Quota Issues

List requests for Data Transfer Service quota

• Issue: GCP account has reached the rate limit on API requests of type List for Data Transfer Service.
• Symptom: Error message is generated when the rate limit for the number of requests is reached.
• Solution: In the GCP Console, increase the limit. For more information refer to GCP Quotas documentation.

Organizational Policies

Secret creation not allowed

• Issue: In order to perform CloudSQL classification, Prisma Cloud DSPM needs to create a secret (key) within GCP. A resource location policy has prevented the creation of the secret..
• Symptom: Error message is generated when failing to create a secret.
• Solution: In the GCP Console, update the policy. For more information refer to GCP Restricting Resource Locations.

IAM Misconfiguration

Failure to impersonate Service Account

• Issue: Prisma Cloud DSPM uses a set of service accounts and permissions to perform data discovery and classification. We have encountered an issue utilizing those service accounts and permissions.
• Symptom: Error message is generated when attempting to impersonate Service Account.
• Solution: Validate the following:
  • The service account presented in the issue details exists in the project.
  • Access between the above service account and the Scanner Service Account is configured correctly. See more information in Manage access to service accounts.
  • The above service account has all the permissions listed as the required permissions for Prisma Cloud DSPM..

Asset List is not allowed

• Issue: Prisma Cloud DSPM uses a set of roles and permissions to perform data discovery and classification. We have encountered an issue utilizing those roles and permissions.
• Symptom: Error message is generated when attempting to perform the List operation on a GCP asset.
• Solution: Validate that the service account has all the permissions listed as the required permissions for Prisma Cloud DSPM.