The super admin (in my case, root@my-domain.com) assigned on the admin portal is supposed to receive full GCP privileges without further assignments in IAM, unless the understanding above is incorrect.
From the GCP IAM, however, when creating a new folder, it says "you do not have permission to create folders in this location".
Is there something else I need to do with super admin user in order to give it full privileges? Thank you for the help!
If you want this user to have rights at the Organization level, you must grant them either in the Google Cloud Console, CLI or API. These permissions (roles) are not granted by default. I am assuming that you want rights for the organization and for all folder levels.
Example CLI Command:
gcloud organizations add-iam-policy-binding [ORGANIZATION_ID] --member [USER_EMAIL] --role roles/resourcemanager.organizationAdmin
gcloud organizations add-iam-policy-binding [ORGANIZATION_ID] --member [USER_EMAIL] --role roles/resourcemanager.folderAdmin
To get the ORGANIZATION_ID, look in the Google Cloud Console or via the CLI:
gcloud organizations list
More Information:
gcloud organizations add-iam-policy-binding