Google cloud project to service account to user roles mapping creation
Question
I have a Google cloud project created.
I created a service account with project editor role.
Now, if I give a user, serviceAccountUser role to the service account, it doesn't automatically gives the user permission on the project.
If I login using that user to Google cloud console, I'm unable to see the project itself.
It says in the documentation - "Users granted the Service Account User role on a service account can use it to indirectly access all the resources to which the service account has access."
So, I thought I would be able to access all the projects as well. Does the above statement mean something else?
1 answers
solution1
1 ACCPTED 2020-08-26 16:09:35
On GCP you have user accounts and service accounts. The main purpose of the service accounts is to consume GCP services via API calls, the documentation says: " A service account is a special type of Google account intended to represent a non-human user that needs to authenticate and be authorized to access data in Google APIs .". For login and interact with the GUI and resources you need a user account, if you want to see the resources the account need the viewer role, if you need perform operations on the resources you need admin role, review the documentation for more information ( How IAM works ).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.