Skip to main content

Hierarchical Support for Service Accounts

Last updated: 08 Sept 2025
Feature Availability

This feature is behind the PL_ENABLE_SERVICE_ACCOUNT_HIERARCHY feature flag. Contact Harness Support to enable it.

Service accounts can be created at a higher scope and inherited by lower scopes with the necessary permissions, eliminating the need to create separate accounts for each organization or project.

The following example shows how to use an account-level service account in a project. You can apply the same process to use account-level service accounts in organizations.

note

When a service account is inherited from the account scope to a project scope, the system automatically assigns the Organization Viewer role to that service account for the organization containing the project. The role assignment is also recorded in the Audit Logs.

If this role assignment is removed, the service account may lose access to the Organization.

Benefits

  • Centralized Service Account Management: Reduces the need to create and manage multiple service accounts for each project.

  • Simplified Permissions: Easily manage permissions at the project level by assigning roles to service accounts created at the account or organization level.

  • Seamless Pipeline Execution: One or more service accounts can be given the necessary permissions, if required, to execute pipelines from multiple projects.

Additional Resources

For more information on how to manage service accounts, create roles, and assign permissions in Harness, refer to the following documentation on Harness Developer Hub: