For Google Cloud Platform's Search & Conversation, I am trying to create a "Data Store" using Google Cloud Storage (GCS) as the source. Step 1 is to choose the source (GCS in this case), and Step 2 is to point to the actual GCS bucket/path. After selecting the GCS bucket/path, I get the following permission error.
Missing required permissions: storage.objects.get
I have no idea which Service Account is missing the permission. However, I took a guess and thought it was the either the "compute" or "aiplatform" accounts (see the name patterns of the accounts below).
- [numbers][email protected] (Compute Engine default service account)
- service-[numbers]@gcp-sa-aiplatform.iam.gserviceaccount.com (AI Platform Service Agent)
Using IAM & Admin, to these accounts, I added the following Roles.
- Storage Admin
- Storage Folder Admin
- Storage Object Admin
- Storage Object Creator
- Storage Object User
- Storage Object Viewer
However, this does not help make the permission error go away. To the actual bucket and "folder" inside the bucket, I also checked, verified and modified the permissions (eg Grant Access) for the two service accounts above. These changes also do not make the error go away.
Any ideas which service account is being used to define a Data Source for Search & Conversation. I have followed the following tutorials to no success on my own data.
For the second link above, when I point to the Kaggle Movies dataset on GCS, it actually works (eg. gs://cloud-samples-data/gen-app-builder/search/kaggle_movies).
Any ideas on what I am doing wrong?
I have replicated your steps it seems working fine form me with this Roles:
But the roles was assigned to my user.
Data store creation: