简体繁体 English

project...”上的权限“documentai.processors.processOnline”被拒绝（或者它可能不存在）。

[英]PERMISSION_DENIED: Permission 'documentai.processors.processOnline' denied on resource '//documentai.googleapis.com/project...'(or it may not exist)."

原文 2023-01-04 19:31:03 8 1 google-iam/ google-cloud-iam/ cloud-document-ai

ISSUE: i want to use the same documents ai custom-trained processor from several different projects.问题：我想使用来自几个不同项目的相同文档 ai 自定义训练处理器。 the approach i have in mind is to make api calls from each of those projects to the a single service account that has the proper AIM roles.我想到的方法是从每个项目向具有适当 AIM 角色的单个服务帐户发出 api 调用。 i have not been able to successfully set up a service account to access the ai processor we trained我未能成功设置服务帐户来访问我们培训的人工智能处理器

SUMMARY: I have three different projects总结：我有三个不同的项目

DEV开发者
STAGING分期
DOCUMENT AI PROCESSING文档人工智能处理

The** DOCUMENT AI PROCESSING ** project contains the document AI processor which was custom-trained and the 2 other environments listed above need to access the same endpoint. ** DOCUMENT AI PROCESSING ** 项目包含经过定制训练的文档 AI 处理器，上面列出的其他 2 个环境需要访问相同的端点。 I cannot find the right way to configure this, at the moment i am getting the following error: PERMISSION_DENIED: Permission 'documentai.processors.processOnline' )我找不到正确的配置方法，目前我收到以下错误：PERMISSION_DENIED: Permission 'documentai.processors.processOnline' )

BACKGROUND:背景：

(1) I created a service account (1) 我创建了一个服务帐户

(2) I grant this service account access to project, but did not grant any users access to the service account (item 3 in the screenshot) (2) 我授予此服务帐户访问项目的权限，但未授予任何用户访问服务帐户的权限（屏幕截图中的第 3 项）

(3) service account created successfully (3)服务账号创建成功

(4) i add (as a principal) the newly created service account to the DEV project and assign it *EXACTLY* the same roles as what it has in the DOCUMENT AI PROCESSING project (4) 我将（作为委托人）新创建的服务帐户添加到DEV项目，并为其分配 *EXACTLY* 与DOCUMENT AI PROCESSING项目中相同的角色

(5) the service account has been granted access to the DEV project (5) 服务账号已被授权访问DEV项目

What I expect to happen is to be able to use the Document AI processor which is located in DOCUMENT AI PROCCESSING project from the DEV project**.** However, I am still receiving the same error: PERMISSION_DENIED: Permission 'documentai.processors.processOnline' denied on resource ' //documentai.googleapis.com/project ...'(or it may not exist)."我期望发生的是能够使用位于DEV项目**的DOCUMENT AI PROCCESSING项目中的 Document AI 处理器。** 但是，我仍然收到相同的错误： PERMISSION_DENIED：权限'documentai.processors。 processOnline' 在资源 ' //documentai.googleapis.com/project ...' 上被拒绝（或者它可能不存在）。”

After many hours, i am stumped and i am grateful to anyone that can provide an explanation of what i am getting wrong几个小时后，我被难住了，我很感激任何能解释我出错的人

1 个解决方案

As mentioned in the comment exchange of @Kolban and @bismar eyner esquivel ortuste, the correct permissions needed must be added to the Authorization Scope .正如@Kolban 和@bismar eyner esquivel ortuste 的评论交流中提到的，必须将所需的正确权限添加到授权 Scope中。

You may refer to this Document AI IAM roles documentation for the full list of roles for the API and refer to Document AI Processor REST API documentation for more information.您可以参阅此文档 AI IAM 角色文档以获取 API 的完整角色列表，并参阅文档 AI 处理器 REST API文档以获取更多信息。

Posting the answer as community wiki for the benefit of the community that might encounter this use case in the future.将答案发布为社区 wiki ，以造福于将来可能会遇到此用例的社区。

Feel free to edit this answer for additional information.请随意编辑此答案以获取更多信息。