Remediation

From Google Cloud Console

Navigate to IAM & Admin - IAM: https://console.cloud.google.com/iam-admin/iam
Identify any principals (users, groups, or service accounts) assigned the Redis roles (roles/redis.admin, roles/redis.editor, roles/redis.viewer) at the organization level.
Click the Delete Bin icon to remove the role from the principal.
Assign Redis roles scoped only to the projects where Redis instances exist and management is required.

Note: Changes should be guided by business requirements to ensure principals retain necessary permissions.

From gcloud CLI

Remove the organization-level Redis role from the principal:

gcloud organizations remove-iam-policy-binding {{organization-id}} \
    --member="{{principal-type}}:{{principal-email}}" \
    --role="{{roles/redis.admin}}"

Assign a project-scoped Redis role appropriate for the principal’s responsibilities:

gcloud projects add-iam-policy-binding {{project-id}} \
    --member="{{principal-type}}:{{principal-email}}" \
    --role="{{roles/redis.admin}}"

Note: Replace {{principal-type}} with user, group, or serviceAccount as appropriate. Repeat for other Redis roles as needed.

From Google Cloud Console​

From gcloud CLI​

From Google Cloud Console

From gcloud CLI