Group permissions get not applied

[Christian Dervaric]

Hi,
I tried out using groups to manage access to resources but it does not seem to work as expected.

I created a group that has the permission owner on organization level for some admins.

organization -> IAM -> admingroup -> me as member and permission owner

As a member of that group, on my project I see in the IAM list that the permission is inherited for the group. 

organization -> my_project -> IAM -> admingroup -> shows inherited owner permission

But when I try e.g. to look at a Kubernetes or Compute Engine Section in my project it will say I don't have the proper permissions. When I click on "Troubleshoot" and Check the API Call I see that it says the owner permission should be allowed, but it doesn't know who is a member of the group.

Is it possible that using groups for permission handling does not work properly in some cases?

Adding the group in the IAM list explicitly and setting owner permission on the project level didn't help either. 

Configuring the user on organization IAM level with owner permission works also with inheritance and I can access everything as expected.

Is it a bug or do I have a misunderstanding somewhere?

Kind regards,

Christian

[Shamma Nikhat (Cloud Platform Support)]

Hello,

It seems like the issue needs some troubleshooting with detailed information. This forum used to find information like service status updates and release notes, and ranging from book recommendations to creative shortcuts.

You can file a PIT with the detailed information so that the appropriate team can investigate.