Google Analytics API: "User does not have sufficient permissions for this account."

发布于 2014-01-06 21:52:09

I'm writing a Ruby app that accesses the Google Analytics API to pull down some experiment information.

The app connects and authenticates using a Google Service Account via the following function:

def connect
  ...
  @@client = Google::APIClient.new(:application_name => 'My Service App', 
                                    :application_version => '1.0.0')
  key_file = Rails.root.join('config', 'privatekey.p12').to_s
  key_secret = 'somesecret'
  key = Google::APIClient::PKCS12.load_key(key_file, key_secret)
  asserter = Google::APIClient::JWTAsserter.new(
    SECRETS[:google_service_account_email],
    ['https://www.googleapis.com/auth/yt-analytics.readonly',
     'https://www.googleapis.com/auth/analytics.readonly'
    ],
    key
  )
  @@client.authorization = asserter.authorize()
  ...
end

...which authenticates and discovers both APIs without issue.

Using the client against the YouTube Analytics API works without issue. Using the same exact account to access the Analytics API via...

response = @@client.execute({
  # 'analytics is the API object retrieved via discover_api()
  :api_method => analytics.management.experiments.list, 
  :parameters => {
    'accountId' => 'AAAAAAAA',
    'profileId' => 'PPPPPPPP',
    'webPropertyId' => 'UA-WWWWWWWW-#'
  }
})

Results in a 403 error response:

{"domain":"global","reason":"insufficientPermissions","message":"User does not have sufficient permissions for this account."}

In regards to authorization, I have double-checked the account service@myapp.com:

Has full permissions to the Google Analytics web interface. I logged in using the service@myapp.com account and was able to view the same Experiments I attempted to list.
Has enabled the Analytics API. Within the API Console, I confirmed in the Services section that the Analytics API item is switch to ON. (Just like YouTube Analytics is.)
I am using the appropriate AccountID, ProfileID, and WebPropertyID values. Copied directly from the Google Analytics web interface.

Given that the service account can access at least one API (YouTube Analytics), and the associated account (service@myapp.com) can access the Analytics web interface, there seems to be something wrong with the service account accessing the Analytics API in particular.

Any ideas?

Similar topics:

“Not sufficient permissions” google analytics API service account (NOTE: This error is slightly different than mine)
Analytics blog post, check comments section for 'permissions'

Questioner

David Elner

Viewed

Original

andygeers 2014-07-23 13:11:26

One extra gotcha: make sure you do this at the "Property" level and not at the "View" level (Google Analytics's admin interface is a little confusing at this point)

tugberk 2014-10-16 19:34:53

@andygeers thanks for this little tip! very helpful indeed :)

Chris 2015-02-20 01:27:04

So I did this and it's still not working for me. Any other suggestions?

ignacio chiazzo 2015-12-08 15:32:09

where is this? I didn't find the admin section

hatirlatici 2020-09-28 19:04:09

Still helpful, Thank you!

Google Analytics API: "User does not have sufficient permissions for this account."

热门帖子

热门github