发送反馈
使用 IAM 进行访问权限控制
使用集合让一切井井有条
根据您的偏好保存内容并对其进行分类。
Identity and Access Management (IAM) 角色介绍了如何使用 Managed Service for Microsoft Active Directory (Managed Microsoft AD) API。下面列出了一系列可用于代管式 Microsoft AD 的 IAM 角色及其可用的方法。
此外,服务账号必须具有 servicemanagement.services.bind 权限才能查看和启用托管式 Microsoft AD。详细了解服务管理角色和权限 。
Role
Permissions
Google Cloud Managed Identities Admin
(roles/managedidentities.admin )
Full access to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a project-level.
managedidentities.*
managedidentities.backups.create managedidentities.backups.delete managedidentities.backups.getmanagedidentities.backups.getIamPolicy managedidentities.backups.listmanagedidentities.backups.setIamPolicy managedidentities.backups.update managedidentities.domains.attachTrust managedidentities.domains.checkMigrationPermission managedidentities.domains.create managedidentities.domains.createTagBinding managedidentities.domains.delete managedidentities.domains.deleteTagBinding managedidentities.domains.detachTrust managedidentities.domains.disableMigration managedidentities.domains.domainJoinMachine managedidentities.domains.enableMigration managedidentities.domains.extendSchema managedidentities.domains.getmanagedidentities.domains.getIamPolicy managedidentities.domains.listmanagedidentities.domains.listEffectiveTags managedidentities.domains.listTagBindings managedidentities.domains.reconfigureTrust managedidentities.domains.resetpassword managedidentities.domains.restore managedidentities.domains.setIamPolicy managedidentities.domains.update managedidentities.domains.updateLDAPSSettings managedidentities.domains.validateTrust managedidentities.locations.get managedidentities.locations.list managedidentities.operations.cancel managedidentities.operations.delete managedidentities.operations.get managedidentities.operations.list managedidentities.peerings.create managedidentities.peerings.delete managedidentities.peerings.getmanagedidentities.peerings.getIamPolicy managedidentities.peerings.list managedidentities.peerings.setIamPolicy managedidentities.peerings.update managedidentities.sqlintegrations.get managedidentities.sqlintegrations.list
resourcemanager.projects.get
resourcemanager.projects.list
Google Cloud Managed Identities Backup Admin
(roles/managedidentities.backupAdmin )
Full access to Google Cloud Managed Identities Backup and related resources. Intended to be granted on a project-level
managedidentities.backups.*
managedidentities.backups.create managedidentities.backups.delete managedidentities.backups.getmanagedidentities.backups.getIamPolicy managedidentities.backups.listmanagedidentities.backups.setIamPolicy managedidentities.backups.update
managedidentities.domains.get
managedidentities.locations.*
managedidentities.locations.get managedidentities.locations.list
managedidentities.operations.*
managedidentities.operations.cancel managedidentities.operations.delete managedidentities.operations.get managedidentities.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
Google Cloud Managed Identities Backup Viewer
(roles/managedidentities.backupViewer )
Read-only access to Google Cloud Managed Identities Backup and related resources.
managedidentities.backups.get
managedidentities.backups.getIamPolicy
managedidentities.backups.list
managedidentities.domains.get
managedidentities.locations.*
managedidentities.locations.get managedidentities.locations.list
managedidentities.operations.get
managedidentities.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
Google Cloud Managed Identities Domain Admin
(roles/managedidentities.domainAdmin )
Read-Update-Delete to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a resource (domain) level.
managedidentities.backups.*
managedidentities.backups.create managedidentities.backups.delete managedidentities.backups.getmanagedidentities.backups.getIamPolicy managedidentities.backups.listmanagedidentities.backups.setIamPolicy managedidentities.backups.update
managedidentities.domains.attachTrust
managedidentities.domains.checkMigrationPermission
managedidentities.domains.createTagBinding
managedidentities.domains.delete
managedidentities.domains.deleteTagBinding
managedidentities.domains.detachTrust
managedidentities.domains.disableMigration
managedidentities.domains.domainJoinMachine
managedidentities.domains.enableMigration
managedidentities.domains.extendSchema
managedidentities.domains.get
managedidentities.domains.getIamPolicy
managedidentities.domains.listEffectiveTags
managedidentities.domains.listTagBindings
managedidentities.domains.reconfigureTrust
managedidentities.domains.resetpassword
managedidentities.domains.restore
managedidentities.domains.update
managedidentities.domains.updateLDAPSSettings
managedidentities.domains.validateTrust
managedidentities.locations.*
managedidentities.locations.get managedidentities.locations.list
managedidentities.operations.get
managedidentities.operations.list
managedidentities.sqlintegrations.*
managedidentities.sqlintegrations.get managedidentities.sqlintegrations.list
resourcemanager.projects.get
resourcemanager.projects.list
Google Cloud Managed Identities Domain Join
Beta
(roles/managedidentities.domainJoin )
Access to domain join VMs with Cloud AD
managedidentities.domains.domainJoinMachine
managedidentities.domains.get
Google Cloud Managed Identities Peering Admin
(roles/managedidentities.peeringAdmin )
Full access to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a project-level
managedidentities.locations.*
managedidentities.locations.get managedidentities.locations.list
managedidentities.operations.*
managedidentities.operations.cancel managedidentities.operations.delete managedidentities.operations.get managedidentities.operations.list
managedidentities.peerings.*
managedidentities.peerings.create managedidentities.peerings.delete managedidentities.peerings.getmanagedidentities.peerings.getIamPolicy managedidentities.peerings.list managedidentities.peerings.setIamPolicy managedidentities.peerings.update
resourcemanager.projects.get
resourcemanager.projects.list
Google Cloud Managed Identities Peering Viewer
(roles/managedidentities.peeringViewer )
Read-only access to Google Cloud Managed Identities Peering and related resources.
managedidentities.locations.*
managedidentities.locations.get managedidentities.locations.list
managedidentities.operations.get
managedidentities.operations.list
managedidentities.peerings.get
managedidentities.peerings.getIamPolicy
managedidentities.peerings.list
resourcemanager.projects.get
resourcemanager.projects.list
Cloud Managed Identities Service Agent
(roles/managedidentities.serviceAgent )
Gives Managed Identities service account access to managed resources.
Warning: Do not grant service agent roles to any principals except
service agents .
compute.globalOperations.get
compute.networks.addPeering
compute.networks.get
compute.networks.removePeering
compute.networks.update
compute.routes.list
dns.changes.*
dns.changes.createdns.changes.getdns.changes.list
dns.dnsKeys.*
dns.dnsKeys.getdns.dnsKeys.list
dns.managedZoneOperations.*
dns.managedZoneOperations.getdns.managedZoneOperations.list
dns.managedZones.create
dns.managedZones.delete
dns.managedZones.get
dns.managedZones.list
dns.managedZones.update
dns.networks.bindPrivateDNSPolicy
dns.networks.bindPrivateDNSZone
dns.policies.*
dns.policies.createdns.policies.deletedns.policies.getdns.policies.listdns.policies.update
dns.projects.get
dns.resourceRecordSets.*
dns.resourceRecordSets.createdns.resourceRecordSets.deletedns.resourceRecordSets.getdns.resourceRecordSets.listdns.resourceRecordSets.update
dns.responsePolicies.*
dns.responsePolicies.createdns.responsePolicies.deletedns.responsePolicies.getdns.responsePolicies.listdns.responsePolicies.update
dns.responsePolicyRules.*
dns.responsePolicyRules.createdns.responsePolicyRules.deletedns.responsePolicyRules.getdns.responsePolicyRules.listdns.responsePolicyRules.update
monitoring.metricDescriptors.create
monitoring.metricDescriptors.get
monitoring.metricDescriptors.list
monitoring.monitoredResourceDescriptors.*
monitoring.monitoredResourceDescriptors.get monitoring.monitoredResourceDescriptors.list
monitoring.timeSeries.create
resourcemanager.projects.get
resourcemanager.projects.list
Google Cloud Managed Identities Viewer
(roles/managedidentities.viewer )
Read-only access to Google Cloud Managed Identities Domains and related resources.
managedidentities.backups.get
managedidentities.backups.getIamPolicy
managedidentities.backups.list
managedidentities.domains.get
managedidentities.domains.getIamPolicy
managedidentities.domains.list
managedidentities.domains.listEffectiveTags
managedidentities.domains.listTagBindings
managedidentities.locations.*
managedidentities.locations.get managedidentities.locations.list
managedidentities.operations.get
managedidentities.operations.list
managedidentities.peerings.get
managedidentities.peerings.getIamPolicy
managedidentities.peerings.list
managedidentities.sqlintegrations.*
managedidentities.sqlintegrations.get managedidentities.sqlintegrations.list
resourcemanager.projects.get
resourcemanager.projects.list
如需详细了解 IAM 角色,请参阅 了解角色 。
发送反馈
如未另行说明,那么本页面中的内容已根据知识共享署名 4.0 许可 获得了许可,并且代码示例已根据 Apache 2.0 许可 获得了许可。有关详情,请参阅 Google 开发者网站政策 。Java 是 Oracle 和/或其关联公司的注册商标。
最后更新时间 (UTC):2025-05-15。
需要向我们提供更多信息?
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-05-15。"],[],[]]
