Required User Permissions

The following IAM permissions are required for each user to provide baseline functionality in Cloud Dataprep by TRIFACTA® INC. and access to common integrations

Dataprep.User IAM Role

All users of any version of Cloud Dataprep by TRIFACTA INC. must be assigned the Dataprep.User IAM Role.

Additional Permissions for Cloud Dataprep Premium by TRIFACTA INC.


  • resourcemanager.projects.get


Read and write to BigQuery, including views and custom SQL:

  • bigquery.datasets.get
  • bigquery.tables.create
  • bigquery.tables.delete
  • bigquery.tables.get
  • bigquery.tables.getData
  • bigquery.tables.list

Cloud Dataflow

Run Cloud Dataprep jobs on Cloud Dataflow:

  • compute.machineTypes.get
  • dataflow.messages.list
  • dataflow.metrics.get

Google Cloud Storage

Read and write to Google Cloud Storage, the base storage for Cloud Dataprep by TRIFACTA INC.:

  • storage.buckets.get
  • storage.buckets.list
  • storage.objects.create
  • storage.objects.delete
  • storage.objects.get
  • storage.objects.list
  • storage.objects.update

Additional Permissions for Cloud IAM

In addition to the IAM roles above, users must also be granted the following to enable data access based on their Cloud IAM:

These permissions ensure that users can access the appropriate data within Cloud Dataprep by TRIFACTA® INC..