堆栈内存溢出
  简体   繁体   English

需要 iam.serviceAccounts.getIamPolicy 才能对服务帐户执行此操作

[英]iam.serviceAccounts.getIamPolicy is required to perform this operation on service account

 原文  2020-01-07 10:49:13       google-cloud-platform/ gcloud/ google-cloud-iam

问题描述

From: https://cloud.google.com/iam/docs/granting-roles-to-service-accounts来自: https : //cloud.google.com/iam/docs/granting-roles-to-service-accounts

running this command:运行此命令:

gcloud iam service-accounts get-iam-policy \
    mysa@my-project.iam.gserviceaccount.com

I get:我得到:

gcloud iam service-accounts get-iam-policy mysa@my-project.iam.gserviceaccount.com
ERROR: (gcloud.iam.service-accounts.get-iam-policy) PERMISSION_DENIED: Permission iam.serviceAccounts.getIamPolicy is required to perform this operation on service account projects/-/serviceAccounts/mysa@my-project.iam.gserviceaccount.com

But I do have iam.serviceAccounts.getIamPolicy permission on the current user(role Owner)?但是我对当前用户(角色所有者)有iam.serviceAccounts.getIamPolicy权限?

1 个解决方案

解决方案1
 0  2020-01-07 13:32:18

The problem was with the email member(Service Account email) to the project - in IAM users.问题出在项目的电子邮件成员(服务帐户电子邮件)上 - 在 IAM 用户中。

When I deleted this (SA member) in IAM, it worked giving "etag: ACAB" as a result.当我在 IAM 中删除这个(SA 成员)时,结果给出了“etag:ACAB”。

I Need to figure out what that is, but it worked.我需要弄清楚那是什么,但它起作用了。 Just found this刚发现这个

This account, should maybe have been deleted automatically when deleting a Service Account - but what do I know :-)这个帐户应该在删除服务帐户时自动删除 - 但我知道什么:-)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 (GCP,Terraform)创建服务帐户时出错:googleapi:错误 403:需要权限 iam.serviceAccounts.create 才能执行此操作 - (GCP, Terraform) Error creating service account: googleapi: Error 403: Permission iam.serviceAccounts.create is required to perform this operation on (Terraform,GCP)错误 403:需要权限 iam.serviceAccounts.setIamPolicy 才能对服务帐户项目/myproject-17 执行此操作 - (Terraform, GCP) Error 403: Permission iam.serviceAccounts.setIamPolicy is required to perform this operation on service account projects/myproject-17 Terraform 抛出为服务帐户设置 IAM 策略时出错...需要权限 iam.serviceAccounts.setIamPolicy - Terraform throws Error setting IAM policy for service account ... Permission iam.serviceAccounts.setIamPolicy is required "403:对项目projects\/xyz执行此操作需要权限iam.serviceAccounts.create" - 403: Permission iam.serviceAccounts.create is required to perform this operation on project projects/xyz 在云运行上部署时,服务帐户的权限“iam.serviceaccounts.actAs”被拒绝 - Permission 'iam.serviceaccounts.actAs' denied on service account when deploying on cloud run 使用 Deployment Manager 进行 BQ 计划查询:“P4 服务帐户需要 iam.serviceAccounts.getAccessToken 权限” - BQ Schedule Queries with Deployment Manager: “P4 service account needs iam.serviceAccounts.getAccessToken permission” 使用自定义服务帐号部署到 Cloud Run 失败并出现 iam.serviceaccounts.actAs 错误 - Deploying to Cloud Run with a custom service account failed with iam.serviceaccounts.actAs error 将服务帐号设置为现有计划查询所需的 IAM 角色 - Required IAM roles to set service account to an existing scheduled query 如何在服务帐户上启用“iam.serviceAccounts.actAs”权限? - How do you enable "iam.serviceAccounts.actAs" permissions on a sevice account? terraform - 无法从 Kube.netes 获取服务帐户:serviceaccounts“<name of service account> “ 未找到</name> - terraform - Unable to fetch service account from Kubernetes: serviceaccounts "<name of service account>" not found
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM