Access levels are shared across Google Workspace and Google Cloud. Admins can create access levels through the Admin console, Google Cloud (console and API), and the Google Cloud SDK.
Because access levels are shared across platforms, you might see items like these in the assigned access levels list:
- Access levels you didn't create
- Access levels marked as "deleted" that you didn’t delete
Recommendation: If you are a Workspace-only user, do not add or modify Context-Aware access levels using the Google Cloud Platform (GCP) console, or any method other than the Context-Aware Access interface. Doing so can cause this error: Unsupported attributes are being used on Google Workspace and blocked users.
Delete and unassign access levels
Because access levels are a shared resource, they can be deleted in the Admin console or another platform. If you delete an access level in the Admin console, all app assignments that were created in the Admin console for that access level are removed (unassigned).
If an access level is deleted on another platform (for example, the Google Cloud Platform console), the access level is marked as deleted. However, the access level is still assigned to apps and access to those apps is blocked. If you see deleted access levels, remove (unassign) them to unblock access. If the deleted access level was assigned to Admin console, you will lose access to Admin console immediately and have to contact Google support team to regain the access.
To delete access levels, you need specific admin privileges.
Remove deleted access levels for all apps
-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
-
In the Admin console, go to Menu SecurityAccess and data controlContext-Aware Access.
- On the top right, click Unassign Access Levels. When prompted, confirm by clicking Unassign Access Levels again.
The system removes deleted access levels from all apps. No apps are blocked.