How to check if user is in a google group using service account?
Question
I have a service that needs to check if a specific gmail (g-suite) account belongs to a google group.
I've tried Listing memberships of a Google Group but I have an error:
Error(2028): Permission denied for resource ... (or it may not exist).". Details: "[{'@type': 'type.googleapis.com/google.rpc.ResourceInfo', 'resourceType': 'cloudidentity.googleapis.com/Group', 'resourceName': '...', 'owner': 'domain:cloudidentity.googleapis.com', 'description': 'Error(2028): Permission denied for resource ... (or it may not exist).'}]
The code is the same as in the example.
The group belongs to the same org.
1 answers
solution1
0 2021-05-26 10:05:57
I understand that you want to check whether a specific user in a google group is using a service account.
To check this we have an IAM policy analyzer, In which you can see a list of all groups/users/SAs who have a given permission on a resource.
Below are some highlights
- You need certain permissions on organization to start.
- You need a custom role, get permission and group membership permissions to see full results.
For further reading please follow the document
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.