This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Unable to grant access or role permission to folder/resource in BigQuery

Posted on 09-05-2024 02:26 PM
mzarrugh
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I created a project in BigQuery for a client to load data for me to analyze. Within the project, I created a folder (resource) so that tables can be created in it. When I click on the folder (3 vertical dots) and go to Share then Manage Permissions, and enter the client's email address with given role to load data, I get the following error. I am the owner and admin for my company. How can I fix this?

Thank you,
Mo

IAM policy update failed

You do not have permissions to update the policy. Please check you have a role that allows you to edit IAM permissions on the resource

Request ID: 11718416601965003903

0 6 563
Topic Labels
0 Likes
6 REPLIES 6

Posted on --/--/---- --:-- AM
quangtrunghuynh
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hi @mzarrugh ,

The error message indicates that you do not have sufficient permissions to update the IAM policy for the folder. Here are the possible reasons and solutions:

1. Incorrect Role:

  • Ensure that you have the appropriate role assigned to you that allows you to edit IAM permissions. You likely need a role with "IAM" or "Permissions" privileges, such as "Project Owner" or "Project Editor".
  • Check your current role by going to the project settings and looking for the "Roles" section. If you have the wrong role, you'll need to request a change from your company's administrator.

2. Folder-Level Restrictions:

  • If the folder itself has specific IAM permissions set, you might not have the necessary permissions to modify its policy.
  • Check the folder's IAM permissions by clicking on the folder, going to "Share" -> "Manage Permissions", and reviewing the existing roles and permissions. If you don't have the required permissions, you'll need to adjust them.

3. Project-Level Restrictions:

  • The project's overall IAM policy might be preventing you from modifying folder permissions.
  • Check the project's IAM permissions by going to the project settings and looking for the "Roles" section. Ensure that your role allows you to edit permissions at the project level.

4. Temporary Service Outage:

  • In rare cases, there might be a temporary issue with the BigQuery service that is preventing IAM policy updates. Check the Google Cloud Status Dashboard (https://status.cloud.google.com/) for any reported issues. If there's a known outage, wait a while and try again later.

Steps to Resolve the Issue:

  1. Verify Your Role: Check your current role and ensure it has the necessary permissions. If not, request a change from your company's administrator.
  2. Check Folder Permissions: Review the folder's IAM permissions and adjust them if needed.
  3. Check Project Permissions: Ensure that your role allows you to edit permissions at the project level.
  4. Check Google Cloud Status: Verify if there are any reported issues with the BigQuery service.

If you've followed these steps and are still unable to update the IAM policy, it might be helpful to provide more details about your specific project setup, the roles assigned to you, and any recent changes you've made. This will help narrow down the potential causes and find a solution.

Thank you and Best Regard,

0 Likes

Posted on --/--/---- --:-- AM
mzarrugh
Bronze 1
Bronze 1
In response to quangtrunghuynh
Reply posted on --/--/---- --:-- AM

Thank you quangtrunghuynh

I went and assigned many roles to my profile (see below), and the results were the same.

  • Access Context Manager Admin
  • Folder Admin
  • Folder IAM Admin
  • GuestPolicy Editor
  • IAM OAuth Client Admin
  • IAM Policy Change Risk Recommender Admin
  • IAM Recommender Admin
  • Organization Administrator
  • Organization Policy Administrator
  • Project IAM Admin
  • Secure Source Manager Admin
  • Security Admin
0 Likes

Posted on --/--/---- --:-- AM
quangtrunghuynh
Bronze 3
Bronze 3
In response to mzarrugh
Reply posted on --/--/---- --:-- AM

HI @mzarrugh ,

How about this tips : 

  • Use the IAM Roles Explorer: This tool can help you visualize the roles and permissions associated with your account and the resources you're trying to access.

 

 

0 Likes

Posted on --/--/---- --:-- AM
mzarrugh
Bronze 1
Bronze 1
In response to quangtrunghuynh
Reply posted on --/--/---- --:-- AM

I am sorry quangtrunghuynh, but I am still getting an error, and unable to share my BigQuery data location.

Mbzarrugh

0 Likes

Posted on --/--/---- --:-- AM
FrancoGP
Silver 1
Silver 1
Reply posted on --/--/---- --:-- AM

Hey! @mzarrugh 

I haven't seen any BigQuery specific roles defined by you, at least here. While the Owner role will grant a tremendous amount of accesses I don't think it suits this case. Could you try using either BigQuery specific roles as bigQuery.dataOwner or straight bigQuery.admin?

Good Luck!

0 Likes

Posted on --/--/---- --:-- AM
mzarrugh
Bronze 1
Bronze 1
In response to FrancoGP
Reply posted on --/--/---- --:-- AM

Thank you FrancoGP...I can try that.

0 Likes
Top Labels in this Space
Top Solution Authors
View all