Permission given to service account is "owner" and "bigquery admin".
$bigQuery = new BigQueryClient([
'projectId' => 'project-xxx',
]);
$query = "SELECT * FROM `project-xxxx.analytics_xxx.events_xxx` where event_name='first_open' LIMIT 100";
$jobConfig = $bigQuery->query($query);
$queryResults = $bigQuery->runQuery($jobConfig);
print_r($queryResults);
when I try to execute above code its show below error:
{ "error":
{ "errors": [ { "domain": "global", "reason": "accessDenied",
"message": "Access Denied: Project project-xxxx: The user
[email protected] does not have
bigquery.jobs.create permission in project project-xxxx." } ],
}}
Jobs are actions that BigQuery runs on your behalf to load data, export data, query data, or copy data. When you use the Google Cloud console or the bq tool to perform one of these jobs, a job resource is automatically created, scheduled, and run. You can also programmatically create a load, export, query, or copy job.
View users and permissions for a projectClick Settings settings. The General settings page opens. Click Permissions. The Permissions page opens.
BigQuery lists jobs for all locations. Go to the BigQuery page. To list all jobs in a project, click Project history. If you aren't the project owner, you might not have permission to view all the jobs for a project.
After creating new service account with same permission as per previous account, its working. I don't know whats wrong with previous account. May be some issue from service account.
You need to specify the credentials of the service account as a parameter of the BigQueryClient
constructor.
You can do it with the keyFilePath
parameter:
$bigQuery = new BigQueryClient([
'projectId' => 'project-xxx',
'keyFilePath' => '/path/to/file.json'
]);
Also, check with this command that you granted the permissions to the service account:
gcloud projects get-iam-policy yourProjectID
EDIT:
Let's take a different approach creating a service account and granting permissions to it from scratch.
Create new service account:
gcloud iam service-accounts create [NAME]
Grant the permissions:
gcloud projects add-iam-policy-binding [PROJECT_ID] --member "serviceAccount:[NAME]@[PROJECT_ID].iam.gserviceaccount.com" --role "roles/bigquery.admin"
gcloud iam service-accounts keys create [FILE_NAME].json --iam-account [NAME]@[PROJECT_ID].iam.gserviceaccount.com
BigQueryClient
contructor and run your code.If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With