IAM misconfigurations

User with Administrative Privileges within Project Scope

Risk Level

Hazardous (3)

Platform(s)
Compliance Frameworks

Description

Administrative permissions ({PolicyBindings.Role}) have been granted to the user {GcpUser} at the project level; these rights allow the User or service account to create a project. Once a user creates a project, they're automatically granted the owner role for that project.
  • Recommended Mitigation

    Evaluate the user's permissions and consider removing the binding to {GcpUser.PolicyBindings.Role}