This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Dialogflow-CX conversation bot : Data Store Agent 403-Forbidden on Cited Document

Posted on 06-13-2024 05:26 AM
lijokjohn
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi Experts,

I have a Vertex AI Agent conversation/chat bot based on a datastore. The datastore is created using unstructured documents in a cloud storage folder. The bot works fine and provides the correct answers for the questions and provides the citations( cloud storage URLs). The bot is embedded in a website using authorized uri and google idp is enabled in the vertex AI agent settings.

However the problem is that when someone click these citation URLs, they get 403-Forbidden error.

The cloud storage folder is not public but the user has access to all the documents inside the folder through his google id.  We cannot make the folder public due to sensitive data.

Could someone help me understand why the access to the documents does not work when clicking the citations from the bot. 

Thanks,

Lijo John 

 

 

Solved Solved
6 6 834
Topic Labels
Jump to Solution
2 ACCEPTED SOLUTIONS

Posted on --/--/---- --:-- AM
lijokjohn
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi Xavi,

Signed URLs are public right? I mean anyone can then access the document from anywhere with that URL even without having a google id. Doesn't it defeat the purpose of having documents stored in secured cloud storage folders?

Thanks,

Lijo John

 

 

View solution in original post

Jump to Solution

Posted on --/--/---- --:-- AM
lijokjohn
Bronze 1
Bronze 1
In response to lijokjohn
Reply posted on --/--/---- --:-- AM

@xavidop 

Thanks. Using a signed URL works

However later I came across the below article from GCP.

I could get the ' 403 Forbidden' error go away by just switching off the data audit logs. Works only if you are using a authenticated browser though.

https://cloud.google.com/storage/docs/troubleshooting#trouble-download-storage-cloud

Thanks,

Lijo John

 

View solution in original post

Jump to Solution
6 REPLIES 6

Posted on --/--/---- --:-- AM
xavidop
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

You will need to use signed URLs: https://cloud.google.com/storage/docs/access-control/signed-urls

Jump to Solution

Posted on --/--/---- --:-- AM
lijokjohn
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi Xavi,

Signed URLs are public right? I mean anyone can then access the document from anywhere with that URL even without having a google id. Doesn't it defeat the purpose of having documents stored in secured cloud storage folders?

Thanks,

Lijo John

 

 

Jump to Solution

Posted on --/--/---- --:-- AM
lijokjohn
Bronze 1
Bronze 1
In response to lijokjohn
Reply posted on --/--/---- --:-- AM

@xavidop 

Thanks. Using a signed URL works

However later I came across the below article from GCP.

I could get the ' 403 Forbidden' error go away by just switching off the data audit logs. Works only if you are using a authenticated browser though.

https://cloud.google.com/storage/docs/troubleshooting#trouble-download-storage-cloud

Thanks,

Lijo John

 

Jump to Solution

Posted on --/--/---- --:-- AM
xavidop
Bronze 3
Bronze 3
In response to lijokjohn
Reply posted on --/--/---- --:-- AM

good to know! are the people using it going to be authenticated?

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
lijokjohn
Bronze 1
Bronze 1
In response to xavidop
Reply posted on --/--/---- --:-- AM

Yes. They will all be authenticated in our case.

Jump to Solution

Posted on --/--/---- --:-- AM
xavidop
Bronze 3
Bronze 3
In response to lijokjohn
Reply posted on --/--/---- --:-- AM

perfect!, you can mark my message as the solution and close the topic if you want

Jump to Solution