I am in school, and I accidentally linked my school's org to my Cloud project and now I have limited functionality even though I was the project owner. Is there a way for me to remove them?
You can't without Google Support's assistance.
If a project is associated with an organization, you can't change it
back to No organization or migrate it to another organization on your
own. If you need to migrate a project after it's associated with an
organization, you'll need to contact GCP Premium Support.1
Also of note, you'll likely need approval from the Organizations Administrator as well, this is to prevent projects from being disassociated in 'hostile' type scenarios.
Related
There is a warning on the Firebase best practices documentation against using Firebase with multi-tenant applications: https://firebase.google.com/docs/projects/learn-more#multi-tenancy
This is what I am most concerned about: "Multi-tenancy can lead to serious configuration and data privacy concerns problems, including unintended issues with analytics aggregation, shared authentication, overly-complex database structures, and difficulties with security rules."
There is also plenty of official Google documentation supporting the use of Firebase for multi-tenancy, for instance: https://cloud.google.com/identity-platform/docs/multi-tenancy-authentication .
Do you know why they would have these conflicting recommendations and examples? Does use of Google Identity Platform fix the core security deficits mentioned in the warning?
I am re-posting this question, with additional clarification in the title, and a few edits/removals from the body, to specify that I am only looking for why this widely used product has this particular warning in its official documentation. I have removed most subjective content. I have no opinion on this that is relevant to the question - I am only looking to understand the warning. It seemed there was one good answer before the previous question was closed, so I will link that here for reference: Why is Google Firebase not recommended by Google in their own documentation for multi-tenant applications?
That does make sense if you manage 2 separate applications which have no relation with each other. Let's say you have an app that manages a school's information and other one is a restaurant management app. Now in this case I don't see any event that the school app might need access to restaurant data.
If you use the same project, then all the firebase services (auth, database, analytics, etc) will be shared among them. It'll be hard for you to separate analytics for each of the app. As the database is shared, you'll have to explicitly separate data of both apps by separating the path in db. (/apps/school for school, /apps/restaurant for restaurant).
That being said, any user registered on the school app can login on restaurant app without creating a new account there as you are sharing the same project among them.
Now if your client pays you a the Firebase costs every month, you cannot distinguish between how much should the school client pay. Now even if both the apps are your, the complexity will increase significantly if you go on using it.
https://firebase.google.com/docs/projects/learn-more#multi-tenancy <-- this explains how "Firebase Projects" works and https://cloud.google.com/identity-platform/docs/multi-tenancy-authentication explains about "Google Identity Kit" multi-tenant auth. So that's not a Firebase-only thing.
Is there any way to change the deployment owner of an Appmaker application?
The person who has created Appmaker applications for our organization is leaving, and we need to have new owners for the deployments. The options for exporting data, viewing logs, publishing and editing deployment details (e.g. admins) are only available to the deployment owner, so managing the deployment is close to impossible without the deployment owner.
Also, I'm wondering what will happen when the account of the deployment owner's account is deleted. Does the deployment disappear or is it just a deployment without an owner?
Could a Google admin transfer the ownership, even though it is not possible for the normal user?
If you have any other suggestions on how to deal with this problem, I'm happy to hear them out.
EDIT: I have tried transferring the Appmaker file to a different owner but that has no effect on the deployments.
Today I discovered that it is not possible to change region in firebase project once it has been created.
When I initially created my project it was set up to use us multiregion option and I now need to move it to a single region instance in europe.
It seems that only option here is to create new firebase project in that region and migrate the data.
Migrating database data is straight forward via admin sdk, but how about things like custom domains set up for hosting and dynamic links, also email? Certificates for push notifications etc... Does all of this require manual migration as well, or can it be automated?
There is currently no way to move any part from one Firebase project to another automatically. You might be able to automate part of it through the project management API, but definitely not all of it.
I'm working on my own CMS, a kind of Wordpress 2.0 where I'll be able to create websites very easily for my clients. I'm planning on sharing it someday, no cost included.
The advantages are: People who use my platform won't need any coding skills, and developers will be able to add their code, whether it is PHP, CSS or whatever.
Well, it is just the start. The thing is, I don't know how I'm going to share this framework. The user just needs a bunch of files and a database. The files then setup everything in the database, and we're good to go. The user can create his website without spending a cent.
If I want the user to have a licence to use it, how should I do ? I mean, I think I want it to be free, but at least I want the user to create an account on the official website. How can I forbide the user to "use" the framework if he hasn't an account on the framework's official website?
Thank you for your help,
Stefan
>>>> BACKGROUND ON THE ISSUE <<<<
We were using Google Apps for Business when we started with the project. This allowed us to use the Google Developer Console (https://console.developers.google.com/) with our #company.co.za accounts and also to “login with Google” using our #company.co.za accounts. It turns out that the Google Developer Project (where the API keys are) was created using an ex-colleague's #company.co.za Google account.
When we moved from Google Apps for Business to Office 365, we lost the ability to login to the Google Developer Console with our #copany.co.za accounts. By then the colleague wasn’t working here anymore and I guess it all happened so quickly that we didn’t make sure to tie up all the loose ends.
Now we need to transfer development of the app and subsequently all related 3rd party projects and things, to the client for future development, but I cannot access the Google project.
This will require them to create a project on their side, generate new API keys for using the Google Maps API etc. And then update the apps (Android and iOS) with the new API keys.
>>>>> THIS IS MY QUESTION <<<<<
However, and this is where my question comes in, the apps are still working and happily accessing Google Maps. This makes me think that the project must still be somewhere.
I tried to access the Google Help pages, but because we're on a Bronze package, we can only find support information in their developer communities and online documentation listed here:
Join a Community
Service Disruption Notification
Best Practice Guides
But I thought to ask here too because SO is very reliable with answers :)
So, any idea if the project is still live somewhere? Or should we just create a new project with new API keys?
I don't think this is a stackoverflow question since it's not directly programming related. However, if you want to regain access to you project, this should be fairly simple and i hope this helps:
Create a new Google Apps for Business account with your domain (or maybe your old apps domain still exists?) and a single account. If you choose monthly payment the costs will be only a few bucks.
As the Google Apps domain administrator you should be able to access all appengine projects that belong to users of the same domain. If it doesn't you can contact Google support to reassign the projects. Alternatively: You may be able to recreate an account that owned the app. If you don't know the owner email, it is shown in the consent screent for oauth. With that email, try to access the project.
Create a Gmail account and transfer project ownership to this Gmail account
Delete the Google apps domain to avoid additional costs
All this is doable within an hour.
In case it doesn't work i would suggest you contact your Google sales representative or reseller and tell him, that you would like to purchase silver level support, but only if he can restore the permissions for you. This will cost you more, but if you have to access the project it may be the only way.
Last but not least:
You can contact Google support. You don't need silver level support for that. It will just take a lot longer to process your request. While in contact with the Google support you will have to prove that you are in fact the owner of the domain, which is usually done by adding a TXT record to your domain or uploading a file to your web server, so make sure you have access to your domain's DNS zone files / settings or web server document root.