+1
Hello, Google support team.
I'm trying to crate a or download a json file for firebase push notifications. while creating the json file i'm facing an issue "The organization policy constraint 'iam.disableServiceAccountKeyCreation' is enforced on your organization." which is mentioned in the screenshot.
Can you please help or provide us any way of doing things right.
Thanks.
+10This means your Google Cloud Platform administrator has configured Organization Policy, which sets constraints on usage of GCP. You should check in with your admin for management of it.
-mike
+1I have owner access on this account, but I am still unable to create a JSON file and keep encountering an error. Can you please provide any steps or a link that I can follow to find the solution?
+5I have owner access on this account, but I am still unable to create a JSON file and keep encountering an error. Can you please provide any steps or a link that I can follow to find the solution?
+1I have already tried both solutions, but neither worked.
In the first solution, I encountered a permissions issue, and in the second, the edit option was disabled. Even though my account is shown as the owner, I am unable to make any changes.
+5I have already tried both solutions, but neither worked.
In the first solution, I encountered a permissions issue, and in the second, the edit option was disabled. Even though my account is shown as the owner, I am unable to make any changes.
I see your issue: the owner role is insufficient for editing org policy. In the cloud console for the Organization (not the Project), you need to grant that user the "Organization Policy Administrator" role.
+1I see your issue: the owner role is insufficient for editing org policy. In the cloud console for the Organization (not the Project), you need to grant that user the "Organization Policy Administrator" role.
How i should do that can you please provide us steps. so that can do that in correct manner
+5How i should do that can you please provide us steps. so that can do that in correct manner
In the cloud console, pick your Organization from the dropdown menu. The Org has a building glpyh as shown in the screenshot below. Note the numeric ID for th org also as you can use that with gcloud commands.
Once the Organization is selected, use the navigation on the left side to pick IAM & Admin and then IAM.
On the IAM page's View By Principals table, use the Filter to find the user account that you are using for cloud console administration. Use the pencil glyph on the far right column to edit this principal.
On the Assign Roles page for that principal, click "ADD ANOTHER ROLE" on the bottom of the list of roles.
Click "Select a Role"
.
Start typing "Organization Policy Administrator" in the Filter box. When the Role is visible, select it and then click Save.
The steps above add the Organization Policy Administrator Role to the principal at the Organization level. To do that with a gcloud command:
```
+1In the cloud console, pick your Organization from the dropdown menu. The Org has a building glpyh as shown in the screenshot below. Note the numeric ID for th org also as you can use that with gcloud commands.
Once the Organization is selected, use the navigation on the left side to pick IAM & Admin and then IAM.
On the IAM page's View By Principals table, use the Filter to find the user account that you are using for cloud console administration. Use the pencil glyph on the far right column to edit this principal.
On the Assign Roles page for that principal, click "ADD ANOTHER ROLE" on the bottom of the list of roles.
Click "Select a Role"
.
Start typing "Organization Policy Administrator" in the Filter box. When the Role is visible, select it and then click Save.
The steps above add the Organization Policy Administrator Role to the principal at the Organization level. To do that with a gcloud command:
```
Thanks for the update, but my account is showing a permission issue. I am not able to move forward. Can you please suggest what to do to solve this issue? I am attaching an image of the issue, please give a suggestion
+5Thanks for the update, but my account is showing a permission issue. I am not able to move forward. Can you please suggest what to do to solve this issue? I am attaching an image of the issue, please give a suggestion
I believe that screenshot indicates that you are not the administrator for your Google Cloud Platform organization. You'll need the administrator to help. The "need additional access" page also says, "If your administrator is unable to help, then contact support".
+11At this point I would open a case with support so they can troubleshoot what is happening.
+1I too am struggling to create a Service Account Key for Firebase. Here is the error
The role has the following permissions:
And here are the policy adaptations I have made:
Enabling makes no difference.
WIF is not an option as Azure Notifications do not support WIF yet.
Thanks, Jeff
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.