stackoom
  简体   繁体   中英

know how to share the administration of a resource

 原文  2020-10-28 14:17:04       amazon-web-services/ google-cloud-platform/ hosting/ digital-ocean/ aim

Question

we have the Google Cloud DNS service.

We want to know how to share the administration of a resource of google cloud, but a very specific resource.

This resource would be:

Network tools -> Network services -> Cloud DNS -> Zones -> CREATED ZONE

We want to give the administration to a specific user so that they can edit, read, and see only their CREATED ZONE.

EXAMPLE.在此处输入图像描述

We tried it from AIM, but we were not successful in a specific zone.

Can you help us with this question? or refer us to someone who can help us?

Thanks in advance:D

1 answers

solution1
 1  2020-10-28 20:11:56

I noticed at the Cloud DNS access control , that the lowest resource level for most of the DNS permissions is the project level. Also, as per"IAM Conditions" , the Cloud DNS service is not in the list of resources which support IAM conditions so I think that if you set the condition in the policy, it will always evaluate to false.

Sometimes, when a specific service doesn't support conditional policy binding, it's feasible to specify the condition at a project level with a ResourceManager IAM policy and constrain it based on resource type and resource service, as per "Resource attributes" . However, I believe this will not work for you since you want a condition based on a resource name (such as DNS zone name), not just on a condition that the resource is a DNS zone (its type).

Additionally I found the following link , shows how to configure IAM permissions for.networking scenarios, specifically I found the Network Admin role that will grant you permissions to create, modify, and delete .networking resources”, except for firewall rules and SSL certificates according to the documentation, this does not include grant a specific user permissions on a created zone but it's the closest I found.

Despite what was said, I've filed a Feature Request on your behalf for the product team to check if it is possible to evaluate the possibility to implement the functionality that fits your use case, you can follow up on this PIT , where you will be able to receive further updates from the team as well. Keep in mind that there is no ETA, nor guarantee that this will be implemented. However, please feel free to ask for updates directly on the PIT.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Unable to create share for Transit Gateway via AWS Resource Access Manager How to know the amount of requests How to share Azure File Share data with the stakeholder within the organization? BigQuery: How to share job results? How to remove a resource using an Aspect how to share Google cloud bill between apps how to share quicksight embeded dashboard with multiple clients How to share a link to a React app route? How to share code between several Lambda functions? How to know the count of repeated entries in Firestore flutter?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM