授予服务帐户的权限为“所有者”和“ bigquery admin”。
$bigQuery = new BigQueryClient([
'projectId' => 'project-xxx',
]);
$query = "SELECT * FROM `project-xxxx.analytics_xxx.events_xxx` where event_name='first_open' LIMIT 100";
$jobConfig = $bigQuery->query($query);
$queryResults = $bigQuery->runQuery($jobConfig);
print_r($queryResults);
当我尝试执行以上代码时,它显示以下错误:
{ "error":
{ "errors": [ { "domain": "global", "reason": "accessDenied",
"message": "Access Denied: Project project-xxxx: The user
projectbigquery@project-xxxx.iam.gserviceaccount.com does not have
bigquery.jobs.create permission in project project-xxxx." } ],
}}
答案 0 :(得分:3)
您需要将服务帐户的凭据指定为BigQueryClient
constructor的参数。
您可以使用keyFilePath
参数来实现:
$bigQuery = new BigQueryClient([
'projectId' => 'project-xxx',
'keyFilePath' => '/path/to/file.json'
]);
此外,使用此命令检查您是否已授予服务帐户权限:
gcloud projects get-iam-policy yourProjectID
编辑:
让我们采用一种不同的方法来创建服务帐户并从头开始为其授予权限。
创建新的服务帐户:
gcloud iam service-accounts create [NAME]
授予权限:
gcloud projects add-iam-policy-binding [PROJECT_ID] --member "serviceAccount:[NAME]@[PROJECT_ID].iam.gserviceaccount.com" --role "roles/bigquery.admin"
gcloud iam service-accounts keys create [FILE_NAME].json --iam-account [NAME]@[PROJECT_ID].iam.gserviceaccount.com
BigQueryClient
建设者并运行您的代码。答案 1 :(得分:2)
创建具有与先前帐户相同的权限的新服务帐户后,该帐户便可以使用。我不知道以前的帐户有什么问题。可能是服务帐户出现的问题。