Composer, Dataflow, Dataproc, Dataprep and Data Fusion all used the Compute Engine
default service account by default and relied on product-level IAM permissions
without requiring the iam.serviceAccount.actAs permission, meaning that users of
these services could elevate their privileges. Following disclosure, GCP changed
these services to require this permission.
Composer, Dataflow, Dataproc, Dataprep, Data Fusion