Problem
Permissions denied error while accessing or querying BigQuery shared dataset. Dataset is shared in the BigQuery UI:
User does not have bigquery.jobs.create permission in project
Environment
- BigQuery Share Dataset using UI with BigQuery Data Viewer role.
Solution
- Add the bigquery.jobs.create permission manually from the IAM page for the user.
- Add predefined IAM role BigQuery Job User for the user.
- Other BigQuery roles with bigquery.jobs.create permission (based on use case).
Cause
According to the documentation when sharing the dataset to an account from the BigQuery web UI can be done by the following steps:
- Selecting the dataset you want to provide access.
- Clicking the Share Dataset button, that appears under the Query editor.
- Selecting the IAM Role.
When the BigQuery Data Viewer predefined role is selected, it provides permissions on dataset level to Read data and metadata for the dataset. This only provides access to the data, but as the documentation mentions, Additional roles, however, are necessary to allow the running of jobs.
Allow this user to run queries, at the project level performing the following steps:
- The bigquery.jobs.create permission has to be manually from the IAM page.
- Add predefined IAM role BigQuery Job User for the user.
- Other BigQuery roles with bigquery.jobs.create permission (based on use case).
Dataset permissions and Project Level permissions work together. If for example you only provide the permission to run queries over the project, but not access to any dataset, the user will only be able to query BigQuery public datasets.