Mantenha tudo organizado com as coleções
Salve e categorize o conteúdo com base nas suas preferências.
Esta página descreve os papéis da API Cloud Domains e as opções de controle de acesso disponíveis no Cloud Domains.
OGoogle Cloud oferece o gerenciamento de identidade e acesso (IAM), que permite a concessão de acesso mais granular a recursos Google Cloud específicos e impede o acesso indesejado a outros recursos. Com o IAM, é possível adotar o
princípio de segurança do menor privilégio
para conceder apenas o acesso necessário aos recursos.
O IAM permite que você defina políticas para controlar quem tem quais permissões em quais recursos.
As políticas do IAM concedem papéis específicos a um usuário, que recebe
determinadas permissões.
Por exemplo, um usuário específico pode precisar criar e modificar as configurações de contato
de um domínio. Nesse caso, você pode conceder a ele o
papel de administrador do Cloud Domains (roles/domains.admin). Por outro lado,
um usuário pode precisar apenas visualizar domínios de recursos existentes. Nesse caso, ele vai receber o
papel de leitor do Cloud Domains (roles/domains.viewer). No caso do
Cloud Domains, é possível configurar o acesso no nível do projeto e
do recurso.
Confira alguns exemplos de permissões para o papel de leitor:
Visualizar todos os domínios registrados em um projeto.
Confira detalhes do registro, como DNS ou tempo de validade.
Pesquise a disponibilidade do domínio e receba os parâmetros de registro.
Confira alguns exemplos de permissões para a função de administrador:
Registre um novo domínio.
Atualize as configurações de registro, incluindo as configurações de DNS e
de contato.
Para conferir e atribuir papéis do IAM do Cloud Domains,
ative a API Cloud Domains no projeto. Você não vai conseguir acessar os
papéis do Cloud Domains no console Google Cloud até ativar
a API.
Para conferir listas de papéis e permissões compatíveis com o Cloud Domains, consulte as seções a seguir.
Papéis
A tabela a seguir lista os papéis do IAM da API Cloud Domains com uma lista correspondente de todas as permissões incluídas em cada um. Cada permissão se aplica a um tipo específico de
recurso. Para mais detalhes sobre cada permissão, consulte a seção
Permissões.
Role
Permissions
Cloud Domains Admin
(roles/domains.admin)
Full access to Cloud Domains Registrations and related resources.
domains.*
domains.locations.get
domains.locations.list
domains.operations.cancel
domains.operations.get
domains.operations.list
domains.registrations.configureContact
domains.registrations.configureDns
domains.registrations.configureManagement
domains.registrations.create
domains.registrations.createTagBinding
domains.registrations.delete
domains.registrations.deleteTagBinding
domains.registrations.get
domains.registrations.getIamPolicy
domains.registrations.list
domains.registrations.listEffectiveTags
domains.registrations.listTagBindings
domains.registrations.setIamPolicy
domains.registrations.update
resourcemanager.projects.get
resourcemanager.projects.list
Cloud Domains Viewer
(roles/domains.viewer)
Read-only access to Cloud Domains Registrations and related resources.
domains.locations.*
domains.locations.get
domains.locations.list
domains.operations.get
domains.operations.list
domains.registrations.get
domains.registrations.getIamPolicy
domains.registrations.list
domains.registrations.listEffectiveTags
domains.registrations.listTagBindings
resourcemanager.projects.get
resourcemanager.projects.list
Permissões
A tabela a seguir lista as permissões que o autor da chamada precisa ter para chamar cada método.
[[["Fácil de entender","easyToUnderstand","thumb-up"],["Meu problema foi resolvido","solvedMyProblem","thumb-up"],["Outro","otherUp","thumb-up"]],[["Difícil de entender","hardToUnderstand","thumb-down"],["Informações incorretas ou exemplo de código","incorrectInformationOrSampleCode","thumb-down"],["Não contém as informações/amostras de que eu preciso","missingTheInformationSamplesINeed","thumb-down"],["Problema na tradução","translationIssue","thumb-down"],["Outro","otherDown","thumb-down"]],["Última atualização 2025-08-29 UTC."],[[["\u003cp\u003eCloud Domains uses Identity and Access Management (IAM) to control who has what permissions to which resources, ensuring the security principle of least privilege is enforced.\u003c/p\u003e\n"],["\u003cp\u003eThere are two primary roles within Cloud Domains: Admin, which provides full access to domain registrations and related resources, and Viewer, which allows read-only access.\u003c/p\u003e\n"],["\u003cp\u003eTo manage Cloud Domains IAM roles, you must enable the Cloud Domains API for your project, after which you will be able to see these roles within the Google Cloud console.\u003c/p\u003e\n"],["\u003cp\u003eThe Admin role can register new domains, update domain registration settings, while the Viewer role can view existing domains and their registration details, including DNS and expiry information.\u003c/p\u003e\n"],["\u003cp\u003eThe page provides detailed tables listing the permissions included with each role and the specific permissions required to perform different methods related to domain registrations.\u003c/p\u003e\n"]]],[],null,["# Roles and permissions\n\n| **Note:** On September 7, 2023 Squarespace acquired all domain registrations and related customer accounts from Google Domains. For more information about how this change affects Cloud Domains, see [Cloud Domains feature deprecations](/domains/docs/deprecations/feature-deprecations), [Renew an expired domain registration](https://support.google.com/a/answer/6152355), and [Squarespace purchase of Google Domains FAQ](/domains/docs/faq).\n\n\u003cbr /\u003e\n\nThis page describes the Cloud Domains API roles and the access control options that\nare available to you in Cloud Domains.\n\nGoogle Cloud offers Identity and Access Management (IAM), which lets you give\nmore granular access to specific Google Cloud resources and prevents\nunwanted access to other resources. IAM lets you adopt the\n[security principle of least privilege](https://wikipedia.org/wiki/Principle_of_least_privilege)\nso that you grant only the necessary access to your resources.\nIAM lets you control *who* has *what* permissions to\n*which* resources by setting IAM policies.\nIAM policies grant specific roles to a user, which gives the user\ncertain permissions.\n\nFor example, a particular user might need to create and modify the contact\nsettings for a domain, so you would give that user the\nCloud Domains Admin role (`roles/domains.admin`). On the other hand,\na user might need to only view existing resource domains, so they would get a\nCloud Domains Viewer role (`roles/domains.viewer`). For\nCloud Domains, you can configure both project-level and\nresource-level access.\n\nFollowing are some examples of permissions for the Viewer role:\n\n- View all domains registered in a project.\n- View registration details such as DNS or expiry time.\n- Search domain availability and get registration parameters.\n\nFollowing are some examples of permissions for the Admin role:\n\n- Register a new domain.\n- Update registration settings, including DNS settings and contact settings.\n\nTo understand role types, see the\n[IAM basic and predefined roles reference](/iam/docs/understanding-roles).\n\nEnable the Cloud Domains API\n----------------------------\n\nTo view and assign Cloud Domains IAM roles,\nyou must enable the Cloud Domains API for your project. You cannot see the\nCloud Domains roles in the Google Cloud console until you\nenable the API.\n\n[Enable the API](https://console.cloud.google.com/apis/library/domains.googleapis.com)\n\nFor lists of the roles and permissions that Cloud Domains\nsupports, see the following sections.\n\nRoles\n-----\n\nThe following table lists the Cloud Domains API\nIAM roles with a corresponding list of all the permissions that\neach role includes. Each permission is applicable to a particular resource\ntype. For more details about each permission, see the\n[Permissions](#permissions) section.\n\nPermissions\n-----------\n\nThe following table lists the permissions that the caller must have to call\neach method.\n\nAccess control using the Google Cloud console\n---------------------------------------------\n\nYou can use the Google Cloud console to manage access control for your\nprojects.\n\nFor detailed instructions, see\n[Manage access to projects, folders, and organizations](/iam/docs/granting-changing-revoking-access).\n\nWhat's next\n-----------\n\n- To get started using Cloud Domains, see the [Quickstart](/domains/docs/buy-register-domain).\n- To improve the security of your Cloud Domains configuration, see [VPC Service Controls support](/domains/docs/vpc-sc-support).\n- To find solutions for common issues that you might encounter when using Cloud Domains, see [Troubleshooting](/domains/docs/troubleshooting)."]]
