Service Account with roles/viewer primitive role not able to read dataset in the project

Question

I have roles/bigquery.dataViewer role for a dataset. This allows me to query data in the tables belonging to the dataset. I was given a service account that has project level viewer role. When I look at "Share Dataset" using the user account, I see "Viewer" role with one member which is the service account and "BigQuery Dataset Viewer" has 2 members with my user name and Viewers of the project. This should allow the service account to query the tables in the dataset. However, when I use bq tool I get the following error "User does not have permission to query table ..."

What else is needed to allow the Service Account to be able to query the tables in the dataset?

When you run the bq command, what is your current identity? What do you see if you run gcloud config list? — Kolban
It shows the config with account same as the service account as active. — Siva
I created another config with my user account and that works with bq just like in the gcp console. — Siva

Anastasiya Demikhovskaya Anastasiya Demikhovskaya · Accepted Answer · 2020-03-13T18:21:23

According to https://blog.jetbrains.com/datagrip/2018/07/10/using-bigquery-from-intellij-based-ide/ , you might need the following privileges:

BigQuery | BigQuery Data View
BigQuery | BigQuery Job User
BigQuery | BigQuery User

Service Account with roles/viewer primitive role not able to read dataset in the project

3 Answers