How to grant access for a Google Cloud Service Account to have all the same permissions as a another Service Account?

engineer-x

1/29/24, 3:09 AM

So I have a Google Cloud Service Account one [email protected] that has access to roles A and B.

There is Service Account two [email protected] which I need to have access to roles A, B, and C.

How do I get sa-2 to have the same access as sa-1 and some other access too?

I tried to add sa-2 as a principal to sa-1 with the Service Account Admin role.

IAM & Admin
Service Accounts
Select sa-1
"+ Grant Access"
Specify sa-2 in dropdown for New principals
Click "Save"

But there is still access denied on the GCP service using the sa-2 account.

I'm trying to get an inherited relationship between the two SAs.

818

1 + 1

service-accounts

google-cloud-platform

google-cloud-identity

google-iam

Sai Chandra Gadde

2/1/24, 11:21 AM

If the answer was useful, please mark the answer as accepted for greater visibility for the community or upvote if the answer has some useful information.

Score:1

Server

Sai Chandra Gadde

1/29/24, 6:49 AM

In order to grant a Google Cloud Service Account the same permissions as Service Account1, you will need to grant Service Account2 the roles/iam.serviceAccountUser role on the Service Account1. This will allow Service Account 2 to inherit the roles granted to Service Account 1, and you can then grant additional roles to Service Account 2 to give it additional access. You can do this by going to the IAM page in the Google Cloud Console and setting the role to Service Account User for Service Account 2..

For more information follow this doc.

+ 1

engineer-x

2/2/24, 9:11 AM

I'm still having issues with access even after doing this. I even tried with "Editor" access between the relationship between the two SAs. I also gave Service Account User, Service Account Admin, and Service Account Key Admin for all SAs for SA2 with the same result. The reason might be due to I'm using an SA key from SA2.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to grant access for a Google Cloud Service Account to have all the same permissions as a another Service Account?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.