GCP Access Management
Access to your GCP environment is done by using a service account spotter@cloud2-core-spotter.iam.gserviceaccount.com
Configure Organisation Access
Grant the above service account to your organisation account with the following roles
CODEroles/securitycenter.adminViewer roles/recommender.viewer
Configure Billing Data Access
If you have multiple billing projects or datasets, you need to repeat these steps for each
Grant the above service account to your billing project with the following role
CODEroles/bigquery.jobUser
Grant the above service account to your billing data table with the following role
CODEroles/bigquery.dataViewer