BookmarkSubscribeRSS Feed
MariaD
Barite | Level 11

Hi folks,

 

We're installing a SAS Access to Google Bigquery in our SAS 9.4 (Linux) environment. We made a test and we have some permission error:

 

ERROR: CLI prepare error: Table "xxxx" does not exist or cannot be accessed : Error: googleapi: Error 403: Access Denied: Project yyyy: User does not have bigquery.jobs.create permission in project yyyy., accessDenied

 

We added bigquery.jobs.create permission for the user and it works. My question is, in order to only read data from GCP, what are the minimal permission the user needs on GCP? 

 

Regards, 

8 REPLIES 8
SASKiwi
PROC Star

Can you post the code giving this error please.

MariaD
Barite | Level 11

Thanks @SASKiwi . Of course, follows:

 

 

DATA test;

    set mydb.my_tbl (obs= 10);

   where var>='01JAN2023'd;

ERROR: CLI prepare error: Table "acc_mc.my_tbl" does not exist or cannot be accessed : Error: googleapi: Error 403: Access Denied: Project df-datalake: User does not have bigquery.jobs.create permission in project df-datalake, accessDenied

 RUN;

 

Our intention is to read/extract data from GCP and join the results with SAS datasets. We do not expect to write or change any data in GCP.

 

Regards, 

SASKiwi
PROC Star

Looks like you have a BigQuery permissions problem that can't be fixed from SAS. Do you have a BigQuery specialist or administrator who can help you? 

fja
Lapis Lazuli | Level 10 fja
Lapis Lazuli | Level 10

Hi! 

Difficult to say without knowing what you intend to achieve (as Kiwi has already stated).

You certainly know about these pages (I mention them just in case):

https://cloud.google.com/bigquery/docs/access-control-basic-roles

https://cloud.google.com/bigquery/docs/access-control#bigquery.dataViewer

--FJa

MariaD
Barite | Level 11

Thanks @SASKiwi . Yes, exactly. So my question is exists any SAS documentation about what are the GCP permissions needed to access GCP data and read the tables? 

SASKiwi
PROC Star

@MariaD  - The way I interpret your error is that you need permission to run a BigQuery job as behind the scenes SAS is submitting the SAS code you wrote as a BigQuery job. Who maintains your BigQuery access and permissions? Talk to that person. SAS doesn't document GCP, just it's ACCESS product. Try googling this topic.

Reeza
Super User

Depends on the role you want the user to have. Someone could have permissions to change tables or just use tables. 

User roles are defined here (bigQuery User is one I would consider for example) but it also depends on how you've set up your roles/security on Google which is very much company dependent. 

https://cloud.google.com/bigquery/docs/access-control

 

MariaD
Barite | Level 11

Thanks @Reeza . It's only to use/extract data. From SAS we do not expect to change, create or delete data. 

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 8 replies
  • 1805 views
  • 0 likes
  • 4 in conversation