This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Unable to disable the Disable Service Account Key Creation policy

Posted on 07-08-2024 12:42 AM
Dibene
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Good day all, I am having the exact same issue. Can anyone help me? I need to create an JSON account key to Migrate to Microsoft 365.

When I try to disable the Disable Service Account Key Creation policy, I get the below errors

Disable Account Key Creation.JPGOrgPolicy Permissions.JPG

Solved Solved
2 7 975
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
DamianS
Gold 2
Gold 2
In response to Dibene
Reply posted on --/--/---- --:-- AM

You have assigned Organization Admin. But you must assign also Organization POLICY Administrator, which is totally different predefined role. 

DamianS_0-1720535994389.png

 

View solution in original post

Jump to Solution
7 REPLIES 7

Posted on --/--/---- --:-- AM
DamianS
Gold 2
Gold 2
Reply posted on --/--/---- --:-- AM

Hello @Dibene  ,Welcome on Google Cloud Community.

Try to follow via this medium.com post: https://medium.com/google-cloud/troubleshooting-101-solving-the-service-account-key-creation-is-disa...

If your issue will not be resolved, let us know.
--
cheers,
DamianS
LinkedIn medium.com Cloudskillsboost

Jump to Solution

Posted on --/--/---- --:-- AM
Dibene
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi Damian

Thank you for getting back to me. I've followed the steps as per your document.
I get all the way to point 5.11 where I need to save the Policy and then I get the same error.

What am I doing wrong?

Edit Policy.JPGCondition.JPGOrgPolicy Permissions Error.JPG

 

Jump to Solution

Posted on --/--/---- --:-- AM
DamianS
Gold 2
Gold 2
In response to Dibene
Reply posted on --/--/---- --:-- AM

Hi @Dibene ,
may I ask about Organization Policy Administrator role? Did you've assigned this particular role at the Org level, to your principal? Additionally, would you be able to provide logs from Logs Explorer regarding this action? For me it looks like your principal ( email@example.com) which you are using to log in to Google Cloud, does not have sufficient permissions ( Only few predefined roles have such permission e.g Organization Policy Administrator).


--
cheers,
DamianS
LinkedIn medium.com Cloudskillsboost

Jump to Solution

Posted on --/--/---- --:-- AM
Dibene
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi Damian, That is what I also suspect, but what I can see is that I have the correct permissions?

Where do I find that Logs you talking about?Permissions.JPG

Jump to Solution

Posted on --/--/---- --:-- AM
DamianS
Gold 2
Gold 2
In response to Dibene
Reply posted on --/--/---- --:-- AM

You have assigned Organization Admin. But you must assign also Organization POLICY Administrator, which is totally different predefined role. 

DamianS_0-1720535994389.png

 

Jump to Solution

Posted on --/--/---- --:-- AM
Dibene
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi Damian, Thank you, I managed to assign Organization Policy Administrator.  They went back to Organization Policies and was able to disable/not enforced the policy Disable Account Key Creation.

Thanks for your help!

Jump to Solution

Posted on --/--/---- --:-- AM
DamianS
Gold 2
Gold 2
In response to Dibene
Reply posted on --/--/---- --:-- AM

Happy to help @Dibene 😉 

Jump to Solution
Top Labels in this Space
Top Solution Authors
View all