This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
This site is in read only until July 22 as we migrate to a new platform; refer to this community post for more details.
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Restrict access to service accounts

Posted on 09-04-2024 10:14 AM
mharitakis
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hello team,

is there a way a specific service account not to be modified or deleted from other principals?

can this configured by an organizational policy?

Thanks

0 1 158
0 Likes
Reply
1 REPLY 1

Posted on --/--/---- --:-- AM
FrancoGP
Silver 1
Silver 1
Reply posted on --/--/---- --:-- AM

Hey!
To achieve this basic roles like owner or editor should be avoided as well as the roles/iam.serviceAccountAdmin. There is no constraint that locks the resource on it's own (there is for no key creation or service account creation blockage, form example) 

Taking this in to account iam management should be in order and just grant enough accesses.

0 Likes
Reply
Top Labels in this Space
Top Solution Authors
View all