GCP - IAM Post Exploitation
IAM
You can find further information about IAM in:
pageGCP - IAM, Principals & Org Policies EnumGranting access to management console
Access to the GCP management console is provided to user accounts, not service accounts. To log in to the web interface, you can grant access to a Google account that you control. This can be a generic "@gmail.com" account, it does not have to be a member of the target organization.
To grant the primitive role of Owner to a generic "@gmail.com" account, though, you'll need to use the web console. gcloud
will error out if you try to grant it a permission above Editor.
You can use the following command to grant a user the primitive role of Editor to your existing project:
If you succeeded here, try accessing the web interface and exploring from there.
This is the highest level you can assign using the gcloud tool.
Last updated