A new project showed up in my list of projects in my GCP console with name "My Project xxxxx" and ID "brave-watch-nnnnnn" where xxxxx and nnnnnn are numbers. But, I have no privileges on this project and cannot view the resources or modify the project.
I am the only user of my GCP account and my account is not part of any organization. I don't know how this project was created and how it got added to my console. Has anyone encountered such a scenario before and how did you resolve it ?
I think you should contact the support team. You mentioned about that your account is not part of an organization. But it's possible for someone to add you into his project via email. Did you leak your email address? You can also use gcloud projects list to see which project you have access to.
Only the owner of the project can revoke the access... that's who to contact.
b/c permission resourcemanager.projects.setIamPolicy is required to do so.
Related
I'm trying to create my first project in google cloud with organization's administrator account. I have access to the administrator's email and passwords and I am logging in with that account to do so. The problem is that when I click on create new project I receive the following error:
There was an error while loading /home/dashboard?project=proven-now-305315&authuser=1.
You are missing at least one of the following required permissions:
Project
resourcemanager.projects.get
Check that the project ID is valid and you have permissions to access it. Learn more
Send feedback
The detail is that in my resource administration panel I already gave the permission that they ask me to the resource as shown in the following image:
As I have read, the project IAM Admin role should grant the resourcemanager.projects.get role and as you can see in the image the resource rcv # .. which is the administrator has it activated, however I keep trying to create a new project and it doesn't allow me to do it. Any idea?
In case anybody else, like me, reaches this answer, I want to point out that the accepted answer is correct, but for me I had to also make sure that within the settings, I ensured that Project Creation Settings on the right pane and under the section of Cloud Resource Manager Api Settings was set to on. It was turned off by default. Many people on my team overlooked this as it is significantly smaller text.
This may be an option that was not present before or it was turned on by default in the past. For us, it was turned off.
Please refer to the included image for a visual representation of the
settings that need to be turned on.
The problem was for some reason the Google Cloud was disable for all users, I solved following this instructions. Solved with this!
To activate this service, please follow the steps:
Access the admin console and go to Apps -> Additional Google Services
Look for the service “Google Cloud Platform” and click on the box next to it
In to top right corner click in “ON”
Confirm you want to turn it on in the pop-up box.
I am using a trial version of Google CLoud. In the command line, I am logged in with a .json key file.
gcloud projects create training_project
returns
ERROR: (gcloud.projects.create) PERMISSION_DENIED: Service accounts cannot create projects without a parent.
But with a trial account, I can neither create an organization nor a folder to serve as a parent. So, how can I make a new project with the command line interface as a trial user?
I have read this question that concerns doing this with a REST API whereas I want to use the command line interface. Furthermore, that question is not about using a trial account.
As shown in the error message (this is also documented here), service accounts are not allowed to create projects outside of an organization and must specify the parent resource when creating a project. There is no workaround for this. Since a trial user cannot create an organization as you mentioned, you won't be able to use a service account to create a project.
Having said that, you can create a project via CLI when logged in as a user instead. You can log in by running:
gcloud auth login
and following the instructions. The gcloud projects create command will then run successfully.
After adding other users from my organization as Project Editor and Viewer the projects aren't showing up in their Google Cloud Console project list, nor are they visible in gcloud projects list.
However if I give them a link directly to some resource inside the project they can navigate to it just fine,
and they can also use commands like gcloud container clusters list with the --project= set to the new projects and see the resources inside the project.
The documentation for the gcloud projects list (https://cloud.google.com/resource-manager/docs/creating-managing-projects#listing_projects) specifies it should list all projects on which you have resourcemanager.projects.list (which Project Viewer and Editor both grant) or any children under a parent on which you have resourcemanager.projects.list.
So maybe if I grant resourcemanager.projects.list on the organization level it would fix it, but I don't really want to grant the users such a broad access...
As mentioned by John Hanley :
In order for a user to list projects in an organization, they need resourcemanager.projects.list at the organization or folder level.If a user has access to a project, allowing them to list projects should not be an issue unless revealing the names of projects is not desired. In that case, just provide everyone with the Project ID and they can manually use that to access resources.
Note: The level (project, folder, organization) determines what users can access. You could create folders, move projects under folders and allow users to only list projects in their folders
For more information you can refer to the Serverfault Answer related to a similar issue and Documentation where creation and management of the Folders has been well explained.
Here is how to replicate:
As an admin create a "newProject990055" under an existing organization, select it and navigate to the IAM menu.
Add a user with just the role "Logs Viewer" for "newProject990055".
Login with such a user and try to select project "newProject990055". Expected: User won't see "newProject990055"
because the user has no access to list all projects, and
"newProject990055" is new, and the user has never visited it before.
With such a user hit https://console.cloud.google.com/logs/query?project=newProject990055.
Expected: User will see the logs for the "newProject990055" project
and user will be notice that such a project is selected.
Logoff and login back with such a user, click on the dropdown for projects. Expected: User should be able to see project
"newProject990055" because even though the user has no access to list
all projects, and "newProject990055" is new, the user has already
visited it before.
How is it that on my "Projects" page on Redmine, even once connected, there's no "New Project" link anywhere to be found?
Contrary to the demo version.
My account
Their demo
Thank you very much in advance!
Redmine has fine-grained, role-based permission system. Permissions are managed on global and per-project level, even per-field and per-status, based on workflow...
You don't see new project button, because you are not administrator, nor you have any role on some project which can grant you that permission.
You should contact your administrator or project manager to elevate your role.
When I try to delete a Google Cloud project, I get this error:
You are not allowed access: the project cannot be modified by the end user.
However, I can confirm I am logged in as the owner of the project, I checked permissions and this account is the only linked account for that cloud project (and is owner).
When I try to disable billing (as I suspect you can't delete a billing-enabled project), I get a similar error:
Any suggestions? Thanks.
You can move to API&Auths->API
disable all apis,
then try to delete again