Assigned
Status Update
No update yet.
Comments
pm...@google.com
This feature request has been forwarded to the resource manager product management team so that they may evaluate it. There is no timeline or implementation guarantee for feature requests. All communication regarding this feature request is to be done here.
Description
Problem you have encountered:
GCP users are encouraged to use custom roles and organization IAM policies as found on this documentation page [1].
At the moment using a custom IAM role in organization makes the projects migrations very problematic and can impact other projects in the organization when removed.
What you expected to happen:
I suggest an improvement to the project migration tool so that the hard requirement for the custom IAM roles is no longer needed.
Steps to reproduce:
1. Add a custom IAM role on organization level.
2. Create a project under organization node and the role is automatically inherited.
3. The migration request gets denied when custom IAM role is inherited from organization.
Other information (workarounds you have tried, documentation consulted, etc):
Convert custom IAM role to a predefined role.
[1]