Overview
Identity and Access Management (IAM) allows you to control user and group access to your project's resources. This document focuses on the IAM permissions relevant to Cloud Dataprep and the IAM roles that grant those permissions.
Cloud Dataprep Permissions
Cloud Dataprep permissions allow users to run the Cloud Dataprep application and access resources in your project. You don't directly give users permissions; instead, you grant them roles, which have one or more permissions bundled within them.
Also see Dataflow Security and permissions for the service accounts used by Dataflow to manage security and permissions when it runs Dataprep jobs.
Cloud Dataprep Roles
Currently, there are two Cloud Dataprep roles:
dataprep.projects.user
, which includes thedataprep.projects.use
permission. This role allows a user to run the Cloud Dataprep application in a project.dataprep.serviceAgent
, which gives Trifacta, the third party that hosts the Cloud Dataprep application, roles and permissions to allow Trifacta to access and modify datasets and storage, and run and manage Cloud Dataprep jobs, within a project.Below is a Cloud Dataprep screenshot that asks users to grant Trifacta the necessary (
dataprep.serviceAgent
) project permissions as part of the Cloud Dataprep activation process.
The following table lists the Cloud Dataprep IAM roles and their included permissions and roles.
Cloud Dataprep Role | Included Permissions/Roles |
---|---|
dataprep.projects.user | permission: dataprep.projects.use |
dataprep.serviceAgent | permission: storage.buckets.get permission: storage.buckets.list roles/dataflow.developer roles/bigquery.user roles/bigquery.dataEditor roles/storage.objectAdmin roles/iam.serviceAccountUser |
IAM management
You can get and set IAM policies using the Google Cloud console, the IAM API, or the Google Cloud CLI.
- for the Google Cloud console, see Access control via the Google Cloud console.
- for the API, see Access control via the API.
- for the Google Cloud CLI, see Access control via the Google Cloud CLI.