Tier
Project OwnerCategoria
IAMEscopo
project
Privilégios
5
Role ID
roles/ownerEsta é uma role privilegiada — concede capacidades de controle elevado. Aplique o princípio do menor privilégio e monitore atribuições via Cloud Audit Logs.
Project Owner
Full control over the project and all resources
Descrição
Full control of all GCP resources including IAM policies, billing, and all services.
Privilégios / Capacidades(5)
Full access to all Google Cloud services
Manage IAM policies and roles
Manage billing
Delete projects
Invite members
Permissions(13)
resourcemanager.projects.getresourcemanager.projects.getIamPolicyresourcemanager.projects.setIamPolicyresourcemanager.projects.deleteresourcemanager.projects.updatebilling.accounts.getIamPolicybilling.accounts.setIamPolicyserviceusage.services.enableserviceusage.services.disableiam.roles.listiam.roles.getiam.serviceAccounts.createiam.serviceAccounts.deleteRole Definition (JSON)
{
"name": "roles/owner",
"title": "Project Owner",
"description": "Full control of all GCP resources including IAM policies, billing, and all services.",
"stage": "GA",
"includedPermissions": [
"resourcemanager.projects.get",
"resourcemanager.projects.getIamPolicy",
"resourcemanager.projects.setIamPolicy",
"resourcemanager.projects.delete",
"resourcemanager.projects.update",
"billing.accounts.getIamPolicy",Roles relacionadasIAM
Project Editor
Full edit access to all resources, excluding IAM policy management and billing.
Project Viewer
Read-only access to all resources. Cannot create, modify, or delete.
IAM Admin
Full administrative access to IAM service accounts, roles, and policies.
Security Admin
Can get and set any IAM policy. Used by security teams to audit and configure access.
Security Reviewer
Can get IAM policies and read security configurations. Read-only security auditor.