Esta página foi traduzida pela API Cloud Translation.

Configurar o IAM para a solução Bare Metal

Quando você quiser que um principal, como um usuário de projeto do Google Cloud ou uma conta de serviço, tenha acesso aos recursos no ambiente da Solução Bare Metal, vai ser necessário conceder a eles papéis e permissões apropriados. Para conceder acesso, crie uma política do Identity and Access Management (IAM) e conceda papéis predefinidos específicos para a Solução Bare Metal.

Conceda papéis com permissões suficientes para que os principais possam realizar o trabalho, mas não mais, para que você possa seguir o princípio de segurança Google Clouddo menor privilégio.

Papéis predefinidos para a Solução Bare Metal

Cada papel do IAM para a solução Bare Metal contém permissões que garantem o acesso principal a recursos específicos, conforme mostrado na tabela a seguir.

Role Permissions

Role	Permissions
Bare Metal Solution Admin (`roles/baremetalsolution.admin`) Administrator of Bare Metal Solution resources	`baremetalsolution.instancequotas.list` `baremetalsolution.instances.` `baremetalsolution.instances.attachNetwork` `baremetalsolution.instances.attachVolume` `baremetalsolution.instances.create` `baremetalsolution.instances.detachLun` `baremetalsolution.instances.detachNetwork` `baremetalsolution.instances.detachVolume` `baremetalsolution.instances.disableInteractiveSerialConsole` `baremetalsolution.instances.enableInteractiveSerialConsole` `baremetalsolution.instances.get` `baremetalsolution.instances.list` `baremetalsolution.instances.rename` `baremetalsolution.instances.reset` `baremetalsolution.instances.start` `baremetalsolution.instances.stop` `baremetalsolution.instances.update` `baremetalsolution.luns.` `baremetalsolution.luns.create` `baremetalsolution.luns.delete` `baremetalsolution.luns.evict` `baremetalsolution.luns.get` `baremetalsolution.luns.list` `baremetalsolution.luns.update` `baremetalsolution.maintenanceevents.` `baremetalsolution.maintenanceevents.addProposal` `baremetalsolution.maintenanceevents.approve` `baremetalsolution.maintenanceevents.get` `baremetalsolution.maintenanceevents.list` `baremetalsolution.networkquotas.list` `baremetalsolution.networks.` `baremetalsolution.networks.create` `baremetalsolution.networks.delete` `baremetalsolution.networks.get` `baremetalsolution.networks.list` `baremetalsolution.networks.rename` `baremetalsolution.networks.update` `baremetalsolution.nfsshares.` `baremetalsolution.nfsshares.create` `baremetalsolution.nfsshares.delete` `baremetalsolution.nfsshares.get` `baremetalsolution.nfsshares.list` `baremetalsolution.nfsshares.rename` `baremetalsolution.nfsshares.update` `baremetalsolution.operations.get` `baremetalsolution.osimages.list` `baremetalsolution.pods.list` `baremetalsolution.procurements.get` `baremetalsolution.procurements.list` `baremetalsolution.skus.list` `baremetalsolution.snapshotschedulepolicies.` `baremetalsolution.snapshotschedulepolicies.create` `baremetalsolution.snapshotschedulepolicies.delete` `baremetalsolution.snapshotschedulepolicies.get` `baremetalsolution.snapshotschedulepolicies.list` `baremetalsolution.snapshotschedulepolicies.update` `baremetalsolution.sshKeys.` `baremetalsolution.sshKeys.create` `baremetalsolution.sshKeys.delete` `baremetalsolution.sshKeys.list` `baremetalsolution.storageaggregatepools.list` `baremetalsolution.volumequotas.list` `baremetalsolution.volumes.` `baremetalsolution.volumes.create` `baremetalsolution.volumes.delete` `baremetalsolution.volumes.evict` `baremetalsolution.volumes.get` `baremetalsolution.volumes.list` `baremetalsolution.volumes.rename` `baremetalsolution.volumes.resize` `baremetalsolution.volumes.update` `baremetalsolution.volumesnapshots.*` `baremetalsolution.volumesnapshots.create` `baremetalsolution.volumesnapshots.delete` `baremetalsolution.volumesnapshots.get` `baremetalsolution.volumesnapshots.list` `baremetalsolution.volumesnapshots.restore` `resourcemanager.projects.get` `resourcemanager.projects.list`
Bare Metal Solution Editor (`roles/baremetalsolution.editor`) Editor of Bare Metal Solution resources	`baremetalsolution.instancequotas.list` `baremetalsolution.instances.` `baremetalsolution.instances.attachNetwork` `baremetalsolution.instances.attachVolume` `baremetalsolution.instances.create` `baremetalsolution.instances.detachLun` `baremetalsolution.instances.detachNetwork` `baremetalsolution.instances.detachVolume` `baremetalsolution.instances.disableInteractiveSerialConsole` `baremetalsolution.instances.enableInteractiveSerialConsole` `baremetalsolution.instances.get` `baremetalsolution.instances.list` `baremetalsolution.instances.rename` `baremetalsolution.instances.reset` `baremetalsolution.instances.start` `baremetalsolution.instances.stop` `baremetalsolution.instances.update` `baremetalsolution.luns.` `baremetalsolution.luns.create` `baremetalsolution.luns.delete` `baremetalsolution.luns.evict` `baremetalsolution.luns.get` `baremetalsolution.luns.list` `baremetalsolution.luns.update` `baremetalsolution.maintenanceevents.` `baremetalsolution.maintenanceevents.addProposal` `baremetalsolution.maintenanceevents.approve` `baremetalsolution.maintenanceevents.get` `baremetalsolution.maintenanceevents.list` `baremetalsolution.networkquotas.list` `baremetalsolution.networks.` `baremetalsolution.networks.create` `baremetalsolution.networks.delete` `baremetalsolution.networks.get` `baremetalsolution.networks.list` `baremetalsolution.networks.rename` `baremetalsolution.networks.update` `baremetalsolution.nfsshares.` `baremetalsolution.nfsshares.create` `baremetalsolution.nfsshares.delete` `baremetalsolution.nfsshares.get` `baremetalsolution.nfsshares.list` `baremetalsolution.nfsshares.rename` `baremetalsolution.nfsshares.update` `baremetalsolution.operations.get` `baremetalsolution.osimages.list` `baremetalsolution.pods.list` `baremetalsolution.procurements.get` `baremetalsolution.procurements.list` `baremetalsolution.skus.list` `baremetalsolution.snapshotschedulepolicies.` `baremetalsolution.snapshotschedulepolicies.create` `baremetalsolution.snapshotschedulepolicies.delete` `baremetalsolution.snapshotschedulepolicies.get` `baremetalsolution.snapshotschedulepolicies.list` `baremetalsolution.snapshotschedulepolicies.update` `baremetalsolution.sshKeys.` `baremetalsolution.sshKeys.create` `baremetalsolution.sshKeys.delete` `baremetalsolution.sshKeys.list` `baremetalsolution.storageaggregatepools.list` `baremetalsolution.volumequotas.list` `baremetalsolution.volumes.` `baremetalsolution.volumes.create` `baremetalsolution.volumes.delete` `baremetalsolution.volumes.evict` `baremetalsolution.volumes.get` `baremetalsolution.volumes.list` `baremetalsolution.volumes.rename` `baremetalsolution.volumes.resize` `baremetalsolution.volumes.update` `baremetalsolution.volumesnapshots.*` `baremetalsolution.volumesnapshots.create` `baremetalsolution.volumesnapshots.delete` `baremetalsolution.volumesnapshots.get` `baremetalsolution.volumesnapshots.list` `baremetalsolution.volumesnapshots.restore` `resourcemanager.projects.get` `resourcemanager.projects.list`
Bare Metal Solution Instances Admin (`roles/baremetalsolution.instancesadmin`) Admin of Bare Metal Solution Instance resources	`baremetalsolution.instances.*` `baremetalsolution.instances.attachNetwork` `baremetalsolution.instances.attachVolume` `baremetalsolution.instances.create` `baremetalsolution.instances.detachLun` `baremetalsolution.instances.detachNetwork` `baremetalsolution.instances.detachVolume` `baremetalsolution.instances.disableInteractiveSerialConsole` `baremetalsolution.instances.enableInteractiveSerialConsole` `baremetalsolution.instances.get` `baremetalsolution.instances.list` `baremetalsolution.instances.rename` `baremetalsolution.instances.reset` `baremetalsolution.instances.start` `baremetalsolution.instances.stop` `baremetalsolution.instances.update` `baremetalsolution.operations.get` `baremetalsolution.osimages.list` `baremetalsolution.pods.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Bare Metal Solution Instances Viewer (`roles/baremetalsolution.instancesviewer`) Viewer of Bare Metal Solution Instance resources	`baremetalsolution.instancequotas.list` `baremetalsolution.instances.get` `baremetalsolution.instances.list` `baremetalsolution.operations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Luns Admin (`roles/baremetalsolution.lunsadmin`) Administrator of Bare Metal Solution Lun resources	`baremetalsolution.luns.get` `baremetalsolution.luns.list` `baremetalsolution.operations.get`
Luns Viewer (`roles/baremetalsolution.lunsviewer`) Viewer of Bare Metal Solution Lun resources	`baremetalsolution.luns.get` `baremetalsolution.luns.list` `baremetalsolution.operations.get`
Maintenance Events Admin (`roles/baremetalsolution.maintenanceeventsadmin`) Administrator of Bare Metal Solution maintenance events resources	`baremetalsolution.maintenanceevents.*` `baremetalsolution.maintenanceevents.addProposal` `baremetalsolution.maintenanceevents.approve` `baremetalsolution.maintenanceevents.get` `baremetalsolution.maintenanceevents.list`
Maintenance Events Editor (`roles/baremetalsolution.maintenanceeventseditor`) Editor of Bare Metal Solution maintenance events resources	`baremetalsolution.maintenanceevents.*` `baremetalsolution.maintenanceevents.addProposal` `baremetalsolution.maintenanceevents.approve` `baremetalsolution.maintenanceevents.get` `baremetalsolution.maintenanceevents.list`
Maintenance Events Viewer (`roles/baremetalsolution.maintenanceeventsviewer`) Viewer of Bare Metal Solution maintenance events resources	`baremetalsolution.maintenanceevents.get` `baremetalsolution.maintenanceevents.list`
Networks Admin (`roles/baremetalsolution.networksadmin`) Admin of Bare Metal Solution networks resources	`baremetalsolution.networkquotas.list` `baremetalsolution.networks.*` `baremetalsolution.networks.create` `baremetalsolution.networks.delete` `baremetalsolution.networks.get` `baremetalsolution.networks.list` `baremetalsolution.networks.rename` `baremetalsolution.networks.update` `baremetalsolution.operations.get` `baremetalsolution.pods.list`
NFS Shares Admin (`roles/baremetalsolution.nfssharesadmin`) Administrator of Bare Metal Solution NFS Share resources	`baremetalsolution.nfsshares.*` `baremetalsolution.nfsshares.create` `baremetalsolution.nfsshares.delete` `baremetalsolution.nfsshares.get` `baremetalsolution.nfsshares.list` `baremetalsolution.nfsshares.rename` `baremetalsolution.nfsshares.update` `baremetalsolution.operations.get` `baremetalsolution.pods.list`
NFS Shares Editor (`roles/baremetalsolution.nfsshareseditor`) Editor of Bare Metal Solution NFS Share resources	`baremetalsolution.nfsshares.*` `baremetalsolution.nfsshares.create` `baremetalsolution.nfsshares.delete` `baremetalsolution.nfsshares.get` `baremetalsolution.nfsshares.list` `baremetalsolution.nfsshares.rename` `baremetalsolution.nfsshares.update` `baremetalsolution.operations.get` `baremetalsolution.pods.list`
NFS Shares Viewer (`roles/baremetalsolution.nfssharesviewer`) Viewer of Bare Metal Solution NFS Share resources	`baremetalsolution.nfsshares.get` `baremetalsolution.nfsshares.list` `baremetalsolution.operations.get`
OS Images Viewer (`roles/baremetalsolution.osimagesviewer`) Viewer of Bare Metal Solution OS images resources	`baremetalsolution.osimages.list`
Bare Metal Solution Procurements Admin (`roles/baremetalsolution.procurementsadmin`) Administrator of Bare Metal Solution Procurements	`baremetalsolution.pods.list` `baremetalsolution.procurements.*` `baremetalsolution.procurements.create` `baremetalsolution.procurements.get` `baremetalsolution.procurements.list` `baremetalsolution.skus.list`
Bare Metal Solution Procurements Editor (`roles/baremetalsolution.procurementseditor`) Editor of Bare Metal Solution Procurements	`baremetalsolution.pods.list` `baremetalsolution.procurements.*` `baremetalsolution.procurements.create` `baremetalsolution.procurements.get` `baremetalsolution.procurements.list` `baremetalsolution.skus.list`
Bare Metal Solution Procurements Viewer (`roles/baremetalsolution.procurementsviewer`) Viewer of Bare Metal Solution Procurements	`baremetalsolution.procurements.get` `baremetalsolution.procurements.list` `baremetalsolution.skus.list`
Bare Metal Solution Service Agent (`roles/baremetalsolution.serviceAgent`) Gives permission to manage network resources such as interconnect pairing keys, required for Bare Metal Solution. Warning: Do not grant service agent roles to any principals except service agents.	`compute.interconnectAttachments.get` `compute.interconnectAttachments.list` `compute.interconnects.get` `compute.interconnects.list` `compute.networks.get` `compute.networks.list` `compute.projects.get` `resourcemanager.projects.get`
Bare Metal Solution Storage Admin (`roles/baremetalsolution.storageadmin`) Administrator of Bare Metal Solution storage resources	`baremetalsolution.luns.` `baremetalsolution.luns.create` `baremetalsolution.luns.delete` `baremetalsolution.luns.evict` `baremetalsolution.luns.get` `baremetalsolution.luns.list` `baremetalsolution.luns.update` `baremetalsolution.nfsshares.` `baremetalsolution.nfsshares.create` `baremetalsolution.nfsshares.delete` `baremetalsolution.nfsshares.get` `baremetalsolution.nfsshares.list` `baremetalsolution.nfsshares.rename` `baremetalsolution.nfsshares.update` `baremetalsolution.operations.get` `baremetalsolution.pods.list` `baremetalsolution.snapshotschedulepolicies.` `baremetalsolution.snapshotschedulepolicies.create` `baremetalsolution.snapshotschedulepolicies.delete` `baremetalsolution.snapshotschedulepolicies.get` `baremetalsolution.snapshotschedulepolicies.list` `baremetalsolution.snapshotschedulepolicies.update` `baremetalsolution.storageaggregatepools.list` `baremetalsolution.volumequotas.list` `baremetalsolution.volumes.` `baremetalsolution.volumes.create` `baremetalsolution.volumes.delete` `baremetalsolution.volumes.evict` `baremetalsolution.volumes.get` `baremetalsolution.volumes.list` `baremetalsolution.volumes.rename` `baremetalsolution.volumes.resize` `baremetalsolution.volumes.update` `baremetalsolution.volumesnapshots.*` `baremetalsolution.volumesnapshots.create` `baremetalsolution.volumesnapshots.delete` `baremetalsolution.volumesnapshots.get` `baremetalsolution.volumesnapshots.list` `baremetalsolution.volumesnapshots.restore` `resourcemanager.projects.get` `resourcemanager.projects.list`
Bare Metal Solution Viewer (`roles/baremetalsolution.viewer`) Viewer of Bare Metal Solution resources	`baremetalsolution.instancequotas.list` `baremetalsolution.instances.get` `baremetalsolution.instances.list` `baremetalsolution.luns.get` `baremetalsolution.luns.list` `baremetalsolution.maintenanceevents.get` `baremetalsolution.maintenanceevents.list` `baremetalsolution.networkquotas.list` `baremetalsolution.networks.get` `baremetalsolution.networks.list` `baremetalsolution.nfsshares.get` `baremetalsolution.nfsshares.list` `baremetalsolution.operations.get` `baremetalsolution.osimages.list` `baremetalsolution.pods.list` `baremetalsolution.procurements.get` `baremetalsolution.procurements.list` `baremetalsolution.skus.list` `baremetalsolution.snapshotschedulepolicies.get` `baremetalsolution.snapshotschedulepolicies.list` `baremetalsolution.sshKeys.list` `baremetalsolution.storageaggregatepools.list` `baremetalsolution.volumequotas.list` `baremetalsolution.volumes.get` `baremetalsolution.volumes.list` `baremetalsolution.volumesnapshots.get` `baremetalsolution.volumesnapshots.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Volume Admin (`roles/baremetalsolution.volumesadmin`) Administrator of Bare Metal Solution volume resources	`baremetalsolution.operations.get` `baremetalsolution.pods.list` `baremetalsolution.volumes.*` `baremetalsolution.volumes.create` `baremetalsolution.volumes.delete` `baremetalsolution.volumes.evict` `baremetalsolution.volumes.get` `baremetalsolution.volumes.list` `baremetalsolution.volumes.rename` `baremetalsolution.volumes.resize` `baremetalsolution.volumes.update`
Volumes Editor (`roles/baremetalsolution.volumeseditor`) Editor of Bare Metal Solution volumes resources	`baremetalsolution.operations.get` `baremetalsolution.pods.list` `baremetalsolution.volumequotas.list` `baremetalsolution.volumes.create` `baremetalsolution.volumes.delete` `baremetalsolution.volumes.get` `baremetalsolution.volumes.list` `baremetalsolution.volumes.rename` `baremetalsolution.volumes.resize` `baremetalsolution.volumes.update`
Snapshots Admin (`roles/baremetalsolution.volumesnapshotsadmin`) Administrator of Bare Metal Solution snapshots resources	`baremetalsolution.operations.get` `baremetalsolution.volumesnapshots.*` `baremetalsolution.volumesnapshots.create` `baremetalsolution.volumesnapshots.delete` `baremetalsolution.volumesnapshots.get` `baremetalsolution.volumesnapshots.list` `baremetalsolution.volumesnapshots.restore`
Snapshots Editor (`roles/baremetalsolution.volumesnapshotseditor`) Editor of Bare Metal Solution snapshots resources	`baremetalsolution.operations.get` `baremetalsolution.volumesnapshots.create` `baremetalsolution.volumesnapshots.delete` `baremetalsolution.volumesnapshots.get` `baremetalsolution.volumesnapshots.list`
Snapshots Viewer (`roles/baremetalsolution.volumesnapshotsviewer`) Viewer of Bare Metal Solution snapshots resources	`baremetalsolution.operations.get` `baremetalsolution.volumesnapshots.get` `baremetalsolution.volumesnapshots.list`
Volumes Viewer (`roles/baremetalsolution.volumessviewer`) Viewer of Bare Metal Solution volumes resources	`baremetalsolution.operations.get` `baremetalsolution.volumes.get` `baremetalsolution.volumes.list`

Bare Metal Solution Admin

(roles/baremetalsolution.admin)

Administrator of Bare Metal Solution resources

baremetalsolution.instancequotas.list

baremetalsolution.instances.*

baremetalsolution.instances.attachNetwork
baremetalsolution.instances.attachVolume
baremetalsolution.instances.create
baremetalsolution.instances.detachLun
baremetalsolution.instances.detachNetwork
baremetalsolution.instances.detachVolume
baremetalsolution.instances.disableInteractiveSerialConsole
baremetalsolution.instances.enableInteractiveSerialConsole
baremetalsolution.instances.get
baremetalsolution.instances.list
baremetalsolution.instances.rename
baremetalsolution.instances.reset
baremetalsolution.instances.start
baremetalsolution.instances.stop
baremetalsolution.instances.update

baremetalsolution.luns.*

baremetalsolution.luns.create
baremetalsolution.luns.delete
baremetalsolution.luns.evict
baremetalsolution.luns.get
baremetalsolution.luns.list
baremetalsolution.luns.update

baremetalsolution.maintenanceevents.*

baremetalsolution.maintenanceevents.addProposal
baremetalsolution.maintenanceevents.approve
baremetalsolution.maintenanceevents.get
baremetalsolution.maintenanceevents.list

baremetalsolution.networkquotas.list

baremetalsolution.networks.*

baremetalsolution.networks.create
baremetalsolution.networks.delete
baremetalsolution.networks.get
baremetalsolution.networks.list
baremetalsolution.networks.rename
baremetalsolution.networks.update

baremetalsolution.nfsshares.*

baremetalsolution.nfsshares.create
baremetalsolution.nfsshares.delete
baremetalsolution.nfsshares.get
baremetalsolution.nfsshares.list
baremetalsolution.nfsshares.rename
baremetalsolution.nfsshares.update

baremetalsolution.operations.get

baremetalsolution.osimages.list

baremetalsolution.pods.list

baremetalsolution.procurements.get

baremetalsolution.procurements.list

baremetalsolution.skus.list

baremetalsolution.snapshotschedulepolicies.*

baremetalsolution.snapshotschedulepolicies.create
baremetalsolution.snapshotschedulepolicies.delete
baremetalsolution.snapshotschedulepolicies.get
baremetalsolution.snapshotschedulepolicies.list
baremetalsolution.snapshotschedulepolicies.update

baremetalsolution.sshKeys.*

baremetalsolution.sshKeys.create
baremetalsolution.sshKeys.delete
baremetalsolution.sshKeys.list

baremetalsolution.storageaggregatepools.list

baremetalsolution.volumequotas.list

baremetalsolution.volumes.*

baremetalsolution.volumes.create
baremetalsolution.volumes.delete
baremetalsolution.volumes.evict
baremetalsolution.volumes.get
baremetalsolution.volumes.list
baremetalsolution.volumes.rename
baremetalsolution.volumes.resize
baremetalsolution.volumes.update

baremetalsolution.volumesnapshots.*

baremetalsolution.volumesnapshots.create
baremetalsolution.volumesnapshots.delete
baremetalsolution.volumesnapshots.get
baremetalsolution.volumesnapshots.list
baremetalsolution.volumesnapshots.restore

resourcemanager.projects.get

resourcemanager.projects.list

Bare Metal Solution Editor

(roles/baremetalsolution.editor)

Editor of Bare Metal Solution resources

baremetalsolution.instancequotas.list

baremetalsolution.instances.*

baremetalsolution.instances.attachNetwork
baremetalsolution.instances.attachVolume
baremetalsolution.instances.create
baremetalsolution.instances.detachLun
baremetalsolution.instances.detachNetwork
baremetalsolution.instances.detachVolume
baremetalsolution.instances.disableInteractiveSerialConsole
baremetalsolution.instances.enableInteractiveSerialConsole
baremetalsolution.instances.get
baremetalsolution.instances.list
baremetalsolution.instances.rename
baremetalsolution.instances.reset
baremetalsolution.instances.start
baremetalsolution.instances.stop
baremetalsolution.instances.update

baremetalsolution.luns.*

baremetalsolution.luns.create
baremetalsolution.luns.delete
baremetalsolution.luns.evict
baremetalsolution.luns.get
baremetalsolution.luns.list
baremetalsolution.luns.update

baremetalsolution.maintenanceevents.*

baremetalsolution.maintenanceevents.addProposal
baremetalsolution.maintenanceevents.approve
baremetalsolution.maintenanceevents.get
baremetalsolution.maintenanceevents.list

baremetalsolution.networkquotas.list

baremetalsolution.networks.*

baremetalsolution.networks.create
baremetalsolution.networks.delete
baremetalsolution.networks.get
baremetalsolution.networks.list
baremetalsolution.networks.rename
baremetalsolution.networks.update

baremetalsolution.nfsshares.*

baremetalsolution.nfsshares.create
baremetalsolution.nfsshares.delete
baremetalsolution.nfsshares.get
baremetalsolution.nfsshares.list
baremetalsolution.nfsshares.rename
baremetalsolution.nfsshares.update

baremetalsolution.operations.get

baremetalsolution.osimages.list

baremetalsolution.pods.list

baremetalsolution.procurements.get

baremetalsolution.procurements.list

baremetalsolution.skus.list

baremetalsolution.snapshotschedulepolicies.*

baremetalsolution.snapshotschedulepolicies.create
baremetalsolution.snapshotschedulepolicies.delete
baremetalsolution.snapshotschedulepolicies.get
baremetalsolution.snapshotschedulepolicies.list
baremetalsolution.snapshotschedulepolicies.update

baremetalsolution.sshKeys.*

baremetalsolution.sshKeys.create
baremetalsolution.sshKeys.delete
baremetalsolution.sshKeys.list

baremetalsolution.storageaggregatepools.list

baremetalsolution.volumequotas.list

baremetalsolution.volumes.*

baremetalsolution.volumes.create
baremetalsolution.volumes.delete
baremetalsolution.volumes.evict
baremetalsolution.volumes.get
baremetalsolution.volumes.list
baremetalsolution.volumes.rename
baremetalsolution.volumes.resize
baremetalsolution.volumes.update

baremetalsolution.volumesnapshots.*

baremetalsolution.volumesnapshots.create
baremetalsolution.volumesnapshots.delete
baremetalsolution.volumesnapshots.get
baremetalsolution.volumesnapshots.list
baremetalsolution.volumesnapshots.restore

resourcemanager.projects.get

resourcemanager.projects.list

Bare Metal Solution Instances Admin

(roles/baremetalsolution.instancesadmin)

Admin of Bare Metal Solution Instance resources

baremetalsolution.instances.*

baremetalsolution.instances.attachNetwork
baremetalsolution.instances.attachVolume
baremetalsolution.instances.create
baremetalsolution.instances.detachLun
baremetalsolution.instances.detachNetwork
baremetalsolution.instances.detachVolume
baremetalsolution.instances.disableInteractiveSerialConsole
baremetalsolution.instances.enableInteractiveSerialConsole
baremetalsolution.instances.get
baremetalsolution.instances.list
baremetalsolution.instances.rename
baremetalsolution.instances.reset
baremetalsolution.instances.start
baremetalsolution.instances.stop
baremetalsolution.instances.update

baremetalsolution.operations.get

baremetalsolution.osimages.list

baremetalsolution.pods.list

resourcemanager.projects.get

resourcemanager.projects.list

Bare Metal Solution Instances Viewer

(roles/baremetalsolution.instancesviewer)

Viewer of Bare Metal Solution Instance resources

baremetalsolution.instancequotas.list

baremetalsolution.instances.get

baremetalsolution.instances.list

baremetalsolution.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Luns Admin

(roles/baremetalsolution.lunsadmin)

Administrator of Bare Metal Solution Lun resources

baremetalsolution.luns.get

baremetalsolution.luns.list

baremetalsolution.operations.get

Luns Viewer

(roles/baremetalsolution.lunsviewer)

Viewer of Bare Metal Solution Lun resources

baremetalsolution.luns.get

baremetalsolution.luns.list

baremetalsolution.operations.get

Maintenance Events Admin

(roles/baremetalsolution.maintenanceeventsadmin)

Administrator of Bare Metal Solution maintenance events resources

baremetalsolution.maintenanceevents.*

baremetalsolution.maintenanceevents.addProposal
baremetalsolution.maintenanceevents.approve
baremetalsolution.maintenanceevents.get
baremetalsolution.maintenanceevents.list

Maintenance Events Editor

(roles/baremetalsolution.maintenanceeventseditor)

Editor of Bare Metal Solution maintenance events resources

baremetalsolution.maintenanceevents.*

baremetalsolution.maintenanceevents.addProposal
baremetalsolution.maintenanceevents.approve
baremetalsolution.maintenanceevents.get
baremetalsolution.maintenanceevents.list

Maintenance Events Viewer

(roles/baremetalsolution.maintenanceeventsviewer)

Viewer of Bare Metal Solution maintenance events resources

baremetalsolution.maintenanceevents.get

baremetalsolution.maintenanceevents.list

Networks Admin

(roles/baremetalsolution.networksadmin)

Admin of Bare Metal Solution networks resources

baremetalsolution.networkquotas.list

baremetalsolution.networks.*

baremetalsolution.networks.create
baremetalsolution.networks.delete
baremetalsolution.networks.get
baremetalsolution.networks.list
baremetalsolution.networks.rename
baremetalsolution.networks.update

baremetalsolution.operations.get

baremetalsolution.pods.list

NFS Shares Admin

(roles/baremetalsolution.nfssharesadmin)

Administrator of Bare Metal Solution NFS Share resources

baremetalsolution.nfsshares.*

baremetalsolution.nfsshares.create
baremetalsolution.nfsshares.delete
baremetalsolution.nfsshares.get
baremetalsolution.nfsshares.list
baremetalsolution.nfsshares.rename
baremetalsolution.nfsshares.update

baremetalsolution.operations.get

baremetalsolution.pods.list

NFS Shares Editor

(roles/baremetalsolution.nfsshareseditor)

Editor of Bare Metal Solution NFS Share resources

baremetalsolution.nfsshares.*

baremetalsolution.nfsshares.create
baremetalsolution.nfsshares.delete
baremetalsolution.nfsshares.get
baremetalsolution.nfsshares.list
baremetalsolution.nfsshares.rename
baremetalsolution.nfsshares.update

baremetalsolution.operations.get

baremetalsolution.pods.list

NFS Shares Viewer

(roles/baremetalsolution.nfssharesviewer)

Viewer of Bare Metal Solution NFS Share resources

baremetalsolution.nfsshares.get

baremetalsolution.nfsshares.list

baremetalsolution.operations.get

OS Images Viewer

(roles/baremetalsolution.osimagesviewer)

Viewer of Bare Metal Solution OS images resources

baremetalsolution.osimages.list

Bare Metal Solution Procurements Admin

(roles/baremetalsolution.procurementsadmin)

Administrator of Bare Metal Solution Procurements

baremetalsolution.pods.list

baremetalsolution.procurements.*

baremetalsolution.procurements.create
baremetalsolution.procurements.get
baremetalsolution.procurements.list

baremetalsolution.skus.list

Bare Metal Solution Procurements Editor

(roles/baremetalsolution.procurementseditor)

Editor of Bare Metal Solution Procurements

baremetalsolution.pods.list

baremetalsolution.procurements.*

baremetalsolution.procurements.create
baremetalsolution.procurements.get
baremetalsolution.procurements.list

baremetalsolution.skus.list

Bare Metal Solution Procurements Viewer

(roles/baremetalsolution.procurementsviewer)

Viewer of Bare Metal Solution Procurements

baremetalsolution.procurements.get

baremetalsolution.procurements.list

baremetalsolution.skus.list

Bare Metal Solution Service Agent

(roles/baremetalsolution.serviceAgent)

Gives permission to manage network resources such as interconnect pairing keys, required for Bare Metal Solution.

compute.interconnectAttachments.get

compute.interconnectAttachments.list

compute.interconnects.get

compute.interconnects.list

compute.networks.get

compute.networks.list

compute.projects.get

resourcemanager.projects.get

Bare Metal Solution Storage Admin

(roles/baremetalsolution.storageadmin)

Administrator of Bare Metal Solution storage resources

baremetalsolution.luns.*

baremetalsolution.luns.create
baremetalsolution.luns.delete
baremetalsolution.luns.evict
baremetalsolution.luns.get
baremetalsolution.luns.list
baremetalsolution.luns.update

baremetalsolution.nfsshares.*

baremetalsolution.nfsshares.create
baremetalsolution.nfsshares.delete
baremetalsolution.nfsshares.get
baremetalsolution.nfsshares.list
baremetalsolution.nfsshares.rename
baremetalsolution.nfsshares.update

baremetalsolution.operations.get

baremetalsolution.pods.list

baremetalsolution.snapshotschedulepolicies.*

baremetalsolution.snapshotschedulepolicies.create
baremetalsolution.snapshotschedulepolicies.delete
baremetalsolution.snapshotschedulepolicies.get
baremetalsolution.snapshotschedulepolicies.list
baremetalsolution.snapshotschedulepolicies.update

baremetalsolution.storageaggregatepools.list

baremetalsolution.volumequotas.list

baremetalsolution.volumes.*

baremetalsolution.volumes.create
baremetalsolution.volumes.delete
baremetalsolution.volumes.evict
baremetalsolution.volumes.get
baremetalsolution.volumes.list
baremetalsolution.volumes.rename
baremetalsolution.volumes.resize
baremetalsolution.volumes.update

baremetalsolution.volumesnapshots.*

baremetalsolution.volumesnapshots.create
baremetalsolution.volumesnapshots.delete
baremetalsolution.volumesnapshots.get
baremetalsolution.volumesnapshots.list
baremetalsolution.volumesnapshots.restore

resourcemanager.projects.get

resourcemanager.projects.list

Bare Metal Solution Viewer

(roles/baremetalsolution.viewer)

Viewer of Bare Metal Solution resources

baremetalsolution.instancequotas.list

baremetalsolution.instances.get

baremetalsolution.instances.list

baremetalsolution.luns.get

baremetalsolution.luns.list

baremetalsolution.maintenanceevents.get

baremetalsolution.maintenanceevents.list

baremetalsolution.networkquotas.list

baremetalsolution.networks.get

baremetalsolution.networks.list

baremetalsolution.nfsshares.get

baremetalsolution.nfsshares.list

baremetalsolution.operations.get

baremetalsolution.osimages.list

baremetalsolution.pods.list

baremetalsolution.procurements.get

baremetalsolution.procurements.list

baremetalsolution.skus.list

baremetalsolution.snapshotschedulepolicies.get

baremetalsolution.snapshotschedulepolicies.list

baremetalsolution.sshKeys.list

baremetalsolution.storageaggregatepools.list

baremetalsolution.volumequotas.list

baremetalsolution.volumes.get

baremetalsolution.volumes.list

baremetalsolution.volumesnapshots.get

baremetalsolution.volumesnapshots.list

resourcemanager.projects.get

resourcemanager.projects.list

Volume Admin

(roles/baremetalsolution.volumesadmin)

Administrator of Bare Metal Solution volume resources

baremetalsolution.operations.get

baremetalsolution.pods.list

baremetalsolution.volumes.*

baremetalsolution.volumes.create
baremetalsolution.volumes.delete
baremetalsolution.volumes.evict
baremetalsolution.volumes.get
baremetalsolution.volumes.list
baremetalsolution.volumes.rename
baremetalsolution.volumes.resize
baremetalsolution.volumes.update

Volumes Editor

(roles/baremetalsolution.volumeseditor)

Editor of Bare Metal Solution volumes resources

baremetalsolution.operations.get

baremetalsolution.pods.list

baremetalsolution.volumequotas.list

baremetalsolution.volumes.create

baremetalsolution.volumes.delete

baremetalsolution.volumes.get

baremetalsolution.volumes.list

baremetalsolution.volumes.rename

baremetalsolution.volumes.resize

baremetalsolution.volumes.update

Snapshots Admin

(roles/baremetalsolution.volumesnapshotsadmin)

Administrator of Bare Metal Solution snapshots resources

baremetalsolution.operations.get

baremetalsolution.volumesnapshots.*

baremetalsolution.volumesnapshots.create
baremetalsolution.volumesnapshots.delete
baremetalsolution.volumesnapshots.get
baremetalsolution.volumesnapshots.list
baremetalsolution.volumesnapshots.restore

Snapshots Editor

(roles/baremetalsolution.volumesnapshotseditor)

Editor of Bare Metal Solution snapshots resources

baremetalsolution.operations.get

baremetalsolution.volumesnapshots.create

baremetalsolution.volumesnapshots.delete

baremetalsolution.volumesnapshots.get

baremetalsolution.volumesnapshots.list

Snapshots Viewer

(roles/baremetalsolution.volumesnapshotsviewer)

Viewer of Bare Metal Solution snapshots resources

baremetalsolution.operations.get

baremetalsolution.volumesnapshots.get

baremetalsolution.volumesnapshots.list

Volumes Viewer

(roles/baremetalsolution.volumessviewer)

Viewer of Bare Metal Solution volumes resources

baremetalsolution.operations.get

baremetalsolution.volumes.get

baremetalsolution.volumes.list

Recomendamos aplicar as funções da seguinte maneira:

Preenchimento de um formulário de entrada
- Papéis da Solução Bare Metal: administrador, editor ou administrador de instâncias E visualizador de rede do Compute
- Papéis básicos: proprietário ou editor
Como reiniciar um servidor da Solução Bare Metal
- Papéis da solução Bare Metal: administrador ou editor
- Papéis básicos: proprietário ou editor
Como listar servidores ou solicitar status
- Papéis da solução Bare Metal: visualizador ou visualizador de instâncias
- Papel básico: visualizador
Como gerenciar componentes de armazenamento
- Papéis da solução Bare Metal: administrador, editor ou administrador de armazenamento
- Papéis básicos: proprietário ou editor
Como gerenciar componentes de rede
- Papéis da solução Bare Metal: administrador, editor ou administrador de rede
- Papéis básicos: proprietário ou editor

Para ver uma lista completa de papéis da Solução Bare Metal, consulte Papéis predefinidos e insira baremetalsolution. na caixa de pesquisa.

Para ver uma lista completa de permissões da Solução Bare Metal, consulte Pesquisar uma permissão e insira baremetalsolution. na caixa de pesquisa.

Conceder um papel do IAM

Adicione uma política do IAM para conceder um papel da Solução Bare Metal a um principal. O papel contém permissões que permitem que o principal execute determinadas ações. Para conceder um papel:

Console

Verifique se você tem um papel que contém as permissões apropriadas do IAM para garantir papéis a outras pessoas, como Proprietário, Administrador de IAM do projeto ou Administrador de segurança. Para mais informações sobre esse requisito, consulte Papéis necessários.
No Google Cloud console, acesse a página de permissões do IAM.

Acessar IAM
Clique em Conceder acesso.
Digite as seguintes informações:
- Em Adicionar participantes, insira seus usuários. Você pode adicionar usuários individuais, grupos do Google, contas de serviço ou domínios do Google Workspace.
- Em Atribuir papéis, escolha um papel do menu Selecionar um papel para conceder esse papel aos principais.
- Clique em Adicionar outro papel se você precisar atribuir vários papéis aos principais.
- Clique em Save.
Os principais e os papéis atribuídos aparecem na página de status Permissões do IAM.

gcloud

Verifique se você tem um papel que contém as permissões apropriadas do IAM para garantir papéis a outras pessoas, como Proprietário, Administrador de IAM do projeto ou Administrador de segurança. Para mais informações sobre esse requisito, consulte Papéis necessários.
Abra uma janela do Cloud Shell no projeto do Google Cloud .
Adicione o ID do projeto Google Cloud , o endereço de e-mail da conta Google Cloud do usuário principal e o caminho do papel da Solução Bare Metal desejado no comando a seguir:
```
gcloud projects add-iam-policy-binding PROJECT_ID \
 --member=user:username@example.com \
 --role=roles/baremetalsolution.admin
 
```
Copie e cole o comando na janela do Cloud Shell.
Pressione a tecla Enter ou Retornar.
Em alguns casos, uma janela Autorizar o Cloud Shell é aberta, solicitando que você permita uma chamada de API. Se você vir essa mensagem, clique em Autorizar.

Depois de inserir os comandos, o resultado se parecerá com o seguinte:

Updated IAM policy for project [PROJECT_ID].
  bindings:
  - members:
   - user:username@example.com
   role: roles/baremetalsolution.admin
  - members:
   - serviceAccount:service-PROJECT_NUMBER@compute-system.iam.gserviceaccount.com
   role: roles/compute.serviceAgent
  - members:
   - serviceAccount:PROJECT_NUMBER-compute@developer.gserviceaccount.com
   - serviceAccount:PROJECT_NUMBER@cloudservices.gserviceaccount.com
   role: roles/editor
  - members:
   - user:username@example.com
   role: roles/owner
  etag: ETAG_NUMBER
  version: 1

Para saber mais sobre o IAM, consulte o Identity and Access Management.