I have the following bug for User:
Access Denied: Project [project]: User does not have bigquery.jobs.create permission in project [project]
I want to share for User only one Dataset.
So what I have done:
- In IAM this User has Roles: BigQuery Job User, Create Service Accounts, Service Account Key Admin;
- In Service account this User has Roles: Create Service Accounts, Editor, Service Account Key Admin;
- On Dataset Sharing this User has Roles: BigQuery User, BigQuery Data Viewer, BigQuery Data Editor
This User generated a Key-file and use it in Python in
service_account.Credentials.from_service_account_file("key.json")
BUT User get an error: does not have bigquery.jobs.create permission
I don't know what I shoul make else to grant him permissions. I'm afraid that I can open him all the Project datasets.
Here are all permissions for User@gmail.com (with service acount loginSA): Report on query results: Role grant
| projects/[myproject]/datasets/shared_reports/tables/table1 | BigQuery Data Viewer |
| projects/[myproject]/datasets/shared_reports/tables/table2 | BigQuery Data Viewer |
| projects/[myproject]/datasets/shared_reports/tables/table3 | BigQuery Admin |
| projects/[myproject]/datasets/shared_reports/tables/table3 | BigQuery Data Editor |
| projects/[myproject]/datasets/shared_reports/tables/table3 | BigQuery Data Viewer |
| //iam.googleapis.com/projects/[myproject]/serviceAccounts/loginSA@[myproject].iam.gserviceaccount.com | Editor |
| projects/[myproject]/datasets/shared_reports | BigQuery Data Editor |
| projects/[myproject]/datasets/shared_reports | BigQuery Data Viewer |
| projects/[myproject]/datasets/shared_reports | BigQuery User |
| [Project Name] | BigQuery Job User |
| [Project Name] | Create Service Accounts |
| [Project Name] | Service Account Key Admin |
