Is it possible to inherit the “owner” role in GCP IAM?

0
votes

Situation:

  • I have a project which belongs to a GCP organization
  • User A is "Organization Administrator" and (Project) "Owner" at organization level

Problem:

  • As expected, the user A is listed in the IAM page of the project at hand (with both before mentioned roles, inheritance is indicated by an icon in the last column)
  • But: The user does not see the project nor can access it. This only works when I assign the Owner role again for the project.

Question: Is it possible to inherit the owner role to make users owner of a project by inheritance?

2
google-cloud-platformgoogle-iam

2 Answers

1
votes

Question: Is it possible to inherit the owner role to make users owner of a project by inheritance?

If your Google Cloud Platform account is using Organizations, then Yes, you can add a user via IAM at the Organization level as Project owner. This role filters down thru inheritance to all projects in the organization. The same applies to Project Viewer, Project Editor, etc.

But: The user does not see the project nor can access it. This only works when I assign the Owner role again for the project.

I have not see this problem before. Remember that changing roles and permissions is not an instant process. It takes time for GCP to sync world wide. Some articles mention up to 7 minutes. Also, with some changes, the browser caches information, so you have to refresh the page to see changes (not always).

0
votes

Seems like there were inconsistencies within GCP permission propagation, I removed all roles on organization level and added them again - now it is working.