Google groups can help you manage users at scale. Each member of a Google group inherits the Identity and Access Management (IAM) roles granted to that group. This inheritance means that you can use a group's membership to manage users' roles instead of granting IAM roles to individual users.
You can create and manage groups for your organization in the Google Cloud console.
Required permissions
You need the following permissions to manage groups in the Google Cloud console.
Group permissions
To create, view, edit, and delete groups, in the Google Cloud console or elsewhere, you need the appropriate group permissions. These permissions are managed by Google Workspace, not IAM. To gain these permissions, contact your Google Workspace administrator.
To learn about group permissions, see Set who can view, post, & moderate.
IAM permissions
To get the permissions that you need to use the Google Cloud console to manage groups, ask your administrator to grant you the following IAM roles on the organization:
-
Organization Viewer (
roles/resourcemanager.organizationViewer) -
To view group membership change logs:
Logs Viewer (
roles/logging.viewer)
For more information about granting roles, see Manage access to projects, folders, and organizations.
You might also be able to get the required permissions through custom roles or other predefined roles.
Viewing groups
To view the Google groups in your organization that you have access to, follow these steps:
In the Google Cloud console, go to the Groups page.
Select the organization whose groups you want to view.
The Google Cloud console displays all the groups in your organization that you can access.
Creating a group
To create a group, follow these steps:
In the Google Cloud console, go to the Groups page.
Click Create.
Fill in your group's details, including the group's name, email address, and an optional description.
To add members to the group, click Add member, then enter the member's email and choose their Google Groups role.
When you are finished, click Submit to create the group.
Viewing and editing group details
To view and edit the details of a group, including the group name, description, and membership, follow these steps:
In the Google Cloud console, go to the Groups page.
Find the group whose details you want to view, click in that row, and then click View group details.
To edit the group name or description, type your new name or description in the Group name or Group description field and click Save.
To edit the group's membership, do the following:
To add members: Click Add members at the top of the page. Enter the names of the members you want to add, choose their Google Groups roles, then click Add to add them to the group.
To remove members: Select the checkboxes next to the names of the members you want to remove, then click Remove members at the top of the page.
Managing a group in Google Groups
Some groups have features—such as moderation settings, joining rules, and permissions for creating and viewing posts—that you cannot manage from the Google Cloud console. To manage these features, you need to open the group in Google Groups.
To open a group in Google Groups, follow these steps:
In the Google Cloud console, go to the Groups page.
Find the group that you want to manage, click in that row, and then click View in Google Groups .
This action opens the group in Google Groups, where you can manage all of your group's features. For more information, see the Google Groups help page.
Deleting a group
To delete a group, follow these steps:
In the Google Cloud console, go to the Groups page.
Find the group that you want to delete, click in that row, and then click Delete group.
Confirm that you want to delete the group by clicking Confirm in the confirmation dialog.
View Google Workspace audit logs in Google Cloud
If data sharing is enabled for your organization, Google Cloud will automatically generate audit logs for actions taken in Google Workspace. For example, it will generate audit logs when someone adds a user to your organization or when someone removes a user from a group. You can view and manage these logs in Cloud Logging.
To learn how to enable data sharing and how to view and manage Google Workspace audit logs, see View and manage audit logs for Google Workspace.
What's next
- Learn how to grant, change, and revoke access for principals, including Google groups.
- Review other ways to create groups.