[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-08-18。"],[],[],null,["# Analyze project move\n\nThis guide describes how to use the Cloud Asset Inventory Analyze Move API to get a\ndetailed report on warnings and blockers from a list of critical policies\nsystems prior to actually moving your project.\n\nEnable APIs\n-----------\n\nSelect or create a project as your API consumer project, enable\n[Cloud Asset API](https://console.cloud.google.com/apis/library/cloudasset.googleapis.com)\n\nThis consumer project can be different from the project you plan to analyze and\nmigrate. Consumer project will be used to generate credentials to make API\nrequest.\n\nThe next section describes the required roles and permissions that must be\ngranted on the source project you plan to analyze.\n\nRequired permissions\n--------------------\n\nTo perform a project move analysis, you need a role that grants the\n`cloudasset.assets.analyzeMove` permission, such as **Cloud Asset Viewer** or\n**Viewer**.\n\nTo receive analysis on a service, you also need roles related to those services.\nThese permissions include the following:\n\n- If you want to view the inherited allow policies from the source\n project's parent organization resource, you need the\n `resourcemanager.organizations.getIamPolicy` permission on the\n source project's parent organization resource.\n\n- If you want to view the inherited allow policies from the source\n project's parent folder, you need the `resourcemanager.folders.getIamPolicy`\n permission on the source project's parent folder.\n\n- If you want to view the allow policies on the project,\n you need the `resourcemanager.projects.getIamPolicy` permission on the source\n project.\n\n- If you want to view the inherited deny policies from the source\n project's parent organization resource, you need the `iam.denypolicies.get`\n permission on the source project's parent organization resource.\n\n- If you want to view the organization policies that are inherited on this\n project, you need the `orgpolicy.policy.get` permission on the source project.\n\n- If you want to view the Compute Engine firewall policies that are inherited\n on this project, you need the `compute.organizations.setSecurityPolicy`\n permission on the source folder or organization resource.\n\n- If you want to view the inherited tags on this project, you need the `resourcemanager.hierarchyNodes.listEffectiveTags` permission on the source project or its ancestor nodes.\n\nPerform the analysis\n--------------------\n\nYou can use the Google Cloud CLI or the API to analyze the migration of a\nresource from its current place in the resource hierarchy.\n**Note:** This API does not perform any checks on the destination organization resource. Even if the destination organization resource specified in the API call does not exist, the analysis of the project to be moved is still performed. \n\n### gcloud\n\n\nTo analyze the impacts of migrating a project from its current position in\nthe resource hierarchy, use the `gcloud asset analyze-move` command: \n\n```\ngcloud asset analyze-move --project=PROJECT_ID \\\n (--destination-folder=FOLDER_ID \\\n | --destination-organization=ORGANIZATION_ID)\n```\n\nTo analyze the impacts of moving a project to a different **folder** , run\nthe command with `--destination-folder`: \n\n```\ngcloud asset analyze-move --project=PROJECT_ID \\\n --destination-folder=FOLDER_ID\n```\n\nTo analyze the impacts of moving a project to a different **organization** ,\nrun the command with `--destination-organization`: \n\n```\ngcloud asset analyze-move --project=PROJECT_ID \\\n --destination-organization=ORGANIZATION_ID\n```\n\nWhere:\n\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e is the unique project ID of the\n project you are migrating. For example, `--myProject123`.\n\n- \u003cvar translate=\"no\"\u003eFOLDER_ID\u003c/var\u003e is the numerical folder ID of the\n destination folder on which to perform the analysis.\n For example, `45678901123`.\n\n- \u003cvar translate=\"no\"\u003eORGANIZATION_ID\u003c/var\u003e is the numerical organization\n ID of the destination organization on which to perform the analysis.\n For example, `78901123456`.\n\n| **Note:** Exactly one of \u003cvar translate=\"no\"\u003eFOLDER_ID\u003c/var\u003e or \u003cvar translate=\"no\"\u003eORGANIZATION_ID\u003c/var\u003e must be specified.\n\n### API\n\n\nTo analyze the impacts of migrating a project from its current position in\nthe resource hierarchy without performing the move, use the\n[cloudasset.analyzeMove](https://cloud.google.com/asset-inventory/docs/reference/rest/v1/TopLevel/analyzeMove) method: \n\n```\nGET https://cloudasset.googleapis.com/v1/{resource=*/*}: \\\n analyzeMove?destinationParent=DESTINATION_NAME\n```\n\nWhere:\n\n- \u003cvar translate=\"no\"\u003eresource\u003c/var\u003e is the name of the resource on which to\n perform the analysis. Only project resources are supported, so this must\n be the Project ID or a Project Number. For example,\n `projects/my-project-id` or `projects/12345`.\n\n- \u003cvar translate=\"no\"\u003eDESTINATION_NAME\u003c/var\u003e is the name of the\n Google Cloud folder or organization resource to reparent the target\n resource. The analysis will be performed on the impacts of moving the\n resource to the specified destination parent. The destination must be\n a folder number or an organization resource number.\n For example, `folders/123` or `organizations/123`.\n\nMove analysis responses\n-----------------------\n\nThe response you receive from the Move Analysis API is grouped by service name.\nUnder each service is a list of warnings and blockers applicable to this\nproject migration. Any blockers being returned by this analysis means that the\nproject migration will be blocked at run time if you proceed with the move\nbefore resolving them.\n| **Note:** Analysis results may not include functionality for services and features that are in preview. If your projects are part of any preview, please refer to that feature's user guide.\n\nTroubleshooting errors\n----------------------\n\nIf there is an error returned by the Move Analysis API, it includes a standard\n[gRPC code](https://grpc.github.io/grpc/core/md_doc_statuscodes.html), as well\nas a message that describes the reason for the failure of the Move Analysis\nAPI to analyze the project.\n\nThe following table describes the error codes that could potentially be returned\nby the Move Analysis API:\n\n#### Example error message\n\nThe following example demonstrates the error code returned for a user that does\nnot have the `cloudasset.assets.analyzeMove` permission on the project to be migrated: \n\n {\n \"error\": {\n \"code\": 403,\n \"message\": \"Failed to fetch Project: projects/test-project-service-3 to perform\n move analysis.\",\n \"status\": \"PERMISSION_DENIED\"}\n }\n\nSome of the policy systems may fail to analyze the resource move. The following\nexample demonstrates the error returned from the Hierarchical Firewall service\nwhen the user does not have `compute.organizations.setSecurityPolicy`\npermission on the project to be migrated: \n\n {\n \"moveAnalysis\": [{\n \"displayName\": \"name hidden\",\n \"analysis\": {\n \"warnings\": [{\n \"detail\": \"details hidden\"\n }]\n }\n }, {\n \"displayName\": \"name hidden\",\n \"analysis\": {\n \"warnings\": [{\n \"detail\": \"details hidden\"\n }]\n }\n }, {\n \"displayName\": \"Hierarchical Firewall\",\n \"error\": {\n \"code\": 7,\n \"message\": \"Failed to retrieve inherited security policies to perform\n analysis. Required 'compute.organizations.setSecurityPolicy'\n permission for {resource ID}\"\n }}]\n }\n\nWhat's next\n-----------\n\nThe Move Analysis API provides details that help mitigate blockers and other\nissues when moving a project from one organization resource to another. For more\ninformation about migrating projects between organization resources, see\n[Migrating projects](/resource-manager/docs/project-migration)."]]