Organizational Ownership

An organization is an entity that exists outside of the cloud context as well (for e.g. - when you set up a workspace account).

The very same organization can also be carried over into the cloud context. Users that manage the org within the cloud are cloud identities (or cloud IAM users).

The Workspace Admin

In a sense, the workspace admin is the super admin of all cloud admins. The workspace admin is the ONLY user that gets to add new cloud admins.

Turning Google Cloud  On or Off for Organization Users

The Google Cloud Platform is available as a service that can be turned on or off. This service enables you (the worskspace admin) to limit access for users within your organization.

The service does not restrict access to service accounts, and does not restrict anonymous use of Google Cloud services and resources that are publicly accessible.

What cloud features can the workspace admin turn on / or off?

  • Who can create projects. By default, project creation is on for users in your organization. When Google Cloud Platform is turned off, users can't create new projects and are restricted from managing project ownership invitations.
  • Use of the OS Login API. By default, the OS Login API settings are on for your organization. For example, you can prevent users from configuring access to VM instances outside of your organization. When Google Cloud Platform is turned off, users can't access the OS Login API.
  • Access to Google Cloud Shell. By default, access is on for your organization. When Google Cloud Platform is turned off, users can't access Google Cloud Shell.