The predefined IAM role for permissions is named Quota Administrator. This role can be assigned at the project, folder, and organization levels.
- If granted at the project level, the user will have permission to perform project-level operations.
- If granted at the folder level, the user will have permission to perform project-level operations for all projects in that folder.
- If granted at the organization level, the user will have permission to perform organization level operations. Because IAM permissions are inherited from the top level, this user will also be granted project and folder level permissions.
Users who are part of the Project Owners role can assign the Quota Administrator role to other users at the project level. Users in the Organization Owner role can assign the Quota Administrator role at the organization level.
Permissions for viewing project quota
To view your project quota in the Google Cloud console or to access your project quota programmatically, you must have the following Identity and Access Management (IAM) permissions:
resourcemanager.projects.get
resourcemanager.folders.get
if you want to view quota for an entire Folder.resourcemanager.organizations.get
if you want to view quota for an entire Organization.monitoring.timeSeries.list
serviceusage.services.list
serviceusage.quotas.get
To learn which roles include these permissions by default, see the IAM permissions reference.
Permissions for changing project quota
To change your quota at the project level, folder level, or organization level, you must have the following IAM permission:
This permission is included by default for the following roles: Owner, Editor, Quota Administrator, and Service Usage Admin.
Permissions for viewing quota increase requests
To view quota increase requests in the Google Cloud console, you must have the following IAM permissions:
resourcemanager.projects.get
serviceusage.services.list
serviceusage.quotas.get
Permissions for creating an alert policy for a quota
To set up quota alerts, you must have the following permission:
monitoring.alertPolicies.create