Dataproc Metastore IAM permissions

Dataproc Metastore permissions allow users to perform specific actions on Dataproc Metastore services, metadata imports, and operations. For example, the metastore.services.create permission allows a user to create Dataproc Metastore services in your project. You don't directly give users permissions; instead, you grant them roles, which have one or more permissions bundled within them.

This document focuses on the IAM permissions relevant to Dataproc Metastore.

Before you begin

  • Read the IAM documentation.

Dataproc Metastore permissions

The following tables list the permissions necessary to call Dataproc Metastore API methods. The tables are organized according to the APIs associated with each Dataproc Metastore resource (locations, operations, services, and imports).

Locations permissions

API Method IAM Permission
Get metastore.locations.get
List metastore.locations.list

Operations permissions

API Method IAM Permission
Delete metastore.operations.delete
Get metastore.operations.get
List metastore.operations.list

Services permissions

API Method IAM Permission
Create metastore.services.create
Delete metastore.services.delete
Get metastore.services.get
List metastore.services.list
Update metastore.services.update
ExportMetadata metastore.services.export
Restore metastore.services.restore
SetIamPolicy metastore.services.setIamPolicy
GetIamPolicy metastore.services.getIamPolicy

Imports permissions

API Method IAM Permission
Create metastore.imports.create
Get metastore.imports.get
List metastore.imports.list

Backups permissions

API Method IAM Permission
Create metastore.backups.create
Delete metastore.backups.delete
Get metastore.backups.get
List metastore.backups.list
Use metastore.backups.use

What's next