List of issues that are preventing PAM from functioning for this resource and need to be fixed to complete onboarding. Some issues might not be detected or reported.
Finding
Finding represents an issue which prevents PAM from functioning properly for this resource.
JSON representation
{// Union field finding_type can be only one of the following:"iamAccessDenied": {object (IAMAccessDenied)}// End of list of possible types for union field finding_type.}
PAM's service account is being denied access by Cloud IAM.
IAMAccessDenied
PAM's service account is being denied access by Cloud IAM. This can be fixed by granting a role that contains the missing permissions to the service account or exempting it from deny policies if they are blocking the access.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-05-07 UTC."],[[["The `CheckOnboardingStatus` method returns a response containing the service account used by PAM and a list of findings that are preventing PAM from functioning correctly."],["Findings represent issues, and the `finding_type` field indicates the specific problem, such as `iamAccessDenied`, and there can only be one finding type."],["The `iamAccessDenied` finding means that PAM's service account lacks the necessary permissions due to Cloud IAM restrictions, requiring the addition of roles or exemptions from deny policies."],["When the finding type is `iamAccessDenied`, a list of `missingPermissions` is provided, which details the specific permissions that are being denied to the PAM service account."]]],[]]
