Error: Users Do Not Belong to a Permitted Customer

Issue

Setup tests fail with the following error:

BigQuery User Permissions: Failed to check Create dataset permission : IAM setPolicy failed... One or more users named in the policy do not belong to a permitted customer.

The error occurs even after assigning the BigQuery user role to the Fivetran service account.

Environment

Destination: BigQuery

Resolution

To resolve this issue:

1. Check whether domain-restricted sharing, also called domain-restricted entities, is enabled in your GCP organization.
2. If it is enabled, ask your GCP administrator or cloud security team to update the organization policy constraints/iam.allowedPolicyMemberDomains by adding the Fivetran directory customer ID to the allowed_values:
   • Directory customer ID: C04f6xjgi
   • Domain: fivetran.com
3. In Fivetran, go to your BigQuery destination connection page.
4. In the top right, click the more options menu, then select Edit connection.
5. Click Save & Test.

Cause

This issue occurs when the GCP domain-restricted sharing policy constraints/iam.allowedPolicyMemberDomains blocks IAM members from external domains, such as the Fivetran service account. When this happens, we can't update dataset-level IAM policies during connection setup.