2
votes

I am trying to add users to my Google Analytics account through the API but the code yields this error:

googleapiclient.errors.HttpError: https://www.googleapis.com/analytics/v3/management/accounts/**accountID**/entityUserLinks?alt=json returned "Insufficient Permission">

I have Admin rights to this account - MANAGE USERS. I can add or delete users through the Google Analytics Interface but not through the API. I have also added the service account email to GA as a user. Scope is set to analytics.manage.users

This is the code snippet I am using in my add_user function which has the same code as that provided in the API documentation.

def add_user(service):

try:
service.management().accountUserLinks().insert( accountId='XXXXX',
body={
'permissions': {
'local': [
'EDIT',
]
},
'userRef': {
'email': '[email protected]'
}
}
).execute()

except TypeError, error:
# Handle errors in constructing a query.
print 'There was an error in constructing your query : %s' % error

return None

Any help will be appreciated. Thank you!!

2
Are you using a service account? Can you add the full error response to your question?Matt
Hi Matt. Thank you. I was able to work through it (finally!). - The problem was I using a service account when I should have been using an installed application.elp99

2 Answers

0
votes

The problem was I using a service account when I should have been using an installed application. I did not need a service account since I had access using my own credentials.That did the trick for me!

0
votes

Also remember that you have to specify the scope you would like to use, this example here (using the slightly altered example by Google) defines by default two scopes which would NOT allow to insert users (as they both give read only permissions) and would result in "Error 403 Forbidden" trying so.

The required scope is given in the code below:

from apiclient.discovery import build
from googleapiclient.errors import HttpError
from oauth2client.service_account import ServiceAccountCredentials


def get_service(api_name, api_version, scopes, key_file_location):
    """Get a service that communicates to a Google API.

    Args:
        api_name: The name of the api to connect to.
        api_version: The api version to connect to.
        scopes: A list auth scopes to authorize for the application.
        key_file_location: The path to a valid service account JSON key file.

    Returns:
        A service that is connected to the specified API.
    """

    credentials = ServiceAccountCredentials.from_json_keyfile_name(
            key_file_location, scopes=scopes)

    # Build the service object.
    service = build(api_name, api_version, credentials=credentials)

    return service


def get_first_profile_id(service):
    # Use the Analytics service object to get the first profile id.

    # Get a list of all Google Analytics accounts for this user
    accounts = service.management().accounts().list().execute()

    if accounts.get('items'):
        # Get the first Google Analytics account.
        account = accounts.get('items')[0].get('id')

        # Do something, e.g. get account users & insert new ones 
        # ...


def main():
    # Define the auth scopes to request.

    # Add here
    # https://www.googleapis.com/auth/analytics.manage.users
    # to be able to insert users as well:
    scopes = [
        'https://www.googleapis.com/auth/analytics.readonly',
        'https://www.googleapis.com/auth/analytics.manage.users.readonly',
    ]
    key_file_location = 'my_key_file.json'

    # Authenticate and construct service.
    service = get_service(
            api_name='analytics',
            api_version='v3',
            scopes=scopes,
            key_file_location=key_file_location)

    profile_id = get_first_profile_id(service)
    print_results(get_results(service, profile_id))


if __name__ == '__main__':
    main()

Regards,

HerrB92