Managed Service for Microsoft Active Directory roles and permissions

This page lists the IAM roles and permissions for Managed Service for Microsoft Active Directory. To search through all roles and permissions, see the role and permission index.

Managed Service for Microsoft Active Directory roles

Role Permissions

Role	Permissions
Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Full access to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a project-level.	`managedidentities.*` `managedidentities.backups.create` `managedidentities.backups.delete` `managedidentities.backups.get` `managedidentities.backups.getIamPolicy` `managedidentities.backups.list` `managedidentities.backups.setIamPolicy` `managedidentities.backups.update` `managedidentities.domains.attachTrust` `managedidentities.domains.checkMigrationPermission` `managedidentities.domains.create` `managedidentities.domains.createTagBinding` `managedidentities.domains.delete` `managedidentities.domains.deleteTagBinding` `managedidentities.domains.detachTrust` `managedidentities.domains.disableMigration` `managedidentities.domains.domainJoinMachine` `managedidentities.domains.enableMigration` `managedidentities.domains.extendSchema` `managedidentities.domains.get` `managedidentities.domains.getIamPolicy` `managedidentities.domains.list` `managedidentities.domains.listEffectiveTags` `managedidentities.domains.listTagBindings` `managedidentities.domains.reconfigureTrust` `managedidentities.domains.resetpassword` `managedidentities.domains.restore` `managedidentities.domains.setIamPolicy` `managedidentities.domains.update` `managedidentities.domains.updateLDAPSSettings` `managedidentities.domains.validateTrust` `managedidentities.locations.get` `managedidentities.locations.list` `managedidentities.operations.cancel` `managedidentities.operations.delete` `managedidentities.operations.get` `managedidentities.operations.list` `managedidentities.peerings.create` `managedidentities.peerings.delete` `managedidentities.peerings.get` `managedidentities.peerings.getIamPolicy` `managedidentities.peerings.list` `managedidentities.peerings.setIamPolicy` `managedidentities.peerings.update` `managedidentities.sqlintegrations.get` `managedidentities.sqlintegrations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Managedidentities Editor (`roles/managedidentities.editor`) Editor role for managedidentities	`managedidentities.backups.create` `managedidentities.backups.delete` `managedidentities.backups.get` `managedidentities.backups.getIamPolicy` `managedidentities.backups.list` `managedidentities.backups.update` `managedidentities.domains.attachTrust` `managedidentities.domains.checkMigrationPermission` `managedidentities.domains.create` `managedidentities.domains.delete` `managedidentities.domains.detachTrust` `managedidentities.domains.disableMigration` `managedidentities.domains.domainJoinMachine` `managedidentities.domains.enableMigration` `managedidentities.domains.extendSchema` `managedidentities.domains.get` `managedidentities.domains.getIamPolicy` `managedidentities.domains.list` `managedidentities.domains.listEffectiveTags` `managedidentities.domains.listTagBindings` `managedidentities.domains.reconfigureTrust` `managedidentities.domains.resetpassword` `managedidentities.domains.restore` `managedidentities.domains.update` `managedidentities.domains.updateLDAPSSettings` `managedidentities.domains.validateTrust` `managedidentities.locations.` `managedidentities.locations.get` `managedidentities.locations.list` `managedidentities.operations.` `managedidentities.operations.cancel` `managedidentities.operations.delete` `managedidentities.operations.get` `managedidentities.operations.list` `managedidentities.peerings.create` `managedidentities.peerings.delete` `managedidentities.peerings.get` `managedidentities.peerings.getIamPolicy` `managedidentities.peerings.list` `managedidentities.peerings.update` `managedidentities.sqlintegrations.*` `managedidentities.sqlintegrations.get` `managedidentities.sqlintegrations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Google Cloud Managed Identities Viewer (`roles/managedidentities.viewer`) Read-only access to Google Cloud Managed Identities Domains and related resources.	`managedidentities.backups.get` `managedidentities.backups.getIamPolicy` `managedidentities.backups.list` `managedidentities.domains.get` `managedidentities.domains.getIamPolicy` `managedidentities.domains.list` `managedidentities.domains.listEffectiveTags` `managedidentities.domains.listTagBindings` `managedidentities.locations.` `managedidentities.locations.get` `managedidentities.locations.list` `managedidentities.operations.get` `managedidentities.operations.list` `managedidentities.peerings.get` `managedidentities.peerings.getIamPolicy` `managedidentities.peerings.list` `managedidentities.sqlintegrations.` `managedidentities.sqlintegrations.get` `managedidentities.sqlintegrations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Google Cloud Managed Identities Backup Admin (`roles/managedidentities.backupAdmin`) Full access to Google Cloud Managed Identities Backup and related resources. Intended to be granted on a project-level	`managedidentities.backups.` `managedidentities.backups.create` `managedidentities.backups.delete` `managedidentities.backups.get` `managedidentities.backups.getIamPolicy` `managedidentities.backups.list` `managedidentities.backups.setIamPolicy` `managedidentities.backups.update` `managedidentities.domains.get` `managedidentities.locations.` `managedidentities.locations.get` `managedidentities.locations.list` `managedidentities.operations.*` `managedidentities.operations.cancel` `managedidentities.operations.delete` `managedidentities.operations.get` `managedidentities.operations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Google Cloud Managed Identities Backup Viewer (`roles/managedidentities.backupViewer`) Read-only access to Google Cloud Managed Identities Backup and related resources.	`managedidentities.backups.get` `managedidentities.backups.getIamPolicy` `managedidentities.backups.list` `managedidentities.domains.get` `managedidentities.locations.*` `managedidentities.locations.get` `managedidentities.locations.list` `managedidentities.operations.get` `managedidentities.operations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Google Cloud Managed Identities Domain Admin (`roles/managedidentities.domainAdmin`) Read-Update-Delete to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a resource (domain) level.	`managedidentities.backups.` `managedidentities.backups.create` `managedidentities.backups.delete` `managedidentities.backups.get` `managedidentities.backups.getIamPolicy` `managedidentities.backups.list` `managedidentities.backups.setIamPolicy` `managedidentities.backups.update` `managedidentities.domains.attachTrust` `managedidentities.domains.checkMigrationPermission` `managedidentities.domains.createTagBinding` `managedidentities.domains.delete` `managedidentities.domains.deleteTagBinding` `managedidentities.domains.detachTrust` `managedidentities.domains.disableMigration` `managedidentities.domains.domainJoinMachine` `managedidentities.domains.enableMigration` `managedidentities.domains.extendSchema` `managedidentities.domains.get` `managedidentities.domains.getIamPolicy` `managedidentities.domains.listEffectiveTags` `managedidentities.domains.listTagBindings` `managedidentities.domains.reconfigureTrust` `managedidentities.domains.resetpassword` `managedidentities.domains.restore` `managedidentities.domains.update` `managedidentities.domains.updateLDAPSSettings` `managedidentities.domains.validateTrust` `managedidentities.locations.` `managedidentities.locations.get` `managedidentities.locations.list` `managedidentities.operations.get` `managedidentities.operations.list` `managedidentities.sqlintegrations.*` `managedidentities.sqlintegrations.get` `managedidentities.sqlintegrations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Google Cloud Managed Identities Domain Join ^Beta (`roles/managedidentities.domainJoin`) Access to domain join VMs with Cloud AD	`managedidentities.domains.domainJoinMachine` `managedidentities.domains.get`
Google Cloud Managed Identities Peering Admin (`roles/managedidentities.peeringAdmin`) Full access to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a project-level	`managedidentities.locations.` `managedidentities.locations.get` `managedidentities.locations.list` `managedidentities.operations.` `managedidentities.operations.cancel` `managedidentities.operations.delete` `managedidentities.operations.get` `managedidentities.operations.list` `managedidentities.peerings.*` `managedidentities.peerings.create` `managedidentities.peerings.delete` `managedidentities.peerings.get` `managedidentities.peerings.getIamPolicy` `managedidentities.peerings.list` `managedidentities.peerings.setIamPolicy` `managedidentities.peerings.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Google Cloud Managed Identities Peering Viewer (`roles/managedidentities.peeringViewer`) Read-only access to Google Cloud Managed Identities Peering and related resources.	`managedidentities.locations.*` `managedidentities.locations.get` `managedidentities.locations.list` `managedidentities.operations.get` `managedidentities.operations.list` `managedidentities.peerings.get` `managedidentities.peerings.getIamPolicy` `managedidentities.peerings.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

Google Cloud Managed Identities Admin

(roles/managedidentities.admin)

Full access to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a project-level.

managedidentities.*

managedidentities.backups.create
managedidentities.backups.delete
managedidentities.backups.get
managedidentities.backups.getIamPolicy
managedidentities.backups.list
managedidentities.backups.setIamPolicy
managedidentities.backups.update
managedidentities.domains.attachTrust
managedidentities.domains.checkMigrationPermission
managedidentities.domains.create
managedidentities.domains.createTagBinding
managedidentities.domains.delete
managedidentities.domains.deleteTagBinding
managedidentities.domains.detachTrust
managedidentities.domains.disableMigration
managedidentities.domains.domainJoinMachine
managedidentities.domains.enableMigration
managedidentities.domains.extendSchema
managedidentities.domains.get
managedidentities.domains.getIamPolicy
managedidentities.domains.list
managedidentities.domains.listEffectiveTags
managedidentities.domains.listTagBindings
managedidentities.domains.reconfigureTrust
managedidentities.domains.resetpassword
managedidentities.domains.restore
managedidentities.domains.setIamPolicy
managedidentities.domains.update
managedidentities.domains.updateLDAPSSettings
managedidentities.domains.validateTrust
managedidentities.locations.get
managedidentities.locations.list
managedidentities.operations.cancel
managedidentities.operations.delete
managedidentities.operations.get
managedidentities.operations.list
managedidentities.peerings.create
managedidentities.peerings.delete
managedidentities.peerings.get
managedidentities.peerings.getIamPolicy
managedidentities.peerings.list
managedidentities.peerings.setIamPolicy
managedidentities.peerings.update
managedidentities.sqlintegrations.get
managedidentities.sqlintegrations.list

resourcemanager.projects.get

resourcemanager.projects.list

Managedidentities Editor

(roles/managedidentities.editor)

Editor role for managedidentities

managedidentities.backups.create

managedidentities.backups.delete

managedidentities.backups.get

managedidentities.backups.getIamPolicy

managedidentities.backups.list

managedidentities.backups.update

managedidentities.domains.attachTrust

managedidentities.domains.checkMigrationPermission

managedidentities.domains.create

managedidentities.domains.delete

managedidentities.domains.detachTrust

managedidentities.domains.disableMigration

managedidentities.domains.domainJoinMachine

managedidentities.domains.enableMigration

managedidentities.domains.extendSchema

managedidentities.domains.get

managedidentities.domains.getIamPolicy

managedidentities.domains.list

managedidentities.domains.listEffectiveTags

managedidentities.domains.listTagBindings

managedidentities.domains.reconfigureTrust

managedidentities.domains.resetpassword

managedidentities.domains.restore

managedidentities.domains.update

managedidentities.domains.updateLDAPSSettings

managedidentities.domains.validateTrust

managedidentities.locations.*

managedidentities.locations.get
managedidentities.locations.list

managedidentities.operations.*

managedidentities.operations.cancel
managedidentities.operations.delete
managedidentities.operations.get
managedidentities.operations.list

managedidentities.peerings.create

managedidentities.peerings.delete

managedidentities.peerings.get

managedidentities.peerings.getIamPolicy

managedidentities.peerings.list

managedidentities.peerings.update

managedidentities.sqlintegrations.*

managedidentities.sqlintegrations.get
managedidentities.sqlintegrations.list

resourcemanager.projects.get

resourcemanager.projects.list

Google Cloud Managed Identities Viewer

(roles/managedidentities.viewer)

Read-only access to Google Cloud Managed Identities Domains and related resources.

managedidentities.backups.get

managedidentities.backups.getIamPolicy

managedidentities.backups.list

managedidentities.domains.get

managedidentities.domains.getIamPolicy

managedidentities.domains.list

managedidentities.domains.listEffectiveTags

managedidentities.domains.listTagBindings

managedidentities.locations.*

managedidentities.locations.get
managedidentities.locations.list

managedidentities.operations.get

managedidentities.operations.list

managedidentities.peerings.get

managedidentities.peerings.getIamPolicy

managedidentities.peerings.list

managedidentities.sqlintegrations.*

managedidentities.sqlintegrations.get
managedidentities.sqlintegrations.list

resourcemanager.projects.get

resourcemanager.projects.list

Google Cloud Managed Identities Backup Admin

(roles/managedidentities.backupAdmin)

Full access to Google Cloud Managed Identities Backup and related resources. Intended to be granted on a project-level

managedidentities.backups.*

managedidentities.backups.create
managedidentities.backups.delete
managedidentities.backups.get
managedidentities.backups.getIamPolicy
managedidentities.backups.list
managedidentities.backups.setIamPolicy
managedidentities.backups.update

managedidentities.domains.get

managedidentities.locations.*

managedidentities.locations.get
managedidentities.locations.list

managedidentities.operations.*

managedidentities.operations.cancel
managedidentities.operations.delete
managedidentities.operations.get
managedidentities.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Google Cloud Managed Identities Backup Viewer

(roles/managedidentities.backupViewer)

Read-only access to Google Cloud Managed Identities Backup and related resources.

managedidentities.backups.get

managedidentities.backups.getIamPolicy

managedidentities.backups.list

managedidentities.domains.get

managedidentities.locations.*

managedidentities.locations.get
managedidentities.locations.list

managedidentities.operations.get

managedidentities.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Google Cloud Managed Identities Domain Admin

(roles/managedidentities.domainAdmin)

Read-Update-Delete to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a resource (domain) level.

managedidentities.backups.*

managedidentities.backups.create
managedidentities.backups.delete
managedidentities.backups.get
managedidentities.backups.getIamPolicy
managedidentities.backups.list
managedidentities.backups.setIamPolicy
managedidentities.backups.update

managedidentities.domains.attachTrust

managedidentities.domains.checkMigrationPermission

managedidentities.domains.createTagBinding

managedidentities.domains.delete

managedidentities.domains.deleteTagBinding

managedidentities.domains.detachTrust

managedidentities.domains.disableMigration

managedidentities.domains.domainJoinMachine

managedidentities.domains.enableMigration

managedidentities.domains.extendSchema

managedidentities.domains.get

managedidentities.domains.getIamPolicy

managedidentities.domains.listEffectiveTags

managedidentities.domains.listTagBindings

managedidentities.domains.reconfigureTrust

managedidentities.domains.resetpassword

managedidentities.domains.restore

managedidentities.domains.update

managedidentities.domains.updateLDAPSSettings

managedidentities.domains.validateTrust

managedidentities.locations.*

managedidentities.locations.get
managedidentities.locations.list

managedidentities.operations.get

managedidentities.operations.list

managedidentities.sqlintegrations.*

managedidentities.sqlintegrations.get
managedidentities.sqlintegrations.list

resourcemanager.projects.get

resourcemanager.projects.list

Google Cloud Managed Identities Domain Join ^Beta

(roles/managedidentities.domainJoin)

Access to domain join VMs with Cloud AD

managedidentities.domains.domainJoinMachine

managedidentities.domains.get

Google Cloud Managed Identities Peering Admin

(roles/managedidentities.peeringAdmin)

Full access to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a project-level

managedidentities.locations.*

managedidentities.locations.get
managedidentities.locations.list

managedidentities.operations.*

managedidentities.operations.cancel
managedidentities.operations.delete
managedidentities.operations.get
managedidentities.operations.list

managedidentities.peerings.*

managedidentities.peerings.create
managedidentities.peerings.delete
managedidentities.peerings.get
managedidentities.peerings.getIamPolicy
managedidentities.peerings.list
managedidentities.peerings.setIamPolicy
managedidentities.peerings.update

resourcemanager.projects.get

resourcemanager.projects.list

Google Cloud Managed Identities Peering Viewer

(roles/managedidentities.peeringViewer)

Read-only access to Google Cloud Managed Identities Peering and related resources.

managedidentities.locations.*

managedidentities.locations.get
managedidentities.locations.list

managedidentities.operations.get

managedidentities.operations.list

managedidentities.peerings.get

managedidentities.peerings.getIamPolicy

managedidentities.peerings.list

resourcemanager.projects.get

resourcemanager.projects.list

Service agent roles

Service agent roles should only be granted to service agents.

Role Permissions

Role	Permissions
Cloud Managed Identities Service Agent (`roles/managedidentities.serviceAgent`) Gives Managed Identities service account access to managed resources. Warning: Do not grant service agent roles to any principals except service agents.	`compute.globalOperations.get` `compute.networks.addPeering` `compute.networks.get` `compute.networks.removePeering` `compute.networks.update` `compute.routes.list` `dns.changes.` `dns.changes.create` `dns.changes.get` `dns.changes.list` `dns.dnsKeys.` `dns.dnsKeys.get` `dns.dnsKeys.list` `dns.managedZoneOperations.` `dns.managedZoneOperations.get` `dns.managedZoneOperations.list` `dns.managedZones.create` `dns.managedZones.delete` `dns.managedZones.get` `dns.managedZones.list` `dns.managedZones.update` `dns.networks.bindPrivateDNSPolicy` `dns.networks.bindPrivateDNSZone` `dns.policies.create` `dns.policies.delete` `dns.policies.get` `dns.policies.list` `dns.policies.update` `dns.projects.get` `dns.resourceRecordSets.` `dns.resourceRecordSets.create` `dns.resourceRecordSets.delete` `dns.resourceRecordSets.get` `dns.resourceRecordSets.list` `dns.resourceRecordSets.update` `dns.responsePolicies.` `dns.responsePolicies.create` `dns.responsePolicies.delete` `dns.responsePolicies.get` `dns.responsePolicies.list` `dns.responsePolicies.update` `dns.responsePolicyRules.` `dns.responsePolicyRules.create` `dns.responsePolicyRules.delete` `dns.responsePolicyRules.get` `dns.responsePolicyRules.list` `dns.responsePolicyRules.update` `monitoring.metricDescriptors.create` `monitoring.metricDescriptors.get` `monitoring.metricDescriptors.list` `monitoring.monitoredResourceDescriptors.*` `monitoring.monitoredResourceDescriptors.get` `monitoring.monitoredResourceDescriptors.list` `monitoring.timeSeries.create` `resourcemanager.projects.get` `resourcemanager.projects.list` `telemetry.metrics.write`

Cloud Managed Identities Service Agent

(roles/managedidentities.serviceAgent)

Gives Managed Identities service account access to managed resources.

compute.globalOperations.get

compute.networks.addPeering

compute.networks.get

compute.networks.removePeering

compute.networks.update

compute.routes.list

dns.changes.*

dns.changes.create
dns.changes.get
dns.changes.list

dns.dnsKeys.*

dns.dnsKeys.get
dns.dnsKeys.list

dns.managedZoneOperations.*

dns.managedZoneOperations.get
dns.managedZoneOperations.list

dns.managedZones.create

dns.managedZones.delete

dns.managedZones.get

dns.managedZones.list

dns.managedZones.update

dns.networks.bindPrivateDNSPolicy

dns.networks.bindPrivateDNSZone

dns.policies.create

dns.policies.delete

dns.policies.get

dns.policies.list

dns.policies.update

dns.projects.get

dns.resourceRecordSets.*

dns.resourceRecordSets.create
dns.resourceRecordSets.delete
dns.resourceRecordSets.get
dns.resourceRecordSets.list
dns.resourceRecordSets.update

dns.responsePolicies.*

dns.responsePolicies.create
dns.responsePolicies.delete
dns.responsePolicies.get
dns.responsePolicies.list
dns.responsePolicies.update

dns.responsePolicyRules.*

dns.responsePolicyRules.create
dns.responsePolicyRules.delete
dns.responsePolicyRules.get
dns.responsePolicyRules.list
dns.responsePolicyRules.update

monitoring.metricDescriptors.create

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

monitoring.monitoredResourceDescriptors.get
monitoring.monitoredResourceDescriptors.list

monitoring.timeSeries.create

resourcemanager.projects.get

resourcemanager.projects.list

telemetry.metrics.write

Managed Service for Microsoft Active Directory permissions

Permission	Included in roles
`managedidentities.backups.create`	Owner (`roles/owner`) Editor (`roles/editor`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Managedidentities Editor (`roles/managedidentities.editor`) Google Cloud Managed Identities Backup Admin (`roles/managedidentities.backupAdmin`) Google Cloud Managed Identities Domain Admin (`roles/managedidentities.domainAdmin`)
`managedidentities.backups.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Managedidentities Editor (`roles/managedidentities.editor`) Google Cloud Managed Identities Backup Admin (`roles/managedidentities.backupAdmin`) Google Cloud Managed Identities Domain Admin (`roles/managedidentities.domainAdmin`)
`managedidentities.backups.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Managedidentities Editor (`roles/managedidentities.editor`) Google Cloud Managed Identities Viewer (`roles/managedidentities.viewer`) Support User (`roles/iam.supportUser`) Google Cloud Managed Identities Backup Admin (`roles/managedidentities.backupAdmin`) Google Cloud Managed Identities Backup Viewer (`roles/managedidentities.backupViewer`) Google Cloud Managed Identities Domain Admin (`roles/managedidentities.domainAdmin`)
`managedidentities.backups.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Managedidentities Editor (`roles/managedidentities.editor`) Google Cloud Managed Identities Viewer (`roles/managedidentities.viewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Google Cloud Managed Identities Backup Admin (`roles/managedidentities.backupAdmin`) Google Cloud Managed Identities Backup Viewer (`roles/managedidentities.backupViewer`) Google Cloud Managed Identities Domain Admin (`roles/managedidentities.domainAdmin`)
`managedidentities.backups.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Managedidentities Editor (`roles/managedidentities.editor`) Google Cloud Managed Identities Viewer (`roles/managedidentities.viewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Google Cloud Managed Identities Backup Admin (`roles/managedidentities.backupAdmin`) Google Cloud Managed Identities Backup Viewer (`roles/managedidentities.backupViewer`) Google Cloud Managed Identities Domain Admin (`roles/managedidentities.domainAdmin`)
`managedidentities.backups.setIamPolicy`	Owner (`roles/owner`) Security Admin (`roles/iam.securityAdmin`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Google Cloud Managed Identities Backup Admin (`roles/managedidentities.backupAdmin`) Google Cloud Managed Identities Domain Admin (`roles/managedidentities.domainAdmin`)
`managedidentities.backups.update`	Owner (`roles/owner`) Editor (`roles/editor`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Managedidentities Editor (`roles/managedidentities.editor`) Google Cloud Managed Identities Backup Admin (`roles/managedidentities.backupAdmin`) Google Cloud Managed Identities Domain Admin (`roles/managedidentities.domainAdmin`)
`managedidentities.domains.attachTrust`	Owner (`roles/owner`) Editor (`roles/editor`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Managedidentities Editor (`roles/managedidentities.editor`) Google Cloud Managed Identities Domain Admin (`roles/managedidentities.domainAdmin`)
`managedidentities.domains.checkMigrationPermission`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Managedidentities Editor (`roles/managedidentities.editor`) Support User (`roles/iam.supportUser`) Google Cloud Managed Identities Domain Admin (`roles/managedidentities.domainAdmin`)
`managedidentities.domains.create`	Owner (`roles/owner`) Editor (`roles/editor`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Managedidentities Editor (`roles/managedidentities.editor`)
`managedidentities.domains.createTagBinding`	Owner (`roles/owner`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Tag User (`roles/resourcemanager.tagUser`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Google Cloud Managed Identities Domain Admin (`roles/managedidentities.domainAdmin`)
`managedidentities.domains.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Managedidentities Editor (`roles/managedidentities.editor`) Google Cloud Managed Identities Domain Admin (`roles/managedidentities.domainAdmin`)
`managedidentities.domains.deleteTagBinding`	Owner (`roles/owner`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Tag User (`roles/resourcemanager.tagUser`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Google Cloud Managed Identities Domain Admin (`roles/managedidentities.domainAdmin`)
`managedidentities.domains.detachTrust`	Owner (`roles/owner`) Editor (`roles/editor`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Managedidentities Editor (`roles/managedidentities.editor`) Google Cloud Managed Identities Domain Admin (`roles/managedidentities.domainAdmin`)
`managedidentities.domains.disableMigration`	Owner (`roles/owner`) Editor (`roles/editor`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Managedidentities Editor (`roles/managedidentities.editor`) Google Cloud Managed Identities Domain Admin (`roles/managedidentities.domainAdmin`)
`managedidentities.domains.domainJoinMachine`	Owner (`roles/owner`) Editor (`roles/editor`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Managedidentities Editor (`roles/managedidentities.editor`) Google Cloud Managed Identities Domain Admin (`roles/managedidentities.domainAdmin`) Google Cloud Managed Identities Domain Join (`roles/managedidentities.domainJoin`)
`managedidentities.domains.enableMigration`	Owner (`roles/owner`) Editor (`roles/editor`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Managedidentities Editor (`roles/managedidentities.editor`) Google Cloud Managed Identities Domain Admin (`roles/managedidentities.domainAdmin`)
`managedidentities.domains.extendSchema`	Owner (`roles/owner`) Editor (`roles/editor`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Managedidentities Editor (`roles/managedidentities.editor`) Google Cloud Managed Identities Domain Admin (`roles/managedidentities.domainAdmin`)
`managedidentities.domains.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Managedidentities Editor (`roles/managedidentities.editor`) Google Cloud Managed Identities Viewer (`roles/managedidentities.viewer`) Support User (`roles/iam.supportUser`) Google Cloud Managed Identities Backup Admin (`roles/managedidentities.backupAdmin`) Google Cloud Managed Identities Backup Viewer (`roles/managedidentities.backupViewer`) Google Cloud Managed Identities Domain Admin (`roles/managedidentities.domainAdmin`) Google Cloud Managed Identities Domain Join (`roles/managedidentities.domainJoin`)
`managedidentities.domains.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Managedidentities Editor (`roles/managedidentities.editor`) Google Cloud Managed Identities Viewer (`roles/managedidentities.viewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Google Cloud Managed Identities Domain Admin (`roles/managedidentities.domainAdmin`)
`managedidentities.domains.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Managedidentities Editor (`roles/managedidentities.editor`) Google Cloud Managed Identities Viewer (`roles/managedidentities.viewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`managedidentities.domains.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Managedidentities Editor (`roles/managedidentities.editor`) Google Cloud Managed Identities Viewer (`roles/managedidentities.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Google Cloud Managed Identities Domain Admin (`roles/managedidentities.domainAdmin`)
`managedidentities.domains.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Managedidentities Editor (`roles/managedidentities.editor`) Google Cloud Managed Identities Viewer (`roles/managedidentities.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Google Cloud Managed Identities Domain Admin (`roles/managedidentities.domainAdmin`)
`managedidentities.domains.reconfigureTrust`	Owner (`roles/owner`) Editor (`roles/editor`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Managedidentities Editor (`roles/managedidentities.editor`) Google Cloud Managed Identities Domain Admin (`roles/managedidentities.domainAdmin`)
`managedidentities.domains.resetpassword`	Owner (`roles/owner`) Editor (`roles/editor`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Managedidentities Editor (`roles/managedidentities.editor`) Google Cloud Managed Identities Domain Admin (`roles/managedidentities.domainAdmin`)
`managedidentities.domains.restore`	Owner (`roles/owner`) Editor (`roles/editor`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Managedidentities Editor (`roles/managedidentities.editor`) Google Cloud Managed Identities Domain Admin (`roles/managedidentities.domainAdmin`)
`managedidentities.domains.setIamPolicy`	Owner (`roles/owner`) Security Admin (`roles/iam.securityAdmin`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`)
`managedidentities.domains.update`	Owner (`roles/owner`) Editor (`roles/editor`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Managedidentities Editor (`roles/managedidentities.editor`) Google Cloud Managed Identities Domain Admin (`roles/managedidentities.domainAdmin`)
`managedidentities.domains.updateLDAPSSettings`	Owner (`roles/owner`) Editor (`roles/editor`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Managedidentities Editor (`roles/managedidentities.editor`) Google Cloud Managed Identities Domain Admin (`roles/managedidentities.domainAdmin`)
`managedidentities.domains.validateTrust`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Managedidentities Editor (`roles/managedidentities.editor`) Support User (`roles/iam.supportUser`) Google Cloud Managed Identities Domain Admin (`roles/managedidentities.domainAdmin`)
`managedidentities.locations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Managedidentities Editor (`roles/managedidentities.editor`) Google Cloud Managed Identities Viewer (`roles/managedidentities.viewer`) Support User (`roles/iam.supportUser`) Google Cloud Managed Identities Backup Admin (`roles/managedidentities.backupAdmin`) Google Cloud Managed Identities Backup Viewer (`roles/managedidentities.backupViewer`) Google Cloud Managed Identities Domain Admin (`roles/managedidentities.domainAdmin`) Google Cloud Managed Identities Peering Admin (`roles/managedidentities.peeringAdmin`) Google Cloud Managed Identities Peering Viewer (`roles/managedidentities.peeringViewer`)
`managedidentities.locations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Managedidentities Editor (`roles/managedidentities.editor`) Google Cloud Managed Identities Viewer (`roles/managedidentities.viewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Google Cloud Managed Identities Backup Admin (`roles/managedidentities.backupAdmin`) Google Cloud Managed Identities Backup Viewer (`roles/managedidentities.backupViewer`) Google Cloud Managed Identities Domain Admin (`roles/managedidentities.domainAdmin`) Google Cloud Managed Identities Peering Admin (`roles/managedidentities.peeringAdmin`) Google Cloud Managed Identities Peering Viewer (`roles/managedidentities.peeringViewer`)
`managedidentities.operations.cancel`	Owner (`roles/owner`) Editor (`roles/editor`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Managedidentities Editor (`roles/managedidentities.editor`) Google Cloud Managed Identities Backup Admin (`roles/managedidentities.backupAdmin`) Google Cloud Managed Identities Peering Admin (`roles/managedidentities.peeringAdmin`)
`managedidentities.operations.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Managedidentities Editor (`roles/managedidentities.editor`) Google Cloud Managed Identities Backup Admin (`roles/managedidentities.backupAdmin`) Google Cloud Managed Identities Peering Admin (`roles/managedidentities.peeringAdmin`)
`managedidentities.operations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Managedidentities Editor (`roles/managedidentities.editor`) Google Cloud Managed Identities Viewer (`roles/managedidentities.viewer`) Support User (`roles/iam.supportUser`) Google Cloud Managed Identities Backup Admin (`roles/managedidentities.backupAdmin`) Google Cloud Managed Identities Backup Viewer (`roles/managedidentities.backupViewer`) Google Cloud Managed Identities Domain Admin (`roles/managedidentities.domainAdmin`) Google Cloud Managed Identities Peering Admin (`roles/managedidentities.peeringAdmin`) Google Cloud Managed Identities Peering Viewer (`roles/managedidentities.peeringViewer`)
`managedidentities.operations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Managedidentities Editor (`roles/managedidentities.editor`) Google Cloud Managed Identities Viewer (`roles/managedidentities.viewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Google Cloud Managed Identities Backup Admin (`roles/managedidentities.backupAdmin`) Google Cloud Managed Identities Backup Viewer (`roles/managedidentities.backupViewer`) Google Cloud Managed Identities Domain Admin (`roles/managedidentities.domainAdmin`) Google Cloud Managed Identities Peering Admin (`roles/managedidentities.peeringAdmin`) Google Cloud Managed Identities Peering Viewer (`roles/managedidentities.peeringViewer`)
`managedidentities.peerings.create`	Owner (`roles/owner`) Editor (`roles/editor`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Managedidentities Editor (`roles/managedidentities.editor`) Google Cloud Managed Identities Peering Admin (`roles/managedidentities.peeringAdmin`)
`managedidentities.peerings.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Managedidentities Editor (`roles/managedidentities.editor`) Google Cloud Managed Identities Peering Admin (`roles/managedidentities.peeringAdmin`)
`managedidentities.peerings.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Managedidentities Editor (`roles/managedidentities.editor`) Google Cloud Managed Identities Viewer (`roles/managedidentities.viewer`) Support User (`roles/iam.supportUser`) Google Cloud Managed Identities Peering Admin (`roles/managedidentities.peeringAdmin`) Google Cloud Managed Identities Peering Viewer (`roles/managedidentities.peeringViewer`)
`managedidentities.peerings.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Managedidentities Editor (`roles/managedidentities.editor`) Google Cloud Managed Identities Viewer (`roles/managedidentities.viewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Google Cloud Managed Identities Peering Admin (`roles/managedidentities.peeringAdmin`) Google Cloud Managed Identities Peering Viewer (`roles/managedidentities.peeringViewer`)
`managedidentities.peerings.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Managedidentities Editor (`roles/managedidentities.editor`) Google Cloud Managed Identities Viewer (`roles/managedidentities.viewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Google Cloud Managed Identities Peering Admin (`roles/managedidentities.peeringAdmin`) Google Cloud Managed Identities Peering Viewer (`roles/managedidentities.peeringViewer`)
`managedidentities.peerings.setIamPolicy`	Owner (`roles/owner`) Security Admin (`roles/iam.securityAdmin`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Google Cloud Managed Identities Peering Admin (`roles/managedidentities.peeringAdmin`)
`managedidentities.peerings.update`	Owner (`roles/owner`) Editor (`roles/editor`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Managedidentities Editor (`roles/managedidentities.editor`) Google Cloud Managed Identities Peering Admin (`roles/managedidentities.peeringAdmin`)
`managedidentities.sqlintegrations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Managedidentities Editor (`roles/managedidentities.editor`) Google Cloud Managed Identities Viewer (`roles/managedidentities.viewer`) Support User (`roles/iam.supportUser`) Google Cloud Managed Identities Domain Admin (`roles/managedidentities.domainAdmin`)
`managedidentities.sqlintegrations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Google Cloud Managed Identities Admin (`roles/managedidentities.admin`) Managedidentities Editor (`roles/managedidentities.editor`) Google Cloud Managed Identities Viewer (`roles/managedidentities.viewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Google Cloud Managed Identities Domain Admin (`roles/managedidentities.domainAdmin`)

Managed Service for Microsoft Active Directory roles and permissions Stay organized with collections Save and categorize content based on your preferences.