Created
March 2, 2026 08:23
-
-
Save apinter/bcae7a967562a55e5887c8d2bf999d91 to your computer and use it in GitHub Desktop.
GCP IAM owner checker
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| USER_EMAIL=$(gcloud auth list --filter=status:ACTIVE --format="value(account)") | |
| if [ -z "$USER_EMAIL" ]; then | |
| echo "Error: No active gcloud account found. Please run 'gcloud auth login'." | |
| exit 1 | |
| fi | |
| echo "Checking IAM roles for: $USER_EMAIL" | |
| echo "==================================================" | |
| PROJECT_IDS=$(gcloud projects list --format="value(projectId)") | |
| if [ -z "$PROJECT_IDS" ]; then | |
| echo "No projects found or you do not have permission to list projects." | |
| exit 0 | |
| fi | |
| for PROJECT in $PROJECT_IDS; do | |
| echo "Project: $PROJECT" | |
| ROLES=$(gcloud projects get-iam-policy "$PROJECT" \ | |
| --flatten="bindings[].members" \ | |
| --filter="bindings.members:$USER_EMAIL" \ | |
| --format="value(bindings.role)" 2>/dev/null) | |
| if [ -z "$ROLES" ]; then | |
| echo " - No direct roles found (or insufficient permissions to view policy)" | |
| else | |
| while read -r ROLE; do | |
| echo " - $ROLE" | |
| done <<< "$ROLES" | |
| fi | |
| echo "--------------------------------------------------" | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment