Google Cloud owner role

I’m trying to setup a keyfile that has the credentials to authenticate for google cloud platform. I see the steps to create the credentials file in

What I’m confused is that the key expects to have a owner role. I believe this is a very bad practice to assign a service account key a role of an owner. Is this intended or can we assign a list of lower level roles to accomplish the same.

I know the frameworks expects to have the following APIs enabled. So can i provide access to these resources only?

  • Google Cloud Functions
  • Google Cloud Deployment Manager
  • Google Cloud Storage
  • Stackdriver Logging