We are using Enterprise GSuite along with Cloud DNS.
We have domains on Cloud DNS and while I can edit other ones, I'm unable to edit one.
Edit as in been able remove unused records but can change values.
I'm logged in with GSuite Admin and GCP project owner email address.
Not sure what could be the issue and need an input/suggestion on what might be the reason and potential solution.
Thanks.
This could happen when DNS zones belong to different projects. In this case, having a Project Owner role is not enough. Project Owner can manage or view the managed zones in the specific project.
To manage zones across projects, you need the DNS Administrator role.
To check roles granted to a particular account, you can use the following command:
$ gcloud projects get-iam-policy <PROJECT> --flatten="bindings[].members" --format='table(bindings.role)' --filter="bindings.members:<ACCOUNT>"
Cloud DNS > Doc > Access Control
Cloud IAM > Doc > Understanding roles > Predefined Roles > DNS roles
Cloud DNS > Doc > Overview > Access control
No it wasn't a permission issue as we often religiously define each role following best practices.
The problem was that I was looking for the right solution in the wrong place.
When I select the records in the console, I will be or was looking at the top option which is "DELETE ZONE".
google DNS console UI
I should have been looking at the "Add record set" or "Delete record set" area.
Anyway, the UI should have been more intuitive but I should have been paid more attention. Thanks for your input though.
Related
We would like to move a bitnami vm to the Elastic cloud offering on Azure.
We've created an instance in a resource group - And as the owner I can login and start managing this cluster.
Now I would like to invite other people to this cluster. We don't have the organization option in the Settings (elastic docs: Organizations are currently not supported for Azure Marketplace accounts.).
Therefore I added a user in "Stack Management > Security > Users", but that user can't login, can't reset a password, ...
Am I wrong by adding Users in the Stack Management, can we manage this in Azure AD?
Thanks!
I see that, I do not have the Default Resource Group associated to my IBMCloud account. Because of this I can't any resource to my account
When I run command for Viewing resources in a resource group, this is what I see:
PS C:\Users\SURANJANNANDI> ibmcloud resource service-instances -g Default
Retrieving instances with type service_instance in resource group Default in all locations under account Suranjan Nandi's Account as surnandi#in.ibm.com...
FAILED No resource group found
Did anybody have similar issues? Please advise how to fix this.
Try the command: ibmcloud resource groups
Or in the ibm cloud console, https://cloud.ibm.com/, check out the Manage > Account at the top. Click Resource groups on the left and see the list of possible resource groups.
I had this issue. The only way I could have Watson Studio working was through signing up with a new account in the Data Pak portal. There you may also manage your account (which didn't work for me, but may work for you).
I am using a lite account, where there should be a default resource group.
However, there is nothing in manage > resource groups.
Definitely, I can not create a new one in a lite account.
How can I solve this problem?
By the way, I have verified IBM account by email
I implemented a few tasks with BashOperator. Ones with "gsutil rm" and "gsutil cp" worked fine. But one with "gcloud alpha firestore export" generates this error:
{bash_operator.py:101} INFO - ERROR: (gcloud.alpha.firestore.export) PERMISSION_DENIED: The caller does not have permission
This command itself works fine in gcloud shell. I tried to give some Firestore related permissions to the service account used by the Composer but it still doesn't work. Any idea
It might be that you don't have permissions for a particular project.
The error I was getting was: PERMISSION_DENIED: Caller does not have required permission to use project project:random-id-11111.
The way I resolved it was by running gcloud config set project 'the-right-project-id' and then the actual gcloud command.
I think you need Cloud Datastore Import Export access. Following are the steps as per current Current Google Cloud platform layout.
https://console.cloud.google.com > Left drawer > IAM & admin > Against user - Edit Icon > Add another role > Data Store > Cloud Datastore Import & Export > Save
Try creating a new service account with the Firestore-related permissions needed and using that on a freshly created environment. https://cloud.google.com/composer/docs/how-to/access-control
Other debugging ideas: * Try ssh-ing into the Kubernetes workers on your Composer environment and running the command. *Is the Firestore API enabled on your project?
Open https://console.cloud.google.com/iam-admin/iam
Find the service account you're using for the backups
Add the Owner role to the service account
It's not really intuitive or logic because there are not permissions or roles for Firestore.
Unfortunately it took me way to long to figure it out. I hope it helps others!
Similar to Roy's answer, the issue for me was that gcloud was set to a different project.
check which project it is set to
gcloud config list
list which projects you have access to
gcloud projects list
set the correct project
gcloud config set project 'foo-project'
Grant firebase admin role to the default service account that your service is using.
Adding Owner role to the service account seems too much privilege for just taking backup.
In IAM & Admin make sure your #appspot.gserviceaccount.com must have access for 3 things:
Cloud Functions Admin
Cloud Datastore Import Export Admin
Storage Admin
you need to set your project first where you are owner
gcloud config set project project-id
You can find your project id by clicking on gcloud console it will be there in popup in project-name-somerandomnumbers
I got caught out on this today. The issue was that I had set up my service account correctly in the IAM settings, but hadn't realised an invitation had been sent to that email address which I needed to accept. Worked immediately once I accepted the invite.
I try to remove my organization executing this command:
1) Change the original organization name from miguel#thingtrack.com to Miguel correctly from the Dashboard.
1) Login in my bluemix account correctly from CLI like this:
bluemix login
2) Try to remove my unique organization called Miguel:
bluemix iam org-delete Miguel
The error result is:
Suprimiendo la organizaciĆ³n Miguel como miguel#thingtrack.com...
FAILED
Error response from server. StatusCode: 500; description: multiple documents found containing guid 7f1f9939-b0bc-4e61-85b9-d7e3744b6c77: [{"_id":"org.Miguel","_rev":"3-9b1bba6c8f8c618ba424c728e55ee247","customer":"ibm","deployment":"yp","name":"Miguel","type":"org","value":{"ibm:yp:eu-gb":{"guid":"6b7219e6-5992-4d43-ac52-083bf0ce8d50","owner":true},"ibm:yp:us-south":{"guid":"7f1f9939-b0bc-4e61-85b9-d7e3744b6c77"}},"created_at":"2016-05-23T13:49:36.660Z","updated_at":"2016-09-09T17:50:02.846Z","migrated":true},{"_id":"org.miguel#thingtrack.com","_rev":"2-cf26e55555fe9730b4a9a9a4525f4bf3","customer":"ibm","deployment":"yp","name":"miguel#thingtrack.com","type":"org","value":{"ibm:yp:us-south":{"guid":"7f1f9939-b0bc-4e61-85b9-d7e3744b6c77","owner":true}},"created_at":"2015-08-28T09:49:49.221Z","updated_at":"2016-08-13T18:06:03.994Z","migrated":true}]
Also I noticed that if I try to rename again the organization to other name I obtain the same error.
So in my opinion if you change the organization name one time, you will never remove it or change the name never more.
Is it a bug of bluemix??
Regards
Bluemix does not allow users to delete organizations. Per documentation you have to contact Bluemix Support team to delete the organization on your behalf.
From Bluemix documentation:
You must contact Bluemix Support to delete an organization. When you
request for the support team to delete an organization, all the
spaces, applications, and services within the organization are
deleted.
You can find more details here: https://console.ng.bluemix.net/docs/admin/orgs_spaces.html#orginfo
Actually, Miguel Salinas is correct. You can now rename or delete orgs from the Bluemix CLI using commands such as:
bluemix iam org-rename <old_org_name> <new_org_name>
bluemix iam org-delete <org_name>
Here's the reference to the bluemix commands:
https://www.ng.bluemix.net/docs/cli/reference/bluemix_cli/index.html
The documentation snippet mentioned above by Alex is outdated and need to be revised. I'll send them this feedback.
I know I am late to the party, but I hope this helps the future users.
You can rename org using the bluemix cli as #marcel Ribas stated above.
bluemix iam org-rename old_org_name new_org_name
bluemix iam org-delete org_name
Alternatively you can go into your bluemix account and you have and option to change org name under the manange organizations tab. Just click on edit button next to org name and make the changes
Note- You need to have manager level access to the org you are trying to rename. You can check this on your bluemix account under the manage organizations tab