1

I followed the Get started with Cloud Firestore guide:

https://firebase.google.com/docs/firestore/quickstart

here is the code:

import firebase_admin
from firebase_admin import credentials
from firebase_admin import firestore

cred = credentials.Certificate("PATH TO KEY")
firebase_admin.initialize_app(cred)

db = firestore.client()
users_ref = db.collection(u'users')
docs = users_ref.stream()

for doc in docs:
    print(f'{doc.id} => {doc.to_dict()}')

I've tried to set DB rules to test mode for read-write access , and I created an IAM user and generated a key but nothing seems to work.

Here is the error message:

raise _InactiveRpcError(state)
grpc._channel._InactiveRpcError: <_InactiveRpcError of RPC that terminated with:
        status = StatusCode.PERMISSION_DENIED
        details = "Missing or insufficient permissions."
        debug_error_string = "{"created":"@1598292572.851377000","description":"Error received from peer ipv4,"file":"src/core/lib/surface/call.cc","file_line":1062,"grpc_message":"Missing or insufficient permissions.","grpc_status":7}

google.api_core.exceptions.PermissionDenied: 403 Missing or insufficient permissions.

Thank you.

NyaSol
  • 537
  • 1
  • 5
  • 21
  • 1
    do you get error message? Always show full error message in question (not comment) as text (not image). – furas Aug 23 '20 at 22:48

3 Answers3

3

I solved it by generating a service account key from the firebase console instead :

Firebase Console > Project Settings. Then selecting Service accounts and clicking Generate new private key. This will produce a .json file with the credentials needed to access the Firebase project.

The problem was with my user permissions, here is a reference: https://en.proft.me/2020/05/4/getting-started-firestore-using-python/

NyaSol
  • 537
  • 1
  • 5
  • 21
  • 1
    I tried these two ways and only one worked for me. Both IAM accounts had the same permissions (project owner). 1. Use my IAM user with project owner permissions. This would not work 2. Use an SA with project owner permissions. This **did** work. I set perms through the GCP Console UI. Did not need to go to the firebase console. – gavinest Jan 17 '22 at 22:02
2

Make sure the Service Account you are using has the Cloud Datastore User role (roles/datastore.user) - don't mind the name Datastore, it's the legacy name.

This way you can use a Service Account that is not Firebase Admin's default (you might want more granular control on the list of permissions)

partmor
  • 71
  • 1
  • 3
-1

From the code you gave, the "PATH TO KEY" is not filled in. Not having a valid path to the generated credentials file might cause this error.

Brett S
  • 579
  • 4
  • 8
  • Of course, I set the path to the JSON key path I downloaded from GCP, "PATH TO KEY HERE" is just a placeholder to make it more readable – NyaSol Aug 24 '20 at 18:08