Tier
AdminCategoria
ManagementEscopo
org
Privilégios
4
Role ID
roles/resourcemanager.organizationAdminEsta é uma role privilegiada — concede capacidades de controle elevado. Aplique o princípio do menor privilégio e monitore atribuições via Cloud Audit Logs.
Admin
Administrative control over a service, may include IAM
Descrição
Full control over an organization resource including IAM and folder management.
Privilégios / Capacidades(4)
Set IAM policies on the organization
View organization metadata
Create and manage folders and projects
Delete the organization
Permissions(12)
resourcemanager.organizations.getresourcemanager.organizations.getIamPolicyresourcemanager.organizations.setIamPolicyresourcemanager.folders.createresourcemanager.folders.deleteresourcemanager.folders.getresourcemanager.folders.listresourcemanager.projects.createresourcemanager.projects.deleteresourcemanager.projects.getresourcemanager.projects.listresourcemanager.projects.moveRole Definition (JSON)
{
"name": "roles/resourcemanager.organizationAdmin",
"title": "Organization Admin",
"description": "Full control over an organization resource including IAM and folder management.",
"stage": "GA",
"includedPermissions": [
"resourcemanager.organizations.get",
"resourcemanager.organizations.getIamPolicy",
"resourcemanager.organizations.setIamPolicy",
"resourcemanager.folders.create",
"resourcemanager.folders.delete",
"resourcemanager.folders.get",Roles relacionadasManagement
Folder Admin
Full control over a folder, including creating subfolders and projects.
Folder Viewer
Read-only access to folder metadata. Can view folder hierarchy and list projects.
Project Creator
Can create new projects within an organization or folder.
Project Deleter
Can delete projects within an organization or folder.
Tag Administrator
Full control over tag keys, tag values, and tag bindings across the organization.