Skip to content

Get IAM policy for project

Platform Author Last Update
gcp Richard Slaney 2023-07-01

A user can request to see what members are associated with a project and what roles they have, to identify entities that they might wish to gain access to or backdoor.


Required Permissions

  • resourcemanager.projects.getIamPolicy

Required Parameters

Name Type Description Example Value
project_id str ID of the project to list entities from phrasal-crowbar-284615

Attacker Action

gcloud iam service-accounts list

Detection Case

ELK query

When logs are ingested into ELK, the following Lucene query can be used to identify relevant events.

eventName:ListUsers AND eventSource:*  

Sigma Definition