Reputation: 4608
error 403: Your client does not have permission to get URL in python google cloud module
UPTADE: According to what our system expert told me, they fixed the problem as follows: v6 ips must be disabled in the operating systems they are in.
I have a python file on the server that is scheduled to run every week. like this:
from google.cloud import bigquery
gbq_credentials = create_gc_credentials(settings)
client = bigquery.Client(credentials=gbq_credentials,project=project_id)
df = client.query(sql_query).to_dataframe()
#data processing
....
But the file that works every week, gave an error today:
Error 403 (Forbidden)!!1
Your client does not have permission to get URL <code>/bigquery/v2/projects/xxxx/jobs</code> from this server.
when I run the same file on my local computer, I didn't get any errors.
I updated the outdated python libraries on the server. But it didn't work. Also I get the same error on all files using the google cloud module.
What could this problem be caused by ?
Upvotes: 4
Views: 15549
Answers (4)
Reputation: 1648
As Bushmaster commented, disabling IPV6 solved the issue.
I'm writing down the steps for disabling it:
sudo echo "net.ipv6.conf.all.disable_ipv6=1" >> /etc/sysctl.conf
sudo echo "net.ipv6.conf.default.disable_ipv6=1" >> /etc/sysctl.conf
sudo echo "net.ipv6.conf.lo.disable_ipv6=1" >> /etc/sysctl.conf
sudo sysctl -p
Hope it helps!
Upvotes: 4
Reputation: 901
Most times, the error is related to whether a user agent's identity can be verified and/or the user agent has the required permission to access a protected service.
I got this error after sending a post request to a cloud function without the authorisation header.
As an example, if a cloud function was created with Allow unauthenticated switched on, then the request goes through without this error.
A quick test was to generate a bearer token by running gcloud auth print-identity-token in cloud shell, and passing the generated token in the authorisation request header. No error!
Upvotes: 0
Reputation: 1780
It could be for many reasons. You can consider these options:
- This error can be caused due to cache, and erasing the cache sometimes might help to fix it.
- You may just need to restart the server.
- You are not allowed to access the resource, or there’s an error on the server side.
- The owners of the web server have improperly set up permissions, and you’re getting denied access when you really shouldn’t be.
Or
When using the BigQuery API, you need to create the client with OAuth credentials for the user. For access with an API, this is often a Service Account identity. When you create a Service Account, that account is not automatically added a membership role to your project. To update the users and service accounts that are members of your project, go to your project, select "Permissions" in the navigation panel, and make sure the user or service account identity you are calling with is a "Reader" on the project.
In case it is about permissions, you can see this documentation about it.
Upvotes: 1
Reputation: 96
How does the "create_gc_credentials" work? From the error message, the service account running on the server does not have the permission.
Upvotes: 0
Related Questions
- Reauthentication failed error while accessing bigquery via python
- HttpError 401 Trying to access a BigQuery url via CloudStorage Pipeline
- gcloud auth login issue 403 access denied when trying to run bigquery
- Authentification issue to BigQuery API REST using Python
- BigQuery Python API issue
- unable to run query against BigQuery - permission error 403
- Authentication error when trying to access BigQuery using python client
- Resolving GCP permissions issues
- Google big query, 403 error unable to query the data via API
- HttpError 403 when requesting https://www.googleapis.com/bigquery/v2/projects/publicdata/queries?alt=json returned "Access Denied: Job publicdata: