services / Google Cloud / Identity Aware Proxy tunnel destination groups resource type.
Refers to a particular group of VMs in you project. VMs are collected in a list of either CIDRs or FQDNs.
IAP is used to control access to cloud services. Changes to IAP related settings could remove access from mission-critical applications or grant an attacker access to sensitive resources.
iap.tunnelDestGroups.setIamPolicy
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog