diff --git a/terraform/deployments/search-api-v2/dataform.tf b/terraform/deployments/search-api-v2/dataform.tf
index 9ed48fa57..10f5f8a5d 100644
--- a/terraform/deployments/search-api-v2/dataform.tf
+++ b/terraform/deployments/search-api-v2/dataform.tf
@@ -24,6 +24,13 @@ resource "google_service_account" "dataform_service_account" {
   project      = var.gcp_project_id
 }
 
+# Grant the dataform service account the predefined Service Account User role
+resource "google_service_account_iam_member" "dataform_sa_user_role" {
+  service_account_id = google_service_account.dataform_service_account.id
+  role               = "roles/iam.serviceAccountUser"
+  member             = "serviceAccount:${google_service_account.dataform_service_account.email}"
+}
+
 # Create Dataform repository with GitHub integration
 resource "google_dataform_repository" "search_api_v2" {
   provider = google-beta
diff --git a/terraform/deployments/search-api-v2/events_ingestion.tf b/terraform/deployments/search-api-v2/events_ingestion.tf
index 9659a51de..c6e32b1b7 100644
--- a/terraform/deployments/search-api-v2/events_ingestion.tf
+++ b/terraform/deployments/search-api-v2/events_ingestion.tf
@@ -24,7 +24,8 @@ resource "google_project_iam_binding" "analytics_write" {
   project = var.gcp_project_id
   members = [
     google_service_account.analytics_events_pipeline.member,
-    "serviceAccount:service-${var.gcp_dataform_project_number}@gcp-sa-dataform.iam.gserviceaccount.com"
+    "serviceAccount:service-${var.gcp_dataform_project_number}@gcp-sa-dataform.iam.gserviceaccount.com",
+    google_service_account.dataform_service_account.member
   ]
 }