3

We recently gained access to the "organisation" feature in Google Cloud. By default, everyone in our organisation had the "project creator" privilege but I decided to lock this down and restrict access to only "developers" (a group I created in G Suite). However, it seems like I selected the wrong permissions and now nobody can create new projects. What's more, the "organisation" menu has now disappeared and I am unable to change the organisation's permissions.

I'm a "Super Admin" in G Suite so I would have assumed that I would always be able to access everything in Google Cloud. However, this appears not be the case.

Is there any way I can reset the organisation's permissions? If I can regain access to the IAM settings for the organisation I'll be able to sort everything out from there.

No organisation option available

Ian
  • 135
  • 2
  • 5

1 Answers1

7

It looks like you may have removed the resourcemanager.organizationAdmin role from your super admin account. You can try these steps to set it back:

  1. Navigate to https://console.cloud.google.com and ensure your are logged in with the same account that is your GSuite super admin account.

  2. Launch the Cloud Shell by clicking on the '>_' icon next to the project name on the top right (it does not matter which project is selected).

  3. Run the following command in the Cloud Shell, substituting your organization ID and super admin account email:

    $ gcloud organizations add-iam-policy-binding <ORGANIZATION_ID_HERE> --member="user:<SUPER_ADMIN_EMAIL_HERE>" --role="roles/resourcemanager.organizationAdmin"

  4. Refresh or sign in and out of the Cloud Console, and the organization dropdown should re-appear.

Adam
  • 798
  • 3
  • 11
  • Awesome. That worked!! Thank you for your help. I'll be a lot more careful with the permissions next time ;) – Ian Mar 11 '17 at 22:50
  • Didn't work for me but was helpful. Perhaps good to know I had to issue: $gcloud organizations list to get the ID of the organization. Even so, I am still experience the issue (?) – luison Mar 11 '19 at 19:03
  • Worked for me just now. I had been getting an error message about not having the resourcemanager.projects.getIamPolicy permission when trying to access a project's IAM page (which had been created by another account) after my role was changed to Super Admin in G Suite. – James McKinney Sep 30 '19 at 17:11