Python BigQuery script bigquery.jobs.create error

Question

I am trying to run a simple query on Google BigQuery via a python script, but am getting the below error that my service account is missing bigquery.jobs.create permission.

My service Account has the following roles applied:

Owner
BigQuery Admin
BigQuery Job User

I've also tried creating a custom role with bigquery.jobs.create and applying that to the service account, but still consistently get this error. What am I doing wrong?

from google.cloud import bigquery
from google.oauth2 import service_account

project_id = "my-test-project"
credentials = service_account.Credentials.from_service_account_file("credentials.json")

client = bigquery.Client(
    credentials=credentials,
    project=project_id
)

print(client.project) # returns "my-test-project"
query = client.query("select 1 as test;")

Access Denied: Project my-test-project: The user my-service-account @ my-test-project. iam.gserviceaccount.com does not have bigquery.jobs.create permission in project my-test-project.

Hey @fez, have you tried using client = bigquery.Client.from_service_account_json("credentials.json")? I doubt it will make a difference, but just curious. — Dascienz
@Dascienz yes that works thanks! Will accept as the solution if you add as an answer! — fez
Hey @fez, really happy that your issue was a simple fix! Happy computing! — Dascienz

Dascienz Dascienz · Accepted Answer · 2018-10-26T13:18:06

Authenticating the client using client = bigquery.Client.from_service_account_json("credentials.json") is the preferred method to avoid "Access Denied" errors. For one reason or another (I'm not sure why since bigquery does use oauth 2.0 access tokens to authorize requests), setting credentials through google.oauth2.service_account can lead to permission issues.

Python BigQuery script bigquery.jobs.create error

1 Answers