Service accounts should not have roles assigned with excessive privileges
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | iam |
| Provider | |
| Vulnerability Type | misconfiguration |
Description#
The configuration assigns overly broad or privileged IAM roles to Google service accounts, granting them more permissions than necessary. This increases the risk of unauthorized access if the service account is compromised.
Impact#
If a service account with excessive privileges is breached, an attacker could gain control over sensitive resources, escalate privileges, and potentially take over the entire Google Cloud project or account, leading to data loss or service disruption.
Resolution#
Limit service account access to minimal required set