BigQuery Admin
(roles/bigquery.admin )
Provides permissions to manage all resources within the project. Can manage
all data within the project, and can cancel jobs from other users running
within the project.
Lowest-level resources where you can grant this role:
-
Datasets
-
Row access policies
-
Tables
-
Views
|
bigquery.bireservations.*
- bigquery.bireservations.get
- bigquery.bireservations.update
bigquery.capacityCommitments.*
- bigquery.capacityCommitments.create
- bigquery.capacityCommitments.delete
- bigquery.capacityCommitments.get
- bigquery.capacityCommitments.list
- bigquery.capacityCommitments.update
bigquery.config.*
- bigquery.config.get
- bigquery.config.update
bigquery.connections.*
- bigquery.connections.create
- bigquery.connections.delegate
- bigquery.connections.delete
- bigquery.connections.get
- bigquery.connections.getIamPolicy
- bigquery.connections.list
- bigquery.connections.setIamPolicy
- bigquery.connections.update
- bigquery.connections.updateTag
- bigquery.connections.use
bigquery.dataPolicies.create
bigquery.dataPolicies.delete
bigquery.dataPolicies.get
bigquery.dataPolicies.getIamPolicy
bigquery.dataPolicies.list
bigquery.dataPolicies.setIamPolicy
bigquery.dataPolicies.update
bigquery.datasets.*
- bigquery.datasets.create
- bigquery.datasets.createTagBinding
- bigquery.datasets.delete
- bigquery.datasets.deleteTagBinding
- bigquery.datasets.get
- bigquery.datasets.getIamPolicy
- bigquery.datasets.link
- bigquery.datasets.listEffectiveTags
- bigquery.datasets.listSharedDatasetUsage
- bigquery.datasets.listTagBindings
- bigquery.datasets.setIamPolicy
- bigquery.datasets.update
- bigquery.datasets.updateTag
bigquery.jobs.*
- bigquery.jobs.create
- bigquery.jobs.delete
- bigquery.jobs.get
- bigquery.jobs.list
- bigquery.jobs.listAll
- bigquery.jobs.listExecutionMetadata
- bigquery.jobs.update
bigquery.models.*
- bigquery.models.create
- bigquery.models.delete
- bigquery.models.export
- bigquery.models.getData
- bigquery.models.getMetadata
- bigquery.models.list
- bigquery.models.updateData
- bigquery.models.updateMetadata
- bigquery.models.updateTag
bigquery.readsessions.*
- bigquery.readsessions.create
- bigquery.readsessions.getData
- bigquery.readsessions.update
bigquery.reservationAssignments.*
- bigquery.reservationAssignments.create
- bigquery.reservationAssignments.delete
- bigquery.reservationAssignments.list
- bigquery.reservationAssignments.search
bigquery.reservations.*
- bigquery.reservations.create
- bigquery.reservations.delete
- bigquery.reservations.get
- bigquery.reservations.list
- bigquery.reservations.update
bigquery.routines.*
- bigquery.routines.create
- bigquery.routines.delete
- bigquery.routines.get
- bigquery.routines.list
- bigquery.routines.update
- bigquery.routines.updateTag
bigquery.rowAccessPolicies.create
bigquery.rowAccessPolicies.delete
bigquery.rowAccessPolicies.getIamPolicy
bigquery.rowAccessPolicies.list
bigquery.rowAccessPolicies.overrideTimeTravelRestrictions
bigquery.rowAccessPolicies.setIamPolicy
bigquery.rowAccessPolicies.update
bigquery.savedqueries.*
- bigquery.savedqueries.create
- bigquery.savedqueries.delete
- bigquery.savedqueries.get
- bigquery.savedqueries.list
- bigquery.savedqueries.update
bigquery.tables.*
- bigquery.tables.create
- bigquery.tables.createIndex
- bigquery.tables.createSnapshot
- bigquery.tables.createTagBinding
- bigquery.tables.delete
- bigquery.tables.deleteIndex
- bigquery.tables.deleteSnapshot
- bigquery.tables.deleteTagBinding
- bigquery.tables.export
- bigquery.tables.get
- bigquery.tables.getData
- bigquery.tables.getIamPolicy
- bigquery.tables.list
- bigquery.tables.replicateData
- bigquery.tables.restoreSnapshot
- bigquery.tables.setCategory
- bigquery.tables.setColumnDataPolicy
- bigquery.tables.setIamPolicy
- bigquery.tables.update
- bigquery.tables.updateData
- bigquery.tables.updateTag
bigquery.transfers.*
- bigquery.transfers.get
- bigquery.transfers.update
bigquerymigration.translation.translate
dataform.*
- dataform.compilationResults.create
- dataform.compilationResults.get
- dataform.compilationResults.list
- dataform.compilationResults.query
- dataform.locations.get
- dataform.locations.list
- dataform.releaseConfigs.create
- dataform.releaseConfigs.delete
- dataform.releaseConfigs.get
- dataform.releaseConfigs.list
- dataform.releaseConfigs.update
- dataform.repositories.commit
- dataform.repositories.computeAccessTokenStatus
- dataform.repositories.create
- dataform.repositories.delete
- dataform.repositories.fetchHistory
- dataform.repositories.fetchRemoteBranches
- dataform.repositories.get
- dataform.repositories.getIamPolicy
- dataform.repositories.list
- dataform.repositories.queryDirectoryContents
- dataform.repositories.readFile
- dataform.repositories.setIamPolicy
- dataform.repositories.update
- dataform.workflowConfigs.create
- dataform.workflowConfigs.delete
- dataform.workflowConfigs.get
- dataform.workflowConfigs.list
- dataform.workflowConfigs.update
- dataform.workflowInvocations.cancel
- dataform.workflowInvocations.create
- dataform.workflowInvocations.delete
- dataform.workflowInvocations.get
- dataform.workflowInvocations.list
- dataform.workflowInvocations.query
- dataform.workspaces.commit
- dataform.workspaces.create
- dataform.workspaces.delete
- dataform.workspaces.fetchFileDiff
- dataform.workspaces.fetchFileGitStatuses
- dataform.workspaces.fetchGitAheadBehind
- dataform.workspaces.get
- dataform.workspaces.getIamPolicy
- dataform.workspaces.installNpmPackages
- dataform.workspaces.list
- dataform.workspaces.makeDirectory
- dataform.workspaces.moveDirectory
- dataform.workspaces.moveFile
- dataform.workspaces.pull
- dataform.workspaces.push
- dataform.workspaces.queryDirectoryContents
- dataform.workspaces.readFile
- dataform.workspaces.removeDirectory
- dataform.workspaces.removeFile
- dataform.workspaces.reset
- dataform.workspaces.searchFiles
- dataform.workspaces.setIamPolicy
- dataform.workspaces.writeFile
resourcemanager.projects.get
resourcemanager.projects.list
|
BigQuery Connection Admin
(roles/bigquery.connectionAdmin )
|
bigquery.connections.*
- bigquery.connections.create
- bigquery.connections.delegate
- bigquery.connections.delete
- bigquery.connections.get
- bigquery.connections.getIamPolicy
- bigquery.connections.list
- bigquery.connections.setIamPolicy
- bigquery.connections.update
- bigquery.connections.updateTag
- bigquery.connections.use
|
BigQuery Connection User
(roles/bigquery.connectionUser )
|
bigquery.connections.get
bigquery.connections.getIamPolicy
bigquery.connections.list
bigquery.connections.use
|
BigQuery Data Editor
(roles/bigquery.dataEditor )
When applied to a table or view, this role provides permissions to:
- Read and update data and metadata for the table or view.
- Delete the table or view.
This role cannot be applied to individual models or routines.
When applied to a dataset, this role provides permissions to:
- Read the dataset's metadata and list tables in the dataset.
- Create, update, get, and delete the dataset's tables.
When applied at the project or organization level, this role can also
create new datasets.
Lowest-level resources where you can grant this role:
|
bigquery.config.get
bigquery.datasets.create
bigquery.datasets.get
bigquery.datasets.getIamPolicy
bigquery.datasets.updateTag
bigquery.models.*
- bigquery.models.create
- bigquery.models.delete
- bigquery.models.export
- bigquery.models.getData
- bigquery.models.getMetadata
- bigquery.models.list
- bigquery.models.updateData
- bigquery.models.updateMetadata
- bigquery.models.updateTag
bigquery.routines.*
- bigquery.routines.create
- bigquery.routines.delete
- bigquery.routines.get
- bigquery.routines.list
- bigquery.routines.update
- bigquery.routines.updateTag
bigquery.tables.create
bigquery.tables.createIndex
bigquery.tables.createSnapshot
bigquery.tables.delete
bigquery.tables.deleteIndex
bigquery.tables.export
bigquery.tables.get
bigquery.tables.getData
bigquery.tables.getIamPolicy
bigquery.tables.list
bigquery.tables.replicateData
bigquery.tables.restoreSnapshot
bigquery.tables.update
bigquery.tables.updateData
bigquery.tables.updateTag
resourcemanager.projects.get
resourcemanager.projects.list
|
BigQuery Data Owner
(roles/bigquery.dataOwner )
When applied to a table or view, this role provides permissions to:
- Read and update data and metadata for the table or view.
- Share the table or view.
- Delete the table or view.
This role cannot be applied to individual models or routines.
When applied to a dataset, this role provides permissions to:
- Read, update, and delete the dataset.
- Create, update, get, and delete the dataset's tables.
When applied at the project or organization level, this role can also
create new datasets.
Lowest-level resources where you can grant this role:
|
bigquery.config.get
bigquery.dataPolicies.create
bigquery.dataPolicies.delete
bigquery.dataPolicies.get
bigquery.dataPolicies.getIamPolicy
bigquery.dataPolicies.list
bigquery.dataPolicies.setIamPolicy
bigquery.dataPolicies.update
bigquery.datasets.*
- bigquery.datasets.create
- bigquery.datasets.createTagBinding
- bigquery.datasets.delete
- bigquery.datasets.deleteTagBinding
- bigquery.datasets.get
- bigquery.datasets.getIamPolicy
- bigquery.datasets.link
- bigquery.datasets.listEffectiveTags
- bigquery.datasets.listSharedDatasetUsage
- bigquery.datasets.listTagBindings
- bigquery.datasets.setIamPolicy
- bigquery.datasets.update
- bigquery.datasets.updateTag
bigquery.models.*
- bigquery.models.create
- bigquery.models.delete
- bigquery.models.export
- bigquery.models.getData
- bigquery.models.getMetadata
- bigquery.models.list
- bigquery.models.updateData
- bigquery.models.updateMetadata
- bigquery.models.updateTag
bigquery.routines.*
- bigquery.routines.create
- bigquery.routines.delete
- bigquery.routines.get
- bigquery.routines.list
- bigquery.routines.update
- bigquery.routines.updateTag
bigquery.rowAccessPolicies.create
bigquery.rowAccessPolicies.delete
bigquery.rowAccessPolicies.getIamPolicy
bigquery.rowAccessPolicies.list
bigquery.rowAccessPolicies.setIamPolicy
bigquery.rowAccessPolicies.update
bigquery.tables.*
- bigquery.tables.create
- bigquery.tables.createIndex
- bigquery.tables.createSnapshot
- bigquery.tables.createTagBinding
- bigquery.tables.delete
- bigquery.tables.deleteIndex
- bigquery.tables.deleteSnapshot
- bigquery.tables.deleteTagBinding
- bigquery.tables.export
- bigquery.tables.get
- bigquery.tables.getData
- bigquery.tables.getIamPolicy
- bigquery.tables.list
- bigquery.tables.replicateData
- bigquery.tables.restoreSnapshot
- bigquery.tables.setCategory
- bigquery.tables.setColumnDataPolicy
- bigquery.tables.setIamPolicy
- bigquery.tables.update
- bigquery.tables.updateData
- bigquery.tables.updateTag
resourcemanager.projects.get
resourcemanager.projects.list
|
BigQuery Data Viewer
(roles/bigquery.dataViewer )
When applied to a table or view, this role provides permissions to:
- Read data and metadata from the table or view.
This role cannot be applied to individual models or routines.
When applied to a dataset, this role provides permissions to list all of the resources in the
dataset (such as tables, views, snapshots, models, and routines) and to read their data and metadata
with applicable APIs and in queries.
When applied at the project or organization level, this role can also
enumerate all datasets in the project. Additional roles, however, are
necessary to allow the running of jobs.
Lowest-level resources where you can grant this role:
|
bigquery.datasets.get
bigquery.datasets.getIamPolicy
bigquery.models.export
bigquery.models.getData
bigquery.models.getMetadata
bigquery.models.list
bigquery.routines.get
bigquery.routines.list
bigquery.tables.createSnapshot
bigquery.tables.export
bigquery.tables.get
bigquery.tables.getData
bigquery.tables.getIamPolicy
bigquery.tables.list
bigquery.tables.replicateData
resourcemanager.projects.get
resourcemanager.projects.list
|
BigQuery Filtered Data Viewer
(roles/bigquery.filteredDataViewer )
Access to view filtered table data defined by a row access policy
|
bigquery.rowAccessPolicies.getFilteredData
|
BigQuery Job User
(roles/bigquery.jobUser )
Provides permissions to run jobs, including queries, within the project.
Lowest-level resources where you can grant this role:
|
bigquery.config.get
bigquery.jobs.create
dataform.locations.*
- dataform.locations.get
- dataform.locations.list
dataform.repositories.create
dataform.repositories.list
resourcemanager.projects.get
resourcemanager.projects.list
|
(roles/bigquery.metadataViewer )
When applied to a table or view, this role provides permissions to:
- Read metadata from the table or view.
This role cannot be applied to individual models or routines.
When applied to a dataset, this role provides permissions to:
- List tables and views in the dataset.
- Read metadata from the dataset's tables and views.
When applied at the project or organization level, this role provides permissions to:
- List all datasets and read metadata for all datasets in the project.
- List all tables and views and read metadata for all tables and views
in the project.
Additional roles are necessary to allow the running of jobs.
Lowest-level resources where you can grant this role:
|
bigquery.datasets.get
bigquery.datasets.getIamPolicy
bigquery.models.getMetadata
bigquery.models.list
bigquery.routines.get
bigquery.routines.list
bigquery.tables.get
bigquery.tables.getIamPolicy
bigquery.tables.list
resourcemanager.projects.get
resourcemanager.projects.list
|
BigQuery Read Session User
(roles/bigquery.readSessionUser )
Provides the ability to create and use read sessions.
Lowest-level resources where you can grant this role:
|
bigquery.readsessions.*
- bigquery.readsessions.create
- bigquery.readsessions.getData
- bigquery.readsessions.update
resourcemanager.projects.get
resourcemanager.projects.list
|
BigQuery Resource Admin
(roles/bigquery.resourceAdmin )
Administers BigQuery workloads, including slot assignments, commitments, and reservations.
|
bigquery.bireservations.*
- bigquery.bireservations.get
- bigquery.bireservations.update
bigquery.capacityCommitments.*
- bigquery.capacityCommitments.create
- bigquery.capacityCommitments.delete
- bigquery.capacityCommitments.get
- bigquery.capacityCommitments.list
- bigquery.capacityCommitments.update
bigquery.jobs.get
bigquery.jobs.list
bigquery.jobs.listAll
bigquery.jobs.listExecutionMetadata
bigquery.reservationAssignments.*
- bigquery.reservationAssignments.create
- bigquery.reservationAssignments.delete
- bigquery.reservationAssignments.list
- bigquery.reservationAssignments.search
bigquery.reservations.*
- bigquery.reservations.create
- bigquery.reservations.delete
- bigquery.reservations.get
- bigquery.reservations.list
- bigquery.reservations.update
recommender.bigqueryCapacityCommitmentsInsights.*
- recommender.bigqueryCapacityCommitmentsInsights.get
- recommender.bigqueryCapacityCommitmentsInsights.list
- recommender.bigqueryCapacityCommitmentsInsights.update
recommender.bigqueryCapacityCommitmentsRecommendations.*
- recommender.bigqueryCapacityCommitmentsRecommendations.get
- recommender.bigqueryCapacityCommitmentsRecommendations.list
- recommender.bigqueryCapacityCommitmentsRecommendations.update
resourcemanager.projects.get
resourcemanager.projects.list
|
BigQuery Resource Editor
(roles/bigquery.resourceEditor )
Manages BigQuery workloads, but is unable to create or modify slot commitments.
|
bigquery.bireservations.get
bigquery.capacityCommitments.get
bigquery.capacityCommitments.list
bigquery.jobs.get
bigquery.jobs.list
bigquery.jobs.listAll
bigquery.jobs.listExecutionMetadata
bigquery.reservationAssignments.*
- bigquery.reservationAssignments.create
- bigquery.reservationAssignments.delete
- bigquery.reservationAssignments.list
- bigquery.reservationAssignments.search
bigquery.reservations.*
- bigquery.reservations.create
- bigquery.reservations.delete
- bigquery.reservations.get
- bigquery.reservations.list
- bigquery.reservations.update
resourcemanager.projects.get
resourcemanager.projects.list
|
BigQuery Resource Viewer
(roles/bigquery.resourceViewer )
Can view BigQuery workloads, but cannot create or modify slot reservations or commitments.
|
bigquery.bireservations.get
bigquery.capacityCommitments.get
bigquery.capacityCommitments.list
bigquery.jobs.get
bigquery.jobs.list
bigquery.jobs.listAll
bigquery.jobs.listExecutionMetadata
bigquery.reservationAssignments.list
bigquery.reservationAssignments.search
bigquery.reservations.get
bigquery.reservations.list
resourcemanager.projects.get
resourcemanager.projects.list
|
BigQuery Studio Admin
Beta
(roles/bigquery.studioAdmin )
Combination role of BigQuery Admin, Dataform Admin, and Notebook Runtime Admin.
|
aiplatform.notebookRuntimeTemplates.apply
aiplatform.notebookRuntimeTemplates.create
aiplatform.notebookRuntimeTemplates.delete
aiplatform.notebookRuntimeTemplates.get
aiplatform.notebookRuntimeTemplates.getIamPolicy
aiplatform.notebookRuntimeTemplates.list
aiplatform.notebookRuntimeTemplates.setIamPolicy
aiplatform.notebookRuntimes.*
- aiplatform.notebookRuntimes.assign
- aiplatform.notebookRuntimes.delete
- aiplatform.notebookRuntimes.get
- aiplatform.notebookRuntimes.list
- aiplatform.notebookRuntimes.start
- aiplatform.notebookRuntimes.update
- aiplatform.notebookRuntimes.upgrade
aiplatform.operations.list
bigquery.bireservations.*
- bigquery.bireservations.get
- bigquery.bireservations.update
bigquery.capacityCommitments.*
- bigquery.capacityCommitments.create
- bigquery.capacityCommitments.delete
- bigquery.capacityCommitments.get
- bigquery.capacityCommitments.list
- bigquery.capacityCommitments.update
bigquery.config.*
- bigquery.config.get
- bigquery.config.update
bigquery.connections.*
- bigquery.connections.create
- bigquery.connections.delegate
- bigquery.connections.delete
- bigquery.connections.get
- bigquery.connections.getIamPolicy
- bigquery.connections.list
- bigquery.connections.setIamPolicy
- bigquery.connections.update
- bigquery.connections.updateTag
- bigquery.connections.use
bigquery.dataPolicies.create
bigquery.dataPolicies.delete
bigquery.dataPolicies.get
bigquery.dataPolicies.getIamPolicy
bigquery.dataPolicies.list
bigquery.dataPolicies.setIamPolicy
bigquery.dataPolicies.update
bigquery.datasets.*
- bigquery.datasets.create
- bigquery.datasets.createTagBinding
- bigquery.datasets.delete
- bigquery.datasets.deleteTagBinding
- bigquery.datasets.get
- bigquery.datasets.getIamPolicy
- bigquery.datasets.link
- bigquery.datasets.listEffectiveTags
- bigquery.datasets.listSharedDatasetUsage
- bigquery.datasets.listTagBindings
- bigquery.datasets.setIamPolicy
- bigquery.datasets.update
- bigquery.datasets.updateTag
bigquery.jobs.*
- bigquery.jobs.create
- bigquery.jobs.delete
- bigquery.jobs.get
- bigquery.jobs.list
- bigquery.jobs.listAll
- bigquery.jobs.listExecutionMetadata
- bigquery.jobs.update
bigquery.models.*
- bigquery.models.create
- bigquery.models.delete
- bigquery.models.export
- bigquery.models.getData
- bigquery.models.getMetadata
- bigquery.models.list
- bigquery.models.updateData
- bigquery.models.updateMetadata
- bigquery.models.updateTag
bigquery.readsessions.*
- bigquery.readsessions.create
- bigquery.readsessions.getData
- bigquery.readsessions.update
bigquery.reservationAssignments.*
- bigquery.reservationAssignments.create
- bigquery.reservationAssignments.delete
- bigquery.reservationAssignments.list
- bigquery.reservationAssignments.search
bigquery.reservations.*
- bigquery.reservations.create
- bigquery.reservations.delete
- bigquery.reservations.get
- bigquery.reservations.list
- bigquery.reservations.update
bigquery.routines.*
- bigquery.routines.create
- bigquery.routines.delete
- bigquery.routines.get
- bigquery.routines.list
- bigquery.routines.update
- bigquery.routines.updateTag
bigquery.rowAccessPolicies.create
bigquery.rowAccessPolicies.delete
bigquery.rowAccessPolicies.getIamPolicy
bigquery.rowAccessPolicies.list
bigquery.rowAccessPolicies.overrideTimeTravelRestrictions
bigquery.rowAccessPolicies.setIamPolicy
bigquery.rowAccessPolicies.update
bigquery.savedqueries.*
- bigquery.savedqueries.create
- bigquery.savedqueries.delete
- bigquery.savedqueries.get
- bigquery.savedqueries.list
- bigquery.savedqueries.update
bigquery.tables.*
- bigquery.tables.create
- bigquery.tables.createIndex
- bigquery.tables.createSnapshot
- bigquery.tables.createTagBinding
- bigquery.tables.delete
- bigquery.tables.deleteIndex
- bigquery.tables.deleteSnapshot
- bigquery.tables.deleteTagBinding
- bigquery.tables.export
- bigquery.tables.get
- bigquery.tables.getData
- bigquery.tables.getIamPolicy
- bigquery.tables.list
- bigquery.tables.replicateData
- bigquery.tables.restoreSnapshot
- bigquery.tables.setCategory
- bigquery.tables.setColumnDataPolicy
- bigquery.tables.setIamPolicy
- bigquery.tables.update
- bigquery.tables.updateData
- bigquery.tables.updateTag
bigquery.transfers.*
- bigquery.transfers.get
- bigquery.transfers.update
bigquerymigration.translation.translate
compute.reservations.get
compute.reservations.list
dataform.*
- dataform.compilationResults.create
- dataform.compilationResults.get
- dataform.compilationResults.list
- dataform.compilationResults.query
- dataform.locations.get
- dataform.locations.list
- dataform.releaseConfigs.create
- dataform.releaseConfigs.delete
- dataform.releaseConfigs.get
- dataform.releaseConfigs.list
- dataform.releaseConfigs.update
- dataform.repositories.commit
- dataform.repositories.computeAccessTokenStatus
- dataform.repositories.create
- dataform.repositories.delete
- dataform.repositories.fetchHistory
- dataform.repositories.fetchRemoteBranches
- dataform.repositories.get
- dataform.repositories.getIamPolicy
- dataform.repositories.list
- dataform.repositories.queryDirectoryContents
- dataform.repositories.readFile
- dataform.repositories.setIamPolicy
- dataform.repositories.update
- dataform.workflowConfigs.create
- dataform.workflowConfigs.delete
- dataform.workflowConfigs.get
- dataform.workflowConfigs.list
- dataform.workflowConfigs.update
- dataform.workflowInvocations.cancel
- dataform.workflowInvocations.create
- dataform.workflowInvocations.delete
- dataform.workflowInvocations.get
- dataform.workflowInvocations.list
- dataform.workflowInvocations.query
- dataform.workspaces.commit
- dataform.workspaces.create
- dataform.workspaces.delete
- dataform.workspaces.fetchFileDiff
- dataform.workspaces.fetchFileGitStatuses
- dataform.workspaces.fetchGitAheadBehind
- dataform.workspaces.get
- dataform.workspaces.getIamPolicy
- dataform.workspaces.installNpmPackages
- dataform.workspaces.list
- dataform.workspaces.makeDirectory
- dataform.workspaces.moveDirectory
- dataform.workspaces.moveFile
- dataform.workspaces.pull
- dataform.workspaces.push
- dataform.workspaces.queryDirectoryContents
- dataform.workspaces.readFile
- dataform.workspaces.removeDirectory
- dataform.workspaces.removeFile
- dataform.workspaces.reset
- dataform.workspaces.searchFiles
- dataform.workspaces.setIamPolicy
- dataform.workspaces.writeFile
resourcemanager.projects.get
resourcemanager.projects.list
|
BigQuery Studio User
Beta
(roles/bigquery.studioUser )
Combination role of BigQuery Job User, BigQuery Read Session User, Dataform Code Creator, and Notebook Runtime User.
|
aiplatform.notebookRuntimeTemplates.apply
aiplatform.notebookRuntimeTemplates.get
aiplatform.notebookRuntimeTemplates.getIamPolicy
aiplatform.notebookRuntimeTemplates.list
aiplatform.notebookRuntimes.assign
aiplatform.notebookRuntimes.get
aiplatform.notebookRuntimes.list
aiplatform.operations.list
bigquery.config.get
bigquery.jobs.create
bigquery.readsessions.*
- bigquery.readsessions.create
- bigquery.readsessions.getData
- bigquery.readsessions.update
dataform.locations.*
- dataform.locations.get
- dataform.locations.list
dataform.repositories.create
dataform.repositories.list
resourcemanager.projects.get
resourcemanager.projects.list
|
BigQuery User
(roles/bigquery.user )
When applied to a dataset, this role provides the ability to read the dataset's metadata and list
tables in the dataset.
When applied to a project, this role also provides the ability to run jobs, including queries,
within the project. A principal with this role can enumerate their own jobs, cancel their own jobs, and
enumerate datasets within a project. Additionally, allows the creation of new datasets within the
project; the creator is granted the BigQuery Data Owner role (roles/bigquery.dataOwner )
on these new datasets.
Lowest-level resources where you can grant this role:
|
bigquery.bireservations.get
bigquery.capacityCommitments.get
bigquery.capacityCommitments.list
bigquery.config.get
bigquery.datasets.create
bigquery.datasets.get
bigquery.datasets.getIamPolicy
bigquery.jobs.create
bigquery.jobs.list
bigquery.models.list
bigquery.readsessions.*
- bigquery.readsessions.create
- bigquery.readsessions.getData
- bigquery.readsessions.update
bigquery.reservationAssignments.list
bigquery.reservationAssignments.search
bigquery.reservations.get
bigquery.reservations.list
bigquery.routines.list
bigquery.savedqueries.get
bigquery.savedqueries.list
bigquery.tables.list
bigquery.transfers.get
bigquerymigration.translation.translate
dataform.locations.*
- dataform.locations.get
- dataform.locations.list
dataform.repositories.create
dataform.repositories.list
resourcemanager.projects.get
resourcemanager.projects.list
|
Masked Reader
(roles/bigquerydatapolicy.maskedReader )
Masked read access to sub-resources tagged by the policy tag associated with a data policy, for example, BigQuery columns
|
bigquery.dataPolicies.maskedGet
|