This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Trouble creating service account keys

Posted on 01-14-2025 10:35 PM
Jaypee15
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi, I seem to be unable to create keys for my service accounts. I have my administrator account for my organization but when I try to create a service account key i get the error:  "service account key creation is diabled,The organisation policy constraint 'iam.disableServiceAccountKeyCreation' is enforced in your organisation. 

I then go to organization policies and try to disable this particular policy/constraint but get another error:  insufficient permission to update organization policy, The permission {PERMISSION} is required to update this policy.

I don't know how else to go about this.Screenshot (49).pngScreenshot (50).png

 

Solved Solved
1 2 526
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
DamianS
Gold 2
Gold 2
Reply posted on --/--/---- --:-- AM

Hello @Jaypee15  ,Welcome on Google Cloud Community.

This is because you don;t have assigned proper IAM permissions. Organization Admin is not sufficient to manage Org policies. You have to assign Organization Policy Administration IAM role at the Org IAM level. Please see following links to resolve your issue. If you need more help, just ping me 🙂 

Global enforcement: https://cloud.google.com/resource-manager/docs/secure-by-default-organizations

Similar case: https://www.googlecloudcommunity.com/gc/Cloud-Hub/Unable-to-disable-the-Disable-Service-Account-Key-...

medium.com article: https://medium.com/google-cloud/troubleshooting-101-solving-the-service-account-key-creation-is-disa...

 

If this reply helped you, please accept is as a Solution.
--
cheers,
Damian Sztankowski
LinkedIn medium.com Cloudskillsboost Sessionize Youtube

View solution in original post

Jump to Solution
2 REPLIES 2

Posted on --/--/---- --:-- AM
DamianS
Gold 2
Gold 2
Reply posted on --/--/---- --:-- AM

Hello @Jaypee15  ,Welcome on Google Cloud Community.

This is because you don;t have assigned proper IAM permissions. Organization Admin is not sufficient to manage Org policies. You have to assign Organization Policy Administration IAM role at the Org IAM level. Please see following links to resolve your issue. If you need more help, just ping me 🙂 

Global enforcement: https://cloud.google.com/resource-manager/docs/secure-by-default-organizations

Similar case: https://www.googlecloudcommunity.com/gc/Cloud-Hub/Unable-to-disable-the-Disable-Service-Account-Key-...

medium.com article: https://medium.com/google-cloud/troubleshooting-101-solving-the-service-account-key-creation-is-disa...

 

If this reply helped you, please accept is as a Solution.
--
cheers,
Damian Sztankowski
LinkedIn medium.com Cloudskillsboost Sessionize Youtube

Jump to Solution

Posted on --/--/---- --:-- AM
Jaypee15
Bronze 1
Bronze 1
In response to DamianS
Reply posted on --/--/---- --:-- AM

Thanks for the response, I'll try it out and keep you updated.

Jump to Solution
Top Solution Authors
View all