Dataplex IAM permissions

Dataplex permissions allow users to perform specific actions on Dataplex services, resources, and operations. For example, the dataplex.lake.create permission allows a user to create Dataplex lakes in your project. You don't directly give users permissions; instead, you grant them roles, which have one or more permissions bundled within them.

This document focuses on the IAM permissions relevant to Dataplex.

Before you begin

Read the IAM documentation.

Dataplex permissions

The following tables list the permissions necessary to call Dataplex API methods.

IAM Set and Get policy permissions

API Method IAM Permission
GetIamPolicy dataplex.lakes.getIamPolicy
SetIamPolicy dataplex.lakes.setIamPolicy

Lake, zone, and asset permissions

API Method IAM Permission
CreateLake dataplex.lakes.create
UpdateLake dataplex.lakes.update
DeleteLake dataplex.lakes.delete
ListLakes dataplex.lakes.list
GetLake dataplex.lakes.get
ListLakeActions dataplex.lakeActions.list
CreateZone dataplex.zones.create
UpdateZone dataplex.zones.update
DeleteZone dataplex.zones.delete
ListZones dataplex.zones.list
GetZone dataplex.zones.get
ListZoneActions dataplex.zoneActions.list
CreateAsset dataplex.assets.create
UpdateAsset dataplex.assets.update
DeleteAsset dataplex.assets.delete
ListAssets dataplex.assets.list
GetAsset dataplex.assets.get
ListAssetActions dataplex.assetActions.list

Task permissions

API Method IAM Permission
CreateTask dataplex.tasks.create
UpdateTask dataplex.tasks.update
DeleteTask dataplex.tasks.delete
ListTasks dataplex.tasks.list
GetTask dataplex.tasks.get
ListJobs dataplex.tasks.get
GetJob dataplex.tasks.get
CancelJob dataplex.tasks.cancel

Environment permissions

API Method IAM Permission
CreateEnvironment dataplex.environments.create
UpdateEnvironment dataplex.environments.update
DeleteEnvironment dataplex.environments.delete
ListEnvironments dataplex.environments.list
GetEnvironment dataplex.environments.get
CreateContent dataplex.content.create
UpdateContent dataplex.content.update
DeleteContent dataplex.content.delete
ListContent dataplex.content.list
GetContent dataplex.content.get
ListSessions dataplex.environments.get

Metadata permissions

API Method IAM Permission
CreateEntity dataplex.entities.create
UpdateEntity dataplex.entities.update
DeleteEntity dataplex.entities.delete
GetEntity dataplex.entities.get
ListEntities dataplex.entities.list
CreatePartition dataplex.partitions.create
UpdatePartition dataplex.partitions.update
DeletePartition dataplex.partitions.delete
GetPartition dataplex.partitions.get
ListPartitions dataplex.partitions.list

DataScan permissions

API Method IAM Permission
CreateDataScan dataplex.datascans.create
UpdateDataScan dataplex.datascans.update
DeleteDataScan dataplex.datascans.delete
ListDataScans dataplex.datascans.list
GetDataScan (basic view) dataplex.datascans.get
GetDataScan (full view) dataplex.datascans.getData
ListDataScanJobs dataplex.datascans.get
GetDataScanJob (basic view) dataplex.datascans.get
GetDataScanJob (full view) dataplex.datascans.getData
RunDataScan dataplex.datascans.run

What's next