Google groups can help you manage users at scale. Each member of a Google group inherits the Identity and Access Management (IAM) roles granted to that group. This inheritance means that you can use a group's membership to manage users' roles instead of granting IAM roles to individual users.
You can create and manage groups for your organization in the Google Cloud console.
Required permissions
You need the following permissions to manage groups in the Google Cloud console.
Group permissions
To create, view, edit, and delete groups, in the Google Cloud console or elsewhere, you need the appropriate group permissions. These permissions are managed by Google Workspace, not IAM. To gain these permissions, contact your Google Workspace administrator.
To learn about group permissions, see Set who can view, post, & moderate.
IAM permissions
To get the permissions that you need to use the Google Cloud console to manage groups, ask your administrator to grant you the following IAM roles on the organization:
-
Organization Viewer (
roles/resourcemanager.organizationViewer
) -
To view group membership change logs:
Logs Viewer (
roles/logging.viewer
)
For more information about granting roles, see Manage access.
You might also be able to get the required permissions through custom roles or other predefined roles.
Viewing groups
To view the Google groups in your organization that you have access to, follow these steps:
In the Google Cloud console, go to the Groups page.
Select the organization whose groups you want to view.
The Google Cloud console displays all the groups in your organization that you can access.
Creating a group
To create a group, follow these steps:
In the Google Cloud console, go to the Groups page.
Click
Create.Fill in your group's details, including the group's name, email address, and an optional description.
To add members to the group, click Google Groups role.
Add member, then enter the member's email and choose theirWhen you are finished, click Submit to create the group.
Viewing and editing group details
To view and edit the details of a group, including the group name, description, and membership, follow these steps:
In the Google Cloud console, go to the Groups page.
Find the group whose details you want to view, click
in that row, and then click View group details. buttonTo edit the group name or description, type your new name or description in the Group name or Group description field and click Save.
To edit the group's membership, do the following:
To add members: Click Google Groups roles, then click Add to add them to the group.
Add members at the top of the page. Enter the names of the members you want to add, choose theirTo remove members: Select the checkboxes next to the names of the members you want to remove, then click
Remove members at the top of the page.
Managing a group in Google Groups
Some groups have features—such as moderation settings, joining rules, and permissions for creating and viewing posts—that you cannot manage from the Google Cloud console. To manage these features, you need to open the group in Google Groups.
To open a group in Google Groups, follow these steps:
In the Google Cloud console, go to the Groups page.
Find the group that you want to manage, click
in that row, and then click View in Google Groups button .
This action opens the group in Google Groups, where you can manage all of your group's features. For more information, see the Google Groups help page.
Deleting a group
To delete a group, follow these steps:
In the Google Cloud console, go to the Groups page.
Find the group that you want to delete, click
in that row, and then click Delete group. buttonConfirm that you want to delete the group by clicking Confirm in the confirmation dialog.
Viewing group membership change logs
If data sharing is enabled for your organization, Google Cloud will automatically generate logs any time someone changes your groups' membership. You can view these logs on the Activity page in the Google Cloud console.
To enable data sharing for your organization, follow these steps:
From the Admin console home page, go to Account > Account Settings. Find the Legal & compliance section.
In the Sharing options section, set Google Cloud Platform Sharing Options to Enabled and click Save.
To view group membership change logs, follow these steps:
In the Google Cloud console, go to the Activity page.
In the Categories section of the Filters menu, select Configuration as the activity type and Audited resource as the resource type.
The Google Cloud console displays all changes to group membership that have occurred since sharing was enabled, along with the user performed the change.
What's next
- Learn how to grant, change, and revoke access for principals, including Google groups.
- Review other ways to create groups.