보안된 시작 영역 역할 및 권한

이 페이지에는 보안 시작 영역의 IAM 역할과 권한이 나와 있습니다. 모든 역할과 권한을 검색하려면 역할 및 권한 색인을 참조하세요.

보안 시작 영역 역할

Role Permissions

(roles/securedlandingzone.bqdwOrgRemediator)

Access to modify (remediate) resources in SLZ BQDW Blueprint at Organization.

accesscontextmanager.servicePerimeters.get

accesscontextmanager.servicePerimeters.list

accesscontextmanager.servicePerimeters.update

(roles/securedlandingzone.bqdwProjectRemediator)

Access to modify (remediate) resources in SLZ BQDW Blueprint at Project.

bigquery.datasets.get

bigquery.datasets.getIamPolicy

bigquery.datasets.setIamPolicy

bigquery.datasets.update

cloudkms.cryptoKeys.get

cloudkms.cryptoKeys.getIamPolicy

cloudkms.cryptoKeys.list

cloudkms.cryptoKeys.setIamPolicy

cloudkms.cryptoKeys.update

cloudkms.keyRings.getIamPolicy

cloudkms.keyRings.setIamPolicy

pubsub.topics.get

pubsub.topics.getIamPolicy

pubsub.topics.list

pubsub.topics.setIamPolicy

pubsub.topics.update

resourcemanager.projects.update

serviceusage.services.use

storage.buckets.get

storage.buckets.getIamPolicy

storage.buckets.list

storage.buckets.setIamPolicy

storage.buckets.update

(roles/securedlandingzone.overwatchActivator)

This role can activate or suspend Overwatches

resourcemanager.projects.get

resourcemanager.projects.list

securedlandingzone.overwatches.activate

securedlandingzone.overwatches.suspend

(roles/securedlandingzone.overwatchAdmin)

Full access to Overwatches

resourcemanager.projects.get

resourcemanager.projects.list

securedlandingzone.*

  • securedlandingzone.operations.get
  • securedlandingzone.overwatches.activate
  • securedlandingzone.overwatches.create
  • securedlandingzone.overwatches.delete
  • securedlandingzone.overwatches.get
  • securedlandingzone.overwatches.list
  • securedlandingzone.overwatches.suspend
  • securedlandingzone.overwatches.update

(roles/securedlandingzone.overwatchViewer)

This role can view all properties of Overwatches

resourcemanager.projects.get

resourcemanager.projects.list

securedlandingzone.operations.get

securedlandingzone.overwatches.get

securedlandingzone.overwatches.list

(roles/securedlandingzone.serviceAgent)

Grants Secured Landing Zone service account permissions to manage resources in the customer project

cloudasset.assets.exportOrgPolicy

cloudasset.assets.exportResource

cloudasset.feeds.create

cloudasset.feeds.delete

cloudasset.feeds.update

logging.logEntries.list

pubsub.subscriptions.consume

pubsub.subscriptions.create

pubsub.subscriptions.delete

pubsub.topics.attachSubscription

pubsub.topics.create

pubsub.topics.delete

pubsub.topics.detachSubscription

pubsub.topics.getIamPolicy

pubsub.topics.setIamPolicy

resourcemanager.projects.get

securitycenter.assetsecuritymarks.update

securitycenter.findings.list

securitycenter.findings.update

securitycenter.sources.list

securitycenter.sources.update

serviceusage.services.use

보안 시작 영역 권한

권한 역할에 포함됨

소유자(roles/owner)

편집자(roles/editor)

뷰어 (roles/viewer)

오버워치 관리자(roles/securedlandingzone.overwatchAdmin)

오버워치 뷰어(roles/securedlandingzone.overwatchViewer)

소유자(roles/owner)

편집자(roles/editor)

오버워치 활성자(roles/securedlandingzone.overwatchActivator)

오버워치 관리자(roles/securedlandingzone.overwatchAdmin)

소유자(roles/owner)

편집자(roles/editor)

오버워치 관리자(roles/securedlandingzone.overwatchAdmin)

소유자(roles/owner)

편집자(roles/editor)

오버워치 관리자(roles/securedlandingzone.overwatchAdmin)

소유자(roles/owner)

편집자(roles/editor)

뷰어 (roles/viewer)

오버워치 관리자(roles/securedlandingzone.overwatchAdmin)

오버워치 뷰어(roles/securedlandingzone.overwatchViewer)

소유자(roles/owner)

편집자(roles/editor)

뷰어 (roles/viewer)

보안 관리자(roles/iam.securityAdmin)

보안 검토자(roles/iam.securityReviewer)

오버워치 관리자(roles/securedlandingzone.overwatchAdmin)

오버워치 뷰어(roles/securedlandingzone.overwatchViewer)

소유자(roles/owner)

편집자(roles/editor)

오버워치 활성자(roles/securedlandingzone.overwatchActivator)

오버워치 관리자(roles/securedlandingzone.overwatchAdmin)

소유자(roles/owner)

편집자(roles/editor)

오버워치 관리자(roles/securedlandingzone.overwatchAdmin)