Hi,
I tried out using groups to manage access to resources but it does not seem to work as expected.
I created a group that has the permission owner on organization level for some admins.
organization -> IAM -> admingroup -> me as member and permission owner
As a member of that group, on my project I see in the IAM list that the permission is inherited for the group.
organization -> my_project -> IAM -> admingroup -> shows inherited owner permission
But when I try e.g. to look at a Kubernetes or Compute Engine Section in my project it will say I don't have the proper permissions. When I click on "Troubleshoot" and Check the API Call I see that it says the owner permission should be allowed, but it doesn't know who is a member of the group.
Is it possible that using groups for permission handling does not work properly in some cases?
Adding the group in the IAM list explicitly and setting owner permission on the project level didn't help either.
Configuring the user on organization IAM level with owner permission works also with inheritance and I can access everything as expected.
Is it a bug or do I have a misunderstanding somewhere?
Kind regards,
Christian