Also read, Base Roles required for development teams in GCP

When it comes to service accounts, there are a few granular options available in GCP IAM.

  • Service Account Admin Role: This has the right to create and manage service accounts.
  • Create Service Account Role: This has the right to create service accounts.
  • Delete Service Account Role: This has the right to delete service accounts.
  • Service Account Key Admin Role: This has the right to create and manage service account keys. The role has the right to rotate keys.
  • Service Account Token Creator Role: This has the right to impersonate service accounts.
  • Service Account User Role: This has the right to run operations as the service account.

Also read, Service Accounts in GCP,  applications and service accounts  and Types of Identity in Google Cloud

Need a hands-on, GCP Consultant?

Need help with your GCP journey?  Start the conversation today.