Oauth 2.0 Using Google Client For Javascript, Getting Permission Denied

Hokay, here's the deal. I'm trying to show very basic functionality of combining BigQuery and Maps API. So, obviously I need OAuth 2.0. Using Google API Client Library for JavaScri

Solution 1:

The permission denied error is likely because the Google account you are testing with isn't a member of your BigQuery project (with role: READER).

There are two levels of authorization in play here: (1) Dataset. Eg: is the current user allowed to read/update tables within this dataset? (2) Project. Eg: who's free/billed quota will be consumed by the query job?

The first one is easy to address -- you can make a dataset public by assigning the special group "authenticated users" via the "share dataset" menu.

The second is more tricky -- you cannot add the world to your project with a reader role.

So, you can't (directly) expose query access to the web.

You have a few alternative options:

(1) If you only want to share this site with a small number of users, you could add them to your project individually.

(2) You could require users to provide their own BigQuery project for billing purposes.

Neither of those provide the seamless experience you probably want, so you could consider a more involved option:

(3) You could set up a front-end service that authenticates as your account (or better -- a service account[1]). Google AppEngine makes this pretty easy, but you can do it with most hosting environments.

--

[1] https://cloud.google.com/bigquery/authorization#service-accounts