'How Service Account impersonation works?

If an user impersonates a service account in gcloud CLI and they access the console.cloud.google.com dashboard, will the roles applicable for the service account be used or will the user specific roles be used?

Thanks in advance!

google-cloud-platformservice-accountsgoogle-iam


Solution 1:[1]

Yes, same roles will be applied to the user. From what I understand and experience, the concept of service account impersonation is to allow a user to that specific service account with specific roles and access to the resource.

Benefits of service account impersonation are:

  • limit user account permission
  • reduce the risk of service account keys
  • easy maintenance by removing the user from service account resource

For your reference, you can check out more on this Google Cloud IAM documentation.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Bryan L

Related Questions

How to use use Firestore document field's HashMap key value and populate recyclerview?

how to keep GKE cluster nodes in different regions?

Google Cloud TTS API for M1 Mac

Is it possible to render a video from AfterEffects in a Google Collaboratory notebook?

Allow-IAP Firewall Rule created in default VPC in GCP getting reflected in other VPC as well

Attribute Error when importing SpeechClient from google.cloud.speech

GCP Cost billing data

What is the difference between gcloud and gsutil?

Volume not persistent in Google Cloud

Permission Denied when trying to write on a TPU VM foler

Google Cloud Free Tier will start charging for static or ephemeral IP Address?

How to create a empty folder in google storage(bucket) using gsutil command?

How can size of the root disk in Google Compute Engine be increased?

Cannot switch Firestore from Datastore to native mode on GCP

action console simulator is not working and I cannot release my project