Hey Folks
In our environment, I have two projects: Project A and Project B. I enabled a service, let’s say the Cloud Asset API, in Project A. Subsequently, I created a service account with organization-level permissions.
Surprisingly, I found that I was able to access the Cloud Asset API in Project B without explicitly enabling the API in that project. How is this possible?
sometimes this depends on whether you have what’s typically called user_project_override
set, I think?
Maybe permissions set at org level are inherited