Manage shared reservation creation

By default, projects can't create or modify shared reservations. This documentexplains how to allow or restrict projects in your Google Cloud organizationfrom creating and modifying shared reservations. Shared reservations help youmaximize reserved capacity usage across projects, as well as manage onereservation instead of many.

To learn more about the best practices for creating and using sharedreservations, seeBest practices for shared reservations.

Before you begin

Required roles

To get the permissions that you need to allow or restrict projects from creating shared reservations, ask your administrator to grant you theOrganization Policy Administrator (roles/orgpolicy.policyAdmin) IAM role on the organization. For more information about granting roles, seeManage access to projects, folders, and organizations.

This predefined role contains the permissions required to allow or restrict projects from creating shared reservations. To see the exact permissions that are required, expand theRequired permissions section:

Required permissions

The following permissions are required to allow or restrict projects from creating shared reservations:

  • To edit organization policies: orgpolicy.policy.set on the organization
  • To view organization policies: orgpolicy.policy.get on the organization

You might also be able to get these permissions withcustom roles or otherpredefined roles.

Allow or restrict projects from creating shared reservations

To allow or restrict a project from creating shared reservations, modify theallowlist within theshared reservations owner projects (compute.sharedReservationsOwnerProjects) organization policy constraint.

The following sections explain how to view or edit the shared reservationspolicy constraint in your project or organization.

View the shared reservations organization policy constraint

To view if your project or organization has the shared reservations ownerprojects (compute.sharedReservationsOwnerProjects) constraint enabled, selectone of the following options:

Console

  1. In the Google Cloud console, go to theOrganization policies page.

    Go to Organization policies

  2. From the project picker, select the project or organization for whichyou want to view organization policies.

  3. In theFilter field,enterconstraints/compute.sharedReservationsOwnerProjects.

  4. In theName column, clickShared reservations owner projects.ThePolicy details page appears.

  5. In theEffective policy section, verify whether your project ororganization is allowed to create and modify shared reservations.

gcloud

To view which projects thecompute.sharedReservationsOwnerProjectsconstraint allows to create and modify shared reservations:

  1. To download the policy for your organization as a file namedpolicy.yaml, use thegcloud resource-manager org-policies describe command:

    gcloud resource-manager org-policies describe compute.sharedReservationsOwnerProjects \    --organization=ORGANIZATION_ID > policy.yaml

    ReplaceORGANIZATION_ID with theID of your organization.

  2. Open thepolicy.yaml file in a text editor of your choice.

  3. View thecompute.sharedReservationsOwnerProjects constraint. Theprojects that can create and modify shared reservations are listed intheallowedValues field, as shown in the following example:

    ...constraint:constraints/compute.sharedReservationsOwnerProjectslistPolicy:allowedValues:-projects/EXAMPLE_PROJECT_NUMBER1-projects/EXAMPLE_PROJECT_NUMBER2-projects/EXAMPLE_PROJECT_NUMBER3......
  4. Optional: To delete thepolicy.yaml file, do one of the following:

    • If you're using a Linux or macOS terminal, then run the followingcommand:

      rm policy.yaml
    • If you're using a Windows terminal, then run the following command:

      del policy.yaml

Edit the shared reservations organization policy constraint

To edit which projects in your organization can create and modify sharedreservations, select one of the following options:

Console

  1. In the Google Cloud console, go to theOrganization policies page.

    Go to Organization policies

  2. From the project picker, select the organization for which you want toedit organization policies.

  3. In theFilter field,enterconstraints/compute.sharedReservationsOwnerProjects.

  4. In theName column, clickShared reservations owner projects.ThePolicy details page appears.

  5. ClickManage policy. ThePolicy details page appears.

  6. SelectOverride parent's policy. Then, in thePolicy enforcementsection, select how you want to apply the policy:

    • Merge with parent: this option combines the project-level policywith the organization-level policy. Projects allowed at either levelcan create shared reservations.

    • Replace: this option overrides any inherited policies fromhigher levels. Only projects that are explicitly allowed at thislevel can create shared reservations.

  7. ClickAdd a rule.

  8. In thePolicy values list, selectCustom.

  9. In thePolicy type list, select one of the following options:

    • To authorize one or more projects to create or modify sharedreservations, selectAllow.

    • To prevent one or more projects from creating or modifying sharedreservations, selectDeny.

  10. In theCustom value field, enter the number of the project that youwant to apply this rule to. For each additional project that you want toapply the rule to, clickAdd value, and then repeat this step.

  11. To apply these changes, clickSet policy. TheOrganization policies page appears.

gcloud

To edit which projects thecompute.sharedReservationsOwnerProjectsconstraint allows to create and modify shared reservations, use one of thefollowing methods:

  • To grant permission to a single project to create and modify sharedreservations, use thegcloud resource-manager org-policies allow command.You can repeat this command for each project that you want to grantthis permission to.

    gcloud resource-manager org-policies allow compute.sharedReservationsOwnerProjects projects/PROJECT_NUMBER \    --organization=ORGANIZATION_ID

    Replace the following:

  • To grant or revoke the permissions to multiple projects to create andmodify shared reservations, replace the organization policy constraint.To do so, complete the following steps:

    1. To download the policy for your organization as a file namedpolicy.yaml, use thegcloud resource-manager org-policies describe command:

      gcloud resource-manager org-policies describe compute.sharedReservationsOwnerProjects \    --organization=ORGANIZATION_ID > policy.yaml
    2. Open thepolicy.yaml file in a text editor of your choice.

    3. Modify theallowedValues field to list all projects that cancreate and modify shared reservations.

      • For each project that you want to grant permission to, add theproject number in a new line within theallowedValues field.

      • For each project that you want to revoke the permission tocreate and modify shared reservations, remove the project numberfrom within theallowedValues field.

      Thepolicy.yaml file looks similar to the following example:

      ...constraint:constraints/compute.sharedReservationsOwnerProjectslistPolicy:allowedValues:-projects/EXAMPLE_PROJECT_NUMBER1-projects/EXAMPLE_PROJECT_NUMBER2-projects/EXAMPLE_PROJECT_NUMBER3......
    4. Save thepolicy.yaml file and close the text editor.

    5. To update the policy for your organization, use thegcloud resource-manager org-policies set-policy command:

      gcloud resource-manager org-policies set-policy \    --organization=ORGANIZATION_ID policy.yaml
    6. Optional: To delete thepolicy.yaml file, do one of the following:

      • If you're using a Linux or macOS terminal, then run thefollowing command:

        rm policy.yaml
      • If you're using a Windows terminal, then run the followingcommand:

        del policy.yaml

Changes can take up to 15 minutes to take effect.

What's next

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2026-02-19 UTC.