Security Admin

GCP IAM — detalhes da role

Tier
Admin
Categoria
IAM
Escopo
project
Privilégios
3
Role IDroles/iam.securityAdmin

Esta é uma role privilegiada — concede capacidades de controle elevado. Aplique o princípio do menor privilégio e monitore atribuições via Cloud Audit Logs.

Admin

Administrative control over a service, may include IAM

Descrição

Can get and set any IAM policy. Used by security teams to audit and configure access.

Privilégios / Capacidades(3)

Get and set IAM policies on all resources
Audit all IAM configurations
View all security settings

Permissions(10)

resourcemanager.projects.getIamPolicy
resourcemanager.projects.setIamPolicy
resourcemanager.organizations.getIamPolicy
resourcemanager.organizations.setIamPolicy
resourcemanager.folders.getIamPolicy
resourcemanager.folders.setIamPolicy
iam.serviceAccounts.getIamPolicy
iam.serviceAccounts.setIamPolicy
iam.roles.list
iam.roles.get

Role Definition (JSON)

{
  "name": "roles/iam.securityAdmin",
  "title": "Security Admin",
  "description": "Can get and set any IAM policy. Used by security teams to audit and configure access.",
  "stage": "GA",
  "includedPermissions": [
    "resourcemanager.projects.getIamPolicy",
    "resourcemanager.projects.setIamPolicy",
    "resourcemanager.organizations.getIamPolicy",
    "resourcemanager.organizations.setIamPolicy",
    "resourcemanager.folders.getIamPolicy",
    "resourcemanager.folders.setIamPolicy",