This detection rule targets Google Cloud Platform (GCP) accounts that possess high-risk roles across projects, highlighting the potential for compromised accounts to perform lateral movement or privilege escalation. Key roles monitored include 'roles/owner', 'roles/editor', and various service account-related roles such as 'roles/iam.serviceAccountUser'. The search query utilizes the `google_gcp_pubsub_message` logs to filter for specific role assignments and presents the results in a structured table format. The rule is critical for identifying accounts that, due to their elevated privileges, may pose a significant security risk to the organization if compromised. Although the implementation requires the Splunk GCP add-on, organizations are encouraged to minimize the number of accounts with high-risk roles to reduce potential attack vectors.