[英]iam.serviceAccounts.getIamPolicy is required to perform this operation on service account
From: https://cloud.google.com/iam/docs/granting-roles-to-service-accounts来自: https : //cloud.google.com/iam/docs/granting-roles-to-service-accounts
running this command:运行此命令:
gcloud iam service-accounts get-iam-policy \
mysa@my-project.iam.gserviceaccount.com
I get:我得到:
gcloud iam service-accounts get-iam-policy mysa@my-project.iam.gserviceaccount.com
ERROR: (gcloud.iam.service-accounts.get-iam-policy) PERMISSION_DENIED: Permission iam.serviceAccounts.getIamPolicy is required to perform this operation on service account projects/-/serviceAccounts/mysa@my-project.iam.gserviceaccount.com
But I do have iam.serviceAccounts.getIamPolicy
permission on the current user(role Owner)?但是我对当前用户(角色所有者)有
iam.serviceAccounts.getIamPolicy
权限?
The problem was with the email member(Service Account email) to the project - in IAM users.问题出在项目的电子邮件成员(服务帐户电子邮件)上 - 在 IAM 用户中。
When I deleted this (SA member) in IAM, it worked giving "etag: ACAB" as a result.当我在 IAM 中删除这个(SA 成员)时,结果给出了“etag:ACAB”。
I Need to figure out what that is, but it worked.我需要弄清楚那是什么,但它起作用了。 Just found this
刚发现这个
This account, should maybe have been deleted automatically when deleting a Service Account - but what do I know :-)这个帐户应该在删除服务帐户时自动删除 - 但我知道什么:-)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.