Reputation: 17282
How to give service account access to two projects?
Using Google Cloud, there exists a BigQuery View table that queries two projects.
However, on the project where the view is located, we wish to run a query against it from Airflow/Composer. Currently it fails with a 403.
AFAIK it will use the default composer service account - however it doesn't have access to the 2nd project used in the sql of the view.
How do I give composer's service account access to the second project?
Upvotes: 1
Views: 1473
Answers (2)
Reputation: 75970
Think about a service account like a user account: you have a user email that you authorize on different project and component. Exactly the same thing with the service account email.
The service account belongs to a project. An user account belongs to a domain name/organisation. No real difference at the end.
So, you can use a service account email like any user accounts:
- Grant authorization in any project
- Add it in Google Groups
- Even grant it viewer or editor role on GSuite document (Sheet, Docs, Slides,...) to allow it to access and to read/update these document!! Like any users!
EDIT
With Airflow, you can defined connexions and a default connexion. You can use this connexion in your DAG and thus use the service account that you want.
Upvotes: 2
Related Questions
- Google Cloud Platform Service Account is Unable to Access Project
- Restrict service account in organization level from specific projects
- I am trying to give Project Creator role to a service account from IAM in GCP
- Google Cloud Project Service Accounts
- How to split access for two resources inside the same google cloud's project
- How to grant service account access to a user account on google cloud
- Understanding GCP IAM between multiple projects
- GCP Cloud Run Invoke another Projects Cloud function using short-lived credentials via 2 service accounts in separate Projects
- GCP-IAM - How to grant access to all service account in organization?
- Cross project management using service account