diff --git a/modules/ccs-gcp-provisioned.adoc b/modules/ccs-gcp-provisioned.adoc
index 21d5ecc2ecde..a1adf6c2eb5c 100644
--- a/modules/ccs-gcp-provisioned.adoc
+++ b/modules/ccs-gcp-provisioned.adoc
@@ -60,21 +60,22 @@ The following services must be enabled on a GCP CCS cluster:
 * `orgpolicy`
 * `networksecurity`
 
-[id="gcp-policy-permissions_{context}"]
-== Permissions
-
-The following roles must be added to the support service account:
-
-* `compute.admin`
-* `dns.admin`
-* `orgpolicy.policyViewer`
-* `servicemanagement.admin`
-* `serviceusage.serviceUsageAdmin`
-* `storage.admin`
-* `compute.loadBalancerAdmin`
-* `viewer`
-* `iam.roleAdmin`
-* `iam.securityAdmin`
-* `iam.serviceAccountKeyAdmin`
-* `iam.serviceAccountAdmin`
-* `iam.serviceAccountUser`
\ No newline at end of file
+//Commenting this section out for now. Once Workload Identity feature is implemented, this may need to be conditionalized for that, but does not apply to service account key authorization method.
+// [id="gcp-policy-permissions_{context}"]
+// == Permissions
+
+// The following roles must be added to the support service account:
+
+// * `compute.admin`
+// * `dns.admin`
+// * `orgpolicy.policyViewer`
+// * `servicemanagement.admin`
+// * `serviceusage.serviceUsageAdmin`
+// * `storage.admin`
+// * `compute.loadBalancerAdmin`
+// * `viewer`
+// * `iam.roleAdmin`
+// * `iam.securityAdmin`
+// * `iam.serviceAccountKeyAdmin`
+// * `iam.serviceAccountAdmin`
+// * `iam.serviceAccountUser`
\ No newline at end of file