User not authorized to act as service account

Question

I'm a newbie on GCP and going to transfer tables from azure blob storage to the cloud bucket. I follow the instructions here (use data fusion).

When I finished deploying the pipeline and was going to run it, I got an error and in the advanced log is said

INVALID_ARGUMENT: User not authorized to act as service account '####[email protected]'.

I looked through several documentation and also tried looking for answers on stackoverflow but none of them work for me.

How should I grant access to a service account and which service account should I be attached to?

Now on my IAM/service accounts console, I am also assigned as Service Account User, and I only have two default services one for compute engine and one for app engine.

Really don't know what to do. Thanks in advance for any help!

JoX JoX · Accepted Answer · 2020-10-30T15:56:49

You need to grant the Service Account User role. Here is an example of that. This should be perofrmed to the current user/service account you are using to run the job. As exemplified below:

Go to the IAM & Admin Console
Click on IAM
Select the member you are using to run your job
Click on the pen icon in the right side of the member's info
Add the Service Account user role

In general terms, the error is related to the lack of Service Account user role (roles/iam.serviceAccountUser) associate to the user/service account used to run the job.

Keep in mind that service accounts are used to make authorised API calls, through the service account itself or through delegated users within it. Moreover, about impersonation service accounts, an user with particular permissions can act as another service account with the necessary permission to execute a specific job.

User not authorized to act as service account

1 Answers