I tried but could not figure out that how to find out who added a user or modified IAM roles of a specific user in GCP.
is anyone aware of any method?
I tried but could not figure out that how to find out who added a user or modified IAM roles of a specific user in GCP.
is anyone aware of any method?
You can see this information through Logs Viewer please check the following URL for Logs Viewer query interfaces where you can find more information
And for this specific event you can use the following query to search it in your project:
protoPayload.authorizationInfo.permission="resourcemanager.projects.setIamPolicy"
protoPayload.response.bindings.members="user:emailuser@gmail.com"
Change the emailuser@gmail.com for the user you are looking for.
And you will see something like:
On View Options you can click on Expand All for more information:
Also you can see those events on the Activity tab
I hope this information would be useful to you