PermissionDenied: 403 IAM permission 'dialogflow.intents.list'

google-cloud-platform chatbot dialogflow-es service-accounts
10,843

Solution 1

There is no need for creating a new Agent. You can edit the existing agents IAM.

  1. In Dialogflow's console, go to settings ⚙ > under the general tab, you'll see the project ID section with a Google Cloud link to open the Google Cloud console > Open Google Cloud.
  2. In google cloud, go to IAM Admin > IAM under tab Members. Find the name of your agents and then click on edit.
  3. Give admin permissions to the agent to give permissions to list intent.

Solution 2

The problem lies in the IAM section of GCP. Probably you are making a POST request with a role that does not have the necessary authorizations.

  1. Look into your key.json file that contains the field "client_email"
  2. Proceed to the IAM page and set the relevant role with that email to a role that has posting capabilities. (e.g. Admin)

This solved my problem.

Solution 3

  1. In Dialogflow's console, go to settings ⚙ > under the general tab, you'll see the project ID section with a Google Cloud link to open the Google Cloud console > Open Google Cloud.
  2. (Optional) In the Cloud console, go to the menu icon > APIs & Services > Library. Select any APIs (if any) > Enable.
  3. In Cloud Console > under the menu icon ☰ > APIs & Services > Credentials > Create Credentials > Service Account Key. Under Create service account key, select New Service Account from the dropdown and enter a project name and for role choose Owner > Create.
    • JSON private key file will be downloaded to your local machine that you will need.

For Javascript: In the index.js file you can do service account auth with JWT: 

const serviceAccount = {};       // Starts with {"type": "service_account",...

// Set up Google Calendar Service account credentials
  const serviceAccountAuth = new google.auth.JWT({
  email: serviceAccount.client_email,
  key: serviceAccount.private_key,
  scopes: 'https://www.googleapis.com/auth/xxxxxxx'
});

For Python: There's a Google Auth Python Library available via pip install google-auth and you can check out more here.

Solution 4

When you create the intentClient, use following:

key_file_path = "/home/user/folder/service-account-key.json";
client=dialogflow.IntentsClient({
        keyFilename: key_file_path
})

Intents list

Share:
10,843
Pranshu Dixit
Author by

Pranshu Dixit

Updated on June 15, 2022

Comments

  • Pranshu Dixit
    Pranshu Dixit about 2 years

    I'm trying to get the list of the intents in my Dialogflow agent using Dialogflow's V2 APIs but have been getting the following error:

    PermissionDenied: 403 IAM permission 'dialogflow.intents.list' on 'projects/xxxx/agent' denied.

    I adopted the following steps:

    1. I created a new agent(with V2 APIs enabled) and a new service account for it.
    2. I downloaded the JSON key and set my GOOGLE_APPLICATION_CREDENTIALS variable to its path.

    Following is my code:

    import dialogflow_v2 as dialogflow

os.environ["GOOGLE_APPLICATION_CREDENTIALS"]="/home/user/folder/service-account-key.json"

client=dialogflow.IntentsClient()

parent = client.project_agent_path('[PROJECT_ID]')

for element in client.list_intents(parent):
    pass

    I have made various agents and service accounts and even changed the role from Admin to Client but can't figure out any solution. I tried the following solution but didnt' work

    Tried Solution: DialogFlow PermissionDenied: 403 IAM permission 'dialogflow.sessions.detectIntent'

  • Pranshu Dixit
    Pranshu Dixit almost 6 years
    Hi @Armin_SC, thanks for the reply. I tried your approach but couldn't get it working for dialogflow. Can you please help me by referring to the following link? dialogflow.com/docs/reference/v2-auth-setup
  • Armin_SC
    Armin_SC almost 6 years
    In case you want to provide credentials separately from your application, I suggest you to set the GOOGLE_APPLICATION_CREDENTIALS environment variable by following the Setting the environment variable guide steps and create the .bashrc file as mentioned in the Dialogflow tutorial you provided previously; otherwise, the variable will apply only to the current shell session, so if you open a new session, set the variable again.
  • Pranshu Dixit
    Pranshu Dixit almost 6 years
    I have set the environment variable GOOGLE_APPLICATION_CREDENTIALS too. It is working for listing out the buckets but not for the Dialogflow API
  • Armin_SC
    Armin_SC almost 6 years
    You should to take a look on the DialogFlow V2 Authentication guide and StackOverflow post where is recommended to create the Dialogflow object by using the private_key, client_email information, as well as verify that your account has the required roles to perform these tasks.
  • str028
    str028 about 4 years
    Are you sure about Owner role ?
  • Yugo Gautomo
    Yugo Gautomo almost 4 years
    Yes, this solution also work within gcloud terminal $gcloud alpha dialogflow intents list --impersonate-service-account=[SERVICE_ACCOUNT]
  • lumayara
    lumayara about 3 years
    This was so helpful! Thanks!

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Add custom payload in Prompt (in Action and Parameters section) Dialogflow
Access denied (SA doesn't have storage.objects.create access) when trying to upload using a preSigned url to google cloud storage
Service account does not have storage.buckets.create access
How to integrate dialogflow with website?
How to Auth to Google Cloud using Service Account in Python?
service account does not have storage.objects.get access for Google Cloud Storage
Multiple Responses with Dialogflow (aka Api.ai)
gcloud: The user does not have access to service account "default"
What is the difference between Dialogflow bot framework vs Rasa nlu bot framework?
Cloud Build fails to deploy to Google App Engine - You do not have permission to act as @appspot.gserviceaccount.com