I am attempting to add the "Amazon Web Services" Application to Google Workspaces.
I have been assigned the super admin role, in the admin dashboard. So, to the best of my knowledge, I should have permissions to add an application. But I keep getting the error message "Can't add Amazon Web Services. Please try again.". Which unfortunately is not particularly helpful in trying to understand what the problem is. I have tried different browsers, signing out/in etc. all to no avail.
However I must be missing something as the organisation owner is able to add the application with no issues, does anyone have any idea what could be preventing me from doing this?
Just to add, I have confirmed that I have the same roles attached as the organisation owner.
If your account has been assigned the role recently it is expected as it usually takes up to 24hrs for a role to fully propagate. After that you should be able to add it with no issues.
That is documented here
Related
Im trying to set up a service account to run actions which need to bypass the required pull-requests.
I have this working via a PAT for my admin account and working via a standard member account.
I have now created a new member in the organization with the same permissions as the standard member. But they are not listed in the GUI and if i try via terraform it completes but doesnt add them either.
I have since noticed that i also can only see a few of the teams, but they are also set up with the same terraform code.
Can someone explain what the critera is to able to add someone to the branch protection Allow specified actors to bypass required pull requests is please?
The only seem to say that teams or members can do it. with no indication of needing a flag set or anything else.. so im rather confused to say the least.
Thanks
I had a simple Google Cloud Storage Account (for the last 5 years) that I had a small online backup service offering for my clients.
About a month or so ago I began getting messages about my "Trial" was expiring ... I ignored it mostly since I had not setup a trial anything. Then about a couple of weeks ago, my backup service quite working with the message I had no cloud account.
I went back and found the emails and clicked and "Upgraded" the account (which again I have no idea why since I have been paying Google Cloud Storage for years) and the backup began to work again.
But now when I go to look at the Project it states I have no permission for anything. I had access until this garbage happened ... of course there is absolutely no way to get support from Google.
I have tried to see how to give me admin access again, but there does not seem to be any way to do this ...
BTW ... I am the only login
Help please
about a year ago, some requirements were changed with GCP and storage. as such, you will need to ensure you have an attached billing account and manager access on the accounts that you are using to back up with. Typically these are service accounts with service credentials.
You can find the IAM roles here: https://console.cloud.google.com/iam-admin/iam
you will have to ensure you are in the correct project, then select the user that you are using to authorize with the backup service (or potentially create one).
Then you will want to edit the roles this account has with any of the following, or their subset permissions:
Storage Admin
Storage Transfer
Storage Object Admin
I also highly recommend getting a Google/Firebase technician to look at your GCP project, you can contact them through support here as they can debug if there are any backend issues. Just clarify that your project may not be a Firebase project. They are often more helpful than typical Google Support.
https://firebase.google.com/support/troubleshooter/contact
Update:
If for some reason your account was hijacked or migrated to an account you don't have access to when you should. contacting GCP support is your best option, they are able to restore access, roll back changes, and otherwise assist with any potential lockouts you have.
I asked this question on the github community support forum, but I'll ask this here too since no reply there...
I am trying to setup a Github App to give some scripts limited Admin rights to some repos in an Organisation. The Organisation is (I believe) under an Enterprise account - we are using this currently instead of having an Enterprise server. I have created the App, transferred it to the Organisation, and one of the Organisation Admins (which I an not) has set me as the manager. So far so good. However, although I can see the App in the Organisation Settings, there is no “Install App” button. Also trying to use it in scripting gives 401 (A JSON web token could not be decoded) errors trying to get hold of a “PAT” for the app - even though the Admin has installed it into the app.
There is obviously something wrong but I’m at a loss. Does anybody know of some extra logs that can be looked at or have a suggestion on how to approach this. We’ve tried deleting the app and retrying - no different. I should say this is the third app I’ve created for transferring into the organisation this way - so far it has just worked.
We raised a support ticket on this so got a formal answer. I thought it might be useful to replicate the key part of the answer here. Essentially the issue is the fact this App has Admin rights. I am an Administrator on some of the repos, and am "App Manager" for this App, but I am not an Owner of the Organisation.
I quote:
"""GitHub App permission requests [control] access to a number of organization REST API endpoints... As these endpoints are outside the individual repository scope, only the organization owner can approve requests to add or change them. If this wasn't the case, App Managers who aren't organization owners would be able to grant an application the ability to view organization members and teams - which is private organization information that can otherwise only be granted by organization owners via inviting new organization members."""
Basically that is it. The original idea was to allow a central place to set some things that only an Administrator could set in a repo - c.f. branch rules. Seems that this can't be done as is with an App - the system just isn't flexible enough.
The alternative, which I know works, is to use the PAT of a user with Admin rights. That just feels less secure.
I am trying to add an attachment to a work item in Azure Devops. I am an administrator for the project and Area path. When I attempt to add an attachment I get the error "You do not have permission to attach files to work items in the current area path." I have searched and searched but can't figure out which permission I am missing. Does anyone know which permission I should give myself?
I figured it out this morning. One of my coworkers had a theory to try. It appears it is not being allowed when connected to our VPN. When I attempt it with out being connected to the VPN it works as expected. Hope this says someone hours of research.
I can't reproduce same issue like yours, but I think it's may not a simple permission-related issue.
Check the project configuration page and make sure all related permissions for specific user are allowed.
Search the user name and try allowing all permissions here and do the test again:
Then use a edge/chrome browser(after cleaning the cache), sign-out and sign-in the web portal again to check if the issue disappears.
I am trying to add a new member on my google-cloud project but i can't make it work.
The link inside the auto-generated email from google is well linking to the page where the user can confirm/decline the invitation inside a modal.
But when this user click "confirm" an error message appear inside the modal but disappear immediately - so quickly i can't read it. As a result i can never grant access to my project to this user.
In my browser debugger here is the error i can trace (some values are forged) :
"NetworkError: 400 Bad Request - https://console.developers.google.com/m/teams/acceptinvitation?xsrf=AFE_nuNg_V8394FDKjdfkjkjwKDFXDVg%3488T6J5783&authuser=1&action=accept&pid=apps~myproject-hosting&receive_updates=false"
This user has a custom domain which is a google-apps managed domain. I specify this because its the only kind of users we cannot invite to the project.
No problem for adding users with #gmail account.
From the google-cloud documentation i can read this :
If you are using a Premier or Google Apps domain, the administrator for your domain should first create the Google account from within the Users panel of your Admin Console.
I don't understand this sentence as my user is off-course already listed in my domain.
This might be expected behavior from the App Engine. I know that once you link you application to a specific domain via Google Apps, it becomes very hard to add people from outside that domain to your application.
I know that you can create a google group, enable "out-of-domain" members to that group. Then you can add that group to your project. Then you can add his email to the group, which should give him access to the project.
Only caveat here is that, if your domain is google.com, you will not be able to use this workaround, and this may require help from support.
Well i finally did it.
Google seems to have fixed the flashing error message making it impossible to read.
Now it display something like this : "Contact your administrator to enable AppHosting admin on your account".
This is done has follow :
Login to your main google-app account on http://admin.google.com
Go to "App"
Go to "Additional Google services"
Enable "Google Developers Console" for everyone
Now my user can be invite to the google-cloud project.