I’m trying to create a dataproc cluster, but I get this error:
gcloud dataproc clusters create my-cluster --region us-central1 --project my-project
ERROR: (gcloud.dataproc.clusters.create) PERMISSION_DENIED: Not authorized to requested resource.
How do I fix this?
In all likelihood this means your user account lacks the permission
dataproc.clusters.use in the project my-project. In GCP, you
never directly grant permissions, you grant roles. The least
privileged role that grants dataproc.clusters.use is
roles/dataproc.editor.
You can see who has access either by executing
gcloud projects get-iam-policy my-project
Or by navigating to the following URL (replacing “my-project” with your project id):
https://console.cloud.google.com/iam-admin/iam?project=my-project
You will need to at least
roles/dataproc.editor (which is displayed on the web as “Dataproc
Editor”). The “Project Editor” role (roles/editor) should also be
sufficient. Moreover, you almost certainly also need to be able to
create, write to, and read from buckets. Again, “Project Editor” is sufficient
here but a tighter role would be “Storage Admin” (roles/storage.admin).
To effect this change:
gcloud auth login.