Please add bigquery.jobs.list privileges to users granted access to a Billing Project

Post author
Matt Bookman

When a user is added to a Terra Project, they are granted "BigQuery Job User" role as described here:

https://cloud.google.com/iam/docs/understanding-roles

Unfortunately, this doesn't include "bigquery.jobs.list", so users are not able to look up their past queries. This limits the usefulness of the BigQuery editor. It is very helpful in general to be able to look at your past queries and see:

  • What you ran
  • When you ran it
  • How much data it processed (hence *How much it cost*)

To test this - go to https://console.cloud.google.com/bigquery and then set the project from the drop-down at the top to your a Terra project you have been added to. If you then click "Query history" from the left hand navigation, you'll see an error like:

Access Denied: Project <your project>: The user <your id> does not have bigquery.jobs.list permission in project <your project>.

Comments

2 comments

  • Comment author
    Matt Bookman
    • Edited

    It appears that we are going to get this "for free" in December. Google's "Cloud Proactive Comms" sent an email indicating:

    We are writing to let you know that starting December 14, 2020, we will begin adding the ability for the BigQuery JobUser role to list and create their own jobs.

    ...

    Currently, the BigQuery role JobUser can create and retrieve the status of their jobs, but cannot list them. After this change, all three operations (create, get status, list) will be permitted.

    In Terra, one of the roles granted to users within their Terra Billing Project is "BigQuery Job User".

    0
  • Comment author
    Samantha (she/her)

    Thanks, Matt Bookman. I've flagged this up with our product team to look into.

    0

Please sign in to leave a comment.