Access control

This page describes how you provide the required permissions for your data sources and results destinations when you use AutoML Tables.

Overview

AutoML Tables uses Google Cloud Identity and Access Management (IAM) for access control.

When you use GCP services in a different project, or some types of data sources such as Google Sheets or Cloud Bigtable in the same project, you need to provide additional permissions to enable AutoML Tables to access those services.

For a detailed description of IAM and its features, see the Google Cloud Identity and Access Management developer's guide. In particular, see Granting, Changing, and Revoking Access to Project Members.

Enabling the AutoML Tables API

In order to view and assign AutoML Tables IAM roles, you must enable the AutoML Tables API for your project.

Enable the API

Giving permissions to AutoML Tables in your home project

Sometimes you need to enable extra roles for AutoML Tables even for your home project. For example, when you use BigQuery external tables backed by Cloud Bigtable data sources, you need to provide extra permissions.

To add permissions to AutoML Tables in your home project:

  1. Go to the IAM page of the GCP Console for your home project.

    Go to the IAM page

  2. Click the pencil icon for the service account with the name AutoML Service Agent.

  3. Add the required roles to the service account and save your changes.

Giving permissions to AutoML Tables in a different project

When you use data sources or destinations in a different project, you must give the AutoML Tables service account permissions in that project. The AutoML Tables service account is automatically created when you enable the AutoML Tables API.

To add permissions to AutoML Tables in a different project:

  1. Go to the IAM page of the GCP Console for your home project (the project where you are using AutoML Tables).

    Go to the IAM page

  2. Find the service account with the name AutoML Service Agent and copy its email address (listed under Member).

  3. Change projects to the project where you need to grant the permissions.

  4. Click Add, and enter the email address in New members.

  5. Add all required roles and click Save.

Providing access to Google Sheets

If you use an external BigQuery data source backed by Google Sheets, you must share your sheet with the AutoML service account. The AutoML Tables service account is automatically created when you enable the AutoML Tables API.

To authorize AutoML Tables to access your Sheets file:

  1. Go to the IAM page of the GCP Console.

    Go to the IAM page

  2. Look for the service account with the name AutoML Service Agent.

  3. Copy the Member name to your clipboard.

    The Member name is an email address, similar to this example:

    service-358517216@gcp-sa-automl.iam.gserviceaccount.com
    
  4. Open your Sheets file and share it with that address.

هل كانت هذه الصفحة مفيدة؟ يرجى تقييم أدائنا:

إرسال تعليقات حول...

AutoML Tables Documentation