如何启用"iam.serviceAccounts.actAs"服务帐户的权限? [英] How do you enable "iam.serviceAccounts.actAs" permissions on a sevice account?

问题描述

我正在尝试通过遵循本指南，它说我需要对正在部署的服务帐户的iam.serviceAccounts.actAs权限".我正在使用的服务帐户是@cloudbuild.gserviceaccount.com，但是我在项目的权限"页面上看不到添加该帐户的选项.

I am trying to deploy a service with a non-default service account by following this guide and it says I need "the iam.serviceAccounts.actAs permission on the service account being deployed". The service account I am using is @cloudbuild.gserviceaccount.com, but I don't see the option to add it on my project's Permissions page.

推荐答案

关键点在于服务帐户是一种资源.您需要为您的身份添加IAM角色到服务帐户(资源).这将授予您对资源(服务帐户)的权限.

The key point is that the service account is a resource. You need to add an IAM role for your identity to the service account (the resource). This grants you permissions on the resource (service account).

• 打开 Google云控制台.前往IAM&管理员->服务帐户.

• Open the Google Cloud Console. Go to IAM & Admin -> Service accounts.

找到服务帐户.勾选服务帐户左侧的框.

Find the service account. Tick the box to the left of the service account.

在右侧的权限"面板中，单击添加成员"

In the right-hand "Permissions" panel, click ADD MEMBER

添加您的IAM成员电子邮件地址.对于角色，选择服务帐户->服务帐户用户.

Add your IAM member email address. For the role select Service Accounts -> Service Account User.

单击保存"

您也可以使用CLI:

gcloud iam service-accounts add-iam-policy-binding [SERVICE_ACCOUNT] --member [MEMBER_EMAIL] --role roles/iam.serviceAccountUser

gcloud iam服务帐户添加-iam-policy-binding

这篇关于如何启用"iam.serviceAccounts.actAs"服务帐户的权限?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！