I want to use Google Vision API with service account. The problem is that there is no role to give access to Vision API only, the only role I've found is owner role which is too powerful.
Is there is any role to give access only to Vision API or other way to give app permission without giving full access to GCP project?
There is currently no specific role for the Vision API. As indicated on the Quickstart it is advised to use the Owner role (which I totally agree that could be very dangerous to use). There are at least two Feature Requests 1 2 opened on the Issue Tracker which I recommend you to star and comment upon for such a role to be implemented. In the meantime you can follow the recommendation offered by @johnhanley on the comment.