Error creating Group: googleapi: Error 403: Error(2015): Permission denied for group resource 'user@domain.com'

Question

Problem

I am working on a Google Cloud Project under an Organization. I am trying to create some groups and assigning policies through Terraform. When running Terraform; the Organization Structure is created successfully. However when it comes to creating Groups; it results into:

Error: Error creating Group: googleapi: Error 403: Error(2015): Permission denied for group resource 'user@domain.com'.
│ Details:
│ [
│   {
│     "@type": "type.googleapis.com/google.rpc.ResourceInfo",
│     "description": "Error(2015): Permission denied for group resource 'user@domain.com'.",
│     "owner": "domain:cloudidentity.googleapis.com",
│     "resourceType": "cloudidentity.googleapis.com/Group"
│   }
│ ]
│ 
│   with module.some_project.google_cloud_identity_group.group,
│   on .terraform/modules/some_project/main.tf line 35, in resource "google_cloud_identity_group" "group":
│   35: resource "google_cloud_identity_group" "group" {

Service Account User Impersonated

Following Google Cloud's best practices; i have created a service user account and assigned required IAM Permission which include:

• roles/billing.projectManager
• roles/billing.user
• roles/compute.xpnAdmin
• roles/config.agent
• roles/logging.configWriter
• roles/orgpolicy.policyAdmin
• roles/resourcemanager.folderIamAdmin
• roles/resourcemanager.folderCreator
• roles/resourcemanager.folderEditor
• roles/resourcemanager.projectIamAdmin
• roles/resourcemanager.projectCreator
• roles/resourcemanager.projectDeleter
• roles/serviceusage.serviceUsageConsumer
• roles/secretmanager.secretAccessor
• roles/iam.serviceAccountUser
• roles/storage.objectUser

Then I run this command to add to application-default login

gcloud auth application-default login --impersonate-service-account service-useraccount@PROJECT_ID.iam.gserviceaccount.com

Then run terraform init followed by terraform apply