bored-car-38257
04/13/2021, 2:39 PMgcp.projects.IAM*
& gcp.serviceAccount.IAM*
. How and when to use these two ?green-school-95910
04/13/2021, 10:24 PMIAM*
applies to every resource on the project. So if you give the base viewer
role at that level to a user, the user would be able to see everything in the projectserviceAccount.IAM*
or the IAM*
under any other resource applies to only one of that particular resource. If you give the same role to a user but using the serviceAccount.IAM*
resources, you'd need to specify a service account and the user would only be able to see that service account and no other resource in the projectserviceAccount.IAM*
are used to give permissions regarding a particular service account, not necessarily to a service account (although it can be)bored-car-38257
04/14/2021, 3:55 PM