“权威"是什么意思?和“权威"对于 GCP IAM 绑定/成员 [英] What is the meaning of "authoritative" and "authoritative" for GCP IAM bindings/members

问题描述

我试图了解 https://www.terraform.io/docs/providers/google/r/google_service_account_iam.html.

我了解 google_service_account_iam_binding 用于将角色授予成员列表，而 google_service_account_iam_member 用于将角色授予单个成员，但是我不清楚权威"的含义是什么.和非权威"在这些定义中:

<块引用>

google_service_account_iam_binding:授权给定角色.更新 IAM 策略以将角色授予成员列表.服务帐号的 IAM 策略中的其他角色将被保留.

<块引用>

google_service_account_iam_member:非权威.更新 IAM 策略以将角色授予新成员.服务帐户角色的其他成员被保留.

谁能帮我详细说明一下?

解决方案

这个链接很有帮助.基本上这意味着，如果一个角色绑定到一组 IAM 身份，并且您想再添加一个身份，那么权威身份将要求您再次指定所有旧身份，否则旧身份将从角色中删除.非权威则相反.

I am trying to understand the difference between google_service_account_iam_binding and google_service_account_iam_member in the GCP terraform provider at https://www.terraform.io/docs/providers/google/r/google_service_account_iam.html.

I understand that google_service_account_iam_binding is for granting a role to a list of members whereas google_service_account_iam_member is for granting a role to a single member, however I'm not clear on what is meant by "Authoritative" and "Non-Authoritative" in these definitions:

google_service_account_iam_binding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service account are preserved.

google_service_account_iam_member: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service account are preserved.

Can anyone elaborate for me please?

解决方案

This link helps a lot. Basically it means, if a role is bound to a set of IAM identities and you want to add one more identity, authoritative one will require you to specify all the old identities again otherwise old identities will be removed from the role. Non-authoritative is the opposite.

这篇关于“权威"是什么意思?和“权威"对于 GCP IAM 绑定/成员的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！