Tier
AdminCategoria
ManagementEscopo
org
Privilégios
3
Role ID
roles/orgpolicy.policyAdminEsta é uma role privilegiada — concede capacidades de controle elevado. Aplique o princípio do menor privilégio e monitore atribuições via Cloud Audit Logs.
Admin
Administrative control over a service, may include IAM
Descrição
Set and manage organization policies that govern resource configurations.
Privilégios / Capacidades(3)
Set and delete organization policies
View all organization policies
Override policies at folder and project level
Role Definition (JSON)
{
"name": "roles/orgpolicy.policyAdmin",
"title": "Organization Policy Administrator",
"description": "Set and manage organization policies that govern resource configurations.",
"stage": "GA",
"includedPermissions": [
"Set and delete organization policies",
"View all organization policies",
"Override policies at folder and project level"
]
}Roles relacionadasManagement
Organization Admin
Full control over an organization resource including IAM and folder management.
Folder Admin
Full control over a folder, including creating subfolders and projects.
Folder Viewer
Read-only access to folder metadata. Can view folder hierarchy and list projects.
Project Creator
Can create new projects within an organization or folder.
Project Deleter
Can delete projects within an organization or folder.