Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space DEV and version r094


  1. In the Google Cloud toolbar, verify that the correct project is selected.


    NOTE: You must be the project owner of the selected project to complete these configuration steps.

  2. Select Left nav menu > IAM & Admin > IAM.

  3. Select the Include Google-provided role grants checkbox.

  4. Locate the service account created by

    D s product

    1. This service account contains the Dataprep Service Agent role in the Roles column. 

    2. Copy the name of this account.

  5. From the Google Cloud toolbar at the top, open the Cloud Shell.


    NOTE: Open the Cloud Shell in a new tab, and verify that you have specifically chosen the project in question. If you are not in the right project, the error messages may be confusing.

  6. From Google Cloud Shell:

    1. Create a new YAML file:

      Code Block
      vi <project-name>.yaml
    2. Create a new Access context in this YAML file. This context must include:

      1. The service account that you copied

      2. The userId of the project owner

      3. Format:

        Code Block
        - members:
            - serviceAccount:<dataprepServiceAccount>
            - user:<projectOwner>
      4. Example:

        Code Block
        - members:
    3. Save this file.

    4. Execute the following command to create a new Access Level:

      Code Block
      gcloud access-context-manager levels create <accessLevelName> --basic-level-spec=<project-name>.yaml --title=<accessLevelName>

      NOTE: If this command fails, you may need to enable the Access Context Manager API in your VPC SC.


      NOTE: If you need the policy number, select Left nav menu > Security > Access Context Manager. The policy number is the value following accessPolicies/.

  7. After the command has been successfully executed, verify the access level: 

    1. Select Left nav menu > Security > Access Context Manager.

    2. You should see an Access Level entry with the access level name that you just created.

  8. To attach the new Access Level to the perimeter that protects your project:

    1. Select Left nav menu > Security > VPC Service Controls.

    2. Edit the relevant perimeter, and add the access level to the perimeter. Save.

  9. You can verify by running a job from  
    D s storage
     and/or BigQuery and writing results back.

D s also