Hi GCP community, my org has strict policies on granting project level permission to any user group or service account. Basic principle is we need to grant access only in resource level.
We use tf to create our infrastructure ,
So I am currently able to create dataproc cluster, and I was also able to bind the IAm role as dataproc editor to the dataproc cluster I just created. 
This is the code I used to add the role at resource level

resource "google_dataproc_cluster_iam_binding" "dataproc_editor" {
depends_on = [google_dataproc_cluster.bob_cluster]
cluster = var.cluster_name
role = "roles/dataproc.editor"
members = [
"group:gcp-usrgroup-eng@myorg.com"
]
}

I am part of this user group so technically I should have resource level permission for userid. 
I am able to view cluster I created which I was not able to do before. but the job submitting part is still not visible in the UI.

I tried submitting through gcloud cmd and it gives this error :

ERROR: (gcloud.dataproc.jobs.submit.spark) PERMISSION_DENIED: Not authorized to requested resource

Although I can use the Auto Job submission using terraform ,
resource "google_dataproc_job"

But i want to understand why i was not able to submit job on the cluster where  have resource level editor role.