Google Cloud DNS - how to restrict permission just to one zone for acme challenge?

Question

is there a way to have Google Cloud IAM Service account restricted to only one zone in Coud DNS? I want to use this for automatic ACME DNS-01 certificate issuing, but I do n