Google Cloud API Service authorisation failure - forbidden access

Question

I am currently receiving the following error when attempting to access the google cloud service via a java client:

Caused by: 
com.google.api.client.googleapis.json.GoogleJsonResponseException: 403 
Forbidden
{
  "code" : 403,
  "errors" : [ {
    "domain" : "global",
    "message" : "xyz.iam.gserviceaccount.com does not have 
    storage.buckets.list access to project 123456.",
    "reason" : "forbidden"
  } ],
  "message" : "xyz.iam.gserviceaccount.com does not have 
storage.buckets.list access to project 123456."
}

So far I have:

• Installed and authorised the sdk with the login details of the google cloud account
• Added the GOOGLE_APPLICATION_CREDENTIALS of the service account xyz to my environment variable with the path to the json key
• Given the service account (xyz) permissions for the given project (123456)
• Enabled permissions to the Storage API and the Speech API (the intended target in the future)

How do I provide access to a service account for a given list or api for a given project?

Answer 1

The message is very specific and doesn't leave much room for doubt, but if there is an issue please share the roles currently assigned to your service account:

"xyz.iam.gserviceaccount.com does not have storage.buckets.list access to project 123456."

It could be that the role you have assigned to your service account in https://console.cloud.google.com/iam-admin/iam/project doesn't have the storage.buckets.list access.

In order to see if the specific role has the storage.buckets.list access, search for that access in https://console.cloud.google.com/iam-admin/roles. This will output list of roles that have this access and you can see if you service account has one of the or not.