0

I have a project in Google Cloud that I'm trying to add an "editor" to (I will remain the sole project owner). I have added this person using their gmail address in the IAM permissions but the project does not show up in their projects list when they log into the GCP console.

I'm using the instructions here: https://cloud.google.com/iam/docs/granting-changing-revoking-access

  1. Open the IAM page in the GCP Console.
  2. Open the IAM page
  3. Click Select a project, choose a project, and click Open.
  4. Click Add.
  5. Enter an email address
  6. Select a role.
  7. Click Save.

Is there something that I'm missing here?

Sandro G
  • 42
  • 5
Zac Soden
  • 1
  • 1
  • 1
  • What kind of editor role are you grating to the user involved? – Miguel Oct 31 '19 at 11:31
  • When searching for the project, the user should make sure that they are also searching it in the right organization. – Miguel Oct 31 '19 at 11:33
  • I am adding the person as a project editor. We have no organisation or Cloud Identity defined. I couldn't find any information to indicate that either was necessary but I was wondering if that was perhaps a contributing factor? – Zac Soden Oct 31 '19 at 22:02
  • Have the user run this command `gcloud auth list`. Verify that the identity is correct. They run `gcloud projects list`. If your project does not show up, then you have added them wrong. If it does show up, then go to the Console, IAM, Resource Manager. Also, double-check what identity they are logging in to the Console. – John Hanley Nov 01 '19 at 04:56
  • The project shows up in the ```gcloud projects list``` listing, but not in Console->IAM->Resource Manager. We also get the same result in reverse if this person tried to add me as an editor in one of their projects. – Zac Soden Nov 01 '19 at 05:36
  • Could you try the same but adding the person as a project owner? – Miguel Nov 01 '19 at 14:40
  • Resource Manager has two options. One for displaying projects in an Organization. The other for no Organization. This is near the top of the window. – John Hanley Nov 01 '19 at 18:28
  • If I add the person as a project owner, they receive the invitation and upon accepting it my project shows up in their "recent" projects tab, but not the "all" projects tab. In the resource manager we have No Organisation selected (the only option available). – Zac Soden Nov 02 '19 at 11:42
  • I would recommend you to open a thread in [Google's Issue Tracker](https://cloud.google.com/support/docs/issue-trackers), if you don't have a support plan, so that they can investigate your specific case. If you have a support plan it would be even more efficient to open a ticket. – TasosZG Nov 04 '19 at 07:41
  • Thanks @TasosZG, if it indeed sounds like it is a bug (and certainly wouldn't be the first, second or even third GCP bug I've found since I began developing with it this year) then I'll open an issue tracker thread. Unfortunately I don't have a support plan... – Zac Soden Nov 04 '19 at 13:21

3 Answers3

1

I have found that at least at the time of this writing if the user does not have access to read all projects in an organization then no projects will show up. If the user has landed in a resource that is accessible to them for a given project then such a project will show up under the proper organization.

Here is how to replicate:

  1. As an admin create a "newProject990055" under an existing organization, select it and navigate to the IAM menu.
  2. Add a user with just the role "Logs Viewer" for "newProject990055".
  3. Login with such a user and try to select project "newProject990055". Expected: User won't see "newProject990055" because the user has no access to list all projects, and "newProject990055" is new, and the user has never visited it before.
  4. With such a user hit https://console.cloud.google.com/logs/query?project=newProject990055. Expected: User will see the logs for the "newProject990055" project and user will be notice that such a project is selected.
  5. Logoff and login back with such a user, click on the dropdown for projects. Expected: User should be able to see project "newProject990055" because even though the user has no access to list all projects, and "newProject990055" is new, the user has already visited it before.
Nestor Urquiza
  • 119
  • 3
0

I was also facing the same issue, below is my scenario -

  1. I was added as a Editor to project - XYZ.
  2. I was able to login into console and check details.
  3. When I am trying to set project in cloud sdk, I was not able to view the project XYZ in my list.

Solution -

  1. gcloud auth login
  2. gcloud init

it worked for me.

Vineetkumar Patil
  • 1
0

The solution to this problem seems to be patience. After adding a new user it seemed to take a few days before they could access the project correctly. I had noted somewhere in the documentation that there can be delays when adding new permissions but I was surprised how long it took!

Zac Soden
  • 1
  • 1
  • 1