We use two service account permission templates for the service accounts we use to work with cloud storage in GCP, storage-admin and storage-viewer. These templates should be reviewed to ensure we only allow access to permissions required, especially the admin which can be overly permissive.
Acceptance Criteria
In Our cas storage Google cloud project:
[ ] Audit the Storage Viewer role template and make changes where needed
[ ] Audit the Storage Admin role template and make changes where needed (creating a new one if required)
We use two service account permission templates for the service accounts we use to work with cloud storage in GCP,
storage-adminandstorage-viewer. These templates should be reviewed to ensure we only allow access to permissions required, especially the admin which can be overly permissive.Acceptance Criteria
In Our cas storage Google cloud project:
Storage Viewerrole template and make changes where neededStorage Adminrole template and make changes where needed (creating a new one if required)