堆栈内存溢出
  简体   繁体   English

如何在 Google Cloud Platform 上为我的组织禁用结算帐户创建?

[英]How do I disable Billing Account Creation for my organization on Google Cloud Platform?

 原文  2020-10-07 12:21:44       google-cloud-platform/ billing/ google-cloud-billing

问题描述

In this video at 10:54 , a Google representative says:这段 10:54 的视频中,一位 Google 代表说:

And here, we want to call out this tip -- really important tip -- by default, [we] leave the Billing Account Creator Roles ON in your organization for everyone who's in it.在这里,我们想提出这个提示——非常重要的提示——默认情况下,[我们]为组织中的每个人保留“计费帐户创建者角色”。 We want to strongly encourage you to remove that.我们强烈建议您将其删除。 To turn that off.把它关掉。

And in this video at 3:20 , a Google rep says: 在这段 3:20 的视频中,一位 Google 代表说:

We recommend sticking to a single billing account per organization, and making sure only admins can create new billing accounts.我们建议坚持每个组织使用一个计费帐户,并确保只有管理员才能创建新的计费帐户。 You can do that by removing the Billing Account Creator Role from your organization.您可以通过从您的组织中删除 Billing Account Creator 角色来实现。

How do you actually do that?你是怎么做到的?

I tried activating an Organizational Policy Constraint , but there's no mention of billing account restrictions.我尝试激活Organizational Policy Constraint ,但没有提及计费帐户限制。

I tried disabling/deleting the role from IAM Roles, but Predefined Roles cannot be deleted.我尝试从 IAM 角色中禁用/删除角色,但无法删除预定义角色。

Lastly I looked at the documentation for Billing Access and the IAM Permissions Reference , and it looks like the only way someone has creation permissions is through the "Billing Account Creator" Role (and perhaps "Owner"?) Is it enough to just NOT grant that role to anyone, or is there a way to positively blacklist this permission?最后,我查看了 Billing AccessIAM Permissions Reference的文档,看起来某人拥有创建权限的唯一方法是通过“Billing Account Creator”角色(也许还有“Owner”?)是否足以不授予任何人都可以扮演这个角色,或者有没有办法将此权限积极列入黑名单?

1 个解决方案

解决方案1
 0  2020-10-07 13:10:40

Your Organization Resource is established with two default roles turned on:您的组织资源已建立,并启用了两个默认角色:

  • Project Creator项目创建者
  • Billing Account Creator结算帐户创建者

These two roles allow customers to open GCP services to all of their users immediately.这两个角色允许客户立即向所有用户开放 GCP 服务。 Control of project creation and maintaining centralized billing can be accomplished by removing the default organization level IAM entries.可以通过删除默认的组织级别 IAM 条目来控制项目创建和维护集中计费。

Removing default roles from the Organization node 从组织节点中删除默认角色

This is visual representation of the process这是过程的可视化表示

在此处输入图像描述

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 没有组织的 Google Cloud:如何为另一个用户授予计费帐户的计费帐户管理员角色 - Google Cloud, without organization: How to give another user Billing Account Administrator role for a billing account 如何在 python 程序中定义我的 Google Cloud Platform 服务帐户的密钥? - How do I define my Google Cloud Platform service account's key in a python program? 谷歌云平台开户账单支付方式错误如何解决 - How To Resolve The Error Of Payment method while billing for setting up an account on Google Cloud Platform 为 Google Cloud Billing 帐号付款 - Payment for Google Cloud Billing Account 如何在谷歌云平台(GCP)中创建组织下的文件夹? - How to create folders under the organization in Google Cloud Platform (GCP)? 如何禁用谷歌云平台集成? - How to disable Google Cloud Platform integration? Google Cloud Platform - 将“无组织”的 firebase 项目移至“组织”时出错 - Google Cloud Platform - Error moving firebase project with "no organization" to an "organization" 如何允许团队成员使用我的 Google Cloud Speech-to-Text API 帐户? - How do I allow a team member to use my Google Cloud Speech-to-Text API account? 如何允许用户成为 Google Cloud Platform (GCP) 中服务帐户的参与者? - How can I allow a user to become an actor of a service account in Google Cloud Platform (GCP)? 在谷歌云平台«开始训练»被禁用 - In Google Cloud Platform «Start training» is disable
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM