IAM misconfigurations

Service Account with an Administrative Primitive Role (Owner/Editor)

Risk Level

Hazardous (3)

Compliance Frameworks


Primitive roles are roles that existed prior to the introduction of IAM in GCP. These roles are very powerful, and include a large number of permissions across all Google Cloud services. The Service Account {GcpIamServiceAccount} was found with the primitive administrative role ""{GcpIamServiceAccount.PolicyBindings.Role}"", this role allow the user broad administrative permissions on the {GcpIamServiceAccount.PolicyBindings.Policy.Scope} level.