To list the roles associated with a Google Cloud Platform (GCP) service account, you can use the
gcloud command-line tool or the Google Cloud Console.
Method 1: Using the gcloud command-line tool
Ensure you have the Google Cloud SDK installed and configured on your local machine. You can find the installation instructions here: https://cloud.google.com/sdk/docs/install.
Step 1: Replace your project id
First, set the GCP project you want to work with. Then, replace your_project_id with the appropriate project ID.
gcloud config set project your_project_id
Step 2: List the IAM policy bindings for the project
gcloud projects get-iam-policy your_project_id --format=json > iam_policy.json
This command saves the IAM policy bindings for the project in a file named iam_policy.json.
You can also use the below command to get the specific output per your requirement.
gcloud projects get-iam-policy <YOUR GCLOUD PROJECT> \ --flatten="bindings.members" \ --format='table(bindings.role)' \ --filter="bindings.members:<YOUR SERVICE ACCOUNT>"
Gives the following output.
ROLE roles/cloudtrace.agent roles/servicemanagement.serviceController roles/viewer
Step 3: Open the iam_policy.json file
Open the iam_policy.json file and look for the service account email you are interested in. The roles associated with the service account will be listed under the role field for each binding.
Method 2: Using the Google Cloud Console
- Go to the Google Cloud Console: https://console.cloud.google.com/
- Sign in with your Google account if you haven’t already.
- In the top-right corner of the page, click on the project dropdown menu to select the project you want to work with.
- Click on the navigation menu icon (three horizontal lines) in the page’s top-left corner.
- Scroll down to the “IAM & Admin” section and click “IAM.”
- On the IAM page, you will see a list of members and their associated roles. Look for the service account email you are interested in, and you’ll see the roles listed under the “Role” column.
Following these steps, you can list the roles associated with a GCP service account using the gcloud command-line tool or the Google Cloud Console.
Amit Doshi is a Cloud Engineer who has experienced more than 5 years in AWS, Azure, and Google Cloud. He is an IT professional responsible for designing, implementing, managing, and maintaining cloud computing infrastructure, applications, and services.