IAM Admin

GCP IAM — detalhes da role

Tier
Admin
Categoria
IAM
Escopo
project
Privilégios
4
Role IDroles/iam.admin

Esta é uma role privilegiada — concede capacidades de controle elevado. Aplique o princípio do menor privilégio e monitore atribuições via Cloud Audit Logs.

Admin

Administrative control over a service, may include IAM

Descrição

Full administrative access to IAM service accounts, roles, and policies.

Privilégios / Capacidades(4)

Create and delete service accounts
Manage IAM policies on all resources
Create and manage custom roles
Manage workforce identity pools

Permissions(14)

iam.serviceAccounts.create
iam.serviceAccounts.delete
iam.serviceAccounts.get
iam.serviceAccounts.list
iam.serviceAccounts.update
iam.roles.create
iam.roles.delete
iam.roles.update
iam.roles.get
iam.roles.list
iam.policies.get
iam.policies.set
resourcemanager.projects.getIamPolicy
resourcemanager.projects.setIamPolicy

Role Definition (JSON)

{
  "name": "roles/iam.admin",
  "title": "IAM Admin",
  "description": "Full administrative access to IAM service accounts, roles, and policies.",
  "stage": "GA",
  "includedPermissions": [
    "iam.serviceAccounts.create",
    "iam.serviceAccounts.delete",
    "iam.serviceAccounts.get",
    "iam.serviceAccounts.list",
    "iam.serviceAccounts.update",
    "iam.roles.create",