[英]Are IAM policies transferred when migrating a project from "No organization" to an organization?
I can't seem to find an answer to this question.我似乎找不到这个问题的答案。 I reviewed the special considerations for migrating "No organization" projects but they don't touch on this.我回顾了迁移“无组织”项目的特殊注意事项,但他们没有涉及这一点。
The migration guide says for any migration:迁移指南针对任何迁移说:
Any policy that is applied directly to the project will still be attached after the migration is complete.直接应用于项目的任何策略在迁移完成后仍将附加。 Applying policies directly to the project is a good way to verify that the correct policies are applied from the moment the move is complete.将策略直接应用于项目是验证从移动完成那一刻起是否应用了正确策略的好方法。
Are the IAM policies of "No organization" projects implicitly "applied directly to the project"? “无组织”项目的 IAM 政策是否隐含地“直接应用于项目”?
As @john hanley suggested, due to inheritance, the new organization might affect existing IAM policies.正如@john hanley 建议的那样,由于 inheritance,新组织可能会影响现有的 IAM 策略。
Google Cloud offers IAM , which lets you assign granular access to specific Google Cloud resources and prevents unwanted access to other resources. Google Cloud 提供IAM ,它允许您分配对特定 Google Cloud 资源的精细访问权限,并防止对其他资源进行不必要的访问。 IAM lets you control who (users) has what access (roles) to which resources by setting IAM policies on the resources. IAM 允许您通过在资源上设置 IAM 策略来控制谁(用户)对哪些资源具有何种访问权限(角色)。
You can set an IAM policy at the organization level , the folder level , the project level , or (in some cases) the resource level.您可以在组织级别、 文件夹级别、 项目级别或(在某些情况下)资源级别设置 IAM 策略。 Resources inherit the policies of the parent resource.资源继承父资源的策略。 If you set a policy at the organization level, it is inherited by all its child folders and project resources, and if you set a policy at the project level, it is inherited by all its child resources.如果您在组织级别设置策略,它会被其所有子文件夹和项目资源继承,如果您在项目级别设置策略,它会被其所有子资源继承。
The effective policy for a resource is the union of the policy set on the resource and the policy inherited from its ancestors.资源的有效策略是资源上设置的策略与从其祖先继承的策略的联合。 This inheritance is transitive.这个 inheritance 是可传递的。 In other words, resources inherit policies from the project, which inherit policies from the organization resource.换句话说,资源从项目继承策略,而项目从组织资源继承策略。 Therefore, the organization-level policies also apply at the resource level.因此,组织级别的策略也适用于资源级别。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.