Add a disclaimer to organization policies to specify the scope of each policy [347222924]

Assigned

Feature Request

Status Update

No update yet.

Description

pr...@google.com

created issue #1

Jun 14, 2024 01:04PM

What you would like to accomplish:

I would like to request if it would be possible to add a disclaimer about the scope of each policy in the current documentation that presents all the organization policies.

Currently, the “iam.disableCrossProjectServiceAccountUsage” is a special Org Policy that is only visible & settable on the project level to prevent abuse. It is by default enforced everywhere

How this might work:

The best would be to add a disclaimer in each policy to know the scope that the policy could be applied (Organization, Folder, Project)

Other information (workarounds you have tried, documentation consulted, etc):

- Also, the constraint Disable Cross-Project Service Account Usage is always enforced as per [1]
- Found that the list of enforced default policies that are enforced per default to every resource of the organization can be found at [2].

[1]

https://cloud.google.com/iam/docs/attach-service-accounts#enabling-cross-project
[2]

https://cloud.google.com/resource-manager/docs/secure-by-default-organizations#organization_policies_enforced_on_organization_resources

Comments

ka...@google.com <ka...@google.com> #2Jun 16, 2024 04:16AM

Reassigned to gc...@google.com.

Thanks for the report. I will route this to the appropriate internal team and update this when I hear back from them.

Issue 347222924

Description

Issue summary

Comments

ka...@google.com <ka...@google.com> #2Jun 16, 2024 04:16AM

Add comment

Issue metadata