Solved: Re: Owner Role getting PERMISSION_DENIED / 400 Err...

helloworld2 · 04-15-2025 08:14 PM

Hi Community,

I'm setting up a new personal project to use the Vertex AI Gemini API with Python, and I'm running into persistent permission issues despite having the Owner role. I'd appreciate any insights!

My Goal:

Use the google-cloud-aiplatform Python library to call Gemini models (like gemini-1.5-flash-001 or gemini-1.0-pro-002) via Vertex AI.

My Setup:

Project ID: woven-art-456200-i9
Project Number: 804321510322
Account: <PII Removed by Staff>
IAM Role: Confirmed via the IAM console page that robmadison2006@gmail.com has the Owner role for this project.
Billing: Free Trial ($300 credit) is active, Billing Overview page shows no errors or alerts.
Environment: Windows PC, Python installed, gcloud CLI installed.
Auth: Successfully ran gcloud init (logged in, project set) and gcloud auth application-default login (credentials file created).
Python Lib: Successfully ran pip install google-cloud-aiplatform.

Problem & Errors Encountered:

Python Script Error: When running a simple Python script (code below) to call model.generate_content(), it fails with:
```
An error occurred: 400 Project '804321510322' is not allowed to use Prediction API on '.../publishers/google/models/[MODEL_ID]'
```
(This happened for both gemini-1.5-flash-001 and gemini-1.0-pro-002 models).

gcloud Command Error: When trying to troubleshoot by ensuring APIs are enabled via gcloud, running gcloud services enable compute.googleapis.com fails with:

ERROR: (gcloud.services.enable) PERMISSION_DENIED: Not found or permission denied for service(s): [compute.googleapis.com] reason: SERVICE_CONFIG_NOT_FOUND_OR_PERMISSION_DENIED

Contradiction / Confusion:

The Google Cloud Console UI (APIs & Services -> Library) shows that Vertex AI API, Compute Engine API, and Cloud Storage API are all ENABLED for the project.
Despite the APIs showing as enabled in the UI and me having the Owner role, I still get PERMISSION_DENIED trying to enable compute.googleapis.com via gcloud, and the 400 Project ... not allowed error when trying to use the prediction service via the Python SDK.

Troubleshooting Steps Tried:

Confirmed Owner role via IAM console.
Confirmed Billing status is Active (Free Trial) with no alerts.
Confirmed main APIs (Vertex AI, Compute Engine, Storage) show as enabled in console UI.
Tried enabling recommended APIs via the Vertex AI dashboard button (button showed activity but reappeared without confirming success).
Tried enabling Compute Engine and Storage APIs manually via gcloud (failed with PERMISSION_DENIED).
Tried different Gemini models (1.5-flash-001 and 1.0-pro-002).
Waited several minutes after enabling APIs / trying fixes.
Confirmed Application Default Credentials were created using gcloud auth application-default login.

Question: Why would I be getting these permission errors (PERMISSION_DENIED for enabling services, 400 Project not allowed for prediction) when I have the Owner role and the relevant APIs appear enabled in the console? Is there potentially an issue with the project state, free trial limitations, or an Organization Policy I might not be aware of (though this should be a personal project)?

Any help or suggestions would be greatly appreciated!

(Optional: Include the Python Code)

Python

# Import the Vertex AI library
import vertexai
from vertexai.generative_models import GenerativeModel

# --- Configuration ---
PROJECT_ID = "woven-art-456200-i9"
LOCATION = "us-central1"
MODEL_ID = "gemini-1.0-pro-002" # Also tried gemini-1.5-flash-001

# --- Initialize Vertex AI ---
vertexai.init(project=PROJECT_ID, location=LOCATION)

# --- Load the Gemini Model ---
model = GenerativeModel(MODEL_ID)

# --- Send a Prompt ---
prompt = "In simple terms, what is a large language model?"
print(f"Sending prompt: '{prompt}'")

try:
    response = model.generate_content(prompt)

    # --- Print the Response ---
    print("\n--- Model Response ---")
    if response.candidates and response.candidates[0].content.parts:
         print(response.candidates[0].content.parts[0].text)
    else:
        print("No text content found in the response.")
        # print(response) # Uncomment to see full response structure if needed

except Exception as e:
    print(f"\nAn error occurred: {e}")

print("\n--- Script Finished ---")

dawnberdan

Hi @helloworld2,

Welcome to Google Cloud Community!

The issue is caused by free trial limitations. Even with the Owner role and all necessary APIs enabled, Vertex AI access to Gemini models is restricted by default for trial accounts. The error: 400 Project '...' is not allowed to use Prediction API... means your project hasn’t been whitelisted to use these models — a common limitation for free-tier setups. Models like gemini-1.5-flash-001 and gemini-1.0-pro-002 require elevated permissions that are not automatically granted to trial accounts, even if billing appears active through credits.

For more in-depth analysis, you can contact Google Cloud Support. When reaching out, include detailed information and relevant screenshots of the errors you’ve encountered. This will assist them in diagnosing and resolving your issue more efficiently.

Was this helpful? If so, please accept this answer as “Solution”. If you need additional assistance, reply here within 2 business days and I’ll be happy to help.

View solution in original post

dawnberdan

Hi @helloworld2,

Welcome to Google Cloud Community!

The issue is caused by free trial limitations. Even with the Owner role and all necessary APIs enabled, Vertex AI access to Gemini models is restricted by default for trial accounts. The error: 400 Project '...' is not allowed to use Prediction API... means your project hasn’t been whitelisted to use these models — a common limitation for free-tier setups. Models like gemini-1.5-flash-001 and gemini-1.0-pro-002 require elevated permissions that are not automatically granted to trial accounts, even if billing appears active through credits.

For more in-depth analysis, you can contact Google Cloud Support. When reaching out, include detailed information and relevant screenshots of the errors you’ve encountered. This will assist them in diagnosing and resolving your issue more efficiently.

Was this helpful? If so, please accept this answer as “Solution”. If you need additional assistance, reply here within 2 business days and I’ll be happy to help.

helloworld2

Subject: Re: Owner Role getting PERMISSION_DENIED / 400 Error for Vertex AI Gemini API

Hi @dawnberdan,

Thank you very much for explaining that the free trial limitation is causing the 400 error for Vertex AI Gemini models! That clarifies the situation.

Unfortunately, I checked the Support section, and my current support plan doesn't allow me to create a technical case as you suggested.

Is there any alternative way for users on the free trial to request the necessary permissions/whitelisting for these models, or is activating the full account the only path forward?

(P.S. I also seem to be having an issue where my email notification settings on the community site aren't saving correctly.)

Thanks again for your help!

dawnberdan

Hi @helloworld2,

As of now, upgrading to a Paid Account is generally the only way to access Advanced Features such as the Gemini models in Vertex AI. The free trial tier comes with more limited quotas and permissions, and exceptions or whitelisting are typically not available even through indirect channels.

For more information, refer to the Customer Care portfolio documentation or contact Billing Support for further assistance.

Hope it helps!