Pub/Sub PUBLISH_PERMISSIONS_MISSING_FOR_PUBSUB_TOP...

Chris5 · 04-12-2023 11:54 AM

We're managing multiple customers with google my business. We would like to get notified from google if a new review has been written at any location of any customer.

I already found this thread https://www.googlecloudcommunity.com/gc/Data-Analytics/Get-Google-Business-Notifications-from-push-P... to create a subscription for the given account, but I'm always receiving this error PUBLISH_PERMISSIONS_MISSING_FOR_PUBSUB_TOPIC

{ "error": { "code": 400, "message": "Request contains an invalid argument.", "status": "INVALID_ARGUMENT", "details": [ { "@type": "type.googleapis.com/google.rpc.ErrorInfo", "reason": "PUBLISH_PERMISSIONS_MISSING_FOR_PUBSUB_TOPIC", "domain": "mybusinessnotifications.googleapis.com" } ] } }

In the cloudpubsub console, I created a Topic and attached a subscription.

I tested it with the Policy Troubleshooter. It's telling me, that I have access to permissions like: pubsub.topics.attachSubscription

First I thought, I need to add the "Cloud Pub/Sub API" scope in the OAuth consent screen, but I tried it in the OAuth 2.0 Playground with the scope https://www.googleapis.com/auth/pubsub but i received the same error.

Do I need to add another role to the service account, add permission somewhere else or what am I missing?

Aris_O

Hi @Chris5,

Welcome back to Google Cloud Community.

The error message "PUBLISH_PERMISSIONS_MISSING_FOR_PUBSUB_TOPIC," that means that the service account you used to set up the subscription does not have the necessary rights to publish messages to the Pub/Sub topic.

You must grant the service account the required IAM roles and permissions in order to fix this problem. You must specifically provide the service account access to the "Pub/Sub Publisher" role on the newly established Pub/Sub topic.

Here are the steps to give the service account the "Pub/Sub Publisher" role:

Go to the Pub/Sub topic you created by going to the Google Cloud Console.
Select "Permissions" from the menu.
To add a new member to the topic's IAM policy, click the "Add" button.
Enter the email address associated with the service account you're using in the "New members" area.
Select "Pub/Sub Publisher" from the dropdown menu in the "Role" section.

To save the adjustments to the IAM policy, click the "Save" button.

If you still receive the "PUBLISH_PERMISSIONS_MISSING_FOR_PUBSUB_TOPIC" issue after giving the service account the "Pub/Sub Publisher" role, try creating the subscription once more.

It should be noted that providing the "Pub/Sub Publisher" role permits the service account to publish messages to the Pub/Sub topic, but not to read messages from the topic.

Here are some documentation that might help you:

Chris5

Hi @Aris_O ,

I read the documentation you provided, and I'm understanding the concept.

I followed your steps, but i'm still receiving the issue. I also recreatd the subscription.

I attached the used permissions in the screenshot.

The Service Account is showing in the permissions tab of the Topic.

This Is the Oatuh 2.0 Client i'm using

As far as I see, the permissions should be set correctly?

ramish_muhammad

Hey! Was facing the exact same issue. And I figured that the way I was publishing the message to the topic (I was working in javascript) had been deprecated. And somehow for that reason, it was creating a permission issue which is complete bonkers!

By replacing my code to the standard code given in the documentation to publish a message to a topic, it got solved for me.

Here is the link to the documentation: https://cloud.google.com/pubsub/docs/publisher#node.js

Pub/Sub PUBLISH_PERMISSIONS_MISSING_FOR_PUBSUB_TOPIC