Discovery Engine v1alpha: 403 Permission Denied listing agents with Viewer role

SumY · January 5, 2026, 8:11pm

I was trying to list all agents from the discoveryengine v1alpha REST endpoint. But I encountered a permission issue.

I am using a service account, when I assign it the Gemini Enterprise Editor (Beta) or Discovery Engine Editor IAM role, I can list agents successfully. However, when I change it to the Gemini Enterprise Viewer (Beta) or Discovery Engine Viewer, I receive the following error:

{
    "error": {
        "code": 403,
        "message": "User does not have permission to list all of the agents.",
        "status": "PERMISSION_DENIED"
    }
}

The documentation states the following:

IAM Permissions

Requires the following IAM permission on the parent resource:

discoveryengine.agents.list

Since the Gemini Enterprise Viewer (Beta) already includes the permission discoveryengine.agents.list, I don’t know why it isn’t working.

I also tried cloning the Gemini Enterprise Editor (beta) into a custom role. The process automatically removed resourcemanager.projects.list, and I still could not list the agents. I then combined the custom role with Browser role which has the resourcemanager.projects.list permission, but it still failed.

Any idea on how to use a Viewer role to list agents?

Topic		Replies	Views
Need Assistance: `discoveryengine.assistants.update` not listed in IAM Conversational Agents (Dialogflow CX) dialogflow	0	21	April 11, 2025
Need help with IAM on discoveryengine: 7 PERMISSION_DENIED: The caller does not have permission Custom ML & MLOps vertex-ai-platform	3	286	December 7, 2023
Ask_data_insights function of Big Query MCP Server: 403 Permission Denied Error Data Analytics bigquery , analytics-general	1	221	September 11, 2025

Discovery Engine v1alpha: 403 Permission Denied listing agents with Viewer role

IAM Permissions

AI Suggested topics