Tier
AdminCategoria
SecurityEscopo
project
Privilégios
4
Role ID
roles/privateca.adminEsta é uma role privilegiada — concede capacidades de controle elevado. Aplique o princípio do menor privilégio e monitore atribuições via Cloud Audit Logs.
Admin
Administrative control over a service, may include IAM
Descrição
Full control of Certificate Authority Service: CA pools, CAs, certificates, and IAM.
Privilégios / Capacidades(4)
Create and delete CA pools and CAs
Issue and revoke certificates
Set IAM policies on CA resources
Manage CRL and certificate templates
Role Definition (JSON)
{
"name": "roles/privateca.admin",
"title": "CA Service Admin",
"description": "Full control of Certificate Authority Service: CA pools, CAs, certificates, and IAM.",
"stage": "GA",
"includedPermissions": [
"Create and delete CA pools and CAs",
"Issue and revoke certificates",
"Set IAM policies on CA resources",
"Manage CRL and certificate templates"
]
}Roles relacionadasSecurity
Compute Security Admin
Full control of Compute Engine security resources including firewalls and SSL policies.
Compute Security Policies Admin
Create and manage Cloud Armor security policies for DDoS protection and WAF.
Secret Manager Admin
Full control of Secret Manager: create, manage, and access all secrets.
Secret Manager Secret Accessor
Access the payload of Secret Manager secrets. Common role for application workloads.
Secret Manager Secret Version Adder
Add new versions to an existing Secret Manager secret.