403 forbidden error when using service account with pub/sub publisher role

Question

Created a service account with 1 role : Pub/Sub Publisher.

trying to publish a message to a topic I get :

{ message: 'User not authorized to perform this action.',
   domain: 'global',
   reason: 'forbidden' }

when using a project-owner service account I succeed in publishing the message.

tried using both google-cloud and googleapis node packages and with both I faced the same behaviour. What am I doing wrong?

Thanks.

Rotem Slootzky Rotem Slootzky · Accepted Answer · 2017-06-12T08:38:24

When I went to the specific topic -> permissions , I saw the service account appear as inherit permission , I then added the service account's client_email specifically with the same role (pub/sub publisher) and saw the inherited changed to "mixed" , tried again and succeeded.

403 forbidden error when using service account with pub/sub publisher role

1 Answers