Check permissions for users and service account in GCP via gcloud
Check permissions for users and service account in GCP via gcloud — practical walkthrough with examples.
The following gcloud command checks what IAM roles are assigned to a specific user or service account within a GCP project. It flattens the IAM policy bindings and filters by the member’s email address, which is useful for auditing permissions.
1
2
3
4
5
6
7
8
9
[arch:tmp ] gcloud projects get-iam-policy <project-name> \
--flatten="bindings[].members" \
--format='table(bindings.role)' \
--filter="bindings.members:usrname@domain.net"
ROLE
roles/iam.serviceAccountUser
roles/owner
roles/serviceusage.serviceUsageAdmin
This post is licensed under CC BY 4.0 by the author.