- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-25-2025 06:36 AM
Following the principle of least privilege, which GCP out-of-the-box roles are required to implement & run ITOM Cloud-based discovery successfully?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-25-2025 08:22 AM
As per the Servicenow Documentation (GCP Discovery), the roles in GCP required is 'Viewer'. As the GCO Service Accounts need to just view the Cloud resources. This should be the least privilege. Here is the exact extract from the documentation mentioned above:
Verify user role settings
Set the user permission for the Google Cloud Platform member to Viewer:
- In the Google Cloud Platform console, navigate to IAM.
- Select the relevant member from the list and click the Edit icon.
- In the Edit permissions window, select Viewer from the Role list.
- Click Save.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-25-2025 07:58 AM
@Stefan Coetzer Discovering GCP should require same roles as any other Cloud based Discovery. Roles enough to create a Service Account, Credentials, Mid-server Roles and Cloud specific class pattern running roles. Go through, this page for complete understanding of roles required.
In GCP, the Servicenow-user used to request API data needs at least 'Viewer' role.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-25-2025 08:14 AM
Sorry, I am specifically referring to roles in GCP assigned to GCP Service Accounts to provide ITOM Discovery with access to all cloud resources.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-25-2025 08:22 AM
As per the Servicenow Documentation (GCP Discovery), the roles in GCP required is 'Viewer'. As the GCO Service Accounts need to just view the Cloud resources. This should be the least privilege. Here is the exact extract from the documentation mentioned above:
Verify user role settings
Set the user permission for the Google Cloud Platform member to Viewer:
- In the Google Cloud Platform console, navigate to IAM.
- Select the relevant member from the list and click the Edit icon.
- In the Edit permissions window, select Viewer from the Role list.
- Click Save.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-25-2025 09:13 AM
That's it! I thought it might be Viewer, but wasn't sure. Thanks!
