We've moved!
You can find our new documentation site and support forum for posting questions here.

Permissions for grantGoogleRoleToUser

Hello, I'm trying to make modifications to the underlying Google project for a Firecloud billing project. I am the owner of the billing account on Google, and the project on Firecloud, so I figured I would also have ownership of the Google project. After reading your docs, I found the grantGoogleRoleToUser endpoint, and thought that I would be able to grant myself permissions to the Google project. However, when I tried the command to grant myself "Owner", the command failed saying that I must be project Owner:

In [21]: fc.__get('me', root_url="https://api.firecloud.org/").json()
{'enabled': {'allUsersGroup': True, 'google': True, 'ldap': True},
 'userInfo': {'userEmail': '[email protected]',
  'userSubjectId': '107298085759454757409'}}

In [22]: fc.__put('billing/graubert-rnaseqc-trial/googleRole/Owner/[email protected]').json()
{'causes': [],
 'message': 'You must be a project owner.',
 'source': 'rawls',
 'stackTrace': [],
 'statusCode': 403,
 'timestamp': 1540332396202}

If that's the case, who is the desired user of this command? How would I go about gaining access to the Google project for a Firecloud billing project that I own?

Any help would be appreciated

For reference, the Firecloud/Google account I'm using for this is: [email protected]
and the Google project/Firecloud billing project is: graubert-rnaseq-trial


Best Answer


  • agraubertagraubert Member, Broadie

    I found the typo in my POST url, which was referring to a billing project that doesn't exist. However, now the error is 'Cannot alter Google role Owner: not in list [bigquery.jobUser]'. There's a mention of a whitelist in the docs, so I'll assume that's it. Is there any automated way to modify my own permissions on the project?

  • SChaluvadiSChaluvadi Member, Broadie, Moderator admin

    @agraubert - I am having the team take a look and will be in touch shortly.

  • SChaluvadiSChaluvadi Member, Broadie, Moderator admin

    @agraubert Since we haven't heard back from you, we will be closing this ticket and marking the previous reply as "accepted". If you have more questions, please feel free to reply back!

Sign In or Register to comment.