I am unable to edit Organization policies even though I'm using the super admin account.
I am trying to implement google calendar APIs on my website to create google meet links. I am new to google cloud. I saw articles and tried to follow them. I registered to google cloud, and got access to google cloud console. When i go to service account, and create a service account then go to key creation then it shows me below:
The organization policy constraint 'iam.disableServiceAccountKeyCreation' is enforced on your organization.
I googled to enable this permission, then went to Organization policies to enable the policy, there on edit polity button it shows below text on hover:
You need permissions for this action.
Required permissions:
All of orgpolicy.policy.get, orgpolicy.policies.create, orgpolicy.policies.delete, orgpolicy.policies.update, orgpolicy.constraints.list, and orgpolicy.policies.list
OR
All of policysimulator.orgPolicyViolationsPreviews.create, orgpolicy.customConstraints.get, orgpolicy.constraints.list, orgpolicy.policies.list, cloudasset.assets.searchAllResources, cloudasset.assets.listResource, and cloudasset.assets.exportResource
I am already using the [email protected] account, which is super admin account, but still I'm unable to edit policies. Does anyone know what I'm doing wrong here, or maybe any another work around to to create google meet links?
Finally I did it, so thought I should answer my own question might help someone, I got so frustrated there was no answer to fix this, but in the end after hours i figured it out my self that even though you are super admin, you might need to assigned the role called Organization Policy Administrator. Well i read it somewhere that this role is needed but didn't knew how its assigned and i was assuming super admin have all roles as admin.google.com does shows super admin have all roles. But instead in the IAM of cloud console (at organization level) in the permissions tab there will be list of principles, and in the there will be a principle of same name as your admin email, like "[email protected]" , click on edit principle and there will be option to assign roles, your have to search for the Organization Policy Administrator role there and assign it, then when you go to policies you can edit them.