Authenticated Cloud Functions: Insufficient permission to access Firestore
Question
I am setting up authenticated Cloud Functions for a function-function call as per this doc . In my use case, the calling function is CF1 while the receiving function is CF2
I have set up and assign a service account ( my-func-invoker@myproject.iam.gserviceaccount.com ) for CF1, and setup/assign the Cloud Functions Invoker role for CF2 to the said my-func-invoker@myproject.iam.gserviceaccount.com service account. All is good, CF1 can call CF2 with no problem.
However in CF1, there are 2 workflows:
- Invoke CF2
- Read/Write to Firestore
After assigning the service account to CF1, CF1 lost permission to read/write Firestore (my firestore currently grants all read write access) and throws the 7 PERMISSION_DENIED: Missing or insufficient permissions. error.
Is there something I am missing?
1 answers
solution1
0 ACCPTED 2020-06-14 17:53:09
you probably just need to give service account #1 the correct role to access firestore [0]. i would check what roles are currently granted to the SA and see if it's missing what is required.
[0] https://cloud.google.com/firestore/docs/security/iam#roles
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.