Menu
I am new to Google Cloud and BigQuery
I have a cloud instance with 2 projects. One is a Compute Engine project and another is a BigQuery project. I can successfully get an Access Token and also a refresh token from the Compute Engine project. However, when I attempt to access the BigQuery project, the error below occurs:
[email protected] does not have bigquery.jobs.create permission in project yyyy
I've created datasets in BigQuery, copied public data into each. I also confirmed the [email protected] is the owner for each of the datasets. I am able to successfully query the datasets.
In IAM, the [email protected] has the following:
roles/bigquery.user
roles/bigquery.admin
roles/bigquery.owner
roles/bigquery.viewer
I've reviewed the following links but the suggestions have not helped. Any ideas on how to resolve the error?
https://cloud.google.com/bigquery/docs/access-control
Google Big-query api 403-Forbidden Exception
Google API OAuth2, Service Account, "error" : "invalid_grant"
The user does not have bigquery.jobs.create permission in project gdelt-bq
Running queries in BigQuery without being a project User
https://github.com/getredash/redash/issues/1684
The user does not have bigquery.jobs.create permission in project gdelt-bq
Error :service account does not have bigquery.jobs.create permission
Although the error is not on the service account, I also reviewed: Error :service account does not have bigquery.jobs.create permission
The service accounts for both the Compute Engine project and the BigQuery
project have the following:
roles/bigquery.user
roles/bigquery.admin
roles/bigquery.data viewer
roles/bigquery.data editor
Thanks!
397
On the open sidebar, click the ⁺👤 ADD PRINCIPAL button to open the contextual menu: On the contextual menu, write the list of emails or Google groups that you want to grant access to, and select the right roles ( roles/bigquery. dataViewer role for query permissions, roles/bigquery.
View users and permissions for a projectClick Settings settings. The General settings page opens. Click Permissions. The Permissions page opens.
The bigquery.user and bigquery.admin roles both contain the bigquery.jobs.create permission, so either should be sufficient.
Please make sure that user [email protected] has those permissions on the project in which the job is being run (yyyy), which can differ from the project containing the data itself.
In particular, you can check the IAM policy on project yyyy by going here:
https://console.cloud.google.com/iam-admin/iam?project=yyyy
Once there, make sure that [email protected] has one of the two roles in that project.
158
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
