Dataplex IAM 역할

Dataplex는 여러 Identity and Access Management(IAM) 역할을 정의합니다. 사전 정의된 각 역할에는 주 구성원이 특정 작업을 수행할 수 있게 허용하는 IAM 권한 집합이 포함되어 있습니다. IAM 정책을 사용하여 주 구성원에게 하나 이상의 IAM 역할을 부여할 수 있습니다.

IAM은 맞춤설정된 역할을 만드는 기능도 제공합니다. 커스텀 IAM 역할을 생성하고 역할에 하나 이상의 권한을 할당할 수 있습니다. 그런 다음 주 구성원에게 새 역할을 부여할 수 있습니다. 사용 가능한 미리 정의된 역할 외에도 커스텀 역할을 사용하면 필요에 따라 액세스 제어 모델을 만들 수 있습니다.

이 문서에서는 Dataplex와 관련된 IAM 역할을 설명합니다.

IAM과 그 기능에 대한 자세한 설명은 IAM 문서를 참고하세요.

Dataplex 역할

Dataplex IAM 역할은 하나 이상의 권한이 포함된 번들입니다. 주 구성원이 프로젝트에서 Dataplex 리소스에 대한 작업을 수행할 수 있도록 역할을 부여합니다. 예를 들어 Dataplex 뷰어 역할에는 사용자가 프로젝트의 Dataplex 리소스를 가져오고 나열할 수 있는 dataplex.*.getdataplex.*.list가 포함됩니다. 자세한 내용은 Dataplex 권한을 참고하세요.

프로젝트, 레이크, 데이터 영역 등의 서비스 계층 구조에 있는 모든 리소스에 Dataplex 역할을 적용할 수 있습니다.

기본 역할

IAM 프로젝트 역할을 사용하여 프로젝트 수준에서 기본 역할을 할당할 수 있습니다. 다음은 IAM 프로젝트 역할과 연결된 권한 목록입니다.

프로젝트 역할 권한
프로젝트 소유자 모든 프로젝트 편집자 권한에 더해 프로젝트에 대한 액세스 제어를 관리하고(IamPolicy 가져오기/설정) 프로젝트 결제를 설정하는 권한
프로젝트 편집자 모든 프로젝트 뷰어 권한에 더해 상태를 수정하는 작업에 대한 모든 프로젝트 권한(만들기, 삭제, 업데이트, 사용)
프로젝트 뷰어 상태를 보존하는 읽기 전용 작업에 대한 모든 프로젝트 권한(가져오기, 표시)

사전 정의된 역할

사전 정의된 역할에는 태스크 또는 관련 태스크 그룹을 수행하는 데 필요한 권한이 포함되어 있습니다.

다음에 유의하세요.

  • Dataplex 관리자, Dataplex 편집자, Dataplex 뷰어 역할은 Dataplex 카탈로그 리소스에 대한 액세스 권한을 제공하지 않습니다.
  • @bigquery@dataplex와 같은 시스템 정의 항목 그룹에서 Dataplex 카탈로그 항목을 추가하거나 삭제할 권한을 부여하는 역할은 없습니다.
  • Dataplex 항목 소유자 역할에는 다음이 포함됩니다.
    • 항목 관련 작업에 대한 전체 액세스 권한을 부여합니다.
    • Schema, Generic, Overview, Contacts와 같은 일부 시스템 관점 유형의 관점을 추가할 권한을 부여합니다.
    • GenericEntry 유형의 항목을 만들 수 있는 권한을 부여합니다.
    • 이 역할로 항목 유형과 관점 유형이 항목과 동일한 프로젝트에 정의된 항목 유형과 관점 유형으로 항목을 만들 수 있습니다. 그 외의 경우에는 항목 유형과 관점 유형이 정의된 프로젝트에 대한 Dataplex 항목 유형 사용자 및 Dataplex 관점 유형 사용자 역할이 추가로 부여되어야 합니다.
    • LookupEntry 메서드 또는 SearchEntries 메서드를 사용하는 경우 이 역할은 BigQuery 항목과 같이 Dataplex 외부의 Google Cloud 리소스에서 생성된 항목을 읽을 수 있는 권한을 부여하지 않습니다. 이러한 항목을 읽으려면 소스 시스템 리소스에 대한 권한을 부여받아야 합니다. 또는 GetEntry 메서드를 사용하여 Dataplex 항목 소유자 역할만으로 항목을 읽을 수 있습니다.
  • SearchEntries 메서드를 사용하여 항목을 검색하려면 API 요청에 사용되는 프로젝트의 Dataplex 카탈로그 IAM 역할 중 하나 이상을 부여받아야 합니다. 검색 결과에 대한 권한은 선택한 프로젝트와는 별도로 확인됩니다.

다음 표에는 Dataplex의 사전 정의된 역할 및 각 역할과 연결된 권한이 나와 있습니다.

Role Permissions

(roles/dataplex.admin)

Full access to Dataplex resources, except Dataplex Catalog.

cloudasset.assets.analyzeIamPolicy

cloudasset.assets.searchAllIamPolicies

cloudasset.assets.searchAllResources

dataplex.assetActions.list

dataplex.assets.create

dataplex.assets.delete

dataplex.assets.get

dataplex.assets.getIamPolicy

dataplex.assets.list

dataplex.assets.setIamPolicy

dataplex.assets.update

dataplex.content.*

  • dataplex.content.create
  • dataplex.content.delete
  • dataplex.content.get
  • dataplex.content.getIamPolicy
  • dataplex.content.list
  • dataplex.content.setIamPolicy
  • dataplex.content.update

dataplex.dataAttributeBindings.*

  • dataplex.dataAttributeBindings.create
  • dataplex.dataAttributeBindings.delete
  • dataplex.dataAttributeBindings.get
  • dataplex.dataAttributeBindings.getIamPolicy
  • dataplex.dataAttributeBindings.list
  • dataplex.dataAttributeBindings.setIamPolicy
  • dataplex.dataAttributeBindings.update

dataplex.dataAttributes.*

  • dataplex.dataAttributes.bind
  • dataplex.dataAttributes.create
  • dataplex.dataAttributes.delete
  • dataplex.dataAttributes.get
  • dataplex.dataAttributes.getIamPolicy
  • dataplex.dataAttributes.list
  • dataplex.dataAttributes.setIamPolicy
  • dataplex.dataAttributes.update

dataplex.dataTaxonomies.*

  • dataplex.dataTaxonomies.configureDataAccess
  • dataplex.dataTaxonomies.configureResourceAccess
  • dataplex.dataTaxonomies.create
  • dataplex.dataTaxonomies.delete
  • dataplex.dataTaxonomies.get
  • dataplex.dataTaxonomies.getIamPolicy
  • dataplex.dataTaxonomies.list
  • dataplex.dataTaxonomies.setIamPolicy
  • dataplex.dataTaxonomies.update

dataplex.datascans.*

  • dataplex.datascans.create
  • dataplex.datascans.delete
  • dataplex.datascans.get
  • dataplex.datascans.getData
  • dataplex.datascans.getIamPolicy
  • dataplex.datascans.list
  • dataplex.datascans.run
  • dataplex.datascans.setIamPolicy
  • dataplex.datascans.update

dataplex.encryptionConfig.*

  • dataplex.encryptionConfig.create
  • dataplex.encryptionConfig.delete
  • dataplex.encryptionConfig.get
  • dataplex.encryptionConfig.list
  • dataplex.encryptionConfig.update

dataplex.entities.*

  • dataplex.entities.create
  • dataplex.entities.delete
  • dataplex.entities.get
  • dataplex.entities.list
  • dataplex.entities.update

dataplex.entryGroups.export

dataplex.entryGroups.import

dataplex.environments.*

  • dataplex.environments.create
  • dataplex.environments.delete
  • dataplex.environments.execute
  • dataplex.environments.get
  • dataplex.environments.getIamPolicy
  • dataplex.environments.list
  • dataplex.environments.setIamPolicy
  • dataplex.environments.update

dataplex.lakeActions.list

dataplex.lakes.*

  • dataplex.lakes.create
  • dataplex.lakes.delete
  • dataplex.lakes.get
  • dataplex.lakes.getIamPolicy
  • dataplex.lakes.list
  • dataplex.lakes.setIamPolicy
  • dataplex.lakes.update

dataplex.locations.*

  • dataplex.locations.get
  • dataplex.locations.list

dataplex.metadataJobs.*

  • dataplex.metadataJobs.cancel
  • dataplex.metadataJobs.create
  • dataplex.metadataJobs.get
  • dataplex.metadataJobs.list

dataplex.operations.*

  • dataplex.operations.cancel
  • dataplex.operations.delete
  • dataplex.operations.get
  • dataplex.operations.list

dataplex.partitions.*

  • dataplex.partitions.create
  • dataplex.partitions.delete
  • dataplex.partitions.get
  • dataplex.partitions.list
  • dataplex.partitions.update

dataplex.tasks.*

  • dataplex.tasks.cancel
  • dataplex.tasks.create
  • dataplex.tasks.delete
  • dataplex.tasks.get
  • dataplex.tasks.getIamPolicy
  • dataplex.tasks.list
  • dataplex.tasks.run
  • dataplex.tasks.setIamPolicy
  • dataplex.tasks.update

dataplex.zoneActions.list

dataplex.zones.*

  • dataplex.zones.create
  • dataplex.zones.delete
  • dataplex.zones.get
  • dataplex.zones.getIamPolicy
  • dataplex.zones.list
  • dataplex.zones.setIamPolicy
  • dataplex.zones.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/dataplex.aspectTypeOwner)

Grants access to creating and managing Aspect Types. Does not give the right to create/modify Entries.

datacatalog.migrationConfig.get

dataplex.aspectTypes.*

  • dataplex.aspectTypes.create
  • dataplex.aspectTypes.delete
  • dataplex.aspectTypes.get
  • dataplex.aspectTypes.getIamPolicy
  • dataplex.aspectTypes.list
  • dataplex.aspectTypes.setIamPolicy
  • dataplex.aspectTypes.update
  • dataplex.aspectTypes.use

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

(roles/dataplex.aspectTypeUser)

Grants access to use Aspect Types to create/modify Entries with the corresponding aspects.

datacatalog.migrationConfig.get

dataplex.aspectTypes.get

dataplex.aspectTypes.list

dataplex.aspectTypes.use

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

(roles/dataplex.bindingAdmin)

Full access on DataAttribute Bindig resources.

dataplex.dataAttributeBindings.*

  • dataplex.dataAttributeBindings.create
  • dataplex.dataAttributeBindings.delete
  • dataplex.dataAttributeBindings.get
  • dataplex.dataAttributeBindings.getIamPolicy
  • dataplex.dataAttributeBindings.list
  • dataplex.dataAttributeBindings.setIamPolicy
  • dataplex.dataAttributeBindings.update

(roles/dataplex.catalogAdmin)

Has full access to Catalog resources: Entry Groups, Entry Types, Aspect Types and Entries.

datacatalog.migrationConfig.get

dataplex.aspectTypes.*

  • dataplex.aspectTypes.create
  • dataplex.aspectTypes.delete
  • dataplex.aspectTypes.get
  • dataplex.aspectTypes.getIamPolicy
  • dataplex.aspectTypes.list
  • dataplex.aspectTypes.setIamPolicy
  • dataplex.aspectTypes.update
  • dataplex.aspectTypes.use

dataplex.entries.*

  • dataplex.entries.create
  • dataplex.entries.delete
  • dataplex.entries.get
  • dataplex.entries.list
  • dataplex.entries.update

dataplex.entryGroups.*

  • dataplex.entryGroups.create
  • dataplex.entryGroups.delete
  • dataplex.entryGroups.export
  • dataplex.entryGroups.get
  • dataplex.entryGroups.getIamPolicy
  • dataplex.entryGroups.import
  • dataplex.entryGroups.list
  • dataplex.entryGroups.setIamPolicy
  • dataplex.entryGroups.update
  • dataplex.entryGroups.useContactsAspect
  • dataplex.entryGroups.useGenericAspect
  • dataplex.entryGroups.useGenericEntry
  • dataplex.entryGroups.useOverviewAspect
  • dataplex.entryGroups.useSchemaAspect

dataplex.entryTypes.*

  • dataplex.entryTypes.create
  • dataplex.entryTypes.delete
  • dataplex.entryTypes.get
  • dataplex.entryTypes.getIamPolicy
  • dataplex.entryTypes.list
  • dataplex.entryTypes.setIamPolicy
  • dataplex.entryTypes.update
  • dataplex.entryTypes.use

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

(roles/dataplex.catalogEditor)

Has write access to Catalog resources: Entry Groups, Entry Types, Aspect Types and Entries. Cannot set IAM policies on resources

datacatalog.migrationConfig.get

dataplex.aspectTypes.create

dataplex.aspectTypes.delete

dataplex.aspectTypes.get

dataplex.aspectTypes.getIamPolicy

dataplex.aspectTypes.list

dataplex.aspectTypes.update

dataplex.aspectTypes.use

dataplex.entries.*

  • dataplex.entries.create
  • dataplex.entries.delete
  • dataplex.entries.get
  • dataplex.entries.list
  • dataplex.entries.update

dataplex.entryGroups.create

dataplex.entryGroups.delete

dataplex.entryGroups.get

dataplex.entryGroups.getIamPolicy

dataplex.entryGroups.list

dataplex.entryGroups.update

dataplex.entryGroups.useContactsAspect

dataplex.entryGroups.useGenericAspect

dataplex.entryGroups.useGenericEntry

dataplex.entryGroups.useOverviewAspect

dataplex.entryGroups.useSchemaAspect

dataplex.entryTypes.create

dataplex.entryTypes.delete

dataplex.entryTypes.get

dataplex.entryTypes.getIamPolicy

dataplex.entryTypes.list

dataplex.entryTypes.update

dataplex.entryTypes.use

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

(roles/dataplex.catalogViewer)

Has read access to Catalog resources: Entry Groups, Entry Types, Aspect Types and Entries. Can view IAM policies on Catalog resources.

datacatalog.migrationConfig.get

dataplex.aspectTypes.get

dataplex.aspectTypes.getIamPolicy

dataplex.aspectTypes.list

dataplex.entries.get

dataplex.entries.list

dataplex.entryGroups.get

dataplex.entryGroups.getIamPolicy

dataplex.entryGroups.list

dataplex.entryTypes.get

dataplex.entryTypes.getIamPolicy

dataplex.entryTypes.list

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

(roles/dataplex.dataOwner)

Owner access to data. To be granted to Dataplex resources Lake, Zone or Asset only.

dataplex.assets.ownData

dataplex.assets.readData

dataplex.assets.writeData

(roles/dataplex.dataReader)

Read only access to data. To be granted to Dataplex resources Lake, Zone or Asset only.

dataplex.assets.readData

(roles/dataplex.dataScanAdmin)

Full access to DataScan resources.

dataplex.datascans.*

  • dataplex.datascans.create
  • dataplex.datascans.delete
  • dataplex.datascans.get
  • dataplex.datascans.getData
  • dataplex.datascans.getIamPolicy
  • dataplex.datascans.list
  • dataplex.datascans.run
  • dataplex.datascans.setIamPolicy
  • dataplex.datascans.update

dataplex.operations.get

dataplex.operations.list

(roles/dataplex.dataScanCreator)

Access to create new DataScan resources.

dataplex.datascans.create

dataplex.datascans.get

dataplex.datascans.list

dataplex.operations.get

(roles/dataplex.dataScanDataViewer)

Read access to DataScan resources and additional contents.

dataplex.datascans.get

dataplex.datascans.getData

dataplex.datascans.getIamPolicy

dataplex.datascans.list

(roles/dataplex.dataScanEditor)

Write access to DataScan resources.

dataplex.datascans.create

dataplex.datascans.delete

dataplex.datascans.get

dataplex.datascans.getData

dataplex.datascans.getIamPolicy

dataplex.datascans.list

dataplex.datascans.run

dataplex.datascans.update

dataplex.operations.get

dataplex.operations.list

(roles/dataplex.dataScanViewer)

Read access to DataScan resources.

dataplex.datascans.get

dataplex.datascans.getIamPolicy

dataplex.datascans.list

(roles/dataplex.dataWriter)

Write access to data. To be granted to Dataplex resources Lake, Zone or Asset only.

dataplex.assets.writeData

(roles/dataplex.developer)

Allows running data analytics workloads in a lake.

dataplex.content.*

  • dataplex.content.create
  • dataplex.content.delete
  • dataplex.content.get
  • dataplex.content.getIamPolicy
  • dataplex.content.list
  • dataplex.content.setIamPolicy
  • dataplex.content.update

dataplex.environments.execute

dataplex.environments.get

dataplex.environments.list

dataplex.tasks.cancel

dataplex.tasks.create

dataplex.tasks.delete

dataplex.tasks.get

dataplex.tasks.list

dataplex.tasks.run

dataplex.tasks.update

(roles/dataplex.editor)

Write access to Dataplex resources.

cloudasset.assets.analyzeIamPolicy

dataplex.assetActions.list

dataplex.assets.create

dataplex.assets.delete

dataplex.assets.get

dataplex.assets.getIamPolicy

dataplex.assets.list

dataplex.assets.update

dataplex.content.delete

dataplex.content.get

dataplex.content.getIamPolicy

dataplex.content.list

dataplex.dataAttributeBindings.create

dataplex.dataAttributeBindings.delete

dataplex.dataAttributeBindings.get

dataplex.dataAttributeBindings.getIamPolicy

dataplex.dataAttributeBindings.list

dataplex.dataAttributeBindings.update

dataplex.dataAttributes.bind

dataplex.dataAttributes.create

dataplex.dataAttributes.delete

dataplex.dataAttributes.get

dataplex.dataAttributes.getIamPolicy

dataplex.dataAttributes.list

dataplex.dataAttributes.update

dataplex.dataTaxonomies.configureDataAccess

dataplex.dataTaxonomies.configureResourceAccess

dataplex.dataTaxonomies.create

dataplex.dataTaxonomies.delete

dataplex.dataTaxonomies.get

dataplex.dataTaxonomies.getIamPolicy

dataplex.dataTaxonomies.list

dataplex.dataTaxonomies.update

dataplex.datascans.create

dataplex.datascans.delete

dataplex.datascans.get

dataplex.datascans.getIamPolicy

dataplex.datascans.list

dataplex.datascans.run

dataplex.datascans.update

dataplex.environments.create

dataplex.environments.delete

dataplex.environments.get

dataplex.environments.getIamPolicy

dataplex.environments.list

dataplex.environments.update

dataplex.lakeActions.list

dataplex.lakes.create

dataplex.lakes.delete

dataplex.lakes.get

dataplex.lakes.getIamPolicy

dataplex.lakes.list

dataplex.lakes.update

dataplex.operations.*

  • dataplex.operations.cancel
  • dataplex.operations.delete
  • dataplex.operations.get
  • dataplex.operations.list

dataplex.tasks.cancel

dataplex.tasks.create

dataplex.tasks.delete

dataplex.tasks.get

dataplex.tasks.getIamPolicy

dataplex.tasks.list

dataplex.tasks.run

dataplex.tasks.update

dataplex.zoneActions.list

dataplex.zones.create

dataplex.zones.delete

dataplex.zones.get

dataplex.zones.getIamPolicy

dataplex.zones.list

dataplex.zones.update

(roles/dataplex.encryptionAdmin)

Gives user permissions to manage encryption config.

dataplex.encryptionConfig.*

  • dataplex.encryptionConfig.create
  • dataplex.encryptionConfig.delete
  • dataplex.encryptionConfig.get
  • dataplex.encryptionConfig.list
  • dataplex.encryptionConfig.update

(roles/dataplex.entryGroupExporter)

Grants access to export this entry group for Metadata Job processing.

dataplex.entryGroups.export

dataplex.entryGroups.get

resourcemanager.projects.get

resourcemanager.projects.list

(roles/dataplex.entryGroupImporter)

Grants access to import this entry group for Metadata Job processing.

dataplex.entryGroups.get

dataplex.entryGroups.import

resourcemanager.projects.get

resourcemanager.projects.list

(roles/dataplex.entryGroupOwner)

Owns Entry Groups and Entries inside of them.

datacatalog.migrationConfig.get

dataplex.aspectTypes.get

dataplex.aspectTypes.list

dataplex.aspectTypes.use

dataplex.entries.*

  • dataplex.entries.create
  • dataplex.entries.delete
  • dataplex.entries.get
  • dataplex.entries.list
  • dataplex.entries.update

dataplex.entryGroups.*

  • dataplex.entryGroups.create
  • dataplex.entryGroups.delete
  • dataplex.entryGroups.export
  • dataplex.entryGroups.get
  • dataplex.entryGroups.getIamPolicy
  • dataplex.entryGroups.import
  • dataplex.entryGroups.list
  • dataplex.entryGroups.setIamPolicy
  • dataplex.entryGroups.update
  • dataplex.entryGroups.useContactsAspect
  • dataplex.entryGroups.useGenericAspect
  • dataplex.entryGroups.useGenericEntry
  • dataplex.entryGroups.useOverviewAspect
  • dataplex.entryGroups.useSchemaAspect

dataplex.entryTypes.get

dataplex.entryTypes.list

dataplex.entryTypes.use

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

(roles/dataplex.entryOwner)

Owns Metadata Entries.

datacatalog.migrationConfig.get

dataplex.aspectTypes.get

dataplex.aspectTypes.list

dataplex.aspectTypes.use

dataplex.entries.*

  • dataplex.entries.create
  • dataplex.entries.delete
  • dataplex.entries.get
  • dataplex.entries.list
  • dataplex.entries.update

dataplex.entryGroups.get

dataplex.entryGroups.useContactsAspect

dataplex.entryGroups.useGenericAspect

dataplex.entryGroups.useGenericEntry

dataplex.entryGroups.useOverviewAspect

dataplex.entryGroups.useSchemaAspect

dataplex.entryTypes.get

dataplex.entryTypes.list

dataplex.entryTypes.use

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

(roles/dataplex.entryTypeOwner)

Grants access to creating and managing Entry Types. Does not give the right to create/modify Entries.

datacatalog.migrationConfig.get

dataplex.entryTypes.*

  • dataplex.entryTypes.create
  • dataplex.entryTypes.delete
  • dataplex.entryTypes.get
  • dataplex.entryTypes.getIamPolicy
  • dataplex.entryTypes.list
  • dataplex.entryTypes.setIamPolicy
  • dataplex.entryTypes.update
  • dataplex.entryTypes.use

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

(roles/dataplex.entryTypeUser)

Grants access to use Entry Types to create/modify Entries of those types.

datacatalog.migrationConfig.get

dataplex.entryTypes.get

dataplex.entryTypes.list

dataplex.entryTypes.use

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

(roles/dataplex.metadataJobOwner)

Grants access to creating and managing Metadata Jobs. Does not give the right to create/modify Entry Groups.

dataplex.metadataJobs.*

  • dataplex.metadataJobs.cancel
  • dataplex.metadataJobs.create
  • dataplex.metadataJobs.get
  • dataplex.metadataJobs.list

dataplex.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

(roles/dataplex.metadataJobViewer)

Read access to Metadata Job resources.

dataplex.metadataJobs.get

dataplex.metadataJobs.list

dataplex.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

(roles/dataplex.metadataReader)

Read only access to metadata.

dataplex.assets.get

dataplex.assets.list

dataplex.entities.get

dataplex.entities.list

dataplex.partitions.get

dataplex.partitions.list

dataplex.zones.get

dataplex.zones.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/dataplex.metadataWriter)

Write and Read access to metadata.

dataplex.assets.get

dataplex.assets.list

dataplex.entities.*

  • dataplex.entities.create
  • dataplex.entities.delete
  • dataplex.entities.get
  • dataplex.entities.list
  • dataplex.entities.update

dataplex.partitions.*

  • dataplex.partitions.create
  • dataplex.partitions.delete
  • dataplex.partitions.get
  • dataplex.partitions.list
  • dataplex.partitions.update

dataplex.zones.get

dataplex.zones.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/dataplex.securityAdmin)

Permissions configure ResourceAccess and DataAccess Specs on Data Attributes.

dataplex.dataTaxonomies.configureDataAccess

dataplex.dataTaxonomies.configureResourceAccess

(roles/dataplex.storageDataOwner)

Owner access to data. Should not be used directly. This role is granted by Dataplex to managed resources like Cloud Storage buckets, BigQuery datasets etc.

bigquery.datasets.get

bigquery.models.create

bigquery.models.delete

bigquery.models.export

bigquery.models.getData

bigquery.models.getMetadata

bigquery.models.list

bigquery.models.updateData

bigquery.models.updateMetadata

bigquery.routines.create

bigquery.routines.delete

bigquery.routines.get

bigquery.routines.list

bigquery.routines.update

bigquery.tables.create

bigquery.tables.createSnapshot

bigquery.tables.delete

bigquery.tables.deleteSnapshot

bigquery.tables.export

bigquery.tables.get

bigquery.tables.getData

bigquery.tables.list

bigquery.tables.restoreSnapshot

bigquery.tables.update

bigquery.tables.updateData

storage.buckets.get

storage.objects.create

storage.objects.delete

storage.objects.get

storage.objects.list

storage.objects.update

(roles/dataplex.storageDataReader)

Read only access to data. Should not be used directly. This role is granted by Dataplex to managed resources like Cloud Storage buckets, BigQuery datasets etc.

bigquery.datasets.get

bigquery.models.export

bigquery.models.getData

bigquery.models.getMetadata

bigquery.models.list

bigquery.routines.get

bigquery.routines.list

bigquery.tables.export

bigquery.tables.get

bigquery.tables.getData

bigquery.tables.list

storage.buckets.get

storage.objects.get

storage.objects.list

(roles/dataplex.storageDataWriter)

Write access to data. Should not be used directly. This role is granted by Dataplex to managed resources like Cloud Storage buckets, BigQuery datasets etc.

bigquery.tables.updateData

storage.objects.create

storage.objects.delete

storage.objects.update

(roles/dataplex.taxonomyAdmin)

Full access to DataTaxonomy, DataAttribute resources.

dataplex.dataAttributes.*

  • dataplex.dataAttributes.bind
  • dataplex.dataAttributes.create
  • dataplex.dataAttributes.delete
  • dataplex.dataAttributes.get
  • dataplex.dataAttributes.getIamPolicy
  • dataplex.dataAttributes.list
  • dataplex.dataAttributes.setIamPolicy
  • dataplex.dataAttributes.update

dataplex.dataTaxonomies.create

dataplex.dataTaxonomies.delete

dataplex.dataTaxonomies.get

dataplex.dataTaxonomies.getIamPolicy

dataplex.dataTaxonomies.list

dataplex.dataTaxonomies.setIamPolicy

dataplex.dataTaxonomies.update

(roles/dataplex.taxonomyViewer)

Read access on DataTaxonomy, DataAttribute resources.

dataplex.dataAttributes.get

dataplex.dataAttributes.getIamPolicy

dataplex.dataAttributes.list

dataplex.dataTaxonomies.get

dataplex.dataTaxonomies.getIamPolicy

dataplex.dataTaxonomies.list

(roles/dataplex.viewer)

Read access to Dataplex resources.

cloudasset.assets.analyzeIamPolicy

dataplex.assetActions.list

dataplex.assets.get

dataplex.assets.getIamPolicy

dataplex.assets.list

dataplex.content.get

dataplex.content.getIamPolicy

dataplex.content.list

dataplex.dataAttributeBindings.get

dataplex.dataAttributeBindings.getIamPolicy

dataplex.dataAttributeBindings.list

dataplex.dataAttributes.get

dataplex.dataAttributes.getIamPolicy

dataplex.dataAttributes.list

dataplex.dataTaxonomies.get

dataplex.dataTaxonomies.getIamPolicy

dataplex.dataTaxonomies.list

dataplex.datascans.get

dataplex.datascans.getIamPolicy

dataplex.datascans.list

dataplex.environments.get

dataplex.environments.getIamPolicy

dataplex.environments.list

dataplex.lakeActions.list

dataplex.lakes.get

dataplex.lakes.getIamPolicy

dataplex.lakes.list

dataplex.operations.get

dataplex.operations.list

dataplex.tasks.get

dataplex.tasks.getIamPolicy

dataplex.tasks.list

dataplex.zoneActions.list

dataplex.zones.get

dataplex.zones.getIamPolicy

dataplex.zones.list

데이터 역할

Dataplex는 Dataplex에서 관리하는 모든 리소스에 적용되는 다음 IAM 역할을 정의합니다. 각 역할과 관련된 권한에 대한 자세한 내용은 이 문서의 사전 정의된 역할 섹션을 참조하세요.

데이터 역할 기능 사유
Dataplex 데이터 소유자(roles/dataplex.dataOwner) 관리형 리소스에 대한 모든 권한입니다. 리소스 유형에 관계없이 모든 하위 리소스에 대한 모든 권한이 포함됩니다. 데이터 소유자는 다양한 기타 권한 외에도 리소스 메타데이터를 업데이트하고, 더 세분화된 권한(예: BigQuery 데이터 세트의 하위 테이블)을 부여하고, 하위 리소스를 만들 수 있습니다. 리소스에 대해 완전한 소유권을 보유합니다.
Dataplex 데이터 리더(roles/dataplex.dataReader) 관리형 리소스 및 하위 리소스의 데이터를 읽을 수 있습니다. 또한 관리형 리소스 및 하위 리소스의 메타데이터를 읽을 수 있습니다. 데이터 및 메타데이터를 읽을 수 있는 기능을 사용 설정합니다.
Dataplex 데이터 작성자(roles/dataplex.dataWriter) 데이터 만들기/업데이트/삭제가 가능합니다(메타데이터 제외). 핵심적인 Dataplex 사용자 경험을 지원합니다.

다음 단계