Create IAM Role for Dataprep
This section covers the recommended IAM role that you must create and assign in Google Cloud Platform to enable users to access Dataprep by Trifacta through their projects.
IAM stands for Identity and Access Management. An IAM role contains a set of permissions to use cloud-based resources. Users can be assigned default or customized IAM roles, which enable access to the required cloud services to use the product. Managing the individual permissions without an IAM role is not recommended.
For more information, see https://cloud.google.com/iam/docs/overview.
Required Permissions
To use any edition of Dataprep by Trifacta, a specific set of permissions is required.
For Dataprep by Trifacta and Standard Edition editions, these permissions are contained in the
roles/Dataprep.Userrole, which is available when the product is licensed for a project. See below.For Premium Edition, an additional set of permissions is required to perform actions on the data and gain access to the data. For a list of required permissions, see Required Dataprep User Permissions.
Assign roles/Dataprep.User
When you have enabled Dataprep by Trifacta in a project, the roles/Dataprep.User IAM role is available through the Google Cloud Platform console. IAM Roles can be assigned through the Roles page. For more information, see https://console.cloud.google.com/iam-admin/roles.
Create Custom IAM Role
Note
This feature may not be available in all product editions. For more information on available features, see Compare Editions.
For Premium Edition, additional permissions are required.
Tip
The easiest way to manage these additional permissions is to create a separate custom IAM role containing the permissions. This new role and the roles/Dataprep.User can be assigned to any user who is granted access to the Premium Edition project.
Steps:
Please complete the following steps to create a custom IAM role called, roles/Dataprep.Premium.Full, which contains the additional required permissions for the product.
To open the Google Cloud Platform console from the product, click the Console icon at the bottom of the left nav bar.
In the console, select the project that was enabled for Premium Edition.
In the left nav bar of the console, click IAM & Admin > Roles. See https://console.cloud.google.com/iam-admin/roles.
In the Roles page, select + Create Role.
In the Create Role panel, enter the following:
Title: This value identifies the role in the console. Suggested title:
Dataprep Trifacta Premium Full.Description: Enter a meaningful text description.
ID: Set this value to an internal identifier for this role. Suggested value:
DataprepTrifactaPremiumFull.Role launch stage: Set this value based on your enterprise task requirements.
Permissions: If there are additional permissions listed below, then these permissions need to be added to a role.
Tip
You may wish to copy these roles to a text editor to assist in searching for them in the next step.
Click + ADD PERMISSIONS.
Select all of the permissions that need to be added. For more information, see Required Dataprep User Permissions.
Click ADD.
The permissions are added to the role.
If all looks good in the role definition, click Create.
Assign Role
You can now assign the custom role to users of the Premium Edition project.
Steps:
In the left nav bar of the console, click IAM.
In the IAM manager, select the Members tab.
Tip
If you need to add members to the Premium Edition project, you can do so now. Click +ADD.
For each member who needs the additional role:
For a project member, click the Pencil icon.
In the Edit Permissions window, click +ADD ANOTHER ROLE.
In the Select a role textbox, type the name of the role you created. For the above example, you would type:
Dataprep Trifacta Premium FullNote
The role may not be available in the drop-down. You may need to manually type the name of your custom role.
Click SAVE.
Repeat the previous steps for other members of the project.