Tier
AdminCategoria
SecurityEscopo
project
Privilégios
4
Role ID
roles/cloudkms.adminEsta é uma role privilegiada — concede capacidades de controle elevado. Aplique o princípio do menor privilégio e monitore atribuições via Cloud Audit Logs.
Admin
Administrative control over a service, may include IAM
Descrição
Full control of Cloud KMS: key rings, keys, and crypto key versions.
Privilégios / Capacidades(4)
Create and destroy key rings and keys
Manage crypto key versions
Set IAM policies on keys
Configure key rotation and purpose
Role Definition (JSON)
{
"name": "roles/cloudkms.admin",
"title": "Cloud KMS Admin",
"description": "Full control of Cloud KMS: key rings, keys, and crypto key versions.",
"stage": "GA",
"includedPermissions": [
"Create and destroy key rings and keys",
"Manage crypto key versions",
"Set IAM policies on keys",
"Configure key rotation and purpose"
]
}Roles relacionadasSecurity
Compute Security Admin
Full control of Compute Engine security resources including firewalls and SSL policies.
Compute Security Policies Admin
Create and manage Cloud Armor security policies for DDoS protection and WAF.
Secret Manager Admin
Full control of Secret Manager: create, manage, and access all secrets.
Secret Manager Secret Accessor
Access the payload of Secret Manager secrets. Common role for application workloads.
Secret Manager Secret Version Adder
Add new versions to an existing Secret Manager secret.