I am getting blocked from both the command line and console for starting a shared vpc despite me being the Owner and top of organization role. Here are the error messages -
Required 'compute.organizations.enableXpnHost' permission for 'projects/******-core-dev'
q- how do i enable this then ???
and...
User [@.com] does not have permission to access organization [***:setOrgPolicy] (or it may not exist): The caller does not have permission
Any assistance much appreciated.
This is because you need the Compute Shared VPC Admin role. The permissions that contains that role are not included in the Organization Admin role.
In order to set this role to your account, you can follow the steps listed here.
Just as a tip, being Organization Admin does not mean you are "All Mighty" inside the organization and its resources. For some operations you need to grant extra permission to your user.
Give it a try and let us know if it worked c: