{"id":"iam-service-account-user-privilege-escalation","text":"The Service Account User role (roles/iam.serviceAccountUser) is a privilege escalation vector — anyone with this role inherits the service account's full access.","truth_value":"IN","source":"entries/2026/03/10/iam-best-practices.md","source_url":"","source_hash":"873909ac976c6f0a","justifications":[],"dependents":[],"metadata":{},"explanation":{"steps":[{"node":"iam-service-account-user-privilege-escalation","truth_value":"IN","reason":"premise"}]}}