Reputation: 5181
Google Analytics API: "User does not have sufficient permissions for this account."
I'm writing a Ruby app that accesses the Google Analytics API to pull down some experiment information.
The app connects and authenticates using a Google Service Account via the following function:
def connect
...
@@client = Google::APIClient.new(:application_name => 'My Service App',
:application_version => '1.0.0')
key_file = Rails.root.join('config', 'privatekey.p12').to_s
key_secret = 'somesecret'
key = Google::APIClient::PKCS12.load_key(key_file, key_secret)
asserter = Google::APIClient::JWTAsserter.new(
SECRETS[:google_service_account_email],
['https://www.googleapis.com/auth/yt-analytics.readonly',
'https://www.googleapis.com/auth/analytics.readonly'
],
key
)
@@client.authorization = asserter.authorize()
...
end
...which authenticates and discovers both APIs without issue.
Using the client against the YouTube Analytics API works without issue. Using the same exact account to access the Analytics API via...
response = @@client.execute({
# 'analytics is the API object retrieved via discover_api()
:api_method => analytics.management.experiments.list,
:parameters => {
'accountId' => 'AAAAAAAA',
'profileId' => 'PPPPPPPP',
'webPropertyId' => 'UA-WWWWWWWW-#'
}
})
Results in a 403 error response:
{"domain":"global","reason":"insufficientPermissions","message":"User does not have sufficient permissions for this account."}
In regards to authorization, I have double-checked the account [email protected]:
- Has full permissions to the Google Analytics web interface. I logged in using the [email protected] account and was able to view the same Experiments I attempted to list.
- Has enabled the Analytics API. Within the API Console, I confirmed in the Services section that the Analytics API item is switch to ON. (Just like YouTube Analytics is.)
- I am using the appropriate AccountID, ProfileID, and WebPropertyID values. Copied directly from the Google Analytics web interface.
Given that the service account can access at least one API (YouTube Analytics), and the associated account ([email protected]) can access the Analytics web interface, there seems to be something wrong with the service account accessing the Analytics API in particular.
Any ideas?
Similar topics:
- “Not sufficient permissions” google analytics API service account (NOTE: This error is slightly different than mine)
- Analytics blog post, check comments section for 'permissions'
Upvotes: 46
Views: 86855
Answers (12)
Reputation: 49150
Other answers are outdated for Google Analytics v4.
There's a different api that one need to enable and use.
https://developers.google.com/analytics/devguides/reporting/data/v1/quickstart-client-libraries
For node.js:
import { BetaAnalyticsDataClient } from "@google-analytics/data";
import { google } from "googleapis";
const auth = new google.auth.GoogleAuth({
credentials: {
client_email: process.env.GOOGLE_CLIENT_EMAIL,
client_id: process.env.GOOGLE_CLIENT_ID,
private_key: process.env.GOOGLE_PRIVATE_KEY,
},
});
const analyticsDataClient = new BetaAnalyticsDataClient({
auth,
});
Upvotes: 1
Reputation: 1112
For me, it has been solved when I select the property that was created with enabling "Create a Universal Analytics property" in "Show Advanced Options" section
Upvotes: 0
Reputation: 37
Make sure you give the service account email (something like [email protected]) permissions to read/write from your GA view.
Admin > View > User Management > "Add permissions for:"
I got this issue when I try to integrate GA source to metabase.
Metabase requires Oauth clientid and secret. So I create Oauth clientid in GA (If you face an issue which said you need a Guite user to make it internal access, then you need register a new account under workspace).
Then, I solve this issue by adding my google cloud(workspace) account to view user management, not [email protected]
Just the google cloud login account, I tried with [email protected] but it doesn't work. The difference for metabase is it ask the oauth id and secret for your google cloud account not service account.
Hope this can help someone face the same situation.
But it is still trick because another GA4 service which don't have any view How to create view in Google Analytics 4 Still can't solve this issue. If any one knows it, please comment. Just don't know how to call the api in GA4 since there isn't view at all.
Upvotes: 0
Reputation: 49
If you are new just to let you know 3 Step procedure required
- Enable Google Analytics Reporting API then create service email account (OAuth Client ID)
- Add and give permission this service email in google console
- Add and give permission this service email account in Google analytics tracking -> User management
Upvotes: 0
Reputation: 235
Even after adding the email to the account level in analytics I still had the same permission problem but the following suggestion helped but didn't solve it:
$client->setScopes("https://www.googleapis.com/auth/plus.login");
That didn't work for me but this did:
$client->setScopes("https://www.googleapis.com/auth/analytics");
https:// is now required to authenticate.
Upvotes: 2
Reputation: 926
Pick the right id!
In my case I was using the right credentials (account id, account secret -> authorization_code -> access_token) AND had the email permissions set up right but I was using the account id on the Admin > Account settings page and simply adding ga: to the front.
The id you actually need is the table id! (or that's the one that worked for me at least since most people here are mentioning the account id, which didn't work for me.). You can find that one here: https://ga-dev-tools.appspot.com/account-explorer/
And then you can query as
service.get_ga_data(TABLE_ID,'2017-03-25','2017-03-25','ga:users,ga:pageviews')
I found this API to be badly documented overall and the UI was unclear. But maybe that's just me.
Upvotes: 27
Reputation: 11399
I also had to go to the developer console and enable the API in order to make it work. Go to the developer console and select your project and enable the API(s) you want to use.
Upvotes: 3
Reputation: 41
Make sure your are entering the correct table_id
(ie. GetProfiles(oauth_token)
tableid_input = "ga:72848696")
Upvotes: 2
Reputation: 3279
Make sure you give the service account email (something like [email protected]) permissions to read/write from your GA view.
Admin > View > User Management > "Add permissions for:"
Upvotes: 79
Reputation: 422
If you still see this message after you added your developer email to analytic user.
You may need to add scope to the object, before new Google_Service_Analytics($client);
$client->setScopes("https://www.googleapis.com/auth/plus.login");
I spent whole day trying to solve this!
Upvotes: 3
Related Questions
- Google Analytics: User does not have sufficient permissions for this profile
- Google Analytics API Python Error 403 - Insufficient Permissions
- User does not have sufficient permissions for this property
- User does not have sufficient permissions for this profile. - Google Analytics API v4
- Analytics Google API Error 403: "User does not have any Google Analytics Account"
- Google Analytics API returned User does not have sufficient permissions for this profile
- Error "User does not have sufficient permissions error for Google Analytics"
- Google Analytics API - inconsistent error "insufficientPermissions' (403)
- Google analytics v3 Google.Apis.Requests.RequestError User does not have any Google Analytics account. [403]
- Google Analytics API error 403: "User does not have permission to access profile"