To extract metadata and to configure other capabilities that a catalog source might include, you need account access and permissions on the source system. The permissions required might vary depending on the capability.
Permissions for metadata extraction
To extract Google BigQuery SQL Script metadata, you need account access and permissions to the source system.
Verify that you have the READ permission to access the folder containing scripts.
To assign permissions to extract metadata, choose one of the following role options:
•To use existing roles, assign the BigQuery Data Viewer or the BigQuery Metadata Viewer roles to the service account that you use to access the Google Cloud Platform project.
Note:
If you assign the BigQuery Data Viewer role, grant the bigquery.jobs.create permission. If you assign the BigQuery Metadata Viewer role, grant the bigquery.jobs.create and bigquery.tables.getData permissions.
•To use minimal permissions, create a custom role with the following permissions and assign the custom role to the service account that you use to access the Google Cloud Platform project:
- resourcemanager.projects.get
- bigquery.datasets.get
- bigquery.routines.get
- bigquery.routines.list
- bigquery.tables.get
- bigquery.tables.list
- bigquery.tables.getData
- bigquery.jobs.create
The bigquery.tables.getData permission is needed to query the __TABLES__ table from a dataset to get information such as description, ID, and last modified date. The bigquery.jobs.create permission is needed to run queries on the dataset.