Dataplex Universal Catalog IAM roles
Dataplex Administrator
(roles/)
Full access to Dataplex Universal Catalog resources, except for catalog resources like entries and entry groups.
cloudasset.
cloudasset.
cloudasset.
dataplex.assetActions.list
dataplex.assets.create
dataplex.assets.delete
dataplex.assets.get
dataplex.assets.getIamPolicy
dataplex.assets.list
dataplex.assets.setIamPolicy
dataplex.assets.update
dataplex.content.*
dataplex.content.createdataplex.content.deletedataplex.content.getdataplex.content.getIamPolicydataplex.content.listdataplex.content.setIamPolicydataplex.content.update
dataplex.dataAssets.*
dataplex.dataAssets.createdataplex.dataAssets.deletedataplex.dataAssets.getdataplex.dataAssets.listdataplex.dataAssets.update
dataplex.
dataplex.dataAttributeBindings. create dataplex.dataAttributeBindings. delete dataplex.dataAttributeBindings. get dataplex.dataAttributeBindings. getIamPolicy dataplex.dataAttributeBindings. list dataplex.dataAttributeBindings. setIamPolicy dataplex.dataAttributeBindings. update
dataplex.dataAttributes.*
dataplex.dataAttributes.binddataplex.dataAttributes.createdataplex.dataAttributes.deletedataplex.dataAttributes.getdataplex.dataAttributes. getIamPolicy dataplex.dataAttributes.listdataplex.dataAttributes. setIamPolicy dataplex.dataAttributes.update
dataplex.dataProducts.*
dataplex.dataProducts.createdataplex.dataProducts.deletedataplex.dataProducts.getdataplex.dataProducts. getIamPolicy dataplex.dataProducts.listdataplex.dataProducts. setIamPolicy dataplex.dataProducts.update
dataplex.dataTaxonomies.*
dataplex.dataTaxonomies. configureDataAccess dataplex.dataTaxonomies. configureResourceAccess dataplex.dataTaxonomies.createdataplex.dataTaxonomies.deletedataplex.dataTaxonomies.getdataplex.dataTaxonomies. getIamPolicy dataplex.dataTaxonomies.listdataplex.dataTaxonomies. setIamPolicy dataplex.dataTaxonomies.update
dataplex.datascans.*
dataplex.datascans.createdataplex.datascans.deletedataplex.datascans.getdataplex.datascans.getDatadataplex.datascans. getIamPolicy dataplex.datascans.listdataplex.datascans.rundataplex.datascans. setIamPolicy dataplex.datascans.update
dataplex.entities.*
dataplex.entities.createdataplex.entities.deletedataplex.entities.getdataplex.entities.listdataplex.entities.update
dataplex.entries.link
dataplex.entryGroups.export
dataplex.entryGroups.import
dataplex.
dataplex.
dataplex.
dataplex.entryLinks.*
dataplex.entryLinks.createdataplex.entryLinks.deletedataplex.entryLinks.getdataplex.entryLinks.reference
dataplex.environments.*
dataplex.environments.createdataplex.environments.deletedataplex.environments.executedataplex.environments.getdataplex.environments. getIamPolicy dataplex.environments.listdataplex.environments. setIamPolicy dataplex.environments.update
dataplex.glossaries.*
dataplex.glossaries.createdataplex.glossaries.deletedataplex.glossaries.getdataplex.glossaries. getIamPolicy dataplex.glossaries.importdataplex.glossaries.listdataplex.glossaries. setIamPolicy dataplex.glossaries.update
dataplex.glossaryCategories.*
dataplex.glossaryCategories. create dataplex.glossaryCategories. delete dataplex.glossaryCategories. get dataplex.glossaryCategories. list dataplex.glossaryCategories. update
dataplex.glossaryTerms.*
dataplex.glossaryTerms.createdataplex.glossaryTerms.deletedataplex.glossaryTerms.getdataplex.glossaryTerms.listdataplex.glossaryTerms.updatedataplex.glossaryTerms.use
dataplex.lakeActions.list
dataplex.lakes.*
dataplex.lakes.createdataplex.lakes.deletedataplex.lakes.getdataplex.lakes.getIamPolicydataplex.lakes.listdataplex.lakes.setIamPolicydataplex.lakes.update
dataplex.locations.*
dataplex.locations.getdataplex.locations.list
dataplex.metadataFeeds.*
dataplex.metadataFeeds.createdataplex.metadataFeeds.deletedataplex.metadataFeeds.getdataplex.metadataFeeds.listdataplex.metadataFeeds.update
dataplex.metadataJobs.*
dataplex.metadataJobs.canceldataplex.metadataJobs.createdataplex.metadataJobs.getdataplex.metadataJobs.list
dataplex.operations.*
dataplex.operations.canceldataplex.operations.deletedataplex.operations.getdataplex.operations.list
dataplex.partitions.*
dataplex.partitions.createdataplex.partitions.deletedataplex.partitions.getdataplex.partitions.listdataplex.partitions.update
dataplex.tasks.*
dataplex.tasks.canceldataplex.tasks.createdataplex.tasks.deletedataplex.tasks.getdataplex.tasks.getIamPolicydataplex.tasks.listdataplex.tasks.rundataplex.tasks.setIamPolicydataplex.tasks.update
dataplex.zoneActions.list
dataplex.zones.*
dataplex.zones.createdataplex.zones.deletedataplex.zones.getdataplex.zones.getIamPolicydataplex.zones.listdataplex.zones.setIamPolicydataplex.zones.update
resourcemanager.projects.get
resourcemanager.projects.list
Dataplex Aspect Type Owner
(roles/)
Grants access to creating and managing Aspect Types. Does not give the right to create/modify Entries.
datacatalog.
dataplex.aspectTypes.*
dataplex.aspectTypes.createdataplex.aspectTypes.deletedataplex.aspectTypes.getdataplex.aspectTypes. getIamPolicy dataplex.aspectTypes.listdataplex.aspectTypes. setIamPolicy dataplex.aspectTypes.updatedataplex.aspectTypes.use
dataplex.operations.get
dataplex.projects.search
resourcemanager.projects.get
resourcemanager.projects.list
Dataplex Aspect Type User
(roles/)
Grants access to use Aspect Types to create/modify Entries with the corresponding aspects.
datacatalog.
dataplex.aspectTypes.get
dataplex.aspectTypes.list
dataplex.aspectTypes.use
dataplex.projects.search
resourcemanager.projects.get
resourcemanager.projects.list
Dataplex Binding Administrator
(roles/)
Full access on DataAttribute Binding resources.
dataplex.
dataplex.dataAttributeBindings. create dataplex.dataAttributeBindings. delete dataplex.dataAttributeBindings. get dataplex.dataAttributeBindings. getIamPolicy dataplex.dataAttributeBindings. list dataplex.dataAttributeBindings. setIamPolicy dataplex.dataAttributeBindings. update
Dataplex Catalog Admin
(roles/)
Full access to catalog resources, including entries, entry groups, and glossaries.
datacatalog.
dataplex.aspectTypes.*
dataplex.aspectTypes.createdataplex.aspectTypes.deletedataplex.aspectTypes.getdataplex.aspectTypes. getIamPolicy dataplex.aspectTypes.listdataplex.aspectTypes. setIamPolicy dataplex.aspectTypes.updatedataplex.aspectTypes.use
dataplex.entries.*
dataplex.entries.createdataplex.entries.deletedataplex.entries.getdataplex.entries.getDatadataplex.entries.linkdataplex.entries.listdataplex.entries.update
dataplex.entryGroups.*
dataplex.entryGroups.createdataplex.entryGroups.deletedataplex.entryGroups.exportdataplex.entryGroups.getdataplex.entryGroups. getIamPolicy dataplex.entryGroups.importdataplex.entryGroups.listdataplex.entryGroups. setIamPolicy dataplex.entryGroups.updatedataplex.entryGroups. useContactsAspect dataplex.entryGroups. useDataProfileAspect dataplex.entryGroups. useDataQualityScorecardAspect dataplex.entryGroups. useDefinitionEntryLink dataplex.entryGroups. useDescriptionsAspect dataplex.entryGroups. useGenericAspect dataplex.entryGroups. useGenericEntry dataplex.entryGroups. useOverviewAspect dataplex.entryGroups. useQueriesAspect dataplex.entryGroups. useRefreshCadenceAspect dataplex.entryGroups. useRelatedEntryLink dataplex.entryGroups. useSchemaAspect dataplex.entryGroups. useStorageAspect dataplex.entryGroups. useSynonymEntryLink
dataplex.entryLinks.*
dataplex.entryLinks.createdataplex.entryLinks.deletedataplex.entryLinks.getdataplex.entryLinks.reference
dataplex.entryTypes.*
dataplex.entryTypes.createdataplex.entryTypes.deletedataplex.entryTypes.getdataplex.entryTypes. getIamPolicy dataplex.entryTypes.listdataplex.entryTypes. setIamPolicy dataplex.entryTypes.updatedataplex.entryTypes.use
dataplex.glossaries.*
dataplex.glossaries.createdataplex.glossaries.deletedataplex.glossaries.getdataplex.glossaries. getIamPolicy dataplex.glossaries.importdataplex.glossaries.listdataplex.glossaries. setIamPolicy dataplex.glossaries.update
dataplex.glossaryCategories.*
dataplex.glossaryCategories. create dataplex.glossaryCategories. delete dataplex.glossaryCategories. get dataplex.glossaryCategories. list dataplex.glossaryCategories. update
dataplex.glossaryTerms.*
dataplex.glossaryTerms.createdataplex.glossaryTerms.deletedataplex.glossaryTerms.getdataplex.glossaryTerms.listdataplex.glossaryTerms.updatedataplex.glossaryTerms.use
dataplex.operations.get
dataplex.projects.search
resourcemanager.projects.get
resourcemanager.projects.list
Dataplex Catalog Editor
(roles/)
Write access to catalog resources, including entries, entry groups, and glossaries. Cannot set IAM policies on resources.
datacatalog.
dataplex.aspectTypes.create
dataplex.aspectTypes.delete
dataplex.aspectTypes.get
dataplex.
dataplex.aspectTypes.list
dataplex.aspectTypes.update
dataplex.aspectTypes.use
dataplex.entries.*
dataplex.entries.createdataplex.entries.deletedataplex.entries.getdataplex.entries.getDatadataplex.entries.linkdataplex.entries.listdataplex.entries.update
dataplex.entryGroups.create
dataplex.entryGroups.delete
dataplex.entryGroups.get
dataplex.
dataplex.entryGroups.list
dataplex.entryGroups.update
dataplex.
dataplex.
dataplex.
dataplex.
dataplex.
dataplex.
dataplex.
dataplex.
dataplex.
dataplex.
dataplex.
dataplex.
dataplex.
dataplex.
dataplex.entryLinks.create
dataplex.entryLinks.delete
dataplex.entryLinks.get
dataplex.entryTypes.create
dataplex.entryTypes.delete
dataplex.entryTypes.get
dataplex.
dataplex.entryTypes.list
dataplex.entryTypes.update
dataplex.entryTypes.use
dataplex.glossaries.create
dataplex.glossaries.delete
dataplex.glossaries.get
dataplex.
dataplex.glossaries.list
dataplex.glossaries.update
dataplex.glossaryCategories.*
dataplex.glossaryCategories. create dataplex.glossaryCategories. delete dataplex.glossaryCategories. get dataplex.glossaryCategories. list dataplex.glossaryCategories. update
dataplex.glossaryTerms.*
dataplex.glossaryTerms.createdataplex.glossaryTerms.deletedataplex.glossaryTerms.getdataplex.glossaryTerms.listdataplex.glossaryTerms.updatedataplex.glossaryTerms.use
dataplex.operations.get
dataplex.projects.search
resourcemanager.projects.get
resourcemanager.projects.list
Dataplex Catalog Viewer
(roles/)
Read access to catalog resources, including entries, entry groups, and glossaries. Can view IAM policies on catalog resources.
datacatalog.
dataplex.aspectTypes.get
dataplex.
dataplex.aspectTypes.list
dataplex.entries.get
dataplex.entries.list
dataplex.entryGroups.get
dataplex.
dataplex.entryGroups.list
dataplex.entryLinks.get
dataplex.entryTypes.get
dataplex.
dataplex.entryTypes.list
dataplex.glossaries.get
dataplex.
dataplex.glossaries.list
dataplex.
dataplex.
dataplex.glossaryTerms.get
dataplex.glossaryTerms.list
dataplex.projects.search
resourcemanager.projects.get
resourcemanager.projects.list
Dataplex Data Owner
(roles/)
Owner access to data. To be granted to Dataplex Universal Catalog resources Lake, Zone or Asset only.
dataplex.assets.ownData
dataplex.assets.readData
dataplex.assets.writeData
Dataplex Data Products Admin Beta
(roles/)
Full access to Data Products.
dataplex.dataAssets.*
dataplex.dataAssets.createdataplex.dataAssets.deletedataplex.dataAssets.getdataplex.dataAssets.listdataplex.dataAssets.update
dataplex.dataProducts.*
dataplex.dataProducts.createdataplex.dataProducts.deletedataplex.dataProducts.getdataplex.dataProducts. getIamPolicy dataplex.dataProducts.listdataplex.dataProducts. setIamPolicy dataplex.dataProducts.update
dataplex.operations.get
resourcemanager.projects.get
resourcemanager.projects.list
Dataplex Data Products Consumer Beta
(roles/)
Restricted read access, intended for consumers of Data Products.
dataplex.dataAssets.get
dataplex.dataAssets.list
dataplex.dataProducts.get
resourcemanager.projects.get
resourcemanager.projects.list
Dataplex Data Products Editor Beta
(roles/)
Write access to Data Products.
dataplex.dataAssets.*
dataplex.dataAssets.createdataplex.dataAssets.deletedataplex.dataAssets.getdataplex.dataAssets.listdataplex.dataAssets.update
dataplex.dataProducts.create
dataplex.dataProducts.delete
dataplex.dataProducts.get
dataplex.
dataplex.dataProducts.list
dataplex.dataProducts.update
dataplex.operations.get
resourcemanager.projects.get
resourcemanager.projects.list
Dataplex Data Products Viewer Beta
(roles/)
Read access to Data Products.
dataplex.dataAssets.get
dataplex.dataAssets.list
dataplex.dataProducts.get
dataplex.
dataplex.dataProducts.list
resourcemanager.projects.get
resourcemanager.projects.list
Dataplex Data Reader
(roles/)
Read only access to data. To be granted to Dataplex Universal Catalog resources Lake, Zone or Asset only.
dataplex.assets.readData
Dataplex DataScan Administrator
(roles/)
Full access to DataScan resources.
dataplex.datascans.*
dataplex.datascans.createdataplex.datascans.deletedataplex.datascans.getdataplex.datascans.getDatadataplex.datascans. getIamPolicy dataplex.datascans.listdataplex.datascans.rundataplex.datascans. setIamPolicy dataplex.datascans.update
dataplex.operations.get
dataplex.operations.list
Dataplex DataScan Creator
(roles/)
Access to create new DataScan resources.
dataplex.datascans.create
dataplex.datascans.get
dataplex.datascans.list
dataplex.operations.get
Dataplex DataScan DataViewer
(roles/)
Read access to DataScan resources, including the results.
dataplex.datascans.get
dataplex.datascans.getData
dataplex.
dataplex.datascans.list
Dataplex DataScan Editor
(roles/)
Write access to DataScan resources.
dataplex.datascans.create
dataplex.datascans.delete
dataplex.datascans.get
dataplex.datascans.getData
dataplex.
dataplex.datascans.list
dataplex.datascans.run
dataplex.datascans.update
dataplex.operations.get
dataplex.operations.list
Dataplex DataScan Viewer
(roles/)
Read access to DataScan resources, excluding the results.
dataplex.datascans.get
dataplex.
dataplex.datascans.list
Dataplex Data Writer
(roles/)
Write access to data. To be granted to Dataplex Universal Catalog resources Lake, Zone or Asset only.
dataplex.assets.writeData
Dataplex Developer
(roles/)
Allows running data analytics workloads in a lake.
dataplex.content.*
dataplex.content.createdataplex.content.deletedataplex.content.getdataplex.content.getIamPolicydataplex.content.listdataplex.content.setIamPolicydataplex.content.update
dataplex.environments.execute
dataplex.environments.get
dataplex.environments.list
dataplex.tasks.cancel
dataplex.tasks.create
dataplex.tasks.delete
dataplex.tasks.get
dataplex.tasks.list
dataplex.tasks.run
dataplex.tasks.update
Dataplex Discovery BigLake Publishing Service Agent
(roles/)
Gives the Dataplex Discovery Service Agent permissions to use bigquery connection.
bigquery.connections.delegate
bigquery.connections.use
Dataplex Discovery Publishing Service Agent
(roles/)
Gives the Dataplex Discovery Service Agent dataset create and get permissions.
bigquery.datasets.create
bigquery.datasets.get
Dataplex Discovery Service Agent
(roles/)
Gives the Dataplex Discovery Service Agent bucket read permissions.
storage.buckets.get
storage.objects.get
storage.objects.list
Dataplex Editor
(roles/)
Write access to Dataplex Universal Catalog resources, except for catalog resources like entries, entry groups, and glossaries.
cloudasset.
dataplex.assetActions.list
dataplex.assets.create
dataplex.assets.delete
dataplex.assets.get
dataplex.assets.getIamPolicy
dataplex.assets.list
dataplex.assets.update
dataplex.content.delete
dataplex.content.get
dataplex.content.getIamPolicy
dataplex.content.list
dataplex.dataAssets.*
dataplex.dataAssets.createdataplex.dataAssets.deletedataplex.dataAssets.getdataplex.dataAssets.listdataplex.dataAssets.update
dataplex.
dataplex.
dataplex.
dataplex.
dataplex.
dataplex.
dataplex.dataAttributes.bind
dataplex.dataAttributes.create
dataplex.dataAttributes.delete
dataplex.dataAttributes.get
dataplex.
dataplex.dataAttributes.list
dataplex.dataAttributes.update
dataplex.dataProducts.create
dataplex.dataProducts.delete
dataplex.dataProducts.get
dataplex.
dataplex.dataProducts.list
dataplex.dataProducts.update
dataplex.
dataplex.
dataplex.dataTaxonomies.create
dataplex.dataTaxonomies.delete
dataplex.dataTaxonomies.get
dataplex.
dataplex.dataTaxonomies.list
dataplex.dataTaxonomies.update
dataplex.datascans.create
dataplex.datascans.delete
dataplex.datascans.get
dataplex.
dataplex.datascans.list
dataplex.datascans.run
dataplex.datascans.update
dataplex.environments.create
dataplex.environments.delete
dataplex.environments.get
dataplex.
dataplex.environments.list
dataplex.environments.update
dataplex.lakeActions.list
dataplex.lakes.create
dataplex.lakes.delete
dataplex.lakes.get
dataplex.lakes.getIamPolicy
dataplex.lakes.list
dataplex.lakes.update
dataplex.operations.*
dataplex.operations.canceldataplex.operations.deletedataplex.operations.getdataplex.operations.list
dataplex.tasks.cancel
dataplex.tasks.create
dataplex.tasks.delete
dataplex.tasks.get
dataplex.tasks.getIamPolicy
dataplex.tasks.list
dataplex.tasks.run
dataplex.tasks.update
dataplex.zoneActions.list
dataplex.zones.create
dataplex.zones.delete
dataplex.zones.get
dataplex.zones.getIamPolicy
dataplex.zones.list
dataplex.zones.update
Dataplex Encryption Admin
(roles/)
Gives user permissions to manage encryption configurations.
dataplex.encryptionConfig.*
dataplex.encryptionConfig. create dataplex.encryptionConfig. delete dataplex.encryptionConfig.getdataplex.encryptionConfig.listdataplex.encryptionConfig. update
dataplex.operations.get
dataplex.operations.list
Dataplex Entry Group Exporter
(roles/)
Grants access to export this entry group for Metadata Job processing.
dataplex.entryGroups.export
dataplex.entryGroups.get
resourcemanager.projects.get
resourcemanager.projects.list
Dataplex Entry Group Importer
(roles/)
Grants access to import this entry group for Metadata Job processing.
dataplex.entryGroups.get
dataplex.entryGroups.import
resourcemanager.projects.get
resourcemanager.projects.list
Dataplex Entry Group Owner
(roles/)
Owns Entry Groups and Entries inside of them.
datacatalog.
dataplex.aspectTypes.get
dataplex.aspectTypes.list
dataplex.aspectTypes.use
dataplex.entries.*
dataplex.entries.createdataplex.entries.deletedataplex.entries.getdataplex.entries.getDatadataplex.entries.linkdataplex.entries.listdataplex.entries.update
dataplex.entryGroups.*
dataplex.entryGroups.createdataplex.entryGroups.deletedataplex.entryGroups.exportdataplex.entryGroups.getdataplex.entryGroups. getIamPolicy dataplex.entryGroups.importdataplex.entryGroups.listdataplex.entryGroups. setIamPolicy dataplex.entryGroups.updatedataplex.entryGroups. useContactsAspect dataplex.entryGroups. useDataProfileAspect dataplex.entryGroups. useDataQualityScorecardAspect dataplex.entryGroups. useDefinitionEntryLink dataplex.entryGroups. useDescriptionsAspect dataplex.entryGroups. useGenericAspect dataplex.entryGroups. useGenericEntry dataplex.entryGroups. useOverviewAspect dataplex.entryGroups. useQueriesAspect dataplex.entryGroups. useRefreshCadenceAspect dataplex.entryGroups. useRelatedEntryLink dataplex.entryGroups. useSchemaAspect dataplex.entryGroups. useStorageAspect dataplex.entryGroups. useSynonymEntryLink
dataplex.entryLinks.*
dataplex.entryLinks.createdataplex.entryLinks.deletedataplex.entryLinks.getdataplex.entryLinks.reference
dataplex.entryTypes.get
dataplex.entryTypes.list
dataplex.entryTypes.use
dataplex.operations.get
dataplex.projects.search
resourcemanager.projects.get
resourcemanager.projects.list
Dataplex Entry and EntryLink Owner
(roles/)
Owns Metadata Entries and EntryLinks.
datacatalog.
dataplex.aspectTypes.get
dataplex.aspectTypes.list
dataplex.aspectTypes.use
dataplex.entries.*
dataplex.entries.createdataplex.entries.deletedataplex.entries.getdataplex.entries.getDatadataplex.entries.linkdataplex.entries.listdataplex.entries.update
dataplex.entryGroups.get
dataplex.
dataplex.
dataplex.
dataplex.
dataplex.
dataplex.
dataplex.
dataplex.
dataplex.
dataplex.
dataplex.
dataplex.
dataplex.
dataplex.
dataplex.entryLinks.*
dataplex.entryLinks.createdataplex.entryLinks.deletedataplex.entryLinks.getdataplex.entryLinks.reference
dataplex.entryTypes.get
dataplex.entryTypes.list
dataplex.entryTypes.use
dataplex.projects.search
resourcemanager.projects.get
resourcemanager.projects.list
Dataplex Entry Type Owner
(roles/)
Grants access to creating and managing Entry Types. Does not give the right to create/modify Entries.
datacatalog.
dataplex.entryTypes.*
dataplex.entryTypes.createdataplex.entryTypes.deletedataplex.entryTypes.getdataplex.entryTypes. getIamPolicy dataplex.entryTypes.listdataplex.entryTypes. setIamPolicy dataplex.entryTypes.updatedataplex.entryTypes.use
dataplex.operations.get
dataplex.projects.search
resourcemanager.projects.get
resourcemanager.projects.list
Dataplex Entry Type User
(roles/)
Grants access to use Entry Types to create/modify Entries of those types.
datacatalog.
dataplex.entryTypes.get
dataplex.entryTypes.list
dataplex.entryTypes.use
dataplex.projects.search
resourcemanager.projects.get
resourcemanager.projects.list
Dataplex Metadata Feed Owner
(roles/)
Grants access to creating and managing Metadata Feeds. Does not give the right to create/modify Entry Groups.
dataplex.metadataFeeds.*
dataplex.metadataFeeds.createdataplex.metadataFeeds.deletedataplex.metadataFeeds.getdataplex.metadataFeeds.listdataplex.metadataFeeds.update
dataplex.operations.get
resourcemanager.projects.get
resourcemanager.projects.list
Dataplex Metadata Feed Viewer
(roles/)
Read access to Metadata Feed resources.
dataplex.metadataFeeds.get
dataplex.metadataFeeds.list
dataplex.operations.get
resourcemanager.projects.get
resourcemanager.projects.list
Dataplex Metadata Job Owner
(roles/)
Grants access to creating and managing Metadata Jobs. Does not give the right to create/modify Entry Groups.
dataplex.metadataJobs.*
dataplex.metadataJobs.canceldataplex.metadataJobs.createdataplex.metadataJobs.getdataplex.metadataJobs.list
dataplex.operations.get
resourcemanager.projects.get
resourcemanager.projects.list
Dataplex Metadata Job Viewer
(roles/)
Read access to Metadata Job resources.
dataplex.metadataJobs.get
dataplex.metadataJobs.list
dataplex.operations.get
resourcemanager.projects.get
resourcemanager.projects.list
Dataplex Metadata Reader
(roles/)
Read only access to metadata within table and fileset entities and partitions.
dataplex.assets.get
dataplex.assets.list
dataplex.entities.get
dataplex.entities.list
dataplex.partitions.get
dataplex.partitions.list
dataplex.zones.get
dataplex.zones.list
resourcemanager.projects.get
resourcemanager.projects.list
Dataplex Metadata Writer
(roles/)
Write and read access to metadata within table and fileset entities and partitions.
dataplex.assets.get
dataplex.assets.list
dataplex.entities.*
dataplex.entities.createdataplex.entities.deletedataplex.entities.getdataplex.entities.listdataplex.entities.update
dataplex.partitions.*
dataplex.partitions.createdataplex.partitions.deletedataplex.partitions.getdataplex.partitions.listdataplex.partitions.update
dataplex.zones.get
dataplex.zones.list
resourcemanager.projects.get
resourcemanager.projects.list
Dataplex Security Administrator
(roles/)
Permissions configure ResourceAccess and DataAccess Specs on Data Attributes.
dataplex.
dataplex.
Cloud Dataplex Service Agent
(roles/)
Gives the Dataplex service account access to project resources. This access will be used in data discovery, data management and data workload management.
bigquery.bireservations.*
bigquery.bireservations.getbigquery.bireservations.update
bigquery.capacityCommitments.*
bigquery.capacityCommitments. create bigquery.capacityCommitments. delete bigquery.capacityCommitments. get bigquery.capacityCommitments. list bigquery.capacityCommitments. update
bigquery.config.*
bigquery.config.getbigquery.config.update
bigquery.connections.*
bigquery.connections.createbigquery.connections.delegatebigquery.connections.deletebigquery.connections.getbigquery.connections. getIamPolicy bigquery.connections.listbigquery.connections. setIamPolicy bigquery.connections.updatebigquery.connections.updateTagbigquery.connections.use
bigquery.dataPolicies.attach
bigquery.dataPolicies.create
bigquery.dataPolicies.delete
bigquery.dataPolicies.get
bigquery.
bigquery.dataPolicies.list
bigquery.
bigquery.dataPolicies.update
bigquery.datasets.*
bigquery.datasets.createbigquery.datasets. createTagBinding bigquery.datasets.deletebigquery.datasets. deleteTagBinding bigquery.datasets.getbigquery.datasets.getIamPolicybigquery.datasets.linkbigquery.datasets. listEffectiveTags bigquery.datasets. listSharedDatasetUsage bigquery.datasets. listTagBindings bigquery.datasets.setIamPolicybigquery.datasets.updatebigquery.datasets.updateTag
bigquery.jobs.*
bigquery.jobs.createbigquery.jobs. createGlobalQuery bigquery.jobs.deletebigquery.jobs.getbigquery.jobs.listbigquery.jobs.listAllbigquery.jobs. listExecutionMetadata bigquery.jobs.update
bigquery.models.*
bigquery.models.createbigquery.models.deletebigquery.models.exportbigquery.models.getDatabigquery.models.getMetadatabigquery.models.listbigquery.models.updateDatabigquery.models.updateMetadatabigquery.models.updateTag
bigquery.objectRefs.*
bigquery.objectRefs.readbigquery.objectRefs.write
bigquery.readsessions.*
bigquery.readsessions.createbigquery.readsessions.getDatabigquery.readsessions.update
bigquery.
bigquery.reservationAssignments. create bigquery.reservationAssignments. delete bigquery.reservationAssignments. list bigquery.reservationAssignments. search
bigquery.reservationGroups.*
bigquery.reservationGroups. create bigquery.reservationGroups. delete bigquery.reservationGroups.getbigquery.reservationGroups. list
bigquery.reservations.*
bigquery.reservations.createbigquery.reservations.deletebigquery.reservations.getbigquery.reservations. getIamPolicy bigquery.reservations.listbigquery.reservations. listFailoverDatasets bigquery.reservations. setIamPolicy bigquery.reservations.updatebigquery.reservations.use
bigquery.routines.*
bigquery.routines.createbigquery.routines.deletebigquery.routines.getbigquery.routines.listbigquery.routines.updatebigquery.routines.updateTag
bigquery.
bigquery.
bigquery.rowAccessPolicies.get
bigquery.
bigquery.
bigquery.
bigquery.
bigquery.
bigquery.savedqueries.*
bigquery.savedqueries.createbigquery.savedqueries.deletebigquery.savedqueries.getbigquery.savedqueries.listbigquery.savedqueries.update
bigquery.tables.*
bigquery.tables.createbigquery.tables.createIndexbigquery.tables.createSnapshotbigquery.tables. createTagBinding bigquery.tables.deletebigquery.tables.deleteIndexbigquery.tables.deleteSnapshotbigquery.tables. deleteTagBinding bigquery.tables.exportbigquery.tables.getbigquery.tables.getDatabigquery.tables.getIamPolicybigquery.tables.listbigquery.tables. listEffectiveTags bigquery.tables. listTagBindings bigquery.tables.replicateDatabigquery.tables. restoreSnapshot bigquery.tables.setCategorybigquery.tables. setColumnDataPolicy bigquery.tables.setIamPolicybigquery.tables.updatebigquery.tables.updateDatabigquery.tables.updateIndexbigquery.tables.updateTag
bigquery.transfers.*
bigquery.transfers.getbigquery.transfers.update
bigquerymigration.
datacatalog.catalogs.searchAll
datacatalog.
datacatalog.
datacatalog.entries.get
datacatalog.taxonomies.create
datacatalog.taxonomies.delete
datacatalog.taxonomies.get
datacatalog.taxonomies.list
datacatalog.taxonomies.update
dataform.*
dataform.commentThreads.createdataform.commentThreads.deletedataform.commentThreads.getdataform.commentThreads.listdataform.commentThreads.updatedataform.comments.createdataform.comments.deletedataform.comments.getdataform.comments.listdataform.comments.updatedataform.compilationResults. create dataform.compilationResults. get dataform.compilationResults. list dataform.compilationResults. query dataform.config.getdataform.config.updatedataform.folders.addContentsdataform.folders.createdataform.folders.deletedataform.folders.getdataform.folders.getIamPolicydataform.folders.movedataform.folders.queryContentsdataform.folders.setIamPolicydataform.folders.updatedataform.locations.getdataform.locations.listdataform.operations.canceldataform.operations.deletedataform.operations.getdataform.operations.listdataform.releaseConfigs.createdataform.releaseConfigs.deletedataform.releaseConfigs.getdataform.releaseConfigs.listdataform.releaseConfigs.updatedataform.repositories.commitdataform.repositories. computeAccessTokenStatus dataform.repositories.createdataform.repositories.deletedataform.repositories. fetchHistory dataform.repositories. fetchRemoteBranches dataform.repositories.getdataform.repositories. getIamPolicy dataform.repositories.listdataform.repositories.movedataform.repositories. queryDirectoryContents dataform.repositories.readFiledataform.repositories. scheduleRelease dataform.repositories. scheduleWorkflow dataform.repositories. setIamPolicy dataform.repositories.updatedataform.teamFolders.createdataform.teamFolders.deletedataform.teamFolders.getdataform.teamFolders. getIamPolicy dataform.teamFolders. setIamPolicy dataform.teamFolders.updatedataform.workflowConfigs. create dataform.workflowConfigs. delete dataform.workflowConfigs.getdataform.workflowConfigs.listdataform.workflowConfigs. update dataform.workflowInvocations. cancel dataform.workflowInvocations. create dataform.workflowInvocations. delete dataform.workflowInvocations. get dataform.workflowInvocations. list dataform.workflowInvocations. query dataform.workspaces.commitdataform.workspaces.createdataform.workspaces.deletedataform.workspaces. fetchFileDiff dataform.workspaces. fetchFileGitStatuses dataform.workspaces. fetchGitAheadBehind dataform.workspaces.getdataform.workspaces. getIamPolicy dataform.workspaces. installNpmPackages dataform.workspaces.listdataform.workspaces. makeDirectory dataform.workspaces. moveDirectory dataform.workspaces.moveFiledataform.workspaces.pulldataform.workspaces.pushdataform.workspaces. queryDirectoryContents dataform.workspaces.readFiledataform.workspaces. removeDirectory dataform.workspaces.removeFiledataform.workspaces.resetdataform.workspaces. searchFiles dataform.workspaces. setIamPolicy dataform.workspaces.writeFile
dataplex.assets.getIamPolicy
dataplex.datascans.*
dataplex.datascans.createdataplex.datascans.deletedataplex.datascans.getdataplex.datascans.getDatadataplex.datascans. getIamPolicy dataplex.datascans.listdataplex.datascans.rundataplex.datascans. setIamPolicy dataplex.datascans.update
dataplex.environments.execute
dataplex.environments.get
dataplex.environments.list
dataplex.lakes.get
dataplex.lakes.getIamPolicy
dataplex.operations.get
dataplex.operations.list
dataplex.projects.search
dataplex.zones.getIamPolicy
dataproc.batches.cancel
dataproc.batches.create
dataproc.batches.get
dataproc.operations.cancel
dataproc.operations.get
dataproc.operations.list
firebase.projects.get
iam.serviceAccounts.actAs
logging.logEntries.create
logging.logEntries.route
metastore.services.get
monitoring.
monitoring.
monitoring.
monitoring.
monitoring.monitoredResourceDescriptors. get monitoring.monitoredResourceDescriptors. list
monitoring.timeSeries.create
orgpolicy.policy.get
recommender.
recommender.iamPolicyInsights. get recommender.iamPolicyInsights. list recommender.iamPolicyInsights. update
recommender.
recommender.iamPolicyRecommendations. get recommender.iamPolicyRecommendations. list recommender.iamPolicyRecommendations. update
recommender.
recommender.storageBucketSoftDeleteInsights. get recommender.storageBucketSoftDeleteInsights. list recommender.storageBucketSoftDeleteInsights. update
recommender.
recommender.storageBucketSoftDeleteRecommendations. get recommender.storageBucketSoftDeleteRecommendations. list recommender.storageBucketSoftDeleteRecommendations. update
resourcemanager.
resourcemanager.projects.get
resourcemanager.projects.list
servicemanagement.
serviceusage.services.use
storage.anywhereCaches.*
storage.anywhereCaches.createstorage.anywhereCaches.disablestorage.anywhereCaches.getstorage.anywhereCaches.liststorage.anywhereCaches.pausestorage.anywhereCaches.resumestorage.anywhereCaches.update
storage.bucketOperations.*
storage.bucketOperations. cancel storage.bucketOperations.getstorage.bucketOperations.list
storage.buckets.*
storage.buckets.createstorage.buckets. createTagBinding storage.buckets.deletestorage.buckets. deleteTagBinding storage.buckets. enableObjectRetention storage.buckets.getstorage.buckets.getIamPolicystorage.buckets.getIpFilterstorage.buckets. getObjectInsights storage.buckets.liststorage.buckets. listEffectiveTags storage.buckets. listTagBindings storage.buckets.relocatestorage.buckets.restorestorage.buckets.setIamPolicystorage.buckets.setIpFilterstorage.buckets.updatestorage.buckets. viewIntelligenceDetails
storage.folders.*
storage.folders.createstorage.folders.deletestorage.folders.getstorage.folders.liststorage.folders.rename
storage.intelligenceConfigs.*
storage.intelligenceConfigs. get storage.intelligenceConfigs. update
storage.managedFolders.*
storage.managedFolders.createstorage.managedFolders.deletestorage.managedFolders.getstorage.managedFolders. getIamPolicy storage.managedFolders.liststorage.managedFolders. setIamPolicy
storage.multipartUploads.*
storage.multipartUploads.abortstorage.multipartUploads. create storage.multipartUploads.liststorage.multipartUploads. listParts
storage.objects.*
storage.objects.createstorage.objects.createContextstorage.objects.deletestorage.objects.deleteContextstorage.objects.getstorage.objects.getIamPolicystorage.objects.liststorage.objects.movestorage.objects. overrideUnlockedRetention storage.objects.restorestorage.objects.setIamPolicystorage.objects.setRetentionstorage.objects.updatestorage.objects.updateContext
storagebatchoperations.*
storagebatchoperations.bucketOperations. get storagebatchoperations.bucketOperations. list storagebatchoperations.jobs. cancel storagebatchoperations.jobs. create storagebatchoperations.jobs. delete storagebatchoperations.jobs. get storagebatchoperations.jobs. list storagebatchoperations.locations. get storagebatchoperations.locations. list storagebatchoperations.operations. cancel storagebatchoperations.operations. delete storagebatchoperations.operations. get storagebatchoperations.operations. list
telemetry.metrics.write
Dataplex Storage Data Owner
(roles/)
Owner access to data. Should not be used directly. This role is granted by Dataplex to managed resources like Cloud Storage buckets, BigQuery datasets etc.
bigquery.datasets.get
bigquery.models.create
bigquery.models.delete
bigquery.models.export
bigquery.models.getData
bigquery.models.getMetadata
bigquery.models.list
bigquery.models.updateData
bigquery.models.updateMetadata
bigquery.routines.create
bigquery.routines.delete
bigquery.routines.get
bigquery.routines.list
bigquery.routines.update
bigquery.tables.create
bigquery.tables.createSnapshot
bigquery.tables.delete
bigquery.tables.deleteSnapshot
bigquery.tables.export
bigquery.tables.get
bigquery.tables.getData
bigquery.tables.list
bigquery.
bigquery.tables.update
bigquery.tables.updateData
storage.buckets.get
storage.objects.create
storage.objects.delete
storage.objects.get
storage.objects.list
storage.objects.update
Dataplex Storage Data Reader
(roles/)
Read only access to data. Should not be used directly. This role is granted by Dataplex to managed resources like Cloud Storage buckets, BigQuery datasets etc.
bigquery.datasets.get
bigquery.models.export
bigquery.models.getData
bigquery.models.getMetadata
bigquery.models.list
bigquery.routines.get
bigquery.routines.list
bigquery.tables.export
bigquery.tables.get
bigquery.tables.getData
bigquery.tables.list
storage.buckets.get
storage.objects.get
storage.objects.list
Dataplex Storage Data Writer
(roles/)
Write access to data. Should not be used directly. This role is granted by Dataplex to managed resources like Cloud Storage buckets, BigQuery datasets etc.
bigquery.tables.updateData
storage.objects.create
storage.objects.delete
storage.objects.update
Dataplex Taxonomy Administrator
(roles/)
Full access to DataTaxonomy, DataAttribute resources.
dataplex.dataAttributes.*
dataplex.dataAttributes.binddataplex.dataAttributes.createdataplex.dataAttributes.deletedataplex.dataAttributes.getdataplex.dataAttributes. getIamPolicy dataplex.dataAttributes.listdataplex.dataAttributes. setIamPolicy dataplex.dataAttributes.update
dataplex.dataTaxonomies.create
dataplex.dataTaxonomies.delete
dataplex.dataTaxonomies.get
dataplex.
dataplex.dataTaxonomies.list
dataplex.
dataplex.dataTaxonomies.update
Dataplex Taxonomy Viewer
(roles/)
Read access on DataTaxonomy, DataAttribute resources.
dataplex.dataAttributes.get
dataplex.
dataplex.dataAttributes.list
dataplex.dataTaxonomies.get
dataplex.
dataplex.dataTaxonomies.list
Dataplex Viewer
(roles/)
Read access to Dataplex Universal Catalog resources, except for catalog resources like entries, entry groups, and glossaries.
cloudasset.
dataplex.assetActions.list
dataplex.assets.get
dataplex.assets.getIamPolicy
dataplex.assets.list
dataplex.content.get
dataplex.content.getIamPolicy
dataplex.content.list
dataplex.dataAssets.get
dataplex.dataAssets.list
dataplex.
dataplex.
dataplex.
dataplex.dataAttributes.get
dataplex.
dataplex.dataAttributes.list
dataplex.dataProducts.get
dataplex.
dataplex.dataProducts.list
dataplex.dataTaxonomies.get
dataplex.
dataplex.dataTaxonomies.list
dataplex.datascans.get
dataplex.
dataplex.datascans.list
dataplex.environments.get
dataplex.
dataplex.environments.list
dataplex.lakeActions.list
dataplex.lakes.get
dataplex.lakes.getIamPolicy
dataplex.lakes.list
dataplex.operations.get
dataplex.operations.list
dataplex.tasks.get
dataplex.tasks.getIamPolicy
dataplex.tasks.list
dataplex.zoneActions.list
dataplex.zones.get
dataplex.zones.getIamPolicy
dataplex.zones.list