Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

Version 1 Current »

Description: 

A service account is a special Google account that belongs to your application or a VM, instead of to an individual end user. Your application uses the service account to call the Google API of a service, so that the users aren't directly involved. It's recommended not to use admin access for ServiceAccount.


A service account in your organization has Admin, Owner, or Editor privileges assigned to it. It is recommended that service accounts not be assigned Admin, Owner, or Editor roles.

Solution: 

  1. Go to the IAM policy page.

  2. For each of the following members:

    MemberConflicting RolesserviceAccount:iot5-546@iotlab4-292218.iam.gserviceaccount.comroles/owner

    1. Click Edit next to the member. 
    2. To remove permissions, click Delete next to the offending role above.
    3. Click Save.

Reference: 

https://www.cisecurity.org/controls/account-monitoring-and-control

https://console.cloud.google.com/security/command-center/findings

  • No labels