Service Account Admin

GCP IAM — detalhes da role

Tier
Admin
Categoria
IAM
Escopo
project
Privilégios
4
Role IDroles/iam.serviceAccountAdmin

Esta é uma role privilegiada — concede capacidades de controle elevado. Aplique o princípio do menor privilégio e monitore atribuições via Cloud Audit Logs.

Admin

Administrative control over a service, may include IAM

Descrição

Create, update, and delete service accounts and manage their keys.

Privilégios / Capacidades(4)

Create and delete service accounts
Update service account metadata
Manage service account IAM policies
Enable and disable service accounts

Permissions(10)

iam.serviceAccounts.create
iam.serviceAccounts.delete
iam.serviceAccounts.get
iam.serviceAccounts.list
iam.serviceAccounts.update
iam.serviceAccounts.enable
iam.serviceAccounts.disable
iam.serviceAccounts.getIamPolicy
iam.serviceAccounts.setIamPolicy
iam.serviceAccounts.undelete

Role Definition (JSON)

{
  "name": "roles/iam.serviceAccountAdmin",
  "title": "Service Account Admin",
  "description": "Create, update, and delete service accounts and manage their keys.",
  "stage": "GA",
  "includedPermissions": [
    "iam.serviceAccounts.create",
    "iam.serviceAccounts.delete",
    "iam.serviceAccounts.get",
    "iam.serviceAccounts.list",
    "iam.serviceAccounts.update",
    "iam.serviceAccounts.enable",