이 페이지의 일부 또는 모든 정보는 Trusted Cloud by S3NS에 적용되지 않을 수 있습니다. 자세한 내용은 Google Cloud와의 차이점을 참조하세요.

Privileged Access Manager 역할 및 권한

이 페이지에는 Privileged Access Manager의 IAM 역할과 권한이 나와 있습니다. 모든 역할과 권한을 검색하려면 역할 및 권한 색인을 참조하세요.

Privileged Access Manager 역할

Role Permissions

Role	Permissions
Privileged Access Manager Admin (`roles/privilegedaccessmanager.admin`) Full access to Privileged Access Manager resources.	`privilegedaccessmanager.*` `privilegedaccessmanager.entitlements.create` `privilegedaccessmanager.entitlements.delete` `privilegedaccessmanager.entitlements.get` `privilegedaccessmanager.entitlements.list` `privilegedaccessmanager.entitlements.setIamPolicy` `privilegedaccessmanager.entitlements.update` `privilegedaccessmanager.grants.get` `privilegedaccessmanager.grants.list` `privilegedaccessmanager.grants.revoke` `privilegedaccessmanager.locations.checkOnboardingStatus` `privilegedaccessmanager.locations.get` `privilegedaccessmanager.locations.list` `privilegedaccessmanager.operations.delete` `privilegedaccessmanager.operations.get` `privilegedaccessmanager.operations.list` `resourcemanager.projects.get`
Privileged Access Manager Folder Service Agent (`roles/privilegedaccessmanager.folderServiceAgent`) Gives privileged access manager service account access to modify IAM policies on GCP folders Warning: Do not grant service agent roles to any principals except service agents.	`resourcemanager.folders.get` `resourcemanager.folders.getIamPolicy` `resourcemanager.folders.setIamPolicy`
Privileged Access Manager Organization Service Agent (`roles/privilegedaccessmanager.organizationServiceAgent`) Gives privileged access manager service account access to modify IAM policies on GCP organizations Warning: Do not grant service agent roles to any principals except service agents.	`iam.roles.get` `resourcemanager.organizations.get` `resourcemanager.organizations.getIamPolicy` `resourcemanager.organizations.setIamPolicy`
Privileged Access Manager Project Service Agent (`roles/privilegedaccessmanager.projectServiceAgent`) Gives privileged access manager service account access to modify IAM policies on GCP projects Warning: Do not grant service agent roles to any principals except service agents.	`iam.roles.get` `resourcemanager.projects.get` `resourcemanager.projects.getIamPolicy` `resourcemanager.projects.setIamPolicy`
Privileged Access Manager Service Agent (`roles/privilegedaccessmanager.serviceAgent`) Gives privileged access manager service account access to modify IAM policies on GCP resources Warning: Do not grant service agent roles to any principals except service agents.	`iam.roles.get` `resourcemanager.folders.get` `resourcemanager.folders.getIamPolicy` `resourcemanager.folders.setIamPolicy` `resourcemanager.organizations.get` `resourcemanager.organizations.getIamPolicy` `resourcemanager.organizations.setIamPolicy` `resourcemanager.projects.get` `resourcemanager.projects.getIamPolicy` `resourcemanager.projects.setIamPolicy`
Privileged Access Manager Viewer (`roles/privilegedaccessmanager.viewer`) Readonly access to Privileged Access Manager resources.	`privilegedaccessmanager.entitlements.get` `privilegedaccessmanager.entitlements.list` `privilegedaccessmanager.grants.get` `privilegedaccessmanager.grants.list` `privilegedaccessmanager.locations.get` `privilegedaccessmanager.locations.list` `privilegedaccessmanager.operations.get` `privilegedaccessmanager.operations.list` `resourcemanager.projects.get`

Privileged Access Manager Admin

(roles/privilegedaccessmanager.admin)

Full access to Privileged Access Manager resources.

privilegedaccessmanager.*

privilegedaccessmanager.entitlements.create
privilegedaccessmanager.entitlements.delete
privilegedaccessmanager.entitlements.get
privilegedaccessmanager.entitlements.list
privilegedaccessmanager.entitlements.setIamPolicy
privilegedaccessmanager.entitlements.update
privilegedaccessmanager.grants.get
privilegedaccessmanager.grants.list
privilegedaccessmanager.grants.revoke
privilegedaccessmanager.locations.checkOnboardingStatus
privilegedaccessmanager.locations.get
privilegedaccessmanager.locations.list
privilegedaccessmanager.operations.delete
privilegedaccessmanager.operations.get
privilegedaccessmanager.operations.list

resourcemanager.projects.get

Privileged Access Manager Folder Service Agent

(roles/privilegedaccessmanager.folderServiceAgent)

Gives privileged access manager service account access to modify IAM policies on GCP folders

resourcemanager.folders.get

resourcemanager.folders.getIamPolicy

resourcemanager.folders.setIamPolicy

Privileged Access Manager Organization Service Agent

(roles/privilegedaccessmanager.organizationServiceAgent)

Gives privileged access manager service account access to modify IAM policies on GCP organizations

iam.roles.get

resourcemanager.organizations.get

resourcemanager.organizations.getIamPolicy

resourcemanager.organizations.setIamPolicy

Privileged Access Manager Project Service Agent

(roles/privilegedaccessmanager.projectServiceAgent)

Gives privileged access manager service account access to modify IAM policies on GCP projects

iam.roles.get

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

resourcemanager.projects.setIamPolicy

Privileged Access Manager Service Agent

(roles/privilegedaccessmanager.serviceAgent)

Gives privileged access manager service account access to modify IAM policies on GCP resources

iam.roles.get

resourcemanager.folders.get

resourcemanager.folders.getIamPolicy

resourcemanager.folders.setIamPolicy

resourcemanager.organizations.get

resourcemanager.organizations.getIamPolicy

resourcemanager.organizations.setIamPolicy

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

resourcemanager.projects.setIamPolicy

Privileged Access Manager Viewer

(roles/privilegedaccessmanager.viewer)

Readonly access to Privileged Access Manager resources.

privilegedaccessmanager.entitlements.get

privilegedaccessmanager.entitlements.list

privilegedaccessmanager.grants.get

privilegedaccessmanager.grants.list

privilegedaccessmanager.locations.get

privilegedaccessmanager.locations.list

privilegedaccessmanager.operations.get

privilegedaccessmanager.operations.list

resourcemanager.projects.get

Privileged Access Manager 권한

권한	역할에 포함됨
`privilegedaccessmanager.entitlements.create`	소유자(`roles/owner`) Privileged Access Manager 관리자(`roles/privilegedaccessmanager.admin`)
`privilegedaccessmanager.entitlements.delete`	소유자(`roles/owner`) Privileged Access Manager 관리자(`roles/privilegedaccessmanager.admin`)
`privilegedaccessmanager.entitlements.get`	소유자(`roles/owner`) 편집자(`roles/editor`) 뷰어 (`roles/viewer`) Privileged Access Manager 관리자(`roles/privilegedaccessmanager.admin`) Privileged Access Manager 뷰어(`roles/privilegedaccessmanager.viewer`)
`privilegedaccessmanager.entitlements.list`	소유자(`roles/owner`) 편집자(`roles/editor`) 뷰어 (`roles/viewer`) 보안 관리자(`roles/iam.securityAdmin`) 보안 검토자(`roles/iam.securityReviewer`) Privileged Access Manager 관리자(`roles/privilegedaccessmanager.admin`) Privileged Access Manager 뷰어(`roles/privilegedaccessmanager.viewer`)
`privilegedaccessmanager.entitlements.setIamPolicy`	소유자(`roles/owner`) 보안 관리자(`roles/iam.securityAdmin`) Privileged Access Manager 관리자(`roles/privilegedaccessmanager.admin`)
`privilegedaccessmanager.entitlements.update`	소유자(`roles/owner`) Privileged Access Manager 관리자(`roles/privilegedaccessmanager.admin`)
`privilegedaccessmanager.grants.get`	소유자(`roles/owner`) 편집자(`roles/editor`) 뷰어 (`roles/viewer`) Privileged Access Manager 관리자(`roles/privilegedaccessmanager.admin`) Privileged Access Manager 뷰어(`roles/privilegedaccessmanager.viewer`)
`privilegedaccessmanager.grants.list`	소유자(`roles/owner`) 편집자(`roles/editor`) 뷰어 (`roles/viewer`) 보안 관리자(`roles/iam.securityAdmin`) 보안 검토자(`roles/iam.securityReviewer`) Privileged Access Manager 관리자(`roles/privilegedaccessmanager.admin`) Privileged Access Manager 뷰어(`roles/privilegedaccessmanager.viewer`)
`privilegedaccessmanager.grants.revoke`	소유자(`roles/owner`) Privileged Access Manager 관리자(`roles/privilegedaccessmanager.admin`)
`privilegedaccessmanager.locations.checkOnboardingStatus`	소유자(`roles/owner`) Privileged Access Manager 관리자(`roles/privilegedaccessmanager.admin`)
`privilegedaccessmanager.locations.get`	소유자(`roles/owner`) 편집자(`roles/editor`) 뷰어 (`roles/viewer`) Privileged Access Manager 관리자(`roles/privilegedaccessmanager.admin`) Privileged Access Manager 뷰어(`roles/privilegedaccessmanager.viewer`)
`privilegedaccessmanager.locations.list`	소유자(`roles/owner`) 편집자(`roles/editor`) 뷰어 (`roles/viewer`) 보안 관리자(`roles/iam.securityAdmin`) 보안 검토자(`roles/iam.securityReviewer`) Privileged Access Manager 관리자(`roles/privilegedaccessmanager.admin`) Privileged Access Manager 뷰어(`roles/privilegedaccessmanager.viewer`)
`privilegedaccessmanager.operations.delete`	소유자(`roles/owner`) Privileged Access Manager 관리자(`roles/privilegedaccessmanager.admin`)
`privilegedaccessmanager.operations.get`	소유자(`roles/owner`) 편집자(`roles/editor`) 뷰어 (`roles/viewer`) Privileged Access Manager 관리자(`roles/privilegedaccessmanager.admin`) Privileged Access Manager 뷰어(`roles/privilegedaccessmanager.viewer`)
`privilegedaccessmanager.operations.list`	소유자(`roles/owner`) 편집자(`roles/editor`) 뷰어 (`roles/viewer`) 보안 관리자(`roles/iam.securityAdmin`) 보안 검토자(`roles/iam.securityReviewer`) Privileged Access Manager 관리자(`roles/privilegedaccessmanager.admin`) Privileged Access Manager 뷰어(`roles/privilegedaccessmanager.viewer`)

Privileged Access Manager 역할 및 권한

Privileged Access Manager 역할

Privileged Access Manager Admin

Privileged Access Manager Folder Service Agent

Privileged Access Manager Organization Service Agent

Privileged Access Manager Project Service Agent

Privileged Access Manager Service Agent

Privileged Access Manager Viewer

Privileged Access Manager 권한

`privilegedaccessmanager.entitlements.create`

`privilegedaccessmanager.entitlements.delete`

`privilegedaccessmanager.entitlements.get`

`privilegedaccessmanager.entitlements.list`

`privilegedaccessmanager.entitlements.setIamPolicy`

`privilegedaccessmanager.entitlements.update`

`privilegedaccessmanager.grants.get`

`privilegedaccessmanager.grants.list`

`privilegedaccessmanager.grants.revoke`

`privilegedaccessmanager.locations.checkOnboardingStatus`

`privilegedaccessmanager.locations.get`

`privilegedaccessmanager.locations.list`

`privilegedaccessmanager.operations.delete`

`privilegedaccessmanager.operations.get`

`privilegedaccessmanager.operations.list`