Which permissions do I need to create projects in GCP folders?

1
votes

I have a Google Cloud organisation set up. In it I have 5 folders, within each of them I have some sub-folders and some projects.

When I try to create another project at either the org level or within one of the top-level projects, I see a yellow exclamation mark sign which tells me "You do not have permission to create projects in this location". However, I can create projects at the sub-folder level.

I created all the folders and subfolders, and I have the following permissions:

  • Organisation Admin
  • Project Owner
  • Folder Admin
  • Project Creator
  • Project Mover

Which other permissions do I need?

The error looks like this:

enter image description here

2
google-cloud-platformgoogle-iam
Organization Admin and Folder Admin on the organization level works fine for me. Are you sure you have the Folder Admin on the Organisation level? You can also be granted Folder Admin for any other folderpetomalina

2 Answers

1
votes

I see that you have the correct permissions, but the only reasonable way I see you getting this error is if you have the following permissions at organizational level:

  • Organization Admin
  • Project Owner
  • Folder Admin
  • Project Mover

and the

  • Project Creator

was added at folder level for

  • subfolder_1
  • subfolder_2
  • subfolder_3
1
votes

TLDR

You need the permission Project Creator at the organisation level

enter image description here

LONG ANSWER

Apparently, having "admin" permissions doesnt suffice if you dont have the Project Creator permission.

As admin, I had the following permissions, but I was still unable to create the a project because I didnt have Project Creator permission:

Access Approval Approver
Access Context Manager Admin
Actions Admin
Recommendations AI Viewer
Access Transparency Admin
Bigtable Administrator
Billing Account Administrator
Project Billing Manager
Cloud Asset Owner
Compute Admin
Compute Network Admin
Compute Organisation Security Policy User
Compute Organisation Resource Admin
Organisation Role Administrator
Notebooks Admin
Owner
Folder Admin
Folder Creator
Folder IAM Admin
Folder Mover
Project IAM Admin
Service Broker Admin
Storage Admin

Would love to meet the gentleman at Google who came up with this idea. The Owner permission's description reads as Full access to all resources. (I am yet to see a description so unprofessionally misleading.)

enter image description here