[[["容易理解","easyToUnderstand","thumb-up"],["確實解決了我的問題","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["缺少我需要的資訊","missingTheInformationINeed","thumb-down"],["過於複雜/步驟過多","tooComplicatedTooManySteps","thumb-down"],["過時","outOfDate","thumb-down"],["翻譯問題","translationIssue","thumb-down"],["示例/程式碼問題","samplesCodeIssue","thumb-down"],["其他","otherDown","thumb-down"]],["上次更新時間:2025-08-19 (世界標準時間)。"],[[["User-managed service accounts can be attached to certain Google Cloud resources, such as Compute Engine, App Engine, and Cloud Run, allowing application code to use that service account's identity."],["Attaching a user-managed service account is the recommended method for providing credentials to Application Default Credentials (ADC) for production code, rather than using the default service account, which often has overly broad privileges."],["To set up authentication, a user-managed service account needs to be created using the `gcloud iam service-accounts create` command."],["Roles must be granted to the service account to manage access to resources, using the `gcloud projects add-iam-policy-binding` command, ensuring the use of specific predefined or custom roles rather than overly broad roles like Owner, Editor, or Viewer."],["The principal attaching the service account to other resources needs the `roles/iam.serviceAccountUser` role, which is provided using the `gcloud iam service-accounts add-iam-policy-binding` command."]]],[]]