GCP Pubsub Bigquery Subscriptions - can't create due to missing permissions
Question
I get an error (in red, in picture below) whilst creating pubsub Bigquery subscription. Error shows up in subscription creation view:
First question - why is this error appears in the first place?
One of my attempts to solve this was to try to first create standard subscription, then add these missing permissions by assigning a role using such command: gcloud pubsub subscriptions add-iam-policy-binding EventIngestSubscription-4475d78 --member=serviceAccount:service-388032002134@gcp-sa-pubsub.iam.gserviceaccount.com --role="roles/roles/bigquery.dataEditor" , but this produces ERROR: (gcloud.pubsub.subscriptions.add-iam-policy-binding) INVALID_ARGUMENT: Role roles/bigquery.dataEditor is not supported for this resource. error.
When I tried to set pubsub.subscriber roles instead of bigquery.admin - it worked.
Thanks a lot on any insights and suggestions on how to create a Bigquery Subscription. Am really stuck with this one...
1 answers
solution1
1 ACCPTED 2022-09-15 14:30:46
The permission that needs to be set is not on the subscription, it is on the BigQuery table itself. Therefore, you are not going to be able to set the BigQuery permissions on the subscription. Instead, you need to ensure that the service account has roles/bigquery.dataEditor on the table you are using with the subscription. You can do this with the bq command-line tool:
bq add-iam-policy-binding --member="serviceAccount:service-<project number>@gcp-sa-pubsub.iam.gserviceaccount.com" --role=roles/bigquery.dataEditor -t "<dataset>.<table>"
This permission is needed so that Pub/Sub can write to BigQuery on your behalf.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.