Service Account admin Role allows the user/identity to create, delete, and manage service accounts. Service Account User Role allows the user/identity to assign service accounts to Apps/Compute Instances. No user should have Service Account Admin and Service Account User roles assigned at the same time to avoid security or privacy incidents and errors.
Recommended Mitigation
Make sure no user is assigned with Service Account Admin and Service Account User roles at the same time.
IAM misconfigurations
