[英]How to list all the IAM roles that include a given permission in GCP
After discovering that a user (principal) needs an additional permission to perform a task, I would like to know what standard roles include that permission so I can add the role to the user.在发现用户(委托人)需要额外的权限来执行任务后,我想知道哪些标准角色包含该权限,以便我可以将角色添加到用户。 I would also like to know what other permissions each of those roles provide so I can select the one with permissions that match the user's needs.
我还想知道这些角色中的每一个提供哪些其他权限,以便我可以 select 具有与用户需求相匹配的权限。 I am not able to use custom roles, and I am avoiding the basic roles as they are too wide.
我无法使用自定义角色,并且我避免使用基本角色,因为它们太宽泛了。
At present, I am using https://cloud.google.com/iam/docs/understanding-roles#support-roles .目前,我正在使用https://cloud.google.com/iam/docs/understanding-roles#support-roles 。 I search for the permission, then scroll up to the see the role name and all the other permissions in that role.
我搜索权限,然后向上滚动到查看角色名称和该角色中的所有其他权限。
It works but is slow for what must be a common task.它可以工作,但对于必须是一项常见任务的速度很慢。
Is there a better web page or a gcloud api command that would work better.是否有更好的 web 页面或 gcloud api 命令可以更好地工作。
The GCP documentation offers a (huge) page that allows you to identify the different roles that grant them. GCP 文档提供了一个(巨大的)页面,允许您识别授予它们的不同角色。
In addition to the page you cited you can later, using the gcloud
CLI, describe a role and see the different permissions it grants.除了您引用的页面之外,您以后还可以使用
gcloud
CLI 描述角色并查看它授予的不同权限。 For example:例如:
gcloud iam roles describe roles/iam.roleViewer
The command will output:该命令将 output:
description: Read access to all custom roles in the project.
etag: AA==
includedPermissions:
- iam.roles.get
- iam.roles.list
- resourcemanager.projects.get
- resourcemanager.projects.getIamPolicy
name: roles/iam.roleViewer
stage: GA
title: Role Viewer
AFAIK, the gcloud
CLI doesn't give you the opportunity to, given a certain permission, get the roles that grant it. AFAIK,
gcloud
CLI 不会让您有机会在获得特定权限的情况下获得授予它的角色。
Based on GCP documentation one can check the pre-defined roles given a permission根据GCP 文档,可以检查授予权限的预定义角色
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.