GCP IAM has a really handy feature that helps you identify excess permissions for the roles granted to an IAM user. I assume this works by analyzing API calls and activity b
