Organization Admin

GCP IAM — detalhes da role

Tier
Admin
Categoria
Management
Escopo
org
Privilégios
4
Role IDroles/resourcemanager.organizationAdmin

Esta é uma role privilegiada — concede capacidades de controle elevado. Aplique o princípio do menor privilégio e monitore atribuições via Cloud Audit Logs.

Admin

Administrative control over a service, may include IAM

Descrição

Full control over an organization resource including IAM and folder management.

Privilégios / Capacidades(4)

Set IAM policies on the organization
View organization metadata
Create and manage folders and projects
Delete the organization

Permissions(12)

resourcemanager.organizations.get
resourcemanager.organizations.getIamPolicy
resourcemanager.organizations.setIamPolicy
resourcemanager.folders.create
resourcemanager.folders.delete
resourcemanager.folders.get
resourcemanager.folders.list
resourcemanager.projects.create
resourcemanager.projects.delete
resourcemanager.projects.get
resourcemanager.projects.list
resourcemanager.projects.move

Role Definition (JSON)

{
  "name": "roles/resourcemanager.organizationAdmin",
  "title": "Organization Admin",
  "description": "Full control over an organization resource including IAM and folder management.",
  "stage": "GA",
  "includedPermissions": [
    "resourcemanager.organizations.get",
    "resourcemanager.organizations.getIamPolicy",
    "resourcemanager.organizations.setIamPolicy",
    "resourcemanager.folders.create",
    "resourcemanager.folders.delete",
    "resourcemanager.folders.get",