Hello Support Team,
I am experiencing a critical issue with my Google Cloud project:
Project ID: bengaluru-city-pulse-hackathon
My account: (PII Removed by Staff) (listed as Owner in IAM)
Problem:
The project is visible and active in the Google Cloud Console.
I am listed as Owner, Service Usage Consumer, and Vertex AI User in IAM.
However, all gcloud CLI/API calls (e.g., gcloud projects describe, gcloud iam service-accounts list) return errors such as: PS C:\Users\eshhb\bengaluru-city-pulse-hackathon> gcloud projects describe bengaluru-city-pulse-hackathon
ERROR: (gcloud.projects.describe) [bbathula00@gmail.com] does not have permission to access projects instance [bengaluru-city-pulse-hackathon] (or it may not exist): The caller does not have permission. This command is authenticated as bbathula00@gmail.com which is the active account specified by the [core/account] property
The project is active and visible in the Console
My IAM roles
The CLI error message
What I’ve Tried:
Logging out and back in (Console and CLI)
Waiting for IAM propagation
Verifying all roles and permissions
Testing from different networks and browsers
Attempting to enable APIs and set quota project
Running all relevant gcloud commands
Request:
Please investigate and resolve this backend inconsistency. I need to access my project via the API/CLI for development, but am completely blocked.
Thank you!
Hi @bathula-kumar ,
Welcome to Google Cloud Community!
Here are some possible solutions you may consider for your case:
- Use Google Cloud Policy Troubleshooter: Since your
gcloud CLIis experiencing issues, perform this directly within the Google Cloud Console. In the Console, navigate to IAM & Admin > Policy Troubleshooter. Enter the affected resource and your account to see detailed permission explanations. - Review Cloud Audit Logs: To see exactly why your API calls are failing, use the Google Cloud Console’s Logs Explorer. Navigate to Logging > Logs Explorer in the Console. Filter logs for the relevant service and time to identify errors.
- Reset gcloud Credentials: While your
gcloud projects describeandgcloud iam service-accounts listcommands are failing due to API permission checks, thegcloud authcommands primarily manage your local credentials and initiate a browser-based authentication flow. These commands often still function. Start by runninggcloud auth revoke --allto clear all cached credentials, thengcloud auth loginto re-authenticate your account and obtain new, valid tokens. If you use Application Default Credentials (ADC), also rungcloud auth application-default login. After re-authentication, retry your gcloud commands. - Check Organization Policies: Organization Policies can impose restrictions that override project-level permissions, even for Project Owners. In the Console, navigate to IAM & Admin > Organization Policies. Review policies applied at higher levels in your resource hierarchy that might be affecting your project. Note that Project Owners typically lack the necessary permissions to view or modify these directly, so you may need to involve an Organization Administrator.
If you are still experiencing issues after following the suggestions above, and if you have a support package, I recommend reaching out to Google Cloud Support for further assistance. They have the tools, access to more detailed diagnostics, and expertise to delve deeper into the problem and can provide tailored guidance for your specific solutions.
Was this helpful? If so, please accept this answer as “Solution”. If you need additional assistance, reply here within 2 business days and I’ll be happy to help.