datafusion/ERR/2022_005

Private Data Fusion instance has networking permissions.

Product: Cloud Data Fusion
Rule class: ERR - Something that is very likely to be wrong

Private Data Fusion instances that use a shared VPC host network in another project require permissions in that host project.

The Cloud Data Fusion API Service Agent ‘service-PROJECT_NUMBER@gcp-sa-datafusion.iam.gserviceaccount.com’ requires the ‘Compute Network User’ role on the host project, OR the ‘Compute Network Viewer’ role on the host project and the ‘Compute Network User’ role on a subnetwork in the Data Fusion instance region.
The Dataproc Service Agent service account ‘service-PROJECT_NUMBER@dataproc-accounts.iam.gserviceaccount.com’ also requires the ‘Compute Network User’ role on the host project, OR the ‘Compute Network Viewer’ role on the host project and the ‘Compute Network User’ role on a subnetwork in the Data Fusion instance region.

You can find details about how to Set up Data Fusion IAM permissions and more about the Service accounts in Cloud Data Fusion in our Data Fusion guides.