Tier
SpecializedCategoria
IAMEscopo
resource
Privilégios
3
Role ID
roles/iam.serviceAccountTokenCreatorEsta é uma role privilegiada — concede capacidades de controle elevado. Aplique o princípio do menor privilégio e monitore atribuições via Cloud Audit Logs.
Specialized
Narrow-scope role for a specific action or use case
Descrição
Impersonate service accounts to create short-lived credentials and sign JWTs.
Privilégios / Capacidades(3)
Create access tokens for service accounts
Sign blobs and JWTs using service account keys
Impersonate service accounts
Permissions(7)
iam.serviceAccounts.getAccessTokeniam.serviceAccounts.getOpenIdTokeniam.serviceAccounts.signBlobiam.serviceAccounts.signJwtiam.serviceAccounts.implicitDelegationiam.serviceAccounts.getiam.serviceAccounts.listRole Definition (JSON)
{
"name": "roles/iam.serviceAccountTokenCreator",
"title": "Service Account Token Creator",
"description": "Impersonate service accounts to create short-lived credentials and sign JWTs.",
"stage": "GA",
"includedPermissions": [
"iam.serviceAccounts.getAccessToken",
"iam.serviceAccounts.getOpenIdToken",
"iam.serviceAccounts.signBlob",
"iam.serviceAccounts.signJwt",
"iam.serviceAccounts.implicitDelegation",
"iam.serviceAccounts.get",Roles relacionadasIAM
Project Owner
Full control of all GCP resources including IAM policies, billing, and all services.
Project Editor
Full edit access to all resources, excluding IAM policy management and billing.
Project Viewer
Read-only access to all resources. Cannot create, modify, or delete.
IAM Admin
Full administrative access to IAM service accounts, roles, and policies.
Security Admin
Can get and set any IAM policy. Used by security teams to audit and configure access.