액세스 제어 참조

개요

BigQuery Data Transfer Service는 ID 및 액세스 관리를 사용하여 리소스에 대한 액세스를 관리합니다. 리소스에 대한 액세스 권한을 부여하려면 항목에 BigQuery IAM 역할을 하나 이상 할당합니다. BigQuery Data Transfer Service의 권한은 BigQuery IAM 역할에 통합되어 있습니다.

이 페이지에서는 BigQuery Data Transfer Service ID 및 액세스 관리 권한과 역할을 자세히 설명합니다. BigQuery의 액세스 제어에 대한 자세한 내용은 BigQuery 사전 정의된 역할 및 권한 페이지를 참조하세요.

BigQuery Data Transfer Service 권한

다음 표에서는 BigQuery Data Transfer Service에서 사용할 수 있는 권한을 설명합니다.

권한	설명
`bigquery.transfers.get`	전송 메타데이터를 가져옵니다.
`bigquery.transfers.update`	전송을 생성, 업데이트, 삭제합니다.

역할

다음 표에서는 BigQuery 사전 정의 IAM 역할과 각 역할에 포함된 모든 권한 목록을 보여줍니다. BigQuery Data Transfer Service 권한은 BigQuery 권한과 함께 나열됩니다. 각 권한은 특정 리소스 유형에 적용할 수 있습니다.

Role Permissions

Role	Permissions
BigQuery Admin (`roles/bigquery.admin`) Provides permissions to manage all resources within the project. Can manage all data within the project, and can cancel jobs from other users running within the project. Lowest-level resources where you can grant this role: Datasets Row access policies Tables Views	`bigquery.bireservations.` `bigquery.bireservations.get` `bigquery.bireservations.update` `bigquery.capacityCommitments.` `bigquery.capacityCommitments.create` `bigquery.capacityCommitments.delete` `bigquery.capacityCommitments.get` `bigquery.capacityCommitments.list` `bigquery.capacityCommitments.update` `bigquery.config.` `bigquery.config.get` `bigquery.config.update` `bigquery.connections.` `bigquery.connections.create` `bigquery.connections.delegate` `bigquery.connections.delete` `bigquery.connections.get` `bigquery.connections.getIamPolicy` `bigquery.connections.list` `bigquery.connections.setIamPolicy` `bigquery.connections.update` `bigquery.connections.updateTag` `bigquery.connections.use` `bigquery.dataPolicies.create` `bigquery.dataPolicies.delete` `bigquery.dataPolicies.get` `bigquery.dataPolicies.getIamPolicy` `bigquery.dataPolicies.list` `bigquery.dataPolicies.setIamPolicy` `bigquery.dataPolicies.update` `bigquery.datasets.` `bigquery.datasets.create` `bigquery.datasets.createTagBinding` `bigquery.datasets.delete` `bigquery.datasets.deleteTagBinding` `bigquery.datasets.get` `bigquery.datasets.getIamPolicy` `bigquery.datasets.link` `bigquery.datasets.listEffectiveTags` `bigquery.datasets.listSharedDatasetUsage` `bigquery.datasets.listTagBindings` `bigquery.datasets.setIamPolicy` `bigquery.datasets.update` `bigquery.datasets.updateTag` `bigquery.jobs.` `bigquery.jobs.create` `bigquery.jobs.delete` `bigquery.jobs.get` `bigquery.jobs.list` `bigquery.jobs.listAll` `bigquery.jobs.listExecutionMetadata` `bigquery.jobs.update` `bigquery.models.` `bigquery.models.create` `bigquery.models.delete` `bigquery.models.export` `bigquery.models.getData` `bigquery.models.getMetadata` `bigquery.models.list` `bigquery.models.updateData` `bigquery.models.updateMetadata` `bigquery.models.updateTag` `bigquery.readsessions.` `bigquery.readsessions.create` `bigquery.readsessions.getData` `bigquery.readsessions.update` `bigquery.reservationAssignments.` `bigquery.reservationAssignments.create` `bigquery.reservationAssignments.delete` `bigquery.reservationAssignments.list` `bigquery.reservationAssignments.search` `bigquery.reservations.` `bigquery.reservations.create` `bigquery.reservations.delete` `bigquery.reservations.get` `bigquery.reservations.list` `bigquery.reservations.update` `bigquery.routines.` `bigquery.routines.create` `bigquery.routines.delete` `bigquery.routines.get` `bigquery.routines.list` `bigquery.routines.update` `bigquery.routines.updateTag` `bigquery.rowAccessPolicies.create` `bigquery.rowAccessPolicies.delete` `bigquery.rowAccessPolicies.getIamPolicy` `bigquery.rowAccessPolicies.list` `bigquery.rowAccessPolicies.overrideTimeTravelRestrictions` `bigquery.rowAccessPolicies.setIamPolicy` `bigquery.rowAccessPolicies.update` `bigquery.savedqueries.` `bigquery.savedqueries.create` `bigquery.savedqueries.delete` `bigquery.savedqueries.get` `bigquery.savedqueries.list` `bigquery.savedqueries.update` `bigquery.tables.` `bigquery.tables.create` `bigquery.tables.createIndex` `bigquery.tables.createSnapshot` `bigquery.tables.createTagBinding` `bigquery.tables.delete` `bigquery.tables.deleteIndex` `bigquery.tables.deleteSnapshot` `bigquery.tables.deleteTagBinding` `bigquery.tables.export` `bigquery.tables.get` `bigquery.tables.getData` `bigquery.tables.getIamPolicy` `bigquery.tables.list` `bigquery.tables.replicateData` `bigquery.tables.restoreSnapshot` `bigquery.tables.setCategory` `bigquery.tables.setColumnDataPolicy` `bigquery.tables.setIamPolicy` `bigquery.tables.update` `bigquery.tables.updateData` `bigquery.tables.updateTag` `bigquery.transfers.` `bigquery.transfers.get` `bigquery.transfers.update` `bigquerymigration.translation.translate` `dataform.*` `dataform.compilationResults.create` `dataform.compilationResults.get` `dataform.compilationResults.list` `dataform.compilationResults.query` `dataform.locations.get` `dataform.locations.list` `dataform.releaseConfigs.create` `dataform.releaseConfigs.delete` `dataform.releaseConfigs.get` `dataform.releaseConfigs.list` `dataform.releaseConfigs.update` `dataform.repositories.commit` `dataform.repositories.computeAccessTokenStatus` `dataform.repositories.create` `dataform.repositories.delete` `dataform.repositories.fetchHistory` `dataform.repositories.fetchRemoteBranches` `dataform.repositories.get` `dataform.repositories.getIamPolicy` `dataform.repositories.list` `dataform.repositories.queryDirectoryContents` `dataform.repositories.readFile` `dataform.repositories.setIamPolicy` `dataform.repositories.update` `dataform.workflowConfigs.create` `dataform.workflowConfigs.delete` `dataform.workflowConfigs.get` `dataform.workflowConfigs.list` `dataform.workflowConfigs.update` `dataform.workflowInvocations.cancel` `dataform.workflowInvocations.create` `dataform.workflowInvocations.delete` `dataform.workflowInvocations.get` `dataform.workflowInvocations.list` `dataform.workflowInvocations.query` `dataform.workspaces.commit` `dataform.workspaces.create` `dataform.workspaces.delete` `dataform.workspaces.fetchFileDiff` `dataform.workspaces.fetchFileGitStatuses` `dataform.workspaces.fetchGitAheadBehind` `dataform.workspaces.get` `dataform.workspaces.getIamPolicy` `dataform.workspaces.installNpmPackages` `dataform.workspaces.list` `dataform.workspaces.makeDirectory` `dataform.workspaces.moveDirectory` `dataform.workspaces.moveFile` `dataform.workspaces.pull` `dataform.workspaces.push` `dataform.workspaces.queryDirectoryContents` `dataform.workspaces.readFile` `dataform.workspaces.removeDirectory` `dataform.workspaces.removeFile` `dataform.workspaces.reset` `dataform.workspaces.searchFiles` `dataform.workspaces.setIamPolicy` `dataform.workspaces.writeFile` `resourcemanager.projects.get` `resourcemanager.projects.list`
BigQuery Connection Admin (`roles/bigquery.connectionAdmin`)	`bigquery.connections.*` `bigquery.connections.create` `bigquery.connections.delegate` `bigquery.connections.delete` `bigquery.connections.get` `bigquery.connections.getIamPolicy` `bigquery.connections.list` `bigquery.connections.setIamPolicy` `bigquery.connections.update` `bigquery.connections.updateTag` `bigquery.connections.use`
BigQuery Connection User (`roles/bigquery.connectionUser`)	`bigquery.connections.get` `bigquery.connections.getIamPolicy` `bigquery.connections.list` `bigquery.connections.use`
BigQuery Data Editor (`roles/bigquery.dataEditor`) When applied to a table or view, this role provides permissions to: Read and update data and metadata for the table or view. Delete the table or view. This role cannot be applied to individual models or routines. When applied to a dataset, this role provides permissions to: Read the dataset's metadata and list tables in the dataset. Create, update, get, and delete the dataset's tables. When applied at the project or organization level, this role can also create new datasets. Lowest-level resources where you can grant this role: Table View	`bigquery.config.get` `bigquery.datasets.create` `bigquery.datasets.get` `bigquery.datasets.getIamPolicy` `bigquery.datasets.updateTag` `bigquery.models.` `bigquery.models.create` `bigquery.models.delete` `bigquery.models.export` `bigquery.models.getData` `bigquery.models.getMetadata` `bigquery.models.list` `bigquery.models.updateData` `bigquery.models.updateMetadata` `bigquery.models.updateTag` `bigquery.routines.` `bigquery.routines.create` `bigquery.routines.delete` `bigquery.routines.get` `bigquery.routines.list` `bigquery.routines.update` `bigquery.routines.updateTag` `bigquery.tables.create` `bigquery.tables.createIndex` `bigquery.tables.createSnapshot` `bigquery.tables.delete` `bigquery.tables.deleteIndex` `bigquery.tables.export` `bigquery.tables.get` `bigquery.tables.getData` `bigquery.tables.getIamPolicy` `bigquery.tables.list` `bigquery.tables.replicateData` `bigquery.tables.restoreSnapshot` `bigquery.tables.update` `bigquery.tables.updateData` `bigquery.tables.updateTag` `resourcemanager.projects.get` `resourcemanager.projects.list`
BigQuery Data Owner (`roles/bigquery.dataOwner`) When applied to a table or view, this role provides permissions to: Read and update data and metadata for the table or view. Share the table or view. Delete the table or view. This role cannot be applied to individual models or routines. When applied to a dataset, this role provides permissions to: Read, update, and delete the dataset. Create, update, get, and delete the dataset's tables. When applied at the project or organization level, this role can also create new datasets. Lowest-level resources where you can grant this role: Table View	`bigquery.config.get` `bigquery.dataPolicies.create` `bigquery.dataPolicies.delete` `bigquery.dataPolicies.get` `bigquery.dataPolicies.getIamPolicy` `bigquery.dataPolicies.list` `bigquery.dataPolicies.setIamPolicy` `bigquery.dataPolicies.update` `bigquery.datasets.` `bigquery.datasets.create` `bigquery.datasets.createTagBinding` `bigquery.datasets.delete` `bigquery.datasets.deleteTagBinding` `bigquery.datasets.get` `bigquery.datasets.getIamPolicy` `bigquery.datasets.link` `bigquery.datasets.listEffectiveTags` `bigquery.datasets.listSharedDatasetUsage` `bigquery.datasets.listTagBindings` `bigquery.datasets.setIamPolicy` `bigquery.datasets.update` `bigquery.datasets.updateTag` `bigquery.models.` `bigquery.models.create` `bigquery.models.delete` `bigquery.models.export` `bigquery.models.getData` `bigquery.models.getMetadata` `bigquery.models.list` `bigquery.models.updateData` `bigquery.models.updateMetadata` `bigquery.models.updateTag` `bigquery.routines.` `bigquery.routines.create` `bigquery.routines.delete` `bigquery.routines.get` `bigquery.routines.list` `bigquery.routines.update` `bigquery.routines.updateTag` `bigquery.rowAccessPolicies.create` `bigquery.rowAccessPolicies.delete` `bigquery.rowAccessPolicies.getIamPolicy` `bigquery.rowAccessPolicies.list` `bigquery.rowAccessPolicies.setIamPolicy` `bigquery.rowAccessPolicies.update` `bigquery.tables.` `bigquery.tables.create` `bigquery.tables.createIndex` `bigquery.tables.createSnapshot` `bigquery.tables.createTagBinding` `bigquery.tables.delete` `bigquery.tables.deleteIndex` `bigquery.tables.deleteSnapshot` `bigquery.tables.deleteTagBinding` `bigquery.tables.export` `bigquery.tables.get` `bigquery.tables.getData` `bigquery.tables.getIamPolicy` `bigquery.tables.list` `bigquery.tables.replicateData` `bigquery.tables.restoreSnapshot` `bigquery.tables.setCategory` `bigquery.tables.setColumnDataPolicy` `bigquery.tables.setIamPolicy` `bigquery.tables.update` `bigquery.tables.updateData` `bigquery.tables.updateTag` `resourcemanager.projects.get` `resourcemanager.projects.list`
BigQuery Data Viewer (`roles/bigquery.dataViewer`) When applied to a table or view, this role provides permissions to: Read data and metadata from the table or view. This role cannot be applied to individual models or routines. When applied to a dataset, this role provides permissions to list all of the resources in the dataset (such as tables, views, snapshots, models, and routines) and to read their data and metadata with applicable APIs and in queries. When applied at the project or organization level, this role can also enumerate all datasets in the project. Additional roles, however, are necessary to allow the running of jobs. Lowest-level resources where you can grant this role: Table View	`bigquery.datasets.get` `bigquery.datasets.getIamPolicy` `bigquery.models.export` `bigquery.models.getData` `bigquery.models.getMetadata` `bigquery.models.list` `bigquery.routines.get` `bigquery.routines.list` `bigquery.tables.createSnapshot` `bigquery.tables.export` `bigquery.tables.get` `bigquery.tables.getData` `bigquery.tables.getIamPolicy` `bigquery.tables.list` `bigquery.tables.replicateData` `resourcemanager.projects.get` `resourcemanager.projects.list`
BigQuery Filtered Data Viewer (`roles/bigquery.filteredDataViewer`) Access to view filtered table data defined by a row access policy	`bigquery.rowAccessPolicies.getFilteredData`
BigQuery Job User (`roles/bigquery.jobUser`) Provides permissions to run jobs, including queries, within the project. Lowest-level resources where you can grant this role: Project	`bigquery.config.get` `bigquery.jobs.create` `dataform.locations.*` `dataform.locations.get` `dataform.locations.list` `dataform.repositories.create` `dataform.repositories.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
BigQuery Metadata Viewer (`roles/bigquery.metadataViewer`) When applied to a table or view, this role provides permissions to: Read metadata from the table or view. This role cannot be applied to individual models or routines. When applied to a dataset, this role provides permissions to: List tables and views in the dataset. Read metadata from the dataset's tables and views. When applied at the project or organization level, this role provides permissions to: List all datasets and read metadata for all datasets in the project. List all tables and views and read metadata for all tables and views in the project. Additional roles are necessary to allow the running of jobs. Lowest-level resources where you can grant this role: Table View	`bigquery.datasets.get` `bigquery.datasets.getIamPolicy` `bigquery.models.getMetadata` `bigquery.models.list` `bigquery.routines.get` `bigquery.routines.list` `bigquery.tables.get` `bigquery.tables.getIamPolicy` `bigquery.tables.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
BigQuery Read Session User (`roles/bigquery.readSessionUser`) Provides the ability to create and use read sessions. Lowest-level resources where you can grant this role: Project	`bigquery.readsessions.*` `bigquery.readsessions.create` `bigquery.readsessions.getData` `bigquery.readsessions.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
BigQuery Resource Admin (`roles/bigquery.resourceAdmin`) Administers BigQuery workloads, including slot assignments, commitments, and reservations.	`bigquery.bireservations.` `bigquery.bireservations.get` `bigquery.bireservations.update` `bigquery.capacityCommitments.` `bigquery.capacityCommitments.create` `bigquery.capacityCommitments.delete` `bigquery.capacityCommitments.get` `bigquery.capacityCommitments.list` `bigquery.capacityCommitments.update` `bigquery.jobs.get` `bigquery.jobs.list` `bigquery.jobs.listAll` `bigquery.jobs.listExecutionMetadata` `bigquery.reservationAssignments.` `bigquery.reservationAssignments.create` `bigquery.reservationAssignments.delete` `bigquery.reservationAssignments.list` `bigquery.reservationAssignments.search` `bigquery.reservations.` `bigquery.reservations.create` `bigquery.reservations.delete` `bigquery.reservations.get` `bigquery.reservations.list` `bigquery.reservations.update` `recommender.bigqueryCapacityCommitmentsInsights.` `recommender.bigqueryCapacityCommitmentsInsights.get` `recommender.bigqueryCapacityCommitmentsInsights.list` `recommender.bigqueryCapacityCommitmentsInsights.update` `recommender.bigqueryCapacityCommitmentsRecommendations.` `recommender.bigqueryCapacityCommitmentsRecommendations.get` `recommender.bigqueryCapacityCommitmentsRecommendations.list` `recommender.bigqueryCapacityCommitmentsRecommendations.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
BigQuery Resource Editor (`roles/bigquery.resourceEditor`) Manages BigQuery workloads, but is unable to create or modify slot commitments.	`bigquery.bireservations.get` `bigquery.capacityCommitments.get` `bigquery.capacityCommitments.list` `bigquery.jobs.get` `bigquery.jobs.list` `bigquery.jobs.listAll` `bigquery.jobs.listExecutionMetadata` `bigquery.reservationAssignments.` `bigquery.reservationAssignments.create` `bigquery.reservationAssignments.delete` `bigquery.reservationAssignments.list` `bigquery.reservationAssignments.search` `bigquery.reservations.` `bigquery.reservations.create` `bigquery.reservations.delete` `bigquery.reservations.get` `bigquery.reservations.list` `bigquery.reservations.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
BigQuery Resource Viewer (`roles/bigquery.resourceViewer`) Can view BigQuery workloads, but cannot create or modify slot reservations or commitments.	`bigquery.bireservations.get` `bigquery.capacityCommitments.get` `bigquery.capacityCommitments.list` `bigquery.jobs.get` `bigquery.jobs.list` `bigquery.jobs.listAll` `bigquery.jobs.listExecutionMetadata` `bigquery.reservationAssignments.list` `bigquery.reservationAssignments.search` `bigquery.reservations.get` `bigquery.reservations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
BigQuery Studio Admin (`roles/bigquery.studioAdmin`) Combination role of BigQuery Admin, Dataform Admin, and Notebook Runtime Admin.	`aiplatform.notebookRuntimeTemplates.apply` `aiplatform.notebookRuntimeTemplates.create` `aiplatform.notebookRuntimeTemplates.delete` `aiplatform.notebookRuntimeTemplates.get` `aiplatform.notebookRuntimeTemplates.getIamPolicy` `aiplatform.notebookRuntimeTemplates.list` `aiplatform.notebookRuntimeTemplates.setIamPolicy` `aiplatform.notebookRuntimes.` `aiplatform.notebookRuntimes.assign` `aiplatform.notebookRuntimes.delete` `aiplatform.notebookRuntimes.get` `aiplatform.notebookRuntimes.list` `aiplatform.notebookRuntimes.start` `aiplatform.notebookRuntimes.update` `aiplatform.notebookRuntimes.upgrade` `aiplatform.operations.list` `bigquery.bireservations.` `bigquery.bireservations.get` `bigquery.bireservations.update` `bigquery.capacityCommitments.` `bigquery.capacityCommitments.create` `bigquery.capacityCommitments.delete` `bigquery.capacityCommitments.get` `bigquery.capacityCommitments.list` `bigquery.capacityCommitments.update` `bigquery.config.` `bigquery.config.get` `bigquery.config.update` `bigquery.connections.` `bigquery.connections.create` `bigquery.connections.delegate` `bigquery.connections.delete` `bigquery.connections.get` `bigquery.connections.getIamPolicy` `bigquery.connections.list` `bigquery.connections.setIamPolicy` `bigquery.connections.update` `bigquery.connections.updateTag` `bigquery.connections.use` `bigquery.dataPolicies.create` `bigquery.dataPolicies.delete` `bigquery.dataPolicies.get` `bigquery.dataPolicies.getIamPolicy` `bigquery.dataPolicies.list` `bigquery.dataPolicies.setIamPolicy` `bigquery.dataPolicies.update` `bigquery.datasets.` `bigquery.datasets.create` `bigquery.datasets.createTagBinding` `bigquery.datasets.delete` `bigquery.datasets.deleteTagBinding` `bigquery.datasets.get` `bigquery.datasets.getIamPolicy` `bigquery.datasets.link` `bigquery.datasets.listEffectiveTags` `bigquery.datasets.listSharedDatasetUsage` `bigquery.datasets.listTagBindings` `bigquery.datasets.setIamPolicy` `bigquery.datasets.update` `bigquery.datasets.updateTag` `bigquery.jobs.` `bigquery.jobs.create` `bigquery.jobs.delete` `bigquery.jobs.get` `bigquery.jobs.list` `bigquery.jobs.listAll` `bigquery.jobs.listExecutionMetadata` `bigquery.jobs.update` `bigquery.models.` `bigquery.models.create` `bigquery.models.delete` `bigquery.models.export` `bigquery.models.getData` `bigquery.models.getMetadata` `bigquery.models.list` `bigquery.models.updateData` `bigquery.models.updateMetadata` `bigquery.models.updateTag` `bigquery.readsessions.` `bigquery.readsessions.create` `bigquery.readsessions.getData` `bigquery.readsessions.update` `bigquery.reservationAssignments.` `bigquery.reservationAssignments.create` `bigquery.reservationAssignments.delete` `bigquery.reservationAssignments.list` `bigquery.reservationAssignments.search` `bigquery.reservations.` `bigquery.reservations.create` `bigquery.reservations.delete` `bigquery.reservations.get` `bigquery.reservations.list` `bigquery.reservations.update` `bigquery.routines.` `bigquery.routines.create` `bigquery.routines.delete` `bigquery.routines.get` `bigquery.routines.list` `bigquery.routines.update` `bigquery.routines.updateTag` `bigquery.rowAccessPolicies.create` `bigquery.rowAccessPolicies.delete` `bigquery.rowAccessPolicies.getIamPolicy` `bigquery.rowAccessPolicies.list` `bigquery.rowAccessPolicies.overrideTimeTravelRestrictions` `bigquery.rowAccessPolicies.setIamPolicy` `bigquery.rowAccessPolicies.update` `bigquery.savedqueries.` `bigquery.savedqueries.create` `bigquery.savedqueries.delete` `bigquery.savedqueries.get` `bigquery.savedqueries.list` `bigquery.savedqueries.update` `bigquery.tables.` `bigquery.tables.create` `bigquery.tables.createIndex` `bigquery.tables.createSnapshot` `bigquery.tables.createTagBinding` `bigquery.tables.delete` `bigquery.tables.deleteIndex` `bigquery.tables.deleteSnapshot` `bigquery.tables.deleteTagBinding` `bigquery.tables.export` `bigquery.tables.get` `bigquery.tables.getData` `bigquery.tables.getIamPolicy` `bigquery.tables.list` `bigquery.tables.replicateData` `bigquery.tables.restoreSnapshot` `bigquery.tables.setCategory` `bigquery.tables.setColumnDataPolicy` `bigquery.tables.setIamPolicy` `bigquery.tables.update` `bigquery.tables.updateData` `bigquery.tables.updateTag` `bigquery.transfers.` `bigquery.transfers.get` `bigquery.transfers.update` `bigquerymigration.translation.translate` `compute.reservations.get` `compute.reservations.list` `dataform.` `dataform.compilationResults.create` `dataform.compilationResults.get` `dataform.compilationResults.list` `dataform.compilationResults.query` `dataform.locations.get` `dataform.locations.list` `dataform.releaseConfigs.create` `dataform.releaseConfigs.delete` `dataform.releaseConfigs.get` `dataform.releaseConfigs.list` `dataform.releaseConfigs.update` `dataform.repositories.commit` `dataform.repositories.computeAccessTokenStatus` `dataform.repositories.create` `dataform.repositories.delete` `dataform.repositories.fetchHistory` `dataform.repositories.fetchRemoteBranches` `dataform.repositories.get` `dataform.repositories.getIamPolicy` `dataform.repositories.list` `dataform.repositories.queryDirectoryContents` `dataform.repositories.readFile` `dataform.repositories.setIamPolicy` `dataform.repositories.update` `dataform.workflowConfigs.create` `dataform.workflowConfigs.delete` `dataform.workflowConfigs.get` `dataform.workflowConfigs.list` `dataform.workflowConfigs.update` `dataform.workflowInvocations.cancel` `dataform.workflowInvocations.create` `dataform.workflowInvocations.delete` `dataform.workflowInvocations.get` `dataform.workflowInvocations.list` `dataform.workflowInvocations.query` `dataform.workspaces.commit` `dataform.workspaces.create` `dataform.workspaces.delete` `dataform.workspaces.fetchFileDiff` `dataform.workspaces.fetchFileGitStatuses` `dataform.workspaces.fetchGitAheadBehind` `dataform.workspaces.get` `dataform.workspaces.getIamPolicy` `dataform.workspaces.installNpmPackages` `dataform.workspaces.list` `dataform.workspaces.makeDirectory` `dataform.workspaces.moveDirectory` `dataform.workspaces.moveFile` `dataform.workspaces.pull` `dataform.workspaces.push` `dataform.workspaces.queryDirectoryContents` `dataform.workspaces.readFile` `dataform.workspaces.removeDirectory` `dataform.workspaces.removeFile` `dataform.workspaces.reset` `dataform.workspaces.searchFiles` `dataform.workspaces.setIamPolicy` `dataform.workspaces.writeFile` `resourcemanager.projects.get` `resourcemanager.projects.list`
BigQuery Studio User (`roles/bigquery.studioUser`) Combination role of BigQuery Job User, BigQuery Read Session User, Dataform Code Creator, and Notebook Runtime User.	`aiplatform.notebookRuntimeTemplates.apply` `aiplatform.notebookRuntimeTemplates.get` `aiplatform.notebookRuntimeTemplates.getIamPolicy` `aiplatform.notebookRuntimeTemplates.list` `aiplatform.notebookRuntimes.assign` `aiplatform.notebookRuntimes.get` `aiplatform.notebookRuntimes.list` `aiplatform.operations.list` `bigquery.config.get` `bigquery.jobs.create` `bigquery.readsessions.` `bigquery.readsessions.create` `bigquery.readsessions.getData` `bigquery.readsessions.update` `dataform.locations.` `dataform.locations.get` `dataform.locations.list` `dataform.repositories.create` `dataform.repositories.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
BigQuery User (`roles/bigquery.user`) When applied to a dataset, this role provides the ability to read the dataset's metadata and list tables in the dataset. When applied to a project, this role also provides the ability to run jobs, including queries, within the project. A principal with this role can enumerate their own jobs, cancel their own jobs, and enumerate datasets within a project. Additionally, allows the creation of new datasets within the project; the creator is granted the BigQuery Data Owner role (`roles/bigquery.dataOwner`) on these new datasets. Lowest-level resources where you can grant this role: Dataset	`bigquery.bireservations.get` `bigquery.capacityCommitments.get` `bigquery.capacityCommitments.list` `bigquery.config.get` `bigquery.datasets.create` `bigquery.datasets.get` `bigquery.datasets.getIamPolicy` `bigquery.jobs.create` `bigquery.jobs.list` `bigquery.models.list` `bigquery.readsessions.` `bigquery.readsessions.create` `bigquery.readsessions.getData` `bigquery.readsessions.update` `bigquery.reservationAssignments.list` `bigquery.reservationAssignments.search` `bigquery.reservations.get` `bigquery.reservations.list` `bigquery.routines.list` `bigquery.savedqueries.get` `bigquery.savedqueries.list` `bigquery.tables.list` `bigquery.transfers.get` `bigquerymigration.translation.translate` `dataform.locations.` `dataform.locations.get` `dataform.locations.list` `dataform.repositories.create` `dataform.repositories.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Masked Reader (`roles/bigquerydatapolicy.maskedReader`) Masked read access to sub-resources tagged by the policy tag associated with a data policy, for example, BigQuery columns	`bigquery.dataPolicies.maskedGet`

BigQuery Admin

(roles/bigquery.admin)

Provides permissions to manage all resources within the project. Can manage all data within the project, and can cancel jobs from other users running within the project.

Lowest-level resources where you can grant this role:

Datasets
Row access policies
Tables
Views

bigquery.bireservations.*

bigquery.bireservations.get
bigquery.bireservations.update

bigquery.capacityCommitments.*

bigquery.capacityCommitments.create
bigquery.capacityCommitments.delete
bigquery.capacityCommitments.get
bigquery.capacityCommitments.list
bigquery.capacityCommitments.update

bigquery.config.*

bigquery.config.get
bigquery.config.update

bigquery.connections.*

bigquery.connections.create
bigquery.connections.delegate
bigquery.connections.delete
bigquery.connections.get
bigquery.connections.getIamPolicy
bigquery.connections.list
bigquery.connections.setIamPolicy
bigquery.connections.update
bigquery.connections.updateTag
bigquery.connections.use

bigquery.dataPolicies.create

bigquery.dataPolicies.delete

bigquery.dataPolicies.get

bigquery.dataPolicies.getIamPolicy

bigquery.dataPolicies.list

bigquery.dataPolicies.setIamPolicy

bigquery.dataPolicies.update

bigquery.datasets.*

bigquery.datasets.create
bigquery.datasets.createTagBinding
bigquery.datasets.delete
bigquery.datasets.deleteTagBinding
bigquery.datasets.get
bigquery.datasets.getIamPolicy
bigquery.datasets.link
bigquery.datasets.listEffectiveTags
bigquery.datasets.listSharedDatasetUsage
bigquery.datasets.listTagBindings
bigquery.datasets.setIamPolicy
bigquery.datasets.update
bigquery.datasets.updateTag

bigquery.jobs.*

bigquery.jobs.create
bigquery.jobs.delete
bigquery.jobs.get
bigquery.jobs.list
bigquery.jobs.listAll
bigquery.jobs.listExecutionMetadata
bigquery.jobs.update

bigquery.models.*

bigquery.models.create
bigquery.models.delete
bigquery.models.export
bigquery.models.getData
bigquery.models.getMetadata
bigquery.models.list
bigquery.models.updateData
bigquery.models.updateMetadata
bigquery.models.updateTag

bigquery.readsessions.*

bigquery.readsessions.create
bigquery.readsessions.getData
bigquery.readsessions.update

bigquery.reservationAssignments.*

bigquery.reservationAssignments.create
bigquery.reservationAssignments.delete
bigquery.reservationAssignments.list
bigquery.reservationAssignments.search

bigquery.reservations.*

bigquery.reservations.create
bigquery.reservations.delete
bigquery.reservations.get
bigquery.reservations.list
bigquery.reservations.update

bigquery.routines.*

bigquery.routines.create
bigquery.routines.delete
bigquery.routines.get
bigquery.routines.list
bigquery.routines.update
bigquery.routines.updateTag

bigquery.rowAccessPolicies.create

bigquery.rowAccessPolicies.delete

bigquery.rowAccessPolicies.getIamPolicy

bigquery.rowAccessPolicies.list

bigquery.rowAccessPolicies.overrideTimeTravelRestrictions

bigquery.rowAccessPolicies.setIamPolicy

bigquery.rowAccessPolicies.update

bigquery.savedqueries.*

bigquery.savedqueries.create
bigquery.savedqueries.delete
bigquery.savedqueries.get
bigquery.savedqueries.list
bigquery.savedqueries.update

bigquery.tables.*

bigquery.tables.create
bigquery.tables.createIndex
bigquery.tables.createSnapshot
bigquery.tables.createTagBinding
bigquery.tables.delete
bigquery.tables.deleteIndex
bigquery.tables.deleteSnapshot
bigquery.tables.deleteTagBinding
bigquery.tables.export
bigquery.tables.get
bigquery.tables.getData
bigquery.tables.getIamPolicy
bigquery.tables.list
bigquery.tables.replicateData
bigquery.tables.restoreSnapshot
bigquery.tables.setCategory
bigquery.tables.setColumnDataPolicy
bigquery.tables.setIamPolicy
bigquery.tables.update
bigquery.tables.updateData
bigquery.tables.updateTag

bigquery.transfers.*

bigquery.transfers.get
bigquery.transfers.update

bigquerymigration.translation.translate

dataform.*

dataform.compilationResults.create
dataform.compilationResults.get
dataform.compilationResults.list
dataform.compilationResults.query
dataform.locations.get
dataform.locations.list
dataform.releaseConfigs.create
dataform.releaseConfigs.delete
dataform.releaseConfigs.get
dataform.releaseConfigs.list
dataform.releaseConfigs.update
dataform.repositories.commit
dataform.repositories.computeAccessTokenStatus
dataform.repositories.create
dataform.repositories.delete
dataform.repositories.fetchHistory
dataform.repositories.fetchRemoteBranches
dataform.repositories.get
dataform.repositories.getIamPolicy
dataform.repositories.list
dataform.repositories.queryDirectoryContents
dataform.repositories.readFile
dataform.repositories.setIamPolicy
dataform.repositories.update
dataform.workflowConfigs.create
dataform.workflowConfigs.delete
dataform.workflowConfigs.get
dataform.workflowConfigs.list
dataform.workflowConfigs.update
dataform.workflowInvocations.cancel
dataform.workflowInvocations.create
dataform.workflowInvocations.delete
dataform.workflowInvocations.get
dataform.workflowInvocations.list
dataform.workflowInvocations.query
dataform.workspaces.commit
dataform.workspaces.create
dataform.workspaces.delete
dataform.workspaces.fetchFileDiff
dataform.workspaces.fetchFileGitStatuses
dataform.workspaces.fetchGitAheadBehind
dataform.workspaces.get
dataform.workspaces.getIamPolicy
dataform.workspaces.installNpmPackages
dataform.workspaces.list
dataform.workspaces.makeDirectory
dataform.workspaces.moveDirectory
dataform.workspaces.moveFile
dataform.workspaces.pull
dataform.workspaces.push
dataform.workspaces.queryDirectoryContents
dataform.workspaces.readFile
dataform.workspaces.removeDirectory
dataform.workspaces.removeFile
dataform.workspaces.reset
dataform.workspaces.searchFiles
dataform.workspaces.setIamPolicy
dataform.workspaces.writeFile

resourcemanager.projects.get

resourcemanager.projects.list

BigQuery Connection Admin

(roles/bigquery.connectionAdmin)

bigquery.connections.*

bigquery.connections.create
bigquery.connections.delegate
bigquery.connections.delete
bigquery.connections.get
bigquery.connections.getIamPolicy
bigquery.connections.list
bigquery.connections.setIamPolicy
bigquery.connections.update
bigquery.connections.updateTag
bigquery.connections.use

BigQuery Connection User

(roles/bigquery.connectionUser)

bigquery.connections.get

bigquery.connections.getIamPolicy

bigquery.connections.list

bigquery.connections.use

BigQuery Data Editor

(roles/bigquery.dataEditor)

When applied to a table or view, this role provides permissions to:

Read and update data and metadata for the table or view.
Delete the table or view.

This role cannot be applied to individual models or routines.

When applied to a dataset, this role provides permissions to:

Read the dataset's metadata and list tables in the dataset.
Create, update, get, and delete the dataset's tables.

When applied at the project or organization level, this role can also create new datasets.

Lowest-level resources where you can grant this role:

Table
View

bigquery.config.get

bigquery.datasets.create

bigquery.datasets.get

bigquery.datasets.getIamPolicy

bigquery.datasets.updateTag

bigquery.models.*

bigquery.models.create
bigquery.models.delete
bigquery.models.export
bigquery.models.getData
bigquery.models.getMetadata
bigquery.models.list
bigquery.models.updateData
bigquery.models.updateMetadata
bigquery.models.updateTag

bigquery.routines.*

bigquery.routines.create
bigquery.routines.delete
bigquery.routines.get
bigquery.routines.list
bigquery.routines.update
bigquery.routines.updateTag

bigquery.tables.create

bigquery.tables.createIndex

bigquery.tables.createSnapshot

bigquery.tables.delete

bigquery.tables.deleteIndex

bigquery.tables.export

bigquery.tables.get

bigquery.tables.getData

bigquery.tables.getIamPolicy

bigquery.tables.list

bigquery.tables.replicateData

bigquery.tables.restoreSnapshot

bigquery.tables.update

bigquery.tables.updateData

bigquery.tables.updateTag

resourcemanager.projects.get

resourcemanager.projects.list

BigQuery Data Owner

(roles/bigquery.dataOwner)

When applied to a table or view, this role provides permissions to:

Read and update data and metadata for the table or view.
Share the table or view.
Delete the table or view.

This role cannot be applied to individual models or routines.

When applied to a dataset, this role provides permissions to:

Read, update, and delete the dataset.
Create, update, get, and delete the dataset's tables.

When applied at the project or organization level, this role can also create new datasets.

Lowest-level resources where you can grant this role:

Table
View

bigquery.config.get

bigquery.dataPolicies.create

bigquery.dataPolicies.delete

bigquery.dataPolicies.get

bigquery.dataPolicies.getIamPolicy

bigquery.dataPolicies.list

bigquery.dataPolicies.setIamPolicy

bigquery.dataPolicies.update

bigquery.datasets.*

bigquery.datasets.create
bigquery.datasets.createTagBinding
bigquery.datasets.delete
bigquery.datasets.deleteTagBinding
bigquery.datasets.get
bigquery.datasets.getIamPolicy
bigquery.datasets.link
bigquery.datasets.listEffectiveTags
bigquery.datasets.listSharedDatasetUsage
bigquery.datasets.listTagBindings
bigquery.datasets.setIamPolicy
bigquery.datasets.update
bigquery.datasets.updateTag

bigquery.models.*

bigquery.models.create
bigquery.models.delete
bigquery.models.export
bigquery.models.getData
bigquery.models.getMetadata
bigquery.models.list
bigquery.models.updateData
bigquery.models.updateMetadata
bigquery.models.updateTag

bigquery.routines.*

bigquery.routines.create
bigquery.routines.delete
bigquery.routines.get
bigquery.routines.list
bigquery.routines.update
bigquery.routines.updateTag

bigquery.rowAccessPolicies.create

bigquery.rowAccessPolicies.delete

bigquery.rowAccessPolicies.getIamPolicy

bigquery.rowAccessPolicies.list

bigquery.rowAccessPolicies.setIamPolicy

bigquery.rowAccessPolicies.update

bigquery.tables.*

bigquery.tables.create
bigquery.tables.createIndex
bigquery.tables.createSnapshot
bigquery.tables.createTagBinding
bigquery.tables.delete
bigquery.tables.deleteIndex
bigquery.tables.deleteSnapshot
bigquery.tables.deleteTagBinding
bigquery.tables.export
bigquery.tables.get
bigquery.tables.getData
bigquery.tables.getIamPolicy
bigquery.tables.list
bigquery.tables.replicateData
bigquery.tables.restoreSnapshot
bigquery.tables.setCategory
bigquery.tables.setColumnDataPolicy
bigquery.tables.setIamPolicy
bigquery.tables.update
bigquery.tables.updateData
bigquery.tables.updateTag

resourcemanager.projects.get

resourcemanager.projects.list

BigQuery Data Viewer

(roles/bigquery.dataViewer)

When applied to a table or view, this role provides permissions to:

Read data and metadata from the table or view.

This role cannot be applied to individual models or routines.

When applied to a dataset, this role provides permissions to list all of the resources in the dataset (such as tables, views, snapshots, models, and routines) and to read their data and metadata with applicable APIs and in queries.

When applied at the project or organization level, this role can also enumerate all datasets in the project. Additional roles, however, are necessary to allow the running of jobs.

Lowest-level resources where you can grant this role:

Table
View

bigquery.datasets.get

bigquery.datasets.getIamPolicy

bigquery.models.export

bigquery.models.getData

bigquery.models.getMetadata

bigquery.models.list

bigquery.routines.get

bigquery.routines.list

bigquery.tables.createSnapshot

bigquery.tables.export

bigquery.tables.get

bigquery.tables.getData

bigquery.tables.getIamPolicy

bigquery.tables.list

bigquery.tables.replicateData

resourcemanager.projects.get

resourcemanager.projects.list

BigQuery Filtered Data Viewer

(roles/bigquery.filteredDataViewer)

Access to view filtered table data defined by a row access policy

bigquery.rowAccessPolicies.getFilteredData

BigQuery Job User

(roles/bigquery.jobUser)

Provides permissions to run jobs, including queries, within the project.

Lowest-level resources where you can grant this role:

Project

bigquery.config.get

bigquery.jobs.create

dataform.locations.*

dataform.locations.get
dataform.locations.list

dataform.repositories.create

dataform.repositories.list

resourcemanager.projects.get

resourcemanager.projects.list

BigQuery Metadata Viewer

(roles/bigquery.metadataViewer)

When applied to a table or view, this role provides permissions to:

Read metadata from the table or view.

This role cannot be applied to individual models or routines.

When applied to a dataset, this role provides permissions to:

List tables and views in the dataset.
Read metadata from the dataset's tables and views.

When applied at the project or organization level, this role provides permissions to:

List all datasets and read metadata for all datasets in the project.
List all tables and views and read metadata for all tables and views in the project.

Additional roles are necessary to allow the running of jobs.

Lowest-level resources where you can grant this role:

Table
View

bigquery.datasets.get

bigquery.datasets.getIamPolicy

bigquery.models.getMetadata

bigquery.models.list

bigquery.routines.get

bigquery.routines.list

bigquery.tables.get

bigquery.tables.getIamPolicy

bigquery.tables.list

resourcemanager.projects.get

resourcemanager.projects.list

BigQuery Read Session User

(roles/bigquery.readSessionUser)

Provides the ability to create and use read sessions.

Lowest-level resources where you can grant this role:

Project

bigquery.readsessions.*

bigquery.readsessions.create
bigquery.readsessions.getData
bigquery.readsessions.update

resourcemanager.projects.get

resourcemanager.projects.list

BigQuery Resource Admin

(roles/bigquery.resourceAdmin)

Administers BigQuery workloads, including slot assignments, commitments, and reservations.

bigquery.bireservations.*

bigquery.bireservations.get
bigquery.bireservations.update

bigquery.capacityCommitments.*

bigquery.capacityCommitments.create
bigquery.capacityCommitments.delete
bigquery.capacityCommitments.get
bigquery.capacityCommitments.list
bigquery.capacityCommitments.update

bigquery.jobs.get

bigquery.jobs.list

bigquery.jobs.listAll

bigquery.jobs.listExecutionMetadata

bigquery.reservationAssignments.*

bigquery.reservationAssignments.create
bigquery.reservationAssignments.delete
bigquery.reservationAssignments.list
bigquery.reservationAssignments.search

bigquery.reservations.*

bigquery.reservations.create
bigquery.reservations.delete
bigquery.reservations.get
bigquery.reservations.list
bigquery.reservations.update

recommender.bigqueryCapacityCommitmentsInsights.*

recommender.bigqueryCapacityCommitmentsInsights.get
recommender.bigqueryCapacityCommitmentsInsights.list
recommender.bigqueryCapacityCommitmentsInsights.update

recommender.bigqueryCapacityCommitmentsRecommendations.*

recommender.bigqueryCapacityCommitmentsRecommendations.get
recommender.bigqueryCapacityCommitmentsRecommendations.list
recommender.bigqueryCapacityCommitmentsRecommendations.update

resourcemanager.projects.get

resourcemanager.projects.list

BigQuery Resource Editor

(roles/bigquery.resourceEditor)

Manages BigQuery workloads, but is unable to create or modify slot commitments.

bigquery.bireservations.get

bigquery.capacityCommitments.get

bigquery.capacityCommitments.list

bigquery.jobs.get

bigquery.jobs.list

bigquery.jobs.listAll

bigquery.jobs.listExecutionMetadata

bigquery.reservationAssignments.*

bigquery.reservationAssignments.create
bigquery.reservationAssignments.delete
bigquery.reservationAssignments.list
bigquery.reservationAssignments.search

bigquery.reservations.*

bigquery.reservations.create
bigquery.reservations.delete
bigquery.reservations.get
bigquery.reservations.list
bigquery.reservations.update

resourcemanager.projects.get

resourcemanager.projects.list

BigQuery Resource Viewer

(roles/bigquery.resourceViewer)

Can view BigQuery workloads, but cannot create or modify slot reservations or commitments.

bigquery.bireservations.get

bigquery.capacityCommitments.get

bigquery.capacityCommitments.list

bigquery.jobs.get

bigquery.jobs.list

bigquery.jobs.listAll

bigquery.jobs.listExecutionMetadata

bigquery.reservationAssignments.list

bigquery.reservationAssignments.search

bigquery.reservations.get

bigquery.reservations.list

resourcemanager.projects.get

resourcemanager.projects.list

BigQuery Studio Admin

(roles/bigquery.studioAdmin)

Combination role of BigQuery Admin, Dataform Admin, and Notebook Runtime Admin.

aiplatform.notebookRuntimeTemplates.apply

aiplatform.notebookRuntimeTemplates.create

aiplatform.notebookRuntimeTemplates.delete

aiplatform.notebookRuntimeTemplates.get

aiplatform.notebookRuntimeTemplates.getIamPolicy

aiplatform.notebookRuntimeTemplates.list

aiplatform.notebookRuntimeTemplates.setIamPolicy

aiplatform.notebookRuntimes.*

aiplatform.notebookRuntimes.assign
aiplatform.notebookRuntimes.delete
aiplatform.notebookRuntimes.get
aiplatform.notebookRuntimes.list
aiplatform.notebookRuntimes.start
aiplatform.notebookRuntimes.update
aiplatform.notebookRuntimes.upgrade

aiplatform.operations.list

bigquery.bireservations.*

bigquery.bireservations.get
bigquery.bireservations.update

bigquery.capacityCommitments.*

bigquery.capacityCommitments.create
bigquery.capacityCommitments.delete
bigquery.capacityCommitments.get
bigquery.capacityCommitments.list
bigquery.capacityCommitments.update

bigquery.config.*

bigquery.config.get
bigquery.config.update

bigquery.connections.*

bigquery.connections.create
bigquery.connections.delegate
bigquery.connections.delete
bigquery.connections.get
bigquery.connections.getIamPolicy
bigquery.connections.list
bigquery.connections.setIamPolicy
bigquery.connections.update
bigquery.connections.updateTag
bigquery.connections.use

bigquery.dataPolicies.create

bigquery.dataPolicies.delete

bigquery.dataPolicies.get

bigquery.dataPolicies.getIamPolicy

bigquery.dataPolicies.list

bigquery.dataPolicies.setIamPolicy

bigquery.dataPolicies.update

bigquery.datasets.*

bigquery.datasets.create
bigquery.datasets.createTagBinding
bigquery.datasets.delete
bigquery.datasets.deleteTagBinding
bigquery.datasets.get
bigquery.datasets.getIamPolicy
bigquery.datasets.link
bigquery.datasets.listEffectiveTags
bigquery.datasets.listSharedDatasetUsage
bigquery.datasets.listTagBindings
bigquery.datasets.setIamPolicy
bigquery.datasets.update
bigquery.datasets.updateTag

bigquery.jobs.*

bigquery.jobs.create
bigquery.jobs.delete
bigquery.jobs.get
bigquery.jobs.list
bigquery.jobs.listAll
bigquery.jobs.listExecutionMetadata
bigquery.jobs.update

bigquery.models.*

bigquery.models.create
bigquery.models.delete
bigquery.models.export
bigquery.models.getData
bigquery.models.getMetadata
bigquery.models.list
bigquery.models.updateData
bigquery.models.updateMetadata
bigquery.models.updateTag

bigquery.readsessions.*

bigquery.readsessions.create
bigquery.readsessions.getData
bigquery.readsessions.update

bigquery.reservationAssignments.*

bigquery.reservationAssignments.create
bigquery.reservationAssignments.delete
bigquery.reservationAssignments.list
bigquery.reservationAssignments.search

bigquery.reservations.*

bigquery.reservations.create
bigquery.reservations.delete
bigquery.reservations.get
bigquery.reservations.list
bigquery.reservations.update

bigquery.routines.*

bigquery.routines.create
bigquery.routines.delete
bigquery.routines.get
bigquery.routines.list
bigquery.routines.update
bigquery.routines.updateTag

bigquery.rowAccessPolicies.create

bigquery.rowAccessPolicies.delete

bigquery.rowAccessPolicies.getIamPolicy

bigquery.rowAccessPolicies.list

bigquery.rowAccessPolicies.overrideTimeTravelRestrictions

bigquery.rowAccessPolicies.setIamPolicy

bigquery.rowAccessPolicies.update

bigquery.savedqueries.*

bigquery.savedqueries.create
bigquery.savedqueries.delete
bigquery.savedqueries.get
bigquery.savedqueries.list
bigquery.savedqueries.update

bigquery.tables.*

bigquery.tables.create
bigquery.tables.createIndex
bigquery.tables.createSnapshot
bigquery.tables.createTagBinding
bigquery.tables.delete
bigquery.tables.deleteIndex
bigquery.tables.deleteSnapshot
bigquery.tables.deleteTagBinding
bigquery.tables.export
bigquery.tables.get
bigquery.tables.getData
bigquery.tables.getIamPolicy
bigquery.tables.list
bigquery.tables.replicateData
bigquery.tables.restoreSnapshot
bigquery.tables.setCategory
bigquery.tables.setColumnDataPolicy
bigquery.tables.setIamPolicy
bigquery.tables.update
bigquery.tables.updateData
bigquery.tables.updateTag

bigquery.transfers.*

bigquery.transfers.get
bigquery.transfers.update

bigquerymigration.translation.translate

compute.reservations.get

compute.reservations.list

dataform.*

dataform.compilationResults.create
dataform.compilationResults.get
dataform.compilationResults.list
dataform.compilationResults.query
dataform.locations.get
dataform.locations.list
dataform.releaseConfigs.create
dataform.releaseConfigs.delete
dataform.releaseConfigs.get
dataform.releaseConfigs.list
dataform.releaseConfigs.update
dataform.repositories.commit
dataform.repositories.computeAccessTokenStatus
dataform.repositories.create
dataform.repositories.delete
dataform.repositories.fetchHistory
dataform.repositories.fetchRemoteBranches
dataform.repositories.get
dataform.repositories.getIamPolicy
dataform.repositories.list
dataform.repositories.queryDirectoryContents
dataform.repositories.readFile
dataform.repositories.setIamPolicy
dataform.repositories.update
dataform.workflowConfigs.create
dataform.workflowConfigs.delete
dataform.workflowConfigs.get
dataform.workflowConfigs.list
dataform.workflowConfigs.update
dataform.workflowInvocations.cancel
dataform.workflowInvocations.create
dataform.workflowInvocations.delete
dataform.workflowInvocations.get
dataform.workflowInvocations.list
dataform.workflowInvocations.query
dataform.workspaces.commit
dataform.workspaces.create
dataform.workspaces.delete
dataform.workspaces.fetchFileDiff
dataform.workspaces.fetchFileGitStatuses
dataform.workspaces.fetchGitAheadBehind
dataform.workspaces.get
dataform.workspaces.getIamPolicy
dataform.workspaces.installNpmPackages
dataform.workspaces.list
dataform.workspaces.makeDirectory
dataform.workspaces.moveDirectory
dataform.workspaces.moveFile
dataform.workspaces.pull
dataform.workspaces.push
dataform.workspaces.queryDirectoryContents
dataform.workspaces.readFile
dataform.workspaces.removeDirectory
dataform.workspaces.removeFile
dataform.workspaces.reset
dataform.workspaces.searchFiles
dataform.workspaces.setIamPolicy
dataform.workspaces.writeFile

resourcemanager.projects.get

resourcemanager.projects.list

BigQuery Studio User

(roles/bigquery.studioUser)

Combination role of BigQuery Job User, BigQuery Read Session User, Dataform Code Creator, and Notebook Runtime User.

aiplatform.notebookRuntimeTemplates.apply

aiplatform.notebookRuntimeTemplates.get

aiplatform.notebookRuntimeTemplates.getIamPolicy

aiplatform.notebookRuntimeTemplates.list

aiplatform.notebookRuntimes.assign

aiplatform.notebookRuntimes.get

aiplatform.notebookRuntimes.list

aiplatform.operations.list

bigquery.config.get

bigquery.jobs.create

bigquery.readsessions.*

bigquery.readsessions.create
bigquery.readsessions.getData
bigquery.readsessions.update

dataform.locations.*

dataform.locations.get
dataform.locations.list

dataform.repositories.create

dataform.repositories.list

resourcemanager.projects.get

resourcemanager.projects.list

BigQuery User

(roles/bigquery.user)

When applied to a dataset, this role provides the ability to read the dataset's metadata and list tables in the dataset.

When applied to a project, this role also provides the ability to run jobs, including queries, within the project. A principal with this role can enumerate their own jobs, cancel their own jobs, and enumerate datasets within a project. Additionally, allows the creation of new datasets within the project; the creator is granted the BigQuery Data Owner role (roles/bigquery.dataOwner) on these new datasets.

Lowest-level resources where you can grant this role:

Dataset

bigquery.bireservations.get

bigquery.capacityCommitments.get

bigquery.capacityCommitments.list

bigquery.config.get

bigquery.datasets.create

bigquery.datasets.get

bigquery.datasets.getIamPolicy

bigquery.jobs.create

bigquery.jobs.list

bigquery.models.list

bigquery.readsessions.*

bigquery.readsessions.create
bigquery.readsessions.getData
bigquery.readsessions.update

bigquery.reservationAssignments.list

bigquery.reservationAssignments.search

bigquery.reservations.get

bigquery.reservations.list

bigquery.routines.list

bigquery.savedqueries.get

bigquery.savedqueries.list

bigquery.tables.list

bigquery.transfers.get

bigquerymigration.translation.translate

dataform.locations.*

dataform.locations.get
dataform.locations.list

dataform.repositories.create

dataform.repositories.list

resourcemanager.projects.get

resourcemanager.projects.list

Masked Reader

(roles/bigquerydatapolicy.maskedReader)

Masked read access to sub-resources tagged by the policy tag associated with a data policy, for example, BigQuery columns

bigquery.dataPolicies.maskedGet

커스텀 역할

사전 정의된 역할에 더해 BigQuery Data Transfer Service도 커스텀 역할도 지원합니다. 자세한 내용은 IAM 문서의 커스텀 역할 만들기 및 관리를 참조하세요.