Hello!

We are using Dataplex Data Quality Scans in our project and have encountered a limitation related to service account execution. By default, all Data Quality Scans are executed under the Dataplex-managed service account: service-[NUMBER]@gcp-sa-dataplex.iam.gserviceaccount.com

However, we would like to run specific scans under a custom service account, which has additional permissions * (e.g., access to KMS-encrypted fields or restricted datasets). This approach is necessary for use cases involving decryption or access to sensitive resources that cannot be granted to the default Dataplex SA.

We reviewed the documentation and attempted to configure the execution_spec.service_account field when creating the DataScan using both the API and client libraries, but it appears this field is either:
- not available for DataScan resources (unlike Dataplex Tasks), or
- silently ignored during scan creation.

Could you please confirm:

• Is there currently a supported way to run a Data Quality Scan under a custom service account?
• If not, are there any workarounds?
• Are there any upcoming plans to support this in the Dataplex roadmap?

Thank you in advance for your help and clarification.