PERMISSION_DENIED: The caller does not have permission

Question

I'm trying to call the budget API using a service account and a key file but I get this error:

PERMISSION_DENIED: The caller does not have permission

My Code

async function listBillingAccounts() {
    const [account] = await client.getBillingAccount({ name: `billingAccounts/${BILLING_ACCOUNT_ID}` });
    console.info({ account });
}
listBillingAccounts();

My CLI Setup

gcloud config set project my-project-id

Environment Variables as Mentioned in Their Docs:

Key	Value
GOOGLE_APPLICATION_CREDENTIALS	path\to\gcp-credentials.json
GCP_PROJECT	my-project-id

Service Account Setup

When I go to https://console.cloud.google.com/iam-admin/iam?project=my-project-id, it shows the service account in the table:

Member	Name	Role	Inheritance
owner-75@my-project-id.iam.gserviceaccount.com	owner	Owner	my-project-id

I don't know what to do next.

Answer 1

The owner role of a project does not grant you the necessary permissions to view billing account information.

According to the API documentation when they describe the getBillingAccount operation:

Gets information about a billing account. The current authenticated user must be a viewer of the billing account.

You can grant the viewer of the billing account permission at the organization or billing account level. Please, see the relevant docs.