Authorize Service Account Key Uploads
IMPORTANT: Google best practice is to NOT use service account keys. Rather than overriding Google's default policy please consider Running GAM7 securely on a Google Compute Engine (if running in Google Cloud) or Workload Identity Federation (if running outside Google Cloud) so that service account keys are not necessary.
If you try to create a project and get an error saying that Constraint constraints/iam.disableServiceAccountKeyUpload violated for service account projects/gam-project-xxxxx, perform these steps and then you should be able to authorize and use your project.
Login as an existing super admin at console.cloud.google.com
In the upper left click the three lines to the left of Google Cloud and select IAM & Admin
Under IAM & Admin select IAM
Click in the box to the right of Google Cloud
Click the three dots at the right and select IAM/Permissions
Now you should be at "Permissions for organization ..."
Click on Grant Access
Enter the new admin address in Principals
Click in the Select a role box
Type orgpolicy.policyAdmin in the Filter box
Click Organization Policy Administrator
Given up, can't find the correct right/rôle and Gemini can't help me to identify the one to permit administration rules editing.
Authorize Service Account Key Uploads
IMPORTANT: Google best practice is to NOT use service account keys. Rather than overriding Google's default policy please consider Running GAM7 securely on a Google Compute Engine (if running in Google Cloud) or Workload Identity Federation (if running outside Google Cloud) so that service account keys are not necessary.
If you try to create a project and get an error saying that Constraint constraints/iam.disableServiceAccountKeyUpload violated for service account projects/gam-project-xxxxx, perform these steps and then you should be able to authorize and use your project.
Login as an existing super admin at console.cloud.google.com
In the upper left click the three lines to the left of Google Cloud and select IAM & Admin
Under IAM & Admin select IAM
Click in the box to the right of Google Cloud
Click the three dots at the right and select IAM/Permissions
Now you should be at "Permissions for organization ..."
Click on Grant Access
Enter the new admin address in Principals
Click in the Select a role box
Type orgpolicy.policyAdmin in the Filter box
Click Organization Policy Administrator
Given up, can't find the correct right/rôle and Gemini can't help me to identify the one to permit administration rules editing.