Highest Voted 'gcp-iam' Questions

1

vote

0 answers

How do I list all groups a GCP service account belongs to?

I have a GSA: my-gsa@myproject.iam.gserviceaccount.com GCP has supported groups for a while now so I added that GSA to a bunch of groups. How can I easily see what groups that GSA belongs to? If this was a google user account I could go to the G…

google-cloud-platform gcp-iam

asked Dec 08 '21 at 19:19

red888

27,709
55
204
392

0

votes

0 answers

Disable service account key with google API client

Google Cloud's IAM allows you to activate/deactivate service account keys, so you can safely deactivate and remove a key once you're sure it hasn't broken anything in your systems. In my case, I'm working on a project that implements an API that…

google-cloud-platform google-api-go-client gcp-iam

asked Jun 05 '23 at 07:28

beni0888

1,050
1
12
40

0

votes

0 answers

GCP Cloud SQL, accidentally granted perms from IAM account to Postgres account, now locked out

Ran this while trying to manage some permissions with Cloud SQL IAM users: GRANT "****@*****.iam" to postgres; Now it appears that my postgres account is an IAM user in the DB. And I can't change it back because I can't log in with my original…

postgresql google-cloud-platform google-cloud-sql cloud-sql-proxy gcp-iam

asked Nov 09 '22 at 18:41

fogg4444

1

0

votes

0 answers

How to construct GCP org policy with tag rules to apply to cloud run service

I am trying to default my Cloud Run services ingress access to be internal only unless a specific tag is being set on the service by the service owner (for instance). I am trying to achieve this with org policies and tags. Found the relevant org…

google-cloud-platform google-cloud-run gcp-iam

asked Oct 31 '22 at 23:22

mikil

1
1

0

votes

0 answers

During service account impersonation, does a request have the union of the user roles and service account roles?

While a user account impersonates a service account to call a GCP API or gcloud command, does the request have the union of permissions for both the user account and the service account? For example, if the request returns a 403 error such…

impersonation service-accounts gcp-iam

asked Sep 13 '22 at 23:45

intotecho

4,925
3
39
54

0

votes

1 answer

How to get the access for the identity platform users to acces the cloud function in GCP

I'm new to GCP, i found that identity platform is similar to cognito userpool in AWS. So that I have created few users in Identity platform (GCIP), able to authorize them with firebase script provided. I'm able to get the access token for the valid…

firebase google-cloud-platform google-cloud-firestore google-cloud-functions gcp-iam

asked Jul 24 '22 at 17:46

Mahesh kanna

1

0

votes

1 answer

User with GKE admin role not able to view cluster api upgrade notifications and needs viewer role to view the same

We have observed that in GKE, user with GKE admin role does not get cluster api upgrade notification as shown below and they need to have viewer access to view these notifications. what could be the reason behind it ? Ideally user having GKE admin…

kubernetes google-cloud-platform google-kubernetes-engine gcp-iam

asked Jun 16 '22 at 16:32

saurabh umathe

315
2
17

0

votes

1 answer

Anthos cluster cannot create kubernetes resources unless I'm am a GCP Project Owner?

I have a GCP Project and Anthos Cluster deployed within it. If I am an admin of an Anthos cluster but not an Owner of the parent project, I have only read rights on Kubernetes and cannot create any resources. Getting: Error from server…

google-anthos gcp-iam

asked May 12 '22 at 14:33

Ivan Aracki

4,861
11
59
73

0

votes

2 answers

How can I impersonate a GCP service account for web console access?

I want a feature similar to AWS's role switching. In AWS I can switch to a role in the AWS web console- impersonating a "service account" for accessing AWS via the website. Gcloud has support for impersonating service accounts, but I cannot find…

google-cloud-platform gcp-iam

asked Apr 26 '22 at 13:09

red888

27,709
55
204
392

0

votes

1 answer

GCP permissions: access scopes and custom IAM service account roles

I have a Kotlin app that uses custom service account and needs to query a BigQuery table backed by a Google Spreadsheet. Querying the table requires a "https://www.googleapis.com/auth/drive" access scope, but as I understand custom service accounts…

google-cloud-platform google-bigquery gcp-iam

asked Feb 15 '22 at 09:29

sumek

26,495
13
56
75

0

votes

1 answer

Google Cloud Platform Service Account Key retention and client connections

Description of Issue I am trying to figure out if an active connection to BigQuery from a service account key will be terminated if that key is revoked from the Service Account. Example Say I have this running, which clearly the source code shows…

google-cloud-platform gcp-iam

asked Feb 08 '22 at 14:48

Wesley Dugan

65
1
4

0

votes

1 answer

How do I manage google groups and modify user attributes without domain wide delegation?

I want to give GSAs direct access to modify Google users. I can't find current docs on this so assuming it's not possible right now? It looks like this is only possible for working with…

google-cloud-platform google-gsuite gcp-iam

asked Jan 20 '22 at 18:06

red888

27,709
55
204
392

0

votes

1 answer

What service account roles to deploy a scheduled Cloud Function?

To deploy my Firebase project, I have setup a service account with the roles: Cloud Functions Admin Firebase Admin Service Account User It works fine with Hosting and Cloud Functions triggered by Firestore or HTTPS, but it fails with a function on…

firebase gcp-iam

asked Sep 24 '21 at 15:25

Louis Coulet

3,663
1
21
39

Questions tagged [gcp-iam]