[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-03-26。"],[[["User-managed service accounts can be attached to certain Google Cloud resources, such as Compute Engine, App Engine, and Cloud Run, allowing application code to use that service account's identity."],["Attaching a user-managed service account is the recommended method for providing credentials to Application Default Credentials (ADC) for production code, rather than using the default service account, which often has overly broad privileges."],["To set up authentication, a user-managed service account needs to be created using the `gcloud iam service-accounts create` command."],["Roles must be granted to the service account to manage access to resources, using the `gcloud projects add-iam-policy-binding` command, ensuring the use of specific predefined or custom roles rather than overly broad roles like Owner, Editor, or Viewer."],["The principal attaching the service account to other resources needs the `roles/iam.serviceAccountUser` role, which is provided using the `gcloud iam service-accounts add-iam-policy-binding` command."]]],[]]
