I have recently encountered this error when using gsutil to download a cohort:
AccessDeniedException: 403 [my_email_address](mailto:my_email_address) does not have storage.objects.list access to the Google Cloud Storage bucket.
I checked my current permissions for the Storage Object Viewer role, and
storage.objects.list does appear in the list.
Was that for the bucket/objects referenced from the manifest you created in the user portal or some other bucket you own?
Can you confirm you do not have any items in your cohort that include “limited access” collections?
I can put together a query to do this in a moment …
This was from querying
bigquery-public-data.idc_current.dicom_all. I just checked the set of collection_ids in my cohort and confirmed that one was in the limited access collection.