Google groups can help you manage users at scale. Each member of a Google groupinherits the Identity and Access Management (IAM) roles granted to that group. Thisinheritance means that you can use a group's membership to manage users' rolesinstead of granting IAM roles to individual users.

Note: You can't addservice agents to Google groups unless theexternal members option is turned on.

You can create and manage groups for your organization in the Google Cloud console.

Required permissions

You need the following permissions to manage groups in theGoogle Cloud console.

Group permissions

To create, view, edit, and delete groups, in the Google Cloud console orelsewhere, you need the appropriate group permissions. Thesepermissions are managed by Google Workspace, not IAM. To gainthese permissions, contact your Google Workspace administrator.

To learn about group permissions, seeAdministrator privilege definitions andSet organization-wide policies for using groups.

IAM permissions

To get the permissions that you need to use the Google Cloud console to manage groups, ask your administrator to grant you the following IAM roles on the organization:

• Organization Viewer (roles/resourcemanager.organizationViewer)
• To view group membership change logs:Logs Viewer (roles/logging.viewer)

For more information about granting roles, seeManage access to projects, folders, and organizations.

You might also be able to get the required permissions throughcustom roles or otherpredefined roles.

Viewing groups

To view the Google groups in your organization that you have access to,follow these steps:

1. In the Google Cloud console, go to theGroups page.

   Go to the Groups page

2. Select the organization whose groups you want to view.

The Google Cloud console displays all the groups in your organization thatyou can access.

Note: To check whether a group has access to your project and its resources, seeViewing current access.

Creating a group

To create a group, follow these steps:

1. In the Google Cloud console, go to theGroups page.

   Go to the Groups page

2. Clickadd_boxCreate.

3. Fill in your group's details, including the group's name, email address, andan optional description.

4. To add members to the group, clickadd Add member,then enter the member's email and choose theirGoogle Groups role.

   Note: When you add a member to a Google group, theyinherit all IAM roles granted to that group,regardless of their Google Groups role.

5. When you are finished, clickSubmit to createthe group.

Viewing and editing group details

To view and edit the details of a group, including the group name, description,and membership, follow these steps:

1. In the Google Cloud console, go to theGroups page.

   Go to the Groups page

2. Find the group whose details you want to view, clicktheMoremore_vert button in thatrow, and then clickView group details.

3. To edit the group name or description, type your new name or description in theGroup name orGroup description field and clickSave.

4. To edit the group's membership, do the following:

   • To add members: Clickperson Addmembers at the top of the page. Enter the names of the members you wantto add, choose theirGoogle Groups roles, then clickAdd to add them to the group.

     Note: When you add a member to a Google group, theyinherit all IAM roles granted to that group,regardless of their Google Groups role.

   • To remove members: Select the checkboxes next to the namesof the members you want to remove, then clickdelete Removemembers at the top of the page.

Managing a group in Google Groups

Some groups have features⁠—such as moderation settings, joiningrules, and permissions for creating and viewing posts—thatyou cannot manage from the Google Cloud console. To manage these features,you need to open the group in Google Groups.

To open a group in Google Groups, follow these steps:

1. In the Google Cloud console, go to theGroups page.

   Go to the Groups page

2. Find the group that you want to manage, clicktheMoremore_vert buttonin that row, and then clickView in GoogleGroups launch.

This action opens the group in Google Groups, where you can manage all of yourgroup's features. For more information, see theGoogle Groups help page.

Deleting a group

Warning: Deleting a group is irreversible. To avoid unexpected access changes,revoke all IAM roles from the group, then wait at least 7days before deleting it.

To delete a group, follow these steps:

1. In the Google Cloud console, go to theGroups page.

   Go to the Groups page

2. Find the group that you want to delete, clicktheMoremore_vert button in thatrow, and then clickDelete group.

3. Confirm that you want to delete the group by clickingConfirm in theconfirmation dialog.

View Google Workspace audit logs in Google Cloud

Ifdata sharing is enabled for your organization,Google Cloud will automatically generate audit logs for actions taken inGoogle Workspace. For example, it will generate audit logs when someoneadds a user to your organization or when someone removes a user from a group.You can view and manage these logs in Cloud Logging.

To learn how to enable data sharing and how to view and manageGoogle Workspace audit logs, seeView and manage audit logs forGoogle Workspace.

What's next

• Learn how togrant, change, and revoke access for principals,including Google groups.
• Review other ways tocreate groups.