Google Cloud Identity and Access Management (IAM) allows you to control user and group access to your project's resources. This document focuses on the IAM permissions relevant to Cloud Dataprep and the IAM roles that grant those permissions.
Cloud Dataprep Permissions
Cloud Dataprep permissions allow users to run the Cloud Dataprep application and access resources in your project. You don't directly give users permissions; instead, you grant them roles, which have one or more permissions bundled within them.
Cloud Dataprep Roles
Currently, there are two Cloud Dataprep roles:
dataprep.user, which includes one permission, the
dataprep.usepermission. This role allows a user to run the Cloud Dataprep application in a project.
dataprep.serviceAgent, which gives Trifacta, the third party that hosts the Cloud Dataprep application, roles and permissions to allow Trifacta to access and modify datasets and storage, and run and manage Cloud Dataprep jobs, within a project.
Below is a Cloud Dataprep screenshot that asks users to grant Trifacta the necessary (
dataprep.serviceAgent) project permissions as part of the Cloud Dataprep activation process.
The following table lists the Cloud Dataprep IAM roles and their included permissions and roles.
|Cloud Dataprep Role||Included Permissions/Roles|
You can get and set IAM policies using the Google Cloud Platform Console, the IAM API, or the
gcloud command-line tool.
- for the Google Cloud Platform Console, see Access control via the Google Cloud Platform Console.
- for the API, see Access control via the API.
- for the
gcloudcommand-line tool, see Access control via the gcloud command-line tool.