Trifacta Dataprep
Page tree


Support | BlogContact Us 

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Next »

Trifacta Dataprep

Contents:

Send Feedback

On April 28, 2021, Google changed the required permissions for attaching IAM roles to service accounts. If you are using IAM roles for your Google service accounts, please see Changes to User Management.

   

Contents:

In the Trifacta platformIdentity and Access Management (IAM) allows you to control user and group access to your project's resources. This section describes the IAM permissions relevant to  Dataprep by Trifacta and the IAM roles that grant those permissions. To access the IAM console, see https://cloud.google.com/iam.

  • role is a set of one or more permissions. A role is assigned to users and groups.
  • permission grants access to a resource. Different permissions can grant different access levels to the same resource.

For more information on the service accounts used by Dataflow to manage security and permissions while running  Dataprep by Trifacta jobs, see https://cloud.google.com/dataflow/docs/concepts/security-and-permissions#security_and_permissions_for_pipelines_on_google_cloud_platform.

Tools for manage IAM policies:

ToolLink
Google Cloud Consolehttps://cloud.google.com/iam/docs/managing-policies#access_control_via_console
APIhttps://cloud.google.com/iam/docs/managing-policies#access_control_via_api
gcloud CLIhttps://cloud.google.com/iam/docs/managing-policies#access_control_via_the_gcloud_tool

Required Roles and Their Permissions

To use  Dataprep by Trifacta, the following roles are required. Below, you can review each required role, its purpose, and the permissions that are enabled by it.

RoleUsePermissions and roles
roles/dataprep.user

Enables a user to run Dataprep by Trifacta in a project See below.

Permissions:

  • dataprep.projects.use
roles/dataprep.serviceAgent

Enables the platform to access and modify datasets and storage and to run and manage Dataflow jobs on behalf of the user within the project

NOTE: When the product is enabled within a project, this role is granted by the project owner as part of the enablement process. For more information, see Enable or Disable Dataprep.

Permissions:

  • storage.buckets.get
  • storage.buckets.list

Roles:

  • roles/dataflow.developer
  • roles/bigquery.user
  • roles/bigquery.dataEditor
  • roles/storage.objectAdmin
  • roles/iam.serviceAccountUser

roles/dataprep.user IAM Role

All users of any version of  Dataprep by Trifacta must be assigned the roles/dataprep.user IAM Role.

This role and its related permissions enable access to all data in a project. Other permissions do not apply.

Permissions for  Dataprep Premium by Trifacta

Dataprep Premium by Trifacta provides additional capabilities for project users. The base set of permissions and some additional permissions are required. Below, you can review the required permissions for this product edition.

General

  • resourcemanager.projects.get

BigQuery

Read and write to BigQuery, including views and custom SQL:

  • bigquery.datasets.get
  • bigquery.jobs.create
  • bigquery.tables.create
  • bigquery.tables.get
  • bigquery.tables.getData
  • bigquery.tables.list

Dataflow

Run Trifacta jobs on Dataflow:

  • compute.machineTypes.get
  • dataflow.jobs.create
  • dataflow.jobs.get
  • dataflow.messages.list
  • dataflow.metrics.get

Google Cloud Storage

Read and write to Google Cloud Storage, the base storage for  Dataprep by Trifacta:

  • storage.buckets.get
  • storage.buckets.list
  • storage.objects.create
  • storage.objects.delete
  • storage.objects.get
  • storage.objects.list
  • storage.objects.update

Feature Permissions

Additional permissions may be required to use specific features. Individual users may be required to permit  Dataprep by Trifacta access when the feature is first used. 

Dataflow job cancellation

The following permission enables users to cancel their jobs in progress. It is not required for the product to work but may be helpful to add via IAM roles.

  • dataflow.jobs.cancel

BigQuery publishing options

The following permission is not required to publish to BigQuery.

  • bigquery.tables.delete

However, if the above permission is not granted to a user, that user can drop or truncate table data in BigQuery, only if one of the following permissions must be enabled in a user's account. 

  • The user is granted editor or owner role on the project.
  • The user is granted bigquery.tables.permission for the project.

Google Sheets access

Feature Availability: This feature is available in the following editions:

  • Dataprep Standard by Trifacta®
  • Dataprep Premium by Trifacta

  • drive.readonly

For more information, see Import Google Sheets Data.

Additional Permissions for Cloud IAM

In addition to the IAM roles above, users must also be granted the following to enable data access based on their Cloud IAM:

These permissions ensure that users can access the appropriate data within  Dataprep by Trifacta®.

Send Feedback

  • No labels

This page has no comments.

 


© 2013-2021 Trifacta® Inc. Privacy Policy | Terms of Use