为什么我需要 serviceusage.services.use 才能列出 BigQuery 数据集?
[英]Why do I require serviceusage.services.use in order to list BigQuery datasets?
问题描述
I attempted to get a list of BigQuery datasets in a project using this command:
我尝试使用以下命令获取项目中的 BigQuery 数据集列表:
gcloud alpha bq datasets list --project my-project
and it failed with error:它失败并出现错误:
ERROR: (gcloud.alpha.bq.datasets.list) User [me@mydomain.com] does not have permission to access projects instance [my-project] (or it may not exist): Caller does not have required permission to use project my-project.
I granted myself the role:我授予自己这个角色:
gcloud projects add-iam-policy-binding my-project \
--member=user:me@mydomain.com \
--role=roles/serviceusage.serviceUsageConsumer
and then it worked:然后它起作用了:
➜ gcloud alpha bq datasets list --project my-project
ID LOCATION
msmg-my-project:dataset1 EU
msmg-my-project:dataset2 EU
msmg-my-project:dataset3 EU
What I don't understand is why this is required.我不明白为什么这是必需的。 Why do I require serviceusage.services.use in order to list BigQuery datasets?为什么我需要 serviceusage.services.use 才能列出 BigQuery 数据集?
UPDATE: This is the list of pre-defined roles that were already granted to me@mydomain.com:更新:这是已授予 me@mydomain.com 的预定义角色列表:
- Access Context Manager Reader访问上下文管理器阅读器
- Bigtable Viewer大表查看器
- Browser浏览器
- Cloud Asset Viewer云资产查看器
- Error Reporting User错误报告用户
- Logs Viewer日志查看器
- Monitoring Dashboard Configuration Viewer监控仪表板配置查看器
- Monitoring Viewer监控查看器
- Organization Policy Viewer组织政策查看器
- Security Reviewer安全审查员
- Tech Support Editor技术支持编辑
- Vertex AI Viewer顶点 AI 查看器
Plus one custom role that grants:加上一个自定义角色,授予:
- bigquery.jobs.create bigquery.jobs.create
- bigquery.jobs.list bigquery.jobs.list
- bigquery.readsessions.create bigquery.readsessions.create
- bigquery.readsessions.getData bigquery.readsessions.getData
- bigquery.readsessions.update bigquery.readsessions.update
- bigquery.savedqueries.get bigquery.savedquery.get
- bigquery.savedqueries.list bigquery.savedqueries.list
- datacatalog.tagTemplates.get datacatalog.tagTemplates.get
- datacatalog.tagTemplates.getTag datacatalog.tagTemplates.getTag
- datacatalog.taxonomies.get datacatalog.taxonomies.get
- datacatalog.taxonomies.list datacatalog.taxonomies.list
1 个解决方案
解决方案1
0 2022-09-20 16:08:30
I asked the same question to Google Support and the support technician replied with:我向 Google 支持人员提出了同样的问题,支持技术人员回答说:
when you try to use command-line with command as mentioned in the command “–project” indicates that it first tries to access the project to list the particular resources of that project, which requires roles/serviceusage.serviceUsageConsumer role
Which I think explains why I am able to see datasets in the UI but not on the command-line我认为这解释了为什么我能够在 UI 中看到数据集,但不能在命令行中看到
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.