services / Google Cloud / Cloud functions

Cloud functions is a serverless computing service. Functions are triggered in response to events and the code runs in an environment fully managed by Google.


Function metadata includes the following: - labels and descriptions associated with the function - build config (docker registry/repository, source code location, build-time env variables) - service deployment config (memory info, env variables available during execution, network traffic settings: ingress for function, egress for VPC connector, secret volume and env variable configuration) - configuration for events that trigger the function (service info for the service that triggers the info, filters on event fields) - encryption key name



This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.


  • https:​/​/​cloud.​google.​com/​functions/​docs/​reference/​iam/​permissions
  • https:​/​/​cloud.​google.​com/​functions/​docs/​reference/​rest/​v2/​projects.​locations.​functions
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog