To extract metadata and to configure other capabilities that a catalog source might include, you need account access and permissions on the source system. The permissions required might vary depending on the capability.
Permissions to extract metadata
Ensure that you have the required permissions to enable metadata extraction.
To assign permissions to extract metadata, choose one of the following role options:
•To use existing roles, assign the BigQuery Data Viewer or the BigQuery Metadata Viewer roles to the service account that you use to access the Google Cloud Platform project.
Note:
If you assign the BigQuery Data Viewer role, grant the bigquery.jobs.create permission. If you assign the BigQuery Metadata Viewer role, grant the bigquery.jobs.create and bigquery.tables.getData permissions.
•To use minimal permissions, create a custom role with the following permissions and assign the custom role to the service account that you use to access the Google Cloud Platform project:
- resourcemanager.projects.get
- bigquery.datasets.get
- bigquery.routines.get
- bigquery.routines.list
- bigquery.tables.get
- bigquery.tables.list
- bigquery.tables.getData
- bigquery.jobs.create
The bigquery.tables.getData permission is needed to query the __TABLES__ table from a dataset to get information such as description, ID, and last modified date. The bigquery.jobs.create permission is needed to run queries on the dataset.
Permissions to run data profiles
Ensure that you have the required permissions to run profiles.
Grant the following permissions:
•storage.objects.get. Required to read objects from the Google BigQuery source system.
•storage.objects.create. Required to create staging files in the Google Cloud Storage bucket.
Permissions to perform data classification
You can perform data classification with the permissions required on the source system to perform metadata extraction.
Permissions to perform relationship discovery
You can perform relationship discovery with the permissions required on the source system to perform metadata extraction.
Permissions to perform glossary association
You can perform glossary association with the permissions required on the source system to perform metadata extraction.