Skip to content

Commit fdc2680

Browse files
anguillanneufbusunkim96
authored andcommitted
doc: clarify which SA has Token Creator role (#330)
1 parent 06e5469 commit fdc2680

1 file changed

Lines changed: 3 additions & 3 deletions

File tree

packages/google-auth/docs/user-guide.rst

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -209,8 +209,8 @@ Impersonated credentials
209209
++++++++++++++++++++++++
210210

211211
Impersonated Credentials allows one set of credentials issued to a user or service account
212-
to impersonate another. The target service account must grant the source credential
213-
the "Service Account Token Creator" IAM role::
212+
to impersonate another. The source credentials must be granted
213+
the "Service Account Token Creator" IAM role. ::
214214

215215
from google.auth import impersonated_credentials
216216

@@ -232,7 +232,7 @@ the "Service Account Token Creator" IAM role::
232232

233233
In the example above `source_credentials` does not have direct access to list buckets
234234
in the target project. Using `ImpersonatedCredentials` will allow the source_credentials
235-
to assume the identity of a target_principal that does have access
235+
to assume the identity of a target_principal that does have access.
236236

237237
Making authenticated requests
238238
-----------------------------

0 commit comments

Comments
 (0)