Enable your organization principals to use tags
This document describes how to grant the Data Catalog tagTemplateUser role to principals. You can do this after you create a Data Catalog tag template in your resource project. This enables them to create metadata, that is, use your template to tag data resources. For more information, see Attaching tags to Google Cloud resources.
The next section shows how to grant the tagTemplateUser role.
Grant the tagTemplateUser role
Console
Console
To grant the Data Catalog tagTemplateUser role to a principal
on a project, do the following:
Go to IAM in the Google Cloud console and click the edit () button at the right of the principal's listing.
In the Edit permissions dialog, click ADD ANOTHER ROLE, then click the Select a role drop-down list.
In the Filter box, insert
Data Catalog TagTemplate Userto display this role, then select it and click SAVE.
Java
Before trying this sample, follow the Java setup instructions in the Data Catalog quickstart using client libraries. For more information, see the Data Catalog Java API reference documentation.
To authenticate to Data Catalog, set up Application Default Credentials. For more information, see Set up authentication for a local development environment.
Node.js
Before trying this sample, follow the Node.js setup instructions in the Data Catalog quickstart using client libraries. For more information, see the Data Catalog Node.js API reference documentation.
To authenticate to Data Catalog, set up Application Default Credentials. For more information, see Set up authentication for a local development environment.
Python
Before trying this sample, follow the Python setup instructions in the Data Catalog quickstart using client libraries. For more information, see the Data Catalog Python API reference documentation.
To authenticate to Data Catalog, set up Application Default Credentials. For more information, see Set up authentication for a local development environment.
REST & CMD LINE
REST
If you do not have access to Cloud Client libraries for your language or want to test the API using REST requests, see the following examples and refer to the Data Catalog REST API documentation.
Before using any of the request data, make the following replacements:
- project-id: Google Cloud project ID
- template-id: the tag template ID
HTTP method and URL:
POST https://datacatalog.googleapis.com/v1/projects/project-id/locations/region/tagTemplates/template-id:setIamPolicy
Request JSON body:
{
"policy":{
"bindings":[
{
"role":"roles/datacatalog.tagTemplateUser",
"members":[
"user:username@gmail.com"
]
}
]
}
}
To send your request, expand one of these options:
curl (Linux, macOS, or Cloud Shell)
Save the request body in a file named request.json,
and execute the following command:
curl -X POST \
-H "Authorization: Bearer $(gcloud auth print-access-token)" \
-H "x-goog-user-project: project-id" \
-H "Content-Type: application/json; charset=utf-8" \
-d @request.json \
"https://datacatalog.googleapis.com/v1/projects/project-id/locations/region/tagTemplates/template-id:setIamPolicy"
PowerShell (Windows)
Save the request body in a file named request.json,
and execute the following command:
$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred"; "x-goog-user-project" = "project-id" }Invoke-WebRequest `
-Method POST `
-Headers $headers `
-ContentType: "application/json; charset=utf-8" `
-InFile request.json `
-Uri "https://datacatalog.googleapis.com/v1/projects/project-id/locations/region/tagTemplates/template-id:setIamPolicy" | Select-Object -Expand Content
You should receive a JSON response similar to the following:
{
"version":1,
"etag":"xxxxx.....",
"bindings":[
{
"role":"roles/datacatalog.tagTemplateUser",
"members":[
"user:username@gmail.com"
]
}
]
}