GoogleCloud - Cross-project access to Cloud Asset API

Hey Folks
In our environment, I have two projects: Project A and Project B. I enabled a service, let’s say the Cloud Asset API, in Project A. Subsequently, I created a service account with organization-level permissions.
Surprisingly, I found that I was able to access the Cloud Asset API in Project B without explicitly enabling the API in that project. How is this possible?

sometimes this depends on whether you have what’s typically called user_project_override set, I think?

Maybe permissions set at org level are inherited