Organization Role Admin

GCP IAM — detalhes da role

Tier
Admin
Categoria
IAM
Escopo
org
Privilégios
2
Role IDroles/iam.organizationRoleAdmin

Esta é uma role privilegiada — concede capacidades de controle elevado. Aplique o princípio do menor privilégio e monitore atribuições via Cloud Audit Logs.

Admin

Administrative control over a service, may include IAM

Descrição

Full control of all custom roles defined in the organization.

Privilégios / Capacidades(2)

Create, update, and delete custom roles at org level
List and view all custom roles

Permissions(8)

iam.roles.create
iam.roles.delete
iam.roles.get
iam.roles.list
iam.roles.update
iam.roles.undelete
resourcemanager.organizations.getIamPolicy
resourcemanager.projects.getIamPolicy

Role Definition (JSON)

{
  "name": "roles/iam.organizationRoleAdmin",
  "title": "Organization Role Admin",
  "description": "Full control of all custom roles defined in the organization.",
  "stage": "GA",
  "includedPermissions": [
    "iam.roles.create",
    "iam.roles.delete",
    "iam.roles.get",
    "iam.roles.list",
    "iam.roles.update",
    "iam.roles.undelete",