services / Google Cloud / Cloud Build

A Cloud build describes where to find source code, how to build it, and where to store built artifacts.

Code and artifacts are generally stored in other services, such as Cloud storage.


This permission allows users to run builds as the Cloud Build service account. This can allow the user to have escalated build-time privileges. Google explicitly cautions against granting this permission for that reason.



This privilege may grant access to confidential data, or its exploit can incur operational cost.


  • https:​/​/​cloud.​google.​com/​build/​docs/​iam-​roles-​permissions
  • https:​/​/​cloud.​google.​com/​build/​docs/​overview#​how_​builds_​work
  • https:​/​/​cloud.​google.​com/​build/​docs/​cloud-​build-​service-​account#​default_​permissions_​of_​service_​account
  • https:​/​/​cloud.​google.​com/​build/​docs/​api/​reference/​rest/​v1/​projects.​builds#​Build
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog