Cloud Dataprep Permissions and IAM Roles

Overview

Google Cloud Identity and Access Management (IAM) allows you to control user and group access to your project's resources. This document focuses on the IAM permissions relevant to Cloud Dataprep and the IAM roles that grant those permissions.

Cloud Dataprep Permissions

Cloud Dataprep permissions allow users to run the Cloud Dataprep application and access resources in your project. You don't directly give users permissions; instead, you grant them roles, which have one or more permissions bundled within them.

Cloud Dataprep Roles

Currently, there are two Cloud Dataprep roles:

  1. dataprep.user, which includes one permission, the dataprep.use permission. This role allows a user to run the Cloud Dataprep application in a project.

  2. dataprep.serviceAgent, which gives Trifacta, the third party that hosts the Cloud Dataprep application, roles and permissions to allow Trifacta to access and modify datasets and storage, and run and manage Cloud Dataprep jobs, within a project.

    Below is a Cloud Dataprep screenshot that asks users to grant Trifacta the necessary (dataprep.serviceAgent) project permissions as part of the Cloud Dataprep activation process.

The following table lists the Cloud Dataprep IAM roles and their included permissions and roles.

Cloud Dataprep Role Included Permissions/Roles
dataprep.user permission: dataprep.use
dataprep.serviceAgent permission: storage.buckets.get
permission: storage.buckets.list
roles/dataflow.developer
roles/bigquery.user
roles/bigquery.dataEditor
roles/storage.objectAdmin

IAM management

You can get and set IAM policies using the Google Cloud Platform Console, the IAM API, or the gcloud command-line tool.

What's next

Monitor your resources on the go

Get the Google Cloud Console app to help you manage your projects.

Send feedback about...

Google Cloud Dataprep Documentation