Hi everyone,
This question came up for me this morning with our Security Operations team. The context is GCP, but Groups transcend Workspace so I came over here to ask for opinions as well.
SecOps gave me an example of an existing group with a bunch of service account members. When I inspected the GCP role assignments of these members I noticed they were almost the same; a couple service account had different roles. To me a group is a collection of things meant to be managed in the same way.
At a minimum, my view is that groups should be homogeneous: all user accounts or all service accounts. Moreover I can be easily convinced service accounts ought to be banned from groups altogether in a cloud application environment despite Google’s allowing it: https://workspaceupdates.googleblog.com/2020/08/service-accounts-in-google-groups-beta.html
What’s your take?