I'm finding it difficult to manage staff permissions across multiple folders and projects. Here's what I would like to do
- Staff are assigned Roles at the Organization level only. I don't dig through folders and projects to see what access staff members have.
- At the Organization Level I create custom IAM Role like "Component XYZ Backend Developer"
- That Role is assigned appropriate permissions (as if it were a Principal) on multiple projects & folders. These perms will vary from project to project.
This allows me to manage all my users at the Organization level. I don't have to dig through every project to see what permissions were granted to individual users. Users would -never- have individual permissions on specific projects. All permissions would be managed via custom roles.
If I'm barking up the wrong tree, please point me in the right direction.