I've a BigQuery Dataform Project and I've associated to the project serviceaccount with these roles: BigQuery Data Editor BigQuery Data Owner BigQuery Data Viewer BigQuery Job User Service Account Token Creator
But when i try to execute an "TAG" execution i got: "IAM permission denied for service account [email protected].
Why?
I tryed " Start Execution" with a tag execution. I expectced to have the result of the assertion. I've checked on documentation (https://cloud.google.com/dataform/docs/required-access) and the rolese required are that i used
We finally found how to resolve the issue. We are using as Git repository a project on GitHub, to connect to GitHub and we using a secret key to connect to GitHub. to allow the custom service account to perform scheduled flows we added these roles:
to GCP defalut Dataform service account, see: IssueTracker.
We tryed to give these roles to our service account but in this way we got the error. Giving the rolese to GCP defalut Dataform service account now all works fine.