Being able to "Deny" the "Deny Admin" Role (roles/iam.denyAdmin) to some resources in the organization [234367700]

Assigned

Feature Request

Status Update

No update yet.

Description

sh...@google.com

created issue #1

May 30, 2022 06:47PM

This will create a public issue which anybody can view and comment on.

Please provide as much information as possible. At least, this should include a description of your issue and steps to reproduce the problem. If possible please provide a summary of what steps or workarounds you have already tried, and any docs or articles you found (un)helpful.

Problem you have encountered:

based on this Google documentation:

https://cloud.google.com/iam/docs/understanding-roles#iam-roles

- Lowest-level resources where you can grant this role are:
Organization

What you expected to happen:

According to our use case, we want to limit Deny Admin to deny policies to certain folders or projects. In other words, we literally want to "deny" Deny Admin role and permission in certain internal resources like: folders, project, ...

Steps to reproduce:

Other information (workarounds you have tried, documentation consulted, etc):
Basically, what we want is that the lowest-level resources where you can grant this role be:

- projects or folders

Comments

di...@accenture.com <di...@accenture.com> #2May 31, 2022 06:09AM

Thanks for the report. I will route this to the appropriate internal team and update this when I hear back from them.

an...@google.com <an...@google.com> Aug 26, 2022 08:54PM

Status: New (reopened)

de...@pachama.com <de...@pachama.com> #3May 16, 2023 12:49AM

One more detail, Data Layer event calls from the watch to the phone (running Android 13) do work on if the listener is in an Activity or Fragment.

dh...@google.com <dh...@google.com> Jun 21, 2023 04:00AM

Assigned to dh...@google.com.

dh...@google.com <dh...@google.com> #4Jun 21, 2023 09:37AM

Reassigned to gc...@google.com.

Also, I'm seeing this message in the Logcat:

"2022-06-12 18:47:15.156 1841-4562/? W/PackageManager: Intent does not match component's intent filter: Intent { act=com.google.android.gms.wearable.BIND_LISTENER"

cl...@gmail.com <cl...@gmail.com> #5Nov 21, 2023 02:40PM

Experiencing the same issues, please see my other report for any useful logs:

https://issuetracker.google.com/issues/235673375

br...@google.com <br...@google.com> #6Feb 14, 2024 01:23AM

+1, can confirm it doesn't work on Android 13:=

2022-07-15 11:26:15.023   589-5347  PackageManager          pid-589                              W  Intent does not match component's intent filter: Intent { act=com.google.android.gms.wearable.BIND_LISTENER cmp=xxx/xxx.WatchMessageReceiver }
2022-07-15 11:26:15.023   589-5347  PackageManager          pid-589                              W  Access blocked: ComponentInfo{xxx/xxx.WatchMessageReceiver}
2022-07-15 11:26:15.023   589-5347  ActivityManager         pid-589                              W  Unable to start service Intent { act=com.google.android.gms.wearable.BIND_LISTENER cmp=xxx/xxx.WatchMessageReceiver } U=0: not found

su...@gmail.com <su...@gmail.com> #7Jul 17, 2024 04:16PM

Note that I've been able to make it work by:

Adding <action android:name="com.google.android.gms.wearable.BIND_LISTENER" /> in the intent filter
Removing <data android:scheme="wear" android:host="*" />

But I feel like this is not something we should do

[Deleted User] <[Deleted User]> #8Aug 11, 2024 04:27PM

I'm really afraid Android 13 might get released as-is, breaking WearOS app communication 😨😨

ba...@thehutgroup.com <ba...@thehutgroup.com> #9Nov 13, 2024 01:35PM

If you're not targeting API 33 you're not affected by the bug. So it's a big bug, and yes we of course expected more from Google, but you can always target the api level later when it's fixed.

But I agree this is kind of desperating that more than 1.5 month after the first report nothing has changed.