Cloud IAM Permissions for Google Cloud Platform Adapter

When you use the Google Cloud Platform adapter, the appropriate permissions are required for the accounts used in connecting to each Google Cloud Platform service.
For more details on the Cloud IAM permissions required for each adapter, refer to the following.

Google BigQuery Adapter

The following shows the Cloud IAM permissions that Google BigQuery adapter requires.

Global Resources

There are no permissions required by global resources.

Operations

Load Table Data

Permissions Remarks
bigquery.jobs.create
bigquery.tables.create
bigquery.tables.get
bigquery.tables.update
bigquery.tables.updateData
storage.objects.get
storage.buckets.list
  • Required when performing [Update the list of bucket names].
storage.objects.list
  • Required when performing [Update the list of folder paths] and [Update the list of file names].
resourcemanager.projects.get
  • Required when performing [Update the list of destination project IDs].
bigquery.datasets.get
  • Required when performing [Update the list of destination dataset names].
bigquery.tables.list
  • Required when performing [Update the list of destination table names].

Extract Table Data

Permissions Remarks
bigquery.jobs.create
bigquery.tables.export
storage.objects.create
storage.objects.delete
storage.objects.get
resourcemanager.projects.get
  • Required when performing [Update the list of project IDs].
bigquery.datasets.get
  • Required when performing [Update the list of dataset names].
bigquery.tables.list
  • Required when performing [Update the list of table names].
storage.buckets.list
  • Required when performing [Update the list of destination bucket names].
storage.objects.list
  • Required when performing [Update the list of destination folder paths].

Execute Select SQL

Permissions Remarks
bigquery.jobs.create
bigquery.tables.create
bigquery.tables.getData
bigquery.tables.updateData
resourcemanager.projects.get
  • Required when performing [Update the list of project IDs].
bigquery.datasets.get
  • Required when performing [Update the list of dataset names of the save destination].
bigquery.tables.list
  • Required when performing [Update the list of table names of the save destination].

Google Cloud Storage adapter

The following shows the Cloud IAM permissions that Google Cloud Storage adapter requires.

Global Resources

There are no permissions required by global resources.

Operations

Read File/Folder

Permissions Remarks
storage.buckets.get
storage.buckets.list
  • Required when performing [Update the list of bucket names of the read source].
storage.objects.get
storage.objects.list

Write File/Folder

Permissions Remarks
storage.buckets.get
storage.buckets.list
  • Required when performing [Update the list of bucket names of the write destination].
storage.objects.create
storage.objects.delete
storage.objects.get
storage.objects.list
  • Required when performing [Update the list of folder paths of the write destination].

Delete File/Folder

Permissions Remarks
storage.buckets.get
storage.buckets.list
  • Required when performing [Update the list of bucket names].
storage.objects.delete
storage.objects.list