Page Comparison

...

There is some confusion regarding the various service accounts Data Fusion creates/uses to operate. This table provides a breakdown for each service account and its function:

Service account name format

Description

Uses in CDF

service-<project_number>@gcp-sa-datafusion.iam.gserviceaccount.com

Service account used by CDF in the tenant project to access resources in the customer project.

This account is used to:

Access resources during Preview
Access resources from Wrangler
Create Dataproc cluster in customer project

<project_number>-compute@developer.gserviceaccount.com

Default service account used by the Dataproc VMs.

This account is used to:

Access resources during a pipeline run for a deployed pipeline

...

Navigate to the customer project that contains the CDF instance and copy the project number (this is found on the Home Page in the Project Info card).
Navigate to the project that contains the resources you would like to interact with.
In the sidebar, click on IAM & Admin.
Click on Add at the top of the page.
Provide the first service account name from the table above. Be sure to replace <project_number> with the actual number you obtained in step 1.
Grant the Admin role for the resource you would like to interact with. Ex. BigQuery Admin for reading/writing to BigQuery. For BigQuery, you will also need to grant the BigQuery Data Owner role as well.
Repeat steps 5 & 6 for the second service account in the table above.
In your data pipeline, ensure you define the correct Project Id for the sources/sinks. Using ‘auto-detect’ will default to the customer project that contains the CDF instance.

...

Version	Old Version 6	New Version Current
Changes made by	Robin Rielley	Robin Rielley
Saved on	Aug 05, 2020	Feb 02, 2021

Versions Compared

Key