This section covers the recommended IAM role that you must create and assign in to enable users to access through their projects.
- IAM stands for Identity and Access Management. An IAM role contains a set of permissions to use cloud-based resources. Users can be assigned default or customized IAM roles, which enable access to the required cloud services to use the product. Managing the individual permissions without an IAM role is not recommended.
- For more information, see https://cloud.google.com/iam/docs/overview.
To use any edition of , a specific set of permissions is required.
- For and editions, these permissions are contained in the
roles/Dataprep.User role, which is available when the product is licensed for a project. See below.
- For , an additional set of permissions is required to perform actions on the data and gain access to the data. For a list of required permissions, see Required Dataprep User Permissions.
When you have enabled in a project, the
roles/Dataprep.User IAM role is available through the console. IAM Roles can be assigned through the Roles page. For more information, see https://console.cloud.google.com/iam-admin/roles.
Create Custom IAM Role
For , additional permissions are required.
Tip: The easiest way to manage these additional permissions is to create a separate custom IAM role containing the permissions. This new role and the
roles/Dataprep.User can be assigned to any user who is granted access to the project.
Please complete the following steps to create a custom IAM role called,
roles/Dataprep.Premium.Full, which contains the additional required permissions for the product.
- To open the console from the product, click the Console icon at the bottom of the left nav bar.
- In the console, select the project that was enabled for .
- In the left nav bar of the console, click IAM & Admin > Roles. See https://console.cloud.google.com/iam-admin/roles.
- In the Roles page, select + Create Role.
- In the Create Role panel, enter the following:
- Title: This value identifies the role in the console. Suggested title:
Dataprep Trifacta Premium Full.
- Description: Enter a meaningful text description.
- ID: Set this value to an internal identifier for this role. Suggested value:
- Role launch stage: Set this value based on your enterprise workflow requirements.
Permissions: If there are additional permissions listed below, then these permissions need to be added to a role.
Tip: You may wish to copy these roles to a text editor to assist in searching for them in the next step.
- Click + ADD PERMISSIONS.
- Select all of the permissions that need to be added. For more information, see Required Dataprep User Permissions.
- Click ADD.
- The permissions are added to the role.
- If all looks good in the role definition, click Create.
You can now assign the custom role to users of the project.
- In the left nav bar of the console, click IAM.
In the IAM manager, select the Members tab.
Tip: If you need to add members to the project, you can do so now. Click +ADD.
- For each member who needs the additional role:
- For a project member, click the Pencil icon.
- In the Edit Permissions window, click +ADD ANOTHER ROLE.
In the Select a role textbox, type the name of the role you created. For the above example, you would type:
Dataprep Trifacta Premium Full
NOTE: The role may not be available in the drop-down. You may need to manually type the name of your custom role.
- Click SAVE.
- Repeat the previous steps for other members of the project.