Tier
AdminCategoria
StorageEscopo
project
Privilégios
5
Role ID
roles/storage.adminEsta é uma role privilegiada — concede capacidades de controle elevado. Aplique o princípio do menor privilégio e monitore atribuições via Cloud Audit Logs.
Admin
Administrative control over a service, may include IAM
Descrição
Full control of Cloud Storage: buckets, objects, and IAM policies.
Privilégios / Capacidades(5)
Create, update, and delete buckets
Manage objects in all buckets
Set IAM policies on buckets
Configure bucket retention and lifecycle
Manage HMAC keys
Role Definition (JSON)
{
"name": "roles/storage.admin",
"title": "Storage Admin",
"description": "Full control of Cloud Storage: buckets, objects, and IAM policies.",
"stage": "GA",
"includedPermissions": [
"Create, update, and delete buckets",
"Manage objects in all buckets",
"Set IAM policies on buckets",
"Configure bucket retention and lifecycle",
"Manage HMAC keys"
]Roles relacionadasStorage
Compute Storage Admin
Full control of Compute Engine storage resources: disks, images, and snapshots.
Storage Object Admin
Full control of Cloud Storage objects including reading, writing, and deleting.
Storage Object Creator
Create new objects in Cloud Storage buckets. Cannot list or delete existing objects.
Storage Object Viewer
Read-only access to Cloud Storage objects and their metadata.
Storage HMAC Key Admin
Create, list, update, and delete HMAC keys for Cloud Storage service accounts.