Create a service account
To create a service account in BigQuery, follow the detailed steps in Google Cloud's Creating and managing service account keys.
Create a custom role
To create a custom role, follow the detailed steps in Google Cloud's Creating a custom role.
For metadata crawling (required)
To configure permissions for crawling metadata, add the following permissions to the role:
bigquery.datasets.getallows Atlan to retrieve metadata about a data set.
bigquery.datasets.getIamPolicyallows Atlan to read a data set's IAM permissions.
bigquery.jobs.createallows Atlan to run jobs (including queries) within the project.🚨 Careful! Without this, Atlan can't query the source.
bigquery.routines.getallows Atlan to retrieve routine definitions and metadata.
bigquery.routines.listallows Atlan to list routines and metadata on routines.
bigquery.tables.getallows Atlan to retrieve table metadata.
bigquery.tables.getIamPolicyallows Atlan to read a table's IAM policy.
bigquery.tables.listallows Atlan to list tables and metadata on tables.
bigquery.readsessions.createallows Atlan to create a session to stream large results.
bigquery.readsessions.getDataallows Atlan to retrieve data from the session.
bigquery.readsessions.updateallows Atlan to cancel the session.
resourcemanager.projects.getallows Atlan to retrieve project names and metadata.
To add data preview and querying (optional)
To configure permissions for previewing and querying data, add the following permissions to the role:
bigquery.tables.getDataallows Atlan to retrieve table data.🚨 Careful! This permission is also required for retrieving metadata such as the row count and update time of a table.
bigquery.jobs.getallows Atlan to retrieve data and metadata on any job, including queries.
bigquery.jobs.listAllallows Atlan to list all jobs and retrieve metadata on any job submitted by any user.
bigquery.jobs.updateallows Atlan to cancel any job, including a running query.
To add query history mining (optional)
To configure permissions for mining query history, add the following permissions to the role:
bigquery.jobs.listAllallows Atlan to fetch all queries for a project.
Add your custom role to your service account
To add your custom role to your service account, follow the detailed steps in Google Cloud's Grant or revoke a single role.