stackoom
  简体   繁体   中英

PERMISSION_DENIED: Permission 'documentai.processors.processOnline' denied on resource '//documentai.googleapis.com/project...'(or it may not exist)."

 原文  2023-01-04 19:31:03       google-iam/ google-cloud-iam/ cloud-document-ai

Question

ISSUE: i want to use the same documents ai custom-trained processor from several different projects. the approach i have in mind is to make api calls from each of those projects to the a single service account that has the proper AIM roles. i have not been able to successfully set up a service account to access the ai processor we trained

SUMMARY: I have three different projects

  1. DEV

  2. STAGING

  3. DOCUMENT AI PROCESSING

The** DOCUMENT AI PROCESSING ** project contains the document AI processor which was custom-trained and the 2 other environments listed above need to access the same endpoint. I cannot find the right way to configure this, at the moment i am getting the following error: PERMISSION_DENIED: Permission 'documentai.processors.processOnline' )

BACKGROUND:

(1) I created a service account

在此处输入图像描述

(2) I grant this service account access to project, but did not grant any users access to the service account (item 3 in the screenshot)

在此处输入图像描述

(3) service account created successfully

在此处输入图像描述

(4) i add (as a principal) the newly created service account to the DEV project and assign it *EXACTLY* the same roles as what it has in the DOCUMENT AI PROCESSING project

在此处输入图像描述

(5) the service account has been granted access to the DEV project

在此处输入图像描述

What I expect to happen is to be able to use the Document AI processor which is located in DOCUMENT AI PROCCESSING project from the DEV project**.** However, I am still receiving the same error: PERMISSION_DENIED: Permission 'documentai.processors.processOnline' denied on resource ' //documentai.googleapis.com/project ...'(or it may not exist)."

After many hours, i am stumped and i am grateful to anyone that can provide an explanation of what i am getting wrong

1 answers

solution1
 0  

As mentioned in the comment exchange of @Kolban and @bismar eyner esquivel ortuste, the correct permissions needed must be added to the Authorization Scope .

You may refer to this Document AI IAM roles documentation for the full list of roles for the API and refer to Document AI Processor REST API documentation for more information.

Posting the answer as community wiki for the benefit of the community that might encounter this use case in the future.

Feel free to edit this answer for additional information.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Permission 'documentai.processors.processOnline' denied on resource (or it may not exist) DocumentError "Permission 'documentai.processors.processOnline' denied on resource 'my processors' (or it may not exist) Firestore PERMISSION_DENIED Permission 'cloudkms.cryptoKeyVersions.viewPublicKey' denied on resource or it may not exist PERMISSION_DENIED Firestore Emulator firestore: PERMISSION_DENIED: Missing or insufficient permissions gcloud Firestore import: PERMISSION_DENIED How to fix ERROR: (gcloud.functions.deploy) PERMISSION_DENIED: Permission 'run.services.setIamPolicy' denied on resource ' Permission bigquery.tables.get denied or it may not exist Firebase AppCheck on iOS: 403 permission errors - PERMISSION_DENIED
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM