How to set up Google BigQuery

Have more questions? Submit a request
πŸ€“ Who can do this? You will probably need your Google BigQuery administrator to run these commands β€” you may not have access yourself. For more information see Google Cloud's Granting, changing, and revoking access to resources.

Create a service account

To create a service account in BigQuery, follow the detailed steps in Google Cloud's Creating and managing service account keys.

Create a custom role

To create a custom role, follow the detailed steps in Google Cloud's Creating a custom role.

To add permissions to the custom role, in the Add permissions dialog, click the Enter property name or value filter and add the following permissions.

For metadata crawling (required)

To configure permissions for crawling metadata, add the following permissions to the role:

  • bigquery.datasets.get allows Atlan to retrieve metadata about a dataset.
  • bigquery.datasets.getIamPolicy allows Atlan to read a dataset's IAM permissions.
  • allows Atlan to run jobs (including queries) within the project.
    🚨 Careful! Without this, Atlan can't query the source.
  • bigquery.routines.get allows Atlan to retrieve routine definitions and metadata.
  • bigquery.routines.list allows Atlan to list routines and metadata on routines.
  • bigquery.tables.get allows Atlan to retrieve table metadata.
  • bigquery.tables.getIamPolicy allows Atlan to read a table's IAM policy.
  • bigquery.tables.list allows Atlan to list tables and metadata on tables.
  • bigquery.readsessions.create allows Atlan to create a session to stream large results.
  • bigquery.readsessions.getData allows Atlan to retrieve data from the session.
  • bigquery.readsessions.update allows Atlan to cancel the session.
  • resourcemanager.projects.get allows Atlan to retrieve project names and metadata.

To add data preview and querying (optional)

To configure permissions for previewing and querying data, add the following permissions to the role:

  • bigquery.tables.getData allows Atlan to retrieve table data.
    🚨 Careful! This permission is also required for retrieving metadata such as the row count and update time of a table.
  • allows Atlan to retrieve data and metadata on any job, including queries.
  • allows Atlan to list all jobs and retrieve metadata on any job submitted by any user.
  • allows Atlan to cancel any job, including a running query.

To add query history mining (optional)

To configure permissions for mining query history, add the following permissions to the role:

  • allows Atlan to fetch all queries for a project.

Add your custom role to your service account

To add your custom role to your service account, follow the detailed steps in Google Cloud's Grant or revoke a single role.

Related articles

Was this article helpful?
1 out of 1 found this helpful