5.9 KiB

Raw Blame History

IAM bindings reference

Legend: + additive, • conditional.

Organization [org_id #0]

members	roles
domain	roles/browser roles/resourcemanager.organizationViewer
gcp-network-admins group	roles/cloudasset.owner roles/cloudsupport.techSupportEditor roles/compute.orgFirewallPolicyAdmin `+` roles/compute.xpnAdmin `+`
gcp-organization-admins group	roles/cloudasset.owner roles/cloudsupport.admin roles/compute.osAdminLogin roles/compute.osLoginExternalUser roles/owner roles/resourcemanager.folderAdmin roles/resourcemanager.organizationAdmin roles/resourcemanager.projectCreator roles/billing.admin `+` roles/orgpolicy.policyAdmin `+`
gcp-security-admins group	roles/cloudasset.owner roles/cloudsupport.techSupportEditor roles/iam.securityReviewer roles/logging.admin roles/securitycenter.admin roles/accesscontextmanager.policyAdmin `+` roles/iam.organizationRoleAdmin `+` roles/orgpolicy.policyAdmin `+`
gcp-support group	roles/cloudsupport.techSupportEditor roles/logging.viewer roles/monitoring.viewer
prod-bootstrap-0 serviceAccount	roles/logging.admin roles/resourcemanager.organizationAdmin roles/resourcemanager.projectCreator roles/billing.admin `+` roles/iam.organizationRoleAdmin `+`
prod-resman-0 serviceAccount	organizations/[org_id #0]/roles/organizationIamAdmin `•` roles/resourcemanager.folderAdmin roles/billing.admin `+` roles/orgpolicy.policyAdmin `+`

Project prod-audit-logs-0

members	roles
prod-bootstrap-0 serviceAccount	roles/owner

Project prod-billing-export-0

members	roles
prod-bootstrap-0 serviceAccount	roles/owner

Project prod-iac-core-0

members	roles
gcp-devops group	roles/iam.serviceAccountAdmin roles/iam.serviceAccountTokenCreator
gcp-organization-admins group	roles/iam.serviceAccountTokenCreator
prod-bootstrap-0 serviceAccount	roles/owner
prod-resman-0 serviceAccount	roles/iam.serviceAccountAdmin roles/storage.admin