Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space DEV and version r088

...

RoleUsePermissions and roles
roles/dataprep.projects.user

Enables a user to run

D s product
productgdp
in a project See below.

Permissions:

  • dataprep.projects.use
  • resourcemanager.projects.get
  • serviceusage.quotas.get
  • serviceusage.services.get
  • serviceusage.services.list
roles/dataprep.serviceAgent

Enables the platform to access and modify datasets and storage and to run and manage

D s dataflow
jobs on behalf of the user within the project. For more information on this role, see https://console.cloud.google.com/iam-admin/roles/details/roles%3Cdataprep.serviceAgent.

Info

NOTE: When the product is enabled within a project, this role is granted by the project owner as part of the enablement process. For more information, see Enable or Disable Dataprep.

Permissions:

  • storage.buckets.get
  • storage.buckets.list
  • storage.objects.create

  • storage.objects.delete

  • storage.objects.get

  • storage.objects.getIamPolicy

  • storage.objects.list

  • storage.objects.setIamPolicy

  • storage.objects.update

Roles:

  • roles/dataflow.developer
  • roles/bigquery.user
  • roles/bigquery.dataEditor
  • roles/storage.objectAdmin
  • roles/iam.serviceAccountUser

...

PermissionProduct Use
bigquery.tables.delete

If this permission is not granted to a user, that user requires one of the following permissions to drop or truncate table data in BigQuery: 

  • The user is granted editor or owner role on the project.
  • The user is granted bigquery.tables.delete for the project.
Info

NOTE: If a user does not have this permission when publishing to a table, the user receives a warning that the target dataset is read-only.

BigQuery job execution

To enable execution of jobs in BigQuery, the following permission must be enabled. Additional configuration may be required. For more information on this feature, see BigQuery Running Environment.

PermissionProduct Use
bigquery.jobs.createThis permission enables execution of jobs within BigQuery. It is also used for custom SQL queries, which is enabled by default. In most projects, this permission is enabled by default.

BigQuery job execution on 
D s storage
 files

If you have enabled execution of jobs in BigQuery, you can extend that capability to execute jobs for data sources hosted in 

D s storage
. GCS execution in BigQuery requires that external tables be enabled in BigQuery. The following permissions are required to create and use external tables.

Tip

Tip: In most projects, these permissions are enabled by default.

PermissionProduct Use

bigquery.tables.create

Enabled in the default

D s product
productgdp
role.

bigquery.tables.getData

Enabled in the default

D s product
productgdp
role.

bigquery.jobs.createRequired for job execution in BigQuery. See previous section.

Google Sheets access

D s ed
rtrue
editionsgdpent,gdppro,gdpsta,gdppr,gdpst

...