When I try to create a Dataproc cluster I get PERMISSION_DENIED

I’m trying to create a dataproc cluster, but I get this error:

gcloud dataproc clusters create my-cluster --region us-central1 --project my-project
ERROR: (gcloud.dataproc.clusters.create) PERMISSION_DENIED: Not authorized to requested resource.

How do I fix this?

In all likelihood this means your user account lacks the permission
dataproc.clusters.use in the project my-project. In GCP, you
never directly grant permissions, you grant roles. The least
privileged role that grants dataproc.clusters.use is

You can see who has access either by executing

gcloud projects get-iam-policy my-project

Or by navigating to the following URL (replacing “my-project” with your project id):


You will need to at least
roles/dataproc.editor (which is displayed on the web as “Dataproc
Editor”). The “Project Editor” role (roles/editor) should also be
sufficient. Moreover, you almost certainly also need to be able to
create, write to, and read from buckets. Again, “Project Editor” is sufficient
here but a tighter role would be “Storage Admin” (roles/storage.admin).

To effect this change:

  1. Navigate to
  2. Click “Grant Access”.
  3. For principal, enter the email you use with gcloud auth login.
  4. For the first role, enter “Storage Admin”.
  5. Add another role and enter “Dataproc Editor”.