Aqua CSPM

Service Account Separation

Quick Info

Plugin TitleService Account Separation
CloudGOOGLE
CategoryIAM
DescriptionEnsures that no users have both the Service Account User and Service Account Admin role.
More InfoEnsuring that no users have both roles follows separation of duties, where no user should have access to resources out of the scope of duty.
GOOGLE Linkhttps://cloud.google.com/iam/docs/overview
Recommended ActionEnsure that no service accounts have both the Service Account User and Service Account Admin role attached.

Detailed Remediation Steps