Solved: Im facing issue while working with AML AI model,an...

grithik_114 · 01-21-2025 05:03 AM

ERROR: (gcloud.services.enable) [PII Removed by Staff] does not have permission to access projects instance [aml-01-448503] (or it may not exist): Bind permission denied for service: financialservices.googleapis.com
Service financialservices.googleapis.com is not available to this consumer.
Help Token: Ab6lFGfB6V1VNLz19v40IuwM8dWMKZhrxepBOSduVX4sLbxkL4quxprUb0Vstw_dlO4RkmoiRSuQdqnPH_E94ENsetTTbhXeC_9NEeLYe9Y4vTSc. This command is authenticated as (PII Removed by Staff) which is the active account specified by the [core/account] property
- '@type': type.googleapis.com/google.rpc.PreconditionFailure
violations:
- subject: ?error_code=110002&service=servicemanagement.googleapis.com&permission=servicemanagement.services.bind&resource=aml-01-448503
type: googleapis.com
- '@type': type.googleapis.com/google.rpc.ErrorInfo
domain: serviceusage.googleapis.com
metadata:
permission: servicemanagement.services.bind
resource: aml-01-448503
service: servicemanagement.googleapis.com
reason: AUTH_PERMISSION_DENIED

mokit

Hi, @grithik_114.

Most likely, the API service financialservices.googleapis.com is not available for the project. Or, the service account or user doesn't have the required servicemanagement.services.bind permission to enable the financialservices.googleapis.com API.

Ensure that the account you're using has the necessary IAM permissions to enable services on the project. Specifically, the account needs the following permissions:

roles/serviceusage.serviceUsageAdmin (this role allows enabling and disabling services).
roles/servicemanagement.serviceConsumer (if not already granted).

Verify that the financialservices.googleapis.com API is enabled for your organization or project. Some APIs are restricted or require approval to be used in specific regions or organizations.

Ensure that the account you're using is the correct one for the project and has the appropriate permissions.

Regards,
Mokit

View solution in original post

mokit

Hi, @grithik_114.

Most likely, the API service financialservices.googleapis.com is not available for the project. Or, the service account or user doesn't have the required servicemanagement.services.bind permission to enable the financialservices.googleapis.com API.

Ensure that the account you're using has the necessary IAM permissions to enable services on the project. Specifically, the account needs the following permissions:

roles/serviceusage.serviceUsageAdmin (this role allows enabling and disabling services).
roles/servicemanagement.serviceConsumer (if not already granted).

Verify that the financialservices.googleapis.com API is enabled for your organization or project. Some APIs are restricted or require approval to be used in specific regions or organizations.

Ensure that the account you're using is the correct one for the project and has the appropriate permissions.

Regards,
Mokit

grithik_114

Thankyou mokit!

LinusYong

Hi, I have the same issue, but unsure how to resolve it.

I'm using "role/owner" to try to enable "financialservices.googleapis.com" API. It seems like "role/owner" should have the appropriate permissions:

❯ gcloud iam roles describe roles/owner | grep -E "servicemanagement|serviceusage"
- servicemanagement.services.bind
- servicemanagement.services.check
- servicemanagement.services.create
- servicemanagement.services.delete
- servicemanagement.services.get
- servicemanagement.services.getIamPolicy
- servicemanagement.services.list
- servicemanagement.services.quota
- servicemanagement.services.report
- servicemanagement.services.setIamPolicy
- servicemanagement.services.update
- serviceusage.apiKeys.regenerate
- serviceusage.apiKeys.revert
- serviceusage.quotas.get
- serviceusage.quotas.update
- serviceusage.services.disable
- serviceusage.services.enable
- serviceusage.services.get
- serviceusage.services.list
- serviceusage.services.use

Now when I try to enable the "financialservices.googleapis.com", I have this issue

❯ gcloud services enable financialservices.googleapis.com --project aml-ai-451310
ERROR: (gcloud.services.enable) PERMISSION_DENIED: Permission denied to enable service [financialservices.googleapis.com]
Help Token: AV6GkAw6Wz1vL7SavgRUY2jFqtMX7Tex9ilvd3aY_Xj9qPt0NF_BrLvTXckgC16E7CgyRPIG7LxA15sspKrw2B5VLehxNrvNZLtrJ1nei51XsPpW. This command is authenticated as ___MASKED EMAIL___ which is the active account specified by the [core/account] property
- '@type': type.googleapis.com/google.rpc.PreconditionFailure
  violations:
  - subject: ?error_code=110002&service=servicemanagement.googleapis.com&permission=servicemanagement.services.bind&resource=___MASKED PROJECT ID___
    type: googleapis.com
- '@type': type.googleapis.com/google.rpc.ErrorInfo
  domain: serviceusage.googleapis.com
  metadata:
    permission: servicemanagement.services.bind
    resource: ___MASKED PROJECT ID___
    service: servicemanagement.googleapis.com
  reason: AUTH_PERMISSION_DENIED

The list of APIs enabled for this project is as follows

❯ gcloud services list --enabled --project ___MASKED PROJECT ID___
NAME                                 TITLE
bigquery.googleapis.com              BigQuery API
bigquerydatatransfer.googleapis.com  BigQuery Data Transfer API
cloudkms.googleapis.com              Cloud Key Management Service (KMS) API
cloudresourcemanager.googleapis.com  Cloud Resource Manager API
serviceusage.googleapis.com          Service Usage API

Also might be worth while to note that I'm not able to see the "AML AI" API in the API Library in my console

Im facing issue while working with AML AI model,any ideas on how to get permissions and move forword