gRPC 7 PERMISSION_DENIED vs 9 FAILED_PRECONDITION
Both gRPC 7 (PERMISSION_DENIED) and 9 (FAILED_PRECONDITION) belong to the gRPC Status Codes category. 7 indicates that the caller does not have permission to execute the specified operation. This is not for unauthenticated callers — use UNAUTHENTICATED instead. Meanwhile, 9 means that the operation was rejected because the system is not in a state required for the operation's execution. For example, deleting a non-empty directory.
Mô tả
The caller does not have permission to execute the specified operation. This is not for unauthenticated callers — use UNAUTHENTICATED instead.
Khi bạn thấy mã này
The authenticated user lacks the required role, scope, or policy to perform this action. Different from UNAUTHENTICATED (code 16), which means no credentials at all.
Cách khắc phục
Verify the caller has the correct IAM role, API scope, or access policy. Check RBAC configuration on the server side.
Mô tả
The operation was rejected because the system is not in a state required for the operation's execution. For example, deleting a non-empty directory.
Khi bạn thấy mã này
The request is valid on its own, but the system's current state doesn't allow it — like trying to delete a non-empty directory or update a resource that has been modified concurrently.
Cách khắc phục
Bring the system into the required state before retrying. For example, empty the directory first, or re-read the resource to get the latest version before updating.
Sự khác biệt chính
gRPC 7: The caller does not have permission to execute the specified operation. This is not for unauthenticated callers — use UNAUTHENTICATED instead.
gRPC 9: The operation was rejected because the system is not in a state required for the operation's execution. For example, deleting a non-empty directory.
You encounter 7 when the authenticated user lacks the required role, scope, or policy to perform this action. Different from UNAUTHENTICATED (code 16), which means no credentials at all.
You encounter 9 when the request is valid on its own, but the system's current state doesn't allow it — like trying to delete a non-empty directory or update a resource that has been modified concurrently.
Khi nào dùng cái nào
For 7 (PERMISSION_DENIED): Verify the caller has the correct IAM role, API scope, or access policy. Check RBAC configuration on the server side. For 9 (FAILED_PRECONDITION): Bring the system into the required state before retrying. For example, empty the directory first, or re-read the resource to get the latest version before updating.