This plugin currently recommends granting the Cloud Datastore Owner role to the IAM role attached to the NXRM deployment. This role "Grants full control of buckets and objects".
This issue seeks to reduce the recommended IAM role down to the minimal privileges required. List all SDK methods used, identify the specific set of permissions, and potentially make code changes to limit permissions needed.
nblair
commented
4 years ago
This plugin currently recommends granting the Cloud Datastore Owner role to the IAM role attached to the NXRM deployment. This role "Grants full control of buckets and objects".
This issue seeks to reduce the recommended IAM role down to the minimal privileges required. List all SDK methods used, identify the specific set of permissions, and potentially make code changes to limit permissions needed.