I created an API key under a service account for a project. I then set it to restricted giving it:
List Models: Read
Model Capabilities
/v1/responses: Write
If I make an api request to /v1/responses with the key I get this error:
You have insufficient permissions for this operation. Missing scopes: model.request. Check that you have the correct role in your organization (Reader, Writer, Owner) and project (Member, Owner), and if you’re using a restricted API key, that it has the necessary scopes.
I do not see an option for model.request permission. I only make basic requests to the /v1/responses endpoint. What permissions are actually required for a basic request?
If I change the permissions to “All” then it works, but I cant get it work work when trying to restrict its access down to the necessities.
If you first set “Model Capabilities” to “Request”, then unset any permissions you don’t want it works correctly. In both cases it shows “Mixed” for that which is very confusing.
Indistinguishable permissions - yet one works and the other doesn’t.
For a company with so much money and talent it really is incredible that so many issues like this exist with OpenAI where the root cause was poor implementation and inadequate QA. Once again the customers are beta testers and are expected to do the work in solving these problems themselves.
