</>
ProtocolCodes
English العربية Deutsch Español Français हिन्दी Bahasa Indonesia 日本語 한국어 Português Русский ไทย Türkçe Tiếng Việt 简体中文
gRPC

gRPC 2 UNKNOWN vs 7 PERMISSION_DENIED

Both gRPC 2 (UNKNOWN) and 7 (PERMISSION_DENIED) belong to the gRPC Status Codes category. 2 indicates that an unknown error occurred. This may be returned when a server raises an exception that doesn't map to any known gRPC status code. Meanwhile, 7 means that the caller does not have permission to execute the specified operation. This is not for unauthenticated callers — use UNAUTHENTICATED instead.

2 UNKNOWN
gRPC

Description

An unknown error occurred. This may be returned when a server raises an exception that doesn't map to any known gRPC status code.

When You See It

The server threw an unhandled exception or returned an error that gRPC couldn't classify into a more specific status code.

How to Fix

Check the server logs for the underlying exception. Wrap server-side errors with explicit gRPC status codes instead of letting them bubble up as UNKNOWN.

7 PERMISSION_DENIED
gRPC

Description

The caller does not have permission to execute the specified operation. This is not for unauthenticated callers — use UNAUTHENTICATED instead.

When You See It

The authenticated user lacks the required role, scope, or policy to perform this action. Different from UNAUTHENTICATED (code 16), which means no credentials at all.

How to Fix

Verify the caller has the correct IAM role, API scope, or access policy. Check RBAC configuration on the server side.

Key Differences

1.

gRPC 2: An unknown error occurred. This may be returned when a server raises an exception that doesn't map to any known gRPC status code.

2.

gRPC 7: The caller does not have permission to execute the specified operation. This is not for unauthenticated callers — use UNAUTHENTICATED instead.

3.

You encounter 2 when the server threw an unhandled exception or returned an error that gRPC couldn't classify into a more specific status code.

4.

You encounter 7 when the authenticated user lacks the required role, scope, or policy to perform this action. Different from UNAUTHENTICATED (code 16), which means no credentials at all.

When to Use Which

For 2 (UNKNOWN): Check the server logs for the underlying exception. Wrap server-side errors with explicit gRPC status codes instead of letting them bubble up as UNKNOWN. For 7 (PERMISSION_DENIED): Verify the caller has the correct IAM role, API scope, or access policy. Check RBAC configuration on the server side.

Learn More

2 UNKNOWN gRPC 7 PERMISSION_DENIED gRPC