拒绝访问 Google Cloud 官方应用中的大多数功能，为什么？

Question

I installed the official app Google Cloud to manage and monitor my Google Cloud ressources. I then logged in using an account with an Owner role on the top structure My Organization and an Owner role on all its sub-projects as well. I am super-admin in Google Workspace .

However, I can't seem to access/list any project or ressource in the app. Basically it tells me I lack permissions.

I tried looking for specific IAM permissions for this scenario but without luck.

What am I missing?

Answer 1

To get the permissions that you need to manage access to a project, folder, or organization in Google official cloud you need to have following IAM roles on the resource that you want to manage access for (project, folder, or organization):

• To manage access to a project: Project IAM Admin (roles/resourcemanager.projectIamAdmin)
• To manage access to a folder: Folder Admin (roles/resourcemanager.folderAdmin)
• To manage access to projects, folders, and organizations: Organization Admin (roles/resourcemanager.organizationAdmin)
• To manage access to almost all Google Cloud resources: Security Admin (roles/iam.securityAdmin)

For more information about granting roles, see Required permissions and Manage access and check these roles .

Answer 2

I am following this thread too. Sent in question via app to support. Odd that I can open SSH within app and use gcloud to navigate but cant use the app's screens

Answer 3

I found the solution:

In Google Workspace Admin console, you must activate the service named Additional services without individual control .

Menu 'Apps' > 'Additional Google services' > 'CHANGE' next to 'Access to additional services without individual control for all organisational units is turned Off' (info tag in the upper zone) > 'ON for everyone'