Chris G.
Reputation: 25934
iam.serviceAccounts.getIamPolicy is required to perform this operation on service account
From: https://cloud.google.com/iam/docs/granting-roles-to-service-accounts
running this command:
gcloud iam service-accounts get-iam-policy \
[email protected]
I get:
gcloud iam service-accounts get-iam-policy [email protected]
ERROR: (gcloud.iam.service-accounts.get-iam-policy) PERMISSION_DENIED: Permission iam.serviceAccounts.getIamPolicy is required to perform this operation on service account projects/-/serviceAccounts/[email protected]
But I do have iam.serviceAccounts.getIamPolicy permission on the current user(role Owner)?
Upvotes: 1
Views: 6458
Answers (1)
Chris G.
Reputation: 25934
The problem was with the email member(Service Account email) to the project - in IAM users.
When I deleted this (SA member) in IAM, it worked giving "etag: ACAB" as a result.
I Need to figure out what that is, but it worked. Just found this
This account, should maybe have been deleted automatically when deleting a Service Account - but what do I know :-)
Upvotes: 1
Related Questions
- GCP Managed Service Account is not created (for Cloud Asset API)
- GCP IAM: Binding role to Service Account fails
- Can't use GCP IAM API with a service account
- service account permission issue while deploying cloud function
- gcloud iam service-accounts add-iam-policy-binding ... NOT_FOUND: Unknown service account
- Unable to add iam policy binding to service account using Google deployment manager
- GCP service Account Authentication
- You need permissions for this action. Required permission(s): resourcemanager.projects.setIamPolicy
- GCP-IAM - How to grant access to all service account in organization?
- How to set service account permission from IAM api