No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hi! I just tried to create a service account and assign a role to it in GCP and it worked.
However, running `pulumi destroy`  didn’t only delete the service account in question, but also blew away the role assignments from ALL service accounts that had identical role. Am I doing this wrong? Seems quite risky. Here’s the code I used to create the service account and  assign the role:
```const serviceAccount = new gcp.serviceAccount.Account("myServiceAccount", 
    {
     accountId: SID,
     displayName: SNAME,
     description: "Service account Created by Pulumi"
    }
);

const iam = new gcp.projects.IAMBinding("myBinding",
   {
        members: [pulumi.interpolate `serviceAccount:${serviceAccount.email}`],
        role: "roles/storage.objectViewer",  
   }
);```


The bindings control all members of that role. You should use `IAMMember` to prevent that

Make on resource for each member, then if/when you destroy them it will only remove that member instead of the whole binding