It seems only a project with Owner role can toggle IAP for resources listed at Cloud Platform Console IAP Panel. What role in IAM can grant a member user access to make edits in this console panel? Or are project Owners the only users who have edit access in this particular console panel?
The IAP access policy is really just part of the project's IAM policy. So, it's controlled by who can set IAM policy on the project. Per https://cloud.google.com/resource-manager/docs/access-control-proj, I believe that this is just Owner.
Do you have a use case where you want a different set of people to control IAP policy v. general project policy? That might be something we could consider for the future. -- Matthew, Identity-Aware Proxy team