Assigned
Status Update
No update yet.
Default access
View
Expanded Access
--
--
--
Issue 149353592
How can we have a whitelist for a service account outside the DIRECTORY_CUSTOMER_ID while organization policy enabled with "domain restricted sharing"
Feature Request
Description
What you would like to accomplish:
Currently we are working with an organization policy for "domain restricted sharing". The problem we are running into is when the policy is enforced, GA360 to BQ data transfer needs a service account created that is outside the DIRECTORY_CUSTOMER_ID. To allow this, we have to disable the policy and then implement again after the transfer is created.
We like to whitelist the necessary ID's for addresses such as
Also there ID's that can be white listed that would not restricted adding
How this might work:
The issue is we can whitelist our own G-suite domain, but we can not whitelist those google service accounts. After our Org policy enabled, it causes issues with GCP Please describe your requested enhancement. Good feature requests will solve common problems or enable new use cases.
If applicable, reasons why alternative solutions are not sufficient:
For Public data sharing, the normal way is to disable/enable the domain restricted sharing constraint temporarily for the Project resource.
But we don’t want to disable/enable it.
Other information (workarounds you have tried, documentation consulted, etc):
We use this document to set the organization policy.