4

I'm trying to move a GCP project (on a private account) to a GCP organization that I manage. I know that I have to have the correct IAM rights, which I believe I do. I'm Owner, Folder Admin, Organization Administrator, Project Deleter and Project Mover in the project. I'm also Project Owner and Project Mover of the project to be moved.

But when I try to move it, I get:

ERROR: (gcloud.alpha.projects.move) User [(organization account)] does not have permission to access project [(the project to be moved] (or it may not exist): The caller does not have permission

Any experiences or suggestions?

BR, Daniel

Daniel
  • 41
  • 1
  • 2
  • Could you please grant the access to the organisation to the user and then test the permissions as it is displayed here - https://cloud.google.com/resource-manager/docs/access-control-org#grant-access . Thanks. – Andrei Tigau Jan 20 '20 at 10:31
  • Hey @Daniel, I have the same issue. Have you resolved yours? Best, Piotr – bazeusz Jun 03 '20 at 11:07
  • @Daniel, have you found a solution to this? – pasevin Sep 19 '20 at 09:58

2 Answers2

2

1. Target organization

Add the user (email) who owns the project to migrate from the source organization.

  • IAM and Administration
  • Manage resources
  • Select the target organization
  • Permissions -> Add Member

Permission to the user in the target organization:

Project Creator.

You can do it through UI or Gcloud.

Note: Delete the line break \

$ gcloud organizations add-iam-policy-binding ORGANIZATION_ID \
--member user:YOUR-EMAIL --role=roles/resourcemanager.projectCreator


Success: Updated IAM policy for organization [ORGANIZATION_ID].

2. Source organization

Permissions to the user in the project to be migrated in the source organization:

Project Mover

Note: Delete the line break \

$ gcloud config set project PROJECT_ID
$ gcloud projects  add-iam-policy-binding PROJECT_ID \ 
--member user:YOUR-EMAIL --role=roles/resourcemanager.projectMover


Success: Updated IAM policy for project [PROJECT_ID].

Finally, migrate the current project to an organization

$ gcloud alpha projects move PROJECT_ID --organization ORGANIZATION_ID

GL

Braian Coronel
  • 22,105
  • 4
  • 57
  • 62
0

You need to grant permission with roles/resourcemanager.organizationAdmin, in order to access the organization in R/W mode, so that it can copy & delete (move) the project (and the user needs that role for both of the organizations). See the documentation: Granting access to an organization.

Martin Zeitler
  • 1
  • 19
  • 155
  • 216
  • I am an organization admin at the destination already. However, the project that I'm moving is not in an organization. It's just a project tied to an individual Google account. So, unfortunately, that doesn't solve it for me. – Daniel Jan 20 '20 at 18:43