This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

403 error on projects.locations.productSets.create

Posted 2 weeks ago
timdev75017
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi,

I am unable to use the projects.locations.productSets.create method via the API Explorer. I receive the following http response:

{
"error": {
"code": 403,
"message": "Permission denied.",
"status": "PERMISSION_DENIED"
}
}

Here is the associated CURL command:

curl --request POST \
'https://vision.googleapis.com/v1/projects/my-project-id/locations/europe-west1/productSets' \
--header 'Authorization: Bearer [YOUR_ACCESS_TOKEN]' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data '{"displayName":"testnamedisplay"}' \
--compressed

For authentication, I have tried using Google OAuth 2.0, an API Key, and both together. Each attempt led to the same 403 error.

Regarding the account I’m using, it has the following IAM roles for the specified project (my-project-id) :

  • AI Platform Admin

  • Owner

  • VisionAI Admin

  • VisionAI Editor

The VisionAI API is properly enabled. For example, I receive a 200 response when using the images.annotate method.

I have also tried other regions, such as us-west1, but I get the same result.

Is there a way to identify the root cause of this authentication error? If not, has anyone encountered this issue and could offer suggestions to help resolve it?

Thanks a lot for your help !

0 2 99
Topic Labels
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
MarvinLlamas
Staff
Reply posted on --/--/---- --:-- AM

Hi @timdev75017,

Welcome to the Google Cloud Community!

The error that you encountered is a 403 "Permission Denied" issue when using the projects.locations.productSets.create method of the Google Cloud Vision API.

Here are the potential ways that might help with your use case:

  • Double-Check the Required Permissions: Even with your VisionAI Admin or Editor roles, you need to verify the precise permissions required for projects.locations.productSets.create. Your high-level roles might not always grant you the specific, granular permissions necessary for certain actions.
  • Correctly Setting Project ID: Double check that when you assigned the roles, you didn't assign them just to an individual resource and not the project. Assign them on the project level.
  • Service Account or User Account: Ensure that if you're using a service account, it is correctly linked to the project and has the necessary roles assigned to it.

Was this helpful? If so, please accept this answer as “Solution”. If you need additional assistance, reply here within 2 business days and I’ll be happy to help.

0 Likes

Posted on --/--/---- --:-- AM
timdev75017
Bronze 1
Bronze 1
In response to MarvinLlamas
Reply posted on --/--/---- --:-- AM

Hi @MarvinLlamas ,

Thanks a lot for your answer. 

My guess is that I missed a necessary permission as you suggest, maybe something about storage. Where can I find a list of required permissions ? 

Thanks

0 Likes