GCP 服务角色?
GCP service roles?
由于我从第三方购买了 GCP 服务,他们向我提供了相同服务的所有者权利。我们想要只有该方已经拥有的管理员权限。我只想知道授予这些权利是否有任何限制。
最高权限角色是所有者角色; John Hanley's 字数:
The term ADMIN is only used with specific services. The most powerful Google Cloud Project role is PROJECT OWNER aka OWNER. Double check to see if there are any other IAM members with OWNER, EDITOR or VIEWER. Those are the legacy permissions that are very powerful. Only team members you control should have OWNER and not the third party vendor. Google has some good videos on Identity and Access Management (IAM) on YouTube.
这就是 documentation 所说的:
Granting the owner role at the organization level doesn't allow you to update the organization's metadata. However, it allows you to modify projects and other resources under that organization.
正如 John Handley 指出的那样 - 如果您旁边有其他人(不是您团队的成员等)担任 owner 角色,则直接转到 Google。
约翰指出的也很重要的一点是:
Also make sure your project is not part of their ORGANIZATION which means they own your project and can grant OWNER through inheritance.
如果不是这种情况,请确保您的项目在 separate organization。
您可能还会发现有关 managing organizations in GCP 的有用文档。
由于我从第三方购买了 GCP 服务,他们向我提供了相同服务的所有者权利。我们想要只有该方已经拥有的管理员权限。我只想知道授予这些权利是否有任何限制。
最高权限角色是所有者角色; John Hanley's 字数:
The term ADMIN is only used with specific services. The most powerful Google Cloud Project role is PROJECT OWNER aka OWNER. Double check to see if there are any other IAM members with OWNER, EDITOR or VIEWER. Those are the legacy permissions that are very powerful. Only team members you control should have OWNER and not the third party vendor. Google has some good videos on Identity and Access Management (IAM) on YouTube.
这就是 documentation 所说的:
Granting the owner role at the organization level doesn't allow you to update the organization's metadata. However, it allows you to modify projects and other resources under that organization.
正如 John Handley 指出的那样 - 如果您旁边有其他人(不是您团队的成员等)担任 owner 角色,则直接转到 Google。
约翰指出的也很重要的一点是:
Also make sure your project is not part of their ORGANIZATION which means they own your project and can grant OWNER through inheritance.
如果不是这种情况,请确保您的项目在 separate organization。
您可能还会发现有关 managing organizations in GCP 的有用文档。