{"id":"iam-service-account-security-requires-hardening","text":"Service accounts require active security hardening: they have dual nature (principal and resource), default accounts receive overly broad editor role, impersonation needs explicit token creator role, and they are invisible to Workspace domain-wide shares.","truth_value":"IN","source":"","source_url":"","source_hash":"","justifications":[],"dependents":[],"metadata":{},"explanation":{"steps":[{"node":"iam-service-account-security-requires-hardening","truth_value":"IN","reason":"premise"}]}}