I have a personal GC account and also one associated with a work email managed by my org. Up until today, I have been able to easily switch between the two accounts in the GC console, simply by clicking on my avatar/initial and selecting my other email from a list in the drop-down menu.
Today, I started in my personal account and there my work email was not in the drop down. I'm not sure why--maybe because I shut down my computer for the long weekend or something.
I assumed I just needed to sign in to that email again, so I selected "Add account", thinking that meant "add another account as an option here", and signed into my work account. However, this instead apparently added my work email to my personal project as a principal. If that was all, that would just be mildly annoying.
The real problem is that this seems to have screwed up my permissions on my work project. When I try to access my actual work database on Big Query, I can view it, but not query it. It says users of aren't authorized to run jobs. I assume this is a security measure to make sure we can't save stuff to personal accounts.
The problem is, I can't figure out how to remove my work identity from my personal account, so that it stops interfering with my work permissions. I can't find anything in the documentation about adding a user account like I did, or how to remove it again. I can't figure out where I find it to delete it. I didn't issue any roles or permissions to it, so it doesn't show up in any of the IAM views of project or resource roles that I can see, but (I have two other users on my personal account, and I can definitely see the ones that I have added intentionally to datasets there.) In the policy troubleshooter, it says the work account has no bindings in the personal project. When I log into the work account, I get a big warning message about how I don't have permission to access and I need to contact my admin to fix my permissions, confirming they are associated. So where do I find this phantom principal with no permissions, so I can delete it?
Obviously, I'm new to GC. I understand very little of the IAM system, and I'm totally lost in all the jargon (roles, principles, bindings, users, service accounts), and I've spent several hours now failing to figure this out from the documentation. Can anyone tell me how to get my work account off my personal project?
I'm very grateful for your help!
To remove your work account from personal google cloud project follow the below steps:
Navigate to the Google console , at the top right corner select the account which you want to remove.
Click on the Sign out option then you will be redirected to the Settings page.
Under Additional accounts Click on Remove this account.
You can also try the below steps:
In the Google Cloud console, go to the IAM & Admin and select IAM.
In the IAM permissions page, select the project that you want to remove access.
Click the checkbox next to the row that contains the user account which you want to remove from the member list, then click Remove access.
Refer to the official documentation on Revoke access to Google Cloud Project and Manage access to projects,folders, organization for more information.