이 페이지는 Cloud Translation API를 통해 번역되었습니다.

마이그레이션 센터 IAM 역할 및 권한

마이그레이션 센터를 사용할 Google Cloud 프로젝트를 생성하는 경우 마이그레이션 센터를 활성화하고 제품의 리소스를 관리하는 데 필요한 모든 권한이 이미 있습니다.

프로젝트에 새 구성원을 추가할 때 Identity and Access Management(IAM) 정책을 사용하여 해당 구성원에게 하나 이상의 IAM 역할을 부여하여 해당 구성원이 마이그레이션 센터에서 수행할 수 있는 작업을 제어할 수 있습니다.

이 페이지에서는 프로젝트 구성원에게 할당할 수 있는 일반적인 역할과 다양한 작업을 수행하는 데 필요한 권한에 대해 설명합니다.

시작하기 전에

IAM 문서를 읽어봅니다.

역할 및 작업

마이그레이션 센터에서 수행할 수 있는 작업에는 세 가지 주요 카테고리가 있습니다.

마이그레이션 센터 활성화
마이그레이션 센터 리소스 관리
마이그레이션 센터 리소스 보기

수행해야 하는 작업을 수행하는 데 필요한 최소한의 권한을 가진 역할을 프로젝트 구성원에게 할당하는 것이 좋습니다.

마이그레이션 센터 추가 역할 만들기

조직의 구성원에게 역할을 할당하기 전 예비 단계로 맞춤 역할을 만들어 권한 관리 방법을 간소화할 수 있습니다. 다음 단계를 따르세요.

Google Cloud 콘솔에서 IAM 및 관리자 > 역할로 이동합니다.

역할로 이동
역할 만들기를 클릭합니다.
역할 만들기 페이지에서 다음 필드를 작성합니다.
- 제목: 'Migration Center 추가 역할'
- 설명: '마이그레이션 센터 시나리오에 필요한 추가 역할'
권한 추가를 클릭합니다.
권한 목록에서 다음 권한을 검색하고 선택합니다.
- iam.serviceAccountKeys.list
- iam.serviceAccounts.list
- resourcemanager.projects.update
- serviceusage.services.enable
그런 다음 권한을 추가하려면 추가를 클릭합니다.
완료하려면 만들기를 클릭합니다.

마이그레이션 센터 활성화

Migration Center를 사용하려면 먼저 Google Cloud 콘솔에서 활성화해야 합니다. 이 일회성 작업에는 API를 활성화하고 리소스를 저장할 리전을 선택하는 작업이 포함됩니다.

Migration Center를 활성화하는 데 필요한 권한을 얻으려면 관리자에게 프로젝트에 대한 다음 IAM 역할을 부여해 달라고 요청하세요.

마이그레이션 센터 관리자(migrationcenter.admin)
마이그레이션 센터 추가 역할

역할 부여에 대한 자세한 내용은 프로젝트, 폴더, 조직에 대한 액세스 관리를 참조하세요.

이러한 사전 정의된 역할에는 Migration Center를 활성화하는 데 필요한 권한이 포함되어 있습니다. 필요한 정확한 권한을 보려면 필수 권한 섹션을 펼치세요.

필수 권한

마이그레이션 센터를 활성화하려면 다음 권한이 필요합니다.

migrationcenter.*
resourcemanager.projects.get
resourcemanager.projects.list
rma.*
resourcemanager.projects.update
serviceusage.services.list
serviceusage.services.enable
iam.serviceAccountKeys.list
iam.serviceAccounts.list
resourcemanager.projects.update

커스텀 역할이나 다른 사전 정의된 역할을 사용하여 이 권한을 부여받을 수도 있습니다.

마이그레이션 센터 리소스 관리

마이그레이션 센터 리소스에는 비용 추정 생성, 탐색 클라이언트 만들기, 애셋 삭제와 같은 작업이 포함됩니다.

Migration Center 리소스를 관리하는 데 필요한 권한을 얻으려면 관리자에게 프로젝트에 대한 다음 IAM 역할을 부여해 달라고 요청하세요.

마이그레이션 센터 관리자(migrationcenter.admin)
마이그레이션 센터 추가 역할
뷰어(viewer)
서비스 계정 키 관리자(iam.serviceAccountKeyAdmin)

역할 부여에 대한 자세한 내용은 프로젝트, 폴더, 조직에 대한 액세스 관리를 참조하세요.

이러한 사전 정의된 역할에는 Migration Center 리소스를 관리하는 데 필요한 권한이 포함되어 있습니다. 필요한 정확한 권한을 보려면 필수 권한 섹션을 펼치세요.

필수 권한

마이그레이션 센터 리소스를 관리하려면 다음 권한이 필요합니다.

migrationcenter.*
resourcemanager.projects.get
resourcemanager.projects.list
rma.*
serviceusage.services.list
iam.serviceAccounts.list
iam.serviceAccountKeys.list

커스텀 역할이나 다른 사전 정의된 역할을 사용하여 이 권한을 부여받을 수도 있습니다.

마이그레이션 센터 리소스 보기

Migration Center 리소스를 보는 데 필요한 권한을 얻으려면 관리자에게 프로젝트에 대해 다음 IAM 역할을 부여해 달라고 요청하세요.

마이그레이션 센터 뷰어(migrationcenter.viewer)
뷰어(viewer)
신속 마이그레이션 평가 뷰어(rma.viewer)

역할 부여에 대한 자세한 내용은 프로젝트, 폴더, 조직에 대한 액세스 관리를 참조하세요.

이러한 사전 정의된 역할에는 Migration Center 리소스를 보는 데 필요한 권한이 포함되어 있습니다. 필요한 정확한 권한을 보려면 필수 권한 섹션을 펼치세요.

필수 권한

마이그레이션 센터 리소스를 보려면 다음 권한이 필요합니다.

migrationcenter.assets.get
migrationcenter.assets.list
migrationcenter.groups.get
migrationcenter.groups.list
migrationcenter.importJobs.get
migrationcenter.importJobs.list
migrationcenter.locations.*
migrationcenter.operations.get
migrationcenter.operations.list
migrationcenter.sources.get
migrationcenter.sources.list
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.services.list
resourcemanager.projects.get
resourcemanager.projects.list
rma.annotations.get
rma.collectors.get
rma.collectors.list
rma.locations.*
rma.operations.get
rma.operations.list

커스텀 역할이나 다른 사전 정의된 역할을 사용하여 이 권한을 부여받을 수도 있습니다.

역할 및 권한

다음 표는 Migration Center에서 사용할 수 있는 역할과 권한을 보여줍니다.

Migration Center 역할 및 권한

Role Permissions

Role	Permissions
Migration Center Admin ^Beta (`roles/migrationcenter.admin`) Full access to Migration Center all resources.	`migrationcenter.` `migrationcenter.assets.create` `migrationcenter.assets.delete` `migrationcenter.assets.get` `migrationcenter.assets.list` `migrationcenter.assets.reportFrames` `migrationcenter.assets.update` `migrationcenter.assetsExportJobs.create` `migrationcenter.assetsExportJobs.delete` `migrationcenter.assetsExportJobs.get` `migrationcenter.assetsExportJobs.list` `migrationcenter.assetsExportJobs.run` `migrationcenter.discoveryClients.create` `migrationcenter.discoveryClients.delete` `migrationcenter.discoveryClients.get` `migrationcenter.discoveryClients.list` `migrationcenter.discoveryClients.sendHeartbeat` `migrationcenter.discoveryClients.update` `migrationcenter.errorFrames.get` `migrationcenter.errorFrames.list` `migrationcenter.groups.create` `migrationcenter.groups.delete` `migrationcenter.groups.get` `migrationcenter.groups.list` `migrationcenter.groups.update` `migrationcenter.importDataFiles.create` `migrationcenter.importDataFiles.delete` `migrationcenter.importDataFiles.get` `migrationcenter.importDataFiles.list` `migrationcenter.importJobs.create` `migrationcenter.importJobs.delete` `migrationcenter.importJobs.get` `migrationcenter.importJobs.list` `migrationcenter.importJobs.update` `migrationcenter.locations.get` `migrationcenter.locations.list` `migrationcenter.operations.cancel` `migrationcenter.operations.delete` `migrationcenter.operations.get` `migrationcenter.operations.list` `migrationcenter.preferenceSets.create` `migrationcenter.preferenceSets.delete` `migrationcenter.preferenceSets.get` `migrationcenter.preferenceSets.list` `migrationcenter.preferenceSets.update` `migrationcenter.relations.get` `migrationcenter.relations.list` `migrationcenter.reportConfigs.create` `migrationcenter.reportConfigs.delete` `migrationcenter.reportConfigs.get` `migrationcenter.reportConfigs.list` `migrationcenter.reports.create` `migrationcenter.reports.delete` `migrationcenter.reports.get` `migrationcenter.reports.list` `migrationcenter.settings.get` `migrationcenter.settings.update` `migrationcenter.sources.create` `migrationcenter.sources.delete` `migrationcenter.sources.get` `migrationcenter.sources.list` `migrationcenter.sources.update` `resourcemanager.projects.get` `resourcemanager.projects.list` `rma.` `rma.annotations.create` `rma.annotations.get` `rma.collectors.create` `rma.collectors.delete` `rma.collectors.get` `rma.collectors.list` `rma.collectors.update` `rma.locations.get` `rma.locations.list` `rma.operations.cancel` `rma.operations.delete` `rma.operations.get` `rma.operations.list` `serviceusage.quotas.get`
Migration Center Discovery Client ^Beta (`roles/migrationcenter.discoveryClient`) Migration Center Discover Client role	`migrationcenter.assets.reportFrames` `migrationcenter.discoveryClients.get` `migrationcenter.discoveryClients.sendHeartbeat`
Migration Center Discovery Client Registrator ^Beta (`roles/migrationcenter.discoveryClientRegistrator`) Registrator of Migration Center Discover Clients	`migrationcenter.discoveryClients.create` `migrationcenter.discoveryClients.delete` `migrationcenter.discoveryClients.update` `migrationcenter.operations.get` `migrationcenter.sources.create` `migrationcenter.sources.delete` `resourcemanager.projects.get` `resourcemanager.projects.list`
Migration Center Service Agent (`roles/migrationcenter.serviceAgent`) Gives Migration Center Service Account access to objects storedin object store and Cloud Migration products. Warning: Do not grant service agent roles to any principals except service agents.	`storage.objects.get` `vmmigration.migratingVms.create`
Migration Center Viewer ^Beta (`roles/migrationcenter.viewer`) Read-only access to Migration Center all resources.	`migrationcenter.assets.get` `migrationcenter.assets.list` `migrationcenter.assetsExportJobs.get` `migrationcenter.assetsExportJobs.list` `migrationcenter.discoveryClients.get` `migrationcenter.discoveryClients.list` `migrationcenter.errorFrames.` `migrationcenter.errorFrames.get` `migrationcenter.errorFrames.list` `migrationcenter.groups.get` `migrationcenter.groups.list` `migrationcenter.importDataFiles.get` `migrationcenter.importDataFiles.list` `migrationcenter.importJobs.get` `migrationcenter.importJobs.list` `migrationcenter.locations.` `migrationcenter.locations.get` `migrationcenter.locations.list` `migrationcenter.operations.get` `migrationcenter.operations.list` `migrationcenter.preferenceSets.get` `migrationcenter.preferenceSets.list` `migrationcenter.relations.` `migrationcenter.relations.get` `migrationcenter.relations.list` `migrationcenter.reportConfigs.get` `migrationcenter.reportConfigs.list` `migrationcenter.reports.get` `migrationcenter.reports.list` `migrationcenter.settings.get` `migrationcenter.sources.get` `migrationcenter.sources.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `rma.annotations.get` `rma.collectors.get` `rma.collectors.list` `rma.locations.` `rma.locations.get` `rma.locations.list` `rma.operations.get` `rma.operations.list` `serviceusage.quotas.get`

Migration Center Admin ^Beta

(roles/migrationcenter.admin)

Full access to Migration Center all resources.

migrationcenter.*

migrationcenter.assets.create
migrationcenter.assets.delete
migrationcenter.assets.get
migrationcenter.assets.list
migrationcenter.assets.reportFrames
migrationcenter.assets.update
migrationcenter.assetsExportJobs.create
migrationcenter.assetsExportJobs.delete
migrationcenter.assetsExportJobs.get
migrationcenter.assetsExportJobs.list
migrationcenter.assetsExportJobs.run
migrationcenter.discoveryClients.create
migrationcenter.discoveryClients.delete
migrationcenter.discoveryClients.get
migrationcenter.discoveryClients.list
migrationcenter.discoveryClients.sendHeartbeat
migrationcenter.discoveryClients.update
migrationcenter.errorFrames.get
migrationcenter.errorFrames.list
migrationcenter.groups.create
migrationcenter.groups.delete
migrationcenter.groups.get
migrationcenter.groups.list
migrationcenter.groups.update
migrationcenter.importDataFiles.create
migrationcenter.importDataFiles.delete
migrationcenter.importDataFiles.get
migrationcenter.importDataFiles.list
migrationcenter.importJobs.create
migrationcenter.importJobs.delete
migrationcenter.importJobs.get
migrationcenter.importJobs.list
migrationcenter.importJobs.update
migrationcenter.locations.get
migrationcenter.locations.list
migrationcenter.operations.cancel
migrationcenter.operations.delete
migrationcenter.operations.get
migrationcenter.operations.list
migrationcenter.preferenceSets.create
migrationcenter.preferenceSets.delete
migrationcenter.preferenceSets.get
migrationcenter.preferenceSets.list
migrationcenter.preferenceSets.update
migrationcenter.relations.get
migrationcenter.relations.list
migrationcenter.reportConfigs.create
migrationcenter.reportConfigs.delete
migrationcenter.reportConfigs.get
migrationcenter.reportConfigs.list
migrationcenter.reports.create
migrationcenter.reports.delete
migrationcenter.reports.get
migrationcenter.reports.list
migrationcenter.settings.get
migrationcenter.settings.update
migrationcenter.sources.create
migrationcenter.sources.delete
migrationcenter.sources.get
migrationcenter.sources.list
migrationcenter.sources.update

resourcemanager.projects.get

resourcemanager.projects.list

rma.*

rma.annotations.create
rma.annotations.get
rma.collectors.create
rma.collectors.delete
rma.collectors.get
rma.collectors.list
rma.collectors.update
rma.locations.get
rma.locations.list
rma.operations.cancel
rma.operations.delete
rma.operations.get
rma.operations.list

serviceusage.quotas.get

Migration Center Discovery Client ^Beta

(roles/migrationcenter.discoveryClient)

Migration Center Discover Client role

migrationcenter.assets.reportFrames

migrationcenter.discoveryClients.get

migrationcenter.discoveryClients.sendHeartbeat

Migration Center Discovery Client Registrator ^Beta

(roles/migrationcenter.discoveryClientRegistrator)

Registrator of Migration Center Discover Clients

migrationcenter.discoveryClients.create

migrationcenter.discoveryClients.delete

migrationcenter.discoveryClients.update

migrationcenter.operations.get

migrationcenter.sources.create

migrationcenter.sources.delete

resourcemanager.projects.get

resourcemanager.projects.list

Migration Center Service Agent

(roles/migrationcenter.serviceAgent)

Gives Migration Center Service Account access to objects storedin object store and Cloud Migration products.

storage.objects.get

vmmigration.migratingVms.create

Migration Center Viewer ^Beta

(roles/migrationcenter.viewer)

Read-only access to Migration Center all resources.

migrationcenter.assets.get

migrationcenter.assets.list

migrationcenter.assetsExportJobs.get

migrationcenter.assetsExportJobs.list

migrationcenter.discoveryClients.get

migrationcenter.discoveryClients.list

migrationcenter.errorFrames.*

migrationcenter.errorFrames.get
migrationcenter.errorFrames.list

migrationcenter.groups.get

migrationcenter.groups.list

migrationcenter.importDataFiles.get

migrationcenter.importDataFiles.list

migrationcenter.importJobs.get

migrationcenter.importJobs.list

migrationcenter.locations.*

migrationcenter.locations.get
migrationcenter.locations.list

migrationcenter.operations.get

migrationcenter.operations.list

migrationcenter.preferenceSets.get

migrationcenter.preferenceSets.list

migrationcenter.relations.*

migrationcenter.relations.get
migrationcenter.relations.list

migrationcenter.reportConfigs.get

migrationcenter.reportConfigs.list

migrationcenter.reports.get

migrationcenter.reports.list

migrationcenter.settings.get

migrationcenter.sources.get

migrationcenter.sources.list

resourcemanager.projects.get

resourcemanager.projects.list

rma.annotations.get

rma.collectors.get

rma.collectors.list

rma.locations.*

rma.locations.get
rma.locations.list

rma.operations.get

rma.operations.list

serviceusage.quotas.get

신속 마이그레이션 평가 역할 및 권한

Role Permissions

Role	Permissions
RMA Service Agent (`roles/rapidmigrationassessment.serviceAgent`) Gives RMA service account access to MC resources. Warning: Do not grant service agent roles to any principals except service agents.	`autoscaling.sites.writeMetrics` `cloudasset.assets.exportResource` `cloudasset.feeds.create` `logging.logEntries.create` `migrationcenter.assets.list` `migrationcenter.assets.reportFrames` `migrationcenter.importJobs.get` `migrationcenter.importJobs.list` `migrationcenter.sources.*` `migrationcenter.sources.create` `migrationcenter.sources.delete` `migrationcenter.sources.get` `migrationcenter.sources.list` `migrationcenter.sources.update` `monitoring.metricDescriptors.create` `monitoring.metricDescriptors.list` `monitoring.timeSeries.create` `resourcemanager.projects.get`
Rapid Migration Assessment Admin (`roles/rma.admin`) Full access to Rapid Migration Assessment all resources.	`resourcemanager.projects.get` `resourcemanager.projects.list` `rma.*` `rma.annotations.create` `rma.annotations.get` `rma.collectors.create` `rma.collectors.delete` `rma.collectors.get` `rma.collectors.list` `rma.collectors.update` `rma.locations.get` `rma.locations.list` `rma.operations.cancel` `rma.operations.delete` `rma.operations.get` `rma.operations.list`
Rapid Migration Assessment Runner (`roles/rma.runner`) Update and Read access to Rapid Migration Assessment all resources.	`resourcemanager.projects.get` `resourcemanager.projects.list` `rma.annotations.get` `rma.collectors.get` `rma.collectors.list` `rma.collectors.update` `rma.locations.*` `rma.locations.get` `rma.locations.list` `rma.operations.get` `rma.operations.list`
Rapid Migration Assessment Viewer (`roles/rma.viewer`) Read-only access to Rapid Migration Assessment all resources.	`resourcemanager.projects.get` `resourcemanager.projects.list` `rma.annotations.get` `rma.collectors.get` `rma.collectors.list` `rma.locations.*` `rma.locations.get` `rma.locations.list` `rma.operations.get` `rma.operations.list`

RMA Service Agent

(roles/rapidmigrationassessment.serviceAgent)

Gives RMA service account access to MC resources.

autoscaling.sites.writeMetrics

cloudasset.assets.exportResource

cloudasset.feeds.create

logging.logEntries.create

migrationcenter.assets.list

migrationcenter.assets.reportFrames

migrationcenter.importJobs.get

migrationcenter.importJobs.list

migrationcenter.sources.*

migrationcenter.sources.create
migrationcenter.sources.delete
migrationcenter.sources.get
migrationcenter.sources.list
migrationcenter.sources.update

monitoring.metricDescriptors.create

monitoring.metricDescriptors.list

monitoring.timeSeries.create

resourcemanager.projects.get

Rapid Migration Assessment Admin

(roles/rma.admin)

Full access to Rapid Migration Assessment all resources.

resourcemanager.projects.get

resourcemanager.projects.list

rma.*

rma.annotations.create
rma.annotations.get
rma.collectors.create
rma.collectors.delete
rma.collectors.get
rma.collectors.list
rma.collectors.update
rma.locations.get
rma.locations.list
rma.operations.cancel
rma.operations.delete
rma.operations.get
rma.operations.list

Rapid Migration Assessment Runner

(roles/rma.runner)

Update and Read access to Rapid Migration Assessment all resources.

resourcemanager.projects.get

resourcemanager.projects.list

rma.annotations.get

rma.collectors.get

rma.collectors.list

rma.collectors.update

rma.locations.*

rma.locations.get
rma.locations.list

rma.operations.get

rma.operations.list

Rapid Migration Assessment Viewer

(roles/rma.viewer)

Read-only access to Rapid Migration Assessment all resources.

resourcemanager.projects.get

resourcemanager.projects.list

rma.annotations.get

rma.collectors.get

rma.collectors.list

rma.locations.*

rma.locations.get
rma.locations.list

rma.operations.get

rma.operations.list

마이그레이션 센터 IAM 역할 및 권한

시작하기 전에

역할 및 작업

마이그레이션 센터 추가 역할 만들기

마이그레이션 센터 활성화

필수 권한

마이그레이션 센터 리소스 관리

필수 권한

마이그레이션 센터 리소스 보기

필수 권한

역할 및 권한

Migration Center 역할 및 권한

Migration Center Admin Beta

Migration Center Discovery Client Beta

Migration Center Discovery Client Registrator Beta

Migration Center Service Agent

Migration Center Viewer Beta

신속 마이그레이션 평가 역할 및 권한

RMA Service Agent

Rapid Migration Assessment Admin

Rapid Migration Assessment Runner

Rapid Migration Assessment Viewer

Migration Center Admin ^Beta

Migration Center Discovery Client ^Beta

Migration Center Discovery Client Registrator ^Beta

Migration Center Viewer ^Beta