Access Denied Error on App Engine Deployment for BigQuery-Backed Node Application Despite Correct Cr

Google Cloud Serverless Applications
, , ,
1

I have a Node application that essentially performs various queries on processed models stored in BigQuery. There are certain IAM functions that allow you to create access/read permissions to the BigQuery of the project in question. However, I generated a credentials.json with the following user roles:

bigquery.user

bigquery.create

bigquery.admin

Locally, it doesn’t have any authentication issues, but when deploying it via App Engine, it returns a 403 error of access denied.

The YAML construction already includes the environment variables for the credentials and the project as a whole.

Message error:

“error”: {\n’ +
2023-09-22 00:00:44 default[20230921t205310] ’ “code”: 403,\n’ +
2023-09-22 00:00:44 default[20230921t205310] ’ “message”: “Access Denied: Project my-project: User does not have bigquery.jobs.create permission in project my-project.”,\n’ +
2023-09-22 00:00:44 default[20230921t205310] ’ {\n’ +
2023-09-22 00:00:44 default[20230921t205310] ’ “message”: “Access Denied: Project my-project: User does not have bigquery.jobs.create permission in project my-project.”,\n’ +
2023-09-22 00:00:44 default[20230921t205310] ’ “domain”: “global”,\n’ +
2023-09-22 00:00:44 default[20230921t205310] ’ “reason”: “accessDenied”\n’ +
2023-09-22 00:00:44 default[20230921t205310] ’ }\n’ +
2023-09-22 00:00:44 default[20230921t205310] ’ ],\n’ +
2023-09-22 00:00:44 default[20230921t205310] ’ }\n’ +
2023-09-22 00:00:44 default[20230921t205310] ‘}\n’,

It runs locally, but on App Engine, it requests permission (which already exists in the credential)."

Please let me know if you need any further assistance!

2

The error indicates that the user or service account making the request does not have the required permission to create BigQuery jobs in the specified project. You have to set bigquery.jobs.create instead of just “bigquery.create”.

Make sure that your App Engine deployment includes the correct credentials with the updated permissions. Double-check that the credentials are being loaded correctly in your Node.js application. After updating permissions and credentials, it’s a good practice to restart or redeploy your App Engine application to ensure the changes take effect.

Check the logs in the Google Cloud Console for any additional error messages that might provide more context about the problem. It’s possible that there could be other issues related to authentication or configuration.