Using the GCP LPA feature for InsightCloudSec

Assuming you have properly configured a GCP Project or Organization and are harvesting Recommendation Findings, you should be able to access GCP LPA findings as follows:

From the “Inventory → Resources” page on your InsightCloudSec platform.

Navigate to the "Identity & Management" tab. The principal activity view can only be accessed on the Cloud User and Cloud Role resources.

Once you've selected the desired resource, click the vertical three dots to open the context menu, then select "Principal Activity". This opens a side pane listing all of the actions taken by the selected user or role.

Principal Activity

Principal Activity

Principal Activity Details

The Principal Activity pane contains permissions that have been used within the last 90 days. This provides useful information to support remediation of risk but should be used in conjunction with additional context of the Principal being assessed. Note: This data is based on a calculation using GCP Recommendations and doesn’t provide a full assessment of the Principals' activity.


  • Use the search field to narrow the scope of used permissions.
  • Point your mouse to the bar graph to see the number of used, unused, and un-assessed permissions.
  • Click the "Download" icon to download the Detailed Permission Usage (JSON) file.


  • Click the "+" to review details about the remediation/recommendation.
  • If you have the appropriate permissions, click "Apply Recommendation" to apply a given recommendation.


Considerations Before Editing

Prior to making changes to a policy based on this information, we recommend the following:

  • Have the information assessed by a qualified reviewer with knowledge of your specific infrastructure and implementation to avoid unwanted impacts (e.g., loss of required permission)
  • Ensure that you have an existing process to revert or remediate issues prior to making changes

Detailed Permission Usage (JSON)

The Detailed Permission Usage JSON file includes the following information for the given principal:

  • The permission name
  • The status of the permission (used or unused)

Note: If you want to programmatically collect this information, review the List Principal Activity and List Principal Permissions endpoints.