0

I am out of ideas. After following "https://serverfault.com/questions/837470/unable-to-access-organisationss-iam-settings-in-google-cloud" and several other suggestions, nothing seems to work. I am simply unable to delete these projects and adding myself as roles/resourcemanager.projectCreator doesn't work.

I have three project IDs which I am trying to delete. For this I go to

https://console.cloud.google.com/home/dashboard?project={PROJECT_ID}&cloudshell=true

and run

$ gcloud projects add-iam-policy-binding {PROJECT_ID} \
      --member="user:{MY_EMAIL}" \
      --role="roles/resourcemanager.projectCreator"

but all I am getting is:

ERROR: (gcloud.projects.add-iam-policy-binding) User [{MY_EMAIL}] does not have permission to access projects instance [{PROJECT_ID}:getIamPolicy] (or it may not exist): The caller does not have permission

Deleting it directly it not working of course:

$ gcloud projects delete you-can-see-this-project
Your project will be deleted.

Do you want to continue (Y/n)?  y

ERROR: (gcloud.projects.delete) User [{MY_EMAIL}] does not have permission to access projects instance [{PROJECT_ID}] (or it may not exist): The caller does not have permission

Using the Web-UI will just tell me that I have insufficient permissions to even view the IAM page:

enter image description here

Stefan Falk
  • 121
  • 5
  • If you do not own those projects, you cannot delete them. You do not even have permission to view the IAM policy. Are these projects yours or are they something that shows up when you list projects? There are shared projects that you can access but not manage. Edit your question with more context about these projects. – John Hanley Feb 25 '22 at 22:13
  • @JohnHanley This is my own GCP account and anything under it should be mine. Tbh: This account is pretty old and I actually don't even know where these projects are coming from. I only found them "accidentally" after clicking on the ALL tab under my projects. There is no more context. They are there, they do nothing and I am unable to delete them. – Stefan Falk Feb 25 '22 at 22:15
  • Since you do not have the IAM permissions to even read the project policy, you will need to contact Google Cloud support. If you were the project owner, you would be able to view the policy. Note: I repeat, being able to see a project does not mean the project is yours. – John Hanley Feb 25 '22 at 22:19
  • @JohnHanley But why do I see them? Here's the funny thing: One project ID is literally `you-can-see-this-project` and I do not recall creating it - the other two projects have generic IDs. – Stefan Falk Feb 25 '22 at 22:20
  • There are **shared** projects published by Google. There are projects that you can join. However, since you cannot read the project's IAM policy on Google can help you. You might have created a project using a different identity, granted your current identity some form of access and you forgot about that. – John Hanley Feb 25 '22 at 22:23
  • Hm, I can't imagine how that could've happened tbh. Not saying it's impossible but I just don't recall dong anything that you described. I guess I'll have to contact support on this one. Maybe they can help. – Stefan Falk Feb 25 '22 at 22:31
  • @JohnHanley That was quick. Support told me that what I see is true but they can't tell me any information on those projects (since I do not own them). Well, they told me that they should be gone within 30 days after they were disabled - this part doesn't really help me though. They _could_ be old projects I created on Firebase - that's now the only explanation I have but they should be older than 30 days by now and therefore be gone. Still no idea what's going on there but I'll just give it some time I guess. – Stefan Falk Feb 25 '22 at 22:47
  • One item I forgot to mention. Check your Google Payments account(s) and Google Cloud Billing accounts. You might find more information there. The key is to keep notes of the accounts and projects that you create or manage. Treat them like bank accounts or credit cards. – John Hanley Feb 25 '22 at 23:28

0 Answers0