Dataplex IAM 역할
컬렉션을 사용해 정리하기 내 환경설정을 기준으로 콘텐츠를 저장하고 분류하세요.

Dataplex는 여러 Identity and Access Management(IAM) 역할을 정의합니다. 미리 정의된 각 역할에는 주 구성원이 특정 작업을 수행할 수 있게 허용하는 IAM 권한 집합이 포함되어 있습니다. IAM 정책을 사용하여 주 구성원에게 하나 이상의 IAM 역할을 부여할 수 있습니다.

또한 IAM을 이용하면 맞춤설정된 역할을 만들 수 있습니다. 커스텀 IAM 역할을 생성하고 역할에 하나 이상의 권한을 할당할 수 있습니다. 그런 다음 주 구성원에게 새 역할을 부여할 수 있습니다. 사용 가능한 미리 정의된 역할 외에도 커스텀 역할을 사용하면 필요에 따라 액세스 제어 모델을 만들 수 있습니다.

이 문서에서는 Dataplex와 관련된 IAM 역할을 설명합니다.

IAM과 그 기능에 대한 자세한 설명은 IAM 문서를 참조하세요.

Dataplex 역할 정보

Dataplex IAM 역할은 하나 이상의 권한 모음입니다. 주 구성원이 프로젝트에서 Dataplex 리소스에 대한 작업을 수행할 수 있도록 역할을 부여합니다. 예를 들어 Dataplex 뷰어 역할에는 사용자가 프로젝트의 Dataplex 리소스를 가져오고 나열할 수 있는 dataplex.*.get 및 dataplex.*.list 권한이 포함됩니다. 자세한 내용은 Dataplex 권한을 참조하세요.

프로젝트, 레이크, 데이터 영역 등의 서비스 계층 구조에 있는 모든 리소스에 Dataplex 역할을 적용할 수 있습니다.

기본 역할

IAM 프로젝트 역할을 사용하여 프로젝트 수준에서 기본 역할을 할당할 수 있습니다. 다음은 IAM 프로젝트 역할과 연결된 권한 목록입니다.

프로젝트 역할	권한
프로젝트 소유자	모든 프로젝트 편집자 권한에 더해 프로젝트에 대한 액세스 제어를 관리하고(IamPolicy 가져오기/설정) 프로젝트 결제를 설정하는 권한
프로젝트 편집자	모든 프로젝트 뷰어 권한에 더해 상태를 수정하는 작업에 대한 모든 프로젝트 권한(만들기, 삭제, 업데이트, 사용)
프로젝트 뷰어	상태를 보존하는 읽기 전용 작업에 대한 모든 프로젝트 권한(가져오기, 표시)

Dataplex의 사전 정의된 역할

사전 정의된 역할에는 태스크 또는 관련 태스크 그룹을 수행하는 데 필요한 권한이 포함되어 있습니다.

다음에 유의하세요.

Data Catalog를 사용하는 경우 Data Catalog 항목 액세스 권한 부여가 범용 카탈로그 항목으로 자동으로 이월되지 않습니다. 범용 카탈로그 항목을 사용하려면 먼저 이에 대한 액세스 권한을 명시적으로 부여해야 합니다.
Dataplex 관리자, Dataplex 편집자, Dataplex 뷰어 역할은 범용 카탈로그 리소스에 대한 액세스 권한을 제공하지 않습니다.
Dataplex 카탈로그 관리자, Dataplex 카탈로그 편집자, Dataplex 카탈로그 뷰어 역할은 범용 카탈로그의 데이터 카탈로그 리소스에 대한 액세스 권한을 제공하지만 metastore 리소스에 대한 액세스 권한은 제공하지 않습니다.
@bigquery 및 @dataplex와 같은 시스템 정의 항목 그룹에서 범용 카탈로그 항목을 추가하거나 삭제할 권한을 부여하는 역할은 없습니다.
Dataplex 항목 소유자 역할에는 다음이 포함됩니다.
- 항목 관련 작업에 대한 전체 액세스 권한을 부여합니다.
- Schema, Generic, Overview, Contacts와 같은 일부 시스템 관점 유형의 관점을 추가할 권한을 부여합니다.
- GenericEntry 유형의 항목을 만들 수 있는 권한을 부여합니다.
- 이 역할을 사용하면 항목 유형과 관점 유형이 항목과 동일한 프로젝트에 정의된 항목 유형과 관점 유형으로 항목을 만들 수 있습니다. 그 외의 경우에는 항목 유형과 관점 유형이 정의된 프로젝트에 대한 Dataplex 항목 유형 사용자 및 Dataplex 관점 유형 사용자 역할이 추가로 부여되어야 합니다.
- LookupEntry 메서드 또는 SearchEntries 메서드를 사용하는 경우 이 역할은 BigQuery 항목과 같이 Dataplex 외부의Google Cloud 리소스에서 생성된 항목을 읽는 권한을 부여하지 않습니다. 이러한 항목을 읽으려면 소스 시스템 리소스에 대한 권한을 부여받아야 합니다. 또는 GetEntry 메서드를 사용하여 Dataplex 항목 소유자 역할에서만 항목을 읽을 수 있습니다.
SearchEntries 메서드를 사용하여 항목을 검색하려면 API 요청에 사용되는 프로젝트의 범용 카탈로그(Dataplex Catalog) IAM 역할 중 하나 이상을 부여받아야 합니다. 검색 결과에 대한 권한은 선택한 프로젝트와는 별도로 확인됩니다.

다음 표에는 Dataplex의 사전 정의된 역할 및 각 역할과 연결된 권한이 나와 있습니다.

Role Permissions

Role	Permissions
Dataplex Administrator (`roles/dataplex.admin`) Full access to Dataplex resources, except Dataplex Catalog.	`cloudasset.assets.analyzeIamPolicy` `cloudasset.assets.searchAllIamPolicies` `cloudasset.assets.searchAllResources` `dataplex.assetActions.list` `dataplex.assets.create` `dataplex.assets.delete` `dataplex.assets.get` `dataplex.assets.getIamPolicy` `dataplex.assets.list` `dataplex.assets.setIamPolicy` `dataplex.assets.update` `dataplex.content.` `dataplex.content.create` `dataplex.content.delete` `dataplex.content.get` `dataplex.content.getIamPolicy` `dataplex.content.list` `dataplex.content.setIamPolicy` `dataplex.content.update` `dataplex.dataAttributeBindings.` `dataplex.dataAttributeBindings.create` `dataplex.dataAttributeBindings.delete` `dataplex.dataAttributeBindings.get` `dataplex.dataAttributeBindings.getIamPolicy` `dataplex.dataAttributeBindings.list` `dataplex.dataAttributeBindings.setIamPolicy` `dataplex.dataAttributeBindings.update` `dataplex.dataAttributes.` `dataplex.dataAttributes.bind` `dataplex.dataAttributes.create` `dataplex.dataAttributes.delete` `dataplex.dataAttributes.get` `dataplex.dataAttributes.getIamPolicy` `dataplex.dataAttributes.list` `dataplex.dataAttributes.setIamPolicy` `dataplex.dataAttributes.update` `dataplex.dataTaxonomies.` `dataplex.dataTaxonomies.configureDataAccess` `dataplex.dataTaxonomies.configureResourceAccess` `dataplex.dataTaxonomies.create` `dataplex.dataTaxonomies.delete` `dataplex.dataTaxonomies.get` `dataplex.dataTaxonomies.getIamPolicy` `dataplex.dataTaxonomies.list` `dataplex.dataTaxonomies.setIamPolicy` `dataplex.dataTaxonomies.update` `dataplex.datascans.` `dataplex.datascans.create` `dataplex.datascans.delete` `dataplex.datascans.get` `dataplex.datascans.getData` `dataplex.datascans.getIamPolicy` `dataplex.datascans.list` `dataplex.datascans.run` `dataplex.datascans.setIamPolicy` `dataplex.datascans.update` `dataplex.entities.` `dataplex.entities.create` `dataplex.entities.delete` `dataplex.entities.get` `dataplex.entities.list` `dataplex.entities.update` `dataplex.entries.link` `dataplex.entryGroups.export` `dataplex.entryGroups.import` `dataplex.entryGroups.useDefinitionEntryLink` `dataplex.entryGroups.useRelatedEntryLink` `dataplex.entryGroups.useSynonymEntryLink` `dataplex.entryLinks.` `dataplex.entryLinks.create` `dataplex.entryLinks.delete` `dataplex.entryLinks.get` `dataplex.entryLinks.reference` `dataplex.environments.` `dataplex.environments.create` `dataplex.environments.delete` `dataplex.environments.execute` `dataplex.environments.get` `dataplex.environments.getIamPolicy` `dataplex.environments.list` `dataplex.environments.setIamPolicy` `dataplex.environments.update` `dataplex.glossaries.` `dataplex.glossaries.create` `dataplex.glossaries.delete` `dataplex.glossaries.get` `dataplex.glossaries.getIamPolicy` `dataplex.glossaries.import` `dataplex.glossaries.list` `dataplex.glossaries.setIamPolicy` `dataplex.glossaries.update` `dataplex.glossaryCategories.` `dataplex.glossaryCategories.create` `dataplex.glossaryCategories.delete` `dataplex.glossaryCategories.get` `dataplex.glossaryCategories.list` `dataplex.glossaryCategories.update` `dataplex.glossaryTerms.` `dataplex.glossaryTerms.create` `dataplex.glossaryTerms.delete` `dataplex.glossaryTerms.get` `dataplex.glossaryTerms.list` `dataplex.glossaryTerms.update` `dataplex.glossaryTerms.use` `dataplex.lakeActions.list` `dataplex.lakes.` `dataplex.lakes.create` `dataplex.lakes.delete` `dataplex.lakes.get` `dataplex.lakes.getIamPolicy` `dataplex.lakes.list` `dataplex.lakes.setIamPolicy` `dataplex.lakes.update` `dataplex.locations.` `dataplex.locations.get` `dataplex.locations.list` `dataplex.metadataJobs.` `dataplex.metadataJobs.cancel` `dataplex.metadataJobs.create` `dataplex.metadataJobs.get` `dataplex.metadataJobs.list` `dataplex.operations.` `dataplex.operations.cancel` `dataplex.operations.delete` `dataplex.operations.get` `dataplex.operations.list` `dataplex.partitions.` `dataplex.partitions.create` `dataplex.partitions.delete` `dataplex.partitions.get` `dataplex.partitions.list` `dataplex.partitions.update` `dataplex.tasks.` `dataplex.tasks.cancel` `dataplex.tasks.create` `dataplex.tasks.delete` `dataplex.tasks.get` `dataplex.tasks.getIamPolicy` `dataplex.tasks.list` `dataplex.tasks.run` `dataplex.tasks.setIamPolicy` `dataplex.tasks.update` `dataplex.zoneActions.list` `dataplex.zones.` `dataplex.zones.create` `dataplex.zones.delete` `dataplex.zones.get` `dataplex.zones.getIamPolicy` `dataplex.zones.list` `dataplex.zones.setIamPolicy` `dataplex.zones.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Aspect Type Owner (`roles/dataplex.aspectTypeOwner`) Grants access to creating and managing Aspect Types. Does not give the right to create/modify Entries.	`datacatalog.migrationConfig.get` `dataplex.aspectTypes.*` `dataplex.aspectTypes.create` `dataplex.aspectTypes.delete` `dataplex.aspectTypes.get` `dataplex.aspectTypes.getIamPolicy` `dataplex.aspectTypes.list` `dataplex.aspectTypes.setIamPolicy` `dataplex.aspectTypes.update` `dataplex.aspectTypes.use` `dataplex.operations.get` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Aspect Type User (`roles/dataplex.aspectTypeUser`) Grants access to use Aspect Types to create/modify Entries with the corresponding aspects.	`datacatalog.migrationConfig.get` `dataplex.aspectTypes.get` `dataplex.aspectTypes.list` `dataplex.aspectTypes.use` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Binding Administrator (`roles/dataplex.bindingAdmin`) Full access on DataAttribute Bindig resources.	`dataplex.dataAttributeBindings.*` `dataplex.dataAttributeBindings.create` `dataplex.dataAttributeBindings.delete` `dataplex.dataAttributeBindings.get` `dataplex.dataAttributeBindings.getIamPolicy` `dataplex.dataAttributeBindings.list` `dataplex.dataAttributeBindings.setIamPolicy` `dataplex.dataAttributeBindings.update`
Dataplex Catalog Admin (`roles/dataplex.catalogAdmin`) Has full access to Catalog resources.	`datacatalog.migrationConfig.get` `dataplex.aspectTypes.` `dataplex.aspectTypes.create` `dataplex.aspectTypes.delete` `dataplex.aspectTypes.get` `dataplex.aspectTypes.getIamPolicy` `dataplex.aspectTypes.list` `dataplex.aspectTypes.setIamPolicy` `dataplex.aspectTypes.update` `dataplex.aspectTypes.use` `dataplex.entries.` `dataplex.entries.create` `dataplex.entries.delete` `dataplex.entries.get` `dataplex.entries.link` `dataplex.entries.list` `dataplex.entries.update` `dataplex.entryGroups.` `dataplex.entryGroups.create` `dataplex.entryGroups.delete` `dataplex.entryGroups.export` `dataplex.entryGroups.get` `dataplex.entryGroups.getIamPolicy` `dataplex.entryGroups.import` `dataplex.entryGroups.list` `dataplex.entryGroups.setIamPolicy` `dataplex.entryGroups.update` `dataplex.entryGroups.useContactsAspect` `dataplex.entryGroups.useDefinitionEntryLink` `dataplex.entryGroups.useGenericAspect` `dataplex.entryGroups.useGenericEntry` `dataplex.entryGroups.useOverviewAspect` `dataplex.entryGroups.useRelatedEntryLink` `dataplex.entryGroups.useSchemaAspect` `dataplex.entryGroups.useSynonymEntryLink` `dataplex.entryLinks.` `dataplex.entryLinks.create` `dataplex.entryLinks.delete` `dataplex.entryLinks.get` `dataplex.entryLinks.reference` `dataplex.entryTypes.` `dataplex.entryTypes.create` `dataplex.entryTypes.delete` `dataplex.entryTypes.get` `dataplex.entryTypes.getIamPolicy` `dataplex.entryTypes.list` `dataplex.entryTypes.setIamPolicy` `dataplex.entryTypes.update` `dataplex.entryTypes.use` `dataplex.glossaries.` `dataplex.glossaries.create` `dataplex.glossaries.delete` `dataplex.glossaries.get` `dataplex.glossaries.getIamPolicy` `dataplex.glossaries.import` `dataplex.glossaries.list` `dataplex.glossaries.setIamPolicy` `dataplex.glossaries.update` `dataplex.glossaryCategories.` `dataplex.glossaryCategories.create` `dataplex.glossaryCategories.delete` `dataplex.glossaryCategories.get` `dataplex.glossaryCategories.list` `dataplex.glossaryCategories.update` `dataplex.glossaryTerms.` `dataplex.glossaryTerms.create` `dataplex.glossaryTerms.delete` `dataplex.glossaryTerms.get` `dataplex.glossaryTerms.list` `dataplex.glossaryTerms.update` `dataplex.glossaryTerms.use` `dataplex.operations.get` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Catalog Editor (`roles/dataplex.catalogEditor`) Has write access to Catalog resources. Cannot set IAM policies on resources	`datacatalog.migrationConfig.get` `dataplex.aspectTypes.create` `dataplex.aspectTypes.delete` `dataplex.aspectTypes.get` `dataplex.aspectTypes.getIamPolicy` `dataplex.aspectTypes.list` `dataplex.aspectTypes.update` `dataplex.aspectTypes.use` `dataplex.entries.` `dataplex.entries.create` `dataplex.entries.delete` `dataplex.entries.get` `dataplex.entries.link` `dataplex.entries.list` `dataplex.entries.update` `dataplex.entryGroups.create` `dataplex.entryGroups.delete` `dataplex.entryGroups.get` `dataplex.entryGroups.getIamPolicy` `dataplex.entryGroups.list` `dataplex.entryGroups.update` `dataplex.entryGroups.useContactsAspect` `dataplex.entryGroups.useDefinitionEntryLink` `dataplex.entryGroups.useGenericAspect` `dataplex.entryGroups.useGenericEntry` `dataplex.entryGroups.useOverviewAspect` `dataplex.entryGroups.useRelatedEntryLink` `dataplex.entryGroups.useSchemaAspect` `dataplex.entryGroups.useSynonymEntryLink` `dataplex.entryLinks.create` `dataplex.entryLinks.delete` `dataplex.entryLinks.get` `dataplex.entryTypes.create` `dataplex.entryTypes.delete` `dataplex.entryTypes.get` `dataplex.entryTypes.getIamPolicy` `dataplex.entryTypes.list` `dataplex.entryTypes.update` `dataplex.entryTypes.use` `dataplex.glossaries.create` `dataplex.glossaries.delete` `dataplex.glossaries.get` `dataplex.glossaries.getIamPolicy` `dataplex.glossaries.list` `dataplex.glossaries.update` `dataplex.glossaryCategories.` `dataplex.glossaryCategories.create` `dataplex.glossaryCategories.delete` `dataplex.glossaryCategories.get` `dataplex.glossaryCategories.list` `dataplex.glossaryCategories.update` `dataplex.glossaryTerms.*` `dataplex.glossaryTerms.create` `dataplex.glossaryTerms.delete` `dataplex.glossaryTerms.get` `dataplex.glossaryTerms.list` `dataplex.glossaryTerms.update` `dataplex.glossaryTerms.use` `dataplex.operations.get` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Catalog Viewer (`roles/dataplex.catalogViewer`) Has read access to Catalog resources: Entry Groups, Entry Types, Aspect Types, Entry Link Types, Entries and Entry Links. Can view IAM policies on Catalog resources.	`datacatalog.migrationConfig.get` `dataplex.aspectTypes.get` `dataplex.aspectTypes.getIamPolicy` `dataplex.aspectTypes.list` `dataplex.entries.get` `dataplex.entries.list` `dataplex.entryGroups.get` `dataplex.entryGroups.getIamPolicy` `dataplex.entryGroups.list` `dataplex.entryLinks.get` `dataplex.entryTypes.get` `dataplex.entryTypes.getIamPolicy` `dataplex.entryTypes.list` `dataplex.glossaries.get` `dataplex.glossaries.getIamPolicy` `dataplex.glossaries.list` `dataplex.glossaryCategories.get` `dataplex.glossaryCategories.list` `dataplex.glossaryTerms.get` `dataplex.glossaryTerms.list` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Data Owner (`roles/dataplex.dataOwner`) Owner access to data. To be granted to Dataplex resources Lake, Zone or Asset only.	`dataplex.assets.ownData` `dataplex.assets.readData` `dataplex.assets.writeData`
Dataplex Data Reader (`roles/dataplex.dataReader`) Read only access to data. To be granted to Dataplex resources Lake, Zone or Asset only.	`dataplex.assets.readData`
Dataplex DataScan Administrator (`roles/dataplex.dataScanAdmin`) Full access to DataScan resources.	`dataplex.datascans.*` `dataplex.datascans.create` `dataplex.datascans.delete` `dataplex.datascans.get` `dataplex.datascans.getData` `dataplex.datascans.getIamPolicy` `dataplex.datascans.list` `dataplex.datascans.run` `dataplex.datascans.setIamPolicy` `dataplex.datascans.update` `dataplex.operations.get` `dataplex.operations.list`
Dataplex DataScan Creator (`roles/dataplex.dataScanCreator`) Access to create new DataScan resources.	`dataplex.datascans.create` `dataplex.datascans.get` `dataplex.datascans.list` `dataplex.operations.get`
Dataplex DataScan DataViewer (`roles/dataplex.dataScanDataViewer`) Read access to DataScan resources and additional contents.	`dataplex.datascans.get` `dataplex.datascans.getData` `dataplex.datascans.getIamPolicy` `dataplex.datascans.list`
Dataplex DataScan Editor (`roles/dataplex.dataScanEditor`) Write access to DataScan resources.	`dataplex.datascans.create` `dataplex.datascans.delete` `dataplex.datascans.get` `dataplex.datascans.getData` `dataplex.datascans.getIamPolicy` `dataplex.datascans.list` `dataplex.datascans.run` `dataplex.datascans.update` `dataplex.operations.get` `dataplex.operations.list`
Dataplex DataScan Viewer (`roles/dataplex.dataScanViewer`) Read access to DataScan resources.	`dataplex.datascans.get` `dataplex.datascans.getIamPolicy` `dataplex.datascans.list`
Dataplex Data Writer (`roles/dataplex.dataWriter`) Write access to data. To be granted to Dataplex resources Lake, Zone or Asset only.	`dataplex.assets.writeData`
Dataplex Developer (`roles/dataplex.developer`) Allows running data analytics workloads in a lake.	`dataplex.content.*` `dataplex.content.create` `dataplex.content.delete` `dataplex.content.get` `dataplex.content.getIamPolicy` `dataplex.content.list` `dataplex.content.setIamPolicy` `dataplex.content.update` `dataplex.environments.execute` `dataplex.environments.get` `dataplex.environments.list` `dataplex.tasks.cancel` `dataplex.tasks.create` `dataplex.tasks.delete` `dataplex.tasks.get` `dataplex.tasks.list` `dataplex.tasks.run` `dataplex.tasks.update`
Dataplex Discovery BigLake Publishing Service Agent (`roles/dataplex.discoveryBigLakePublishingServiceAgent`) Gives the Dataplex Discovery Service Agent permissions to use bigquery connection. Warning: Do not grant service agent roles to any principals except service agents.	`bigquery.connections.delegate` `bigquery.connections.use`
Dataplex Discovery Publishing Service Agent (`roles/dataplex.discoveryPublishingServiceAgent`) Gives the Dataplex Discovery Service Agent dataset create and get permissions. Warning: Do not grant service agent roles to any principals except service agents.	`bigquery.datasets.create` `bigquery.datasets.get`
Dataplex Discovery Service Agent (`roles/dataplex.discoveryServiceAgent`) Gives the Dataplex Discovery Service Agent bucket read permissions. Warning: Do not grant service agent roles to any principals except service agents.	`storage.buckets.get` `storage.objects.get` `storage.objects.list`
Dataplex Editor (`roles/dataplex.editor`) Write access to Dataplex resources.	`cloudasset.assets.analyzeIamPolicy` `dataplex.assetActions.list` `dataplex.assets.create` `dataplex.assets.delete` `dataplex.assets.get` `dataplex.assets.getIamPolicy` `dataplex.assets.list` `dataplex.assets.update` `dataplex.content.delete` `dataplex.content.get` `dataplex.content.getIamPolicy` `dataplex.content.list` `dataplex.dataAttributeBindings.create` `dataplex.dataAttributeBindings.delete` `dataplex.dataAttributeBindings.get` `dataplex.dataAttributeBindings.getIamPolicy` `dataplex.dataAttributeBindings.list` `dataplex.dataAttributeBindings.update` `dataplex.dataAttributes.bind` `dataplex.dataAttributes.create` `dataplex.dataAttributes.delete` `dataplex.dataAttributes.get` `dataplex.dataAttributes.getIamPolicy` `dataplex.dataAttributes.list` `dataplex.dataAttributes.update` `dataplex.dataTaxonomies.configureDataAccess` `dataplex.dataTaxonomies.configureResourceAccess` `dataplex.dataTaxonomies.create` `dataplex.dataTaxonomies.delete` `dataplex.dataTaxonomies.get` `dataplex.dataTaxonomies.getIamPolicy` `dataplex.dataTaxonomies.list` `dataplex.dataTaxonomies.update` `dataplex.datascans.create` `dataplex.datascans.delete` `dataplex.datascans.get` `dataplex.datascans.getIamPolicy` `dataplex.datascans.list` `dataplex.datascans.run` `dataplex.datascans.update` `dataplex.environments.create` `dataplex.environments.delete` `dataplex.environments.get` `dataplex.environments.getIamPolicy` `dataplex.environments.list` `dataplex.environments.update` `dataplex.lakeActions.list` `dataplex.lakes.create` `dataplex.lakes.delete` `dataplex.lakes.get` `dataplex.lakes.getIamPolicy` `dataplex.lakes.list` `dataplex.lakes.update` `dataplex.operations.*` `dataplex.operations.cancel` `dataplex.operations.delete` `dataplex.operations.get` `dataplex.operations.list` `dataplex.tasks.cancel` `dataplex.tasks.create` `dataplex.tasks.delete` `dataplex.tasks.get` `dataplex.tasks.getIamPolicy` `dataplex.tasks.list` `dataplex.tasks.run` `dataplex.tasks.update` `dataplex.zoneActions.list` `dataplex.zones.create` `dataplex.zones.delete` `dataplex.zones.get` `dataplex.zones.getIamPolicy` `dataplex.zones.list` `dataplex.zones.update`
Dataplex Encryption Admin (`roles/dataplex.encryptionAdmin`) Gives user permissions to manage encryption config.	`dataplex.encryptionConfig.*` `dataplex.encryptionConfig.create` `dataplex.encryptionConfig.delete` `dataplex.encryptionConfig.get` `dataplex.encryptionConfig.list` `dataplex.encryptionConfig.update` `dataplex.operations.get` `dataplex.operations.list`
Dataplex Entry Group Exporter (`roles/dataplex.entryGroupExporter`) Grants access to export this entry group for Metadata Job processing.	`dataplex.entryGroups.export` `dataplex.entryGroups.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Entry Group Importer (`roles/dataplex.entryGroupImporter`) Grants access to import this entry group for Metadata Job processing.	`dataplex.entryGroups.get` `dataplex.entryGroups.import` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Entry Group Owner (`roles/dataplex.entryGroupOwner`) Owns Entry Groups and Entries inside of them.	`datacatalog.migrationConfig.get` `dataplex.aspectTypes.get` `dataplex.aspectTypes.list` `dataplex.aspectTypes.use` `dataplex.entries.` `dataplex.entries.create` `dataplex.entries.delete` `dataplex.entries.get` `dataplex.entries.link` `dataplex.entries.list` `dataplex.entries.update` `dataplex.entryGroups.` `dataplex.entryGroups.create` `dataplex.entryGroups.delete` `dataplex.entryGroups.export` `dataplex.entryGroups.get` `dataplex.entryGroups.getIamPolicy` `dataplex.entryGroups.import` `dataplex.entryGroups.list` `dataplex.entryGroups.setIamPolicy` `dataplex.entryGroups.update` `dataplex.entryGroups.useContactsAspect` `dataplex.entryGroups.useDefinitionEntryLink` `dataplex.entryGroups.useGenericAspect` `dataplex.entryGroups.useGenericEntry` `dataplex.entryGroups.useOverviewAspect` `dataplex.entryGroups.useRelatedEntryLink` `dataplex.entryGroups.useSchemaAspect` `dataplex.entryGroups.useSynonymEntryLink` `dataplex.entryLinks.*` `dataplex.entryLinks.create` `dataplex.entryLinks.delete` `dataplex.entryLinks.get` `dataplex.entryLinks.reference` `dataplex.entryTypes.get` `dataplex.entryTypes.list` `dataplex.entryTypes.use` `dataplex.operations.get` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Entry and EntryLink Owner (`roles/dataplex.entryOwner`) Owns Metadata Entries and EntryLinks.	`datacatalog.migrationConfig.get` `dataplex.aspectTypes.get` `dataplex.aspectTypes.list` `dataplex.aspectTypes.use` `dataplex.entries.` `dataplex.entries.create` `dataplex.entries.delete` `dataplex.entries.get` `dataplex.entries.link` `dataplex.entries.list` `dataplex.entries.update` `dataplex.entryGroups.get` `dataplex.entryGroups.useContactsAspect` `dataplex.entryGroups.useDefinitionEntryLink` `dataplex.entryGroups.useGenericAspect` `dataplex.entryGroups.useGenericEntry` `dataplex.entryGroups.useOverviewAspect` `dataplex.entryGroups.useRelatedEntryLink` `dataplex.entryGroups.useSchemaAspect` `dataplex.entryGroups.useSynonymEntryLink` `dataplex.entryLinks.` `dataplex.entryLinks.create` `dataplex.entryLinks.delete` `dataplex.entryLinks.get` `dataplex.entryLinks.reference` `dataplex.entryTypes.get` `dataplex.entryTypes.list` `dataplex.entryTypes.use` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Entry Type Owner (`roles/dataplex.entryTypeOwner`) Grants access to creating and managing Entry Types. Does not give the right to create/modify Entries.	`datacatalog.migrationConfig.get` `dataplex.entryTypes.*` `dataplex.entryTypes.create` `dataplex.entryTypes.delete` `dataplex.entryTypes.get` `dataplex.entryTypes.getIamPolicy` `dataplex.entryTypes.list` `dataplex.entryTypes.setIamPolicy` `dataplex.entryTypes.update` `dataplex.entryTypes.use` `dataplex.operations.get` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Entry Type User (`roles/dataplex.entryTypeUser`) Grants access to use Entry Types to create/modify Entries of those types.	`datacatalog.migrationConfig.get` `dataplex.entryTypes.get` `dataplex.entryTypes.list` `dataplex.entryTypes.use` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Metadata Job Owner (`roles/dataplex.metadataJobOwner`) Grants access to creating and managing Metadata Jobs. Does not give the right to create/modify Entry Groups.	`dataplex.metadataJobs.*` `dataplex.metadataJobs.cancel` `dataplex.metadataJobs.create` `dataplex.metadataJobs.get` `dataplex.metadataJobs.list` `dataplex.operations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Metadata Job Viewer (`roles/dataplex.metadataJobViewer`) Read access to Metadata Job resources.	`dataplex.metadataJobs.get` `dataplex.metadataJobs.list` `dataplex.operations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Metadata Reader (`roles/dataplex.metadataReader`) Read only access to metadata.	`dataplex.assets.get` `dataplex.assets.list` `dataplex.entities.get` `dataplex.entities.list` `dataplex.partitions.get` `dataplex.partitions.list` `dataplex.zones.get` `dataplex.zones.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Metadata Writer (`roles/dataplex.metadataWriter`) Write and Read access to metadata.	`dataplex.assets.get` `dataplex.assets.list` `dataplex.entities.` `dataplex.entities.create` `dataplex.entities.delete` `dataplex.entities.get` `dataplex.entities.list` `dataplex.entities.update` `dataplex.partitions.` `dataplex.partitions.create` `dataplex.partitions.delete` `dataplex.partitions.get` `dataplex.partitions.list` `dataplex.partitions.update` `dataplex.zones.get` `dataplex.zones.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Security Administrator (`roles/dataplex.securityAdmin`) Permissions configure ResourceAccess and DataAccess Specs on Data Attributes.	`dataplex.dataTaxonomies.configureDataAccess` `dataplex.dataTaxonomies.configureResourceAccess`
Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Gives the Dataplex service account access to project resources. This access will be used in data discovery, data management and data workload management. Warning: Do not grant service agent roles to any principals except service agents.	`bigquery.bireservations.` `bigquery.bireservations.get` `bigquery.bireservations.update` `bigquery.capacityCommitments.` `bigquery.capacityCommitments.create` `bigquery.capacityCommitments.delete` `bigquery.capacityCommitments.get` `bigquery.capacityCommitments.list` `bigquery.capacityCommitments.update` `bigquery.config.` `bigquery.config.get` `bigquery.config.update` `bigquery.connections.` `bigquery.connections.create` `bigquery.connections.delegate` `bigquery.connections.delete` `bigquery.connections.get` `bigquery.connections.getIamPolicy` `bigquery.connections.list` `bigquery.connections.setIamPolicy` `bigquery.connections.update` `bigquery.connections.updateTag` `bigquery.connections.use` `bigquery.dataPolicies.create` `bigquery.dataPolicies.delete` `bigquery.dataPolicies.get` `bigquery.dataPolicies.getIamPolicy` `bigquery.dataPolicies.list` `bigquery.dataPolicies.setIamPolicy` `bigquery.dataPolicies.update` `bigquery.datasets.` `bigquery.datasets.create` `bigquery.datasets.createTagBinding` `bigquery.datasets.delete` `bigquery.datasets.deleteTagBinding` `bigquery.datasets.get` `bigquery.datasets.getIamPolicy` `bigquery.datasets.link` `bigquery.datasets.listEffectiveTags` `bigquery.datasets.listSharedDatasetUsage` `bigquery.datasets.listTagBindings` `bigquery.datasets.setIamPolicy` `bigquery.datasets.update` `bigquery.datasets.updateTag` `bigquery.jobs.` `bigquery.jobs.create` `bigquery.jobs.delete` `bigquery.jobs.get` `bigquery.jobs.list` `bigquery.jobs.listAll` `bigquery.jobs.listExecutionMetadata` `bigquery.jobs.update` `bigquery.models.` `bigquery.models.create` `bigquery.models.delete` `bigquery.models.export` `bigquery.models.getData` `bigquery.models.getMetadata` `bigquery.models.list` `bigquery.models.updateData` `bigquery.models.updateMetadata` `bigquery.models.updateTag` `bigquery.objectRefs.` `bigquery.objectRefs.read` `bigquery.objectRefs.write` `bigquery.readsessions.` `bigquery.readsessions.create` `bigquery.readsessions.getData` `bigquery.readsessions.update` `bigquery.reservationAssignments.` `bigquery.reservationAssignments.create` `bigquery.reservationAssignments.delete` `bigquery.reservationAssignments.list` `bigquery.reservationAssignments.search` `bigquery.reservations.` `bigquery.reservations.create` `bigquery.reservations.delete` `bigquery.reservations.get` `bigquery.reservations.list` `bigquery.reservations.listFailoverDatasets` `bigquery.reservations.update` `bigquery.reservations.use` `bigquery.routines.` `bigquery.routines.create` `bigquery.routines.delete` `bigquery.routines.get` `bigquery.routines.list` `bigquery.routines.update` `bigquery.routines.updateTag` `bigquery.rowAccessPolicies.create` `bigquery.rowAccessPolicies.delete` `bigquery.rowAccessPolicies.get` `bigquery.rowAccessPolicies.getIamPolicy` `bigquery.rowAccessPolicies.list` `bigquery.rowAccessPolicies.overrideTimeTravelRestrictions` `bigquery.rowAccessPolicies.setIamPolicy` `bigquery.rowAccessPolicies.update` `bigquery.savedqueries.` `bigquery.savedqueries.create` `bigquery.savedqueries.delete` `bigquery.savedqueries.get` `bigquery.savedqueries.list` `bigquery.savedqueries.update` `bigquery.tables.` `bigquery.tables.create` `bigquery.tables.createIndex` `bigquery.tables.createSnapshot` `bigquery.tables.createTagBinding` `bigquery.tables.delete` `bigquery.tables.deleteIndex` `bigquery.tables.deleteSnapshot` `bigquery.tables.deleteTagBinding` `bigquery.tables.export` `bigquery.tables.get` `bigquery.tables.getData` `bigquery.tables.getIamPolicy` `bigquery.tables.list` `bigquery.tables.listEffectiveTags` `bigquery.tables.listTagBindings` `bigquery.tables.replicateData` `bigquery.tables.restoreSnapshot` `bigquery.tables.setCategory` `bigquery.tables.setColumnDataPolicy` `bigquery.tables.setIamPolicy` `bigquery.tables.update` `bigquery.tables.updateData` `bigquery.tables.updateIndex` `bigquery.tables.updateTag` `bigquery.transfers.` `bigquery.transfers.get` `bigquery.transfers.update` `bigquerymigration.translation.translate` `datacatalog.catalogs.searchAll` `datacatalog.categories.getIamPolicy` `datacatalog.categories.setIamPolicy` `datacatalog.entries.get` `datacatalog.taxonomies.create` `datacatalog.taxonomies.delete` `datacatalog.taxonomies.get` `datacatalog.taxonomies.list` `datacatalog.taxonomies.update` `dataform.` `dataform.commentThreads.create` `dataform.commentThreads.delete` `dataform.commentThreads.get` `dataform.commentThreads.list` `dataform.commentThreads.update` `dataform.comments.create` `dataform.comments.delete` `dataform.comments.get` `dataform.comments.list` `dataform.comments.update` `dataform.compilationResults.create` `dataform.compilationResults.get` `dataform.compilationResults.list` `dataform.compilationResults.query` `dataform.config.get` `dataform.config.update` `dataform.locations.get` `dataform.locations.list` `dataform.releaseConfigs.create` `dataform.releaseConfigs.delete` `dataform.releaseConfigs.get` `dataform.releaseConfigs.list` `dataform.releaseConfigs.update` `dataform.repositories.commit` `dataform.repositories.computeAccessTokenStatus` `dataform.repositories.create` `dataform.repositories.delete` `dataform.repositories.fetchHistory` `dataform.repositories.fetchRemoteBranches` `dataform.repositories.get` `dataform.repositories.getIamPolicy` `dataform.repositories.list` `dataform.repositories.queryDirectoryContents` `dataform.repositories.readFile` `dataform.repositories.setIamPolicy` `dataform.repositories.update` `dataform.workflowConfigs.create` `dataform.workflowConfigs.delete` `dataform.workflowConfigs.get` `dataform.workflowConfigs.list` `dataform.workflowConfigs.update` `dataform.workflowInvocations.cancel` `dataform.workflowInvocations.create` `dataform.workflowInvocations.delete` `dataform.workflowInvocations.get` `dataform.workflowInvocations.list` `dataform.workflowInvocations.query` `dataform.workspaces.commit` `dataform.workspaces.create` `dataform.workspaces.delete` `dataform.workspaces.fetchFileDiff` `dataform.workspaces.fetchFileGitStatuses` `dataform.workspaces.fetchGitAheadBehind` `dataform.workspaces.get` `dataform.workspaces.getIamPolicy` `dataform.workspaces.installNpmPackages` `dataform.workspaces.list` `dataform.workspaces.makeDirectory` `dataform.workspaces.moveDirectory` `dataform.workspaces.moveFile` `dataform.workspaces.pull` `dataform.workspaces.push` `dataform.workspaces.queryDirectoryContents` `dataform.workspaces.readFile` `dataform.workspaces.removeDirectory` `dataform.workspaces.removeFile` `dataform.workspaces.reset` `dataform.workspaces.searchFiles` `dataform.workspaces.setIamPolicy` `dataform.workspaces.writeFile` `dataplex.assets.getIamPolicy` `dataplex.environments.execute` `dataplex.environments.get` `dataplex.environments.list` `dataplex.lakes.get` `dataplex.lakes.getIamPolicy` `dataplex.projects.search` `dataplex.zones.getIamPolicy` `dataproc.batches.cancel` `dataproc.batches.create` `dataproc.batches.get` `dataproc.operations.cancel` `dataproc.operations.get` `dataproc.operations.list` `firebase.projects.get` `iam.serviceAccounts.actAs` `logging.logEntries.create` `logging.logEntries.route` `metastore.services.get` `monitoring.metricDescriptors.create` `monitoring.metricDescriptors.get` `monitoring.metricDescriptors.list` `monitoring.monitoredResourceDescriptors.` `monitoring.monitoredResourceDescriptors.get` `monitoring.monitoredResourceDescriptors.list` `monitoring.timeSeries.create` `orgpolicy.policy.get` `recommender.iamPolicyInsights.` `recommender.iamPolicyInsights.get` `recommender.iamPolicyInsights.list` `recommender.iamPolicyInsights.update` `recommender.iamPolicyRecommendations.` `recommender.iamPolicyRecommendations.get` `recommender.iamPolicyRecommendations.list` `recommender.iamPolicyRecommendations.update` `recommender.storageBucketSoftDeleteInsights.` `recommender.storageBucketSoftDeleteInsights.get` `recommender.storageBucketSoftDeleteInsights.list` `recommender.storageBucketSoftDeleteInsights.update` `recommender.storageBucketSoftDeleteRecommendations.` `recommender.storageBucketSoftDeleteRecommendations.get` `recommender.storageBucketSoftDeleteRecommendations.list` `recommender.storageBucketSoftDeleteRecommendations.update` `resourcemanager.hierarchyNodes.listEffectiveTags` `resourcemanager.projects.get` `resourcemanager.projects.list` `servicemanagement.services.report` `serviceusage.services.use` `storage.anywhereCaches.` `storage.anywhereCaches.create` `storage.anywhereCaches.disable` `storage.anywhereCaches.get` `storage.anywhereCaches.list` `storage.anywhereCaches.pause` `storage.anywhereCaches.resume` `storage.anywhereCaches.update` `storage.bucketOperations.` `storage.bucketOperations.cancel` `storage.bucketOperations.get` `storage.bucketOperations.list` `storage.buckets.` `storage.buckets.create` `storage.buckets.createTagBinding` `storage.buckets.delete` `storage.buckets.deleteTagBinding` `storage.buckets.enableObjectRetention` `storage.buckets.get` `storage.buckets.getIamPolicy` `storage.buckets.getIpFilter` `storage.buckets.getObjectInsights` `storage.buckets.list` `storage.buckets.listEffectiveTags` `storage.buckets.listTagBindings` `storage.buckets.relocate` `storage.buckets.restore` `storage.buckets.setIamPolicy` `storage.buckets.setIpFilter` `storage.buckets.update` `storage.folders.` `storage.folders.create` `storage.folders.delete` `storage.folders.get` `storage.folders.list` `storage.folders.rename` `storage.intelligenceConfigs.` `storage.intelligenceConfigs.get` `storage.intelligenceConfigs.update` `storage.managedFolders.` `storage.managedFolders.create` `storage.managedFolders.delete` `storage.managedFolders.get` `storage.managedFolders.getIamPolicy` `storage.managedFolders.list` `storage.managedFolders.setIamPolicy` `storage.multipartUploads.` `storage.multipartUploads.abort` `storage.multipartUploads.create` `storage.multipartUploads.list` `storage.multipartUploads.listParts` `storage.objects.*` `storage.objects.create` `storage.objects.delete` `storage.objects.get` `storage.objects.getIamPolicy` `storage.objects.list` `storage.objects.move` `storage.objects.overrideUnlockedRetention` `storage.objects.restore` `storage.objects.setIamPolicy` `storage.objects.setRetention` `storage.objects.update`
Dataplex Storage Data Owner (`roles/dataplex.storageDataOwner`) Owner access to data. Should not be used directly. This role is granted by Dataplex to managed resources like Cloud Storage buckets, BigQuery datasets etc.	`bigquery.datasets.get` `bigquery.models.create` `bigquery.models.delete` `bigquery.models.export` `bigquery.models.getData` `bigquery.models.getMetadata` `bigquery.models.list` `bigquery.models.updateData` `bigquery.models.updateMetadata` `bigquery.routines.create` `bigquery.routines.delete` `bigquery.routines.get` `bigquery.routines.list` `bigquery.routines.update` `bigquery.tables.create` `bigquery.tables.createSnapshot` `bigquery.tables.delete` `bigquery.tables.deleteSnapshot` `bigquery.tables.export` `bigquery.tables.get` `bigquery.tables.getData` `bigquery.tables.list` `bigquery.tables.restoreSnapshot` `bigquery.tables.update` `bigquery.tables.updateData` `storage.buckets.get` `storage.objects.create` `storage.objects.delete` `storage.objects.get` `storage.objects.list` `storage.objects.update`
Dataplex Storage Data Reader (`roles/dataplex.storageDataReader`) Read only access to data. Should not be used directly. This role is granted by Dataplex to managed resources like Cloud Storage buckets, BigQuery datasets etc.	`bigquery.datasets.get` `bigquery.models.export` `bigquery.models.getData` `bigquery.models.getMetadata` `bigquery.models.list` `bigquery.routines.get` `bigquery.routines.list` `bigquery.tables.export` `bigquery.tables.get` `bigquery.tables.getData` `bigquery.tables.list` `storage.buckets.get` `storage.objects.get` `storage.objects.list`
Dataplex Storage Data Writer (`roles/dataplex.storageDataWriter`) Write access to data. Should not be used directly. This role is granted by Dataplex to managed resources like Cloud Storage buckets, BigQuery datasets etc.	`bigquery.tables.updateData` `storage.objects.create` `storage.objects.delete` `storage.objects.update`
Dataplex Taxonomy Administrator (`roles/dataplex.taxonomyAdmin`) Full access to DataTaxonomy, DataAttribute resources.	`dataplex.dataAttributes.*` `dataplex.dataAttributes.bind` `dataplex.dataAttributes.create` `dataplex.dataAttributes.delete` `dataplex.dataAttributes.get` `dataplex.dataAttributes.getIamPolicy` `dataplex.dataAttributes.list` `dataplex.dataAttributes.setIamPolicy` `dataplex.dataAttributes.update` `dataplex.dataTaxonomies.create` `dataplex.dataTaxonomies.delete` `dataplex.dataTaxonomies.get` `dataplex.dataTaxonomies.getIamPolicy` `dataplex.dataTaxonomies.list` `dataplex.dataTaxonomies.setIamPolicy` `dataplex.dataTaxonomies.update`
Dataplex Taxonomy Viewer (`roles/dataplex.taxonomyViewer`) Read access on DataTaxonomy, DataAttribute resources.	`dataplex.dataAttributes.get` `dataplex.dataAttributes.getIamPolicy` `dataplex.dataAttributes.list` `dataplex.dataTaxonomies.get` `dataplex.dataTaxonomies.getIamPolicy` `dataplex.dataTaxonomies.list`
Dataplex Viewer (`roles/dataplex.viewer`) Read access to Dataplex resources.	`cloudasset.assets.analyzeIamPolicy` `dataplex.assetActions.list` `dataplex.assets.get` `dataplex.assets.getIamPolicy` `dataplex.assets.list` `dataplex.content.get` `dataplex.content.getIamPolicy` `dataplex.content.list` `dataplex.dataAttributeBindings.get` `dataplex.dataAttributeBindings.getIamPolicy` `dataplex.dataAttributeBindings.list` `dataplex.dataAttributes.get` `dataplex.dataAttributes.getIamPolicy` `dataplex.dataAttributes.list` `dataplex.dataTaxonomies.get` `dataplex.dataTaxonomies.getIamPolicy` `dataplex.dataTaxonomies.list` `dataplex.datascans.get` `dataplex.datascans.getIamPolicy` `dataplex.datascans.list` `dataplex.environments.get` `dataplex.environments.getIamPolicy` `dataplex.environments.list` `dataplex.lakeActions.list` `dataplex.lakes.get` `dataplex.lakes.getIamPolicy` `dataplex.lakes.list` `dataplex.operations.get` `dataplex.operations.list` `dataplex.tasks.get` `dataplex.tasks.getIamPolicy` `dataplex.tasks.list` `dataplex.zoneActions.list` `dataplex.zones.get` `dataplex.zones.getIamPolicy` `dataplex.zones.list`

Dataplex Administrator

(roles/dataplex.admin)

Full access to Dataplex resources, except Dataplex Catalog.

cloudasset.assets.analyzeIamPolicy

cloudasset.assets.searchAllIamPolicies

cloudasset.assets.searchAllResources

dataplex.assetActions.list

dataplex.assets.create

dataplex.assets.delete

dataplex.assets.get

dataplex.assets.getIamPolicy

dataplex.assets.list

dataplex.assets.setIamPolicy

dataplex.assets.update

dataplex.content.*

dataplex.content.create
dataplex.content.delete
dataplex.content.get
dataplex.content.getIamPolicy
dataplex.content.list
dataplex.content.setIamPolicy
dataplex.content.update

dataplex.dataAttributeBindings.*

dataplex.dataAttributeBindings.create
dataplex.dataAttributeBindings.delete
dataplex.dataAttributeBindings.get
dataplex.dataAttributeBindings.getIamPolicy
dataplex.dataAttributeBindings.list
dataplex.dataAttributeBindings.setIamPolicy
dataplex.dataAttributeBindings.update

dataplex.dataAttributes.*

dataplex.dataAttributes.bind
dataplex.dataAttributes.create
dataplex.dataAttributes.delete
dataplex.dataAttributes.get
dataplex.dataAttributes.getIamPolicy
dataplex.dataAttributes.list
dataplex.dataAttributes.setIamPolicy
dataplex.dataAttributes.update

dataplex.dataTaxonomies.*

dataplex.dataTaxonomies.configureDataAccess
dataplex.dataTaxonomies.configureResourceAccess
dataplex.dataTaxonomies.create
dataplex.dataTaxonomies.delete
dataplex.dataTaxonomies.get
dataplex.dataTaxonomies.getIamPolicy
dataplex.dataTaxonomies.list
dataplex.dataTaxonomies.setIamPolicy
dataplex.dataTaxonomies.update

dataplex.datascans.*

dataplex.datascans.create
dataplex.datascans.delete
dataplex.datascans.get
dataplex.datascans.getData
dataplex.datascans.getIamPolicy
dataplex.datascans.list
dataplex.datascans.run
dataplex.datascans.setIamPolicy
dataplex.datascans.update

dataplex.entities.*

dataplex.entities.create
dataplex.entities.delete
dataplex.entities.get
dataplex.entities.list
dataplex.entities.update

dataplex.entries.link

dataplex.entryGroups.export

dataplex.entryGroups.import

dataplex.entryGroups.useDefinitionEntryLink

dataplex.entryGroups.useRelatedEntryLink

dataplex.entryGroups.useSynonymEntryLink

dataplex.entryLinks.*

dataplex.entryLinks.create
dataplex.entryLinks.delete
dataplex.entryLinks.get
dataplex.entryLinks.reference

dataplex.environments.*

dataplex.environments.create
dataplex.environments.delete
dataplex.environments.execute
dataplex.environments.get
dataplex.environments.getIamPolicy
dataplex.environments.list
dataplex.environments.setIamPolicy
dataplex.environments.update

dataplex.glossaries.*

dataplex.glossaries.create
dataplex.glossaries.delete
dataplex.glossaries.get
dataplex.glossaries.getIamPolicy
dataplex.glossaries.import
dataplex.glossaries.list
dataplex.glossaries.setIamPolicy
dataplex.glossaries.update

dataplex.glossaryCategories.*

dataplex.glossaryCategories.create
dataplex.glossaryCategories.delete
dataplex.glossaryCategories.get
dataplex.glossaryCategories.list
dataplex.glossaryCategories.update

dataplex.glossaryTerms.*

dataplex.glossaryTerms.create
dataplex.glossaryTerms.delete
dataplex.glossaryTerms.get
dataplex.glossaryTerms.list
dataplex.glossaryTerms.update
dataplex.glossaryTerms.use

dataplex.lakeActions.list

dataplex.lakes.*

dataplex.lakes.create
dataplex.lakes.delete
dataplex.lakes.get
dataplex.lakes.getIamPolicy
dataplex.lakes.list
dataplex.lakes.setIamPolicy
dataplex.lakes.update

dataplex.locations.*

dataplex.locations.get
dataplex.locations.list

dataplex.metadataJobs.*

dataplex.metadataJobs.cancel
dataplex.metadataJobs.create
dataplex.metadataJobs.get
dataplex.metadataJobs.list

dataplex.operations.*

dataplex.operations.cancel
dataplex.operations.delete
dataplex.operations.get
dataplex.operations.list

dataplex.partitions.*

dataplex.partitions.create
dataplex.partitions.delete
dataplex.partitions.get
dataplex.partitions.list
dataplex.partitions.update

dataplex.tasks.*

dataplex.tasks.cancel
dataplex.tasks.create
dataplex.tasks.delete
dataplex.tasks.get
dataplex.tasks.getIamPolicy
dataplex.tasks.list
dataplex.tasks.run
dataplex.tasks.setIamPolicy
dataplex.tasks.update

dataplex.zoneActions.list

dataplex.zones.*

dataplex.zones.create
dataplex.zones.delete
dataplex.zones.get
dataplex.zones.getIamPolicy
dataplex.zones.list
dataplex.zones.setIamPolicy
dataplex.zones.update

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Aspect Type Owner

(roles/dataplex.aspectTypeOwner)

Grants access to creating and managing Aspect Types. Does not give the right to create/modify Entries.

datacatalog.migrationConfig.get

dataplex.aspectTypes.*

dataplex.aspectTypes.create
dataplex.aspectTypes.delete
dataplex.aspectTypes.get
dataplex.aspectTypes.getIamPolicy
dataplex.aspectTypes.list
dataplex.aspectTypes.setIamPolicy
dataplex.aspectTypes.update
dataplex.aspectTypes.use

dataplex.operations.get

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Aspect Type User

(roles/dataplex.aspectTypeUser)

Grants access to use Aspect Types to create/modify Entries with the corresponding aspects.

datacatalog.migrationConfig.get

dataplex.aspectTypes.get

dataplex.aspectTypes.list

dataplex.aspectTypes.use

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Binding Administrator

(roles/dataplex.bindingAdmin)

Full access on DataAttribute Bindig resources.

dataplex.dataAttributeBindings.*

dataplex.dataAttributeBindings.create
dataplex.dataAttributeBindings.delete
dataplex.dataAttributeBindings.get
dataplex.dataAttributeBindings.getIamPolicy
dataplex.dataAttributeBindings.list
dataplex.dataAttributeBindings.setIamPolicy
dataplex.dataAttributeBindings.update

Dataplex Catalog Admin

(roles/dataplex.catalogAdmin)

Has full access to Catalog resources.

datacatalog.migrationConfig.get

dataplex.aspectTypes.*

dataplex.aspectTypes.create
dataplex.aspectTypes.delete
dataplex.aspectTypes.get
dataplex.aspectTypes.getIamPolicy
dataplex.aspectTypes.list
dataplex.aspectTypes.setIamPolicy
dataplex.aspectTypes.update
dataplex.aspectTypes.use

dataplex.entries.*

dataplex.entries.create
dataplex.entries.delete
dataplex.entries.get
dataplex.entries.link
dataplex.entries.list
dataplex.entries.update

dataplex.entryGroups.*

dataplex.entryGroups.create
dataplex.entryGroups.delete
dataplex.entryGroups.export
dataplex.entryGroups.get
dataplex.entryGroups.getIamPolicy
dataplex.entryGroups.import
dataplex.entryGroups.list
dataplex.entryGroups.setIamPolicy
dataplex.entryGroups.update
dataplex.entryGroups.useContactsAspect
dataplex.entryGroups.useDefinitionEntryLink
dataplex.entryGroups.useGenericAspect
dataplex.entryGroups.useGenericEntry
dataplex.entryGroups.useOverviewAspect
dataplex.entryGroups.useRelatedEntryLink
dataplex.entryGroups.useSchemaAspect
dataplex.entryGroups.useSynonymEntryLink

dataplex.entryLinks.*

dataplex.entryLinks.create
dataplex.entryLinks.delete
dataplex.entryLinks.get
dataplex.entryLinks.reference

dataplex.entryTypes.*

dataplex.entryTypes.create
dataplex.entryTypes.delete
dataplex.entryTypes.get
dataplex.entryTypes.getIamPolicy
dataplex.entryTypes.list
dataplex.entryTypes.setIamPolicy
dataplex.entryTypes.update
dataplex.entryTypes.use

dataplex.glossaries.*

dataplex.glossaries.create
dataplex.glossaries.delete
dataplex.glossaries.get
dataplex.glossaries.getIamPolicy
dataplex.glossaries.import
dataplex.glossaries.list
dataplex.glossaries.setIamPolicy
dataplex.glossaries.update

dataplex.glossaryCategories.*

dataplex.glossaryCategories.create
dataplex.glossaryCategories.delete
dataplex.glossaryCategories.get
dataplex.glossaryCategories.list
dataplex.glossaryCategories.update

dataplex.glossaryTerms.*

dataplex.glossaryTerms.create
dataplex.glossaryTerms.delete
dataplex.glossaryTerms.get
dataplex.glossaryTerms.list
dataplex.glossaryTerms.update
dataplex.glossaryTerms.use

dataplex.operations.get

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Catalog Editor

(roles/dataplex.catalogEditor)

Has write access to Catalog resources. Cannot set IAM policies on resources

datacatalog.migrationConfig.get

dataplex.aspectTypes.create

dataplex.aspectTypes.delete

dataplex.aspectTypes.get

dataplex.aspectTypes.getIamPolicy

dataplex.aspectTypes.list

dataplex.aspectTypes.update

dataplex.aspectTypes.use

dataplex.entries.*

dataplex.entries.create
dataplex.entries.delete
dataplex.entries.get
dataplex.entries.link
dataplex.entries.list
dataplex.entries.update

dataplex.entryGroups.create

dataplex.entryGroups.delete

dataplex.entryGroups.get

dataplex.entryGroups.getIamPolicy

dataplex.entryGroups.list

dataplex.entryGroups.update

dataplex.entryGroups.useContactsAspect

dataplex.entryGroups.useDefinitionEntryLink

dataplex.entryGroups.useGenericAspect

dataplex.entryGroups.useGenericEntry

dataplex.entryGroups.useOverviewAspect

dataplex.entryGroups.useRelatedEntryLink

dataplex.entryGroups.useSchemaAspect

dataplex.entryGroups.useSynonymEntryLink

dataplex.entryLinks.create

dataplex.entryLinks.delete

dataplex.entryLinks.get

dataplex.entryTypes.create

dataplex.entryTypes.delete

dataplex.entryTypes.get

dataplex.entryTypes.getIamPolicy

dataplex.entryTypes.list

dataplex.entryTypes.update

dataplex.entryTypes.use

dataplex.glossaries.create

dataplex.glossaries.delete

dataplex.glossaries.get

dataplex.glossaries.getIamPolicy

dataplex.glossaries.list

dataplex.glossaries.update

dataplex.glossaryCategories.*

dataplex.glossaryCategories.create
dataplex.glossaryCategories.delete
dataplex.glossaryCategories.get
dataplex.glossaryCategories.list
dataplex.glossaryCategories.update

dataplex.glossaryTerms.*

dataplex.glossaryTerms.create
dataplex.glossaryTerms.delete
dataplex.glossaryTerms.get
dataplex.glossaryTerms.list
dataplex.glossaryTerms.update
dataplex.glossaryTerms.use

dataplex.operations.get

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Catalog Viewer

(roles/dataplex.catalogViewer)

Has read access to Catalog resources: Entry Groups, Entry Types, Aspect Types, Entry Link Types, Entries and Entry Links. Can view IAM policies on Catalog resources.

datacatalog.migrationConfig.get

dataplex.aspectTypes.get

dataplex.aspectTypes.getIamPolicy

dataplex.aspectTypes.list

dataplex.entries.get

dataplex.entries.list

dataplex.entryGroups.get

dataplex.entryGroups.getIamPolicy

dataplex.entryGroups.list

dataplex.entryLinks.get

dataplex.entryTypes.get

dataplex.entryTypes.getIamPolicy

dataplex.entryTypes.list

dataplex.glossaries.get

dataplex.glossaries.getIamPolicy

dataplex.glossaries.list

dataplex.glossaryCategories.get

dataplex.glossaryCategories.list

dataplex.glossaryTerms.get

dataplex.glossaryTerms.list

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Data Owner

(roles/dataplex.dataOwner)

Owner access to data. To be granted to Dataplex resources Lake, Zone or Asset only.

dataplex.assets.ownData

dataplex.assets.readData

dataplex.assets.writeData

Dataplex Data Reader

(roles/dataplex.dataReader)

Read only access to data. To be granted to Dataplex resources Lake, Zone or Asset only.

dataplex.assets.readData

Dataplex DataScan Administrator

(roles/dataplex.dataScanAdmin)

Full access to DataScan resources.

dataplex.datascans.*

dataplex.datascans.create
dataplex.datascans.delete
dataplex.datascans.get
dataplex.datascans.getData
dataplex.datascans.getIamPolicy
dataplex.datascans.list
dataplex.datascans.run
dataplex.datascans.setIamPolicy
dataplex.datascans.update

dataplex.operations.get

dataplex.operations.list

Dataplex DataScan Creator

(roles/dataplex.dataScanCreator)

Access to create new DataScan resources.

dataplex.datascans.create

dataplex.datascans.get

dataplex.datascans.list

dataplex.operations.get

Dataplex DataScan DataViewer

(roles/dataplex.dataScanDataViewer)

Read access to DataScan resources and additional contents.

dataplex.datascans.get

dataplex.datascans.getData

dataplex.datascans.getIamPolicy

dataplex.datascans.list

Dataplex DataScan Editor

(roles/dataplex.dataScanEditor)

Write access to DataScan resources.

dataplex.datascans.create

dataplex.datascans.delete

dataplex.datascans.get

dataplex.datascans.getData

dataplex.datascans.getIamPolicy

dataplex.datascans.list

dataplex.datascans.run

dataplex.datascans.update

dataplex.operations.get

dataplex.operations.list

Dataplex DataScan Viewer

(roles/dataplex.dataScanViewer)

Read access to DataScan resources.

dataplex.datascans.get

dataplex.datascans.getIamPolicy

dataplex.datascans.list

Dataplex Data Writer

(roles/dataplex.dataWriter)

Write access to data. To be granted to Dataplex resources Lake, Zone or Asset only.

dataplex.assets.writeData

Dataplex Developer

(roles/dataplex.developer)

Allows running data analytics workloads in a lake.

dataplex.content.*

dataplex.content.create
dataplex.content.delete
dataplex.content.get
dataplex.content.getIamPolicy
dataplex.content.list
dataplex.content.setIamPolicy
dataplex.content.update

dataplex.environments.execute

dataplex.environments.get

dataplex.environments.list

dataplex.tasks.cancel

dataplex.tasks.create

dataplex.tasks.delete

dataplex.tasks.get

dataplex.tasks.list

dataplex.tasks.run

dataplex.tasks.update

Dataplex Discovery BigLake Publishing Service Agent

(roles/dataplex.discoveryBigLakePublishingServiceAgent)

Gives the Dataplex Discovery Service Agent permissions to use bigquery connection.

bigquery.connections.delegate

bigquery.connections.use

Dataplex Discovery Publishing Service Agent

(roles/dataplex.discoveryPublishingServiceAgent)

Gives the Dataplex Discovery Service Agent dataset create and get permissions.

bigquery.datasets.create

bigquery.datasets.get

Dataplex Discovery Service Agent

(roles/dataplex.discoveryServiceAgent)

Gives the Dataplex Discovery Service Agent bucket read permissions.

storage.buckets.get

storage.objects.get

storage.objects.list

Dataplex Editor

(roles/dataplex.editor)

Write access to Dataplex resources.

cloudasset.assets.analyzeIamPolicy

dataplex.assetActions.list

dataplex.assets.create

dataplex.assets.delete

dataplex.assets.get

dataplex.assets.getIamPolicy

dataplex.assets.list

dataplex.assets.update

dataplex.content.delete

dataplex.content.get

dataplex.content.getIamPolicy

dataplex.content.list

dataplex.dataAttributeBindings.create

dataplex.dataAttributeBindings.delete

dataplex.dataAttributeBindings.get

dataplex.dataAttributeBindings.getIamPolicy

dataplex.dataAttributeBindings.list

dataplex.dataAttributeBindings.update

dataplex.dataAttributes.bind

dataplex.dataAttributes.create

dataplex.dataAttributes.delete

dataplex.dataAttributes.get

dataplex.dataAttributes.getIamPolicy

dataplex.dataAttributes.list

dataplex.dataAttributes.update

dataplex.dataTaxonomies.configureDataAccess

dataplex.dataTaxonomies.configureResourceAccess

dataplex.dataTaxonomies.create

dataplex.dataTaxonomies.delete

dataplex.dataTaxonomies.get

dataplex.dataTaxonomies.getIamPolicy

dataplex.dataTaxonomies.list

dataplex.dataTaxonomies.update

dataplex.datascans.create

dataplex.datascans.delete

dataplex.datascans.get

dataplex.datascans.getIamPolicy

dataplex.datascans.list

dataplex.datascans.run

dataplex.datascans.update

dataplex.environments.create

dataplex.environments.delete

dataplex.environments.get

dataplex.environments.getIamPolicy

dataplex.environments.list

dataplex.environments.update

dataplex.lakeActions.list

dataplex.lakes.create

dataplex.lakes.delete

dataplex.lakes.get

dataplex.lakes.getIamPolicy

dataplex.lakes.list

dataplex.lakes.update

dataplex.operations.*

dataplex.operations.cancel
dataplex.operations.delete
dataplex.operations.get
dataplex.operations.list

dataplex.tasks.cancel

dataplex.tasks.create

dataplex.tasks.delete

dataplex.tasks.get

dataplex.tasks.getIamPolicy

dataplex.tasks.list

dataplex.tasks.run

dataplex.tasks.update

dataplex.zoneActions.list

dataplex.zones.create

dataplex.zones.delete

dataplex.zones.get

dataplex.zones.getIamPolicy

dataplex.zones.list

dataplex.zones.update

Dataplex Encryption Admin

(roles/dataplex.encryptionAdmin)

Gives user permissions to manage encryption config.

dataplex.encryptionConfig.*

dataplex.encryptionConfig.create
dataplex.encryptionConfig.delete
dataplex.encryptionConfig.get
dataplex.encryptionConfig.list
dataplex.encryptionConfig.update

dataplex.operations.get

dataplex.operations.list

Dataplex Entry Group Exporter

(roles/dataplex.entryGroupExporter)

Grants access to export this entry group for Metadata Job processing.

dataplex.entryGroups.export

dataplex.entryGroups.get

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Entry Group Importer

(roles/dataplex.entryGroupImporter)

Grants access to import this entry group for Metadata Job processing.

dataplex.entryGroups.get

dataplex.entryGroups.import

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Entry Group Owner

(roles/dataplex.entryGroupOwner)

Owns Entry Groups and Entries inside of them.

datacatalog.migrationConfig.get

dataplex.aspectTypes.get

dataplex.aspectTypes.list

dataplex.aspectTypes.use

dataplex.entries.*

dataplex.entries.create
dataplex.entries.delete
dataplex.entries.get
dataplex.entries.link
dataplex.entries.list
dataplex.entries.update

dataplex.entryGroups.*

dataplex.entryGroups.create
dataplex.entryGroups.delete
dataplex.entryGroups.export
dataplex.entryGroups.get
dataplex.entryGroups.getIamPolicy
dataplex.entryGroups.import
dataplex.entryGroups.list
dataplex.entryGroups.setIamPolicy
dataplex.entryGroups.update
dataplex.entryGroups.useContactsAspect
dataplex.entryGroups.useDefinitionEntryLink
dataplex.entryGroups.useGenericAspect
dataplex.entryGroups.useGenericEntry
dataplex.entryGroups.useOverviewAspect
dataplex.entryGroups.useRelatedEntryLink
dataplex.entryGroups.useSchemaAspect
dataplex.entryGroups.useSynonymEntryLink

dataplex.entryLinks.*

dataplex.entryLinks.create
dataplex.entryLinks.delete
dataplex.entryLinks.get
dataplex.entryLinks.reference

dataplex.entryTypes.get

dataplex.entryTypes.list

dataplex.entryTypes.use

dataplex.operations.get

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Entry and EntryLink Owner

(roles/dataplex.entryOwner)

Owns Metadata Entries and EntryLinks.

datacatalog.migrationConfig.get

dataplex.aspectTypes.get

dataplex.aspectTypes.list

dataplex.aspectTypes.use

dataplex.entries.*

dataplex.entries.create
dataplex.entries.delete
dataplex.entries.get
dataplex.entries.link
dataplex.entries.list
dataplex.entries.update

dataplex.entryGroups.get

dataplex.entryGroups.useContactsAspect

dataplex.entryGroups.useDefinitionEntryLink

dataplex.entryGroups.useGenericAspect

dataplex.entryGroups.useGenericEntry

dataplex.entryGroups.useOverviewAspect

dataplex.entryGroups.useRelatedEntryLink

dataplex.entryGroups.useSchemaAspect

dataplex.entryGroups.useSynonymEntryLink

dataplex.entryLinks.*

dataplex.entryLinks.create
dataplex.entryLinks.delete
dataplex.entryLinks.get
dataplex.entryLinks.reference

dataplex.entryTypes.get

dataplex.entryTypes.list

dataplex.entryTypes.use

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Entry Type Owner

(roles/dataplex.entryTypeOwner)

Grants access to creating and managing Entry Types. Does not give the right to create/modify Entries.

datacatalog.migrationConfig.get

dataplex.entryTypes.*

dataplex.entryTypes.create
dataplex.entryTypes.delete
dataplex.entryTypes.get
dataplex.entryTypes.getIamPolicy
dataplex.entryTypes.list
dataplex.entryTypes.setIamPolicy
dataplex.entryTypes.update
dataplex.entryTypes.use

dataplex.operations.get

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Entry Type User

(roles/dataplex.entryTypeUser)

Grants access to use Entry Types to create/modify Entries of those types.

datacatalog.migrationConfig.get

dataplex.entryTypes.get

dataplex.entryTypes.list

dataplex.entryTypes.use

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Metadata Job Owner

(roles/dataplex.metadataJobOwner)

Grants access to creating and managing Metadata Jobs. Does not give the right to create/modify Entry Groups.

dataplex.metadataJobs.*

dataplex.metadataJobs.cancel
dataplex.metadataJobs.create
dataplex.metadataJobs.get
dataplex.metadataJobs.list

dataplex.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Metadata Job Viewer

(roles/dataplex.metadataJobViewer)

Read access to Metadata Job resources.

dataplex.metadataJobs.get

dataplex.metadataJobs.list

dataplex.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Metadata Reader

(roles/dataplex.metadataReader)

Read only access to metadata.

dataplex.assets.get

dataplex.assets.list

dataplex.entities.get

dataplex.entities.list

dataplex.partitions.get

dataplex.partitions.list

dataplex.zones.get

dataplex.zones.list

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Metadata Writer

(roles/dataplex.metadataWriter)

Write and Read access to metadata.

dataplex.assets.get

dataplex.assets.list

dataplex.entities.*

dataplex.entities.create
dataplex.entities.delete
dataplex.entities.get
dataplex.entities.list
dataplex.entities.update

dataplex.partitions.*

dataplex.partitions.create
dataplex.partitions.delete
dataplex.partitions.get
dataplex.partitions.list
dataplex.partitions.update

dataplex.zones.get

dataplex.zones.list

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Security Administrator

(roles/dataplex.securityAdmin)

Permissions configure ResourceAccess and DataAccess Specs on Data Attributes.

dataplex.dataTaxonomies.configureDataAccess

dataplex.dataTaxonomies.configureResourceAccess

Cloud Dataplex Service Agent

(roles/dataplex.serviceAgent)

Gives the Dataplex service account access to project resources. This access will be used in data discovery, data management and data workload management.

bigquery.bireservations.*

bigquery.bireservations.get
bigquery.bireservations.update

bigquery.capacityCommitments.*

bigquery.capacityCommitments.create
bigquery.capacityCommitments.delete
bigquery.capacityCommitments.get
bigquery.capacityCommitments.list
bigquery.capacityCommitments.update

bigquery.config.*

bigquery.config.get
bigquery.config.update

bigquery.connections.*

bigquery.connections.create
bigquery.connections.delegate
bigquery.connections.delete
bigquery.connections.get
bigquery.connections.getIamPolicy
bigquery.connections.list
bigquery.connections.setIamPolicy
bigquery.connections.update
bigquery.connections.updateTag
bigquery.connections.use

bigquery.dataPolicies.create

bigquery.dataPolicies.delete

bigquery.dataPolicies.get

bigquery.dataPolicies.getIamPolicy

bigquery.dataPolicies.list

bigquery.dataPolicies.setIamPolicy

bigquery.dataPolicies.update

bigquery.datasets.*

bigquery.datasets.create
bigquery.datasets.createTagBinding
bigquery.datasets.delete
bigquery.datasets.deleteTagBinding
bigquery.datasets.get
bigquery.datasets.getIamPolicy
bigquery.datasets.link
bigquery.datasets.listEffectiveTags
bigquery.datasets.listSharedDatasetUsage
bigquery.datasets.listTagBindings
bigquery.datasets.setIamPolicy
bigquery.datasets.update
bigquery.datasets.updateTag

bigquery.jobs.*

bigquery.jobs.create
bigquery.jobs.delete
bigquery.jobs.get
bigquery.jobs.list
bigquery.jobs.listAll
bigquery.jobs.listExecutionMetadata
bigquery.jobs.update

bigquery.models.*

bigquery.models.create
bigquery.models.delete
bigquery.models.export
bigquery.models.getData
bigquery.models.getMetadata
bigquery.models.list
bigquery.models.updateData
bigquery.models.updateMetadata
bigquery.models.updateTag

bigquery.objectRefs.*

bigquery.objectRefs.read
bigquery.objectRefs.write

bigquery.readsessions.*

bigquery.readsessions.create
bigquery.readsessions.getData
bigquery.readsessions.update

bigquery.reservationAssignments.*

bigquery.reservationAssignments.create
bigquery.reservationAssignments.delete
bigquery.reservationAssignments.list
bigquery.reservationAssignments.search

bigquery.reservations.*

bigquery.reservations.create
bigquery.reservations.delete
bigquery.reservations.get
bigquery.reservations.list
bigquery.reservations.listFailoverDatasets
bigquery.reservations.update
bigquery.reservations.use

bigquery.routines.*

bigquery.routines.create
bigquery.routines.delete
bigquery.routines.get
bigquery.routines.list
bigquery.routines.update
bigquery.routines.updateTag

bigquery.rowAccessPolicies.create

bigquery.rowAccessPolicies.delete

bigquery.rowAccessPolicies.get

bigquery.rowAccessPolicies.getIamPolicy

bigquery.rowAccessPolicies.list

bigquery.rowAccessPolicies.overrideTimeTravelRestrictions

bigquery.rowAccessPolicies.setIamPolicy

bigquery.rowAccessPolicies.update

bigquery.savedqueries.*

bigquery.savedqueries.create
bigquery.savedqueries.delete
bigquery.savedqueries.get
bigquery.savedqueries.list
bigquery.savedqueries.update

bigquery.tables.*

bigquery.tables.create
bigquery.tables.createIndex
bigquery.tables.createSnapshot
bigquery.tables.createTagBinding
bigquery.tables.delete
bigquery.tables.deleteIndex
bigquery.tables.deleteSnapshot
bigquery.tables.deleteTagBinding
bigquery.tables.export
bigquery.tables.get
bigquery.tables.getData
bigquery.tables.getIamPolicy
bigquery.tables.list
bigquery.tables.listEffectiveTags
bigquery.tables.listTagBindings
bigquery.tables.replicateData
bigquery.tables.restoreSnapshot
bigquery.tables.setCategory
bigquery.tables.setColumnDataPolicy
bigquery.tables.setIamPolicy
bigquery.tables.update
bigquery.tables.updateData
bigquery.tables.updateIndex
bigquery.tables.updateTag

bigquery.transfers.*

bigquery.transfers.get
bigquery.transfers.update

bigquerymigration.translation.translate

datacatalog.catalogs.searchAll

datacatalog.categories.getIamPolicy

datacatalog.categories.setIamPolicy

datacatalog.entries.get

datacatalog.taxonomies.create

datacatalog.taxonomies.delete

datacatalog.taxonomies.get

datacatalog.taxonomies.list

datacatalog.taxonomies.update

dataform.*

dataform.commentThreads.create
dataform.commentThreads.delete
dataform.commentThreads.get
dataform.commentThreads.list
dataform.commentThreads.update
dataform.comments.create
dataform.comments.delete
dataform.comments.get
dataform.comments.list
dataform.comments.update
dataform.compilationResults.create
dataform.compilationResults.get
dataform.compilationResults.list
dataform.compilationResults.query
dataform.config.get
dataform.config.update
dataform.locations.get
dataform.locations.list
dataform.releaseConfigs.create
dataform.releaseConfigs.delete
dataform.releaseConfigs.get
dataform.releaseConfigs.list
dataform.releaseConfigs.update
dataform.repositories.commit
dataform.repositories.computeAccessTokenStatus
dataform.repositories.create
dataform.repositories.delete
dataform.repositories.fetchHistory
dataform.repositories.fetchRemoteBranches
dataform.repositories.get
dataform.repositories.getIamPolicy
dataform.repositories.list
dataform.repositories.queryDirectoryContents
dataform.repositories.readFile
dataform.repositories.setIamPolicy
dataform.repositories.update
dataform.workflowConfigs.create
dataform.workflowConfigs.delete
dataform.workflowConfigs.get
dataform.workflowConfigs.list
dataform.workflowConfigs.update
dataform.workflowInvocations.cancel
dataform.workflowInvocations.create
dataform.workflowInvocations.delete
dataform.workflowInvocations.get
dataform.workflowInvocations.list
dataform.workflowInvocations.query
dataform.workspaces.commit
dataform.workspaces.create
dataform.workspaces.delete
dataform.workspaces.fetchFileDiff
dataform.workspaces.fetchFileGitStatuses
dataform.workspaces.fetchGitAheadBehind
dataform.workspaces.get
dataform.workspaces.getIamPolicy
dataform.workspaces.installNpmPackages
dataform.workspaces.list
dataform.workspaces.makeDirectory
dataform.workspaces.moveDirectory
dataform.workspaces.moveFile
dataform.workspaces.pull
dataform.workspaces.push
dataform.workspaces.queryDirectoryContents
dataform.workspaces.readFile
dataform.workspaces.removeDirectory
dataform.workspaces.removeFile
dataform.workspaces.reset
dataform.workspaces.searchFiles
dataform.workspaces.setIamPolicy
dataform.workspaces.writeFile

dataplex.assets.getIamPolicy

dataplex.environments.execute

dataplex.environments.get

dataplex.environments.list

dataplex.lakes.get

dataplex.lakes.getIamPolicy

dataplex.projects.search

dataplex.zones.getIamPolicy

dataproc.batches.cancel

dataproc.batches.create

dataproc.batches.get

dataproc.operations.cancel

dataproc.operations.get

dataproc.operations.list

firebase.projects.get

iam.serviceAccounts.actAs

logging.logEntries.create

logging.logEntries.route

metastore.services.get

monitoring.metricDescriptors.create

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

monitoring.monitoredResourceDescriptors.get
monitoring.monitoredResourceDescriptors.list

monitoring.timeSeries.create

orgpolicy.policy.get

recommender.iamPolicyInsights.*

recommender.iamPolicyInsights.get
recommender.iamPolicyInsights.list
recommender.iamPolicyInsights.update

recommender.iamPolicyRecommendations.*

recommender.iamPolicyRecommendations.get
recommender.iamPolicyRecommendations.list
recommender.iamPolicyRecommendations.update

recommender.storageBucketSoftDeleteInsights.*

recommender.storageBucketSoftDeleteInsights.get
recommender.storageBucketSoftDeleteInsights.list
recommender.storageBucketSoftDeleteInsights.update

recommender.storageBucketSoftDeleteRecommendations.*

recommender.storageBucketSoftDeleteRecommendations.get
recommender.storageBucketSoftDeleteRecommendations.list
recommender.storageBucketSoftDeleteRecommendations.update

resourcemanager.hierarchyNodes.listEffectiveTags

resourcemanager.projects.get

resourcemanager.projects.list

servicemanagement.services.report

serviceusage.services.use

storage.anywhereCaches.*

storage.anywhereCaches.create
storage.anywhereCaches.disable
storage.anywhereCaches.get
storage.anywhereCaches.list
storage.anywhereCaches.pause
storage.anywhereCaches.resume
storage.anywhereCaches.update

storage.bucketOperations.*

storage.bucketOperations.cancel
storage.bucketOperations.get
storage.bucketOperations.list

storage.buckets.*

storage.buckets.create
storage.buckets.createTagBinding
storage.buckets.delete
storage.buckets.deleteTagBinding
storage.buckets.enableObjectRetention
storage.buckets.get
storage.buckets.getIamPolicy
storage.buckets.getIpFilter
storage.buckets.getObjectInsights
storage.buckets.list
storage.buckets.listEffectiveTags
storage.buckets.listTagBindings
storage.buckets.relocate
storage.buckets.restore
storage.buckets.setIamPolicy
storage.buckets.setIpFilter
storage.buckets.update

storage.folders.*

storage.folders.create
storage.folders.delete
storage.folders.get
storage.folders.list
storage.folders.rename

storage.intelligenceConfigs.*

storage.intelligenceConfigs.get
storage.intelligenceConfigs.update

storage.managedFolders.*

storage.managedFolders.create
storage.managedFolders.delete
storage.managedFolders.get
storage.managedFolders.getIamPolicy
storage.managedFolders.list
storage.managedFolders.setIamPolicy

storage.multipartUploads.*

storage.multipartUploads.abort
storage.multipartUploads.create
storage.multipartUploads.list
storage.multipartUploads.listParts

storage.objects.*

storage.objects.create
storage.objects.delete
storage.objects.get
storage.objects.getIamPolicy
storage.objects.list
storage.objects.move
storage.objects.overrideUnlockedRetention
storage.objects.restore
storage.objects.setIamPolicy
storage.objects.setRetention
storage.objects.update

Dataplex Storage Data Owner

(roles/dataplex.storageDataOwner)

Owner access to data. Should not be used directly. This role is granted by Dataplex to managed resources like Cloud Storage buckets, BigQuery datasets etc.

bigquery.datasets.get

bigquery.models.create

bigquery.models.delete

bigquery.models.export

bigquery.models.getData

bigquery.models.getMetadata

bigquery.models.list

bigquery.models.updateData

bigquery.models.updateMetadata

bigquery.routines.create

bigquery.routines.delete

bigquery.routines.get

bigquery.routines.list

bigquery.routines.update

bigquery.tables.create

bigquery.tables.createSnapshot

bigquery.tables.delete

bigquery.tables.deleteSnapshot

bigquery.tables.export

bigquery.tables.get

bigquery.tables.getData

bigquery.tables.list

bigquery.tables.restoreSnapshot

bigquery.tables.update

bigquery.tables.updateData

storage.buckets.get

storage.objects.create

storage.objects.delete

storage.objects.get

storage.objects.list

storage.objects.update

Dataplex Storage Data Reader

(roles/dataplex.storageDataReader)

Read only access to data. Should not be used directly. This role is granted by Dataplex to managed resources like Cloud Storage buckets, BigQuery datasets etc.

bigquery.datasets.get

bigquery.models.export

bigquery.models.getData

bigquery.models.getMetadata

bigquery.models.list

bigquery.routines.get

bigquery.routines.list

bigquery.tables.export

bigquery.tables.get

bigquery.tables.getData

bigquery.tables.list

storage.buckets.get

storage.objects.get

storage.objects.list

Dataplex Storage Data Writer

(roles/dataplex.storageDataWriter)

Write access to data. Should not be used directly. This role is granted by Dataplex to managed resources like Cloud Storage buckets, BigQuery datasets etc.

bigquery.tables.updateData

storage.objects.create

storage.objects.delete

storage.objects.update

Dataplex Taxonomy Administrator

(roles/dataplex.taxonomyAdmin)

Full access to DataTaxonomy, DataAttribute resources.

dataplex.dataAttributes.*

dataplex.dataAttributes.bind
dataplex.dataAttributes.create
dataplex.dataAttributes.delete
dataplex.dataAttributes.get
dataplex.dataAttributes.getIamPolicy
dataplex.dataAttributes.list
dataplex.dataAttributes.setIamPolicy
dataplex.dataAttributes.update

dataplex.dataTaxonomies.create

dataplex.dataTaxonomies.delete

dataplex.dataTaxonomies.get

dataplex.dataTaxonomies.getIamPolicy

dataplex.dataTaxonomies.list

dataplex.dataTaxonomies.setIamPolicy

dataplex.dataTaxonomies.update

Dataplex Taxonomy Viewer

(roles/dataplex.taxonomyViewer)

Read access on DataTaxonomy, DataAttribute resources.

dataplex.dataAttributes.get

dataplex.dataAttributes.getIamPolicy

dataplex.dataAttributes.list

dataplex.dataTaxonomies.get

dataplex.dataTaxonomies.getIamPolicy

dataplex.dataTaxonomies.list

Dataplex Viewer

(roles/dataplex.viewer)

Read access to Dataplex resources.

cloudasset.assets.analyzeIamPolicy

dataplex.assetActions.list

dataplex.assets.get

dataplex.assets.getIamPolicy

dataplex.assets.list

dataplex.content.get

dataplex.content.getIamPolicy

dataplex.content.list

dataplex.dataAttributeBindings.get

dataplex.dataAttributeBindings.getIamPolicy

dataplex.dataAttributeBindings.list

dataplex.dataAttributes.get

dataplex.dataAttributes.getIamPolicy

dataplex.dataAttributes.list

dataplex.dataTaxonomies.get

dataplex.dataTaxonomies.getIamPolicy

dataplex.dataTaxonomies.list

dataplex.datascans.get

dataplex.datascans.getIamPolicy

dataplex.datascans.list

dataplex.environments.get

dataplex.environments.getIamPolicy

dataplex.environments.list

dataplex.lakeActions.list

dataplex.lakes.get

dataplex.lakes.getIamPolicy

dataplex.lakes.list

dataplex.operations.get

dataplex.operations.list

dataplex.tasks.get

dataplex.tasks.getIamPolicy

dataplex.tasks.list

dataplex.zoneActions.list

dataplex.zones.get

dataplex.zones.getIamPolicy

dataplex.zones.list

데이터 계보의 사전 정의된 역할

범용 카탈로그 항목의 계보에 액세스하려면 Dataplex의 항목에 액세스해야 합니다. 범용 카탈로그 항목에 액세스하려면 해당 시스템 리소스에 대한 뷰어 역할 또는 범용 카탈로그 항목이 저장되는 프로젝트의 Dataplex 카탈로그 뷰어 역할(roles/dataplex.catalogViewer)이 필요합니다. 이 섹션에서는 계보를 보는 데 필요한 역할을 설명합니다.

계보 뷰어 역할

데이터 계보 뷰어 역할(roles/datalineage.viewer)을 사용하면 Google Cloud 콘솔에서 Dataplex 계보를 보고 Data Lineage API를 사용하여 계보 정보를 읽을 수 있습니다. 특 프로세스의 실행과 이벤트는 모두 프로세스와 동일한 프로젝트에 저장됩니다. 자동 계보의 경우 프로세스, 실행, 이벤트가 계보를 생성한 작업이 실행되는 프로젝트에 저장됩니다. 예를 들어 BigQuery 작업이 실행 중인 프로젝트일 수 있습니다.

애셋 간의 계보와 애셋 메타데이터를 보려면 다른 역할이 필요합니다. 전자의 경우 데이터 계보 뷰어 역할(roles/datalineage.viewer)이 필요합니다. 후자의 경우 Dataplex에서 메타데이터 항목에 액세스하는 데 사용되는 것과 동일한 역할이 필요합니다.

두 애셋 간의 계보를 보는 역할

애셋 간의 계보를 보려면 다음 프로젝트에 대한 데이터 계보 뷰어 역할(roles/datalineage.viewer)이 필요합니다.

계보를 보고 있는 프로젝트(활성 프로젝트라고 함). 즉 Google Cloud 콘솔 상단의 드롭다운에 있는 프로젝트 또는 API 호출이 수행된 프로젝트입니다. 일반적으로 범용 카탈로그에서 만들거나 API를 사용하여 다른 Google Cloud 시스템에서 액세스할 리소스가 포함된 프로젝트입니다.
계보가 기록되는 프로젝트(컴퓨팅 프로젝트라고 함). 계보는 앞서 설명한 대로 해당 프로세스가 실행되는 프로젝트에 저장됩니다. 이 프로젝트는 계보를 보고 있는 애셋을 저장하는 프로젝트와 다를 수 있습니다.

역할 부여에 대한 자세한 내용은 액세스 관리를 참조하세요. 커스텀 역할이나 다른 사전 정의된 역할을 통해 필요한 권한을 얻을 수도 있습니다.

사용 사례에 따라 폴더 또는 조직 수준에서 데이터 계보 뷰어 역할(roles/datalineage.viewer)을 부여하여 계보에 대한 액세스를 보장합니다(단일 역할 부여 또는 취소 참조). 데이터 계보에 필요한 역할은 Google Cloud CLI를 통해서만 부여될 수 있습니다.

계보를 볼 때 애셋 메타데이터를 볼 수 있는 역할

애셋에 대한 메타데이터가 범용 카탈로그에 저장되면 해당 시스템 리소스에 대한 뷰어 역할 또는 범용 카탈로그 항목이 저장되는 프로젝트의 Dataplex 카탈로그 뷰어 역할(roles/dataplex.catalogViewer)이 있는 경우에만 메타데이터 뷰를 볼 수 있습니다. 적절한 뷰어 역할을 통해 계보 그래프 또는 목록의 애셋에는 액세스할 수 있지만 이들 사이의 계보에는 액세스할 수 없습니다. 이는 계보가 기록된 프로젝트에 대한 데이터 계보 뷰어 역할(roles/datalineage.viewer)이 없는 경우입니다. 이 경우 Data Lineage API 및 Google Cloud 콘솔은 계보를 표시하지 않으며 오류를 반환하지 않으므로 계보의 존재 여부에 대한 정보가 유출되지 않습니다. 따라서 애셋의 계보가 없다고 해서 해당 애셋의 계보가 없다는 것이 아니라 단지 해당 계보에 액세스할 수 없을 수 있다는 것을 의미합니다.

데이터 계보 이벤트 제작자 역할

데이터 계보 이벤트 제작자 역할(roles/datalineage.producer)을 사용하면 사용자가 Data Lineage API를 사용하여 계보 정보를 수동으로 기록할 수 있습니다.

데이터 계보 편집자 역할

데이터 계보 편집자 역할(roles/datalineage.editor)이 있는 사용자는 Data Lineage API를 사용하여 계보 정보를 수동으로 수정할 수 있습니다.

데이터 계보 관리자 역할

데이터 계보 관리자 역할(roles/datalineage.admin)이 있는 사용자는 이 섹션에 나열된 모든 계보 작업을 실행할 수 있습니다.

데이터 역할

Dataplex는 Dataplex에서 관리하는 모든 리소스에 적용되는 다음 IAM 역할을 정의합니다. 각 역할과 관련된 권한에 대한 자세한 내용은 이 문서의 사전 정의된 역할 섹션을 참조하세요.

데이터 역할	기능	사유
Dataplex 데이터 소유자(`roles/dataplex.dataOwner`)	관리형 리소스에 대한 모든 권한입니다. 리소스 유형에 관계없이 모든 하위 리소스에 대한 모든 권한이 포함됩니다.	데이터 소유자는 다양한 기타 권한 외에도 리소스 메타데이터를 업데이트하고, 더 세분화된 권한(예: BigQuery 데이터 세트의 하위 테이블)을 부여하고, 하위 리소스를 만들 수 있습니다. 리소스에 대해 완전한 소유권을 보유합니다.
Dataplex 데이터 리더(`roles/dataplex.dataReader`)	관리형 리소스 및 하위 리소스의 데이터를 읽을 수 있습니다. 또한 관리형 리소스 및 하위 리소스의 메타데이터를 읽을 수 있습니다.	데이터 및 메타데이터를 읽을 수 있는 기능을 사용 설정합니다.
Dataplex 데이터 작성자(`roles/dataplex.dataWriter`)	데이터 만들기/업데이트/삭제가 가능합니다(메타데이터 제외).	핵심적인 Dataplex 사용자 경험을 지원합니다.

Dataplex IAM 역할 컬렉션을 사용해 정리하기 내 환경설정을 기준으로 콘텐츠를 저장하고 분류하세요.

Dataplex 역할 정보

기본 역할

Dataplex의 사전 정의된 역할

Dataplex Administrator

Dataplex Aspect Type Owner

Dataplex Aspect Type User

Dataplex Binding Administrator

Dataplex Catalog Admin

Dataplex Catalog Editor

Dataplex Catalog Viewer

Dataplex Data Owner

Dataplex Data Reader

Dataplex DataScan Administrator

Dataplex DataScan Creator

Dataplex DataScan DataViewer

Dataplex DataScan Editor

Dataplex DataScan Viewer

Dataplex Data Writer

Dataplex Developer

Dataplex Discovery BigLake Publishing Service Agent

Dataplex Discovery Publishing Service Agent

Dataplex Discovery Service Agent

Dataplex Editor

Dataplex Encryption Admin

Dataplex Entry Group Exporter

Dataplex Entry Group Importer

Dataplex Entry Group Owner

Dataplex Entry and EntryLink Owner

Dataplex Entry Type Owner

Dataplex Entry Type User

Dataplex Metadata Job Owner

Dataplex Metadata Job Viewer

Dataplex Metadata Reader

Dataplex Metadata Writer

Dataplex Security Administrator

Cloud Dataplex Service Agent

Dataplex Storage Data Owner

Dataplex Storage Data Reader

Dataplex Storage Data Writer

Dataplex Taxonomy Administrator

Dataplex Taxonomy Viewer

Dataplex Viewer

데이터 계보의 사전 정의된 역할

계보 뷰어 역할

두 애셋 간의 계보를 보는 역할

계보를 볼 때 애셋 메타데이터를 볼 수 있는 역할

데이터 계보 이벤트 제작자 역할

데이터 계보 편집자 역할

데이터 계보 관리자 역할

데이터 역할

다음 단계

Dataplex IAM 역할
컬렉션을 사용해 정리하기 내 환경설정을 기준으로 콘텐츠를 저장하고 분류하세요.