This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Permissions required for projects.subscriptions.acknowledge and projects.subscriptions.pull method

Posted on 09-27-2024 05:48 AM
Mouzma
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

My understanding is "pubsub.subscriptions.consume" is the permission for both APIs, but the API documentation for PubSub doesn't have the IAM permission.

Solved Solved
0 1 387
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
ms4446
Staff
Reply posted on --/--/---- --:-- AM

You are correct that the pubsub.subscriptions.consume permission is required for consuming messages from subscriptions in Pub/Sub. This permission allows a user or service account to pull messages from a subscription or to receive messages via push delivery. Google Cloud assigns broader roles such as roles/pubsub.subscriber, which include pubsub.subscriptions.consume. This role specifically grants the necessary permissions to consume messages, unlike roles/pubsub.viewer, which is read-only.

The Pub/Sub API documentation focuses more on the API's functionality rather than granular permission details, which are covered in the IAM documentation.

Verify the roles assigned to your user or service account, especially if you can consume messages. Ensure you have roles/pubsub.subscriber or another role that includes pubsub.subscriptions.consume.

You can find the IAM permissions for Pub/Sub operations in the Google Cloud Pub/Sub IAM documentation.

View solution in original post

Jump to Solution
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
ms4446
Staff
Reply posted on --/--/---- --:-- AM

You are correct that the pubsub.subscriptions.consume permission is required for consuming messages from subscriptions in Pub/Sub. This permission allows a user or service account to pull messages from a subscription or to receive messages via push delivery. Google Cloud assigns broader roles such as roles/pubsub.subscriber, which include pubsub.subscriptions.consume. This role specifically grants the necessary permissions to consume messages, unlike roles/pubsub.viewer, which is read-only.

The Pub/Sub API documentation focuses more on the API's functionality rather than granular permission details, which are covered in the IAM documentation.

Verify the roles assigned to your user or service account, especially if you can consume messages. Ensure you have roles/pubsub.subscriber or another role that includes pubsub.subscriptions.consume.

You can find the IAM permissions for Pub/Sub operations in the Google Cloud Pub/Sub IAM documentation.

Jump to Solution
0 Likes
Top Solution Authors
View all