> For the complete documentation index, see [llms.txt](https://docs.sprinto.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.sprinto.com/monitors/authentication-and-access-monitors/how-to-resolve-sprinto-check-to-ensure-no-service-account-on-gcp-account-is-assigned-with-administra.md). # How to resolve Sprinto check to ensure no service account on GCP account is assigned with administrator roles ### About Sprinto check: GCP service account should not have admin privilege access The above-mentioned Sprinto check in Sprinto verifies that the service accounts on the Google Cloud Platform (GCP) you integrated into your Sprinto account do not have administrative privileges, following the principle of least privilege. ### Purpose The purpose of this check is to enforce the principle of least privilege for service accounts. Service accounts are special types of accounts used by applications or services to access GCP resources. Granting unnecessary administrative privileges to service accounts increases the risk of unauthorized access or misuse of resources. By restricting service accounts to only the necessary permissions, you can reduce a security breach's attack surface and potential impact. ### How to fix this check Follow the below steps to resolve the check: #### Before you begin * Ensure you have administrator privileges on the GCP account where you want to make configuration changes. #### Updating via GCP Console 1. Log in to the [GCP Console](https://www.google.com/aclk?sa=l\&ai=DChcSEwiv-YGA4ZyGAxVgomYCHYO3CQoYABAAGgJzbQ\&ase=2\&gclid=Cj0KCQjw6auyBhDzARIsALIo6v9P6JkiZue7vN-VCMcPKAQbE8OAK0pmFUy9CR6RE_GQ_Q9u8MtzeAIaAkj4EALw_wcB\&sig=AOD64_1Bj5M7HCKvOrviBNcpDT6C9nwO_A\&q\&nis=4\&adurl\&ved=2ahUKEwiY8_v_4JyGAxV0zDgGHT0ICUEQ0Qx6BAgGEAE) using your credentials. 2. Navigate to the IAM & Admin service. 3. From the Permission for Project section, review the users from your GCP account. You can view by principle or by roles.

4. Review the service accounts and ensure they are not assigned administrator roles like Owner, Editor, Admin, etc. 5. If you find any service account with an administrator role, select the service account and click on the modify icon from the right-hand side.

6. Delete the admin role, and click **Save** to apply the changes. Ensure no admin role remains assigned to the selected service account.

7. Repeat the above steps and ensure all service accounts are not assigned to the administrator roles. Sprinto will detect the configuration change and set the check status to "Passing." Contact [Sprinto support](mailto:www.support@sprinto.com) if you have any queries related to the check or need assistance. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sprinto.com/monitors/authentication-and-access-monitors/how-to-resolve-sprinto-check-to-ensure-no-service-account-on-gcp-account-is-assigned-with-administra.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.