Permission Denied

[Dmitry Trager]

After switching from AdWords API to Google Ads API we started to get a lot of error for our clients:

{"created":"@1651037629.519404470","description":"Error received from peer ipv4:172.253.122.95:443","file":"src/core/lib/surface/call.cc","file_line":1074,"grpc_message":"The caller does not have permission","grpc_status":7}

This happens for many simple search requests to google_ads service.

There were no errors before.

What should we do? It is possible to fix?

Thanks

[Dmitry Trager]

We are using google-ads-ruby by the way.

[Google Ads API Forum Advisor]

Hi,

Thank you for reaching out to the Google Ads API support team.

To investigate the issue further, could you please provide the complete request and response logs, with the request-id? If you haven't yet, logging can be enabled by navigating to the Client libraries > Your client library (ex. Java) > Logging documentation, which you can access from this link. You can provide it via Reply privately to author option. If this option is not available, then send it instead on this email address googleadsa...@google.com.

Thanks,

Nirmita Google Ads API Team

ref:_00D1U1174p._5004Q2aO4QV:ref

[Dmitry Trager]

Please, confirm that you've received my private response

[Google Ads API Forum Advisor]

Hi,

Thank you for reaching out.

We have received logs. Upon taking look at your logs, I can see that the client have encountered the AuthorizationError.USER_PERMISSION_DENIED error. Kindly note that you may receive the error ‘USER_PERMISSION_DENIED’ when a user doesn't have permission to access a customer and you’re accessing a client customer using 'login-customer-id’ in the request. 

That being said, you will need to ensure that the user / email address you used to generate the credentials indeed has access to the account in your request. If the user / email address has access or is associated with the MCC / manager account, you will need to specify the MCC / manager account's ID as the value of the login-customer-id field.