USER_PERMISSION_DENIED under child account

[Pedro Armando Miranda Gomes]

I have a main account to which I have admin access, when I try to manipulate the sub-accounts via api I am getting a permission denied error, this only works if I have the specific permission for each sub-account, is there any possibility to manipulate these accounts via api only with the permission on main account

[Google Ads API Forum Advisor]

Hi Pedro,

Thanks for reaching out to the Google Ads API Forum.

The USER_PERMISSION_DENIED error usually indicates that the user / email address you used to generate your OAuth2 credentials does not have access to the customer ID you specified in your request. When a manager account that is higher in the account hierarchy. For example, let's say you have Manager Account M1, Manager Account M2, Client Account C1, and Client Account C2. The tree could look like this.

 

        M1

     /       \

M2         C1

  |

C2

 

In this case, M1 would be the highest manager account, and you could use a refresh token from this account to make requests to M2, C1, and C2.

You may double check if the user / email address you used to generate your OAuth2 credentials indeed has access to the specified "login-customer-id" as MCC / manager account.

That said, you will need to ensure that the user / email address you used to generate the credentials indeed has access to the account in your request. If the user / email address has access or is associated to the MCC / manager account, you will need to specify the said MCC / manager account's ID as the value of the login-customer-id field.

Also, you may check the MCC ID that used as "login-customer-id" in your request on Ads UI , and your email address used to generate OAuth credentials is listed under the Users or Users In Manager Accounts tabs in the Access and Security page, which lists all users that have permission to make changes to the Ads account and its children.

Thanks,

Yasar Google Ads API Team

 

 

ref:_00D1U1174p._5004Q2dJMAj:ref