The Dataproc Serverless workload service account must have the Identity and Access Management
Dataproc Worker
role. The Compute Engine default service account
(project_number-compute@developer.gserviceaccount.com)
that Dataproc Serverless uses has this role by default. If you specify your
own service account for your batch workload, session, or session template,
you must grant the Dataproc Worker role to your service account.
Additional roles may be necessary to for
other operations, such as reading and writing data to BigQuery.
View and manage IAM service account roles
To view and manage the roles granted to the Dataproc Serverless
workload service account, do the following:
View the roles listed for the workload service account. The following image
shows the required Dataproc Worker role listed for the
Compute Engine default service account (project_number-compute@developer.gserviceaccount.com)
that Dataproc Serverless uses by default as the workload service account.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-21 UTC."],[[["Executing Dataproc Serverless workloads requires the service account to have the `ActAs` permission, which is included in the Service Account User role."],["Dataproc Serverless workloads typically run using the Compute Engine default service account, but users can specify a custom service account."],["The Dataproc Worker role is a mandatory requirement for the service account used by Dataproc Serverless workloads, and the Compute Engine default service account has this role by default."],["If a custom service account is used, it must be granted the Dataproc Worker role, and additional roles may be necessary for other operations, such as data access."],["You can manage the roles of the Dataproc Serverless workload service account by navigating to the IAM page in the Google Cloud console, where you can view, grant, or remove roles."]]],[]]
