I'm trying to figure out how the google translate API works. I have little experience with google cloud api.
I'm getting this error: PERMISSION_DENIED: Cloud IAM permission 'cloudtranslate.generalModels.predict' denied.
My questions:
Why do I need this permission? I am setting source and target language in my code. There is actually nothing to perdict.
How to get this solved? I assume based on related questions that I have to give my service account these permissions, but I haven't figured out how to do this in the console. In the service account tab I cannot link permissions. In the roles tab I created a role with these permissions, but I wasn't able to link it to my service account.
try (TranslationServiceClient client = TranslationServiceClient.create()) {
// Supported Locations: `global`, [glossary location], or [model location]
// Glossaries must be hosted in `us-central1`
// Custom Models must use the same location as your model. (us-central1)
LocationName parent = LocationName.of(projectId, "global");
// Supported Mime Types: https://cloud.google.com/translate/docs/supported-formats
TranslateTextRequest request =
TranslateTextRequest.newBuilder()
.setParent(parent.toString())
.setMimeType("text/plain")
.setTargetLanguageCode("de")
.setSourceLanguageCode("en")
.addContents("Hello World")
.build();
TranslateTextResponse response = client.translateText(request);
// Display the translation for each input text provided
for (Translation translation : response.getTranslationsList()) {
System.out.printf("Translated text: %s\n", translation.getTranslatedText());
}
}
Cloud Translation API internally uses Google NMT(Neural Machine Translation) to translate the text which automatically predicts the text and translates it in another language. It was developed to increase fluency and accuracy. GNMT uses a large artificial neural network. This permission is required to predict the text internally in order to predict the languages.
Google has created predefined roles which are given granular access using permissions to prevent unwanted access to other resources. For giving permissions to service account, you can follow the below steps :
Search for the roles which have the permission
cloudtranslate.generalModels.predict in this page.
Go to the IAM & Admin page in the console and search for the service
account to which you wanted to add the roles.
Click on the pencil icon present at the rightmost column.
Add the specific roles to the service account which contain the
above permission and save it.
If you have created specific role, then you can search the role in
the custom roles and add the role and save it.
You can check the image below showing the pencil icon.
The below image shows the edit permission page.
Related
This question might be borderline for here.
I am trying to get the API key for Google Cloud Vision. However, when I go to create an API key, that is not shown (only OAuth and serviced accounts are available).
How can you go around it?
Click the link "Credentials in APIs & Services" to create API Keys.
You'll need to choose the correct project but the link should be:
https://console.cloud.google.com/apis/credentials
API Keys are Project not API specific; the name makes this confusing, admittedly.
However, once you create a Project-specific API key, you can edit and should add API restrictions and you can select the Vision API there.
I encourage you to add Application restrictions too.
CAUTION You want to make the restrictions as restrictive as you possibly can. API Keys are bearer tokens and, by their nature, are often distributed. Anyone that holds the API Key (token) can access the project resources that its use confers.
You can use a Google Cloud console API key to authenticate to the Vision API. Follow the instructionsVision API -> Using an API key and Creating an API key
You can create a Key following the next instructions:
First you need to create a Service account as:
Then you need to specify the Service account name and ID, and you can add a description such as:
You click create and continue then you need to add the roles to the service account that you need just to show you I added Editor role:
Then I clicked done, and it created me a Service account then you need to click on the email of the service account.
There is an option menu on the top you click on Key, and then you click on ADD KEY.
Finally you have to choose the Key type that can be JSON or P12.
I'm trying to create my first project in google cloud with organization's administrator account. I have access to the administrator's email and passwords and I am logging in with that account to do so. The problem is that when I click on create new project I receive the following error:
There was an error while loading /home/dashboard?project=proven-now-305315&authuser=1.
You are missing at least one of the following required permissions:
Project
resourcemanager.projects.get
Check that the project ID is valid and you have permissions to access it. Learn more
Send feedback
The detail is that in my resource administration panel I already gave the permission that they ask me to the resource as shown in the following image:
As I have read, the project IAM Admin role should grant the resourcemanager.projects.get role and as you can see in the image the resource rcv # .. which is the administrator has it activated, however I keep trying to create a new project and it doesn't allow me to do it. Any idea?
In case anybody else, like me, reaches this answer, I want to point out that the accepted answer is correct, but for me I had to also make sure that within the settings, I ensured that Project Creation Settings on the right pane and under the section of Cloud Resource Manager Api Settings was set to on. It was turned off by default. Many people on my team overlooked this as it is significantly smaller text.
This may be an option that was not present before or it was turned on by default in the past. For us, it was turned off.
Please refer to the included image for a visual representation of the
settings that need to be turned on.
The problem was for some reason the Google Cloud was disable for all users, I solved following this instructions. Solved with this!
To activate this service, please follow the steps:
Access the admin console and go to Apps -> Additional Google Services
Look for the service “Google Cloud Platform” and click on the box next to it
In to top right corner click in “ON”
Confirm you want to turn it on in the pop-up box.
I'm trying to secure some REST URLs that are present in my ApiController.php so that users with certain privileges can access these REST APIs.
I created some users and assigned them with some Roles using the below link:
https://www.drupal.org/docs/user_guide/en/user-concept.html
As you can see, I'm creating roles in Drupal Admin following below steps:
Drupal UI → People → Role → Add New Role // line 4
After that, I added a few permissions in permission.yml:
xyz.permissions.yml
edit permission:
title: 'edit permission'
And updated routing file to secure APIs:
xyz.routing.yml
xyz.update:
path: '/update'
_controller: 'ApiController::update'
_permission: 'edit permission'
This is working fine. i.e. users that have "edit permission" can access URL "/update".
But, I don't want to do step on line 4 rather I would like to use some .yaml file to create Roles.
Is it possible to create/manage Roles using a .yaml file?
Role creation can be done through install and uninstall process of module but not possible through Yaml file.
Is anyone aware of any Google API with the user scope (NOT the Admin API in the Directory SDK) that allows you to retrieve the custom employee attributes?
The G+ API seems to skip these
https://developers.google.com/+/web/api/rest/latest/people#resource
Our issue is that we don't want to grant access to the developer console, but rather do this PER-USER. I.E. a user logs into our app and we display to her the custom attributes for her G Suite account, but we do this as her (not as an approved API scope via the dev console).
Leaving this answer for anyone like me who finds this question.
The Directory API allows a user to query the custom attributes for their account even without any admin permissions at all.
https://developers.google.com/admin-sdk/directory/v1/reference/users/get
You need to ensure that projection is set to full and viewType is set to domain_public.
You may need to check the permissions for reading the custom attributes to ensure that a user is allowed to see theirs. We do this in the Google Cloud Directory Sync.
I have role named "GCP US Alias and Redirect" and I have given full access permission for "/sitecore/system/Aliases" and its descendants as in screen shot below.
Now I have assigned "GCP US Alias and Redirect" role to a user, When I login to sitecore as "GCP US Alias and Redirect" user I don't see "/sitecore/system" folder. I can just see "/sitecore/content" folder as in below screen shot.
I can see System folder when searched it by GUID as shown in below screen shot.
What do I do to make it visible at initial place when I open content editor?
Switch to the View tab and select Hidden items and Entire tree checkboxes. They are unchecked by default for non-admin users.
If you don't see the View tab, make sure that either your role has Read access to it (/sitecore/content/Applications/Content Editor/Ribbons/Ribbons/Default/View and /sitecore/content/Applications/Content Editor/Ribbons/Chunks/View in core database) or that your role inherits from e.g. sitecore\Sitecore Client Designing role (check if that role doesn't have too much access rights for your custom role first).