Given a Service Account that is assigned a Custom Role with a large number of permissions (All of them are readonly, so it's basically a subset of the Viewer Role)

How would I go about determining all the Services/APIs that need to be enabled from the permissions granted to ensure that the permissions can actually be used?

I tried using the services.get method from the ServiceUsage API and that method does return a list of APIs it supports for some Services while for others that list is not available. Moreover I'm unable to accurately map the APIs supported to the permissions.

Any ideas would be greatly appreciated.