get_default_role - Linux
Overview
get_default_role is a command used to manage default roles for service accounts in Google Cloud Platform (GCP). It retrieves the default role assigned to a service account. This role determines the permissions that the service account inherits when it is used to authenticate to GCP APIs.
Syntax
get_default_role [OPTIONS] SERVICE_ACCOUNT_EMAIL
Options/Flags
| Option | Description | Default |
|—|—|—|
| --project=PROJECT_ID
| GCP project ID or project number of the service account. | Current project |
| --format=FORMAT
| Output format: json
or text
. | text
|
| --help
| Print help information. | |
Examples
Retrieve the default role for a service account:
get_default_role account@my-project.iam.gserviceaccount.com
Output (in text format):
roles/owner
Retrieve the default role in JSON format:
get_default_role --format=json account@my-project.iam.gserviceaccount.com
Output:
{
"defaultRole": "roles/owner"
}
Common Issues
- Ensure that the specified service account exists and has been granted the
roles/iam.serviceAccountUser
role. - Verify that you have the
iam.serviceAccounts.actAs
permission to impersonate the service account.
Integration
get_default_role can be used in conjunction with other commands to manage service accounts and their permissions. For example:
- Use get_iam_policy to retrieve the IAM policy for a service account and modify its roles.
- Use set_default_role to set the default role for a service account.
- Use create_service_account to create a new service account and assign it a default role.