如何启用"iam.serviceAccounts.actAs"服务帐户的权限? [英] How do you enable "iam.serviceAccounts.actAs" permissions on a sevice account?
问题描述
我正在尝试通过遵循本指南,它说我需要对正在部署的服务帐户的iam.serviceAccounts.actAs
权限".我正在使用的服务帐户是@cloudbuild.gserviceaccount.com
,但是我在项目的权限"页面上看不到添加该帐户的选项.
I am trying to deploy a service with a non-default service account by following this guide and it says I need "the iam.serviceAccounts.actAs
permission on the service account being deployed". The service account I am using is @cloudbuild.gserviceaccount.com
, but I don't see the option to add it on my project's Permissions page.
推荐答案
关键点在于服务帐户是一种资源.您需要为您的身份添加IAM角色到服务帐户(资源).这将授予您对资源(服务帐户)的权限.
The key point is that the service account is a resource. You need to add an IAM role for your identity to the service account (the resource). This grants you permissions on the resource (service account).
-
打开 Google云控制台.前往IAM&管理员->服务帐户.
Open the Google Cloud Console. Go to IAM & Admin -> Service accounts.
找到服务帐户.勾选服务帐户左侧的框.
Find the service account. Tick the box to the left of the service account.
在右侧的权限"面板中,单击添加成员"
In the right-hand "Permissions" panel, click ADD MEMBER
添加您的IAM成员电子邮件地址.对于角色,选择服务帐户->服务帐户用户.
Add your IAM member email address. For the role select Service Accounts -> Service Account User.
单击保存"
您也可以使用CLI:
gcloud iam service-accounts add-iam-policy-binding [SERVICE_ACCOUNT] --member [MEMBER_EMAIL] --role roles/iam.serviceAccountUser
gcloud iam服务帐户添加-iam-policy-binding
这篇关于如何启用"iam.serviceAccounts.actAs"服务帐户的权限?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!