Reputation: 2728
How to resolve GCloud permissions?
I am trying to publish my Android app to our company's Play Store.
On Google API access page
I am trying to create new service account. It does not work.
You are missing at least one of the following required permissions: Project
orgpolicy.policy.get resourcemanager.projects.get Check that the folder, organization, and project IDs are valid and you have permissions to access them
My GCP shows [email protected] google account. On the other side,Google API(Google Play Console) shows MYCOMPNAY Team account.
How to solve this IAM problem?
Upvotes: 1
Views: 634
Answers (1)
Reputation: 40091
I'll do my best to answer but the question lacks some detail.
As the error describes, service accounts are a distinct type of credential used by Google that are intended to be used by software (rather than humans) for interacting with Google services. It makes some sense (though I'm unfamiliar with the Play process) that you'd need to use service accounts rather than human accounts with this service.
Unlike, regular (human) accounts (e.g. [email protected]), service accounts are owned by Google projects. When you create a service account, you'll need to scope the account to an existing Google project.
Google provides various Consoles for different services. I'm most familiar with Google Cloud Platform (GCP) and so I would create projects and service accounts using GCP's CLI (Cloud SDK aka gcloud) or https://console.cloud.google.com. Are you using something similar?
Unfortunately, I think, Google's tools scope projects (even though these are universal Google resources) to specific platforms (Cloud, Firebase, Apps etc.) and so you may not be able to see all your projects via the e.g. Cloud Console.
So....
If you have a Play (!?) Console, there should be a mechanism to list|create projects. If you haven't already, created a project to own your service account. Then the tool should provide a mechanism to create a service account. Do so under that projects. Lastly, you'll need to grant the service account permissions so that it can do what you need it to do (e.g. publish your app).
If you add more details to your question, I may be able to help.
NOTE One distinction between human (e.g. [email protected] as a Google account) and a service account is that human accounts using 3-legged OAuth while service accounts use 2-legged OAuth. This is because the service account is not able to interact with OAuth prompts as a human user would and it is often a good "tell" when you need to use a human vs. a service account.
See:
- Google Play: (API) Projects and Service Accounts
- Understanding Service Accounts
- Using OAuth for Server-to-Server apps
Upvotes: 1
Related Questions
- gcloud - ERROR: (gcloud.app.deploy) Permissions error fetching application
- gcloud - no permissions for any API even though I am owner and works fine through web UI
- Cloud Functions IAM Roles: 403 Forbidden
- gcloud project owner permission denied
- gcloud 403 permission errors with wrong project
- Google Cloud Platform: Minimal IAM permissions for gcloud command
- Can't figure out OS Login IAM permissions
- Google Cloud permissions
- Problems with permissions on Google Cloud IAM
- gcloud installed on gce instance with service level accounts permission issues