Projects under No Organization that cannot be accessed

Question

In the cloud-resource-manager page, there are 2 projects listed under No organization, one of them curiously has the id you-can-see-this-project, the other looks like an automatically generated project with the prefix My Project xxx.

The issue is that there seems to be no way to access these 2 projects even though I can see them under my account. The IAM page shows that I do not have the permission resourcemanager.projects.getIamPolicy and every other page or action notes some missing permission.

Is there a way to shutdown/delete these projects or a way to remove myself from these projects?

Edit: Seems like the 2 projects that are showing up in my account are the same with other people that have the same issue.

They are

Update (20221114): Checked recently and both the rogue projects are gone with no action on our part. Probably it was finally cleaned-up?

Answer 1

Root cause

Your Google Cloud Account is subscribed to "google-appengine@googlegroups.com".

Solution

Unsubscribing from this group will remove these projects. See Google Groups Help for reference.

---

I got this feedback directly from the Google Cloud Support team and confirmed it working on with my account. I did not consciously subscribe to that group, maybe this happens or happened automatically in the past. Also why these ghost projects are added remains a mystery to me, no idea what they should be used for. Here's hoping that Google will fix this in the future...

Answer 2

Once you have created your Google Workspace or Cloud Identity account and associated it with a domain, your organization resource will be automatically created for you. The resource will be provisioned at different times depending on your account status:

• If you are new to Google Cloud and have not created a project yet, the organization resource will be created for you when you log in to the Google Cloud console and accept the terms and conditions.
• If you are an existing Google Cloud user, the organization resource will be created for you when you create a new project or billing account. Any projects you created previously will be listed under "No organization", and this is normal. The organization resource will appear and the new project you created will be linked to it automatically. You will need to move any projects you created under "No organization" into your new organization resource. For instructions on how to move your projects, see Migrating projects into an organization.

Users can only view and list projects they have access to via IAM roles. The Organization Administrator can view and list all projects in the organization.

The No organization option in the Organization drop-down lists the following projects:

• Projects that do not belong to the Organization yet.
• Projects for which the user has access to, but are under an Organization to which the user does not have access.

Refer to this documentation for more information on creating and managing organizations.

Answer 3

You will need to identify the Projects' members that have the Owner role; I think that there is not a specific IAM permission that permits Project deletion but that some identities must have the Owner role.

I suspect (!) you can't orphan Projects by removing the last Owner, so there must be at least one.

If you're unable to determine Ownership, Google Cloud Support can determine the Owners for you though I suspect Support won't be able to disclose this information to you but will need to contact the Owners directly about this.