I have admin access to a Security Command centre and a read-only access to a project. When I execute the following command, gcloud scc findings list projects/<project name>, I get the following error
ERROR: (gcloud.scc.findings.list) PERMISSION_DENIED: Caller does not have required permission to use project <>.
Grant the caller the roles/serviceusage.serviceUsageConsumer role, or a custom role with the serviceusage.services.use permission,
by visiting https://console.developers.google.com/iam-admin/iam/project?project=itsec-poc and then retry.
Propagation of the new permission may take a few minutes.
- '@type': type.googleapis.com/google.rpc.
Help links:
- description: Google developer console IAM admin url: https://console.developers.google.com/iam-admin/iam/project?project=itsec-poc
- '@type': type.googleapis.com/google.rpc.ErrorInfo domain: googleapis.com metadata: consumer: projects/ <project Name> service: securitycenter.googleapis.com reason: USER_PROJECT_DENIED
$ gcloud scc findings list projects/<project name>
From the error, it means a read-only access to a project isn't enough to run the command you're attempting to execute.
It's saying you need the role, roles/serviceusage.serviceUsageConsumer.
Only the admin of the project can assign roles to your user