Menu
Within the same Google Cloud Platform organization I'm managing there are several service accounts belonging to different projects that need access to a single (separate) project.
Is there any way to avoid having to individually grant access to each one of the service accounts to resources in the project via role?
With regular user accounts (i.e. those logging in via @gmail.com or other domain credentials) this can be achieved by putting all of them in a group through Cloud Identity and binding the role, but I do not know if there is a way of doing this for service accounts.
411
You can use new or existing service accounts. Visit our Help Center to learn more about managing Groups for your organization, creating service accounts, using the Cloud Identity Groups API, or viewing the Groups audit log.
A service account is a special type of Google account intended to represent a non-human user that needs to authenticate and be authorized to access data in Google APIs. Typically, service accounts are used in scenarios such as: Running workloads on virtual machines (VMs).
You may use Google groups which is a collection of Google accounts and service accounts to apply an access policy to a collection of users so that you would be able to grant and change access controls for a whole group at once instead of granting or changing access controls one-at-a-time for individual users or service accounts.
108
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
