PERMISSION_DENIED Error when changing google account role

[Tomas Guerra]

Hi,

In the company I'm working, we have a service that interacts with the Google Ads API using one of the client libraries. To do so, we have a Google Ads Manager account, in which many google accounts have Owner/Admin rights. The service works alright and we are able to make requests of all kinds (listing and mutations). 

However, when we remove the admin role of one specific Google account (we set its permissions to Billing reports only), the API responds with the error "PERMISSION_DENIED, Fault: The caller does not have permission." when trying to make mutations (UserListService/MutateUserLists, for example). There is no problem to continue doing list operations (e.g.: CustomerService/ListAccessibleCustomers or GoogleAdsService/Search). But cannot make mutations.

When we set back the Owner/Admin permissions on this Google account, the service continues working correctly.

Do you know what could be happening here? Is there any way that the Google Ads account has a unique "superadmin"? and if this "superadmin" account is removed then the API calls done with the developer token has its permissions revoked?

As I mentioned before, there are many other Google accounts that remain as Owners/Admin, but when changing only this one, this starts to happen

Thanks a lot for your help

[Google Ads API Forum Advisor]

Hi Tomas,

If the removed user was the user that created the Cloud Console project used to generate the OAuth credentials, then this would explain the error you mentioned. You can leave that user with Admin or Standard access in the account, or you can create a new Cloud Console API project with new OAuth credentials, with a new user. 

If you continue to have issues, please privately reply with your request and response logs.

Regards,
Matt
Google Ads API Team

Matt Google Ads API Team

ref:_00D1U1174p._5004Q2W3oI8:ref