Stay organized with collections
Save and categorize content based on your preferences.
Insights uses per-project
service accounts to
access resources in the customer project—such as audio and transcript files in your Google Cloud storage bucket—during
analysis. Each project's service account is automatically created the first time you
access any user resources. By default, the service account is
automatically given some default access—such as Google Cloud storage access—to the project.
After you create your first analysis, you should see the service account
permissions in your project's IAM settings. If you accidentally remove or don't see the
service account permissions, then you can manually give it access to the correct permissions. The account
always has the form:
To change an account's permissions manually, navigate to the IAM panel of the
Insights console and give that user the
contactcenterinsights.serviceAgent
permission. The service account can also be given fine-grained permissions, though too many of these can lead to instability.
If you see an error message like the following, first verify that your Insights service account exists in your IAM configuration.
"message": "IAM permission 'dialogflow.participants.suggest' on 'projects/<project>/locations/global/conversations/fake_conversation_id/participants/fake_participant_id' denied."
Then, make sure Include Google-provided role grants is checked:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-05 UTC."],[[["Insights utilizes per-project service accounts to access customer project resources, such as audio and transcript files in Google Cloud storage."],["Each project's service account is automatically created upon the first access to any user resource and has default access."],["Service account permissions can be manually adjusted in the project's IAM settings using the contactcenterinsights.serviceAgent permission."],["The service accounts follow the following format: service-\u003cproject_number\u003e@gcp-sa-contactcenterinsights.iam.gserviceaccount.com."],["If encountering an IAM permission error, verify the Insights service account exists and that **Include Google-provided role grants** is checked."]]],[]]
