Granular Permissions for Service Account in GCP Instead of Basic Viewer Role

[gentle-git]

Context:
I'm currently working with Scout Suite for auditing and benchmarking our cloud infrastructure on Google Cloud Platform (GCP). The tool requires a service account with certain permissions. Typically, this would involve assigning the Viewer role at the organization level. However, due to security policies, I cannot grant such broad access.

Question:
I need to granulate the individual roles and permissions that can be used to replace the Viewer role. Specifically, I want to know which permissions and roles are necessary for the service account to function correctly with Scout Suite, without using the basic Viewer role.

Details:

• Service Account Usage: The service account will be used by Scout Suite for auditing purposes.
• Required Access: The service account needs read-only access to various resources across the organization.
• Constraints: Cannot use the basic Viewer role due to security policies.

Request:
Could anyone provide a detailed list of the granular permissions and roles that would collectively provide the same level of access as the Viewer role that will get the job done for auditing GCP? Any guidance on how to structure these permissions effectively would be greatly appreciated, Or any Idea of how can I get this information myself.

Thank you in advance for your help!