Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Next »

Trifacta Dataprep



Contents:


   

Contents:


The following IAM permissions are required for each user to provide baseline functionality in  Dataprep by Trifacta® and access to common integrations

Dataprep.User IAM Roles

All users of any version of Dataprep by Trifacta must be assigned the Dataprep.User IAM Role.

  • (P) denotes permissions that are required for any usage of the product within a project.

Additional Permissions for Dataprep by Trifacta Premium

General

  • resourcemanager.projects.get

BigQuery

Read and write to BigQuery, including views and custom SQL:

  • bigquery.datasets.get (P)
  • bigquery.jobs.create
  • bigquery.tables.create (P)
  • bigquery.tables.get (P)
  • bigquery.tables.getData (P)
  • bigquery.tables.list (P)

Dataflow

Run Trifacta jobs on Dataflow:

  • compute.machineTypes.get
  • dataflow.jobs.create
  • dataflow.jobs.get
  • dataflow.messages.list
  • dataflow.metrics.get

Base Storage

Read and write to Base Storage, the base storage for Dataprep by Trifacta:

  • storage.buckets.get
  • storage.buckets.list
  • storage.objects.create
  • storage.objects.delete
  • storage.objects.get
  • storage.objects.list
  • storage.objects.update


Feature Permissions

Additional permissions may be required to use specific features. Individual users may be required to permit  Dataprep by Trifacta access when the feature is first used. 

Dataflow job cancellation

The following permission enables users to cancel their jobs in progress. It is not required for the product to work but may be helpful to add via IAM roles.

  • dataflow.jobs.cancel

BigQuery publishing options

The following permission is not required to publish to BigQuery.

  • bigquery.tables.delete

However, if the above permission is not granted to a user, that user can drop or truncate table data in BigQuery, only if one of the following permissions must be enabled in a user's account. 

  • The user is granted editor or owner role on the project.
  • The user is granted bigquery.tables.permission for the project.


Google Sheets access

Feature Availability: This feature is available in the following editions:

  • Dataprep by Trifacta® Standard
  • Dataprep by Trifacta Premium

  • drive.readonly

For more information, see Import Google Sheets Data.

Additional Permissions for Cloud IAM

Feature Availability: This feature is available in
Dataprep by Trifacta Premium only.

Run Dataflow jobs

To run jobs on Dataflow, one of the following must be applied:

  • User must have iam.serviceAccounts.actAs permission on a compute service account, which must be specified during job execution.
  • User must have iam.serviceAccounts.actAs permission specified at the project level or in the default compute service account:

    <project-number>-compute@developer.gserviceaccount.com


  • Project owners require no additional permissions on the projects that they own.

For more information, see https://cloud.google.com/dataflow/docs/concepts/security-and-permissions#security_and_permissions_for_pipelines_on_google_cloud_platform.

Data access

In addition to the IAM roles above, users must also be granted the following to enable data access based on their Cloud IAM:

These permissions ensure that users can access the appropriate data within  Dataprep by Trifacta®.



  • No labels

This page has no comments.