Johannes Passing
Johannes Passing
Sorry for the delayed response. > when the same condition is set for more than one group on a given scope, but with different description, only the first found group's...
I don't have any news to share on the underlying the PolicyAnalyzer API. However, the (new) `AssetInventory` catalog should be unaffected by this problem, so I think the best path...
You're right that expired IAM bindings cause some clutter. FWIW, the application does [purge expired bindings](https://github.com/GoogleCloudPlatform/jit-access/blob/5fffbac99c76f16205c69fc3b2abd6aeb6f87e4c/sources/src/main/java/com/google/solutions/jitaccess/core/adapters/ResourceManagerAdapter.java#L132) if a user requests the same role again -- so there's a limit to...
> There https://github.com/GoogleCloudPlatform/jit-access/pull/97, but I'd have to follow up what the status is. #154 will add Pub/Sub integration
Suppose you request approval for some role and pick Alice and Bob as reviewer. Alice rejects the request. Would Bob be allowed to approve anyway? The challenge with implementing a...
Great, then let's focus on the option where we send out a notification, but don't terminate the process.
I think it's an interesting idea and I'm sure there's a use case for it. What I'm unsure about is how the configuration might look like: I suppose one option...
Sorry for not replying earlier. If I understand your comment correctly, then you're suggesting two things: 1. _Project IAM Admins_ (or really, anybody with `resourcemanager.projects.setIamPolicy` permissions on a project) should...
Great. I still have to double-check whether this approach will work properly with the Policy Analyzer API, but I'd be happy to move ahead with this.
> Let's not overlook the scenario where IAM admin is done entirely via service accounts, where no users of the project have the IAM Admin role. That's a good point....