Another possible solution - assign necessary roles to the Service Account performing the job:

Check the Workflow Execution Logs to find the service account. It should look something like [email protected]

Copy this, then navigate to IAM and give provisions to this account as well. The Google service account won't explicitly reside within your IAM list.

Relaunch the Execution.

I was recently facing the same issue as I began creating my Dataform setup. In the end, this was my solution.