The following IAM permissions are required for each user to provide baseline functionality in Dataprep by Trifacta® and access to common integrations
Dataprep.User IAM Roles
All users of any version of Dataprep by Trifacta must be assigned the
Dataprep.User IAM Role.
- (P) denotes permissions that are required for any usage of the product within a project.
Additional Permissions for Dataprep by Trifacta Premium
Read and write to BigQuery, including views and custom SQL:
- bigquery.datasets.get (P)
- bigquery.tables.create (P)
- bigquery.tables.get (P)
- bigquery.tables.getData (P)
- bigquery.tables.list (P)
Run Dataprep by Trifacta jobs on Dataflow:
Read and write to Base Storage, the base storage for Dataprep by Trifacta:
Additional permissions may be required to use specific features. Individual users may be required to permit Dataprep by Trifacta access when the feature is first used.
Dataflow job cancellation
The following permission enables users to cancel their jobs in progress. It is not required for the product to work but may be helpful to add via IAM roles.
BigQuery publishing options
The following permission is not required to publish to BigQuery.
However, if the above permission is not granted to a user, that user can drop or truncate table data in BigQuery, only if one of the following permissions must be enabled in a user's account.
- The user is granted
ownerrole on the project.
- The user is granted bigquery.tables.permission for the project.
Google Sheets access
For more information, see Import Google Sheets Data.
Additional Permissions for Cloud IAM
In addition to the IAM roles above, users must also be granted the following to enable data access based on their Cloud IAM:
- dataset level permissions in BigQuery: See https://cloud.google.com/bigquery/docs/dataset-access-controls.
- Cloud Storage object ACLs: See https://cloud.google.com/storage/docs/access-control.
These permissions ensure that users can access the appropriate data within Dataprep by Trifacta®.
This page has no comments.