Cloud Infrastructure
GCP Service Account Permission Reference
Search GCP IAM roles and permissions to understand predefined vs custom roles, Workload Identity Federation, service account impersonation, and resource hierarchy inheritance.
No data is transmitted โ everything runs locallyTool
About this tool
GCP Service Account Permission Reference
The GCP Service Account Permission Reference covers predefined and custom IAM roles, Workload Identity Federation, service account impersonation, and resource hierarchy inheritance.
โข Look up the minimal GCP role needed for a CI/CD service account
โข Understand Workload Identity Federation before replacing service account JSON keys
โข Find the correct permission for service account impersonation in GKE
โข Check deny policy precedence when debugging unexpected GCP access denials
Next step
Cloud NAT Bandwidth Cost Calculator โ Calculate NAT Gateway vs NAT instance cost from daily outbound traffic volume.
Open Cloud NAT Bandwidth Cost Calculator โ
FAQ
What does this tool tell you?
The GCP Service Account Permission Reference covers predefined and custom IAM roles, Workload Identity Federation, service account impersonation, and resource hierarchy inheritance.
What affects the result most?
GCP IAM roles vs permissions: roles/storage.objectViewer vs storage.objects.get โ the role bundles permissions. Predefined vs custom roles: predefined roles updated by Google, custom roles frozen at creation. Service account impersonation: iam.serviceAccounts.actAs permission โ frequently misconfigured in CI/CD.
How should I use the result?
Use this tool to orient quickly to the concepts, field names, or values you are about to look up in a full specification or vendor documentation. It summarizes the common cases; the authoritative source remains whichever standard or vendor doc defines the values themselves.
Related tools