Create and manage Google groups in the Google Cloud console

Google groups can help you manage users at scale. Each member of a Google group inherits the Identity and Access Management (IAM) roles granted to that group. This inheritance means that you can use a group's membership to manage users' roles instead of granting IAM roles to individual users.

You can create and manage groups for your organization in the Google Cloud console.

Required permissions

You need the following permissions to manage groups in the Google Cloud console.

Group permissions

To create, view, edit, and delete groups, in the Google Cloud console or elsewhere, you need the appropriate group permissions. These permissions are managed by Google Workspace, not IAM. To gain these permissions, contact your Google Workspace administrator.

To learn about group permissions, see Set who can view, post, & moderate.

IAM permissions

To get the permissions that you need to use the Google Cloud console to manage groups, ask your administrator to grant you the following IAM roles on the organization:

Organization Viewer (roles/resourcemanager.organizationViewer)
To view group membership change logs: Logs Viewer (roles/logging.viewer)

For more information about granting roles, see Manage access.

You might also be able to get the required permissions through custom roles or other predefined roles.

Viewing groups

To view the Google groups in your organization that you have access to, follow these steps:

In the Google Cloud console, go to the Groups page.

Go to the Groups page
Select the organization whose groups you want to view.

The Google Cloud console displays all the groups in your organization that you can access.

Creating a group

To create a group, follow these steps:

In the Google Cloud console, go to the Groups page.

Go to the Groups page
Click Create.
Fill in your group's details, including the group's name, email address, and an optional description.
To add members to the group, click Add member, then enter the member's email and choose their Google Groups role.

Note: When you add a member to a Google group, they inherit all IAM roles granted to that group, regardless of their Google Groups role.
When you are finished, click Submit to create the group.

Viewing and editing group details

To view and edit the details of a group, including the group name, description, and membership, follow these steps:

In the Google Cloud console, go to the Groups page.

Go to the Groups page
Find the group whose details you want to view, click in that row, and then click View group details.
To edit the group name or description, type your new name or description in the Group name or Group description field and click Save.
To edit the group's membership, do the following:
- To add members: Click Add members at the top of the page. Enter the names of the members you want to add, choose their Google Groups roles, then click Add to add them to the group.
  
  Note: When you add a member to a Google group, they inherit all IAM roles granted to that group, regardless of their Google Groups role.
- To remove members: Select the checkboxes next to the names of the members you want to remove, then click Remove members at the top of the page.

Managing a group in Google Groups

Some groups have features⁠—such as moderation settings, joining rules, and permissions for creating and viewing posts—that you cannot manage from the Google Cloud console. To manage these features, you need to open the group in Google Groups.

To open a group in Google Groups, follow these steps:

In the Google Cloud console, go to the Groups page.

Go to the Groups page
Find the group that you want to manage, click in that row, and then click View in Google Groups .

This action opens the group in Google Groups, where you can manage all of your group's features. For more information, see the Google Groups help page.

Deleting a group

To delete a group, follow these steps:

In the Google Cloud console, go to the Groups page.

Go to the Groups page
Find the group that you want to delete, click in that row, and then click Delete group.
Confirm that you want to delete the group by clicking Confirm in the confirmation dialog.

Viewing group membership change logs

If data sharing is enabled for your organization, Google Cloud will automatically generate logs any time someone changes your groups' membership. You can view these logs on the Activity page in the Google Cloud console.

To enable data sharing for your organization, follow these steps:

Sign in to your Admin console.
From the Admin console home page, go to Account > Account Settings. Find the Legal & compliance section.
In the Sharing options section, set Google Cloud Platform Sharing Options to Enabled and click Save.

To view group membership change logs, follow these steps:

In the Google Cloud console, go to the Activity page.

Go to the Activity page
In the Categories section of the Filters menu, select Configuration as the activity type and Audited resource as the resource type.

The Google Cloud console displays all changes to group membership that have occurred since sharing was enabled, along with the user performed the change.

What's next

Learn how to grant, change, and revoke access for principals, including Google groups.
Review other ways to create groups.