IAM misconfigurations

User with Admin and standard user roles

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

Service Account admin Role allows the user/identity to create, delete, and manage service accounts. Service Account User Role allows the user/identity to assign service accounts to Apps/Compute Instances. No user should have Service Account Admin and Service Account User roles assigned at the same time to avoid security or privacy incidents and errors.
  • Recommended Mitigation

    Make sure no user is assigned with Service Account Admin and Service Account User roles at the same time.