Assign permissions for Google Cloud projects

  • This guide explains how to assign predefined roles for viewing, editing, and deleting all Google Cloud projects within an organization.

  • Super administrator privileges are required to assign these permissions in Google Cloud.

  • Assigning view permission requires the Folder Viewer role, while edit permission necessitates the Folder Viewer, Project Mover, and optionally Service Usage Admin roles.

  • To grant delete permission, the Folder Viewer and Project Deleter roles must be assigned.

  • Detailed steps are provided for each permission level, guiding users through the Google Cloud console.

To manage add-on projects across your organization, you might need to view and manage their associated Google Cloud projects. This guide describes how to assign predefined roles to yourself or others that allow the role to view and manage all Google Cloud projects in an organization. To learn more about all the permissions you can assign in Google Cloud, refer to IAM basic and predefined roles reference.

Prerequisites

To assign permissions in Google Cloud for yourself or others, you must be signed in to Google Workspace as a super administrator.

Assign view permission for all Cloud projects in an organization

If you're a super administrator and want to give someone view permission for all Cloud projects in your organization, take the following steps:

  1. Open the Cloud console at console.cloud.google.com.
  2. Click Menu > IAM & Admin > Manage Resources.
  3. Select your organization.
  4. At the right, click Add Principal.
  5. In New principals, add the users or groups you want to let view projects.
  6. In Select a role, in the first list, select Resource Manager. In the second list, select Folder Viewer.
  7. Click Save.

Assign edit permission for all Cloud projects in an organization

If you're a super administrator and want to give someone edit permission for all Cloud projects in an organization, take the following steps:

  1. Open the Cloud console at console.cloud.google.com.
  2. Click Menu > IAM & Admin > Manage Resources.
  3. Select your organization.
  4. At the right, click Add Principal.
  5. In New principals, add the users or groups you want to let edit projects.
  6. In Select a role, in the first list, select Resource Manager. In the second list, select Folder Viewer.
  7. Click Add Another Role.
  8. In Select a role, in the first list, select Resource Manager. In the second list, select Project Mover.
  9. Optionally, to allow someone to turn APIs on or off in Cloud projects:
    1. Click Add Another Role.
    2. In Select a role, in the first list select Service Usage. In the second list, select Service Usage Admin.
  10. Click Save.

Assign delete permission for all Cloud projects in an organization

If you're a super administrator and want to give someone delete permission for all Cloud projects in an organization, take the following steps:

  1. Open the Google Cloud console at console.cloud.google.com.
  2. Click Menu > IAM & Admin > Manage Resources.
  3. Select your organization.
  4. At the right, click Add Principal.
  5. In New principals, add the users or groups you want to let delete projects.
  6. In Select a role, in the first list, select Resource Manager. In the second list, select Folder Viewer.
  7. Click Add Another Role.
  8. In Select a role, in the first list, select Resource Manager. In the second list, select Project Deleter.
  9. Click Save.