Hi folks,
We're installing a SAS Access to Google Bigquery in our SAS 9.4 (Linux) environment. We made a test and we have some permission error:
ERROR: CLI prepare error: Table "xxxx" does not exist or cannot be accessed : Error: googleapi: Error 403: Access Denied: Project yyyy: User does not have bigquery.jobs.create permission in project yyyy., accessDenied
We added bigquery.jobs.create permission for the user and it works. My question is, in order to only read data from GCP, what are the minimal permission the user needs on GCP?
Regards,
Can you post the code giving this error please.
Thanks @SASKiwi . Of course, follows:
DATA test;
set mydb.my_tbl (obs= 10);
where var>='01JAN2023'd;
ERROR: CLI prepare error: Table "acc_mc.my_tbl" does not exist or cannot be accessed : Error: googleapi: Error 403: Access Denied: Project df-datalake: User does not have bigquery.jobs.create permission in project df-datalake, accessDenied
RUN;
Our intention is to read/extract data from GCP and join the results with SAS datasets. We do not expect to write or change any data in GCP.
Regards,
Looks like you have a BigQuery permissions problem that can't be fixed from SAS. Do you have a BigQuery specialist or administrator who can help you?
Hi!
Difficult to say without knowing what you intend to achieve (as Kiwi has already stated).
You certainly know about these pages (I mention them just in case):
https://cloud.google.com/bigquery/docs/access-control-basic-roles
https://cloud.google.com/bigquery/docs/access-control#bigquery.dataViewer
--FJa
Thanks @SASKiwi . Yes, exactly. So my question is exists any SAS documentation about what are the GCP permissions needed to access GCP data and read the tables?
@MariaD - The way I interpret your error is that you need permission to run a BigQuery job as behind the scenes SAS is submitting the SAS code you wrote as a BigQuery job. Who maintains your BigQuery access and permissions? Talk to that person. SAS doesn't document GCP, just it's ACCESS product. Try googling this topic.
Depends on the role you want the user to have. Someone could have permissions to change tables or just use tables.
User roles are defined here (bigQuery User is one I would consider for example) but it also depends on how you've set up your roles/security on Google which is very much company dependent.
https://cloud.google.com/bigquery/docs/access-control
Thanks @Reeza . It's only to use/extract data. From SAS we do not expect to change, create or delete data.
The SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment.
SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.
Find more tutorials on the SAS Users YouTube channel.