Jake Dodd
01/26/2024, 1:27 PMDataset = Annotated[StructuredDataset, SCHEMA]
Where schema is using kwtypes()
to define columns. I’ve set Dataset
as the output_structured_dataset_type
for the BigQueryTask
, when I try to run a task to convert the output to a pd.DataFrame I get an error:
403 Access Denied: Dataset my-flyte-project:<job_ib>: User does not have permission to access results of another user's job.
The task is defined as shown below:
@task
def convert_bq_table_to_pandas_dataframe(sd: Dataset) -> pd.DataFrame:
return sd.open(pd.DataFrame).all()
I’ve given the service-accounts for flyteworker
and flytepropeller
the roles BigQuery Admin
and Owner
but still get this Error…
Has anyone had this error before? Or know how to resolve it? Alternatively does anyone know the required permissions to get this to work?
ThanksJake Dodd
01/26/2024, 1:45 PMBigQueryTask
is using the flytepropeller
service account, whilst the convert_bq_table_to_pandas_dataframe
task is using the flyteworker
service account.
Is this the expected behaviour?Samhita Alla
Jake Dodd
01/29/2024, 8:53 AMSamhita Alla
David Espejo (he/him)
01/29/2024, 7:13 PMUser
you see?Jake Dodd
01/30/2024, 10:05 AMBigQueryTask
the User is <mailto:flyte-gcp-flytepropeller@my-project.iam.gserviceaccount.com|flyte-gcp-flytepropeller@my-project.iam.gserviceaccount.com>
, if I use the bigquery Client
in a task
the User is <mailto:flyte-gcp-flyteworkers@my-project.iam.gserviceaccount.com|flyte-gcp-flyteworkers@my-project.iam.gserviceaccount.com>
Jake Dodd
01/30/2024, 10:07 AMflyteworker
service account the Service Account Token Creator
permission on flytepropeller
service account