iam.serviceAccounts.getIamPolicy is required to perform this operation on service account
Question
From: https://cloud.google.com/iam/docs/granting-roles-to-service-accounts
running this command:
gcloud iam service-accounts get-iam-policy \
mysa@my-project.iam.gserviceaccount.com
I get:
gcloud iam service-accounts get-iam-policy mysa@my-project.iam.gserviceaccount.com
ERROR: (gcloud.iam.service-accounts.get-iam-policy) PERMISSION_DENIED: Permission iam.serviceAccounts.getIamPolicy is required to perform this operation on service account projects/-/serviceAccounts/mysa@my-project.iam.gserviceaccount.com
But I do have iam.serviceAccounts.getIamPolicy permission on the current user(role Owner)?
1 answers
solution1
0 2020-01-07 13:32:18
The problem was with the email member(Service Account email) to the project - in IAM users.
When I deleted this (SA member) in IAM, it worked giving "etag: ACAB" as a result.
I Need to figure out what that is, but it worked. Just found this
This account, should maybe have been deleted automatically when deleting a Service Account - but what do I know :-)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.