您需要执行此操作的权限.所需权限:resourcemanager.projects.setIamPolicy [英] You need permissions for this action. Required permission(s): resourcemanager.projects.setIamPolicy

问题描述

我检查了IAM& GCP控制台用户界面中的管理员.我有两个角色:(Company name) Project Owner和Editor.成员是我公司的电子邮件地址.

I checked the IAM & admin in the GCP console UI. I have two roles: (Company name) Project Owner and Editor. The member is my company email address.

但是当我尝试编辑(编辑按钮)其他人的角色和权限时，出现以下消息:

But when I try to edit(the edit button) other people's roles and permissions, I got below message:

您需要此操作的权限. 所需权限:resourcemanager.projects.setIamPolicy

You need permissions for this action. Required permission(s): resourcemanager.projects.setIamPolicy

我的(Company name) Project Owner角色由项目经理授予.看来我只有编辑者角色权限.

My (Company name) Project Owner role is granted by the project manager. It seems I only have Editor role permission.

更新

我有一个像这样的组织:

I have an organization like this:

company.com

company.com

• project_a
• project_b

对于project_b，我具有上述角色并解决了此问题.

For project_b, I have the roles described above and meet this issue.

当我检查(Company name) Project Owner的Over granted permissions(单击1489/1601)时，我得到了:

When I check the Over granted permissions(click 1489/1601) of (Company name) Project Owner, I got this:

目前没有针对此绑定的建议.但是，您无权查看当前角色定义的分析.

There is no recommendation available at this time for this binding. However, you do not have permission to view the analysis of the current role definition.

但是我可以检查Over granted permissions中的Editor角色.我只能提供尽可能多的信息

But I can check Over granted permissions for Editor Role. I can only give as much information as I can

推荐答案

如评论中所述，项目负责人不是自定义角色创建为向贵组织中的用户提供访问权限.

As mentioned in the comments, Project Owner is not one of the Primitive Roles for projects in GCP. It's most likely that Project Owneris a Custom Role created to provide access to users in your Organization.

权限resourcemanager.projects.setIamPolicy仅包含在以下角色中:

The permission resourcemanager.projects.setIamPolicyis only contained in the following Roles:

• 原始角色:
  • 所有者(roles/owner)
  • Primitive Roles:
    • Owner (roles/owner)
    • 安全管理员(roles/iam.securityAdmin)
    • 文件夹管理员(roles/resourcemanager.folderAdmin)
    • 组织管理员(roles/resourcemanager.organizationAdmin)
    • 项目IAM管理员(roles/resourcemanager.projectIamAdmin)
    • Security Admin (roles/iam.securityAdmin)
    • Folder Admin (roles/resourcemanager.folderAdmin)
    • Organization Administrator (roles/resourcemanager.organizationAdmin)
    • Project IAM Admin (roles/resourcemanager.projectIamAdmin)

    您可以在 Cloud IAM中了解有关每个角色包含哪些权限的更多信息.文档.我建议请组织管理员分配角色 Project IAM Admin (项目IAM管理员)给您的用户，因为此角色非常具体，仅提供管理项目中Cloud IAM策略的权限.他们还可以将各个角色添加到自定义 项目负责人角色，这将允许组织中拥有该角色的任何人管理其项目中管理的IAM.

    You can learn more about which permissions are included with every of these roles in the Cloud IAM Documentation. I would suggest to ask an Organization Administrator to assign the role Project IAM Admin to your user, as this role is very specific to provide permissions to administer Cloud IAM policies on projects only. They could also add the individual roles to the custom Project Owner role, and this would allow anyone in the organization who has the role assigned to manage IAM policied within their projects.

    这篇关于您需要执行此操作的权限.所需权限:resourcemanager.projects.setIamPolicy的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！