Skip to content

Commit 03359e9

Browse files
haresh-sureshharesh-suresh
authored
SSPROD-48773: set right organizational level roles for CIEM (#47)
1 parent 0cc5797 commit 03359e9

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

modules/config-posture/organizational.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ data "google_organization" "org" {
1616
#---------------------------------------------------------------------------------------------
1717
resource "google_organization_iam_member" "cspm" {
1818
# adding ciem role with permissions to the service account alongside cspm roles
19-
for_each = var.is_organizational ? toset(["roles/cloudasset.viewer", "roles/iam.workloadIdentityUser", "roles/logging.viewer", "roles/cloudfunctions.viewer", "roles/cloudbuild.builds.viewer", "roles/orgpolicy.policyViewer", "roles/recommender.viewer", "roles/iam.serviceAccountViewer", "roles/iam.roleViewer", "roles/container.clusterViewer", "roles/compute.viewer"]) : []
19+
for_each = var.is_organizational ? toset(["roles/cloudasset.viewer", "roles/iam.workloadIdentityUser", "roles/logging.viewer", "roles/cloudfunctions.viewer", "roles/cloudbuild.builds.viewer", "roles/orgpolicy.policyViewer", "roles/recommender.viewer", "roles/iam.serviceAccountViewer", "roles/iam.organizationRoleViewer", "roles/container.clusterViewer", "roles/compute.viewer"]) : []
2020

2121
org_id = data.google_organization.org[0].org_id
2222
role = each.key

0 commit comments

Comments
 (0)