I created an API key under a service account for a project. I then set it to restricted giving it:
List Models: Read
Model Capabilities
/v1/responses: Write
If I make an api request to /v1/responses with the key I get this error:
You have insufficient permissions for this operation. Missing scopes: model.request. Check that you have the correct role in your organization (Reader, Writer, Owner) and project (Member, Owner), and if you’re using a restricted API key, that it has the necessary scopes.
I do not see an option for model.request permission. I only make basic requests to the /v1/responses endpoint. What permissions are actually required for a basic request?
If I change the permissions to “All” then it works, but I cant get it work work when trying to restrict its access down to the necessities.
If you first set “Model Capabilities” to “Request”, then unset any permissions you don’t want it works correctly. In both cases it shows “Mixed” for that which is very confusing.
Indistinguishable permissions - yet one works and the other doesn’t.
For a company with so much money and talent it really is incredible that so many issues like this exist with OpenAI where the root cause was poor implementation and inadequate QA. Once again the customers are beta testers and are expected to do the work in solving these problems themselves.
@vb You had mentioned on another thread I posted this solution to that you were going to pass this along to the dev team. Any update on getting this changed? While the solution works, its tedious and impossible to look at a key and see if you set it up correct. I just found 1 out of 40 that’s been erroring for the last month because I guess I didn’t do it correctly. Would love to still see this process be easier and it clearly is tripping up people.
I just created a new key today and did the usual. But now it seems that its no longer keeping the model capabilities as request when changing a sub permission. Since it changes to mixed, from what I can tell model.request is no longer being set.
The only way I can get a key to work is to leave every permission enabled, which completely defeats the whole point of these sub permissions. The UI really needs to be changed as it clearly is even confusing OpenAI devs on how it functions.
I’ve removed my answer as the marked solution. Previous keys that were set still work.
Hey everyone, We are happy to help with this issue but in order for us to fix it. Can anyone please open a support ticket with us (support@openai.com) and provide reproduce steps, org_id, last 4 digits of the key. Please DO NOT share these details here but share it in the support request. Please also share the case ID/case subject for the support request so we can track it. Thank you!
I encounter this issue as well when I try to switch to restricted permissions. As a frontend dev, I do a quick look, and here are the steps to reproduce the issue:
Create a new key.
Click “Restricted”, now everything is unselected.
Expand “Model capabilities” to show the sub capabilities (not the dropdown).
Click the dropdown of “Chat Completions” and select “Request”.
The “Model capabilities” become “Mixed” and when scroll down to the bottom, it says “1 selected permission”.
In the devTools, when I inspect the selected scope, there is only "api.model.chat_completions.request", but the "api.model.request" and "model.request" are missing.
