Reputation: 829
Permission Denied Error When Accessing Google Drive via BigQuery Service Account
I am encountering a persistent issue when trying to access data stored in Google Drive through a BigQuery external table using a service account. Despite having the Google Drive API enabled, the service account added to the Google Sheet and the service account set up, I keep receiving a permission denied error related to Drive credentials.
Issue Description:
When executing queries from an external application using the service account, I receive the following error:
"Access Denied: BigQuery BigQuery: Permission denied while getting Drive credentials."
This error occurs consistently across different queries attempting to access the external table linked to a Google Shet source.
Steps Taken:
- Service Account Setup: The service account is created and used for querying.
- API Enablement: Google Drive API is enabled in the project.
- IAM Permissions: I attempted to add relevant permissions to the service account. However, I couldn't find roles specifically related to Google Drive (like roles/drive.file) in the IAM "Add permissions" window. -API Restrictions: I am unsure how to check for any API restrictions that might be applied to the service account or the project.
Questions:
Missing Roles: Why can't I find the roles/drive.file or similar roles in the IAM permissions list? Is there a specific way to add Drive-related roles to a service account?
API Restrictions: How can I check if there are any API restrictions at the project or organization level that might be affecting the service account's access to Google Drive?
Alternative Solutions: If direct access continues to be an issue, what are the best practices for setting up a synchronization mechanism between BigQuery and an external Google Drive table?
Any insights or suggestions from the community would be greatly appreciated, as I've hit a roadblock with this issue.
Upvotes: 0
Views: 1169
Answers (1)
Reputation: 11
You need to provide scope with the credentials -
Using python bigquery client
SCOPES = [
"https://www.googleapis.com/auth/bigquery",
"https://www.googleapis.com/auth/drive.readonly"]
from google.cloud import bigquery
from google.auth import default
from google.auth.transport.requests import Request
credentials, project = default(scopes=SCOPES)
credentials.refresh(Request())
bq_client = bigquery.Client(credentials=credentials, project=<GCP_PROJECT>)
Using Airflow composer (BigQueryHook)
- Modify connection configuration (In my case it was default connection i.e google_cloud_default) via Airflow composer web UI's Admin > connections tab to provide scope.
Upvotes: 1
Related Questions
- Google Drive API, Oauth and service account
- 403 Error while creating a spreadsheet using a GCP Service Account credentials in gspread python despite correct scopes
- Python: google.api_core.exceptions.Forbidden: 403 Access Denied: BigQuery BigQuery: Permission denied while getting Drive credentials
- BigQuery: Permission denied while getting Drive credentials - Unable to resolve the error
- The Google BigQuery service has denied access for this request. Access Denied: BigQuery BigQuery: Permission denied while getting Drive credentials
- With Dataform table creation I get an error "BigQuery: Permission denied while getting Drive credentials"
- "Access Denied: BigQuery BigQuery: Permission denied while getting Drive credentials" during running dataflow
- Service Account unable to access Google Drive despite having the right access