Skip to main content

Hi,

 

I am trying to apply my terraform code to create access scopes in SecOps SIEM and I get the following error even though the service account running this has the Chronicle API admin and Security Admin roles assigned:

 

│ Error: Error creating DataAccessScope: googleapi: Error 403: Permission 'chronicle.dataAccessScopes.create' denied on resource '//chronicle.googleapis.com/projects/<project name>/locations/europe-west3/instances/<customer ID>' (or it may not exist).

│ Details:

│ >

│ {

│ "@type": "type.googleapis.com/google.rpc.ErrorInfo",

│ "domain": "chronicle.googleapis.com",

│ "metadata": {

│ "permission": "chronicle.dataAccessScopes.create",

│ "resource": "projects/<project name>/locations/europe-west3/instances/<customer ID>"

│ },

│ "reason": "IAM_PERMISSION_DENIED"

│ }

│ ]

│ with google_chronicle_data_access_scope.data_access_scopea"scope-vg-cs"],

│ on main.tf line 69, in resource "google_chronicle_data_access_scope" "data_access_scope":

│ 69: resource "google_chronicle_data_access_scope" "data_access_scope" {

 

What am I missing please?

 

Thanks

 

Quick check: where you see ‘projects/<project name>/locations/europe-west3/instances/<customer ID>’ in the error does it actually include your project name and customer ID? or does it include the placeholders?

Quick check: where you see ‘projects/<project name>/locations/europe-west3/instances/<customer ID>’ in the error does it actually include your project name and customer ID? or does it include the placeholders?

Hi ​@JeremyLand, thanks for your reply. I had the correct project ID and customer ID. This has now been resolved, there was a permission issue with PAM, delaying the approval.

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.