sparse-intern-71089
04/13/2021, 2:39 PMgreen-school-95910
04/13/2021, 10:24 PMIAM*
applies to every resource on the project. So if you give the base viewer
role at that level to a user, the user would be able to see everything in the projectgreen-school-95910
04/13/2021, 10:26 PMserviceAccount.IAM*
or the IAM*
under any other resource applies to only one of that particular resource. If you give the same role to a user but using the serviceAccount.IAM*
resources, you'd need to specify a service account and the user would only be able to see that service account and no other resource in the projectgreen-school-95910
04/13/2021, 10:31 PMserviceAccount.IAM*
are used to give permissions regarding a particular service account, not necessarily to a service account (although it can be)bored-car-38257
04/14/2021, 3:55 PM