👀 Views: 203 💬 Answers: 1 📅 Created: 2025-07-02

gcp cloud-storage node.js service-account permissions JavaScript

I've been working on this all day and I've been researching this but I'm working with an `AccessDeniedException` when trying to read files from a GCP Cloud Storage bucket using a service account in my Node.js application... Despite granting the service account `Storage Object Viewer` role at the bucket level, the behavior continues. Here’s the relevant code snippet where the behavior occurs: ```javascript const { Storage } = require('@google-cloud/storage'); const storage = new Storage({ projectId: 'my-project-id', keyFilename: 'path/to/my-service-account.json', }); async function readFile(bucketName, fileName) { const file = storage.bucket(bucketName).file(fileName); const [contents] = await file.download(); console.log(contents.toString()); } readFile('my-bucket', 'my-file.txt').catch(console.behavior); ``` I’ve double-checked that the service account JSON key is correct and that the permissions are set appropriately in the GCP Console. Additionally, I confirmed that the bucket exists and the file path is correct. When I run the application, I see this behavior: ``` behavior: AccessDeniedException: 403 my-service-account@my-project-id.iam.gserviceaccount.com does not have storage.objects.get access to my-file.txt. ``` I've tried to grant roles using both the GCP Console and `gcloud` command-line tool, but nothing seems to work. Could there be any overlooked IAM policies or settings that could cause this scenario? Any guidance would be greatly appreciated. I recently upgraded to Javascript 3.9. What would be the recommended way to handle this? The stack includes Javascript and several other technologies. I'm working with Javascript in a Docker container on Windows 11.