Tier
AdminCategoria
IAMEscopo
project
Privilégios
3
Role ID
roles/iam.workloadIdentityPoolAdminEsta é uma role privilegiada — concede capacidades de controle elevado. Aplique o princípio do menor privilégio e monitore atribuições via Cloud Audit Logs.
Admin
Administrative control over a service, may include IAM
Descrição
Full control over Workload Identity Pools for federating external identities.
Privilégios / Capacidades(3)
Create and manage workload identity pools
Create and manage pool providers
Configure attribute mappings and conditions
Permissions(10)
iam.workloadIdentityPools.createiam.workloadIdentityPools.deleteiam.workloadIdentityPools.getiam.workloadIdentityPools.listiam.workloadIdentityPools.updateiam.workloadIdentityPoolProviders.createiam.workloadIdentityPoolProviders.deleteiam.workloadIdentityPoolProviders.getiam.workloadIdentityPoolProviders.listiam.workloadIdentityPoolProviders.updateRole Definition (JSON)
{
"name": "roles/iam.workloadIdentityPoolAdmin",
"title": "Workload Identity Pool Admin",
"description": "Full control over Workload Identity Pools for federating external identities.",
"stage": "GA",
"includedPermissions": [
"iam.workloadIdentityPools.create",
"iam.workloadIdentityPools.delete",
"iam.workloadIdentityPools.get",
"iam.workloadIdentityPools.list",
"iam.workloadIdentityPools.update",
"iam.workloadIdentityPoolProviders.create",Roles relacionadasIAM
Project Owner
Full control of all GCP resources including IAM policies, billing, and all services.
Project Editor
Full edit access to all resources, excluding IAM policy management and billing.
Project Viewer
Read-only access to all resources. Cannot create, modify, or delete.
IAM Admin
Full administrative access to IAM service accounts, roles, and policies.
Security Admin
Can get and set any IAM policy. Used by security teams to audit and configure access.