更新时间:2021-12-23 21:57:49
如评论中所述,项目负责人不是自定义角色创建为向贵组织中的用户提供访问权限.
As mentioned in the comments, Project Owner is not one of the Primitive Roles for projects in GCP. It's most likely that Project Owneris a Custom Role created to provide access to users in your Organization.
权限resourcemanager.projects.setIamPolicy
仅包含在以下角色中:
The permission resourcemanager.projects.setIamPolicy
is only contained in the following Roles:
roles/owner
)roles/owner
)roles/iam.securityAdmin
)roles/resourcemanager.folderAdmin
)roles/resourcemanager.organizationAdmin
)roles/resourcemanager.projectIamAdmin
)roles/iam.securityAdmin
)roles/resourcemanager.folderAdmin
)roles/resourcemanager.organizationAdmin
)roles/resourcemanager.projectIamAdmin
)您可以在 Cloud IAM中了解有关每个角色包含哪些权限的更多信息.文档.我建议请组织管理员分配角色 Project IAM Admin (项目IAM管理员)给您的用户,因为此角色非常具体,仅提供管理项目中Cloud IAM策略的权限.他们还可以将各个角色添加到自定义 项目负责人角色,这将允许组织中拥有该角色的任何人管理其项目中管理的IAM.
You can learn more about which permissions are included with every of these roles in the Cloud IAM Documentation. I would suggest to ask an Organization Administrator to assign the role Project IAM Admin to your user, as this role is very specific to provide permissions to administer Cloud IAM policies on projects only. They could also add the individual roles to the custom Project Owner role, and this would allow anyone in the organization who has the role assigned to manage IAM policied within their projects.