GCP Org Admin missing permissions

[Ben Tilford]

I'm having issues with a user in the Organization Administrator role. This user is unable to view roles or quotas from the console. For roles it says they don't have the iam.roles.list permission. I don't get any meaningful info from the quotas page.

Is there another role somewhere? I've searched for several days now and none of the documentation ever really tells you what permissions you need, not being able to look at the roles page sort of ties my hands as to figuring that out on my own.

[Nicolas (Google Cloud Platform Support)]

Hi Ben,

Thank you for opening this thread, if I understand correctly you have given the Organization Administrator role to one of your users but he can’t see any IAM roles nor have informations about quotas.

It might be confusing but “Organization Administrator” translates to “roles/resourcemanager.organizationAdmin”[1] which have permissions over the ressources but not over the IAM roles. To obtain the “iam.roles.list” permission one would need an IAM Roles role [2] like “roles/iam.organizationRoleViewer”.

Likewise, to have access to all the quotas information on would need to have a Service Usages Roles[3] or a quota permission on a specific product.

I hope that will help!