CODEWITHSUNDEEP
google-cloud-platformgoogle-cloud-functions
Hamza
Hamza

Reputation: 6055

Google Cloud Function not able to (write to)/(create a) bigquery table

Google Cloud Function is throwing following error despite the fact that service account which is used in Cloud Scheduler and the account which is trying to invoke the cloud function both have the listed permission granted.

This is the cloud scheduler configuration:

enter image description here

and permissions allocated to this account.

enter image description here

This is the cloud functions log output:

enter image description here

Upvotes: 0

Views: 1340

Answers (2)

John Hanley
John Hanley

Reputation: 81464

The service account (the identity that is calling BigQuery) does not have the permission bigquery.jobs.create.

Add the IAM role roles/bigquery.jobUser aka BigQuery Job User to the service account.

It is not clear from your question, but it appears that you are calling Cloud Functions. Cloud Functions then calls BigQuery. The service account assigned to Cloud Functions requires the IAM permission.

Reference

Upvotes: 0

MBHA Phoenix
MBHA Phoenix

Reputation: 2227

Cloud Function uses a service account to run its code. This service account (SA) can be different from the one used and you are showing in Cloud Scheduler. (By default Cloud Function uses App Engine default SA as you can see in the screenshot below)

So start by checking which SA are you using and which roles it has.

By the way if you access the log entry in Google Cloud Logging and expand all nested fields, you can find which identity is missing which permissions through the authenticationInfo and authorizationInfo fields

enter image description here

Upvotes: 3

Related Questions