetalsolution.pods.list` `baremetalsolution.volumequotas.list` `baremetalsolution.volumes.create` `baremetalsolution.volumes.delete` `baremetalsolution.volumes.get` `baremetalsolution.volumes.list` `baremetalsolution.volumes.rename` `baremetalsolution.volumes.resize` `baremetalsolution.volumes.update`
Snapshots Admin (`roles/baremetalsolution.volumesnapshotsadmin`) Administrator of Bare Metal Solution snapshots resources	`baremetalsolution.operations.get` `baremetalsolution.volumesnapshots.*` `baremetalsolution.volumesnapshots.create` `baremetalsolution.volumesnapshots.delete` `baremetalsolution.volumesnapshots.get` `baremetalsolution.volumesnapshots.list` `baremetalsolution.volumesnapshots.restore`
Snapshots Editor (`roles/baremetalsolution.volumesnapshotseditor`) Editor of Bare Metal Solution snapshots resources	`baremetalsolution.operations.get` `baremetalsolution.volumesnapshots.create` `baremetalsolution.volumesnapshots.delete` `baremetalsolution.volumesnapshots.get` `baremetalsolution.volumesnapshots.list`
Snapshots Viewer (`roles/baremetalsolution.volumesnapshotsviewer`) Viewer of Bare Metal Solution snapshots resources	`baremetalsolution.operations.get` `baremetalsolution.volumesnapshots.get` `baremetalsolution.volumesnapshots.list`
Volumes Viewer (`roles/baremetalsolution.volumessviewer`) Viewer of Bare Metal Solution volumes resources	`baremetalsolution.operations.get` `baremetalsolution.volumes.get` `baremetalsolution.volumes.list`

Bare Metal Solution Admin

(roles/baremetalsolution.admin)

Administrator of Bare Metal Solution resources

baremetalsolution.instancequotas.list

baremetalsolution.instances.*

baremetalsolution.instances.attachNetwork
baremetalsolution.instances.attachVolume
baremetalsolution.instances.create
baremetalsolution.instances.detachLun
baremetalsolution.instances.detachNetwork
baremetalsolution.instances.detachVolume
baremetalsolution.instances.disableInteractiveSerialConsole
baremetalsolution.instances.enableInteractiveSerialConsole
baremetalsolution.instances.get
baremetalsolution.instances.list
baremetalsolution.instances.rename
baremetalsolution.instances.reset
baremetalsolution.instances.start
baremetalsolution.instances.stop
baremetalsolution.instances.update

baremetalsolution.luns.*

baremetalsolution.luns.create
baremetalsolution.luns.delete
baremetalsolution.luns.evict
baremetalsolution.luns.get
baremetalsolution.luns.list
baremetalsolution.luns.update

baremetalsolution.maintenanceevents.*

baremetalsolution.maintenanceevents.addProposal
baremetalsolution.maintenanceevents.approve
baremetalsolution.maintenanceevents.get
baremetalsolution.maintenanceevents.list

baremetalsolution.networkquotas.list

baremetalsolution.networks.*

baremetalsolution.networks.create
baremetalsolution.networks.delete
baremetalsolution.networks.get
baremetalsolution.networks.list
baremetalsolution.networks.rename
baremetalsolution.networks.update

baremetalsolution.nfsshares.*

baremetalsolution.nfsshares.create
baremetalsolution.nfsshares.delete
baremetalsolution.nfsshares.get
baremetalsolution.nfsshares.list
baremetalsolution.nfsshares.rename
baremetalsolution.nfsshares.update

baremetalsolution.operations.get

baremetalsolution.osimages.list

baremetalsolution.pods.list

baremetalsolution.procurements.get

baremetalsolution.procurements.list

baremetalsolution.skus.list

baremetalsolution.snapshotschedulepolicies.*

baremetalsolution.snapshotschedulepolicies.create
baremetalsolution.snapshotschedulepolicies.delete
baremetalsolution.snapshotschedulepolicies.get
baremetalsolution.snapshotschedulepolicies.list
baremetalsolution.snapshotschedulepolicies.update

baremetalsolution.sshKeys.*

baremetalsolution.sshKeys.create
baremetalsolution.sshKeys.delete
baremetalsolution.sshKeys.list

baremetalsolution.storageaggregatepools.list

baremetalsolution.volumequotas.list

baremetalsolution.volumes.*

baremetalsolution.volumes.create
baremetalsolution.volumes.delete
baremetalsolution.volumes.evict
baremetalsolution.volumes.get
baremetalsolution.volumes.list
baremetalsolution.volumes.rename
baremetalsolution.volumes.resize
baremetalsolution.volumes.update

baremetalsolution.volumesnapshots.*

baremetalsolution.volumesnapshots.create
baremetalsolution.volumesnapshots.delete
baremetalsolution.volumesnapshots.get
baremetalsolution.volumesnapshots.list
baremetalsolution.volumesnapshots.restore

resourcemanager.projects.get

resourcemanager.projects.list

Bare Metal Solution Editor

(roles/baremetalsolution.editor)

Editor of Bare Metal Solution resources

baremetalsolution.instancequotas.list

baremetalsolution.instances.*

baremetalsolution.instances.attachNetwork
baremetalsolution.instances.attachVolume
baremetalsolution.instances.create
baremetalsolution.instances.detachLun
baremetalsolution.instances.detachNetwork
baremetalsolution.instances.detachVolume
baremetalsolution.instances.disableInteractiveSerialConsole
baremetalsolution.instances.enableInteractiveSerialConsole
baremetalsolution.instances.get
baremetalsolution.instances.list
baremetalsolution.instances.rename
baremetalsolution.instances.reset
baremetalsolution.instances.start
baremetalsolution.instances.stop
baremetalsolution.instances.update

baremetalsolution.luns.*

baremetalsolution.luns.create
baremetalsolution.luns.delete
baremetalsolution.luns.evict
baremetalsolution.luns.get
baremetalsolution.luns.list
baremetalsolution.luns.update

baremetalsolution.maintenanceevents.*

baremetalsolution.maintenanceevents.addProposal
baremetalsolution.maintenanceevents.approve
baremetalsolution.maintenanceevents.get
baremetalsolution.maintenanceevents.list

baremetalsolution.networkquotas.list

baremetalsolution.networks.*

baremetalsolution.networks.create
baremetalsolution.networks.delete
baremetalsolution.networks.get
baremetalsolution.networks.list
baremetalsolution.networks.rename
baremetalsolution.networks.update

baremetalsolution.nfsshares.*

baremetalsolution.nfsshares.create
baremetalsolution.nfsshares.delete
baremetalsolution.nfsshares.get
baremetalsolution.nfsshares.list
baremetalsolution.nfsshares.rename
baremetalsolution.nfsshares.update

baremetalsolution.operations.get

baremetalsolution.osimages.list

baremetalsolution.pods.list

baremetalsolution.procurements.get

baremetalsolution.procurements.list

baremetalsolution.skus.list

baremetalsolution.snapshotschedulepolicies.*

baremetalsolution.snapshotschedulepolicies.create
baremetalsolution.snapshotschedulepolicies.delete
baremetalsolution.snapshotschedulepolicies.get
baremetalsolution.snapshotschedulepolicies.list
baremetalsolution.snapshotschedulepolicies.update

baremetalsolution.sshKeys.*

baremetalsolution.sshKeys.create
baremetalsolution.sshKeys.delete
baremetalsolution.sshKeys.list

baremetalsolution.storageaggregatepools.list

baremetalsolution.volumequotas.list

baremetalsolution.volumes.*

baremetalsolution.volumes.create
baremetalsolution.volumes.delete
baremetalsolution.volumes.evict
baremetalsolution.volumes.get
baremetalsolution.volumes.list
baremetalsolution.volumes.rename
baremetalsolution.volumes.resize
baremetalsolution.volumes.update

baremetalsolution.volumesnapshots.*

baremetalsolution.volumesnapshots.create
baremetalsolution.volumesnapshots.delete
baremetalsolution.volumesnapshots.get
baremetalsolution.volumesnapshots.list
baremetalsolution.volumesnapshots.restore

resourcemanager.projects.get

resourcemanager.projects.list

Bare Metal Solution Instances Admin

(roles/baremetalsolution.instancesadmin)

Admin of Bare Metal Solution Instance resources

baremetalsolution.instances.*

baremetalsolution.instances.attachNetwork
baremetalsolution.instances.attachVolume
baremetalsolution.instances.create
baremetalsolution.instances.detachLun
baremetalsolution.instances.detachNetwork
baremetalsolution.instances.detachVolume
baremetalsolution.instances.disableInteractiveSerialConsole
baremetalsolution.instances.enableInteractiveSerialConsole
baremetalsolution.instances.get
baremetalsolution.instances.list
baremetalsolution.instances.rename
baremetalsolution.instances.reset
baremetalsolution.instances.start
baremetalsolution.instances.stop
baremetalsolution.instances.update

baremetalsolution.operations.get

baremetalsolution.osimages.list

baremetalsolution.pods.list

resourcemanager.projects.get

resourcemanager.projects.list

Bare Metal Solution Instances Viewer

(roles/baremetalsolution.instancesviewer)

Viewer of Bare Metal Solution Instance resources

baremetalsolution.instancequotas.list

baremetalsolution.instances.get

baremetalsolution.instances.list

baremetalsolution.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Luns Admin

(roles/baremetalsolution.lunsadmin)

Administrator of Bare Metal Solution Lun resources

baremetalsolution.luns.get

baremetalsolution.luns.list

baremetalsolution.operations.get

Luns Viewer

(roles/baremetalsolution.lunsviewer)

Viewer of Bare Metal Solution Lun resources

baremetalsolution.luns.get

baremetalsolution.luns.list

baremetalsolution.operations.get

Maintenance Events Admin

(roles/baremetalsolution.maintenanceeventsadmin)

Administrator of Bare Metal Solution maintenance events resources

baremetalsolution.maintenanceevents.*

baremetalsolution.maintenanceevents.addProposal
baremetalsolution.maintenanceevents.approve
baremetalsolution.maintenanceevents.get
baremetalsolution.maintenanceevents.list

Maintenance Events Editor

(roles/baremetalsolution.maintenanceeventseditor)

Editor of Bare Metal Solution maintenance events resources

baremetalsolution.maintenanceevents.*

baremetalsolution.maintenanceevents.addProposal
baremetalsolution.maintenanceevents.approve
baremetalsolution.maintenanceevents.get
baremetalsolution.maintenanceevents.list

Maintenance Events Viewer

(roles/baremetalsolution.maintenanceeventsviewer)

Viewer of Bare Metal Solution maintenance events resources

baremetalsolution.maintenanceevents.get

baremetalsolution.maintenanceevents.list

Networks Admin

(roles/baremetalsolution.networksadmin)

Admin of Bare Metal Solution networks resources

baremetalsolution.networkquotas.list

baremetalsolution.networks.*

baremetalsolution.networks.create
baremetalsolution.networks.delete
baremetalsolution.networks.get
baremetalsolution.networks.list
baremetalsolution.networks.rename
baremetalsolution.networks.update

baremetalsolution.operations.get

baremetalsolution.pods.list

NFS Shares Admin

(roles/baremetalsolution.nfssharesadmin)

Administrator of Bare Metal Solution NFS Share resources

baremetalsolution.nfsshares.*

baremetalsolution.nfsshares.create
baremetalsolution.nfsshares.delete
baremetalsolution.nfsshares.get
baremetalsolution.nfsshares.list
baremetalsolution.nfsshares.rename
baremetalsolution.nfsshares.update

baremetalsolution.operations.get

baremetalsolution.pods.list

NFS Shares Editor

(roles/baremetalsolution.nfsshareseditor)

Editor of Bare Metal Solution NFS Share resources

baremetalsolution.nfsshares.*

baremetalsolution.nfsshares.create
baremetalsolution.nfsshares.delete
baremetalsolution.nfsshares.get
baremetalsolution.nfsshares.list
baremetalsolution.nfsshares.rename
baremetalsolution.nfsshares.update

baremetalsolution.operations.get

baremetalsolution.pods.list

NFS Shares Viewer

(roles/baremetalsolution.nfssharesviewer)

Viewer of Bare Metal Solution NFS Share resources

baremetalsolution.nfsshares.get

baremetalsolution.nfsshares.list

baremetalsolution.operations.get

OS Images Viewer

(roles/baremetalsolution.osimagesviewer)

Viewer of Bare Metal Solution OS images resources

baremetalsolution.osimages.list

Bare Metal Solution Procurements Admin

(roles/baremetalsolution.procurementsadmin)

Administrator of Bare Metal Solution Procurements

baremetalsolution.pods.list

baremetalsolution.procurements.*

baremetalsolution.procurements.create
baremetalsolution.procurements.get
baremetalsolution.procurements.list

baremetalsolution.skus.list

Bare Metal Solution Procurements Editor

(roles/baremetalsolution.procurementseditor)

Editor of Bare Metal Solution Procurements

baremetalsolution.pods.list

baremetalsolution.procurements.*

baremetalsolution.procurements.create
baremetalsolution.procurements.get
baremetalsolution.procurements.list

baremetalsolution.skus.list

Bare Metal Solution Procurements Viewer

(roles/baremetalsolution.procurementsviewer)

Viewer of Bare Metal Solution Procurements

baremetalsolution.procurements.get

baremetalsolution.procurements.list

baremetalsolution.skus.list

Bare Metal Solution Service Agent

(roles/baremetalsolution.serviceAgent)

Gives permission to manage network resources such as interconnect pairing keys, required for Bare Metal Solution.

compute.interconnectAttachments.get

compute.interconnectAttachments.list

compute.interconnects.get

compute.interconnects.list

compute.networks.get

compute.networks.list

compute.projects.get

resourcemanager.projects.get

Bare Metal Solution Storage Admin

(roles/baremetalsolution.storageadmin)

Administrator of Bare Metal Solution storage resources

baremetalsolution.luns.*

baremetalsolution.luns.create
baremetalsolution.luns.delete
baremetalsolution.luns.evict
baremetalsolution.luns.get
baremetalsolution.luns.list
baremetalsolution.luns.update

baremetalsolution.nfsshares.*

baremetalsolution.nfsshares.create
baremetalsolution.nfsshares.delete
baremetalsolution.nfsshares.get
baremetalsolution.nfsshares.list
baremetalsolution.nfsshares.rename
baremetalsolution.nfsshares.update

baremetalsolution.operations.get

baremetalsolution.pods.list

baremetalsolution.snapshotschedulepolicies.*

baremetalsolution.snapshotschedulepolicies.create
baremetalsolution.snapshotschedulepolicies.delete
baremetalsolution.snapshotschedulepolicies.get
baremetalsolution.snapshotschedulepolicies.list
baremetalsolution.snapshotschedulepolicies.update

baremetalsolution.storageaggregatepools.list

baremetalsolution.volumequotas.list

baremetalsolution.volumes.*

baremetalsolution.volumes.create
baremetalsolution.volumes.delete
baremetalsolution.volumes.evict
baremetalsolution.volumes.get
baremetalsolution.volumes.list
baremetalsolution.volumes.rename
baremetalsolution.volumes.resize
baremetalsolution.volumes.update

baremetalsolution.volumesnapshots.*

baremetalsolution.volumesnapshots.create
baremetalsolution.volumesnapshots.delete
baremetalsolution.volumesnapshots.get
baremetalsolution.volumesnapshots.list
baremetalsolution.volumesnapshots.restore

resourcemanager.projects.get

resourcemanager.projects.list

Bare Metal Solution Viewer

(roles/baremetalsolution.viewer)

Viewer of Bare Metal Solution resources

baremetalsolution.instancequotas.list

baremetalsolution.instances.get

baremetalsolution.instances.list

baremetalsolution.luns.get

baremetalsolution.luns.list

baremetalsolution.maintenanceevents.get

baremetalsolution.maintenanceevents.list

baremetalsolution.networkquotas.list

baremetalsolution.networks.get

baremetalsolution.networks.list

baremetalsolution.nfsshares.get

baremetalsolution.nfsshares.list

baremetalsolution.operations.get

baremetalsolution.osimages.list

baremetalsolution.pods.list

baremetalsolution.procurements.get

baremetalsolution.procurements.list

baremetalsolution.skus.list

baremetalsolution.snapshotschedulepolicies.get

baremetalsolution.snapshotschedulepolicies.list

baremetalsolution.sshKeys.list

baremetalsolution.storageaggregatepools.list

baremetalsolution.volumequotas.list

baremetalsolution.volumes.get

baremetalsolution.volumes.list

baremetalsolution.volumesnapshots.get

baremetalsolution.volumesnapshots.list

resourcemanager.projects.get

resourcemanager.projects.list

Volume Admin

(roles/baremetalsolution.volumesadmin)

Administrator of Bare Metal Solution volume resources

baremetalsolution.operations.get

baremetalsolution.pods.list

baremetalsolution.volumes.*

baremetalsolution.volumes.create
baremetalsolution.volumes.delete
baremetalsolution.volumes.evict
baremetalsolution.volumes.get
baremetalsolution.volumes.list
baremetalsolution.volumes.rename
baremetalsolution.volumes.resize
baremetalsolution.volumes.update

Volumes Editor

(roles/baremetalsolution.volumeseditor)

Editor of Bare Metal Solution volumes resources

baremetalsolution.operations.get

baremetalsolution.pods.list

baremetalsolution.volumequotas.list

baremetalsolution.volumes.create

baremetalsolution.volumes.delete

baremetalsolution.volumes.get

baremetalsolution.volumes.list

baremetalsolution.volumes.rename

baremetalsolution.volumes.resize

baremetalsolution.volumes.update

Snapshots Admin

(roles/baremetalsolution.volumesnapshotsadmin)

Administrator of Bare Metal Solution snapshots resources

baremetalsolution.operations.get

baremetalsolution.volumesnapshots.*

baremetalsolution.volumesnapshots.create
baremetalsolution.volumesnapshots.delete
baremetalsolution.volumesnapshots.get
baremetalsolution.volumesnapshots.list
baremetalsolution.volumesnapshots.restore

Snapshots Editor

(roles/baremetalsolution.volumesnapshotseditor)

Editor of Bare Metal Solution snapshots resources

baremetalsolution.operations.get

baremetalsolution.volumesnapshots.create

baremetalsolution.volumesnapshots.delete

baremetalsolution.volumesnapshots.get

baremetalsolution.volumesnapshots.list

Snapshots Viewer

(roles/baremetalsolution.volumesnapshotsviewer)

Viewer of Bare Metal Solution snapshots resources

baremetalsolution.operations.get

baremetalsolution.volumesnapshots.get

baremetalsolution.volumesnapshots.list

Volumes Viewer

(roles/baremetalsolution.volumessviewer)

Viewer of Bare Metal Solution volumes resources

baremetalsolution.operations.get

baremetalsolution.volumes.get

baremetalsolution.volumes.list

Ti consigliamo di applicare i ruoli come segue:

Compilare un modulo di accettazione
- Ruoli Bare Metal Solution: amministratore, editor o amministratore delle istanze E visualizzatore della rete Compute
- Ruoli di base: Proprietario o Editor
Riavviare un server Bare Metal Solution
- Ruoli Bare Metal Solution: amministratore o editor
- Ruoli di base: Proprietario o Editor
Server delle schede o stato della richiesta
- Ruoli Bare Metal Solution: Visualizzatore o Visualizzatore di istanze
- Ruolo di base: Visualizzatore
Gestire i componenti di archiviazione
- Ruoli Bare Metal Solution: amministratore, editor o amministratore dello spazio di archiviazione
- Ruoli di base: Proprietario o Editor
Gestire i componenti di rete
- Ruoli Bare Metal Solution: amministratore, editor o amministratore delle reti
- Ruoli di base: Proprietario o Editor

Per un elenco completo dei ruoli Bare Metal Solution, consulta Ruoli predefiniti e inserisci baremetalsolution. nella casella di ricerca.

Per un elenco completo delle autorizzazioni della soluzione Bare Metal, vedi Cercare un'autorizzazione e inserisci baremetalsolution. nella casella di ricerca.

Concedi un ruolo IAM

Aggiungi un criterio IAM per concedere un ruolo Bare Metal Solution a un'entità. Il ruolo contiene autorizzazioni che consentono all'entità di eseguire determinate azioni. Per concedere un ruolo:

Console

Assicurati di disporre di un ruolo che contenga le autorizzazioni IAM appropriate per concedere ruoli ad altri, ad esempio Proprietario, Amministratore IAM progetto o Amministratore della sicurezza. Per ulteriori informazioni su questo requisito, consulta Ruoli richiesti.
Nella Google Cloud console, vai alla pagina delle autorizzazioni IAM.

Vai a IAM
Fai clic su Concedi accesso.
Inserisci le seguenti informazioni:
- In Aggiungi entità, inserisci i tuoi utenti. Puoi aggiungere singoli utenti, gruppi Google, account di servizio o domini Google Workspace.
- In Assegna i ruoli, scegli un ruolo dal menu Seleziona un ruolo per concederlo alle entità.
- Fai clic su Aggiungi un altro ruolo se devi assegnare più ruoli alle entità.
- Fai clic su Salva.
Le entità e i relativi ruoli assegnati vengono visualizzati nella pagina di stato delle autorizzazioni IAM.

gcloud

Assicurati di disporre di un ruolo che contenga le autorizzazioni IAM appropriate per concedere ruoli ad altri, ad esempio Proprietario, Amministratore IAM progetto o Amministratore della sicurezza. Per ulteriori informazioni su questo requisito, consulta Ruoli richiesti.
Apri una finestra di Cloud Shell nel tuo Google Cloud progetto.
Aggiungi il tuo Google Cloud ID progetto, l'indirizzo email dell'account Google Cloud del principale e il percorso del ruolo della soluzione Bare Metal preferito nel seguente comando:
```
gcloud projects add-iam-policy-binding PROJECT_ID \
 --member=user:username@example.com \
 --role=roles/baremetalsolution.admin
 
```
Copia il comando e incollalo nella finestra Cloud Shell.
Premi il tasto Invio o Return.
In alcuni casi, viene visualizzata una finestra Autorizza Cloud Shell che ti chiede di consentire una chiamata API. Se vedi questa richiesta, fai clic su Autorizza.

Una volta inseriti i comandi, l'output sarà simile al seguente:

Updated IAM policy for project [PROJECT_ID].
  bindings:
  - members:
   - user:username@example.com
   role: roles/baremetalsolution.admin
  - members:
   - serviceAccount:service-PROJECT_NUMBER@compute-system.iam.gserviceaccount.com
   role: roles/compute.serviceAgent
  - members:
   - serviceAccount:PROJECT_NUMBER-compute@developer.gserviceaccount.com
   - serviceAccount:PROJECT_NUMBER@cloudservices.gserviceaccount.com
   role: roles/editor
  - members:
   - user:username@example.com
   role: roles/owner
  etag: ETAG_NUMBER
  version: 1

Per scoprire di più su IAM, consulta Identity and Access Management.