From 3132bbf45afc3b1de4b52805e3aa2e170c7258cb Mon Sep 17 00:00:00 2001
From: stdoutput <moritz.sanft@outlook.de>
Date: Fri, 17 Mar 2023 10:35:57 +0100
Subject: [PATCH] add minimal gcp permissions

---
 docs/docs/workflows/config.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/docs/docs/workflows/config.md b/docs/docs/workflows/config.md
index 36e88696f..79e87eb2d 100644
--- a/docs/docs/workflows/config.md
+++ b/docs/docs/workflows/config.md
@@ -115,7 +115,15 @@ Since `clientSecretValue` is a sensitive value, you can leave it empty in the co
 You must be authenticated with the [GCP CLI](https://cloud.google.com/sdk/gcloud) in the shell session.
 
 Your GCP account also needs to have at least the following permissions:
+* `iam.serviceAccountKeys.create`
+* `iam.serviceAccountKeys.delete`
+* `iam.serviceAccountKeys.get`
 * `iam.serviceAccounts.create`
+* `iam.serviceAccounts.delete`
+* `iam.serviceAccounts.get`
+* `iam.serviceAccounts.getAccessToken`
+* `resourcemanager.projects.getIamPolicy`
+* `resourcemanager.projects.setIamPolicy`
 
 ```bash
 constellation iam create gcp --projectID=yourproject-12345 --zone=europe-west2-a --serviceAccountID=constell-test