Bigtable OAuth scopes

This page lists the OAuth scopes that enable other Google Cloud resources to connect to Cloud Bigtable.

Service accounts are recommended for authentication with Bigtable, whether you are developing locally or writing a production application.

However, some Google Cloud products, such as Compute Engine and Dataflow, have the ability to connect to Bigtable by letting you specify OAuth scopes. To make this work, you need to specify the appropriate OAuth scopes when you create resources such as Compute Engine virtual machine instances. Be sure to enable access to Bigtable when you create your resource.

When you set up your resources for a Google Cloud product, choose the most restrictive scopes that will support your application's requirements. You cannot change the scopes after you create a resource.

Bigtable supports the following scopes:

Scope URI for gcloud Description
https://www.googleapis.com/auth/bigtable.admin Alias for both bigtable.admin.instance and bigtable.admin.table.
https://www.googleapis.com/auth/bigtable.admin.instance Enables creation and management of Bigtable instances and clusters.
https://www.googleapis.com/auth/bigtable.admin.table Enables creation and management of Bigtable tables and their column families.
https://www.googleapis.com/auth/bigtable.data Enables read and write access to data stored in Bigtable tables.
https://www.googleapis.com/auth/bigtable.data.readonly Enables read-only access to data stored in Bigtable tables.
https://www.googleapis.com/auth/cloud-bigtable.data Enables read and write access to data stored in Bigtable tables.
https://www.googleapis.com/auth/cloud-bigtable.data.readonly Enables read-only access to data stored in Bigtable tables.
https://www.googleapis.com/auth/cloud-platform Enables full access to all Google Cloud products, including Bigtable.
https://www.googleapis.com/auth/cloud-platform.readonly Enables read-only access to all Google Cloud products, including Bigtable.