We are using Enterprise GSuite along with Cloud DNS.
We have domains on Cloud DNS and while I can edit other ones, I'm unable to edit one.
Edit as in been able remove unused records but can change values.
I'm logged in with GSuite Admin and GCP project owner email address.
Not sure what could be the issue and need an input/suggestion on what might be the reason and potential solution.
Thanks.
This could happen when DNS zones belong to different projects. In this case, having a Project Owner role is not enough. Project Owner can manage or view the managed zones in the specific project.
To manage zones across projects, you need the DNS Administrator role.
To check roles granted to a particular account, you can use the following command:
$ gcloud projects get-iam-policy <PROJECT> --flatten="bindings[].members" --format='table(bindings.role)' --filter="bindings.members:<ACCOUNT>"
Cloud DNS > Doc > Access Control
Cloud IAM > Doc > Understanding roles > Predefined Roles > DNS roles
No it wasn't a permission issue as we often religiously define each role following best practices.
The problem was that I was looking for the right solution in the wrong place.
When I select the records in the console, I will be or was looking at the top option which is "DELETE ZONE".
I should have been looking at the "Add record set" or "Delete record set" area.
Anyway, the UI should have been more intuitive but I should have been paid more attention. Thanks for your input though.
