Assigned
Status Update
No update yet.
Comments
ka...@google.com
on...@google.com
Hello,
Thank you for reaching out. I'm going to create an internal feature request. Please keep in mind that this feature request has to be analyzed and considered by the product team and I can't provide you ETA for it to be delivered. However, you can keep track of the status by following this thread.
Description
This will create a public feature request which anybody can view and comment on.
Please provide as much information as possible. At least, this should include a description of your issue and steps to reproduce it. If possible please provide a summary of what steps or workarounds you have already tried, and any docs or articles you found (un)helpful.
Current behaviour you have encountered:
Returned message: ERROR: (gcloud.projects.get-ancestors-iam-policy) User is not permitted to access IAM policy for one or more of the ancestors.
What you expected to happen:
Return the bindings for whatever the ancestor bindings the user has permissions to, instead of providing no info.
Steps to reproduce:
1)When your account does not have the getIamPolicy permissions in the project and in every parent resource up to the organization[1], otherwise all works as expected. 2)Run the following command on a GCP CLI: get-ancestors-iam-policy[2]
Other information (workarounds you have tried, documentation consulted, etc): References:
[1]https://cloud.google.com/iam/docs/resource-hierarchy-access-control#expandable-1
[2]https://cloud.google.com/sdk/gcloud/reference/projects/get-ancestors-iam-policy