gcloud: The user does not have access to service account "default"

google-cloud-platform gcloud service-accounts
15,195

Solution 1

After talking to Google Support, the issue was that the service account did not have a "Service Account User" permissions activated. Adding "Service Account User" resolves this error.

Solution 2

Add the following role to the service account who makes the operation:

Service Account User

Also see:

Solution 3

For those that ended up here trying to do an Import of Firebase Firestore documents with a command such as:

gcloud beta firestore import --collection-ids='collectionA','collectionB' gs://YOUR_BUCKET

I got around the issue by doing the following:

  1. From the Google Cloud Console Storage Bucket Browser, add the service account completing the operation to the list of members with a role of Storage Admin.
  2. Re-attempt the operation.

For security, I revoked the role after the operation completed, but that's optional.

Share:
15,195
DrMarshall
Author by

DrMarshall

gentleman scientist

Updated on June 09, 2022

Comments

  • DrMarshall
    DrMarshall about 2 years

    I attempting to use an activated service account scoped to create and delete gcloud container clusters (k8s clusters), using the following commands:

    gcloud config configurations create my-svc-account \
   --no-activate \
   --project myProject


gcloud auth activate-service-account [email protected] \
   --key-file=/path/to/keyfile.json \
   --configuration my-svc-account

gcloud container clusters create a-new-cluster \
   --configuration my-svc-account \
   --project= my-project
   --zone "my-zone"

    I always receive the error:

    ...ERROR: (gcloud.container.clusters.create) ResponseError: code=400, message=The user does not have access to service account "default".

    How do I grant my-svc-account access to the default service account for GKE?

  • mongrelion
    mongrelion almost 7 years
    Cheers. This definitely did it. Only thing to note is that the role is now called "Service Account User".
  • matt b
    matt b over 6 years
    for more info on the above point see cloud.google.com/iam/docs/…
  • vanduc1102
    vanduc1102 about 5 years
    work well for me, my case, I call ssh from Google Cloud Build to Google Engine VM Instance

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Dart Error: error: import of dart:mirrors is not supported in the current Dart runtime
Assigning scopes to a gcloud service account
google compute engine tool gcloud is exceptionally slow
gcloud - ERROR: (gcloud.app.deploy) Permissions error fetching application
How to run Google gsutil using Python
gcloud compute ssh returns Permission Denied (publickey)
Compute Engine SSH: You do not have sufficient permissions to SSH into this instance
Access denied (SA doesn't have storage.objects.create access) when trying to upload using a preSigned url to google cloud storage
Service account does not have storage.buckets.create access
gcloud no space left on device