Managing Default Organization Roles

When an organization is created, all users in your domain are granted the Billing Account Creator and Project Creator roles by default. This page describes how to designate your own Billing Account Creator and Project Creator, and how to remove roles that were assigned by default to the organization node.

Adding a Billing Account Creator and Project Creator

To migrate existing billing accounts into an organization, a user must have the Billing Account Creator Cloud IAM role. Users with the Project Creator role are able to create and manage Project resources. To add additional Billing Account Creators and Project Creators, follow these steps:

Console

To grant the Billing Account Creator or Project Creator role using Google Cloud Platform Console:

  1. Go to the Manage resources page in the GCP Console:

    Open the Manage resources page

  2. On the Organization drop-down list, select your organization.

  3. Select the check box for the Organization resource.

  4. On the right side Info Panel, under Permissions, enter the email address of the member you want to add.

  5. In the Select a role drop-down, select Billing > Billing Account Creator or Resource Manager > Project Creator.

  6. Click Add. A dialog will appear to confirm the addition or update of the member's new role.

Removing default roles from the Organization node

After you designate your own Billing Account Creator and Project Creator roles, you can remove these roles from the organization node to restrict those permissions to specifically designated users. To remove roles from the organization node, follow these steps:

Console

To remove the roles assigned to users by default using the Google Cloud Platform Console:

  1. Go to the Manage resources page in the GCP Console:

    Open the Manage resources page

  2. Click the Organization drop-down at the top of the page and then select your organization.

  3. Select the check box for the Organization resource node to select it.

  4. In the list of roles in the Permissions pane on the right, select the drop-down arrow of the role you would like to remove.

  5. Select the trash can icon. When the Remove member dialog appears, select Remove. A dialog will appear confirming the deletion of the role.

  6. Repeat steps 4 and 5 for each of the roles you want to remove.

Send feedback about...

Google Cloud Resource Manager Documentation