This post is for cases where you come across error 303 (PermissionDenied) but are sure that your user has adequate permissions.
One thing you should check is the function you use to sign in. If you are using SignInReadOnly, it may be causing the error, even if you are not calling an edit function.
SignInReadOnly works by signing you in with a reduced set of permissions. As you may already know, each web service function has a permission requirement. If your signed-in user doesn't meet that requirement, it's an error 303.
SignInReadOnly will remove every permission that is related to editing, but there are some cases where a Get function requires one of these permissions. As a result, the Get fails even though it is technically a read-only function.
Unfortunately, there is no way for you to see your active permission set. AdminService.GetPermissionsByUserId(..) will only tell you your permission set under normal sign in conditions. The best thing you can do is try a regular sign in and see if that fixes things.