Cloud DNS 角色和权限

本页列出了 Cloud DNS 的 IAM 角色和权限。如需搜索所有角色和权限,请参阅角色和权限索引

Cloud DNS 角色

Role Permissions

(roles/dns.admin)

Provides read-write access to all Cloud DNS resources.

Lowest-level resources where you can grant this role:

  • Managed zone

compute.networks.get

compute.networks.list

dns.changes.*

  • dns.changes.create
  • dns.changes.get
  • dns.changes.list

dns.dnsKeys.*

  • dns.dnsKeys.get
  • dns.dnsKeys.list

dns.gkeClusters.*

  • dns.gkeClusters.bindDNSResponsePolicy
  • dns.gkeClusters.bindPrivateDNSZone

dns.managedZoneOperations.*

  • dns.managedZoneOperations.get
  • dns.managedZoneOperations.list

dns.managedZones.create

dns.managedZones.delete

dns.managedZones.get

dns.managedZones.getIamPolicy

dns.managedZones.list

dns.managedZones.update

dns.networks.*

  • dns.networks.bindDNSResponsePolicy
  • dns.networks.bindPrivateDNSPolicy
  • dns.networks.bindPrivateDNSZone
  • dns.networks.targetWithPeeringZone
  • dns.networks.useHealthSignals

dns.policies.*

  • dns.policies.create
  • dns.policies.delete
  • dns.policies.get
  • dns.policies.list
  • dns.policies.update

dns.projects.get

dns.resourceRecordSets.*

  • dns.resourceRecordSets.create
  • dns.resourceRecordSets.delete
  • dns.resourceRecordSets.get
  • dns.resourceRecordSets.list
  • dns.resourceRecordSets.update

dns.responsePolicies.*

  • dns.responsePolicies.create
  • dns.responsePolicies.delete
  • dns.responsePolicies.get
  • dns.responsePolicies.list
  • dns.responsePolicies.update

dns.responsePolicyRules.*

  • dns.responsePolicyRules.create
  • dns.responsePolicyRules.delete
  • dns.responsePolicyRules.get
  • dns.responsePolicyRules.list
  • dns.responsePolicyRules.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/dns.peer)

Access to target networks with DNS peering zones

dns.networks.targetWithPeeringZone

(roles/dns.reader)

Provides read-only access to all Cloud DNS resources.

Lowest-level resources where you can grant this role:

  • Managed zone

compute.networks.get

dns.changes.get

dns.changes.list

dns.dnsKeys.*

  • dns.dnsKeys.get
  • dns.dnsKeys.list

dns.managedZoneOperations.*

  • dns.managedZoneOperations.get
  • dns.managedZoneOperations.list

dns.managedZones.get

dns.managedZones.list

dns.policies.get

dns.policies.list

dns.projects.get

dns.resourceRecordSets.get

dns.resourceRecordSets.list

dns.responsePolicies.get

dns.responsePolicies.list

dns.responsePolicyRules.get

dns.responsePolicyRules.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/dns.serviceAgent)

Gives Cloud DNS Service Agent access to Cloud Platform resources.

compute.globalNetworkEndpointGroups.attachNetworkEndpoints

compute.globalNetworkEndpointGroups.create

compute.globalNetworkEndpointGroups.delete

compute.globalNetworkEndpointGroups.detachNetworkEndpoints

compute.globalNetworkEndpointGroups.get

compute.globalOperations.get

compute.healthChecks.get

Cloud DNS 权限

权限 以下角色拥有此权限

Owner (roles/owner)

Editor (roles/editor)

DNS Administrator (roles/dns.admin)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DNS Administrator (roles/dns.admin)

DNS Reader (roles/dns.reader)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DNS Administrator (roles/dns.admin)

DNS Reader (roles/dns.reader)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DNS Administrator (roles/dns.admin)

DNS Reader (roles/dns.reader)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DNS Administrator (roles/dns.admin)

DNS Reader (roles/dns.reader)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

DNS Administrator (roles/dns.admin)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

DNS Administrator (roles/dns.admin)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DNS Administrator (roles/dns.admin)

DNS Reader (roles/dns.reader)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DNS Administrator (roles/dns.admin)

DNS Reader (roles/dns.reader)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

DNS Administrator (roles/dns.admin)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

DNS Administrator (roles/dns.admin)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Composer Shared VPC Agent (roles/composer.sharedVpcAgent)

DNS Administrator (roles/dns.admin)

DNS Reader (roles/dns.reader)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DNS Administrator (roles/dns.admin)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Composer Shared VPC Agent (roles/composer.sharedVpcAgent)

DNS Administrator (roles/dns.admin)

DNS Reader (roles/dns.reader)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Workload Manager Admin (roles/workloadmanager.admin)

Workload Manager Deployment Admin (roles/workloadmanager.deploymentAdmin)

服务代理角色

Owner (roles/owner)

Security Admin (roles/iam.securityAdmin)

Owner (roles/owner)

Editor (roles/editor)

DNS Administrator (roles/dns.admin)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Kubernetes Engine Host Service Agent User (roles/container.hostServiceAgentUser)

DNS Administrator (roles/dns.admin)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Kubernetes Engine Host Service Agent User (roles/container.hostServiceAgentUser)

DNS Administrator (roles/dns.admin)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Kubernetes Engine Host Service Agent User (roles/container.hostServiceAgentUser)

DNS Administrator (roles/dns.admin)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Composer Shared VPC Agent (roles/composer.sharedVpcAgent)

DNS Administrator (roles/dns.admin)

DNS Peer (roles/dns.peer)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

DNS Administrator (roles/dns.admin)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

DNS Administrator (roles/dns.admin)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

DNS Administrator (roles/dns.admin)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DNS Administrator (roles/dns.admin)

DNS Reader (roles/dns.reader)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DNS Administrator (roles/dns.admin)

DNS Reader (roles/dns.reader)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

DNS Administrator (roles/dns.admin)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DNS Administrator (roles/dns.admin)

DNS Reader (roles/dns.reader)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

DNS Administrator (roles/dns.admin)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

DNS Administrator (roles/dns.admin)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DNS Administrator (roles/dns.admin)

DNS Reader (roles/dns.reader)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DNS Administrator (roles/dns.admin)

DNS Reader (roles/dns.reader)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

DNS Administrator (roles/dns.admin)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Kubernetes Engine Host Service Agent User (roles/container.hostServiceAgentUser)

DNS Administrator (roles/dns.admin)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Kubernetes Engine Host Service Agent User (roles/container.hostServiceAgentUser)

DNS Administrator (roles/dns.admin)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Kubernetes Engine Host Service Agent User (roles/container.hostServiceAgentUser)

DNS Administrator (roles/dns.admin)

DNS Reader (roles/dns.reader)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Kubernetes Engine Host Service Agent User (roles/container.hostServiceAgentUser)

DNS Administrator (roles/dns.admin)

DNS Reader (roles/dns.reader)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Kubernetes Engine Host Service Agent User (roles/container.hostServiceAgentUser)

DNS Administrator (roles/dns.admin)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Kubernetes Engine Host Service Agent User (roles/container.hostServiceAgentUser)

DNS Administrator (roles/dns.admin)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Kubernetes Engine Host Service Agent User (roles/container.hostServiceAgentUser)

DNS Administrator (roles/dns.admin)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Kubernetes Engine Host Service Agent User (roles/container.hostServiceAgentUser)

DNS Administrator (roles/dns.admin)

DNS Reader (roles/dns.reader)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Kubernetes Engine Host Service Agent User (roles/container.hostServiceAgentUser)

DNS Administrator (roles/dns.admin)

DNS Reader (roles/dns.reader)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Kubernetes Engine Host Service Agent User (roles/container.hostServiceAgentUser)

DNS Administrator (roles/dns.admin)

服务代理角色