This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

GCP service account is limited to access Google Play developer account

Posted on 10-17-2023 02:41 AM
wyz
New Member
Reply posted on --/--/---- --:-- AM

I have a GCP service account function normally since 2021. Other developer account in Google Play can invite my service account to access their financial report and other info. However, recently when new developer tried to invite my service account, they receive message "此服务账号已经有权访问其他10个开发者账号,已达到上限", which means "this service account already has access to other 10 developer accounts, which already reaches upper limit". But my service accounts already have access to more than 50 accounts, and this error only occur recently with new developer account. Anybody has ideas what's the issue?

screenshot-20231017-164503.png

1 4 963
Topic Labels
4 REPLIES 4

Posted on --/--/---- --:-- AM
rgomes
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

We're having the same problem here. What's going on?

We depend on this to offer our services and now out of the blue there's this problem... Has anybody else seen this? Are there any solutions?

In the past we managed to get the Google Play data via Oauth by connecting to our customer's buckets directly. Google declined our scopes saying that we should use service accounts instead. Now, this happens... And without notice!

0 Likes

Posted on --/--/---- --:-- AM
rgomes
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

By the way, the original message in English is:
this service account already has access to 10 other developer accounts, which is the maximum allowed

 

CleanShot 2023-10-18 at 15.56.54.png

0 Likes

Posted on --/--/---- --:-- AM
rgomes
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Update:

I just got an email from the Trust and Safety team about something else that explains what's going on:

"Enforce access controls using Cloud IAM Policies via the following the steps:

  1. Create a service account to access data from your users’ Google Cloud Platform project. You may want to create a service account for each customer to avoid confused deputy problems.
  2. Instruct your customers to grant this service account appropriate access to their Cloud data via IAM Policies."

 

So basically what they're saying is that we should have one service account per user. That wasn't a requirement before, but it seems that now they're reinforcing it.

I had no idea we could have multiple account for the same thing. We'll try this approach and see what happens.

 

0 Likes

Posted on --/--/---- --:-- AM
rgomes
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

[SOLVED] Indeed the solution here is to simply create more service accounts. Just do that and you'll be fine.

Just be mindful that there's a limit of 100 service accounts per project. According to the odocumentation it's possible to increase that limit though.

0 Likes
Top Solution Authors
View all