Reputation: 41
GCP Request is prohibited by organization's policy
I'm trying to extract some information from GCP. I use this command gcloud asset search-all-resources --scope=projects/projID
But it gives me VPC_SERVICE_CONTROLS error:
User does not have permission to access projects instance (or it may not exist): Request is prohibited by organization's policy.
I tried troubleshooting and checked all permissions but everything's fine. Strange fact is that it works with other projects and other environments. Do I need some special configurations?
Upvotes: 1
Views: 13633
Answers (1)
Reputation: 1011
To search all cloud resources within the specified scope, the caller must be granted cloudasset.assets.searchAllResources permission on the desired scope (can be a project, a folder or an organization). If not specified, the configured project property will be used.
By running, gcloud config get project you'll find the configured project and to change the project, run: gcloud config set project [PROJECT_ID]
You may find the official documentation here.
Upvotes: 1
Related Questions
- Terraform: googleapi: Error 403: Permission denied on resource project
- Getting error while allowing accounts and roles in Terraform for GCP
- (Terraform, GCP) Error creating service account: googleapi: Error 403: Permission iam.serviceAccounts.create is required to perform this operation on
- Terraform GCS backend writing .tflock failed. 403 access denied
- Unable to create gcp vpc using terraform
- Terraform/GCP - "the user does not have permission to access Project"
- Terraform - GCP - connect: connection refused
- How to resolve "googleapi: Error 403: The caller does not have permission, forbidden"
- Terraform GCP vm instance create - Error 403
- Terraform google_proejct_iam_member giving Error 400: Policy members must be of the form "<type>:<value>"., badRequest