I have two projects. Project Apple has data in BQ tables. Project Banana has read access to Apple's BQ tables. When I run queries using Banana's BQ UI, everything is fine. The same query doesn't work in Banana's AI notebook.
Banana BQ UI:
AVG(A) as A_mean_exact,
APPROX_QUANTILES(A, 100)[OFFSET(50)] AS A_percentile_50_approx,
APPROX_QUANTILES(A, 100)[OFFSET(90)] AS A_percentile_90_approx
FROM `apple.v1003.apple_table`
WHERE selected_run = 1
Works fine.
Banana's AI notebook:
from google.cloud import bigquery
client = bigquery.Client(location="US", project="banana") # I also tried apple; same error
print("Client creating using default project: {}".format(client.project))
Client creating using default project: banana
query = """
SELECT
AVG(A) as A_mean_exact,
APPROX_QUANTILES(A, 100)[OFFSET(50)] AS A_percentile_50_approx,
APPROX_QUANTILES(A, 100)[OFFSET(90)] AS A_percentile_90_approx
FROM `apple.v1003.apple_table`
WHERE selected_run = 1
"""
query_job = client.query(
query,
location="US",
)
df = query_job.to_dataframe()
df
Forbidden: 403 Access Denied: Table apple:v1003.apple_table: User does not have permission to query table apple:v1003.apple_table.
Could you please suggest what I should look into? I am just starting with AI Hub.
You have currently given permissions to your project account, but the notebook is trying to access BigQuery through the service account associated to the Compute Engine instance that is running JupyterLab.
You have to go to Compute Egnine > your notebook machine > View network details > and see what service account is it using(in Banana). Then, give the permissions to that account in Apple's project IAM section.