List of issues that are preventing PAM from functioning for this resource and need to be fixed to complete onboarding. Some issues might not be detected or reported.
Finding
Finding represents an issue which prevents PAM from functioning properly for this resource.
JSON representation
{// Union field finding_type can be only one of the following:"iamAccessDenied": {object (IAMAccessDenied)}// End of list of possible types for union field finding_type.}
PAM's service account is being denied access by Cloud IAM.
IAMAccessDenied
PAM's service account is being denied access by Cloud IAM. This can be fixed by granting a role that contains the missing permissions to the service account or exempting it from deny policies if they are blocking the access.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-05-21 UTC."],[[["\u003cp\u003eThe \u003ccode\u003eCheckOnboardingStatus\u003c/code\u003e method returns a JSON response containing a service account and a list of findings.\u003c/p\u003e\n"],["\u003cp\u003eFindings represent issues preventing PAM (Privileged Access Management) from functioning correctly for a given resource, requiring remediation for successful onboarding.\u003c/p\u003e\n"],["\u003cp\u003eA finding can be of type \u003ccode\u003eIAMAccessDenied\u003c/code\u003e, indicating that PAM's service account lacks necessary permissions due to Cloud IAM restrictions.\u003c/p\u003e\n"],["\u003cp\u003eWhen \u003ccode\u003eIAMAccessDenied\u003c/code\u003e occurs, the JSON response provides a list of \u003ccode\u003emissingPermissions\u003c/code\u003e that need to be granted to the PAM service account.\u003c/p\u003e\n"]]],[],null,["# CheckOnboardingStatusResponse\n\n- [JSON representation](#SCHEMA_REPRESENTATION)\n- [Finding](#Finding)\n - [JSON representation](#Finding.SCHEMA_REPRESENTATION)\n- [IAMAccessDenied](#IAMAccessDenied)\n - [JSON representation](#IAMAccessDenied.SCHEMA_REPRESENTATION)\n\nResponse message for `CheckOnboardingStatus` method.\n\nFinding\n-------\n\nFinding represents an issue which prevents PAM from functioning properly for this resource.\n\nIAMAccessDenied\n---------------\n\nPAM's service account is being denied access by Cloud IAM. This can be fixed by granting a role that contains the missing permissions to the service account or exempting it from deny policies if they are blocking the access."]]
