Esta página foi traduzida pela API Cloud Translation.

Papéis e permissões do IAM da Central de migração

Se você criar o projeto Google Cloud em que quer usar a Central de migração, já terá todas as permissões necessárias para ativar a Central de migração e gerenciar recursos no produto.

Ao adicionar um novo membro ao projeto, é possível usar uma política de gerenciamento de identidade e acesso (IAM) para conceder a esse membro um ou mais papéis do IAM e controlar as ações que ele pode realizar no Migration Center.

Nesta página, descrevemos os papéis típicos que você pode querer atribuir aos membros do projeto e as permissões necessárias para realizar várias ações.

Antes de começar

Leia a documentação do IAM.

Funções e ações

Há três categorias principais de ações que podem ser realizadas no Migration Center:

Ative a Central de migração.
Gerenciar recursos do Migration Center.
Consulte os recursos da Central de migração.

Como prática recomendada, atribua aos membros do projeto os papéis com o menor número de privilégios necessários para realizar as ações de que precisam.

Criar a função adicional da Central de migração

Como uma etapa preliminar antes de atribuir papéis aos membros da sua organização, crie uma função personalizada para simplificar o gerenciamento de permissões. Siga estas etapas:

No console Google Cloud , acesse IAM e administrador > Papéis.

Acessar "Papéis"
Clique em Criar função
Na página Criar função, preencha os seguintes campos:
- Título: "Função adicional do Migration Center"
- Descrição: "Outras funções necessárias para cenários do Migration Center"
Clique em Adicionar permissões.
Na lista de permissões, procure e selecione as seguintes opções:
- iam.serviceAccountKeys.list
- iam.serviceAccounts.list
- resourcemanager.projects.update
- serviceusage.services.enable
Em seguida, para adicionar suas permissões, clique em Adicionar.
Para concluir, clique em Criar.

Ativar a Central de migração

Antes de usar o Migration Center, é necessário ativá-lo no console Google Cloud . Essa ação única inclui ativar as APIs e selecionar uma região para armazenar seus recursos.

Para ter as permissões necessárias para ativar o Migration Center, peça ao administrador para conceder a você os seguintes papéis do IAM no projeto:

Administrador da Central de migração (migrationcenter.admin)
Função adicional da Central de migração

Para mais informações sobre a concessão de papéis, consulte Gerenciar o acesso a projetos, pastas e organizações.

Esses papéis predefinidos contêm as permissões necessárias para ativar o Migration Center. Para conferir as permissões exatas necessárias, expanda a seção Permissões necessárias:

Permissões necessárias

As seguintes permissões são necessárias para ativar a Central de migração:

migrationcenter.*
resourcemanager.projects.get
resourcemanager.projects.list
rma.*
resourcemanager.projects.update
serviceusage.services.list
serviceusage.services.enable
iam.serviceAccountKeys.list
iam.serviceAccounts.list
resourcemanager.projects.update

Essas permissões também podem ser concedidas com funções personalizadas ou outros papéis predefinidos.

Gerenciar recursos da Central de migração

O gerenciamento de recursos da Central de migração inclui ações como gerar uma estimativa de custo, criar um cliente de descoberta e remover ativos.

Para receber as permissões necessárias para gerenciar recursos do Migration Center, peça ao administrador para conceder a você os seguintes papéis do IAM no projeto:

Administrador da Central de migração (migrationcenter.admin)
Função adicional da Central de migração
Visualizador (viewer)
Administrador da chave da conta de serviço (iam.serviceAccountKeyAdmin)

Para mais informações sobre a concessão de papéis, consulte Gerenciar o acesso a projetos, pastas e organizações.

Esses papéis predefinidos contêm as permissões necessárias para gerenciar recursos do Migration Center. Para conferir as permissões exatas necessárias, expanda a seção Permissões necessárias:

Permissões necessárias

As seguintes permissões são necessárias para gerenciar recursos do Migration Center:

migrationcenter.*
resourcemanager.projects.get
resourcemanager.projects.list
rma.*
serviceusage.services.list
iam.serviceAccounts.list
iam.serviceAccountKeys.list

Essas permissões também podem ser concedidas com funções personalizadas ou outros papéis predefinidos.

Acessar os recursos da Central de migração

Para ter as permissões necessárias para visualizar recursos do Migration Center, peça ao administrador para conceder a você os seguintes papéis do IAM no projeto:

Leitor da central de migração (migrationcenter.viewer)
Visualizador (viewer)
Leitor da avaliação de migração rápida (rma.viewer)

Para mais informações sobre a concessão de papéis, consulte Gerenciar o acesso a projetos, pastas e organizações.

Esses papéis predefinidos contêm as permissões necessárias para visualizar os recursos da Central de migração. Para conferir as permissões exatas necessárias, expanda a seção Permissões necessárias:

Permissões necessárias

As seguintes permissões são necessárias para acessar os recursos do Migration Center:

migrationcenter.assets.get
migrationcenter.assets.list
migrationcenter.groups.get
migrationcenter.groups.list
migrationcenter.importJobs.get
migrationcenter.importJobs.list
migrationcenter.locations.*
migrationcenter.operations.get
migrationcenter.operations.list
migrationcenter.sources.get
migrationcenter.sources.list
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.services.list
resourcemanager.projects.get
resourcemanager.projects.list
rma.annotations.get
rma.collectors.get
rma.collectors.list
rma.locations.*
rma.operations.get
rma.operations.list

Essas permissões também podem ser concedidas com funções personalizadas ou outros papéis predefinidos.

Papéis e permissões

As tabelas a seguir mostram os papéis e as permissões disponíveis no Migration Center.

Permissões e papéis da Central de migração

Role Permissions

Role	Permissions
Migration Center Admin ^Beta (`roles/migrationcenter.admin`) Full access to Migration Center all resources.	`migrationcenter.` `migrationcenter.assets.create` `migrationcenter.assets.delete` `migrationcenter.assets.get` `migrationcenter.assets.list` `migrationcenter.assets.reportFrames` `migrationcenter.assets.update` `migrationcenter.assetsExportJobs.create` `migrationcenter.assetsExportJobs.delete` `migrationcenter.assetsExportJobs.get` `migrationcenter.assetsExportJobs.list` `migrationcenter.assetsExportJobs.run` `migrationcenter.discoveryClients.create` `migrationcenter.discoveryClients.delete` `migrationcenter.discoveryClients.get` `migrationcenter.discoveryClients.list` `migrationcenter.discoveryClients.sendHeartbeat` `migrationcenter.discoveryClients.update` `migrationcenter.errorFrames.get` `migrationcenter.errorFrames.list` `migrationcenter.groups.create` `migrationcenter.groups.delete` `migrationcenter.groups.get` `migrationcenter.groups.list` `migrationcenter.groups.update` `migrationcenter.importDataFiles.create` `migrationcenter.importDataFiles.delete` `migrationcenter.importDataFiles.get` `migrationcenter.importDataFiles.list` `migrationcenter.importJobs.create` `migrationcenter.importJobs.delete` `migrationcenter.importJobs.get` `migrationcenter.importJobs.list` `migrationcenter.importJobs.update` `migrationcenter.locations.get` `migrationcenter.locations.list` `migrationcenter.operations.cancel` `migrationcenter.operations.delete` `migrationcenter.operations.get` `migrationcenter.operations.list` `migrationcenter.preferenceSets.create` `migrationcenter.preferenceSets.delete` `migrationcenter.preferenceSets.get` `migrationcenter.preferenceSets.list` `migrationcenter.preferenceSets.update` `migrationcenter.relations.get` `migrationcenter.relations.list` `migrationcenter.reportConfigs.create` `migrationcenter.reportConfigs.delete` `migrationcenter.reportConfigs.get` `migrationcenter.reportConfigs.list` `migrationcenter.reports.create` `migrationcenter.reports.delete` `migrationcenter.reports.get` `migrationcenter.reports.list` `migrationcenter.settings.get` `migrationcenter.settings.update` `migrationcenter.sources.create` `migrationcenter.sources.delete` `migrationcenter.sources.get` `migrationcenter.sources.list` `migrationcenter.sources.update` `resourcemanager.projects.get` `resourcemanager.projects.list` `rma.` `rma.annotations.create` `rma.annotations.get` `rma.collectors.create` `rma.collectors.delete` `rma.collectors.get` `rma.collectors.list` `rma.collectors.update` `rma.locations.get` `rma.locations.list` `rma.operations.cancel` `rma.operations.delete` `rma.operations.get` `rma.operations.list` `serviceusage.quotas.get`
Migration Center Discovery Client ^Beta (`roles/migrationcenter.discoveryClient`) Migration Center Discover Client role	`migrationcenter.assets.reportFrames` `migrationcenter.discoveryClients.get` `migrationcenter.discoveryClients.sendHeartbeat`
Migration Center Discovery Client Registrator ^Beta (`roles/migrationcenter.discoveryClientRegistrator`) Registrator of Migration Center Discover Clients	`migrationcenter.discoveryClients.create` `migrationcenter.discoveryClients.delete` `migrationcenter.discoveryClients.update` `migrationcenter.operations.get` `migrationcenter.sources.create` `migrationcenter.sources.delete` `resourcemanager.projects.get` `resourcemanager.projects.list`
Migration Center Service Agent (`roles/migrationcenter.serviceAgent`) Gives Migration Center Service Account access to objects storedin object store and Cloud Migration products. Warning: Do not grant service agent roles to any principals except service agents.	`storage.objects.get` `vmmigration.migratingVms.create`
Migration Center Viewer ^Beta (`roles/migrationcenter.viewer`) Read-only access to Migration Center all resources.	`migrationcenter.assets.get` `migrationcenter.assets.list` `migrationcenter.assetsExportJobs.get` `migrationcenter.assetsExportJobs.list` `migrationcenter.discoveryClients.get` `migrationcenter.discoveryClients.list` `migrationcenter.errorFrames.` `migrationcenter.errorFrames.get` `migrationcenter.errorFrames.list` `migrationcenter.groups.get` `migrationcenter.groups.list` `migrationcenter.importDataFiles.get` `migrationcenter.importDataFiles.list` `migrationcenter.importJobs.get` `migrationcenter.importJobs.list` `migrationcenter.locations.` `migrationcenter.locations.get` `migrationcenter.locations.list` `migrationcenter.operations.get` `migrationcenter.operations.list` `migrationcenter.preferenceSets.get` `migrationcenter.preferenceSets.list` `migrationcenter.relations.` `migrationcenter.relations.get` `migrationcenter.relations.list` `migrationcenter.reportConfigs.get` `migrationcenter.reportConfigs.list` `migrationcenter.reports.get` `migrationcenter.reports.list` `migrationcenter.settings.get` `migrationcenter.sources.get` `migrationcenter.sources.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `rma.annotations.get` `rma.collectors.get` `rma.collectors.list` `rma.locations.` `rma.locations.get` `rma.locations.list` `rma.operations.get` `rma.operations.list` `serviceusage.quotas.get`

Migration Center Admin ^Beta

(roles/migrationcenter.admin)

Full access to Migration Center all resources.

migrationcenter.*

migrationcenter.assets.create
migrationcenter.assets.delete
migrationcenter.assets.get
migrationcenter.assets.list
migrationcenter.assets.reportFrames
migrationcenter.assets.update
migrationcenter.assetsExportJobs.create
migrationcenter.assetsExportJobs.delete
migrationcenter.assetsExportJobs.get
migrationcenter.assetsExportJobs.list
migrationcenter.assetsExportJobs.run
migrationcenter.discoveryClients.create
migrationcenter.discoveryClients.delete
migrationcenter.discoveryClients.get
migrationcenter.discoveryClients.list
migrationcenter.discoveryClients.sendHeartbeat
migrationcenter.discoveryClients.update
migrationcenter.errorFrames.get
migrationcenter.errorFrames.list
migrationcenter.groups.create
migrationcenter.groups.delete
migrationcenter.groups.get
migrationcenter.groups.list
migrationcenter.groups.update
migrationcenter.importDataFiles.create
migrationcenter.importDataFiles.delete
migrationcenter.importDataFiles.get
migrationcenter.importDataFiles.list
migrationcenter.importJobs.create
migrationcenter.importJobs.delete
migrationcenter.importJobs.get
migrationcenter.importJobs.list
migrationcenter.importJobs.update
migrationcenter.locations.get
migrationcenter.locations.list
migrationcenter.operations.cancel
migrationcenter.operations.delete
migrationcenter.operations.get
migrationcenter.operations.list
migrationcenter.preferenceSets.create
migrationcenter.preferenceSets.delete
migrationcenter.preferenceSets.get
migrationcenter.preferenceSets.list
migrationcenter.preferenceSets.update
migrationcenter.relations.get
migrationcenter.relations.list
migrationcenter.reportConfigs.create
migrationcenter.reportConfigs.delete
migrationcenter.reportConfigs.get
migrationcenter.reportConfigs.list
migrationcenter.reports.create
migrationcenter.reports.delete
migrationcenter.reports.get
migrationcenter.reports.list
migrationcenter.settings.get
migrationcenter.settings.update
migrationcenter.sources.create
migrationcenter.sources.delete
migrationcenter.sources.get
migrationcenter.sources.list
migrationcenter.sources.update

resourcemanager.projects.get

resourcemanager.projects.list

rma.*

rma.annotations.create
rma.annotations.get
rma.collectors.create
rma.collectors.delete
rma.collectors.get
rma.collectors.list
rma.collectors.update
rma.locations.get
rma.locations.list
rma.operations.cancel
rma.operations.delete
rma.operations.get
rma.operations.list

serviceusage.quotas.get

Migration Center Discovery Client ^Beta

(roles/migrationcenter.discoveryClient)

Migration Center Discover Client role

migrationcenter.assets.reportFrames

migrationcenter.discoveryClients.get

migrationcenter.discoveryClients.sendHeartbeat

Migration Center Discovery Client Registrator ^Beta

(roles/migrationcenter.discoveryClientRegistrator)

Registrator of Migration Center Discover Clients

migrationcenter.discoveryClients.create

migrationcenter.discoveryClients.delete

migrationcenter.discoveryClients.update

migrationcenter.operations.get

migrationcenter.sources.create

migrationcenter.sources.delete

resourcemanager.projects.get

resourcemanager.projects.list

Migration Center Service Agent

(roles/migrationcenter.serviceAgent)

Gives Migration Center Service Account access to objects storedin object store and Cloud Migration products.

storage.objects.get

vmmigration.migratingVms.create

Migration Center Viewer ^Beta

(roles/migrationcenter.viewer)

Read-only access to Migration Center all resources.

migrationcenter.assets.get

migrationcenter.assets.list

migrationcenter.assetsExportJobs.get

migrationcenter.assetsExportJobs.list

migrationcenter.discoveryClients.get

migrationcenter.discoveryClients.list

migrationcenter.errorFrames.*

migrationcenter.errorFrames.get
migrationcenter.errorFrames.list

migrationcenter.groups.get

migrationcenter.groups.list

migrationcenter.importDataFiles.get

migrationcenter.importDataFiles.list

migrationcenter.importJobs.get

migrationcenter.importJobs.list

migrationcenter.locations.*

migrationcenter.locations.get
migrationcenter.locations.list

migrationcenter.operations.get

migrationcenter.operations.list

migrationcenter.preferenceSets.get

migrationcenter.preferenceSets.list

migrationcenter.relations.*

migrationcenter.relations.get
migrationcenter.relations.list

migrationcenter.reportConfigs.get

migrationcenter.reportConfigs.list

migrationcenter.reports.get

migrationcenter.reports.list

migrationcenter.settings.get

migrationcenter.sources.get

migrationcenter.sources.list

resourcemanager.projects.get

resourcemanager.projects.list

rma.annotations.get

rma.collectors.get

rma.collectors.list

rma.locations.*

rma.locations.get
rma.locations.list

rma.operations.get

rma.operations.list

serviceusage.quotas.get

Permissões e papéis da Avaliação de migração rápida

Role Permissions

Role	Permissions
RMA Service Agent (`roles/rapidmigrationassessment.serviceAgent`) Gives RMA service account access to MC resources. Warning: Do not grant service agent roles to any principals except service agents.	`autoscaling.sites.writeMetrics` `cloudasset.assets.exportResource` `cloudasset.feeds.create` `logging.logEntries.create` `migrationcenter.assets.list` `migrationcenter.assets.reportFrames` `migrationcenter.importJobs.get` `migrationcenter.importJobs.list` `migrationcenter.sources.*` `migrationcenter.sources.create` `migrationcenter.sources.delete` `migrationcenter.sources.get` `migrationcenter.sources.list` `migrationcenter.sources.update` `monitoring.metricDescriptors.create` `monitoring.metricDescriptors.list` `monitoring.timeSeries.create` `resourcemanager.projects.get`
Rapid Migration Assessment Admin (`roles/rma.admin`) Full access to Rapid Migration Assessment all resources.	`resourcemanager.projects.get` `resourcemanager.projects.list` `rma.*` `rma.annotations.create` `rma.annotations.get` `rma.collectors.create` `rma.collectors.delete` `rma.collectors.get` `rma.collectors.list` `rma.collectors.update` `rma.locations.get` `rma.locations.list` `rma.operations.cancel` `rma.operations.delete` `rma.operations.get` `rma.operations.list`
Rapid Migration Assessment Runner (`roles/rma.runner`) Update and Read access to Rapid Migration Assessment all resources.	`resourcemanager.projects.get` `resourcemanager.projects.list` `rma.annotations.get` `rma.collectors.get` `rma.collectors.list` `rma.collectors.update` `rma.locations.*` `rma.locations.get` `rma.locations.list` `rma.operations.get` `rma.operations.list`
Rapid Migration Assessment Viewer (`roles/rma.viewer`) Read-only access to Rapid Migration Assessment all resources.	`resourcemanager.projects.get` `resourcemanager.projects.list` `rma.annotations.get` `rma.collectors.get` `rma.collectors.list` `rma.locations.*` `rma.locations.get` `rma.locations.list` `rma.operations.get` `rma.operations.list`

RMA Service Agent

(roles/rapidmigrationassessment.serviceAgent)

Gives RMA service account access to MC resources.

autoscaling.sites.writeMetrics

cloudasset.assets.exportResource

cloudasset.feeds.create

logging.logEntries.create

migrationcenter.assets.list

migrationcenter.assets.reportFrames

migrationcenter.importJobs.get

migrationcenter.importJobs.list

migrationcenter.sources.*

migrationcenter.sources.create
migrationcenter.sources.delete
migrationcenter.sources.get
migrationcenter.sources.list
migrationcenter.sources.update

monitoring.metricDescriptors.create

monitoring.metricDescriptors.list

monitoring.timeSeries.create

resourcemanager.projects.get

Rapid Migration Assessment Admin

(roles/rma.admin)

Full access to Rapid Migration Assessment all resources.

resourcemanager.projects.get

resourcemanager.projects.list

rma.*

rma.annotations.create
rma.annotations.get
rma.collectors.create
rma.collectors.delete
rma.collectors.get
rma.collectors.list
rma.collectors.update
rma.locations.get
rma.locations.list
rma.operations.cancel
rma.operations.delete
rma.operations.get
rma.operations.list

Rapid Migration Assessment Runner

(roles/rma.runner)

Update and Read access to Rapid Migration Assessment all resources.

resourcemanager.projects.get

resourcemanager.projects.list

rma.annotations.get

rma.collectors.get

rma.collectors.list

rma.collectors.update

rma.locations.*

rma.locations.get
rma.locations.list

rma.operations.get

rma.operations.list

Rapid Migration Assessment Viewer

(roles/rma.viewer)

Read-only access to Rapid Migration Assessment all resources.

resourcemanager.projects.get

resourcemanager.projects.list

rma.annotations.get

rma.collectors.get

rma.collectors.list

rma.locations.*

rma.locations.get
rma.locations.list

rma.operations.get

rma.operations.list

Papéis e permissões do IAM da Central de migração Mantenha tudo organizado com as coleções Salve e categorize o conteúdo com base nas suas preferências.

Antes de começar

Funções e ações

Criar a função adicional da Central de migração

Ativar a Central de migração

Permissões necessárias

Gerenciar recursos da Central de migração

Permissões necessárias

Acessar os recursos da Central de migração

Permissões necessárias

Papéis e permissões

Permissões e papéis da Central de migração

Migration Center Admin Beta

Migration Center Discovery Client Beta

Migration Center Discovery Client Registrator Beta

Migration Center Service Agent

Migration Center Viewer Beta

Permissões e papéis da Avaliação de migração rápida

RMA Service Agent

Rapid Migration Assessment Admin

Rapid Migration Assessment Runner

Rapid Migration Assessment Viewer

Papéis e permissões do IAM da Central de migração

Migration Center Admin ^Beta

Migration Center Discovery Client ^Beta

Migration Center Discovery Client Registrator ^Beta

Migration Center Viewer ^Beta