授予服务帐户的权限是“所有者”和“bigquery admin”。
$bigQuery = new BigQueryClient([
'projectId' => 'project-xxx',
]);
$query = "SELECT * FROM `project-xxxx.analytics_xxx.events_xxx` where event_name='first_open' LIMIT 100";
$jobConfig = $bigQuery->query($query);
$queryResults = $bigQuery->runQuery($jobConfig);
print_r($queryResults);
当我尝试执行上面的代码时,它显示以下错误:
{ "error":
{ "errors": [ { "domain": "global", "reason": "accessDenied",
"message": "Access Denied: Project project-xxxx: The user
[email protected] /cdn-cgi/l/email-protection does not have
bigquery.jobs.create permission in project project-xxxx." } ],
}}
您需要指定服务帐户的凭据作为参数BigQueryClient构造函数 https://googleapis.github.io/google-cloud-php/#/docs/cloud-bigquery/v1.5.0/bigquery/bigqueryclient?method=__construct.
你可以用keyFilePath
范围:
$bigQuery = new BigQueryClient([
'projectId' => 'project-xxx',
'keyFilePath' => '/path/to/file.json'
]);
另外,请使用此命令检查您是否已向服务帐户授予权限:
gcloud projects get-iam-policy yourProjectID
EDIT:
让我们采用不同的方法来创建服务帐户并从头开始向其授予权限。
-
创建新的服务帐户:
gcloud iam service-accounts create [NAME]
授予权限:
gcloud projects add-iam-policy-binding [PROJECT_ID] --member "serviceAccount:[NAME]@[PROJECT_ID].iam.gserviceaccount.com" --role "roles/bigquery.admin"
- 创建凭证文件:
gcloud iam service-accounts keys create [FILE_NAME].json --iam-account [NAME]@[PROJECT_ID].iam.gserviceaccount.com
- 将此文件的路径添加到
BigQueryClient
构造函数并运行您的代码。
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)