alt Hacker NewsThe google docs they point to say
> You can access data from your users' Google Cloud projects by creating a service account to represent your service, and then having your customers grant that service account appropriate access to their cloud data using IAM policies. Note that you might want to create a service account per customer if you need to avoid confused deputy problems.
If you look at most SaaS services, they rarely use a service account per customer. IMO it's no different than any part of your own services where you need to handle multiple customers. Creating multiple service accounts is just overhead.
The text you quoted explains why you wouldn’t want to create a single service account for all customers. It’s a security decision, which yes adds overhead.