Permission 'batch.states.report' denied

matt1851 · April 4, 2024, 4:48am

I’m submitting a google cloud batch job as service account with roles

Batch agent reporter
Batch job editor
Logs Writer

The logs show repeated permission errors

rpc error: code = PermissionDenied desc = Permission ‘batch.states.report’ denied on ‘projects/…/locations/europe-west2/state’. Retrying in 4m28s

There are no updates in the console until the event

OPERATIONAL INFO no VM has agent reporting correctly within the time window 1080 seconds

appears, followed by completion with status

Failed

It looks like there is some permission error connected with the logging, but I think I’ve set all the permissions described in https://cloud.google.com/batch/docs/troubleshooting

bolianyin · April 4, 2024, 6:33am

It appears that you assigned batch.agentReporter role to the job submitter service account. Instead, you should make sure the service account attached to the VM have the batch.agentReporter role. By default, the VM service account is the project’s Compute Engine default service account (in format of -compute@developer.gserviceaccount.com ), which can be changed using serviceAccount field in allocationPolicy of the job.

Topic		Replies	Views
Batch issues; newbie question Compute Infrastructure compute-engine	2	67	February 9, 2023
Unable to use Service Account from different project Compute Infrastructure batch	3	50	January 14, 2025
Batch - Tasks fail without logs when mounting GCS bucket without correct permission. Compute Infrastructure batch	4	18	August 1, 2023

Permission 'batch.states.report' denied

AI Suggested topics