A project was auto-provisioned by my Gemini Enterprise subscription. I need to deploy a Vertex AI Agent Engine (Reasoning Engine) into it so I can register it as an agent in Gemini Enterprise. However, I cannot access the IAM page, enable APIs, or manage any permissions on this project despite being the Google Workspace admin 1. I get “You need additional access” when visiting IAM, and “Missing required permission serviceusage.services.enable” when trying to enable the Vertex AI API. gcloud commands also return PERMISSION_DENIED. I don’t have a support plan so not sure how I can get this sorted?
i have the same issue any updates?
As a Google Workspace Admin, you have the right to manage the organization, but you must manually grant yourself specific Cloud IAM roles at the Organization level to manage auto-provisioned projects.
- Switch Context: Go to the Google Cloud Console IAM page. Ensure the Organization resource (your domain) is selected in the project picker, not the specific project.
- Grant Access: Click Grant Access and add your admin email.
- Assign Roles: Add the following roles to your identity:
- Organization Administrator: Provides full control over all organization resources.
- Project IAM Admin: Allows you to modify IAM policies on any project in the organization.
- Service Usage Admin: Specifically grants the serviceusage.services.enable permission required to turn on APIs.
- Propagate & Retry: Wait approximately 2–5 minutes for the roles to propagate. Return to the project, and you will now be able to enable the Vertex AI API and deploy the Reasoning Engine.
Why This Happens
Google Cloud utilizes a “Least Privilege” model. Even a Workspace Super Admin is not an “Owner” of every sub-project by default. You possess the authority to give yourself the permission, but it is not automatically assigned to your user account to prevent unauthorized or accidental configuration changes.
Sources
- Google Cloud Documentation: Access control for Organizations with IAM
- Google Cloud Documentation: Service Usage Roles
- Google Workspace Admin Help: Manage Google Cloud projects for your organization