I'm finding it difficult to manage staff permissions across multiple folders and projects. Here's what I would like to do

- Staff are assigned Roles at the Organization level only. I don't dig through folders and projects to see what access staff members have.
- At the Organization Level I create custom IAM Role like "Component XYZ Backend Developer"
- That Role is assigned appropriate permissions (as if it were a Principal) on multiple projects & folders. These perms will vary from project to project.

This allows me to manage all my users at the Organization level. I don't have to dig through every project to see what permissions were granted to individual users.  Users would -never- have individual permissions on specific projects.  All permissions would be managed via custom roles.

If I'm barking up the wrong tree, please point me in the right direction.