Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space DEV and version r089

...

All users of any version of

D s product
productgdp
must be assigned the roles/dataprep.projects.user IAM Role.

Warning

This role and its related permissions enable access to all data in a project. Other permissions do not apply.

...

PermissionProduct Use
dataflow.jobs.cancel

Enables users This permission is required to cancel their jobs in progressjobs on

D s dataflow
from within the
D s webapp
. It is not required for the product to work but may be helpful to add via IAM roles.

Info

NOTE: The ability to cancel a job from within the

D s webapp
is temporarily disabled. When it is re-enabled, this permission will be required. You should leave this permission enabled, if possible.


Info

NOTE: A user may be able cancel a job from the

D s webapp
, even though the user is not permitted to cancel the job in the running environment. The service account associated with the user's 
D s item
itemaccount
may have the appropriate permissions, but the user's personal account does not. For more information, see Google Service Account Management

...

PermissionProduct Use
bigquery.tables.delete

If this permission is not granted to a user, that user requires one of the following permissions to drop or truncate table data in BigQuery: 

  • The user is granted editor or owner role on the project.
  • The user is granted bigquery.tables.delete for the project.
Info

NOTE: If a user does not have this permission when publishing to a table, the user receives a warning that the target dataset is read-only.

BigQuery job execution

To enable execution of jobs in BigQuery, the following permission must be enabled. Additional configuration may be required. For more information on this feature, see BigQuery Running Environment.

PermissionProduct Use
bigquery.jobs.createThis permission enables execution of jobs within BigQuery. It is also used for custom SQL queries, which is enabled by default. In most projects, this permission is enabled by default.

BigQuery job execution on 
D s storage
 files

If you have enabled execution of jobs in BigQuery, you can extend that capability to execute jobs for data sources hosted in 

D s storage
. GCS execution in BigQuery requires that external tables be enabled in BigQuery. The following permissions are required to create and use external tables.

Tip

Tip: In most projects, these permissions are enabled by default.

PermissionProduct Use

bigquery.tables.create

Enabled in the default

D s product
productgdp
role.

bigquery.tables.getData

Enabled in the default

D s product
productgdp
role.

bigquery.jobs.createRequired for job execution in BigQuery. See previous section.

Google Sheets access

D s ed
rtrue
editionsgdpent,gdppro,gdpsta,gdppr,gdpst

...