Cette page a été traduite par l'API Cloud Translation.

Rôles IAM de Dataplex

Dataplex définit plusieurs rôles de gestion de l'authentification et des accès (IAM). Chaque rôle prédéfini contient un ensemble d'autorisations IAM qui permettent aux comptes principaux d'effectuer certaines actions. Vous pouvez utiliser une stratégie IAM pour attribuer un ou plusieurs rôles IAM à un compte principal.

Cloud Identity and Access Management (IAM) permet également de créer des rôles IAM personnalisés. Vous pouvez créer des rôles IAM personnalisés et leur attribuer une ou plusieurs autorisations. Ensuite, vous pouvez accorder le nouveau rôle à vos comptes principaux. Pour créer un modèle de contrôle des accès correspondant directement à vos besoins, utilisez des rôles personnalisés qui viendront s'ajouter aux rôles prédéfinis disponibles.

Ce document porte sur les rôles IAM pertinents pour Dataplex.

Avant de commencer

Consultez la documentation IAM.

Rôles Dataplex

Les rôles Dataplex (Identity and Access Management) (IAM) sont un ensemble d'une ou plusieurs autorisations. Vous attribuez des rôles aux comptes principaux pour leur permettre d'effectuer des actions sur les ressources Dataplex de votre projet. Par exemple, le rôle Lecteur Dataplex contient les autorisations dataplex.*.get et dataplex.*.list, qui permettent à un utilisateur d'obtenir et de répertorier les ressources Dataplex d'un projet.

Les rôles Dataplex peuvent être appliqués à toutes les ressources de la hiérarchie des services, y compris les projets, les lacs et les zones de données.

Rôles de base

Vous pouvez attribuer des rôles de base au niveau du projet à l'aide des rôles IAM Projet. Voici un récapitulatif des autorisations associées à ces rôles :

Rôle de projet	Autorisations
Propriétaire du projet	Toutes les autorisations de l'éditeur de projet, ainsi que celles permettant de gérer le contrôle d'accès au projet (get / set IamPolicy) et de configurer la facturation du projet
Éditeur de projet	Toutes les autorisations lecteur de projet, ainsi que toutes les autorisations de projet pour les actions qui modifient l'état (créer, supprimer, mettre à jour, utiliser)
Lecteur de projets	Toutes les autorisations de projet pour les actions en lecture seule préservant l'état (get, list)

Rôles prédéfinis

Les rôles prédéfinis contiennent les autorisations nécessaires pour effectuer une tâche ou un groupe de tâches associées.

Veuillez noter les points suivants :

Les rôles Administrateur Dataplex, Éditeur Dataplex et Lecteur Dataplex ne donnent pas accès aux ressources du catalogue Dataplex.
Aucun rôle n'accorde l'autorisation d'ajouter ou de supprimer des entrées de catalogue Dataplex dans les groupes d'entrées définis par le système, tels que @bigquery et @dataplex.
Le rôle "Propriétaire de l'entrée Dataplex" inclut les éléments suivants :
- Accorde un accès complet aux opérations liées aux entrées.
- Accorde les autorisations nécessaires pour ajouter des aspects de certains types d'aspects système, tels que Schema, Generic, Overview et Contacts.
- Accorde les autorisations nécessaires pour créer des entrées de type GenericEntry.
- Ce rôle vous permet de créer une entrée avec un type d'entrée et un type d'aspect, où le type d'entrée et le type d'aspect sont définis dans le même projet que l'entrée. Sinon, des rôles supplémentaires "Utilisateur du type d'entrée Dataplex" et "Utilisateur du type d'aspect Dataplex" doivent être accordés sur les projets dans lesquels le type d'entrée et le type d'aspect sont définis.
- Lorsque vous utilisez les méthodes LookupEntry ou SearchEntries, ce rôle n'accorde pas d'autorisation pour lire les entrées créées à partir de ressources Google Cloud en dehors de Dataplex, telles que les entrées BigQuery. Pour lire ces entrées, vous devez disposer d'autorisations sur les ressources système source. Vous pouvez également lire les entrées avec le rôle de propriétaire d'entrée Dataplex uniquement à l'aide de la méthode GetEntry.

Le tableau suivant répertorie les rôles prédéfinis dans Dataplex et les autorisations associées à chacun d'eux.

Role Permissions

Role	Permissions
Dataplex Administrator (`roles/dataplex.admin`) Full access to Dataplex resources, except Dataplex Catalog.	`cloudasset.assets.analyzeIamPolicy` `cloudasset.assets.searchAllIamPolicies` `cloudasset.assets.searchAllResources` `dataplex.assetActions.list` `dataplex.assets.create` `dataplex.assets.delete` `dataplex.assets.get` `dataplex.assets.getIamPolicy` `dataplex.assets.list` `dataplex.assets.setIamPolicy` `dataplex.assets.update` `dataplex.content.` `dataplex.content.create` `dataplex.content.delete` `dataplex.content.get` `dataplex.content.getIamPolicy` `dataplex.content.list` `dataplex.content.setIamPolicy` `dataplex.content.update` `dataplex.dataAttributeBindings.` `dataplex.dataAttributeBindings.create` `dataplex.dataAttributeBindings.delete` `dataplex.dataAttributeBindings.get` `dataplex.dataAttributeBindings.getIamPolicy` `dataplex.dataAttributeBindings.list` `dataplex.dataAttributeBindings.setIamPolicy` `dataplex.dataAttributeBindings.update` `dataplex.dataAttributes.` `dataplex.dataAttributes.bind` `dataplex.dataAttributes.create` `dataplex.dataAttributes.delete` `dataplex.dataAttributes.get` `dataplex.dataAttributes.getIamPolicy` `dataplex.dataAttributes.list` `dataplex.dataAttributes.setIamPolicy` `dataplex.dataAttributes.update` `dataplex.dataTaxonomies.` `dataplex.dataTaxonomies.configureDataAccess` `dataplex.dataTaxonomies.configureResourceAccess` `dataplex.dataTaxonomies.create` `dataplex.dataTaxonomies.delete` `dataplex.dataTaxonomies.get` `dataplex.dataTaxonomies.getIamPolicy` `dataplex.dataTaxonomies.list` `dataplex.dataTaxonomies.setIamPolicy` `dataplex.dataTaxonomies.update` `dataplex.datascans.` `dataplex.datascans.create` `dataplex.datascans.delete` `dataplex.datascans.get` `dataplex.datascans.getData` `dataplex.datascans.getIamPolicy` `dataplex.datascans.list` `dataplex.datascans.run` `dataplex.datascans.setIamPolicy` `dataplex.datascans.update` `dataplex.entities.` `dataplex.entities.create` `dataplex.entities.delete` `dataplex.entities.get` `dataplex.entities.list` `dataplex.entities.update` `dataplex.environments.` `dataplex.environments.create` `dataplex.environments.delete` `dataplex.environments.execute` `dataplex.environments.get` `dataplex.environments.getIamPolicy` `dataplex.environments.list` `dataplex.environments.setIamPolicy` `dataplex.environments.update` `dataplex.lakeActions.list` `dataplex.lakes.` `dataplex.lakes.create` `dataplex.lakes.delete` `dataplex.lakes.get` `dataplex.lakes.getIamPolicy` `dataplex.lakes.list` `dataplex.lakes.setIamPolicy` `dataplex.lakes.update` `dataplex.locations.` `dataplex.locations.get` `dataplex.locations.list` `dataplex.operations.` `dataplex.operations.cancel` `dataplex.operations.delete` `dataplex.operations.get` `dataplex.operations.list` `dataplex.partitions.` `dataplex.partitions.create` `dataplex.partitions.delete` `dataplex.partitions.get` `dataplex.partitions.list` `dataplex.partitions.update` `dataplex.tasks.` `dataplex.tasks.cancel` `dataplex.tasks.create` `dataplex.tasks.delete` `dataplex.tasks.get` `dataplex.tasks.getIamPolicy` `dataplex.tasks.list` `dataplex.tasks.run` `dataplex.tasks.setIamPolicy` `dataplex.tasks.update` `dataplex.zoneActions.list` `dataplex.zones.*` `dataplex.zones.create` `dataplex.zones.delete` `dataplex.zones.get` `dataplex.zones.getIamPolicy` `dataplex.zones.list` `dataplex.zones.setIamPolicy` `dataplex.zones.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Aspect Type Owner (`roles/dataplex.aspectTypeOwner`) Grants access to creating and managing Aspect Types. Does not give the right to create/modify Entries.	`dataplex.aspectTypes.*` `dataplex.aspectTypes.create` `dataplex.aspectTypes.delete` `dataplex.aspectTypes.get` `dataplex.aspectTypes.getIamPolicy` `dataplex.aspectTypes.list` `dataplex.aspectTypes.setIamPolicy` `dataplex.aspectTypes.update` `dataplex.aspectTypes.use` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Aspect Type User (`roles/dataplex.aspectTypeUser`) Grants access to use Aspect Types to create/modify Entries with the corresponding aspects.	`dataplex.aspectTypes.get` `dataplex.aspectTypes.list` `dataplex.aspectTypes.use` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Binding Administrator (`roles/dataplex.bindingAdmin`) Full access on DataAttribute Bindig resources.	`dataplex.dataAttributeBindings.*` `dataplex.dataAttributeBindings.create` `dataplex.dataAttributeBindings.delete` `dataplex.dataAttributeBindings.get` `dataplex.dataAttributeBindings.getIamPolicy` `dataplex.dataAttributeBindings.list` `dataplex.dataAttributeBindings.setIamPolicy` `dataplex.dataAttributeBindings.update`
Dataplex Catalog Admin (`roles/dataplex.catalogAdmin`) Has full access to Catalog resources: Entry Groups, Entry Types, Aspect Types and Entries.	`dataplex.aspectTypes.` `dataplex.aspectTypes.create` `dataplex.aspectTypes.delete` `dataplex.aspectTypes.get` `dataplex.aspectTypes.getIamPolicy` `dataplex.aspectTypes.list` `dataplex.aspectTypes.setIamPolicy` `dataplex.aspectTypes.update` `dataplex.aspectTypes.use` `dataplex.entries.` `dataplex.entries.create` `dataplex.entries.delete` `dataplex.entries.get` `dataplex.entries.list` `dataplex.entries.update` `dataplex.entryGroups.` `dataplex.entryGroups.create` `dataplex.entryGroups.delete` `dataplex.entryGroups.get` `dataplex.entryGroups.getIamPolicy` `dataplex.entryGroups.list` `dataplex.entryGroups.setIamPolicy` `dataplex.entryGroups.update` `dataplex.entryGroups.useContactsAspect` `dataplex.entryGroups.useGenericAspect` `dataplex.entryGroups.useGenericEntry` `dataplex.entryGroups.useOverviewAspect` `dataplex.entryGroups.useSchemaAspect` `dataplex.entryTypes.` `dataplex.entryTypes.create` `dataplex.entryTypes.delete` `dataplex.entryTypes.get` `dataplex.entryTypes.getIamPolicy` `dataplex.entryTypes.list` `dataplex.entryTypes.setIamPolicy` `dataplex.entryTypes.update` `dataplex.entryTypes.use` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Catalog Editor (`roles/dataplex.catalogEditor`) Has write access to Catalog resources: Entry Groups, Entry Types, Aspect Types and Entries. Cannot set IAM policies on resources	`dataplex.aspectTypes.create` `dataplex.aspectTypes.delete` `dataplex.aspectTypes.get` `dataplex.aspectTypes.getIamPolicy` `dataplex.aspectTypes.list` `dataplex.aspectTypes.update` `dataplex.aspectTypes.use` `dataplex.entries.*` `dataplex.entries.create` `dataplex.entries.delete` `dataplex.entries.get` `dataplex.entries.list` `dataplex.entries.update` `dataplex.entryGroups.create` `dataplex.entryGroups.delete` `dataplex.entryGroups.get` `dataplex.entryGroups.getIamPolicy` `dataplex.entryGroups.list` `dataplex.entryGroups.update` `dataplex.entryGroups.useContactsAspect` `dataplex.entryGroups.useGenericAspect` `dataplex.entryGroups.useGenericEntry` `dataplex.entryGroups.useOverviewAspect` `dataplex.entryGroups.useSchemaAspect` `dataplex.entryTypes.create` `dataplex.entryTypes.delete` `dataplex.entryTypes.get` `dataplex.entryTypes.getIamPolicy` `dataplex.entryTypes.list` `dataplex.entryTypes.update` `dataplex.entryTypes.use` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Catalog Viewer (`roles/dataplex.catalogViewer`) Has read access to Catalog resources: Entry Groups, Entry Types, Aspect Types and Entries. Can view IAM policies on Catalog resources.	`dataplex.aspectTypes.get` `dataplex.aspectTypes.getIamPolicy` `dataplex.aspectTypes.list` `dataplex.entries.get` `dataplex.entries.list` `dataplex.entryGroups.get` `dataplex.entryGroups.getIamPolicy` `dataplex.entryGroups.list` `dataplex.entryTypes.get` `dataplex.entryTypes.getIamPolicy` `dataplex.entryTypes.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Data Owner (`roles/dataplex.dataOwner`) Owner access to data. To be granted to Dataplex resources Lake, Zone or Asset only.	`dataplex.assets.ownData` `dataplex.assets.readData` `dataplex.assets.writeData`
Dataplex Data Reader (`roles/dataplex.dataReader`) Read only access to data. To be granted to Dataplex resources Lake, Zone or Asset only.	`dataplex.assets.readData`
Dataplex DataScan Administrator (`roles/dataplex.dataScanAdmin`) Full access to DataScan resources.	`dataplex.datascans.*` `dataplex.datascans.create` `dataplex.datascans.delete` `dataplex.datascans.get` `dataplex.datascans.getData` `dataplex.datascans.getIamPolicy` `dataplex.datascans.list` `dataplex.datascans.run` `dataplex.datascans.setIamPolicy` `dataplex.datascans.update` `dataplex.operations.get` `dataplex.operations.list`
Dataplex DataScan Creator (`roles/dataplex.dataScanCreator`) Access to create new DataScan resources.	`dataplex.datascans.create` `dataplex.datascans.get` `dataplex.datascans.list` `dataplex.operations.get`
Dataplex DataScan DataViewer (`roles/dataplex.dataScanDataViewer`) Read access to DataScan resources and additional contents.	`dataplex.datascans.get` `dataplex.datascans.getData` `dataplex.datascans.getIamPolicy` `dataplex.datascans.list`
Dataplex DataScan Editor (`roles/dataplex.dataScanEditor`) Write access to DataScan resources.	`dataplex.datascans.create` `dataplex.datascans.delete` `dataplex.datascans.get` `dataplex.datascans.getData` `dataplex.datascans.getIamPolicy` `dataplex.datascans.list` `dataplex.datascans.run` `dataplex.datascans.update` `dataplex.operations.get` `dataplex.operations.list`
Dataplex DataScan Viewer (`roles/dataplex.dataScanViewer`) Read access to DataScan resources.	`dataplex.datascans.get` `dataplex.datascans.getIamPolicy` `dataplex.datascans.list`
Dataplex Data Writer (`roles/dataplex.dataWriter`) Write access to data. To be granted to Dataplex resources Lake, Zone or Asset only.	`dataplex.assets.writeData`
Dataplex Developer (`roles/dataplex.developer`) Allows running data analytics workloads in a lake.	`dataplex.content.*` `dataplex.content.create` `dataplex.content.delete` `dataplex.content.get` `dataplex.content.getIamPolicy` `dataplex.content.list` `dataplex.content.setIamPolicy` `dataplex.content.update` `dataplex.environments.execute` `dataplex.environments.get` `dataplex.environments.list` `dataplex.tasks.cancel` `dataplex.tasks.create` `dataplex.tasks.delete` `dataplex.tasks.get` `dataplex.tasks.list` `dataplex.tasks.run` `dataplex.tasks.update`
Dataplex Editor (`roles/dataplex.editor`) Write access to Dataplex resources.	`cloudasset.assets.analyzeIamPolicy` `dataplex.assetActions.list` `dataplex.assets.create` `dataplex.assets.delete` `dataplex.assets.get` `dataplex.assets.getIamPolicy` `dataplex.assets.list` `dataplex.assets.update` `dataplex.content.delete` `dataplex.content.get` `dataplex.content.getIamPolicy` `dataplex.content.list` `dataplex.dataAttributeBindings.create` `dataplex.dataAttributeBindings.delete` `dataplex.dataAttributeBindings.get` `dataplex.dataAttributeBindings.getIamPolicy` `dataplex.dataAttributeBindings.list` `dataplex.dataAttributeBindings.update` `dataplex.dataAttributes.bind` `dataplex.dataAttributes.create` `dataplex.dataAttributes.delete` `dataplex.dataAttributes.get` `dataplex.dataAttributes.getIamPolicy` `dataplex.dataAttributes.list` `dataplex.dataAttributes.update` `dataplex.dataTaxonomies.configureDataAccess` `dataplex.dataTaxonomies.configureResourceAccess` `dataplex.dataTaxonomies.create` `dataplex.dataTaxonomies.delete` `dataplex.dataTaxonomies.get` `dataplex.dataTaxonomies.getIamPolicy` `dataplex.dataTaxonomies.list` `dataplex.dataTaxonomies.update` `dataplex.datascans.create` `dataplex.datascans.delete` `dataplex.datascans.get` `dataplex.datascans.getIamPolicy` `dataplex.datascans.list` `dataplex.datascans.run` `dataplex.datascans.update` `dataplex.environments.create` `dataplex.environments.delete` `dataplex.environments.get` `dataplex.environments.getIamPolicy` `dataplex.environments.list` `dataplex.environments.update` `dataplex.lakeActions.list` `dataplex.lakes.create` `dataplex.lakes.delete` `dataplex.lakes.get` `dataplex.lakes.getIamPolicy` `dataplex.lakes.list` `dataplex.lakes.update` `dataplex.operations.*` `dataplex.operations.cancel` `dataplex.operations.delete` `dataplex.operations.get` `dataplex.operations.list` `dataplex.tasks.cancel` `dataplex.tasks.create` `dataplex.tasks.delete` `dataplex.tasks.get` `dataplex.tasks.getIamPolicy` `dataplex.tasks.list` `dataplex.tasks.run` `dataplex.tasks.update` `dataplex.zoneActions.list` `dataplex.zones.create` `dataplex.zones.delete` `dataplex.zones.get` `dataplex.zones.getIamPolicy` `dataplex.zones.list` `dataplex.zones.update`
Dataplex Entry Group Owner (`roles/dataplex.entryGroupOwner`) Owns Entry Groups and Entries inside of them.	`dataplex.aspectTypes.get` `dataplex.aspectTypes.list` `dataplex.aspectTypes.use` `dataplex.entries.` `dataplex.entries.create` `dataplex.entries.delete` `dataplex.entries.get` `dataplex.entries.list` `dataplex.entries.update` `dataplex.entryGroups.` `dataplex.entryGroups.create` `dataplex.entryGroups.delete` `dataplex.entryGroups.get` `dataplex.entryGroups.getIamPolicy` `dataplex.entryGroups.list` `dataplex.entryGroups.setIamPolicy` `dataplex.entryGroups.update` `dataplex.entryGroups.useContactsAspect` `dataplex.entryGroups.useGenericAspect` `dataplex.entryGroups.useGenericEntry` `dataplex.entryGroups.useOverviewAspect` `dataplex.entryGroups.useSchemaAspect` `dataplex.entryTypes.get` `dataplex.entryTypes.list` `dataplex.entryTypes.use` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Entry Owner (`roles/dataplex.entryOwner`) Owns Metadata Entries.	`dataplex.aspectTypes.get` `dataplex.aspectTypes.list` `dataplex.aspectTypes.use` `dataplex.entries.*` `dataplex.entries.create` `dataplex.entries.delete` `dataplex.entries.get` `dataplex.entries.list` `dataplex.entries.update` `dataplex.entryGroups.get` `dataplex.entryGroups.useContactsAspect` `dataplex.entryGroups.useGenericAspect` `dataplex.entryGroups.useGenericEntry` `dataplex.entryGroups.useOverviewAspect` `dataplex.entryGroups.useSchemaAspect` `dataplex.entryTypes.get` `dataplex.entryTypes.list` `dataplex.entryTypes.use` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Entry Type Owner (`roles/dataplex.entryTypeOwner`) Grants access to creating and managing Entry Types. Does not give the right to create/modify Entries.	`dataplex.entryTypes.*` `dataplex.entryTypes.create` `dataplex.entryTypes.delete` `dataplex.entryTypes.get` `dataplex.entryTypes.getIamPolicy` `dataplex.entryTypes.list` `dataplex.entryTypes.setIamPolicy` `dataplex.entryTypes.update` `dataplex.entryTypes.use` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Entry Type User (`roles/dataplex.entryTypeUser`) Grants access to use Entry Types to create/modify Entries of those types.	`dataplex.entryTypes.get` `dataplex.entryTypes.list` `dataplex.entryTypes.use` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Metadata Reader (`roles/dataplex.metadataReader`) Read only access to metadata.	`dataplex.assets.get` `dataplex.assets.list` `dataplex.entities.get` `dataplex.entities.list` `dataplex.partitions.get` `dataplex.partitions.list` `dataplex.zones.get` `dataplex.zones.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Metadata Writer (`roles/dataplex.metadataWriter`) Write and Read access to metadata.	`dataplex.assets.get` `dataplex.assets.list` `dataplex.entities.` `dataplex.entities.create` `dataplex.entities.delete` `dataplex.entities.get` `dataplex.entities.list` `dataplex.entities.update` `dataplex.partitions.` `dataplex.partitions.create` `dataplex.partitions.delete` `dataplex.partitions.get` `dataplex.partitions.list` `dataplex.partitions.update` `dataplex.zones.get` `dataplex.zones.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Security Administrator (`roles/dataplex.securityAdmin`) Permissions configure ResourceAccess and DataAccess Specs on Data Attributes.	`dataplex.dataTaxonomies.configureDataAccess` `dataplex.dataTaxonomies.configureResourceAccess`
Dataplex Storage Data Owner (`roles/dataplex.storageDataOwner`) Owner access to data. Should not be used directly. This role is granted by Dataplex to managed resources like Cloud Storage buckets, BigQuery datasets etc.	`bigquery.datasets.get` `bigquery.models.create` `bigquery.models.delete` `bigquery.models.export` `bigquery.models.getData` `bigquery.models.getMetadata` `bigquery.models.list` `bigquery.models.updateData` `bigquery.models.updateMetadata` `bigquery.routines.create` `bigquery.routines.delete` `bigquery.routines.get` `bigquery.routines.list` `bigquery.routines.update` `bigquery.tables.create` `bigquery.tables.createSnapshot` `bigquery.tables.delete` `bigquery.tables.deleteSnapshot` `bigquery.tables.export` `bigquery.tables.get` `bigquery.tables.getData` `bigquery.tables.list` `bigquery.tables.restoreSnapshot` `bigquery.tables.update` `bigquery.tables.updateData` `storage.buckets.get` `storage.objects.create` `storage.objects.delete` `storage.objects.get` `storage.objects.list` `storage.objects.update`
Dataplex Storage Data Reader (`roles/dataplex.storageDataReader`) Read only access to data. Should not be used directly. This role is granted by Dataplex to managed resources like Cloud Storage buckets, BigQuery datasets etc.	`bigquery.datasets.get` `bigquery.models.export` `bigquery.models.getData` `bigquery.models.getMetadata` `bigquery.models.list` `bigquery.routines.get` `bigquery.routines.list` `bigquery.tables.export` `bigquery.tables.get` `bigquery.tables.getData` `bigquery.tables.list` `storage.buckets.get` `storage.objects.get` `storage.objects.list`
Dataplex Storage Data Writer (`roles/dataplex.storageDataWriter`) Write access to data. Should not be used directly. This role is granted by Dataplex to managed resources like Cloud Storage buckets, BigQuery datasets etc.	`bigquery.tables.updateData` `storage.objects.create` `storage.objects.delete` `storage.objects.update`
Dataplex Taxonomy Administrator (`roles/dataplex.taxonomyAdmin`) Full access to DataTaxonomy, DataAttribute resources.	`dataplex.dataAttributes.*` `dataplex.dataAttributes.bind` `dataplex.dataAttributes.create` `dataplex.dataAttributes.delete` `dataplex.dataAttributes.get` `dataplex.dataAttributes.getIamPolicy` `dataplex.dataAttributes.list` `dataplex.dataAttributes.setIamPolicy` `dataplex.dataAttributes.update` `dataplex.dataTaxonomies.create` `dataplex.dataTaxonomies.delete` `dataplex.dataTaxonomies.get` `dataplex.dataTaxonomies.getIamPolicy` `dataplex.dataTaxonomies.list` `dataplex.dataTaxonomies.setIamPolicy` `dataplex.dataTaxonomies.update`
Dataplex Taxonomy Viewer (`roles/dataplex.taxonomyViewer`) Read access on DataTaxonomy, DataAttribute resources.	`dataplex.dataAttributes.get` `dataplex.dataAttributes.getIamPolicy` `dataplex.dataAttributes.list` `dataplex.dataTaxonomies.get` `dataplex.dataTaxonomies.getIamPolicy` `dataplex.dataTaxonomies.list`
Dataplex Viewer (`roles/dataplex.viewer`) Read access to Dataplex resources.	`cloudasset.assets.analyzeIamPolicy` `dataplex.assetActions.list` `dataplex.assets.get` `dataplex.assets.getIamPolicy` `dataplex.assets.list` `dataplex.content.get` `dataplex.content.getIamPolicy` `dataplex.content.list` `dataplex.dataAttributeBindings.get` `dataplex.dataAttributeBindings.getIamPolicy` `dataplex.dataAttributeBindings.list` `dataplex.dataAttributes.get` `dataplex.dataAttributes.getIamPolicy` `dataplex.dataAttributes.list` `dataplex.dataTaxonomies.get` `dataplex.dataTaxonomies.getIamPolicy` `dataplex.dataTaxonomies.list` `dataplex.datascans.get` `dataplex.datascans.getIamPolicy` `dataplex.datascans.list` `dataplex.environments.get` `dataplex.environments.getIamPolicy` `dataplex.environments.list` `dataplex.lakeActions.list` `dataplex.lakes.get` `dataplex.lakes.getIamPolicy` `dataplex.lakes.list` `dataplex.operations.get` `dataplex.operations.list` `dataplex.tasks.get` `dataplex.tasks.getIamPolicy` `dataplex.tasks.list` `dataplex.zoneActions.list` `dataplex.zones.get` `dataplex.zones.getIamPolicy` `dataplex.zones.list`

Dataplex Administrator

(roles/dataplex.admin)

Full access to Dataplex resources, except Dataplex Catalog.

cloudasset.assets.analyzeIamPolicy

cloudasset.assets.searchAllIamPolicies

cloudasset.assets.searchAllResources

dataplex.assetActions.list

dataplex.assets.create

dataplex.assets.delete

dataplex.assets.get

dataplex.assets.getIamPolicy

dataplex.assets.list

dataplex.assets.setIamPolicy

dataplex.assets.update

dataplex.content.*

dataplex.content.create
dataplex.content.delete
dataplex.content.get
dataplex.content.getIamPolicy
dataplex.content.list
dataplex.content.setIamPolicy
dataplex.content.update

dataplex.dataAttributeBindings.*

dataplex.dataAttributeBindings.create
dataplex.dataAttributeBindings.delete
dataplex.dataAttributeBindings.get
dataplex.dataAttributeBindings.getIamPolicy
dataplex.dataAttributeBindings.list
dataplex.dataAttributeBindings.setIamPolicy
dataplex.dataAttributeBindings.update

dataplex.dataAttributes.*

dataplex.dataAttributes.bind
dataplex.dataAttributes.create
dataplex.dataAttributes.delete
dataplex.dataAttributes.get
dataplex.dataAttributes.getIamPolicy
dataplex.dataAttributes.list
dataplex.dataAttributes.setIamPolicy
dataplex.dataAttributes.update

dataplex.dataTaxonomies.*

dataplex.dataTaxonomies.configureDataAccess
dataplex.dataTaxonomies.configureResourceAccess
dataplex.dataTaxonomies.create
dataplex.dataTaxonomies.delete
dataplex.dataTaxonomies.get
dataplex.dataTaxonomies.getIamPolicy
dataplex.dataTaxonomies.list
dataplex.dataTaxonomies.setIamPolicy
dataplex.dataTaxonomies.update

dataplex.datascans.*

dataplex.datascans.create
dataplex.datascans.delete
dataplex.datascans.get
dataplex.datascans.getData
dataplex.datascans.getIamPolicy
dataplex.datascans.list
dataplex.datascans.run
dataplex.datascans.setIamPolicy
dataplex.datascans.update

dataplex.entities.*

dataplex.entities.create
dataplex.entities.delete
dataplex.entities.get
dataplex.entities.list
dataplex.entities.update

dataplex.environments.*

dataplex.environments.create
dataplex.environments.delete
dataplex.environments.execute
dataplex.environments.get
dataplex.environments.getIamPolicy
dataplex.environments.list
dataplex.environments.setIamPolicy
dataplex.environments.update

dataplex.lakeActions.list

dataplex.lakes.*

dataplex.lakes.create
dataplex.lakes.delete
dataplex.lakes.get
dataplex.lakes.getIamPolicy
dataplex.lakes.list
dataplex.lakes.setIamPolicy
dataplex.lakes.update

dataplex.locations.*

dataplex.locations.get
dataplex.locations.list

dataplex.operations.*

dataplex.operations.cancel
dataplex.operations.delete
dataplex.operations.get
dataplex.operations.list

dataplex.partitions.*

dataplex.partitions.create
dataplex.partitions.delete
dataplex.partitions.get
dataplex.partitions.list
dataplex.partitions.update

dataplex.tasks.*

dataplex.tasks.cancel
dataplex.tasks.create
dataplex.tasks.delete
dataplex.tasks.get
dataplex.tasks.getIamPolicy
dataplex.tasks.list
dataplex.tasks.run
dataplex.tasks.setIamPolicy
dataplex.tasks.update

dataplex.zoneActions.list

dataplex.zones.*

dataplex.zones.create
dataplex.zones.delete
dataplex.zones.get
dataplex.zones.getIamPolicy
dataplex.zones.list
dataplex.zones.setIamPolicy
dataplex.zones.update

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Aspect Type Owner

(roles/dataplex.aspectTypeOwner)

Grants access to creating and managing Aspect Types. Does not give the right to create/modify Entries.

dataplex.aspectTypes.*

dataplex.aspectTypes.create
dataplex.aspectTypes.delete
dataplex.aspectTypes.get
dataplex.aspectTypes.getIamPolicy
dataplex.aspectTypes.list
dataplex.aspectTypes.setIamPolicy
dataplex.aspectTypes.update
dataplex.aspectTypes.use

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Aspect Type User

(roles/dataplex.aspectTypeUser)

Grants access to use Aspect Types to create/modify Entries with the corresponding aspects.

dataplex.aspectTypes.get

dataplex.aspectTypes.list

dataplex.aspectTypes.use

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Binding Administrator

(roles/dataplex.bindingAdmin)

Full access on DataAttribute Bindig resources.

dataplex.dataAttributeBindings.*

dataplex.dataAttributeBindings.create
dataplex.dataAttributeBindings.delete
dataplex.dataAttributeBindings.get
dataplex.dataAttributeBindings.getIamPolicy
dataplex.dataAttributeBindings.list
dataplex.dataAttributeBindings.setIamPolicy
dataplex.dataAttributeBindings.update

Dataplex Catalog Admin

(roles/dataplex.catalogAdmin)

Has full access to Catalog resources: Entry Groups, Entry Types, Aspect Types and Entries.

dataplex.aspectTypes.*

dataplex.aspectTypes.create
dataplex.aspectTypes.delete
dataplex.aspectTypes.get
dataplex.aspectTypes.getIamPolicy
dataplex.aspectTypes.list
dataplex.aspectTypes.setIamPolicy
dataplex.aspectTypes.update
dataplex.aspectTypes.use

dataplex.entries.*

dataplex.entries.create
dataplex.entries.delete
dataplex.entries.get
dataplex.entries.list
dataplex.entries.update

dataplex.entryGroups.*

dataplex.entryGroups.create
dataplex.entryGroups.delete
dataplex.entryGroups.get
dataplex.entryGroups.getIamPolicy
dataplex.entryGroups.list
dataplex.entryGroups.setIamPolicy
dataplex.entryGroups.update
dataplex.entryGroups.useContactsAspect
dataplex.entryGroups.useGenericAspect
dataplex.entryGroups.useGenericEntry
dataplex.entryGroups.useOverviewAspect
dataplex.entryGroups.useSchemaAspect

dataplex.entryTypes.*

dataplex.entryTypes.create
dataplex.entryTypes.delete
dataplex.entryTypes.get
dataplex.entryTypes.getIamPolicy
dataplex.entryTypes.list
dataplex.entryTypes.setIamPolicy
dataplex.entryTypes.update
dataplex.entryTypes.use

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Catalog Editor

(roles/dataplex.catalogEditor)

Has write access to Catalog resources: Entry Groups, Entry Types, Aspect Types and Entries. Cannot set IAM policies on resources

dataplex.aspectTypes.create

dataplex.aspectTypes.delete

dataplex.aspectTypes.get

dataplex.aspectTypes.getIamPolicy

dataplex.aspectTypes.list

dataplex.aspectTypes.update

dataplex.aspectTypes.use

dataplex.entries.*

dataplex.entries.create
dataplex.entries.delete
dataplex.entries.get
dataplex.entries.list
dataplex.entries.update

dataplex.entryGroups.create

dataplex.entryGroups.delete

dataplex.entryGroups.get

dataplex.entryGroups.getIamPolicy

dataplex.entryGroups.list

dataplex.entryGroups.update

dataplex.entryGroups.useContactsAspect

dataplex.entryGroups.useGenericAspect

dataplex.entryGroups.useGenericEntry

dataplex.entryGroups.useOverviewAspect

dataplex.entryGroups.useSchemaAspect

dataplex.entryTypes.create

dataplex.entryTypes.delete

dataplex.entryTypes.get

dataplex.entryTypes.getIamPolicy

dataplex.entryTypes.list

dataplex.entryTypes.update

dataplex.entryTypes.use

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Catalog Viewer

(roles/dataplex.catalogViewer)

Has read access to Catalog resources: Entry Groups, Entry Types, Aspect Types and Entries. Can view IAM policies on Catalog resources.

dataplex.aspectTypes.get

dataplex.aspectTypes.getIamPolicy

dataplex.aspectTypes.list

dataplex.entries.get

dataplex.entries.list

dataplex.entryGroups.get

dataplex.entryGroups.getIamPolicy

dataplex.entryGroups.list

dataplex.entryTypes.get

dataplex.entryTypes.getIamPolicy

dataplex.entryTypes.list

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Data Owner

(roles/dataplex.dataOwner)

Owner access to data. To be granted to Dataplex resources Lake, Zone or Asset only.

dataplex.assets.ownData

dataplex.assets.readData

dataplex.assets.writeData

Dataplex Data Reader

(roles/dataplex.dataReader)

Read only access to data. To be granted to Dataplex resources Lake, Zone or Asset only.

dataplex.assets.readData

Dataplex DataScan Administrator

(roles/dataplex.dataScanAdmin)

Full access to DataScan resources.

dataplex.datascans.*

dataplex.datascans.create
dataplex.datascans.delete
dataplex.datascans.get
dataplex.datascans.getData
dataplex.datascans.getIamPolicy
dataplex.datascans.list
dataplex.datascans.run
dataplex.datascans.setIamPolicy
dataplex.datascans.update

dataplex.operations.get

dataplex.operations.list

Dataplex DataScan Creator

(roles/dataplex.dataScanCreator)

Access to create new DataScan resources.

dataplex.datascans.create

dataplex.datascans.get

dataplex.datascans.list

dataplex.operations.get

Dataplex DataScan DataViewer

(roles/dataplex.dataScanDataViewer)

Read access to DataScan resources and additional contents.

dataplex.datascans.get

dataplex.datascans.getData

dataplex.datascans.getIamPolicy

dataplex.datascans.list

Dataplex DataScan Editor

(roles/dataplex.dataScanEditor)

Write access to DataScan resources.

dataplex.datascans.create

dataplex.datascans.delete

dataplex.datascans.get

dataplex.datascans.getData

dataplex.datascans.getIamPolicy

dataplex.datascans.list

dataplex.datascans.run

dataplex.datascans.update

dataplex.operations.get

dataplex.operations.list

Dataplex DataScan Viewer

(roles/dataplex.dataScanViewer)

Read access to DataScan resources.

dataplex.datascans.get

dataplex.datascans.getIamPolicy

dataplex.datascans.list

Dataplex Data Writer

(roles/dataplex.dataWriter)

Write access to data. To be granted to Dataplex resources Lake, Zone or Asset only.

dataplex.assets.writeData

Dataplex Developer

(roles/dataplex.developer)

Allows running data analytics workloads in a lake.

dataplex.content.*

dataplex.content.create
dataplex.content.delete
dataplex.content.get
dataplex.content.getIamPolicy
dataplex.content.list
dataplex.content.setIamPolicy
dataplex.content.update

dataplex.environments.execute

dataplex.environments.get

dataplex.environments.list

dataplex.tasks.cancel

dataplex.tasks.create

dataplex.tasks.delete

dataplex.tasks.get

dataplex.tasks.list

dataplex.tasks.run

dataplex.tasks.update

Dataplex Editor

(roles/dataplex.editor)

Write access to Dataplex resources.

cloudasset.assets.analyzeIamPolicy

dataplex.assetActions.list

dataplex.assets.create

dataplex.assets.delete

dataplex.assets.get

dataplex.assets.getIamPolicy

dataplex.assets.list

dataplex.assets.update

dataplex.content.delete

dataplex.content.get

dataplex.content.getIamPolicy

dataplex.content.list

dataplex.dataAttributeBindings.create

dataplex.dataAttributeBindings.delete

dataplex.dataAttributeBindings.get

dataplex.dataAttributeBindings.getIamPolicy

dataplex.dataAttributeBindings.list

dataplex.dataAttributeBindings.update

dataplex.dataAttributes.bind

dataplex.dataAttributes.create

dataplex.dataAttributes.delete

dataplex.dataAttributes.get

dataplex.dataAttributes.getIamPolicy

dataplex.dataAttributes.list

dataplex.dataAttributes.update

dataplex.dataTaxonomies.configureDataAccess

dataplex.dataTaxonomies.configureResourceAccess

dataplex.dataTaxonomies.create

dataplex.dataTaxonomies.delete

dataplex.dataTaxonomies.get

dataplex.dataTaxonomies.getIamPolicy

dataplex.dataTaxonomies.list

dataplex.dataTaxonomies.update

dataplex.datascans.create

dataplex.datascans.delete

dataplex.datascans.get

dataplex.datascans.getIamPolicy

dataplex.datascans.list

dataplex.datascans.run

dataplex.datascans.update

dataplex.environments.create

dataplex.environments.delete

dataplex.environments.get

dataplex.environments.getIamPolicy

dataplex.environments.list

dataplex.environments.update

dataplex.lakeActions.list

dataplex.lakes.create

dataplex.lakes.delete

dataplex.lakes.get

dataplex.lakes.getIamPolicy

dataplex.lakes.list

dataplex.lakes.update

dataplex.operations.*

dataplex.operations.cancel
dataplex.operations.delete
dataplex.operations.get
dataplex.operations.list

dataplex.tasks.cancel

dataplex.tasks.create

dataplex.tasks.delete

dataplex.tasks.get

dataplex.tasks.getIamPolicy

dataplex.tasks.list

dataplex.tasks.run

dataplex.tasks.update

dataplex.zoneActions.list

dataplex.zones.create

dataplex.zones.delete

dataplex.zones.get

dataplex.zones.getIamPolicy

dataplex.zones.list

dataplex.zones.update

Dataplex Entry Group Owner

(roles/dataplex.entryGroupOwner)

Owns Entry Groups and Entries inside of them.

dataplex.aspectTypes.get

dataplex.aspectTypes.list

dataplex.aspectTypes.use

dataplex.entries.*

dataplex.entries.create
dataplex.entries.delete
dataplex.entries.get
dataplex.entries.list
dataplex.entries.update

dataplex.entryGroups.*

dataplex.entryGroups.create
dataplex.entryGroups.delete
dataplex.entryGroups.get
dataplex.entryGroups.getIamPolicy
dataplex.entryGroups.list
dataplex.entryGroups.setIamPolicy
dataplex.entryGroups.update
dataplex.entryGroups.useContactsAspect
dataplex.entryGroups.useGenericAspect
dataplex.entryGroups.useGenericEntry
dataplex.entryGroups.useOverviewAspect
dataplex.entryGroups.useSchemaAspect

dataplex.entryTypes.get

dataplex.entryTypes.list

dataplex.entryTypes.use

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Entry Owner

(roles/dataplex.entryOwner)

Owns Metadata Entries.

dataplex.aspectTypes.get

dataplex.aspectTypes.list

dataplex.aspectTypes.use

dataplex.entries.*

dataplex.entries.create
dataplex.entries.delete
dataplex.entries.get
dataplex.entries.list
dataplex.entries.update

dataplex.entryGroups.get

dataplex.entryGroups.useContactsAspect

dataplex.entryGroups.useGenericAspect

dataplex.entryGroups.useGenericEntry

dataplex.entryGroups.useOverviewAspect

dataplex.entryGroups.useSchemaAspect

dataplex.entryTypes.get

dataplex.entryTypes.list

dataplex.entryTypes.use

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Entry Type Owner

(roles/dataplex.entryTypeOwner)

Grants access to creating and managing Entry Types. Does not give the right to create/modify Entries.

dataplex.entryTypes.*

dataplex.entryTypes.create
dataplex.entryTypes.delete
dataplex.entryTypes.get
dataplex.entryTypes.getIamPolicy
dataplex.entryTypes.list
dataplex.entryTypes.setIamPolicy
dataplex.entryTypes.update
dataplex.entryTypes.use

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Entry Type User

(roles/dataplex.entryTypeUser)

Grants access to use Entry Types to create/modify Entries of those types.

dataplex.entryTypes.get

dataplex.entryTypes.list

dataplex.entryTypes.use

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Metadata Reader

(roles/dataplex.metadataReader)

Read only access to metadata.

dataplex.assets.get

dataplex.assets.list

dataplex.entities.get

dataplex.entities.list

dataplex.partitions.get

dataplex.partitions.list

dataplex.zones.get

dataplex.zones.list

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Metadata Writer

(roles/dataplex.metadataWriter)

Write and Read access to metadata.

dataplex.assets.get

dataplex.assets.list

dataplex.entities.*

dataplex.entities.create
dataplex.entities.delete
dataplex.entities.get
dataplex.entities.list
dataplex.entities.update

dataplex.partitions.*

dataplex.partitions.create
dataplex.partitions.delete
dataplex.partitions.get
dataplex.partitions.list
dataplex.partitions.update

dataplex.zones.get

dataplex.zones.list

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Security Administrator

(roles/dataplex.securityAdmin)

Permissions configure ResourceAccess and DataAccess Specs on Data Attributes.

dataplex.dataTaxonomies.configureDataAccess

dataplex.dataTaxonomies.configureResourceAccess

Dataplex Storage Data Owner

(roles/dataplex.storageDataOwner)

Owner access to data. Should not be used directly. This role is granted by Dataplex to managed resources like Cloud Storage buckets, BigQuery datasets etc.

bigquery.datasets.get

bigquery.models.create

bigquery.models.delete

bigquery.models.export

bigquery.models.getData

bigquery.models.getMetadata

bigquery.models.list

bigquery.models.updateData

bigquery.models.updateMetadata

bigquery.routines.create

bigquery.routines.delete

bigquery.routines.get

bigquery.routines.list

bigquery.routines.update

bigquery.tables.create

bigquery.tables.createSnapshot

bigquery.tables.delete

bigquery.tables.deleteSnapshot

bigquery.tables.export

bigquery.tables.get

bigquery.tables.getData

bigquery.tables.list

bigquery.tables.restoreSnapshot

bigquery.tables.update

bigquery.tables.updateData

storage.buckets.get

storage.objects.create

storage.objects.delete

storage.objects.get

storage.objects.list

storage.objects.update

Dataplex Storage Data Reader

(roles/dataplex.storageDataReader)

Read only access to data. Should not be used directly. This role is granted by Dataplex to managed resources like Cloud Storage buckets, BigQuery datasets etc.

bigquery.datasets.get

bigquery.models.export

bigquery.models.getData

bigquery.models.getMetadata

bigquery.models.list

bigquery.routines.get

bigquery.routines.list

bigquery.tables.export

bigquery.tables.get

bigquery.tables.getData

bigquery.tables.list

storage.buckets.get

storage.objects.get

storage.objects.list

Dataplex Storage Data Writer

(roles/dataplex.storageDataWriter)

Write access to data. Should not be used directly. This role is granted by Dataplex to managed resources like Cloud Storage buckets, BigQuery datasets etc.

bigquery.tables.updateData

storage.objects.create

storage.objects.delete

storage.objects.update

Dataplex Taxonomy Administrator

(roles/dataplex.taxonomyAdmin)

Full access to DataTaxonomy, DataAttribute resources.

dataplex.dataAttributes.*

dataplex.dataAttributes.bind
dataplex.dataAttributes.create
dataplex.dataAttributes.delete
dataplex.dataAttributes.get
dataplex.dataAttributes.getIamPolicy
dataplex.dataAttributes.list
dataplex.dataAttributes.setIamPolicy
dataplex.dataAttributes.update

dataplex.dataTaxonomies.create

dataplex.dataTaxonomies.delete

dataplex.dataTaxonomies.get

dataplex.dataTaxonomies.getIamPolicy

dataplex.dataTaxonomies.list

dataplex.dataTaxonomies.setIamPolicy

dataplex.dataTaxonomies.update

Dataplex Taxonomy Viewer

(roles/dataplex.taxonomyViewer)

Read access on DataTaxonomy, DataAttribute resources.

dataplex.dataAttributes.get

dataplex.dataAttributes.getIamPolicy

dataplex.dataAttributes.list

dataplex.dataTaxonomies.get

dataplex.dataTaxonomies.getIamPolicy

dataplex.dataTaxonomies.list

Dataplex Viewer

(roles/dataplex.viewer)

Read access to Dataplex resources.

cloudasset.assets.analyzeIamPolicy

dataplex.assetActions.list

dataplex.assets.get

dataplex.assets.getIamPolicy

dataplex.assets.list

dataplex.content.get

dataplex.content.getIamPolicy

dataplex.content.list

dataplex.dataAttributeBindings.get

dataplex.dataAttributeBindings.getIamPolicy

dataplex.dataAttributeBindings.list

dataplex.dataAttributes.get

dataplex.dataAttributes.getIamPolicy

dataplex.dataAttributes.list

dataplex.dataTaxonomies.get

dataplex.dataTaxonomies.getIamPolicy

dataplex.dataTaxonomies.list

dataplex.datascans.get

dataplex.datascans.getIamPolicy

dataplex.datascans.list

dataplex.environments.get

dataplex.environments.getIamPolicy

dataplex.environments.list

dataplex.lakeActions.list

dataplex.lakes.get

dataplex.lakes.getIamPolicy

dataplex.lakes.list

dataplex.operations.get

dataplex.operations.list

dataplex.tasks.get

dataplex.tasks.getIamPolicy

dataplex.tasks.list

dataplex.zoneActions.list

dataplex.zones.get

dataplex.zones.getIamPolicy

dataplex.zones.list

Rôles associés aux données

Dataplex définit les trois rôles IAM suivants, qui sont destinés à être appliqués à toute ressource gérée par Dataplex. Pour en savoir plus sur les autorisations associées à chaque rôle, consultez la section Rôles prédéfinis de ce document.

Rôle des données	Fonctionnalités	Justification
Propriétaire de données Dataplex (`roles/dataplex.dataOwner`)	Toutes les autorisations sur la ressource gérée. Toutes les autorisations sur toutes les ressources enfants (quel que soit le type de ressource).	Les propriétaires de données peuvent mettre à jour les métadonnées des ressources, accorder des autorisations plus précises (par exemple, sur les tables enfants d'un ensemble de données BigQuery) et créer des ressources enfants, en plus de diverses autres autorisations. Ils détiennent l'entière propriété de la ressource.
Lecteur de données Dataplex (`roles/dataplex.dataReader`)	Permet de lire les données de la ressource gérée et de ses enfants. Capacité à lire les métadonnées de la ressource gérée et de ses enfants	Permet de lire les données et les métadonnées.
Rédacteur de données Dataplex (`roles/dataplex.dataWriter`)	Possibilité de créer/mettre à jour/supprimer des données (pas des métadonnées).	Active les parcours utilisateur Dataplex principaux.

Étapes suivantes

Découvrez comment créer des rôles IAM personnalisés.
Découvrez comment attribuer et gérer des rôles.
Consultez la section Mappage des autorisations IAM Dataplex.