Grant Dataform access to BigQuery

Stay organized with collections Save and categorize content based on your preferences.
This document shows you how to grant your Dataform service account the Identity and Access Management (IAM) roles required to execute workflows in BigQuery.

About the Dataform service account and required roles

When you create your first Dataform repository, Dataform automatically generates a service account. Dataform uses the service account to interact with BigQuery on your behalf.

Your Dataform service account ID is in the following format:

service-YOUR_PROJECT_NUMBER@gcp-sa-dataform.iam.gserviceaccount.com

Replace YOUR_PROJECT_NUMBER with the numeral ID of your Google Cloud project. You can find your Google Cloud project ID in the Google Cloud console dashboard. For more information, see Identifying projects.

The Dataform service account requires the following BigQuery IAM roles to be able to execute workflows in BigQuery:

  • BigQuery Data Editor on projects to which Dataform needs both read and write access. They usually include the project hosting your Dataform repository.
  • BigQuery Data Viewer on projects to which Dataform needs read only access.
  • BigQuery Job User on the project hosting your Dataform repository.

Before you begin

  1. In the Google Cloud console, go to the Dataform page.

    Go to the Dataform page

  2. Select or create a repository.

Grant your Dataform service account the required BigQuery roles

To grant the Dataform service account the roles required to execute workflows in BigQuery, follow these steps:

  1. In the Google Cloud console, go to the IAM page.

    Go to the IAM page

  2. Click Add.

  3. In the New principals field, enter your Dataform service account ID.

  4. In the Select a role drop-down list, select the BigQuery Job User role.

  5. Click Add another role, and then in the Select a role drop-down list, select the BigQuery Data Editor role.

  6. Click Add another role, and then in the Select a role drop-down list, select the BigQuery Data Viewer role.

  7. Click Save.

What's next