The Service account '{GcpIamServiceAccount}' was granted an administrative role ({GcpIamServiceAccount.PolicyBindings.Role}) at the resource level ({GcpIamServiceAccount.PolicyBindings.Policy.Scope}). This role allows the service account to perform all actions on the resource. Service accounts should be provided only with the permissions they require. If the service account does not require all actions, this role should be replaced with a less privileged one
Recommended Mitigation
It is recommended to provide a service account with only the necessary permissions. Evaluate the service account's permissions and consider removing the binding to {GcpIamServiceAccount.PolicyBindings.Role}