Grant your originating account the Service Account Token Creator role on the target service account
Question
I used the below command to Authenticate in MAC OS terminal
gcloud auth login
It redirects to the google login page and show the authentication process successful.
While using the command
gsutil -i fetebird-storage@fetebird.iam.gserviceaccount.com ls
Getting an exception as
AccessDeniedException: Service account impersonation failed. Please go to the Google Cloud Platform Console (https://cloud.google.com/console), select IAM & admin, then Service Accounts, and grant your originating account the Service Account Token Creator role on the target service account.
However, on the cloud I do have given the permission as shown below
Auth List
1 answers
solution1
1 2022-04-30 20:59:08
The current logged in user (fetebird@gmail.com) must have the Service Account Access Token Creator role.
You might think the owner role would be sufficient, however, when I tested this myself you need to explicitly add it to the account that is impersonating the service account.
https://cloud.google.com/iam/docs/service-accounts#token-creator-role
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.